| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
References:
https://sysctl-explorer.net/fs/protected_hardlinks/
https://sysctl-explorer.net/fs/protected_symlinks/
* gnu/services/sysctl.scm (%default-sysctl-settings): New public variable.
(<sysctl-configuration>): Use %default-sysctl-settings as the default value.
* gnu/services/base.scm (%base-services): Add sysctl-service-type.
* doc/guix.texi (Miscellaneous Services): Document the new defaults.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
mongodb 3.4.10 has unpatched CVEs and mongodb 3.4.24 has some files in the
release tarball under the SSPL, therefore we cannot provide mongodb while
upholding to good security standards.
It turns out feff80cec3c97a3df2c20d300be12d67f79d4f22 was right since while
the main license file wasnt altered to SSPL, some files in the tree contain
SSPL headers.
* gnu/packages/databases.scm (go-gopkg.in-mgo.v2): Remove.
* gnu/packages/databases.scm (mongo-tools): Remove.
* doc/guix.texi (mongodb-service-type): Remove.
* gnu/tests/databases.scm (%test-mongodb, %mongodb-os, run-mongodb-test):
Remove.
* gnu/services/databases.scm (mongodb-configuration, mongodb-configuration?,
mongodb-configuration-mongodb, mongodb-configuration-config-file,
mongodb-configuration-data-directory, mongodb-service-type,
%default-mongodb-configuration-file, %mongodb-accounts, mongodb-activation,
mongodb-shepherd-service): Remove.
* gnu/packages/databases.scm (mongodb): Remove.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes <https://issues.guix.gnu.org/36117>.
Before this change, the 'binfmt_misc' entries registered for QEMU would not be
usable in container contexts outside of guix-daemon (without manually bind
mounting file names).
For example:
$ docker run --rm arm32v7/debian true
standard_init_linux.go:207: exec user process caused "no such file or directory"
After this change, any container can make use of the QEMU binfmt_misc
registrations, as their corresponding QEMU static binaries are fully
pre-loaded by the kernel.
* gnu/services/virtualization.scm (<qemu-platform>): Define using
'define-record-type*'.
[flags]: New field, which defaults to "F" (fix binary).
(%i386, %i486, %alpha, %arm, %armeb, %sparc, %sparc32plus, %ppc, %ppc64)
(%ppc64le, %m68k, %mips, %mipsel, %mipsn32, %mipsn32el, %mips64, %mips64el)
(%riscv32, %riscv64, %sh4, %sh4eb, %s390x, %aarch64, %hppa): Adjust.
(qemu-binfmt-guix-chroot): Remove variable.
(qemu-binfmt-service-type): Remove the qemu-binfmt-guix-chroot extension.
* gnu/services/qemu-binfmt (qemu-platform->binfmt): Use the static output of
QEMU.
* doc/contributing.texi (Submitting Patches): Update doc.
* doc/guix.texi (Virtualization Services): Update doc.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This addresses a potential security issue, where a compromised
service could trick the activation code in changing the permissions,
owner and group of arbitrary files. However, this patch is
currently only a partial fix, due to a TOCTTOU (time-of-check to
time-of-use) race, which can be fixed once guile has bindings
to openat and friends.
Fixes: <https://lists.gnu.org/archive/html/guix-devel/2021-01/msg00388.html>
* gnu/build/activation.scm: new procedure 'mkdir-p/perms'.
* gnu/services/authentication.scm
(%nslcd-activation, nslcd-service-type): use new procedure.
* gnu/services/cups.scm (%cups-activation): likewise.
* gnu/services/dbus.scm (dbus-activation): likewise.
* gnu/services/dns.scm (knot-activation): likewise.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
|
|
|
|
|
|
|
|
| |
The Cuirass configuration has been simplified so that this is no longer
needed.
* gnu/services/cuirass.scm (<build-manifest>, <simple-cuirass-configuration>,
simple-cuirass-configuration->specs): Remove them.
|
|
|
|
|
|
|
| |
Fixes: <https://issues.guix.gnu.org/46683>.
* gnu/services/cuirass.scm (cuirass-activation): Since the PostgreSQL switch,
it is no longer needed to create the database directory.
|
|
|
|
|
|
|
|
|
|
|
| |
* gnu/services/guix.scm (guix-build-coordinator-agent-dynamic-auth-with-file,
guix-build-coordinator-agent-dynamic-auth-with-filen?,
guix-build-coordinator-agent-dynamic-auth-with-file-agent-name,
guix-build-coordinator-agent-dynamic-auth-with-file-token-file): New procedures.
