guix.git - [no description]

Age	Commit message (Collapse)	Author
2023-10-05	services: hurd-vm: Leave root password uninitialized when offloading.	Ludovic Courtès
	Starting with 953c65ffdd43c02c934518fb7a1c68542584b223, offloading to the Hurd VM would be enabled by default. However, ‘root’ had an empty password so any user on the host could connect to the VM over VNC, log in as root, and potentially populate the host’s store from there. This change fixes that. * gnu/services/virtualization.scm (operating-system-with-locked-root-account): New procedure. (hurd-vm-disk-image)[transform]: Add ‘operating-system-with-locked-root-account’ when offloading.
2023-10-01	services: hurd-vm: Implement zero-configuration offloading.	Ludovic Courtès
	This allows for zero-configuration offloading to a childhurd. * gnu/services/virtualization.scm (operating-system-with-offloading-account): New procedure. (<hurd-vm-configuration>)[offloading?]: New field. (hurd-vm-disk-image): Define ‘transform’ and use it. (hurd-vm-activation): Generate SSH key for user ‘offloading’ and add authorize it via /etc/childhurd/etc/ssh/authorized_keys.d. (hurd-vm-configuration-offloading-ssh-key) (hurd-vm-guix-extension): New procedures. (hurd-vm-service-type): Add GUIX-SERVICE-TYPE extension. * gnu/tests/virtualization.scm (run-childhurd-test)[import-module?]: New procedure. [os]: Add (gnu build install) and its closure to #:import-modules. [test]: Add “copy-on-write store” and “offloading” tests. * doc/guix.texi (Virtualization Services): Document it.
2023-10-01	services: hurd-vm: Disable password-based authentication for root.	Ludovic Courtès
	With offloading to a childhurd is enabled, allowing password-less root login in the childhurd to anyone amounts to providing write access to the host’s store to anyone. Thus, disable password-based root logins in the childhurd. * gnu/services/virtualization.scm (%hurd-vm-operating-system): Change ‘permit-root-login’ to 'prohibit-password. * gnu/tests/virtualization.scm (%childhurd-os): Provide a custom ‘os’ field for ‘hurd-vm-configuration’. * doc/guix.texi (Virtualization Services): Remove mention of password-less root login.
2023-10-01	services: hurd-vm: ‘image’ field has to be an <image> record.	Ludovic Courtès
	* gnu/services/virtualization.scm (<hurd-vm-configuration>)[image]: Document as being an <image> record. (hurd-vm-disk-image): Remove call to ‘system-image’. (hurd-vm-shepherd-service): Add call to ‘system-image’. * gnu/tests/virtualization.scm (hurd-vm-disk-image-raw): Remove call to ‘system-image’. * doc/guix.texi (Virtualization Services): Adjust accordingly.
2023-10-01	services: childhurd: Authorize the childhurd’s key on the host.	Ludovic Courtès
	This partly automates setting up a childhurd for offloading purposes. * gnu/services/virtualization.scm (authorize-guest-substitutes-on-host): New procedure. (hurd-vm-activation): Use it.
2023-10-01	services: hurd-vm: Use the default SSH port number.	Ludovic Courtès
	* gnu/services/virtualization.scm (%hurd-vm-operating-system): Remove ‘port-number’ from ‘openssh-configuration’. (hurd-vm-net-options): Change 2222 to 22 in port forwarding.
2023-09-18	services: hurd-vm: Use ‘qemu-system-x86_64’.	Ludovic Courtès
	Fixes <https://issues.guix.gnu.org/66053>. * gnu/services/virtualization.scm (hurd-vm-shepherd-service)[vm-command]: Use ‘qemu-system-x86_64’.
