* build-aux/test-env.in: Pass ‘--disable-chroot’ only when unprivileged
user namespace support is lacking and warn in that case.
* tests/store.scm ("build-things, check mode"): Use ‘gettimeofday’
rather than a shared file as a source of entropy.
("symlink is symlink")
("isolated environment", "inputs are read-only")
("inputs cannot be remounted read-write")
("build root cannot be made world-readable")
("/tmp, store, and /dev/{null,full} are writable")
("network is unreachable"): New tests.
* tests/processes.scm ("client + lock"): Skip when
‘unprivileged-user-namespace-supported?’ returns true.
Change-Id: I3b3c3ebdf6db5fd36ee70251d07b893c17ca1b84
These missing inputs go unnoticed when running ‘guix-daemon
--disable-chroot’ but are immediately visible otherwise.
* tests/derivations.scm ("fixed-output derivation"): Add %BASH to #:sources.
("fixed-output derivation: output paths are equal"):
("fixed-output derivation, recursive"):
("derivation with a fixed-output input"):
("derivation with duplicate fixed-output inputs"):
("derivation with equivalent fixed-output inputs"):
("build derivation with coreutils"): Likewise.
* tests/packages.scm (bootstrap-binary): New procedure.
("package-source-derivation, origin, sha512"): Use it instead of
‘search-bootstrap-binary’ and add BASH to #:sources.
("package-source-derivation, origin, sha3-512"): Likewise.
Change-Id: I4c9087df23c47729a3aff15e9e1435b7266e36e2
* config-daemon.ac: Check for <sys/prctl.h>.
* nix/libstore/build.cc (DerivationGoal::runChild): When ‘useChroot’ is
true, call ‘prctl’ to drop all ambient capabilities.
Change-Id: If34637fc508e5fb6d278167f5df7802fc595284f
Many thanks to Reepca Russelstein for their review and guidance on these
changes.
* nix/libstore/build.cc (guestUID, guestGID): New variables.
(DerivationGoal)[readiness]: New field.
(initializeUserNamespace): New function.
(DerivationGoal::runChild): When ‘readiness.readSide’ is positive, read
from it.
(DerivationGoal::startBuilder): Call ‘chown’
only when ‘buildUser.enabled()’ is true. Pass CLONE_NEWUSER to ‘clone’
when ‘buildUser.enabled()’ is false or not running as root. Retry
‘clone’ without CLONE_NEWUSER upon EPERM.
(DerivationGoal::registerOutputs): Make ‘actualPath’ writable before
‘rename’.
(DerivationGoal::deleteTmpDir): Catch ‘SysError’ around ‘_chown’ call.
* nix/libstore/local-store.cc (LocalStore::createUser): Do nothing if
‘dirs’ already exists. Warn instead of failing when failing to chown
‘dir’.
* guix/substitutes.scm (%narinfo-cache-directory): Check for
‘_NIX_OPTIONS’ rather than getuid() == 0 to determine the cache
location.
* doc/guix.texi (Build Environment Setup): Reorganize a bit. Add
section headings “Daemon Running as Root” and “The Isolated Build
Environment”. Add “Daemon Running Without Privileges” subsection.
Remove paragraph about ‘--disable-chroot’.
(Invoking guix-daemon): Warn against ‘--disable-chroot’ and explain why.
* tests/derivations.scm ("builder is outside the store"): New test.
Reviewed-by: Reepca Russelstein <reepca@russelstein.xyz>
* nix/libstore/build.cc (DerivationGoal::runChild): Bind-mount the store
and /tmp under ‘chrootRootDir’ to themselves as read-write.
Remount / as read-only.
Change-Id: I79565094c8ec8448401897c720aad75304fd1948
Those files may be missing in some contexts, for instance within the
build environment.
* nix/libstore/build.cc (DerivationGoal::runChild): Add /etc/resolv.conf
and related files to ‘ss’ only if they exist.
Change-Id: Ie19664a86c8101a1dc82cf39ad4b7abb10f8250a
* nix/libutil/util.cc (closeMostFDs) [HAVE_CLOSE_RANGE]: Use
‘close_range’ when ‘exceptions’ is empty.
* config-daemon.ac: Check for <linux/close_range.h> and the
‘close_range’ symbol.
Change-Id: I12fa3bde58b003fcce5ea5a1fee1dcf9a92c0359
Until now, the service would always exit with 0, which makes failures
harder to distinguish in the output of ‘herd status’, for instance.
* gnu/services/admin.scm (unattended-upgrade-shepherd-services)[code]:
Call ‘exit’ after ‘report-invoke-error’.
Change-Id: Idfc74a48a6a798e813db96d5770a897595b27240
No packages depend on this version anymore.
* gnu/packages/gnuzilla.scm (mozjs-91): Delete variable.
Change-Id: Icc4efd0fc8b3728e4e6c6953fe3266262358d193
Signed-off-by: Andreas Enge <andreas@enge.fr>
* gnu/packages/python-xyz.scm (python-numpy)[arguments]: When building
for armhf-linux skip another test.
Change-Id: Iccd691affca928061becc183db14009544c0e163
As a test was timing out, so apply the same workaround as used for riscv64.
* gnu/packages/check.scm (python-pytest-mypy)[arguments]: Patch the test
timeout for powerpc64le-linux, as well as for riscv64-linux.
Change-Id: I6d771a092f0fb50c9870446a152d14c98d6f96e6
Since these options were added for normal builds, those packages that used
these options couldn't be cross built. Supporting these options in
go-cross-build restores this functionality.
* guix/build-system/go.scm (go-cross-build): Support the #:parallel-build? and
#:parallel-tests? keyword arguments.
Change-Id: I9768c9562246b61c2ea875a3d5a42809924f3a7d
qtsvg for icons and the rest for the page with package details.
* gnu/packages/kde-plasma.scm (discover): Add missing runtime
dependencies.
Change-Id: I93598a474c0799ed57234f57f74e216beaf2618b
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Create cache directory and log directory with 755 permission, which passes
run-readymedia-test.
* gnu/services/upnp.scm (readymedia-activation): Change directory permissions
of cache-directory and log-directory to 755.
Change-Id: Iff30040c3fd52564510f66d3568dab0ef89e0449
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
