Age | Commit message (Expand) | Author |
2022-09-24 | linux-container: Mark socket pair as SOCK_CLOEXEC.•••* gnu/build/linux-container.scm (run-container): Pass SOCK_CLOEXEC to
'socketpair'.
| Ludovic Courtès |
2022-09-23 | build: jami-service: account->username always return a fingerprint.•••This change is motivated by the fact that Account.registeredName is a volatile
account data, not exported along the account and retrieved from the name
server. Have it always return Account.username instead, so that the result is
reproducible independent of whether networking is available or not.
* gnu/build/jami-service.scm (account->username): Always return the account
fingerprint. Adjust doc.
(id->username): Likewise.
| Maxim Cournoyer |
2022-09-20 | linux-container: 'container-excursion*' marks its FDs as FD_CLOEXEC.•••Fixes <https://issues.guix.gnu.org/57827>.
Reported by Mathieu Othacehe <othacehe@gnu.org>.
Fixes a regression introduced with the Shepherd 0.9.2 upgrade in
1ba0e38267c9ff8bb476285091be6e297bbf136e, whereby IN and OUT would no
longer be closed when 'fork+exec-command/container' would call
'exec-command*' as part of the THUNK passed to 'container-excursion*'.
This is because the Shepherd 0.9.2 assumes file descriptors are properly
marked as O_CLOEXEC and, consequently, 'exec-command' no longer run the
close(2) loop prior to 'exec'.
* gnu/build/linux-container.scm (container-excursion*): Add calls to
'fcntl'.
| Ludovic Courtès |
2022-09-16 | marionette: Avoid read error when wait-for-file file is empty.•••Since #<eof> can't be read.
* gnu/build/marionette.scm (wait-for-file): Return "" if file is empty.
Partially-Fixes: https://issues.guix.gnu.org/57827
| Christopher Baines |
2022-09-16 | marionette: Make it easier to debug REPL read failures.•••Log the remaining contnet written to the REPL, so that there's more to go on
than:
socket:5:14: Unknown # object: "#<"
* gnu/build/marionette.scm (marionette-eval): Catch exceptions from read and
log the remainder of the content from the REPL.
| Christopher Baines |
2022-09-13 | secret-service: Mark sockets as SOCK_CLOEXEC.•••* gnu/build/secret-service.scm (secret-service-send-secrets)
(secret-service-receive-secrets): Pass SOCK_CLOEXEC to 'socket'.
| Ludovic Courtès |
2022-09-08 | file-systems: Open files with O_CLOEXEC.•••Since this code is run from PID 1, this ensures file descriptors to
sensitive files and devices are not accidentally leaked to
sub-processes.
* gnu/build/file-systems.scm (call-with-input-file): New procedure.
(mount-file-system): Use 'close-fdes' + 'open-fdes'.
| Ludovic Courtès |
2022-09-04 | linux-boot: Resume from hibernation after pre-boot.•••* gnu/build/linux-boot.scm (boot-system): Call resume-if-hibernated
after pre-mount.
Signed-off-by: Tobias Geerinckx-Rice <me@tobias.gr>
| Jack Hill |
2022-09-02 | shepherd: Set #o640 permissions for log file of service in container.•••* gnu/build/shepherd.scm (make-forkexec-constructor/container): Set #o640
permissions for log file.
| Arun Isaac |
2022-08-30 | build: image: Make partition uuid optional.•••The uuid field of <partition> defaults to #false. This should be reflected
when creating the partition.
* gnu/build/image.scm (make-ext-image): Make it optional.
| Mathieu Othacehe |
2022-08-30 | build: image: Remove unused variable.•••* gnu/build/image.scm (make-ext-image): Remove the unused flags variable.
| Mathieu Othacehe |
2022-08-28 | build: marionette: Add support for Tesseract OCR.•••* gnu/build/marionette.scm (invoke-ocrad-ocr): New procedure.
(invoke-tesseract-ocr): Likewise.
