| Age | Commit message (Collapse) | Author |
|---|
|
This addresses a potential security issue, where a compromised
service could trick the activation code in changing the permissions,
owner and group of arbitrary files. However, this patch is
currently only a partial fix, due to a TOCTTOU (time-of-check to
time-of-use) race, which can be fixed once guile has bindings
to openat and friends.
Fixes: <https://lists.gnu.org/archive/html/guix-devel/2021-01/msg00388.html>
* gnu/build/activation.scm: new procedure 'mkdir-p/perms'.
* gnu/services/authentication.scm
(%nslcd-activation, nslcd-service-type): use new procedure.
* gnu/services/cups.scm (%cups-activation): likewise.
* gnu/services/dbus.scm (dbus-activation): likewise.
* gnu/services/dns.scm (knot-activation): likewise.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
|
|
The Cuirass configuration has been simplified so that this is no longer
needed.
* gnu/services/cuirass.scm (<build-manifest>, <simple-cuirass-configuration>,
simple-cuirass-configuration->specs): Remove them.
|
|
Fixes: <https://issues.guix.gnu.org/46683>.
* gnu/services/cuirass.scm (cuirass-activation): Since the PostgreSQL switch,
it is no longer needed to create the database directory.
|
|
* gnu/services/guix.scm (guix-build-coordinator-agent-dynamic-auth-with-file,
guix-build-coordinator-agent-dynamic-auth-with-filen?,
guix-build-coordinator-agent-dynamic-auth-with-file-agent-name,
guix-build-coordinator-agent-dynamic-auth-with-file-token-file): New procedures.
(guix-build-coordinator-agent-shepherd-services): Handle new dynamic auth with
file record.
* doc/guix.texi (Guix Build Coordinator): Document the new dynamic auth with
file record.
|
|
* gnu/services/shepherd.scm (assert-valid-graph): Make public.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
|
|
* gnu/services/guix.scm (guix-build-coordinator-agent-dynamic-auth,
guix-build-coordinator-agent-dynamic-auth?,
guix-build-coordinator-agent-dynamic-auth-agent-name,
guix-build-coordinator-agent-dynamic-auth-token): New procedures.
(guix-build-coordinator-agent-shepherd-services): Handle new dynamic auth
record.
* doc/guix.texi (Guix Build Coordinator): Document the new dynamic auth
record.
|
|
A new authentication approach has been added to the coordinator, so to better
represent the options, this commit changes the configuration to accept
different records, each for different authentication approaches.
* gnu/services/guix.scm (guix-build-coordinator-agent-configuration-uuid,
guix-build-coordinator-agent-configuration-password,
guix-build-coordinator-agent-configuration-password-file): Removed
procedures.
(guix-build-coordinator-agent-password-auth,
guix-build-coordinator-agent-password-auth?,
guix-build-coordinator-agent-password-auth-uuid,
guix-build-coordinator-agent-password-auth-password,
guix-build-coordinator-agent-password-file-auth,
guix-build-coordinator-agent-password-file-auth?,
guix-build-coordinator-agent-password-file-auth-uuid,
guix-build-coordinator-agent-password-file-auth-password-file): New
procedures.
(guix-build-coordinator-agent-shepherd-services): Adjust to handle the
authentication field and it's possible record values.
* doc/guix.texi (Guix Build Coordinator): Update documentation.
|
|
Fixes <https://bugs.gnu.org/46767>.
Previously /run/booted-system would end up referring to
/var/guix/profiles/system-NNN-link; consequently, the booted system
would not be GC-protected.
* gnu/services/shepherd.scm (shepherd-boot-gexp): Call
'canonicalize-path' instead of 'readlink'.
|
|
* gnu/services/cuirass.scm (cuirass-shepherd-service): Add "postgres-roles" to
cuirass requirements. Set cuirass-web requirements to cuirass only. Remove
"guix-daemon" and "networking" from cuirass-remote-server requirements as are
already required by cuirass.
|
|
Make sure that the postgresql-roles script is completed before declaring the
postgresql-roles service as started.
* gnu/services/databases.scm (postgresql-create-roles): Return the command
line instead of a program-file.
(postgresql-role-shepherd-service): Use fork+exec-command to start the role
creation script and wait for its completion before returning.
|
|
Instead of returning multiple services in simple-cuirass-services, rely on the
instantiate-missing-services procedure to instantiate postgresql and
postgresql-role-service-type when missing.
Turn simple-cuirass-services procedure into
simple-cuirass-configuration->specs, that takes a simple-cuirass-configuration
record and returns a Cuirass specification.
Suggested-by: Ludovic Courtès <ludo@gnu.org>
* gnu/services/cuirass.scm (%default-cuirass-config): Remove it.
(simple-cuirass-services): Rename it to ...
(simple-cuirass-configuration->specs): ... this procedure.
* gnu/tests/cuirass.scm (cuirass-services): Remove postgresql and
postgresql-role services that are automatically instantiated.
