services: xorg: Return only supported packages in %default-xorg-modules.
The xorg modules are used inside of services that's thunked. So we can
make them depend on the %current-system.
* gnu/services/xorg.scm
(default-xorg-modules): New variable.
(%default-xorg-modules): Return result of (default-xorg-modules).
Change-Id: I10f722e52d598ce3e83ef3f200b3bd953bc08e17
Signed-off-by: Rutherther <rutherther@ditigal.xyz>
gnu: make-iso9660-image: Do not compress any kernel, compress man pages.
Because the linux image is called differently based on the architectures,
see system-linu/-image-file-name from gnu/system.scm, the kernel image
on aarch64, mips and armhf has still been compressed. This means that
grub cannot boot.
Man pages have moved from gz to zst, so compress them as well.
* gnu/build/image.scm (make-iso9660-image): Do not compress Image, vmlinuz and
zImage; Compress all man pages.
Change-Id: I68b35f383c84ff231865d580aa9e79d9fd88ace1
Signed-off-by: Rutherther <rutherther@ditigal.xyz>
system: installation-os: Support efi-only.
Aarch64 doesn't support grub-pc, so we cannot
use the regular grub-bootloader, grub-efi-bootloader
has to be used.
Since neither packages nor bootloader are thunked,
there seems to be no other choice than using something
from the outside environment, such as an environment
variable to decide what bootloader to use.
For convenience, a procedure is made to be used from
other Guile code, instead of relying on environment
variables.
* gnu/system/install.scm
(make-installation-os): New variable; Use grub-efi-bootloader when
efi-only? is #t; Use bootloader package in packages instead of grub-pc.
(installation-os): Replace with call of make-installation-os with default
arguments.
Change-Id: I34ec8da6079617f39805b3e1168bad4a42d84cab
Signed-off-by: Rutherther <rutherther@ditigal.xyz>
image: Add /boot/efi filesystem if operating-system specifies it.
Instead of forgetting about the /boot/efi system completely, re-add it
with proper label. This way lightweight.tmpl, desktop.tmpl still
boot when supplied to guix system image. That was the reason for
removing /boot/efi file-system in the first place. Removing it however
means the target system cannot be reconfigured by default, as the
esp is not mounted.
* gnu/system/image.scm
(partition-has-flag?): New variable.
(root-partition?): Use it.
(find-partition-with-flag): New variable.
(find-root-partition): Use it.
(find-esp-partition): New variable.
(operating-system-for-image): Add /boot/efi file-system with proper
label instead of removing it completely.
Change-Id: I3ef2120059d8bbf76170d10ae718cb0de637f453
Signed-off-by: Rutherther <rutherther@ditigal.xyz>
image: Add qcow2-gpt image type.
qcow2 is a mbr-hybrid image. But on aarch64, we
have to use grub-efi bootloader. For that bootloader,
gpt should be used and Guix errors if it isn't (due to
failed check in Guix code). So it's impossible to generate
qcow2 type aarch64 image without using customized bootloader.
One would have to define their own image instead of using
the ones pre-defined.
* gnu/system/system.scm (qcow2-gpt-image-type): New variable.
* doc/guix.texi: Document qcow2-gpt and its use.
Change-Id: I93f0880c7ca2d3f934067c12dd1143ad20828333
Signed-off-by: Rutherther <rutherther@ditigal.xyz>
image: operating-system-for-image: Support AArch64 iso.
Let the user decide for grub/grub-efi in cases where
grub-hybrid is unsupported. This is the case on
aarch64, where grub-pc is not supported, so only
grub-efi can be used.
* gnu/system/image.scm (operating-system-for-image):
Do not replace bootloader with grub-mkrescue-bootloader
for iso9660 when grub-hybrid is not supported.
Change-Id: Icd2b68155935b1d9599c1b0df22f0c80a2e36d6a
Signed-off-by: Rutherther <rutherther@ditigal.xyz>
guix-install.sh: Do not set GUILE_LOAD_PATH in zzz-guix.sh.
Channels from the load path will shadow channels used through time-machine or
used through any other guix than the one in ~/.config/guix/current. This is
true for all channels that are in ~/.config/guix/current except guix. On Guix
System, /run/current-system/profile/share/guile/site/3.0 is usually in
GUILE_LOAD_PATH that typically has only Guix, so no shadowing happens in most
cases.
For using Geiser and other sw, it's possible to configure them to use "guix
repl" that's intended for this use case. This is then makes the guix being
used explicit.
It is expected that this is only a temporary solution. After a proper
solutions is found, it will be reverted.
Workaround #4819.
Reverts: 78390634d76c0c75c6e93742fa7caec965194641.
Change-Id: I36b921a758618f382af9097003415f902b27c44b
Signed-off-by: Rutherther <rutherther@ditigal.xyz>
guix-install.sh: Install AppArmor profile.
* etc/guix-install.sh (sys_maybe_setup_apparmor): New function.
(main_install): Call it.
(sys_delete_apparmor_profiles): New function.
(main_uninstall): Call it.
Fixes #4210.
Fixes <https://issues.guix.gnu.org/71226>.
Change-Id: Ice4bf4d91a1ae438fc5654dec327f53ae9a7b888
Signed-off-by: Rutherther <rutherther@ditigal.xyz>
self: Install AppArmor profile.
* guix/self.scm (apparmor-tunables): New procedure.
(miscellaneous-files): Add etc/apparmor.d/{guix,guix-daemon,tunables/guix}.
Change-Id: I8952ef4097924d62432775cc39d38098785fdcdf
Signed-off-by: Rutherther <rutherther@ditigal.xyz>
etc: Add AppArmor profile for the guix command.