(marionette-screen-text): Rename the #:ocrad argument to #:ocr. Dispatch the
matching OCR invocation procedure.
(wait-for-screen-text): Rename the #:ocrad argument to #:ocr.
* gnu/tests/base.scm (run-basic-test): Adjust accordingly.
* gnu/tests/install.scm (enter-luks-passphrase): Likewise.
(enter-luks-passphrase-for-home): Likewise.
| Maxim Cournoyer |
2022-08-28 | marionette: Improve the error message of 'wait-for-screen-text'.•••* gnu/build/marionette.scm (wait-for-screen-text): Return the last OCR'd text
when the predicate fails to match instead of the not useful predicate object.
| Maxim Cournoyer |
2022-08-11 | build: marionette: Adjust QEMU Info manual reference.•••* gnu/build/marionette.scm (marionette-control): Update doc to correct the
QEMU Info manual reference.
| Maxim Cournoyer |
2022-08-10 | gnu: system: file-systems: Add shared flag.•••* gnu/build/file-systems.scm (mount-flags->bit-mask, mount-file-system):
Handle shared flag.
* gnu/system/file-systems.scm (invalid-file-system-flags): Add shared to known
flags.
* guix/build/syscalls.scm (MS_SHARED): New variable.
* doc/guix.texi (File Systems): Document shared flag.
| Oleg Pykhalov |
2022-08-09 | tests: Add qemu-guest-agent system test.•••Enable the QEMU guest agent interface in marionette VMs, run the
qemu-guest-agent service in one and try talking to it.
* gnu/build/marionette.scm (make-marionette): Enable the guest agent device.
* gnu/tests/virtualization.scm (run-qemu-guest-agent-test): New procedure.
(%test-qemu-guest-agent): New variable.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
| Timotej Lazar |
2022-07-20 | gnu: modifying make-chromium-extension to rely on node-crx3.•••* gnu/build/chromium-extension.scm (make-crx): Lift Xorg and Chromium
dependencies, rely on node-crx3 instead.
Signed-off-by: Marius Bakke <marius@gnu.org>
| Nicolas Graves |
2022-07-01 | file-systems: Add 'cleanly-unmounted-ext2?'.•••* gnu/build/file-systems.scm (ext2-superblock-cleanly-unmounted?)
(cleanly-unmounted-ext2?): New procedures.
| Ludovic Courtès |
2022-06-24 | image: Add support for 32bit UEFI.•••* gnu/bootloader/grub.scm (grub-efi32-bootloader): New variable.
(install-grub-efi32): New variable.
* gnu/build/bootloader.scm (install-efi): Add a 'targets' keyword
argument.
(install-efi-loader): Likewise.
* gnu/build/image.scm (initialize-efi32-partition): New procedure.
* gnu/packages/bootloaders.scm (grub-efi32): New variable.
* gnu/system/image.scm (esp32-partition): New variable
(efi32-disk-image): New variable.
(efi32-raw-image-type): New variable.
(system-disk-image)[partition-image]: Set '#:grub-efi32' when
calling the partition initializer.
Signed-off-by: Mathieu Othacehe <othacehe@gnu.org>
| Denis 'GNUtoo' Carikli |
2022-06-10 | services: jami: Modernize to adjust to Shepherd 0.9+ changes.•••This partially fixes <https://issues.guix.gnu.org/54786>, allowing the 'jami'
and 'jami-provisioning' system tests to pass again.
In version 0.9.0, Shepherd constructors are now run concurrently, via
cooperative scheduling (Guile Fibers). The Jami service previously relied on
blocking sleeps while polling for D-Bus services to become ready after forking
a process; this wouldn't work anymore since while blocking the service process
wouldn't be given the chance to finish starting. The new reliance on Fibers
in Shepherd's fork+exec-command in the helper 'send-dbus' procedure also meant
that it wouldn't work outside of Shepherd anymore. Finally, the
'start-service' Shepherd procedure used in the test suite would cause the Jami
daemon to be spawned multiple times (a bug introduced in Shepherd 0.9.0).
