Fixesguix/guix#1901.
Previously, ‘guix gc --list-busy’ (which is invoked by ‘guix-daemon’) would
open a connection to the daemon, which in turn attempts to create
/var/guix/profiles/per-user/$USER. However, when ‘guix-daemon‘ is running as
an unprivileged user, creating that directory fails with EPERM. Because of
this, garbage collection would always fail when running the unprivileged
daemon on Guix System.
* guix/scripts/gc.scm (guix-gc): Remove upfront call to ‘open-connection’.
Instead, use ‘with-store’ only for operations that require it.
Change-Id: I1fbfd97cf7ba9e3087f7287b4776ea2f6623400d
This reverts commit a7db92d9b3, this time with
the more careful command, to avoid a world rebuild:
grep -rl --exclude-dir=build --exclude-dir=patches --exclude=ld-wrapper.in \
--exclude=sitecustomize.py --exclude=guix-emacs.el maxim.cournoyer@gmail.com |
xargs sed -i 's/maxim.cournoyer@gmail.com/maxim@guixotic.coop/g'
Change-Id: I0871f5cf9ace79e34e78e24154d0da6ea95a3a91
The change was automated via:
git grep -l maxim.cournoyer@gmail.com |
xargs sed -i 's/maxim.cournoyer@gmail.com/maxim@guixotic.coop/g'
* .mailmap: New entry.
Change-Id: Iaa88b1e51c94159c49138fb43910badb990eb169
* guix/scripts/home.scm (spawn-home-container): Add ‘options’ field to
the /run/user/$UID and ‘home-directory’ file systems.
Change-Id: Ic6d987fe186f9c49718f15c71867953a20f2fb68
"guix perform-download" is used to implement the daemon's "download" and
"git-download" builtin builders. Because these are builtins, it runs without
any additional isolation beyond merely running as a build user. In such a
context, allowing arbitrary user-supplied code to be evaluated will easily
lead to the build user being taken over, which can then be used to corrupt
future builds, enable exploitation of certain vulnerabilities, and in the case
of the rootless daemon completely take over guix-daemon.
Use (ice-9 sandbox) to ensure that only safe bindings are available during the
evaluation of the content-addressed-mirrors file.
* guix/perform-download.scm (%safe-bindings, %sandbox-module): new variables.
(syntax-noop): new syntax.
(eval-content-addressed-mirrors, assert-store-file,
call-with-input-file/no-symlinks): new procedures.
(perform-download): use assert-store-file to ensure files are in the store
before being read. Use call-with-input-file/no-symlinks for opening
untrusted files. Use eval-content-addressed-mirrors to evaluate the
content-addressed-mirrors file.
Change-Id: I8ed27a95d84dbcc7d72d0d75f172d113f8be6c79
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Since this is used to implement the "download" and "git-download" builtins,
which are run outside of any chroot, this is trusted code with respect to the
user-supplied strings it reads.
* guix/scripts/perform-download.scm (read/safe): new procedure.
(perform-download, perform-git-download): use it.
(guix-perform-download): explicitly set 'read-eval?' to #f and
'read-hash-procedures' to '(). #f is the default value of 'read-eval?' on
startup, but set it anyway to be certain.
Change-Id: I93cb8e32607a6f9a559a26c1cbd6b88212ead884
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
So that importers can adjust the file before inserting.
* guix/scripts/import.scm (%standard-import-options): Add ‘--file-to-insert’.
(guix-import): Pass it to importers when ‘--insert’ is set.
Change-Id: I8e7a18ee8e0f96d7fc5688a207a7a5390ad2fa30
* guix/utils.scm (find-definition-location): New procedure.
(find-definition-insertion-location): Define with it.
* guix/scripts/import.scm (import-as-definitions, guix-import): Support
expressions defined by 'define.
Change-Id: I03118e1a3372028b4f0530964aba871b4a1a4d25
For consistency with ‘insert-expression’.
* guix/scripts/import.scm (guix-import): Add two newlines after inserting.
Change-Id: I55b45ca137d175fdf6ee5c0bb2b6b1ca8385750d
* guix/scripts/offload.scm (choose-build-machine): Display amount of
free space using more specific units.
(check-machine-status): Same.
Change-Id: I93ebbf3115f15dacf57be7e63350bfbe8a3974b6
* guix/ui.scm (number->size): New procedure.
* guix/scripts/gc.scm (guix-gc)[actions]: Display the amount of
collected-garbage using more specific units.
[ensure-free-space]: Display the size using an appropriate size unit.
* nix/libstore/gc.cc (deletePathRecursive, removeUnusedLinks): Same.
* nix/libstore/optimise-store.cc (showBytes): Move function ...
* nix/libstore/misc.cc: ... to here. Expand to adjust the output based
on the amount of bytes received.
Change-Id: Idceb1a13f8e45f959d327f53d1a8accb29d2678b
Fixes <https://issues.guix.gnu.org/70826>.
This allows users to specify extra arguments specific to the underlying
mapped device type.
* gnu/system/mapped-devices.scm (<mapped-device>)[arguments]: New field.
