Some packages (eg: xfce4-panel) use even number for minor version to indicate
a stable release, when refresh such packages to latest versions we'd like them
to be stable ones. Introduce 'stable-version-regexp' as a package property,
so that unwanted releases can be filtered out.
* doc/guix.texi (Invoking guix refresh): Document 'stable-version-regexp'.
* guix/import/git.scm (import-git-release): Filter out unstable releases when
target-version is unset but 'stable-version-regexp' is available.
Change-Id: I7bbb2cb41b19175a7e3fb79e00cd8dbb20d049ad
* gnu/services/web.scm (<mumi-configuration>)[rsync-and-index-event]: New
field.
* gnu/services/web.scm (mumi-shepherd-services): Use it.
* doc/guix.texi (Web Services)[Mumi]: Document it.
Change-Id: I5910c4a93106b44eaf3900d6a72fb501c01b8773
Docker's default seccomp filter prevents use of the ADDR_NO_RANDOMIZE flag
with the personality system call. It causes personality to return EPERM. In
general, we assume that any result other than the only documented one, EINVAL,
is caused by seccomp. If we detect that ADDR_NO_RANDOMIZE is blocked, and the
--allow-aslr option was passed, we simply don't use it.
This allows guix-daemon to continue to work even in these containers, without
any implicit weakening of reproducibility.
Since it is presumably desirable to be able to build guix itself in such an
environment, also pass --allow-aslr to guix-daemon in test-env.
* nix/libstore/globals.hh (Settings::allowASLR): new field.
* nix/nix-daemon/guix-daemon.cc (options): add --allow-aslr option.
(parse_opt): use it to set Settings::allowASLR.
* nix/libstore/build.cc (DerivationGoal::startBuilder): detect when
ADDR_NO_RANDOMIZE is blocked and --allow-aslr is passed and don't use it in
that case.
* doc/guix.texi: document --allow-aslr in "Invoking guix-daemon".
* build-aux/test-env.in: always pass --allow-aslr.
Fixes: guix/guix#3917
Change-Id: I51c5899a9559e161f9e107c2e6a36df395ab3134
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Modified-by: Ludovic Courtès <ludo@gnu.org>
Merges: #4616
Since gunicorn is run in its own Linux namespace, where $HOME is
read-only, creating that control-socket fails and prevents gunicorn
from starting by default. Therefore, this patch disables it by
default but allows supplying a custom path via a newly added
configuration field.
* gnu/services/web.scm (gunicorn-app): Add gunicorn-app-control-socket.
(gunicorn-shepherd-services): Respect gunicorn-app-control-socket.
* doc/guix.texi (gunicorn-app): Document it.
Change-Id: I648079b630293a47801713425728a4d602c8088c
* gnu/services/dns.scm (<dnsmasq-configuration>)
[authoritative-servers, authoritative-zones, host-records]: New fields.
(dnsmasq-shepherd-service): Use them.
* doc/guix.texi (DNS Services): Add a new example and document the new fields.
Change-Id: Ib26c3f59e90b2a9997ecdac03c5564ae02b6754e
Reviewed-by: Nguyễn Gia Phong <cnx@loang.net>
* gnu/services/dns.scm (<dnsmasq-configuration>)
[locals]: New field.
(dnsmasq-shepherd-service): Use it.
* doc/guix.texi (DNS Services): Document it.
Change-Id: I1c2bc86c1636aa82451d1a38959380c3791fd8d4
This is a complement to the AGit workflow included in "Submitting
Patches".
* doc/guix.texi: Mention ‘emacs-agitjo’ in the ’Emacs’ subsection.
Merges guix/guix!8445
Change-Id: Ia49a0da71e8b08e252ff4dd996c414173920ecac
* doc/guix.texi (Volunteer Run Mirrors): New subsection.
* doc/guix.texi (Official Substitution Servers):
Rephrase due to new subsection.
