The current version of `mkfs.btrfs` has a regression when combined with
`fakeroot` where it does not detect the faked root uid/gid of files when
building the filesystem. This produces partition images with `/` owned by
the guixbuild user when it should be owned by root.
Using `unshare` rather than `fakeroot` resolves this by doing the uid
mapping at the kernel level rather than overloading the `stat` function.
An equivalent issue was [reported and patched in
NixOS](https://github.com/NixOS/nixpkgs/pull/434122)
* gnu/build/image.scm (system-disk-image): Import `util-linux` instead of
`fakeroot`.
* gnu/system/image.scm (make-btrfs-image): Use `unshare --map-root-user`
Change-Id: Id4eeaf510f3ec5f4a23b4d700a73e2cf46da40b1
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Merges: #5536
When the body was not a single expression, quote would throw a syntax error.
* gnu/build/dbus-service.scm (with-retries): Ensure the body is a single
expression when quoted for the error message.
Change-Id: I44ec61bc26c8959b499bc94eb661762afdaf99ba
Because the linux image is called differently based on the architectures,
see system-linu/-image-file-name from gnu/system.scm, the kernel image
on aarch64, mips and armhf has still been compressed. This means that
grub cannot boot.
Man pages have moved from gz to zst, so compress them as well.
* gnu/build/image.scm (make-iso9660-image): Do not compress Image, vmlinuz and
zImage; Compress all man pages.
Change-Id: I68b35f383c84ff231865d580aa9e79d9fd88ace1
Signed-off-by: Rutherther <rutherther@ditigal.xyz>
Commit 7c70a1080a ("gnu/system: Simplify the
creation of /etc (was: Turn /etc/localtime into a symlink)") made all of the
files under /etc other than sudoers symlinks to their store target. This
causes a problem at least for the vpn-slice service, which expects to be able
to write to said file.
* gnu/build/activation.scm (activate-etc): Special-case /etc/hosts to make it
a regular file.
Change-Id: Ia42dacd8731edba5e72442ab0399bdc3f7101989
Signed-off-by: Maxim Cournoyer <maxim@guixotic.coop>
Modified-by: Maxim Cournoyer <maxim@guixotic.coop>
Fixes: #4800
https://codeberg.org/guix/guix/issues/3925 raised the inabilityy of the
subordinate IDs service of handling externally managed sub{u,g}id file
entries. This patch relaxes the checks in place for existing ranges,
by allowing subid-range records lower than %subordinate-id-min, leaving
all the space from subid 0 to %subordinate-id-min - 1 to external
users. Generic ranges are still allocated within %subordinate-id-min and
%subordinate-id-max.
* gnu/build/accounts.scm (<unused-id-range>)[min]: Change default value
to 0, allowing subid-ranges with a start lesser than
%subordinate-id-min.
(allocate-generic-range): Allocate generic ranges starting from
%subordinate-id-min, leaving ranges starting before %subordinate-id-min.
(allocate-specific-range): Move bounds check to...
(allocate-subids): ...here. Now bound validation is applied only to user
provided ranges.
* tests/accounts.scm: Test new behavior.
Fixes: guix/guix#3925
Change-Id: Id923b122c97a20f148684f5fb144fd9422810612
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Merges: #4235
Fixes a bug whereby the store in ext4 partitions created with
‘guix system image’ would be limited to 65,000 sub-directories.
* gnu/build/image.scm (make-ext-image): Invoke “e2fsck -fDy”.
Fixes: guix/guix#4396
Change-Id: I02d3470fac8bdd8971083be8fce192b72bf6510c
This is a fix up following commit c4298638ca.
* gnu/build/activation.scm (canonicalize-path*): Replace warning-error-port
with current-warning-port.
Reported-by: Ludovic Courtès <ludo@gnu.org>
Change-Id: I6ead2f0b529552c88cdf1676e6129d6d3474b099
Do not add a an extraneous /etc/static layer of indirection.
* gnu/build/activation.scm (activate-etc) <realpath>: New nested procedure.
Do not create /etc/static. Symlink instead of copy all files under /etc,
except for /etc/sudoers.
Change-Id: I8ea16d07de256482efac37d2ff9482a5f56bd585
Reviewed-by: Ludovic Courtès <ludo@gnu.org>
This allows remounting file systems which are already mounted by
the initrd with custom mount options (e.g. /proc with hidepid=2).
