From baa7aa740f5e86a415cccdd35e82e7b043e05d2e Mon Sep 17 00:00:00 2001 From: Tobias Geerinckx-Rice Date: Sun, 13 Aug 2023 02:00:00 +0200 Subject: doc: Imply that ~/.nix-profile is not a typo. * doc/guix.texi (Fonts Home Services): Mention Nix. Reported by zororg in #guix. --- doc/guix.texi | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'doc/guix.texi') diff --git a/doc/guix.texi b/doc/guix.texi index 409ca2ad62..fcb910e27b 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -44160,8 +44160,8 @@ font installation path (@file{~/.guix-home/profile/share/fonts}). If you configure this service directly, be sure to include the above directory. -A typical extension for adding an additional font directory and setting -a font as the default monospace font might look like this: +Here's how you'd extend it to include fonts installed with the Nix +package manager, and to prefer your favourite monospace font: @lisp (simple-service 'additional-fonts-service -- cgit v1.2.3 From 8f533cbb7a3f4f6d12fc0be2160d0fedc0ab18b9 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Mon, 14 Aug 2023 15:16:31 +0200 Subject: doc: Add reference to the Scheme Crash Course. * doc/guix.texi (Using the Configuration System): Add cross-reference to the "Scheme Crash Course". --- doc/guix.texi | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'doc/guix.texi') diff --git a/doc/guix.texi b/doc/guix.texi index fcb910e27b..8469d09245 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -16924,6 +16924,13 @@ Alternatively, the @code{modify-services} macro can be used: (delete avahi-service-type)) @end lisp +@quotation Do not panic +@cindex Scheme programming language, getting started +Intimidated by the Scheme language or curious about it? The Cookbook +has a short section to get started that explains the fundamentals, which +you will find helpful when hacking your configuration. @xref{A Scheme +Crash Course,,, guix-cookbook, GNU Guix Cookbook}. +@end quotation @unnumberedsubsec Instantiating the System -- cgit v1.2.3 From 2884abb3df4f95cef75219435ce9c1c968068568 Mon Sep 17 00:00:00 2001 From: Maxim Cournoyer Date: Fri, 11 Aug 2023 17:09:08 -0400 Subject: refresh: Add --target-version option. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * guix/scripts/refresh.scm (%options): Register 'target-version' long version. (update-specification->update-spec): Add a fallback-version argument. (options->update-specs): Honor target-version option. * tests/guix-refresh.sh: Test it. * doc/guix.texi (Invoking guix refresh): Document it. Reviewed-by: Ludovic Courtès --- doc/guix.texi | 20 ++++++++++++++++++++ guix/scripts/refresh.scm | 31 +++++++++++++++++++++++-------- tests/guix-refresh.sh | 7 +++++++ 3 files changed, 50 insertions(+), 8 deletions(-) (limited to 'doc/guix.texi') diff --git a/doc/guix.texi b/doc/guix.texi index 8469d09245..b50feed4c4 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -14529,6 +14529,26 @@ gnu/packages/guile.scm:147:2: guile: updating from version 2.0.10 to version 2.0 @dots{} @end example +In some specific cases, you may have many packages specified via a +manifest or a module selection which should all be updated together; for +these cases, the @option{--target-version} option can be provided to have +them all refreshed to the same version, as shown in the examples below: + +@example +$ guix refresh qtbase qtdeclarative --target-version=6.5.2 +gnu/packages/qt.scm:1248:13: qtdeclarative would be upgraded from 6.3.2 to 6.5.2 +gnu/packages/qt.scm:584:2: qtbase would be upgraded from 6.3.2 to 6.5.2 +@end example + +@example +$ guix refresh --manifest=qt5-manifest.scm --target-version=5.15.10 +gnu/packages/qt.scm:1173:13: qtxmlpatterns would be upgraded from 5.15.8 to 5.15.10 +gnu/packages/qt.scm:1202:13: qtdeclarative would be upgraded from 5.15.8 to 5.15.10 +gnu/packages/qt.scm:1762:13: qtserialbus would be upgraded from 5.15.8 to 5.15.10 +gnu/packages/qt.scm:2070:13: qtquickcontrols2 would be upgraded from 5.15.8 to 5.15.10 +@dots{} +@end example + Sometimes the upstream name differs from the package name used in Guix, and @command{guix refresh} needs a little help. Most updaters honor the @code{upstream-name} property in package definitions, which can be used diff --git a/guix/scripts/refresh.scm b/guix/scripts/refresh.scm index a9241aa20d..f39dc743b1 100644 --- a/guix/scripts/refresh.scm +++ b/guix/scripts/refresh.scm @@ -10,6 +10,7 @@ ;;; Copyright © 2020 Simon Tournier ;;; Copyright © 2021 Sarah Morgensen ;;; Copyright © 2022 Hartmut Goebel +;;; Copyright © 2023 Maxim Cournoyer maxim.cournoyer@gmail.com> ;;; ;;; This file is part of GNU Guix. ;;; @@ -106,6 +107,9 @@ (option '(#\m "manifest") #t #f (lambda (opt name arg result) (alist-cons 'manifest arg result))) + (option '("target-version") #t #f + (lambda (opt name arg result) + (alist-cons 'target-version arg result))) (option '(#\e "expression") #t #f (lambda (opt name arg result) (alist-cons 'expression arg result))) @@ -164,6 +168,9 @@ specified with `--select'.\n")) 'module:(gnu packages guile)'")) (display (G_ " -m, --manifest=FILE select all the packages from the manifest in FILE")) + (display (G_ " + --target-version=VERSION + update the package or packages to VERSION")) (display (G_ " -t, --type=UPDATER,... restrict to updates from the specified updaters (e.g., 'gnu')")) @@ -213,17 +220,20 @@ specified with `--select'.