Fixes <https://issues.guix.gnu.org/77862>.
Previously, the ‘guix-daemon’ account (for unprivileged execution) would
typically have “kvm” as a supplementary group, but that group would not
be mapped in the build user namespace. Consequently, attempts to
‘chown’ a file to that supplementary group would fail with EINVAL.
The test suites of Coreutils, Python, and Go (among others) exercise
this chown-to-supplementary-group behavior, so they would all fail when
started by the unprivileged ‘guix-daemon’ even though they succeed when
started by ‘guix-daemon’ running as root.
Thanks to keinflue <keinflue@posteo.net> and Reepca Russelstein
<reepca@russelstein.xyz> for helping out.
* nix/libstore/build.cc (initializeUserNamespace): Add ‘extraGIDs’ and
‘haveCapSetGID’ parameters. Invoke ‘newgidmap’ when ‘extraGIDs’ is
non-empty and ‘haveCapSetGID’ is false. Honor ‘extraGIDs’ when
‘haveCapSetGID’ is true.
(maxGroups, guestKVMGID): New variables.
(kvmGIDMapping): New function.
(DerivationGoal::startBuilder): Set ‘ctx.lockMountsMapAll’ in the
CLONE_NEWUSER case. Pass ‘extraGIDs’ to ‘initializeUserNamespace’.
* tests/store.scm ("kvm GID is mapped"): New test.
Change-Id: I10ba710fc1b9ca1e3cd3122be1ec8ede5df18b40
This is in accordance with widespread conventions. Previously it would
exit with code 1, which was misleading.
* nix/libutil/util.cc (runProgram): Exit with 127 if ‘execv’ or ‘execvp’
fails.
Change-Id: I5df214afffda69aa329a25afbc48f6cbfdd0961c
In this current version, wireshark needs lua-5.3 or higher to build with
lua scripting support.
* gnu/packages/networking.scm (wireshark)[inputs]: Remove lua-5.2;
add lua-5.4.
Change-Id: Ib37aec86b7e95ffc4196dabb0fd48ae6a69dcd1a
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
This ensures problems in the spec are caught before the system is
instantiated.
* gnu/services/cuirass.scm (cuirass-configuration->specification-file):
New procedure.
(cuirass-shepherd-service): Use it instead of ‘scheme-file’.
Change-Id: I90187ed4ed1a51958159741a55b6dc635c97312a
It was found this build issue while building dependents of python-zarr.
* gnu/packages/python-science.scm (python-anndata):
[native-inputs]: Add python-filelock; missing for tests.
Change-Id: Ia83b631bc321f43e7a51fa558753f6189530bd76
Signed-off-by: Sharlatan Hellseher <sharlatanus@gmail.com>
As it's a final program all propagated inputs moved to inputs.
* gnu/packages/databases.scm (aerich): Update to 0.9.2.
[arguments] <test-flags>: Skip one tests searching for "uvx".
[inputs]: Add python-anyio, python-asyncclick, python-dictdiffer,
python-tortoise-orm, python-aiomysql, python-asyncmy, python-asyncpg,
python-psycopg, and python-tomli-w.
[propagated-inputs]: Remove python-asyncclick, python-asyncmy,
python-asyncpg, python-dictdiffer, python-pydantic, python-tomli-w, and
python-tortoise-orm.
[native-inputs]: Remove python-poetry-core; add python-pdm-backend,
python-pydantic-2, python-pydantic-settings, and python-tortoise-vector.
Change-Id: I9bcb13f0fc9f70428b5f794893d1a4bddf611a5d
* gnu/packages/admin.scm (thermald): Update to 2.5.10.
[home-page]: Set URI to "https://github.com/intel/thermal_daemon" as the
original URI is permanently redirected.
Change-Id: I2fa1ff116de64c2c8e9476fe7f529a5c1542ba41
* gnu/packages/python-science.scm (python-dask-image)[arguments]
<test-flags>: Rework skipped tests and enable more tests.
[propagated-inputs]: Remove python-tifffile; add
python-tifffile-for-dask-image.
[description]: Remove new line in the end.
* gnu/packages/python-xyz.scm (python-tifffile-for-dask-image): New variable.
Change-Id: I8539569aab1134d049ec8e8c0041191ce61e2eb7
Warning: In phase 'create-configuration, I've disabled 3 modules that
fail compilation with gcc@14, although they should theorically
compile: apng, lzo, tiff. IMO it's a bit out of the scope for a
already heavy patch to try and fix C compilation errors. I added a
FIXME comment though.
* gnu/packages/python-xyz.scm (python-imagecodecs): Update to 2025.8.2.
[source]<snippet>: Remove code unbundling 3rd party modules. Almost
all of those are not bundled in the sense that they are extracted and
patched from upstream sources, and using those upstream sources
directly won't help.
[build-system]: Switch to pyproject-build-system.
[arguments]: Use gexps.
<#:tests?>: Enable them.
<#:test-flags>: Ignore flaky test.
<#:phases>: Re-factor phase 'create-configuration. Add phase
'fix-sanity-check and 'configure-tests.
[inputs]: Add lcms, libheif, lzfse, python-blosc2.
[propagated-inputs]: Add python-matplotlib, python-tifffile.
[native-inputs]: Add python-pytest, python-setuptools.
[synopsis]: Improve style.
Change-Id: I1c13eea510136891c667741f73fbf1d3f4231551
Signed-off-by: Sharlatan Hellseher <sharlatanus@gmail.com>
* gnu/packages/python-xyz.scm (python-pixelmatch):
[build-system]: Switch to pyproject-build-system.
[arguments]<#:tests?>: Disable them for now, as I'm not able to
quickly diagnose the error.
[native-inputs]: Add python-poetry-core, python-pytest,
python-pytest-benchmark.
[description]: Improve style.
Change-Id: Ic63865d7d78ae49f06f953b460837f81daa9c361
Signed-off-by: Sharlatan Hellseher <sharlatanus@gmail.com>
