| Age | Commit message (Expand) | Author |
|---|
| 2021-07-29 | Merge branch 'master' into core-updates-frozen... Conflicts:
gnu/packages/bioinformatics.scm
gnu/packages/cmake.scm
gnu/packages/curl.scm
gnu/packages/emacs-xyz.scm
gnu/packages/gpodder.scm
gnu/packages/music.scm
gnu/packages/patches/glibc-bootstrap-system.patch
gnu/packages/python-xyz.scm
gnu/packages/shells.scm
gnu/packages/statistics.scm
| Marius Bakke |
| 2021-07-29 | services: setuid: More configurable setuid support....New record <setuid-program> with fields for setting the specific user
and group, as well as specifically selecting the setuid and setgid bits,
for a program within the setuid-program-service.
* gnu/services.scm (setuid-program-file-like-deprecated): New function.
(setuid-program-service-type): Make use of
setuid-program->activation-gexp. Adjust the extend property to handle
<setuid-program>.
* gnu/build/activation.scm (activate-setuid-programs): Update to expect a
<setuid-record> list for each program entry.
* gnu/system.scm: (operating-system-setuid-programs): Renamed to
%operating-system-setuid-programs and replace it with new procedure.
(operating-system-default-essential-services,
hurd-default-essential-services): Replace
operating-system-setuid-programs with
%operating-system-setuid-programs.
* gnu/system/setuid.scm: New file.
* doc/guix.texi (Setuid Programs): Document <setuid-program>.
Co-authored-by: Brice Waegeneire <brice@waegenei.re>
| Chris Lemmer-Webber |
| 2021-06-19 | Merge branch 'master' into core-updates...Note: this merge actually changes the 'curl' and 'python-attrs' derivations,
as part of solving caf4a7a2770ef4d05a6e18f40d602e51da749ddc and
12964df69a99de6190422c752fef65ef813f3b6b respectively.
4604d43c0e (gnu: gnutls@3.6.16: Fix cross-compilation.) was ignored because it
cannot currently be tested.
Conflicts:
gnu/local.mk
gnu/packages/aidc.scm
gnu/packages/boost.scm
gnu/packages/curl.scm
gnu/packages/nettle.scm
gnu/packages/networking.scm
gnu/packages/python-xyz.scm
gnu/packages/tls.scm
| Marius Bakke |
| 2021-06-16 | gnu: Respect ‘rootdelay’ kernel command-line argument....* gnu/build/linux-boot.scm (boot-system): Sleep for "rootdelay=SECONDS"
when specified on the kernel command line.
| Tobias Geerinckx-Rice |
| 2021-06-06 | Merge branch 'master' into core-updates... Conflicts:
gnu/local.mk
gnu/packages/algebra.scm
gnu/packages/bioinformatics.scm
gnu/packages/curl.scm
gnu/packages/docbook.scm
gnu/packages/emacs-xyz.scm
gnu/packages/maths.scm
gnu/packages/plotutils.scm
gnu/packages/python-web.scm
gnu/packages/python-xyz.scm
gnu/packages/radio.scm
gnu/packages/readline.scm
gnu/packages/tls.scm
gnu/packages/xml.scm
gnu/packages/xorg.scm
| Marius Bakke |
| 2021-05-23 | gnu: Respect the root file-system's CHECK? field....* gnu/build/linux-boot.scm (mount-root-file-system): Take a new #:CHECK?
keyword argument. Add it to the docstring. Conditionally call
CHECK-FILE-SYSTEM.
(boot-system): Adjust its only caller to pass the <file-system>'s CHECK?
option through, if available.
| Tobias Geerinckx-Rice |
| 2021-05-09 | Merge branch 'master' into core-updates... Conflicts:
gnu/local.mk
gnu/packages/bioinformatics.scm
gnu/packages/django.scm
gnu/packages/gtk.scm
gnu/packages/llvm.scm
gnu/packages/python-web.scm
gnu/packages/python.scm
gnu/packages/tex.scm
guix/build-system/asdf.scm
guix/build/emacs-build-system.scm
guix/profiles.scm
| Marius Bakke |
| 2021-05-04 | file-systems: Rewrite comment....* gnu/build/file-systems.scm (read-bcachefs-superblock): Make comment
less damned negative.
| Tobias Geerinckx-Rice |
| 2021-05-04 | file-systems: Handle abnormal ‘bcachefs fsck’ exits....* gnu/build/file-systems.scm (check-bcachefs-file-system): Handle a STATUS:EXIT-VAL of #F.
| Tobias Geerinckx-Rice |
| 2021-04-23 | file-systems: read-partition-{uuid,label} don't swallow ENOENT & co....Previously, (read-partition-uuid "/does/not/exist") would return #f.
