| Age | Commit message (Collapse) | Author |
|---|
|
* guix/import/utils.scm: (git-origin, git->origin): Add procedures.
* guix/import/elpa.scm
(download-git-repository): Remove function download-git-repository.
(git-repository->origin): Remove function git-repository->origin.
(ref): Add function ref.
(melpa-recipe->origin): Use functions git->origin and ref.
* guix/import/go.scm
(git-checkout-hash): Remove function git-checkout-hash.
(transform-version): Add function transform-version.
(vcs->origin): Use functions git->origin and transform-version. Add
optional argument transform-version.
* tests/import/go.scm
(go-module->guix-package): Adapt test case to changes in guix/import/go.scm.
* guix/import/luanti.scm
(download-git-repository): Remove function download-git-repository.
(make-luanti-sexp): Use function git->origin.
* tests/luanti.scm
(make-package-sexp): Refresh function accordingly.
* guix/import/composer.scm
(make-php-sexp): Use function git->origin.
Change-Id: Ied05a63bdd60fbafe26fbbb4e115ff6f0bb9db3c
Signed-off-by: Liliana Marie Prikler <liliana.prikler@gmail.com>
|
|
This test broke with commit 8c9493cb311a994c2565f71fb6270a1b26d8a644.
* tests/packages.scm ("package-transitive-supported-systems, implicit inputs"):
Change ‘%current-system’ to “riscv64-linux”.
Change-Id: Ia6d69f086cffea4144d2f032038b27ec91e904f3
|
|
At this point the value of 'st.st_mode' is from before canonicalization, so
restoring to that will undo the permissions aspect of the canonicalization for
a top-level directory store item.
Fixes #1104, introduced in
ae18b3d9e6 (https://codeberg.org/guix/guix/commit/ae18b3d9e6bd0c184505a094851448d08555e23e).
* nix/libstore/build.cc (DerivationGoal::registerOutputs): update 'st' with
post-canonicalization permissions before making actualPath
temporarily-writable.
* tests/store.scm ("build outputs aren't writable"): new test.
Change-Id: I5e5eaa79fa6b7f81e1d12fd285883c762a22ce5a
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
|
|
Fixes guix/guix#2450.
This reverts commit b5745a327e8dae21caaf10b59256dc7b16d54588, which introduced
discrepancies in how substitutes are served; in particular, narinfos of
non-substitutable items would still be served, and likewise for narinfos and
nars of dependents of non-substitutable items.
|
|
This reverts commit a7db92d9b389cbe565395523882c34c6eff2c21a, this time with
the more careful command, to avoid a world rebuild:
grep -rl --exclude-dir=build --exclude-dir=patches --exclude=ld-wrapper.in \
--exclude=sitecustomize.py --exclude=guix-emacs.el maxim.cournoyer@gmail.com |
xargs sed -i 's/maxim.cournoyer@gmail.com/maxim@guixotic.coop/g'
Change-Id: I0871f5cf9ace79e34e78e24154d0da6ea95a3a91
|
|
This reverts commit d0d87a744d724b7e7d5ac013c586039652087bb3. Oops! This
caused a world rebuild.
Change-Id: I25fff644b2b61d0ee93d69b457b04c72b5b74d15
|
|
The change was automated via:
git grep -l maxim.cournoyer@gmail.com |
xargs sed -i 's/maxim.cournoyer@gmail.com/maxim@guixotic.coop/g'
* .mailmap: New entry.
Change-Id: Iaa88b1e51c94159c49138fb43910badb990eb169
|
|
Fixes guix/guix#1975.
When using ‘read’, ‘package-field-location’ would not get source location for
atoms such as symbols, typically making it impossible to get the location of
the value of a field list (build-system gnu-build-system). This fixes that.
* guix/packages.scm (field-value-location): New procedure.
(package-field-location): Use it instead of inline code.
* tests/packages.scm ("package-field-location"): Test the ‘build-system’
field.
Reported-by: Nicolas Graves <ngraves@ngraves.fr>
Change-Id: I98c694bb6f1999fa9ca80e145fa016640067af55
|
|
This ensures ‘make check’ doesn’t accidentally start building the world.
* tests/guix-environment-container.sh (GUIX_BUILD_OPTIONS): New environment
variable.
* tests/guix-home.sh (GUIX_BUILD_OPTIONS): Likewise.