(device-mapping-service-type): Honor it.
* guix/scripts/system.scm (check-mapped-devices): Likewise.
* gnu/system/linux-initrd.scm (raw-initrd): Likewise.
* doc/guix.texi (Mapped Devices): Document it.
Reported-by: 45mg <45mg.writes@gmail.com>
Change-Id: Idef5a3e68535c412f13bae9a92c81c49053d4f4a
Fixesguix/guix#664.
This is necessary when running ‘guix-daemon’ as an unprivileged user and
also when running ‘guix weather’ as an unprivileged user.
* guix/pki.scm (ensure-acl): Make ‘%acl-file’ #o644.
* guix/scripts/archive.scm (authorize-key): Likewise.
* guix/ssh.scm (remote-authorize-signing-key): Likewise.
Change-Id: I3c979b2cdf52e7cb657d8fafa244c58854e7fb67
Fixes <https://issues.guix.gnu.org/78283>.
* guix/scripts/git/authenticate.scm (guix-git-authenticate): Call
‘current-branch’ and do nothing if it returns the keyring branch.
Reported-by: Vagrant Cascadian <vagrant@debian.org>
Change-Id: I66c2a3f4babf68ac1df0913db6bc708ac0c7968e
Partly fixes <https://issues.guix.gnu.org/74583>.
Previously, passing an annotated tag to ‘--end’, as can happen when
‘guix git authenticate’ is invoked by the pre-push hook when pushing
tags, would lead to an error:
guix git: error: Git error: the requested type does not match the type in the ODB
* guix/scripts/git/authenticate.scm (ensure-commit-id): New procedure.
(guix-git-authenticate): Use it.
* tests/guix-git-authenticate.sh: Test with $v1_2_0_annotated_tag.
Change-Id: I22e8eb665609522c80c1f0dcb9e77a46c23c0c3c
Partly fixes <https://issues.guix.gnu.org/74583>.
* guix/scripts/git/authenticate.scm (%pre-push-hook): New variable.
(install-hooks): Use it.
(broken-pre-push-hook?, maybe-upgrade-hooks): New procedures.
(guix-git-authenticate): Call ‘maybe-upgrade-hooks’ when ‘configured?’
returns true.
Change-Id: I39d34ab66ffe0f34170c0f562e9f97f2f69c9fdc
Guile-Git 0.7.0 was released in May 2024.
* guix/scripts/git/authenticate.scm (record-configuration): Remove
‘module-defined?’ condition for Guile-Git < 0.7.0.
(install-hooks): Likewise.
Change-Id: I27af82068b989d6a18ff1a66453e0a8d397ed380
* guix/import/nuget.scm: New file.
* guix/scripts/import/nuget.scm: New file.
* guix/scripts/import.scm: Add reference to it.
* gnu/packages/guile-xyz.scm (guile-semver): Update to 0.2.0.
[source]: Switch.
Change-Id: I159c5cf3b02b42435b03d989d5815d3fcf001c92
Fixes#419 where the same search path is used multiple times, leading to the
last one overriding the previous one.
The solution relies on the #$profile/etc/profile file that is already verified
and in case of errors, it is just one place to repair instead of repairing at
multiple places, like in singularity-environment-file
* guix/pack.scm (singularity-environment-file): Source #$profile/etc/profile
Reported-by: Alexis Simon <alexis.simon@runbox.com>
Change-Id: Ic304fef99ad34d83e4e10cdd2b26d3b1802b5251
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
This commit prevents Guix substitute servers from distributing binaries
which are marked non-substitutable. This prevents substitute servers
from accidentally committing copyright violations by distributing
binaries that are non-substitutable for copyright reasons.
* guix/scripts/publish.scm (render-nar): Query the derivers of
‘store-path’ and do nothing if one of them does not match
‘substitutable-derivation?’.
* tests/publish.scm ("non-substitutable derivation"): New test.
Change-Id: Iaca81f5bdb430a12a3ad41e9b83e0bcc535af607
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Modified-by: Ludovic Courtès <ludo@gnu.org>
Fixes <https://issues.guix.gnu.org/78210>.
This patch adds the /gnu and /gnu/store directories to the Docker layer
created by ‘guix pack -f docker …’, which enables the Docker image to be
used to create an AWS Lambda function. Without the patch, creating the
AWS Lambda function fails with this error:
"MissingParentDirectory: Parent directory does not exist for file: gnu/store/…-info-dir/"
* guix/scripts/pack.scm (docker-image)[build]: Add store directory to
the docker layer.
* guix/docker.scm (build-docker-image): Change order of arguments to
‘tar’ so parent directories are added before their contents.
Change-Id: I2b103c59981e828c965564ccc5d2415b00a7e52e
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* guix/scripts/environment.scm (launch-environment/container): Add
/run/user/UID to ‘file-systems’.
* tests/guix-environment-container.sh: Test it.
Change-Id: I44c70a7554a06f40d073c25929ea7c6ded356d08
* guix/scripts/refresh.scm (update-specification->update-spec): Flag the
update-spec as partial when it is prefixed with '~'.
