| Age | Commit message (Collapse) | Author |
|---|
|
Fixes <https://issues.guix.gnu.org/57827>.
Reported by Mathieu Othacehe <othacehe@gnu.org>.
Fixes a regression introduced with the Shepherd 0.9.2 upgrade in
1ba0e38267c9ff8bb476285091be6e297bbf136e, whereby IN and OUT would no
longer be closed when 'fork+exec-command/container' would call
'exec-command*' as part of the THUNK passed to 'container-excursion*'.
This is because the Shepherd 0.9.2 assumes file descriptors are properly
marked as O_CLOEXEC and, consequently, 'exec-command' no longer run the
close(2) loop prior to 'exec'.
* gnu/build/linux-container.scm (container-excursion*): Add calls to
'fcntl'.
|
|
Since #<eof> can't be read.
* gnu/build/marionette.scm (wait-for-file): Return "" if file is empty.
Partially-Fixes: https://issues.guix.gnu.org/57827
|
|
Log the remaining contnet written to the REPL, so that there's more to go on
than:
socket:5:14: Unknown # object: "#<"
* gnu/build/marionette.scm (marionette-eval): Catch exceptions from read and
log the remainder of the content from the REPL.
|
|
* gnu/build/secret-service.scm (secret-service-send-secrets)
(secret-service-receive-secrets): Pass SOCK_CLOEXEC to 'socket'.
|
|
Since this code is run from PID 1, this ensures file descriptors to
sensitive files and devices are not accidentally leaked to
sub-processes.
* gnu/build/file-systems.scm (call-with-input-file): New procedure.
(mount-file-system): Use 'close-fdes' + 'open-fdes'.
|
|
* gnu/build/linux-boot.scm (boot-system): Call resume-if-hibernated
after pre-mount.
Signed-off-by: Tobias Geerinckx-Rice <me@tobias.gr>
|
|
* gnu/build/shepherd.scm (make-forkexec-constructor/container): Set #o640
permissions for log file.
|
|
The uuid field of <partition> defaults to #false. This should be reflected
when creating the partition.
* gnu/build/image.scm (make-ext-image): Make it optional.
|
|
* gnu/build/image.scm (make-ext-image): Remove the unused flags variable.
|
|
* gnu/build/marionette.scm (invoke-ocrad-ocr): New procedure.
(invoke-tesseract-ocr): Likewise.
(marionette-screen-text): Rename the #:ocrad argument to #:ocr. Dispatch the
matching OCR invocation procedure.
(wait-for-screen-text): Rename the #:ocrad argument to #:ocr.
* gnu/tests/base.scm (run-basic-test): Adjust accordingly.
* gnu/tests/install.scm (enter-luks-passphrase): Likewise.
(enter-luks-passphrase-for-home): Likewise.
|
|
* gnu/build/marionette.scm (wait-for-screen-text): Return the last OCR'd text
when the predicate fails to match instead of the not useful predicate object.
|
|
* gnu/build/marionette.scm (marionette-control): Update doc to correct the
QEMU Info manual reference.
|
|
* gnu/build/file-systems.scm (mount-flags->bit-mask, mount-file-system):
Handle shared flag.
* gnu/system/file-systems.scm (invalid-file-system-flags): Add shared to known
flags.
* guix/build/syscalls.scm (MS_SHARED): New variable.
* doc/guix.texi (File Systems): Document shared flag.
|
|
Enable the QEMU guest agent interface in marionette VMs, run the
qemu-guest-agent service in one and try talking to it.
* gnu/build/marionette.scm (make-marionette): Enable the guest agent device.
* gnu/tests/virtualization.scm (run-qemu-guest-agent-test): New procedure.
(%test-qemu-guest-agent): New variable.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
|
|
* gnu/build/chromium-extension.scm (make-crx): Lift Xorg and Chromium
dependencies, rely on node-crx3 instead.
Signed-off-by: Marius Bakke <marius@gnu.org>
|
|
* gnu/build/file-systems.scm (ext2-superblock-cleanly-unmounted?)
