Previously, the builder of a fixed-output derivation could communicate with an
external process via an abstract Unix-domain socket. In particular, it could
send an open file descriptor to the store, granting write access to some of
its output files in the store provided the derivation build fails—the fix for
CVE-2024-27297 did not address this specific case. It could also send an open
file descriptor to a setuid program, which could then be executed using
execveat to gain the privileges of the build user.
With this change, fixed-output derivations other than “builtin:download”
and “builtin:git-download” always run in a separate network namespace
and have network access provided by a TAP device backed by slirp4netns,
thereby closing the abstract Unix-domain socket channel.
* nix/libstore/globals.hh (Settings)[useHostLoopback, slirp4netns]: new
fields.
* config-daemon.ac (SLIRP4NETNS): new C preprocessor definition.
* nix/libstore/globals.cc (Settings::Settings): initialize them to defaults.
* nix/nix-daemon/guix-daemon.cc (options): add --isolate-host-loopback option.
* doc/guix.texi: document it.
* nix/libstore/build.cc (DerivationGoal)[slirp]: New field.
(setupTap, setupTapAction, waitForSlirpReadyAction, enableRouteLocalnetAction,
prepareSlirpChrootAction, spawnSlirp4netns, haveGlobalIPv6Address,
remapIdsTo0Action): New functions.
(initializeUserNamespace): allow the guest UID and GID to be specified.
(DerivationGoal::killChild): When ‘slirp’ is not -1, call ‘kill’.
(DerivationGoal::startBuilder): Unconditionally add CLONE_NEWNET to FLAGS.
When ‘fixedOutput’ is true, spawn ‘slirp4netns’.
When ‘fixedOutput’ and ‘useChroot’ are true, add setupTapAction,
waitForSlirpReadyAction, and enableRouteLocalnetAction to builder setup
phases.
Create a /etc/resolv.conf for fixed-output derivations that directs them to
slirp4netns's dns address.
When settings.useHostLoopback is true, supply fixed-output derivations with a
/etc/hosts that resolves "localhost" to slirp4netns's address for accessing
the host loopback.
* nix/libutil/util.cc (keepOnExec, decodeOctalEscaped, sendFD, receiveFD,
findProgram): New functions.
* nix/libutil/util.hh (keepOnExec, decodeOctalEscaped, sendFD, receiveFD,
findProgram): New declarations.
* gnu/packages/package-management.scm (guix): add slirp4netns input for linux
targets.
* tests/derivations.scm (builder-network-isolated?): new variable.
("fixed-output derivation, network access, localhost", "fixed-output
derivation, network access, external host"):
skip test case if fixed output derivations are isolated from the network.
Change-Id: Ia3fea2ab7add56df66800071cf15cdafe7bfab96
Signed-off-by: John Kehayias <john.kehayias@protonmail.com>
* gnu/services/networking.scm (iwd-shepherd-service): Fix name and
mention “iwd” in ‘description’.
* doc/guix.texi (Networking Setup): Correct iwd’s name and add link.
Change-Id: I7605488f2018b8ac60664c6617a82f05ddadf6ec
* gnu/services/networking.scm (wpa-supplicant-configuration):
[requirement]: Deprecate, [shepherd-requirement]: New field,
[shepherd-provision]: Extract to a field. Add 'wireless-daemon to it.
* doc/guix.texi (Networking Setup): Document it.
Change-Id: Icc6fdd695e6e96ef168a085524989da639f77cd3
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* doc/guix.texi (mpv Media Player): Use the more common usage [0].
[0] https://english.stackexchange.com/a/35433
Change-Id: I5c10d281441c2995849df880dbaf62a790d2ff78
* gnu/services.scm (vte-integration-service-type): New service type.
* doc/guix.texi (Service Reference): Document it.
Change-Id: I7e4bc1b913b50a5a061894f9ddef27f1877b62a2
This factorizes out the remaining bashrc bits from /etc/skel/.bashrc to a the
template used for both /etc/bashrc on Guix System and ~/.bashrc for
home-bash-service-type.
Rationale: The use of /etc/skel introduce state: the file is only copied
originally when the user account is created, and never (automatically)
refreshed again.
* gnu/system.scm (operating-system-etc-service):
<profile>: Guard against souring /etc/bashrc in non-interactive, SSH case.
<bashrc>: Use %default-bashrc, having migrated the remaining definitions to...
* gnu/system/shadow.scm (%default-bashrc): ... here. Factorize aliases to...
* gnu/services.scm (%default-bash-aliases): ... here.
(%default-bashrc-d-aliases): New variable.
(%default-etc-bashrc-d-files): Include it in the default configuration.
* gnu/services/base.scm (%base-services): Register etc-bashrc-d-service-type.
* gnu/home/services/shells.scm (add-bash-configuration): Do not set PS1, now
part of %default-bashrc.
(home-bash-configuration) [guix-defaults?]: Update doc.
