This was superseded by ‘least-authority-wrapper’.
* gnu/build/shepherd.scm (read-pid-file/container)
(make-forkexec-constructor/container): Remove.
Change-Id: I6acccdff2609a35807608f865a4d381146113a88
This is an improvement for the purposes of ‘guix edit’ & co.
* gnu/build/icecat-extension.scm (make-icecat-extension): Add ‘location’
field.
Change-Id: I896ae6823b3fe4ea013fa74e2c536f45664d8042
* gnu/build/icecat-extension.scm: New file with a MAKE-ICECAT-EXTENSION
procedure that makes sure the add-on directory is a symlink, so that Icecat
can normalize it into a package store path.
* gnu/local.mk (dist_patch_DATA): Register it, as well as new patches.
* gnu/packages/browser-extensions.scm (ublock-origin)[properties]: Store the
add-on ID so that it is accessible in MAKE-ICECAT-EXTENSION.
[arguments]: Use the add-on ID as root directory.
(ublock-origin/icecat): New procedure.
* gnu/packages/gnuzilla.scm (icecat-minimal)[arguments]: Rewrite the unused
'apply-guix-specific-patches' phase so that it applies the following two
patches.
[native-search-paths]: New field.
* gnu/packages/patches/icecat-compare-paths.patch: New patch that compares
add-on paths (which are package store paths) to detect package changes.
* gnu/packages/patches/icecat-use-system-wide-dir.patch: New patch that
replaces "/usr/lib/mozilla" (the system-wide directory for extensions and
native manifests) with "$ICECAT_SYSTEM_DIR".
The gnumach builtin IDE hd devices are still used, unless booting with
"noide".
* gnu/build/hurd-boot.scm (set-hurd-device-translators): Create /dev/hd{0..3},
/dev/hd{0..3}s{0..3}.
This reverts commit e9a5eebc78, which
as far as I can tell breaks system roll-backs thusly:
[...]
In gnu/build/accounts.scm:
239:27 3 (_ #<<password-entry> name: "root" password: "x" uid: 0 gid: 0 real-name: "System >)
In unknown file:
2 (string-join ("root" "x" "0" "0" "System administrator" "/root" #t) ":" #<undefined>)
In ice-9/boot-9.scm:
1685:16 1 (raise-exception _ #:continuable? _)
1685:16 0 (raise-exception _ #:continuable? _)
ice-9/boot-9.scm:1685:16: In procedure raise-exception:
In procedure string-append: Wrong type (expecting string): #t
* gnu/system/accounts.scm (<user-account>)[home-directory-permissions]: New
field.
(user-account-home-directory-permissions): New accessor.
* gnu/build/activation.scm (activate-users+groups): Use home directory
permission bits from the user account object.
* doc/guix.texi (User Accounts): Document new field.
Signed-off-by: Josselin Poiret <dev@jpoiret.xyz>
* gnu/build/image.scm (make-unformatted-image): New procedure.
(make-partition-image): Add support for unformatted partition.
* gnu/system/image.scm (system-disk-image)[partition->gpt-type]: Add
case for using unformatted partition uuid.
This follows up on commit c077345539, and
adds a comment to avoid this in future.
* gnu/system/file-systems.scm (invalid-file-system-flags):
Add 'no-diratime to the list of KNOWN-FLAGS.
Fixes <https://issues.guix.gnu.org/61156>.
* gnu/build/linux-container.scm (container-excursion): Add extra call to
'primitive-fork' and invoke THUNK in the child process.
* tests/containers.scm ("container-excursion"): Remove extra
'primitive-fork' call, now unnecessary.
("container-excursion*, /proc"): New test.
* gnu/build/linux-container.scm (container-excursion): Return the raw
status value.
* tests/containers.scm ("container-excursion, same namespaces"): Add
'status:exit-val' call.
* guix/scripts/container/exec.scm (guix-container-exec): Correctly
handle the different cases.
Fixes a regression introduced in
450f774028 and
e3c6575ee9, which introduced
unquote-splicing without changing quote to quasiquote.
* gnu/build/hurd-boot.scm (set-hurd-device-translators)[devices]: Use
quasiquote, note quote.
Addresses <https://issues.guix.gnu.org/59695>.
* gnu/build/image.scm (make-vfat-image): When creating a fat filesystem
for UEFI bootable partition use 512 byte blocks.
Fixes <https://issues.guix.gnu.org/59185>.
* guix/build/syscalls.scm (MS_REC): New variable.
* gnu/build/file-systems.scm (mount-flags->bit-mask): Set MS_REC bit when
bind-mounting.
There was a tiny possibility that the first QEMU process would still be
running by the time we launch the second one.
* gnu/build/marionette.scm (marionette-pid): Export.
* gnu/tests/base.scm (run-root-unmount-test)[test]: Add 'waitpid' call.
* gnu/build/install.scm (evaluate-populate-directive): By default, error when
the target of a symlink doesn't exist. Always ensure TARGET ends with "/".
(populate-root-file-system): Call evaluate-populate-directive with
#:error-on-dangling-symlink #t and add comment.
* gnu/build/linux-modules.scm (<pci-device>): New record type.
(pci-device-class-predicate, storage-pci-device?, network-pci-device?)
(display-pci-device?, pci-devices?): New procedures.
* gnu/build/marionette.scm (wait-for-screen-text): New 'pre-action' and
'post-action' arguments. Update doc. Call the procedures before and after
the OCR occurs, respectively.
This is to make it easier to debug test failures involving
'wait-for-screen-text': the screendump image used for the OCR is now preserved
for inspection when 'wait-for-screen-text' fails.
* gnu/build/marionette.scm (marionette-screen-text): Return the screendump
image file as the second value. Adjust doc.
(wait-for-screen-text): Add the preserved screendump image file name to the
error message. Adjust doc.
It has only one user, which is better suited for wait-for-screen-text anyway.
* gnu/tests/base.scm (run-basic-test): Refactor to use wait-for-screen-text
instead of marionette-screen-text.
This change is motivated by the fact that Account.registeredName is a volatile
account data, not exported along the account and retrieved from the name
server. Have it always return Account.username instead, so that the result is
reproducible independent of whether networking is available or not.
* gnu/build/jami-service.scm (account->username): Always return the account
fingerprint. Adjust doc.
(id->username): Likewise.
Fixes <https://issues.guix.gnu.org/57827>.
Reported by Mathieu Othacehe <othacehe@gnu.org>.
Fixes a regression introduced with the Shepherd 0.9.2 upgrade in
1ba0e38267, whereby IN and OUT would no
longer be closed when 'fork+exec-command/container' would call
'exec-command*' as part of the THUNK passed to 'container-excursion*'.
This is because the Shepherd 0.9.2 assumes file descriptors are properly
marked as O_CLOEXEC and, consequently, 'exec-command' no longer run the
close(2) loop prior to 'exec'.
* gnu/build/linux-container.scm (container-excursion*): Add calls to
'fcntl'.
Log the remaining contnet written to the REPL, so that there's more to go on
than:
socket:5:14: Unknown # object: "#<"
* gnu/build/marionette.scm (marionette-eval): Catch exceptions from read and
log the remainder of the content from the REPL.
Since this code is run from PID 1, this ensures file descriptors to
sensitive files and devices are not accidentally leaked to
sub-processes.
* gnu/build/file-systems.scm (call-with-input-file): New procedure.
(mount-file-system): Use 'close-fdes' + 'open-fdes'.