aboutsummaryrefslogtreecommitdiff
path: root/gnu/build
Commit message (Collapse)AuthorAge
* privilege: Add POSIX capabilities(7) support.Tobias Geerinckx-Rice2024-08-11
| | | | | | | | | | | | * gnu/system/privilege.scm (<privileged-program>): Add a field representing the program's POSIX capabilities. (privileged-program-capabilities): New public procedure. * doc/guix.texi (Privileged Programs): Document it. * gnu/build/activation.scm (activate-privileged-programs): Take a LIBCAP package argument providing setcap(8) to apply said capabilities. * gnu/services.scm (privileged-program->activation-gexp): Pass said package argument where supported. Include privileged-program-capabilities in the compatibility hack.
* build: Rename activate-setuid-programs.Tobias Geerinckx-Rice2024-08-11
| | | | | | | * gnu/build/activation.scm (activate-setuid-programs): Rename this… (activate-privileged-programs): …to this. Operate on a list of <privileged-program> records. * gnu/services.scm (setuid-program->activation-gexp): Adjust caller.
* services: setuid-program: Populate /run/privileged/bin.Tobias Geerinckx-Rice2024-08-11
| | | | | | | | | | | | | | Create /run/setuid-programs compatibility symlinks so that we can migrate all users (both package and human) piecemeal at our leisure. Apart from being symlinks, this should be a user-invisible change. * gnu/build/activation.scm (%privileged-program-directory): New variable. [activate-setuid-programs]: Put privileged copies in %PRIVILEGED-PROGRAM-DIRECTORY, with compatibility symlinks to each in %SETUID-DIRECTORY. * gnu/services.scm (setuid-program-service-type): Update docstring. * doc/guix.texi (Setuid Programs): Update @file{} name accordingly.
* file-systems: Allow specifying CIFS credentials in a file.vicvbcun2024-07-26
| | | | | | | | | | | | | As files in the store and /etc/fstab are world readable, specifying the password in the file-system record is suboptimal. To mitigate this, `mount.cifs' supports reading `username', `password' and `domain' options from a file named by the `credentials' or `cred' option. * gnu/build/file-systems.scm (mount-file-system): Read mount options from the file specified via the `credentials' or `cred' option if specified. Change-Id: I786c5da373fc26d45fe7a876c56a8c4854d18532 Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* file-systems: Skip checking the cifs file-system type.Richard Sent2024-07-20
| | | | | | | * gnu/build/file-systems.scm (check-file-system)[check-procedure]: Add cifs. Change-Id: I891b18f03884ed45e92ac32556fe04b3087e20dd Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* file-systems: Add support for mounting CIFS file systemsRichard Sent2024-06-04
| | | | | | | | | | | | * gnu/build/file-systems (canonicalize-device-name): Do not attempt to resolve CIFS formatted device specifications. (mount-file-systems): Add mount-cifs nested function. * gnu/machine/ssh.scm (machine-check-file-system-availability): Skip checking for CIFS availability, similar to NFS. * guix/scripts/system.scm (check-file-system-availability): Likewise. Change-Id: I182e290eba64bbe5d1332815eb93bb68c01e0c3c Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* file-systems: Add host-to-ip nested functionRichard Sent2024-06-04
| | | | | | | | * gnu/build/file-systems (mount-file-system): Split out getaddrinfo logic into a dedicated function, (host-to-ip) Change-Id: I522d70a10651ca79533a4fc60b96b884243a3526 Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* gnu: linux-libre: Enable Zstd compression of kernel modules.Maxim Cournoyer2024-05-29
