/etc/completion/

scm?h=koszko' type='application/atom+xml'/>
aboutsummaryrefslogtreecommitdiff
path: root/build-aux/check-final-inputs-self-contained.scm
ey can work with cap_net_raw capability only. This means that even if ping or ping6 had a vulnerability that could be used for execution as root, it can't anymore if the program is not setuid. * gnu/system.scm (%default-privileged-programs): Remove ping, ping6 setuid programs, add ping, ping6 programs with cap_net_raw=ep capabilities Change-Id: Ie409b477f548dbff3318eec33d0d2ca16a1b3209 Signed-off-by: Ludovic Courtès <ludo@gnu.org>
AgeCommit message (Expand)Author
2021-03-10ci: Remove hydra support....This removes hydra support to use Cuirass as the only continuous integration system. * build-aux/hydra/gnu-system.scm: Remove it. * build-aux/hydra/guix-modular.scm: Ditto. * build-aux/hydra/guix.scm: Ditto. * build-aux/cuirass/hydra-to-cuirass.scm: Ditto. * Makefile.am (EXTRA_DIST): Update it. (hydra-jobs.scm): Remove it. (cuirass-jobs.scm): Update it. * build-aux/hydra/evaluate.scm: Move it to ... * build-aux/cuirass/evaluate.scm: ... here. * build-aux/cuirass/guix-modular.scm: Remove it. * build-aux/cuirass/gnu-system.scm: Ditto. * guix/packages.scm (%hydra-supported-systems): Rename it to ... (%cuirass-supported-systems): ... this variable. * build-aux/check-final-inputs-self-contained: Adapt it. * etc/release-manifest.scm: Ditto. * gnu/ci.scm (package->alist): Remove it. (derivation->job): New procedure. (package-job, package-cross-job, cross-jobs, image-jobs, system-test-jobs, tarball-jobs): Use it. (guix-jobs): New procedure. (hydra-jobs): Rename it to ... (cuirass-jobs): ... this procedure. Mathieu Othacehe
Rutherther
2024-10-24gnu: system: Privilege programs after creating accounts....Ensure that users and groups are already created when the privileging script runs. The order these scripts appear in the folded activation-service depends on the order these services are instantiated in the operating-system. Fixes <https://issues.guix.gnu.org/73680>. * gnu/system.scm (operating-system-default-essential-services): Move privileged-program-service above account-service. (hurd-default-essential-services): Likewise. * gnu/tests/base.scm (%activation-os): New variable. (run-activation-test): New procedure. (%test-activation): New variable. Change-Id: I59a191c5519475f256e81bdf2dc4cb01b96c31fe Signed-off-by: Ludovic Courtès <ludo@gnu.org> Dariqq
2024-08-11system: Add privileged-programs to <operating-system>....* gnu/system.scm (<operating-system>): Add new privileged-programs field, that defaults to… (%default-privileged-programs): …this new variable, renamed from… (%setuid-programs): …this, which is now defined as the empty list. * doc/guix.texi (Setuid Programs): Rename this… (Privileged Programs): …to this. Adjust all refs. Update all mentions of ‘setuid’ (whether in prose, variable names, or code samples) to use the new ‘privilege[d]’ terminology instead. (operating-system Reference, X Window, Invoking guix system) (Service Reference): Adjust likewise. Tobias Geerinckx-Rice
2024-08-11system: Use privileged-program-service-type by default....* gnu/system.scm (operating-system-default-essential-services) (hurd-default-essential-services): Substitute privileged-program-service-type for setuid-program-service-type. Tobias Geerinckx-Rice
2024-08-11system: Use /run/privileged/bin in search paths....* gnu/system.scm (operating-system-etc-service): Substitute /run/privileged/bin for deprecated /run/setuid-programs. Tobias Geerinckx-Rice
2024-08-11system: Disallow file-like setuid-programs....It has been a warning for well over a year now. Now, with privileged-programs coming, don't let's support nested deprecation hacks. * gnu/system.scm (<operating-system>): Don't ‘sanitize’ the setuid-programs field. (ensure-setuid-program-list): Delete syntax. (%ensure-setuid-program-list): Delete variable. Tobias Geerinckx-Rice