To fix/simplify these problems, this change does the following:
1. Use the Guile AC/D-Bus library for D-Bus communication, which simplify
things, such as avoiding the need to fork 'dbus-send' processes.
2. The non-blocking 'sleep' version of Fiber is used for the 'with-retries'
waiting syntax.
3. A 'dbus' package variant is used to adjust the session bus configuration,
tailoring it for the use case at hand.
4. Avoid start-service in the tests, preferring 'jami-service-available?' for
now.
* gnu/build/jami-service.scm (parse-dbus-reply, strip-quotes)
(deserialize-item, serialize-boolean, dbus-dict->alist)
(dbus-array->list, parse-account-ids, parse-account-details)
(parse-contacts): Delete procedures.
(%send-dbus-binary, %send-dbus-bus, %send-dbus-user, %send-dbus-group)
(%send-dbus-debug): Delete parameters.
(jami-service-running?): New procedure.
(send-dbus/configuration-manager): Rename to...
(call-configuration-manager-method): ... this. Turn METHOD into a positional
argument. Turn ARGUMENTS into an optional argument. Invoke
`call-dbus-method' instead of `send-dbus', adjusting callers accordingly.
(get-account-ids, id->account-details, id->account-details)
(id->volatile-account-details, username->id, add-account remove-account)
(username->contacts, remove-contact, add-contact, set-account-details)
(set-all-moderators, username->all-moderators?, username->moderators)
(set-moderator): Adjust accordingly.
(with-retries, send-dbus, dbus-available-services)
(dbus-service-available?): Move to ...
* gnu/build/dbus-service.scm: ... this new module.
(send-dbus): Rewrite to use the Guile AC/D-Bus library.
(%dbus-query-timeout, sleep*): New variables.
(%current-dbus-connection): New parameter.
(initialize-dbus-connection!, argument->signature-type)
(call-dbus-method): New procedures.
(dbus-available-services): Adjust accordingly.
* gnu/local.mk (GNU_SYSTEM_MODULES): Register new module.
* gnu/packages/glib.scm (dbus-for-jami): New variable.
* gnu/services/telephony.scm: (jami-configuration)[dbus]: Default to
dbus-for-jami.
(jami-dbus-session-activation): Write a D-Bus daemon configuration file at
'/var/run/jami/session-local.conf'.
(jami-shepherd-services): Add the closure of guile-ac-d-bus and guile-fibers
as extensions. Adjust imported modules. Remove no longer used parameters.
<jami-dbus-session>: Use a PID file, avoiding the need for the manual
synchronization.
<jami>: Set DBUS_SESSION_BUS_ADDRESS environment variable. Poll using
'jami-service-available?' instead of 'dbus-service-available?'.
* gnu/tests/telephony.scm (run-jami-test): Add needed Guile extensions. Set
DBUS_SESSION_BUS_ADDRESS environment variable. Adjust all tests to use
'jami-service-available?' to determine if the service is started rather than
the now problematic Shepherd's 'start-service'.
| Maxim Cournoyer |
2022-05-31 | image: Add fat32 support.•••* gnu/build/image.scm (make-vfat-image): Pass fs-bits as an argument and force
1kb logical sector size only if "ESP" flag is set.
(make-partition-image): Add "fat32" partition type, support explicit "fat16"
type with vfat alias.
* gnu/system/image.scm (partition->dos-type partition): Return file system IDs
for "fat16" and "fat32" partitions.
(partition->gpt-type partition): Ditto.
Signed-off-by: Mathieu Othacehe <othacehe@gnu.org>
| Pavel Shlyak |
2022-05-23 | image: Add bootable flag support.•••* gnu/build/image.scm (sexp->partition): Add flags support.
* gnu/system/image.scm (partition->gexp): Ditto.
(system-disk-image): Set the genimage bootable flag if it is part of the
partition flags.
