* doc/contributing.texi (Bulk Updates): Capitalize title. Leave two
spaces after end-of-sentence period. Use @dots{} instead of showing
full store file names, as per ‘assert-no-store-file-names’ target.
Fix typo.
Change-Id: Iceb0079ec35fda95280afff1c0d4b2cd84717b96
This fixes issue for rootless guix daemon where store being remounted
read-only by gnu-store.mount is propagated to the guix daemon making
guix daemon not able to modify it.
* etc/guix-daemon.service.in: Disable host filesystem mount propagation.
Change-Id: Ib1abc387ee15d2b04d6f70c121244943cd0ad8c6
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Modified-by: Ludovic Courtès <ludo@gnu.org>
This is a follow-up to 23cbbe6860
* guix/records.scm: Remove autoload target-most-positive-fixnum.
Change-Id: I0e5b38382e3152c5f44a6626e618b4c7b027595d
This is a follow-up of: 4c017ccfe5. The
run-basic-test procedure is used for the gui installation tests, but the
etc-profile-d-service-type and etc-bashrc-d-service-type services that are now
needed are only defined in the test-basic-os procedure.
Build upon the introduction of the extra-tests argument to define the
etc-profile-d-service-type and etc-bashrc-d-service-type specific tests
directly in the test-basic-os procedure.
* gnu/tests/base.scm (run-basic-test): Move the etc-profile-d-service-type and
etc-bashrc-d-service-type dedicated tests to ...
(test-basic-os): ... that procedure, where the matching services are defined.
Change-Id: I050f5ab87e19889bc90cc1a375a3cc28ea9a43ab
Follow-up of: 4c017ccfe5.
The --init-file script will only be run in the context of an interactive
shell, which is not the case here. Use the `-i` argument instead to force an
interactive shell. That way, the test_bashrc_d.sh is now really executed.
* gnu/tests/base.scm (run-basic-test): Fix the etc-bashrc-d-service-type test.
Change-Id: I3d749f65f51ff103c76f4e3d60746ae963660329
* guix/import/nuget.scm (fetch-repo-info-from-snupkg): Use http-fetch, and
guard. Dont use mkstemp, just put-bytevector to file.
Change-Id: Ied9d64651d0ccd7875a9d80ac085cf5947c40c4c
Reviewed-by: Danny Milosavljevic <dannym@friendly-machines.com>
Signed-off-by: Sharlatan Hellseher <sharlatanus@gmail.com>
* guix/import/nuget.scm (%nuget-nuspec): New variable.
(fetch-repo-info-from-snupkg): use xml->sxml's namespaces keyword.
reindentation. Do not use square brackets.
Change-Id: Ic86a12ab6557e0a7d627864c9ec39245f9cea892
Reviewed-by: Danny Milosavljevic <dannym@friendly-machines.com>
Signed-off-by: Sharlatan Hellseher <sharlatanus@gmail.com>
This is a follow-up of 8842305c46.
* gnu/packages/compression.scm (snappy)[properties]: Use cpe-vendor
instead of wrongfully used cpe-name.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
glibc currently will insist on using 'socketcall' on i686-linux unless built
with '--enable-kernel=4.3.0' or above, even on systems that have dedicated
system calls available for all the socket-related functionality. This
behavior breaks the assumption that socketcall can be safely blocked without
impacting functionality in slirp4netns, rendering the seccomp filter unusable
with those glibcs.
This change makes the slirp4netns seccomp filter opt-in on systems with a
'socketcall' system call. It can either be opted-into at compile-time or at
runtime using the NO_SOCKETCALL_LIBC preprocessor define or the
GUIX_FORCE_SECCOMP environment variable, respectively.
The seccomp filter being disabled on these systems means that it is possible
for a compromised slirp4netns to access abstract unix domain sockets in the
root network namespace. It does not affect any of the other mechanisms used
to isolate slirp4netns (e.g. chroot, namespaces, etc).
Fixesguix/guix#808.
* nix/libstore/build.cc (spawnSlirp4netns) [__NR_socketcall]: Do not add
seccomp filter, unless ‘GUIX_FORCE_SECCOMP’ is set.
Change-Id: Ibfe8becc9431f5aff11a21f06858b20496f9cb4a
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
