aboutsummaryrefslogtreecommitdiff
path: root/etc/substitutes/ci.guix.info.pub
blob: b1d1e4d7633257082b836f3b2e6b2fa83ac825cf (about) (plain) 
1

berlin.guixsd.org.pub
generated by cgit
nge->gexp): new variable; (assert-valid-subids): new variable; (delete-duplicate-ranges): new variable; (subids-activation): new variable; (subids-extension): new record; (append-subid-ranges): new variable; (subids-extension-merge): new variable; (subids-service-type): new variable. * gnu/tests/shadow.scm (subids): New system test. Change-Id: I3755e1c75771220c74fe8ae5de1a7d90f2376635 Signed-off-by: Giacomo Leidi <goodoldpaul@autistici.org> Signed-off-by: Ludovic Courtès <ludo@gnu.org> Giacomo Leidi 2024-12-18accounts: Add /etc/subid and /etc/subgid allocation logic....This commit adds allocation logic for subid ranges. Subid ranges are ranges of contiguous subids that are mapped to a user in the host system. This patch implements a flexible allocation algorithm allowing users that do not want (or need) to specify details of the subid ranges that they are requesting to avoid doing so, while upholding requests of users that need to have specific ranges. * gnu/build/accounts.scm (%subordinate-id-min): New variable; (%subordinate-id-max): new variable; (%subordinate-id-count): new variable; (subordinate-id?): new variable; (&subordinate-id-error): new variable; (&subordinate-id-overflow-error): new variable; (&illegal-subid-range-error): new variable; (&specific-subid-range-expected-error): new variable; (&generic-subid-range-expected-error): new variable; (within-interval?): new variable; (allocate-unused-range): new variable; (allocate-generic-range): new variable; (allocate-specific-range): new variable; (reserve-subids): new variable; (range->entry): new variable; (entry->range): new variable; (allocate-subids): new variable; (subuid+subgid-databases): new variable. * gnu/system/accounts.scm (subid-range-end): New variable; (subid-range-has-start?): new variable; (subid-range-less): new variable. * test/accounts.scm: Test them. Change-Id: I8de1fd7cfe508b9c76408064d6f498471da0752d Co-Authored-By: Ludovic Courtès <ludo@gnu.org> Signed-off-by: Giacomo Leidi <goodoldpaul@autistici.org> Signed-off-by: Ludovic Courtès <ludo@gnu.org> Giacomo Leidi 2024-12-18accounts: Add /etc/subuid and /etc/subgid support....This commit adds a new record type, <subid-entry> and serializers and deserializers for it in (gnu build accounts). Each instance of this record represents one line in either /etc/subuid or /etc/subgid. Since Shadow uses the same representation for both files, it should be ok if we do it as well. This commit adds also <subid-range>, a user facing representation of <subid-entry>. It is supposed to be usable directly in OS configurations. * gnu/build/accounts.scm (subid-entry): New record; (write-subgid): add serializer for subgids; (write-subuid): add serializer for subuids; (read-subgid): add serializer for subgids; (read-subuid): add serializer for subuids. * gnu/system/accounts.scm (subid-range): New record. * test/accounts.scm: Test them. Change-Id: I6b037e40e354c069bf556412bb5b626bd3ea1b2c Signed-off-by: Giacomo Leidi <goodoldpaul@autistici.org> Signed-off-by: Ludovic Courtès <ludo@gnu.org> Giacomo Leidi 2024-11-11hurd-boot: Support second boot....* gnu/build/hurd-boot.scm (boot-hurd-system): Check for stale shepherd socket and remove it. Be chattier about /hurd symlink replacement. Change-Id: I5e528c131ebeadb7ebc9727336a0f9301af3e68e Janneke Nieuwenhuizen 2024-11-11bootloader: grub: Remove hardcoded partition number for the Hurd....This supports using another than the default DISK0 PART1 and using LABEL or UUID as root file-system specifier. It still defaults to DISK0 PART1 if the file-system cannot be found, i.e., lives only at the build side: A virtual machine/childhurd build. * gnu/build/file-systems.scm (%hurd-device-spec-regexp, %device-spec-regexp): New variables. (device-name->hurd-device-name, hurd-device-name->device-name, device-spec->device, device-spec->device-name): Use