2023-07-13	services: childhurd: Bump default qemu memory to 2048MB.	Janneke Nieuwenhuizen
	When booting with pci-arbiter and rumpdisk and using 1024MB of memory for qemu, booting hangs, or seems to hang, at the end of the rumpdisk boot messages. At least 1200MB is required, currently. * gnu/services/virtualization.scm (<hurd-vm-configuration>)[memory-size]: Bump to 2048. * gnu/system/examples/bare-hurd.tmpl: Suggest using 2048 here too. Update example `guix system image' and "qemu" command lines too. Signed-off-by: Josselin Poiret <dev@jpoiret.xyz>
2023-07-07	services: libvirt: Add requirement on dbus.	Josselin Poiret
	* gnu/services/virtualization.scm (libvirt-shepherd-service): Add requirement on dbus.
2023-06-16	services: qemu-guest-agent: Add dependency on udev.	Ludovic Courtès
	Fixes <https://issues.guix.gnu.org/64057>. * gnu/services/virtualization.scm (qemu-guest-agent-shepherd-service): Add 'requirement' field. Reported-by: Yann Dupont <yann.dupont@univ-nantes.fr>
2023-05-09	service: qemu-binfmt: Remove broken qemu targets.	Efraim Flashner
	* gnu/services.virtualization.scm (%qemu-platforms): Remove %i486, %aarch64be.
2023-05-04	services: qemu-binfmt: Add more targets.	Efraim Flashner
	* gnu/services/virtualization.scm (%i486, %sparc64, %aarch64be, %xtensa, %xtensaeb, %microblaze, %microblazeel, %or1k, %hexagon, %loongson64): New variables. (%armeb): Correct family field. (%qemu-platforms): Add them.
2022-11-20	gnu: Fix copyright line.	Leo Nikkilä
	This is a follow-up to commit 9ad311ec15c05efc78f74252e7eb6cddfb0b5cea. * gnu/packages/virtualization.scm: Remove copyright line. * gnu/services/virtualization.scm: Add copyright line. Signed-off-by: Christopher Baines <mail@cbaines.net>
2022-11-07	services: qemu-binfmt: Add x86_64 QEMU target.	Leo Nikkilä
	* gnu/services/virtualization.scm (%x86_64): New variable. (%qemu-platforms) Add it. Signed-off-by: Christopher Baines <mail@cbaines.net>
2022-09-13	services: secret-service: Inherit from the original 'guix-configuration'.	Ludovic Courtès
	Reported by zamfofex. Regression introduced in 2bac6ea177d5b3353ea1a4d032d17a6ac3763e96. * gnu/services/virtualization.scm (secret-service-operating-system): Add 'inherit' keyword for 'guix-configuration'.
2022-09-09	services: libvirt: Fix listen TCP.	Oleg Pykhalov
	* gnu/services/virtualization.scm (libvirt-shepherd-service): Add '--listen' argument if 'listen-tcp?' is true.
2022-08-09	services: qemu-guest-agent: Fix arguments to qemu-ga.	Timotej Lazar
	Fix the check for empty device path. Do not use --daemonize, since that is handled by make-forkexec-constructor. Drop the --pidfile option which is unused without --daemonize. * gnu/services/virtualization.scm (qemu-guest-agent-shepherd-service): Modify command arguments. Signed-off-by: Ludovic Courtès <ludo@gnu.org>
2022-04-29	services: Add missing 'description' fields.	Ludovic Courtès
	* gnu/services/databases.scm (postgresql-service-type)[description]: New field. (memcached-service-type)[description]: New field. (mysql-service-type)[description]: New field. (redis-service-type)[description]: New field. * gnu/services/desktop.scm (geoclue-service-type)[description]: New field. (udisks-service-type)[description]: New field. (elogind-service-type)[description]: New field. (account-service-type)[description]: New field. * gnu/services/kerberos.scm (krb5-service-type)[description]: New field. (pam-krb5-service-type)[description]: New field. * gnu/services/lirc.scm (lirc-service-type)[description]: New field. * gnu/services/mail.scm (dovecot-service-type)[description]: New field. (opensmtpd-service-type)[description]: New field. (mail-aliases-service-type)[description]: New field. (exim-service-type)[description]: New field. * gnu/services/monitoring.scm (zabbix-server-service-type)[description]: New field. (zabbix-agent-service-type)[description]: New field. * gnu/services/nfs.scm (rpcbind-service-type)[description]: New field. (pipefs-service-type)[description]: New field. (gss-service-type)[description]: New field. (idmap-service-type)[description]: New field. * gnu/services/spice.scm (spice-vdagent-service-type)[description]: New field. * gnu/services/sysctl.scm (sysctl-service-type)[description]: New field. * gnu/services/virtualization.scm (libvirt-service-type)[description]: New field. (virtlog-service-type)[description]: New field. * gnu/services/vpn.scm (openvpn-server-service-type)[description]: New field. (openvpn-client-service-type)[description]: New field. (wireguard-service-type)[description]: New field. * gnu/services/web.scm (httpd-service-type)[description]: New field. (fcgiwrap-service-type)[description]: New field. (agate-service-type)[description]: New field. [name]: Fix.
