;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2013, 2014, 2015, 2016, 2017, 2018, 2019 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2015, 2016 Alex Kost <alezost@gmail.com>
;;; Copyright © 2015, 2016 Mark H Weaver <mhw@netris.org>
;;; Copyright © 2015 Sou Bunnbu <iyzsong@gmail.com>
;;; Copyright © 2016, 2017 Leo Famulari <leo@famulari.name>
;;; Copyright © 2016 David Craven <david@craven.ch>
;;; Copyright © 2016 Ricardo Wurmus <rekado@elephly.net>
+;;; Copyright © 2018 Mathieu Othacehe <m.othacehe@gmail.com>
+;;; Copyright © 2019 Efraim Flashner <efraim@flashner.co.il>
;;;
;;; This file is part of GNU Guix.
;;;
(define-module (gnu services base)
#:use-module (guix store)
+ #:use-module (guix deprecation)
#:use-module (gnu services)
+ #:use-module (gnu services admin)
#:use-module (gnu services shepherd)
- #:use-module (gnu services networking)
#:use-module (gnu system pam)
#:use-module (gnu system shadow) ; 'user-account', etc.
#:use-module (gnu system uuid)
#:select (canonical-package glibc glibc-utf8-locales))
#:use-module (gnu packages bash)
#:use-module (gnu packages package-management)
+ #:use-module ((gnu packages gnupg) #:select (guile-gcrypt))
#:use-module (gnu packages linux)
#:use-module (gnu packages terminals)
#:use-module ((gnu build file-systems)
#:use-module (guix gexp)
#:use-module (guix records)
#:use-module (guix modules)
+ #:use-module ((guix self) #:select (make-config.scm))
#:use-module (srfi srfi-1)
#:use-module (srfi srfi-26)
#:use-module (ice-9 match)
#:export (fstab-service-type
root-file-system-service
file-system-service-type
- user-unmount-service
swap-service
- user-processes-service
+ user-processes-service-type
host-name-service
console-keymap-service
%default-console-font
console-font-service-type
console-font-service
+ virtual-terminal-service-type
+
+ static-networking
+
+ static-networking?
+ static-networking-interface
+ static-networking-ip
+ static-networking-netmask
+ static-networking-gateway
+ static-networking-requirement
+
+ static-networking-service
+ static-networking-service-type
udev-configuration
udev-configuration?
guix-publish-configuration-guix
guix-publish-configuration-port
guix-publish-configuration-host
- guix-publish-configuration-compression-level
+ guix-publish-configuration-compression
+ guix-publish-configuration-compression-level ;deprecated
guix-publish-configuration-nar-path
guix-publish-configuration-cache
guix-publish-configuration-ttl
;;;
;;; Code:
+
+\f
+;;;
+;;; User processes.
+;;;
+
+(define %do-not-kill-file
+ ;; Name of the file listing PIDs of processes that must survive when halting
+ ;; the system. Typical example is user-space file systems.
+ "/etc/shepherd/do-not-kill")
+
+(define (user-processes-shepherd-service requirements)
+ "Return the 'user-processes' Shepherd service with dependencies on
+REQUIREMENTS (a list of service names).
+
+This is a synchronization point used to make sure user processes and daemons
+get started only after crucial initial services have been started---file
+system mounts, etc. This is similar to the 'sysvinit' target in systemd."
+ (define grace-delay
+ ;; Delay after sending SIGTERM and before sending SIGKILL.
+ 4)
+
+ (list (shepherd-service
+ (documentation "When stopped, terminate all user processes.")
+ (provision '(user-processes))
+ (requirement requirements)
+ (start #~(const #t))
+ (stop #~(lambda _
+ (define (kill-except omit signal)
+ ;; Kill all the processes with SIGNAL except those listed
+ ;; in OMIT and the current process.
+ (let ((omit (cons (getpid) omit)))
+ (for-each (lambda (pid)
+ (unless (memv pid omit)
+ (false-if-exception
+ (kill pid signal))))
+ (processes))))
+
+ (define omitted-pids
+ ;; List of PIDs that must not be killed.