(cleanly-unmounted-ext2?): New procedures.
|
|
* gnu/bootloader/grub.scm (grub-efi32-bootloader): New variable.
(install-grub-efi32): New variable.
* gnu/build/bootloader.scm (install-efi): Add a 'targets' keyword
argument.
(install-efi-loader): Likewise.
* gnu/build/image.scm (initialize-efi32-partition): New procedure.
* gnu/packages/bootloaders.scm (grub-efi32): New variable.
* gnu/system/image.scm (esp32-partition): New variable
(efi32-disk-image): New variable.
(efi32-raw-image-type): New variable.
(system-disk-image)[partition-image]: Set '#:grub-efi32' when
calling the partition initializer.
Signed-off-by: Mathieu Othacehe <othacehe@gnu.org>
|
|
This partially fixes <https://issues.guix.gnu.org/54786>, allowing the 'jami'
and 'jami-provisioning' system tests to pass again.
In version 0.9.0, Shepherd constructors are now run concurrently, via
cooperative scheduling (Guile Fibers). The Jami service previously relied on
blocking sleeps while polling for D-Bus services to become ready after forking
a process; this wouldn't work anymore since while blocking the service process
wouldn't be given the chance to finish starting. The new reliance on Fibers
in Shepherd's fork+exec-command in the helper 'send-dbus' procedure also meant
that it wouldn't work outside of Shepherd anymore. Finally, the
'start-service' Shepherd procedure used in the test suite would cause the Jami
daemon to be spawned multiple times (a bug introduced in Shepherd 0.9.0).
To fix/simplify these problems, this change does the following:
1. Use the Guile AC/D-Bus library for D-Bus communication, which simplify
things, such as avoiding the need to fork 'dbus-send' processes.
2. The non-blocking 'sleep' version of Fiber is used for the 'with-retries'
waiting syntax.
3. A 'dbus' package variant is used to adjust the session bus configuration,
tailoring it for the use case at hand.
4. Avoid start-service in the tests, preferring 'jami-service-available?' for
now.
* gnu/build/jami-service.scm (parse-dbus-reply, strip-quotes)
(deserialize-item, serialize-boolean, dbus-dict->alist)
(dbus-array->list, parse-account-ids, parse-account-details)
(parse-contacts): Delete procedures.
(%send-dbus-binary, %send-dbus-bus, %send-dbus-user, %send-dbus-group)
(%send-dbus-debug): Delete parameters.
(jami-service-running?): New procedure.
(send-dbus/configuration-manager): Rename to...
(call-configuration-manager-method): ... this. Turn METHOD into a positional
argument. Turn ARGUMENTS into an optional argument. Invoke
`call-dbus-method' instead of `send-dbus', adjusting callers accordingly.
(get-account-ids, id->account-details, id->account-details)
(id->volatile-account-details, username->id, add-account remove-account)
(username->contacts, remove-contact, add-contact, set-account-details)
(set-all-moderators, username->all-moderators?, username->moderators)
(set-moderator): Adjust accordingly.
(with-retries, send-dbus, dbus-available-services)
(dbus-service-available?): Move to ...
* gnu/build/dbus-service.scm: ... this new module.
(send-dbus): Rewrite to use the Guile AC/D-Bus library.
(%dbus-query-timeout, sleep*): New variables.
(%current-dbus-connection): New parameter.
(initialize-dbus-connection!, argument->signature-type)
(call-dbus-method): New procedures.
(dbus-available-services): Adjust accordingly.
* gnu/local.mk (GNU_SYSTEM_MODULES): Register new module.
* gnu/packages/glib.scm (dbus-for-jami): New variable.
* gnu/services/telephony.scm: (jami-configuration)[dbus]: Default to
dbus-for-jami.
(jami-dbus-session-activation): Write a D-Bus daemon configuration file at
'/var/run/jami/session-local.conf'.
(jami-shepherd-services): Add the closure of guile-ac-d-bus and guile-fibers
as extensions. Adjust imported modules. Remove no longer used parameters.
