* gnu/system/vm.scm (system-docker-image): New procedure.
* guix/scripts/system.scm (system-derivation-for-action): Add a case for
docker-image, and in that case, call system-docker-image.
(show-help): Document docker-image.
(guix-system): Parse arguments for docker-image.
* doc/guix.texi (Invoking guix system): Document "guix system
docker-image".
* gnu/system/examples/docker-image.tmpl: New file.
* guix/scripts/pack.scm (bootstrap-xz): New variable.
(%options) <--bootstrap>: New option.
(show-help): Document the new --bootstrap option.
(guix-pack): When --bootstrap is specified, use the bootstrap Guile,
tar, and xz to build the pack, and do not use any profile hooks or
locales.
* doc/guix.texi (Invoking guix pull): Document the new --bootstrap
option.
* tests/guix-pack.sh: New file.
* Makefile.am (SH_TESTS): Add guix-pack.sh.
* gnu/packages/package-management.scm (guix) <inputs>: Add util-linux.
* doc/guix.texi (Base Services): Add realtime and jackd indices to the
`pam-limits-service' service, as the examples shows how they can be
configured.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* gnu/packages/ntp.scm (openntpd)[arguments]: Add 'configure-flags to
set openntpd daemon's user and localstatedir. Add a custom phase to not
try to create said directory at install time.
* gnu/services/networking.scm (<openntpd-configuration>): New record type.
(openntpd-shepherd-service, openntpd-service-activation): New procedures.
(openntpd-service-type): New variable.
* doc/guix.texi (Networking Services): Add openntpd documentation.
* doc/guix.texi (Messaging Services): Update accordingly.
* gnu/services/configuration.scm (serialize-configuration,
serialize-maybe-stem, serialize-package): Return strings or string-valued
gexps (these procedures were only used for their side-effects).
* gnu/services/messaging.scm (serialize-field, serialize-field-list,
enclose-quotes, serialize-raw-content, serialize-ssl-configuration,
serialize-virtualhost-configuration-list,
serialize-int-component-configuration-list,
serialize-ext-component-configuration-list,
serialize-virtualhost-configuration, serialize-int-component-configuration,
serialize-ext-component-configuration, serialize-prosody-configuration):
Return strings or string-valued gexps and stop printing.
(prosody-activation): Use SERIALIZE-PROSODY-CONFIGURATION's return value with
MIXED-TEXT-FILE instead of using its output with PLAIN-FILE.
(serialize-non-negative-integer, serialize-non-negative-integer-list): Convert
numbers to strings.
(file-object?, serialize-file-object, file-object-list?,
serialize-file-object-list): New procedures.
(ssl-configuration)[capath, cafile], (prosody-configuration)[plugin-paths,
groups-file]: Replace FILE-NAME with FILE-OBJECT.
* guix/gexp.scm (file-like?): New exported procedure.
Fixes a regression in installation tests, whereby 'guix system init'
would report that virtio modules are missing for the target devices.
In practice virtio modules were always available since 'base-initrd' was
always called with #:virtio? #t. This commit simply moves them to
'%base-initrd-modules' so that 'guix system' knows they're available.
Reported by Danny Milosavljevic <dannym@scratchpost.org> at
<https://debbugs.gnu.org/cgi/bugreport.cgi?bug=30629#112>.
* gnu/system/linux-initrd.scm (default-initrd-modules): Add virtio
modules.
(base-initrd): Remove #:virtio? and 'virtio-modules'.
* gnu/system/vm.scm (expression->derivation-in-linux-vm)
(system-qemu-image, virtualized-operating-system): Remove uses of
#:virtio?.
* doc/guix.texi (Initial RAM Disk): Update 'base-initrd' doc.
* gnu/system.scm (<operating-system>)[initrd-modules]: New field.
(operating-system-initrd-file): Pass #:linux-modules to 'make-initrd'.
* gnu/system/linux-initrd.scm (default-initrd-modules): New procedure.
(%base-initrd-modules): New macro.
(base-initrd): Add #:linux-modules and honor it.
* gnu/system/install.scm (embedded-installation-os): Use
'initrd-modules' instead of 'initrd'.
