The non-hygienic binding of the source location accessor was set to
'-location'; in modules where multiple configurations were defined, it would
cause compilation warnings such as:
gnu/services/mail.scm:175:0: warning: shadows previous definition of
`%-location-procedure' at gnu/services/mail.scm:165:0
* gnu/services/configuration.scm (define-configuration-helper) <id>: Add a
missing #'stem argument to use the configuration name as a prefix to the
location accessor identifier.
In some cases, rather than globally disabling serialization, it may be more
appropriate to disable or otherwise alter the serialization procedure of a
specific field. In large module, multiple configurations may also exist that
would need to alter the default serialization procedure, which is named after
the field type. Being able to specify a per-field serialization procedure
provides more flexibility.
* gnu/services/configuration.scm (define-configuration): Add an optional
pattern variable to allow specifying a custom serialization procedure.
(define-configuration-helper) <field-serializer>: Use it to transform the
syntax.
(empty-serializer): New procedure.
(serialize-package): Alias to ‘empty-serializer’.
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Serialization is not always useful, for example when deriving command line
arguments from a configuration. This change provides a way to turn it off,
which removes the need to define a bunch of dummy serialization procedures.
Credit goes to Andrew Gierth (RhodiumToad) from #guile for providing the
solution. Thank you!
* gnu/services/configuration.scm (define-configuration-helper): New procedure.
(define-configuration) <no-serialization>: New syntactic keyword. Use it in a
new pattern. Refactor the macro so that it makes use of the above helper
procedure.
This resolves a compilation warning introduced with commit bb716e8d9d.
* gnu/services/configuration.scm (configuration->documentation): Use display
to print the string instead of format.
The original (undocumented) procedure to generate the doc has a difficult to
grasp interface; add a simpler one on top of it.
* gnu/services/configuration.scm (configuration->documentation): New procedure.
Not all fields in a configuration have a sensible default value. This changes
makes it possible to omit a default value for a configuration field, requiring
the user to provide a value.
* gnu/services/configuration.scm (configuration-missing-field): New procedure.
(define-configuration): Make default value optional.
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
* gnu/services/mail.scm (protocol-configuration): Add an ‘imap-metadata?’
setting to enable IMAP METADATA support in the ‘imap’ protocol.
* doc/guix.texi (Mail Services): Document it.
Signed-off-by: Tobias Geerinckx-Rice <me@tobias.gr>
This service doesn't create a PID file, but it does write a file with the
processed commits in it, so create a directory to contain that.
* gnu/services/guix.scm (guix-build-coordinator-queue-builds-activation):
Ensure /var/cache/guix-build-coordinator-queue-builds exists.
* gnu/services/databases.scm (mysql-configuration): Add extra-environment
(mysql-service): Use #:log-file and #:environment-variables
* doc/guix.texi: Document it.
Signed-off-by: Leo Prikler <leo.prikler@student.tugraz.at>
Use the default client port rather than the default agent communication port
for the queue builds script.
* gnu/services/guix.scm (<guix-build-coordinator-queue-builds-configuration>):
Change coordinator default.
The queue builds script doesn't create a pid file, so don't have the shepherd
expect to find one.
* gnu/services/guix.scm (guix-build-coordinator-queue-builds-shepherd-services):
Remove #:pid-file.
Don't hardcode usernames, as these are in the config. Also fix the %user being
missing from the queue-builds service activation.
* gnu/services/guix.scm (guix-build-coordinator-activation,
guix-build-coordinator-agent-activation): Use config for the user name.
(guix-build-coordinator-queue-builds-activation): Define %user.
To the agent configuration.
* gnu/services/guix.scm (<guix-build-coordinator-agent-configuration>): New
field, max-1min-load-average.
(guix-build-coordinator-agent-configuration-max-1min-load-average): New
procedure.
(guix-build-coordinator-agent-shepherd-services): If set, include the
max-1min-load-average in the agent arguments.
* gnu/services/vpn.scm (<wireguard-peer>): Add 'keep-alive' field.
(wireguard-configuration-file): Use it.
* doc/guix.texi (VPN Services): Document it.
This is a follow-up of c311147bd1.
* gnu/services/databases.scm (<postgresql-role-configuration>)[host]: Set to
"/tmp" which the default Postgresql socket directory.
* gnu/services/databases.scm (mysql-configuration): Add extra-environment
(mysql-service): Use #:log-file and #:environment-variables
* doc/guix.texi: Document it.
Signed-off-by: Leo Prikler <leo.prikler@student.tugraz.at>
Fixes <https://bugs.gnu.org/46737>.
PostgreSQL running with a different socket directory to the default one in the
package itself breaks some services, this commit restores the previous
behaviour where PostgreSQL by default will run with a socket directory that
matches the default used by PostgreSQL packaged for Guix.
Switching to a different default value can happen, but only alongside changing
the PostgreSQL package.
* gnu/services/databases.scm (<postgresql-config-file>)[socket-directory]:
Change default to #false.
* doc/guix.texi (Database Services): Update documentation, and specify a
different value for disabling connections via sockets.
* gnu/tests/guix.scm (%guix-data-service-os): Use default PostgreSQL
behaviour.
* gnu/tests/monitoring.scm (%zabbix-os): Likewise.
* gnu/tests/web.scm (patchwork-os): Likewise.
Signed-off-by: Leo Famulari <leo@famulari.name>
That way, the default config with (advertises? #t) and without a cache
will offer zstd-compressed substitutes, which should lead to much higher
throughput than gzip.
* gnu/services/base.scm (default-compression): When
'guix-publish-configuration-cache' returns true, use higher level
compression ratios. Add "zstd".
* doc/guix.texi (Base Services): Mention zstd.
