#!/bin/sh

# GNU Guix --- Functional package management for GNU
# Copyright © 2012, 2013, 2014, 2015, 2017, 2018, 2019, 2020 Ludovic Courtès <ludo@gnu.org>
# Copyright © 2017 Eric Bavier <bavier@cray.com>
#
# This file is part of GNU Guix.
#
# GNU Guix is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or (at
# your option) any later version.
#
# GNU Guix is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.

# Usage: ./pre-inst-env COMMAND ARG...
#
# Run COMMAND in a pre-installation environment.  Typical use is
# "./pre-inst-env guix build hello".

# By default we may end up with absolute directory names that contain '..',
# which get into $GUILE_LOAD_PATH, leading to '..' in the module file names
# recorded by Guile.  To avoid that, make sure we get a real absolute
# directory name.  Additionally, use '-P' to get the canonical directory name
# so that Guile's 'relative' %file-port-name-canonicalization can actually
# work (see <http://bugs.gnu.org/17935>.)
abs_top_srcdir="`cd "@abs_top_srcdir@" > /dev/null; pwd -P`"
abs_top_builddir="`cd "@abs_top_builddir@" > /dev/null; pwd -P`"

GUILE_LOAD_COMPILED_PATH="$abs_top_builddir${GUILE_LOAD_COMPILED_PATH:+:}$GUILE_LOAD_COMPILED_PATH"
GUILE_LOAD_PATH="$abs_top_builddir:$abs_top_srcdir${GUILE_LOAD_PATH:+:}$GUILE_LOAD_PATH"
export GUILE_LOAD_COMPILED_PATH GUILE_LOAD_PATH

# Define $PATH so that `guix' and friends are easily found.

PATH="$abs_top_builddir/scripts:$abs_top_builddir:$PATH"
export PATH

# The daemon invokes 'guix'; tell it which one to use.
GUIX="$abs_top_builddir/scripts/guix"
export GUIX

# Define $GUIX_UNINSTALLED to prevent `guix' from
# prepending @guilemoduledir@ to the Guile load paths.

GUIX_UNINSTALLED=1
export GUIX_UNINSTALLED

exec "$@"
stem.scm?id=27d7d879b79230143c81b114d98fd977325ea36b'>system.scm</a></div><div class='content'><table class='list nowrap'><tr class='nohover'><th class='left'>Age</th><th class='left'>Commit message (<a href='/guix/log/gnu/system.scm?id=27d7d879b79230143c81b114d98fd977325ea36b&amp;showmsg=1'>Expand</a>)</th><th class='left'>Author</th></tr>
<tr><td><span title='2024-12-03 08:33:12 +0100'>2024-12-03</span></td><td><a href='/guix/commit/gnu/system.scm?id=ae2213ed989051a680cf76582b758fd748838688'>gnu: hurd: Update to 0.9.git20240714.</a><span class='msg-avail'>...<span class='msg-tooltip'>* gnu/packages/hurd.scm (hurd-headers): Update to 0.9.git20240714.
(hurd)[arguments]: Remove rumpdisk build hack from "prepare-addons" stage.
Instead, when cross-compiling, add stage "fixup-cross-configure" to enable
rumpdisk.
* gnu/system.scm (hurd-multiboot-modules): Remove
"--x-xattr-translator-records" option that has been removed and is now the
default.

Change-Id: I4609b5a959c1ece98e2fe1aedbb1d31d6edadcca
</span></span></td><td>Janneke Nieuwenhuizen</td></tr>
<tr><td><span title='2024-11-11 07:28:33 +0100'>2024-11-11</span></td><td><a href='/guix/commit/gnu/system.scm?id=a16c94446e81c65715825853b19e9dccf39225dc'>system: hurd: Add swap-services to hurd-default-essential-services.</a><span class='msg-avail'>...<span class='msg-tooltip'>* gnu/services/base.scm (swap-service-type): Do not include 'udev' requirement
for the Hurd.  Use system* with "swapon", "swapoff" for the Hurd.
* gnu/system.scm (hurd-default-essential-services): Add swap-services.
* gnu/services/base.scm (swap-service-type):

Change-Id: I1d4d445c614921752dc84aa0dd6ff42cdbf62aa8
</span></span></td><td>Janneke Nieuwenhuizen</td></tr>
<tr><td><span title='2024-11-03 22:54:00 +0100'>2024-11-03</span></td><td><a href='/guix/commit/gnu/system.scm?id=e5d64e87d4759d62c035dad203e9975de3b621a6'>system: %default-privileged-programs: Set ping capabilities</a><span class='msg-avail'>...<span class='msg-tooltip'>Ping and ping6 don't need setuid, they can work with
cap_net_raw capability only. This means that even if
ping or ping6 had a vulnerability that could be
used for execution as root, it can't anymore if
the program is not setuid.

* gnu/system.scm (%default-privileged-programs): Remove ping, ping6 setuid
programs, add ping, ping6 programs with cap_net_raw=ep capabilities

Change-Id: Ie409b477f548dbff3318eec33d0d2ca16a1b3209
Signed-off-by: Ludovic Courtès &lt;ludo@gnu.org&gt;
</span></span></td><td>Rutherther</td></tr>
<tr><td><span title='2024-10-24 14:50:09 +0200'>2024-10-24</span></td><td><a href='/guix/commit/gnu/system.scm?id=cc67a0b71d4a7d98a3732c3edf2eb340c2799697'>gnu: system: Privilege programs after creating accounts.</a><span class='msg-avail'>...<span class='msg-tooltip'>Ensure that users and groups are already created when the privileging script
runs. The order these scripts appear in the folded activation-service depends
on the order these services are instantiated in the operating-system.

Fixes &lt;https://issues.guix.gnu.org/73680&gt;.

* gnu/system.scm (operating-system-default-essential-services): Move
privileged-program-service above account-service.
(hurd-default-essential-services): Likewise.
* gnu/tests/base.scm (%activation-os): New variable.
(run-activation-test): New procedure.
(%test-activation): New variable.

Change-Id: I59a191c5519475f256e81bdf2dc4cb01b96c31fe
Signed-off-by: Ludovic Courtès &lt;ludo@gnu.org&gt;
</span></span></td><td>Dariqq</td></tr>