With this change, a 'system-error exception is raised as expected.
* gnu/build/file-systems.scm (ENOENT-safe): Clarify docstring.
(partition-field-reader): Remove use of 'ENOENT-safe'.
(partition-predicate): Wrap READER in 'ENOENT-safe'.
| Ludovic Courtès |
| 2021-04-21 | image: Fix spelling of "evaluate"...* gnu/build/image.scm: Fix typo.
| Vagrant Cascadian |
| 2021-04-16 | Merge remote-tracking branch 'origin/master' into core-updates... Conflicts:
gnu/local.mk
gnu/packages/boost.scm
gnu/packages/chez.scm
gnu/packages/compression.scm
gnu/packages/crates-io.scm
gnu/packages/docbook.scm
gnu/packages/engineering.scm
gnu/packages/gcc.scm
gnu/packages/gl.scm
gnu/packages/gtk.scm
gnu/packages/nettle.scm
gnu/packages/python-check.scm
gnu/packages/python-xyz.scm
gnu/packages/radio.scm
gnu/packages/rust.scm
gnu/packages/sqlite.scm
guix/build-system/node.scm
| Efraim Flashner |
| 2021-04-03 | activation: Do not dereference symlinks during home directory creation....Fixes <https://bugs.gnu.org/47584>.
* gnu/build/activation.scm (copy-account-skeletons): Do not chown the
home directory; leave this to 'activate-user-home'.
(activate-user-home): Only chown the home directory after the account
skeletons have been copied.
Co-authored-by: Ludovic Courtès <ludo@gnu.org>.
| Maxime Devos |
| 2021-03-24 | Merge remote-tracking branch 'origin/master' into core-updates | Efraim Flashner |
| 2021-03-10 | file-systems: 'mount-file-system' preserves the right mount flags....Fixes <https://bugs.gnu.org/47007>.
Reported by Jelle Licht <jlicht@fsfe.org>.
Since commit dcb640f02b1f9590c3bd4301a22bf31bd60c56d4, we could end up
applying the wrong mount flags because the (find ...) expression could
pick the "wrong" mount point in the presence of bind mounts.
* gnu/build/file-systems.scm (mount-file-system): Use 'statfs' to
compute FLAGS whe FS is a bind mount.
| Ludovic Courtès |
| 2021-03-10 | services: Prevent following symlinks during activation....This addresses a potential security issue, where a compromised
service could trick the activation code in changing the permissions,
owner and group of arbitrary files. However, this patch is
currently only a partial fix, due to a TOCTTOU (time-of-check to
time-of-use) race, which can be fixed once guile has bindings
to openat and friends.
Fixes: <https://lists.gnu.org/archive/html/guix-devel/2021-01/msg00388.html>
* gnu/build/activation.scm: new procedure 'mkdir-p/perms'.
* gnu/services/authentication.scm
(%nslcd-activation, nslcd-service-type): use new procedure.
* gnu/services/cups.scm (%cups-activation): likewise.
* gnu/services/dbus.scm (dbus-activation): likewise.
* gnu/services/dns.scm (knot-activation): likewise.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
| Maxime Devos |
| 2021-03-06 | Merge branch 'master' into core-updates | Christopher Baines |
| 2021-02-25 | file-systems: 'mount-file-system' preserves source flags for bind mounts....Fixes <https://bugs.gnu.org/46292>.
* gnu/build/file-systems.scm (mount-file-system): If FS is a bind mount,
add its original mount flags to FLAGS.
| Ludovic Courtès |
| 2021-02-11 | Merge branch 'master' into core-updates | Danny Milosavljevic |
| 2021-02-09 | activation: Do not make setuid programs setgid-root [security]....Fixes <https://bugs.gnu.org/46395>.
Reported by Duncan Overbruck <mail@duncano.de>.
