Fixes#419 where the same search path is used multiple times, leading to the
last one overriding the previous one.
The solution relies on the #$profile/etc/profile file that is already verified
and in case of errors, it is just one place to repair instead of repairing at
multiple places, like in singularity-environment-file
* guix/pack.scm (singularity-environment-file): Source #$profile/etc/profile
Reported-by: Alexis Simon <alexis.simon@runbox.com>
Change-Id: Ic304fef99ad34d83e4e10cdd2b26d3b1802b5251
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
This commit prevents Guix substitute servers from distributing binaries
which are marked non-substitutable. This prevents substitute servers
from accidentally committing copyright violations by distributing
binaries that are non-substitutable for copyright reasons.
* guix/scripts/publish.scm (render-nar): Query the derivers of
‘store-path’ and do nothing if one of them does not match
‘substitutable-derivation?’.
* tests/publish.scm ("non-substitutable derivation"): New test.
Change-Id: Iaca81f5bdb430a12a3ad41e9b83e0bcc535af607
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Modified-by: Ludovic Courtès <ludo@gnu.org>
Fixes <https://issues.guix.gnu.org/78210>.
This patch adds the /gnu and /gnu/store directories to the Docker layer
created by ‘guix pack -f docker …’, which enables the Docker image to be
used to create an AWS Lambda function. Without the patch, creating the
AWS Lambda function fails with this error:
"MissingParentDirectory: Parent directory does not exist for file: gnu/store/…-info-dir/"
* guix/scripts/pack.scm (docker-image)[build]: Add store directory to
the docker layer.
* guix/docker.scm (build-docker-image): Change order of arguments to
‘tar’ so parent directories are added before their contents.
Change-Id: I2b103c59981e828c965564ccc5d2415b00a7e52e
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* guix/scripts/environment.scm (launch-environment/container): Add
/run/user/UID to ‘file-systems’.
* tests/guix-environment-container.sh: Test it.
Change-Id: I44c70a7554a06f40d073c25929ea7c6ded356d08
* guix/scripts/refresh.scm (update-specification->update-spec): Flag the
update-spec as partial when it is prefixed with '~'.
* tests/guix-refresh.sh: Test it. Remove extraneous 'guix refresh'
invocation.
* doc/guix.texi (Invoking guix refresh): Document it.
Change-Id: Iab4482d9367105f6ffcd2d6a49148736c93d53e4
Reviewed-by: Florian Pelz <pelzflorian@pelzflorian.de>
Reviewed-by: Ludovic Courtès <ludo@gnu.org>
* guix/scripts/environment.scm (file-name-equal-or-under?): New procedure.
(override-user-mappings, override-user-dir): Use it.
Change-Id: Iadd9b838f6442a8080998ed7e07414db562068bf
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Fixes <https://issues.guix.gnu.org/78272>.
Fixes a bug caused by commit ce363c1dc7,
which inadvertently made /tmp read-only as well.
* guix/scripts/environment.scm (launch-environment/container)[tmpfs]:
New variable.
Add it to ‘file-systems’.
* guix/scripts/home.scm (spawn-home-container): Add /tmp file system
to #:mounts.
* tests/guix-environment-container.sh: Add test.
Reported-by: Tomas Volf <~@wolfsden.cz>
Change-Id: I5cb449e6d0c213d4b5866cbcbd14990437a7d4c5
* gnu/build/linux-container.scm (run-container): Add #:loopback-network?
and honor it via #:populate-file-system.
(call-with-container): Add #:loopback-network? and pass it to
‘run-container’.
* guix/scripts/environment.scm (launch-environment/container): Remove
call to ‘set-network-interface-up’ and remove generation of /etc/hosts.
* guix/scripts/home.scm (spawn-home-container): Likewise.
Change-Id: I5933a4e8dc6d8e19235a79696b62299d74d1ba21
This is an incompatible change where the root file system in
‘guix shell -C’ is now read-only by default.
* guix/scripts/environment.scm (show-environment-options-help)
(%options): Add ‘--writable-root’.