Change-Id: I6e0861b632a78b705ce7ed8615a423c6d370f4c9
Merges: https://codeberg.org/guix/guix/pulls/6272
Reviewed-by: Maxim Cournoyer <maxim@guixotic.coop>
Signed-off-by: Nguyễn Gia Phong <cnx@loang.net>
This fixes a regression introduced in commit a2ef2bcbfd ("machine: hetzner:
Allow connections using ssh-agent"), where having no ssh-key would cause the
early Hetzner provisioning to fail due to the lack of SSH authentication.
* gnu/machine/hetzner.scm (%hetzner-ssh-key-file): New parameter.
(<hetzner-configuration>) [ssh-public-key]: Compute default according to the
value of the private ssh-key field. Introduce an indirection via...
(hetzner-configuration-ssh-public-key): ... this new procedure, to honor
%hetzner-ssh-key-file.
(hetzner-configuration-ssh-key): Likewise for the private ssh-key.
(hetzner-configuration-ssh-key-fingerprint): Rename to...
(public-key->fingerprint): ... this, taking just the public key as argument.
Update doc.
(hetzner-configuration-ssh-key-public): Rename to...
(public-key->string-with-type): ...this, for clarity, and accept just a
public-key object. Update doc.
(hetzner-machine-ssh-key): Exit early with #f when no ssh key is provided.
(temporary-ssh-key-file): New procedure.
(hetzner-machine-ssh-key-create): Assert a public key is defined. Adjust
calls to renamed procedures, and adjust for the `hetzner-api-server-create'
API change.
(hetzner-machine-enable-rescue-system): Refine doc and fix code path when
ssh-key is #f.
(hetzner-machine-rescue-install-os): Document.
(hetzner-machine-provision): Refine doc. Remove extraneous sleep and #:unwind
argument. Limit ssh-session dynamic scope to where it's needed.
(cleanup-temporary-ssh-key/maybe): New procedure.
(deploy-hetzner): Create and use a temporary SSH key when none is defined, and
clean it up when done or on errors.
* gnu/machine/hetzner/http.scm (hetzner-api-server-create): Make ssh-keys a
keyword argument, and fix execution when it's #f.
(hetzner-api-server-enable-rescue-system): Likewise.
* tests/machine/hetzner.scm ("deploy-machine-mock-with-unprovisioned-server"):
Adjust test.
* tests/machine/hetzner/http.scm (create-server)
("hetzner-api-server-create-unit")
("hetzner-api-server-enable-rescue-system-unit")
("hetzner-api-actions-integration")
("hetzner-api-server-enable-rescue-system-integration"): Likewise.
* doc/guix.texi (Invoking guix deploy): Precise what happens when 'ssh-key' is
#f in hetzner-configuration, and suggest declaratively authorizing your SSH
key.
Change-Id: I812b348fb553f3b5aebd0bf66850c6ecb9e06653
* gnu/machine/hetzner.scm (<hetzner-configuration>)
[user]: New field.
(hetzner-machine-delegate): Use match-record to bind the field values; honor
user.
* doc/guix.texi (Invoking guix deploy): Document it.
Fixes: #8493
Change-Id: I026828c508ea936523fe864e2646ab9e3a1329c4
This doesn’t hold true anymore.
* doc/contributing.texi (The Perfect Setup)[Emacs]: Remove footnote.
Change-Id: Iafe3bddad665c817eef463a264fcf3503f4a7691
* gnu/services/linux.scm (btrfs-scrub-configuration): New configuration
record.
(btrfs-scrub-service-type): New service type with custom actions.
(fstrim-/shepherd-calendar-event?): Refactor to avoid name collisions.
* doc/guix.texi: Add service documentation.
Change-Id: I04747914591a80cd535d2f79d35e08f68081b2fc
Signed-off-by: Joan Vilardaga Castro <codeberg-hn80@joanvc.cat>
Signed-off-by: Efraim Flashner <efraim@flashner.co.il>
The default value was changed in commit
502925655d ("doc: Update postgresql defaut
socket directory.").
