aboutsummaryrefslogtreecommitdiff
path: root/gnu
AgeCommit message (Collapse)Author
2024-09-04services: Allow specifying user and group for knot resolver.W. Kosior
Kresd used to start as root and create cache files with root ownership before dropping privileges. This made unprivileged kres-cache-gc (in a separate service) fail when trying to read them. The new default is to start both as `knot-resolver', with configuration fields that allow overriding this default. * gnu/services/dns.scm (<knot-resolver-configuration>)[user]: New field. (<knot-resolver-configuration>)[group]: New field. (knot-resolver-shepherd-services): Pass the user&group from config to forkexec constructors. Change-Id: Id06a8eca140fdca14995a03e910f521d5f4636e5
2024-09-04gnu: Add tmate-ssh-server.W. Kosior
* gnu/packages/ssh.scm (tmate-ssh-server): New variable. Change-Id: Idfc1f1d8835c0681fb957b85a142c0888a15fa04
2024-09-04services: Update cron service to use `privileged-program' API.W. Kosior
Uses of deprecated `setuid-program' get replaced with new `privileged-program'. * gnu/services/mcron.scm (cron-daemon-setuid-programs): Use `privileged-program'. (cron-daemon-service-type): Extend `privileged-program-service-type'. Change-Id: I819bf75a0bb23c9b2e97ebcb144ca8adb81a9dde
2024-09-04gnu: mcron: Add traditional cron service.W. Kosior
TODO: write good changelog entry Change-Id: Ib1e8f1afcbaae302eac51883e3b02a1d2c32a89e
2024-09-04gnu: gmnisrv: Fix config loading.Wojtek Kosior
* gnu/packages/web.scm (gmnisrv)[arguments]<#:phases>: Patch hostname handling in `src/config.c'. Change-Id: Ic79591eb45d63732d0d786a2c9994c60c9b84934
2024-09-04gnu: gmnisrv: Use Gexp.Wojtek Kosior
* gnu/packages/web.scm (gmnisrv)[arguments]: Use G-Expression. Change-Id: Ib8d9379e8b2a3940b8a5297622247a3c7a0454ca
2024-09-04services: Add epicyon-service-type.W. Kosior
* gnu/services/web.scm (define-module): Use `util-linux' from `(gnu packages linux)'. [#:export]: Export new service type as well as configuration constructor, predicate and getters. (<epicyon-configuration>): New variable. (epicyon-activation): New procedure. (%epicyon-passwd): New variable. (%ensure-epicyon-overlay-unmounted): New variable. (epicyon-shepherd-services): New procedure. (epicyon-service-type): New variable. Change-Id: I9e786594b75b588099d3b9f6b0ab5663903c9db4
2024-09-04gnu: Add epicyon.W. Kosior
* gnu/packages/python-web.scm (define-module): Use `(gnu packages imagemagick)' and `(gnu packages/photo)' modules. (epicyon): New variable. Change-Id: I736cb955038659ee7c88fc2f3e1da198e3c9f70f
2024-09-04gnu: Add python-django-timezone-field.W. Kosior
* gnu/packages/django.scm (python-django-timezone-field): New variable. Change-Id: I3f500a7a088f0311df4962391bdc692d710176e4
2024-09-04services: ldap: Increase pid file timeout for 389-ds.Wojtek Kosior
* gnu/services/ldap.scm (directory-server-shepherd-service): Add `#:pid-file-timeout 30`. Change-Id: Ie7b3a7c7347b53d4e3629ef2de53c3a76f6751c0
2024-09-04services: ldap: Fix exported name.Wojtek Kosior
* gnu/services/ldap.scm (use-modules): Export `backend-userroot-configuration' instead of non-existent `backend-configuration'. Change-Id: I07c6d1c777bc42fa4afc3f23dc9d36080beb5bbc
2024-09-04home: services: Add localhost-repo-server.Wojtek Kosior
* gnu/home/services/vcs.scm: New file. * gnu/local.mk (GNU_SYSTEM_MODULES): Record 'home/services/vcs.scm'. Change-Id: I37d3c1dacc26eb31b9b7ec434ed760c7cf84cc32
2024-09-04gnu: Add guile-cantius.Wojtek Kosior