* guix/scripts/environment.scm (setup-fhs): Invoke /sbin/ldconfig; moved
from…
(launch-environment): … here.
(launch-environment/container): Add #:writable-root? and pass it to
‘call-with-container’. Move root file system setup to #:populate-file-system.
(guix-environment*): Honor ‘--writable-root’.
* tests/guix-environment-container.sh: Test it.
* doc/guix.texi (Invoking guix shell): Document ‘--writable-root’.
(Debugging Build Failures): Mention it before “rm /bin/sh”.
Change-Id: I2e8517d6f01eb8093160bffc0f9f56071ad6fee6
Reviewed-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
* guix/scripts/home.scm (spawn-home-container): Move creation of
accounts, /etc/hosts, /tmp, and HOME-DIRECTORY from the first argument
of ‘eval/container’ to #:populate-file-system. Remove #:writable-root?.
* tests/guix-home.sh: Test that the root file system is read-only.
Change-Id: Icda54706321d51b95b563c86c3fb2238cc65ee20
Until now, the read-only file system set up by ‘call-with-container’
would always be writable. With this change, it can be made read-only.
With this patch, only ‘least-authority-wrapper’ switches to a read-only
root file system.
* gnu/build/linux-container.scm (remount-read-only): New procedure.
(mount-file-systems): Add #:writable-root? and #:populate-file-system
and honor them.
(run-container): Likewise.
(call-with-container): Likewise.
* gnu/system/linux-container.scm (container-script): Pass #:writable-root?
to ‘call-with-container’.
(eval/container): Add #:populate-file-system and #:writable-root? and
honor them.
* guix/scripts/environment.scm (launch-environment/container):
Pass #:writable-root? to ‘call-with-container’.
* guix/scripts/home.scm (spawn-home-container): Likewise.
* tests/containers.scm ("call-with-container, mnt namespace, read-only root")
("call-with-container, mnt namespace, writable root"): New tests.
Change-Id: I603e2fd08851338b737bb16c8af3f765e2538906
Code in `ui.scm' in `initialize-guix' procedure changes the handling of
SIGPIPE to SIG_IGN. So restore the handling to SIG_DFL so that process
executed will have the usual action. Technically we should record what the
handling was, and restore it to the previous value, but that would be much
more invasive change.
Always setting it to SIG_DFL is at least less surprising than always setting
to SIG_IGN.
* guix/scripts/environment.scm (launch-environment): Restore default action
for SIGPIPE.
Change-Id: Ifabae1d3e71aa44e63078cea5bd3824b8f61ba14
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* guix/scripts/home.scm (process-action): Handle operating-system declaration
and extract home environment for current user.
* doc/guix.texi (Guix Services)[Guix Home Service]: Document it.
Change-Id: I995f79c2549e6edc76322542d0422159e0b79996
Reviewed-by: Maxim Cournoyer <maxim.cournoyer@gmail>
Fixes <https://issues.guix.gnu.org/76141>.
* guix/scripts/locate.scm (guix-locate): Use writable db when --clear is given.
Change-Id: I2e4e945cef022b08dd6af4c252e67c2a4d5bf38c
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Fixes <https://issues.guix.gnu.org/77606>.
Calling ‘fdatasync’ for each and every narinfo file created by ‘guix
substitute’ proved to be too expensive on spinning HDDs and/or under
load (from 0.1s to 1.3s for the ‘fdatasync’ call alone).
* guix/git-authenticate.scm (cache-authenticated-commit): Pass #:sync? #f.
* guix/http-client.scm (http-fetch/cached): Likewise.
* guix/scripts/discover.scm (write-publish-file): Likewise.
* guix/scripts/style.scm (format-whole-file): Likewise.
* guix/substitutes.scm (cache-narinfo!): Likewise.
Reported-by: Christopher Baines <mail@cbaines.net>
Change-Id: I82297eae737bc5aae8a3f7604119e9f3d4b625bf
This is a follow-up to commit 79a46d6537 ("gnupg: Automatically fallback to
'always policy when non-interactive."), which introduced the following
problem:
guix refresh --update libvirt
-> guix refresh: error: invalid key-download policy: #f
* guix/scripts/refresh.scm (%default-options): Set default key-download option
value to 'auto.
