Age | Commit message (Expand) | Author |
2022-09-02 | shepherd: Set #o640 permissions for log file of service in container.•••* gnu/build/shepherd.scm (make-forkexec-constructor/container): Set #o640
permissions for log file.
| Arun Isaac |
2022-05-01 | Add (guix least-authority).•••* guix/least-authority.scm: New file.
* Makefile.am (MODULES): Add it.
* gnu/build/shepherd.scm (default-mounts): Make public.
| Ludovic Courtès |
2022-04-12 | shepherd: Add #:supplementary-groups.•••To support the argument introduced in Shepherd 0.9.0 when defining
container-bound services.
* gnu/build/shepherd.scm (exec-command*)
(make-forkexec-constructor/container): Add '#:supplementary-groups'.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
| Leo Nikkilä |
2022-04-11 | shepherd: 'fork+exec-command/container' always returns a PID.•••Fixes a regression introduced in
938448bf40fc77092859352d2243e2d0c236375f whereby
'fork+exec-command/container' would return #t, then used as the running
value of the 'guix-daemon' service in the installer. Upon installation
completion, stopping the 'guix-daemon' service would fail with
wrong-type-arg because that #t would be passed to the 'stop' method in
lieu of a PID.
* gnu/build/shepherd.scm (fork+exec-command/container): Return a PID
rather than #t.
| Ludovic Courtès |
2022-04-11 | shepherd: 'exec-command*' has a valid default #:directory.•••Fixes a regression introduced in
938448bf40fc77092859352d2243e2d0c236375f where 'exec-command*' could
get #:directory #f, in particular when called by
'fork+exec-command/container'.
* gnu/build/shepherd.scm (exec-command*): Add default value for #:directory.
| Ludovic Courtès |
2022-04-07 | shepherd: Adjust 'fork+exec-command/container' for the Shepherd 0.9.•••* gnu/build/shepherd.scm (exec-command*): New procedure, with code
formerly...
(make-forkexec-constructor/container): ... here. Use it.
(fork+exec-command/container): Use 'fork+exec-command' only when
CONTAINER-SUPPORT? is false or PID is the current process.
| Ludovic Courtès |
2021-08-02 | build: shepherd: Use autoload to lazily bind Shepherd modules.•••Instead of imperative module-autoload! directives.
* gnu/build/shepherd.scm: Replace module-autoload! directives by autoload
arguments for define-module.
| Maxim Cournoyer |
2020-11-05 | shepherd: Remove dependency on (guix utils).•••Since commit 8ce6f4dc2879919c12bc76a2f4b01200af97e019, importing this
module in a gexp would pull in (guix config) from the host, thereby
leading to non-reproducible derivations. Users in (gnu services ...) do
not expect that so simply remove the (guix utils) dependency for now.
* gnu/build/shepherd.scm (fork+exec-command/container)[strip-pid]: New
procedure.
Use it instead of 'strip-keyword-arguments'.
| Ludovic Courtès |
2020-09-21 | build: shepherd: Check for container support.•••Fixes: <https://issues.guix.gnu.org/43533>.
* gnu/build/shepherd.scm (fork+exec-command/container): Check if containers
are supported before joining PID namespaces.
| Mathieu Othacehe |
2020-09-02 | installer: Run the installation inside a container.•••When the store overlay is mounted, other processes such as kmscon, udev
and guix-daemon may open files from the store, preventing the
underlying install support from being umounted. See:
https://lists.gnu.org/archive/html/guix-devel/2018-12/msg00161.html.
To avoid this situation, mount the store overlay inside a container,
and run the installation from within that container.
* gnu/build/shepherd.scm (fork+exec-command/container): New procedure.
* gnu/services/base.scm (guix-shepherd-service): Support an optional PID
argument passed to the "start" method. If that argument is passed, ensure that
guix-daemon enters the given PID MNT namespace by using
fork+exec-command/container procedure.
* gnu/installer/final.scm (umount-cow-store): Remove it,
(install-system): run the installation from within a container.
