installer: Drop uri from provenance log.
To synchronize the artifacts made from Cuirass, pre-inst-env
and time-machine, drop the url from provenance sexp.
* gnu/installer.scm (provenance-sexp): Drop url.
Change-Id: Ibe2515abdc92853ce06c0381dd03cc61b2077335
Signed-off-by: Rutherther <rutherther@ditigal.xyz>
system: install: Remove current-guix url override.
Prefer parameterization of current-guix in release artifacts
generation.
* gnu/system/install.scm (%installation-service): Use (current-guix)
directly in guix service configuration.
Change-Id: Ifa363465e6a4f6936d0e51eaf1b33872519e2b0a
Signed-off-by: Rutherther <rutherther@ditigal.xyz>
vm-image.tmpl: Remove current-guix url override.
This simplifies things thanks to the release artifacts now, they have been
rewritten to Guile and can now supply current-guix-package as a parameter, as
was intended. That way the checkout is not leaked for the release artifacts.
* gnu/system/examples/vm-image.tmpl
(guix-package-commit): Remove variable.
(operating-system): Use (current-guix) directly.
* gnu/system/examples/vm-image-efi.tmpl: Likewise.
Change-Id: Iabf1bb5bbb86b9984bfb87ba0543782a6dce3192
Signed-off-by: Rutherther <rutherther@ditigal.xyz>
image: system-iso9660-image: Propagate image-name to derivation name.
* gnu/system/image.scm (system-iso9660-image): Use name from image-name
instead of hardcoded image.iso.
Change-Id: I3cea3857729c2eb7d6728f650db7fb33cf4c8c8a
Signed-off-by: Rutherther <rutherther@ditigal.xyz>
Split release Makefile target to two.
Due to recent changes, the commit has to be published
to create the artifacts. Because of that, split the
target to two.
* Makefile.am
(release): Move first steps to prepare-release
(prepare-release): New target; Beginning of release.
Change-Id: I325c6dc36f7298482de7797c1e01fdaa70ef80c5
Signed-off-by: Rutherther <rutherther@ditigal.xyz>
linux-initrd: Support more virtio modules in initrd.
Adds mmio and scsi modules for virtio. scsi one is needed for using
virtio-scsi-pci, that can be a common option on aarch64, where only two
options pop up for mounting disks:
- virtio-scsi-pci
- virtio-blk
While virtio-blk should generally be preferred, sometimes virtio-scsi-pci pops
up first on the internet, so people can use it.
virtio-mmio is a necessity on Aarch64 for virtio-blk to work.
* gnu/system/linux-initrd.scm (default-initrd-modules): Add virtio_mmio and
virito_scsi.
Change-Id: Ia8fabb5594893ef1712359d27d482d9f44dc89c0
Signed-off-by: Rutherther <rutherther@ditigal.xyz>
system: vm-image-efi.tmpl: Add example efi vm image.
This is a copy of vm-image.tmpl, but with
efi bootloader. Since user ends up with this
config in their /run/current-user/configuration.scm
and the regular way to continue is to copy
that file and reconfigure off of it, it seems
better to just keep distinct configuration.
Moreover xf86-video-intel is removed,
because it doesn't compile on aarch64.
* gnu/system/examples/vm-image-efi.tmpl
Change-Id: I0f72ac5a775339ee84cb1a4046ca5a8deca0e2ea
Signed-off-by: Rutherther <rutherther@ditigal.xyz>
services: xorg: Return only supported packages in %default-xorg-modules.
The xorg modules are used inside of services that's thunked. So we can
make them depend on the %current-system.
* gnu/services/xorg.scm
(default-xorg-modules): New variable.
(%default-xorg-modules): Return result of (default-xorg-modules).
Change-Id: I10f722e52d598ce3e83ef3f200b3bd953bc08e17
Signed-off-by: Rutherther <rutherther@ditigal.xyz>
gnu: make-iso9660-image: Do not compress any kernel, compress man pages.
Because the linux image is called differently based on the architectures,
see system-linu/-image-file-name from gnu/system.scm, the kernel image
on aarch64, mips and armhf has still been compressed. This means that
grub cannot boot.
Man pages have moved from gz to zst, so compress them as well.
* gnu/build/image.scm (make-iso9660-image): Do not compress Image, vmlinuz and
zImage; Compress all man pages.
Change-Id: I68b35f383c84ff231865d580aa9e79d9fd88ace1
Signed-off-by: Rutherther <rutherther@ditigal.xyz>
system: installation-os: Support efi-only.
Aarch64 doesn't support grub-pc, so we cannot
use the regular grub-bootloader, grub-efi-bootloader
has to be used.
Since neither packages nor bootloader are thunked,
there seems to be no other choice than using something
from the outside environment, such as an environment
variable to decide what bootloader to use.
For convenience, a procedure is made to be used from
other Guile code, instead of relying on environment
variables.
* gnu/system/install.scm
(make-installation-os): New variable; Use grub-efi-bootloader when
efi-only? is #t; Use bootloader package in packages instead of grub-pc.
(installation-os): Replace with call of make-installation-os with default
arguments.
Change-Id: I34ec8da6079617f39805b3e1168bad4a42d84cab
Signed-off-by: Rutherther <rutherther@ditigal.xyz>
image: Add /boot/efi filesystem if operating-system specifies it.
Instead of forgetting about the /boot/efi system completely, re-add it
with proper label. This way lightweight.tmpl, desktop.tmpl still
boot when supplied to guix system image. That was the reason for
removing /boot/efi file-system in the first place. Removing it however
means the target system cannot be reconfigured by default, as the
esp is not mounted.
