;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2020 Mathieu Othacehe ;;; ;;; This file is part of GNU Guix. ;;; ;;; GNU Guix is free software; you can redistribute it and/or modify it ;;; under the terms of the GNU General Public License as published by ;;; the Free Software Foundation; either version 3 of the License, or (at ;;; your option) any later version. ;;; ;;; GNU Guix is distributed in the hope that it will be useful, but ;;; WITHOUT ANY WARRANTY; without even the implied warranty of ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ;;; GNU General Public License for more details. ;;; ;;; You should have received a copy of the GNU General Public License ;;; along with GNU Guix. If not, see . (define-module (gnu system images pinebook-pro) #:use-module (gnu bootloader) #:use-module (gnu bootloader u-boot) #:use-module (gnu image) #:use-module (gnu packages linux) #:use-module (gnu services) #:use-module (gnu services base) #:use-module (gnu system) #:use-module (gnu system file-systems) #:use-module (gnu system image) #:use-module (srfi srfi-26) #:export (pinebook-pro-barebones-os pinebook-pro-image-type pinebook-pro-barebones-raw-image)) (define pinebook-pro-barebones-os (operating-system (host-name "viso") (timezone "Europe/Paris") (locale "en_US.utf8") (bootloader (bootloader-configuration (bootloader u-boot-pinebook-pro-rk3399-bootloader) (target "/dev/vda"))) (initrd-modules '()) (kernel linux-libre-arm64-generic) (file-systems (cons (file-system (device (file-system-label "my-root")) (mount-point "/") (type "ext4")) %base-file-systems)) (services (cons (service agetty-service-type (agetty-configuration (extra-options '("-L")) ; no carrier detect (baud-rate "115200") (term "vt100") (tty "ttyS2"))) %base-services)))) (define pinebook-pro-image-type (image-type (name 'pinebook-pro-raw) (constructor (cut image-with-os (arm64-disk-image (* 9 (expt 2 20))) ;9MiB <>)))) (define pinebook-pro-barebones-raw-image (image (inherit (os->image pinebook-pro-barebones-os #:type pinebook-pro-image-type)) (name 'pinebook-pro-barebones-raw-image))) 51a4ae022&showmsg=1'>Expand)Author 2021-04-03activation: Do not dereference symlinks during home directory creation....Fixes <https://bugs.gnu.org/47584>. * gnu/build/activation.scm (copy-account-skeletons): Do not chown the home directory; leave this to 'activate-user-home'. (activate-user-home): Only chown the home directory after the account skeletons have been copied. Co-authored-by: Ludovic Courtès <ludo@gnu.org>. Maxime Devos 2021-03-10services: Prevent following symlinks during activation....This addresses a potential security issue, where a compromised service could trick the activation code in changing the permissions, owner and group of arbitrary files. However, this patch is currently only a partial fix, due to a TOCTTOU (time-of-check to time-of-use) race, which can be fixed once guile has bindings to openat and friends. Fixes: <https://lists.gnu.org/archive/html/guix-devel/2021-01/msg00388.html> * gnu/build/activation.scm: new procedure 'mkdir-p/perms'. * gnu/services/authentication.scm (%nslcd-activation, nslcd-service-type): use new procedure. * gnu/services/cups.scm (%cups-activation): likewise. * gnu/services/dbus.scm (dbus-activation): likewise. * gnu/services/dns.scm (knot-activation): likewise. Signed-off-by: Ludovic Courtès <ludo@gnu.org> Maxime Devos 2021-02-09activation: Do not make setuid programs setgid-root [security]....Fixes <https://bugs.gnu.org/46395>. Reported by Duncan Overbruck <mail@duncano.de>. * gnu/build/activation.scm (activate-setuid-programs): Change TARGET mode to not be setgid. Ludovic Courtès 2020-06-09activation: Fix function call for system activation...* gnu/build/activation.scm (boot-time-system): Evaluate the linux-command-line thunk for linux systems to boot Signed-off-by: Ludovic Courtès <ludo@gnu.org> Royce Strange 2020-06-08system: Support activation service for the Hurd....* gnu/build/activation.scm (boot-time-system): Use "command-line" for the Hurd. * gnu/system.scm (hurd-default-essential-services): Add %boot-service and %activation-service. Jan (janneke) Nieuwenhuizen 2020-01-06activation: Check whether /proc/sys/kernel/modprobe exists....* gnu/build/activation.scm (activate-modprobe): Check whether /proc/sys/kernel/modprobe exists before writing to it. Co-authored-by: Ludovic Courtès <ludo@gnu.org> kanichos@yandex.ru 2020-01-02activation: Keep going when failing to create one of the setuid programs....Fixes <https://bugs.gnu.org/38800>. Reported by Jakub Kądziołka <kuba@kadziolka.net>. * gnu/build/activation.scm (activate-setuid-programs): Catch 'system-error' around 'make-setuid-program' calls. Ludovic Courtès