* gnu/installer/newt/final.scm (run-install-shell): Remove the display hack.
| Mathieu Othacehe |
2020-06-12 | shepherd: 'read-pid-file/container' terminates the whole process group.•••This mirrors a change made in the Shepherd 0.8.0. Previously, upon
startup failure, we could have left processes behind.
* gnu/build/shepherd.scm (read-pid-file/container): Kill (- PID) instead
of PID.
| Ludovic Courtès |
2020-06-12 | shepherd: Unblock signals in the child process.•••Fixes <https://bugs.gnu.org/41791>.
Reported by Tobias Geerinckx-Rice <me@tobias.gr>.
This change mirrors changes made in the Shepherd 0.8.1, where signals
are blocked in the shepherd process in support of 'signalfd'. The
regression was introduced with the switch to 0.8.1 in
3f9c62d1a8b345909adaeb22f454ad22554c55a1: child processes would not
receive SIGTERM upon 'herd stop SERVICE'.
* gnu/build/shepherd.scm <top level>: Autoload (shepherd system).
(make-forkexec-constructor/container): Call call to 'sigaction' and
'unblock-signals'.
| Ludovic Courtès |
2019-09-26 | shepherd: Ensure the log file has correct ownership.•••* gnu/build/shepherd.scm (make-forkexec-constructor/container): Ensure
LOG-FILE has correct ownership.
| Ludovic Courtès |
2019-09-26 | shepherd: 'make-forkexec-constructor/container' keeps the log file.•••* gnu/build/shepherd.scm (make-forkexec-constructor/container): Don't
call 'clean-up' on LOG-FILE. This mirrors Shepherd commit
6892f638c78a14fedd075f664432757bc015c140.
| Ludovic Courtès |
2019-09-12 | file-systems: Add /var/run/nscd to '%network-file-mappings'.•••This allows containers created by "guix environment -CN" or by
"guix system container -N" to talk to the host nscd.
* gnu/system/file-systems.scm (%network-file-mappings): Add
"/var/run/nscd".
* gnu/build/shepherd.scm (default-mounts)[nscd-socket]: Remove.
* gnu/system/linux-container.scm (container-script)[nscd-run-directory]
[nscd-mapping, nscd-os, nscd-specs]: Remove.
[script]: Filter out from SPECS bind-mounts where the device does not
exist.
* guix/scripts/environment.scm (launch-environment/container)
[optional-mapping->fs]: New procedure.
[mappings]: Remove %NETWORK-FILE-MAPPINGS.
[file-systems]: Add %NETWORK-FILE-MAPPINGS here, filtered through
'optional-mapping->fs'.
| Ludovic Courtès |
2019-05-03 | shepherd: Include /etc/localtime in service containers.•••Fixes a bug whereby Tor (for example) would emit syslog messages with a
UTC timestamp instead of local time.
* gnu/build/shepherd.scm (default-mounts): Add /etc/localtime to
MAPPINGS.
| Ludovic Courtès |
2018-05-28 | system: Remove uses of the 'title' field of <file-system>.•••* gnu/system/install.scm (installation-os): Remove uses of the 'title'
field of 'file-system'; use 'file-system-label' as appropriate.
* gnu/system/vm.scm (system-disk-image, system-qemu-image): Likewise.
* gnu/tests.scm (%simple-os): Likewise.
* gnu/tests/install.scm (%minimal-os, %minimal-extlinux-os)
(%minimal-os-on-vda, %separate-home-os, %separate-store-os)
(%raid-root-os, %encrypted-root-os, %btrfs-root-os): Likewise.
* gnu/build/shepherd.scm (default-mounts)[tmpfs]: Likewise.
* tests/guix-system.sh: Likewise.
* tests/system.scm (%root-fs): Likewise.
("operating-system-boot-mapped-devices, implicit dependency"): Likewise.
| Ludovic Courtès |
2017-11-22 | shepherd: Include /etc/group in service containers.•••* gnu/build/shepherd.scm (default-mounts)[passwd]: Rename to...
[accounts]: ... this. Add /etc/group.
| Ludovic Courtès |
2017-02-07 | Add (gnu build shepherd).•••* gnu/build/shepherd.scm: New file.
* gnu/local.mk (GNU_SYSTEM_MODULES): Add it.
| Ludovic Courtès |