| Age | Commit message (Expand) | Author |
|---|
| 2024-12-03 | gnu: hurd: Update to 0.9.git20240714....* gnu/packages/hurd.scm (hurd-headers): Update to 0.9.git20240714.
(hurd)[arguments]: Remove rumpdisk build hack from "prepare-addons" stage.
Instead, when cross-compiling, add stage "fixup-cross-configure" to enable
rumpdisk.
* gnu/system.scm (hurd-multiboot-modules): Remove
"--x-xattr-translator-records" option that has been removed and is now the
default.
Change-Id: I4609b5a959c1ece98e2fe1aedbb1d31d6edadcca
| Janneke Nieuwenhuizen |
| 2024-11-11 | system: hurd: Add swap-services to hurd-default-essential-services....* gnu/services/base.scm (swap-service-type): Do not include 'udev' requirement
for the Hurd. Use system* with "swapon", "swapoff" for the Hurd.
* gnu/system.scm (hurd-default-essential-services): Add swap-services.
* gnu/services/base.scm (swap-service-type):
Change-Id: I1d4d445c614921752dc84aa0dd6ff42cdbf62aa8
| Janneke Nieuwenhuizen |
| 2024-11-03 | system: %default-privileged-programs: Set ping capabilities...Ping and ping6 don't need setuid, they can work with
cap_net_raw capability only. This means that even if
ping or ping6 had a vulnerability that could be
used for execution as root, it can't anymore if
the program is not setuid.
* gnu/system.scm (%default-privileged-programs): Remove ping, ping6 setuid
programs, add ping, ping6 programs with cap_net_raw=ep capabilities
Change-Id: Ie409b477f548dbff3318eec33d0d2ca16a1b3209
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
| Rutherther |
| 2024-10-24 | gnu: system: Privilege programs after creating accounts....Ensure that users and groups are already created when the privileging script
runs. The order these scripts appear in the folded activation-service depends
on the order these services are instantiated in the operating-system.
Fixes <https://issues.guix.gnu.org/73680>.
* gnu/system.scm (operating-system-default-essential-services): Move
privileged-program-service above account-service.
(hurd-default-essential-services): Likewise.
* gnu/tests/base.scm (%activation-os): New variable.
(run-activation-test): New procedure.
(%test-activation): New variable.
Change-Id: I59a191c5519475f256e81bdf2dc4cb01b96c31fe
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
| Dariqq |
| 2024-08-11 | system: Add privileged-programs to <operating-system>....* gnu/system.scm (<operating-system>): Add new privileged-programs
field, that defaults to…
(%default-privileged-programs): …this new variable, renamed from…
(%setuid-programs): …this, which is now defined as the empty list.
* doc/guix.texi (Setuid Programs): Rename this…
(Privileged Programs): …to this. Adjust all refs. Update all mentions
of ‘setuid’ (whether in prose, variable names, or code samples) to use
the new ‘privilege[d]’ terminology instead.
(operating-system Reference, X Window, Invoking guix system)
(Service Reference): Adjust likewise.
| Tobias Geerinckx-Rice |
| 2024-08-11 | system: Use privileged-program-service-type by default....* gnu/system.scm (operating-system-default-essential-services)
(hurd-default-essential-services): Substitute
privileged-program-service-type for setuid-program-service-type.
| Tobias Geerinckx-Rice |
| 2024-08-11 | system: Use /run/privileged/bin in search paths....* gnu/system.scm (operating-system-etc-service):
Substitute /run/privileged/bin for deprecated /run/setuid-programs.
| Tobias Geerinckx-Rice |
| 2024-08-11 | system: Disallow file-like setuid-programs....It has been a warning for well over a year now. Now, with
privileged-programs coming, don't let's support nested deprecation
hacks.
* gnu/system.scm (<operating-system>):
Don't ‘sanitize’ the setuid-programs field.
(ensure-setuid-program-list): Delete syntax.
(%ensure-setuid-program-list): Delete variable.
| Tobias Geerinckx-Rice |
| 2024-05-15 | system: Do not delete all nss-certs packages when they are the same object....Calling 'delete' on the list of packages would delete *all* occurrences of a
given object, not just the first one. This meant that if the user had
something like:
(packages (cons nss-certs %base-packages))
In their operating system declaration, no nss-certs would end up in the final
list. To guard against this, guard against this by checking that more than
one nss-certs package exist even after deduplication.
* gnu/system.scm (operating-system-packages): Guard against deleting all
nss-certs when a single nss-certs package object is listed multiple times.
Fixes: https://issues.guix.gnu.org/70850
Change-Id: Id93be9242e026fd2e96a442941df80b94664ef9a
| Maxim Cournoyer |
| 2024-04-28 | system: Fix duplicate nss-certs check....* gnu/system.scm (operating-system-packages): Because packages->manifest
allows other formats, don't assume it's a package object in the list.
