;; -*-scheme-*-
;; This is an operating system configuration template
;; for a "bare bones" QEMU setup, with no X11 display server.
;; To build a disk image for a virtual machine, do:
;;
;; ./pre-inst-env guix system image --image-type=hurd64-qcow2 \
;; gnu/system/examples/bare-hurd64.tmpl
;;
;; You may run it like so:
;;
;; guix shell qemu -- qemu-system-x86_64 -m 2048 \
;; --enable-kvm \
;; --device e1000,netdev=net0 \
;; --netdev user,id=net0,hostfwd=tcp:127.0.0.1:10022-:2222 \
;; --snapshot \
;; --hda /gnu/store/...-disk-image
;;
;; (note that the 64bit Hurd does not seem to show a login prompt)
;;
;; and use it like:
;;
;; ssh -p 10022 root@localhost
;; guix build -e '(@@ (gnu packages commencement) gnu-make-boot0)'
;;
;; or even, if you build the image with at least --image-size=3G:
;;
;; guix build hello
(use-modules (gnu) (gnu system hurd) (guix utils))
(use-service-modules ssh)
(use-package-modules ssh)
(define %hurd64-os
(operating-system
(inherit %hurd64-default-operating-system)
(bootloader (bootloader-configuration
(bootloader grub-minimal-bootloader)
(targets '("/dev/sdX"))))
(kernel-arguments '("noide")) ;use rumpdisk
(file-systems (cons (file-system
(device (file-system-label "hurd"))
(mount-point "/")
(type "ext2"))
%base-file-systems))
(host-name "guixygnu64")
(timezone "Europe/Amsterdam")
(users (cons (user-account
(name "guix")
(comment "Anonymous Hurd Hacker")
(group "users")
(supplementary-groups '("wheel")))
%base-user-accounts))
(packages (cons openssh-sans-x %base-packages/hurd))
(services (cons (service openssh-service-type
(openssh-configuration
(openssh openssh-sans-x)
(port-number 2222)
(permit-root-login #t)
(allow-empty-passwords? #t)
(password-authentication? #t)))
;; For installing on a real (non-QEMU) machine, use:
;; (static-networking-service-type
;; (list %loopback-static-networking
;; (static-networking
;; ...)))
;; %base-services/hurd
%base-services+qemu-networking/hurd))))
%hurd64-os
-09-08| privilege: Add file-like->setuid-program helper....* gnu/system/privilege.scm (file-like->setuid-program): New public
procedure.
* gnu/system/setuid.scm: Re-export it for compatibility.
(file-like->setuid-program): Remove this old version.
* gnu/services/docker.scm (singularity-setuid-programs): Use it (again).
* gnu/services/desktop.scm (enlightenment-privileged-programs): Likewise.
Change-Id: I8e41144438677a15cdadb3063651dbc780715497
| Tobias Geerinckx-Rice |
| 2024-08-11 | privilege: Add POSIX capabilities(7) support....* gnu/system/privilege.scm (<privileged-program>): Add a field
representing the program's POSIX capabilities.
(privileged-program-capabilities): New public procedure.
* doc/guix.texi (Privileged Programs): Document it.
* gnu/build/activation.scm (activate-privileged-programs): Take a LIBCAP
package argument providing setcap(8) to apply said capabilities.
* gnu/services.scm (privileged-program->activation-gexp): Pass said
package argument where supported. Include privileged-program-capabilities
in the compatibility hack.
| Tobias Geerinckx-Rice |
| 2024-08-11 | system: Add (gnu system privilege)....* gnu/system/privilege.scm: New file.
* gnu/local.mk (GNU_SYSTEM_MODULES): Add it.
| Tobias Geerinckx-Rice |