* gnu/tests/install.scm (%raid-root-os): Likewise.
* doc/guix.texi (operating-system Reference): Add 'initrd-modules'.
(Initial RAM Disk): Document it. Adjust example to not use
#:extra-modules.
This change allows overriding the home directory of all filesystem mappings to
help hide the identity of the calling user in a container.
* doc/guix.texi (Invoking guix environment)[--container]: Mention --user.
[--user]: Add item.
* guix/scripts/environment.scm (show-help): Add --user.
(%options): Add --user.
(launch-environment/container) Add 'user' parameter. Update doc. Override
'user-mappings' using 'override-user-mappings'. Consider override for chdir.
(mock-passwd, user-override-home, overrid-euser-dir): New procedures.
(guix-environment): Disallow --user without --container. Provide user to
'launch-environment/container'.
* tests/guix-environment.sh: Add user test.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
This change is motivated by attempts to run programs (like GNU IceCat) within
containers. The 'fontconfig' program, for example, is configured explicitly
to check ~/.guix-profile for additional fonts.
There were no existing container tests in 'tests/guix-environment.sh', but I
added one anyway for this change.
* doc/guix.texi (Invoking guix environment): Add '--link-profile'.
* guix/scripts/environment.scm (show-help): Add '--link-profile'.
(%options): Add 'link-profile' as '#\P', assigned to 'link-profile?'.
(link-environment): New procedure.
(launch-environment/container): Use it when 'link-profile?'.
[link-profile?]: New parameter.
(guix-environment): Leave when '--link-prof' but not '--container'. Add
'#:link-profile?' argument to 'launch-environment/container' application.
* tests/guix-environment-container.sh: New '--link-profile' test.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* doc/guix.texi (Certificate Services): Document <certificate-configuration>,
the change from domains to certificates and the fact that their path is now
derived from their name.
* gnu/services/certbot.scm (<certificate-configuration>): Add and export it.
(certbot-configuration, certbot-command, certbot-activation,
certbot-nginx-server-configurations, certbot-service-type): Replace 'domains'
with 'certificates'.
(certbot-nginx-server-configurations): Use only one nginx-server-configuration
and use all certificate domains as the server-name.
* gnu/services/xorg.scm (slim-shepherd-service): Use SESSREG to register X11
session.
* doc/guix.texi (slim-configuration): Document new field "sessreg".
Partitions can have their own labels and UUIDs (e.g. under GPT) that are
unrelated to those of the contained file system. Confusing the two ends
poorly.
* doc/guix.scm (File Systems, Proceeding with the Installation)
(Using the Configuration System, Initial RAM Disk): Substitute `file
system' for `partition' when talking about labels and UUIDs.
The text refers to a snippet which has since been removed, but a
suitable replacement is near. Use it.
* doc/guix.texi (Using the Configuration System): Substitute bind for
tcpdump.
Suggested by Danny Milosavljevic <dannym@scratchpost.org>.
* doc/guix.texi (Printing Services): Mention how to add support for
Epson printers to CUPS via escpr in the configuration example.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
This simplifies OS configuration: users no longer need to be aware of
what a given service depends on.
See the discussion at
<https://lists.gnu.org/archive/html/guix-devel/2018-01/msg00114.html>.
* gnu/services.scm (missing-target-error): New procedure.
(service-back-edges): Use it.
(instantiate-missing-services): New procedure.
* gnu/system.scm (operating-system-services): Call
'instantiate-missing-services'.
* tests/services.scm ("instantiate-missing-services")
("instantiate-missing-services, no default value"): New tests.
* gnu/services/version-control.scm (cgit-service-type)[extensions]: Add
FCGIWRAP-SERVICE-TYPE.
* gnu/tests/version-control.scm (%cgit-os): Remove NGINX-SERVICE-TYPE
and FCGIWRAP-SERVICE-TYPE instances.
* doc/guix.texi (Log Rotation): Remove 'mcron-service-type' in example.
(Miscellaneous Services): Remove 'nginx-service-type' and
'fcgiwrap-service-type' in Cgit example.