* tests/guix-pack-localstatedir.sh (GUIX_BUILD_OPTIONS): Likewise.
* tests/guix-pack-relocatable.sh (GUIX_BUILD_OPTIONS): Likewise.
Change-Id: If8afe9cfc5c0f1f72cd6f3d39dd5d4f6415d1e02
|
|
Fixes guix/guix#2213. The 1.1-formatted-data is no longer available
from NIST.
* guix/cve.scm (string->date*, <cve-item>,
reference-data->cve-configuration, cpe-match->cve-configuration,
configuration-data->cve-configurations, json->cve-items,
yearly-feed-uri, cve-item->vulnerability): Upgrade to JSON 2.0 feeds
schema.
(<cve>): Remove uneeded record.
* tests/cve-sample.json: Update them. Remove CVE-2019-0005 (no value
added, lots of lines).
* tests/cve.scm (%expected-vulnerabilities): Upgrade accordingly.
(json->cve-items, vulnerabilities->lookup-proc tests): Update accordingly.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
|
|
* guix/scripts/import/crate.scm (show-help, %options, guix-import-crate)
[--recursive, --recursive-dev-dependencies, --mark-missing]: Remove options.
* doc/guix.texi (Invoking guix import)[crate]: Adjust accordingly.
Mention packaging workflow.
* guix/import/crate.scm (make-crate-sexp): Don't use "rust-" prefix and semver
suffix for package name.
[#:cargo-inputs, #:cargo-development-inputs, #:build?]: Remove arguments.
(crate->guix-package)[#:include-dev-deps?, #:mark-missing?]: Remove arguments.
(<crate-dependency>): Remove data type.
(make-crate-dependency, crate-dependency?, json->crate-dependency)
(crate-version-dependencies, package-names->package-inputs)
(maybe-cargo-inputs, maybe-cargo-development-inputs, maybe-arguments)
(version->semver-prefix, find-package-version, crate-recursive-import): Remove
procedures.
* tests/crate.scm (test-foo-crate, test-bar-crate): Adjust for modified tests.
(test-foo-dependencies, test-bar-dependencies, test-root-crate)
(test-root-dependencies, test-intermediate-a-crate)
(test-intermediate-a-dependencies, test-intermediate-b-crate)
(test-intermediate-b-dependencies, test-intermediate-c-crate)
(test-intermediate-c-dependencies, test-leaf-alice-crate)
(test-leaf-alice-dependencies, test-leaf-bob-crate)
(test-leaf-bob-dependencies, rust-leaf-bob-3, rust-leaf-bob-3.0.2-yanked):
Remove variables.
("crate->guix-package yanked", "crate->guix-package only yanked available"): New
tests.
("crate->guix-package"): Adjust accordingly.
("crate->guix-package-marks-missing-packages", "crate-recursive-import")
("crate-recursive-import-honors-existing-packages")
("crate-import-only-yanked-available"): Remove tests.
Change-Id: Ib1d24511ed0ea1a2373f53de12e06afa7950a7d7
|
|
* guix/import/crate/cargo-lock.scm: New file.
* Makefile.am (MODULES): Regisiter it.
* etc/teams.scm (rust)[#:scope]: Add it.
* CODEOWNERS: Add it.
* guix/import/crate.scm (cargo-lock->expressions): New procedure.
* tests/crate.scm (temp-file): New variable.
("crate-lockfile-import"): New test.
Co-authored-by: Murilo <murilo@disroot.org>
Co-authored-by: Luis Guilherme Coelho <lgcoelho@disroot.org>
Change-Id: I95421e9e2ba11a671b4bc4e1323c6d31a1b012c5
|
|
* guix/lint.scm (check-misplaced-flags): New procedure.
(%local-checkers): Register new lint-checker.
* doc/guix.texi (Invoking guix lint): Add entry for misplaced-flags.
* tests/lint.scm (misplaced-flags: make-flag is incorrect,
misplaced-flags: configure-flag is incorrect, misplaced-flags: cargo
feature flags, misplaced-flags: flags without g-exp is incorrect,
misplaced-flags: build-type set correctly): New tests.
Change-Id: Ia8abbe787e26bffc65ee5c763326c7e271c189a4
|
|
* guix/lint.scm (check-compiler-for-target): Adjust the logic when
checking the make-flags to actually determine if it is a gexp or not.
