This change allows overriding the home directory of all filesystem mappings to
help hide the identity of the calling user in a container.
* doc/guix.texi (Invoking guix environment)[--container]: Mention --user.
[--user]: Add item.
* guix/scripts/environment.scm (show-help): Add --user.
(%options): Add --user.
(launch-environment/container) Add 'user' parameter. Update doc. Override
'user-mappings' using 'override-user-mappings'. Consider override for chdir.
(mock-passwd, user-override-home, overrid-euser-dir): New procedures.
(guix-environment): Disallow --user without --container. Provide user to
'launch-environment/container'.
* tests/guix-environment.sh: Add user test.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
This change is motivated by attempts to run programs (like GNU IceCat) within
containers. The 'fontconfig' program, for example, is configured explicitly
to check ~/.guix-profile for additional fonts.
There were no existing container tests in 'tests/guix-environment.sh', but I
added one anyway for this change.
* doc/guix.texi (Invoking guix environment): Add '--link-profile'.
* guix/scripts/environment.scm (show-help): Add '--link-profile'.
(%options): Add 'link-profile' as '#\P', assigned to 'link-profile?'.
(link-environment): New procedure.
(launch-environment/container): Use it when 'link-profile?'.
[link-profile?]: New parameter.
(guix-environment): Leave when '--link-prof' but not '--container'. Add
'#:link-profile?' argument to 'launch-environment/container' application.
* tests/guix-environment-container.sh: New '--link-profile' test.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Fixes <https://bugs.gnu.org/30569>.
Reported by Andreas Enge <andreas@enge.fr>.
* guix/profiles.scm (manifest-add): Don't append ENTRIES as is.
Instead, cons each element of ENTRIES as we fold over it.
Remove unneeded ellispes in 'match' patterns.
* guix/build-system/trivial.scm (lower): Add #:allowed-references and
keep it in the 'arguments' field.
(trivial-build): Add #:allowed-references. Add
'canonicalize-reference'. Pass #:allowed-references to
'build-expression->derivation'.
(trivial-cross-build): Likewise.
* tests/packages.scm ("trivial with #:allowed-references"): New test.
Reported by <pkill9@runbox.com>.
Fixes <https://bugs.gnu.org/30470>.
* guix/import/utils.scm (alist->package): Check whether 'license' is
false and set the 'license' field to #f in this case.
* tests/import-utils.scm ("alist->package with false license"): New
test.
Fixes <https://bugs.gnu.org/30184>.
Regression introduced in 297e04d660.
Reported by Christopher Baines <mail@cbaines.net>.
* guix/scripts/publish.scm (nar-response-port): Add 'compression'
parameter and honor it.
(http-write): Get 'x-nar-compression' from the initial RESPONSE.
This simplifies OS configuration: users no longer need to be aware of
what a given service depends on.
See the discussion at
<https://lists.gnu.org/archive/html/guix-devel/2018-01/msg00114.html>.
* gnu/services.scm (missing-target-error): New procedure.
(service-back-edges): Use it.
(instantiate-missing-services): New procedure.
* gnu/system.scm (operating-system-services): Call
'instantiate-missing-services'.
* tests/services.scm ("instantiate-missing-services")
("instantiate-missing-services, no default value"): New tests.
* gnu/services/version-control.scm (cgit-service-type)[extensions]: Add
FCGIWRAP-SERVICE-TYPE.
* gnu/tests/version-control.scm (%cgit-os): Remove NGINX-SERVICE-TYPE
and FCGIWRAP-SERVICE-TYPE instances.
* doc/guix.texi (Log Rotation): Remove 'mcron-service-type' in example.
(Miscellaneous Services): Remove 'nginx-service-type' and
'fcgiwrap-service-type' in Cgit example.
* guix/scripts/build.scm (numeric-extension?, tarball-base-name): New
procedures, formerly in 'package-with-source'.
(transform-package-source)[new-sources]: Look for '=' in URI. Each
element of the list of now a (PKG VERSION SOURCE) tuple.
Pass VERSION to 'package-with-source'.
(package-with-source): Add 'version' parameter and honor it.
* tests/scripts-build.scm ("options->transformation, with-source, PKG=URI")
("options->transformation, with-source, PKG@VER=URI"): New tests.
