From 82ccc499f7262982beb2da9827d5706967a334f0 Mon Sep 17 00:00:00 2001 From: Carlo Zancanaro Date: Sun, 19 Feb 2017 10:32:58 +1100 Subject: services: Add exim-service-type. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * gnu/services/mail.scm (): New record type. (exim-computed-config-file, exim-shepherd-service, exim-activation, exim-etc, exim-profile): New procedures. (exim-service-type, %exim-accounts): New variables. * doc/guix.text (Mail Services): Document it. Signed-off-by: Ludovic Courtès --- doc/guix.texi | 42 +++++++++++++++++++++++++++++++++++++++++- 1 file changed, 41 insertions(+), 1 deletion(-) (limited to 'doc') diff --git a/doc/guix.texi b/doc/guix.texi index 732f4312a4..18821b9a9e 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -32,7 +32,8 @@ Copyright @copyright{} 2016 Julien Lepiller@* Copyright @copyright{} 2016 Alex ter Weele@* Copyright @copyright{} 2017 Clément Lassieur@* Copyright @copyright{} 2017 Mathieu Othacehe@* -Copyright @copyright{} 2017 Federico Beffa +Copyright @copyright{} 2017 Federico Beffa@* +Copyright @copyright{} 2017 Carlo Zancanaro Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or @@ -12206,6 +12207,45 @@ remote servers. Run @command{man smtpd.conf} for more information. @end table @end deftp +@subsubheading Exim Service + +@deffn {Scheme Variable} exim-service-type +This is the type of the @uref{https://exim.org, Exim} service, whose value +should be an @code{exim-configuration} object as in this example: + +@example +(service exim-service-type + (exim-configuration + (config-file (local-file "./my-exim.conf")) + (aliases '(("postmaster" "bob") + ("bob" "bob@@example.com" "bob@@example2.com"))))) +@end example +@end deffn + +@deftp {Data Type} exim-configuration +Data type representing the configuration of exim. + +@table @asis +@item @code{package} (default: @var{exim}) +Package object of the Exim server. + +@item @code{config-file} (default: @code{#f}) +File-like object of the Exim configuration file to use. If its value is +@code{#f} then use the default configuration file from the package +provided in @code{package}. The resulting configuration file is loaded +after setting the @code{exim_user} and @code{exim_group} configuration +variables. + +@item @code{aliases} (default: @code{'()}) +List of aliases to use when delivering mail on this system. The +@code{car} of each list is used to match incoming mail, with the +@code{cdr} of each list designating how to deliver it. There may be many +delivery methods provided, in which case the mail is delivered to them +all. + +@end table +@end deftp + @node Messaging Services @subsubsection Messaging Services -- cgit v1.2.3 From 563c5d42c954eacc54151d46a04ae14b9dbb1a10 Mon Sep 17 00:00:00 2001 From: Clément Lassieur Date: Thu, 2 Mar 2017 22:06:27 +0100 Subject: services: openssh: Enable PAM. * gnu/services/ssh.scm: (openssh-pam-services): New procedure. (openssh-service-type): Use it to extend PAM-ROOT-SERVICE-TYPE. ()[challenge-response-authentication?]: New field. ()[use-pam?]: New field. (openssh-config-file): Add them. * doc/guix.texi (Networking Services): Document them. Signed-off-by: Danny Milosavljevic --- doc/guix.texi | 16 ++++++++++++++++ gnu/services/ssh.scm | 21 ++++++++++++++++++++- 2 files changed, 36 insertions(+), 1 deletion(-) (limited to 'doc') diff --git a/doc/guix.texi b/doc/guix.texi index 18821b9a9e..5aed6771db 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -9344,6 +9344,22 @@ enabled---in other words, @command{ssh} options @option{-X} and @item @code{protocol-number} (default: @code{2}) The SSH protocol number to use. + +@item @code{challenge-response-authentication?} (default: @code{#f}) +Specifies whether challenge response authentication is allowed (e.g. via +PAM). + +@item @code{use-pam?} (default: @code{#t}) +Enables the Pluggable Authentication Module interface. If set to +@code{#t}, this will enable PAM authentication using +@code{challenge-response-authentication?} and +@code{password-authentication?}, in addition to PAM account and session +module processing for all authentication types. + +Because PAM challenge response authentication usually serves an +equivalent role to password authentication, you should disable either +@code{challenge-response-authentication?} or +@code{password-authentication?}. @end table @end deftp diff --git a/gnu/services/ssh.scm b/gnu/services/ssh.scm index c1d42e70ce..716a0fbbda 100644 --- a/gnu/services/ssh.scm +++ b/gnu/services/ssh.scm @@ -279,7 +279,11 @@ (define-record-type* (x11-forwarding? openssh-configuration-x11-forwarding? ;Boolean (default #f)) (protocol-number openssh-configuration-protocol-number ;integer - (default 2))) + (default 2)) + (challenge-response-authentication? openssh-challenge-response-authentication? + (default #f)) ;Boolean + (use-pam? openssh-configuration-use-pam? + (default #t))) ;Boolean (define %openssh-accounts (list (user-group (name "sshd") (system? #t)) @@ -336,6 +340,12 @@ (define (openssh-config-file config) "yes" "no")) (format port "PidFile ~a\n" #$(openssh-configuration-pid-file config)) + (format port "ChallengeResponseAuthentication ~a\n" + #$(if (openssh-challenge-response-authentication? config) + "yes" "no")) + (format port "UsePAM ~a\n" + #$(if (openssh-configuration-use-pam? config) + "yes" "no")) #t)))) (define (openssh-shepherd-service config) @@ -356,11 +366,20 @@ (define openssh-command #:pid-file #$pid-file)) (stop #~(make-kill-destructor))))) +(define (openssh-pam-services config) + "Return a list of for sshd with CONFIG." + (list (unix-pam-service + "sshd" + #:allow-empty-passwords? + (openssh-configuration-allow-empty-passwords? config)))) + (define openssh-service-type (service-type (name 'openssh) (extensions (list (service-extension