screen-locker-service-type by default does both define PAM entry
and make program setuid binary. Normally both methods are
mutually exclusive, if binary has setuid set it does not really
needs PAM, otherway around also similar, if PAM is enabled
binary should not relay on setuid.
Recent swaylock package now compiled with PAM support. When PAM
support is compiled in, swaylock rejects executing if binary is
also setuid program.
This change turns screen-locker-configuration from strict
PAM AND setuid to more flexible PAM AND/OR setuid. Allowing
swaylock to be configured properly while supporting other
screen locker preferences.
* gnu/services/xorg.scm (screen-locker-configuration): Switch from
define-record-type to define-configuration.
[using-pam?]: New field to control PAM entry existence.
[using-setuid?]: New field to control setuid binary existence.
(screen-locker-pam-services): Should not make unix-pam-service if
using-pam? is set to #f.
(screen-locker-setuid-programs): Should not make program setuid
program if using-setuid? is set to #f.
(screen-locker-generate-doc): Internal function to generate
configuration documentation.
(screen-locker-service): Adapt to new screen-locker-configuration.
* gnu/services/desktop.scm (desktop-services-for-system): Adapt to
new screen-locker-configuration.
* doc/guix.texi: Reflect new changes to screen-locker-configuration.
Signed-off-by: Josselin Poiret <dev@jpoiret.xyz>
This file contains invisible Unicode characters that may be processed differently from what appears below. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to reveal hidden characters.
This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.
-*- mode: org -*-
[[https://www.gnu.org/software/guix/][GNU Guix]] (IPA: /ɡiːks/) is a purely functional package manager, and
associated free software distribution, for the [[https://www.gnu.org/gnu/gnu.html][GNU system]]. In addition
to standard package management features, Guix supports transactional
upgrades and roll-backs, unprivileged package management, per-user
profiles, and garbage collection.
It provides [[https://www.gnu.org/software/guile/][Guile]] Scheme APIs, including a high-level embedded
domain-specific languages (EDSLs) to describe how packages are to be
built and composed.
GNUGuix can be used on top of an already-installed GNU/Linux distribution, or
it can be used standalone (we call that “Guix System”).
Guix is based on the [[https://nixos.org/nix/][Nix]] package manager.
* Requirements
If you are building Guix from source, please see the manual for build
instructions and requirements, either by running:
info -f doc/guix.info "Requirements"
or by checking the [[https://guix.gnu.org/manual/en/html_node/Requirements.html][web copy of the manual]].
* Installation
See the manual for the installation instructions, either by running
info -f doc/guix.info "Installation"
or by checking the [[https://guix.gnu.org/manual/en/html_node/Installation.html][web copy of the manual]].
* Building from Git
For information on building Guix from a Git checkout, please see the relevant
section in the manual, either by running
info -f doc/guix.info "Building from Git"
or by checking the [[https://guix.gnu.org/manual/en/html_node/Building-from-Git.html][web_copy of the manual]].
* How It Works
Guix does the high-level preparation of a /derivation/. A derivation is
the promise of a build; it is stored as a text file under
=/gnu/store/xxx.drv=. The (guix derivations) module provides the
`derivation' primitive, as well as higher-level wrappers such as
`build-expression->derivation'.
Guix does remote procedure calls (RPCs) to the build daemon (the =guix-daemon=
command), which in turn performs builds and accesses to the store on its
behalf. The RPCs are implemented in the (guix store) module.
* Contact
GNU Guix is hosted at https://savannah.gnu.org/projects/guix/.
Please email <help-guix@gnu.org> for questions and <bug-guix@gnu.org> for bug
reports; email <gnu-system-discuss@gnu.org> for general issues regarding the
GNU system.
Join #guix on irc.libera.chat.
* Guix & Nix
GNU Guix is based on [[https://nixos.org/nix/][the Nix package manager]]. It implements the same
package deployment paradigm, and in fact it reuses some of its code.
Yet, different engineering decisions were made for Guix, as described
below.
Nix is really two things: a package build tool, implemented by a library
and daemon, and a special-purpose programming language. GNU Guix relies
on the former, but uses Scheme as a replacement for the latter.
Using Scheme instead of a specific language allows us to get all the
features and tooling that come with Guile (compiler, debugger, REPL,
Unicode, libraries, etc.) And it means that we have a general-purpose
language, on top of which we can have embedded domain-specific languages
(EDSLs), such as the one used to define packages. This broadens what
can be done in package recipes themselves, and what can be done around them.
Technically, Guix makes remote procedure calls to the ‘nix-worker’
daemon to perform operations on the store. At the lowest level, Nix
“derivations” represent promises of a build, stored in ‘.drv’ files in
the store. Guix produces such derivations, which are then interpreted
by the daemon to perform the build. Thus, Guix derivations can use
derivations produced by Nix (and vice versa).
With Nix and the [[https://nixos.org/nixpkgs][Nixpkgs]] distribution, package composition happens at
the Nix language level, but builders are usually written in Bash.
Conversely, Guix encourages the use of Scheme for both package
composition and builders. Likewise, the core functionality of Nix is
written in C++ and Perl; Guix relies on some of the original C++ code,
but exposes all the API as Scheme.
* Related software
- [[https://nixos.org][Nix, Nixpkgs, and NixOS]], functional package manager and associated
software distribution, are the inspiration of Guix
- [[https://www.gnu.org/software/stow/][GNU Stow]] builds around the idea of one directory per prefix, and a
symlink tree to create user environments
- [[https://www.pvv.ntnu.no/~arnej/store/storedoc_6.html][STORE]] shares the same idea
- [[https://live.gnome.org/OSTree/][GNOME's OSTree]] allows bootable system images to be built from a
specified set of packages
- The [[https://www.gnu.org/s/gsrc/][GNU Source Release Collection]] (GSRC) is a user-land software
distribution; unlike Guix, it relies on core tools available on the
host system
f4f5ee6ad6