* doc/guix.texi (Package Transformation Options): Document the new
forms.
Fixes <https://bugs.gnu.org/29761>.
Reported by Martin Castillo <castilma@uni-bremen.de>.
* guix/scripts/gc.scm (argument->verify-options): New procedure.
(%options) ["verify"]: Adjust to use it.
* tests/guix-gc.sh: Add test.
Fixes <https://bugs.gnu.org/29612>.
Reported by Chris Marusich <cmmarusich@gmail.com>.
This is a followup to 6dff905e51.
* tests/graph.scm ("bag-emerged DAG"): Adjust for glibc:static among
IMPLICIT.
* guix/scripts/lint.scm (check-vulnerabilities): Also check for CVEs
listed as mitigated in the package properties.
* tests/lint.scm ("cve: known safe from vulnerability"): New test.
Reported at <https://bugs.gnu.org/27943>
by Danny Milosavljevic <dannym@scratchpost.org>.
* guix/scripts/lint.scm (%distro-directory): New variable.
(check-patch-file-names): Add check for the file name length.
* tests/lint.scm ("patches: file name too long"): New test.
Fixes <https://bugs.gnu.org/29426>.
Reported by Adonay Felipe Nogueira <adfeno@hyperbola.info>.
* tests/syscalls.scm ("utmpx-entries"): Check the value
of (utmpx-entries entry) only for INIT_PROCESS, LOGIN_PROCESS, and
USER_PROCESS entries.
This is a follow-up to commit 40e89f5be6.
* tests/store.scm ("dead path can be explicitly collected"): Don't check
that (> freed 0).
* gnu/packages/package-management.scm (guix)[arguments]<#:phases>: Remove
workaround for the same problem.
This fixes a test failure exhibited by
fb17a89912 whereby assignments to 'out' in
guix-gc.sh would go to the 'out' environment variable, when it exists,
which in turn prevents garbage collection of $out.
* tests/guix-gc.sh: Add 'unset' invocations.
Suggested by Julien Lepiller and myglc2
at <https://lists.gnu.org/archive/html/guix-devel/2017-11/msg00106.html>.
* gnu.scm (%try-use-modules): New procedure.
(package-module-hint, service-module-hint): New procedures.
(try-use-modules): New macro.
(use-package-modules, use-service-modules, use-system-modules): Use it.
* tests/guix-system.sh: Test it.
This is most often the need for perl module dependencies.
* guix/import/cpan.scm (cpan-module->sexp): 'inputs -> 'propagated-inputs.
* tests/cpan.scm ("cpan->guix-package"): Adjust accordingly.
Fixes <https://bugs.gnu.org/28784>.
This mostly reverts 81a0f1cdf1, which
introduced a regression: revealed ports are *never* GC'd (contrary to
what Guile's manual suggests).
In addition to the revert, 'close-procedure' now explicitly swallows
EBADF errors when 'close-port' is called.
* guix/zlib.scm (close-procedure): New procedure.
(make-gzip-input-port)[gzfile]: Use 'fileno' instead of 'port->fdes'.
Use 'close-procedure' instead of 'gzclose'.
(make-gzip-output-port): Likewise.
* tests/zlib.scm ("compression/decompression pipe"): Use 'port-closed?'
to determine whether PARENT has been closed.
Suggested by Ricardo Wurmus.
Works around <https://bugs.gnu.org/28295>.
* guix/ui.scm (report-load-error): Add case for 'read-error'.
* tests/guix-system.sh: Test missing-closing-paren errors.
Fixes <https://bugs.gnu.org/28664>.
Reported by Maxim Cournoyer <maxim.cournoyer@gmail.com>.
* guix/scripts/publish.scm (bake-narinfo+nar): When COMPRESSION is
'none, write NAR instead of doing nothing.
(make-request-handler): Use 'render-nar/cached' for /nar URLs with no
compression.
* tests/publish.scm ("with cache", "with cache, uncompressed"): Adjust
expected result accordingly.
* gnu/system/uuid.scm (uuid=?): New procedure.
* tests/uuid.scm ("uuid=?"): New test.
* gnu/build/file-systems.scm (partition-uuid-predicate)
(luks-partition-uuid-predicate): Use it instead of 'bytevector=?'.
Ludovic Courtès