\n")) (define* (update-spec package #:optional version) (%update-spec package version)) -(define (update-specification->update-spec spec) +(define (update-specification->update-spec spec fallback-version) "Given SPEC, a package name like \"guile@2.0=2.0.8\", return a -record with two fields: the package to upgrade, and the target version." +record with two fields: the package to upgrade, and the target version. When +SPEC lacks a version, use FALLBACK-VERSION." (match (string-rindex spec #\=) - (#f (update-spec (specification->package spec) #f)) + (#f (update-spec (specification->package spec) fallback-version)) (idx (update-spec (specification->package (substring spec 0 idx)) (substring spec (1+ idx)))))) (define (options->update-specs opts) "Return the list of records requested by OPTS, honoring options like '--recursive'." + (define target-version (assoc-ref opts 'target-version)) + (define core-package? (let* ((input->package (match-lambda ((name (? package? package) _ ...) package) @@ -263,13 +273,18 @@ update would trigger a complete rebuild." ;; Update specs explicitly passed as command-line arguments. (match (append-map (match-lambda (('argument . spec) - ;; Take either the specified version or the - ;; latest one. - (list (update-specification->update-spec spec))) + ;; Take either the specified version or the latest + ;; one. The version specified as part of a spec + ;; takes precedence, with the command-line specified + ;; --target-version used as a fallback. + (list (update-specification->update-spec + spec target-version))) (('expression . exp) - (list (update-spec (read/eval-package-expression exp)))) + (list (update-spec (read/eval-package-expression exp) + target-version))) (('manifest . manifest) - (map update-spec (packages-from-manifest manifest))) + (map (cut update-spec <> target-version) + (packages-from-manifest manifest))) (_ '())) opts) diff --git a/tests/guix-refresh.sh b/tests/guix-refresh.sh index 51d34c4b51..2ce3c592ab 100644 --- a/tests/guix-refresh.sh +++ b/tests/guix-refresh.sh @@ -109,6 +109,13 @@ case "$(guix refresh -t test guile=2.0.0 2>&1)" in *"failed to find"*"2.0.0"*) true;; *) false;; esac + +guix refresh -t test guile --target-version=2.0.0 # XXX: should return non-zero? +case "$(guix refresh -t test guile --target-version=2.0.0 2>&1)" in + *"failed to find"*"2.0.0"*) true;; + *) false;; +esac + for spec in "guile=1.6.4" "guile@3=1.6.4" do guix refresh -t test "$spec" -- cgit v1.2.3 From b8ee6b8a59bf02f47a6668e016905308b441523e Mon Sep 17 00:00:00 2001 From: Felix Lechner Date: Sun, 28 May 2023 16:36:31 -0700 Subject: services: Add cachefilesd service. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Thanks to Bruno Victal "mirai" for cooperating on this patch and for generously sharing a wealth of insights about Guix services. Thanks to Jean-Baptiste Note for an early version of this service! * doc/guix.texi (Linux Services)[Cachefilesd Service]: New heading. * gnu/services/linux.scm (serialize-string, non-negative-integer?) (serialize-non-negative-integer, string, non-negative-integer) (make-option-serializer, make-percentage-threshold-serializer): New procedures. (cachefilesd-configuration): New record type. (cachefilesd-service-type): New variable. * gnu/tests/cachefilesd.scm: New file. * gnu/local.mk (GNU_SYSTEM_MODULES): Add it. Co-authored-by: Bruno Victal Signed-off-by: Ludovic Courtès --- doc/guix.texi | 89 +++++++++++++++++++++ gnu/local.mk | 1 + gnu/services/linux.scm | 199 +++++++++++++++++++++++++++++++++++++++++++++- gnu/tests/cachefilesd.scm | 71 +++++++++++++++++ 4 files changed, 359 insertions(+), 1 deletion(-) create mode 100644 gnu/tests/cachefilesd.scm (limited to 'doc/guix.texi') diff --git a/doc/guix.texi b/doc/guix.texi index b50feed4c4..22590b4f9c 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -117,6 +117,7 @@ Copyright @copyright{} 2023 Karl Hallsby@* Copyright @copyright{} 2023 Nathaniel Nicandro@* Copyright @copyright{} 2023 Tanguy Le Carrour@* Copyright @copyright{} 2023 Brian Cully@* +Copyright @copyright{} 2023 Felix Lechner@* Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or @@ -38659,6 +38660,94 @@ parameters, can be done as follow: @end lisp @end defvar +@subsubheading Cachefilesd Service + +@cindex cachefilesd +@cindex fscache, file system caching (Linux) +The Cachefilesd service starts a daemon that caches network file system +data locally. It is especially useful for NFS and AFS shares, where it +reduces latencies for repeated access when reading files. + +The daemon can be configured as follows: + +@lisp +(service cachefilesd-service-type + (cachefilesd-configuration + (cache-directory "/var/cache/fscache"))) +@end lisp + +@defvar cachefilesd-service-type +The service type for starting @command{cachefilesd}. The value for this +service type is a @code{cachefilesd-configuration}, whose only required +field is @var{cache-directory}. + +@end defvar + +@c %start of fragment +@deftp {Data Type} cachefilesd-configuration +Available @code{cachefilesd-configuration} fields are: + +@table @asis +@item @code{cachefilesd} (default: @code{cachefilesd}) (type: file-like) +The cachefilesd package to use. + +@item @code{debug-output?} (default: @code{#f}) (type: boolean) +Print debugging output to stderr. + +@item @code{use-syslog?} (default: @code{#t}) (type: boolean) +Log to syslog facility instead of stdout. + +@item @code{scan?