shepherd-root-service-type openssh-shepherd-service) + (service-extension pam-root-service-type + openssh-pam-services) (service-extension activation-service-type openssh-activation) (service-extension account-service-type -- cgit v1.2.3 From 1806a670f06bd745e7e3744046f50bb6f9113d26 Mon Sep 17 00:00:00 2001 From: Clément Lassieur Date: Thu, 2 Mar 2017 22:06:28 +0100 Subject: services: openssh: Remove deprecated options. * gnu/services/ssh.scm (openssh-config-file): Remove them. ()[rsa-authentication?]: Remove it. ()[protocol-number]: Remove it. * doc/guix.texi (Networking Services): Remove them. Signed-off-by: Danny Milosavljevic --- doc/guix.texi | 8 -------- gnu/services/ssh.scm | 10 ---------- 2 files changed, 18 deletions(-) (limited to 'doc') diff --git a/doc/guix.texi b/doc/guix.texi index 5aed6771db..21434f6c74 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -9332,19 +9332,11 @@ false, users have to use other authentication method. Authorized public keys are stored in @file{~/.ssh/authorized_keys}. This is used only by protocol version 2. -@item @code{rsa-authentication?} (default: @code{#t}) -When true, users may log in using pure RSA authentication. When false, -users have to use other means of authentication. This is used only by -protocol 1. - @item @code{x11-forwarding?} (default: @code{#f}) When true, forwarding of X11 graphical client connections is enabled---in other words, @command{ssh} options @option{-X} and @option{-Y} will work. -@item @code{protocol-number} (default: @code{2}) -The SSH protocol number to use. - @item @code{challenge-response-authentication?} (default: @code{#f}) Specifies whether challenge response authentication is allowed (e.g. via PAM). diff --git a/gnu/services/ssh.scm b/gnu/services/ssh.scm index 716a0fbbda..ef7d546d13 100644 --- a/gnu/services/ssh.scm +++ b/gnu/services/ssh.scm @@ -274,12 +274,8 @@ (define-record-type* (default #t)) (public-key-authentication? openssh-configuration-public-key-authentication? (default #t)) ;Boolean - (rsa-authentication? openssh-configuration-rsa-authentication? ;Boolean - (default #t)) (x11-forwarding? openssh-configuration-x11-forwarding? ;Boolean (default #f)) - (protocol-number openssh-configuration-protocol-number ;integer - (default 2)) (challenge-response-authentication? openssh-challenge-response-authentication? (default #f)) ;Boolean (use-pam? openssh-configuration-use-pam? @@ -313,9 +309,6 @@ (define (openssh-config-file config) #~(call-with-output-file #$output (lambda (port) (display "# Generated by 'openssh-service'.\n" port) - (format port "Protocol ~a\n" - #$(if (eq? (openssh-configuration-protocol-number config) 1) - "1" "2")) (format port "Port ~a\n" #$(number->string (openssh-configuration-port-number config))) (format port "PermitRootLogin ~a\n" @@ -332,9 +325,6 @@ (define (openssh-config-file config) (format port "PubkeyAuthentication ~a\n" #$(if (openssh-configuration-public-key-authentication? config) "yes" "no")) - (format port "RSAAuthentication ~a\n" - #$(if (openssh-configuration-rsa-authentication? config) - "yes" "no")) (format port "X11Forwarding ~a\n" #$(if (openssh-configuration-x11-forwarding? config) "yes" "no")) -- cgit v1.2.3 From f895dce41b5495849a7e26fef747db14f6dd4ef0 Mon Sep 17 00:00:00 2001 From: Clément Lassieur Date: Thu, 2 Mar 2017 22:06:29 +0100 Subject: services: openssh: Fix 'PrintLastLog' default behaviour. * gnu/services/ssh.scm (openssh-config-file): Add 'print-last-log?' option. ()[print-last-log?]: Add it. (openssh-activation): Touch /var/log/lastlog. * doc/guix.texi (Networking Services): Document 'print-last-log?'. Before that, the service did not work as expected because /var/log/lastlog did not exist. Signed-off-by: Danny Milosavljevic --- doc/guix.texi | 4 ++++ gnu/services/ssh.scm | 13 +++++++++++++ 2 files changed, 17 insertions(+) (limited to 'doc') diff --git a/doc/guix.texi b/doc/guix.texi index 21434f6c74..966a5458f8 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -9352,6 +9352,10 @@ Because PAM challenge response authentication usually serves an equivalent role to password authentication, you should disable either @code{challenge-response-authentication?} or @code{password-authentication?}. + +@item @code{print-last-log?} (default: @code{#t}) +Specifies whether @command{sshd} should print the date and time of the +last user login when a user logs in interactively. @end table @end deftp diff --git a/gnu/services/ssh.scm b/gnu/services/ssh.scm index ef7d546d13..d8a3ad35ad 100644 --- a/gnu/services/ssh.scm +++ b/gnu/services/ssh.scm @@ -279,6 +279,8 @@ (define-record-type* (challenge-response-authentication? openssh-challenge-response-authentication? (default #f)) ;Boolean (use-pam? openssh-configuration-use-pam? + (default #t)) ;Boolean + (print-last-log? openssh-configuration-print-last-log? (default #t))) ;Boolean (define %openssh-accounts @@ -298,6 +300,14 @@ (define (openssh-activation config) (mkdir-p "/etc/ssh") (mkdir-p (dirname #$(openssh-configuration-pid-file config))) + (define (touch file-name) + (call-with-output-file file-name (const #t))) + + (let ((lastlog "/var/log/lastlog")) + (when #$(openssh-configuration-print-last-log? config) + (unless (file-exists? lastlog) + (touch lastlog)))) + ;; Generate missing host keys. (system* (string-append #$(openssh-configuration-openssh config) "/bin/ssh-keygen") "-A"))) @@ -336,6 +346,9 @@ (define (openssh-config-file config) (format port "UsePAM ~a\n" #$(if (openssh-configuration-use-pam? config) "yes" "no")) + (format port "PrintLastLog ~a\n" + #$(if (openssh-configuration-print-last-log? config) + "yes" "no")) #t)))) (define (openssh-shepherd-service config) -- cgit v1.2.3 From 4018745a224fd108e08e4d88d443130cc4c86bcc Mon Sep 17 00:00:00 2001 From: John Darrington Date: Fri, 10 Mar 2017 06:43:08 +0100 Subject: doc: Update the package count. * doc/guix.texi: Update the number of packages available. --- doc/guix.texi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'doc') diff --git a/doc/guix.texi b/doc/guix.texi index 966a5458f8..b6c89bc9b6 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -6808,7 +6808,7 @@ Few system services are currently supported out-of-the-box (@pxref{Services}). @item -More than 4,000 packages are available, but you may +More than 5,000 packages are available, but you may occasionally find that a useful package is missing. @item -- cgit v1.2.3 From 47bdc5a173708e9138dda62dd9de0c3a9b2b03ec Mon Sep 17 00:00:00 2001 From: Mathieu Othacehe Date: Thu, 9 Mar 2017 19:39:23 +0100 Subject: linux-initrd: Add a raw-initrd and use it to define base-initrd. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * gnu/system/linux-initrd.scm (raw-initrd): New exported variable. (base-initrd): Use raw-initrd to build the initrd. * doc/guix.texi (Initial RAM Disk): Document it. Signed-off-by: Ludovic Courtès --- doc/guix.texi | 47 +++++++++++----- gnu/system/linux-initrd.scm | 129 +++++++++++++++++++++++++++----------------- 2 files changed, 114 insertions(+), 62 deletions(-) (limited to 'doc') diff --git a/doc/guix.texi b/doc/guix.texi index b6c89bc9b6..a602c701cb 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -13887,9 +13887,9 @@ kernel modules that may be needed to achieve that. The @code{initrd} field of an @code{operating-system} declaration allows you to specify which initrd you would like to use. The @code{(gnu -system linux-initrd)} module provides two ways to build an initrd: the -high-level @code{base-initrd} procedure, and the low-level -@code{expression->initrd} procedure. +system linux-initrd)} module provides three ways to build an initrd: the +high-level @code{base-initrd} procedure and the low-level +@code{raw-initrd} and @code{expression->initrd} procedures. The @code{base-initrd} procedure is intended to cover most common uses. For example, if you want to add a bunch of kernel modules to be loaded @@ -13910,9 +13910,16 @@ The @code{base-initrd} procedure also handles common use cases that involves using the system as a QEMU guest, or as a ``live'' system with volatile root file system. -The initial RAM disk produced by @code{base-initrd} honors several -options passed on the Linux kernel command line (that is, arguments -passed @i{via} the @code{linux} command of GRUB, or the +The @code{base-initrd} procedure is built from @code{raw-initrd} procedure. +Unlike @code{base-initrd}, @code{raw-initrd} doesn't do anything high-level, +such as trying to guess which kernel modules and packages should be included +to the initrd. An example use of @code{raw-initrd} is when a user has +a custom Linux kernel configuration and default kernel modules included by +@code{base-initrd} are not available. + +The initial RAM disk produced by @code{base-initrd} or @code{raw-initrd} +honors several options passed on the Linux kernel command line +(that is, arguments passed @i{via} the @code{linux} command of GRUB, or the @code{-append} option of QEMU), notably: @table @code @@ -13951,19 +13958,23 @@ Manual}, for more information on Guile's REPL. @end table Now that you know all the features that initial RAM disks produced by -@code{base-initrd} provide, here is how to use it and customize it -further. +@code{base-initrd} and @code{raw-initrd} provide, +here is how to use it and customize it further. @cindex initrd @cindex initial RAM disk -@deffn {Monadic Procedure} base-initrd @var{file-systems} @ - [#:qemu-networking? #f] [#:virtio? #t] [#:volatile-root? #f] @ - [#:extra-modules '()] [#:mapped-devices '()] -Return a monadic derivation that builds a generic initrd. @var{file-systems} is +@deffn {Monadic Procedure} raw-initrd @var{file-systems} @ + [#:linux-modules '()] [#:mapped-devices '()] @ + [#:helper-packages '()] [#:qemu-networking? #f] [#:volatile-root? #f] +Return a monadic derivation that builds a raw initrd. @var{file-systems} is a list of file systems to be mounted by the initrd, possibly in addition to the root file system specified on the kernel command line via @code{--root}. +@var{linux-modules} is a list of kernel modules to be loaded at boot time. @var{mapped-devices} is a list of device mappings to realize before @var{file-systems} are mounted (@pxref{Mapped Devices}). +@var{helper-packages} is a list of packages to be copied in the initrd. It may +include @code{e2fsck/static} or other packages needed by the initrd to check +root partition. When @var{qemu-networking?} is true, set up networking with the standard QEMU parameters. When @var{virtio?} is true, load additional modules so that the @@ -13971,6 +13982,18 @@ initrd can be used as a QEMU guest with para-virtualized I/O drivers. When @var{volatile-root?} is true, the root file system is writable but any changes to it are lost. +@end deffn + +@deffn {Monadic Procedure} base-initrd @var{file-systems} @ + [#:mapped-devices '()] [#:qemu-networking? #f] [#:volatile-root? #f]@ + [#:virtio? #t] [#:extra-modules '()] +Return a monadic derivation that builds a generic initrd. @var{file-systems} is +a list of file systems to be mounted by the initrd like for @code{raw-initrd}. +@var{mapped-devices}, @var{qemu-networking?} and @var{volatile-root?} +also behaves as in @code{raw-initrd}. + +When @var{virtio?