* gnu/system/image.scm
(partition-has-flag?): New variable.
(root-partition?): Use it.
(find-partition-with-flag): New variable.
(find-root-partition): Use it.
(find-esp-partition): New variable.
(operating-system-for-image): Add /boot/efi file-system with proper
label instead of removing it completely.
Change-Id: I3ef2120059d8bbf76170d10ae718cb0de637f453
Signed-off-by: Rutherther <rutherther@ditigal.xyz>
image: Add qcow2-gpt image type.
qcow2 is a mbr-hybrid image. But on aarch64, we
have to use grub-efi bootloader. For that bootloader,
gpt should be used and Guix errors if it isn't (due to
failed check in Guix code). So it's impossible to generate
qcow2 type aarch64 image without using customized bootloader.
One would have to define their own image instead of using
the ones pre-defined.
* gnu/system/system.scm (qcow2-gpt-image-type): New variable.
* doc/guix.texi: Document qcow2-gpt and its use.
Change-Id: I93f0880c7ca2d3f934067c12dd1143ad20828333
Signed-off-by: Rutherther <rutherther@ditigal.xyz>
image: operating-system-for-image: Support AArch64 iso.
Let the user decide for grub/grub-efi in cases where
grub-hybrid is unsupported. This is the case on
aarch64, where grub-pc is not supported, so only
grub-efi can be used.
* gnu/system/image.scm (operating-system-for-image):
Do not replace bootloader with grub-mkrescue-bootloader
for iso9660 when grub-hybrid is not supported.
Change-Id: Icd2b68155935b1d9599c1b0df22f0c80a2e36d6a
Signed-off-by: Rutherther <rutherther@ditigal.xyz>
guix-install.sh: Do not set GUILE_LOAD_PATH in zzz-guix.sh.
Channels from the load path will shadow channels used through time-machine or
used through any other guix than the one in ~/.config/guix/current. This is
true for all channels that are in ~/.config/guix/current except guix. On Guix
System, /run/current-system/profile/share/guile/site/3.0 is usually in
GUILE_LOAD_PATH that typically has only Guix, so no shadowing happens in most
cases.
For using Geiser and other sw, it's possible to configure them to use "guix
repl" that's intended for this use case. This is then makes the guix being
used explicit.
It is expected that this is only a temporary solution. After a proper
solutions is found, it will be reverted.
Workaround #4819.
Reverts: 78390634d76c0c75c6e93742fa7caec965194641.
Change-Id: I36b921a758618f382af9097003415f902b27c44b
Signed-off-by: Rutherther <rutherther@ditigal.xyz>
guix-install.sh: Install AppArmor profile.
* etc/guix-install.sh (sys_maybe_setup_apparmor): New function.
(main_install): Call it.
(sys_delete_apparmor_profiles): New function.
(main_uninstall): Call it.
Fixes #4210.
Fixes <https://issues.guix.gnu.org/71226>.
Change-Id: Ice4bf4d91a1ae438fc5654dec327f53ae9a7b888
Signed-off-by: Rutherther <rutherther@ditigal.xyz>
self: Install AppArmor profile.
* guix/self.scm (apparmor-tunables): New procedure.
(miscellaneous-files): Add etc/apparmor.d/{guix,guix-daemon,tunables/guix}.
Change-Id: I8952ef4097924d62432775cc39d38098785fdcdf
Signed-off-by: Rutherther <rutherther@ditigal.xyz>
etc: Add AppArmor profile for the guix command.
* etc/apparmor.d/guix: New file.
* Makefile.am (nodist_apparmor_profile_DATA): Add it.
Change-Id: I3d61238203d7663ce582717f8e4eac4c6f679928
Signed-off-by: Rutherther <rutherther@ditigal.xyz>
etc: Add AppArmor profile for the daemon.
* .gitignore: Add etc/apparmor.d/tunables/guix.
* Makefile.am (nodist_apparmor_profile_DATA)
(nodist_apparmor_profile_tunables_DATA): Define it.
* configure.ac: Generate etc/apparmor.d/tunables/guix. Add
--with-apparmor-profile-dir option.
* etc/apparmor.d/guix-daemon: New file.
* etc/apparmor.d/tunables/guix.in: New file.
* doc/guix.texi: Document AppArmor profiles.
* gnu/packages/package-management.scm (guix): Add future changes commented.
Change-Id: Iac7df9d642383cc46a2d450c3badef31199ab041
Signed-off-by: Rutherther <rutherther@ditigal.xyz>
guix-daemon.service.in: Make service restartable.
Currently the service cannot be restarted, because the gnu store mount makes
it read-only. So fix this by removing the mount when starting the service.
"-" to accept failures, in case the command doesn't finish successfully,
chances are, the store can be mounted as RW, so continue.
"+" to run as root
Fixes: #4744
* etc/guix-daemon.service.in
(Service)<ExecStartPre>: Stop gnu-store.mount
(Service)<ExecStartPost>: Start gnu-store.mount
Change-Id: I296f5d8805497f8a7364b68d627eb6d4fc05dbff
gnu: pius: Update to 3.0.0-0.5f7c10b.
* gnu/packages/gnupg.scm (pius)[source]: Switch to git-fetch.
[build-system]: Switch to pyproject-build-system.
[arguments]<#:check>: Execute project test script.
[native-inputs]: Add python-setuptools.
[home-page]: Update url.
Change-Id: I8d1228789cde2de4dda67a07f9859bb47e510608
Signed-off-by: Cayetano Santos <csantosb@inventati.org>
Modified-by: Cayetano Santos <csantosb@inventati.org>