<jami-dbus-session>: Use a PID file, avoiding the need for the manual
synchronization.
<jami>: Set DBUS_SESSION_BUS_ADDRESS environment variable. Poll using
'jami-service-available?' instead of 'dbus-service-available?'.
* gnu/tests/telephony.scm (run-jami-test): Add needed Guile extensions. Set
DBUS_SESSION_BUS_ADDRESS environment variable. Adjust all tests to use
'jami-service-available?' to determine if the service is started rather than
the now problematic Shepherd's 'start-service'.
|
|
* gnu/build/image.scm (make-vfat-image): Pass fs-bits as an argument and force
1kb logical sector size only if "ESP" flag is set.
(make-partition-image): Add "fat32" partition type, support explicit "fat16"
type with vfat alias.
* gnu/system/image.scm (partition->dos-type partition): Return file system IDs
for "fat16" and "fat32" partitions.
(partition->gpt-type partition): Ditto.
Signed-off-by: Mathieu Othacehe <othacehe@gnu.org>
|
|
* gnu/build/image.scm (sexp->partition): Add flags support.
* gnu/system/image.scm (partition->gexp): Ditto.
(system-disk-image): Set the genimage bootable flag if it is part of the
partition flags.
Signed-off-by: Mathieu Othacehe <othacehe@gnu.org>
|
|
* gnu/build/marionette.scm (wait-for-tcp-port): Add #:address parameter.
Honor it, and improve error reporting in the 'failure case.
|
|
* guix/least-authority.scm: New file.
* Makefile.am (MODULES): Add it.
* gnu/build/shepherd.scm (default-mounts): Make public.
|
|
* gnu/build/linux-container.scm (wait-child-process)
(status->exit-status): New procedures.
(call-with-container): Add #:child-is-pid1? parameter and honor it.
[thunk*]: New variable. Pass it to 'run-container'.
|
|
Previously we could enter the blocking 'waitpid' call and miss an
opportunity to run the signal handler async.
* gnu/build/linux-container.scm (call-with-container)
[periodically-schedule-asyncs]: New procedure.
[install-signal-handlers]: Call it.
|
|
* gnu/build/linux-container.scm (call-with-container): Add #:relayed-signals.
[install-signal-handlers]: New procedure.
Call it.
|
|
To support the argument introduced in Shepherd 0.9.0 when defining
container-bound services.
* gnu/build/shepherd.scm (exec-command*)
(make-forkexec-constructor/container): Add '#:supplementary-groups'.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
|
|
Fixes a regression introduced in
938448bf40fc77092859352d2243e2d0c236375f whereby
'fork+exec-command/container' would return #t, then used as the running
value of the 'guix-daemon' service in the installer. Upon installation
completion, stopping the 'guix-daemon' service would fail with
wrong-type-arg because that #t would be passed to the 'stop' method in
lieu of a PID.
* gnu/build/shepherd.scm (fork+exec-command/container): Return a PID
rather than #t.
|
|
Fixes a regression introduced in
938448bf40fc77092859352d2243e2d0c236375f where 'exec-command*' could
get #:directory #f, in particular when called by
'fork+exec-command/container'.
* gnu/build/shepherd.scm (exec-command*): Add default value for #:directory.
|
|
This ensures those programs, if invoked by shepherd (where standard
input is /dev/null), can still interact with the user if needed.
* gnu/build/file-systems.scm (check-ext2-file-system)
(check-bcachefs-file-system, check-btrfs-file-system):
(check-fat-file-system, check-jfs-file-system):
(check-f2fs-file-system, check-ntfs-file-system):
(check-xfs-file-system): Use 'system*/tty' instead of 'system*'.
|
|
Fixes <https://issues.guix.gnu.org/54770>.
Regression introduced in 400c9ed3d779308e56038305d40cd93acb496180.
Previously, for an encrypted /home (say), "cryptsetup open" would be
invoked by shepherd, with /dev/null as its standard input. It would
thus run in non-interactive mode and, instead of asking for a
passphrase, fail with:
Nothing to read on input.
