Fixes <https://issues.guix.gnu.org/67707>.
Previously ‘guix describe’ in the installation image would show the
URL of the local checkout that was used to build the image. It now
shows the default URL.
* gnu/system/install.scm (%installation-services): Change channel of
‘guix’ package to inherit from ‘%default-guix-channel’.
Change-Id: If848b5a6166904e982e0f9a0780f3e3f53bdfc28
Until now, the read-only file system set up by ‘call-with-container’
would always be writable. With this change, it can be made read-only.
With this patch, only ‘least-authority-wrapper’ switches to a read-only
root file system.
* gnu/build/linux-container.scm (remount-read-only): New procedure.
(mount-file-systems): Add #:writable-root? and #:populate-file-system
and honor them.
(run-container): Likewise.
(call-with-container): Likewise.
* gnu/system/linux-container.scm (container-script): Pass #:writable-root?
to ‘call-with-container’.
(eval/container): Add #:populate-file-system and #:writable-root? and
honor them.
* guix/scripts/environment.scm (launch-environment/container):
Pass #:writable-root? to ‘call-with-container’.
* guix/scripts/home.scm (spawn-home-container): Likewise.
* tests/containers.scm ("call-with-container, mnt namespace, read-only root")
("call-with-container, mnt namespace, writable root"): New tests.
Change-Id: I603e2fd08851338b737bb16c8af3f765e2538906
* gnu/system/vm.scm (virtualized-operating-system): Choose the module name based
on the kernel version
Change-Id: I77d70fa44a8d5d2412ae0aaa645fa67146b76432
This module is required when booting from MMC block device.
* gnu/system/linux-initrd.scm (default-initrd-modules): Add mmc_block.
Change-Id: I91474a62e9d7b5be07e89f657fd59d37d061b127
This is a followup to d0510dcd82, which
wrongfully assumed that this was already the case.
* gnu/system/install.scm (%installation-services): Replace
‘syslog-service-type’ by ‘shepherd-system-log-service-type’.
Change-Id: I349454b8d005c67d2c6d6b5475f74d16c9006006
The result returned so far by ‘common-qemu-options’ assumed that it
would be passed to a shell. This is the case when using
‘system-qemu-image/shared-store-script’ but possibly not in other cases.
* gnu/system/vm.scm (common-qemu-options): Add #:image-format.
[virtfs-option]: Return a list of strings instead of a single
"-virtfs xyz" string. Update caller to use ‘append-map’.
Separate "-drive" string.
Change-Id: Ib07c27e2c4b2d222d7db2c612bb045d330bc7f68
The parameter should take the values #t, #f or 'default.
In a container environment, 'default amounts to #f, otherwise it
amounts to #t.
* gnu/services/base.scm (guix-configuration)<chroot?>: New field.
(guix-shepherd-service): If chroot? is #f, add "--disable-chroot".
If it is #t or 'default, do nothing.
* gnu/system/linux-container.scm (containerized-operating-system):
If chroot? is 'default, replace it by #f.
* doc/guix.texi: Document the parameter.
Change-Id: I8b9c3f46ad8650fa6ed4acee947b4ae5d002d03d
The virtual-machine syntax would not accept a single operating-system field,
which was puzzling.
* gnu/system/vm.scm (virtual-machine): Add a pattern matching a single literal
'operating-system' field and value.
Change-Id: If207fd71df3a3f763b2e63229eafa82f63e80773
* gnu/system/images/pinebook-pro.scm: augment partition offset
to make room for the bootloader.
Change-Id: I91a3758243a13960165d40b94efe017e6e059a22
Signed-off-by: Danny Milosavljevic <dannym@friendly-machines.com>
This commit adds a Guix System service to handle allocation of subuid
and subgid requests. Users that don't care can just add themselves as a
subid-range and don't need to specify anything but their user name.
Users that care about specific ranges, such as possibly LXD, can specify
a start and a count.
* doc/guix.texi (Miscellaneous Services): Document it.
* gnu/build/activation.scm (activate-subuids+subgids): New variable.
* gnu/local.mk: Add gnu/tests/shadow.scm.
* gnu/system/accounts.scm (sexp->subid-range): New variable.
* gnu/system/shadow.scm (%root-subid): New variable;
(subids-configuration): new record;
(subid-range->gexp): new variable;
(assert-valid-subids): new variable;
(delete-duplicate-ranges): new variable;
(subids-activation): new variable;
(subids-extension): new record;
(append-subid-ranges): new variable;
(subids-extension-merge): new variable;
(subids-service-type): new variable.
* gnu/tests/shadow.scm (subids): New system test.
Change-Id: I3755e1c75771220c74fe8ae5de1a7d90f2376635
Signed-off-by: Giacomo Leidi <goodoldpaul@autistici.org>
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
This commit adds allocation logic for subid ranges. Subid ranges are
ranges of contiguous subids that are mapped to a user in the host
system. This patch implements a flexible allocation algorithm allowing
users that do not want (or need) to specify details of the subid ranges
that they are requesting to avoid doing so, while upholding requests of
users that need to have specific ranges.
