Age | Commit message (Collapse) | Author |
|
This addresses a potential security issue, where a compromised
service could trick the activation code in changing the permissions,
owner and group of arbitrary files. However, this patch is
currently only a partial fix, due to a TOCTTOU (time-of-check to
time-of-use) race, which can be fixed once guile has bindings
to openat and friends.
Fixes: <https://lists.gnu.org/archive/html/guix-devel/2021-01/msg00388.html>
* gnu/build/activation.scm: new procedure 'mkdir-p/perms'.
* gnu/services/authentication.scm
(%nslcd-activation, nslcd-service-type): use new procedure.
* gnu/services/cups.scm (%cups-activation): likewise.
* gnu/services/dbus.scm (dbus-activation): likewise.
* gnu/services/dns.scm (knot-activation): likewise.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
|
|
* gnu/services/cups.scm (%cups-accounts): Try to reuse lp from %base-groups.
|
|
* gnu/services/cups.scm (cups-configuration): Add brlaser to the default
extensions.
* doc/guix.texi (Printing Services): Document it.
|
|
* gnu/services/cups.scm (cups-configuration): Add splix to the default extensions.
* doc/guix.texi (Printing Services): Document it.
|
|
‘escpr’ is nice and short, but everyone else calls this package
‘epson-inkjet-printer-escpr’. More importantly, so does upstream.
* gnu/packages/cups.scm (escpr, epson-inkjet-printer-escpr,): Rename
escpr to epson-inkjet-printer-escpr, redefining escpr as
deprecated-package. Adjust all users.
|
|
* gnu/services/cups.scm (cups-configuration): Add some extensions by default.
doc/guix.texi (Printing Services): Document the default value.
|
|
Fixes <https://bugs.gnu.org/41367>.
* gnu/services/cups.scm (%cups-activation): Fix permissions of directory
/var/spool/cups/tmp.
|
|
* gnu/services/cups.scm (error-policy, cups-configuration): Substitute
RETRY-CURRENT-JOB for the obsolete RETRY-THIS-JOB name of this policy.
* doc/guix.texi (Printing Services): Likewise.
|
|
* gnu/services/cups.scm (cups-configuration): Move SET-ENV from here…
(files-configuration): …to here.
* doc/guix.texi (Printing Services): Adjust accordingly.
|
|
* gnu/services/cups.scm (comma-separated-string-list?)
(serialize-comma-separated-string-list): New variables.
(cups-configuration)[browse-dns-sd-sub-types]: New field.
* doc/guix.texi (Printing Services): Document it.
|
|
This follows up on commit f9c1ebdb7daea30ceaf73f43bf15c222dc4a58ad.
* gnu/services/cups.scm (cups-configuration)<ssl-options>:
Update docstring.
|
|
…except for ‘AllowDH’, which makes no sense on GNU TLS systems.
* gnu/services/cups.scm (ssl-options?): Validate ‘DenyCBC’ and
‘DenyTLS1.0’.
* doc/guix.texi (Printing Services): Document them both.
|
|
* gnu/services/cups.scm (%cups-activation): Create /var/cache if it doesn't
exist yet.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
|
|
* gnu/bootloader/extlinux.scm (extlinux-configuration-file): Remove
mentions of "GuixSD".
* gnu/bootloader/grub.scm (install-grub-efi): Likewise.
* gnu/build/vm.scm (make-iso9660-image): Change default #:volume-id to
"Guix_image".
(initialize-hard-disk): Search for the "Guix_image" label.
* gnu/ci.scm (system-test-jobs, tarball-jobs): Remove "GuixSD".
* gnu/installer/newt/welcome.scm (run-welcome-page): Likewise.
* gnu/packages/audio.scm (supercollider)[description]: Likewise.
* gnu/packages/curl.scm (curl): Likewise.
* gnu/packages/emacs.scm (emacs): Likewise.
* gnu/packages/gnome.scm (network-manager): Likewise.
* gnu/packages/julia.scm (julia): Likewise.
* gnu/packages/linux.scm (alsa-plugins): Likewise.
(powertop, wireless-regdb): Likewise.