[aliases]: Set %default-bash-aliases as the default value. Update doc.
* doc/guix.texi (Shells Home Services): Update documentation.
(Service Reference): Update example.
Change-Id: I340c614983a78fd20a9c4a9705e7fc542ae9b513
* gnu/services.scm (files->bashrc-d-directory) New procedure.
(etc-bashrc-d-service-type): New service type.
* doc/guix.texi (Service Reference): Document it.
* gnu/tests/base.scm (test-basic-os): Test it.
Change-Id: Ibbb0f684de7aee296adedbce5b1192786d661af2
* gnu/services.scm (make-files->etc-directory)
(files->profile-d-entries): New procedures.
(etc-profile-d-service-type): New service type.
* doc/guix.texi (Service Reference): Document it.
* gnu/tests/base.scm (run-basic-test): Test it.
Change-Id: I45dde43a1b9603c3384b933ebd1d6e45dba146b9
* guix/scripts/refresh.scm (update-specification->update-spec): Flag the
update-spec as partial when it is prefixed with '~'.
* tests/guix-refresh.sh: Test it. Remove extraneous 'guix refresh'
invocation.
* doc/guix.texi (Invoking guix refresh): Document it.
Change-Id: Iab4482d9367105f6ffcd2d6a49148736c93d53e4
Reviewed-by: Florian Pelz <pelzflorian@pelzflorian.de>
Reviewed-by: Ludovic Courtès <ludo@gnu.org>
* gnu/home/services/upnp.scm: New file.
* gnu/local.mk: Register it.
* gnu/services/upnp.scm: Export readymedia-activation and
readymedia-shepherd-service.
(<readymedia-configuration>)[home-service?]: New field.
[cache-directory]: Adjust value depending on 'for-home?'.
[log-directory]: Ditto.
(readymedia-shepherd-service): Adjust 'requirement' and 'start' according to
'home-service?'.
(readymedia-activation): Adjust creating 'media-directories' with permissions
according to 'home-service?'.
* gnu/tests/upnp.scm (%readymedia-configuration-test): Configure port with
%readymedia-default-port.
* doc/guix.texi (Miscellaneous Home Services): Document Readymedia Service.
(Miscellaneous Services): Add cross-reference.
Change-Id: I5c48595d84a815d98e03c7f68a716f048903720c
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* gnu/services/backup.scm: Drop mcron obsolete export.
(restic-backup-job-program): Generalize to restic-program.
(lower-restic-backup-job): New procedure implementing a standard way to
lower restic-backup-job records into lists.
(restic-program): Implement general way to run restic commands, for
example to initialize repositories.
(restic-backup-configuration): Reimplement
with (guix records).
(restic-backup-job-{logfile,command,requirement,modules}): Add new
procedures and add support for Guix Home environments.
(restic-backup-job->shepherd-service): Add support for Guix Home
environments.
(restic-backup-service-activation): Drop procedure as now the Shepherd
takes care of creating timers log file directories.
(restic-backup-service-type): Drop profile and activation services extensions.
* gnu/home/services/backup.scm: New file.
* gnu/local.mk: Add this.
* doc/guix.texi: Document this.
Change-Id: Ied1c0a5756b715fba176a0e42ea154246089e6be
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* gnu/services/dns.scm (dnsmasq-service-reload-action): New function.
Implements SIGHUP handling for reloading configurations.
(dnsmasq-service-stats-action): New function. Implements SIGUSR1
handling for dumping statistics.
(dnsmasq-shepherd-service): Use new actions.
* doc/guix.texi: Document new actions with examples.
* gnu/tests/networking.scm (%test-dnsmasq): Add tests to verify the
functionality of new actions.
Change-Id: I31f0eb4b26a582e95f7bfdb240110c139f0e16cc
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Modified-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
* gnu/services/dns.scm (<dnsmasq-configuration>) [pid-file]: New field
to specify alternate path for dnsmasq PID.
[conf-file]: New field to specify one or more configuration files.
[conf-dir]: New field to read configuration files from a directory.
[extra-options]: Move to the end of the definition as a last resort option.
(dnsmasq-shepherd-service): Use new fields instead of hardcoded values.
* gnu/services/dns.scm: Export all record accessors.
* doc/guix.texi: Document new configuration options.
Change-Id: Iaec361e7d8bfd60af04f023f57d422b55b0c1eea
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Modified-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
* gnu/services/dns.scm (<dnsmasq-configuration>)[provision]: Mark
filed as deprecated with a warning. Set default to #f.
[shepherd-provision]: Add new field for consistency with other services.
[shepherd-requirement]: Add new field.
(dnsmasq-shepherd-service): Use them.
* doc/guix.texi: Document these changes.
* doc/guix-cookbook.texi (Custom NAT-based network for libvirt): Update
example to use 'shepherd-provision' instead of 'provision'.