* tests/lint.scm (compiler-for-target: looks through G-expressions): Fix
test.
Change-Id: I0040cf29c8197d394e63ac90b2fba7ca5bcb5861
|
|
* gnu/packages/luanti.scm: New file.
(luanti, luanti-server, luanti-topic, luanti-moreores, luanti-sound-api-core)
(luanti-basic-materials, luanti-coloredwood, luanti-ethereal)
(luanti-homedecor-modpack, luanti-mesecons, luanti-mineclone, luanti-mobs)
(luanti-mobs-animal, luanti-mobs-monster, luanti-pipeworks, luanti-technic)
(luanti-throwing, luanti-throwing-arrows, luanti-worldedit)
(luanti-unifieddyes, luanti-unified-inventory, luanti-advtrains)
(luanti-basic-trains, luanti-oneblock, luanti-wielded-light): New variables.
* gnu/packages/minetest.scm:
(minetest, minetest-server, minetest-topic, minetest-moreores)
(minetest-sound-api-core, minetest-basic-materials, minetest-coloredwood)
(minetest-ethereal, minetest-homedecor-modpack, minetest-mesecons)
(minetest-mineclone, minetest-mobs, minetest-mobs-animal)
(minetest-mobs-monster, minetest-pipeworks, minetest-technic)
(minetest-throwing, minetest-throwing-arrows, minetest-worldedit)
(minetest-unifieddyes, minetest-unified-inventory, minetest-advtrains)
(minetest-basic-trains, minetest-oneblock, minetest-wielded-light): Deprecate
in favor of the above.
(minetest-game): Move to…
* gnu/packages/luanti.scm (minetest-game): … here.
* gnu/local.mk (GNU_SYSTEM_MODULES): Register luanti.scm.
* guix/build-system/luanti.scm: New file.
(luanti-mod-build-system): New public variable.
* guix/build-system/minetest.scm (minetest-mod-build-system): Deprecate in
favor of luanti-mod-build-system.
* guix/build/luanti-build-system.scm: New file, renamed from…
* guix/build/minetest-build-system.scm: … this. Deprecate in favor of
luanti-build-system.
* guix/import/luanti.scm: New file, renamed from guix/import/minetest.scm.
(%contentdb-api): Switch to “https://content.luanti.org/api/”.
(luanti-package?, latest-luanti-release, luanti->guix-package)
(luanti-recursive-import, %luanti-updater): New public variables.
* guix/import/minetest.scm (minetest-package?, latest-minetest-release)
(minetest->guix-package, minetest-recursive-import, %minetest-updater):
Deprecate in favor of the luanti variants above.
* guix/scripts/import/luanti.scm: New file, renamed from
guix/scripts/import/minetest.scm.
(guix-import-luanti): New public variable.
* guix/scripts/import/minetest.scm (guix-import-minetest): Deprecate in favor
of guix-import-luanti.
* tests/minetest.scm: Rename to…
* tests/luanti.scm: … this.
* Makefile.am (MODULES, SCM_TESTS): Adjust accordingly.
* etc/teams.scm (games): Adjust accordingly.
* CODEOWNERS: Adjust accordingly.
|
|
This patch fixes a regression introduced by c9abfacd9f.
See https://issues.guix.gnu.org/76240#2.
* tests/guix-pack-relocatable.sh (tarball): Improve flaky test.
Change-Id: Ife1cbe6b6b9a22f2442e4ecb3a093c4b874bc4e1
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
|
|
Previously, the builder of a fixed-output derivation could communicate with an
external process via an abstract Unix-domain socket. In particular, it could
send an open file descriptor to the store, granting write access to some of
its output files in the store provided the derivation build fails—the fix for
CVE-2024-27297 did not address this specific case. It could also send an open
file descriptor to a setuid program, which could then be executed using
execveat to gain the privileges of the build user.
With this change, fixed-output derivations other than “builtin:download”
and “builtin:git-download” always run in a separate network namespace
and have network access provided by a TAP device backed by slirp4netns,
thereby closing the abstract Unix-domain socket channel.
* nix/libstore/globals.hh (Settings)[useHostLoopback, slirp4netns]: new
fields.
* config-daemon.ac (SLIRP4NETNS): new C preprocessor definition.
* nix/libstore/globals.cc (Settings::Settings): initialize them to defaults.
