* gnu/packages/tex.scm (texlive-mflua-bin)[arguments]<#:phases>: Also generate
and install "mfluajit-nowin" and "mflua-nowin" binaries.
Change-Id: Id8b77abdf69699a831d3b52dadfc2eed0622bbf0
Fixes <https://issues.guix.gnu.org/78067>.
Previously sshd would use /gnu/store/…-openssh-…/var/empty as its
PRIVSEP_PATH. However, when using the unprivileged daemon, that
directory would belong to guix-daemon:guix-daemon, leading to this
error:
sshd[234]: fatal: /gnu/store/…-openssh-10.0p1/var/empty must be owned by root and not group or world-writable.
Fix that by switching to /var/empty.
* gnu/packages/patches/openssh-trust-guix-store-directory.patch
(openssh): Adjust to trust files in guix store owned by guix-daemon.
* gnu/packages/ssh.scm (openssh)[arguments]: Remove ‘reset-/var/empty’
phase; change ‘install’ phase to not create PRIVSEP_PATH.. Append
ending slash when substituting STORE_DIRECTORY.
Change-Id: I3bd01f8b9d6406e3b886eea8f4b8c265a51cc72f
Reported-by: Zack Weinberg <zack@owlfolio.org>
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Fixes <https://issues.guix.gnu.org/67707>.
Previously ‘guix describe’ in the installation image would show the
URL of the local checkout that was used to build the image. It now
shows the default URL.
* gnu/system/install.scm (%installation-services): Change channel of
‘guix’ package to inherit from ‘%default-guix-channel’.
Change-Id: If848b5a6166904e982e0f9a0780f3e3f53bdfc28
* gnu/packages/music.scm (lsp-plugins): Update to 1.2.21.
[arguments]: Update file name of test binary.
Change-Id: Ifc65e4fd6d66ef8466c46fd487e710366d5db9b1
* gnu/packages/bittorrent.scm (deluge): Update to 2.2.0.
[arguments]<#:phases>: Drop 'fix-deluge-console.
Change-Id: Iad8461c7ea73042fb208ea182f4dc67d4e74adcf
Signed-off-by: Andreas Enge <andreas@enge.fr>
It seems quickjs-ng and quickjs are not API compatible.
This fixes building tic80.
This reverts commit b94cf86a89.
Change-Id: I3666ddbef8d1b2e71d49f9b14aef5a1be4b8495a
Signed-off-by: Andreas Enge <andreas@enge.fr>
This makes it impossible to unmount or remount things from within
‘call-with-container’.
* gnu/build/linux-container.scm (initialize-user-namespace):
Add #:host-uid and #:host-gid. and honor them.
(run-container): Add #:lock-mounts?. Honor it by calling ‘unshare’
followed by ‘initialize-user-namespace’.
(call-with-container): Add #:lock-mounts? and pass it down.
(container-excursion): Get the user namespace owning the PID namespace
and join it, then join the remaining namespaces.
* tests/containers.scm ("call-with-container, mnt namespace, locked mounts"):
New test.
("container-excursion"): Pass #:lock-mounts? #f.
Change-Id: I13be982aef99e68a653d472f0e595c81cfcfa392
* gnu/build/linux-container.scm (run-container): Add #:loopback-network?
and honor it via #:populate-file-system.
(call-with-container): Add #:loopback-network? and pass it to
‘run-container’.
* guix/scripts/environment.scm (launch-environment/container): Remove
call to ‘set-network-interface-up’ and remove generation of /etc/hosts.
* guix/scripts/home.scm (spawn-home-container): Likewise.
Change-Id: I5933a4e8dc6d8e19235a79696b62299d74d1ba21
Until now, the read-only file system set up by ‘call-with-container’
would always be writable. With this change, it can be made read-only.
With this patch, only ‘least-authority-wrapper’ switches to a read-only
root file system.
* gnu/build/linux-container.scm (remount-read-only): New procedure.
(mount-file-systems): Add #:writable-root? and #:populate-file-system
and honor them.
(run-container): Likewise.
(call-with-container): Likewise.
* gnu/system/linux-container.scm (container-script): Pass #:writable-root?
to ‘call-with-container’.
(eval/container): Add #:populate-file-system and #:writable-root? and
honor them.
* guix/scripts/environment.scm (launch-environment/container):
Pass #:writable-root? to ‘call-with-container’.
* guix/scripts/home.scm (spawn-home-container): Likewise.
* tests/containers.scm ("call-with-container, mnt namespace, read-only root")
("call-with-container, mnt namespace, writable root"): New tests.
Change-Id: I603e2fd08851338b737bb16c8af3f765e2538906
One possible solution for an issue when /etc/guix/acl file exists, but points
to a non-existent location. This can for example happen if one is
reinitializing the system, and remove only /gnu/store and /var/guix, keep the
rest okay. This is a major advantage of guix as compared to other distros that
usually need you to reinitialize the whole root partition. But this will leave
the user with acl file pointing to non-existent location. The file-exists?
procedure will return #f for broken symbolic links.
I think that another reason one would get this issue is, if one was booted in
a live iso, chrooted, fixing their system. They would switch generations to
one with different acl file, delete other generations gc rooting the original
acl file and then gc. One could do this approach for example when recovering
from file corruptions in the store, to get rid of the unsubstitutable paths
that can't be repaired with guix gc --verify.
This fixes the issue by looking for type of a file through lstat, instead of
relying on file-exists?. If the symlink is a broken symlink, it is
removed. Other than that the old behavior is kept:
- If regular file, back it up
- If symlink pointing to the store, remove it
- If symlink not pointing to the store, back it up
* gnu/services/base.scm (substitute-key-authorization): Check if acl file is a
possibly-dangling symbolic link.
Change-Id: I2f8170606b2f4afeea48f04acfd738b04cafc7cf
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Modified-by: Ludovic Courtès <ludo@gnu.org>
* gnu/packages/parallel.scm (slurm-minimal)[inputs]: Only include
openpmix on systems where it is supported.
Change-Id: If8ec32d409eb19bceff61d9f8a9350ec346744a0