* gnu/packages/guile-xyz.scm (guile-cantius): New variable. Change-Id: Iccc7385ae5c3f762f53705c8ebe876f7ad08da00
2024-09-04gnu: Add guile-de-paul-records.Wojtek Kosior
* gnu/packages/guile-xyz.scm (guile-de-paul-records): New variable. Change-Id: I869c65666f83aedec7a34809b66396798e62e2cf
2024-09-04gnu: Add guile-myra-test-utils.Wojtek Kosior
* gnu/packages/guile-xyz.scm (guile-myra-test-utils): New variable. Change-Id: I20ae86fa5fab953524786bffefa3cac9703128df
2024-09-04gnu: Add lawrence-bolierplate.Wojtek Kosior
* gnu/packages/autotools.scm (lawrence-boilerplate): New variable. Change-Id: Ib29e2ef3165ee151226ac4d4bc41ec5b51df8038
2024-09-04system: Allow adding elsewhere-defined system users to extra groups.Wojtek Kosior
* gnu/system.scm (define-module): Export `operating-system-extra-groups`. (<operating-system>)[extra-groups]: New field. (operating-system-default-essential-services): Also pass extra groups to account-service. (hurd-default-essential-services): Same here. * gnu/system/accounts.scm (define-module): Use (ice-9 vlist), (srfi srfi-8) and (srfi srfi-26). Export `user-extra-groups`* and `merge-extra-groups-data`. (<user-extra-groups>): New record type. (user-account-extend): New procedure. (merge-extra-groups-data): New procedure. * gnu/system/shadow.scm (define-module): Re-export `user-extra-groups`*. (account-service-type)[extend]: Handle <user-extra-groups> records, move field intializer upward to be able to use `compose`. Change-Id: I3f489ac794d342267b7627db1d28315ea4b69db2
2024-09-04services: Add overlayfs-service-type.Wojtek Kosior
The `overlayfs-service-type` allows overlay filesystems to be automatically mounted upon boot and reconfiguration. * gnu/services/overlayfs.scm: New file. * gnu/local.ml (GNU_SYSTEM_MODULES): Add it. Change-Id: I94bb3e3a29648faa354931f3c1cebc5947ab1d5c
2024-09-04services: certbot: Facilitate granting key read access to groups.W. Kosior
* gnu/services/certbot.scm (certificate-configuration)[key-read-group]: New field. (certbot-deploy-hook): Ensure requested group has the right access. (certbot-command): Pass the requested group to `certbot-deploy-hook'. (set-key-access-gexp): New procedure. (generate-certificate-gexp) Ensure the requested group has the right access. Change-Id: Ia46454a7d2b042cfb682d1d8a7e04aebbc9c19da
2024-09-04services: certbot: Allow it to be used without Nginx.Wojtek Kosior
* gnu/services/certbot.scm (define-module)[#:export]: Add `certbot-sans-nginx-service-type'. (certbot-configuration)[service-reload]: Add field. (certbot-configuration)[service-requirement]: Add field. (certbot-deploy-hook): Reload requested services rather than hardcoded Nginx. (certbot-command): Pass services to reload to `certbot-deploy-hook'. (certbot-renewal-one-shot): Pass depended services to Shepherd as configured instead of passing hardcoded Nginx. (certbot-sans-nginx-service-type): New variable. (certbot-service-type): Avoid code duplication by inheriting from the above service type. Change-Id: Ic833f24989bbcdcbbc273f9c8eae4c56992aafa0
2024-09-04services: Add snakeoil-service-type.Wojtek Kosior
The `snakeoil-service-type' generates self-issued certificates for use by various system daemons. * gnu/services/ca.scm: New file. * gnu/local.mk (GNU_SYSTEM_MODULES): Add it. Change-Id: I57bbe51f43958c0f2f437d81645ce44f9a68470b
2024-09-04services: Update Exim service to use `privileged-program' API.W. Kosior
