References:
https://sysctl-explorer.net/fs/protected_hardlinks/https://sysctl-explorer.net/fs/protected_symlinks/
* gnu/services/sysctl.scm (%default-sysctl-settings): New public variable.
(<sysctl-configuration>): Use %default-sysctl-settings as the default value.
* gnu/services/base.scm (%base-services): Add sysctl-service-type.
* doc/guix.texi (Miscellaneous Services): Document the new defaults.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* guix/scripts/publish.scm (%options): Add "--advertise" option.
(show-help): Document it.
(service-name): New procedure,
(publish-service-type): new variable.
(run-publish-server): Add "advertise?" and "port" parameters. Use them to publish
the server using Avahi.
(guix-publish): Pass the "advertise?" option to "run-publish-server".
* gnu/services/base.scm (<guix-publish-configuration>): Add "advertise?"
field.
(guix-publish-shepherd-service): Honor it.
Fixes a regression introduced in
977eb5d023 whereby file system services
would now have a different name.
* gnu/services/base.scm (file-system->shepherd-service-name): Revert
changes introduced in 977eb5d023.
* gnu/services/shepherd.scm (%store-characters): New variable
(shepherd-service-file-name): Map all the characters outside
%STORE-CHARACTERS to #\-.
Fixes <https://bugs.gnu.org/44626>.
Reported by Vagrant Cascadian <vagrant@debian.org>.
* tests/build-utils.scm ("wrap-script, simple case"): Pass
SCRIPT-CONTENTS to 'display' rather than 'format'.
* gnu/services/base.scm (file-system->shepherd-service-name)
[valid-characters, mount-point]: New variables.
Filter out invalid store file name characters from the mount point of
FILE-SYSTEM.
Also change the default configuration to clear on logout, which is the
upstream default.
* gnu/services/base.scm (<mingetty-configuration>): Add 'clear-on-logout?'
field.
(mingetty-shepherd-service): Pass the "--noclear" option to mingetty only if
'clear-on-logout?' is #false.
* doc/guix.texi (Base Services): Document the 'clear-on-logout?' field.
Fixes a bug whereby different users would get different derivations for
the same service.
* gnu/services/base.scm (guix-shepherd-service): In 'start' method, do
not embed (guix config).
This is a followup to ecaa102a58.
* gnu/services/base.scm (<guix-publish-configuration>)[cache-bypass-threshold]:
New field.
(guix-publish-shepherd-service): Honor it.
* gnu/services/base.scm (swap-service-type)[device-lookup, device-name]:
New variables.
Add 'modules' field to 'shepherd-service'. In 'start' and 'stop', use
'device-lookup' to resolve UUIDs and labels.
* doc/guix.texi (operating-system Reference): Adjust accordingly.
Fixes <https://bugs.gnu.org/39819>.
Reported by Maxim Cournoyer <maxim.cournoyer@gmail.com>.
* gnu/services/base.scm (substitute-key-authorization): Symlink
DEFAULT-ACL to /etc/guix/acl unconditionally. Add code to optionally
back up /etc/guix/acl if it was possibly modified by hand.
* doc/guix.texi (Base Services): Clarify the effect of setting
'authorize-keys?' to true. Mention the backup. Give an example showing
how to authorize substitutes from another server.
When the store overlay is mounted, other processes such as kmscon, udev
and guix-daemon may open files from the store, preventing the
underlying install support from being umounted. See:
https://lists.gnu.org/archive/html/guix-devel/2018-12/msg00161.html.
To avoid this situation, mount the store overlay inside a container,
and run the installation from within that container.
* gnu/build/shepherd.scm (fork+exec-command/container): New procedure.
* gnu/services/base.scm (guix-shepherd-service): Support an optional PID
argument passed to the "start" method. If that argument is passed, ensure that
guix-daemon enters the given PID MNT namespace by using
fork+exec-command/container procedure.
* gnu/installer/final.scm (umount-cow-store): Remove it,
(install-system): run the installation from within a container.
* gnu/installer/newt/final.scm (run-install-shell): Remove the display hack.
This is a follow-up of 755f365b02.
As (zlib) is autoloaded in (gnu build linux-modules), "guile-zlib" is needed
as an extension only when it is effectively used.
* gnu/installer.scm (installer-program): Remove "guile-zlib" from the extensions.
* gnu/machine/ssh.scm (machine-check-initrd-modules): Ditto.
* gnu/services.scm (activation-script): Ditto.
* gnu/services/base.scm (default-serial-port): Ditto,
(agetty-shepherd-service): ditto,
(udev-service-type): ditto.