(%options): Accept auto as a valid value from the command line.
Change-Id: I45ceee8e07d1a3a3c377e12ed017813f92289565
Partly fixes <https://issues.guix.gnu.org/76315>.
Fixes a bug whereby a service whose canonical name has changed would not
be restarted—e.g., if '(syslogd) has a replacement providing
'(system-log syslogd).
* gnu/services/shepherd.scm (shepherd-service-upgrade)[running?]:
Remove.
[to-restart]: Change to a subset of LIVE. Look up all the names of each
element of TARGET.
* guix/scripts/system/reconfigure.scm (upgrade-shepherd-services):
TO-RESTART is now a list of <live-service>; adjust accordingly.
* tests/services.scm ("shepherd-service-upgrade: one unchanged, one upgraded, one new"):
("shepherd-service-upgrade: service depended on is not unloaded"):
("shepherd-service-upgrade: obsolete services that depend on each other"):
("shepherd-service-upgrade: transient service"): Adjust accordingly.
("shepherd-service-upgrade: service has new canonical name"): New test.
Reported-by: Tomas Volf <~@wolfsden.cz>
Change-Id: I7cec495b4e824da5fad5518f039607cf92f935d9
So that this is evaluated when the main part of the script runs.
I'm looking at this to allow using setaffinity in the publish tests.
* guix/scripts/publish.scm (%default-options): Remove workers default.
(guix-publish): Move the default to here.
Change-Id: I83cd0d048f2641291b5bd8a932b479b23dd92d29
* guix/scripts/build.scm (options->things-to-build): Wrap the manifest
build option with the result of the '--system' option.
Change-Id: I1c3ff93af56bb659ddc00e1872c769cfc5e7a0d5
* guix/import/utils.scm (find-version): New procedure.
* guix/scripts/refresh.scm (<update-spec>) [partial?]: New field.
(update-spec-partial?): New accessor.
(update-spec): Add a PARTIAL? optional argument.
(update-specification->update-spec) <update-spec>: Call with its new PARTIAL?
optional argument when FALLBACK-VERSION is provided, i.e. when
'--target-version' was used.
(update-package): Remove the PACKAGE and VERSION positional arguments, and
replace them with UPDATE-SPEC. Update doc. Call `package-update' with its
new #:partial-version? argument.
(check-for-package-update) <package-latest-release>: Pass the new
#:partial-version? argument to it.
(guix-refresh) <update-package>: Adjust call accordingly.
(show-help): Udate doc.
* guix/upstream.scm (package-latest-release): Add #:partial-version? argument,
and apply it to the importer call.
(package-update): Add #:partial-version?> argument. Update doc. Pass it to
the `package-latest-release' call.
* guix/gnu-maintenance.scm (rewrite-url): Add #:partial-version? argument.
Update doc. Crawl URL for newer compatible versions when provided.
(import-html-release): Add #:partial-version? argument, and pass it to the
`rewrite-url' call. Use `find-version' to find the best version.
(import-release, import-ftp-release, import-gnu-release)
(import-release*): Add #:partial-version? argument and honor it.
(import-html-updatable-release): Add #:partial-version? argument, and pass it
to the `import-html-release' call.
* guix/import/gnome.scm (import-gnome-release)
<#:partial-version?>: Add new argument and honor it.
* guix/import/texlive.scm (latest-texlive-tag): Rename to...
(texlive-tags): ... this, and have it return all tags.
(texlive->guix-package): Adjust accordingly.
(latest-release): Add a #:partial-version? argument. Update doc.
* guix/import/stackage.scm (latest-lts-release): New #:partial-version?
argument.
* guix/import/pypi.scm (import-release): New #:partial-version? argument; pass
it to `pypi-package->upstream-source'.
* guix/import/opam.scm (latest-release): New #:partial-version? argument.
* guix/import/minetest.scm (latest-minetest-release): New #:partial-version?
argument.