} (default: @code{#t}) (type: boolean) +Scan for cachable objects. + +@item @code{cache-directory} (type: maybe-string) +Location of the cache directory. + +@item @code{cache-name} (default: @code{"CacheFiles"}) (type: maybe-string) +Name of cache (keep unique). + +@item @code{security-context} (type: maybe-string) +SELinux security context. + +@item @code{pause-culling-for-block-percentage} (default: @code{7}) (type: maybe-non-negative-integer) +Pause culling when available blocks exceed this percentage. + +@item @code{pause-culling-for-file-percentage} (default: @code{7}) (type: maybe-non-negative-integer) +Pause culling when available files exceed this percentage. + +@item @code{resume-culling-for-block-percentage} (default: @code{5}) (type: maybe-non-negative-integer) +Start culling when available blocks drop below this percentage. + +@item @code{resume-culling-for-file-percentage} (default: @code{5}) (type: maybe-non-negative-integer) +Start culling when available files drop below this percentage. + +@item @code{pause-caching-for-block-percentage} (default: @code{1}) (type: maybe-non-negative-integer) +Pause further allocations when available blocks drop below this +percentage. + +@item @code{pause-caching-for-file-percentage} (default: @code{1}) (type: maybe-non-negative-integer) +Pause further allocations when available files drop below this +percentage. + +@item @code{log2-table-size} (default: @code{12}) (type: maybe-non-negative-integer) +Size of tables holding cullable objects in logarithm of base 2. + +@item @code{cull?} (default: @code{#t}) (type: boolean) +Create free space by culling (consumes system load). + +@item @code{trace-function-entry-in-kernel-module?} (default: @code{#f}) (type: boolean) +Trace function entry in the kernel module (for debugging). + +@item @code{trace-function-exit-in-kernel-module?} (default: @code{#f}) (type: boolean) +Trace function exit in the kernel module (for debugging). + +@item @code{trace-internal-checkpoints-in-kernel-module?} (default: @code{#f}) (type: boolean) +Trace internal checkpoints in the kernel module (for debugging). + +@end table +@end deftp +@c %end of fragment + @cindex rasdaemon @cindex Platform Reliability, Availability and Serviceability daemon @subsubheading Rasdaemon Service diff --git a/gnu/local.mk b/gnu/local.mk index 1bf33377a4..5ed399adb0 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -770,6 +770,7 @@ GNU_SYSTEM_MODULES = \ %D%/tests.scm \ %D%/tests/audio.scm \ %D%/tests/base.scm \ + %D%/tests/cachefilesd.scm \ %D%/tests/ci.scm \ %D%/tests/cups.scm \ %D%/tests/databases.scm \ diff --git a/gnu/services/linux.scm b/gnu/services/linux.scm index d105c42850..d17f492e15 100644 --- a/gnu/services/linux.scm +++ b/gnu/services/linux.scm @@ -6,6 +6,7 @@ ;;; Copyright © 2021 B. Wilson ;;; Copyright © 2022 Josselin Poiret ;;; Copyright © 2023 Bruno Victal +;;; Copyright © 2023 Felix Lechner ;;; ;;; This file is part of GNU Guix. ;;; @@ -67,6 +68,28 @@ kernel-module-loader-service-type + cachefilesd-configuration + cachefilesd-configuration? + cachefilesd-configuration-cachefilesd + cachefilesd-configuration-debug-output? + cachefilesd-configuration-use-syslog? + cachefilesd-configuration-scan? + cachefilesd-configuration-cache-directory + cachefilesd-configuration-cache-name + cachefilesd-configuration-security-context + cachefilesd-configuration-pause-culling-for-block-percentage + cachefilesd-configuration-pause-culling-for-file-percentage + cachefilesd-configuration-resume-culling-for-block-percentage + cachefilesd-configuration-resume-culling-for-file-percentage + cachefilesd-configuration-pause-caching-for-block-percentage + cachefilesd-configuration-pause-caching-for-file-percentage + cachefilesd-configuration-log2-table-size + cachefilesd-configuration-cull? + cachefilesd-configuration-trace-function-entry-in-kernel-module + cachefilesd-configuration-trace-function-exit-in-kernel-module + cachefilesd-configuration-trace-internal-checkpoints-in-kernel-module + cachefilesd-service-type + rasdaemon-configuration rasdaemon-configuration? rasdaemon-configuration-record? @@ -306,6 +329,180 @@ more information)." (extend append) (default-value '()))) + +;;; +;;; Cachefilesd, an FS-Cache daemon +;;; + +(define (serialize-string variable-symbol value) + #~(format #f "~a ~a~%" #$(symbol->string variable-symbol) #$value)) + +(define-maybe string) + +(define (non-negative-integer? val) + (and (exact-integer? val) (not (negative? val)))) + +(define (serialize-non-negative-integer variable-symbol value) + #~(format #f "~a ~d~%" #$(symbol->string variable-symbol) #$value)) + +(define-maybe non-negative-integer) + +(define (make-option-serializer option-symbol) + (lambda (variable-symbol text) + (if (maybe-value-set? text) + #~(format #f "~a ~a~%" #$(symbol->string option-symbol) #$text) + ""))) + +(define (make-percentage-threshold-serializer threshold-symbol) + (lambda (variable-symbol percentage) + (if (maybe-value-set? percentage) + #~(format #f "~a ~a%~%" #$(symbol->string threshold-symbol) #$percentage) + ""))) + +(define-configuration cachefilesd-configuration + (cachefilesd + (file-like cachefilesd) + "The cachefilesd package to use." + (serializer empty-serializer)) + + ;; command-line options + (debug-output? + (boolean #f) + "Print debugging output to stderr." + (serializer empty-serializer)) + + (use-syslog? + (boolean #t) + "Log to syslog facility instead of stdout." + (serializer empty-serializer)) + + ;; culling is part of the configuration file + ;; despite the name of the command-line option + (scan? + (boolean #t) + "Scan for cachable objects." + (serializer empty-serializer)) + + ;; sole required field in the configuration file + (cache-directory + maybe-string + "Location of the cache directory." + (serializer (make-option-serializer 'dir))) + + (cache-name + (maybe-string "CacheFiles") + "Name of cache (keep unique)." + (serializer (make-option-serializer 'tag))) + + (security-context + maybe-string + "SELinux security context." + (serializer (make-option-serializer 'secctx))) + + ;; percentage thresholds in the configuration file + (pause-culling-for-block-percentage + (maybe-non-negative-integer 7) + "Pause culling when available blocks exceed this percentage." + (serializer (make-percentage-threshold-serializer 'brun))) + + (pause-culling-for-file-percentage + (maybe-non-negative-integer 7) + "Pause culling