| | | | | | | | | | | | | | | | | | | | | | | | | This brings the on disk size of the kernel from 164 MiB to 144 MiB, or about 12%. * gnu/packages/linux.scm (default-extra-linux-options) [version>=5.13]: Enable CONFIG_MODULE_COMPRESS_ZSTD, else CONFIG_MODULE_COMPRESS_GZIP. (make-linux-libre*) [phases] {set-environment}: Set ZSTD_CLEVEL environment variable to 19. [native-inputs]: Add zstd. * gnu/build/linux-modules.scm (module-regex): Add .zst to regexp. Update doc. (modinfo-section-contents): Extend support to Zstd compressed module. (dot-ko): Register the 'zstd compression type. (ensure-dot-ko, file-name->module-name, load-linux-module*) (module-name->file-name/guess, write-module-name-database) (write-module-alias-database, write-module-device-database): Update doc. (module-name-lookup): Also consider zstd-compressed modules. * gnu/installer.scm (installer-program): Add guile-zstd extension to gexp. * gnu/system/linux-initrd.scm (flat-linux-module-directory): Likewise. Decompress zstd-compressed modules for use in initrd. * guix/profiles.scm (linux-module-database): Add guile-zstd extension to gexp. Change-Id: Ide899dc5c58ea5033583b1a91a92c025fc8d901a
* linux-modules: Ignore nonexistent module files on boot.Hilton Chain2024-03-27
| | | | | | | | | | | This is a follow-up to 8f8ec56052766aa5105d672b77ad9eaca5c1ab3c, which only covers building initrd, while the booting code still tries to load nonexistent files for builtin modules. * gnu/build/linux-modules.scm (load-linux-modules-from-directory): Ignore nonexistent module files. Change-Id: I09ef207e82397e915e671c8464b92bcf90f03dcf
* services: activation: Ensure /run existence.Nicolas Graves2024-02-19
| | | | | | | | | * gnu/build/activation.scm (activation-script): Ensure /var/run existence. * gnu/build/install.scm (evaluate-populate-directive) [directives]: Remove directory /run. Change-Id: I19ca8e7605c0cff598ab89077a94e20390ba27b0 Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* services: activation: Ensure /var/run existence.Nicolas Graves2024-02-19
| | | | | | | | | * gnu/services.scm (activation-script): Ensure /var/run existence. * gnu/build/install.scm (evaluate-populate-directive) [directives]: Remove directory /var/run. Change-Id: I5fb93d33b6b1f045f1e5ba206b9b0b74b5184260 Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* file-systems: Recognize “none” as a valid device spec.Nicolas Graves2024-02-19
| | | | | | | | * gnu/build/file-systems (canonicalize-device-name): Fallback to tmpfs if spec is "none". Change-Id: Ia55c715d04c7611ba8c979f23f1ad4a8ed2e75b6 Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* marionette: Add #:peek? to ‘wait-for-tcp-port?’.Ludovic Courtès2024-02-10
| | | | | | | * gnu/build/marionette.scm (wait-for-tcp-port): Add #:peek? parameter and honor it. Change-Id: Ie7515a5223299390ab8af6fe5aa3cf63ba5c8078
* services: secret-service: Make the endpoint configurable.Ludovic Courtès2024-02-10
| | | | | | | | | | | | | | | | | Until now, the secret service had a hard-coded TCP endpoint on port 1004. This change lets users specify arbitrary socket addresses. * gnu/build/secret-service.scm (socket-address->string): New procedure, taken from Shepherd. (secret-service-send-secrets): Replace ‘port’ by ‘address’ and adjust accordingly. (secret-service-receive-secrets): Likewise. * gnu/services/virtualization.scm (secret-service-shepherd-services): Likewise. (secret-service-operating-system): Add optional ‘address’ parameter and honor it. Adjust ‘start’ method accordingly. Change-Id: I87a9514f1c170dca756ce76083d7182c6ebf6578
* chromium-extension: Compute json at argument evaluation time.Josselin Poiret2023-12-27
| | | | | | | | | * gnu/build/chromium-extension.scm (make-chromium-extension): Make use of the make-signing-key procedure inside the argument field, making sure that it is not evaluated at file-load time. This would otherwise try to resolve gnutls when we can't guarantee it's defined because of dependency cycles. Change-Id: Ia7b13acfbca475c2df073e9a88fc8bb9264dd968
* shepherd: Remove ‘make-forkexec-constructor/container’.Ludovic Courtès2023-12-22
