From bd1cc64ddd6c9739351e9312d33f891cddbd198b Mon Sep 17 00:00:00 2001 From: AwesomeAdam54321 Date: Wed, 6 Mar 2024 19:25:55 +0800 Subject: teams: Add entry for Adam Faiz. * etc/teams.scm ("Adam Faiz"): New member. Signed-off-by: Andreas Enge Change-Id: Idb913da5e4f622b8efdbadc87d2cf3e5aec118eb --- etc/teams.scm | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'etc') diff --git a/etc/teams.scm b/etc/teams.scm index e2da31a2b4..afcd187abb 100755 --- a/etc/teams.scm +++ b/etc/teams.scm @@ -724,6 +724,10 @@ (define-member (person "Mark H Weaver" "mhw@netris.org") mozilla) +(define-member (person "Adam Faiz" + "adam.faiz@disroot.org") + games) + (define (find-team name) (or (hash-ref %teams (string->symbol name)) -- cgit v1.2.3 From 4d15e04a6df19082430dbdaaeb4660decd5c2553 Mon Sep 17 00:00:00 2001 From: 宋文武 Date: Fri, 8 Mar 2024 20:00:25 +0800 Subject: teams: lxqt: Remove qt.scm from scope. * etc/teams.scm (lxqt)[#:scope]: Remove "gnu/packages/qt.scm". Change-Id: If05ea534a827eba5a2acf6526d906cea43f72442 --- etc/teams.scm | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'etc') diff --git a/etc/teams.scm b/etc/teams.scm index afcd187abb..c8fc095227 100755 --- a/etc/teams.scm +++ b/etc/teams.scm @@ -549,8 +549,7 @@ (define-team lxqt (team 'lxqt #:name "LXQt team" #:description "LXQt desktop environment." - #:scope (list "gnu/packages/lxqt.scm" - "gnu/packages/qt.scm"))) + #:scope (list "gnu/packages/lxqt.scm"))) (define-team audio (team 'audio -- cgit v1.2.3 From de3f86443837b7bd6e3bad11dbaeed2550d4207c Mon Sep 17 00:00:00 2001 From: 宋文武 Date: Fri, 8 Mar 2024 20:02:00 +0800 Subject: teams: Add 宋文武 to the qt team. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * etc/teams.scm (宋文武): Add qt team. Change-Id: Ib1b50b109ded4dbbcfd0649d3e0c1e6884585c5e --- etc/teams.scm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'etc') diff --git a/etc/teams.scm b/etc/teams.scm index c8fc095227..ac2886a6eb 100755 --- a/etc/teams.scm +++ b/etc/teams.scm @@ -665,7 +665,7 @@ (define-member (person "Raghav Gururajan" (define-member (person "宋文武" "iyzsong@envs.net") - games localization lxqt xfce) + games localization lxqt qt xfce) (define-member (person "Vagrant Cascadian" "vagrant@debian.org") -- cgit v1.2.3 From c7836393be4d134861d652b2fcf09cf4e68275ca Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Sun, 10 Mar 2024 15:51:12 +0100 Subject: time-travel-manifest: Uncomment all the past releases. This reverts a4c35c607cfd7d6b0bad90cfcc46188d489e1754. * etc/time-travel-manifest.scm (%release-commits): Uncomment all the revisions. Change-Id: I6abdb760cbcf06597d843cabc5fd973ee916dc77 --- etc/time-travel-manifest.scm | 24 +++++++++++------------- 1 file changed, 11 insertions(+), 13 deletions(-) (limited to 'etc') diff --git a/etc/time-travel-manifest.scm b/etc/time-travel-manifest.scm index 80c4c7c346..039ca89889 100644 --- a/etc/time-travel-manifest.scm +++ b/etc/time-travel-manifest.scm @@ -66,21 +66,19 @@ (define (commit->guix-instance commit) (define %release-commits ;; Release commits: the list of version/commit pairs. + ;; + ;; Note: To merely compute the derivation of these revisions, we need to be + ;; able to build their dependencies. Some of them no longer build from + ;; source due to time traps like ; those + ;; need