them in new procedures. * gnu/bootloader/grub.scm (make-grub-configuration): Use them to remove hardcoded partition number (root-index 1). Change-Id: I49fa93dacc09883dfb4d695402c5eac2e0e17286 Janneke Nieuwenhuizen 2024-11-03activation: Create directory with specified perms in ‘mkdir-p/perms’....There is currently a window of time between when the desired directory is created and when its permissions are changed. During this time, its permissions are restricted only by the umask. Of course, in the "directory already exists" case, this doesn't matter, but if the directory has been specifically deleted ahead of time so that it is created afresh, this is an unnecessary window. We can avoid this by passing the caller-provided BITS to 'mkdirat' when attempting to create the last directory. * gnu/build/activation.scm (mkdir-p/perms): Create target directory with BITS permissions. Change-Id: I03d2c620872e86b6f591abe0f1c8317aa1245383 Signed-off-by: Ludovic Courtès <ludo@gnu.org> Reepca Russelstein 2024-10-15hurd-boot: Support system init: Create essential device nodes....* gnu/build/hurd-boot.scm (make-hurd-device-nodes): Cater for existing directories (dev, servers). (set-hurd-device-translators): Remove /servers/socket/1, that is created by libexec/console-run. Cater for nonexistent /dev/console. (boot-hurd-system): Call make-hurd-device-nodes on initial run. Janneke Nieuwenhuizen 2024-10-14image: Add support for btrfs....* gnu/build/image.scm (make-btrfs-image): New variable. * gnu/system/image.scm (system-disk-image): Support btrfs. Change-Id: I80a5b52ec478ce5927d6208e324cbb70282c647a Signed-off-by: Ludovic Courtès <ludo@gnu.org> Roman Scherer 2024-10-14image: Use file system options in make-vfat-image....* gnu/build/image.scm (make-vfat-image): Use file system options. Change-Id: I791aadd2803d1ef96fc79cf8910a74a0083d2b6e Signed-off-by: Ludovic Courtès <ludo@gnu.org> Roman Scherer 2024-09-01file-systems: Add support for exFAT....* gnu/build/file-systems.scm (%exfat-endianness): New syntax. (exfat-superblock?, exfat-bytes-per-sector-shift) (exfat-sectors-per-cluster-shift, exfat-root-directory-offset) (exfat-cluster-size, read-exfat-superblock+root-directory-cluster) (read-exfat-superblock, exfat-superblock-volume-name) (exfat-superblock-uuid, check-exfat-file-system): New procedures. (%partition-label-readers, %partition-uuid-readers): Register them. Change-Id: I08bd3147d2d67e5766c9381ae2159bc01530b814 Tobias Geerinckx-Rice 2024-09-06activation: Fix TOCTTOU in mkdir-p/perms....Fixes <https://issues.guix.gnu.org/47584>. I removed the 'Based upon mkdir-p from (guix build utils)' comment because it's quite a bit different now. * gnu/build/activation.scm (verify-not-symbolic): Delete. (mkdir-p/perms): Rewrite in terms of 'openat'. Signed-off-by: Ludovic Courtès <ludo@gnu.org> Change-Id: Id2f5bcbb903283afd45f6109190210d02eb383c7 Maxime Devos 2024-08-31gnu: image: Reformat comments....I wrote these to fit on their lines, so the pointless widows bug me. * gnu/build/image.scm (make-iso9660-image): M-q comments. Tobias Geerinckx-Rice 2024-08-11privilege: Add POSIX capabilities(7) support....* gnu/system/privilege.scm (<privileged-program>): Add a field representing the program's POSIX capabilities. (privileged-program-capabilities): New public procedure. * doc/guix.texi (Privileged Programs): Document it. * gnu/build/activation.scm (activate-privileged-programs): Take a LIBCAP package argument providing setcap(8) to apply said capabilities. * gnu/services.scm (privileged-program->activation-gexp): Pass said package argument where supported. Include privileged-program-capabilities in the compatibility hack. Tobias Geerinckx-Rice 2024-08-11build: Rename activate-setuid-programs....