2022-03-10	services: secret-service: Do not generate SSH and Guix key pairs.	Ludovic Courtès
	The justification about the order of activation snippets given in the comment had been obsolete since 39e3b4b7cee175a3c1f37329744c582528d55f5d. Lately, running the activation snippets for "ssh-keygen -A" and "guix archive --generate-key" would take a little bit too long, thereby preventing the childhurd from starting on time. * gnu/services/virtualization.scm (secret-service-operating-system): Clear 'generate-host-keys?' and 'generate-substitute-key?'.
2022-02-18	services: qemu-guest-agent: Fix implementation.	Ludovic Courtès
	Previously, by accessing the raw <qemu-guest-agent-configuration> fields, 'qemu' would match the first field, which is the '%location' field, not the 'qemu' field. It would seem this bug has always been present since the addition of the 'location' field in d132d9f96ba34bca58b18e293e03b393054fd962 predates the addition of 'qemu-guest-agent-service-type' in f634a0baab85454a6feac25e29905f564b276c9e. Fixes <https://issues.guix.gnu.org/54041>. Reported by Ricardo Wurmus <rekado@elephly.net>. * gnu/services/virtualization.scm (qemu-guest-agent-shepherd-service): Use accessors for <qemu-guest-agent-configuration>.
2021-12-12	services: secret-service: Turn into a Shepherd service.	Ludovic Courtès
	* gnu/services/virtualization.scm (secret-service-activation): Remove. (secret-service-shepherd-services): New procedure. (secret-service-type)[extensions]: Remove ACTIVATION-SERVICE-TYPE extension. Add SHEPHERD-ROOT-SERVICE-TYPE and USER-PROCESSES-SERVICE-TYPE extensions. * gnu/build/secret-service.scm (delete-file*): New procedure. (secret-service-receive-secrets): Use it.
2021-11-30	services: Accept <inferior-package>s in lieu of <package>s.	Tobias Geerinckx-Rice
	* gnu/services/authentication.scm (fprintd-configuration) (nslcd-configuration): Substitute file-like objects for package ones. * gnu/services/cgit.scm (cgit-configuration, opaque-cgit-configuration): Likewise. * gnu/services/cups.scm (package-list?, cups-configuration): Likewise. * gnu/services/dns.scm (verify-knot-configuration) (ddclient-configuration): Likewise. * gnu/services/docker.scm (docker-configuration): Likewise. * gnu/services/file-sharing.scm (transmission-daemon-configuration): Likewise. * gnu/services/getmail.scm (getmail-configuration): Likewise. * gnu/services/mail.scm (dovecot-configuration) (opaque-dovecot-configuration): Likewise. * gnu/services/messaging.scm (prosody-configuration) (opaque-prosody-configuration): Likewise. * gnu/services/monitoring.scm (zabbix-server-configuration) (zabbix-agent-configuration): Likewise. * gnu/services/networking.scm (opendht-configuration): Likewise. * gnu/services/pm.scm (tlp-configuration): Likewise. * gnu/services/telephony.scm (jami-configuration): Likewise. * gnu/services/virtualization.scm (libvirt-configuration) (qemu-guest-agent-configuration): Likewise. * gnu/services/vpn.scm (openvpn-client-configuration): Likewise.