Uses of deprecated `setuid-program' get replaced with new `privileged-program'. * gnu/services/mail.scm (exim-setuids): Call `privileged-program' record constructor macro. (exim-service-type): Extend `privileged-program-service-type' Change-Id: Idb00e45ddcc50a37303dc50fe1feef73a109f219
2024-09-04gnu: exim: Use /etc/exim.conf as the default config file.Wojtek Kosior
* gnu/packages/mail.scm (exim)[arguments]<#:phases>['symlink-config-file]: New phase. Change-Id: I1be49e4a042b42e38ebff8aeff0e9cfc8724456b
2024-09-04services: Support running Exim with setuid/setgid.Wojtek Kosior
In a typical configuration, Exim binary is setuid root and the Exim daemon process listens for connections under a non-root system account (usually `exim`). Upon receiving a message, it forks into a child process which re-executes the binary to regain privileges and deliver the mail to its destination (e.g. a Maildir inside user's home directory). Besides the setuid binary itself, such setup also requires the Exim configuration file to live at the path Exim considers safe. It defaults to /etc/exim.conf and changing it requires rebuilding the Exim daemon. If a configuration at unsafe path is used instead, Exim drops its privileges before reading it and becomes unable to perform certain kinds of email delivery. * gnu/services/mail.scm (<exim-configuration>)[setuid-user]: New field. (<exim-configuration>)[setgid-group]: New field. (exim-computed-config-file): Delete variable. (exim-shepherd-service)[start]: Use Exim's default config at /etc/exim.conf. (exim-activation): Atomically put Exim's current config at /etc/exim.conf and verify its syntactic correctness. (exim-setuids): New variable. (exim-service-type)[extensions]: Extend `setuid-program-service-type`. Change-Id: Ie6153baac80180d3d48f6b5a6959895df06aef0b
2024-09-04gnu: exim: Enable Maildir delivery format.Wojtek Kosior
* gnu/packages/mail.scm (exim)[arguments]<#:phases>['configure]: Set `SUPPORT_MAILDIR` config option to "yes". Change-Id: Ibb2b0bcd5b4a790eedfdc12f794a43625cb88250
2024-09-04gnu: exim: Set `exim` as the default user.Wojtek Kosior
* gnu/packages/mail.scm (exim)[arguments]<#:phases>['configure]: Configure Exim to resolve uid/gid of `exim` in runtime and prevent install script from failing. Change-Id: I2571d6e5a4d4aca534ed6bdfaa3832b1ec69c1d5
2024-09-04services: Allow cgit footer text to be passed as a file-like object.Wojtek Kosior
* gnu/services/cgit.scm (cgit-configuration)[footer]: Specify type as `file-object`. Change-Id: Id5790bbdb5e09204b653bc54e1b9b60afe5a2ee0
2024-09-04services: Export cgit config serialization procedure.Wojtek Kosior
This procedure alone is useful when deploying cgit under HTTP server other than Nginx or when deploying multiple cgit instances on a single host. * gnu/services/cgit.scm (define-module): Export `serialize-cgit-configuration`. Change-Id: Ia21c5debbd54a156df703d84694c945e851cd55c
2024-09-04gnu: pantalaimon: Fix media downloads.Wojtek Kosior
* gnu/packages/matrix.scm (pantalaimon)[arguments]: Patch incorrect function invokation that made downloads of attachments impossible
2024-09-04gnu: dezyne: Resurrect build.Janneke Nieuwenhuizen
This avoids test failures: +guile: warning: failed to install locale * gnu/packages/dezyne.scm (dezyne)[inputs]: Add libc-utf8-locales-for-target. Change-Id: I2da63e128e8f990a409b36ffaa38e56029740292
2024-09-04gnu: glfw-3.4: Fix build.Guillaume Le Vaillant
* gnu/packages/glfw.scm (glfw-3.4)[arguments]: Don't build out of source. Change-Id: I42437c60f7adbc0b087f7149b17181fbc8eab4ce
