When the store overlay is mounted, other processes such as kmscon, udev
and guix-daemon may open files from the store, preventing the
underlying install support from being umounted. See:
https://lists.gnu.org/archive/html/guix-devel/2018-12/msg00161.html.
To avoid this situation, mount the store overlay inside a container,
and run the installation from within that container.
* gnu/build/shepherd.scm (fork+exec-command/container): New procedure.
* gnu/services/base.scm (guix-shepherd-service): Support an optional PID
argument passed to the "start" method. If that argument is passed, ensure that
guix-daemon enters the given PID MNT namespace by using
fork+exec-command/container procedure.
* gnu/installer/final.scm (umount-cow-store): Remove it,
(install-system): run the installation from within a container.
* gnu/installer/newt/final.scm (run-install-shell): Remove the display hack.
* gnu/services/virtualization.scm (secret-service-operating-system): New
procedure.
(hurd-vm-disk-image): Use it to ensure a Childhurd always includes the
secret-service.
(%hurd-vm-operating-system): Remove secret-service.
Co-authored-by: Ludovic Courtès <ludo@gnu.org>
* gnu/services/virtualization.scm (%hurd-vm-operating-system): Add
secret-service.
(hurd-vm-shepherd-service): Use it to install secrets.
* doc/guix.texi (The Hurd in a Virtual Machine): Document it.
This adds a "secret-service" that can be added to a Childhurd VM to receive
out-of-band secrets (keys) sent from the host.
Co-authored-by: Ludovic Courtès <ludo@gnu.org>
* gnu/services/virtualization.scm (secret-service-activation): New procedure.
(secret-service-type): New variable.
* gnu/build/secret-service.scm: New file.
* gnu/local.mk (GNU_SYSTEM_MODULES): Add it.
Fixes a bug in 949672c923 whereby jobs
specifying a #:user not available in the build environment would fail
validation.
Reported by Maxim Cournoyer.
* gnu/services/mcron.scm (job-files)[validated-file]: Add "prologue"
file and pass it to 'mcron --schedule'.
That way, run-time errors in the job specs are caught at build time.
* gnu/services/mcron.scm (job-file): Remove.
(job-files): New procedure.
(mcron-shepherd-services): Adjust accordingly.
This is a follow-up of 755f365b02.
As (zlib) is autoloaded in (gnu build linux-modules), "guile-zlib" is needed
as an extension only when it is effectively used.
* gnu/installer.scm (installer-program): Remove "guile-zlib" from the extensions.
* gnu/machine/ssh.scm (machine-check-initrd-modules): Ditto.
* gnu/services.scm (activation-script): Ditto.
* gnu/services/base.scm (default-serial-port): Ditto,
(agetty-shepherd-service): ditto,
(udev-service-type): ditto.
* gnu/system/image.scm (gcrypt-sqlite3&co): Ditto.
* gnu/system/shadow.scm (account-shepherd-service): Ditto.
This commit adds support for GZIP compression for linux-libre kernel
modules. The initrd modules are kept uncompressed as the initrd is already
compressed as a whole.
The linux-libre kernel also supports XZ compression, but as Guix does not have
any available bindings for now, and the compression time is far more
significant, GZIP seems to be a better option.
* gnu/build/linux-modules.scm (modinfo-section-contents): Use
'call-with-gzip-input-port' to read from a module file using '.gz' extension,
(strip-extension): new procedure,
(dot-ko): adapt to support compression,
(ensure-dot-ko): ditto,
(file-name->module-name): ditto,
(find-module-file): ditto,
(load-linux-module*): ditto,
(module-name->file-name/guess): ditto,
(module-name-lookup): ditto,
(write-module-name-database): ditto,
(write-module-alias-database): ditto,
(write-module-device-database): ditto.
* gnu/installer.scm (installer-program): Add "guile-zlib" to the extensions.
* gnu/machine/ssh.scm (machine-check-initrd-modules): Ditto.
* gnu/services.scm (activation-script): Ditto.
* gnu/services/base.scm (default-serial-port): Ditto,
(agetty-shepherd-service): ditto,
(udev-service-type): ditto.
* gnu/system/image.scm (gcrypt-sqlite3&co): Ditto.
* gnu/system/linux-initrd.scm (flat-linux-module-directory): Add "guile-zlib"
to the extensions and make sure that the initrd only contains
uncompressed module files.
* gnu/system/shadow.scm (account-shepherd-service): Add "guile-zlib" to the
extensions.
* guix/profiles.scm (linux-module-database): Ditto.
Fixes <https://bugs.gnu.org/43011>.
Reported by Jesse Gibbons <jgibbons2357@gmail.com>.
Until now the stdout/stderr file descriptors were not redirected.
* gnu/services/admin.scm (unattended-upgrade-mcron-jobs)[code]: Remove
'with-logging' and use 'redirect-port' instead.