* gnu/build/file-systems.scm (mount-flags->bit-mask): Map 'remount
to MS_REMOUNT.
* gnu/system/file-systems.scm (invalid-file-system-flags): Add
'remount to the list of KNOWN-FLAGS.
* doc/guix.texi (File Systems): Document it.
Fixes: guix/guix#3849
Change-Id: I0ab116a5b4f7bd201e955ecf022e260c63828dc4
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
The `unshare' system call with `CLONE_NEWUSER' cannot be used in multithreaded
programs. Guile VM's automatic GC thread creation used to lead to
nondeterministic failures in container creation, which uses this system call.
* gnu/build/linux-container.scm (run-container): Disable GC in child after
`(clone)' and re-enable after `(unshare)'.
Fixes: #1169
Change-Id: I9df5412102509c13f74ab9911f6f06c0152d0a4f
Signed-off-by: Maxim Cournoyer <maxim@guixotic.coop>
This reverts commits 437bb9ece5 and
a57ed987ff, which were reported in
guix/guix#1169 to occasionally cause errors like:
guix shell: error: unshare : 268566528: Invalid argument
This corresponds to "_PATH_MOUNTED" in paths.h from libc.
* gnu/build/hurd-boot.scm (set-hurd-device-translators): Change etc/mtab to var/run/mtab.
Change-Id: I688289fe4b8143ae14a8eef5ba1625c4ebd2a209
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* gnu/build/file-systems.scm (linux-swap-superblock?)
(read-linux-swap-superblock, bcachefs-superblock?): Use "a" instead of
"an" before consonant sounds.
Change-Id: Ifb36a125733ff898ecbef0a0a546819130707fba
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* gnu/build/secret-service.scm (secret-service-receive-secrets)
[wait-for-client]: Pass ‘SOCK_NONBLOCK’ to ‘socket’. Use
‘wait-for-readable-fd’ instead of ‘select’. Pass flags to ‘accept’.
Change-Id: I1d5ff8e286942838af5b77fbb4068689a0529ed1
The previous code was tentatively written to run either in a Fibers context or
in a non-Fibers context. Drop the non-Fibers code since this always runs
within ‘shepherd’, which is fiberized.
* gnu/build/secret-service.scm (with-modules): Remove.
(wait-for-readable-fd): Rewrite using regular Fibers operations.
(secret-service-send-secrets): Use ‘SOCK_NONBLOCK’. Simplify ‘sleep’ binding.
Change-Id: Ic05d0bc54e6d2df89b6602bc716402067c845792
This reverts commit a7db92d9b3, this time with
the more careful command, to avoid a world rebuild:
grep -rl --exclude-dir=build --exclude-dir=patches --exclude=ld-wrapper.in \
--exclude=sitecustomize.py --exclude=guix-emacs.el maxim.cournoyer@gmail.com |
xargs sed -i 's/maxim.cournoyer@gmail.com/maxim@guixotic.coop/g'
Change-Id: I0871f5cf9ace79e34e78e24154d0da6ea95a3a91
The change was automated via:
git grep -l maxim.cournoyer@gmail.com |
xargs sed -i 's/maxim.cournoyer@gmail.com/maxim@guixotic.coop/g'
* .mailmap: New entry.
Change-Id: Iaa88b1e51c94159c49138fb43910badb990eb169
This patch implements a generalization of the
oci-container-service-type, which consequently is made deprecated. The
oci-service-type, in addition to all the features from the
oci-container-service-type, can now provision OCI networks and volumes.
It only handles OCI objects creation, the user is supposed to handle
state once the objects are provsioned.
It currently supports two different OCI runtimes: Docker and rootless
Podman. Both runtimes are tested to make sure provisioned containers
can connect to each other through provisioned networks and can
read/write data with provisioned volumes.
At last the Scheme API is thought to facilitate the implementation of a
Guix Home service in the future.
* gnu/build/oci-containers.scm: New file containg OCI runtime business
logic used in OCI backed Shepherd services.
oci-read-lines
(oci-system*,oci-object-exists?,oci-object-service-available?
oci-image-load,oci-log-verbose,oci-container-execlp,oci-object-create):
New procedures.
