;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2015, 2022, 2024 Ludovic Courtès ;;; ;;; This file is part of GNU Guix. ;;; ;;; GNU Guix is free software; you can redistribute it and/or modify it ;;; under the terms of the GNU General Public License as published by ;;; the Free Software Foundation; either version 3 of the License, or (at ;;; your option) any later version. ;;; ;;; GNU Guix is distributed in the hope that it will be useful, but ;;; WITHOUT ANY WARRANTY; without even the implied warranty of ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ;;; GNU General Public License for more details. ;;; ;;; You should have received a copy of the GNU General Public License ;;; along with GNU Guix. If not, see . (define-module (test-cpio) #:use-module (guix cpio) #:use-module (guix tests) #:use-module ((guix build utils) #:select (which call-with-temporary-output-file)) #:use-module (ice-9 match) #:use-module (ice-9 popen) #:use-module (rnrs io ports) #:use-module (srfi srfi-1) #:use-module (srfi srfi-26) #:use-module (srfi srfi-64)) (define %cpio-program (which "cpio")) (define %test-file (search-path %load-path "guix.scm")) (test-begin "cpio") ;; The cpio format expects 'ino' to fit in 32 bits. If we have a bigger inode ;; number, skip this test. (test-skip (if (>= (stat:ino (lstat %test-file)) (expt 2 32)) 1 0)) (test-assert "file->cpio-header + write-cpio-header + read-cpio-header" (let* ((header (file->cpio-header %test-file))) (call-with-values (lambda () (open-bytevector-output-port)) (lambda (port get-bv) (write-cpio-header header port) (let ((port (open-bytevector-input-port (get-bv)))) (equal? header (read-cpio-header port))))))) (unless %cpio-program (test-skip 1)) (test-assert "bit-identical to GNU cpio's output" (call-with-temporary-output-file (lambda (link _) (delete-file link) (symlink "chbouib" link) (let ((files (cons* "/" (canonicalize-path (dirname (search-path %load-path "guix.scm"))) link (map (compose canonicalize-path (cut search-path %load-path <>)) '("guix.scm" "guix/build/syscalls.scm" "guix/packages.scm"))))) (call-with-temporary-output-file (lambda (ref-file _) (let ((pipe (open-pipe* OPEN_WRITE %cpio-program "-o" "-O" ref-file "-H" "newc" "--null"))) (for-each (lambda (file) (format pipe "~a\0" file)) files) (and (zero? (close-pipe pipe)) (call-with-temporary-output-file (lambda (file port) (write-cpio-archive files port) (close-port port) (or (file=? ref-file file) (throw 'cpio-archives-differ files ref-file file (stat:size (stat ref-file)) (stat:size (stat file)))))))))))))) (test-end "cpio") additional initrd....In order to be able to provide decryption keys for the LUKS device, they need to be available in the initial ram disk. However they cannot be stored inside the usual initrd, since it is stored in the store and being a world-readable (as files in the store are) is not a desired property for a initrd containing decryption keys. This commit adds an option to load additional initrd during the boot, one that is not stored inside the store and therefore can contain secrets. Since only grub supports encrypted /boot, only grub is modified to use the extra-initrd. There is no use case for the other bootloaders. * doc/guix.texi (Bootloader Configuration): Describe the new extra-initrd field. * gnu/bootloader.scm (<bootloader-configuration>): Add extra-initrd field. * gnu/bootloader/grub.scm (make-grub-configuration): Use the extra-initrd field. Signed-off-by: Ludovic Courtès <ludo@gnu.org> Change-Id: I995989bb623bb594ccdafbf4a1a6de941bd4189f Tomas Volf 2023-10-28profiles: Hooks honor the #:system parameter of ‘profile-derivation’....Fixes <https://issues.guix.gnu.org/65225>. * guix/profiles.scm (info-dir-file, package-cache-file) (info-dir-file, ghc-package-cache-file, ca-certificate-bundle) (emacs-subdirs, gdk-pixbuf-loaders-cache-file, glib-schemas) (gtk-icon-themes, gtk-im-modules, linux-module-database) (xdg-desktop-database, xdg-mime-database, fonts-dir-file) (manual-database, manual-database/optional): Add optional #:system parameter and pass it to ‘gexp->derivation’. (profile-derivation): Pass HOOK a second parameter, SYSTEM. * gnu/bootloader.scm (efi-bootloader-profile)[efi-bootloader-profile-hook]: Add optional #:system parameter and pass it to ‘gexp->derivation’. * guix/channels.scm (package-cache-file): Likewise. * tests/profiles.scm ("profile-derivation, #:system, and hooks"): New test. Reported-by: Tobias Geerinckx-Rice <me@tobias.gr> Ludovic Courtès