* gnu/build/activation.scm (activate-setuid-programs): Change TARGET
mode to not be setgid.
| Ludovic Courtès |
| 2021-01-13 | Merge branch 'staging' into 'core-updates'....Conflicts:
gnu/local.mk
gnu/packages/cmake.scm
gnu/packages/curl.scm
gnu/packages/gl.scm
gnu/packages/glib.scm
gnu/packages/guile.scm
gnu/packages/node.scm
gnu/packages/openldap.scm
gnu/packages/package-management.scm
gnu/packages/python-xyz.scm
gnu/packages/python.scm
gnu/packages/tls.scm
gnu/packages/vpn.scm
gnu/packages/xorg.scm
| Maxim Cournoyer |
| 2020-12-17 | linux-boot: Fix noresume argument parsing....* gnu/build/linux-boot.scm (boot-system): Check for "hibernate=noresume"
in addition to "noresume".
| Tobias Geerinckx-Rice |
| 2020-12-15 | database: Remove #:deduplicate? from 'register-items'....It is now up to the caller to deduplicate store contents.
* guix/store/database.scm (register-items): Remove #:deduplicate?
parameter and call to 'deduplicate'.
(register-path): Call 'deduplicate' when #:deduplicate? is true.
* gnu/build/image.scm (register-closure): Adjust call accordingly.
* gnu/build/vm.scm (register-closure): Likewise.
* guix/nar.scm (finalize-store-file): Likewise.
* guix/scripts/pack.scm (store-database): Likewise.
| Ludovic Courtès |
| 2020-12-15 | image: 'register-closure' leaves it up to the caller to deduplicate....* gnu/build/image.scm (register-closure): Remove #:deduplicate?
parameter and pass #:deduplicate? #f to 'register-items'.
(initialize-root-partition): Adjust accordingly.
* gnu/build/vm.scm (register-closure, root-partition-initializer):
Likewise.
| Ludovic Courtès |
| 2020-12-15 | store-copy: 'populate-store' can optionally deduplicate files....Until now deduplication was performed as an additional pass after
copying files, which involve re-traversing all the files that had just
been copied.
* guix/store/deduplication.scm (copy-file/deduplicate): New procedure.
* tests/store-deduplication.scm ("copy-file/deduplicate"): New test.
* guix/build/store-copy.scm (populate-store): Add #:deduplicate?
parameter and honor it.
* tests/gexp.scm ("gexp->derivation, store copy"): Pass #:deduplicate? #f
to 'populate-store'.
* gnu/build/image.scm (initialize-root-partition): Pass #:deduplicate?
to 'populate-store'. Pass #:deduplicate? #f to 'register-closure'.
* gnu/build/vm.scm (root-partition-initializer): Likewise.
* gnu/build/install.scm (populate-single-profile-directory): Pass
#:deduplicate? #f to 'populate-store'.
* gnu/build/linux-initrd.scm (build-initrd): Likewise.
* guix/scripts/pack.scm (self-contained-tarball)[import-module?]: New
procedure.
[build]: Pass it as an argument to 'source-module-closure'.
* guix/scripts/pack.scm (squashfs-image)[build]: Wrap in
'with-extensions'.
* gnu/system/linux-initrd.scm (expression->initrd)[import-module?]: New
procedure.
[builder]: Pass it to 'source-module-closure'.
* gnu/system/install.scm (cow-store-service-type)[import-module?]: New
procedure. Pass it to 'source-module-closure'.
| Ludovic Courtès |
| 2020-12-15 | database: Remove #:reset-timestamps? from 'register-items'....The assumption now is that the caller took care of resetting timestamps
and permissions.
* guix/store/database.scm (register-items): Remove #:reset-timestamps?
parameter and the call to 'reset-timestamps'.
(register-path): Adjust accordingly and add call to 'reset-timestamps'.
* gnu/build/image.scm (register-closure): Remove #:reset-timestamps?
parameter to 'register-items'.
* gnu/build/vm.scm (register-closure): Likewise.
* guix/nar.scm (finalize-store-file): Adjust accordingly.
* guix/scripts/pack.scm (store-database)[build]: Likewise.
| Ludovic Courtès |
| 2020-12-15 | image: 'register-closure' assumes already-reset timestamps....* gnu/build/image.scm (register-closure): Remove #:reset-timestamps?
parameter. Pass #:reset-timestamps? #f to 'register-items'.
(initialize-root-partition): Adjust accordingly.
* gnu/build/vm.scm (register-closure, root-partition-initializer):
Likewise.
| Ludovic Courtès |
| 2020-12-15 | store-copy: 'populate-store' resets timestamps....Until now, 'populate-store' would reset permissions but not timestamps,
so callers would resort to going through an extra directory traversal to
reset timestamps.