* gnu/services/desktop.scm (<mate-desktop-configuration>,
mate-desktop-service-type): New variable.
(mate-desktop-service): New public variable.
* doc/guix.texi (Desktop Services): Document the service.
Signed-off-by: Danny Milosavljevic <dannym@scratchpost.org>
* guix/scripts/build.scm (numeric-extension?, tarball-base-name): New
procedures, formerly in 'package-with-source'.
(transform-package-source)[new-sources]: Look for '=' in URI. Each
element of the list of now a (PKG VERSION SOURCE) tuple.
Pass VERSION to 'package-with-source'.
(package-with-source): Add 'version' parameter and honor it.
* tests/scripts-build.scm ("options->transformation, with-source, PKG=URI")
("options->transformation, with-source, PKG@VER=URI"): New tests.
* doc/guix.texi (Package Transformation Options): Document the new
forms.
* gnu/services/base.scm (urandom-seed-service-type)[default-value]: New
field.
(urandom-seed-service): Mark as deprecated.
(%base-services): Use URANDOM-SEED-SERVICE-TYPE directly.
* gnu/services/base.scm (%base-services):
* doc/guix.texi (Base Services): Document 'urandom-seed-service-type'
instead of 'urandom-seed-service'.
* gnu/services/base.scm (urandom-seed-shepherd-service): Try to read from
'/dev/hwrng' at boot, as a supplement to any saved random seed.
* doc/guix.texi (Base Services): Document the new feature.
* guix/scripts/offload.scm (check-machine-status): New procedure.
(guix-offload): Call it when the argument is "status".
* doc/guix.texi (Daemon Offload Setup): Document it.
* guix/scripts/system.scm (show-help): Add expression option.
(%options): Ditto.
(guix-system): Allow commands taking a file as an argument to use an
expression instead.
(process-action): Read operating-system from expression or file.
* doc/guix.texi (Invoking guix system): Introduce the expression option.
The nginx service can fail to start if the server names hash bucket size is
too small, which can happen on some systems, and when using QEMU, depending on
the CPU.
* gnu/services/web.scm (<nginx-configuration>): Add
server-names-hash-bucket-size and server-names-hash-bucket-max-size.
(default-nginx-config): Add support for the new hash bucket size parameters.
(nginx-service, nginx-activation): Pass the new hash bucket size parameters
through to the default-nginx-config procedure.
* doc/guix.texi (Web Services): Document the new hash bucket size parameters.
If nginx is configured with a ssl-certificate file, and ssl-certificate-key,
it will fail to start unless these exist. To avoid this happening, change the
default to #f.
* gnu/services/web.scm (<nginx-server-configuration>)
[ssl-certificate,ssl-certificate-key]: Set the defaults to #f.
* gnu/tests/web.scm (%nginx-servers): Remove redundant
nginx-server-configuration fields.
* doc/guix.texi (Web Services): Update examples and documentation.
In commit ee17a9e06e, the helpers git-version
and git-file-name removed the need to build version and file name strings
manually for packages that use VCS snapshots.
doc/guix.texi (Version Numbers): Use git-version and git-file-name.
This avoids repeated deprecation messages, particularly while running
'guix system build' or similar.
* guix/gexp.scm (gexp->derivation): Add #:deprecation-warnings. Pass it
to 'compiled-modules'.
(compiled-modules): Add #:deprecation-warnings and honor it.
* doc/guix.texi (G-Expressions): Update 'gexp->derivation'
documentation.
* guix/packages.scm (patch-and-repack): Pass #:deprecation-warnings #t.
* doc/guix.texi (Version Control Services): Add documentation on the HTTP
backend for git.
* gnu/services/version-control.scm (<git-http-configuration>): New data type.
(git-http-nginx-location-configuration): New helper function.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* gnu/services/xorg.scm (xinitrc)[builder](system-profile)
(user-profile): New variables.
(xsession-command, find-session): New procedures.
When FALLBACK-SESSION is #f, find a valid session at run time.
* doc/guix.texi (X Window): Adjust accordingly, and insist that one
or more window managers must be installed.
* gnu/services/xorg.scm (<slim-configuration>): Provide default values
for all fields.