when available files exceed this percentage." + (serializer (make-percentage-threshold-serializer 'frun))) + + (resume-culling-for-block-percentage + (maybe-non-negative-integer 5) + "Start culling when available blocks drop below this percentage." + (serializer (make-percentage-threshold-serializer 'bcull))) + + (resume-culling-for-file-percentage + (maybe-non-negative-integer 5) + "Start culling when available files drop below this percentage." + (serializer (make-percentage-threshold-serializer 'fcull))) + + (pause-caching-for-block-percentage + (maybe-non-negative-integer 1) + "Pause further allocations when available blocks drop below this percentage." + (serializer (make-percentage-threshold-serializer 'bstop))) + + (pause-caching-for-file-percentage + (maybe-non-negative-integer 1) + "Pause further allocations when available files drop below this percentage." + (serializer (make-percentage-threshold-serializer 'fstop))) + + ;; run time optimizations in the configuration file + (log2-table-size + (maybe-non-negative-integer 12) + "Size of tables holding cullable objects in logarithm of base 2." + (serializer (make-option-serializer 'culltable))) + + (cull? + (boolean #t) + "Create free space by culling (consumes system load)." + (serializer + (lambda (variable-symbol value) + (if value "" "nocull\n")))) + + ;; kernel module debugging in the configuration file + (trace-function-entry-in-kernel-module? + (boolean #f) + "Trace function entry in the kernel module (for debugging)." + (serializer empty-serializer)) + + (trace-function-exit-in-kernel-module? + (boolean #f) + "Trace function exit in the kernel module (for debugging)." + (serializer empty-serializer)) + + (trace-internal-checkpoints-in-kernel-module? + (boolean #f) + "Trace internal checkpoints in the kernel module (for debugging)." + (serializer empty-serializer))) + +(define (serialize-cachefilesd-configuration configuration) + (mixed-text-file + "cachefilesd.conf" + (serialize-configuration configuration cachefilesd-configuration-fields))) + +(define (cachefilesd-shepherd-service config) + "Return a list of for cachefilesd for CONFIG." + (match-record + config (cachefilesd + debug-output? + use-syslog? + scan? + cache-directory) + (let ((configuration-file (serialize-cachefilesd-configuration config))) + (shepherd-service + (documentation "Run the cachefilesd daemon for FS-Cache.") + (provision '(cachefilesd)) + (requirement (append '(file-systems) + (if use-syslog? '(syslogd) '()))) + (start #~(begin + (and=> #$(maybe-value cache-directory) mkdir-p) + (make-forkexec-constructor + `(#$(file-append cachefilesd "/sbin/cachefilesd") + ;; do not detach + "-n" + #$@(if debug-output? '("-d") '()) + #$@(if use-syslog? '() '("-s")) + #$@(if scan? '() '("-N")) + "-f" #$configuration-file)))) + (stop #~(make-kill-destructor)))))) + +(define cachefilesd-service-type + (service-type + (name 'cachefilesd) + (description + "Run the file system cache daemon @command{cachefilesd}, which relies on +the Linux @code{cachefiles} module.") + (extensions + (list (service-extension kernel-module-loader-service-type + (const '("cachefiles"))) + (service-extension shepherd-root-service-type + (compose list cachefilesd-shepherd-service)))) + (default-value (cachefilesd-configuration)))) + ;;; ;;; Reliability, Availability, and Serviceability (RAS) daemon @@ -351,7 +548,7 @@ more information)." ;;; -;;; Kernel module loader. +;;; Zram device ;;; (define-record-type* diff --git a/gnu/tests/cachefilesd.scm b/gnu/tests/cachefilesd.scm new file mode 100644 index 0000000000..7f5d513067 --- /dev/null +++ b/gnu/tests/cachefilesd.scm @@ -0,0 +1,71 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2017 Peter Mikkelsen +;;; Copyright © 2022 Bruno Victal +;;; Copyright © 2023 Felix Lechner +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +(define-module (gnu tests cachefilesd) + #:use-module (gnu tests) + #:use-module (gnu system) + #:use-module (gnu system vm) + #:use-module (gnu services) + #:use-module (gnu services linux) + #:use-module (guix gexp) + #:export (%test-cachefilesd)) + +(define %cachefilesd-os + (simple-operating-system + (service cachefilesd-service-type + (cachefilesd-configuration + (cache-directory "/var/cache/fscache"))))) + +(define (run-cachefilesd-test) + "Run tests in %cachefilesd-os, which has cachefilesd running." + (define os + (marionette-operating-system + %cachefilesd-os + #:imported-modules '((gnu services herd)))) + + (define vm + (virtual-machine os)) + + (define test + (with-imported-modules '((gnu build marionette)) + #~(begin + (use-modules (srfi srfi-64) + (gnu build marionette)) + (define marionette + (make-marionette (list #$vm))) + + (test-runner-current (system-test-runner #$output)) + (test-begin "cachefilesd") + + (test-assert "service is running" + (marionette-eval + '(begin + (use-modules (gnu services herd)) + (start-service 'cachefilesd)) + marionette)) + + (test-end)))) + (gexp->derivation "cachefilesd-test" test)) + +(define %test-cachefilesd + (system-test + (name "cachefilesd") + (description "Test that the cachefilesd runs when started.") + (value (run-cachefilesd-test)))) -- cgit v1.2.3 From 9dda7479755ba709bb9bb96614ea09ded566b6d3 Mon Sep 17 00:00:00 2001 From: Martin Baulig Date: Mon, 17 Jul 2023 18:13:42 -0400 Subject: services: posgresql: Add option to specify UID/GID for postgres user. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add 'createAccount?', 'uid' and 'gid' to . Unlike other system daemons, the PostgreSQL data directory is typically meant to persist across 'guix system reconfigure' and once created, you don't want it's UID or GID to change anymore. Furthermore, if you want to place the data directory on a network share and use NFSv4 with idmap, then the 'postgres' user must exist when the 'rpc.idmapd' daemon is launched; prior to mounting the share. And it needs to be possible to mount the share without configuring PostgreSQL. With NFSv3, the UID and GID typically needs to match those on the server. The added options allow for both of these scenarios: You can either create the user in (operating-system (users)) completely independently of the 'postgresql-service-type' (for instance to get your NFS setup working first prior to configuring your databases) - or "pin" it's UID / GID values. * gnu/services/databases.scm ()[create-account?] [uid, gid]: New fields. (%postgresql-accounts): Remove. (create-postgresql-account): New procedure. (postgresql-service-type)[extensions]: Use it. * doc/guix.texi (Database Services): Update accordingly. Signed-off-by: Ludovic Courtès --- doc/guix.texi | 14 ++++++++++++++ gnu/services/databases.scm | 37 +++++++++++++++++++++++++------------ 2 files changed, 39 insertions(+), 12 deletions(-) (limited to 'doc/guix.texi') diff --git a/doc/guix.texi b/doc/guix.texi index 22590b4f9c..e2e61f0f2d 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -25179,6 +25179,20 @@ There is no need to add this field for contrib extensions such as hstore or dblink as they are already loadable by postgresql. This field is only required to add extensions provided by other packages. +@item @code{create-account?} (default: @code{#t}) +Whether or not the @code{postgres} user and group should be created. + +@item @code{uid} (default: @code{#f}) +Explicitly specify the UID of the @code{postgres} daemon account. +You normally do not need to specify this, in which case a free UID will +be automatically assigned. + +One situation where this option might be useful is if the @var{data-directory} +is located on a mounted network share. + +@item @code{gid} (default: @code{#f}) +Explicitly specify the GID of the @code{postgres} group. + @end table @end deftp diff --git a/gnu/services/databases.scm b/gnu/services/databases.scm index 7148971c1d..d3fee2a8ef 100644 --- a/gnu/services/databases.scm +++ b/gnu/services/databases.scm @@ -180,17 +180,30 @@ host all all ::1/128 md5")) (data-directory postgresql-configuration-data-directory (default "/var/lib/postgresql/data")) (extension-packages postgresql-configuration-extension-packages - (default '()))) - -(define %postgresql-accounts - (list (user-group (name "postgres") (system? #t)) - (user-account - (name "postgres") - (group "postgres") - (system? #t) - (comment "PostgreSQL server user") - (home-directory "/var/empty") - (shell (file-append shadow "/sbin/nologin"))))) + (default '())) + (create-account? postgresql-configuration-create-account? + (default #t)) + (uid postgresql-configuration-uid + (default #f)) + (gid postgresql-configuration-gid + (default #f))) + +(define (create-postgresql-account config) + (match-record config + (create-account? uid gid) + (if (not create-account?) '() + (list (user-group + (name "postgres") + (id gid) + (system? #t)) + (user-account + (name "postgres") + (group "postgres") + (system? #t) + (uid uid) + (comment "PostgreSQL server user") + (home-directory "/var/empty") + (shell (file-append shadow "/sbin/nologin"))))))) (define (final-postgresql postgresql extension-packages) (if (null? extension-packages) @@ -327,7 +340,7 @@ host all all ::1/128 md5")) (service-extension activation-service-type postgresql-activation) (service-extension account-service-type - (const %postgresql-accounts)) + create-postgresql-account) (service-extension profile-service-type (compose list postgresql-configuration-postgresql)))) -- cgit v1.2.3 From 2b031ca4b2daa1d429e79b08e28fcd26e395bdf2 Mon Sep 17 00:00:00 2001 From: Bruno Victal Date: Sun, 16 Jul 2023 19:47:47 +0100 Subject: Revert "services: Add ddclient service." MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ddclient is unmaintained as of 2023-07-04 [1] and this service has been broken for a while [2]. Remove it rather than shipping a broken service for an unmaintained program that's unlikely to be fixed. [1]: [2]: This reverts commit 8490a8346b5c8207f5798be55bea1de865b0bd42. Signed-off-by: Ludovic Courtès --- doc/guix.texi | 107 -------------------------------- gnu/services/dns.scm | 168 +-------------------------------------------------- 2 files changed, 1 insertion(+), 274 deletions(-) (limited to 'doc/guix.texi') diff --git a/doc/guix.texi b/doc/guix.texi index e2e61f0f2d..633d62bd98 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -32563,113 +32563,6 @@ network or obtained a DHCP lease from dnsmasq. @end table @end deftp -@subsubheading ddclient Service - -@cindex ddclient -The ddclient service described below runs the ddclient daemon, which takes -care of automatically updating DNS entries for service providers such as -@uref{https://dyn.com/dns/, Dyn}. - -The following example show instantiates the service with its default -configuration: - -@lisp -(service ddclient-service-type) -@end lisp - -Note that ddclient needs to access credentials that are stored in a -@dfn{secret file}, by default @file{/etc/ddclient/secrets} (see -@code{secret-file} below). You are expected to create this file manually, in -an ``out-of-band'' fashion (you @emph{could} make this file part of the -service configuration, for instance by using @code{plain-file}, but it will be -world-readable @i{via} @file{/gnu/store}). See the examples in the -@file{share/ddclient} directory of the @code{ddclient} package. - -@c %start of fragment - -Available @code{ddclient-configuration} fields are: - -@deftypevr {@code{ddclient-configuration} parameter} package ddclient -The ddclient package. - -@end deftypevr - -@deftypevr {@code{ddclient-configuration} parameter} integer daemon -The period after which ddclient will retry to check IP and domain name. - -Defaults to @samp{300}. - -@end deftypevr - -@deftypevr {@code{ddclient-configuration} parameter} boolean syslog -Use syslog for the output. - -Defaults to @samp{#t}. - -@end deftypevr - -@deftypevr {@code{ddclient-configuration} parameter} string mail -Mail to user. - -Defaults to @samp{"root"}. - -@end deftypevr - -@deftypevr {@code{ddclient-configuration} parameter} string mail-failure -Mail failed update to user. - -Defaults to @samp{"root"}. - -@end deftypevr - -@deftypevr {@code{ddclient-configuration} parameter} string pid -The ddclient PID file. - -Defaults to @samp{"/var/run/ddclient/ddclient.pid"}. - -@end deftypevr - -@deftypevr {@code{ddclient-configuration} parameter} boolean ssl -Enable SSL support. - -Defaults to @samp{#t}. - -@end deftypevr - -@deftypevr {@code{ddclient-configuration} parameter} string user -Specifies the user name or ID that is used when running ddclient -program. - -Defaults to @samp{"ddclient"}. - -@end deftypevr - -@deftypevr {@code{ddclient-configuration} parameter} string group -Group of the user who will run the ddclient program. - -Defaults to @samp{"ddclient"}. - -@end deftypevr - -@deftypevr {@code{ddclient-configuration} parameter} string secret-file -Secret file which will be appended to @file{ddclient.conf} file. This -file contains credentials for use by ddclient. You are expected to -create it manually. - -Defaults to @samp{"/etc/ddclient/secrets.conf"}. - -@end deftypevr - -@deftypevr {@code{ddclient-configuration} parameter} list extra-options -Extra options will be appended to @file{ddclient.conf} file. - -Defaults to @samp{'()}. - -@end deftypevr - - -@c %end of fragment - @node VNC Services @subsection VNC Services @cindex VNC (virtual network computing) diff --git a/gnu/services/dns.scm b/gnu/services/dns.scm index f45fc99c69..6608046909 100644 --- a/gnu/services/dns.scm +++ b/gnu/services/dns.scm @@ -1,6 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2017 Julien Lepiller -;;; Copyright © 2018 Oleg Pykhalov ;;; Copyright © 2020 Pierre Langlois ;;; Copyright © 2021 Maxime Devos ;;; Copyright © 2022 Remco van 't Veer @@ -53,10 +52,7 @@ knot-resolver-configuration dnsmasq-service-type - dnsmasq-configuration - - ddclient-service-type - ddclient-configuration)) + dnsmasq-configuration)) ;;; ;;; Knot DNS. @@ -901,165 +897,3 @@ cache.size = 100 * MB dnsmasq-activation))) (default-value (dnsmasq-configuration)) (description "Run the dnsmasq DNS server."))) - - -;;; -;;; ddclient -;;; - -(define (uglify-field-name field-name) - (string-delete #\? (symbol->string field-name))) - -(define (serialize-field field-name val) - (when (not (member field-name '(group secret-file user))) - (format #t "~a=~a\n" (uglify-field-name field-name) val))) - -(define (serialize-boolean field-name val) - (serialize-field field-name (if val "yes" "no"))) - -(define (serialize-integer field-name val) - (serialize-field field-name (number->string val))) - -(define (serialize-string field-name val) - (if (and (string? val) (string=? val "")) - "" - (serialize-field field-name val))) - -(define (serialize-list field-name val) - (if (null? val) "" (serialize-field field-name (string-join val)))) - -(define (serialize-extra-options extra-options) - (string-join extra-options "\n" 'suffix)) - -(define-configuration ddclient-configuration - (ddclient - (file-like ddclient) - "The ddclient package.") - (daemon - (integer 300) - "The period after which ddclient will retry to check IP and domain name.") - (syslog - (boolean #t) - "Use syslog for the output.") - (mail - (string "root") - "Mail to user.") - (mail-failure - (string "root") - "Mail failed update to user.") - (pid - (string "/var/run/ddclient/ddclient.pid") - "The ddclient PID file.") - (ssl - (boolean #t) - "Enable SSL support.") - (user - (string "ddclient") - "Specifies the user name or ID that is used when running ddclient -program.") - (group - (string "ddclient") - "Group of the user who will run the ddclient program.") - (secret-file - (string "/etc/ddclient/secrets.conf") - "Secret file which will be appended to @file{ddclient.conf} file. This -file contains credentials for use by ddclient. You are expected to create it -manually.") - (extra-options - (list '()) - "Extra options will be appended to @file{ddclient.conf} file.")) - -(define (ddclient-account config) - "Return the user accounts and user groups for CONFIG." - (let ((ddclient-user (ddclient-configuration-user config)) - (ddclient-group (ddclient-configuration-group config))) - (list (user-group - (name ddclient-group) - (system? #t)) - (user-account - (name ddclient-user) - (system? #t) - (group ddclient-group) - (comment "ddclientd privilege separation user") - (home-directory (string-append "/var/run/" ddclient-user)))))) - -(define (ddclient-activation config) - "Return the activation GEXP for CONFIG." - (with-imported-modules '((guix build utils)) - #~(begin - (use-modules (guix build utils) - (ice-9 rdelim)) - (let ((ddclient-user - (passwd:uid (getpw #$(ddclient-configuration-user config)))) - (ddclient-group - (passwd:gid (getpw #$(ddclient-configuration-group config)))) - (ddclient-secret-file - #$(ddclient-configuration-secret-file config))) - ;; 'ddclient' complains about ddclient.conf file permissions, which - ;; rules out /gnu/store. Thus we copy the ddclient.conf to /etc. - (for-each (lambda (dir) - (mkdir-p dir) - (chmod dir #o700) - (chown dir ddclient-user ddclient-group)) - '("/var/cache/ddclient" "/var/run/ddclient" - "/etc/ddclient")) - (with-output-to-file "/etc/ddclient/ddclient.conf" - (lambda () - (display - (string-append - "# Generated by 'ddclient-service'.