* gnu/system/image.scm (gcrypt-sqlite3&co): Ditto.
* gnu/system/shadow.scm (account-shepherd-service): Ditto.
This commit adds support for GZIP compression for linux-libre kernel
modules. The initrd modules are kept uncompressed as the initrd is already
compressed as a whole.
The linux-libre kernel also supports XZ compression, but as Guix does not have
any available bindings for now, and the compression time is far more
significant, GZIP seems to be a better option.
* gnu/build/linux-modules.scm (modinfo-section-contents): Use
'call-with-gzip-input-port' to read from a module file using '.gz' extension,
(strip-extension): new procedure,
(dot-ko): adapt to support compression,
(ensure-dot-ko): ditto,
(file-name->module-name): ditto,
(find-module-file): ditto,
(load-linux-module*): ditto,
(module-name->file-name/guess): ditto,
(module-name-lookup): ditto,
(write-module-name-database): ditto,
(write-module-alias-database): ditto,
(write-module-device-database): ditto.
* gnu/installer.scm (installer-program): Add "guile-zlib" to the extensions.
* gnu/machine/ssh.scm (machine-check-initrd-modules): Ditto.
* gnu/services.scm (activation-script): Ditto.
* gnu/services/base.scm (default-serial-port): Ditto,
(agetty-shepherd-service): ditto,
(udev-service-type): ditto.
* gnu/system/image.scm (gcrypt-sqlite3&co): Ditto.
* gnu/system/linux-initrd.scm (flat-linux-module-directory): Add "guile-zlib"
to the extensions and make sure that the initrd only contains
uncompressed module files.
* gnu/system/shadow.scm (account-shepherd-service): Add "guile-zlib" to the
extensions.
* guix/profiles.scm (linux-module-database): Ditto.
Commit 6680880f9b pushes out a new guix
package with a new key location, so we need to update to the new key
in order for systems to build correctly.
* gnu/services/base.scm (%default-authorized-guix-keys): Refer to berlin.guix.gnu.org.pub.
This reverts commit 4c0cc7bed3.
Fixes <https://bugs.gnu.org/41116>.
Reported by Alex Sassmannshausen <alex@komputilo.eu>.
The problem is that reconfiguring on a system running Shepherd < 0.8.0
would lead to an error, due to #:file-creation-mask not being supported.
The error is rather harmless: it prevents service upgrade but the system
itself is upgraded.
We can reinstate that commit eventually, once #:file-creation-mask has
become widespread.
This is a followup to d7113bb655 and
e3358a831e.
* gnu/services/base.scm (syslog-service-type): Change 'start' method to set
umask using the #:file-creation-mask parameter of
'make-forkexec-constructor' introduced in version 0.8.0 of the Shepherd.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Passing 'make-forkexec-constructor' a string or several string arguments
has been deprecated since dmd 0.1.
* gnu/services/base.scm (rngd-service-type): In 'start' method, pass a
list as the first argument to 'make-forkexec-constructor'.
* gnu/services/desktop.scm (bluetooth-shepherd-service): Likewise.
* gnu/services/spice.scm (spice-vdagent-shepherd-service): Likewise.
Fixes <https://bugs.gnu.org/25569>.
Reported by Divan Santana <divan@santanas.co.za>.
* gnu/services/base.scm (shepherd-set-http-proxy-action): New procedure.
(guix-shepherd-service): Add 'actions' field. Change 'start' to a
lambda; check the value of the "http_proxy" environment variable and
add "http_proxy" and "https_proxy" to #:environment-variables as a
function of that.
* gnu/tests/base.scm (run-basic-test)["guix-daemon set-http-proxy
action", "guix-daemon set-http-proxy action, clear"]: New tests.
* doc/guix.texi (Base Services): Document it.
Partly fixes <https://bugs.gnu.org/40405>.
Reported by Diego Nicola Barbato <dnbarbato@posteo.de>.
* gnu/services/base.scm (syslog-service-type): Change 'start' method to
set umask to #o137 before spawning syslogd.
* gnu/tests/base.scm (run-basic-test)["/var/log/messages is not
world-readable"]: New test.
* gnu/services/base.scm (%base-services): Add an instance of
ROTTLOG-SERVICE-TYPE.
* doc/guix.texi (Log Rotation): Mention that it's part of
%BASE-SERVICES and change example.
Discussed at <https://bugs.gnu.org/39926>.
* gnu/packages/linux.scm (eudev/btrfs-fix): New variable.
* gnu/services/base.scm (<udev-configuration>)[udev]: Default to it.
(udev-service): Likewise for #:udev.