2024-09-04gnu: runc: Add notes to unbundle vendor.Sharlatan Hellseher
* gnu/packages/virtualization.scm (runc): Source is distributed with "vendor" containing the full dependence tree which makes them invisible for other packages. It needs to be unbundled. Change-Id: Iffef83832988b05d164a5c5f075bc74bec7a13a0
2024-09-04gnu: runc: Update to 1.1.14 [security fixes].Ashish SHUKLA
Fixes CVE-2024-45310. * gnu/packages/virtualization.scm (runc): Update to 1.1.14. Change-Id: Ifa1d296cb447124e51d0741fd030535356529847 Signed-off-by: Sharlatan Hellseher <sharlatanus@gmail.com>
2024-09-04gnu: go-github-com-elliotchance-orderedmap: Remove submodule.Sharlatan Hellseher
* gnu/packages/golang-xyz.scm (go-github-com-elliotchance-orderedmap) [arguments]<#:phases>: Add 'remove-submodule phase to reduce amount of data copied to the store, the submodule "v2" is packed separately as it has it's own go.mod file. (go-github-com-elliotchance-orderedmap-v2)[arguments]<#:phases>: Delete 'remove-submodule phase. Change-Id: Ie68ca24752a612864a4c6ca8537949a922528d82
2024-09-04gnu: go-github-com-elliotchance-orderedmap: Fix tests.Greg Hogan
* gnu/packages/golang-xyz.scm (go-github-com-elliotchance-orderedmap) [arguments]<#:phases>: Replace 'check and only run short tests so as to exclude flaky performance tests. <#:unpack-path>: Set it, to relax modification in any inherited packages. (go-github-com-elliotchance-orderedmap-v2) [arguments]: Swap to "substitute-keyword-arguments" instead of overwriting after inheritance. Change-Id: If9fbc5510643f9d5e3ccff09f71e00a9cdfbe92f Co-authored-by: Sharlatan Hellseher <sharlatanus@gmail.com> Signed-off-by: Sharlatan Hellseher <sharlatanus@gmail.com>
2024-09-03gnu: diffoscope: Update to 277.Vagrant Cascadian
* gnu/packages/diffoscope.scm (diffoscope): Update to 277.
2024-09-03gnu: emacs-minimal: Do not native-compile lisp/transient.el.Simon Tournier
* gnu/packages/emacs.scm (emacs-minimal)[#:phases]: Add ‘disable-native-compilation’ to turn off native-compilation for the file lisp/transient.el. Change-Id: I27c9d660cbad46be66df641816e4596346969dfc Fixes: transient-prefix-object is void <https://issues.guix.gnu.org/72333>. Reported-by: Daniel Szmulewicz <daniel.szmulewicz@gmail.com> Signed-off-by: Liliana Marie Prikler <liliana.prikler@gmail.com>
2024-09-03gnu: geary: Fix tests.Guillaume Le Vaillant
Fixes <https://issues.guix.gnu.org/73007>. * gnu/packages/gnome.scm (geary)[native-inputs]: Add '(libc-utf8-locales-for-target)'. Reported-by: Juliana Sims <juli@incana.org> Change-Id: Ic2e7cb51581c456aa8cce818f67c4c740003cdd1
2024-09-03gnu: fcitx5: Update to 5.1.9.Charles
* gnu/packages/fcitx5.scm (fcitx5): Update to 5.1.9. [source]: Use zst source. [native-inputs]: Add zstd. The additional zstd input is needed because the upstream release compression method has changed. Change-Id: I0e7b230d0c86637be3a6b81202221d68af16934d Signed-off-by: jgart <jgart@dismail.de>
2024-09-03gnu: python-httpx: Fix tests.John Kehayias
* gnu/packages/python-web.scm (python-httpx)[native-inputs]: Add nss-certs-for-test. Change-Id: If8e98564e44a2e5e7bc520c31553aa83bc597946
2024-09-03gnu: icecat: Update to 115.15.0-guix1 [security fixes].Mark H Weaver
Includes fixes for CVE-2024-8381, CVE-2024-8382, CVE-2024-8383, and CVE-2024-8384. * gnu/packages/gnuzilla.scm (%icecat-base-version, %icecat-build-id): Update. (icecat-source): Update gnuzilla commit, base version, and hashes.