(guix-build-coordinator-agent-shepherd-services): Handle new dynamic auth with
file record.
* doc/guix.texi (Guix Build Coordinator): Document the new dynamic auth with
file record.
|
|
|
|
|
|
| |
* gnu/services/shepherd.scm (assert-valid-graph): Make public.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
|
|
|
|
|
|
|
|
|
|
|
| |
* gnu/services/guix.scm (guix-build-coordinator-agent-dynamic-auth,
guix-build-coordinator-agent-dynamic-auth?,
guix-build-coordinator-agent-dynamic-auth-agent-name,
guix-build-coordinator-agent-dynamic-auth-token): New procedures.
(guix-build-coordinator-agent-shepherd-services): Handle new dynamic auth
record.
* doc/guix.texi (Guix Build Coordinator): Document the new dynamic auth
record.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A new authentication approach has been added to the coordinator, so to better
represent the options, this commit changes the configuration to accept
different records, each for different authentication approaches.
* gnu/services/guix.scm (guix-build-coordinator-agent-configuration-uuid,
guix-build-coordinator-agent-configuration-password,
guix-build-coordinator-agent-configuration-password-file): Removed
procedures.
(guix-build-coordinator-agent-password-auth,
guix-build-coordinator-agent-password-auth?,
guix-build-coordinator-agent-password-auth-uuid,
guix-build-coordinator-agent-password-auth-password,
guix-build-coordinator-agent-password-file-auth,
guix-build-coordinator-agent-password-file-auth?,
guix-build-coordinator-agent-password-file-auth-uuid,
guix-build-coordinator-agent-password-file-auth-password-file): New
procedures.
(guix-build-coordinator-agent-shepherd-services): Adjust to handle the
authentication field and it's possible record values.
* doc/guix.texi (Guix Build Coordinator): Update documentation.
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes <https://bugs.gnu.org/46767>.
Previously /run/booted-system would end up referring to
/var/guix/profiles/system-NNN-link; consequently, the booted system
would not be GC-protected.
* gnu/services/shepherd.scm (shepherd-boot-gexp): Call
'canonicalize-path' instead of 'readlink'.
|
|
|
|
|
|
|
| |
* gnu/services/cuirass.scm (cuirass-shepherd-service): Add "postgres-roles" to
cuirass requirements. Set cuirass-web requirements to cuirass only. Remove
"guix-daemon" and "networking" from cuirass-remote-server requirements as are
already required by cuirass.
|
|
|
|
|
|
|
|
|
|
| |
Make sure that the postgresql-roles script is completed before declaring the
postgresql-roles service as started.
* gnu/services/databases.scm (postgresql-create-roles): Return the command
line instead of a program-file.
(postgresql-role-shepherd-service): Use fork+exec-command to start the role
creation script and wait for its completion before returning.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Instead of returning multiple services in simple-cuirass-services, rely on the
instantiate-missing-services procedure to instantiate postgresql and
postgresql-role-service-type when missing.
Turn simple-cuirass-services procedure into
simple-cuirass-configuration->specs, that takes a simple-cuirass-configuration
record and returns a Cuirass specification.
Suggested-by: Ludovic Courtès <ludo@gnu.org>
* gnu/services/cuirass.scm (%default-cuirass-config): Remove it.
(simple-cuirass-services): Rename it to ...
(simple-cuirass-configuration->specs): ... this procedure.
* gnu/tests/cuirass.scm (cuirass-services): Remove postgresql and
postgresql-role services that are automatically instantiated.
(simple-cuirass-service): New variable.
(%cuirass-simple-test): Adapt it to use simple-cuirass-configuration->specs
instead of simple-cuirass-services.
* doc/guix.texi (Simple Cuirass): Update it.
|
|
|
|
| |
* gnu/services/databases.scm (postgresql-service-type): Define a default value.
|
|
|
|
|
| |
* gnu/services/cuirass.scm (cuirass-service-type): Instantiate postgresql
service when missing.
|
|
|
|
|
|
|
| |
* doc/guix.texi (Networking Services): Document new `control-socket?'
option for `tor-configuration`.
* gnu/services/networking.scm (<tor-configuration>):
(tor-configuration->torrc):
|
|
|
|
|
|
| |
* gnu/services/cuirass.scm (<cuirass-configuration>)[parameters]: New field.
[zabbix-uri]: Remove it.
(cuirass-shepherd-service): Honor it.
|
|
|
|
|
|
|
|
|
|
| |
* gnu/services/cuirass.scm (<build-manifest>,
<simple-cuirass-configuration>): New records.