* etc/apparmor.d/guix: New file.
* Makefile.am (nodist_apparmor_profile_DATA): Add it.
Change-Id: I3d61238203d7663ce582717f8e4eac4c6f679928
Signed-off-by: Rutherther <rutherther@ditigal.xyz>
etc: Add AppArmor profile for the daemon.
* .gitignore: Add etc/apparmor.d/tunables/guix.
* Makefile.am (nodist_apparmor_profile_DATA)
(nodist_apparmor_profile_tunables_DATA): Define it.
* configure.ac: Generate etc/apparmor.d/tunables/guix. Add
--with-apparmor-profile-dir option.
* etc/apparmor.d/guix-daemon: New file.
* etc/apparmor.d/tunables/guix.in: New file.
* doc/guix.texi: Document AppArmor profiles.
* gnu/packages/package-management.scm (guix): Add future changes commented.
Change-Id: Iac7df9d642383cc46a2d450c3badef31199ab041
Signed-off-by: Rutherther <rutherther@ditigal.xyz>
guix-daemon.service.in: Make service restartable.
Currently the service cannot be restarted, because the gnu store mount makes
it read-only. So fix this by removing the mount when starting the service.
"-" to accept failures, in case the command doesn't finish successfully,
chances are, the store can be mounted as RW, so continue.
"+" to run as root
Fixes: #4744
* etc/guix-daemon.service.in
(Service)<ExecStartPre>: Stop gnu-store.mount
(Service)<ExecStartPost>: Start gnu-store.mount
Change-Id: I296f5d8805497f8a7364b68d627eb6d4fc05dbff
gnu: pius: Update to 3.0.0-0.5f7c10b.
* gnu/packages/gnupg.scm (pius)[source]: Switch to git-fetch.
[build-system]: Switch to pyproject-build-system.
[arguments]<#:check>: Execute project test script.
[native-inputs]: Add python-setuptools.
[home-page]: Update url.
Change-Id: I8d1228789cde2de4dda67a07f9859bb47e510608
Signed-off-by: Cayetano Santos <csantosb@inventati.org>
Modified-by: Cayetano Santos <csantosb@inventati.org>
gnu: Add hare-mcron.
* gnu/packages/hare-apps.scm (hare-mcron): New variable.
Change-Id: I324f5711cf359ac996111f6adcb71db5ff68dda5
gnu: trealla: Update to 2.88.1.
* gnu/packages/prolog.scm (trealla): Update to 2.88.1.
Change-Id: I8770e77950a53ef0284fe50248bed5fab01d70a0
services: Modernize redis service.
* gnu/services/databases.scm
(redis-configuration): Rewrite using `define-configuration'.
(redis-shepherd-service): Honor it.
* doc/guix.texi (Database Services) <redis>: Regenerate
documentation.
Change-Id: I5b99822ca3d8d23fb5133497d00eada0336d0c65
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Merges: #2158
gnu: shepherd@1.0: Don't inherit package arguments.
Followup to e1038aee6da92263f0c3d2fdb91d46ee5b63d2ec.
Previously when cross compiling the fibers directory was reset to fibers 1.3
because evaluating the arguments of shepherd@0.10 with '(package-arguments
shepherd-0.10)' kept the reference to the fibers input of shepherd@0.10.
Work around this by not using 'substitute-keyword-arguments' and replacing
'this-package-input' with 'search-input-file'.
* gnu/packages/admin.scm (shepherd-1.0)[arguments]:
Replace 'substitute-keyword-arguments' with explicit arguments.
Use search-input-file in 'set-fibers-directory phase to search for the cross fibers.
Change-Id: Ia1061d8cea531569385f4a0136cfd22f27ce5a0e
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Merges: #4672
archive: Make /etc/guix/signing-key.* readable by ‘guix-daemon’.
The manual suggests running ‘guix archive --generate-key’ as root, but that
would lead to root-owned /etc/guix/signing-key.{pub,sec}, with the secret key
unreadable by the unprivileged guix-daemon. This fixes it.
Reported in guix/guix#4844.
* guix/scripts/archive.scm (generate-key-pair)[ensure-daemon-ownership]: New
procedure.
Use it for ‘%public-key-file’, ‘%private-key-file’, and their parent
directory.
Reported-by: Rutherther <rutherther@ditigal.xyz>
Change-Id: I7ae980bfd40078fb7ef27a193217b15f366d5d50
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Merges: #4958
authenticate: Report failure to load keys to the daemon.
Previously, when failing to load a signing key, ‘guix authenticate’ would
print a backtrace and exit with a non-zero code. That, in turn, would lead
the guix-daemon child process to crash with:
nix/libutil/serialise.cc:15: virtual nix::BufferedSink::~BufferedSink(): Assertion `!bufPos' failed.
This patch fixes it by reporting the error to the daemon as was intended.
* guix/scripts/authenticate.scm (guix-authenticate): Arrange to call
‘load-key-pair’ from within ‘with-reply’.
* tests/guix-authenticate.sh: Test it.
Fixes: guix/guix#4928
Reported-by: Rutherther <rutherther@ditigal.xyz>
Change-Id: I8654ad6fdfbe18c55e1e85647d0c49f408d0574a
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Merges: #4961
authenticate: Improve error replies.
* guix/scripts/authenticate.scm (guix-authenticate)[send-reply]: Wrap guard in
‘with-fluids’. Call ‘string-trim-right’ on the message string of ‘c’.
Change-Id: I6ab5f645f2dc9d6f53bb57eabb4de1df8212892f
Signed-off-by: Ludovic Courtès <ludo@gnu.org>