The use of `canonical-package' was dropped a long time ago.
* gnu/system.scm (%base-packages-utils): Delete stale comment.
Change-Id: Ie91294baf93ba45b3120dd62ac0c9adee04d2265
In <https://issues.guix.gnu.org/63009> it was promised to be pushed to master,
but that didn't seem to have happened. This resolves that promise.
* gnu/system.scm (operating-system-etc-service): Also add a user's
<guix-home>/profile/bin directory to PATH, before <guix-profile>/bin.
Change-Id: Ibd2866153a211585c4981293027544557f8fa06c
This is particularly useful now that log files are going to be
zstd-compressed by default, among other uses of zstd.
* gnu/system.scm (%base-packages-utils): Add ‘zstd’.
Change-Id: I766791fea3bc3fca2519a7cd6ac472550be386dd
* gnu/packages/hurd.scm (hurd-headers): Update to 0.9.git20240714.
(hurd)[arguments]: Remove rumpdisk build hack from "prepare-addons" stage.
Instead, when cross-compiling, add stage "fixup-cross-configure" to enable
rumpdisk.
* gnu/system.scm (hurd-multiboot-modules): Remove
"--x-xattr-translator-records" option that has been removed and is now the
default.
Change-Id: I4609b5a959c1ece98e2fe1aedbb1d31d6edadcca
* gnu/services/base.scm (swap-service-type): Do not include 'udev' requirement
for the Hurd. Use system* with "swapon", "swapoff" for the Hurd.
* gnu/system.scm (hurd-default-essential-services): Add swap-services.
* gnu/services/base.scm (swap-service-type):
Change-Id: I1d4d445c614921752dc84aa0dd6ff42cdbf62aa8
Ping and ping6 don't need setuid, they can work with
cap_net_raw capability only. This means that even if
ping or ping6 had a vulnerability that could be
used for execution as root, it can't anymore if
the program is not setuid.
* gnu/system.scm (%default-privileged-programs): Remove ping, ping6 setuid
programs, add ping, ping6 programs with cap_net_raw=ep capabilities
Change-Id: Ie409b477f548dbff3318eec33d0d2ca16a1b3209
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Ensure that users and groups are already created when the privileging script
runs. The order these scripts appear in the folded activation-service depends
on the order these services are instantiated in the operating-system.
Fixes <https://issues.guix.gnu.org/73680>.
* gnu/system.scm (operating-system-default-essential-services): Move
privileged-program-service above account-service.
(hurd-default-essential-services): Likewise.
* gnu/tests/base.scm (%activation-os): New variable.
(run-activation-test): New procedure.
(%test-activation): New variable.
Change-Id: I59a191c5519475f256e81bdf2dc4cb01b96c31fe
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* gnu/system.scm (<operating-system>): Add new privileged-programs
field, that defaults to…
(%default-privileged-programs): …this new variable, renamed from…
(%setuid-programs): …this, which is now defined as the empty list.
* doc/guix.texi (Setuid Programs): Rename this…
(Privileged Programs): …to this. Adjust all refs. Update all mentions
of ‘setuid’ (whether in prose, variable names, or code samples) to use
the new ‘privilege[d]’ terminology instead.
(operating-system Reference, X Window, Invoking guix system)
(Service Reference): Adjust likewise.
It has been a warning for well over a year now. Now, with
privileged-programs coming, don't let's support nested deprecation
hacks.
* gnu/system.scm (<operating-system>):
Don't ‘sanitize’ the setuid-programs field.
(ensure-setuid-program-list): Delete syntax.
(%ensure-setuid-program-list): Delete variable.
Calling 'delete' on the list of packages would delete *all* occurrences of a
given object, not just the first one. This meant that if the user had
something like:
(packages (cons nss-certs %base-packages))
In their operating system declaration, no nss-certs would end up in the final
list. To guard against this, guard against this by checking that more than
one nss-certs package exist even after deduplication.
* gnu/system.scm (operating-system-packages): Guard against deleting all
nss-certs when a single nss-certs package object is listed multiple times.
Fixes: https://issues.guix.gnu.org/70850
Change-Id: Id93be9242e026fd2e96a442941df80b94664ef9a
* gnu/system.scm (operating-system-packages): Because packages->manifest
allows other formats, don't assume it's a package object in the list.
Fixes: https://issues.guix.gnu.org/70624
Change-Id: I91c64ca2c463ef5c35fa23856e4622e364e58988
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
This can happen due to users providing 'nss-certs' and adding it to the
%base-packages, which now include 'nss-certs'.
* gnu/system.scm (operating-system-packages): Warn when multiple nss-certs
packages are detected; keep only the latest one.