} is true, load additional modules so that the +initrd can be used as a QEMU guest with para-virtualized I/O drivers. The initrd is automatically populated with all the kernel modules necessary for @var{file-systems} and for the given options. However, additional kernel diff --git a/gnu/system/linux-initrd.scm b/gnu/system/linux-initrd.scm index 4a753cdadb..81c1278c0c 100644 --- a/gnu/system/linux-initrd.scm +++ b/gnu/system/linux-initrd.scm @@ -2,6 +2,7 @@ ;;; Copyright © 2013, 2014, 2015, 2016 Ludovic Courtès ;;; Copyright © 2016 Mark H Weaver ;;; Copyright © 2016 Jan Nieuwenhuizen +;;; Copyright © 2017 Mathieu Othacehe ;;; ;;; This file is part of GNU Guix. ;;; @@ -41,6 +42,7 @@ (define-module (gnu system linux-initrd) #:use-module (srfi srfi-1) #:use-module (srfi srfi-26) #:export (expression->initrd + raw-initrd base-initrd)) @@ -131,13 +133,79 @@ (define modules (gexp->derivation "linux-modules" build-exp)) +(define* (raw-initrd file-systems + #:key + (linux linux-libre) + (linux-modules '()) + (mapped-devices '()) + (helper-packages '()) + qemu-networking? + volatile-root?) + "Return a monadic derivation that builds a raw initrd, with kernel +modules taken from LINUX. FILE-SYSTEMS is a list of file-systems to be +mounted by the initrd, possibly in addition to the root file system specified +on the kernel command line via '--root'. LINUX-MODULES is a list of kernel +modules to be loaded at boot time. MAPPED-DEVICES is a list of device +mappings to realize before FILE-SYSTEMS are mounted. +HELPER-PACKAGES is a list of packages to be copied in the initrd. It may include +e2fsck/static or other packages needed by the initrd to check root partition. + +When QEMU-NETWORKING? is true, set up networking with the standard QEMU +parameters. +When VOLATILE-ROOT? is true, the root file system is writable but any changes +to it are lost." + (define device-mapping-commands + ;; List of gexps to open the mapped devices. + (map (lambda (md) + (let* ((source (mapped-device-source md)) + (target (mapped-device-target md)) + (type (mapped-device-type md)) + (open (mapped-device-kind-open type))) + (open source target))) + mapped-devices)) + + (mlet %store-monad ((kodir (flat-linux-module-directory linux + linux-modules))) + (expression->initrd + (with-imported-modules (source-module-closure + '((gnu build linux-boot) + (guix build utils) + (guix build bournish) + (gnu build file-systems))) + #~(begin + (use-modules (gnu build linux-boot) + (guix build utils) + (guix build bournish) ;add the 'bournish' meta-command + (srfi srfi-26) + + ;; FIXME: The following modules are for + ;; LUKS-DEVICE-MAPPING. We should instead propagate + ;; this info via gexps. + ((gnu build file-systems) + #:select (find-partition-by-luks-uuid)) + (rnrs bytevectors)) + + (with-output-to-port (%make-void-port "w") + (lambda () + (set-path-environment-variable "PATH" '("bin" "sbin") + '#$helper-packages))) + + (boot-system #:mounts '#$(map file-system->spec file-systems) + #:pre-mount (lambda () + (and #$@device-mapping-commands)) + #:linux-modules '#$linux-modules + #:linux-module-directory '#$kodir + #:qemu-guest-networking? #$qemu-networking? + #:volatile-root? '#$volatile-root?))) + #:name "raw-initrd"))) + (define* (base-initrd file-systems #:key (linux linux-libre) (mapped-devices '()) qemu-networking? - (virtio? #t) volatile-root? + (virtio? #t) (extra-modules '())) "Return a monadic derivation that builds a generic initrd, with kernel modules taken from LINUX. FILE-SYSTEMS is a list of file-systems to be @@ -145,14 +213,12 @@ (define* (base-initrd file-systems on the kernel command line via '--root'. MAPPED-DEVICES is a list of device mappings to realize before FILE-SYSTEMS are mounted. -When QEMU-NETWORKING? is true, set up networking with the standard QEMU -parameters. When VIRTIO? is true, load additional modules so the initrd can +QEMU-NETWORKING? and VOLATILE-ROOT? behaves as in raw-initrd. + +When VIRTIO? is true, load additional modules so the initrd can be used as a QEMU guest with the root file system on a para-virtualized block device. -When VOLATILE-ROOT? is true, the root file system is writable but any changes -to it are lost. - The initrd is automatically populated with all the kernel modules necessary for FILE-SYSTEMS and for the given options. However, additional kernel modules can be listed in EXTRA-MODULES. They will be added to the initrd, and @@ -224,49 +290,12 @@ (define helper-packages (list unionfs-fuse/static) '()))) - (define device-mapping-commands - ;; List of gexps to open the mapped devices. - (map (lambda (md) - (let* ((source (mapped-device-source md)) - (target (mapped-device-target md)) - (type (mapped-device-type md)) - (open (mapped-device-kind-open type))) - (open source target))) - mapped-devices)) - - (mlet %store-monad ((kodir (flat-linux-module-directory linux - linux-modules))) - (expression->initrd - (with-imported-modules (source-module-closure - '((gnu build linux-boot) - (guix build utils) - (guix build bournish) - (gnu build file-systems))) - #~(begin - (use-modules (gnu build linux-boot) - (guix build utils) - (guix build bournish) ;add the 'bournish' meta-command - (srfi srfi-26) - - ;; FIXME: The following modules are for - ;; LUKS-DEVICE-MAPPING. We should instead propagate - ;; this info via gexps. - ((gnu build file-systems) - #:select (find-partition-by-luks-uuid)) - (rnrs bytevectors)) - - (with-output-to-port (%make-void-port "w") - (lambda () - (set-path-environment-variable "PATH" '("bin" "sbin") - '#$helper-packages))) - - (boot-system #:mounts '#$(map file-system->spec file-systems) - #:pre-mount (lambda () - (and #$@device-mapping-commands)) - #:linux-modules '#$linux-modules - #:linux-module-directory '#$kodir - #:qemu-guest-networking? #$qemu-networking? - #:volatile-root? '#$volatile-root?))) - #:name "base-initrd"))) + (raw-initrd file-systems + #:linux linux + #:linux-modules linux-modules + #:mapped-devices mapped-devices + #:helper-packages helper-packages + #:qemu-networking? qemu-networking? + #:volatile-root? volatile-root?)) ;;; linux-initrd.scm ends here -- cgit v1.2.3 From 