\n\n" - #$(with-output-to-string - (lambda () - (serialize-configuration config - ddclient-configuration-fields))) - (if (string-null? ddclient-secret-file) - "" - (format #f "\n\n# Appended from '~a'.\n\n~a" - ddclient-secret-file - (with-input-from-file ddclient-secret-file - read-string))))))) - (chmod "/etc/ddclient/ddclient.conf" #o600) - (chown "/etc/ddclient/ddclient.conf" - ddclient-user ddclient-group))))) - -(define (ddclient-shepherd-service config) - "Return a for ddclient with CONFIG." - (let ((ddclient (ddclient-configuration-ddclient config)) - (ddclient-pid (ddclient-configuration-pid config)) - (ddclient-user (ddclient-configuration-user config)) - (ddclient-group (ddclient-configuration-group config))) - (list (shepherd-service - (provision '(ddclient)) - (documentation "Run ddclient daemon.") - (start #~(make-forkexec-constructor - (list #$(file-append ddclient "/bin/ddclient") - "-foreground" - "-file" "/etc/ddclient/ddclient.conf") - #:pid-file #$ddclient-pid - #:environment-variables - (list "SSL_CERT_DIR=/run/current-system/profile\ -/etc/ssl/certs" - "SSL_CERT_FILE=/run/current-system/profile\ -/etc/ssl/certs/ca-certificates.crt") - #:user #$ddclient-user - #:group #$ddclient-group)) - (stop #~(make-kill-destructor)))))) - -(define ddclient-service-type - (service-type - (name 'ddclient) - (extensions - (list (service-extension account-service-type - ddclient-account) - (service-extension shepherd-root-service-type - ddclient-shepherd-service) - (service-extension activation-service-type - ddclient-activation))) - (default-value (ddclient-configuration)) - (description "Configure address updating utility for dynamic DNS services, -ddclient."))) - -(define (generate-ddclient-documentation) - (generate-documentation - `((ddclient-configuration ,ddclient-configuration-fields)) - 'ddclient-configuration)) -- cgit v1.2.3 From 79ec651a286c71a3d4c72be33a1f80e76a560031 Mon Sep 17 00:00:00 2001 From: Maxim Cournoyer Date: Wed, 19 Jul 2023 11:31:50 -0400 Subject: scripts: time-machine: Error when attempting to visit too old commits. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * doc/guix.texi (Invoking guix time-machine): Document limitation. * guix/inferior.scm (cached-channel-instance): New VALIDATE-CHANNELS argument. Use it to validate channels when there are no cache hit. * guix/scripts/time-machine.scm (%options): Tag the given reference with 'tag-or-commit instead of 'commit. (%oldest-possible-commit): New variable. (guix-time-machine) : New nested procedure. Pass it to the 'cached-channel-instance' call. * tests/guix-time-machine.sh: New test. * Makefile.am (SH_TESTS): Register it. Suggested-by: Simon Tournier Reviewed-by: Ludovic Courtès Reviewed-by: Simon Tournier --- Makefile.am | 1 + doc/guix.texi | 17 +++++++++++++ guix/inferior.scm | 57 ++++++++++++++++++++++++------------------- guix/scripts/time-machine.scm | 38 ++++++++++++++++++++++++++--- tests/guix-time-machine.sh | 28 +++++++++++++++++++++ 5 files changed, 113 insertions(+), 28 deletions(-) create mode 100644 tests/guix-time-machine.sh (limited to 'doc/guix.texi') diff --git a/Makefile.am b/Makefile.am index 5ffcb6a12d..4228c07803 100644 --- a/Makefile.am +++ b/Makefile.am @@ -615,6 +615,7 @@ SH_TESTS = \ tests/guix-refresh.sh \ tests/guix-shell.sh \ tests/guix-shell-export-manifest.sh \ + tests/guix-time-machine.sh \ tests/guix-graph.sh \ tests/guix-describe.sh \ tests/guix-repl.sh \ diff --git a/doc/guix.texi b/doc/guix.texi index 633d62bd98..e09083c1f8 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -5070,6 +5070,23 @@ opens the door to security vulnerabilities. @xref{Invoking guix pull, @option{--allow-downgrades}}. @end quotation +Due to @command{guix time-machine} relying on the ``inferiors'' +mechanism (@pxref{Inferiors}), the oldest commit it can travel to is +commit @samp{6298c3ff} (``v1.0.0''), dated May 1@sup{st}, 2019, which is +the first release that included the inferiors mechanism. An error is +returned when attempting to navigate to older commits. + +@quotation Note +Although it should technically be possible to travel to such an old +commit, the ease to do so will largely depend on the availability of +binary substitutes. When traveling to a distant past, some packages may +not easily build from source anymore. One such example are old versions +of Python 2 which had time bombs in its test suite, in the form of +expiring SSL certificates. This particular problem can be worked around +by setting the hardware clock to a value in the past before attempting +the build. +@end quotation + The general syntax is: @example diff --git a/guix/inferior.scm b/guix/inferior.scm index 5dfd30a6c8..fca6fb4b22 100644 --- a/guix/inferior.scm +++ b/guix/inferior.scm @@ -871,11 +871,15 @@ prefix, resolve it; and if 'commit' is unset, fetch CHANNEL's branch tip." #:key (authenticate? #t) (cache-directory (%inferior-cache-directory)) - (ttl (* 3600 24 30))) + (ttl (* 3600 24 30)) + validate-channels) "Return a directory containing a guix filetree defined by CHANNELS, a list of channels. -The directory is a subdirectory of CACHE-DIRECTORY, where entries can be reclaimed after TTL seconds. -This procedure opens a new connection to the build daemon. AUTHENTICATE? -determines whether CHANNELS are authenticated." +The directory is a subdirectory of CACHE-DIRECTORY, where entries can be +reclaimed after TTL seconds. This procedure opens a new connection to the +build daemon. AUTHENTICATE? determines whether CHANNELS are authenticated. +VALIDATE-CHANNELS, if specified, must be a one argument procedure accepting a +list of channels that can be used to validate the channels; it should raise an +exception in case of