guix - Wojtek's customized Guix

about summary refs log tree commit diff

Branch	Commit message	Author	Age
koszko	Allow unauthorized `guix pull`	W. Kosior	7 hours
koszko-scripts	Add `httpd-cross-compile-wip' branch.	W. Kosior	6 hours

between when the desired directory is created and when its permissions are changed. During this time, its permissions are restricted only by the umask. Of course, in the "directory already exists" case, this doesn't matter, but if the directory has been specifically deleted ahead of time so that it is created afresh, this is an unnecessary window. We can avoid this by passing the caller-provided BITS to 'mkdirat' when attempting to create the last directory. * gnu/build/activation.scm (mkdir-p/perms): Create target directory with BITS permissions. Change-Id: I03d2c620872e86b6f591abe0f1c8317aa1245383 Signed-off-by: Ludovic Courtès <ludo@gnu.org> 2024-10-15hurd-boot: Support system init: Create essential device nodes.Janneke Nieuwenhuizen * gnu/build/hurd-boot.scm (make-hurd-device-nodes): Cater for existing directories (dev, servers). (set-hurd-device-translators): Remove /servers/socket/1, that is created by libexec/console-run. Cater for nonexistent /dev/console. (boot-hurd-system): Call make-hurd-device-nodes on initial run. 2024-10-14image: Add support for btrfs.Roman Scherer * gnu/build/image.scm (make-btrfs-image): New variable. * gnu/system/image.scm (system-disk-image): Support btrfs. Change-Id: I80a5b52ec478ce5927d6208e324cbb70282c647a Signed-off-by: Ludovic Courtès <ludo@gnu.org> 2024-10-14image: Use file system options in make-vfat-image.Roman Scherer * gnu/build/image.scm (make-vfat-image): Use file system options. Change-Id: I791aadd2803d1ef96fc79cf8910a74a0083d2b6e Signed-off-by: Ludovic Courtès <ludo@gnu.org> 2024-09-01file-systems: Add support for exFAT.Tobias Geerinckx-Rice * gnu/build/file-systems.scm (%exfat-endianness): New syntax. (exfat-superblock?, exfat-bytes-per-sector-shift) (exfat-sectors-per-cluster-shift, exfat-root-directory-offset) (exfat-cluster-size, read-exfat-superblock+root-directory-cluster) (read-exfat-superblock, exfat-superblock-volume-name) (exfat-superblock-uuid, check-exfat-file-system): New procedures. (%partition-label-readers, %partition-uuid-readers): Register them. Change-Id: I08bd3147d2d67e5766c9381ae2159bc01530b814 2024-09-06activation: Fix TOCTTOU in mkdir-p/perms.Maxime Devos Fixes <https://issues.guix.gnu.org/47584>. I removed the 'Based upon mkdir-p from (guix build utils)' comment because it's quite a bit different now. * gnu/build/activation.scm (verify-not-symbolic): Delete. (mkdir-p/perms): Rewrite in terms of 'openat'. Signed-off-by: Ludovic Courtès <ludo@gnu.org> Change-Id: Id2f5bcbb903283afd45f6109190210d02eb383c7 2024-08-31gnu: image: Reformat comments.Tobias Geerinckx-Rice I wrote these to fit on their lines, so the pointless widows bug me. * gnu/build/image.scm (make-iso9660-image): M-q comments. 2024-08-11privilege: Add POSIX capabilities(7) support.Tobias Geerinckx-Rice * gnu/system/privilege.scm (<privileged-program>): Add a field representing the program's POSIX capabilities. (privileged-program-capabilities): New public procedure. * doc/guix.texi (Privileged Programs): Document it. * gnu/build/activation.scm (activate-privileged-programs): Take a LIBCAP package argument providing setcap(8) to apply said capabilities. * gnu/services.scm (privileged-program->activation-gexp): Pass said package argument where supported. Include privileged-program-capabilities in the compatibility hack. 2024-08-11build: Rename activate-setuid-programs.Tobias Geerinckx-Rice * gnu/build/activation.scm (activate-setuid-programs): Rename this… (activate-privileged-programs): …to this. Operate on a list of <privileged-program> records. * gnu/services.scm (setuid-program->activation-gexp): Adjust caller. 