Change-Id: I6104f134ea1cc155ae9e8e0ae70bb5a38fc05800
Reported-by: Ian Eure <ian@retrospec.tv>
This guides newcomers who might stick a single (service …) form
in this field.
* gnu/services.scm (validate-service-list): New macro.
(%validate-service-list): New procedure.
* gnu/system.scm (<operating-system>)[services]: Add ‘sanitize’.
* gnu/home.scm (<home-environment>)[services]: Add ‘sanitize’.
Change-Id: I9e29bd9a078e87b627ab766fd669ba9de79f8473
This is a follow-up to f6817e71df and
e11e65a9ad.
* gnu/installer.scm, gnu/packages/algebra.scm, gnu/packages/base.scm,
gnu/packages/cook.scm, gnu/packages/lisp.scm,
gnu/packages/patchutils.scm, gnu/packages/version-control.scm,
gnu/packages/web-browsers.scm, gnu/system.scm: Adjust module imports.
Change-Id: I25e5519fa003c35a14b81c3dda37b24527858634
I bungled up a merge conflict between 789f7e9 (gnu: fuse@3: Bind to
default FUSE variable.) and my other setuid-related changes.
* gnu/system.scm (%setuid-programs): Look for /bin/fusermount in
FUSE-2, not 3.
Reported by renngar[m] in #guix.
Unlike the deprecated 'local-host-aliases', there's no use for
local-host-entries since it's used to set the default value for
hosts-service-type. Given that this service-type is expected to be
extended, one presumes that when they explicitly override the service
default value they do not have much interest in the 'local-host-entries'
procedure.
* gnu/system.scm: Do not export local-host-entries.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* gnu/system.scm (operating-system-hosts-file): Deprecate procedure.
(warn-hosts-file-field-deprecation): New procedure, helper for
deprecated variable.
(operating-system)[hosts-file]: Use helper to warn deprecated field.
(local-host-aliases): Mark as deprecated.
(local-host-entries): New procedure.
(operating-system-default-essential-services,
hurd-default-essential-services): Use hosts-service-type. Use
'%operating-system-hosts-file' and 'local-host-entries'.
(default-/etc/hosts): Remove procedure.
(operating-system-etc-service): Remove hosts file.
* doc/guix.texi (operating-system Reference)
(Networking Services) (Virtualization Services): Rewrite documentation
entries to use hosts-service-type.
Co-authored-by: Ludovic Courtès <ludo@gnu.org>
Users can override 'PS1' in ~/.bashrc if they wish.
Previously, on Guix Home, the "default" 'PS1' would be set in ~/.bashrc
when 'home-bash-configuration-guix-defaults?' is true, preventing users
from overriding it via the 'environment-variables' field of
'home-bash-extension'.
* gnu/system/shadow.scm (%default-bashrc): Remove 'PS1' setting.
* gnu/system.scm (operating-system-etc-service): Define PS1 in
/etc/bashrc.
* gnu/home/services/shells.scm (add-bash-configuration): When
'home-bash-configuration-guix-defaults?' is true, add a default 'PS1' to
~/.bash_profile.
Rationale: Even when not using an ext file system, the utilities provided by
e2fsprogs are useful, for example to set the copy-on-write attribute of a
Btrfs file system.
* gnu/system.scm (%base-packages-utils): Add e2fsprogs.
Rationale: It is only used in INSTALLATION-OS and doesn't make sense to be
used in another context, given that file systems now automatically pull their
dependencies since commit 45eac6cdf5 (services:
Add file system utilities to profile).
* gnu/system.scm (%base-packages-disk-utilities): Deprecate and rename to...
* gnu/system/install.scm (%installer-disk-utilities): ... this.
(installation-os) [packages]: Adjust accordingly.
* gnu/packages/admin.scm (shadow)[arguments]: Add phase to install the
manpages. Make sure 'remove-groups comes after installing the manpages.
[properties]: Remove field.
(shadow-with-man-pages): Remove variable.
* gnu/system.scm (%base-packages-utils): Replace shadow-with-man-pages
with shadow.
This works around <https://issues.guix.gnu.org/58631>.
* gnu/system.scm (hurd-multiboot-modules): Use '/hurd/exec.static'
instead of 'ld.so /hurd/exec'.
This corrects two problems with the previous mapped devices warning:
1. It wasn't clear how to correct the situation.
2. The output would be repeated multiple times, as many times as the procedure
is called during a system reconfigure.
* gnu/system.scm (operating-system-bootloader-crypto-devices): Memoize
procedure. Include the mapped devices source location information in the
warnings. Add a hint to help users fix the warning.