(slim-service-type)[default-value]: New field.
* doc/guix.texi (X Window): Remove 'slim-service' documentation.
Document 'slim-service-type' and 'slim-configuration'.
* gnu/services/desktop.scm (%desktop-services): Use 'slim-service-type'.
* gnu/services/xorg.scm (%default-xorg-fonts): New variable.
(xorg-configuration-file): Add #:modules and #:fonts. Rewrite to return
a 'computed-file' that honors MODULES and FONTS.
(xorg-wrapper): Pass #:modules to 'xorg-configuration-file'.
(xorg-start-command): Add #:fonts. Pass #:fonts and #:modules to
'xorg-configuration-file'.
* doc/guix.texi (X Window): Adjust documentation of 'xorg-start-command'
and 'xorg-configuration-file'.
* doc/guix.texi (Messaging Services): Regenerate it.
* gnu/services/configuration.scm (show-default?): Check VAL rather than DEFAULT.
* gnu/services/messaging.scm (show-default?): Check VAL rather than DEFAULT.
(prosody-configuration)[modules-enabled]: Remove default value from docstring.
* doc/guix.texi (Messaging Services): Add "mam" as a module example. Document
'prosodyctl check'. Replace 'prosodyctl cert request' with 'prosodyctl cert
import'. Regenerate it.
* gnu/services/messaging.scm (serialize-module-list): Remove "posix" from the
default modules list because it is now automatically loaded.
(ssl-configuration)[key, certificate]: Remove them because they are now
automatically located. Fix their docstrings.
(%default-modules-enabled): Add "carbons" and "blocklist".
(prosody-configuration)[certificates]: Set default directory from which
certificates/keys will be automatically located.
* doc/guix.texi (Substitutes): Move information into sections, and create one
new subsection regarding substitution failure.
(Top): In the detailed listing, add entries for the new subsections.
(Official Substitute Server): Move info about hydra here. Add information
that explains when substitutes are enabled by default.
(Substitute Server Authorization): Move information about how to enable or
disable substitutes here.
(Substitute Authentication): Move information about how Guix authenticates
substitutes here.
(Proxy Settings): Move information about how to download substitutes via
proxy here.
(Substitution Failure): New section. Add information about how Guix handles
substitution failure. Be extra clear about behavior concerning --fallback.
(On Trusting Binaries): Move information about trusting binaries here.
(Invoking guix-daemon): Remove an incorrect statement about when substitutes
are enabled by default.
(Common Build Options): Add cross-references for the --fallback option.
Co-authored-by: George Clemmer <myglc2@gmail.com>
This is a followup to b8f59cdc20e9d83ce63523ef917e95fcee07f134:
'list-runtime-roots' no longer depends on 'lsof'.
* gnu/services/base.scm (<guix-configuration>)[lsof]: Remove.
(guix-shepherd-service): Adjust accordingly.
* doc/guix.texi (Base Services): Adjust accordingly.
* gnu/system.scm (%base-packages): Remove LSOF.
* guix/scripts/challenge.scm (summarize-report-list): New procedure.
(guix-challenge): Use it.
* doc/guix.texi (Invoking guix challenge): Adjust command output in
example.
This function allows passing a file-like object to the udev service.
* gnu/services/base.scm (file->udev-rule): New function.
* doc/guix.texi (Base Services): Document it.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* gnu/system/examples/lightweight-desktop.tmpl <file-systems>: Add a
UUID for the /boot/efi partition.
* doc/guix.texi (Using the Configuration System): Mention it.
* guix/build-system/ant.scm: Add #:test-include and #:test-exclude
arguments.
* guix/build/ant-build-system.scm: Generate test list from arguments.
* doc/guix.texi (Build Systems): Document it.
* guix/build-system/ant.scm: New #:main-class argument
* guix/build/ant-build-system.scm: Generate a manifest file with
additional properties.
* doc/guix.texi (Build Systems): Document it.
* gnu/services/web.scm (<nginx-server-configuration>): Add
nginx-server-configuration-try-files.
(emit-nginx-server-config): Use it.
* doc/guix.texi (Web Services): Document it.