1dbe3a8db0a3e5a8e5f9b30e6f6a6bbfb699275b Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Sun, 12 Mar 2017 00:37:33 +0100 Subject: build: GnuTLS is now a hard dependency. Discussed as part of . * configure.ac: Check for (gnutls) and error out if it's missing. * doc/guix.texi (Requirements): Move GnuTLS from optional to required. (Substitutes): Remove footnote about the need for GnuTLS. --- configure.ac | 9 ++++++++- doc/guix.texi | 16 +++++----------- 2 files changed, 13 insertions(+), 12 deletions(-) (limited to 'doc') diff --git a/configure.ac b/configure.ac index 06b0618b43..e5daadb121 100644 --- a/configure.ac +++ b/configure.ac @@ -91,7 +91,14 @@ dnl Installation directory for .scm and .go files. guilemoduledir="${datarootdir}/guile/site/$GUILE_EFFECTIVE_VERSION" AC_SUBST([guilemoduledir]) -dnl guile-json is used for the PyPI package importer +dnl The GnuTLS bindings are necessary for substitutes over HTTPS and for 'guix +dnl pull', among other things. +GUILE_MODULE_AVAILABLE([have_gnutls], [(gnutls)]) +if test "x$have_gnutls" != "xyes"; then + AC_MSG_ERROR([The Guile bindings of GnuTLS are missing; please install them.]) +fi + +dnl Guile-JSON is used in various places. GUILE_MODULE_AVAILABLE([have_guile_json], [(json)]) AM_CONDITIONAL([HAVE_GUILE_JSON], [test "x$have_guile_json" = "xyes"]) diff --git a/doc/guix.texi b/doc/guix.texi index a602c701cb..93d0b7a084 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -544,21 +544,16 @@ GNU Guix depends on the following packages: @itemize @item @url{http://gnu.org/software/guile/, GNU Guile}, version 2.0.7 or later; @item @url{http://gnupg.org/, GNU libgcrypt}; +@item +@uref{http://gnutls.org/, GnuTLS}, specifically its Guile bindings +(@pxref{Guile Preparations, how to install the GnuTLS bindings for +Guile,, gnutls-guile, GnuTLS-Guile}); @item @url{http://www.gnu.org/software/make/, GNU Make}. @end itemize The following dependencies are optional: @itemize -@item -Installing @uref{http://gnutls.org/, GnuTLS-Guile} will allow you to -access @code{https} URLs for substitutes, which is highly recommended -(@pxref{Substitutes}). It also allows you to access HTTPS URLs with the -@command{guix download} command (@pxref{Invoking guix download}), the -@command{guix import pypi} command, and the @command{guix import cpan} -command. @xref{Guile Preparations, how to install the GnuTLS bindings -for Guile,, gnutls-guile, GnuTLS-Guile}. - @item Installing @url{http://savannah.nongnu.org/projects/guile-json/, Guile-JSON} will @@ -2003,8 +1998,7 @@ or to client tools such as @command{guix package} (@pxref{client-substitute-urls,, client @option{--substitute-urls} option}). -Substitute URLs can be either HTTP or HTTPS@footnote{For HTTPS access, -the Guile bindings of GnuTLS must be installed. @xref{Requirements}.} +Substitute URLs can be either HTTP or HTTPS. HTTPS is recommended because communications are encrypted; conversely, using HTTP makes all communications visible to an eavesdropper, who could use the information gathered to determine, for instance, whether -- cgit v1.2.3 From eba560765a5afccbc5d3b64df410d89b1f79a18e Mon Sep 17 00:00:00 2001 From: Clément Lassieur Date: Sun, 26 Feb 2017 19:54:52 +0100 Subject: services: dovecot: Fix unix_listeners and fifo_listeners path types. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * gnu/services/mail.scm (unix-listener-configuration)[path] (fifo-listener-configuration)[path]: Change type from 'file-name' to 'string'. * doc/guix.texi (Mail Services): Document it. Signed-off-by: Clément Lassieur --- doc/guix.texi | 10 ++++++---- gnu/services/mail.scm | 10 ++++++---- 2 files changed, 12 insertions(+), 8 deletions(-) (limited to 'doc') diff --git a/doc/guix.texi b/doc/guix.texi index 93d0b7a084..ddfd707665 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -10930,8 +10930,9 @@ Defaults to @samp{()}. Available @code{unix-listener-configuration} fields are: -@deftypevr {@code{unix-listener-configuration} parameter} file-name path -The file name on which to listen. +@deftypevr {@code{unix-listener-configuration} parameter} string path +Path to the file, relative to @code{base-dir} field. This is also used as +the section name. @end deftypevr @deftypevr {@code{unix-listener-configuration} parameter} string mode @@ -10952,8 +10953,9 @@ Defaults to @samp{""}. Available @code{fifo-listener-configuration} fields are: -@deftypevr {@code{fifo-listener-configuration} parameter} file-name path -The file name on which to listen. +@deftypevr {@code{fifo-listener-configuration} parameter} string path +Path to the file, relative to @code{base-dir} field. This is also used as +the section name. @end deftypevr @deftypevr {@code{fifo-listener-configuration} parameter} string mode diff --git a/gnu/services/mail.scm b/gnu/services/mail.scm index b211ab61a5..dbc5de9e62 100644 --- a/gnu/services/mail.scm +++ b/gnu/services/mail.scm @@ -165,8 +165,9 @@ (define (serialize-userdb-configuration-list field-name val) (define-configuration unix-listener-configuration (path - (file-name (configuration-missing-field 'unix-listener 'path)) - "The file name on which to listen.") + (string (configuration-missing-field 'unix-listener 'path)) + "Path to the file, relative to @code{base-dir} field. This is also used as +the section name.") (mode (string "0600") "The access mode for the socket.") @@ -184,8 +185,9 @@ (define (serialize-unix-listener-configuration field-name val) (define-configuration fifo-listener-configuration (path - (file-name (configuration-missing-field 'fifo-listener 'path)) - "The file name on which to listen.") + (string (configuration-missing-field 'fifo-listener 'path)) + "Path to the file, relative to @code{base-dir} field. This is also used as +the section name.") (mode (string "0600") "The access mode for the socket.") -- cgit v1.2.3 From 239c22663ac928618028c4ec03cefc77de788e9d Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Sun, 12 Mar 2017 16:48:40 +0100 Subject: Add 'guix pack'. * gnu/system/install.scm (self-contained-tarball): Move to... * guix/scripts/pack.scm: ... here. New file. * doc/guix.texi (Binary Installation): Mention 'guix pack'. (Invoking guix pack): New node. * build-aux/make-binary-tarball.scm: Remove. * Makefile.am (MODULES): Add guix/scripts/pack.scm. (EXTRA_DIST): Remove build-aux/make-binary-tarball.scm. (guix-binary.