This change allows overriding the home directory of all filesystem mappings to
help hide the identity of the calling user in a container.
* doc/guix.texi (Invoking guix environment)[--container]: Mention --user.
[--user]: Add item.
* guix/scripts/environment.scm (show-help): Add --user.
(%options): Add --user.
(launch-environment/container) Add 'user' parameter. Update doc. Override
'user-mappings' using 'override-user-mappings'. Consider override for chdir.
(mock-passwd, user-override-home, overrid-euser-dir): New procedures.
(guix-environment): Disallow --user without --container. Provide user to
'launch-environment/container'.
* tests/guix-environment.sh: Add user test.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
This change is motivated by attempts to run programs (like GNU IceCat) within
containers. The 'fontconfig' program, for example, is configured explicitly
to check ~/.guix-profile for additional fonts.
There were no existing container tests in 'tests/guix-environment.sh', but I
added one anyway for this change.
* doc/guix.texi (Invoking guix environment): Add '--link-profile'.
* guix/scripts/environment.scm (show-help): Add '--link-profile'.
(%options): Add 'link-profile' as '#\P', assigned to 'link-profile?'.
(link-environment): New procedure.
(launch-environment/container): Use it when 'link-profile?'.
[link-profile?]: New parameter.
(guix-environment): Leave when '--link-prof' but not '--container'. Add
'#:link-profile?' argument to 'launch-environment/container' application.
* tests/guix-environment-container.sh: New '--link-profile' test.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Fixes <https://bugs.gnu.org/30641>.
Reported by Oleg Pykhalov <go.wigust@gmail.com>.
* guix/import/cpan.scm (cpan-version): Drop the "v" prefix when it is
there.
Fixes <https://bugs.gnu.org/30569>.
Reported by Andreas Enge <andreas@enge.fr>.
* guix/profiles.scm (manifest-add): Don't append ENTRIES as is.
Instead, cons each element of ENTRIES as we fold over it.
Remove unneeded ellispes in 'match' patterns.
* guix/build-system/trivial.scm (lower): Add #:allowed-references and
keep it in the 'arguments' field.
(trivial-build): Add #:allowed-references. Add
'canonicalize-reference'. Pass #:allowed-references to
'build-expression->derivation'.
(trivial-cross-build): Likewise.
* tests/packages.scm ("trivial with #:allowed-references"): New test.
Reported by <pkill9@runbox.com>.
Fixes <https://bugs.gnu.org/30470>.
* guix/import/utils.scm (alist->package): Check whether 'license' is
false and set the 'license' field to #f in this case.
* tests/import-utils.scm ("alist->package with false license"): New
test.
This is a temporary workaround for <https://bugs.gnu.org/30116>, where
'substitute*' throws on files containing NUL characters.
* guix/build/emacs-build-system.scm (patch-el-files): Filter out elisp files
that contain NUL characters.
Co-authored-by: Ludovic Courtès <ludo@gnu.org>
* guix/build/emacs-build-system.scm (%standard-phases): Reinstate the check
phase from the gnu-build-system.
* guix/build-system/emacs.scm (emacs-build)[tests?]: But do not enable it by default.
[parallel-tests?]: Add argument.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
This generalizes the mechanism by which the Emacs dependencies are made visible,
so that any build phase can make use of them.
* guix/build/emacs-build-system.scm (%legacy-install-suffix): New variable.
(%install-suffix): Redefine in terms of %legacy-install-suffix.
(set-emacs-load-path): Add new phase used for dependency resolution.
(build): Remove ad-hoc dependency discovery mechanism.
(emacs-input->el-directory): Add new procedure.
(emacs-inputs-el-directories): Use it.
(package-name-version->elpa-name-version): Fix typo.
(%standard-phases): Include the new `set-emacs-load-path' phase. Refactor to
make the ordering of the phases clearer.
* guix/build/emacs-utils.scm (emacs-byte-compile-directory): Remove the
optional `dependency-dirs' argument, which is now obsoleted by the
`set-emacs-load-path' phase.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Fixes <https://bugs.gnu.org/30184>.
Regression introduced in 297e04d660.
Reported by Christopher Baines <mail@cbaines.net>.
* guix/scripts/publish.scm (nar-response-port): Add 'compression'
parameter and honor it.
(http-write): Get 'x-nar-compression' from the initial RESPONSE.
Suggested by atw on #guix.
* gnu/services/shepherd.scm (shepherd-service-file): Use 'scheme-file'
instead of 'gexp->file'.
(shepherd-configuration-file): Likewise, and adjust to non-monadic
style.
(shepherd-boot-gexp): Adjust accordingly.
* guix/scripts/system.scm (upgrade-shepherd-services): Use
'lower-object' in addition to 'shepherd-service-file'.
Fixes <https://bugs.gnu.org/30155>.
The effect can be seen in the package graph produced by:
guix graph -e '(@@ (gnu packages commencement) static-bash-for-glibc)'
This reduces the number of "duplicate" nodes in this graph, i.e.,
distinct package objects that correspond to the same derivation (objects
that are not 'eq?' but semantically equal.)