| | | | | | | | | This was superseded by ‘least-authority-wrapper’. * gnu/build/shepherd.scm (read-pid-file/container) (make-forkexec-constructor/container): Remove. Change-Id: I6acccdff2609a35807608f865a4d381146113a88
* gnu: cross-toolchain: Add set-cross-path for AVR.Jean-Pierre De Jesus DIAZ2023-12-11
| | | | | | | | | | * gnu/build/cross-toolchain.scm (set-cross-path/avr): New procedure. (cross-gcc-build-phases) [string-prefix? "avr"]: Return set-cross-path/avr procedure. Signed-off-by: Jean-Pierre De Jesus DIAZ <me@jeandudey.tech> Change-Id: I00bd39236ac2e31fef02164a7fffc8b56a166f0d Signed-off-by: Efraim Flashner <efraim@flashner.co.il>
* gnu: cross-gcc: Enable multilib for AVR.Jean-Pierre De Jesus DIAZ2023-12-11
| | | | | | | | | | | * gnu/build/cross-toolchain.scm (patch-multilib-shebang): New procedure. * gnu/packages/avr.scm (make-avr-gcc): Remove uneeded phases and flags for multilib. * gnu/packages/cross-base (cross-gcc-arguments) <#:configure-flags> [target-avr?]: Remove --disable-multilib and add --enable-multilib. Change-Id: Id68d803057ac898f0a670f10487b08bf0891ab0b Signed-off-by: Efraim Flashner <efraim@flashner.co.il>
* gnu: ‘make-icecat-extension’ inherits package location.Ludovic Courtès2023-12-10
| | | | | | | | | This is an improvement for the purposes of ‘guix edit’ & co. * gnu/build/icecat-extension.scm (make-icecat-extension): Add ‘location’ field. Change-Id: I896ae6823b3fe4ea013fa74e2c536f45664d8042
* linux-boot: Don't create /root before it's used.Tobias Geerinckx-Rice2023-11-19
| | | | | | * gnu/build/linux-boot.scm (boot-system): Postpone the MKDIR of /root. Change-Id: I589316a5ddf41cada02173ed4dd5b7df09b795e8
* gnu: icecat: Support Guix packaged extensions and native manifests.Clément Lassieur2023-10-23
| | | | | | | | | | | | | | | | | | | | * gnu/build/icecat-extension.scm: New file with a MAKE-ICECAT-EXTENSION procedure that makes sure the add-on directory is a symlink, so that Icecat can normalize it into a package store path. * gnu/local.mk (dist_patch_DATA): Register it, as well as new patches. * gnu/packages/browser-extensions.scm (ublock-origin)[properties]: Store the add-on ID so that it is accessible in MAKE-ICECAT-EXTENSION. [arguments]: Use the add-on ID as root directory. (ublock-origin/icecat): New procedure. * gnu/packages/gnuzilla.scm (icecat-minimal)[arguments]: Rewrite the unused 'apply-guix-specific-patches' phase so that it applies the following two patches. [native-search-paths]: New field. * gnu/packages/patches/icecat-compare-paths.patch: New patch that compares add-on paths (which are package store paths) to detect package changes. * gnu/packages/patches/icecat-use-system-wide-dir.patch: New patch that replaces "/usr/lib/mozilla" (the system-wide directory for extensions and native manifests) with "$ICECAT_SYSTEM_DIR".
* linux-modules: Fix module dependency loading.Tobias Geerinckx-Rice2023-10-15
| | | | | | * gnu/build/linux-modules.scm (dot-ko): Make COMPRESSION optional, as expected by callers RECURSIVE-MODULE-DEPENDENCIES and LOAD-LINUX-MODULE*.
* accounts: Fix typo in comment.Ludovic Courtès2023-10-12
| | | | * gnu/build/accounts.scm (passwd->shadow): Fix typo in comment.
* accounts: Ensure ‘last-change’ field of shadow entries is never zero.Ludovic Courtès2023-10-08
| | | | | * gnu/build/accounts.scm (passwd->shadow): Add ‘max’ call so NOW is greater than or equal to 1.
* secret-service: Increase default handshake timeout.Ludovic Courtès2023-10-01
| | | | | * gnu/build/secret-service.scm (secret-service-send-secrets): Increase #:handshake-timeout.
* hurd-boot: Setup/dev/hdX, /dev/hdXsY IDE device node translators.Janneke Nieuwenhuizen2023-10-01
| | | | | | | | The gnumach builtin IDE hd devices are still used, unless booting with "noide". * gnu/build/hurd-boot.scm (set-hurd-device-translators): Create /dev/hd{0..3}, /dev/hd{0..3}s{0..3}.
