* doc/contributing.text: bump minimum required version of guile-git from
0.5.0 to 0.10.0, required by 86022e994e.
* po/doc/guix-manual.*: update translations as well.
Change-Id: I8cc8fd720cc71fbe17e2e530f7411b9c888ba0f6
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* doc/guix.texi (Build Systems) [cargo-build-system]: Add cross-reference for
the term "Cargo workspaces".
* doc/contributing.texi (Packaging Guidelines)[Rust Crates]: Update
documentation.
* doc/guix-cookbook.texi (Packaging)[Packaging Workflow]: New section.
* gnu/packages/rust-crates.scm,
* gnu/packages/rust-sources.scm: Stop mentioning guix-rust-registry for now, we
may remove the repository if future merges are managed well.
Change-Id: Ic0c6378cf5f5df97d6f8bdd040b486be62c7bddc
* guix/build-system/cargo.scm (lower): Emit warning when using #:cargo-inputs
or #:cargo-development-inputs.
* doc/guix.texi (Build Systems)[cargo-build-system]: Deprecate #:cargo-inputs
and #:cargo-development-inputs.
Change-Id: I43ed66e04c55368159aed309367c4ac278d8cc58
*guix/build-system/cargo.scm (cargo-build, cargo-cross-build)
[#:cargo-install-paths]: New argument.
* guix/build/cargo-build-system.scm (install): Use it.
* doc/guix.texi (Build Systems)[cargo-build-system]: Document it.
Change-Id: I74ed1972a5716da05afeac8edb2b0e4b6834bf40
* guix/build-system/cargo.scm (cargo-build, cargo-cross-build)
[#:cargo-package-crates]: New argument.
* guix/build/cargo-build-system.scm (package): Use it.
* doc/guix.texi (Build Systems)[cargo-build-system]: Document it.
Change-Id: I45ccd95e90827d47127015cb0bda2d41f792335b
This makes sure that, prior to the upgrade commands, the guix-daemon is run
from /var/guix/profiles/per-user/root/current-guix/bin/guix-daemon instead of
/usr/bin/guix-daemon.
* doc/guix.texi (Upgrading Guix): Add instructions for distro packages.
Change-Id: I71df3603cffc5d20b6a77241b0c384872b54ec83
Signed-off-by: Maxim Cournoyer <maxim@guixotic.coop>
At least on distributions based on Arch Linux and Debian, the given command to
update the daemon doesn't work because the systemd service runs
/usr/bin/guix-daemon instead of
@localstatedir@/guix/profiles/per-user/root/current-guix/bin/guix-daemon.
* doc/guix.texi (Upgrading Guix): Tell that the command works if Guix was
installed with guix-install.sh.
Change-Id: I2360a9dc9a5b23f28e25402b92724f51d9ed3937
Signed-off-by: Maxim Cournoyer <maxim@guixotic.coop>
* guix/build/cmake-build-system.scm (configure): Add and use generator
field to configure the build system. Create and use CMake variable cache
file. Set the CMake variable BUILD_TESTING to the value of TESTS? so
that a package can optionally build tests. Set CMAKE_COLOR_DIAGNOSTICS
to ON. Set max load for parallel builds.
(build, install): New function.
(check): Replace call to gnu-build's non-parallelizable check with
function using cmake's ctest.
(%standard-phase): Add new build and install functions as phases.
* guix/build-system/cmake.scm (cmake-build, cmake-cross-build),
* guix/build-system/qt.scm (qt-build, qt-cross-build): Add generator
and test-exclude fields and remove unused test-target field.
* doc/guix.texi: Document new parameters.
* guix/build-system/cmake.scm (cmake-build),
* guix/build-system/qt.scm (qt-build): Add ninja to build-inputs.
Change-Id: Ifa8174c91f0fdc030ac5813e98f7c21cba1a7725
* doc/guix.texi (Networking Services): Fix tor-onion-service-configuration
description which was broken in commit 9be1ee6a49 when documentation was
changed to indicated that port-location mappings should be provided as cons
cells when the code always expected lists
Change-Id: Ib12d273cbd37976f9507a60a6d088078f71d4e7a
Signed-off-by: Danny Milosavljevic <dannym@friendly-machines.com>
A new alias as been added to the nginx configuration to improve consistency.
* doc/guix.texi (Binary Installation): Replace https://guix.gnu.org/install.sh
with https://guix.gnu.org/guix-install.sh.
Closes: #573
Change-Id: Iaf1da338b5d6433e9e7b1459db3587bf7a44ad79
Reported-by: Artyom V. Poptsov <poptsov.artyom@gmail.com>
Some keyword arguments were missing, some had wrong default values. This
commit updates the documentation to match the code.
* doc/guix.texi (G-Expressions)[computed-file]: Use @var. Document #:guile.
[gexp->script]: Fix default value for #:target.
[gexp->file]: Document #:system and #:target.
Change-Id: Ie92a57fe1c3b45d1c7a5e8865fcf291c5f590c11
Signed-off-by: Janneke Nieuwenhuizen <janneke@gnu.org>
Fixes <https://issues.guix.gnu.org/70826>.
When using ‘luks-device-mapping-with-options’, procedures such as
‘operating-system-boot-mapped-devices’ would fail to identify LUKS
mapped devices because they would check whether the mapped device type
is ‘eq?’ to ‘luks-device-mapping’.
