aboutsummaryrefslogtreecommitdiff
path: root/gnu/system.scm
AgeCommit message (Expand)Author
2024-11-11system: hurd: Add swap-services to hurd-default-essential-services....* gnu/services/base.scm (swap-service-type): Do not include 'udev' requirement for the Hurd. Use system* with "swapon", "swapoff" for the Hurd. * gnu/system.scm (hurd-default-essential-services): Add swap-services. * gnu/services/base.scm (swap-service-type): Change-Id: I1d4d445c614921752dc84aa0dd6ff42cdbf62aa8 Janneke Nieuwenhuizen
2024-11-03system: %default-privileged-programs: Set ping capabilities...Ping and ping6 don't need setuid, they can work with cap_net_raw capability only. This means that even if ping or ping6 had a vulnerability that could be used for execution as root, it can't anymore if the program is not setuid. * gnu/system.scm (%default-privileged-programs): Remove ping, ping6 setuid programs, add ping, ping6 programs with cap_net_raw=ep capabilities Change-Id: Ie409b477f548dbff3318eec33d0d2ca16a1b3209 Signed-off-by: Ludovic Courtès <ludo@gnu.org> Rutherther
2024-10-24gnu: system: Privilege programs after creating accounts....Ensure that users and groups are already created when the privileging script runs. The order these scripts appear in the folded activation-service depends on the order these services are instantiated in the operating-system. Fixes <https://issues.guix.gnu.org/73680>. * gnu/system.scm (operating-system-default-essential-services): Move privileged-program-service above account-service. (hurd-default-essential-services): Likewise. * gnu/tests/base.scm (%activation-os): New variable. (run-activation-test): New procedure. (%test-activation): New variable. Change-Id: I59a191c5519475f256e81bdf2dc4cb01b96c31fe Signed-off-by: Ludovic Courtès <ludo@gnu.org> Dariqq
2024-08-11system: Add privileged-programs to <operating-system>....* gnu/system.scm (<operating-system>): Add new privileged-programs field, that defaults to… (%default-privileged-programs): …this new variable, renamed from… (%setuid-programs): …this, which is now defined as the empty list. * doc/guix.texi (Setuid Programs): Rename this… (Privileged Programs): …to this. Adjust all refs. Update all mentions of ‘setuid’ (whether in prose, variable names, or code samples) to use the new ‘privilege[d]’ terminology instead. (operating-system Reference, X Window, Invoking guix system) (Service Reference): Adjust likewise. Tobias Geerinckx-Rice
2024-08-11system: Use privileged-program-service-type by default....* gnu/system.scm (operating-system-default-essential-services) (hurd-default-essential-services): Substitute privileged-program-service-type for setuid-program-service-type. Tobias Geerinckx-Rice
2024-08-11system: Use /run/privileged/bin in search paths....* gnu/system.scm (operating-system-etc-service): Substitute /run/privileged/bin for deprecated /run/setuid-programs. Tobias Geerinckx-Rice
2024-08-11system: Disallow file-like setuid-programs....It has been a warning for well over a year now. Now, with privileged-programs coming, don't let's support nested deprecation hacks. * gnu/system.scm (<operating-system>): Don't ‘sanitize’ the setuid-programs field. (ensure-setuid-program-list): Delete syntax. (%ensure-setuid-program-list): Delete variable. Tobias Geerinckx-Rice