* gnu/build/accounts.scm (%subordinate-id-min): New variable;
(%subordinate-id-max): new variable;
(%subordinate-id-count): new variable;
(subordinate-id?): new variable;
(&subordinate-id-error): new variable;
(&subordinate-id-overflow-error): new variable;
(&illegal-subid-range-error): new variable;
(&specific-subid-range-expected-error): new variable;
(&generic-subid-range-expected-error): new variable;
(within-interval?): new variable;
(allocate-unused-range): new variable;
(allocate-generic-range): new variable;
(allocate-specific-range): new variable;
(reserve-subids): new variable;
(range->entry): new variable;
(entry->range): new variable;
(allocate-subids): new variable;
(subuid+subgid-databases): new variable.
* gnu/system/accounts.scm (subid-range-end): New variable;
(subid-range-has-start?): new variable;
(subid-range-less): new variable.
* test/accounts.scm: Test them.
Change-Id: I8de1fd7cfe508b9c76408064d6f498471da0752d
Co-Authored-By: Ludovic Courtès <ludo@gnu.org>
Signed-off-by: Giacomo Leidi <goodoldpaul@autistici.org>
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
This commit adds a new record type, <subid-entry> and serializers
and deserializers for it in (gnu build accounts). Each instance of this
record represents one line in either /etc/subuid or /etc/subgid. Since
Shadow uses the same representation for both files, it should be ok if
we do it as well.
This commit adds also <subid-range>, a user facing representation of
<subid-entry>. It is supposed to be usable directly in OS configurations.
* gnu/build/accounts.scm (subid-entry): New record;
(write-subgid): add serializer for subgids;
(write-subuid): add serializer for subuids;
(read-subgid): add serializer for subgids;
(read-subuid): add serializer for subuids.
* gnu/system/accounts.scm (subid-range): New record.
* test/accounts.scm: Test them.
Change-Id: I6b037e40e354c069bf556412bb5b626bd3ea1b2c
Signed-off-by: Giacomo Leidi <goodoldpaul@autistici.org>
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* gnu/system/examples/bare-hurd64.tmpl: Remove --machine q35, there seems to
be no longer any need for this. Mention that there is no login prompt.
* gnu/system/examples/devel-hurd64.tmpl: Likewise.
Change-Id: Ib918cff3ca96f2a199869e876b6a75fedb09c983
This also updates comments and removes the comment about a very old
`bootstrap-profile' hack.
* gnu/system/examples/devel-hurd.tmpl (hurd-packages): New variable
(%hurd-devel-os): Use it.
* gnu/system/examples/devel-hurd64.tmpl: New file.
Change-Id: I54b6b0843f0dd635d89cca483ae43d23b20d21e8
Because pt_PT and pt_BR have many differences, such as how
the word “file” gets translated, Guix’ pt_BR info manual is
called (guix.pt_BR) instead of (guix.pt).
* gnu/system/install.scm (log-to-info): Try region coded manual
file names.
(%installation-node-names): Add node names for pt_BR and zh_CN.
Change-Id: I89beebd323ee69ca83c22321c9d9e664b32cf6f3
This adds a "Kernel" page to the installer with the option to (cross-) install
the Hurd, if applicable (only available on x86 machines for now).
* gnu/installer/newt.scm (kernel-page): New procedure.
(newt-installer)[kernel-page]: New field.
* gnu/installer/kernel.scm,
gnu/installer/newt/kernel.scm: New files.
* gnu/local.mk (INSTALLER_MODULES): Add them.
* gnu/installer.scm (installer-steps): Use them to select kernel if
applicable.
* gnu/installer/newt/partition.scm (run-label-page): Default to "msdos" when
instaling the Hurd.
(run-fs-type-page): Add ext2 for the hurd.
(run-partitioning-page-partition): Remove `entire-encrypted' option when
installing the Hurd.
* gnu/installer/services.scm (system-services->configuration): Cater for the
Hurd with %base-services/hurd, and with %base-packages/hurd that must always
be set.
(%system-services): Change to procedure. When installing the the Hurd, do not
recommend `ntp-service-type' and USE `openssh-sans-x' package for
`openssh-service-type'.
(system-service-none): New variable.
* gnu/installer/newt/services.scm (run-network-management-page): Include it
when installing the Hurd.
(run-desktop-environments-cbt-page): When installing the Hurd, recommend to
not select any desktop enviroment. Update users.
* gnu/installer/parted.scm (efi-installation?): Return #f when installing for
the Hurd.
(create-ext2-file-system): New procedure.
(user-fs-type-name, user-fs-type->mount-type, partition-filesystem-user-type,
format-user-partitions): Support `ext2'.
(<user-partition> partition->user-partition): Use `ext2' when installing the
Hurd.
(auto-partition!): Likewise. No swap partition when installing the Hurd.
* gnu/installer/final.scm (install-system): Cater for cross installation of
the Hurd.
(bootloader-configuration): Use `grub-minimal-bootloader' when installing the
Hurd.
