Wojtek's customized Guix https://git.koszko.org/guix/atom?h=koszko 2025-05-05T12:34:00Z 2025-05-05T12:34:00Z Ludovic Courtès ludo@gnu.org 2025-04-08T12:03:48Z urn:sha1:a57ed987ffd1452ba5a4d70feb54893e99b8e076 This makes it impossible to unmount or remount things from within ‘call-with-container’. * gnu/build/linux-container.scm (initialize-user-namespace): Add #:host-uid and #:host-gid. and honor them. (run-container): Add #:lock-mounts?. Honor it by calling ‘unshare’ followed by ‘initialize-user-namespace’. (call-with-container): Add #:lock-mounts? and pass it down. (container-excursion): Get the user namespace owning the PID namespace and join it, then join the remaining namespaces. * tests/containers.scm ("call-with-container, mnt namespace, locked mounts"): New test. ("container-excursion"): Pass #:lock-mounts? #f. Change-Id: I13be982aef99e68a653d472f0e595c81cfcfa392 2025-05-05T12:34:00Z Ludovic Courtès ludo@gnu.org 2025-04-08T11:50:59Z urn:sha1:e1a0171a56602ecba193975ea2438329abb51c94 * gnu/build/linux-container.scm (run-container): Add #:loopback-network? and honor it via #:populate-file-system. (call-with-container): Add #:loopback-network? and pass it to ‘run-container’. * guix/scripts/environment.scm (launch-environment/container): Remove call to ‘set-network-interface-up’ and remove generation of /etc/hosts. * guix/scripts/home.scm (spawn-home-container): Likewise. Change-Id: I5933a4e8dc6d8e19235a79696b62299d74d1ba21 2025-05-05T12:33:59Z Ludovic Courtès ludo@gnu.org 2025-04-04T14:36:17Z urn:sha1:a391394a22f76e29459132888f9950ad74993c5f Until now, the read-only file system set up by ‘call-with-container’ would always be writable. With this change, it can be made read-only. With this patch, only ‘least-authority-wrapper’ switches to a read-only root file system. * gnu/build/linux-container.scm (remount-read-only): New procedure. (mount-file-systems): Add #:writable-root? and #:populate-file-system and honor them. (run-container): Likewise. (call-with-container): Likewise. * gnu/system/linux-container.scm (container-script): Pass #:writable-root? to ‘call-with-container’. (eval/container): Add #:populate-file-system and #:writable-root? and honor them. * guix/scripts/environment.scm (launch-environment/container): Pass #:writable-root? to ‘call-with-container’. * guix/scripts/home.scm (spawn-home-container): Likewise. * tests/containers.scm ("call-with-container, mnt namespace, read-only root") ("call-with-container, mnt namespace, writable root"): New tests. Change-Id: I603e2fd08851338b737bb16c8af3f765e2538906 2025-04-30T08:14:24Z Maxim Cournoyer maxim.cournoyer@gmail.com 2025-04-30T07:38:15Z urn:sha1:a0941c14ef185d3d177ad132385992c1b7d36818 This should be about twice as fast as the default zlib compressor used for qcow2, and potentially multi-thread aware given some improvements to qemu-img in the future (zstd supports its but it's not currently used by QEMU). * gnu/build/image.scm (convert-disk-image): Specify 'compression_type=zstd' option. Change-Id: Ie9c66f0c13e789ec863c95a5e549f035b6a17bf9 2025-04-30T08:14:24Z Maxim Cournoyer maxim.cournoyer@gmail.com 2025-04-30T07:23:52Z urn:sha1:ca8a0f4d1bca745f34c5b8120b9f346eee79ff14 This doesn't seem to change anything currently (the default is 8). Perhaps useful in the future, for example if the compressor used by qemu-img starts honoring it. * gnu/build/image.scm (convert-disk-image): Specify the '-m' option. Change-Id: Ia288c85af8a0621d61cf6b9f0d3f73f5a3026d66 2025-04-23T10:25:45Z Ludovic Courtès ludo@gnu.org 2025-04-23T08:50:17Z urn:sha1:27e62d4481a02f1016c7a72bedb946d92ceecf49 Fixes <https://issues.guix.gnu.org/77992>. Fixes a bug whereby ‘mkdir-p/perms’ would throw an exception on the Hurd: In gnu/build/activation.scm: 97:20 1 (mkdir-p/perms _ #("ludo" "x" 1000 998 "Ludovic…" …) …) In unknown file: 0 (open "." 7340032 #<undefined>) ERROR: In procedure open: In procedure scm_fdes_to_port: requested file mode not available on fdes This, in turn, would cause ‘user-homes’ to fail to start on the Hurd since commit da741d89310efd0530351670d9c55ec2f952ab98. * gnu/build/activation.scm (mkdir-p/perms): Add O_RDONLY to ‘open-flags’. Reported-by: Yelninei <yelninei@tutamail.com> Change-Id: I74f90599338772ba4341067215b864273aa30b3e 2025-04-14T01:34:52Z Maxim Cournoyer maxim.cournoyer@gmail.com 2025-04-13T15:08:03Z urn:sha1:25f86fdc4fe13cf405c1556db361cc0151ff5da8 Otherwise the code would be evaluated instead of shown. * gnu/build/dbus-service.scm (with-retries): Quote the body data in the error message. Change-Id: I7a06f08327bdc7df70ae56a146855bc32ad3e63e 2025-04-08T06:58:19Z Zheng Junjie z572@z572.online 2025-04-05T15:03:09Z urn:sha1:43d30332bf3b4de0003578a7b5b27472b11183c7 * gnu/build/bootloader.scm (install-efi): Add riscv64 case. Change-Id: I1c6c7949f0057f600817f09b5f52dca0644e3d88 2025-03-26T16:57:44Z Ludovic Courtès ludo@gnu.org 2025-03-17T10:27:52Z urn:sha1:29164192e94e35616a5078c28bf0eb5d5a3ea4b4 Previously this procedure would return #t on non-Linux systems. * gnu/build/linux-container.scm (unprivileged-user-namespace-supported?): When USERNS-FILE doesn’t exist, return (user-namespace-supported?). Reported-by: Reepca Russelstein <reepca@russelstein.xyz> Change-Id: I92050338b8b68bc3bd87100317eba69fcdf14a0a 2025-02-12T15:07:21Z Maxim Cournoyer maxim.cournoyer@gmail.com 2024-11-01T01:56:30Z urn:sha1:5074871043806d747b16c62b081b9db8b813dd7c * gnu/build/marionette.scm (make-marionette): Add 'reconnect=1' socket parameter. * gnu/system/vm.scm (common-qemu-options): Remove '-no-reboot' option. Change-Id: I5e100543ddddba0aea3ebe4e2f5cb8b0261c0d73