* guix/build/store-copy.scm (reset-permissions): Remove.
(copy-recursively): New procedure.
(populate-store): Pass #:keep-permissions? to 'copy-recursively'.
Remove call to 'reset-permissions'.
* tests/gexp.scm ("gexp->derivation, store copy"): In BUILD-DRV, check
whether 'populate-store' canonicalizes permissions and timestamps.
* gnu/build/image.scm (initialize-root-partition): Pass #:reset-timestamps? #f
to 'register-closure'.
* gnu/build/vm.scm (root-partition-initializer): Likewise.
| Ludovic Courtès |
| 2020-12-06 | Revert "linux-container: Correct test for unprivileged user namespace support."...This broke 'guix environment --container' on non-Debian distributions.
Fixes <https://bugs.gnu.org/45066>. Reported by luhux <luhux@outlook.com>.
This reverts commit 8bc5ca5160db3d82bd5b6b2b7ed80c96f42bd33e.
| Marius Bakke |
| 2020-12-06 | file-systems: Fix ‘bcachefs fsck’ exit value logic....Bit 1 means the target device was mounted read-only whilst checking.
This should never happen in an initrd context but is not an error.
* gnu/build/file-systems.scm (check-bcachefs-file-system): Ignore status
bits that don't signal an error. Remove the 'reboot-required case.
| Tobias Geerinckx-Rice |
| 2020-12-03 | linux-container: Correct test for unprivileged user namespace support....Fixes <https://bugs.gnu.org/31977>.
Reported by Paul Garlick <pgarlick@tourbillion-technology.com>.
* gnu/build/linux-container.scm (unprivileged-user-namespace-supported?):
Return #f when the 'userns-file' does not exist.
| Paul Garlick |
| 2020-11-29 | Merge remote-tracking branch 'origin/master' into core-updates | Christopher Baines |
| 2020-11-21 | linux-initrd: Remove unnecessary timestamp reset phase....* gnu/build/linux-initrd.scm (write-cpio-archive): Mention timestamps in
docstring.
(build-initrd): Remove unnecessary timestamp reset phase.
| Ludovic Courtès |
| 2020-11-08 | Add (gnu build chromium-extension)....* gnu/build/chromium-extension.scm: New file.
* gnu/local.mk (GNU_SYSTEM_MODULES): Adjust accordingly.
| Marius Bakke |
| 2020-11-07 | linux-boot: Resume from hibernation....* gnu/build/linux-boot.scm (resume-if-hibernated): New procedure.
(boot-system): Call it.
| Tobias Geerinckx-Rice |
| 2020-11-07 | file-systems: Add support for bcachefs....* gnu/build/file-systems.scm (%bcachefs-endianness): New syntax.
(bcachefs-superblock?, read-bcachefs-superblock)
(bcachefs-superblock-external-uuid, bcachefs-superblock-volume-name)
(check-bcachefs-file-system): New procedures.
(%partition-label-readers, %partition-uuid-readers, check-file-system):
Register them.
| Tobias Geerinckx-Rice |
| 2020-11-05 | shepherd: Remove dependency on (guix utils)....Since commit 8ce6f4dc2879919c12bc76a2f4b01200af97e019, importing this
module in a gexp would pull in (guix config) from the host, thereby
leading to non-reproducible derivations. Users in (gnu services ...) do
not expect that so simply remove the (guix utils) dependency for now.
* gnu/build/shepherd.scm (fork+exec-command/container)[strip-pid]: New
procedure.
Use it instead of 'strip-keyword-arguments'.
| Ludovic Courtès |
| 2020-11-05 | image: Error out when passed an unsupported partition type....* gnu/build/image.scm (make-partition-image): Use 'raise' instead of
'format' when TYPE is not supported.
(convert-disk-image): Remove unneeded 'begin'.
| Ludovic Courtès |
| 2020-11-03 | system: reconfigure: Use the disk-installer if provided....Fixes: <https://issues.guix.gnu.org/44101>.
* gnu/build/bootloader.scm (write-file-on-device): Pass 'no-fail flag instead
of 'no-create. Use a latin-1 transcoder.
* guix/scripts/system/reconfigure.scm (install-bootloader-program): Add a
"disk-installer" argument and use it as a fallback.
(install-bootloader): Adapt accordingly.