+ (if (file-exists? #$%do-not-kill-file)
+ (map string->number
+ (call-with-input-file #$%do-not-kill-file
+ (compose string-tokenize
+ (@ (ice-9 rdelim) read-string))))
+ '()))
+
+ (define (now)
+ (car (gettimeofday)))
+
+ (define (sleep* n)
+ ;; Really sleep N seconds.
+ ;; Work around <http://bugs.gnu.org/19581>.
+ (define start (now))
+ (let loop ((elapsed 0))
+ (when (> n elapsed)
+ (sleep (- n elapsed))
+ (loop (- (now) start)))))
+
+ (define lset= (@ (srfi srfi-1) lset=))
+
+ (display "sending all processes the TERM signal\n")
+
+ (if (null? omitted-pids)
+ (begin
+ ;; Easy: terminate all of them.
+ (kill -1 SIGTERM)
+ (sleep* #$grace-delay)
+ (kill -1 SIGKILL))
+ (begin
+ ;; Kill them all except OMITTED-PIDS. XXX: We would
+ ;; like to (kill -1 SIGSTOP) to get a fixed list of
+ ;; processes, like 'killall5' does, but that seems
+ ;; unreliable.
+ (kill-except omitted-pids SIGTERM)
+ (sleep* #$grace-delay)
+ (kill-except omitted-pids SIGKILL)
+ (delete-file #$%do-not-kill-file)))
+
+ (let wait ()
+ ;; Reap children, if any, so that we don't end up with
+ ;; zombies and enter an infinite loop.
+ (let reap-children ()
+ (define result
+ (false-if-exception
+ (waitpid WAIT_ANY (if (null? omitted-pids)
+ 0
+ WNOHANG))))
+
+ (when (and (pair? result)
+ (not (zero? (car result))))
+ (reap-children)))
+
+ (let ((pids (processes)))
+ (unless (lset= = pids (cons 1 omitted-pids))
+ (format #t "waiting for process termination\
+ (processes left: ~s)~%"
+ pids)
+ (sleep* 2)
+ (wait))))
+
+ (display "all processes have been terminated\n")
+ #f))
+ (respawn? #f))))
+
+(define user-processes-service-type
+ (service-type
+ (name 'user-processes)
+ (extensions (list (service-extension shepherd-root-service-type
+ user-processes-shepherd-service)))
+ (compose concatenate)
+ (extend append)
+
+ ;; The value is the list of Shepherd services 'user-processes' depends on.
+ ;; Extensions can add new services to this list.
+ (default-value '())
+
+ (description "The @code{user-processes} service is responsible for
+terminating all the processes so that the root file system can be re-mounted
+read-only, just before rebooting/halting. Processes still running after a few
+seconds after @code{SIGTERM} has been sent are terminated with
+@code{SIGKILL}.")))
+
\f
;;;
;;; File systems.
(define (file-system->fstab-entry file-system)
"Return a @file{/etc/fstab} entry for @var{file-system}."
- (string-append (case (file-system-title file-system)
- ((label)
- (string-append "LABEL=" (file-system-device file-system)))
- ((uuid)
- (string-append
- "UUID="
- (uuid->string (file-system-device file-system))))
- (else
- (file-system-device file-system)))
+ (string-append (match (file-system-device file-system)
+ ((? file-system-label? label)
+ (string-append "LABEL="
+ (file-system-label->string label)))
+ ((? uuid? uuid)
+ (string-append "UUID=" (uuid->string uuid)))
+ ((? string? device)
+ device))
"\t"
(file-system-mount-point file-system) "\t"
(file-system-type file-system) "\t"
`(("fstab" ,(plain-file "fstab"
(string-append
"\
-# This file was generated from your GuixSD configuration. Any changes
+# This file was generated from your Guix configuration. Any changes
# will be lost upon reboot or reconfiguration.\n\n"
(string-join (map file-system->fstab-entry
file-systems)
'((gnu build file-systems)))
(shepherd-service
(provision (list (file-system->shepherd-service-name file-system)))
- (requirement `(root-file-system
+ (requirement `(root-file-system udev
,@(map dependency->shepherd-service-name dependencies)))
(documentation "Check, mount, and unmount the given file system.")