%.tar.xz): Rewrite using 'guix pack'. * build-aux/hydra/gnu-system.scm (tarball-jobs): Adjust accordingly. --- Makefile.am | 9 +- build-aux/hydra/gnu-system.scm | 9 +- build-aux/make-binary-tarball.scm | 47 -------- doc/guix.texi | 64 +++++++++++ gnu/system/install.scm | 63 +---------- guix/scripts/pack.scm | 229 ++++++++++++++++++++++++++++++++++++++ 6 files changed, 308 insertions(+), 113 deletions(-) delete mode 100644 build-aux/make-binary-tarball.scm create mode 100644 guix/scripts/pack.scm (limited to 'doc') diff --git a/Makefile.am b/Makefile.am index ec1bd2eb8b..2684d66bf1 100644 --- a/Makefile.am +++ b/Makefile.am @@ -139,6 +139,7 @@ MODULES = \ guix/scripts/package.scm \ guix/scripts/gc.scm \ guix/scripts/hash.scm \ + guix/scripts/pack.scm \ guix/scripts/pull.scm \ guix/scripts/substitute.scm \ guix/scripts/authenticate.scm \ @@ -397,7 +398,6 @@ EXTRA_DIST = \ build-aux/check-available-binaries.scm \ build-aux/check-final-inputs-self-contained.scm \ build-aux/download.scm \ - build-aux/make-binary-tarball.scm \ build-aux/generate-authors.scm \ build-aux/test-driver.scm \ build-aux/run-system-tests.scm \ @@ -486,9 +486,10 @@ AM_DISTCHECK_CONFIGURE_FLAGS = \ # The self-contained tarball. guix-binary.%.tar.xz: - $(AM_V_GEN)GUIX_PACKAGE_PATH= \ - $(top_builddir)/pre-inst-env "$(GUILE)" \ - "$(top_srcdir)/build-aux/make-binary-tarball.scm" "$*" "$@" + $(AM_V_GEN)GUIX_PACKAGE_PATH= \ + tarball=`$(top_builddir)/pre-inst-env guix pack -C xz \ + -s "$*" guix` ; \ + cp "$$tarball" "$@.tmp" ; mv "$@.tmp" "$@" dist-hook: sync-descriptions gen-ChangeLog gen-AUTHORS diff --git a/build-aux/hydra/gnu-system.scm b/build-aux/hydra/gnu-system.scm index 04a9d0508a..7a26c72778 100644 --- a/build-aux/hydra/gnu-system.scm +++ b/build-aux/hydra/gnu-system.scm @@ -39,12 +39,15 @@ (use-modules (guix config) (guix store) (guix grafts) + (guix profiles) (guix packages) (guix derivations) (guix monads) ((guix licenses) #:select (gpl3+)) ((guix utils) #:select (%current-system)) ((guix scripts system) #:select (read-operating-system)) + ((guix scripts pack) + #:select (lookup-compressor self-contained-tarball)) (gnu packages) (gnu packages gcc) (gnu packages base) @@ -213,7 +216,11 @@ (define (->job name drv) (run-with-store store (mbegin %store-monad (set-guile-for-build (default-guile)) - (self-contained-tarball)) + (>>= (profile-derivation (packages->manifest (list guix))) + (lambda (profile) + (self-contained-tarball "guix-binary" profile + #:compressor + (lookup-compressor "xz"))))) #:system system)))) (define job-name diff --git a/build-aux/make-binary-tarball.scm b/build-aux/make-binary-tarball.scm deleted file mode 100644 index e12bec476c..0000000000 --- a/build-aux/make-binary-tarball.scm +++ /dev/null @@ -1,47 +0,0 @@ -;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2015 Ludovic Courtès -;;; -;;; This file is part of GNU Guix. -;;; -;;; GNU Guix is free software; you can redistribute it and/or modify it -;;; under the terms of the GNU General Public License as published by -;;; the Free Software Foundation; either version 3 of the License, or (at -;;; your option) any later version. -;;; -;;; GNU Guix is distributed in the hope that it will be useful, but -;;; WITHOUT ANY WARRANTY; without even the implied warranty of -;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -;;; GNU General Public License for more details. -;;; -;;; You should have received a copy of the GNU General Public License -;;; along with GNU Guix. If not, see . - - -;;; -;;; Build a self-contained tarball containing binaries for Guix and its -;;; dependencies. -;;; - -(use-modules (guix) - (guix ui) - (gnu system install) - (ice-9 match)) - -(define copy-file* - (lift2 copy-file %store-monad)) - -(define rename-file* - (lift2 rename-file %store-monad)) - -(match (command-line) - ((_ system file) - (with-store store - (run-with-store store - (mlet %store-monad ((tarball (self-contained-tarball))) - (mbegin %store-monad - (show-what-to-build* (list tarball)) - (built-derivations (list tarball)) - (copy-file* (derivation->output-path tarball) - (string-append file ".part")) - (rename-file* (string-append file ".part") file))) - #:system system)))) diff --git a/doc/guix.texi b/doc/guix.texi index ddfd707665..f4cc207e7b 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -119,6 +119,7 @@ Package Management * Packages with Multiple Outputs:: Single source package, multiple outputs. * Invoking guix gc:: Running the garbage collector. * Invoking guix pull:: Fetching the latest Guix and distribution. +* Invoking guix pack:: Creating software bundles. * Invoking guix archive:: Exporting and importing store files. Programming Interface @@ -530,6 +531,14 @@ by running the following command in the Guix source tree: make guix-binary.