This change ensures it runs in interactive mode.
* gnu/build/file-systems.scm (system*/console, system*/tty): New
procedures.
* gnu/system/mapped-devices.scm (open-luks-device): Use 'system*/tty'
instead of 'system*'.
|
|
This lets the 'childhurd' service start in the background, letting
shepherd perform other tasks in the meantime, including serving
clients (such as the 'herd' command).
* gnu/build/secret-service.scm (with-modules): New macro.
(wait-for-readable-fd): Add cooperative implementation when Fibers is in
use.
(secret-service-send-secrets): Define 'sleep' so that it cooperates when
Fibers is in use.
|
|
* gnu/build/secret-service.scm (wait-for-readable-fd): New procedure.
(secret-service-send-secrets): Use it instead of 'select'.
|
|
* gnu/build/shepherd.scm (exec-command*): New procedure, with code
formerly...
(make-forkexec-constructor/container): ... here. Use it.
(fork+exec-command/container): Use 'fork+exec-command' only when
CONTAINER-SUPPORT? is false or PID is the current process.
|
|
* gnu/build/linux-boot.scm (boot-system): Honor rootfstype and rootflags
arguments. Update doc. Error out in case there is insufficient information
with regard to the root file system.
Restore the behavior of inferring the root device from the root file system
from the operating system in case the root argument is not provided.
* doc/guix.texi (Initial RAM Disk): Document the new command-line parameters.
|
|
This is to make it less surprising, given the common convention sets forth by
the kernel Linux command-line parameters.
* gnu/build/linux-boot.scm (boot-system): Rename '--load', '--repl', '--root'
and '--system' to 'gnu.load', 'gnu.repl', 'root' and 'gnu.system',
respectively. Adjust doc.
(find-long-option): Adjust doc.
* gnu/installer/parted.scm (installer-root-partition-path): Adjust accordingly.
* gnu/system.scm (bootable-kernel-arguments): Add a VERSION argument and
update doc. Use VERSION to conditionally return old style vs new style initrd
arguments.
(%boot-parameters-version): Increment to 1.
(operating-system-boot-parameters): Adjust doc.
(operating-system-boot-parameters-file): Likewise.
* gnu/system/linux-initrd.scm (raw-initrd, base-initrd): Likewise.
* doc/guix.texi: Adjust doc.
* gnu/build/activation.scm (boot-time-system): Adjust accordingly.
* gnu/build/hurd-boot.scm (boot-hurd-system): Likewise.
* gnu/packages/commencement.scm (%final-inputs-riscv64): Adjust comment.
|
|
* gnu/build/linux-boot.scm (boot-system): Document the Linux command-line
parameters it understands and split a long string over two lines.
|
|
Workaround for <https://issues.guix.gnu.org/53194>.
* gnu/build/image.scm (estimate-partition-size): Enforce a 1-MiB minimum.
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
|
|
Adds low-level support for launching Linux containers with cgroup namespaces.
* gnu/build/linux-container.scm (%namespaces): Add 'cgroup.
(namespaces->bit-mask): Handle it.
* guix/build/syscalls.scm (CLONE_NEWCGROUP): New variable.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
|
|
Fixes <https://issues.guix.gnu.org/52539>.
Reported by Jacob First <jacob.first@member.fsf.org>.
* gnu/build/accounts.scm (allocate-passwd): Add comment as to why
'real-name' is taken from PREVIOUS. Add (not system?) to the
condition.
* gnu/system.scm (operating-system-etc-service) <login.defs>: Add
"CHFN_RESTRICT".
* gnu/system.scm (%setuid-programs): Add "chfn".
* gnu/system/pam.scm (base-pam-services): Add "chfn".
* doc/guix.texi (User Accounts): Document it.
|
|
This code duplicates the (gnu system image) and (gnu build image) code. Using
VM for image generation is not needed, not portable and really slow. Remove
all the VM image generation code to make sure that only the image API is used.
* gnu/build/vm.scm: Remove it. Move the qemu-command procedure to ...