2024-05-15system: Do not delete all nss-certs packages when they are the same object....Calling 'delete' on the list of packages would delete *all* occurrences of a given object, not just the first one. This meant that if the user had something like: (packages (cons nss-certs %base-packages)) In their operating system declaration, no nss-certs would end up in the final list. To guard against this, guard against this by checking that more than one nss-certs package exist even after deduplication. * gnu/system.scm (operating-system-packages): Guard against deleting all nss-certs when a single nss-certs package object is listed multiple times. Fixes: https://issues.guix.gnu.org/70850 Change-Id: Id93be9242e026fd2e96a442941df80b94664ef9a Maxim Cournoyer
2024-04-28system: Fix duplicate nss-certs check....* gnu/system.scm (operating-system-packages): Because packages->manifest allows other formats, don't assume it's a package object in the list. Fixes: https://issues.guix.gnu.org/70624 Change-Id: I91c64ca2c463ef5c35fa23856e4622e364e58988 Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com> nathan
2024-04-26system: Warn when multiple nss-certs packages are used....This can happen due to users providing 'nss-certs' and adding it to the %base-packages, which now include 'nss-certs'. * gnu/system.scm (operating-system-packages): Warn when multiple nss-certs packages are detected; keep only the latest one. Change-Id: I6104f134ea1cc155ae9e8e0ae70bb5a38fc05800 Reported-by: Ian Eure <ian@retrospec.tv> Maxim Cournoyer
2024-04-18system: Add 'nss-certs' to %base-packages-networking....See the discussion at <https://lists.gnu.org/archive/html/guix-devel/2024-04/msg00020.html>. * gnu/system.scm (%base-packages-networking): Add nss-certs. Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com> Modified-by: Maxim Cournoyer <maxim.cournoyer@gmail.com> Change-Id: I24f336e4bb25561d0ec9344a1a4061d2ecc9aed8 Jacob Hrbek
2024-04-17gnu: ath9k-htc-firmware: Split package....* gnu/local.mk (dist_patch_DATA): Remove ath9k-htc-firmware-objcopy.patch. * gnu/packages/firmware.scm (ath9k-htc-firmware): Remove. (ath9k-htc-ar7010-firmware, ath9k-htc-ar9271-firmware): New variables. * gnu/packages/patches/ath9k-htc-firmware-objcopy.patch: Delete file. * gnu/system.scm (%base-firmware): Use new ath9k packages. Change-Id: I86259e398427abd139c1f310a95bb15e2c03cee3 Co-authored-by: Ludovic Courtès <ludo@gnu.org> Jean-Pierre De Jesus DIAZ
2024-03-22system, home: Validate ‘services’ field value....This guides newcomers who might stick a single (service …) form in this field. * gnu/services.scm (validate-service-list): New macro. (%validate-service-list): New procedure. * gnu/system.scm (<operating-system>)[services]: Add ‘sanitize’. * gnu/home.scm (<home-environment>)[services]: Add ‘sanitize’. Change-Id: I9e29bd9a078e87b627ab766fd669ba9de79f8473 Ludovic Courtès
2024-02-19system: Omit “root=” kernel argument when root device is “none”....* gnu/system.scm (bootable-kernel-arguments): Fallback to tmpfs if root is "none". Change-Id: I35a656e71169dc786e5256d98a3c04c65043086d Signed-off-by: Ludovic Courtès <ludo@gnu.org> Nicolas Graves
2024-01-08system: hurd: Use the Shepherd 0.10.x....* gnu/system.scm (hurd-default-essential-services): Remove reference to ‘shepherd-0.8’. * gnu/system/hurd.scm (%base-packages/hurd): Replace ‘shepherd-0.8’ with ‘shepherd-0.10’. Change-Id: I9f1800693cda456286450d3d0bb6f7e3da85d55e Ludovic Courtès
2023-12-25gnu: Adjust to removing ed.scm and nano.scm...This is a follow-up to f6817e71dff7d0d9fdb55db8b85a1d3d04e2bf5a and e11e65a9ad08e18ea2faac3c9f4639a7b189bf76. * gnu/installer.scm, gnu/packages/algebra.scm, gnu/packages/base.scm, gnu/packages/cook.scm, gnu/packages/lisp.scm, gnu/packages/patchutils.scm, gnu/packages/version-control.scm, gnu/packages/web-browsers.scm, gnu/system.scm: Adjust module imports. Change-Id: I25e5519fa003c35a14b81c3dda37b24527858634 Efraim Flashner