* tests/guix-refresh.sh: Test it. Remove extraneous 'guix refresh'
invocation.
* doc/guix.texi (Invoking guix refresh): Document it.
Change-Id: Iab4482d9367105f6ffcd2d6a49148736c93d53e4
Reviewed-by: Florian Pelz <pelzflorian@pelzflorian.de>
Reviewed-by: Ludovic Courtès <ludo@gnu.org>
* guix/scripts/environment.scm (file-name-equal-or-under?): New procedure.
(override-user-mappings, override-user-dir): Use it.
Change-Id: Iadd9b838f6442a8080998ed7e07414db562068bf
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Fixes <https://issues.guix.gnu.org/78272>.
Fixes a bug caused by commit ce363c1dc7,
which inadvertently made /tmp read-only as well.
* guix/scripts/environment.scm (launch-environment/container)[tmpfs]:
New variable.
Add it to ‘file-systems’.
* guix/scripts/home.scm (spawn-home-container): Add /tmp file system
to #:mounts.
* tests/guix-environment-container.sh: Add test.
Reported-by: Tomas Volf <~@wolfsden.cz>
Change-Id: I5cb449e6d0c213d4b5866cbcbd14990437a7d4c5
* gnu/build/linux-container.scm (run-container): Add #:loopback-network?
and honor it via #:populate-file-system.
(call-with-container): Add #:loopback-network? and pass it to
‘run-container’.
* guix/scripts/environment.scm (launch-environment/container): Remove
call to ‘set-network-interface-up’ and remove generation of /etc/hosts.
* guix/scripts/home.scm (spawn-home-container): Likewise.
Change-Id: I5933a4e8dc6d8e19235a79696b62299d74d1ba21
This is an incompatible change where the root file system in
‘guix shell -C’ is now read-only by default.
* guix/scripts/environment.scm (show-environment-options-help)
(%options): Add ‘--writable-root’.
* guix/scripts/environment.scm (setup-fhs): Invoke /sbin/ldconfig; moved
from…
(launch-environment): … here.
(launch-environment/container): Add #:writable-root? and pass it to
‘call-with-container’. Move root file system setup to #:populate-file-system.
(guix-environment*): Honor ‘--writable-root’.
* tests/guix-environment-container.sh: Test it.
* doc/guix.texi (Invoking guix shell): Document ‘--writable-root’.
(Debugging Build Failures): Mention it before “rm /bin/sh”.
Change-Id: I2e8517d6f01eb8093160bffc0f9f56071ad6fee6
Reviewed-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
* guix/scripts/home.scm (spawn-home-container): Move creation of
accounts, /etc/hosts, /tmp, and HOME-DIRECTORY from the first argument
of ‘eval/container’ to #:populate-file-system. Remove #:writable-root?.
* tests/guix-home.sh: Test that the root file system is read-only.
Change-Id: Icda54706321d51b95b563c86c3fb2238cc65ee20
Until now, the read-only file system set up by ‘call-with-container’
would always be writable. With this change, it can be made read-only.
With this patch, only ‘least-authority-wrapper’ switches to a read-only
root file system.
* gnu/build/linux-container.scm (remount-read-only): New procedure.
(mount-file-systems): Add #:writable-root? and #:populate-file-system
and honor them.
(run-container): Likewise.
(call-with-container): Likewise.
* gnu/system/linux-container.scm (container-script): Pass #:writable-root?
to ‘call-with-container’.
(eval/container): Add #:populate-file-system and #:writable-root? and
honor them.
* guix/scripts/environment.scm (launch-environment/container):
Pass #:writable-root? to ‘call-with-container’.
* guix/scripts/home.scm (spawn-home-container): Likewise.
* tests/containers.scm ("call-with-container, mnt namespace, read-only root")
("call-with-container, mnt namespace, writable root"): New tests.
Change-Id: I603e2fd08851338b737bb16c8af3f765e2538906
Code in `ui.scm' in `initialize-guix' procedure changes the handling of
SIGPIPE to SIG_IGN. So restore the handling to SIG_DFL so that process
executed will have the usual action. Technically we should record what the
handling was, and restore it to the previous value, but that would be much
more invasive change.
Always setting it to SIG_DFL is at least less surprising than always setting
to SIG_IGN.
* guix/scripts/environment.scm (launch-environment): Restore default action
for SIGPIPE.
Change-Id: Ifabae1d3e71aa44e63078cea5bd3824b8f61ba14
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* guix/scripts/home.scm (process-action): Handle operating-system declaration
and extract home environment for current user.
* doc/guix.texi (Guix Services)[Guix Home Service]: Document it.
Change-Id: I995f79c2549e6edc76322542d0422159e0b79996
Reviewed-by: Maxim Cournoyer <maxim.cournoyer@gmail>
Fixes <https://issues.guix.gnu.org/76141>.
* guix/scripts/locate.scm (guix-locate): Use writable db when --clear is given.
Change-Id: I2e4e945cef022b08dd6af4c252e67c2a4d5bf38c
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