(user-partition-missing-modules): Cater for empty user-partitions.
(initrd-configuration, user-partitions->configuration): Cater for the Hurd.
* gnu/installer/steps.scm (format-configuration,
configuration->file): Cater for the Hurd.
* gnu/system/hurd.scm (%desktop-services/hurd): New variable.
* gnu/installer/tests.scm (choose-kernel): New procedure.
* gnu/tests/install.scm (gui-test-program): Use it.
Change-Id: Ifafb27b8a2f933944c77223a27ec151757237e36
This operating system specification for the Hurd creates a system that
supports building the guix package from git natively.
Do something like
./pre-inst-env guix system build --target=i586-pc-gnu \
gnu/system/examples/devel-hurd.tmpl
./pre-inst-env guix system image --image-type=hurd-qcow2 --image-size=15G \
--no-offload gnu/system/examples/devel-hurd.tmpl
cp /gnu/store/...disk-image devel.img
guix shell qemu -- qemu-system-i386 -enable-kvm -m 4096 \
-device rtl8139,netdev=net0 \
-netdev user,id=net0,hostfwd=tcp:127.0.0.1:10022-:2222 \
-hda devel-hurd.img
ssh -p 10022 root@localhost
GUIX_PROFILE=/run/current-system/bootstrap-profile
source $GUIX_PROFILE/etc/profile
mkdir -p ~/src/guix
cd src/guix
git clone git://git.savannah.gnu.org/guix
cd guix
./bootstrap
./configure --with-courage
make
* gnu/system/examples/devel-hurd.tmpl: New file.
Change-Id: I097c7c00a9ab9602db7f8f3305827c815f308d1e
This allows us to use %base-services/hurd for services in a Hurd config for a
real machine without removing static-networking.
* gnu/system/hurd.scm (%base-services/hurd): Factor networking out to...
(%base-services+qemu-networking/hurd): ..this new variable.
* gnu/system/examples/bare-hurd.tmpl (%hurd-os): Use it.
* gnu/services/virtualization.scm (%hurd-vm-operating-system): Use it.
* gnu/system/images/hurd.scm (hurd-barebones-os): Use it. Add comment about
QEMU and networking for a real machine.
Change-Id: I777a63410383b9bf8b5740e4513dbc1e9fb0fd41
* gnu/system/images/wsl2.scm (wsl-boot-program): Update privileged
program directory in a comment.
Change-Id: I65906cbfbcd17ff164837ad293dc4324314bfcf1
* gnu/system/privilege.scm (file-like->setuid-program): New public
procedure.
* gnu/system/setuid.scm: Re-export it for compatibility.
(file-like->setuid-program): Remove this old version.
* gnu/services/docker.scm (singularity-setuid-programs): Use it (again).
* gnu/services/desktop.scm (enlightenment-privileged-programs): Likewise.
Change-Id: I8e41144438677a15cdadb3063651dbc780715497
We expect users to use the generic STRING->FAT-UUID procedure.
This is consistent with how we already treat FAT32 vs FAT16.
It is not consistent with how we export 8 different aliases for
STRING->DCE-UUID, but I'm unconvinced that would be better.
* gnu/system/uuid.scm (%uuid-parsers, %uuid-printers):
Add the ‘exfat’ file system type.
Change-Id: Ia31482716e4395f9f10f794f49fb31c9f330a2e3
This is a followup to c9666c120b.
Fixes <https://issues.guix.gnu.org/73065>.
* gnu/system/locale.scm (glibc-supported-locales): Change XZ to ZSTD.
Change-Id: Ie3cb5d50648a0698ce5246591fb405e4eb690af5
* gnu/system/locale.scm (%default-locale-libcs): Stop checking for Hurd, since
we have the same libc now. Also add glibc-2.35 while the transition happens.
Change-Id: I1f4980d18184580f3a42a86ca244c8015df15269
Fixes a bug whereby Hurd systems would find themselves including
‘%default-privileged-programs’ in addition to ‘%setuid-programs/hurd’.
* gnu/system/hurd.scm (%hurd-default-operating-system)[privileged-programs]:
New field.
Change-Id: I5b6a55a8df7e6af697d22166e9f483f6dd816e64
* gnu/system/privilege.scm (<privileged-program>): Add a field
representing the program's POSIX capabilities.
(privileged-program-capabilities): New public procedure.
* doc/guix.texi (Privileged Programs): Document it.
* gnu/build/activation.scm (activate-privileged-programs): Take a LIBCAP
package argument providing setcap(8) to apply said capabilities.
* gnu/services.scm (privileged-program->activation-gexp): Pass said
package argument where supported. Include privileged-program-capabilities
in the compatibility hack.
* gnu/system/setuid.scm (setuid-program): Rewrite as syntax to create a
<privileged-program> record that is setuid by default.
(setuid-program?, setuid-program-program, setuid-program-setuid?)
(setuid-program-setgid?, setuid-program-user, setuid-program-group):
Alias their privileged-program equivalent.