* nix/nix-daemon/guix-daemon.cc (options): add --isolate-host-loopback option.
* doc/guix.texi: document it.
* nix/libstore/build.cc (DerivationGoal)[slirp]: New field.
(setupTap, setupTapAction, waitForSlirpReadyAction, enableRouteLocalnetAction,
prepareSlirpChrootAction, spawnSlirp4netns, haveGlobalIPv6Address,
remapIdsTo0Action): New functions.
(initializeUserNamespace): allow the guest UID and GID to be specified.
(DerivationGoal::killChild): When ‘slirp’ is not -1, call ‘kill’.
(DerivationGoal::startBuilder): Unconditionally add CLONE_NEWNET to FLAGS.
When ‘fixedOutput’ is true, spawn ‘slirp4netns’.
When ‘fixedOutput’ and ‘useChroot’ are true, add setupTapAction,
waitForSlirpReadyAction, and enableRouteLocalnetAction to builder setup
phases.
Create a /etc/resolv.conf for fixed-output derivations that directs them to
slirp4netns's dns address.
When settings.useHostLoopback is true, supply fixed-output derivations with a
/etc/hosts that resolves "localhost" to slirp4netns's address for accessing
the host loopback.
* nix/libutil/util.cc (keepOnExec, decodeOctalEscaped, sendFD, receiveFD,
findProgram): New functions.
* nix/libutil/util.hh (keepOnExec, decodeOctalEscaped, sendFD, receiveFD,
findProgram): New declarations.
* gnu/packages/package-management.scm (guix): add slirp4netns input for linux
targets.
* tests/derivations.scm (builder-network-isolated?): new variable.
("fixed-output derivation, network access, localhost", "fixed-output
derivation, network access, external host"):
skip test case if fixed output derivations are isolated from the network.
Change-Id: Ia3fea2ab7add56df66800071cf15cdafe7bfab96
Signed-off-by: John Kehayias <john.kehayias@protonmail.com>
|
|
* tests/derivations.scm ("fixed-output derivation, network access, localhost")
("fixed-output derivation, network access, external host"): New tests.
Change-Id: Iec164981a12ffef1bcb6a63ed9c2f1f363c53d80
Signed-off-by: John Kehayias <john.kehayias@protonmail.com>
|
|
* guix/cve.scm: Exploit cpe vendors information.
(cpe->package-name): Rename to...
(cpe->package-identifier): Renamed from cpe->package-name. Use
cpe_vendor:cpe_name in place or cpe_name.
(vulnerabily-matches?): Add helper function.
(vulnerabilities->lookup-proc): Extract cpe_name for table
hashes. Add vendor and hidden-vendor arguments. Adapt condition to
pass vulnerabilities to result in the fold.
(write-cache, fetch-vulnerabilities): Update the format version.
* guix/lint.scm (package-vulnerabilities): Use additional arguments
from vulnerabilities->lookup-proc.
* tests/cve.scm (%expected-vulnerabilities): Adapt variable to changes
in guix/cve.scm.
Signed-off-by: Zheng Junjie <z572@z572.online>
|
|
Partly fixes <https://issues.guix.gnu.org/74583>.
Previously, passing an annotated tag to ‘--end’, as can happen when
‘guix git authenticate’ is invoked by the pre-push hook when pushing
tags, would lead to an error:
guix git: error: Git error: the requested type does not match the type in the ODB
* guix/scripts/git/authenticate.scm (ensure-commit-id): New procedure.
(guix-git-authenticate): Use it.
* tests/guix-git-authenticate.sh: Test with $v1_2_0_annotated_tag.
Change-Id: I22e8eb665609522c80c1f0dcb9e77a46c23c0c3c
|
|
This commit prevents Guix substitute servers from distributing binaries
which are marked non-substitutable. This prevents substitute servers
from accidentally committing copyright violations by distributing
binaries that are non-substitutable for copyright reasons.
* guix/scripts/publish.scm (render-nar): Query the derivers of
‘store-path’ and do nothing if one of them does not match
‘substitutable-derivation?’.
* tests/publish.scm ("non-substitutable derivation"): New test.
Change-Id: Iaca81f5bdb430a12a3ad41e9b83e0bcc535af607
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Modified-by: Ludovic Courtès <ludo@gnu.org>
|
|
* guix/scripts/environment.scm (launch-environment/container): Add
/run/user/UID to ‘file-systems’.