2023-07-30system: Fix a blown FUSE....I bungled up a merge conflict between 789f7e9 (gnu: fuse@3: Bind to default FUSE variable.) and my other setuid-related changes. * gnu/system.scm (%setuid-programs): Look for /bin/fusermount in FUSE-2, not 3. Reported by renngar[m] in #guix. Tobias Geerinckx-Rice
2023-07-23gnu: fuse@3: Bind to default FUSE variable....* gnu/packages/linux.scm (fuse): Rename this… (fuse-2): …to this, and… (fuse-3): …rename this… (fuse): …to this! (fuse-static): Rename this… (fuse-2-static): …to this. Adjust all users. Tobias Geerinckx-Rice
2023-07-13system: hurd: Boot with pci.arbiter and rumpdisk....* gnu/system.scm (hurd-multiboot-modules): Add commands for pci.arbiter and rumpdisk. Signed-off-by: Josselin Poiret <dev@jpoiret.xyz> Janneke Nieuwenhuizen
2023-05-10system: Fix reference to Hurd bug in comment....* gnu/system.scm (hurd-multiboot-modules): Fix bug reference in comment. Ludovic Courtès
2023-04-14Merge branch 'master' into core-updates....Conflicts: gnu/local.mk gnu/packages/build-tools.scm gnu/packages/certs.scm gnu/packages/check.scm gnu/packages/compression.scm gnu/packages/cups.scm gnu/packages/fontutils.scm gnu/packages/gnuzilla.scm gnu/packages/guile.scm gnu/packages/ibus.scm gnu/packages/image-processing.scm gnu/packages/linux.scm gnu/packages/music.scm gnu/packages/nss.scm gnu/packages/pdf.scm gnu/packages/python-xyz.scm gnu/packages/qt.scm gnu/packages/ruby.scm gnu/packages/shells.scm gnu/packages/tex.scm gnu/packages/video.scm gnu/packages/vulkan.scm gnu/packages/web.scm gnu/packages/webkit.scm gnu/packages/wm.scm Maxim Cournoyer
2023-03-30system: Remove obsolete GUIX_LOCPATH workaround....* gnu/system.scm (operating-system-environment-variables): Do not set GUIX_LOCPATH. Signed-off-by: Ludovic Courtès <ludo@gnu.org> Bruno Victal
2023-03-20Merge remote-tracking branch 'origin/master' into core-updatesAndreas Enge
2023-03-16services: etc-service: Deprecate etc-service procedure....* gnu/services.scm (etc-service): Deprecate procedure. * gnu/system.scm (operating-system-etc-service): Replace etc-service with etc-service-type. Signed-off-by: Ludovic Courtès <ludo@gnu.org> Bruno Victal
2023-03-13system: Remove redundant gexp-ungexp usage....* gnu/system.scm (os-release): Convert to variable. (operating-system-etc-service): Remove redundant gexp-ungexps. Signed-off-by: Ludovic Courtès <ludo@gnu.org> Bruno Victal
2023-03-13system: Simplify nsswitch binding....* gnu/system.scm (operating-system-etc-service): Simplify nsswitch binding. Signed-off-by: Ludovic Courtès <ludo@gnu.org> Bruno Victal
2023-03-02Merge remote-tracking branch 'savannah/master' into core-updates...Conflicts: gnu/local.mk gnu/packages/autotools.scm gnu/packages/cmake.scm gnu/packages/gnuzilla.scm gnu/packages/haskell.scm gnu/packages/pdf.scm gnu/packages/python-xyz.scm gnu/packages/samba.scm gnu/packages/tex.scm gnu/packages/tls.scm gnu/packages/wxwidgets.scm Christopher Baines
2023-03-03services: base: Deprecate 'host-name-service' procedure....* doc/guix.texi (operating-system Reference): Reorder cross-reference. Add an anchor to be used ... (Base services): ... here by host-name-service-type. Document host-name-service-type. * gnu/services/base.scm: Export host-name-service-type. (host-name-service): Deprecate procedure. * gnu/system.scm (operating-system-default-essential-services): Use host-name-service-type. Signed-off-by: Ludovic Courtès <ludo@gnu.org> Bruno Victal
2023-02-23system: Do not export local-host-entries....Unlike the deprecated 'local-host-aliases', there's no use for local-host-entries since it's used to set the default value for hosts-service-type. Given that this service-type is expected to be extended, one presumes that when they explicitly override the service default value they do not have much interest in the 'local-host-entries' procedure. * gnu/system.scm: Do not export local-host-entries. Signed-off-by: Ludovic Courtès <ludo@gnu.org> Bruno Victal