References:
https://sysctl-explorer.net/fs/protected_hardlinks/https://sysctl-explorer.net/fs/protected_symlinks/
* gnu/services/sysctl.scm (%default-sysctl-settings): New public variable.
(<sysctl-configuration>): Use %default-sysctl-settings as the default value.
* gnu/services/base.scm (%base-services): Add sysctl-service-type.
* doc/guix.texi (Miscellaneous Services): Document the new defaults.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
mongodb 3.4.10 has unpatched CVEs and mongodb 3.4.24 has some files in the
release tarball under the SSPL, therefore we cannot provide mongodb while
upholding to good security standards.
It turns out feff80cec3 was right since while
the main license file wasnt altered to SSPL, some files in the tree contain
SSPL headers.
* gnu/packages/databases.scm (go-gopkg.in-mgo.v2): Remove.
* gnu/packages/databases.scm (mongo-tools): Remove.
* doc/guix.texi (mongodb-service-type): Remove.
* gnu/tests/databases.scm (%test-mongodb, %mongodb-os, run-mongodb-test):
Remove.
* gnu/services/databases.scm (mongodb-configuration, mongodb-configuration?,
mongodb-configuration-mongodb, mongodb-configuration-config-file,
mongodb-configuration-data-directory, mongodb-service-type,
%default-mongodb-configuration-file, %mongodb-accounts, mongodb-activation,
mongodb-shepherd-service): Remove.
* gnu/packages/databases.scm (mongodb): Remove.
Fixes <https://issues.guix.gnu.org/36117>.
Before this change, the 'binfmt_misc' entries registered for QEMU would not be
usable in container contexts outside of guix-daemon (without manually bind
mounting file names).
For example:
$ docker run --rm arm32v7/debian true
standard_init_linux.go:207: exec user process caused "no such file or directory"
After this change, any container can make use of the QEMU binfmt_misc
registrations, as their corresponding QEMU static binaries are fully
pre-loaded by the kernel.
* gnu/services/virtualization.scm (<qemu-platform>): Define using
'define-record-type*'.
[flags]: New field, which defaults to "F" (fix binary).
(%i386, %i486, %alpha, %arm, %armeb, %sparc, %sparc32plus, %ppc, %ppc64)
(%ppc64le, %m68k, %mips, %mipsel, %mipsn32, %mipsn32el, %mips64, %mips64el)
(%riscv32, %riscv64, %sh4, %sh4eb, %s390x, %aarch64, %hppa): Adjust.
(qemu-binfmt-guix-chroot): Remove variable.
(qemu-binfmt-service-type): Remove the qemu-binfmt-guix-chroot extension.
* gnu/services/qemu-binfmt (qemu-platform->binfmt): Use the static output of
QEMU.
* doc/contributing.texi (Submitting Patches): Update doc.
* doc/guix.texi (Virtualization Services): Update doc.
This addresses a potential security issue, where a compromised
service could trick the activation code in changing the permissions,
owner and group of arbitrary files. However, this patch is
currently only a partial fix, due to a TOCTTOU (time-of-check to
time-of-use) race, which can be fixed once guile has bindings
to openat and friends.
Fixes: <https://lists.gnu.org/archive/html/guix-devel/2021-01/msg00388.html>
* gnu/build/activation.scm: new procedure 'mkdir-p/perms'.
* gnu/services/authentication.scm
(%nslcd-activation, nslcd-service-type): use new procedure.
* gnu/services/cups.scm (%cups-activation): likewise.
* gnu/services/dbus.scm (dbus-activation): likewise.
* gnu/services/dns.scm (knot-activation): likewise.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
The Cuirass configuration has been simplified so that this is no longer
needed.
* gnu/services/cuirass.scm (<build-manifest>, <simple-cuirass-configuration>,
simple-cuirass-configuration->specs): Remove them.
Fixes: <https://issues.guix.gnu.org/46683>.
* gnu/services/cuirass.scm (cuirass-activation): Since the PostgreSQL switch,
it is no longer needed to create the database directory.
* gnu/services/guix.scm (guix-build-coordinator-agent-dynamic-auth-with-file,
guix-build-coordinator-agent-dynamic-auth-with-filen?,
guix-build-coordinator-agent-dynamic-auth-with-file-agent-name,
guix-build-coordinator-agent-dynamic-auth-with-file-token-file): New procedures.
(guix-build-coordinator-agent-shepherd-services): Handle new dynamic auth with
file record.
* doc/guix.texi (Guix Build Coordinator): Document the new dynamic auth with
file record.
A new authentication approach has been added to the coordinator, so to better
represent the options, this commit changes the configuration to accept
different records, each for different authentication approaches.
* gnu/services/guix.scm (guix-build-coordinator-agent-configuration-uuid,
guix-build-coordinator-agent-configuration-password,
guix-build-coordinator-agent-configuration-password-file): Removed
procedures.
(guix-build-coordinator-agent-password-auth,
guix-build-coordinator-agent-password-auth?,
guix-build-coordinator-agent-password-auth-uuid,
guix-build-coordinator-agent-password-auth-password,
guix-build-coordinator-agent-password-file-auth,
guix-build-coordinator-agent-password-file-auth?,
guix-build-coordinator-agent-password-file-auth-uuid,
guix-build-coordinator-agent-password-file-auth-password-file): New
procedures.
(guix-build-coordinator-agent-shepherd-services): Adjust to handle the
authentication field and it's possible record values.
* doc/guix.texi (Guix Build Coordinator): Update documentation.
Fixes <https://bugs.gnu.org/46767>.
Previously /run/booted-system would end up referring to
/var/guix/profiles/system-NNN-link; consequently, the booted system
would not be GC-protected.
* gnu/services/shepherd.scm (shepherd-boot-gexp): Call
'canonicalize-path' instead of 'readlink'.