2024-05-15system: Do not delete all nss-certs packages when they are the same object....Calling 'delete' on the list of packages would delete *all* occurrences of a given object, not just the first one. This meant that if the user had something like: (packages (cons nss-certs %base-packages)) In their operating system declaration, no nss-certs would end up in the final list. To guard against this, guard against this by checking that more than one nss-certs package exist even after deduplication. * gnu/system.scm (operating-system-packages): Guard against deleting all nss-certs when a single nss-certs package object is listed multiple times. Fixes: https://issues.guix.gnu.org/70850 Change-Id: Id93be9242e026fd2e96a442941df80b94664ef9a Maxim Cournoyer
2024-04-28system: Fix duplicate nss-certs check....* gnu/system.scm (operating-system-packages): Because packages->manifest allows other formats, don't assume it's a package object in the list. Fixes: https://issues.guix.gnu.org/70624 Change-Id: I91c64ca2c463ef5c35fa23856e4622e364e58988 Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com> nathan
2024-04-26system: Warn when multiple nss-certs packages are used....This can happen due to users providing 'nss-certs' and adding it to the %base-packages, which now include 'nss-certs'. * gnu/system.scm (operating-system-packages): Warn when multiple nss-certs packages are detected; keep only the latest one. Change-Id: I6104f134ea1cc155ae9e8e0ae70bb5a38fc05800 Reported-by: Ian Eure <ian@retrospec.tv> Maxim Cournoyer
2024-04-18system: Add 'nss-certs' to %base-packages-networking....See the discussion at <https://lists.gnu.org/archive/html/guix-devel/2024-04/msg00020.html>. * gnu/system.scm (%base-packages-networking): Add nss-certs. Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com> Modified-by: Maxim Cournoyer <maxim.cournoyer@gmail.com> Change-Id: I24f336e4bb25561d0ec9344a1a4061d2ecc9aed8 Jacob Hrbek
2024-04-17gnu: ath9k-htc-firmware: Split package....* gnu/local.mk (dist_patch_DATA): Remove ath9k-htc-firmware-objcopy.patch. * gnu/packages/firmware.scm (ath9k-htc-firmware): Remove. (ath9k-htc-ar7010-firmware, ath9k-htc-ar9271-firmware): New variables. * gnu/packages/patches/ath9k-htc-firmware-objcopy.patch: Delete file. * gnu/system.scm (%base-firmware): Use new ath9k packages. Change-Id: I86259e398427abd139c1f310a95bb15e2c03cee3 Co-authored-by: Ludovic Courtès <ludo@gnu.org> Jean-Pierre De Jesus DIAZ
2024-03-22system, home: Validate ‘services’ field value....This guides newcomers who might stick a single (service …) form in this field. * gnu/services.scm (validate-service-list): New macro. (%validate-service-list): New procedure. * gnu/system.scm (<operating-system>)[services]: Add ‘sanitize’. * gnu/home.scm (<home-environment>)[services]: Add ‘sanitize’. Change-Id: I9e29bd9a078e87b627ab766fd669ba9de79f8473 Ludovic Courtès
2024-02-19system: Omit “root=” kernel argument when root device is “none”....* gnu/system.scm (bootable-kernel-arguments): Fallback to tmpfs if root is "none". Change-Id: I35a656e71169dc786e5256d98a3c04c65043086d Signed-off-by: Ludovic Courtès <ludo@gnu.org> Nicolas Graves
2024-01-08system: hurd: Use the Shepherd 0.10.x....* gnu/system.scm (hurd-default-essential-services): Remove reference to ‘shepherd-0.8’. * gnu/system/hurd.scm (%base-packages/hurd): Replace ‘shepherd-0.8’ with ‘shepherd-0.10’. Change-Id: I9f1800693cda456286450d3d0bb6f7e3da85d55e Ludovic Courtès
2023-12-25gnu: Adjust to removing ed.scm and nano.scm...This is a follow-up to f6817e71dff7d0d9fdb55db8b85a1d3d04e2bf5a and e11e65a9ad08e18ea2faac3c9f4639a7b189bf76. * gnu/installer.scm, gnu/packages/algebra.scm, gnu/packages/base.scm, gnu/packages/cook.scm, gnu/packages/lisp.scm, gnu/packages/patchutils.scm, gnu/packages/version-control.scm, gnu/packages/web-browsers.scm, gnu/system.scm: Adjust module imports. Change-Id: I25e5519fa003c35a14b81c3dda37b24527858634 Efraim Flashner