References:
https://sysctl-explorer.net/fs/protected_hardlinks/https://sysctl-explorer.net/fs/protected_symlinks/
* gnu/services/sysctl.scm (%default-sysctl-settings): New public variable.
(<sysctl-configuration>): Use %default-sysctl-settings as the default value.
* gnu/services/base.scm (%base-services): Add sysctl-service-type.
* doc/guix.texi (Miscellaneous Services): Document the new defaults.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
This brings total updater coverage, as reported by 'guix refresh
--list-updaters', from 78% to 88.3%. Among many other things, it covers
freedesktop.org packages.
* guix/gnu-maintenance.scm (html-updatable-package?)
(latest-html-updatable-release): New procedures.
(%generic-html-updater): New variable.
* doc/guix.texi (Invoking guix refresh): Document it.
Fixes <https://bugs.gnu.org/46803>.
Reported by Luis Felipe <luis.felipe.la@protonmail.com>.
* doc/guix.texi (Getting Started): Introduce the term "profile".
(Invoking guix package): Likewise.
mongodb 3.4.10 has unpatched CVEs and mongodb 3.4.24 has some files in the
release tarball under the SSPL, therefore we cannot provide mongodb while
upholding to good security standards.
It turns out feff80cec3 was right since while
the main license file wasnt altered to SSPL, some files in the tree contain
SSPL headers.
* gnu/packages/databases.scm (go-gopkg.in-mgo.v2): Remove.
* gnu/packages/databases.scm (mongo-tools): Remove.
* doc/guix.texi (mongodb-service-type): Remove.
* gnu/tests/databases.scm (%test-mongodb, %mongodb-os, run-mongodb-test):
Remove.
* gnu/services/databases.scm (mongodb-configuration, mongodb-configuration?,
mongodb-configuration-mongodb, mongodb-configuration-config-file,
mongodb-configuration-data-directory, mongodb-service-type,
%default-mongodb-configuration-file, %mongodb-accounts, mongodb-activation,
mongodb-shepherd-service): Remove.
* gnu/packages/databases.scm (mongodb): Remove.
Fixes <https://issues.guix.gnu.org/36117>.
Before this change, the 'binfmt_misc' entries registered for QEMU would not be
usable in container contexts outside of guix-daemon (without manually bind
mounting file names).
For example:
$ docker run --rm arm32v7/debian true
standard_init_linux.go:207: exec user process caused "no such file or directory"
After this change, any container can make use of the QEMU binfmt_misc
registrations, as their corresponding QEMU static binaries are fully
pre-loaded by the kernel.
* gnu/services/virtualization.scm (<qemu-platform>): Define using
'define-record-type*'.
[flags]: New field, which defaults to "F" (fix binary).
(%i386, %i486, %alpha, %arm, %armeb, %sparc, %sparc32plus, %ppc, %ppc64)
(%ppc64le, %m68k, %mips, %mipsel, %mipsn32, %mipsn32el, %mips64, %mips64el)
(%riscv32, %riscv64, %sh4, %sh4eb, %s390x, %aarch64, %hppa): Adjust.
(qemu-binfmt-guix-chroot): Remove variable.
(qemu-binfmt-service-type): Remove the qemu-binfmt-guix-chroot extension.
* gnu/services/qemu-binfmt (qemu-platform->binfmt): Use the static output of
QEMU.
* doc/contributing.texi (Submitting Patches): Update doc.
* doc/guix.texi (Virtualization Services): Update doc.
* gnu/services/guix.scm (guix-build-coordinator-agent-dynamic-auth-with-file,
guix-build-coordinator-agent-dynamic-auth-with-filen?,
guix-build-coordinator-agent-dynamic-auth-with-file-agent-name,
guix-build-coordinator-agent-dynamic-auth-with-file-token-file): New procedures.
(guix-build-coordinator-agent-shepherd-services): Handle new dynamic auth with
file record.