This addresses that by ensuring mapped devices are always of the
‘luks-device-mapping’ type, even when different options are used.
* gnu/system/mapped-devices.scm (close-luks-device): Add #:rest.
(luks-device-mapping-with-options): Deprecate.
* gnu/tests/install.scm (%encrypted-home-os-key-file): Update
accordingly.
* doc/guix.texi (Mapped Devices): Document use of the ‘arguments’ field
of ‘luks-device-mapping’. Remove ‘luks-device-mapping-with-options’
documentation.
(Bootloader Configuration): Update example with key file in extra
initrd.
Change-Id: I5442908cb8ef4e3891dbb053cccf5e42b895486f
Reported-by: Tadhg McDonald-Jensen <tadhgmister@gmail.com>
Fixes <https://issues.guix.gnu.org/70826>.
This allows users to specify extra arguments specific to the underlying
mapped device type.
* gnu/system/mapped-devices.scm (<mapped-device>)[arguments]: New field.
(device-mapping-service-type): Honor it.
* guix/scripts/system.scm (check-mapped-devices): Likewise.
* gnu/system/linux-initrd.scm (raw-initrd): Likewise.
* doc/guix.texi (Mapped Devices): Document it.
Reported-by: 45mg <45mg.writes@gmail.com>
Change-Id: Idef5a3e68535c412f13bae9a92c81c49053d4f4a
Fixes a regression introduced in
824d46a2fe.
* doc/build.scm (stylized-html)[build]: Avoid double leading slash for
‘language-picker.svg’.
Change-Id: I0817949862f061dbbe04352bda1e479347015c84
This is useful when testing changes locally, so that CSS links point to
the right place.
* doc/build.scm (%web-site-url): Default to /.
(%manual-css-url): Honor ‘%web-site-url’.
Change-Id: I8d885eba0fb8560dd7da7f21629c716a06c16b1f
* doc/contributing.texi (Bulk Updates): Capitalize title. Leave two
spaces after end-of-sentence period. Use @dots{} instead of showing
full store file names, as per ‘assert-no-store-file-names’ target.
Fix typo.
Change-Id: Iceb0079ec35fda95280afff1c0d4b2cd84717b96
Previously, the builder of a fixed-output derivation could communicate with an
external process via an abstract Unix-domain socket. In particular, it could
send an open file descriptor to the store, granting write access to some of
its output files in the store provided the derivation build fails—the fix for
CVE-2024-27297 did not address this specific case. It could also send an open
file descriptor to a setuid program, which could then be executed using
execveat to gain the privileges of the build user.
With this change, fixed-output derivations other than “builtin:download”
and “builtin:git-download” always run in a separate network namespace
and have network access provided by a TAP device backed by slirp4netns,
thereby closing the abstract Unix-domain socket channel.
* nix/libstore/globals.hh (Settings)[useHostLoopback, slirp4netns]: new
fields.
* config-daemon.ac (SLIRP4NETNS): new C preprocessor definition.
* nix/libstore/globals.cc (Settings::Settings): initialize them to defaults.
* nix/nix-daemon/guix-daemon.cc (options): add --isolate-host-loopback option.
* doc/guix.texi: document it.
* nix/libstore/build.cc (DerivationGoal)[slirp]: New field.
(setupTap, setupTapAction, waitForSlirpReadyAction, enableRouteLocalnetAction,
prepareSlirpChrootAction, spawnSlirp4netns, haveGlobalIPv6Address,
remapIdsTo0Action): New functions.
(initializeUserNamespace): allow the guest UID and GID to be specified.
(DerivationGoal::killChild): When ‘slirp’ is not -1, call ‘kill’.
(DerivationGoal::startBuilder): Unconditionally add CLONE_NEWNET to FLAGS.
When ‘fixedOutput’ is true, spawn ‘slirp4netns’.
When ‘fixedOutput’ and ‘useChroot’ are true, add setupTapAction,
waitForSlirpReadyAction, and enableRouteLocalnetAction to builder setup
phases.
Create a /etc/resolv.conf for fixed-output derivations that directs them to
slirp4netns's dns address.
When settings.useHostLoopback is true, supply fixed-output derivations with a
/etc/hosts that resolves "localhost" to slirp4netns's address for accessing
the host loopback.
* nix/libutil/util.cc (keepOnExec, decodeOctalEscaped, sendFD, receiveFD,
findProgram): New functions.
* nix/libutil/util.hh (keepOnExec, decodeOctalEscaped, sendFD, receiveFD,
findProgram): New declarations.
* gnu/packages/package-management.scm (guix): add slirp4netns input for linux
targets.
* tests/derivations.scm (builder-network-isolated?): new variable.
("fixed-output derivation, network access, localhost", "fixed-output
derivation, network access, external host"):
skip test case if fixed output derivations are isolated from the network.
Change-Id: Ia3fea2ab7add56df66800071cf15cdafe7bfab96
Signed-off-by: John Kehayias <john.kehayias@protonmail.com>
* doc/contributing.texi (Submitting Patches): Describe the two options,
Codeberg and Debbugs.
(Sending a Patch Series): Add deprecation warning.
(The Issue Tracker): Mention Codeberg.
(Managing Patches and Branches): Remove initial reference to
guix-patches.
(Debbugs User Interfaces): Add deprecation warning.
(Reviewing the Work of Others): Mention pull request approval.
Change-Id: Ibf21e8923e555db1e14107ad87a65bf45f9f3fc3