2023-02-09system: Deprecate hosts-file....* gnu/system.scm (operating-system-hosts-file): Deprecate procedure. (warn-hosts-file-field-deprecation): New procedure, helper for deprecated variable. (operating-system)[hosts-file]: Use helper to warn deprecated field. (local-host-aliases): Mark as deprecated. (local-host-entries): New procedure. (operating-system-default-essential-services, hurd-default-essential-services): Use hosts-service-type. Use '%operating-system-hosts-file' and 'local-host-entries'. (default-/etc/hosts): Remove procedure. (operating-system-etc-service): Remove hosts file. * doc/guix.texi (operating-system Reference) (Networking Services) (Virtualization Services): Rewrite documentation entries to use hosts-service-type. Co-authored-by: Ludovic Courtès <ludo@gnu.org> Bruno Victal
2023-01-30Merge remote-tracking branch 'origin/master' into core-updates... Conflicts: doc/guix.texi gnu/local.mk gnu/packages/admin.scm gnu/packages/base.scm gnu/packages/chromium.scm gnu/packages/compression.scm gnu/packages/databases.scm gnu/packages/diffoscope.scm gnu/packages/freedesktop.scm gnu/packages/gnome.scm gnu/packages/gnupg.scm gnu/packages/guile.scm gnu/packages/inkscape.scm gnu/packages/llvm.scm gnu/packages/openldap.scm gnu/packages/pciutils.scm gnu/packages/ruby.scm gnu/packages/samba.scm gnu/packages/sqlite.scm gnu/packages/statistics.scm gnu/packages/syndication.scm gnu/packages/tex.scm gnu/packages/tls.scm gnu/packages/version-control.scm gnu/packages/xml.scm guix/build-system/copy.scm guix/scripts/home.scm Efraim Flashner
2023-01-05system: Define default 'PS1' in /etc/bashrc rather than ~/.bashrc....Users can override 'PS1' in ~/.bashrc if they wish. Previously, on Guix Home, the "default" 'PS1' would be set in ~/.bashrc when 'home-bash-configuration-guix-defaults?' is true, preventing users from overriding it via the 'environment-variables' field of 'home-bash-extension'. * gnu/system/shadow.scm (%default-bashrc): Remove 'PS1' setting. * gnu/system.scm (operating-system-etc-service): Define PS1 in /etc/bashrc. * gnu/home/services/shells.scm (add-bash-configuration): When 'home-bash-configuration-guix-defaults?' is true, add a default 'PS1' to ~/.bash_profile. Ludovic Courtès
2022-12-05system: Add e2fsprogs to %base-packages-utils....Rationale: Even when not using an ext file system, the utilities provided by e2fsprogs are useful, for example to set the copy-on-write attribute of a Btrfs file system. * gnu/system.scm (%base-packages-utils): Add e2fsprogs. Maxim Cournoyer
2022-12-05system: Rename and move %base-packages-disk-utilities....Rationale: It is only used in INSTALLATION-OS and doesn't make sense to be used in another context, given that file systems now automatically pull their dependencies since commit 45eac6cdf5c8d9d7b0c564b105c790d2d2007799 (services: Add file system utilities to profile). * gnu/system.scm (%base-packages-disk-utilities): Deprecate and rename to... * gnu/system/install.scm (%installer-disk-utilities): ... this. (installation-os) [packages]: Adjust accordingly. Maxim Cournoyer
2022-11-27gnu: shadow: Merge in shadow-with-man-pages....* gnu/packages/admin.scm (shadow)[arguments]: Add phase to install the manpages. Make sure 'remove-groups comes after installing the manpages. [properties]: Remove field. (shadow-with-man-pages): Remove variable. * gnu/system.scm (%base-packages-utils): Replace shadow-with-man-pages with shadow. Efraim Flashner