* gnu/build/activation.scm (activate-setuid-programs): Rename this… (activate-privileged-programs): …to this. Operate on a list of <privileged-program> records. * gnu/services.scm (setuid-program->activation-gexp): Adjust caller. Tobias Geerinckx-Rice 2024-08-11services: setuid-program: Populate /run/privileged/bin....Create /run/setuid-programs compatibility symlinks so that we can migrate all users (both package and human) piecemeal at our leisure. Apart from being symlinks, this should be a user-invisible change. * gnu/build/activation.scm (%privileged-program-directory): New variable. [activate-setuid-programs]: Put privileged copies in %PRIVILEGED-PROGRAM-DIRECTORY, with compatibility symlinks to each in %SETUID-DIRECTORY. * gnu/services.scm (setuid-program-service-type): Update docstring. * doc/guix.texi (Setuid Programs): Update @file{} name accordingly. Tobias Geerinckx-Rice 2024-07-26file-systems: Allow specifying CIFS credentials in a file....As files in the store and /etc/fstab are world readable, specifying the password in the file-system record is suboptimal. To mitigate this, `mount.cifs' supports reading `username', `password' and `domain' options from a file named by the `credentials' or `cred' option. * gnu/build/file-systems.scm (mount-file-system): Read mount options from the file specified via the `credentials' or `cred' option if specified. Change-Id: I786c5da373fc26d45fe7a876c56a8c4854d18532 Signed-off-by: Ludovic Courtès <ludo@gnu.org> vicvbcun 2024-07-20file-systems: Skip checking the cifs file-system type....* gnu/build/file-systems.scm (check-file-system)[check-procedure]: Add cifs. Change-Id: I891b18f03884ed45e92ac32556fe04b3087e20dd Signed-off-by: Ludovic Courtès <ludo@gnu.org> Richard Sent 2024-06-04file-systems: Add support for mounting CIFS file systems...* gnu/build/file-systems (canonicalize-device-name): Do not attempt to resolve CIFS formatted device specifications. (mount-file-systems): Add mount-cifs nested function. * gnu/machine/ssh.scm (machine-check-file-system-availability): Skip checking for CIFS availability, similar to NFS. * guix/scripts/system.scm (check-file-system-availability): Likewise. Change-Id: I182e290eba64bbe5d1332815eb93bb68c01e0c3c Signed-off-by: Ludovic Courtès <ludo@gnu.org> Richard Sent 2024-06-04file-systems: Add host-to-ip nested function...* gnu/build/file-systems (mount-file-system): Split out getaddrinfo logic into a dedicated function, (host-to-ip) Change-Id: I522d70a10651ca79533a4fc60b96b884243a3526 Signed-off-by: Ludovic Courtès <ludo@gnu.org> Richard Sent 2024-05-29gnu: linux-libre: Enable Zstd compression of kernel modules....This brings the on disk size of the kernel from 164 MiB to 144 MiB, or about 12%. * gnu/packages/linux.scm (default-extra-linux-options) [version>=5.13]: Enable CONFIG_MODULE_COMPRESS_ZSTD, else CONFIG_MODULE_COMPRESS_GZIP. (make-linux-libre*) [phases] {set-environment}: Set ZSTD_CLEVEL environment variable to 19. [native-inputs]: Add zstd. * gnu/build/linux-modules.scm (module-regex): Add .zst to regexp. Update doc. (modinfo-section-contents): Extend support to Zstd compressed module. (dot-ko): Register the 'zstd compression type. (ensure-dot-ko, file-name->module-name, load-linux-module*) (module-name->file-name/guess, write-module-name-database) (write-module-alias-database, write-module-device-database): Update doc. (module-name-lookup): Also consider zstd-compressed modules. * gnu/installer.scm (installer-program): Add guile-zstd extension to gexp. * gnu/system/linux-initrd.scm (flat-linux-module-directory): Likewise. Decompress zstd-compressed modules for use in initrd. * guix/profiles.scm (linux-module-database): Add guile-zstd extension to gexp. Change-Id: Ide899dc5c58ea5033583b1a91a92c025fc8d901a Maxim Cournoyer 2024-03-27linux-modules: Ignore nonexistent module files on boot....This is a follow-up to 8f8ec56052766aa5105d672b77ad9eaca5c1ab3c, which only covers building initrd, while the booting code still tries to load nonexistent files for builtin modules. * gnu/build/linux-modules.scm (load-linux-modules-from-directory): Ignore nonexistent module files. Change-Id: I09ef207e82397e915e671c8464b92bcf90f03dcf Hilton Chain 2024-02-19services: activation: Ensure /run existence....