* doc/contributing.texi (Submitting Patches): Add a note about closing bug
threads by mailing to NNN-done@debbugs.gnu.org.
Suggested-by: Nicolas Goaziou <mail@nicolasgoaziou.fr>
Searching for `git send-email' took you to the end of `Submitting Patches'
section which said
You may use your email client or the ‘git send-email’ command.
without further warning or remark.
* doc/contributing.texi (Sending a Patch Series): Move information about
debbugs bug 15361 to subsection. Add git-send-email index entries.
(Submitting Patches): Reference it.
This allows substitutes to be downloaded from unauthorized servers, as
long as they advertise the same hash and references as one of the
authorized servers.
* guix/scripts/substitute.scm (assert-valid-narinfo): Remove.
(valid-narinfo?): Add #:verbose?. Handle each case of
'signature-case'.
(equivalent-narinfo?): New procedure.
(lookup-narinfos/diverse): Add 'authorized?' parameter and honor it.
[select-hit]: New procedure.
(lookup-narinfo): Add 'authorized?' parameter and pass it.
(process-query): Adjust callers accordingly.
(process-substitution): Remove call to 'assert-valid-narinfo'. Check
whether 'lookup-narinfo' returns true and call 'leave' if not.
* tests/substitute.scm (%main-substitute-directory)
(%alternate-substitute-directory): New variables.
(call-with-narinfo): Make 'narinfo-directory' a parameter. Call
'mkdir-p' to create it. Change unwind handler to check whether
CACHE-DIRECTORY exists before deleting it.
(with-narinfo*): New macro.
("substitute, no signature")
("substitute, invalid hash")
("substitute, unauthorized key"): Change expected error message to "no
valid substitute".
("substitute, unauthorized narinfo comes first")
("substitute, unsigned narinfo comes first")
("substitute, first narinfo is unsigned and has wrong hash")
("substitute, first narinfo is unsigned and has wrong refs")
("substitute, unsigned narinfo comes first")
("substitute, two invalid narinfos"): New tests.
* doc/guix.texi (Substitutes): Explain the new behavior.
* gnu/services/desktop.scm (bluetooth-configuration): New record.
(bluetooth-shepherd-service): Use it.
(bluetooth-directory): New method.
(bluetooth-service-type): Use it to extend the etc-service-type service.
(bluetooth-service): Add `auto-enable?' parameter.
* doc/guix.texi (Desktop Services): Document it.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Discussed at
<https://lists.gnu.org/archive/html/guix-devel/2017-08/msg00277.html>.
* gnu/services/desktop.scm (%desktop-services): Remove call to
'wicd-service'. Add instances of NETWORK-MANAGER-SERVICE-TYPE and
WPA-SUPPLICANT-SERVICE-TYPE.
* doc/guix.texi (Networking Services): Document
'network-manager-service-type' as being part of '%desktop-services'.
(Desktop Services): Replace Wicd with NM.
Since MPD switches user, the pid-file must be in a writable dir. This
is now always /var/run/mpd/(user)/pid.
* gnu/services/audio.scm (mpd-service-type): Add a activation-service
extension.
(<mpd-configuration>)[pid-file]: Remove.
(mpd-service): Rename to...
(mpd-shepherd-service): ... this.
(mpd-file-name, mpd-service-activation): New procedure.
* doc/guix.texi (Audio Services): Document the changes.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* gnu/bootloader.scm (<bootloader-configuration>): Deprecate "device" field in
favor of "target" field. This is mostly a renaming but also a generalization
to support UEFI targets being paths to a mounted partition instead of a device
name.
* gnu/system/examples/bare-bones.tmpl:
* gnu/system/examples/desktop.tmpl:
* gnu/system/examples/lightweight-desktop.tmpl:
* gnu/system/examples/vm-image.tmpl:
* gnu/system/install.scm:
* gnu/tests.scm:
* gnu/tests/install.scm:
* gnu/tests/nfs.scm:
* tests/system.scm: Adapt all invocations of bootloader-configuration.
* guix/scripts/system.scm (perform-action): Rename device argument to
bootloader-target.
(process-action): Adapt caller.
