* gnu/packages/tex.scm: (texlive-updmap.cfg): Provide a full TeX Live tree
instead of the font maps only. Activate it by generating a ls-R file. Also
limit propagated inputs to the bare minimum, i.e, texlive-libkpathsea.
[synopsis, documentation]: Update it so as to reflect the new nature of the
generated package.
(texlive-polyglossia, texlive-arabxetex)[native-inputs]:
Make sure texlive-updmap.cfg only contains TeX Live inputs as it doesn’t
propagate its arguments anymore.
Change-Id: I91e5e851a88c67f40215a07ae95138099edfe1a6
* gnu/packages/tex.scm (texlive-mflua-bin)[arguments]<#:phases>: Also generate
and install "mfluajit-nowin" and "mflua-nowin" binaries.
Change-Id: Id8b77abdf69699a831d3b52dadfc2eed0622bbf0
Fixes <https://issues.guix.gnu.org/78067>.
Previously sshd would use /gnu/store/…-openssh-…/var/empty as its
PRIVSEP_PATH. However, when using the unprivileged daemon, that
directory would belong to guix-daemon:guix-daemon, leading to this
error:
sshd[234]: fatal: /gnu/store/…-openssh-10.0p1/var/empty must be owned by root and not group or world-writable.
Fix that by switching to /var/empty.
* gnu/packages/patches/openssh-trust-guix-store-directory.patch
(openssh): Adjust to trust files in guix store owned by guix-daemon.
* gnu/packages/ssh.scm (openssh)[arguments]: Remove ‘reset-/var/empty’
phase; change ‘install’ phase to not create PRIVSEP_PATH.. Append
ending slash when substituting STORE_DIRECTORY.
Change-Id: I3bd01f8b9d6406e3b886eea8f4b8c265a51cc72f
Reported-by: Zack Weinberg <zack@owlfolio.org>
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Fixes <https://issues.guix.gnu.org/67707>.
Previously ‘guix describe’ in the installation image would show the
URL of the local checkout that was used to build the image. It now
shows the default URL.
* gnu/system/install.scm (%installation-services): Change channel of
‘guix’ package to inherit from ‘%default-guix-channel’.
Change-Id: If848b5a6166904e982e0f9a0780f3e3f53bdfc28
* gnu/packages/music.scm (lsp-plugins): Update to 1.2.21.
[arguments]: Update file name of test binary.
Change-Id: Ifc65e4fd6d66ef8466c46fd487e710366d5db9b1
* gnu/packages/bittorrent.scm (deluge): Update to 2.2.0.
[arguments]<#:phases>: Drop 'fix-deluge-console.
Change-Id: Iad8461c7ea73042fb208ea182f4dc67d4e74adcf
Signed-off-by: Andreas Enge <andreas@enge.fr>
It seems quickjs-ng and quickjs are not API compatible.
This fixes building tic80.
This reverts commit b94cf86a89.
Change-Id: I3666ddbef8d1b2e71d49f9b14aef5a1be4b8495a
Signed-off-by: Andreas Enge <andreas@enge.fr>
This makes it impossible to unmount or remount things from within
‘call-with-container’.
* gnu/build/linux-container.scm (initialize-user-namespace):
Add #:host-uid and #:host-gid. and honor them.
(run-container): Add #:lock-mounts?. Honor it by calling ‘unshare’
followed by ‘initialize-user-namespace’.
(call-with-container): Add #:lock-mounts? and pass it down.
(container-excursion): Get the user namespace owning the PID namespace
and join it, then join the remaining namespaces.
* tests/containers.scm ("call-with-container, mnt namespace, locked mounts"):
New test.
("container-excursion"): Pass #:lock-mounts? #f.
Change-Id: I13be982aef99e68a653d472f0e595c81cfcfa392
* gnu/build/linux-container.scm (run-container): Add #:loopback-network?
and honor it via #:populate-file-system.
(call-with-container): Add #:loopback-network? and pass it to
‘run-container’.
* guix/scripts/environment.scm (launch-environment/container): Remove
call to ‘set-network-interface-up’ and remove generation of /etc/hosts.