* gnu/build/activation.scm (activation-script): Ensure /var/run existence. * gnu/build/install.scm (evaluate-populate-directive) [directives]: Remove directory /run. Change-Id: I19ca8e7605c0cff598ab89077a94e20390ba27b0 Signed-off-by: Ludovic Courtès <ludo@gnu.org> Nicolas Graves 2024-02-19services: activation: Ensure /var/run existence....* gnu/services.scm (activation-script): Ensure /var/run existence. * gnu/build/install.scm (evaluate-populate-directive) [directives]: Remove directory /var/run. Change-Id: I5fb93d33b6b1f045f1e5ba206b9b0b74b5184260 Signed-off-by: Ludovic Courtès <ludo@gnu.org> Nicolas Graves 2024-02-19file-systems: Recognize “none” as a valid device spec....* gnu/build/file-systems (canonicalize-device-name): Fallback to tmpfs if spec is "none". Change-Id: Ia55c715d04c7611ba8c979f23f1ad4a8ed2e75b6 Signed-off-by: Ludovic Courtès <ludo@gnu.org> Nicolas Graves 2024-02-10marionette: Add #:peek? to ‘wait-for-tcp-port?’....* gnu/build/marionette.scm (wait-for-tcp-port): Add #:peek? parameter and honor it. Change-Id: Ie7515a5223299390ab8af6fe5aa3cf63ba5c8078 Ludovic Courtès 2024-02-10services: secret-service: Make the endpoint configurable....Until now, the secret service had a hard-coded TCP endpoint on port 1004. This change lets users specify arbitrary socket addresses. * gnu/build/secret-service.scm (socket-address->string): New procedure, taken from Shepherd. (secret-service-send-secrets): Replace ‘port’ by ‘address’ and adjust accordingly. (secret-service-receive-secrets): Likewise. * gnu/services/virtualization.scm (secret-service-shepherd-services): Likewise. (secret-service-operating-system): Add optional ‘address’ parameter and honor it. Adjust ‘start’ method accordingly. Change-Id: I87a9514f1c170dca756ce76083d7182c6ebf6578 Ludovic Courtès 2023-12-27chromium-extension: Compute json at argument evaluation time....* gnu/build/chromium-extension.scm (make-chromium-extension): Make use of the make-signing-key procedure inside the argument field, making sure that it is not evaluated at file-load time. This would otherwise try to resolve gnutls when we can't guarantee it's defined because of dependency cycles. Change-Id: Ia7b13acfbca475c2df073e9a88fc8bb9264dd968 Josselin Poiret 2023-12-22shepherd: Remove ‘make-forkexec-constructor/container’....This was superseded by ‘least-authority-wrapper’. * gnu/build/shepherd.scm (read-pid-file/container) (make-forkexec-constructor/container): Remove. Change-Id: I6acccdff2609a35807608f865a4d381146113a88 Ludovic Courtès 2023-12-11gnu: cross-toolchain: Add set-cross-path for AVR....* gnu/build/cross-toolchain.scm (set-cross-path/avr): New procedure. (cross-gcc-build-phases) [string-prefix? "avr"]: Return set-cross-path/avr procedure. Signed-off-by: Jean-Pierre De Jesus DIAZ <me@jeandudey.tech> Change-Id: I00bd39236ac2e31fef02164a7fffc8b56a166f0d Signed-off-by: Efraim Flashner <efraim@flashner.co.il> Jean-Pierre De Jesus DIAZ 2023-12-11gnu: cross-gcc: Enable multilib for AVR....* gnu/build/cross-toolchain.scm (patch-multilib-shebang): New procedure. * gnu/packages/avr.scm (make-avr-gcc): Remove uneeded phases and flags for multilib. * gnu/packages/cross-base (cross-gcc-arguments) <#:configure-flags> [target-avr?]: Remove --disable-multilib and add --enable-multilib. Change-Id: Id68d803057ac898f0a670f10487b08bf0891ab0b Signed-off-by: Efraim Flashner <efraim@flashner.co.il> Jean-Pierre De Jesus DIAZ 2023-12-10gnu: ‘make-icecat-extension’ inherits package location....This is an improvement for the purposes of ‘guix edit’ & co. * gnu/build/icecat-extension.scm (make-icecat-extension): Add ‘location’ field. Change-Id: I896ae6823b3fe4ea013fa74e2c536f45664d8042 Ludovic Courtès 2023-11-19linux-boot: Don't create /root before it's used....* gnu/build/linux-boot.scm (boot-system): Postpone the MKDIR of /root. Change-Id: I589316a5ddf41cada02173ed4dd5b7df09b795e8 Tobias Geerinckx-Rice