(simple-cuirass-service): New variable.
(%cuirass-simple-test): Adapt it to use simple-cuirass-configuration->specs
instead of simple-cuirass-services.
* doc/guix.texi (Simple Cuirass): Update it.
|
|
* gnu/services/databases.scm (postgresql-service-type): Define a default value.
|
|
* gnu/services/cuirass.scm (cuirass-service-type): Instantiate postgresql
service when missing.
|
|
* doc/guix.texi (Networking Services): Document new `control-socket?'
option for `tor-configuration`.
* gnu/services/networking.scm (<tor-configuration>):
(tor-configuration->torrc):
|
|
* gnu/services/cuirass.scm (<cuirass-configuration>)[parameters]: New field.
[zabbix-uri]: Remove it.
(cuirass-shepherd-service): Honor it.
|
|
* gnu/services/cuirass.scm (<build-manifest>,
<simple-cuirass-configuration>): New records.
(build-manifest, build-manifest?, simple-cuirass-configuration,
simple-cuirass-configuration?, simple-cuirass-services): New procedures.
(%default-cuirass-config): New variable.
* gnu/tests/cuirass.scm (%cuirass-simple-test): New variable.
* doc/guix.texi (Continuous Integration): Document it.
|
|
* gnu/services/vpn.scm (wireguard-peer, wireguard-configuration): New records.
(wireguard-service-type): New variable.
* doc/guix.texi (VPN Services): Document it.
|
|
* gnu/services/web.scm (<agate-configuration>): New record type.
(agate-accounts, agate-shepherd-service): New procedures.
(agate-service-type): New variable.
* doc/guix.texi (Web Services): Document it.
Signed-off-by: Nicolas Goaziou <mail@nicolasgoaziou.fr>
|
|
* gnu/services/cuirass.scm (<cuirass-remote-worker-configuration>)[server]:
New field.
(cuirass-remote-worker-shepherd-service): Honor it.
|
|
* gnu/services/file-sharing.scm: New file.
* gnu/local.mk (GNU_SYSTEM_MODULES): Add it.
* po/packages/POTFILES.in: Add it.
* tests/services/file-sharing.scm: New file.
* Makefile.am (SCM_TESTS): Add it.
* doc/guix.texi (File-Sharing Services): New section.
Signed-off-by: 宋文武 <iyzsong@member.fsf.org>
|
|
* gnu/services/xorg.scm (xorg-server-service-type): New service type.
(xorg-server-profile-service): New procedure.
|
|
* gnu/services/dns.scm (verify-knot-key-configuration): Fix the
order of memq arguments.
(verify-knot-keystore-configuration): Likewise.
(verify-knot-acl-configuration): Replace fold with every procedure.
Signed-off-by: 宋文武 <iyzsong@member.fsf.org>
|
|
This is a follow-up of 703e5c92eeb38d86455c2b1cace5cad9fc08b349.
* gnu/services/cuirass.scm (cuirass-shepherd-service): Move "zabbix-uri"
argument to the web process.
|
|
* gnu/services/cuirass.scm (<cuirass-configuration>)[zabbix-uri]: New field.
(cuirass-shepherd-service): Honor it.
|
|
* gnu/services/linux.scm (kernel-module-loader-shepherd-service):
Remove 'file-systems requirement.
Signed-off-by: Danny Milosavljevic <dannym@scratchpost.org>
|
|
* gnu/services/databases.scm (postgresql-create-roles): Quote the name in
the SQL query so that roles/usernames containing hyphens will work.
|
|
* gnu/services/nfs.scm (rpcbind-service-type): Adjust for the file name change
of the rpcbind command.
|
|
* gnu/services/shepherd.scm (<shepherd-configuration>): New record.
(shepherd-boot-gexp, shepherd-root-service-type): Use it.
(scm->go, shepherd-configuration-file): Allow passing custom
shepherd package.
* gnu/system.scm (operating-system-shepherd-service-names): Use the new
record.
* guix/scripts/system.scm (export-shepherd-graph): Adjust accordingly.
* doc/guix.texi (Shepherd Services). Document it.
Co-authored-by: Ludovic Courtès <ludo@gnu.org>
|
|
* gnu/services/cuirass.scm (cuirass-activation): Create remote-server cache
directory if needed.
Signed-off-by: Mathieu Othacehe <othacehe@gnu.org>
|
|
This is a follow-up of 189e62fa69049538884077155cc70cac43260118.
* gnu/services/cuirass.scm (<cuirass-remote-server-configuration>): Fix
syntax.
Signed-off-by: Mathieu Othacehe <othacehe@gnu.org>
|
|
* gnu/services/cuirass.scm (cuirass-remote-worker-shepherd-service): Add
log-file support.
Signed-off-by: Mathieu Othacehe <othacehe@gnu.org>
|
|
* gnu/services/cuirass.scm (cuirass-remote-worker-shepherd-service): Fix
workers arguments.
