1 files changed, 23 insertions(+), 2 deletions(-)

M gnu/system/examples/vm-image.tmpl

@@ 5,7 5,12 @@
 ;;   guix system reconfigure /etc/config.scm
 ;;
 
-(use-modules (gnu) (guix) (srfi srfi-1))
+(use-modules (gnu)
+             (guix)
+             (srfi srfi-1)
+             (ice-9 match)
+             (guix channels)
+             (gnu system image))
 (use-service-modules desktop mcron networking spice ssh xorg sddm)
 (use-package-modules bootloaders fonts
                      package-management xdisorg xorg)


@@ 25,6 30,15 @@ Run '\x1b[1;37minfo guix\x1b[0m' to browse documentation.
 accounts.\x1b[0m
 "))
 
+(define (guix-package-commit guix)
+  ;; Extract the commit of the GUIX package.
+  (match (package-source guix)
+    ((? channel? source)
+     (channel-commit source))
+    (_
+     (apply (lambda* (#:key commit #:allow-other-keys) commit)
+            (package-arguments guix)))))
+
 (operating-system
   (host-name "gnu")
   (timezone "Etc/UTC")


@@ 123,7 137,14 @@ root ALL=(ALL) ALL
                      (guix-service-type config =>
                                         (guix-configuration
                                          (inherit config)
-                                         (guix (current-guix))))))))
+                                         (guix
+                                          (let ((guix (current-guix)))
+                                            (package
+                                              (inherit guix)
+                                              ;; Do not leak the local checkout URL.
+                                              (source (channel
+                                                        (inherit %default-guix-channel)
+                                                        (commit (guix-package-commit guix)))))))))))))
 
   ;; Allow resolution of '.local' host names with mDNS.
   (name-service-switch %mdns-host-lookup-nss))