* doc/guix.texi (Guix Build Coordinator): Document the new dynamic auth with
file record.
A new authentication approach has been added to the coordinator, so to better
represent the options, this commit changes the configuration to accept
different records, each for different authentication approaches.
* gnu/services/guix.scm (guix-build-coordinator-agent-configuration-uuid,
guix-build-coordinator-agent-configuration-password,
guix-build-coordinator-agent-configuration-password-file): Removed
procedures.
(guix-build-coordinator-agent-password-auth,
guix-build-coordinator-agent-password-auth?,
guix-build-coordinator-agent-password-auth-uuid,
guix-build-coordinator-agent-password-auth-password,
guix-build-coordinator-agent-password-file-auth,
guix-build-coordinator-agent-password-file-auth?,
guix-build-coordinator-agent-password-file-auth-uuid,
guix-build-coordinator-agent-password-file-auth-password-file): New
procedures.
(guix-build-coordinator-agent-shepherd-services): Adjust to handle the
authentication field and it's possible record values.
* doc/guix.texi (Guix Build Coordinator): Update documentation.
* doc/guix.texi (sane-service-type): Move from between documentation
about geoclue, expand slightly.
(sane-backends-minimal): New description.
(sane-backends): New description, new example.
Signed-off-by: Nicolas Goaziou <mail@nicolasgoaziou.fr>
Instead of returning multiple services in simple-cuirass-services, rely on the
instantiate-missing-services procedure to instantiate postgresql and
postgresql-role-service-type when missing.
Turn simple-cuirass-services procedure into
simple-cuirass-configuration->specs, that takes a simple-cuirass-configuration
record and returns a Cuirass specification.
Suggested-by: Ludovic Courtès <ludo@gnu.org>
* gnu/services/cuirass.scm (%default-cuirass-config): Remove it.
(simple-cuirass-services): Rename it to ...
(simple-cuirass-configuration->specs): ... this procedure.
* gnu/tests/cuirass.scm (cuirass-services): Remove postgresql and
postgresql-role services that are automatically instantiated.
(simple-cuirass-service): New variable.
(%cuirass-simple-test): Adapt it to use simple-cuirass-configuration->specs
instead of simple-cuirass-services.
* doc/guix.texi (Simple Cuirass): Update it.
* gnu/services/cuirass.scm (<build-manifest>,
<simple-cuirass-configuration>): New records.
(build-manifest, build-manifest?, simple-cuirass-configuration,
simple-cuirass-configuration?, simple-cuirass-services): New procedures.
(%default-cuirass-config): New variable.
* gnu/tests/cuirass.scm (%cuirass-simple-test): New variable.
* doc/guix.texi (Continuous Integration): Document it.
* doc/guix.texi (Base Services)[pam-limits-service]: Add an example and
explanation of how the 'nofile', or open file descriptors value, can be
configured.
Remove the 'vm-image' command that has been superseded by the 'image'
command.
* gnu/system/vm.scm (system-qemu-image): Remove it.
* guix/scripts/system.scm (system-derivation-for-action): Mark 'vm-image'
command as deprecated and use the image API to produce the VM image.
(perform-action, show-help): Adapt accordingly.
* tests/guix-system.sh: Ditto.
* doc/guix.texi (Invoking guix system,
Running Guix in a VM): Ditto.
* etc/completion/fish/guix.fish: Ditto.
* etc/completion/zsh/_guix: Ditto.
* gnu/services/vpn.scm (wireguard-peer, wireguard-configuration): New records.
(wireguard-service-type): New variable.
* doc/guix.texi (VPN Services): Document it.
* gnu/services/web.scm (<agate-configuration>): New record type.
(agate-accounts, agate-shepherd-service): New procedures.
(agate-service-type): New variable.
* doc/guix.texi (Web Services): Document it.
Signed-off-by: Nicolas Goaziou <mail@nicolasgoaziou.fr>
* doc/guix.texi (Invoking guix environment): Explain how to exit and clean up
a Guix environment.