2021-11-12	services: Add qemu-guest-agent service.	Timotej Lazar
	* gnu/services/virtualization.scm (<qemu-guest-agent-configuration>): New record. (qemu-guest-agent-shepherd-service): New procedure. (qemu-guest-agent-service-type): New variable. * doc/guix.texi (Virtualization Services): Document it. Signed-off-by: Ludovic Courtès <ludo@gnu.org>
2021-09-04	services: libvirt: Change unix-sock-group default.	Brice Waegeneire
	When accessing libvrtd remotely, polkit can't be used unless you are logged as root. Instead allow libvirt groups member access to the control socket. * gnu/services/virtualization.scm (libvirt-configuration) [unix-sock-group]: Change default from "root" to "libvirt".
2021-09-04	services: libvirt: Add qemu field.	Brice Waegeneire
	* gnu/services/virtualization.scm (libvirt-configuration): Add 'qemu' field. (libvirt-service-type): Replace 'qemu' package with the one specified in the service configuration.
2021-08-30	services: hurd-vm: Use the new 'targets' field of <bootloader-configuration>.	Ludovic Courtès
	* gnu/services/virtualization.scm (%hurd-vm-operating-system): Use 'targets' instead of 'target' for the 'bootloader-configuration' field.
2021-08-29	services: Remove i486 qemu target.	Efraim Flashner
	The i486 target has been removed from qemu since at least 5.2.0. * gnu/services/virtualization.scm (%i486): Remove variable. (%qemu-platforms): Remove it.
2021-07-10	services: qemu-binfmt: Preserve argv[0] by default.	Ludovic Courtès
	Previously, argv[0] would be replaced by the absolute file name of the executable. This could cause discrepancies, for example in the Coreutils test suite: <https://issues.guix.gnu.org/49485>. * gnu/services/virtualization.scm (<qemu-platform>)[flags]: Default to "FP".
2021-03-15	services/qemu-binfmt: Use the F flag and the static output of QEMU.	Maxim Cournoyer
	Fixes <https://issues.guix.gnu.org/36117>. Before this change, the 'binfmt_misc' entries registered for QEMU would not be usable in container contexts outside of guix-daemon (without manually bind mounting file names). For example: $ docker run --rm arm32v7/debian true standard_init_linux.go:207: exec user process caused "no such file or directory" After this change, any container can make use of the QEMU binfmt_misc registrations, as their corresponding QEMU static binaries are fully pre-loaded by the kernel. * gnu/services/virtualization.scm (<qemu-platform>): Define using 'define-record-type'. [flags]: New field, which defaults to "F" (fix binary). (%i386, %i486, %alpha, %arm, %armeb, %sparc, %sparc32plus, %ppc, %ppc64) (%ppc64le, %m68k, %mips, %mipsel, %mipsn32, %mipsn32el, %mips64, %mips64el) (%riscv32, %riscv64, %sh4, %sh4eb, %s390x, %aarch64, %hppa): Adjust. (qemu-binfmt-guix-chroot): Remove variable. (qemu-binfmt-service-type): Remove the qemu-binfmt-guix-chroot extension. gnu/services/qemu-binfmt (qemu-platform->binfmt): Use the static output of QEMU. * doc/contributing.texi (Submitting Patches): Update doc. * doc/guix.texi (Virtualization Services): Update doc.
2021-01-16	services: qemu-binfmt: 'guix-support?' defaults to #t.	Stefan
	* gnu/services/virtualization.scm (qemu-binfmt-service-type)[guix-support?]: Change the default from #f to #t. * doc/guix.texi (Transparent Emulation with QEMU): Change the default of ‘guix-support?’ from #f to #t. Describe the implication of setting it to #f. Co-authored-by: Ludovic Courtès <ludo@gnu.org>
2021-01-14	services: hurd-vm: Respect hurd-vm-configuration's disk-size.	Jan (janneke) Nieuwenhuizen
	This is a follow-up to commit 859b362f81598830d7ff276b96a8724aee3c4db7. * gnu/services/virtualization.scm (hurd-vm-disk-image): Use diks-size from config to set image's size.