(build-manifest, build-manifest?, simple-cuirass-configuration,
simple-cuirass-configuration?, simple-cuirass-services): New procedures.
(%default-cuirass-config): New variable.
* gnu/tests/cuirass.scm (%cuirass-simple-test): New variable.
* doc/guix.texi (Continuous Integration): Document it.
|
|
|
|
|
|
| |
* gnu/services/vpn.scm (wireguard-peer, wireguard-configuration): New records.
(wireguard-service-type): New variable.
* doc/guix.texi (VPN Services): Document it.
|
|
|
|
|
|
|
|
|
| |
* gnu/services/web.scm (<agate-configuration>): New record type.
(agate-accounts, agate-shepherd-service): New procedures.
(agate-service-type): New variable.
* doc/guix.texi (Web Services): Document it.
Signed-off-by: Nicolas Goaziou <mail@nicolasgoaziou.fr>
|
|
|
|
|
|
| |
* gnu/services/cuirass.scm (<cuirass-remote-worker-configuration>)[server]:
New field.
(cuirass-remote-worker-shepherd-service): Honor it.
|
|
|
|
|
|
|
|
|
|
|
| |
* gnu/services/file-sharing.scm: New file.
* gnu/local.mk (GNU_SYSTEM_MODULES): Add it.
* po/packages/POTFILES.in: Add it.
* tests/services/file-sharing.scm: New file.
* Makefile.am (SCM_TESTS): Add it.
* doc/guix.texi (File-Sharing Services): New section.
Signed-off-by: 宋文武 <iyzsong@member.fsf.org>
|
|
|
|
|
| |
* gnu/services/xorg.scm (xorg-server-service-type): New service type.
(xorg-server-profile-service): New procedure.
|
|
|
|
|
|
|
|
|
| |
* gnu/services/dns.scm (verify-knot-key-configuration): Fix the
order of memq arguments.
(verify-knot-keystore-configuration): Likewise.
(verify-knot-acl-configuration): Replace fold with every procedure.
Signed-off-by: 宋文武 <iyzsong@member.fsf.org>
|
|
|
|
|
|
|
| |
This is a follow-up of 703e5c92eeb38d86455c2b1cace5cad9fc08b349.
* gnu/services/cuirass.scm (cuirass-shepherd-service): Move "zabbix-uri"
argument to the web process.
|
|
|
|
|
| |
* gnu/services/cuirass.scm (<cuirass-configuration>)[zabbix-uri]: New field.
(cuirass-shepherd-service): Honor it.
|
|
|
|
|
|
|
| |
* gnu/services/linux.scm (kernel-module-loader-shepherd-service):
Remove 'file-systems requirement.
Signed-off-by: Danny Milosavljevic <dannym@scratchpost.org>
|
|
|
|
|
| |
* gnu/services/databases.scm (postgresql-create-roles): Quote the name in
the SQL query so that roles/usernames containing hyphens will work.
|
|
|
|
|
| |
* gnu/services/nfs.scm (rpcbind-service-type): Adjust for the file name change
of the rpcbind command.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* gnu/services/shepherd.scm (<shepherd-configuration>): New record.
(shepherd-boot-gexp, shepherd-root-service-type): Use it.
(scm->go, shepherd-configuration-file): Allow passing custom
shepherd package.
* gnu/system.scm (operating-system-shepherd-service-names): Use the new
record.
* guix/scripts/system.scm (export-shepherd-graph): Adjust accordingly.
* doc/guix.texi (Shepherd Services). Document it.
Co-authored-by: Ludovic Courtès <ludo@gnu.org>
|
|
|
|
|
|
|
| |
* gnu/services/cuirass.scm (cuirass-activation): Create remote-server cache
directory if needed.
Signed-off-by: Mathieu Othacehe <othacehe@gnu.org>
|
|
|
|
|
|
|
|
|
| |
This is a follow-up of 189e62fa69049538884077155cc70cac43260118.
* gnu/services/cuirass.scm (<cuirass-remote-server-configuration>): Fix
syntax.
Signed-off-by: Mathieu Othacehe <othacehe@gnu.org>
|
|
|
|
|
|
|
| |
* gnu/services/cuirass.scm (cuirass-remote-worker-shepherd-service): Add
log-file support.
Signed-off-by: Mathieu Othacehe <othacehe@gnu.org>
|
|
|
|
|
|
|
| |
* gnu/services/cuirass.scm (cuirass-remote-worker-shepherd-service): Fix
workers arguments.
Signed-off-by: Mathieu Othacehe <othacehe@gnu.org>
|
|
|
|
|
|
|
|
| |
* gnu/services/cuirass.scm (<cuirass-remote-worker-configuration>)[systems]:
New field.
