Fixes a bug whereby Hurd systems would find themselves including
‘%default-privileged-programs’ in addition to ‘%setuid-programs/hurd’.
* gnu/system/hurd.scm (%hurd-default-operating-system)[privileged-programs]:
New field.
Change-Id: I5b6a55a8df7e6af697d22166e9f483f6dd816e64
* gnu/system/privilege.scm (<privileged-program>): Add a field
representing the program's POSIX capabilities.
(privileged-program-capabilities): New public procedure.
* doc/guix.texi (Privileged Programs): Document it.
* gnu/build/activation.scm (activate-privileged-programs): Take a LIBCAP
package argument providing setcap(8) to apply said capabilities.
* gnu/services.scm (privileged-program->activation-gexp): Pass said
package argument where supported. Include privileged-program-capabilities
in the compatibility hack.
* gnu/system/setuid.scm (setuid-program): Rewrite as syntax to create a
<privileged-program> record that is setuid by default.
(setuid-program?, setuid-program-program, setuid-program-setuid?)
(setuid-program-setgid?, setuid-program-user, setuid-program-group):
Alias their privileged-program equivalent.
Add a mechanism to only require mounting a subset of file-system entries
during early Shepherd initialization. Any file-system with additional Shepherd
service requirements (e.g. networking) is not required to provision
'file-systems.
* gnu/services/base.scm (file-system-shepherd-service): Splice
file-system-requirements into the Shepherd service requirement list.
(file-system-shepherd-services): Provision 'file-system only when file system
services without additional Shepherd requirements are started.
* gnu/system/file-systems.scm (file-system): Add shepherd-requirements field
to the file-system record. This field is used for adding additional Shepherd
requirements to a file-system Shepherd service.
* doc/guix.texi: Add documentation for file-system shepherd-requirements.
Change-Id: If0392db03d48e8820aa53df1df482c12ec72e1a5
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
This brings the on disk size of the kernel from 164 MiB to 144 MiB, or about
12%.
* gnu/packages/linux.scm (default-extra-linux-options)
[version>=5.13]: Enable CONFIG_MODULE_COMPRESS_ZSTD, else
CONFIG_MODULE_COMPRESS_GZIP.
(make-linux-libre*) [phases] {set-environment}: Set ZSTD_CLEVEL environment
variable to 19.
[native-inputs]: Add zstd.
* gnu/build/linux-modules.scm (module-regex): Add .zst to regexp. Update doc.
(modinfo-section-contents): Extend support to Zstd compressed module.
(dot-ko): Register the 'zstd compression type.
(ensure-dot-ko, file-name->module-name, load-linux-module*)
(module-name->file-name/guess, write-module-name-database)
(write-module-alias-database, write-module-device-database): Update doc.
(module-name-lookup): Also consider zstd-compressed modules.
* gnu/installer.scm (installer-program): Add guile-zstd extension to gexp.
* gnu/system/linux-initrd.scm (flat-linux-module-directory): Likewise.
Decompress zstd-compressed modules for use in initrd.
* guix/profiles.scm (linux-module-database): Add guile-zstd extension to gexp.
Change-Id: Ide899dc5c58ea5033583b1a91a92c025fc8d901a
* gnu/system/image.scm: Switch Inversion logic, it allow we use customize
bootloader with gpt image.
Change-Id: I801327f6e826a37588b8f0f5246ca820e742f721
* gnu/system/file-systems.scm (%pseudo-file-system-types): Add "virtiofs"
to the list of pseudo file system types.
Change-Id: Ib1d99127e65f6543c592faec1c54bd0c5eae3ad7
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
This reduces the default set of locales from 92 MiB to 28 MiB.
* gnu/system/locale.scm (%default-locale-definitions): Reduce to 10
locales.
Change-Id: I3c092604301d69db591957bcfd62a062c3ac5ab0
The transition from glibc 2.33 to 2.35 was done in
c919bfefd9 (one year ago), so we can
assume that the backward-compatible locales are no longer needed by
default.
This removes 92 MiB from the system closure.
* gnu/system/locale.scm (%default-locale-libcs): Remove GLIBC-2.33.