@var{system}.tar.xz @end example +@noindent +... which, in turn, runs: + +@example +guix pack -s @var{system} guix +@end example + +@xref{Invoking guix pack}, for more info on this handy tool. @node Requirements @section Requirements @@ -1422,6 +1431,7 @@ guix package -i emacs-guix * Packages with Multiple Outputs:: Single source package, multiple outputs. * Invoking guix gc:: Running the garbage collector. * Invoking guix pull:: Fetching the latest Guix and distribution. +* Invoking guix pack:: Creating software bundles. * Invoking guix archive:: Exporting and importing store files. @end menu @@ -2377,6 +2387,60 @@ useful to Guix developers. @end table +@node Invoking guix pack +@section Invoking @command{guix pack} + +Occasionally you want to pass software to people who are not (yet!) +lucky enough to be using Guix. You'd tell them to run @command{guix +package -i @var{something}}, but that's not possible in this case. This +is where @command{guix pack} comes in. + +@cindex pack +@cindex bundle +@cindex application bundle +@cindex software bundle +The @command{guix pack} command creates a shrink-wrapped @dfn{pack} or +@dfn{software bundle}: it creates a tarball or some other archive +containing the binaries of the software you're interested in, and all +its dependencies. The resulting archive can be used on any machine that +does not have Guix, and people can run the exact same binaries as those +you have with Guix. + +For example, to create a bundle containing Guile, Emacs, Geiser, and all +their dependencies, you can run: + +@example +$ guix pack guile emacs geiser +@dots{} +/gnu/store/@dots{}-pack.tar.gz +@end example + +The result here is a tarball containing a @file{/gnu/store} directory +with all the relevant packages. The resulting tarball contains a +@dfn{profile} with the three packages of interest; the profile is the +same as would be created by @command{guix package -i}. It is this +mechanism that is used to create Guix's own standalone binary tarball +(@pxref{Binary Installation}). + +Several command-line options allow you to customize your pack: + +@table @code +@item --system=@var{system} +@itemx -s @var{system} +Attempt to build for @var{system}---e.g., @code{i686-linux}---instead of +the system type of the build host. + +@item --compression=@var{tool} +@itemx -C @var{tool} +Compress the resulting tarball using @var{tool}---one of @code{gzip}, +@code{bzip2}, @code{xz}, or @code{lzip}. +@end table + +In addition, @command{guix pack} supports all the common build options +(@pxref{Common Build Options}) and all the package transformation +options (@pxref{Package Transformation Options}). + + @node Invoking guix archive @section Invoking @command{guix archive} diff --git a/gnu/system/install.scm b/gnu/system/install.scm index 3ec343570a..191ccf1680 100644 --- a/gnu/system/install.scm +++ b/gnu/system/install.scm @@ -1,5 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2014, 2015, 2016 Ludovic Courtès +;;; Copyright © 2014, 2015, 2016, 2017 Ludovic Courtès ;;; Copyright © 2015 Mark H Weaver ;;; Copyright © 2016 Andreas Enge ;;; @@ -24,7 +24,6 @@ (define-module (gnu system install) #:use-module (guix store) #:use-module (guix monads) #:use-module ((guix store) #:select (%store-prefix)) - #:use-module (guix profiles) #:use-module (gnu services shepherd) #:use-module (gnu packages admin) #:use-module (gnu packages bash) @@ -38,8 +37,7 @@ (define-module (gnu system install) #:use-module (gnu packages nvi) #:use-module (ice-9 match) #:use-module (srfi srfi-26) - #:export (self-contained-tarball - installation-os)) + #:export (installation-os)) ;;; Commentary: ;;; @@ -48,63 +46,6 @@ (define-module (gnu system install) ;;; ;;; Code: - -(define* (self-contained-tarball #:key (guix guix)) - "Return a self-contained tarball containing a store initialized with the -closure of GUIX. The tarball contains /gnu/store, /var/guix, and a profile -under /root/.guix-profile where GUIX is installed." - (mlet %store-monad ((profile (profile-derivation - (manifest - (list (package->manifest-entry guix)))))) - (define build - (with-imported-modules '((guix build utils) - (guix build store-copy) - (gnu build install)) - #~(begin - (use-modules (guix build utils) - (gnu build install)) - - (define %root "root") - - (setenv "PATH" - (string-append #$guix "/sbin:" #$tar "/bin:" #$xz "/bin")) - - ;; Note: there is not much to gain here with deduplication and - ;; there is the overhead of the '.links' directory, so turn it - ;; off. - (populate-single-profile-directory %root - #:profile #$profile - #:closure "profile" - #:deduplicate? #f) - - ;; Create the tarball. Use GNU format so there's no file name - ;; length limitation. - (with-directory-excursion %root - (zero? (system* "tar" "--xz" "--format=gnu" - - ;; Avoid non-determinism in the archive. Use - ;; mtime = 1, not zero, because that is what the - ;; daemon does for files in the store (see the - ;; 'mtimeStore' constant in local-store.cc.) - "--sort=name" - "--mtime=@1" ;for files in /var/guix - "--owner=root:0" - "--group=root:0" - - "--check-links" - "-cvf" #$output - ;; Avoid adding / and /var to the tarball, so - ;; that the ownership and permissions of those - ;; directories will not be overwritten when - ;; extracting the archive. Do not include /root - ;; because the root account might have a - ;; different home directory. - "./var/guix" - (string-append "." (%store-directory)))))))) - - (gexp->derivation "guix-tarball.tar.xz" build - #:references-graphs `(("profile" ,profile))))) - (define (log-to-info) "Return a script that spawns the Info reader on the right section of the diff --git a/guix/scripts/pack.scm b/guix/scripts/pack.scm new file mode 100644 index 0000000000..e8f3d800a8 --- /dev/null +++ b/guix/scripts/pack.scm @@ -0,0 +1,229 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2015, 2017 Ludovic Courtès +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +(define-module (guix scripts pack) + #:use-module (guix scripts) + #:use-module (guix ui) + #:use-module (guix gexp) + #:use-module (guix utils) + #:use-module (guix store) + #:use-module (guix grafts) + #:use-module (guix monads) + #:use-module (guix