problems." (define commits ;; Since computing the instances of CHANNELS is I/O-intensive, use a ;; cheaper way to get the commit list of CHANNELS. This limits overhead @@ -923,27 +927,30 @@ determines whether CHANNELS are authenticated." (if (file-exists? cached) cached - (run-with-store store - (mlet* %store-monad ((instances - -> (latest-channel-instances store channels - #:authenticate? - authenticate?)) - (profile - (channel-instances->derivation instances))) - (mbegin %store-monad - ;; It's up to the caller to install a build handler to report - ;; what's going to be built. - (built-derivations (list profile)) - - ;; Cache if and only if AUTHENTICATE? is true. - (if authenticate? - (mbegin %store-monad - (symlink* (derivation->output-path profile) cached) - (add-indirect-root* cached) - (return cached)) - (mbegin %store-monad - (add-temp-root* (derivation->output-path profile)) - (return (derivation->output-path profile))))))))) + (begin + (when (procedure? validate-channels) + (validate-channels channels)) + (run-with-store store + (mlet* %store-monad ((instances + -> (latest-channel-instances store channels + #:authenticate? + authenticate?)) + (profile + (channel-instances->derivation instances))) + (mbegin %store-monad + ;; It's up to the caller to install a build handler to report + ;; what's going to be built. + (built-derivations (list profile)) + + ;; Cache if and only if AUTHENTICATE? is true. + (if authenticate? + (mbegin %store-monad + (symlink* (derivation->output-path profile) cached) + (add-indirect-root* cached) + (return cached)) + (mbegin %store-monad + (add-temp-root* (derivation->output-path profile)) + (return (derivation->output-path profile)))))))))) (define* (inferior-for-channels channels #:key diff --git a/guix/scripts/time-machine.scm b/guix/scripts/time-machine.scm index d7c71ef705..e4fe511382 100644 --- a/guix/scripts/time-machine.scm +++ b/guix/scripts/time-machine.scm @@ -2,6 +2,7 @@ ;;; Copyright © 2019 Konrad Hinsen ;;; Copyright © 2019, 2020, 2021 Ludovic Courtès ;;; Copyright © 2021 Simon Tournier +;;; Copyright © 2023 Maxim Cournoyer ;;; ;;; This file is part of GNU Guix. ;;; @@ -19,13 +20,15 @@ ;;; along with GNU Guix. If not, see . (define-module (guix scripts time-machine) + #:use-module (guix channels) + #:use-module (guix diagnostics) #:use-module (guix ui) #:use-module (guix scripts) #:use-module (guix inferior) #:use-module (guix store) #:use-module (guix status) #:use-module ((guix git) - #:select (with-git-error-handling)) + #:select (update-cached-checkout with-git-error-handling)) #:use-module ((guix utils) #:select (%current-system)) #:use-module ((guix scripts pull) @@ -38,9 +41,17 @@ #:use-module (srfi srfi-1) #:use-module (srfi srfi-11) #:use-module (srfi srfi-26) + #:use-module (srfi srfi-34) #:use-module (srfi srfi-37) + #:use-module (srfi srfi-71) #:export (guix-time-machine)) +;;; The required inferiors mechanism relied on by 'guix time-machine' was +;;; firmed up in v1.0.0; it is the oldest, safest commit that can be travelled +;;; to. +(define %oldest-possible-commit + "6298c3ffd9654d3231a6f25390b056483e8f407c") ;v1.0.0 + ;;; ;;; Command-line options. @@ -81,7 +92,7 @@ Execute COMMAND ARGS... in an older version of Guix.\n")) (alist-delete 'repository-url result)))) (option '("commit") #t #f (lambda (opt name arg result) - (alist-cons 'ref `(commit . ,arg) result))) + (alist-cons 'ref `(tag-or-commit . ,arg) result))) (option '("branch") #t #f (lambda (opt name arg result) (alist-cons 'ref `(branch . ,arg) result))) @@ -140,8 +151,27 @@ Execute COMMAND ARGS... in an older version of Guix.\n")) (let* ((opts (parse-args args)) (channels (channel-list opts)) (command-line (assoc-ref opts 'exec)) + (ref (assoc-ref opts 'ref)) (substitutes? (assoc-ref opts 'substitutes?)) (authenticate? (assoc-ref opts 'authenticate-channels?))) + + (define (validate-guix-channel channels) + "Finds the Guix channel among CHANNELS, and validates that REF as +captured from the closure, a git reference specification such as a commit hash +or tag associated to CHANNEL, is valid and new enough to satisfy the 'guix +time-machine' requirements. A `formatted-message' condition is raised +otherwise." + (let* ((guix-channel (find guix-channel? channels)) + (checkout commit relation (update-cached-checkout + (channel-url guix-channel) + #:ref (or ref '()) + #:starting-commit + %oldest-possible-commit))) + (unless (memq relation '(ancestor self)) + (raise (formatted-message + (G_ "cannot travel past commit `~a' from May 1st, 2019") + (string-take %oldest-possible-commit 12)))))) + (when command-line (let* ((directory (with-store store @@ -153,6 +183,8 @@ Execute COMMAND ARGS... in an older version of Guix.\n")) #:dry-run? #f) (set-build-options-from-command-line store opts) (cached-channel-instance store channels - #:authenticate? authenticate?))))) + #:authenticate? authenticate? + #:validate-channels + validate-guix-channel))))) (executable (string-append directory "/bin/guix"))) (apply execl (cons* executable executable command-line)))))))) diff --git a/tests/guix-time-machine.sh b/tests/guix-time-machine.sh new file mode 100644 index 0000000000..8b62ef75ea --- /dev/null +++ b/tests/guix-time-machine.sh @@ -0,0 +1,28 @@ +# GNU Guix --- Functional package management for GNU +# Copyright © 2023 Maxim Cournoyer +# +# This file is part of GNU Guix. +# +# GNU Guix is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GNU Guix is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GNU Guix. If not, see . + +# +# Test the 'guix time-machine' command-line utility. +# + +guix time-machine --version + +# Visiting a commit older than v1.0.0 fails. +! guix time-machine --commit=v0.15.0 + +exit 0 -- cgit v1.2.3