The current documentation doesn't explain how to exit an environment or how to
remove the packages after exiting.
Signed-off-by: Nicolas Goaziou <mail@nicolasgoaziou.fr>
* build-aux/test-driver.scm (script-version): Update.
(show-help): Document it.
(%options): Add the 'show-duration' option.
(test-runner-gnu): Pass as a new argument.
[test-cases-start-time]: New inner variable.
[test-on-test-begin-gnu]: New hook, used to record the start time.
[test-on-test-end-gnu]: Conditionally print elapsed time. Record it as the
optional metadata in the test result file (.trs).
* doc/guix.texi (Running the Test Suite): Document it.
The meson-for-build package doesn't carry any special patch anymore; it
appears to be obsolete.
* gnu/packages/build-tools.scm (meson-for-build): Remove variable.
* guix/build-system/meson.scm (default-meson): Use meson.
* doc/guix.texi (Build Systems): Update doc.
* guix/scripts/package.scm (export-manifest): New procedure.
(show-help, %options): Add '--export-manifest'.
(process-query): Honor it.
* guix/build/profiles.scm (build-profile): Mention it.
* tests/guix-package.sh: Test it.
* doc/guix.texi (Invoking guix package): Document it.
* build-aux/test-driver.scm (show-help): Add the help text for the
new '--errors-only' option.
(%options): Add the errors-only option.
(test-runner-gnu): Add the errors-only? parameter and update doc. Move the
logging of the test data after the test has completed, so a choice can be made
whether to keep it or discard it based on the value of the test result.
(main): Pass the errors-only? option to the driver.
* doc/guix.texi (Running the Test Suite): Document the new option.
* build-aux/test-driver.scm (show-help): Add help text for the new --select
and --exclude options.
(%options): Add the new select and exclude options.
(test-runner-gnu): Pass them to the test runner. Update doc.
(test-match-name*, test-match-name*/negated, %test-match-all): New variables.
(main): Compute the test specifier based on the values of the new options and
apply it to the current test runner when running the test file.
* doc/guix.texi (Running the Test Suite): Document the new options.
* gnu/services/databases.scm (postgresql-configuration-log-directory): New
procedure.
(<postgresql-configuration>)[log-directory]: New field.
(postgresql-activation): Create the log directory.
(postgresql-shepherd-service): Honor it.
* gnu/tests/databases.scm (%postgresql-log-directory): New variable.
(log-file): New test case.
* doc/guix.texi (Database Services): Document it.
* gnu/services/databases.scm (postgresql-config-file-compiler): Support Guile
datatypes in the "extra-config" field.
* gnu/tests/databases.scm (%postgresql-os): Test it.
* doc/guix.texi (Database Services): Document it.
Reported by pineapples on #guix.
This is a followup to 8e1907a724.
* doc/guix.texi (Invoking guix package): Remove sentence that says that
package transformations are lost upon upgrading and explicitly say the
opposite.
* doc/contributing.texi: Replace link to TP with a link to Weblate.
* doc/guix.texi: Replace link to TP with a link to Weblate.
* doc/guix-cookbook.texi: Replace link to TP with a link to Weblate.
* gnu/services/virtualization.scm (qemu-binfmt-service-type)[guix-support?]:
Change the default from #f to #t.
* doc/guix.texi (Transparent Emulation with QEMU): Change the default of
‘guix-support?’ from #f to #t. Describe the implication of setting it to #f.
Co-authored-by: Ludovic Courtès <ludo@gnu.org>
* guix/scripts/publish.scm (compress-nar)[write-compressed-file]: New
procedure.
Use it for 'gzip' and 'lzip'. Add 'zstd.
(nar-response-port, string->compression-type): Add case for 'zstd'.
* tests/publish.scm (zstd-supported?): New procedure.
("/nar/zstd/*"): New test.