packages) + #:use-module (guix profiles) + #:use-module (guix derivations) + #:use-module (guix scripts build) + #:use-module (gnu packages) + #:use-module (gnu packages compression) + #:autoload (gnu packages base) (tar) + #:autoload (gnu packages package-management) (guix) + #:use-module (srfi srfi-1) + #:use-module (srfi srfi-9) + #:use-module (srfi srfi-37) + #:use-module (ice-9 match) + #:export (compressor? + lookup-compressor + self-contained-tarball + guix-pack)) + +;; Type of a compression tool. +(define-record-type + (compressor name package extension tar-option) + compressor? + (name compressor-name) ;string (e.g., "gzip") + (package compressor-package) ;package + (extension compressor-extension) ;string (e.g., "lz") + (tar-option compressor-tar-option)) ;string (e.g., "--lzip") + +(define %compressors + ;; Available compression tools. + ;; FIXME: Use '--no-name' for gzip. + (list (compressor "gzip" gzip "gz" "--gzip") + (compressor "lzip" lzip "lz" "--lzip") + (compressor "xz" xz "xz" "--xz") + (compressor "bzip2" bzip2 "bz2" "--bzip2"))) + +(define (lookup-compressor name) + "Return the compressor object called NAME. Error out if it could not be +found." + (or (find (match-lambda + (($ name*) + (string=? name* name))) + %compressors) + (leave (_ "~a: compressor not found~%") name))) + +(define* (self-contained-tarball name profile + #:key deduplicate? + (compressor (first %compressors))) + "Return a self-contained tarball containing a store initialized with the +closure of PROFILE, a derivation. The tarball contains /gnu/store, /var/guix, +and PROFILE is available as /root/.guix-profile." + (define build + (with-imported-modules '((guix build utils) + (guix build store-copy) + (gnu build install)) + #~(begin + (use-modules (guix build utils) + (gnu build install)) + + (define %root "root") + + ;; We need Guix here for 'guix-register'. + (setenv "PATH" + (string-append #$guix "/sbin:" #$tar "/bin:" + #$(compressor-package compressor) "/bin")) + + ;; Note: there is not much to gain here with deduplication and + ;; there is the overhead of the '.links' directory, so turn it + ;; off. + (populate-single-profile-directory %root + #:profile #$profile + #:closure "profile" + #:deduplicate? #f) + + ;; Create the tarball. Use GNU format so there's no file name + ;; length limitation. + (with-directory-excursion %root + (zero? (system* "tar" #$(compressor-tar-option compressor) + "--format=gnu" + + ;; Avoid non-determinism in the archive. Use + ;; mtime = 1, not zero, because that is what the + ;; daemon does for files in the store (see the + ;; 'mtimeStore' constant in local-store.cc.) + "--sort=name" + "--mtime=@1" ;for files in /var/guix + "--owner=root:0" + "--group=root:0" + + "--check-links" + "-cvf" #$output + ;; Avoid adding / and /var to the tarball, so + ;; that the ownership and permissions of those + ;; directories will not be overwritten when + ;; extracting the archive. Do not include /root + ;; because the root account might have a + ;; different home directory. + "./var/guix" + (string-append "." (%store-directory)))))))) + + (gexp->derivation (string-append name ".tar." + (compressor-extension compressor)) + build + #:references-graphs `(("profile" ,profile)))) + + + +;;; +;;; Command-line options. +;;; + +(define %default-options + ;; Alist of default option values. + `((system . ,(%current-system)) + (substitutes? . #t) + (graft? . #t) + (max-silent-time . 3600) + (verbosity . 0) + (compressor . ,(first %compressors)))) + +(define %options + ;; Specifications of the command-line options. + (cons* (option '(#\h "help") #f #f + (lambda args + (show-help) + (exit 0))) + (option '(#\V "version") #f #f + (lambda args + (show-version-and-exit "guix pack"))) + + (option '(#\n "dry-run") #f #f + (lambda (opt name arg result) + (alist-cons 'dry-run? #t (alist-cons 'graft? #f result)))) + (option '(#\s "system") #t #f + (lambda (opt name arg result) + (alist-cons 'system arg + (alist-delete 'system result eq?)))) + (option '(#\C "compression") #t #f + (lambda (opt name arg result) + (alist-cons 'compressor (lookup-compressor arg) + result))) + + (append %transformation-options + %standard-build-options))) + +(define (show-help) + (display (_ "Usage: guix pack [OPTION]... PACKAGE... +Create a bundle of PACKAGE.\n")) + (show-build-options-help) + (newline) + (show-transformation-options-help) + (newline) + (display (_ " + -s, --system=SYSTEM attempt to build for SYSTEM--e.g., \"i686-linux\"")) + (display (_ " + -C, --compression=TOOL compress using TOOL--e.g., \"lzip\"")) + (newline) + (display (_ " + -h, --help display this help and exit")) + (display (_ " + -V, --version display version information and exit")) + (newline) + (show-bug-report-information)) + + +;;; +;;; Entry point. +;;; + +(define (guix-pack . args) + (define opts + (parse-command-line args %options (list %default-options))) + + (with-error-handling + (parameterize ((%graft? (assoc-ref opts 'graft?))) + (let* ((dry-run? (assoc-ref opts 'dry-run?)) + (specs (filter-map (match-lambda + (('argument . name) + name) + (x #f)) + opts)) + (packages (map (lambda (spec) + (call-with-values + (lambda () + (specification->package+output spec)) + list)) + specs)) + (compressor (assoc-ref opts 'compressor))) + (with-store store + (run-with-store store + (mlet* %store-monad ((profile (profile-derivation + (packages->manifest packages))) + (drv (self-contained-tarball "pack" profile + #:compressor + compressor))) + (mbegin %store-monad + (show-what-to-build* (list drv) + #:use-substitutes? + (assoc-ref opts 'substitutes?) + #:dry-run? dry-run?) + (munless dry-run? + (built-derivations (list drv)) + (return (format #t "~a~%" + (derivation->output-path drv)))))) + #:system (assoc-ref opts 'system))))))) -- cgit v1.2.3