Age | Commit message (Collapse) | Author |
|
Kresd used to start as root and create cache files with root ownership before
dropping privileges. This made unprivileged kres-cache-gc (in a separate
service) fail when trying to read them. The new default is to start both as
`knot-resolver', with configuration fields that allow overriding this default.
* gnu/services/dns.scm (<knot-resolver-configuration>)[user]: New field.
(<knot-resolver-configuration>)[group]: New field.
(knot-resolver-shepherd-services): Pass the user&group from config to forkexec
constructors.
Change-Id: Id06a8eca140fdca14995a03e910f521d5f4636e5
|
|
* gnu/packages/ssh.scm (tmate-ssh-server): New variable.
Change-Id: Idfc1f1d8835c0681fb957b85a142c0888a15fa04
|
|
Uses of deprecated `setuid-program' get replaced with new
`privileged-program'.
* gnu/services/mcron.scm (cron-daemon-setuid-programs): Use
`privileged-program'.
(cron-daemon-service-type): Extend `privileged-program-service-type'.
Change-Id: I819bf75a0bb23c9b2e97ebcb144ca8adb81a9dde
|
|
TODO: write good changelog entry
Change-Id: Ib1e8f1afcbaae302eac51883e3b02a1d2c32a89e
|
|
* gnu/packages/web.scm (gmnisrv)[arguments]<#:phases>: Patch hostname handling
in `src/config.c'.
Change-Id: Ic79591eb45d63732d0d786a2c9994c60c9b84934
|
|
* gnu/packages/web.scm (gmnisrv)[arguments]: Use G-Expression.
Change-Id: Ib8d9379e8b2a3940b8a5297622247a3c7a0454ca
|
|
* gnu/services/web.scm (define-module): Use `util-linux' from `(gnu packages
linux)'.
[#:export]: Export new service type as well as configuration constructor,
predicate and getters.
(<epicyon-configuration>): New variable.
(epicyon-activation): New procedure.
(%epicyon-passwd): New variable.
(%ensure-epicyon-overlay-unmounted): New variable.
(epicyon-shepherd-services): New procedure.
(epicyon-service-type): New variable.
Change-Id: I9e786594b75b588099d3b9f6b0ab5663903c9db4
|
|
* gnu/packages/python-web.scm (define-module): Use `(gnu packages
imagemagick)' and `(gnu packages/photo)' modules.
(epicyon): New variable.
Change-Id: I736cb955038659ee7c88fc2f3e1da198e3c9f70f
|
|
* gnu/packages/django.scm (python-django-timezone-field): New variable.
Change-Id: I3f500a7a088f0311df4962391bdc692d710176e4
|
|
* gnu/services/ldap.scm (directory-server-shepherd-service): Add
`#:pid-file-timeout 30`.
Change-Id: Ie7b3a7c7347b53d4e3629ef2de53c3a76f6751c0
|
|
* gnu/services/ldap.scm (use-modules): Export `backend-userroot-configuration'
instead of non-existent `backend-configuration'.
Change-Id: I07c6d1c777bc42fa4afc3f23dc9d36080beb5bbc
|
|
* gnu/home/services/vcs.scm: New file.
* gnu/local.mk (GNU_SYSTEM_MODULES): Record 'home/services/vcs.scm'.
Change-Id: I37d3c1dacc26eb31b9b7ec434ed760c7cf84cc32
|
|
* gnu/packages/guile-xyz.scm (guile-cantius): New variable.
Change-Id: Iccc7385ae5c3f762f53705c8ebe876f7ad08da00
|
|
* gnu/packages/guile-xyz.scm (guile-de-paul-records): New variable.
Change-Id: I869c65666f83aedec7a34809b66396798e62e2cf
|
|
* gnu/packages/guile-xyz.scm (guile-myra-test-utils): New variable.
Change-Id: I20ae86fa5fab953524786bffefa3cac9703128df
|
|
* gnu/packages/autotools.scm (lawrence-boilerplate): New variable.