Signed-off-by: Mathieu Othacehe <othacehe@gnu.org>
|
|
* gnu/services/cuirass.scm (<cuirass-remote-worker-configuration>)[systems]:
New field.
(cuirass-remote-worker-shepherd-service): Honor it.
Signed-off-by: Mathieu Othacehe <othacehe@gnu.org>
|
|
|
|
|
|
* gnu/services/databases.scm (postgresql-role,
postgresql-role?, postgresql-role-name,
postgresql-role-permissions, postgresql-role-create-database?,
postgresql-role-configuration, postgresql-role-configuration?,
postgresql-role-configuration-host, postgresql-role-configuration-roles,
postgresql-role-service-type): New procedures.
* gnu/tests/databases.scm: Test it.
* doc/guix.texi: Document it.
|
|
* gnu/services/databases.scm: Wrap long lines, no functional change.
|
|
* gnu/services/databases.scm (postgresql-configuration-log-directory): New
procedure.
(<postgresql-configuration>)[log-directory]: New field.
(postgresql-activation): Create the log directory.
(postgresql-shepherd-service): Honor it.
* gnu/tests/databases.scm (%postgresql-log-directory): New variable.
(log-file): New test case.
* doc/guix.texi (Database Services): Document it.
|
|
* gnu/services/databases.scm (postgresql-config-file-socket-directory): New
procedure.
(<postgresql-config-file>)[socket-directory]: New field.
(postgresql-config-file-compiler): Honor it.
(postgresql-activation): Create the socket directory if needed.
* doc/guix.texi (Database Services): Document it.
* gnu/tests/guix.scm (%guix-data-service-os): Adapt it.
* gnu/tests/monitoring.scm (%zabbix-os): Ditto.
* gnu/tests/web.scm (patchwork-os): Ditto.
Signed-off-by: Mathieu Othacehe <othacehe@gnu.org>
|
|
* gnu/services/databases.scm (postgresql-config-file-compiler): Support Guile
datatypes in the "extra-config" field.
* gnu/tests/databases.scm (%postgresql-os): Test it.
* doc/guix.texi (Database Services): Document it.
|
|
* gnu/services/web.scm (php-fpm-accounts): Ensure `php-fpm` group is not
duplicated.
Signed-off-by: Leo Prikler <leo.prikler@student.tugraz.at>
|
|
* gnu/services/cups.scm (%cups-accounts): Try to reuse lp from %base-groups.
|
|
* gnu/services/networking.scm (openntpd-configuration): Remove
"allow-large-adjustment?" field.
(openntpd-shepherd-service): Remove use of "allow-large-adjustment?"
configuration field and "-s" daemon option.
* tests/networking.scm (%openntpd-conf-sample): Remove
"allow-large-adjustment?" field.
* doc/guix.texi (Networking Services)[openntpd-service-type]: Remove
"allow-large-adjustment?" field from sample configuration.
[openntpd-configuration]: Remove description of "allow-large-adjustment?"
field.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
|
|
* gnu/services/virtualization.scm (qemu-binfmt-service-type)[guix-support?]:
Change the default from #f to #t.
* doc/guix.texi (Transparent Emulation with QEMU): Change the default of
‘guix-support?’ from #f to #t. Describe the implication of setting it to #f.
Co-authored-by: Ludovic Courtès <ludo@gnu.org>
|
|
This is a follow-up to commit 859b362f81598830d7ff276b96a8724aee3c4db7.
* gnu/services/virtualization.scm (hurd-vm-disk-image): Use diks-size from
config to set image's size.
|
|
* gnu/services/shepherd.scm (shepherd-service-type): Require a
'description' form.
* gnu/services/base.scm (root-file-system-service-type)
(rngd-service-type, host-name-service-type):
(virtual-terminal-service-type, console-keymap-service-type)
(syslog-service-type, swap-service-type)
(kmscon-service-type): Add description.
* gnu/services/networking.scm (dhcp-client-service-type): Likewise.
* gnu/system/install.scm (cow-store-service-type): Likewise.
* gnu/system/linux-container.scm (dummy-networking-service-type):
Likewise.
* gnu/system/mapped-devices.scm (device-mapping-service-type):
Likewise.
* tests/guix-system.sh: Likewise.
|
|
* gnu/services/networking.scm (<keepalived-configuration>): New record.
(keepalived-shepherd-service): New procedure.
(keepalived-service-type): New variable.
* doc/guix.texi (Networking Services): Document this.
|
|
* gnu/services/syncthing.scm: New file.
* gnu/local.mk: Add this.
* doc/guix.texi: Document this.
|
|
* gnu/services/cups.scm (cups-configuration): Add brlaser to the default
extensions.
* doc/guix.texi (Printing Services): Document it.
|
|
* gnu/services/linux.scm (kernel-module-loader-shepherd-service): Return
a 'shepherd-service' instead of a list of it.
(kernel-module-loader-service-type): Adjust it.
Signed-off-by: Danny Milosavljevic <dannym@scratchpost.org>
|