* tests/guix-environment-container.sh: Test it.
Change-Id: I44c70a7554a06f40d073c25929ea7c6ded356d08
|
|
* gnu/home/services.scm (files->files-directory): Build file union
without checking for existence of included items.
* tests/guix-home.sh: Verify symlinking files out of store works.
Change-Id: I94054003f4a6be944252ce7a397cf56f0b979554
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
|
|
* guix/scripts/refresh.scm (update-specification->update-spec): Flag the
update-spec as partial when it is prefixed with '~'.
* tests/guix-refresh.sh: Test it. Remove extraneous 'guix refresh'
invocation.
* doc/guix.texi (Invoking guix refresh): Document it.
Change-Id: Iab4482d9367105f6ffcd2d6a49148736c93d53e4
Reviewed-by: Florian Pelz <pelzflorian@pelzflorian.de>
Reviewed-by: Ludovic Courtès <ludo@gnu.org>
|
|
Fixes <https://issues.guix.gnu.org/78363>.
* guix/scripts/environment.scm (launch-environment/container): Add tmpfs for
home.
* tests/guix-environment-container.sh: Add test.
Change-Id: Iadd9b838f6442a8080998ed7e07414db562068bf
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
|
|
* tests/guix-build.sh: Fix typo.
|
|
This can be useful when evaluating a scheme-file store output for example,
which has multiple top level expressions.
* guix/ui.scm (read/eval): Also accept a port object as argument. Read and
evaluate all expressions from input port or string.
Change-Id: I0213706fa4824c3a8ffe5d93f44f263048cb62c2
|
|
Fixes <https://issues.guix.gnu.org/78272>.
Fixes a bug caused by commit ce363c1dc7bd63a74dcf7788d340819f6d5db89f,
which inadvertently made /tmp read-only as well.
* guix/scripts/environment.scm (launch-environment/container)[tmpfs]:
New variable.
Add it to ‘file-systems’.
* guix/scripts/home.scm (spawn-home-container): Add /tmp file system
to #:mounts.
* tests/guix-environment-container.sh: Add test.
Reported-by: Tomas Volf <~@wolfsden.cz>
Change-Id: I5cb449e6d0c213d4b5866cbcbd14990437a7d4c5
|
|
* guix/import/texlive.scm (tlpdb->package): Use (package-version
package-source) instead of %texlive-revision when importing a meta package.
* tests/texlive.scm ("texlive->guix-package, meta-package"): Test it.
Change-Id: I2a5d2eb6529dafe0c888b2a7a5a1b38af1160235
|
|
This makes it impossible to unmount or remount things from within
‘call-with-container’.
* gnu/build/linux-container.scm (initialize-user-namespace):
Add #:host-uid and #:host-gid. and honor them.
(run-container): Add #:lock-mounts?. Honor it by calling ‘unshare’
followed by ‘initialize-user-namespace’.
(call-with-container): Add #:lock-mounts? and pass it down.
(container-excursion): Get the user namespace owning the PID namespace
and join it, then join the remaining namespaces.
* tests/containers.scm ("call-with-container, mnt namespace, locked mounts"):
New test.
("container-excursion"): Pass #:lock-mounts? #f.
Change-Id: I13be982aef99e68a653d472f0e595c81cfcfa392
|
|
This is an incompatible change where the root file system in
‘guix shell -C’ is now read-only by default.
* guix/scripts/environment.scm (show-environment-options-help)
(%options): Add ‘--writable-root’.
* guix/scripts/environment.scm (setup-fhs): Invoke /sbin/ldconfig; moved
from…
(launch-environment): … here.
(launch-environment/container): Add #:writable-root? and pass it to
‘call-with-container’. Move root file system setup to #:populate-file-system.
(guix-environment*): Honor ‘--writable-root’.
* tests/guix-environment-container.sh: Test it.
* doc/guix.texi (Invoking guix shell): Document ‘--writable-root’.
(Debugging Build Failures): Mention it before “rm /bin/sh”.
Change-Id: I2e8517d6f01eb8093160bffc0f9f56071ad6fee6
Reviewed-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
|
|
* guix/scripts/home.scm (spawn-home-container): Move creation of
accounts, /etc/hosts, /tmp, and HOME-DIRECTORY from the first argument
of ‘eval/container’ to #:populate-file-system. Remove #:writable-root?.