* gnu/local.mk: Add it.
* gnu/services/containers.scm (list-of-oci-containers?,
list-of-oci-networks?,list-of-oci-volumes?,%oci-supported-runtimes,
oci-runtime?,oci-runtime-system-environment,oci-runtime-system-extra-arguments,
oci-runtime-system-requirement,oci-runtime-cli,oci-runtime-system-cli,
oci-runtime-home-cli,oci-runtime-name,oci-runtime-group,
oci-container-shepherd-name,oci-networks-shepherd-name,
oci-networks-home-shepherd-name,oci-volumes-shepherd-name,
oci-volumes-home-shepherd-name,oci-container-configuration->options,
oci-network-configuration->options,oci-volume-configuration->options,
oci-container-shepherd-service,oci-objects-merge-lst,oci-extension-merge,
oci-service-accounts,oci-service-profile,oci-service-subids,
oci-configuration->shepherd-services,oci-configuration-extend): New
procedures.
(image-reference): Implement unambiguous naming convention, that paired
with the new implementation for listing caches images with docker ls or
podman ls, allows for more efficient image caching.
(oci-container-configuration)[user,group]: Change default-type to
maybe-string, since by default containers will run under the user and
group declared in oci-configuration records. When unset the
oci-service-type will derive their value from the OCI runtime state.
[runtime,host-environment,environment,shepherd-actions,ports,extra-arguments]:
define a predicate and use it as a type in the configuration. This
way errors are reported with source location information.
(lower-manifest): Defer to caller the logic of setting up an image tag.
(lower-oci-image): Rename to load-oci-image-state.
(oci-runtime-state): Intermediate representation of the OCI runtime
details. It is supposed to be an internal API.
(oci-state): Intermediate representation of the OCI provisioning state,
such as containers and networks. It is supposed to be an internal API.
(oci-container-invocation): Intermediate representation of the OCI
runtime run command to start a container. It is supposed to be an
internal API.
(%oci-image-loader): Rename to oci-image-loader and use
oci-runtime-state and (gnu build oci-containers).
(oci-container-shepherd-service): Use oci-state and oci-runtime-state,
add command-line action.
(oci-network-configuration,oci-volume-configuration,oci-configuration,
oci-extension): New record types.
(oci-service-type): New service-type.
* doc/guix.texi: Document it.
* gnu/tests/containers.scm: Test it.
* gnu/services/docker.scm: Deprecate the oci-container-service-type.
Change-Id: I656b3db85832e42d53072fcbfb91d1226f39ef38
Modified-by: Maxim Cournoyer <maxim@guixotic.coop>
Signed-off-by: Maxim Cournoyer <maxim@guixotic.coop>
This makes it impossible to unmount or remount things from within
‘call-with-container’.
* gnu/build/linux-container.scm (initialize-user-namespace):
Add #:host-uid and #:host-gid. and honor them.
(run-container): Add #:lock-mounts?. Honor it by calling ‘unshare’
followed by ‘initialize-user-namespace’.
(call-with-container): Add #:lock-mounts? and pass it down.
(container-excursion): Get the user namespace owning the PID namespace
and join it, then join the remaining namespaces.
* tests/containers.scm ("call-with-container, mnt namespace, locked mounts"):
New test.
("container-excursion"): Pass #:lock-mounts? #f.
Change-Id: I13be982aef99e68a653d472f0e595c81cfcfa392
* gnu/build/linux-container.scm (run-container): Add #:loopback-network?
and honor it via #:populate-file-system.
(call-with-container): Add #:loopback-network? and pass it to
‘run-container’.
* guix/scripts/environment.scm (launch-environment/container): Remove
call to ‘set-network-interface-up’ and remove generation of /etc/hosts.
* guix/scripts/home.scm (spawn-home-container): Likewise.
Change-Id: I5933a4e8dc6d8e19235a79696b62299d74d1ba21
Until now, the read-only file system set up by ‘call-with-container’
would always be writable. With this change, it can be made read-only.
With this patch, only ‘least-authority-wrapper’ switches to a read-only
root file system.
* gnu/build/linux-container.scm (remount-read-only): New procedure.
(mount-file-systems): Add #:writable-root? and #:populate-file-system
and honor them.