(start #~(lambda args
(start #~(const #t))
(stop #~(const #f))))
- (cons sink (map file-system-shepherd-service file-systems))))
+ (define known-mount-points
+ (map file-system-mount-point file-systems))
+
+ (define user-unmount
+ (shepherd-service
+ (documentation "Unmount manually-mounted file systems.")
+ (provision '(user-file-systems))
+ (start #~(const #t))
+ (stop #~(lambda args
+ (define (known? mount-point)
+ (member mount-point
+ (cons* "/proc" "/sys" '#$known-mount-points)))
+
+ ;; Make sure we don't keep the user's mount points busy.
+ (chdir "/")
+
+ (for-each (lambda (mount-point)
+ (format #t "unmounting '~a'...~%" mount-point)
+ (catch 'system-error
+ (lambda ()
+ (umount mount-point))
+ (lambda args
+ (let ((errno (system-error-errno args)))
+ (format #t "failed to unmount '~a': ~a~%"
+ mount-point (strerror errno))))))
+ (filter (negate known?) (mount-points)))
+ #f))))
+
+ (cons* sink user-unmount
+ (map file-system-shepherd-service file-systems))))
+
+(define (file-system-fstab-entries file-systems)
+ "Return the subset of @var{file-systems} that should have an entry in
+@file{/etc/fstab}."
+ ;; /etc/fstab is about telling fsck(8), mount(8), and umount(8) about
+ ;; relevant file systems they'll have to deal with. That excludes "pseudo"
+ ;; file systems.
+ ;;
+ ;; In particular, things like GIO (part of GLib) use it to determine the set
+ ;; of mounts, which is then used by graphical file managers and desktop
+ ;; environments to display "volume" icons. Thus, we really need to exclude
+ ;; those pseudo file systems from the list.
+ (remove (lambda (file-system)
+ (or (member (file-system-type file-system)
+ %pseudo-file-system-types)
+ (memq 'bind-mount (file-system-flags file-system))))
+ file-systems))
(define file-system-service-type
(service-type (name 'file-systems)
(list (service-extension shepherd-root-service-type
file-system-shepherd-services)
(service-extension fstab-service-type
- identity)))
+ file-system-fstab-entries)
+
+ ;; Have 'user-processes' depend on 'file-systems'.
+ (service-extension user-processes-service-type
+ (const '(file-systems)))))
(compose concatenate)
(extend append)
(description
"Provide Shepherd services to mount and unmount the given
file systems, as well as corresponding @file{/etc/fstab} entries.")))
-(define user-unmount-service-type
- (shepherd-service-type
- 'user-file-systems
- (lambda (known-mount-points)
- (shepherd-service
- (documentation "Unmount manually-mounted file systems.")
- (provision '(user-file-systems))
- (start #~(const #t))
- (stop #~(lambda args
- (define (known? mount-point)
- (member mount-point
- (cons* "/proc" "/sys" '#$known-mount-points)))
-
- ;; Make sure we don't keep the user's mount points busy.
- (chdir "/")
-
- (for-each (lambda (mount-point)
- (format #t "unmounting '~a'...~%" mount-point)
- (catch 'system-error
- (lambda ()
- (umount mount-point))
- (lambda args
- (let ((errno (system-error-errno args)))
- (format #t "failed to unmount '~a': ~a~%"
- mount-point (strerror errno))))))
- (filter (negate known?) (mount-points)))
- #f))))))
-
-(define (user-unmount-service known-mount-points)
- "Return a service whose sole purpose is to unmount file systems not listed
-in KNOWN-MOUNT-POINTS when it is stopped."
- (service user-unmount-service-type known-mount-points))
-
-(define %do-not-kill-file
- ;; Name of the file listing PIDs of processes that must survive when halting
- ;; the system. Typical example is user-space file systems.