Signed-off-by: Mathieu Othacehe <othacehe@gnu.org>
| Pavel Shlyak |
2022-05-22 | marionette: Add #:address parameter to 'wait-for-tcp-port'.•••* gnu/build/marionette.scm (wait-for-tcp-port): Add #:address parameter.
Honor it, and improve error reporting in the 'failure case.
| Ludovic Courtès |
2022-05-01 | Add (guix least-authority).•••* guix/least-authority.scm: New file.
* Makefile.am (MODULES): Add it.
* gnu/build/shepherd.scm (default-mounts): Make public.
| Ludovic Courtès |
2022-05-01 | linux-container: Add #:child-is-pid1? parameter to 'call-with-container'.•••* gnu/build/linux-container.scm (wait-child-process)
(status->exit-status): New procedures.
(call-with-container): Add #:child-is-pid1? parameter and honor it.
[thunk*]: New variable. Pass it to 'run-container'.
| Ludovic Courtès |
2022-05-01 | linux-container: Ensure signal-handling asyncs get a chance to run.•••Previously we could enter the blocking 'waitpid' call and miss an
opportunity to run the signal handler async.
* gnu/build/linux-container.scm (call-with-container)
[periodically-schedule-asyncs]: New procedure.
[install-signal-handlers]: Call it.
| Ludovic Courtès |
2022-05-01 | linux-container: 'call-with-container' relays SIGTERM and SIGINT.•••* gnu/build/linux-container.scm (call-with-container): Add #:relayed-signals.
[install-signal-handlers]: New procedure.
Call it.
| Ludovic Courtès |
2022-04-12 | shepherd: Add #:supplementary-groups.•••To support the argument introduced in Shepherd 0.9.0 when defining
container-bound services.
* gnu/build/shepherd.scm (exec-command*)
(make-forkexec-constructor/container): Add '#:supplementary-groups'.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
| Leo Nikkilä |
2022-04-11 | shepherd: 'fork+exec-command/container' always returns a PID.•••Fixes a regression introduced in
938448bf40fc77092859352d2243e2d0c236375f whereby
'fork+exec-command/container' would return #t, then used as the running
value of the 'guix-daemon' service in the installer. Upon installation
completion, stopping the 'guix-daemon' service would fail with
wrong-type-arg because that #t would be passed to the 'stop' method in
lieu of a PID.
* gnu/build/shepherd.scm (fork+exec-command/container): Return a PID
rather than #t.
| Ludovic Courtès |
2022-04-11 | shepherd: 'exec-command*' has a valid default #:directory.•••Fixes a regression introduced in
938448bf40fc77092859352d2243e2d0c236375f where 'exec-command*' could
get #:directory #f, in particular when called by
'fork+exec-command/container'.
* gnu/build/shepherd.scm (exec-command*): Add default value for #:directory.
| Ludovic Courtès |
2022-04-08 | file-systems: Invoke fsck tools with 'system*/tty'.•••This ensures those programs, if invoked by shepherd (where standard
input is /dev/null), can still interact with the user if needed.
* gnu/build/file-systems.scm (check-ext2-file-system)
(check-bcachefs-file-system, check-btrfs-file-system):
(check-fat-file-system, check-jfs-file-system):
(check-f2fs-file-system, check-ntfs-file-system):
(check-xfs-file-system): Use 'system*/tty' instead of 'system*'.
| Ludovic Courtès |
2022-04-08 | mapped-devices: Ensure 'cryptsetup open' gets a tty.•••Fixes <https://issues.guix.gnu.org/54770>.
Regression introduced in 400c9ed3d779308e56038305d40cd93acb496180.
Previously, for an encrypted /home (say), "cryptsetup open" would be
invoked by shepherd, with /dev/null as its standard input. It would
thus run in non-interactive mode and, instead of asking for a
passphrase, fail with:
Nothing to read on input.
This change ensures it runs in interactive mode.