2024-08-11services: setuid-program: Populate /run/privileged/bin.Tobias Geerinckx-Rice Create /run/setuid-programs compatibility symlinks so that we can migrate all users (both package and human) piecemeal at our leisure. Apart from being symlinks, this should be a user-invisible change. * gnu/build/activation.scm (%privileged-program-directory): New variable. [activate-setuid-programs]: Put privileged copies in %PRIVILEGED-PROGRAM-DIRECTORY, with compatibility symlinks to each in %SETUID-DIRECTORY. * gnu/services.scm (setuid-program-service-type): Update docstring. * doc/guix.texi (Setuid Programs): Update @file{} name accordingly. 2024-07-26file-systems: Allow specifying CIFS credentials in a file.vicvbcun As files in the store and /etc/fstab are world readable, specifying the password in the file-system record is suboptimal. To mitigate this, `mount.cifs' supports reading `username', `password' and `domain' options from a file named by the `credentials' or `cred' option. * gnu/build/file-systems.scm (mount-file-system): Read mount options from the file specified via the `credentials' or `cred' option if specified. Change-Id: I786c5da373fc26d45fe7a876c56a8c4854d18532 Signed-off-by: Ludovic Courtès <ludo@gnu.org> 2024-07-20file-systems: Skip checking the cifs file-system type.Richard Sent * gnu/build/file-systems.scm (check-file-system)[check-procedure]: Add cifs. Change-Id: I891b18f03884ed45e92ac32556fe04b3087e20dd Signed-off-by: Ludovic Courtès <ludo@gnu.org> 2024-06-04file-systems: Add support for mounting CIFS file systemsRichard Sent * gnu/build/file-systems (canonicalize-device-name): Do not attempt to resolve CIFS formatted device specifications. (mount-file-systems): Add mount-cifs nested function. * gnu/machine/ssh.scm (machine-check-file-system-availability): Skip checking for CIFS availability, similar to NFS. * guix/scripts/system.scm (check-file-system-availability): Likewise. Change-Id: I182e290eba64bbe5d1332815eb93bb68c01e0c3c Signed-off-by: Ludovic Courtès <ludo@gnu.org> 2024-06-04file-systems: Add host-to-ip nested functionRichard Sent * gnu/build/file-systems (mount-file-system): Split out getaddrinfo logic into a dedicated function, (host-to-ip) Change-Id: I522d70a10651ca79533a4fc60b96b884243a3526 Signed-off-by: Ludovic Courtès <ludo@gnu.org> 2024-05-29gnu: linux-libre: Enable Zstd compression of kernel modules.Maxim Cournoyer This brings the on disk size of the kernel from 164 MiB to 144 MiB, or about 12%. * gnu/packages/linux.scm (default-extra-linux-options) [version>=5.13]: Enable CONFIG_MODULE_COMPRESS_ZSTD, else CONFIG_MODULE_COMPRESS_GZIP. (make-linux-libre*) [phases] {set-environment}: Set ZSTD_CLEVEL environment variable to 19. [native-inputs]: Add zstd. * gnu/build/linux-modules.scm (module-regex): Add .zst to regexp. Update doc. (modinfo-section-contents): Extend support to Zstd compressed module. (dot-ko): Register the 'zstd compression type. (ensure-dot-ko, file-name->module-name, load-linux-module*) (module-name->file-name/guess, write-module-name-database) (write-module-alias-database, write-module-device-database): Update doc. (module-name-lookup): Also consider zstd-compressed modules. * gnu/installer.scm (installer-program): Add guile-zstd extension to gexp. * gnu/system/linux-initrd.scm (flat-linux-module-directory): Likewise. Decompress zstd-compressed modules for use in initrd. * guix/profiles.scm (linux-module-database): Add guile-zstd extension to gexp. Change-Id: Ide899dc5c58ea5033583b1a91a92c025fc8d901a 2024-03-27linux-modules: Ignore nonexistent module files on boot.Hilton Chain This is a follow-up to 8f8ec56052766aa5105d672b77ad9eaca5c1ab3c, which only covers building initrd, while the booting code still tries to load nonexistent files for builtin modules. * gnu/build/linux-modules.scm (load-linux-modules-from-directory): Ignore nonexistent module files. Change-Id: I09ef207e82397e915e671c8464b92bcf90f03dcf