This factorizes out the remaining bashrc bits from /etc/skel/.bashrc to a the
template used for both /etc/bashrc on Guix System and ~/.bashrc for
home-bash-service-type.
Rationale: The use of /etc/skel introduce state: the file is only copied
originally when the user account is created, and never (automatically)
refreshed again.
* gnu/system.scm (operating-system-etc-service):
<profile>: Guard against souring /etc/bashrc in non-interactive, SSH case.
<bashrc>: Use %default-bashrc, having migrated the remaining definitions to...
* gnu/system/shadow.scm (%default-bashrc): ... here. Factorize aliases to...
* gnu/services.scm (%default-bash-aliases): ... here.
(%default-bashrc-d-aliases): New variable.
(%default-etc-bashrc-d-files): Include it in the default configuration.
* gnu/services/base.scm (%base-services): Register etc-bashrc-d-service-type.
* gnu/home/services/shells.scm (add-bash-configuration): Do not set PS1, now
part of %default-bashrc.
(home-bash-configuration) [guix-defaults?]: Update doc.
[aliases]: Set %default-bash-aliases as the default value. Update doc.
* doc/guix.texi (Shells Home Services): Update documentation.
(Service Reference): Update example.
Change-Id: I340c614983a78fd20a9c4a9705e7fc542ae9b513
This is useful since our /etc/profile file is otherwise not easily
extendable.
* gnu/system.scm (operating-system-etc-service): Source all '.sh' ending
files found under the /etc/profile.d directory.
Change-Id: Ia6d777195241f69219f00fbd5975e3e6b7c265fb
This commit adds configuration for tmpfs root file system. Since there's no
file system information in boot parameters, not all tmpfs cases are handled.
* gnu/system.scm (bootable-kernel-arguments): Check root file system for tmpfs
and set "rootfstype".
Change-Id: Ib14f6a9e4040535b3412ca9efa7e9b65c1dc8b39
The use of `canonical-package' was dropped a long time ago.
* gnu/system.scm (%base-packages-utils): Delete stale comment.
Change-Id: Ie91294baf93ba45b3120dd62ac0c9adee04d2265
In <https://issues.guix.gnu.org/63009> it was promised to be pushed to master,
but that didn't seem to have happened. This resolves that promise.
* gnu/system.scm (operating-system-etc-service): Also add a user's
<guix-home>/profile/bin directory to PATH, before <guix-profile>/bin.
Change-Id: Ibd2866153a211585c4981293027544557f8fa06c
This is particularly useful now that log files are going to be
zstd-compressed by default, among other uses of zstd.
* gnu/system.scm (%base-packages-utils): Add ‘zstd’.
Change-Id: I766791fea3bc3fca2519a7cd6ac472550be386dd
* gnu/packages/hurd.scm (hurd-headers): Update to 0.9.git20240714.
(hurd)[arguments]: Remove rumpdisk build hack from "prepare-addons" stage.
Instead, when cross-compiling, add stage "fixup-cross-configure" to enable
rumpdisk.
* gnu/system.scm (hurd-multiboot-modules): Remove
"--x-xattr-translator-records" option that has been removed and is now the
default.
Change-Id: I4609b5a959c1ece98e2fe1aedbb1d31d6edadcca
* gnu/services/base.scm (swap-service-type): Do not include 'udev' requirement
for the Hurd. Use system* with "swapon", "swapoff" for the Hurd.
* gnu/system.scm (hurd-default-essential-services): Add swap-services.
* gnu/services/base.scm (swap-service-type):
Change-Id: I1d4d445c614921752dc84aa0dd6ff42cdbf62aa8
Ping and ping6 don't need setuid, they can work with
cap_net_raw capability only. This means that even if
ping or ping6 had a vulnerability that could be
used for execution as root, it can't anymore if
the program is not setuid.
* gnu/system.scm (%default-privileged-programs): Remove ping, ping6 setuid
programs, add ping, ping6 programs with cap_net_raw=ep capabilities
Change-Id: Ie409b477f548dbff3318eec33d0d2ca16a1b3209
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Ensure that users and groups are already created when the privileging script
runs. The order these scripts appear in the folded activation-service depends
on the order these services are instantiated in the operating-system.
Fixes <https://issues.guix.gnu.org/73680>.
* gnu/system.scm (operating-system-default-essential-services): Move
privileged-program-service above account-service.
(hurd-default-essential-services): Likewise.
* gnu/tests/base.scm (%activation-os): New variable.
(run-activation-test): New procedure.
(%test-activation): New variable.
Change-Id: I59a191c5519475f256e81bdf2dc4cb01b96c31fe
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* gnu/system.scm (<operating-system>): Add new privileged-programs
field, that defaults to…
(%default-privileged-programs): …this new variable, renamed from…
(%setuid-programs): …this, which is now defined as the empty list.
* doc/guix.texi (Setuid Programs): Rename this…
(Privileged Programs): …to this. Adjust all refs. Update all mentions
of ‘setuid’ (whether in prose, variable names, or code samples) to use
the new ‘privilege[d]’ terminology instead.
(operating-system Reference, X Window, Invoking guix system)
(Service Reference): Adjust likewise.
It has been a warning for well over a year now. Now, with
privileged-programs coming, don't let's support nested deprecation
hacks.
* gnu/system.scm (<operating-system>):
Don't ‘sanitize’ the setuid-programs field.