to be built beforehand in a virtual build machine running "in the + ;; past". '(("1.4.0" . "8e2f32cee982d42a79e53fc1e9aa7b8ff0514714") ("1.3.0" . "a0178d34f582b50e9bdbb0403943129ae5b560ff") - - ;; FIXME: To merely compute the derivation of these revisions, we need to - ;; be able to build their dependencies. However, pre-built binaries are - ;; currently missing and some of these no longer build from source due to - ;; time bombs like . Thus, comment - ;; them output until we have substitutes for these old things. - - ;; ("1.2.0" . "a099685659b4bfa6b3218f84953cbb7ff9e88063") - ;; ("1.1.0" . "d62c9b2671be55ae0305bebfda17b595f33797f2") - ;; ("1.0.1" . "d68de958b60426798ed62797ff7c96c327a672ac") - ;; ("1.0.0" . "6298c3ffd9654d3231a6f25390b056483e8f407c") - ;; ("0.16.0" . "4a0b87f0ec5b6c2dcf82b372dd20ca7ea6acdd9c") - )) + ("1.2.0" . "a099685659b4bfa6b3218f84953cbb7ff9e88063") + ("1.1.0" . "d62c9b2671be55ae0305bebfda17b595f33797f2") + ("1.0.1" . "d68de958b60426798ed62797ff7c96c327a672ac") + ("1.0.0" . "6298c3ffd9654d3231a6f25390b056483e8f407c") + ("0.16.0" . "4a0b87f0ec5b6c2dcf82b372dd20ca7ea6acdd9c"))) (manifest (map (match-lambda -- cgit v1.2.3 From 5f100c68a4a8ef9ed5599bb99c910018869bc6f3 Mon Sep 17 00:00:00 2001 From: Vagrant Cascadian Date: Thu, 20 Jul 2023 12:13:55 -0700 Subject: etc: systemd services: switch to "journal" for output and error logging. The "syslog" method has been deprecated for years, and issues a warning: Standard output type syslog is obsolete, automatically updating to journal. Please update your unit file, and consider removing the setting altogether. Fixes: #48323 * etc/guix-daemon.service.in (StandardOutput): Use "journal" (StandardError): Likewise. * etc/guix-publish.service.in (StandardOutput): Likewise. (StandardError): Likewise. --- etc/guix-daemon.service.in | 4 ++-- etc/guix-publish.service.in | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) (limited to 'etc') diff --git a/etc/guix-daemon.service.in b/etc/guix-daemon.service.in index 9dbc3b5678..5e75379b5e 100644 --- a/etc/guix-daemon.service.in +++ b/etc/guix-daemon.service.in @@ -9,8 +9,8 @@ Description=Build daemon for GNU Guix ExecStart=@localstatedir@/guix/profiles/per-user/root/current-guix/bin/guix-daemon \ --build-users-group=guixbuild --discover=no Environment='GUIX_LOCPATH=@localstatedir@/guix/profiles/per-user/root/guix-profile/lib/locale' LC_ALL=en_US.utf8 -StandardOutput=syslog -StandardError=syslog +StandardOutput=journal +StandardError=journal # Work around a nasty systemd ‘feature’ that kills the entire process tree # (including the daemon!) if any child, such as cc1plus, runs out of memory. diff --git a/etc/guix-publish.service.in b/etc/guix-publish.service.in index b8fd3b4c03..0d82e73d94 100644 --- a/etc/guix-publish.service.in +++ b/etc/guix-publish.service.in @@ -11,8 +11,8 @@ After=guix-daemon.service [Service] ExecStart=@localstatedir@/guix/profiles/per-user/root/current-guix/bin/guix publish --user=nobody --port=8181 Environment='GUIX_LOCPATH=@localstatedir@/guix/profiles/per-user/root/guix-profile/lib/locale' LC_ALL=en_US.utf8 -StandardOutput=syslog -StandardError=syslog +StandardOutput=journal +StandardError=journal # Despite the name, this is rate-limited: a broken daemon will eventually fail. Restart=always -- cgit v1.2.3 From 4003c60abf7a6e59e47cc2deb9eef2f104ebb994 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Mon, 11 Mar 2024 23:13:40 +0100 Subject: news: Add entry for the daemon fixed-output derivation vulnerability. * etc/news.scm: Add entry. Change-Id: Ib3f9c22eda1e8b9075620ec01b4edf2f24cfcf93 --- etc/news.scm | 40 +++++++++++++++++++++++++++++++++++++++- 1 file changed, 39 insertions(+), 1 deletion(-) (limited to 'etc') diff --git a/etc/news.scm b/etc/news.scm index 3e8c88499f..b54eb47221 100644 --- a/etc/news.scm +++ b/etc/news.scm @@ -1,6 +1,6 @@ ;; GNU Guix news, for use by 'guix pull'. ;; -;; Copyright © 2019-2023 Ludovic Courtès +;; Copyright © 2019-2024 Ludovic Courtès ;; Copyright © 2019–2021 Tobias Geerinckx-Rice ;; Copyright © 2019, 2020 Miguel Ángel Arruga Vivas ;; Copyright © 2019, 2020 Konrad Hinsen @@ -28,6 +28,44 @@ (channel-news (version 0) + (entry (commit "8f4ffb3fae133bb21d7991e97c2f19a7108b1143") + (title + (en "Daemon vulnerability allowing store corruption has been fixed") + (fr "Une faille du démon permettant de corrompre le dépôt a été corrigée")) + (body + (en "A vulnerability in the build daemon, @command{guix-daemon}, was +identified and fixed. The vulnerability would allow unprivileged users to +corrupt the result of @dfn{fixed-output derivations} such as source code +tarballs and Git checkouts, which in turn could lead to local privilege +escalation. + +This bug is fixed and Guix System users are advised to upgrade their system, +with a command along the lines of: + +@example +sudo guix system reconfigure /run/current-system/configuration.scm +sudo herd restart guix-daemon +@end example + +See @uref{https://issues.guix.gnu.org/69728} for more information on this +issue.") + (fr "Une faille de sécurité du démon de compilation, +@command{guix-daemon}, a été identifiée et corrigée. La faille permettait à +un·e utilisateur·rice sans privilège de corrompre le résultat d'une +@dfn{dérivation à sortie fixe} telle qu'une archive ou un @i{checkout} Git, ce +qui peut ensuite permettre une élévation locale de privilèges. + +Ce problème est corrigé et les utilisateur·rices de Guix System sont invité·es +à mettre à jour leur système avec une commande telle que : + +@example +sudo guix system reconfigure /run/current-system/configuration.scm +sudo herd restart guix-daemon +@end example + +Voir @uref{https://issues.guix.gnu.org/69728} pour plus d'informations sur +cette anomalie."))) + (entry (commit "10a193596368443f441077525ebbddf787d91e4b") (title (en "Linux-libre 4.14 removed due to end of upstream support") -- cgit v1.2.3 From 7fa8bf85208353b7847450313e98e647325b6545 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Tue, 12 Mar 2024 09:52:50 +0100 Subject: news: Give upgrade instructions for foreign distros. * etc/news.scm: Update entry. Change-Id: Ia7c326bc97042d92a8d499ee27dd41d15f1f0d29 --- etc/news.scm | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'etc') diff --git a/etc/news.scm b/etc/news.scm index b54eb47221..a19fed9a7d 100644 --- a/etc/news.scm +++ b/etc/news.scm @@ -47,6 +47,11 @@ sudo herd restart guix-daemon @end example +If you are using Guix on another distro, run @command{info \"(guix) Upgrading +Guix\"} or visit +@uref{https://guix.gnu.org/manual/devel/en/html_node/Upgrading-Guix.html} to +learn how to upgrade Guix. + See @uref{https://issues.guix.gnu.org/69728} for more information on this issue.") (fr "Une faille de sécurité du démon de compilation, @@ -63,6 +68,10 @@ sudo herd restart guix-daemon @end example +Pour voir comment mettre à jour Guix sur une autre distribution, lancer +@command{info \"(guix.fr) Mettre à niveau Guix\"} ou visiter +@uref{https://guix.gnu.org/manual/devel/fr/html_node/Mettre-a-niveau-Guix.html}. + Voir @uref{https://issues.guix.gnu.org/69728} pour plus d'informations sur cette anomalie."))) -- cgit v1.2.3 From 0547fe862cfdb53d408e777e6137d9222100cb50 Mon Sep 17 00:00:00 2001 From: Florian Pelz Date: Tue, 12 Mar 2024 09:33:13 +0100 Subject: news: Add 'de' translation. * etc/news.scm: Add German translation. Change-Id: Ia2a11f71cdee5ccbf2a7fbe176e713418771599e --- etc/news.scm | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) (limited to 'etc') diff --git a/etc/news.scm b/etc/news.scm index a19fed9a7d..d288b6efe1 100644 --- a/etc/news.scm +++ b/etc/news.scm @@ -31,6 +31,7 @@ (entry (commit "8f4ffb3fae133bb21d7991e97c2f19a7108b1143") (title (en "Daemon vulnerability allowing store corruption has been fixed") + (de "Schwachstelle im Daemon behoben, durch die der Store verfälscht werden konnte") (fr "Une faille du démon permettant de corrompre le dépôt a été corrigée")) (body (en "A vulnerability in the build daemon, @command{guix-daemon}, was @@ -54,6 +55,27 @@ See @uref{https://issues.guix.gnu.org/69728} for more information on this issue.") + (de "Eine Sicherheitslücke im Erstellungs-Daemon, +@command{guix-daemon}, wurde gefunden und geschlossen. Sie hatte es +unprivilegierten Nutzern ermöglicht, das Ergebnis einer @dfn{Ableitung mit +fester Ausgabe}, wie Quellcode-Tarballs und Git-Checkouts, zu manipulieren. +So war eine lokale Rechteausweitung möglich. + +Der Fehler ist behoben und wir raten Nutzern von Guix System, ihr System zu +aktualisieren mit einem Befehl wie: + +@example +sudo guix system reconfigure /run/current-system/configuration.scm +sudo herd restart guix-daemon +@end example + +Wenn Sie Guix auf einer anderen Distribution verwenden, erfahren Sie mit dem +Befehl @command{info \"(guix.de) Aktualisieren von Guix\"} oder auf +@uref{https://guix.gnu.org/manual/devel/de/html_node/Aktualisieren-von-Guix.html}, +wie Sie Guix aktualisieren. + +Siehe @uref{https://issues.guix.gnu.org/69728} für mehr Informationen zu dem +Fehler.") (fr "Une faille de sécurité du démon de compilation, @command{guix-daemon}, a été identifiée et corrigée. La faille permettait à un·e utilisateur·rice sans privilège de corrompre le résultat d'une -- cgit v1.2.3 From 4c94b9e983bc51d9504655f1e7727c4f6d14b6b7 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Tue, 12 Mar 2024 14:24:18 +0100 Subject: news: Update commit for fixed-output derivation vulnerability. * etc/news.scm: Update. Change-Id: Ia34408882f8928a0fd05acc12d4edc66b3dcb3b7 --- etc/news.scm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'etc') diff --git a/etc/news.scm b/etc/news.scm index d288b6efe1..ab7fa4c0d5 100644 --- a/etc/news.scm +++ b/etc/news.scm @@ -28,7 +28,7 @@ (channel-news (version 0) - (entry (commit "8f4ffb3fae133bb21d7991e97c2f19a7108b1143") + (entry (commit "ff1251de0bc327ec478fc66a562430fbf35aef42") (title (en "Daemon vulnerability allowing store corruption has been fixed") (de "Schwachstelle im Daemon behoben, durch die der Store verfälscht werden konnte") -- cgit v1.2.3 From 7319b4d5286d31a9c6a889e81af72308efdaab41 Mon Sep 17 00:00:00 2001 From: Tanguy Le Carrour Date: Fri, 23 Feb 2024 19:11:43 +0100 Subject: teams: Add Tanguy Le Carrour. * etc/teams.scm.in ("Tanguy Le Carrour"): New member. Change-Id: Ic1b1588a5a8bc67ee8e135c3069966f139374529 Signed-off-by: Christopher Baines --- etc/teams.scm | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'etc') diff --git a/etc/teams.scm b/etc/teams.scm index ac2886a6eb..570793b539 100755 --- a/etc/teams.scm +++ b/etc/teams.scm @@ -587,6 +587,10 @@ (define-member (person "Andreas Enge" "andreas@enge.fr") lxqt science tex) +(define-member (person "Tanguy Le Carrour" + "tanguy@bioneland.org") + python home) + (define-member (person "Tobias Geerinckx-Rice" "me@tobias.gr") core kernel mentors) -- cgit v1.2.3 From a8ba2f3507d03ec77506a03bf84d62f9cb439f8e Mon Sep 17 00:00:00 2001 From: Maxim Cournoyer Date: Tue, 12 Mar 2024 14:35:48 -0400 Subject: teams: qt: Remove erroneous comment at top of scripts. * etc/teams/qt/common.scm: Remove erroneous comment. * etc/teams/qt/qt-manifest.scm: Likewise. * etc/teams/qt/qt5-manifest.scm: Likewise. Change-Id: I87a0ea669caa0ba5049b48a4f04fda58518c3f05 --- etc/teams/qt/common.scm | 4 ---- etc/teams/qt/qt-manifest.scm | 4 ---- etc/teams/qt/qt5-manifest.scm | 4 ---- 3 files changed, 12 deletions(-) (limited to 'etc') diff --git a/etc/teams/qt/common.scm b/etc/teams/qt/common.scm index 8e11ac220b..4735b408d0 100644 --- a/etc/teams/qt/common.scm +++ b/etc/teams/qt/common.scm @@ -16,10 +16,6 @@ ;;; You should have received a copy of the GNU General Public License ;;; along with GNU Guix. If not, see . -;;; This file returns a manifest of packages related to linux-libre. -;;; Simplistically, it selects packages whose names begin with "linux-libre". -;;; It is used to assist continuous integration of the kernel packages. - (use-modules (guix packages) (guix profiles) (guix utils) diff --git a/etc/teams/qt/qt-manifest.scm b/etc/teams/qt/qt-manifest.scm index 0d8fa95bfe..22078530a7 100644 --- a/etc/teams/qt/qt-manifest.scm +++ b/etc/teams/qt/qt-manifest.scm @@ -16,10 +16,6 @@ ;;; You should have received a copy of the GNU General Public License ;;; along with GNU Guix. If not, see . -;;; This file returns a manifest of packages related to linux-libre. -;;; Simplistically, it selects packages whose names begin with "linux-libre". -;;; It is used to assist continuous integration of the kernel packages. - (load "common.scm") ;;; Commentary: diff --git a/etc/teams/qt/qt5-manifest.scm b/etc/teams/qt/qt5-manifest.scm index 34fdf479bf..2b25888d4b 100644 --- a/etc/teams/qt/qt5-manifest.scm +++ b/etc/teams/qt/qt5-manifest.scm @@ -16,10 +16,6 @@ ;;; You should have received a copy of the GNU General Public License ;;; along with GNU Guix. If not, see . -;;; This file returns a manifest of packages related to linux-libre. -;;; Simplistically, it selects packages whose names begin with "linux-libre". -;;; It is used to assist continuous integration of the kernel packages. - (load "common.scm") ;;; Commentary: -- cgit v1.2.3