* gnu/packages/package-management.scm (guix): Likewise.
* gnu/packages/polkit.scm (polkit): Likewise.
* gnu/packages/tex.scm (texlive-bin): Likewise.
* gnu/services/base.scm (file-systems->fstab): Likewise.
* gnu/services/cups.scm (%cups-activation): Likewise.
* gnu/services/mail.scm (%dovecot-activation): Likewise.
* gnu/services/messaging.scm (prosody-configuration)[log]: Likewise.
* gnu/system/examples/vm-image.tmpl (vm-image-motd): Likewise.
* gnu/system/install.scm (installation-os)[file-systems]: Change root
file system label to "Guix_image".
* gnu/system/mapped-devices.scm (check-device-initrd-modules):
Remove "GuixSD".
* gnu/system/vm.scm (system-docker-image): Likewise.
(system-disk-image)[root-label]: Change to "Guix_image".
* gnu/tests/install.scm (run-install): Remove "GuixSD".
* guix/modules.scm (guix-module-name?): Likewise.
* nix/libstore/optimise-store.cc: Likewise.
|
|
* gnu/services/cups.scm (cups-service-type): Add description.
|
|
* gnu/services/admin.scm (rottlog-service-type)[default-value]: New
field.
* gnu/services/base.scm (guix-service-type)[default-value]: New field.
(guix-publish-service-type)[default-value]: New field.
* gnu/services/cups.scm (cups-service-type)[default-value]: New field.
* gnu/services/dict.scm (dicod-service-type)[default-value]: New field.
* gnu/services/mcron.scm (mcron-service-type)[default-value]: New field.
* gnu/services/networking.scm (<tor-configuration>)[config-file]: Add
default value.
(tor-service-type)[default-value]: New field.
(<bitlbee-configuration>)[interface, port, extra-settings]: Add default
values.
(bitlbee-service-type)[default-value]: New field.
(wpa-supplicant-service-type)[default-value]: New field.
(tlp-service-type)[default-value]: New field.
(openssh-service-type)[default-value]: New field.
* doc/guix.texi (Base Services, Log Rotation)
(Networking Services, Printing Services):
(Power management Services): Adjust examples accordingly.
|
|
* gnu/services/configuration.scm (serialize-field, serialize-string)
(serialize-space-separated-string-list, space-separated-string-list?)
(serialize-file-name, file-name?, serialize-boolean): Move these functions...
* gnu/services/cups.scm: ...to this file.
* gnu/services/kerberos.scm: ...to this file.
Configuration syntaxes are very specific to services. Some services may have
the same configuration syntax, but none of them is common enough to be
abstracted in configuration.scm.
Signed-off-by: Clément Lassieur <clement@lassieur.org>
|
|
* gnu/services/cups.scm (%cups-activation): Import (guix build utils).
* gnu/services/mail.scm (opensmtpd-activation): Idem.
* gnu/services/networking.scm (ntp-service-activation): Idem.
* gnu/services/spice.scm (spice-vdagent-activation): Idem.
* gnu/services/ssh.scm (openssh-activation): Idem.
(dropbear-activation): Idem.
* gnu/services/vpn.scm (%openvpn-activation): Idem.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
|
|
* gnu/services/cups.scm (union-directory): Use "stat" when calling
"find-files" to follow symlinks.
|
|
* gnu/services/mail.scm and gnu/services/cups.scm (&configuration-error)
(configuration-error, configuration-field-error)
(configuration-missing-field, configuration-field, serialize-configuration)
(validate-configuration, define-configuration, uglify-field-name)
(serialize-field, serialize-package, serialize-string)
(serialize-space-separated-string-list, space-separated-string-list?)
(serialize-file-name, file-name?, serialize-field-name)
(generate-documentation): Move duplicate code...
* gnu/services/configuration.scm: ...to this new file.
* gnu/local.mk (GNU_SYSTEM_MODULES): Add configuration.scm.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
|
|
* gnu/services/cups.scm: New file.
* gnu/local.mk (GNU_SYSTEM_MODULES): Add gnu/services/cups.scm.
* doc/guix.texi (Printing Services): New section.
|