* gnu/packages/commencement.scm (linux-libre-headers-boot0): Make an
'mlambda' instead of a 'lambda'.
(hurd-core-headers-boot0): Ditto.
Mitigates <https://bugs.gnu.org/29881>.
Reported by Diego Nicola Barbato <dnbarbato@posteo.de>.
* guix/ui.scm (load*): Unset '%fresh-auto-compile' only on Guile 2.2.3.
Previously we were looking at the load of the past 5 minutes, which
means that, after a build, we could end up waiting for 5 minutes for
that metric to be low enough.
* guix/scripts/offload.scm (machine-load): Compute RAW based on ONE, not
FIVE.
Wrap files in bin/ and sbin/ with the location of the gem itself and the
location of any other gems in use (GEM_PATH). This ensures that the bin files
will run with the right environment when executed.
It does however mean that native-inputs will also get wrapped up in any
binaries, which is not good, as it increases the size of the closure, and
risks this code being used at runtime.
* guix/build/ruby-build-system.scm (wrap): New procedure.
(%standard-phases): Add the wrap phase.
A modified copy of wrap-program from (guix build utils). The wrap-program
procedure doesn't work well for Ruby scripts, as it breaks using the -S flag
with ruby to execute the script, as when -S is passed to ruby, it expects the
script on the PATH to use ruby in the shebang, and not bash.
Therefore, to wrap the program, but keep the shebang as ruby, wrap it with a
ruby script instead.
wrap-ruby-program uses .real/foo rather than .foo-real, as this might be
neater. This procedure also includes a call to Gem.clear_paths to make it
possible to set the GEM_PATH through this method, and for it to take effect.
* gnu/build/ruby-build-system.scm (wrap-ruby-program): New procedure.
* guix/build/ruby-build-system.scm (install): Install gems to the vendor
directory, rather than the GEM_HOME. The vendor directory does not include
the version of ruby used to install the gem in the path, which makes it
easier to add it to the GEM_PATH for all versions of ruby to use.
(gem-home): Remove procedure.
* gnu/packages/ruby.scm (ruby, ruby-2.1)[native-search-paths]: Switch to
lib/ruby/vendor_ruby.
(ruby-1.8)[native-search-paths]: Remove native-search-paths.
(gem-directory): Remove procedure.
(ruby-ansi, ruby-ae)[arguments]: Remove use of gem-directory.
(ruby-metaclass, ruby-instantiator, ruby-introspection, ruby-mocha,
ruby-nokogiri, ruby-minitest-tu-shim, ruby-redcloth)[arguments]: Remove use
of gem-home.
(ruby-git, ruby-httpclient)[arguments]: Remove use of GEM_HOME.
* gnu/packages/databases.scm (es-dump-restore)[arguments]: Remove use of
GEM_HOME.
This mostly reverts 17af5d51de.
Suggested by Andy Wingo <wingo@igalia.com>.
* guix/ssh.scm (remote-daemon-channel)[redirect]: Remove 'read!' FFI
hack. Use buffered ports.
This fixes a regression in 'retrieve-files*' introduced in
896fec476f, whereby (guix scripts offload)
would not read the initial sexp now sent by the remote host via
'store-export-channel'. This would effectively prevent file retrieval
entirely when offloading.
* guix/ssh.scm (retrieve-files*): New procedure, like former
'retrieve-files' but with an extra #:import parameter.
(retrieve-files): Rewrite in terms of 'retrieve-files*'.
(file-retrieval-port): Make private.
* guix/scripts/offload.scm (transfer-and-offload): Pass #:import to
'retrieve-files*'.
(retrieve-files*): Remove.
Previously the redirect code could end up exiting prematurely because of
an uninteresting "exceptional condition" on the socket (info "(libc)
Waiting for I/O").
* guix/ssh.scm (remote-daemon-channel): Pass the empty list as the third
argument to 'select'. It was a mistake to pass a non-empty list there
in the first place.
Previously 'process-stderr' would always pass a bytevector of MAX-LEN to
then daemon in the %stderr-read case (i.e., 'import-paths'), instead of
LEN (where LEN <= MAX-LEN).
In practice the extra bytes didn't cause a protocol violation or
anything because they happen at the end of the stream, which typically
contains the canonical sexp of the signature, and the extra zeros were
just ignored.
* guix/serialization.scm (write-bytevector): Add optional 'l' parameter
and honor it.
* guix/store.scm (process-stderr): Pass LEN to 'write-bytevector'.
This works around <https://bugs.gnu.org/30066> and noticeably improves
performance when using GUIX_DAEMON_SOCKET=ssh://HOST (the redirect code
was transferring data to guix-daemon one byte at a time!).
* guix/ssh.scm (remote-daemon-channel)[redirect]: Define 'read!' and use
it instead of 'get-bytevector-some'.
This was harmless but non-compliant and unnecessary.
* guix/scripts/publish.scm <top level>: Rename "Guix-Nar-Compression" to
"X-Nar-Compression" as should have always been.
(render-nar, nar-response-port): Adjust accordingly.
(strip-headers): New procedure.
(sans-content-length, with-content-length): Use it.
Ludovic Courtès