2020-12-07	services: hurd-vm: Avoid circular dependency with (gnu system images hurd).	Ludovic Courtès
	* gnu/services/virtualization.scm (hurd-vm-disk-image): Use 'lookup-image-type-by-name' instead of referring to 'hurd-disk-image' from (gnu system images hurd).
2020-10-25	services: guix: Make /etc/guix/acl really declarative by default.	Ludovic Courtès
	Fixes <https://bugs.gnu.org/39819>. Reported by Maxim Cournoyer <maxim.cournoyer@gmail.com>. * gnu/services/base.scm (substitute-key-authorization): Symlink DEFAULT-ACL to /etc/guix/acl unconditionally. Add code to optionally back up /etc/guix/acl if it was possibly modified by hand. * doc/guix.texi (Base Services): Clarify the effect of setting 'authorize-keys?' to true. Mention the backup. Give an example showing how to authorize substitutes from another server.
2020-10-09	services: hurd-vm: Add 'gdb-minimal' to the default OS.	Ludovic Courtès
	* gnu/services/virtualization.scm (%hurd-vm-operating-system)[packages]: New field.
2020-09-30	services: hurd-vm: Add childhurd user to kvm group.	Jan (janneke) Nieuwenhuizen
	This is a follow-up to commit d692ebf98077d6b651d426aba92bf2a38599c4dc. * gnu/services/virtualization.scm (%hurd-vm-accounts)[supplementary-groups]: Add ’kvm’. * gnu/services/virtualization.scm (hurd-vm-shepherd-service): Use #:group "kvm"
2020-09-30	services: virtualization: Use a compressed qcow2 hurd disk-image.	Mathieu Othacehe
	* gnu/services/virtualization.scm (hurd-vm-disk-image): Use 'compressed-qcow2 format.
2020-09-29	services: secret-service: Add initial client/server handshake.	Ludovic Courtès
	This allows the client running on the host to know when it's actually connect to the server running in the guest. Failing that, the client would connect right away to QEMU and send secrets even though the server is not running yet in the guest, which is unreliable. * gnu/build/secret-service.scm (secret-service-send-secrets): Add #:handshake-timeout. Read from SOCK an initial message from the server. Return #f on error. (secret-service-receive-secrets): Send 'secret-service-server' message to the client. Close SOCK upon timeout. * gnu/services/virtualization.scm (hurd-vm-shepherd-service): 'start' method returns #f when 'secret-service-send-secrets' returns #f.
2020-09-29	services: secret-service: Move instance last in the list of services.	Ludovic Courtès
	* gnu/services/virtualization.scm (secret-service-operating-system): Add the SECRET-SERVICE-TYPE instance to the end of the list.
2020-09-29	services: hurd-vm: Pass "-no-reboot" when spawning the Hurd VM.	Ludovic Courtès
	* gnu/services/virtualization.scm (hurd-vm-shepherd-service)[vm-command]: Add "--no-reboot".
2020-09-29	services: hurd-vm: Initialize the guest's SSH/Guix keys at activation time.	Ludovic Courtès
	* gnu/services/virtualization.scm (initialize-hurd-vm-substitutes) (hurd-vm-activation): New procedures. (hurd-vm-service-type)[extensions]: Add ACTIVATION-SERVICE-TYPE extension. * doc/guix.texi (Transparent Emulation with QEMU): Mention GNU/Hurd. (The Hurd in a Virtual Machine): Explain which files are automatically installed and mention offloading.
2020-09-29	services: hurd-vm: Check whether /dev/kvm exists at run time.	Ludovic Courtès
	This change allows a childhurd to run within Guix System in a VM. * gnu/services/virtualization.scm (hurd-vm-shepherd-service)[vm-command]: Stage the 'file-exists?' call.
