Fixes a bug whereby authentication of a commit *not* descending from the
introductory commit could succeed, provided the commit verifies the
authorization invariant.
In the example below, A is a common ancestor of the introductory commit
I and of commit X. Authentication of X would succeed, even though it is
not a descendant of I, as long as X is authorized according to the
'.guix-authorizations' in A:
X I
\ /
A
This is because, 'authenticate-repository' would not check whether X
descends from I, and the call (commit-difference X I) would return X.
In practice that only affects forks because it means that ancestors of
the introductory commit already contain a '.guix-authorizations' file.
* guix/git-authenticate.scm (authenticate-repository): Add call to
'commit-descendant?'.
* tests/channels.scm ("authenticate-channel, not a descendant of introductory commit"):
New test.
* tests/git-authenticate.scm ("authenticate-repository, target not a descendant of intro"):
New test.
* tests/guix-git-authenticate.sh: Expect earlier test to fail since
9549f0283a is not a descendant of
$intro_commit. Add new test targeting an ancestor of the introductory
commit, and another test targeting the v1.2.0 commit.
* doc/guix.texi (Specifying Channel Authorizations): Add a sentence.
* doc/guix.texi (Monitoring Services): Document the various 'zabbix-*' service
types, and expand description of all Zabbix services. Use less marketing terms.
(Web Services): Add subsubheading for PHP-FPM, and anchors for
cross-referencing.
* gnu/services/monitoring.scm (zabbix-front-end-configuration): Use @ref
instead of @pxref for cross-referencing.
...to make them in line with the newly generated front-end documentation.
* doc/guix.texi (Monitoring Services): Regenerate zabbix-server-configuration
and zabbix-agent-configuration.
Commit e301f1a8ed removed the NGINX argument
entirely, but users may rely on and override it. Reported by rekado on #guix.
* gnu/services/monitoring.scm (%zabbix-front-end-nginx-configuration): Restore
exported variable.
(zabbix-front-end-nginx-extension): New procedure.
(zabbix-front-end-configuration): Remove FASTCGI-PARAMS field. Restore NGINX
field, but default to the empty list.
(zabbix-front-end-service-type): Extend NGINX-SERVICE-TYPE by
ZABBIX-FRONT-END-NGINX-EXTENSION.
* doc/guix.texi (Monitoring Services): Regenerate documentation.
* gnu/services/guix.scm (<nar-herder-configuration>): Add ttl and negative-ttl
fields.
(nar-herder-shepherd-services): Pass the ttl and negative-ttl values to the
service.
* doc/guix.texi (Guix Services): Document this.
* guix/profiles.scm (generation-number): Add optional 'base-profile'
parameter and use it.
* guix/scripts/system.scm (process-command): Add "/run/current-system"
as first argument to 'generation-number'.
* doc/guix.texi (Invoking guix system): Clarify that 'guix system
describe' shows the running system.
* doc/contributing.texi (Running Guix Before It Is Installed): Mention
how to remedy "source file ... newer than compiled" error by running
`make -j`.
Co-authored-by: jgart <jgart@dismail.de>
Co-authored-by: Julien Lepiller <julien@lepiller.eu>
Co-authored-by: Ryan Prior <rprior@protonmail.com>
Co-authored-by: Blake Shaw <blake@nonconstructivism.com>
Signed-off-by: Nicolas Goaziou <mail@nicolasgoaziou.fr>
* doc/contributing.texi (Building from Git): Adds section on using
make clean-go.
Co-authored-by: jgart <jgart@dismail.de>
Co-authored-by: Julien Lepiller <julien@lepiller.eu>
Co-authored-by: Ryan Prior <rprior@protonmail.com>
Co-authored-by: Blake Shaw <blake@nonconstructivism.com>
Signed-off-by: Nicolas Goaziou <mail@nicolasgoaziou.fr>
Suggested by Maxime Devos <maximedevos@telenet.be>
and Maxim Cournoyer <maxim.cournoyer@gmail.com>.
* doc/guix.texi (package Reference): Clarify 'native-search-paths'
vs. 'search-paths'.
(Search Paths): Link to it. Remove unnecessarily "define libxml2".
Reword 'file-pattern' description that said "When true".
* doc/build.scm (localization-helper-module)[content](translate): Add
call to 'setenv' before 'write'. Remove use of 'with-language'.
(language-code->native-name): New procedure.
(html-manual-indexes)[build](top-level-index): Use it.
Fixes <https://issues.guix.gnu.org/52766>.
Reported by Michael Rohleder <mike@rohleder.de>.
* gnu/machine/ssh.scm (<machine-ssh-configuration>)[safety-checks?]: New
field.
(machine-check-file-system-availability): Return the empty list when
'safety-checks?' is false.
(machine-check-initrd-modules): Likewise.
* doc/guix.texi (Invoking guix deploy): Document it.
Make sure that the images are created with a non volatile root by default and
the vm are created with a volatile root by default. Break the --volatile
option into --volatile-image and --persistent-vm options.
* guix/scripts/system.scm (perform-action): Turn volatile? argument into
volatile-vm-root?.
(show-help): Introduce --volatile-image and --persistent-vm options instead of
--volatile.
(%default-options): Adapt it.
(%options): Handle those options.
(process-action): Honor them.
* doc/guix.texi (Invoking guix system): Adapt it accordingly.
* gnu/services/telephony.scm (jami-configuration)[jamid]: Rename libring to
libjami.
* gnu/services/telephony.scm
(jami-configuration->command-line-arguments): Adjust daemon file name.
* gnu/services/telephony.scm (jami-service-type): Adjust doc.
* gnu/tests/telephony.scm (run-jami-test): Check for 'jamid' process, not
'dring'.
* doc/guix.texi (Telephony Services): Adjust doc for the jami-qt to jami and
libring to libjami packages renaming.
This enables profile caching not just when '-m' or '-f' is used, but
also when package specs are passed on the command line, as in:
guix shell -D guix git
It also changes profile cache keys to include the system type, which was
previously ignored.
* guix/scripts/shell.scm (options-with-caching)[single-file-for-caching]:
Remove.
Call 'profile-cached-gc-root' instead; adjust to accept two values.
(profile-cache-primary-key): New procedure.
(profile-cache-key): Remove.
(profile-file-cache-key, profile-spec-cache-key): New procedures.
(profile-cached-gc-root): Rewrite to include functionality formally in
'single-file-for-caching', but extend to handle package specs.
* gnu/packages.scm (cache-is-authoritative?): Export.
* guix/transformations.scm (transformation-option-key?): New procedure.
* doc/guix.texi (Invoking guix shell): Move '--rebuild-cache'
documentation to the bottom, just above '--root'. Explain caching and
how these two options relate to that.
The old output differs greatly from the current one and contains a typo.
* doc/guix.texi (Invoking guix home): Update ‘guix home search’ output
sample.
This is a followup to 05c962594c.
Discussed at <https://issues.guix.gnu.org/51307#24>.
* guix/scripts/hash.scm (%options): Warn about deprecation for
"--recursive", but not for '-r' as it's a convenient shorthand. Mention
'--serializer=nar' in the deprecation message.
* doc/guix.texi (Invoking guix hash): Adjust accordingly.
* guix/build/julia-build-system.scm (link-depot): Create 'Project.toml' file
when missing using data provided by the user.
(julia-create-package-toml): Remove from export.
* doc/guix.texi (Build Systems): Update julia-build-system section.
Signed-off-by: Efraim Flashner <efraim@flashner.co.il>