Change-Id: Ib29e2ef3165ee151226ac4d4bc41ec5b51df8038
|
|
* gnu/system.scm (define-module): Export `operating-system-extra-groups`.
(<operating-system>)[extra-groups]: New field.
(operating-system-default-essential-services): Also pass extra groups to
account-service.
(hurd-default-essential-services): Same here.
* gnu/system/accounts.scm (define-module): Use (ice-9 vlist), (srfi srfi-8)
and (srfi srfi-26). Export `user-extra-groups`* and `merge-extra-groups-data`.
(<user-extra-groups>): New record type.
(user-account-extend): New procedure.
(merge-extra-groups-data): New procedure.
* gnu/system/shadow.scm (define-module): Re-export `user-extra-groups`*.
(account-service-type)[extend]: Handle <user-extra-groups> records, move field
intializer upward to be able to use `compose`.
Change-Id: I3f489ac794d342267b7627db1d28315ea4b69db2
|
|
The `overlayfs-service-type` allows overlay filesystems to be automatically
mounted upon boot and reconfiguration.
* gnu/services/overlayfs.scm: New file.
* gnu/local.ml (GNU_SYSTEM_MODULES): Add it.
Change-Id: I94bb3e3a29648faa354931f3c1cebc5947ab1d5c
|
|
* gnu/services/certbot.scm (certificate-configuration)[key-read-group]: New
field.
(certbot-deploy-hook): Ensure requested group has the right access.
(certbot-command): Pass the requested group to `certbot-deploy-hook'.
(set-key-access-gexp): New procedure.
(generate-certificate-gexp) Ensure the requested group has the right access.
Change-Id: Ia46454a7d2b042cfb682d1d8a7e04aebbc9c19da
|
|
* gnu/services/certbot.scm (define-module)[#:export]: Add
`certbot-sans-nginx-service-type'.
(certbot-configuration)[service-reload]: Add field.
(certbot-configuration)[service-requirement]: Add field.
(certbot-deploy-hook): Reload requested services rather than hardcoded Nginx.
(certbot-command): Pass services to reload to `certbot-deploy-hook'.
(certbot-renewal-one-shot): Pass depended services to Shepherd as configured
instead of passing hardcoded Nginx.
(certbot-sans-nginx-service-type): New variable.
(certbot-service-type): Avoid code duplication by inheriting from the above
service type.
Change-Id: Ic833f24989bbcdcbbc273f9c8eae4c56992aafa0
|
|
The `snakeoil-service-type' generates self-issued certificates for use by
various system daemons.
* gnu/services/ca.scm: New file.
* gnu/local.mk (GNU_SYSTEM_MODULES): Add it.
Change-Id: I57bbe51f43958c0f2f437d81645ce44f9a68470b
|
|
Uses of deprecated `setuid-program' get replaced with new
`privileged-program'.
* gnu/services/mail.scm (exim-setuids): Call `privileged-program' record
constructor macro.
(exim-service-type): Extend `privileged-program-service-type'
Change-Id: Idb00e45ddcc50a37303dc50fe1feef73a109f219
|
|
* gnu/packages/mail.scm (exim)[arguments]<#:phases>['symlink-config-file]: New
phase.
Change-Id: I1be49e4a042b42e38ebff8aeff0e9cfc8724456b
|
|
In a typical configuration, Exim binary is setuid root and the Exim daemon
process listens for connections under a non-root system account (usually
`exim`). Upon receiving a message, it forks into a child process which
re-executes the binary to regain privileges and deliver the mail to its
destination (e.g. a Maildir inside user's home directory).
Besides the setuid binary itself, such setup also requires the Exim
configuration file to live at the path Exim considers safe. It defaults to
/etc/exim.conf and changing it requires rebuilding the Exim daemon. If a
configuration at unsafe path is used instead, Exim drops its privileges before
reading it and becomes unable to perform certain kinds of email delivery.
* gnu/services/mail.scm (<exim-configuration>)[setuid-user]: New field.