(run-container): Likewise.
(call-with-container): Likewise.
* gnu/system/linux-container.scm (container-script): Pass #:writable-root?
to ‘call-with-container’.
(eval/container): Add #:populate-file-system and #:writable-root? and
honor them.
* guix/scripts/environment.scm (launch-environment/container):
Pass #:writable-root? to ‘call-with-container’.
* guix/scripts/home.scm (spawn-home-container): Likewise.
* tests/containers.scm ("call-with-container, mnt namespace, read-only root")
("call-with-container, mnt namespace, writable root"): New tests.
Change-Id: I603e2fd08851338b737bb16c8af3f765e2538906
This should be about twice as fast as the default zlib compressor used for
qcow2, and potentially multi-thread aware given some improvements to qemu-img
in the future (zstd supports its but it's not currently used by QEMU).
* gnu/build/image.scm (convert-disk-image): Specify 'compression_type=zstd'
option.
Change-Id: Ie9c66f0c13e789ec863c95a5e549f035b6a17bf9
This doesn't seem to change anything currently (the default is 8). Perhaps
useful in the future, for example if the compressor used by qemu-img starts
honoring it.
* gnu/build/image.scm (convert-disk-image): Specify the '-m' option.
Change-Id: Ia288c85af8a0621d61cf6b9f0d3f73f5a3026d66
Fixes <https://issues.guix.gnu.org/77992>.
Fixes a bug whereby ‘mkdir-p/perms’ would throw an exception on the
Hurd:
In gnu/build/activation.scm:
97:20 1 (mkdir-p/perms _ #("ludo" "x" 1000 998 "Ludovic…" …) …)
In unknown file:
0 (open "." 7340032 #<undefined>)
ERROR: In procedure open:
In procedure scm_fdes_to_port: requested file mode not available on fdes
This, in turn, would cause ‘user-homes’ to fail to start on the Hurd
since commit da741d8931.
* gnu/build/activation.scm (mkdir-p/perms): Add O_RDONLY to ‘open-flags’.
Reported-by: Yelninei <yelninei@tutamail.com>
Change-Id: I74f90599338772ba4341067215b864273aa30b3e
Otherwise the code would be evaluated instead of shown.
* gnu/build/dbus-service.scm (with-retries): Quote the body data in the error
message.
Change-Id: I7a06f08327bdc7df70ae56a146855bc32ad3e63e
Fixes <https://issues.guix.gnu.org/61690>.
Until now, this would work:
guix shell --no-cwd -CWP -- guix shell -C coreutils -- ls -R /home
… but this would not:
$ guix shell --no-cwd -CWPN -- guix shell -C coreutils -- ls -R /home
guix shell: error: mount: mount "none" on "/tmp/guix-directory.Wnc2OI/sys": Operation not permitted
This is annoying and hardly understandable. Since we already disable
/sys mounts when sharing the global network namespace is asked (as in
‘guix shell -CN‘), for the very same reason, we can just as well disable
/sys mounts anytime it fails with EPERM.
* gnu/build/linux-container.scm (mount-file-systems): Silently ignore
EPERM when attempting to mount /sys.
Change-Id: If85b1d703ab58a98ea9873f4f8fed71a06b7aa63
This commit adds a Guix System service to handle allocation of subuid
and subgid requests. Users that don't care can just add themselves as a
subid-range and don't need to specify anything but their user name.
Users that care about specific ranges, such as possibly LXD, can specify
a start and a count.
* doc/guix.texi (Miscellaneous Services): Document it.
* gnu/build/activation.scm (activate-subuids+subgids): New variable.
* gnu/local.mk: Add gnu/tests/shadow.scm.
* gnu/system/accounts.scm (sexp->subid-range): New variable.
* gnu/system/shadow.scm (%root-subid): New variable;
(subids-configuration): new record;
(subid-range->gexp): new variable;
(assert-valid-subids): new variable;
(delete-duplicate-ranges): new variable;
(subids-activation): new variable;
(subids-extension): new record;
(append-subid-ranges): new variable;
(subids-extension-merge): new variable;
(subids-service-type): new variable.
* gnu/tests/shadow.scm (subids): New system test.
