In order to be able to provide decryption keys for the LUKS device, they need
to be available in the initial ram disk. However they cannot be stored inside
the usual initrd, since it is stored in the store and being a
world-readable (as files in the store are) is not a desired property for a
initrd containing decryption keys. This commit adds an option to load
additional initrd during the boot, one that is not stored inside the store and
therefore can contain secrets.
Since only grub supports encrypted /boot, only grub is modified to use the
extra-initrd. There is no use case for the other bootloaders.
* doc/guix.texi (Bootloader Configuration): Describe the new extra-initrd
field.
* gnu/bootloader.scm (<bootloader-configuration>): Add extra-initrd field.
* gnu/bootloader/grub.scm (make-grub-configuration): Use the extra-initrd
field.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Change-Id: I995989bb623bb594ccdafbf4a1a6de941bd4189f
Requiring the user to input their password in order to unlock a device is not
always reasonable, so having an option to unlock the device using a key file
is a nice quality of life change.
* gnu/system/mapped-devices.scm (open-luks-device): Add #:key-file argument.
(luks-device-mapping-with-options): New procedure.
* doc/guix.texi (Mapped Devices): Describe the new procedure.
Change-Id: I1de4e045f8c2c11f9a94f1656e839c785b0c11c4
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
This makes those packages visible to (gnu ci), giving them first class
in the eyes of Cuirass and similar tools, in turn ensuring substitutes
are available (this was discovered by running ‘guix weather -c 10’).
* gnu/packages/rust.scm (rust-bootstrap, rust-1.55)
(rust-1.56, rust-1.57, rust-1.58, rust-1.59, rust-1.60)
(rust-1.61, rust-1.62, rust-1.63, rust-1.64, rust-1.65)
(rust-1.66, rust-1.67, rust-1.68, rust-1.69, rust-1.70)
(rust-1.71, rust-1.72, rust-1.73): Make variable public and add
‘hidden?’ property.
(rust): Remove ‘hidden?’ property.
* gnu/packages/java.scm (java-hamcrest-parent-pom)
(java-org-ow2-parent-pom-1.3, java-asm-bootstrap): Make variable public
and add ‘hidden?’ property.
* gnu/packages/ocaml.scm (dune-bootstrap)
(ocaml4.09-dune-bootstrap, ocaml5.0-dune-bootstrap): Likewise.
Change-Id: I32b0ea639a4f1c39466875acdbc9cbadf75c7668
* gnu/packages/web-browsers (qutebrowser): Update to 3.1.0.
[inputs]: Use PyQt6, placed before PyQtWebengine.
[arguments]: Replace qt5 path with qt6 path and wrap program with
QTWEBENGINE_RESOURCES_PATH.
[description]: Replace PyQt5 with PyQt6.
Signed-off-by: Clément Lassieur <clement@lassieur.org>
Apply two upstream commits that allow building with Python 3.9 or newer and
running with Python 3.10.
* gnu/packages/patches/unknown-horizons-python-3.9.patch: New file.
* gnu/packages/patches/unknown-horizons-python-3.10.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add them.
* gnu/packages/games.scm (unknown-horizons)[source]: Apply them.
Change-Id: Icbc8b698b913be01465b09ab26afb29e5fd62a87
Signed-off-by: Liliana Marie Prikler <liliana.prikler@gmail.com>
Fixes: Unknown Horizons fails to start <https://bugs.gnu.org/54815>
Reported upstream to <https://github.com/catchorg/Catch2/issues/2796>. It is
expected that SSE2 is enabled for i686 builds or tests fail.
* gnu/packages/check.scm (check2)[arguments]: Enable SSE2 for x86_64-linux and
i686-linux in configure-flags.
Co-authored-by: Richard Sent <richard@freakingpenguin.com>
Co-authored-by: Jo Gay <@jane.lx.gay>
Change-Id: I99205f92b66ab3d10affbfb58918f37069ba82ec
The default value of #f led to ("..." . #f) being passed further down as an
entry point. That is not an issue for command line invocation, since in that
code path '() was already used as a default value, but it broke docker system
test with the following error:
building /gnu/store/dll8jj6h5pfgf6ya9skk1g1546smwbib-docker-pack.tar.gz.drv...
tar: Removing leading `/' from member names
Backtrace:
6 (primitive-load "/gnu/store/g8hqzccfvn4mkm41jqs65c27gs7?")
In ./guix/docker.scm:
268:6 5 (build-docker-image "/gnu/store/zi2f5dfdrhviinm6jxp3cj?" ?)
In ice-9/ports.scm:
433:17 4 (call-with-output-file _ _ #:binary _ #:encoding _)
476:4 3 (_ _)
In ./guix/docker.scm:
270:21 2 (_)
123:40 1 (config "1996ead589ab366473d935c4d5bd0c38b998f3b299847?" ?)
In unknown file:
0 (list->vector ("/gnu/store/1pvqd30qi1aigjdf7s7l8v7?" . #))
ERROR: In procedure list->vector:
In procedure vector: Wrong type argument in position 1: ("/gnu/store/1pvqd30qi1aigjdf7s7l8v7wpvrrhfkj-profile/bin/guile" . #f)
note: keeping build directory `/tmp/guix-build-docker-pack.tar.gz.drv-16'
builder for `/gnu/store/dll8jj6h5pfgf6ya9skk1g1546smwbib-docker-pack.tar.gz.drv' failed with exit code 1
build of /gnu/store/dll8jj6h5pfgf6ya9skk1g1546smwbib-docker-pack.tar.gz.drv failed
View build log at '/var/log/guix/drvs/dl/l8jj6h5pfgf6ya9skk1g1546smwbib-docker-pack.tar.gz.drv.gz'.
cannot build derivation `/gnu/store/dq9qk1ba0f07572m8ck3xws28x1b3rif-docker-test.drv': 1 dependencies couldn't be built
guix build: error: build of `/gnu/store/dq9qk1ba0f07572m8ck3xws28x1b3rif-docker-test.drv' failed
make: *** [Makefile:7044: check-system] Error 1
Breakage was introduced in 7d5168a2af.
* guix/scripts/pack.scm (docker-image)[entry-point-argument]: Default to '().
Change-Id: If5fc1f8bcb0981df11409636e71f2ca91b05612f
* gnu/packages/astronomy.scm (python-spherical-geometry): Update to 1.3.1.
[arguments]<#:phases>: Replace 'build-extension with
'prepare-test-environment phase which includes Pytest config set up to
prevent tests from failure.
[native-inputs]: Add python-pytest-astropy-header.
[home-page]: Correct it.
Change-Id: Ib49201f62c32555355df5821383ef416245d4d50
* gnu/packages/astronomy.scm (python-pynbody): Update to 1.5.2.
[arguments]<#:test-flags>: Add to ignore list 'tests/copy_on_access_test.py'.
Change-Id: Ib3c566602e036b0396a79fd41b18be0ebbe5235c