* tests/guix-home.sh: Test that the root file system is read-only.
Change-Id: Icda54706321d51b95b563c86c3fb2238cc65ee20
|
|
Until now, the read-only file system set up by ‘call-with-container’
would always be writable. With this change, it can be made read-only.
With this patch, only ‘least-authority-wrapper’ switches to a read-only
root file system.
* gnu/build/linux-container.scm (remount-read-only): New procedure.
(mount-file-systems): Add #:writable-root? and #:populate-file-system
and honor them.
(run-container): Likewise.
(call-with-container): Likewise.
* gnu/system/linux-container.scm (container-script): Pass #:writable-root?
to ‘call-with-container’.
(eval/container): Add #:populate-file-system and #:writable-root? and
honor them.
* guix/scripts/environment.scm (launch-environment/container):
Pass #:writable-root? to ‘call-with-container’.
* guix/scripts/home.scm (spawn-home-container): Likewise.
* tests/containers.scm ("call-with-container, mnt namespace, read-only root")
("call-with-container, mnt namespace, writable root"): New tests.
Change-Id: I603e2fd08851338b737bb16c8af3f765e2538906
|
|
* guix/transformations.scm (package-git-url+recursive?): New variable.
(package-git-url): Remove variable.
(evaluate-git-replacement-specs): Use package-git-url+recursive?.
(transform-package-source-branch, transform-package-source-commit, transform-package-source-git-url): Update
according to changes above.
* doc/guix.texi (Package Transformation Options): Update documentation.
* tests/transformations.scm: Update tests. Add tests for RECURSIVE?
inheritance with WITH-COMMIT and WITH-SOURCE.
Change-Id: Id6a5e6957a9955c8173b06b3e14f2986c6dfc4bc
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
|
|
Previously, 'guix refresh --update' would do actually rewrite the file with
the same version/hash information when the target version was the same as the
current version:
guix refresh --update idutils=4.6
idutils.scm: warning: downgrading 'idutils' from 4.6 to 4.6
[...]
idutils.scm: idutils: updating from version 4.6 to version 4.6...
This changes handles this case so that it does and prints nothing.
* guix/upstream.scm (package-update): Use `version-compare' to distinguish the
equal versions case.
Change-Id: I079e030d573f5968725ef13b3f626e2f8d02cb2f
Signed-off-by: Christopher Baines <mail@cbaines.net>
|
|
Partly fixes <https://issues.guix.gnu.org/77862>.
Fixes a bug whereby, when running guix-daemon unprivileged, /etc/group
would contain the wrong GID for the “nixbld” group. This inconsistency
would lead to failures in the Coreutils test suite, for instance.
* nix/libstore/build.cc (DerivationGoal::startBuilder): Use ‘guestGID’
when writing /etc/group.
* tests/store.scm ("/etc/passwd and /etc/group"): New test.
Reported-by: keinflue <keinflue@posteo.net>
Change-Id: I739bc96c4c935fd9015a45e2bfe5b3e3f90554a9
|
|
* gnu/machine/hetzner.scm (hetzner-configuration): Add ipv4 and ipv6
fields. Export accessors.
* gnu/machine/hetzner/http.scm (hetnzer-api-primary-ips): New function.
(<hetzner-primary-ip>): New json mapping.
(hetzner-api-server-create): Pass IP addresses in request.
* doc/guix.texi (Invoking guix deploy): Document it.
Change-Id: I44509cc98e041762dc483e876566e79bde85b26a
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
|
|
* guix/build/syscalls.scm (unshare): New procedure.
Change-Id: I344273b8bdeaa9366334e6e20ee7efc37eb6c8f7
|
|
* guix/import/utils.scm (beautify-description): Fix broken check for
non-strings. Add a check for empty strings.
* tests/import-utils.scm: Add two tests.
Change-Id: Idf86df02aeb850fcc8808b7c9251082c1f816656
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
|
|
Fixes a regression introduced with
63b635e073415f544177159fbbcf07cb327b1d77.
* tests/guix-build.sh: Replace libgit2 by libgcrypt in ‘-P1’ example.
Change-Id: Idb2a18dd8455ee6bfda14284834a6f37ccec6a05
|
|
* guix/import/npm-binary.scm (<package-revision>)[license]: Handle the
case where a vector of licenses is used.