* gnu/build/file-systems.scm (system*/console, system*/tty): New
procedures.
* gnu/system/mapped-devices.scm (open-luks-device): Use 'system*/tty'
instead of 'system*'.
| Ludovic Courtès |
2022-04-07 | secret-service: Allow cooperative scheduling when Fibers is used.•••This lets the 'childhurd' service start in the background, letting
shepherd perform other tasks in the meantime, including serving
clients (such as the 'herd' command).
* gnu/build/secret-service.scm (with-modules): New macro.
(wait-for-readable-fd): Add cooperative implementation when Fibers is in
use.
(secret-service-send-secrets): Define 'sleep' so that it cooperates when
Fibers is in use.
| Ludovic Courtès |
2022-04-07 | secret-service: Abstract 'wait-for-readable-fd'.•••* gnu/build/secret-service.scm (wait-for-readable-fd): New procedure.
(secret-service-send-secrets): Use it instead of 'select'.
| Ludovic Courtès |
2022-04-07 | shepherd: Adjust 'fork+exec-command/container' for the Shepherd 0.9.•••* gnu/build/shepherd.scm (exec-command*): New procedure, with code
formerly...
(make-forkexec-constructor/container): ... here. Use it.
(fork+exec-command/container): Use 'fork+exec-command' only when
CONTAINER-SUPPORT? is false or PID is the current process.
| Ludovic Courtès |
2022-03-01 | initrd: Honor rootfstype and rootflags command-line parameters.•••* gnu/build/linux-boot.scm (boot-system): Honor rootfstype and rootflags
arguments. Update doc. Error out in case there is insufficient information
with regard to the root file system.
Restore the behavior of inferring the root device from the root file system
from the operating system in case the root argument is not provided.
* doc/guix.texi (Initial RAM Disk): Document the new command-line parameters.
| Maxim Cournoyer |
2022-03-01 | initrd: Use non-hyphenated kernel command-line parameter names.•••This is to make it less surprising, given the common convention sets forth by
the kernel Linux command-line parameters.
* gnu/build/linux-boot.scm (boot-system): Rename '--load', '--repl', '--root'
and '--system' to 'gnu.load', 'gnu.repl', 'root' and 'gnu.system',
respectively. Adjust doc.
(find-long-option): Adjust doc.
* gnu/installer/parted.scm (installer-root-partition-path): Adjust accordingly.
* gnu/system.scm (bootable-kernel-arguments): Add a VERSION argument and
update doc. Use VERSION to conditionally return old style vs new style initrd
arguments.
(%boot-parameters-version): Increment to 1.
(operating-system-boot-parameters): Adjust doc.
(operating-system-boot-parameters-file): Likewise.
* gnu/system/linux-initrd.scm (raw-initrd, base-initrd): Likewise.
* doc/guix.texi: Adjust doc.
* gnu/build/activation.scm (boot-time-system): Adjust accordingly.
* gnu/build/hurd-boot.scm (boot-hurd-system): Likewise.
* gnu/packages/commencement.scm (%final-inputs-riscv64): Adjust comment.
| Maxim Cournoyer |
2022-02-17 | build: linux-boot: Expound docstring of the 'boot-system' procedure.•••* gnu/build/linux-boot.scm (boot-system): Document the Linux command-line
parameters it understands and split a long string over two lines.
| Maxim Cournoyer |
2022-02-07 | build: image: Account for fixed-size file system structures.•••Workaround for <https://issues.guix.gnu.org/53194>.
* gnu/build/image.scm (estimate-partition-size): Enforce a 1-MiB minimum.
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
| Tobias Geerinckx-Rice |
2022-01-05 | linux-container: Handle CLONE_NEWCGROUP and use it by default.•••Adds low-level support for launching Linux containers with cgroup namespaces.
* gnu/build/linux-container.scm (%namespaces): Add 'cgroup.
(namespaces->bit-mask): Handle it.