Change-Id: I9d495de696273bd35f77c858fd22653a556e2c13
All the performance and general purpose newer x86 Hetzner server types like
the 'cpx22' now require an EFI bootloader, while older ones like the 'cx23'
still expect a BIOS bootloader.
Instead of exposing the user to errors when selecting the correct operating
system template to use, provide a procedure that takes returning one based on
the server type name.
* gnu/machine/hetzner.scm (%hetzner-os-arm): Rename to...
(%hetzner-os-arm/efi): ... this. Adjust for variable name change.
(%hetzner-os-x86): Rename to...
(%hetzner-os-x86/bios): ... this. Adjust for variable name change.
(%hetzner-os-x86/efi): New variable.
(server-type-name->arch, server-type-name->bootloader)
(make-hetzner-os): New procedures.
(%hetzner-os-x86, %hetzner-os-x86): Deprecate variables.
(hetzner-machine-bootstrap-os-form): Use the server type name to infer whether
the EFI or BIOS bootloader should be used, along the EFI partition.
* doc/guix.texi (Invoking guix deploy): Updated doc.
Fixes: #8523
Change-Id: I331a76e12bb3c19f5664dcbe4437a8d1cfe1d363
* doc/guix.texi (Invoking guix pull): Mention that “trusted channels” must
have an introduction; explain how channels are identified.
Reported-by: Simon Tournier <zimon.toutoune@gmail.com>
Change-Id: Ie89702cc17bc90130153a56df1f0844b19cfff23
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Merges: #8565
Without this change, the mode is not at all configurable meaning
that—depending on the umask(1)—it may allow access to others. Further,
in many scenarios the owner/group of the Unix domain socket should
differ from the owner/group of the gunicorn process. For example,
we might want to grant the nginx group access to the socket but not
use that as the GID for the gunicorn process.
* gnu/services/web.scm (<gunicorn-app>): Add socket-user, socket-group
and socket-mode.
* gnu/services/web.scm (gunicorn-activation): Respect
gunicorn-app-socket-user, gunicorn-socket-app-group, and
gunicorn-app-socket-mode.
* doc/guix.texi (Guix Services): Document new record fields.
Change-Id: I1fe5b77deb791c38c1642753a52098d304124049
* doc/guix.texi (Chrooting into an existing system): Mention the
canonical directory to check to see if a machine has booted with EFI
support.
Change-Id: I98b2b3a8adc0cc5b49a91b976ca02c10ac424d40
* doc/guix-cookbook.texi (A ``Hello World'' package): Add link to “origin
Reference” and adjust markup.
(Extended example): Link to “origin Reference”. Fix markup. Link to
“Packages with Multiple Outputs”, “Build Systems”, “Build Phases”, and
“G-Expressions”. Adjust reference to the Guile manual.
(Inheritance): Link to “Defining Package Variants”.
(References): Use @xref to reference the manual.
Change-Id: Ifa605adc1c91f2735b66005c8a7412f60cdb4484
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Merges: #8392
* guix/swh.scm (swhid-content-data): New procedure.
(call): Do not close ‘port’ when ‘result’ is the same as ‘port’.
* guix/scripts/pull.scm (swhid-content-data*): New procedure.
(channel-list): Accept ‘file’ as a SWHID.
* tests/guix-time-machine.sh: Add test.
* doc/guix.texi (Invoking guix pull): Document it.
(Invoking guix time-machine): Likewise.
Change-Id: I8145cd8685fe2926b1548d4a2dcd54804d89228a
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
This is a backport of guix/lernigilo#7 and followup commits.
* doc/build.scm (html-manual-identifier-index)[build]
(collect-anchors): Add clauses matching Texinfo 7 output.
(syntax-highlighted-html)[build](concatenate-snippets): Likewise.
