Currently the service cannot be restarted, because the gnu store mount makes
it read-only. So fix this by removing the mount when starting the service.
"-" to accept failures, in case the command doesn't finish successfully,
chances are, the store can be mounted as RW, so continue.
"+" to run as root
Fixes: #4744
* etc/guix-daemon.service.in
(Service)<ExecStartPre>: Stop gnu-store.mount
(Service)<ExecStartPost>: Start gnu-store.mount
Change-Id: I296f5d8805497f8a7364b68d627eb6d4fc05dbff
Followup to e1038aee6d.
Previously when cross compiling the fibers directory was reset to fibers 1.3
because evaluating the arguments of shepherd@0.10 with '(package-arguments
shepherd-0.10)' kept the reference to the fibers input of shepherd@0.10.
Work around this by not using 'substitute-keyword-arguments' and replacing
'this-package-input' with 'search-input-file'.
* gnu/packages/admin.scm (shepherd-1.0)[arguments]:
Replace 'substitute-keyword-arguments' with explicit arguments.
Use search-input-file in 'set-fibers-directory phase to search for the cross fibers.
Change-Id: Ia1061d8cea531569385f4a0136cfd22f27ce5a0e
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Merges: #4672
The manual suggests running ‘guix archive --generate-key’ as root, but that
would lead to root-owned /etc/guix/signing-key.{pub,sec}, with the secret key
unreadable by the unprivileged guix-daemon. This fixes it.
Reported in guix/guix#4844.
* guix/scripts/archive.scm (generate-key-pair)[ensure-daemon-ownership]: New
procedure.
Use it for ‘%public-key-file’, ‘%private-key-file’, and their parent
directory.
Reported-by: Rutherther <rutherther@ditigal.xyz>
Change-Id: I7ae980bfd40078fb7ef27a193217b15f366d5d50
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Merges: #4958
Previously, when failing to load a signing key, ‘guix authenticate’ would
print a backtrace and exit with a non-zero code. That, in turn, would lead
the guix-daemon child process to crash with:
nix/libutil/serialise.cc:15: virtual nix::BufferedSink::~BufferedSink(): Assertion `!bufPos' failed.
This patch fixes it by reporting the error to the daemon as was intended.
* guix/scripts/authenticate.scm (guix-authenticate): Arrange to call
‘load-key-pair’ from within ‘with-reply’.
* tests/guix-authenticate.sh: Test it.
Fixes: guix/guix#4928
Reported-by: Rutherther <rutherther@ditigal.xyz>
Change-Id: I8654ad6fdfbe18c55e1e85647d0c49f408d0574a
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Merges: #4961
The check script has been failing, %final-inputs have been changed
to a procedure that takes the system.
* build-aux/check-final-inputs-self-contained.scm
(final-inputs): Call %final-inputs procedure with system.
Change-Id: Id4d40387e669c996a380f64c73432d916915ead5
Signed-off-by: Rutherther <rutherther@ditigal.xyz>
In case a user reconfigures to the same commit, do not
update cached checkout unnecessarily.
* guix/scripts/system/reconfigure.scm (channel-relations): Return early for
matching old and new commits.
Change-Id: Ia4b7300bbce40f7d809946dd3514715b74cd17f9
Signed-off-by: Rutherther <rutherther@ditigal.xyz>
If the store is read only, return an error early.
This is bit of a compromise. Not all operations of the daemon need the store
as writable. For example, if hello package is built already `guix build hello`
could previously succeed even if store is RO.
* nix/libstore/local-store.cc
(makeStoreWritable): Rename to ensureStoreWritable.
(ensureStoreWritable): As non-root, check that the store is writable and if
not, throw an error.
(LocalStore::LocalStore): Use it.
* nix/libstore/local-store.hh: Rename makeStoreWritable to ensureStoreWritable.
Change-Id: I94783ba7e32d57bfa77e37e84b6ac316f95e31e2
Signed-off-by: Rutherther <rutherther@ditigal.xyz>
Commit 7c70a1080a ("gnu/system: Simplify the
creation of /etc (was: Turn /etc/localtime into a symlink)") made all of the
files under /etc other than sudoers symlinks to their store target. This
causes a problem at least for the vpn-slice service, which expects to be able
to write to said file.
* gnu/build/activation.scm (activate-etc): Special-case /etc/hosts to make it
a regular file.
Change-Id: Ia42dacd8731edba5e72442ab0399bdc3f7101989
Signed-off-by: Maxim Cournoyer <maxim@guixotic.coop>
Modified-by: Maxim Cournoyer <maxim@guixotic.coop>
Fixes: #4800
* gnu/packages/luanti.scm (luanti-mineclonia)
[synopsis]: Drop leading article.
[description]: Use double spaces.
Change-Id: I3c0decb3135cbdeb925636633e16bc3a9267f53a
* gnu/packages/containers.scm (podman-compose):
[arguments] <test-backend, test-flags>: Use unittest as seen in
project's GitHub Actons.
<phases>: Remove 'pre-check.
[native-inputs]: Remove python-pytest and python-wheel.
Change-Id: I6da2f7f4c55f4cd22919d7f7827b2be58993f2e2
* gnu/packages/containers.scm (podman-compose): Update to 1.5.0.
[arguments] <test-flags>: Only run tests in `tests/unit`.
[arguments] <phases>: Add before-checks phase to fix a ModuleNotFoundError.
Change-Id: Ia9b8900bd71c848559b067d48e7eb4bf212f0f73
Signed-off-by: Sharlatan Hellseher <sharlatanus@gmail.com>
* gnu/packages/password-utils.scm (xkcdpass)[source]: Use direct #:url.
[home-page]: Move before synopsis.
Change-Id: I6ba4325818f2c6deff3b67a22b48f0cb4cdda929
* gnu/packages/patches/dvdbackup-with-libdvdread-6.1.0+.patch: Add the
patch to fix the build.
* gnu/local.mk: Ship it.
* gnu/packages/video.scm: Use it.
See <https://codeberg.org/guix/guix/issues/4704#issuecomment-8751141>.
* doc/guix.texi (Build Environment Setup): Add warning in case the nologin
binary is not found.
Reported-by: FuncProgLinux
Change-Id: Ib8aa2bdaf0aef6a589afe638e2fcd539c8276ac7
Signed-off-by: Rutherther <rutherther@ditigal.xyz>
There is no longer a guix package in Debian. Adapt the instructions to avoid
having to list how to install on every package manager. The specific
instructions for Parabola are kept since it is a FSDG system.
* doc/guix.texi (Binary Installation): Remove Debian and OpenSUSE installation
instructions. Update examples of distros with a guix package. Add
instructions for other package managers.
Change-Id: Ie34b40d7224593df8e51d62d665a15a1b16b8e70
Signed-off-by: Rutherther <rutherther@ditigal.xyz>