Change-Id: I3755e1c75771220c74fe8ae5de1a7d90f2376635
Signed-off-by: Giacomo Leidi <goodoldpaul@autistici.org>
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
This commit adds allocation logic for subid ranges. Subid ranges are
ranges of contiguous subids that are mapped to a user in the host
system. This patch implements a flexible allocation algorithm allowing
users that do not want (or need) to specify details of the subid ranges
that they are requesting to avoid doing so, while upholding requests of
users that need to have specific ranges.
* gnu/build/accounts.scm (%subordinate-id-min): New variable;
(%subordinate-id-max): new variable;
(%subordinate-id-count): new variable;
(subordinate-id?): new variable;
(&subordinate-id-error): new variable;
(&subordinate-id-overflow-error): new variable;
(&illegal-subid-range-error): new variable;
(&specific-subid-range-expected-error): new variable;
(&generic-subid-range-expected-error): new variable;
(within-interval?): new variable;
(allocate-unused-range): new variable;
(allocate-generic-range): new variable;
(allocate-specific-range): new variable;
(reserve-subids): new variable;
(range->entry): new variable;
(entry->range): new variable;
(allocate-subids): new variable;
(subuid+subgid-databases): new variable.
* gnu/system/accounts.scm (subid-range-end): New variable;
(subid-range-has-start?): new variable;
(subid-range-less): new variable.
* test/accounts.scm: Test them.
Change-Id: I8de1fd7cfe508b9c76408064d6f498471da0752d
Co-Authored-By: Ludovic Courtès <ludo@gnu.org>
Signed-off-by: Giacomo Leidi <goodoldpaul@autistici.org>
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
This commit adds a new record type, <subid-entry> and serializers
and deserializers for it in (gnu build accounts). Each instance of this
record represents one line in either /etc/subuid or /etc/subgid. Since
Shadow uses the same representation for both files, it should be ok if
we do it as well.
This commit adds also <subid-range>, a user facing representation of
<subid-entry>. It is supposed to be usable directly in OS configurations.
* gnu/build/accounts.scm (subid-entry): New record;
(write-subgid): add serializer for subgids;
(write-subuid): add serializer for subuids;
(read-subgid): add serializer for subgids;
(read-subuid): add serializer for subuids.
* gnu/system/accounts.scm (subid-range): New record.
* test/accounts.scm: Test them.
Change-Id: I6b037e40e354c069bf556412bb5b626bd3ea1b2c
Signed-off-by: Giacomo Leidi <goodoldpaul@autistici.org>
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* gnu/build/hurd-boot.scm (boot-hurd-system): Check for stale shepherd socket
and remove it. Be chattier about /hurd symlink replacement.
Change-Id: I5e528c131ebeadb7ebc9727336a0f9301af3e68e
This supports using another than the default DISK0 PART1 and using LABEL or
UUID as root file-system specifier. It still defaults to DISK0 PART1 if
the file-system cannot be found, i.e., lives only at the build side: A
virtual machine/childhurd build.
* gnu/build/file-systems.scm (%hurd-device-spec-regexp, %device-spec-regexp):
New variables.
(device-name->hurd-device-name, hurd-device-name->device-name,
device-spec->device, device-spec->device-name): Use them in new procedures.
* gnu/bootloader/grub.scm (make-grub-configuration): Use them to remove
hardcoded partition number (root-index 1).
Change-Id: I49fa93dacc09883dfb4d695402c5eac2e0e17286
There is currently a window of time between when the desired directory is
created and when its permissions are changed. During this time, its
permissions are restricted only by the umask.
Of course, in the "directory already exists" case, this doesn't matter, but if
the directory has been specifically deleted ahead of time so that it is
created afresh, this is an unnecessary window.
We can avoid this by passing the caller-provided BITS to 'mkdirat' when
attempting to create the last directory.
* gnu/build/activation.scm (mkdir-p/perms): Create target directory with BITS
permissions.
Change-Id: I03d2c620872e86b6f591abe0f1c8317aa1245383
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* gnu/build/hurd-boot.scm (make-hurd-device-nodes): Cater for existing
directories (dev, servers).
(set-hurd-device-translators): Remove /servers/socket/1, that is created by
libexec/console-run. Cater for nonexistent /dev/console.
(boot-hurd-system): Call make-hurd-device-nodes on initial run.