* gnu/tests/reconfigure.scm (run-install-bootloader-test): Ditto.
| Mathieu Othacehe |
| 2020-10-30 | file-systems: Allow swap space lookup by UUID/label....* gnu/build/file-systems.scm (%linux-swap-magic, %page-size): New
variables.
(linux-swap-superblock?, read-linux-swap-superblock)
(linux-swap-superblock-uuid, linux-swap-superblock-volume-name): New
procedures.
(%partition-label-readers, %partition-uuid-readers): Add them.
| Ludovic Courtès |
| 2020-10-19 | Merge branch 'staging'...Conflicts:
gnu/packages/admin.scm
gnu/packages/commencement.scm
gnu/packages/gdb.scm
gnu/packages/llvm.scm
gnu/packages/package-management.scm
gnu/packages/tls.scm
| Maxim Cournoyer |
| 2020-10-16 | Remove the last vestiges of GuixSD....* gnu/build/vm.scm (load-in-linux-vm): Rename the RNG.
* gnu/system/vm.scm (common-qemu-options): Likewise.
(system-docker-image): Rename the ROOT-DIRECTORY.
* gnu/packages/crypto.scm (eschalot)[arguments]: Use a different
arbitrary string.
* gnu/packages/wicd.scm (wicd)[arguments]: Remove unused configure flag.
* gnu/packages/xorg.scm (xorg-server): Set a more accurate OS vendor.
| Tobias Geerinckx-Rice |
| 2020-10-16 | build: Fix docstring typos....* gnu/build/image.scm (estimate-partition-size): Fix typo in docstring.
* guix/build/copy-build-system.scm (install): Likewise.
* guix/build/lisp-utils.scm (generate-executable): Likewise.
* guix/build/maven/pom.scm (find-parent, fix-pom-dependencies): Likewise.
* guix/build-system/cargo.scm (expand-crate-sources): Likewise.
| Tobias Geerinckx-Rice |
| 2020-10-14 | hurd-boot: Set /hurd/magic on /dev/fd....* gnu/build/hurd-boot.scm (set-hurd-device-translators)[devices]: Add
"/dev/fd".
| Ludovic Courtès |
| 2020-10-08 | hurd-boot: Create /servers/crash....* gnu/build/hurd-boot.scm (set-hurd-device-translators): Create
/servers/crash.
| Ludovic Courtès |
| 2020-10-05 | bootloader: Fix u-boot installation....This is a follow-up of f19cf27c2b9ff92e2c0fd931ef7fde39c376adaa. The
bootloader installation must be done on the final disk-image, hence using
"disk-image-installer" instead of "installer" callback.
* gnu/bootloader/u-boot.scm: Turn all installer callbacks into
disk-image-installer callbacks.
* gnu/build/bootloader.scm (write-file-on-device): Open the output file with
'no-truncate and 'no-create options.
* gnu/system/image.scm (with-imported-modules*): Add (gnu build bootloader)
module.
| Mathieu Othacehe |
| 2020-10-01 | linux-container: Reset jailed root permissions....* gnu/build/linux-container.scm (mount-file-systems): Add 'chmod' call.
* tests/containers.scm
("call-with-container, mnt namespace, root permissions"): New test.
| Jelle Licht |
| 2020-09-29 | secret-service: Add proper logging procedure and log to syslog....* gnu/build/secret-service.scm (log): New macro.
(secret-service-send-secrets, secret-service-receive-secrets): Use it
instead of raw 'format' calls.
| Ludovic Courtès |
| 2020-09-29 | services: secret-service: Add initial client/server handshake....This allows the client running on the host to know when it's actually
connect to the server running in the guest. Failing that, the client
would connect right away to QEMU and send secrets even though the server
is not running yet in the guest, which is unreliable.
* gnu/build/secret-service.scm (secret-service-send-secrets): Add
#:handshake-timeout. Read from SOCK an initial message from the
server. Return #f on error.
(secret-service-receive-secrets): Send 'secret-service-server' message
to the client. Close SOCK upon timeout.
* gnu/services/virtualization.scm (hurd-vm-shepherd-service): 'start'
method returns #f when 'secret-service-send-secrets' returns #f.
| Ludovic Courtès |
| 2020-09-29 | secret-service: Fix file port leak in 'secret-service-send-secrets'....* gnu/build/secret-service.scm (secret-service-send-secrets): Use
'call-with-input-file' instead of 'open-input-file'.
| Ludovic Courtès |