(pypi-package->upstream-source): New #:partial-version? argument. Update doc.
* guix/import/launchpad.scm (latest-released-version): Rename to...
(release-versions): ... this, making it return all versions.
(import-release) <#:partial-version?>: New argument.
* guix/import/kde.scm (import-kde-release)
<#:partial-version?>: New argument. Update doc. Refactor to honor argument.
* guix/import/hexpm.scm (lookup-hexpm): Update doc.
(hexpm-latest-release): Rename to...
(hexpm-releases): ... this; return all release strings.
(hexpm->guix-package): Adjust accordingly.
(import-release): Add and honor a #:partial-version? argument. Update doc.
* guix/import/hackage.scm (import-release): New #:partial-version? argument.
* guix/import/cpan.scm (latest-release): New #:partial-version? argument.
* guix/import/crate.scm (max-crate-version-of-semver): Improve doc.
(import-release): Add a #:partial-version? argument and honor it.
* guix/import/egg.scm (find-latest-version): Rename to...
(get-versions): ... this, returning all versions.
(egg-metadata): Adjust accordingly.
(egg->guix-package): Likewise.
(import-release): Add a new #:partial-version? argument and honor it.
* guix/import/elpa.scm (latest-release): New #:partial-version? argument.
* guix/import/gem.scm (get-versions): New procedure.
(import-release): Add a new #:partial-version? argument and honor it.
* guix/import/git.scm (version-mapping): Update doc; streamline a bit.
(latest-tag): Rename to...
(get-tags): ... this, dropping the #:version keyword and returning the complete
tags alist. Update doc.
(latest-git-tag-version): Rename to...
(get-package-tags): ... this, returning the complete tags alist of the
package. Update doc.
(import-git-release): Add a new #:partial-version? argument and honor it.
Update doc.
* guix/import/github.scm (latest-released-version): Rename to...
(get-package-tags): ... this, returning all tags. Update doc.
(import-release): Add a new #:partial-version? argument and honor it.
* guix/import/cran.scm (latest-cran-release)
(latest-bioconductor-release): Add #:partial-version? argument.
* guix/import/composer.scm (latest-version): Delete procedure.
(composer-fetch): Add #:partial-version? keyword and honor it. Update doc.
(import-release): Likewise.
* guix/import/test.scm (import-release): Add #:partial-version? argument.
* tests/guix-refresh.sh: Add test.
* tests/gem.scm (test-foo-versions-json): New variable.
(package-latest-release): Mock new URL.
* tests/import-git.scm (latest-git-tag-version): New procedure.
* tests/gnu-maintenance.scm (libuv-dist-html)
(libuv-dist-1.46.0-html, libuv-dist-1.44.2-html)
(libuv-html-data): New variables.
(mock-http-fetch/cached): New procedure.
("rewrite-url, without to-version"): Rewrite using the above.
("rewrite-url, partial to-version"): New test.
* doc/guix.texi <"Invoking guix refresh">: Update doc.
Series-to: 75871@debbugs.gnu.org
Change-Id: I092a58b57ac42e54a2fa55e7761e8c6993af8ad4
Previously to this change, the 'guix refresh' download
policy (--key-download)would default to 'interactive', which would throw a
backtrace when guix was invoked with its stdin not connected to a peusdo
terminal (tty). This change makes the new default value 'auto' use
interactive only in an interactive environment, with 'always' used as
fallback.
* doc/guix.texi (Invoking guix refresh): Adjust doc.
* etc/completion/fish/guix.fish: Adjust accordingly.
* etc/completion/zsh/_guix (_guix_list_installed_packages): Likewise.
* guix/gnupg.scm (gnupg-verify*): Change default #:key-download argument value
to 'auto. Update doc. Validate argument. Raise an error in case read-line
returns #<eof>.
* guix/import/gnu.scm (gnu-package->sexp): <#:key-download>: Change default
value to 'auto.
* guix/import/gnu.scm (gnu->guix-package): <#:key-download>: Likewise.
* guix/scripts/import/gnu.scm (%options): Add "auto" to accepted
--key-download values.