2022-10-23gnu: Fix typos....* gnu/packages/emacs-xyz.scm (emacs-piem)[description]: Fix use of "This packages". * gnu/packages/tex.scm (texlive-hardwrap)[description]: Fix spelling of "arbitrary". * gnu/packages/cran.scm (r-shinymanager)[description]: Fix spelling of "authentication". * gnu/packages/lisp-xyz.scm (sbcl-utils-kt)[description]: Fix spelling of "developed". * gnu/packages/crates-io.scm (rust-fs-utils-1)[description]: Fix spelling of "filesystem". [synopsis]: Likewise. * gnu/packages/haxe.scm (neko)[description]: Fix spelling of "functions". * gnu/packages/animation.scm (swftools)[description]: Fix needless pluralization of "information". * gnu/packages/lisp-xyz.scm (sbcl-slot-extra-options)[description]: Fix spelling of "inheritance". * gnu/packages/emacs-xyz.scm (emacs-js-comint)[description]: Fix spelling of "interpreter". * gnu/packages/coq.scm (coq-mathcomp-finmap)[description]: Fix spelling of "library". * gnu/services/lightdm.scm (lightdm-configuration): Fix spelling of "mechanism". * gnu/packages/emacs-xyz.scm (emacs-citar-org-roam)[synopsis]: Fix spelling of "package". * gnu/packages/games.scm (freerct)[description]: Fix spelling of "responsibilities". * gnu/packages/statistics.scm (r-mixedpower)[description]: Fix spelling of "separate". * gnu/packages/accessibility.scm (espeakup)[description]: Fix spelling of "speech". * gnu/packages/bioinformatics.scm (r-skitools)[synopsis]: Fix spelling of "utilities". * gnu/packages/golang.scm (go-github-com-savsgio-gotils)[synopsis]: Fix spelling of "utilities". [description]: Likewise. * gnu/system.scm (boot-file-system-service os): Fix spelling of "utilities". Vagrant Cascadian
2022-10-23system: hurd: Boot with the statically-linked 'exec' server....This works around <https://issues.guix.gnu.org/58631>. * gnu/system.scm (hurd-multiboot-modules): Use '/hurd/exec.static' instead of 'ld.so /hurd/exec'. Ludovic Courtès
2022-10-11system: operating-system: Make the timezone field default to Etc/UTC....* gnu/system.scm (<operating-system>) [timezone]: Default to "Etc/UTC". Maxim Cournoyer
2022-09-28services: Add file system utilities to profile....* gnu/services/base.scm (file-system-type->utilities) (file-system-utilities): New procedures. (file-system-service-type): Extend 'profile-service-type' with 'file-system-utilities'. * gnu/system.scm (boot-file-system-service): New procedure. (operating-system-default-essential-services): Use it. (%base-packages): Remove 'e2fsprogs'. Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com> Modified-by: Maxim Cournoyer <maxim.cournoyer@gmail.com> Brice Waegeneire
2022-07-14gnu: system: Add fusermount3 to setuid-programs....Fixes <https://issues.guix.gnu.org/47716>. * gnu/system.scm (%setuid-programs): Add /bin/fusermount3 from the fuse-3 package. Reported-by: raingloom <raingloom@riseup.net> Maxim Cournoyer
2022-06-15system: <operating-system> compiler truly honors the 'system' argument....Fixes <https://issues.guix.gnu.org/55951>. * gnu/system.scm (operating-system-compiler): Parameterize '%current-system' and '%current-target-system' before calling 'operating-system-derivation'. * tests/system.scm ("lower-object, %current-system sensitivity"): New test. Ludovic Courtès
2022-06-06system: Fix typo, add doc....* gnu/system.scm (operating-system-kernel-arguments): Fix typo in doc. (boot-parameters->menu-entry): Add doc. Maxim Cournoyer