Fixes: https://issues.guix.gnu.org/70624
Change-Id: I91c64ca2c463ef5c35fa23856e4622e364e58988
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
| nathan |
| 2024-04-26 | system: Warn when multiple nss-certs packages are used....This can happen due to users providing 'nss-certs' and adding it to the
%base-packages, which now include 'nss-certs'.
* gnu/system.scm (operating-system-packages): Warn when multiple nss-certs
packages are detected; keep only the latest one.
Change-Id: I6104f134ea1cc155ae9e8e0ae70bb5a38fc05800
Reported-by: Ian Eure <ian@retrospec.tv>
| Maxim Cournoyer |
| 2024-04-18 | system: Add 'nss-certs' to %base-packages-networking....See the discussion at
<https://lists.gnu.org/archive/html/guix-devel/2024-04/msg00020.html>.
* gnu/system.scm (%base-packages-networking): Add nss-certs.
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Modified-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Change-Id: I24f336e4bb25561d0ec9344a1a4061d2ecc9aed8
| Jacob Hrbek |
| 2024-04-17 | gnu: ath9k-htc-firmware: Split package....* gnu/local.mk (dist_patch_DATA): Remove ath9k-htc-firmware-objcopy.patch.
* gnu/packages/firmware.scm (ath9k-htc-firmware): Remove.
(ath9k-htc-ar7010-firmware, ath9k-htc-ar9271-firmware): New variables.
* gnu/packages/patches/ath9k-htc-firmware-objcopy.patch: Delete file.
* gnu/system.scm (%base-firmware): Use new ath9k packages.
Change-Id: I86259e398427abd139c1f310a95bb15e2c03cee3
Co-authored-by: Ludovic Courtès <ludo@gnu.org>
| Jean-Pierre De Jesus DIAZ |
| 2024-03-22 | system, home: Validate ‘services’ field value....This guides newcomers who might stick a single (service …) form
in this field.
* gnu/services.scm (validate-service-list): New macro.
(%validate-service-list): New procedure.
* gnu/system.scm (<operating-system>)[services]: Add ‘sanitize’.
* gnu/home.scm (<home-environment>)[services]: Add ‘sanitize’.
Change-Id: I9e29bd9a078e87b627ab766fd669ba9de79f8473
| Ludovic Courtès |
| 2024-02-19 | system: Omit “root=” kernel argument when root device is “none”....* gnu/system.scm (bootable-kernel-arguments): Fallback to tmpfs
if root is "none".
Change-Id: I35a656e71169dc786e5256d98a3c04c65043086d
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
| Nicolas Graves |
| 2024-01-08 | system: hurd: Use the Shepherd 0.10.x....* gnu/system.scm (hurd-default-essential-services): Remove reference to
‘shepherd-0.8’.
* gnu/system/hurd.scm (%base-packages/hurd): Replace ‘shepherd-0.8’ with
‘shepherd-0.10’.
Change-Id: I9f1800693cda456286450d3d0bb6f7e3da85d55e
| Ludovic Courtès |
| 2023-12-25 | gnu: Adjust to removing ed.scm and nano.scm...This is a follow-up to f6817e71dff7d0d9fdb55db8b85a1d3d04e2bf5a and
e11e65a9ad08e18ea2faac3c9f4639a7b189bf76.
* gnu/installer.scm, gnu/packages/algebra.scm, gnu/packages/base.scm,
gnu/packages/cook.scm, gnu/packages/lisp.scm,
gnu/packages/patchutils.scm, gnu/packages/version-control.scm,
gnu/packages/web-browsers.scm, gnu/system.scm: Adjust module imports.
Change-Id: I25e5519fa003c35a14b81c3dda37b24527858634
| Efraim Flashner |
| 2023-07-30 | system: Fix a blown FUSE....I bungled up a merge conflict between 789f7e9 (gnu: fuse@3: Bind to
default FUSE variable.) and my other setuid-related changes.
* gnu/system.scm (%setuid-programs): Look for /bin/fusermount in
FUSE-2, not 3.
Reported by renngar[m] in #guix.
| Tobias Geerinckx-Rice |
| 2023-07-23 | gnu: fuse@3: Bind to default FUSE variable....* gnu/packages/linux.scm (fuse): Rename this…
(fuse-2): …to this, and…
(fuse-3): …rename this…
(fuse): …to this!
(fuse-static): Rename this…
(fuse-2-static): …to this.
Adjust all users.
| Tobias Geerinckx-Rice |
| 2023-07-13 | system: hurd: Boot with pci.arbiter and rumpdisk....* gnu/system.scm (hurd-multiboot-modules): Add commands for pci.arbiter and
rumpdisk.
Signed-off-by: Josselin Poiret <dev@jpoiret.xyz>
| Janneke Nieuwenhuizen |
| 2023-05-10 | system: Fix reference to Hurd bug in comment....* gnu/system.scm (hurd-multiboot-modules): Fix bug reference in
comment.
| Ludovic Courtès |