* doc/guix.texi (Invoking guix publish): Document zstd compression.
(Base Services): Add cross-reference to the above node.
* gnu/services/mail.scm (radicale-configuration)
(radicale-configuration?): New procedures.
(%default-radicale-config-file)
(radicale-service-type): New variables.
* doc/guix.texi: Document it.
Suggested by Philippe Swartvagher <philippe.swartvagher@inria.fr>.
* guix/transformations.scm (transform-package-patches): New procedure.
(%transformations): Add it as 'with-patch'.
(%transformation-options, show-transformation-options-help/detailed):
Add '--with-patch'.
* tests/transformations.scm ("options->transformation, with-patch"): New
test.
* doc/guix.texi (Package Transformation Options): Document it.
This simplifies setup of build machines: no need to install Guile in
addition to Guix, no need to set 'GUILE_LOAD_PATH' & co., leading to
fewer failure modes.
* guix/ssh.scm (remote-run): New procedure.
(remote-daemon-channel): Use it instead of 'open-remote-pipe*'.
(store-import-channel)[import]: Remove check for module availability.
Add call to 'primitive-exit'.
Use 'remote-run' instead of 'open-remote-pipe'.
(store-export-channel)[export]: Remove check for module availability.
Add calls to 'primitive-exit'.
Use 'remote-run' instead of 'open-remote-pipe'.
(handle-import/export-channel-error): Remove 'module-error' clause.
(report-module-error): Remove.
* guix/scripts/offload.scm (assert-node-has-guix): Replace call to
'report-module-error' by 'leave'.
* doc/guix.texi (Daemon Offload Setup): Remove mention of Guile.
* guix/import/cran.scm (%input-style): New parameter.
(format-inputs): Use it.
* guix/scripts/import/cran.scm (guix-import-cran): Set the %input-style
parameter.
(%options): Add "--style" option.
* doc/guix.texi (Invoking guix import): Document it.
* guix/import/opam.scm (get-opam-repository): Add support for coq
repositories.
(ocaml-name->guix-name): Properly name coq package.
* doc/guix.texi (Invoking guix import): Document it.
There are plenty of options supported that the Guix configuration record
doesn't help you with, so add this field to allow users to do their own thing.
* gnu/services/monitoring.scm (<prometheus-node-exporter-configuration>): Add
extra-options field.
(prometheus-node-exporter-shepherd-service): Handle the extra options.
* doc/guix.texi (Prometheus Node Exporter Service): Document this.
* doc/guix.texi (Keyboard Layout and Networking and Partitioning): Add
F2FS to the footnote of Guix System's supported root file systems.
Signed-off-by: Tobias Geerinckx-Rice <me@tobias.gr>
It is a common mistake to modify an <origin> record that computes to a
fixed-output derivation, forgetting to update its hash field, only to find out
that a previously built source gets used instead. While there doesn't seem to
be an obvious solution to this problem, we can at least document the fact that
sources can be checked the same as other builds.
* doc/guix.texi (Additional Build Options): Document that source derivation
builds can be verified using --check.
* guix/scripts/processes.scm (lock->recutils): New procedure.
(daemon-session->recutils): Use it.
(daemon-sessions->recutils, session-key->recutils)
(session-scalars->normalized-record)
(child-process->normalized-record)
(daemon-sessions->normalized-record): New procedures.
(session-rec-type, lock-rec-type, child-process-rec-type)
(%available-formats): New variables.
(list-formats): New procedure.
(%options, show-help): Add '--format'.
(%default-options): New variable.
(guix-processes): Use 'parse-command-line' instead of 'args-fold*'.
Honor the 'format' value in OPTIONS.
* doc/guix.texi (Invoking guix processes): Document '--format'.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* guix/scripts/processes.scm (daemon-session->recutils): Put child
process information in separate fields.
* doc/guix.texi (Invoking guix processes): Document change in output of
'guix processes'.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>