2022-05-21system: Improve warning when using LUKS mapped devices without UUIDs....This corrects two problems with the previous mapped devices warning: 1. It wasn't clear how to correct the situation. 2. The output would be repeated multiple times, as many times as the procedure is called during a system reconfigure. * gnu/system.scm (operating-system-bootloader-crypto-devices): Memoize procedure. Include the mapped devices source location information in the warnings. Add a hint to help users fix the warning. Maxim Cournoyer
2022-04-07services: shepherd: Default to version 0.9....* gnu/services/shepherd.scm (scm->go): Define 'shepherd&co' and pass it to 'with-extensions'. (shepherd-configuration-file): Call 'start-in-the-background' when it is defined. (<shepherd-configuration>)[shepherd]: Default to SHEPHERD-0.9. * gnu/system.scm (hurd-default-essential-services): Use SHEPHERD-0.8. Ludovic Courtès
2022-03-21system: Use 'shadow-with-man-pages' in %BASE-PACKAGES-UTILS....* gnu/system.scm (%base-packages-utils): Replace SHADOW with SHADOW-WITH-MAN-PAGES. Ludovic Courtès
2022-03-16system: Improve 'read-boot-parameters' incompatibility diagnostic....Previously, when reading an incompatible "parameters" file, 'guix system' would print a warning and then crash with a wrong-type-arg backtrace because code expects 'read-boot-parameters' to always return a <boot-parameters> record. * gnu/system.scm (read-boot-parameters): Upon incompatibility, raise an error instead of returning #f. Also raise a '&fix-hint' condition. * tests/boot-parameters.scm ("read, construction, mandatory fields"): Define 'test-read-boot-parameters' as a macro; expect 'formatted-message?' exceptions rather than #f returns. Ludovic Courtès
2022-03-07system: Set kernel name for riscv64-linux....* gnu/system.scm (system-linux-image-file-name): Add option for riscv64. Efraim Flashner
2022-03-01initrd: Use non-hyphenated kernel command-line parameter names....This is to make it less surprising, given the common convention sets forth by the kernel Linux command-line parameters. * gnu/build/linux-boot.scm (boot-system): Rename '--load', '--repl', '--root' and '--system' to 'gnu.load', 'gnu.repl', 'root' and 'gnu.system', respectively. Adjust doc. (find-long-option): Adjust doc. * gnu/installer/parted.scm (installer-root-partition-path): Adjust accordingly. * gnu/system.scm (bootable-kernel-arguments): Add a VERSION argument and update doc. Use VERSION to conditionally return old style vs new style initrd arguments. (%boot-parameters-version): Increment to 1. (operating-system-boot-parameters): Adjust doc. (operating-system-boot-parameters-file): Likewise. * gnu/system/linux-initrd.scm (raw-initrd, base-initrd): Likewise. * doc/guix.texi: Adjust doc. * gnu/build/activation.scm (boot-time-system): Adjust accordingly. * gnu/build/hurd-boot.scm (boot-hurd-system): Likewise. * gnu/packages/commencement.scm (%final-inputs-riscv64): Adjust comment. Maxim Cournoyer
2022-03-01system: Streamline operating-system-boot-parameters-file a bit....* gnu/system.scm (operating-system-boot-parameters-file) [SYSTEM-KERNEL-ARGUMENTS?]: Remove unused argument (it had no callers) and adjust doc, moving the self-referential tip to... * gnu/system.scm (operating-system-boot-parameters): ... here, reworded for clarity. Suggested-by: Ludovic Courtès <ludo@gnu.org> Maxim Cournoyer
2022-03-01system: Add a version field to the <boot-parameters> record....This version field exposes the (already present) version information of a boot parameters file. * gnu/system.scm (%boot-parameters-version): New variable. (<boot-parameters>)[version]: New field. (read-boot-parameters): Use it. (operating-system-boot-parameters-file): Likewise. * tests/boot-parameters.scm (test-read-boot-parameters): Use %boot-parameters-version as the default version value in the template. Maxim Cournoyer