gnu: r-posterior: Update to 1.6.1.

* gnu/packages/cran.scm (r-posterior): Update to 1.6.1.
[native-inputs]: Add r-dplyr, r-ggplot2, and r-tidyr.

Change-Id: Ibbea0ab6c98f7d246cdc390e0f8a65f87aca6807

gnu: deluge: Update to 2.2.0.

* gnu/packages/bittorrent.scm (deluge): Update to 2.2.0.
[arguments]<#:phases>: Drop 'fix-deluge-console.

Change-Id: Iad8461c7ea73042fb208ea182f4dc67d4e74adcf
Signed-off-by: Andreas Enge <andreas@enge.fr>

gnu: torbrowser: Update to 14.5.1 [security-fixes].

Fixes CVEs 2025-2817, 2025-4082, 2025-4083, 2025-4084, 2025-4087,
2025-4091 and 2025-4093.  See:
<https://www.mozilla.org/en-US/security/advisories/mfsa2025-29/> for
details.

* gnu/packages/tor-browsers.scm (%torbrowser-build-date): Update to
20250428205842.
(%torbrowser-version): Update to 14.5.1.
(%torbrowser-firefox-version): Update to 128.10.0esr-14.5-1-build2.
(torbrowser-translation-base): Update to
04331f4c8177a09f0785f8cf2604dcebde139be5.
(torbrowser-translation-specific): Update to
5f4849f6d050316f9d7fe90018d1a83a3d191341.

Change-Id: I4192dc53ea2f67ca127c61cfc98b4a057954942a
Signed-off-by: Andreas Enge <andreas@enge.fr>

gnu: mullvadbrowser: Update to 14.5.1 [security-fixes].

Fixes CVEs 2025-2817, 2025-4082, 2025-4083, 2025-4084, 2025-4087,
2025-4091 and 2025-4093.  See:
<https://www.mozilla.org/en-US/security/advisories/mfsa2025-29/> for
details.

* gnu/packages/tor-browsers.scm (%mullvadbrowser-build-date): Update to
20250428205842.
(%mullvadbrowser-version): Update to 14.5.1.
(%mullvadbrowser-firefox-version): Update to 128.10.0esr-14.5-1-build2.
(mullvadbrowser-translation-base): Update to
04331f4c8177a09f0785f8cf2604dcebde139be5.
(mullvadbrowser-translation-specific): Update to
88915281a11105bef03e638336b2852bd806ef78.

Change-Id: I8d71343b86b41318e7f4c7906cd4d2cf7c60e52e
Signed-off-by: Andreas Enge <andreas@enge.fr>

gnu: quickjs: Update to 2025-04-26.

* gnu/packages/javascript.scm (quickjs): Update to 2025-04-26.

Change-Id: Ia759ec18e58613734446d9cce88f781c3c415c14
Signed-off-by: Andreas Enge <andreas@enge.fr>

Revert "gnu: quickjs: Deprecate."

It seems quickjs-ng and quickjs are not API compatible.
This fixes building tic80.

This reverts commit b94cf86a89ef0a6bf7ec2c8e52f64c5107888f55.

Change-Id: I3666ddbef8d1b2e71d49f9b14aef5a1be4b8495a
Signed-off-by: Andreas Enge <andreas@enge.fr>

gnu: lcrq: Update to 0.2.4.

* gnu/packages/networking.scm (lcrq): Update to 0.2.4.
[homepage]: Update redirected URL.

Change-Id: I22fe5ecb012d915552779acc2d7f69d43ea03a3b
Signed-off-by: Andreas Enge <andreas@enge.fr>

news: Add entry for ‘guix shell --writable-root’.

* etc/news.scm: Add it.

Change-Id: I3b07d8156c32c0cb6de8e8bf3a26a3e1e5af66b1

linux-container: Lock mounts by default.

This makes it impossible to unmount or remount things from within
‘call-with-container’.

* gnu/build/linux-container.scm (initialize-user-namespace):
Add #:host-uid and #:host-gid. and honor them.
(run-container): Add #:lock-mounts?.  Honor it by calling ‘unshare’
followed by ‘initialize-user-namespace’.
(call-with-container): Add #:lock-mounts? and pass it down.
(container-excursion): Get the user namespace owning the PID namespace
and join it, then join the remaining namespaces.
* tests/containers.scm ("call-with-container, mnt namespace, locked mounts"):
New test.
("container-excursion"): Pass #:lock-mounts? #f.

Change-Id: I13be982aef99e68a653d472f0e595c81cfcfa392

linux-container: Set up “lo” and generate /etc/hosts by default.

* gnu/build/linux-container.scm (run-container): Add #:loopback-network?
and honor it via #:populate-file-system.
(call-with-container): Add #:loopback-network? and pass it to
‘run-container’.
* guix/scripts/environment.scm (launch-environment/container): Remove
call to ‘set-network-interface-up’ and remove generation of /etc/hosts.
* guix/scripts/home.scm (spawn-home-container): Likewise.

Change-Id: I5933a4e8dc6d8e19235a79696b62299d74d1ba21

syscalls: Add ‘get-user-ns’.

* guix/build/syscalls.scm (NS_GET_USERNS): New variable.
(get-user-ns): New procedure.

Change-Id: I0cfba6a7cdf2ab64ef658b0f821ba4e7c6c89eab

environment: Add ‘--writable-root’ and default to read-only root.

This is an incompatible change where the root file system in
‘guix shell -C’ is now read-only by default.