(<exim-configuration>)[setgid-group]: New field.
(exim-computed-config-file): Delete variable.
(exim-shepherd-service)[start]: Use Exim's default config at /etc/exim.conf.
(exim-activation): Atomically put Exim's current config at /etc/exim.conf and
verify its syntactic correctness.
(exim-setuids): New variable.
(exim-service-type)[extensions]: Extend `setuid-program-service-type`.
Change-Id: Ie6153baac80180d3d48f6b5a6959895df06aef0b
|
|
* gnu/packages/mail.scm (exim)[arguments]<#:phases>['configure]: Set
`SUPPORT_MAILDIR` config option to "yes".
Change-Id: Ibb2b0bcd5b4a790eedfdc12f794a43625cb88250
|
|
* gnu/packages/mail.scm (exim)[arguments]<#:phases>['configure]: Configure
Exim to resolve uid/gid of `exim` in runtime and prevent install script from
failing.
Change-Id: I2571d6e5a4d4aca534ed6bdfaa3832b1ec69c1d5
|
|
* gnu/services/cgit.scm (cgit-configuration)[footer]: Specify type as
`file-object`.
Change-Id: Id5790bbdb5e09204b653bc54e1b9b60afe5a2ee0
|
|
This procedure alone is useful when deploying cgit under HTTP server other
than Nginx or when deploying multiple cgit instances on a single host.
* gnu/services/cgit.scm (define-module): Export
`serialize-cgit-configuration`.
Change-Id: Ia21c5debbd54a156df703d84694c945e851cd55c
|
|
* gnu/packages/matrix.scm (pantalaimon)[arguments]: Patch incorrect function
invokation that made downloads of attachments impossible
|
|
This avoids test failures:
+guile: warning: failed to install locale
* gnu/packages/dezyne.scm (dezyne)[inputs]: Add libc-utf8-locales-for-target.
Change-Id: I2da63e128e8f990a409b36ffaa38e56029740292
|
|
* gnu/packages/glfw.scm (glfw-3.4)[arguments]: Don't build out of source.
Change-Id: I42437c60f7adbc0b087f7149b17181fbc8eab4ce
|
|
* gnu/packages/virtualization.scm (runc): Source is distributed with
"vendor" containing the full dependence tree which makes them invisible
for other packages. It needs to be unbundled.
Change-Id: Iffef83832988b05d164a5c5f075bc74bec7a13a0
|
|
Fixes CVE-2024-45310.
* gnu/packages/virtualization.scm (runc): Update to 1.1.14.
Change-Id: Ifa1d296cb447124e51d0741fd030535356529847
Signed-off-by: Sharlatan Hellseher <sharlatanus@gmail.com>
|
|
* gnu/packages/golang-xyz.scm (go-github-com-elliotchance-orderedmap)
[arguments]<#:phases>: Add 'remove-submodule phase to reduce amount of data
copied to the store, the submodule "v2" is packed separately as it has
it's own go.mod file.
(go-github-com-elliotchance-orderedmap-v2)[arguments]<#:phases>: Delete
'remove-submodule phase.
Change-Id: Ie68ca24752a612864a4c6ca8537949a922528d82
|
|
* gnu/packages/golang-xyz.scm (go-github-com-elliotchance-orderedmap)
[arguments]<#:phases>: Replace 'check and only run short tests so as to
exclude flaky performance tests.
<#:unpack-path>: Set it, to relax modification in any inherited
packages.
(go-github-com-elliotchance-orderedmap-v2) [arguments]: Swap to
"substitute-keyword-arguments" instead of overwriting after inheritance.
Change-Id: If9fbc5510643f9d5e3ccff09f71e00a9cdfbe92f
Co-authored-by: Sharlatan Hellseher <sharlatanus@gmail.com>
Signed-off-by: Sharlatan Hellseher <sharlatanus@gmail.com>
|
|
* gnu/packages/diffoscope.scm (diffoscope): Update to 277.
|
|
* gnu/packages/emacs.scm (emacs-minimal)[#:phases]: Add
‘disable-native-compilation’ to turn off native-compilation
for the file lisp/transient.el.