* tests/npm-binary.scm (foo-json): Redefine as a procedure with
license keyword.
(test-source-hash): Redefine with direct reference to test-source.
(foo-sexp): Redefine as a procedure with license keyword.
(npm-binary->guix-package test): Use foo-json and foo-sexp.
(npm-binary->guix-package with multiple licenses): Add test.
Change-Id: I9d6adb2ae2820678260fed1a67e91e22feb448b8
Signed-off-by: Jelle Licht <jlicht@fsfe.org>
|
|
This is a follow-up to 0881a674cce3af6ebe0c1c85000e2726cbe6fc54.
* guix/import/npm-binary.scm (npm-package->package-sexp): Use modify-json.
* tests/npm-binary.scm (npm-binary->guix-package test): Use modify-json.
Change-Id: I70523a890948b218c0d82d94a6edf8775521473e
Signed-off-by: Jelle Licht <jlicht@fsfe.org>
|
|
Fixes <https://issues.guix.gnu.org/77570>.
Commit 40f69b586a440d0397fa3dfe03b95a0f44e4d242 made chroot root
directory read-only; as a consequence, build processes attempting to
write to the root directory would now get EROFS instead of EACCES.
It turns out that a number of test suites (Go, Ruby, SCons, Shepherd)
would fail because of this observable difference.
To restore previous behavior in build environments while still
preventing build processes from exposing their root directory to outside
processes, this patch (1) keeps the root writable but #o555 by default,
thereby restoring the EACCES behavior, and (2) ensures that the parent
of the chroot root directory is itself user-accessible only.
* nix/libstore/build.cc (class DerivationGoal)[chrootRootTop]: New
field.
(DerivationGoal::startBuilder): Initialize ‘chrootRootTop’ and make it
‘AutoDelete’. Replace ‘mount’ call that made the root directory
read-only by a mere ‘chmod_’ call.
* tests/store.scm ("build root cannot be made world-readable"): Remove.
("writing to build root leads to EACCES"): New test.
Reported-by: Ada Stevenson <adanskana@gmail.com>
Reported-by: keinflue <keinflue@posteo.net>
Suggested-by: Reepca Russelstein <reepca@russelstein.xyz>
Change-Id: I5912e8b3b293f8242a010cfc79255fc981314445
|
|
Fixes a bug whereby (local-file (in-vicinity (getcwd) "xyz")) would
point to different files depending on the current working directory at
the time it is lowered.
* guix/gexp.scm (local-file): Expand FILE only once.
* tests/gexp.scm ("local-file, capture at the right time"): New test.
Change-Id: I2cc23296de3799e68f7d8b7be6061be3043e1176
|
|
* build-aux/test-env.in: Pass ‘--disable-chroot’ only when unprivileged
user namespace support is lacking and warn in that case.
* tests/store.scm ("build-things, check mode"): Use ‘gettimeofday’
rather than a shared file as a source of entropy.
("symlink is symlink")
("isolated environment", "inputs are read-only")
("inputs cannot be remounted read-write")
("build root cannot be made world-readable")
("/tmp, store, and /dev/{null,full} are writable")
("network is unreachable"): New tests.
* tests/processes.scm ("client + lock"): Skip when
‘unprivileged-user-namespace-supported?’ returns true.
Change-Id: I3b3c3ebdf6db5fd36ee70251d07b893c17ca1b84
|
|
These missing inputs go unnoticed when running ‘guix-daemon
--disable-chroot’ but are immediately visible otherwise.
* tests/derivations.scm ("fixed-output derivation"): Add %BASH to #:sources.
("fixed-output derivation: output paths are equal"):
("fixed-output derivation, recursive"):
("derivation with a fixed-output input"):
("derivation with duplicate fixed-output inputs"):
("derivation with equivalent fixed-output inputs"):
("build derivation with coreutils"): Likewise.
* tests/packages.scm (bootstrap-binary): New procedure.
("package-source-derivation, origin, sha512"): Use it instead of
‘search-bootstrap-binary’ and add BASH to #:sources.
("package-source-derivation, origin, sha3-512"): Likewise.
Change-Id: I4c9087df23c47729a3aff15e9e1435b7266e36e2
|
|
Many thanks to Reepca Russelstein for their review and guidance on these
changes.
* nix/libstore/build.cc (guestUID, guestGID): New variables.
(DerivationGoal)[readiness]: New field.