* gnu/services/admin.scm (<unattended-upgrade-configuration>)[operating-system-file]:
New field.
(unattended-upgrade-mcron-jobs): Honor it.
* doc/guix.texi (Unattended Upgrades): Document it.
* gnu/services/linux.scm (<zram-device-configuration>): New record.
(zram-device-service-type): New variable.
* doc/guix.texi (Linux Services): Document it.
* tests/services/linux.scm (zram-swap-device-test): New tests.
* gnu/services/admin.scm (<unattended-upgrade-configuration>): New
record type.
(%unattended-upgrade-log-file): New variable.
(unattended-upgrade-mcron-jobs, unattended-upgrade-log-rotations): New
procedures.
(unattended-upgrade-service-type): New variable.
* doc/guix.texi (Service Reference): Add 'provenance-service-type' anchor.
(Unattended Upgrades): New section.
* gnu/services/nix.scm (<nix-configuration>)[extra-options]: New field.
(nix-shepherd-service): Add this.
(nix-activation): Add new line to the end of /etc/nix/nix.conf file.
* doc/guix.texi (Miscellaneous Services)[Nix service]: Document this.
* gnu/services/ganeti.scm (<ganeti-rapi-configuration>): Set SSL? to #t.
* gnu/tests/ganeti.scm (%ganeti-os): Set SSL? to #f.
* doc/guix.texi (Virtualization Services): Adjust accordingly.
* gnu/services/web.scm (mumi-shepherd-services)[environment]: New
variable.
Pass it as #:environment-variables to each 'make-forkexec-constructor'
call.
Commit 6680880f9b pushes out a new guix
package with a new key location, so we need to update to the new key
in order for systems to build correctly.
* gnu/services/base.scm (%default-authorized-guix-keys): Refer to berlin.guix.gnu.org.pub.
* gnu/services/networking.scm (<wpa-supplicant-configuration>)[requirement]:
New parameter.
(wpa-supplicant-shepherd-service): Use it instead of hard-coded list.
* doc/guix.texi (Networking Services): Document accordingly.
* gnu/services/science.scm: New file.
(<rshiny-configuration>): New record.
(rshiny-shepherd-service-type): New variable.
* doc/guix.texi (Miscellaneous Services): Document it.
* gnu/local.mk (GNU_SYSTEM_MODULES): Add it.
These issues were reported by -Wformat, though they were harmless in
practice because importing (ice-9 format) changes the global 'format'
binding currently.
* gnu/services/nix.scm: Import (ice-9 format).
* gnu/services/web.scm: Likewise.
* gnu/system/mapped-devices.scm: Likewise.
* gnu/services/virtualization.scm (<hurd-vm-configuration>)[options]: Remove
"--hda" option.
[id,net-options]: New fields.
(hurd-vm-net-options): New procedure. Parameterize port forwarding with ID.
* gnu/services/virtualization.scm (hurd-vm-shepherd-service): Use them.
Parameterize provision with ID, if set. Hardcode "--hda" option for image.
* doc/guix.texi (Virtualization Services): Document new fields. Update for
hardcoding of "--hda".
* gnu/services/virtualization.scm (hurd-vm-shepherd-service,
hurd-vm-disk-image): New procedures.
(%hurd-vm-operating-system, hurd-vm-service-type): New variables.
(<hurd-vm-configuration>): New record type.
* doc/guix.texi (Virtualization Services): Document it.
* gnu/services/shepherd.scm (scm->go): Use let-system, remove FIXME. Fixes
fixes cross-building of shepherd modules for the Hurd image.
* gnu/services/hurd.scm (<hurd-gettty-configuration>): New record.
(hurd-ttys-shepherd-service): New procedure.
(hurd-getty-service-type): New variable.
* doc/guix.texi (Hurd Services): Document it.
Fixes <https://bugs.gnu.org/40806>.
Previously the xorg-server package specified in the configuration was ignored
entirely in xorg-configuration->file. This had the effect that while the X
program of the configured package would be executed, the modules of the
configured package would be ignored in favor of the default xorg-server
package's modules. This fixes that.
* gnu/services/xorg.scm (xorg-configuration->file): honor
xorg-configuration-server.
* gnu/services/docker.scm (docker-configuration): Add a debug? field.
(containerd-shepherd-service): Pass the "--log-level=debug" argument when
DEBUG? is true.
(docker-shepherd-service): Pass the "--debug" and "--log-level=debug"
arguments when DEBUG? is true.
* doc/guix.texi (Miscellaneous Services): Update doc.
* gnu/services/nfs.scm (<nfs-configuration>)[nfsd-tcp?, nfsd-udp?]: New
fields.
(nfs-shepherd-services)[rpc.nfsd]: Populate the --{no-,}tcp and --{no-,}udp
command line options based on the values of the nfsd-tcp? and nfsd-upd?
fields.
* doc/guix.texi (Network File System): Add doc.