Change-Id: I27c9d660cbad46be66df641816e4596346969dfc
Fixes: transient-prefix-object is void <https://issues.guix.gnu.org/72333>.
Reported-by: Daniel Szmulewicz <daniel.szmulewicz@gmail.com>
Signed-off-by: Liliana Marie Prikler <liliana.prikler@gmail.com>
|
|
Fixes <https://issues.guix.gnu.org/73007>.
* gnu/packages/gnome.scm (geary)[native-inputs]: Add
'(libc-utf8-locales-for-target)'.
Reported-by: Juliana Sims <juli@incana.org>
Change-Id: Ic2e7cb51581c456aa8cce818f67c4c740003cdd1
|
|
* gnu/packages/fcitx5.scm (fcitx5): Update to 5.1.9.
[source]: Use zst source.
[native-inputs]: Add zstd.
The additional zstd input is needed because the upstream release compression
method has changed.
Change-Id: I0e7b230d0c86637be3a6b81202221d68af16934d
Signed-off-by: jgart <jgart@dismail.de>
|
|
* gnu/packages/python-web.scm (python-httpx)[native-inputs]: Add
nss-certs-for-test.
Change-Id: If8e98564e44a2e5e7bc520c31553aa83bc597946
|
|
Includes fixes for CVE-2024-8381, CVE-2024-8382, CVE-2024-8383, and
CVE-2024-8384.
* gnu/packages/gnuzilla.scm (%icecat-base-version, %icecat-build-id): Update.
(icecat-source): Update gnuzilla commit, base version, and hashes.
|
|
Fixes <https://issues.guix.gnu.org/72950>.
* gnu/packages/python-web.scm (python-geventhttpclient)[native-inputs]: Add
nss-certs-for-test.
Reported-by: Dr. Arne Babenhauserheide <arne_bab@web.de>
Change-Id: I22d0774a88b91e0d33191c0dea5b1aaafb992301
|
|
* gnu/packages/python-web.scm (python-httpcore)[native-inputs]: Add
nss-certs-for-test.
Change-Id: I1e1b2f067e672278f86389d5f7b686a45715f861
|
|
* gnu/packages/python-web.scm (python-google-auth): Update to 2.34.0.
[origin]: Update pypi-uri.
Change-Id: I56d88c29645d780c5555d374ca81e5f7834360be
|
|
* gnu/packages/python-web.scm (python-google-auth)[native-inputs]: Add
nss-certs-for-test.
Change-Id: Ia12e98de8c2c8d335b98cef941692611c76ad2fa
|
|
architectures.
* gnu/packages/golang.scm (go-github-com-go-git-go-git-fixtures)
[arguments]: <#:tests?>: Preserve test only on 64 bit architectures.
Change-Id: Iab92ef9541d3cc2195eda784e0b9cf2e7c3597c0
|
|
* gnu/packages/ipfs.scm (kubo): Unbandle more inputs
[source]: Delete "vendor/github.com/libp2p/zeroconf",
"vendor/github.com/pion", and "vendor/github.com/rs".
[inputs]: Add go-github-com-libp2p-zeroconf-v2,
go-github-com-pion-webrtc-v3, and go-github-com-rs-cors.
Change-Id: I3922b573829329018b83aa639e583573a1af8644
|
|
* gnu/packages/golang-web.scm (go-github-com-libp2p-zeroconf-v2): New variable.
Change-Id: I84c11a1f8257b06dca9aeec8fa8359002f6f64a7
|
|
* gnu/packages/golang-web.scm (go-github-com-rs-cors): New variable.
Change-Id: I992bfd6b4cd343226899b9488c8b70f13baabbe5
|
|
* gnu/packages/golang-web.scm (go-github-com-pion-webrtc-v3): New variable.
Change-Id: Id5f0894cc8f87f3e84258a17bb8d4657aaf9149b
|