;; -*-scheme-*- ;; This is an operating system configuration template ;; for a "bare bones" QEMU setup, with no X11 display server. ;; To build a disk image for a virtual machine, do: ;; ;; ./pre-inst-env guix system image --image-type=hurd-qcow2 \ ;; gnu/system/examples/bare-hurd.tmpl ;; ;; You may run it like so: ;; ;; guix shell qemu -- qemu-system-i386 -m 2048 \ ;; --enable-kvm \ ;; --device e1000,netdev=net0 \ ;; --netdev user,id=net0,hostfwd=tcp:127.0.0.1:10022-:2222 \ ;; --snapshot ;; --hda /gnu/store/...-disk-image ;; ;; and use it like: ;; ;; ssh -p 10022 root@localhost ;; guix build -e '(@@ (gnu packages commencement) gnu-make-boot0)' ;; ;; or even, if you build the image with at least --image-size=3G: ;; ;; guix build hello (use-modules (gnu) (gnu system hurd) (guix utils)) (use-service-modules ssh) (use-package-modules ssh) (define %hurd-os (operating-system (inherit %hurd-default-operating-system) (bootloader (bootloader-configuration (bootloader grub-minimal-bootloader) (targets '("/dev/sdX")))) (file-systems (cons (file-system (device (file-system-label "hurd")) (mount-point "/") (type "ext2")) %base-file-systems)) (host-name "guixygnu") (timezone "Europe/Amsterdam") (users (cons (user-account (name "guix") (comment "Anonymous Hurd Hacker") (group "users") (supplementary-groups '("wheel"))) %base-user-accounts)) (packages (cons openssh-sans-x %base-packages/hurd)) (services (cons (service openssh-service-type (openssh-configuration (openssh openssh-sans-x) (port-number 2222) (permit-root-login #t) (allow-empty-passwords? #t) (password-authentication? #t))) ;; For installing on a real (non-QEMU) machine, use: ;; (static-networking-service-type ;; (list %loopback-static-networking ;; (static-networking ;; ...))) ;; %base-services/hurd %base-services+qemu-networking/hurd)))) %hurd-os 6cfd4be5950cdda59e78c8a72eeb88bf7c03&showmsg=1'>Expand)Author 2022-12-18daemon: Make "opening file" error messages distinguishable....* nix/libstore/build.cc (DerivationGoal::openLogFile): Customize "opening file" error message. * nix/libutil/hash.cc (hashFile): Likewise. * nix/libutil/util.cc (readFile, writeFile): Likewise. Ludovic Courtès 2022-06-05daemon: Quote consistently within a string....* nix/libstore/build.cc (DerivationGoal::registerOutput): ‘’ → `'. Tobias Geerinckx-Rice 2022-05-29daemon: Clarify ‘--check’ error when outputs are missing....Drop the confusing ‘invalid’ jargon and display a hint like we do for ‘--fallback’. * nix/libstore/build.cc (DerivationGoal::outputsSubstituted): Rewrite error message. Tobias Geerinckx-Rice 2022-05-18daemon: runChild() is forbidden to talk during environment set up...DerivationGoal::startBuilder() is waiting for an empty line as a check that the environment set up is fine. Fixes <https://issues.guix.gnu.org/55324>. * nix/libstore/build.cc (DerivationGoal::runChild): Remove 'debug' statement corresponding to bind mounts. Signed-off-by: Ludovic Courtès <ludo@gnu.org> yarl-baudig@mailoo.org 2021-11-25daemon: Read substitute nar size as 'unsigned long long'....Fixes <https://issues.guix.gnu.org/46212>. Reported by Christopher Baines <mail@cbaines.net>. Previously, the nar size returned by 'guix substitute' would be read as an 'int'; thus, values above 2^31 - 1 would be read and then stored as negative integers in the database. Regression introduced in 9dfa20a22ae0be3d3b01a7b3d422af97428c627e. * nix/libstore/build.cc (SubstitutionGoal::finished): Use templatized 'string2Int' instead of 'std::atoi' to get an 'unsigned long long', which is the type of 'hash.second'. * tests/store.scm ("substitute and large size"): New test. Ludovic Courtès 2021-04-09daemon: 'guix substitute' replies on FD 4....This avoids the situation where error messages would unintentionally go to stderr and be wrongfully interpreted as a reply by the daemon. Fixes <https://bugs.gnu.org/46362>. This is a followup to ee3226e9d54891c7e696912245e4904435be191c. * guix/scripts/substitute.scm (display-narinfo-data): Add 'port' parameter and honor it. (process-query): Likewise. (process-substitution): Likewise. (%error-to-file-descriptor-4?, with-redirected-error-port): Remove. (%reply-file-descriptor): New variable. (guix-substitute): Remove use of 'with-redirected-error-port'. Define 'reply-port' and pass it to 'process-query' and 'process-substitution'. * nix/libstore/build.cc (SubstitutionGoal::handleChildOutput): Swap 'builderOut' and 'fromAgent'. * nix/libstore/local-store.cc (LocalStore::getLineFromSubstituter): Likewise. * tests/substitute.scm <top level>: Set '%reply-file-descriptor' rather than '%error-to-file-descriptor-4?'. Ludovic Courtès 2021-03-18daemon: Prevent privilege escalation with '--keep-failed' [security]....Fixes <https://bugs.gnu.org/47229>. Reported by Nathan Nye of WhiteBeam Security. * nix/libstore/build.cc (DerivationGoal::startBuilder): When 'useChroot' is true, add "/top" to 'tmpDir'. (DerivationGoal::deleteTmpDir): Adjust accordingly. When 'settings.keepFailed' is true, chown in two steps: first the "/top" sub-directory, and then rename "/top" to its parent. Ludovic Courtès