(ensure-setuid-program-list): Delete syntax.
(%ensure-setuid-program-list): Delete variable.
Calling 'delete' on the list of packages would delete *all* occurrences of a
given object, not just the first one. This meant that if the user had
something like:
(packages (cons nss-certs %base-packages))
In their operating system declaration, no nss-certs would end up in the final
list. To guard against this, guard against this by checking that more than
one nss-certs package exist even after deduplication.
* gnu/system.scm (operating-system-packages): Guard against deleting all
nss-certs when a single nss-certs package object is listed multiple times.
Fixes: https://issues.guix.gnu.org/70850
Change-Id: Id93be9242e026fd2e96a442941df80b94664ef9a
* gnu/system.scm (operating-system-packages): Because packages->manifest
allows other formats, don't assume it's a package object in the list.
Fixes: https://issues.guix.gnu.org/70624
Change-Id: I91c64ca2c463ef5c35fa23856e4622e364e58988
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
This can happen due to users providing 'nss-certs' and adding it to the
%base-packages, which now include 'nss-certs'.
* gnu/system.scm (operating-system-packages): Warn when multiple nss-certs
packages are detected; keep only the latest one.
Change-Id: I6104f134ea1cc155ae9e8e0ae70bb5a38fc05800
Reported-by: Ian Eure <ian@retrospec.tv>
This guides newcomers who might stick a single (service …) form
in this field.
* gnu/services.scm (validate-service-list): New macro.
(%validate-service-list): New procedure.
* gnu/system.scm (<operating-system>)[services]: Add ‘sanitize’.
* gnu/home.scm (<home-environment>)[services]: Add ‘sanitize’.
Change-Id: I9e29bd9a078e87b627ab766fd669ba9de79f8473
This is a follow-up to f6817e71df and
e11e65a9ad.
* gnu/installer.scm, gnu/packages/algebra.scm, gnu/packages/base.scm,
gnu/packages/cook.scm, gnu/packages/lisp.scm,
gnu/packages/patchutils.scm, gnu/packages/version-control.scm,
gnu/packages/web-browsers.scm, gnu/system.scm: Adjust module imports.
Change-Id: I25e5519fa003c35a14b81c3dda37b24527858634
I bungled up a merge conflict between 789f7e9 (gnu: fuse@3: Bind to
default FUSE variable.) and my other setuid-related changes.
* gnu/system.scm (%setuid-programs): Look for /bin/fusermount in
FUSE-2, not 3.
Reported by renngar[m] in #guix.
Unlike the deprecated 'local-host-aliases', there's no use for
local-host-entries since it's used to set the default value for
hosts-service-type. Given that this service-type is expected to be
extended, one presumes that when they explicitly override the service
default value they do not have much interest in the 'local-host-entries'
procedure.
* gnu/system.scm: Do not export local-host-entries.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* gnu/system.scm (operating-system-hosts-file): Deprecate procedure.
(warn-hosts-file-field-deprecation): New procedure, helper for
deprecated variable.
(operating-system)[hosts-file]: Use helper to warn deprecated field.
(local-host-aliases): Mark as deprecated.
(local-host-entries): New procedure.
(operating-system-default-essential-services,
hurd-default-essential-services): Use hosts-service-type. Use
'%operating-system-hosts-file' and 'local-host-entries'.
(default-/etc/hosts): Remove procedure.
(operating-system-etc-service): Remove hosts file.
* doc/guix.texi (operating-system Reference)
(Networking Services) (Virtualization Services): Rewrite documentation
entries to use hosts-service-type.
Co-authored-by: Ludovic Courtès <ludo@gnu.org>
Users can override 'PS1' in ~/.bashrc if they wish.
Previously, on Guix Home, the "default" 'PS1' would be set in ~/.bashrc
when 'home-bash-configuration-guix-defaults?' is true, preventing users
from overriding it via the 'environment-variables' field of
'home-bash-extension'.
* gnu/system/shadow.scm (%default-bashrc): Remove 'PS1' setting.
* gnu/system.scm (operating-system-etc-service): Define PS1 in
/etc/bashrc.
* gnu/home/services/shells.scm (add-bash-configuration): When
'home-bash-configuration-guix-defaults?' is true, add a default 'PS1' to
~/.bash_profile.
Rationale: Even when not using an ext file system, the utilities provided by
e2fsprogs are useful, for example to set the copy-on-write attribute of a
Btrfs file system.
* gnu/system.scm (%base-packages-utils): Add e2fsprogs.
Rationale: It is only used in INSTALLATION-OS and doesn't make sense to be
used in another context, given that file systems now automatically pull their
dependencies since commit 45eac6cdf5 (services:
Add file system utilities to profile).
* gnu/system.scm (%base-packages-disk-utilities): Deprecate and rename to...
* gnu/system/install.scm (%installer-disk-utilities): ... this.
(installation-os) [packages]: Adjust accordingly.
* gnu/packages/admin.scm (shadow)[arguments]: Add phase to install the
manpages. Make sure 'remove-groups comes after installing the manpages.
[properties]: Remove field.
(shadow-with-man-pages): Remove variable.
* gnu/system.scm (%base-packages-utils): Replace shadow-with-man-pages
with shadow.
This works around <https://issues.guix.gnu.org/58631>.
* gnu/system.scm (hurd-multiboot-modules): Use '/hurd/exec.static'
instead of 'ld.so /hurd/exec'.
