me='robots' content='noindex, nofollow'/>
<link rel='stylesheet' type='text/css' href='/cgit-static/cgit.css'/>
<link rel='stylesheet' type='text/css' href='/cgit-static/better-cgit-markdown-heading-color.css'/>
<link rel='shortcut icon' href='/cgit-static/favicon.ico'/>
<link rel='alternate' title='Atom feed' href='https://git.koszko.org/guix/atom/gnu/system.scm?h=koszko' type='application/atom+xml'/>
</head>
<body>
<div id='cgit'><table id='header'>
<tr>
<td class='logo' rowspan='2'><a href='/'><img src='https://git.koszko.org/cgit-static/cgit.png' alt='cgit logo'/></a></td>
<td class='main'><a href='/'>index</a> : <a href='/guix/'>guix</a></td><td class='form'><form method='get'>
<input type='hidden' name='id' value='7d199bdc2bcd429b25378478be00c470501f8c3b'/><select name='h' onchange='this.form.submit();'>
<option value='koszko' selected='selected'>koszko</option>
<option value='koszko-scripts'>koszko-scripts</option>
</select> <input type='submit' value='switch'/></form></td></tr>
<tr><td class='sub'>Wojtek's customized Guix</td><td class='sub right'></td></tr></table>
<table class='tabs'><tr><td>
<a href='/guix/about/'>about</a><a href='/guix/'>summary</a><a href='/guix/refs/?id=7d199bdc2bcd429b25378478be00c470501f8c3b'>refs</a><a class='active' href='/guix/log/gnu/system.scm'>log</a><a href='/guix/tree/gnu/system.scm?id=7d199bdc2bcd429b25378478be00c470501f8c3b'>tree</a><a href='/guix/commit/gnu/system.scm?id=7d199bdc2bcd429b25378478be00c470501f8c3b'>commit</a><a href='/guix/diff/gnu/system.scm?id=7d199bdc2bcd429b25378478be00c470501f8c3b'>diff</a></td><td class='form'><form class='right' method='get' action='/guix/log/gnu/system.scm'>
<input type='hidden' name='id' value='7d199bdc2bcd429b25378478be00c470501f8c3b'/><select name='qt'>
<option value='grep'>log msg</option>
<option value='author'>author</option>
<option value='committer'>committer</option>
<option value='range'>range</option>
</select>
<input class='txt' type='search' size='10' name='q' value=''/>
<input type='submit' value='search'/>
</form>
</td></tr></table>
<div class='path'>path: <a href='/guix/log/?id=7d199bdc2bcd429b25378478be00c470501f8c3b'>root</a>/<a href='/guix/log/gnu?id=7d199bdc2bcd429b25378478be00c470501f8c3b'>gnu</a>/<a href='/guix/log/gnu/system.scm?id=7d199bdc2bcd429b25378478be00c470501f8c3b'>system.scm</a></div><div class='content'><table class='list nowrap'><tr class='nohover'><th class='left'>Age</th><th class='left'>Commit message (<a href='/guix/log/gnu/system.scm?id=7d199bdc2bcd429b25378478be00c470501f8c3b&amp;showmsg=1'>Expand</a>)</th><th class='left'>Author</th></tr>
<tr><td><span title='2024-12-03 08:33:12 +0100'>2024-12-03</span></td><td><a href='/guix/commit/gnu/system.scm?id=ae2213ed989051a680cf76582b758fd748838688'>gnu: hurd: Update to 0.9.git20240714.</a><span class='msg-avail'>...<span class='msg-tooltip'>* gnu/packages/hurd.scm (hurd-headers): Update to 0.9.git20240714.
(hurd)[arguments]: Remove rumpdisk build hack from "prepare-addons" stage.
Instead, when cross-compiling, add stage "fixup-cross-configure" to enable
rumpdisk.
* gnu/system.scm (hurd-multiboot-modules): Remove
"--x-xattr-translator-records" option that has been removed and is now the
default.

Change-Id: I4609b5a959c1ece98e2fe1aedbb1d31d6edadcca
</span></span></td><td>Janneke Nieuwenhuizen</td></tr>
<tr><td><span title='2024-11-11 07:28:33 +0100'>2024-11-11</span></td><td><a href='/guix/commit/gnu/system.scm?id=a16c94446e81c65715825853b19e9dccf39225dc'>system: hurd: Add swap-services to hurd-default-essential-services.</a><span class='msg-avail'>...<span class='msg-tooltip'>* gnu/services/base.scm (swap-service-type): Do not include 'udev' requirement
for the Hurd.  Use system* with "swapon", "swapoff" for the Hurd.
* gnu/system.scm (hurd-default-essential-services): Add swap-services.
* gnu/services/base.scm (swap-service-type):

Change-Id: I1d4d445c614921752dc84aa0dd6ff42cdbf62aa8
</span></span></td><td>Janneke Nieuwenhuizen</td></tr>
<tr><td><span title='2024-11-03 22:54:00 +0100'>2024-11-03</span></td><td><a href='/guix/commit/gnu/system.scm?id=e5d64e87d4759d62c035dad203e9975de3b621a6'>system: %default-privileged-programs: Set ping capabilities</a><span class='msg-avail'>...<span class='msg-tooltip'>Ping and ping6 don't need setuid, they can work with
cap_net_raw capability only. This means that even if
ping or ping6 had a vulnerability that could be
used for execution as root, it can't anymore if
the program is not setuid.

* gnu/system.scm (%default-privileged-programs): Remove ping, ping6 setuid
programs, add ping, ping6 programs with cap_net_raw=ep capabilities

Change-Id: Ie409b477f548dbff3318eec33d0d2ca16a1b3209
Signed-off-by: Ludovic Courtès &lt;ludo@gnu.org&gt;
</span></span></td><td>Rutherther</td></tr>
<tr><td><span title='2024-10-24 14:50:09 +0200'>2024-10-24</span></td><td><a href='/guix/commit/gnu/system.scm?id=cc67a0b71d4a7d98a3732c3edf2eb340c2799697'>gnu: system: Privilege programs after creating accounts.</a><span class='msg-avail'>...<span class='msg-tooltip'>Ensure that users and groups are already created when the privileging script
runs. The order these scripts appear in the folded activation-service depends
on the order these services are instantiated in the operating-system.

Fixes &lt;https://issues.guix.gnu.org/73680&gt;.

* gnu/system.scm (operating-system-default-essential-services): Move
privileged-program-service above account-service.
(hurd-default-essential-services): Likewise.
* gnu/tests/base.scm (%activation-os): New variable.
(run-activation-test): New procedure.
(%test-activation): New variable.

Change-Id: I59a191c5519475f256e81bdf2dc4cb01b96c31fe
Signed-off-by: Ludovic Courtès &lt;ludo@gnu.org&gt;
</span></span></td><td>Dariqq</td></tr>