(initializeUserNamespace): New function.
(DerivationGoal::runChild): When ‘readiness.readSide’ is positive, read
from it.
(DerivationGoal::startBuilder): Call ‘chown’
only when ‘buildUser.enabled()’ is true. Pass CLONE_NEWUSER to ‘clone’
when ‘buildUser.enabled()’ is false or not running as root. Retry
‘clone’ without CLONE_NEWUSER upon EPERM.
(DerivationGoal::registerOutputs): Make ‘actualPath’ writable before
‘rename’.
(DerivationGoal::deleteTmpDir): Catch ‘SysError’ around ‘_chown’ call.
* nix/libstore/local-store.cc (LocalStore::createUser): Do nothing if
‘dirs’ already exists. Warn instead of failing when failing to chown
‘dir’.
* guix/substitutes.scm (%narinfo-cache-directory): Check for
‘_NIX_OPTIONS’ rather than getuid() == 0 to determine the cache
location.
* doc/guix.texi (Build Environment Setup): Reorganize a bit. Add
section headings “Daemon Running as Root” and “The Isolated Build
Environment”. Add “Daemon Running Without Privileges” subsection.
Remove paragraph about ‘--disable-chroot’.
(Invoking guix-daemon): Warn against ‘--disable-chroot’ and explain why.
* tests/derivations.scm ("builder is outside the store"): New test.
Reviewed-by: Reepca Russelstein <reepca@russelstein.xyz>
|
|
Fixes <https://issues.guix.gnu.org/76110>.
Fixes a regression introduced in
28e4018e59d30efb3d52aa950ce2261f11b69b33 where the system and target
system would be ignored.
* guix/packages.scm (input-graft, input-cross-graft): Wrap graft replacement
in ‘with-parameters’.
* tests/packages.scm ("package-grafts, indirect grafts")
("package-grafts, indirect grafts, propagated inputs")
("package-grafts, same replacement twice")
("package-grafts, dependency on several outputs")
("replacement also grafted"): Adjust accordingly by comparing the replacement
after lowering to a derivation.
("package-grafts, indirect grafts, #:system argument"): New test.
Change-Id: I1663f0cc50842bb9abb53ba4aa9935052022d1f4
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Reported-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
|
Fixes <https://issues.guix.gnu.org/75879>.
* .dir-locals.el (scheme-mode): Remove mparameterize indentation rules.
Add state-parameterize and store-parameterize indentation rules.
* etc/manifests/system-tests.scm (test-for-current-guix): Replace
mparameterize with store-parameterize.
* etc/manifests/time-travel.scm (guix-instance-compiler): Likewise.
* gnu/tests.scm (compile-system-test): Likewise.
* guix/gexp.scm (compile-parameterized): Use state-call-with-parameters.
* guix/monads.scm (mparameterize): Remove macro.
(state-call-with-parameters): New procedure.
(state-parameterize): New macro.
* guix/store.scm (store-parameterize): New macro.
* tests/gexp.scm ("with-parameters for %graft?"): New test.
* tests/monads.scm ("mparameterize"): Remove test.
("state-parameterize"): New test.
Co-authored-by: Ludovic Courtès <ludo@gnu.org>
Change-Id: I0c74066ca3f37072815b073fb3039925488a9645
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
|
|
Partly fixes <https://issues.guix.gnu.org/76315>.
Fixes a bug whereby a service whose canonical name has changed would not
be restarted—e.g., if '(syslogd) has a replacement providing
'(system-log syslogd).
* gnu/services/shepherd.scm (shepherd-service-upgrade)[running?]:
Remove.
[to-restart]: Change to a subset of LIVE. Look up all the names of each
element of TARGET.
* guix/scripts/system/reconfigure.scm (upgrade-shepherd-services):
TO-RESTART is now a list of <live-service>; adjust accordingly.
* tests/services.scm ("shepherd-service-upgrade: one unchanged, one upgraded, one new"):
("shepherd-service-upgrade: service depended on is not unloaded"):
("shepherd-service-upgrade: obsolete services that depend on each other"):
("shepherd-service-upgrade: transient service"): Adjust accordingly.
("shepherd-service-upgrade: service has new canonical name"): New test.
Reported-by: Tomas Volf <~@wolfsden.cz>
Change-Id: I7cec495b4e824da5fad5518f039607cf92f935d9
|
