name='robots' content='noindex, nofollow'/>
<link rel='stylesheet' type='text/css' href='/cgit-static/cgit.css'/>
<link rel='stylesheet' type='text/css' href='/cgit-static/better-cgit-markdown-heading-color.css'/>
<link rel='shortcut icon' href='/cgit-static/favicon.ico'/>
<link rel='alternate' title='Atom feed' href='https://git.koszko.org/guix/atom/gnu/system.scm?h=koszko' type='application/atom+xml'/>
</head>
<body>
<div id='cgit'><table id='header'>
<tr>
<td class='logo' rowspan='2'><a href='/'><img src='https://git.koszko.org/cgit-static/cgit.png' alt='cgit logo'/></a></td>
<td class='main'><a href='/'>index</a> : <a href='/guix/'>guix</a></td><td class='form'><form method='get'>
<input type='hidden' name='id' value='1d6d048df9eda22a0544cb034606176c8f8fd5a9'/><select name='h' onchange='this.form.submit();'>
<option value='koszko' selected='selected'>koszko</option>
<option value='koszko-scripts'>koszko-scripts</option>
</select> <input type='submit' value='switch'/></form></td></tr>
<tr><td class='sub'>Wojtek's customized Guix</td><td class='sub right'></td></tr></table>
<table class='tabs'><tr><td>
<a href='/guix/about/'>about</a><a href='/guix/'>summary</a><a href='/guix/refs/?id=1d6d048df9eda22a0544cb034606176c8f8fd5a9'>refs</a><a class='active' href='/guix/log/gnu/system.scm'>log</a><a href='/guix/tree/gnu/system.scm?id=1d6d048df9eda22a0544cb034606176c8f8fd5a9'>tree</a><a href='/guix/commit/gnu/system.scm?id=1d6d048df9eda22a0544cb034606176c8f8fd5a9'>commit</a><a href='/guix/diff/gnu/system.scm?id=1d6d048df9eda22a0544cb034606176c8f8fd5a9'>diff</a></td><td class='form'><form class='right' method='get' action='/guix/log/gnu/system.scm'>
<input type='hidden' name='id' value='1d6d048df9eda22a0544cb034606176c8f8fd5a9'/><select name='qt'>
<option value='grep'>log msg</option>
<option value='author'>author</option>
<option value='committer'>committer</option>
<option value='range'>range</option>
</select>
<input class='txt' type='search' size='10' name='q' value=''/>
<input type='submit' value='search'/>
</form>
</td></tr></table>
<div class='path'>path: <a href='/guix/log/?id=1d6d048df9eda22a0544cb034606176c8f8fd5a9'>root</a>/<a href='/guix/log/gnu?id=1d6d048df9eda22a0544cb034606176c8f8fd5a9'>gnu</a>/<a href='/guix/log/gnu/system.scm?id=1d6d048df9eda22a0544cb034606176c8f8fd5a9'>system.scm</a></div><div class='content'><table class='list nowrap'><tr class='nohover'><th class='left'>Age</th><th class='left'>Commit message (<a href='/guix/log/gnu/system.scm?id=1d6d048df9eda22a0544cb034606176c8f8fd5a9&amp;showmsg=1'>Expand</a>)</th><th class='left'>Author</th></tr>
<tr><td><span title='2024-08-11 02:00:00 +0200'>2024-08-11</span></td><td><a href='/guix/commit/gnu/system.scm?id=4e58dfee6c7456d1e662f66041b8a157efe8710a'>system: Add privileged-programs to &lt;operating-system&gt;.</a><span class='msg-avail'>...<span class='msg-tooltip'>* gnu/system.scm (&lt;operating-system&gt;): Add new privileged-programs
field, that defaults to…
(%default-privileged-programs): …this new variable, renamed from…
(%setuid-programs): …this, which is now defined as the empty list.
* doc/guix.texi (Setuid Programs): Rename this…
(Privileged Programs): …to this.  Adjust all refs.  Update all mentions
of ‘setuid’ (whether in prose, variable names, or code samples) to use
the new ‘privilege[d]’ terminology instead.
(operating-system Reference, X Window, Invoking guix system)
(Service Reference): Adjust likewise.
</span></span></td><td>Tobias Geerinckx-Rice</td></tr>
<tr><td><span title='2024-08-11 02:00:00 +0200'>2024-08-11</span></td><td><a href='/guix/commit/gnu/system.scm?id=beb37ea4ad9999c28cfb60aca5d021851f9a1176'>system: Use privileged-program-service-type by default.</a><span class='msg-avail'>...<span class='msg-tooltip'>* gnu/system.scm (operating-system-default-essential-services)
(hurd-default-essential-services): Substitute
privileged-program-service-type for setuid-program-service-type.
</span></span></td><td>Tobias Geerinckx-Rice</td></tr>
<tr><td><span title='2024-08-11 02:00:00 +0200'>2024-08-11</span></td><td><a href='/guix/commit/gnu/system.scm?id=e364d1a494140c26f95a90176b3216428bbaf944'>system: Use /run/privileged/bin in search paths.</a><span class='msg-avail'>...<span class='msg-tooltip'>* gnu/system.scm (operating-system-etc-service):
Substitute /run/privileged/bin for deprecated /run/setuid-programs.
</span></span></td><td>Tobias Geerinckx-Rice</td></tr>
<tr><td><span title='2024-08-11 02:00:00 +0200'>2024-08-11</span></td><td><a href='/guix/commit/gnu/system.scm?id=0dffb851e0feced94742ad024f245b925c503fa2'>system: Disallow file-like setuid-programs.</a><span class='msg-avail'>...<span class='msg-tooltip'>It has been a warning for well over a year now.  Now, with
privileged-programs coming, don't let's support nested deprecation
hacks.

* gnu/system.scm (&lt;operating-system&gt;):
Don't ‘sanitize’ the setuid-programs field.
(ensure-setuid-program-list): Delete syntax.
(%ensure-setuid-program-list): Delete variable.
</span></span></td><td>Tobias Geerinckx-Rice</td></tr>
<tr><td><span title='2024-05-15 22:53:31 -0400'>2024-05-15</span></td><td><a href='/guix/commit/gnu/system.scm?id=35ae95061e1b843e1df069693177519f22f9a16d'>system: Do not delete all nss-certs packages when they are the same object.</a><span class='msg-avail'>...<span class='msg-tooltip'>Calling 'delete' on the list of packages would delete *all* occurrences of a
given object, not just the first one.  This meant that if the user had
something like:

  (packages (cons nss-certs %base-packages))

In their operating system declaration, no nss-certs would end up in the final
list.  To guard against this, guard against this by checking that more than
one nss-certs package exist even after deduplication.

* gnu/system.scm (operating-system-packages): Guard against deleting all
nss-certs when a single nss-certs package object is listed multiple times.

Fixes: https://issues.guix.gnu.org/70850
Change-Id: Id93be9242e026fd2e96a442941df80b94664ef9a
</span></span></td><td>Maxim Cournoyer</td></tr>