Change-Id: Icad4d9c4be5bf58368e8c416f1fdde1f9065557d
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
This commit adds a new service type to generate configuration file for the mpv
media player.
Originally I attempted to use Guix Records (via define-configuration) for
this, but ran into the bug #74748, so I had to switch to procedures instead.
The usage is (hopefully) sufficiently described in the documentation. When
the bug is resolved, I will update it to use define-configuration instead.
The full list of supported options is documented, however I decided to *not*
document types and purpose for each individual fields. While I had mostly
working prototype to extract the documentation from mpv, once I realized it
would be few 10k of lines added, I decided it is not worth it. It would bloat
the .texi file (by more than 50%), be hard to maintain and, in my opinion,
would not provide enough value to justify that. The current version seems
like sane middle ground.
* gnu/home/services/mpv.scm: New file.
* gnu/local.mk (GNU_SYSTEM_MODULES): Register it.
* doc/guix.texi (mpv Media Player): Document it.
Change-Id: I2deb44799a28047cb5d67da97dc6007a9df873af
* gnu/services/messaging.scm (<mosquitto-configuration>): New record type.
(mosquitto-accounts): New procedure.
(mosquitto-shepherd-service): New procedure.
(mosquitto-service-type): New variable.
* doc/guix.texi (Messaging Services): Document it.
Change-Id: I3500c5b6b69084c1f4a6da66ea45bfd42c871f3f
Signed-off-by: Danny Milosavljevic <dannym@friendly-machines.com>
This is an incompatible change where the root file system in
‘guix shell -C’ is now read-only by default.
* guix/scripts/environment.scm (show-environment-options-help)
(%options): Add ‘--writable-root’.
* guix/scripts/environment.scm (setup-fhs): Invoke /sbin/ldconfig; moved
from…
(launch-environment): … here.
(launch-environment/container): Add #:writable-root? and pass it to
‘call-with-container’. Move root file system setup to #:populate-file-system.
(guix-environment*): Honor ‘--writable-root’.
* tests/guix-environment-container.sh: Test it.
* doc/guix.texi (Invoking guix shell): Document ‘--writable-root’.
(Debugging Build Failures): Mention it before “rm /bin/sh”.
Change-Id: I2e8517d6f01eb8093160bffc0f9f56071ad6fee6
Reviewed-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
* guix/scripts/home.scm (process-action): Handle operating-system declaration
and extract home environment for current user.
* doc/guix.texi (Guix Services)[Guix Home Service]: Document it.
Change-Id: I995f79c2549e6edc76322542d0422159e0b79996
Reviewed-by: Maxim Cournoyer <maxim.cournoyer@gmail>
This commit adds a password-file to the postgresql-role field. It
allows users to provision Postgres roles with a set password.
* gnu/services/databases.scm (postgresql-role): Add password-file field.
(postgresql-role-configuration): Add requirement field.
(postgresql-create-roles): Add support for setting passwords from a
file without leaking passwords to the command line.
(postgresql-role-shepherd-service): Add support for customizable
requirements.
(postgresql-role-service-type): Pass on postgresql-role-configuration
fields values by default, this way user configured fields are not lost.
* gnu/tests/databases.scm: Test it.
* doc/guix.texi: Document the new field and fix the extension point example.
Change-Id: I3aabaa10b0c5e826c5aa874e5649e25a3508a585
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
* gnu/services/virtualization.scm (libvirt-configuration): Fix typos and
punctuation, and decorate with more Texinfo adornments. Remove extraneous
text. Convert enumerations to sentences re-generating the Texinfo
documentation with configuration->documentation doesn't require fixing these
by hand after (the text is re-flowed, breaking enumerations). Mention the use
of 'log-filters' is preferable to 'log-level', as commented in the defaut
libvirt.conf template.
* doc/guix.texi (Virtualization Services): Re-generate.
Change-Id: Icc2abe21a787b4bb6ac3b35a95f6aaaf3bbda9aa
This re-introduces commit dd64f441d3, which had
been reverted due to previously causing a system hang when debug? was enabled,
a problem that appears to have been resolved within Shepherd.
* gnu/services/base.scm (<udev-configuration>): <debug?>: New field.
* gnu/services/base.scm (udev-shepherd-service): Use it to add '--debug' to
the command line, if applicable.
* doc/guix.texi (Base Services): Document it.
Change-Id: I88243fb4f321ff0876dd227e3c2b22082d37cfcf
It is often useful to be able to use the `postgres' user for management tasks,
so this commit allows setting that. The default behavior is not changed.
I have also added missing exports and sorted them by alphabet.
* gnu/services/databases.scm (%default-home-directory): New variable.
(<postgresql-configuration>): Add home-directory, allow-login? fields.
(create-postgresql-account): Use them.
* doc/guix.texi (Database Services): Document it.
Change-Id: I2212e5082ff4e87c49a5a8a4711bf929dd08626a
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Modified-by: Ludovic Courtès <ludo@gnu.org>