2020-09-29	services: childhurd: Tweak description.	Ludovic Courtès
	* gnu/services/virtualization.scm (hurd-vm-service-type)[description]: Mention "childhurd".
2020-09-29	services: hurd-vm: Run QEMU as an unprivileged user.	Ludovic Courtès
	Until qemu was running as "root", which is unnecessary. * gnu/services/virtualization.scm (%hurd-vm-accounts): New variable. (hurd-vm-service-type)[extensions]: Add ACCOUNT-SERVICE-TYPE extension.
2020-09-02	services: childhurd: Always include the secret-service.	Jan (janneke) Nieuwenhuizen
	* gnu/services/virtualization.scm (secret-service-operating-system): New procedure. (hurd-vm-disk-image): Use it to ensure a Childhurd always includes the secret-service. (%hurd-vm-operating-system): Remove secret-service. Co-authored-by: Ludovic Courtès <ludo@gnu.org>
2020-09-01	services: childhurd: Support installing secrets from the host.	Jan (janneke) Nieuwenhuizen
	* gnu/services/virtualization.scm (%hurd-vm-operating-system): Add secret-service. (hurd-vm-shepherd-service): Use it to install secrets. * doc/guix.texi (The Hurd in a Virtual Machine): Document it.
2020-09-01	services: Add secret-service-type.	Jan (janneke) Nieuwenhuizen
	This adds a "secret-service" that can be added to a Childhurd VM to receive out-of-band secrets (keys) sent from the host. Co-authored-by: Ludovic Courtès <ludo@gnu.org> * gnu/services/virtualization.scm (secret-service-activation): New procedure. (secret-service-type): New variable. * gnu/build/secret-service.scm: New file. * gnu/local.mk (GNU_SYSTEM_MODULES): Add it.
2020-06-28	services: virtualization: Export hurd-vm-configuration accessors.	Jan (janneke) Nieuwenhuizen
	* gnu/services/virtualization.scm (hurd-vm-id, hurd-vm-options): Rename export to ... (hurd-vm-configuration-id, hurd-vm-configuration-options): ... these correct accessor names. (hurd-vm-configuration?, hurd-vm-configuration-os, hurd-vm-configuration-qemu, hurd-vm-configuration-image, hurd-vm-configuration-disk-size, hurd-vm-configuration-memory-size, hurd-vm-configuration-options, hurd-vm-configuration-id, hurd-vm-configuration-net-options): Export record predicate and accessors.
2020-06-25	services: childhurd: Adjust for hurd-disk-image move.	Marius Bakke
	This is a follow-up to commit b904b59ce592c89dfb4675a8c06757afed6738a0. * gnu/services/virtualization.scm: Import (gnu system images hurd).
2020-06-21	services: childhurd: Support more than one instance.	Jan (janneke) Nieuwenhuizen
	* gnu/services/virtualization.scm (<hurd-vm-configuration>)[options]: Remove "--hda" option. [id,net-options]: New fields. (hurd-vm-net-options): New procedure. Parameterize port forwarding with ID. * gnu/services/virtualization.scm (hurd-vm-shepherd-service): Use them. Parameterize provision with ID, if set. Hardcode "--hda" option for image. * doc/guix.texi (Virtualization Services): Document new fields. Update for hardcoding of "--hda".
2020-06-14	services: Add 'hurd-vm service-type'.	Jan (janneke) Nieuwenhuizen
	* gnu/services/virtualization.scm (hurd-vm-shepherd-service, hurd-vm-disk-image): New procedures. (%hurd-vm-operating-system, hurd-vm-service-type): New variables. (<hurd-vm-configuration>): New record type. * doc/guix.texi (Virtualization Services): Document it. * gnu/services/shepherd.scm (scm->go): Use let-system, remove FIXME. Fixes fixes cross-building of shepherd modules for the Hurd image.