* guix/build/syscalls.scm (CLONE_NEWCGROUP): New variable.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
| Ryan Sundberg |
2022-01-01 | system: Allow 'chfn' to change the user's full name.•••Fixes <https://issues.guix.gnu.org/52539>.
Reported by Jacob First <jacob.first@member.fsf.org>.
* gnu/build/accounts.scm (allocate-passwd): Add comment as to why
'real-name' is taken from PREVIOUS. Add (not system?) to the
condition.
* gnu/system.scm (operating-system-etc-service) <login.defs>: Add
"CHFN_RESTRICT".
* gnu/system.scm (%setuid-programs): Add "chfn".
* gnu/system/pam.scm (base-pam-services): Add "chfn".
* doc/guix.texi (User Accounts): Document it.
| Ludovic Courtès |
2021-12-23 | Remove VM generation dead-code.•••This code duplicates the (gnu system image) and (gnu build image) code. Using
VM for image generation is not needed, not portable and really slow. Remove
all the VM image generation code to make sure that only the image API is used.
* gnu/build/vm.scm: Remove it. Move the qemu-command procedure to ...
* gnu/build/marionette.scm: ... here.
* gnu/local.mk (GNU_SYSTEM_MODULES): Adapt it.
* tests/modules.scm: Ditto.
* gnu/tests/install.scm: Ditto.
* gnu/system/vm.scm: Adapt it and remove expression->derivation-in-linux-vm,
qemu-img, system-qemu-image/shared-store and system-docker-image procedures.
* doc/guix.texi (G-Expressions): Adapt it.
| Mathieu Othacehe |
2021-12-23 | build: image: Add optional closure copy support.•••* gnu/build/image.scm (initialize-root-partition): Add a closure-copy?
argument and honor it.
| Mathieu Othacehe |
2021-12-23 | chromium-extension: Avoid another usage of the store-mapped /tmp.•••* gnu/build/chromium-extension.scm (make-crx): Use a Chromium profile relative
to the build directory instead of /tmp. While here, remove obsolete comment.
| Marius Bakke |
2021-12-16 | chromium-extension: Build .crx files in a deterministic fashion.•••* gnu/build/chromium-extension.scm (make-crx): Pass #:keep-mtime? #t to
COPY-RECURSIVELY. Remove defunct FAKETIME workaround. While at it, pack the
extension in the scratch working directory instead of the transient
store-mapped /tmp.
| Marius Bakke |
2021-12-16 | chromium-extension: Avoid usage of gcrypt at evaluation time.•••* gnu/build/chromium-extension.scm (make-signing-key): Wrap builder in
with-extensions, and compute the seed checksum at build time.
| Marius Bakke |
2021-12-16 | chromium-extension: Reduce imported-modules scope.•••* gnu/build/chromium-extension.scm (make-crx): Delay with-imported-modules
until the builder code.
(crx->chromium-json): Remove needless define* while at it.
| Marius Bakke |
2021-12-16 | chromium-extension: Simplify builder code.•••* gnu/build/chromium-extension.scm (chromium-json->profile-object): Remove
variable.
(file-sha256): New variable.
(make-chromium-extension): Rename OUTPUT parameter to prevent conflict.
Adjust other variable names for clarity.
[inputs]: Clear.
[arguments]: Inline and simplify the final transformation with a gexp.
| Marius Bakke |
2021-12-16 | linux-modules: Ignore EINVAL in ‘modprobe’ mode.•••Loading the framebuffer-coreboot module simply fails with EINVAL on a
non-Corebooted system. Crashing the system with a kernel panic is not
a reasonable reaction to loading valid modules on unsupported hardware.
The kernel should log an error, which the user is expected to see.
Bogus module names will still be fatally reported by linux-modules.drv.
* gnu/build/linux-modules.scm (load-linux-module*):
Ignore EINVAL errors when operating recursively.
| Tobias Geerinckx-Rice via Guix-patches via |
2021-12-13 | Merge branch 'master' into core-updates-frozen | Ludovic Courtès |