* Revert "gnu: system: Add home-directory-permissions field to <user-account>."Tobias Geerinckx-Rice2023-08-20
| | | | | | | | | | | | | | | | | This reverts commit e9a5eebc785cb843034b38c5c5a6dd10904bdf2a, which as far as I can tell breaks system roll-backs thusly: [...] In gnu/build/accounts.scm: 239:27 3 (_ #<<password-entry> name: "root" password: "x" uid: 0 gid: 0 real-name: "System >) In unknown file: 2 (string-join ("root" "x" "0" "0" "System administrator" "/root" #t) ":" #<undefined>) In ice-9/boot-9.scm: 1685:16 1 (raise-exception _ #:continuable? _) 1685:16 0 (raise-exception _ #:continuable? _) ice-9/boot-9.scm:1685:16: In procedure raise-exception: In procedure string-append: Wrong type (expecting string): #t
* gnu: system: Add home-directory-permissions field to <user-account>.David Thompson2023-08-25
| | | | | | | | | | | * gnu/system/accounts.scm (<user-account>)[home-directory-permissions]: New field. (user-account-home-directory-permissions): New accessor. * gnu/build/activation.scm (activate-users+groups): Use home directory permission bits from the user account object. * doc/guix.texi (User Accounts): Document new field. Signed-off-by: Josselin Poiret <dev@jpoiret.xyz>
* marionette: Allow passing custom OCR arguments.Bruno Victal2023-07-19
| | | | | | | | * gnu/build/marionette.scm (%default-ocrad-arguments): New variable. (invoke-ocrad-ocr, invoke-tesseract-ocr, marionette-screen-text) [ocr-arguments]: New argument. Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
* hurd-boot: Cater for netdde.Janneke Nieuwenhuizen2023-07-13
| | | | | | | * gnu/build/hurd-boot.scm (set-hurd-device-translators): Setup translators for netdde, eth{0,1}. Create /servers/socket/{inet,inet6} symlinks. Signed-off-by: Josselin Poiret <dev@jpoiret.xyz>
* hurd-boot: Setup pci-arbiter and rumpdisk translators.Janneke Nieuwenhuizen2023-07-13
| | | | | | | | * gnu/build/hurd-boot.scm (make-hurd-device-nodes): Create "servers/bus/pci. (set-hurd-device-translators): Create transators for pci-arbiter, rumpdisk, and /dev/wd0..3s1..4. Signed-off-by: Josselin Poiret <dev@jpoiret.xyz>
* gnu: image: Add support for unformatted partitions.Efraim Flashner2023-06-14
| | | | | | | * gnu/build/image.scm (make-unformatted-image): New procedure. (make-partition-image): Add support for unformatted partition. * gnu/system/image.scm (system-disk-image)[partition->gpt-type]: Add case for using unformatted partition uuid.
* hurd-boot: Symlink /hurd before setting up translators.Josselin Poiret2023-05-17
| | | | | | | * gnu/build/hurd-boot.scm (boot-hurd-system): Symlink /hurd before setting up translators. Reviewed-by: Janneke Nieuwenhuizen <janneke@gnu.org>
* services: dbus-service, secret-service: Do not cause (fibers) to be loaded.Ludovic Courtès2023-05-06
| | | | | * gnu/build/dbus-service.scm (sleep*): Pass #:ensure #f to 'resolve-module'. * gnu/build/secret-service.scm (wait-for-readable-fd): Likewise.
* file-systems: Validate 'no-diratime flag.Tobias Geerinckx-Rice2023-02-26
| | | | | | | | This follows up on commit c0773455397746b10194bc14c7cef144f4095b65, and adds a comment to avoid this in future. * gnu/system/file-systems.scm (invalid-file-system-flags): Add 'no-diratime to the list of KNOWN-FLAGS.
* linux-container: 'container-excursion' forks to join the PID namespace.Ludovic Courtès2023-01-30
| | | | | | | | | | Fixes <https://issues.guix.gnu.org/61156>. * gnu/build/linux-container.scm (container-excursion): Add extra call to 'primitive-fork' and invoke THUNK in the child process. * tests/containers.scm ("container-excursion"): Remove extra 'primitive-fork' call, now unnecessary. ("container-excursion*, /proc"): New test.