(syntax-highlight):Likewise.
(stylized-html)[stylized-html]: Do not insert <link> tag for ‘%manual-css-url’
since it’s already added by ‘makeinfo’.
Change-Id: I3a51eece053d4fdeeaa72d2642fd4a62695cc3a6
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Merges: #8272
* guix/scripts/style.scm (input-matches?, package-list->string,
%field-accessors, remove-from-package-field, transform-package-field):
Add variables.
(%options): Add options --remove-input, --remove-native-input,
--remove-propagated-input, and --parameter.
(guix-style): Implement those options. To keep ony one autoload, use
specification->package+output rather than specification->package.
* tests/style.scm ("remove-input, single input removed",
"remove-input, one of multiple inputs removed",
"remove-input, middle input removed from list",
"remove-input, non-existent input unchanged",
"remove-input, input with output specifier",
"remove-native-input, single input removed",
"remove-native-input, one of multiple inputs removed",
"remove-native-input, does not affect inputs field",
"remove-propagated-input, single input removed",
"remove-propagated-input, one of multiple inputs removed",
"remove-propagated-input, does not affect other fields",
"remove-input from all three fields independently",
"remove-input, dry-run does not modify file"): New tests.
("url-fetch->git-fetch, preserved field"): Drop the use of %patch-path
and %package-module-path, which are not necessary because of -L.
Change the mocked procedure from specification->package to
specification->package+output, as in the implementation.
* doc/guix.texi (Invoking guix style): Add description for guix style
-S remove-*input rules.
Change-Id: I449c87930310a73ad316b4cb5db72d0906ea495d
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Merges: #5862
* doc/guix.texi: It seems that there were two places where styling
rules were declared, and one was vastly outdated. Only describe
styling rules once instead, and move their specific discussion where
the styling rule is described.
Change-Id: Ic83d4c59e45ed51f63dfe91e624b6f453a800818
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* gnu/services/firmware.scm: New file.
(fwupd-configuration): New configuration record.
(fwupd-service-type): New service type.
* gnu/local.mk: Add it.
* doc/guix.texi: Document it.
Change-Id: Ibea27566d6ae64ccfdfdd2750be006df1ffde22d
Signed-off-by: Sughosha <sughosha@disroot.org>
Merges: guix/guix!5409
This is a followup to 0e18caf221.
* doc/guix.texi (Bootloader Configuration): Change “logo” to singular.
Reported-by: Maxim Cournoyer <maxim@guixotic.coop>
Change-Id: I98c46746e33c0e7a14ebb90919fc28567780aa63
Alternative syslogd implementations use a different pid file.
* gnu/services/base.scm: Export all syslog-configuration accessors.
(syslog-configuration): Add pid-file field.
(syslog-shepherd-service-type): Use it.
* doc/guix.texi (syslog-configuration): Document it.
Change-Id: I9be9fc741d98d4f49a37fbcbb2c644db859cadc1
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Merges: #6096
* doc/local.mk (lang_to_texinfo): Refer to .texi files using srcdir.
(xref_command): Reference pre-inst-env using builddir.
($(srcdir)/%D%/guix.%.texi):
($(srcdir)/%D%/guix-cookbook.%.texi):
($(srcdir)/%D%/contributing.%.texi): Refer to source files using srcdir.
* nix/local.mk (etc/guix-gc.timer): Use the name of the prerequisite,
not just its file name.
Change-Id: I247bcd873c8355d0eae07870ec849d2eb8cfa6c5
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Merges: #8267
The release artifacts are now signed by Efraim, not Ludo.
* doc/guix-cookbook.texi: Switch gpg url to codeberg, mention Efraim's key.
* doc/guix.texi: Likewise.
Change-Id: Iae667796b6978cdd4a44f73990da7b9599ab509c
Fixes: #5946
Signed-off-by: Rutherther <rutherther@ditigal.xyz>
Merges: #6213
宋文武