(%default-options): Set default key-download option to the 'auto value.
(show-help): Update doc.
* guix/scripts/refresh.scm (show-help): Update doc.
(update-package) <#:key-download>: Change default value to 'auto. Update doc.
* guix/upstream.scm (download-tarball): <#:key-download>: Likewise.
(package-update): Likewise.
Change-Id: Id1ca8fd6d453ca4bc5b372534445e3beab9133a8
Fixes: https://issues.guix.gnu.org/76112
Reviewed-by: Ludovic Courtès <ludo@gnu.org>
* guix/scripts/style.scm (order-packages): Match comments before package
S-exp. and its fields. Match in let. Match package/inherit.
* tests/guix-style.sh: Add pkg-baz variable and package/inherit to test.
Change-Id: I48a5976930501c20415b5413966b5294958bc23b
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* guix/scripts/style.scm (order-packages): Combine package-name and
package-version procedures into package-fields.
(format-whole-file): Do not sort copyright headers or module definition.
Change-Id: I5507bf8ed221f7017f972f0e0e64d149bea4854b
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* gnu/home.scm (%base-home-services): New variable.
(<home-environment>)[services]: Change default to ‘%base-home-services’.
* guix/scripts/home/import.scm (manifest+configuration-files->code): Use
‘%base-home-services’ by default.
* tests/home-import.scm (match-home-environment-no-services)
(match-home-environment-transformations)
(match-home-environment-no-services-nor-packages)
(match-home-environment-bash-service)
(match-home-environment-bash-service-with-alias): Adjust accordingly.
* doc/he-config-bare-bones.scm: Use ‘%base-home-services’.
* doc/guix.texi (Declaring the Home Environment): Add index entry for
‘%base-home-services’.
Change-Id: Id95ede62b97a976aad138bfc4b63fc0bdf37c7de
This flag is unsupported in Linux 6.6 and causes ‘kexec_file_load’ to
fail with EINVAL.
Fixes <https://issues.guix.gnu.org/75211>.
* guix/scripts/system/reconfigure.scm (kexec-loading-program): Remove
KEXEC_FILE_DEBUG.
* guix/build/syscalls.scm (KEXEC_FILE_DEBUG): Add comment.
Suggested-by: nathan <nathan_mail@nborghese.com>
Reported-by: Simen Endsjø <contact@simendsjo.me>
Change-Id: Ia48be7f4cfa9c6352908e4bea6472cd648f866ed
This allows rebooting straight into the new system with ‘reboot -k’.
* guix/scripts/system/reconfigure.scm (kexec-loading-program)
(load-system-for-kexec): New procedures.
* gnu/tests/reconfigure.scm (run-kexec-test): New procedure.
(%test-upgrade-kexec): New variable.
* guix/scripts/system.scm (perform-action): Add #:load-for-kexec?.
Call ‘load-system-for-kexec’.
(show-help, %options): Add ‘--no-kexec’.
(%default-options): Add ‘load-for-kexec?’.
(process-action): Honor it and pass it to ‘perform-action’.
* gnu/machine/ssh.scm (deploy-managed-host): Add call to
‘load-system-for-kexec’.
* doc/guix.texi (Invoking guix system): Document it.
Change-Id: I86d11f1c348e4359bc9e73c86e5aebff60fe875c
Until now ‘--no-check-certificate’ had no effect when combined with
‘--git’. This can be tested with:
guix shell libfaketime -- faketime 2019-01-01 \
guix download --no-check-certificate --git \
https://git.savannah.gnu.org/git/shepherd.git
* guix/scripts/download.scm (git-download-to-file): Add #:verify-certificate?
and honor it.
(git-download-to-store*): Likewise.
(add-git-download-option): Likewise.
(%options): Likewise.
Change-Id: Ib3905398199d814a02319ed3328eb8a4ed219bd5
* guix/scripts/deploy.scm (show-help): Add help.
(%options): Add -e and --expression.
(guix-deploy): Use expression and check for invalid flag combinations.
Change-Id: I200c9ff0c9a8c686efff4a21cd33c10429f3c73e
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