(cuirass-remote-worker-shepherd-service): Honor it.
Signed-off-by: Mathieu Othacehe <othacehe@gnu.org>
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* gnu/services/databases.scm (postgresql-role,
postgresql-role?, postgresql-role-name,
postgresql-role-permissions, postgresql-role-create-database?,
postgresql-role-configuration, postgresql-role-configuration?,
postgresql-role-configuration-host, postgresql-role-configuration-roles,
postgresql-role-service-type): New procedures.
* gnu/tests/databases.scm: Test it.
* doc/guix.texi: Document it.
|
|
|
|
| |
* gnu/services/databases.scm: Wrap long lines, no functional change.
|
|
|
|
|
|
|
|
|
|
|
| |
* gnu/services/databases.scm (postgresql-configuration-log-directory): New
procedure.
(<postgresql-configuration>)[log-directory]: New field.
(postgresql-activation): Create the log directory.
(postgresql-shepherd-service): Honor it.
* gnu/tests/databases.scm (%postgresql-log-directory): New variable.
(log-file): New test case.
* doc/guix.texi (Database Services): Document it.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* gnu/services/databases.scm (postgresql-config-file-socket-directory): New
procedure.
(<postgresql-config-file>)[socket-directory]: New field.
(postgresql-config-file-compiler): Honor it.
(postgresql-activation): Create the socket directory if needed.
* doc/guix.texi (Database Services): Document it.
* gnu/tests/guix.scm (%guix-data-service-os): Adapt it.
* gnu/tests/monitoring.scm (%zabbix-os): Ditto.
* gnu/tests/web.scm (patchwork-os): Ditto.
Signed-off-by: Mathieu Othacehe <othacehe@gnu.org>
|
|
|
|
|
|
|
| |
* gnu/services/databases.scm (postgresql-config-file-compiler): Support Guile
datatypes in the "extra-config" field.
* gnu/tests/databases.scm (%postgresql-os): Test it.
* doc/guix.texi (Database Services): Document it.
|
|
|
|
|
|
|
| |
* gnu/services/web.scm (php-fpm-accounts): Ensure `php-fpm` group is not
duplicated.
Signed-off-by: Leo Prikler <leo.prikler@student.tugraz.at>
|
|
|
|
| |
* gnu/services/cups.scm (%cups-accounts): Try to reuse lp from %base-groups.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* gnu/services/networking.scm (openntpd-configuration): Remove
"allow-large-adjustment?" field.
(openntpd-shepherd-service): Remove use of "allow-large-adjustment?"
configuration field and "-s" daemon option.
* tests/networking.scm (%openntpd-conf-sample): Remove
"allow-large-adjustment?" field.
* doc/guix.texi (Networking Services)[openntpd-service-type]: Remove
"allow-large-adjustment?" field from sample configuration.
[openntpd-configuration]: Remove description of "allow-large-adjustment?"
field.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
|
|
|
|
|
|
|
|
|
| |
* gnu/services/virtualization.scm (qemu-binfmt-service-type)[guix-support?]:
Change the default from #f to #t.
* doc/guix.texi (Transparent Emulation with QEMU): Change the default of
‘guix-support?’ from #f to #t. Describe the implication of setting it to #f.
Co-authored-by: Ludovic Courtès <ludo@gnu.org>
|
|
|
|
|
|
|
| |
This is a follow-up to commit 859b362f81598830d7ff276b96a8724aee3c4db7.
* gnu/services/virtualization.scm (hurd-vm-disk-image): Use diks-size from
config to set image's size.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* gnu/services/shepherd.scm (shepherd-service-type): Require a
'description' form.
* gnu/services/base.scm (root-file-system-service-type)
(rngd-service-type, host-name-service-type):
(virtual-terminal-service-type, console-keymap-service-type)
(syslog-service-type, swap-service-type)
(kmscon-service-type): Add description.
* gnu/services/networking.scm (dhcp-client-service-type): Likewise.
* gnu/system/install.scm (cow-store-service-type): Likewise.
* gnu/system/linux-container.scm (dummy-networking-service-type):
Likewise.
* gnu/system/mapped-devices.scm (device-mapping-service-type):
Likewise.
* tests/guix-system.sh: Likewise.
|
|
|
|
|
|
|
| |
* gnu/services/networking.scm (<keepalived-configuration>): New record.
(keepalived-shepherd-service): New procedure.
(keepalived-service-type): New variable.
* doc/guix.texi (Networking Services): Document this.
|