* guix/scripts/environment.scm (show-environment-options-help)
(%options): Add ‘--writable-root’.
* guix/scripts/environment.scm (setup-fhs): Invoke /sbin/ldconfig; moved
from…
(launch-environment): … here.
(launch-environment/container): Add #:writable-root? and pass it to
‘call-with-container’.  Move root file system setup to #:populate-file-system.
(guix-environment*): Honor ‘--writable-root’.
* tests/guix-environment-container.sh: Test it.
* doc/guix.texi (Invoking guix shell): Document ‘--writable-root’.
(Debugging Build Failures): Mention it before “rm /bin/sh”.

Change-Id: I2e8517d6f01eb8093160bffc0f9f56071ad6fee6
Reviewed-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>

guix home: ‘container’ provides a read-only root file system.

* guix/scripts/home.scm (spawn-home-container): Move creation of
accounts, /etc/hosts, /tmp, and HOME-DIRECTORY from the first argument
of ‘eval/container’ to #:populate-file-system.  Remove #:writable-root?.
* tests/guix-home.sh: Test that the root file system is read-only.

Change-Id: Icda54706321d51b95b563c86c3fb2238cc65ee20

linux-container: Support having a read-only root file system.

Until now, the read-only file system set up by ‘call-with-container’
would always be writable.  With this change, it can be made read-only.
With this patch, only ‘least-authority-wrapper’ switches to a read-only
root file system.

* gnu/build/linux-container.scm (remount-read-only): New procedure.
(mount-file-systems): Add #:writable-root? and #:populate-file-system
and honor them.
(run-container): Likewise.
(call-with-container): Likewise.
* gnu/system/linux-container.scm (container-script): Pass #:writable-root?
to ‘call-with-container’.
(eval/container): Add #:populate-file-system and #:writable-root? and
honor them.
* guix/scripts/environment.scm (launch-environment/container):
Pass #:writable-root? to ‘call-with-container’.
* guix/scripts/home.scm (spawn-home-container): Likewise.
* tests/containers.scm ("call-with-container, mnt namespace, read-only root")
("call-with-container, mnt namespace, writable root"): New tests.

Change-Id: I603e2fd08851338b737bb16c8af3f765e2538906

guix home: ‘container’ explicitly mounts $HOME and /run/user/1000.

* guix/scripts/home.scm (spawn-home-container): Pass #:mounts to
‘eval/container’.

Change-Id: I1986c1411711cebaf623f97897d91436d8167037

linux-container: Add #:mounts to ‘eval/container’.

* gnu/system/linux-container.scm (eval/container): Add #:mounts
parameter and honor it.

Change-Id: I1d5970f53a3d67db93e937e392f9bf36e75d1573

services: guix: Fix case when /etc/guix/acl is a dangling symlink.

One possible solution for an issue when /etc/guix/acl file exists, but points
to a non-existent location. This can for example happen if one is
reinitializing the system, and remove only /gnu/store and /var/guix, keep the
rest okay. This is a major advantage of guix as compared to other distros that
usually need you to reinitialize the whole root partition. But this will leave
the user with acl file pointing to non-existent location. The file-exists?
procedure will return #f for broken symbolic links.

I think that another reason one would get this issue is, if one was booted in
a live iso, chrooted, fixing their system. They would switch generations to
one with different acl file, delete other generations gc rooting the original
acl file and then gc. One could do this approach for example when recovering
from file corruptions in the store, to get rid of the unsubstitutable paths
that can't be repaired with guix gc --verify.

This fixes the issue by looking for type of a file through lstat, instead of
relying on file-exists?. If the symlink is a broken symlink, it is
removed. Other than that the old behavior is kept:
- If regular file, back it up
- If symlink pointing to the store, remove it
- If symlink not pointing to the store, back it up

* gnu/services/base.scm (substitute-key-authorization): Check if acl file is a
possibly-dangling symbolic link.

Change-Id: I2f8170606b2f4afeea48f04acfd738b04cafc7cf
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Modified-by: Ludovic Courtès <ludo@gnu.org>

environment: Restore action for SIGPIPE.

Code in `ui.scm' in `initialize-guix' procedure changes the handling of
SIGPIPE to SIG_IGN.  So restore the handling to SIG_DFL so that process
executed will have the usual action.  Technically we should record what the
handling was, and restore it to the previous value, but that would be much
more invasive change.

Always setting it to SIG_DFL is at least less surprising than always setting
to SIG_IGN.

* guix/scripts/environment.scm (launch-environment): Restore default action
for SIGPIPE.

Change-Id: Ifabae1d3e71aa44e63078cea5bd3824b8f61ba14
Signed-off-by: Ludovic Courtès <ludo@gnu.org>

transformations: Git source transformations honour RECURSIVE?.

* guix/transformations.scm (package-git-url+recursive?): New variable.
(package-git-url): Remove variable.
(evaluate-git-replacement-specs): Use package-git-url+recursive?.
(transform-package-source-branch, transform-package-source-commit, transform-package-source-git-url): Update
according to changes above.
* doc/guix.texi (Package Transformation Options): Update documentation.
* tests/transformations.scm: Update tests. Add tests for RECURSIVE?
inheritance with WITH-COMMIT and WITH-SOURCE.

Change-Id: Id6a5e6957a9955c8173b06b3e14f2986c6dfc4bc
Signed-off-by: Ludovic Courtès <ludo@gnu.org>

gnu: trealla: Update to 2.70.3.

* gnu/packages/prolog.scm (trealla): Update to 2.70.3.

Change-Id: Iea8a9a982833384233590fc5874940418cb64fa1