* container: Correctly report exit status.Ludovic Courtès2023-01-30
| | | | | | | | | * gnu/build/linux-container.scm (container-excursion): Return the raw status value. * tests/containers.scm ("container-excursion, same namespaces"): Add 'status:exit-val' call. * guix/scripts/container/exec.scm (guix-container-exec): Correctly handle the different cases.
* hurd-boot: Fix list of devices with translators.Ludovic Courtès2022-12-24
| | | | | | | | | | Fixes a regression introduced in 450f7740283ce160a7482d1c75e6e0ab17f2a6f0 and e3c6575ee93741a43003cd1aa4663151dd90b9f5, which introduced unquote-splicing without changing quote to quasiquote. * gnu/build/hurd-boot.scm (set-hurd-device-translators)[devices]: Use quasiquote, note quote.
* activation: Firmware activation handles missing support in kernel.Marius Bakke2022-12-17
| | | | | * gnu/build/activation.scm (activate-firmware): Check if firmware loading is enabled before attempting to use it.
* Merge branch 'version-1.4.0'Ludovic Courtès2022-12-12
|\
| * install: 'umount-cow-store' retries upon EBUSY.Ludovic Courtès2022-12-10
| | | | | | | | | | | | | | Possibly fixes <https://issues.guix.gnu.org/59884>. * gnu/build/install.scm (umount*): New procedure. (unmount-cow-store): Use it instead of 'umount'.
* | image: Use 512 byte blocks for EFI partitions.Efraim Flashner2022-12-12
| | | | | | | | | | | | | | Addresses <https://issues.guix.gnu.org/59695>. * gnu/build/image.scm (make-vfat-image): When creating a fat filesystem for UEFI bootable partition use 512 byte blocks.
* | system: hurd: Create more ttys.Ludovic Courtès2022-11-28
| | | | | | | | | | | | | | * gnu/build/hurd-boot.scm (set-hurd-device-translators)[devices]: Add more /dev/ttyN nodes. * gnu/system/hurd.scm (%base-services/hurd): Add more 'hurd-getty-service-type' instances.
* | hurd-boot: Explain why 'getxattr' cannot be used on GNU/Hurd.Ludovic Courtès2022-11-28
| | | | | | | | | | | | | | This is a followup to f25e8f76fec03e5a31c221e7427d6962ece1aa67. * gnu/build/hurd-boot.scm (translated?): Clarify why 'getxattr' cannot be used on GNU/Hurd.
* | hurd-boot: Create more PTY nodes.Ludovic Courtès2022-11-28
|/ | | | | * gnu/build/hurd-boot.scm (set-hurd-device-translators): Create more /dev/ptyp* and /dev/ttyp* nodes.
* file-systems: Always do recursive bind mounts.Ricardo Wurmus2022-11-20
| | | | | | | | Fixes <https://issues.guix.gnu.org/59185>. * guix/build/syscalls.scm (MS_REC): New variable. * gnu/build/file-systems.scm (mount-flags->bit-mask): Set MS_REC bit when bind-mounting.
* tests: root-unmount: Wait for the first QEMU process to finish.Ludovic Courtès2022-11-17
| | | | | | | | There was a tiny possibility that the first QEMU process would still be running by the time we launch the second one. * gnu/build/marionette.scm (marionette-pid): Export. * gnu/tests/base.scm (run-root-unmount-test)[test]: Add 'waitpid' call.
* install: Validate symlink target in evaluate-populate-directive.Maxim Cournoyer2022-11-15
| | | | | | | * gnu/build/install.scm (evaluate-populate-directive): By default, error when the target of a symlink doesn't exist. Always ensure TARGET ends with "/". (populate-root-file-system): Call evaluate-populate-directive with #:error-on-dangling-symlink #t and add comment.
* linux-modules: Add 'load-pci-device-database'.Ludovic Courtès2022-11-15
| | | | | * gnu/build/linux-modules.scm (read-pci-device-database) (load-pci-device-database): New procedures.
* linux-modules: Add support for listing PCI devices.Ludovic Courtès2022-11-15
| | | | | | * gnu/build/linux-modules.scm (<pci-device>): New record type. (pci-device-class-predicate, storage-pci-device?, network-pci-device?) (display-pci-device?, pci-devices?): New procedures.