2024-09-03gnu: python-geventhttpclient: Fix tests.Guillaume Le Vaillant
Fixes <https://issues.guix.gnu.org/72950>. * gnu/packages/python-web.scm (python-geventhttpclient)[native-inputs]: Add nss-certs-for-test. Reported-by: Dr. Arne Babenhauserheide <arne_bab@web.de> Change-Id: I22d0774a88b91e0d33191c0dea5b1aaafb992301
2024-09-03gnu: python-httpcore: Fix tests.John Kehayias
* gnu/packages/python-web.scm (python-httpcore)[native-inputs]: Add nss-certs-for-test. Change-Id: I1e1b2f067e672278f86389d5f7b686a45715f861
2024-09-03gnu: python-google-auth: Update to 2.34.0.John Kehayias
* gnu/packages/python-web.scm (python-google-auth): Update to 2.34.0. [origin]: Update pypi-uri. Change-Id: I56d88c29645d780c5555d374ca81e5f7834360be
2024-09-03gnu: python-google-auth: Fix tests.John Kehayias
* gnu/packages/python-web.scm (python-google-auth)[native-inputs]: Add nss-certs-for-test. Change-Id: Ia12e98de8c2c8d335b98cef941692611c76ad2fa
2024-09-03gnu: go-github-com-go-git-go-git-fixtures: Disable tests on non 64bit ↵Sharlatan Hellseher
architectures. * gnu/packages/golang.scm (go-github-com-go-git-go-git-fixtures) [arguments]: <#:tests?>: Preserve test only on 64 bit architectures. Change-Id: Iab92ef9541d3cc2195eda784e0b9cf2e7c3597c0
2024-09-03gnu: kubo: Unbandle more inputsSharlatan Hellseher
* gnu/packages/ipfs.scm (kubo): Unbandle more inputs [source]: Delete "vendor/github.com/libp2p/zeroconf", "vendor/github.com/pion", and "vendor/github.com/rs". [inputs]: Add go-github-com-libp2p-zeroconf-v2, go-github-com-pion-webrtc-v3, and go-github-com-rs-cors. Change-Id: I3922b573829329018b83aa639e583573a1af8644
2024-09-03gnu: Add go-github-com-libp2p-zeroconf-v2.Sharlatan Hellseher
* gnu/packages/golang-web.scm (go-github-com-libp2p-zeroconf-v2): New variable. Change-Id: I84c11a1f8257b06dca9aeec8fa8359002f6f64a7
2024-09-03gnu: Add go-github-com-rs-cors.Sharlatan Hellseher
* gnu/packages/golang-web.scm (go-github-com-rs-cors): New variable. Change-Id: I992bfd6b4cd343226899b9488c8b70f13baabbe5
2024-09-03gnu: Add go-github-com-pion-webrtc-v3.Sharlatan Hellseher
* gnu/packages/golang-web.scm (go-github-com-pion-webrtc-v3): New variable. Change-Id: Id5f0894cc8f87f3e84258a17bb8d4657aaf9149b