* gnu/build/marionette.scm: ... here.
* gnu/local.mk (GNU_SYSTEM_MODULES): Adapt it.
* tests/modules.scm: Ditto.
* gnu/tests/install.scm: Ditto.
* gnu/system/vm.scm: Adapt it and remove expression->derivation-in-linux-vm,
qemu-img, system-qemu-image/shared-store and system-docker-image procedures.
* doc/guix.texi (G-Expressions): Adapt it.
|
|
* gnu/build/image.scm (initialize-root-partition): Add a closure-copy?
argument and honor it.
|
|
* gnu/build/chromium-extension.scm (make-crx): Use a Chromium profile relative
to the build directory instead of /tmp. While here, remove obsolete comment.
|
|
* gnu/build/chromium-extension.scm (make-crx): Pass #:keep-mtime? #t to
COPY-RECURSIVELY. Remove defunct FAKETIME workaround. While at it, pack the
extension in the scratch working directory instead of the transient
store-mapped /tmp.
|
|
* gnu/build/chromium-extension.scm (make-signing-key): Wrap builder in
with-extensions, and compute the seed checksum at build time.
|
|
* gnu/build/chromium-extension.scm (make-crx): Delay with-imported-modules
until the builder code.
(crx->chromium-json): Remove needless define* while at it.
|
|
* gnu/build/chromium-extension.scm (chromium-json->profile-object): Remove
variable.
(file-sha256): New variable.
(make-chromium-extension): Rename OUTPUT parameter to prevent conflict.
Adjust other variable names for clarity.
[inputs]: Clear.
[arguments]: Inline and simplify the final transformation with a gexp.
|
|
Loading the framebuffer-coreboot module simply fails with EINVAL on a
non-Corebooted system. Crashing the system with a kernel panic is not
a reasonable reaction to loading valid modules on unsupported hardware.
The kernel should log an error, which the user is expected to see.
Bogus module names will still be fatally reported by linux-modules.drv.
* gnu/build/linux-modules.scm (load-linux-module*):
Ignore EINVAL errors when operating recursively.
|
|
|
|
* gnu/services/base.scm (<static-networking>)[interface, ip, netmask]
[gateway]: Remove.
[addresses, links, routes]: New fields.
[requirement]: Default to '(udev).
(<network-address>, <network-link>, <network-route>): New record types.
(ensure-no-separate-netmask, %ensure-no-separate-netmask): Remove.
(ipv6-address?, cidr->netmask, ip+netmask->cidr)
(network-set-up/hurd, network-tear-down/hurd)
(network-set-up/linux, network-tear-down/linux)
(static-networking->hurd-pfinet-options): New procedures.
(static-networking-shepherd-service): New procedure.
(static-networking-shepherd-services): Rewrite in terms of the above.
(static-networking-service): Deprecate. Adjust to new
'static-networking' API.
(%base-services): Likewise.
* gnu/system/install.scm (%installation-services): Likewise.
* gnu/system/hurd.scm (%base-services/hurd): Likewise, and separate
'loopback' from 'networking'.
* gnu/build/hurd-boot.scm (set-hurd-device-translators): Remove
"servers/socket/2".
* gnu/tests/networking.scm (run-openvswitch-test)["networking has
started on ovs0"]: Check for 'networking instead of 'networking-ovs0,
which is no longer provided.
* doc/guix.texi (Networking Setup): Document the new interface. Remove
documentation of 'static-networking-service'.
(Virtualization Services): Change Ganeti example to use the new
interface.
|
|
* gnu/services/virtualization.scm (secret-service-activation): Remove.
(secret-service-shepherd-services): New procedure.
(secret-service-type)[extensions]: Remove ACTIVATION-SERVICE-TYPE
extension. Add SHEPHERD-ROOT-SERVICE-TYPE and
USER-PROCESSES-SERVICE-TYPE extensions.
* gnu/build/secret-service.scm (delete-file*): New procedure.
(secret-service-receive-secrets): Use it.
|