* doc/guix.texi (Proceeding with the Installation):
* doc/guix.texi (Bootloader Configuration): Update documentation.
* gnu/services/virtualization.scm: New file.
* doc/guix.texi (Virtualization Services): Document it.
* gnu/local.mk (GNU_SYSTEM_MODULES): Add it.
Signed-off-by: Christopher Baines <mail@cbaines.net>
Now that the service-type has a default value, and configuration record is
accessible.
* gnu/services/web.scm (nginx-service): Remove procedure.
* doc/guix.texi (Web Services): Update and improve NGinx documentation.
* doc/guix.texi: Add documentation.
* gnu/services/audio.scm (<mpd-configuration>): New record type.
(mpd-service-type): New service type.
* gnu/tests/audio.scm: New file.
* gnu/local.mk: Add new files.
Signed-off-by: Christopher Baines <mail@cbaines.net>
This is overly specific, as this section now includes the documentation for
Redis, which is not an SQL database.
* doc/guix.texi: Change database services description.
Tailon 1.3.0 (upgraded from 1.1.1) adds support for HTTP authentication.
* gnu/services/admin.scm (<tailon-configuration-file>): Add http-auth and
users configuration values.
(tailon-configuration-file-http-auth, tailon-configuration-file-users): New
procedures.
(tailon-configuration-file-compiler): Add support for the http-auth and
users configuration options.
* doc/guix.texi (Monitoring Services): Document authentication for Tailon.
* guix/scripts/pull.scm (%snapshot-url, with-environment-variable)
(with-PATH): Remove.
(ensure-guile-git!): New procedure.
(%repository-url): New variable.
(%default-options): Add 'repository-url' and 'ref'.
(show-help, %options): Add '--commit' and '--url'.
(temporary-directory, first-directory, interned-then-deleted)
(unpack): Remove.
(build-from-source): Rename 'tarball' to 'source'. Remove call to
'unpack'.
(build-and-install): Rename 'tarball' to 'source'.
(honor-lets-encrypt-certificates!, report-git-error): New procedures.
(with-git-error-handling): New macro.
(guix-pull)[fetch-tarball]: Remove.
Wrap body in 'with-git-error-handling'. Rewrite to use
'latest-repository-commit'.
* build-aux/build-self.scm (build): Print an error message and exit when
GUILE-GIT is #f.
* doc/guix.texi (Invoking guix pull): Mention Git. Document '--commit'
and '--branch'.
* gnu/services/ssh.scm (<openssh-configuration>)[authorized-keys]: New
field.
(authorized-key-directory): New procedure.
(openssh-config-file): Honor 'authorized-keys'.
(openssh-activation): Use 'with-imported-modules'. Make /etc/ssh
755. Create /etc/ssh/authorized_keys.d.
* doc/guix.texi (Networking Services): Document it.
Suggested by Oleg Pykhalov <go.wigust@gmail.com>.
* doc/guix.texi (Invoking guix system): Give an example of passing
arguments to the 'run-vm.sh' script.
* gnu/services/databases.scm (memcached-service-type, %memcached-accounts):
New variables.
(<memcached-configuration>): New record type.
(memcached-service-type): New procedures.
* gnu/tests/databases.scm: New file.
* doc/guix.texi (Database Services): Document the new memcached service.
* gnu/local.mk (GNU_SYSTEM_MODULES): Add entry for tests/databases.scm.
* doc/guix.texi (Web Services): Add documentation.
* gnu/services/web.scm (<fcgiwrap-configuration>): New record type.
(fcgiwrap-accounts, fcgiwrap-shepherd-service): New service extensions.
(fcgiwrap-service-type): New service type.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* gnu/services/cuirass.scm (<cuirass-configuration>)[fallback?]: New field.
(cuirass-shepherd-service): Take it into account.
* doc/guix.texi (Continuous Integration): Document it.
Suggested by Mark H Weaver <mhw@netris.org>.
* guix/scripts/publish.scm (nar-expiration-time): New procedure.
(render-narinfo/cached): Use it as the #:entry-expiration passed to
'maybe-remove-expired-cache-entries'.