Change-Id: I85948bbe6b2d424f9f158eeafdb5543688c66c6b
Fixes a regression introduced in
8f8ec56052, whereby passing a “fake”
kernel package would no longer work.
Fixes <https://issues.guix.gnu.org/70239>.
* gnu/system/linux-initrd.scm (flat-linux-module-directory)[build-exp]:
Gracefully handle lack of “modules.builtin” file.
Reported-by: Tomas Volf <~@wolfsden.cz>
Change-Id: I3acf48123b20f0b6a3b9cc0bf22f76cec3e64361
Suggested by Zheng Junjie <zhengjunjie@iscas.ac.cn>.
* gnu/system/vm.scm (system-qemu-image/shared-store-script)[qemu-exec]:
Wrap first element in ‘with-parameters’.
Change-Id: Iab9905aaa7e80bad0372c1ee7c3ea88a89564f8f
Use #$ allow cross-compile to with support current system kernel.
e.g. linux-libre-riscv64-generic.
* gnu/system/vm.scm(system-qemu-image/shared-store-script)
(linux-image-startup-command): use #$ for kernel-arguments.
Change-Id: I9d2e7df296ce590b95cd30996b33f8ca692ac1b1
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* gnu/system/linux-initrd.scm (flat-linux-module-directory)
[build-exp]<builtin-modules,modules-to-lookup>: New variables.
<modules>: Use ‘modules-to-lookup’ to avoid looking up builtin modules.
Change-Id: I60fdae0211bb6632508b1c63582e013e78186cd1
Ordinary .guix-profile is searched already. Also this makes desktop
environments find packages installed in Guix Home.
* gnu/system/shadow.scm (%default-bash-profile): Add Home search paths.
* gnu/system/vm.scm (<virtual-machine>)[cpu-count]: New field.
(virtual-machine-compiler): Honor it.
Change-Id: I907a89365f32ac7a9981c4ae5f59cf6eb199c3cc
Currently it's not possible to set `essential-services' when building
operating systems for containers, since `container-essential-services'
always uses the defaults.
It's possible to reference `essential-services' from the operating
system that's passed in, but since it's thunked, the operating system
needs to be defined in two passes to avoid an infinite loop.
* gnu/system/linux-container.scm (container-essential-services): Use
operating-system-essential-services instead of the defaults to allow
overriding the base services.
(containerized-operating-system): Update accordingly.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Change-Id: I81452487ef1ad01d3fa874c26d93a67d58ce6062
Without this change, trying to create a system image with efi-raw type while
using grub-efi-removable-bootloader fails with fairly confusing message:
EFI bootloader required with GPT partitioning
* gnu/system/image.scm (system-disk-image): Consider
grub-efi-removable-bootloader to be EFI bootloader.
Change-Id: I5f5e1a94e825fd29d6880c5bafb330e16a5ac962
The removed fields are already sourced in /etc/profile.
* gnu/system/shadow.scm (%default-zprofile): Sync with default zprofile
from (gnu home services shells).
Change-Id: I419eadf636344e23e8fd2f7006efa81f45527756
* gnu/system/shadow.scm (%deafult-skeleton-home-config): New variable.
(default-skeletons): Add it.
Change-Id: Ida4cca8b1b3674491a4f18d94bc1b12d426575ba
Requiring the user to input their password in order to unlock a device is not
always reasonable, so having an option to unlock the device using a key file
is a nice quality of life change.
* gnu/system/mapped-devices.scm (open-luks-device): Add #:key-file argument.
(luks-device-mapping-with-options): New procedure.
* doc/guix.texi (Mapped Devices): Describe the new procedure.
Change-Id: I1de4e045f8c2c11f9a94f1656e839c785b0c11c4
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
This is Ludo's suggestion at <https://issues.guix.gnu.org/36069#26>,
with an added guard against duplicates and a tweaked comment.
* gnu/system/vm.scm (virtualized-operating-system): Add "cirrus" to the
list of INITRD-MODULES.
Co-authored-by: Ludovic Courtès <ludo@gnu.org>
Change-Id: I1a86286586eee0b8c39706544778c7911a86da33