* guix/scripts/home.scm (spawn-home-container): Likewise.
Change-Id: I5933a4e8dc6d8e19235a79696b62299d74d1ba21
This is an incompatible change where the root file system in
‘guix shell -C’ is now read-only by default.
* guix/scripts/environment.scm (show-environment-options-help)
(%options): Add ‘--writable-root’.
* guix/scripts/environment.scm (setup-fhs): Invoke /sbin/ldconfig; moved
from…
(launch-environment): … here.
(launch-environment/container): Add #:writable-root? and pass it to
‘call-with-container’. Move root file system setup to #:populate-file-system.
(guix-environment*): Honor ‘--writable-root’.
* tests/guix-environment-container.sh: Test it.
* doc/guix.texi (Invoking guix shell): Document ‘--writable-root’.
(Debugging Build Failures): Mention it before “rm /bin/sh”.
Change-Id: I2e8517d6f01eb8093160bffc0f9f56071ad6fee6
Reviewed-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
* guix/scripts/home.scm (spawn-home-container): Move creation of
accounts, /etc/hosts, /tmp, and HOME-DIRECTORY from the first argument
of ‘eval/container’ to #:populate-file-system. Remove #:writable-root?.
* tests/guix-home.sh: Test that the root file system is read-only.
Change-Id: Icda54706321d51b95b563c86c3fb2238cc65ee20
Until now, the read-only file system set up by ‘call-with-container’
would always be writable. With this change, it can be made read-only.
With this patch, only ‘least-authority-wrapper’ switches to a read-only
root file system.
* gnu/build/linux-container.scm (remount-read-only): New procedure.
(mount-file-systems): Add #:writable-root? and #:populate-file-system
and honor them.
(run-container): Likewise.
(call-with-container): Likewise.
* gnu/system/linux-container.scm (container-script): Pass #:writable-root?
to ‘call-with-container’.
(eval/container): Add #:populate-file-system and #:writable-root? and
honor them.
* guix/scripts/environment.scm (launch-environment/container):
Pass #:writable-root? to ‘call-with-container’.
* guix/scripts/home.scm (spawn-home-container): Likewise.
* tests/containers.scm ("call-with-container, mnt namespace, read-only root")
("call-with-container, mnt namespace, writable root"): New tests.
Change-Id: I603e2fd08851338b737bb16c8af3f765e2538906
One possible solution for an issue when /etc/guix/acl file exists, but points
to a non-existent location. This can for example happen if one is
reinitializing the system, and remove only /gnu/store and /var/guix, keep the
rest okay. This is a major advantage of guix as compared to other distros that
usually need you to reinitialize the whole root partition. But this will leave
the user with acl file pointing to non-existent location. The file-exists?
procedure will return #f for broken symbolic links.
I think that another reason one would get this issue is, if one was booted in
a live iso, chrooted, fixing their system. They would switch generations to
one with different acl file, delete other generations gc rooting the original
acl file and then gc. One could do this approach for example when recovering
from file corruptions in the store, to get rid of the unsubstitutable paths
that can't be repaired with guix gc --verify.
This fixes the issue by looking for type of a file through lstat, instead of
relying on file-exists?. If the symlink is a broken symlink, it is
removed. Other than that the old behavior is kept:
- If regular file, back it up
- If symlink pointing to the store, remove it
- If symlink not pointing to the store, back it up
* gnu/services/base.scm (substitute-key-authorization): Check if acl file is a
possibly-dangling symbolic link.
Change-Id: I2f8170606b2f4afeea48f04acfd738b04cafc7cf
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Modified-by: Ludovic Courtès <ludo@gnu.org>
Code in `ui.scm' in `initialize-guix' procedure changes the handling of
SIGPIPE to SIG_IGN. So restore the handling to SIG_DFL so that process
executed will have the usual action. Technically we should record what the
handling was, and restore it to the previous value, but that would be much
more invasive change.
Always setting it to SIG_DFL is at least less surprising than always setting
to SIG_IGN.
* guix/scripts/environment.scm (launch-environment): Restore default action
for SIGPIPE.
Change-Id: Ifabae1d3e71aa44e63078cea5bd3824b8f61ba14
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