- "/etc/shepherd/do-not-kill")
-
-(define user-processes-service-type
- (shepherd-service-type
- 'user-processes
- (lambda (grace-delay)
- (shepherd-service
- (documentation "When stopped, terminate all user processes.")
- (provision '(user-processes))
- (requirement '(file-systems))
- (start #~(const #t))
- (stop #~(lambda _
- (define (kill-except omit signal)
- ;; Kill all the processes with SIGNAL except those listed
- ;; in OMIT and the current process.
- (let ((omit (cons (getpid) omit)))
- (for-each (lambda (pid)
- (unless (memv pid omit)
- (false-if-exception
- (kill pid signal))))
- (processes))))
-
- (define omitted-pids
- ;; List of PIDs that must not be killed.
- (if (file-exists? #$%do-not-kill-file)
- (map string->number
- (call-with-input-file #$%do-not-kill-file
- (compose string-tokenize
- (@ (ice-9 rdelim) read-string))))
- '()))
-
- (define (now)
- (car (gettimeofday)))
-
- (define (sleep* n)
- ;; Really sleep N seconds.
- ;; Work around <http://bugs.gnu.org/19581>.
- (define start (now))
- (let loop ((elapsed 0))
- (when (> n elapsed)
- (sleep (- n elapsed))
- (loop (- (now) start)))))
-
- (define lset= (@ (srfi srfi-1) lset=))
-
- (display "sending all processes the TERM signal\n")
-
- (if (null? omitted-pids)
- (begin
- ;; Easy: terminate all of them.
- (kill -1 SIGTERM)
- (sleep* #$grace-delay)
- (kill -1 SIGKILL))
- (begin
- ;; Kill them all except OMITTED-PIDS. XXX: We would
- ;; like to (kill -1 SIGSTOP) to get a fixed list of
- ;; processes, like 'killall5' does, but that seems
- ;; unreliable.
- (kill-except omitted-pids SIGTERM)
- (sleep* #$grace-delay)
- (kill-except omitted-pids SIGKILL)
- (delete-file #$%do-not-kill-file)))
-
- (let wait ()
- ;; Reap children, if any, so that we don't end up with
- ;; zombies and enter an infinite loop.
- (let reap-children ()
- (define result
- (false-if-exception
- (waitpid WAIT_ANY (if (null? omitted-pids)
- 0
- WNOHANG))))
-
- (when (and (pair? result)
- (not (zero? (car result))))
- (reap-children)))
-
- (let ((pids (processes)))
- (unless (lset= = pids (cons 1 omitted-pids))
- (format #t "waiting for process termination\
- (processes left: ~s)~%"
- pids)
- (sleep* 2)
- (wait))))
-
- (display "all processes have been terminated\n")
- #f))
- (respawn? #f)))))
-
-(define* (user-processes-service #:key (grace-delay 4))
- "Return the service that is responsible for terminating all the processes so
-that the root file system can be re-mounted read-only, just before
-rebooting/halting. Processes still running GRACE-DELAY seconds after SIGTERM
-has been sent are terminated with SIGKILL.
-
-The returned service will depend on 'file-systems', meaning that it is
-considered started after all the auto-mount file systems have been mounted.
-
-All the services that spawn processes must depend on this one so that they are
-stopped before 'kill' is called."
- (service user-processes-service-type grace-delay))
\f
;;;
(list (shepherd-service
(documentation "Preserve entropy across reboots for /dev/urandom.")
(provision '(urandom-seed))
- (requirement '(user-processes))
+
+ ;; Depend on udev so that /dev/hwrng is available.
+ (requirement '(file-systems udev))
+
(start #~(lambda _
;; On boot, write random seed into /dev/urandom.
(when (file-exists? #$%random-seed-file)
(call-with-output-file "/dev/urandom"
(lambda (urandom)
(dump-port seed urandom))))))
+
+ ;; Try writing from /dev/hwrng into /dev/urandom.
+ ;; It seems that the file /dev/hwrng always exists, even
+ ;; when there is no hardware random number generator
+ ;; available. So, we handle a failed read or any other error
+ ;; reported by the operating system.
+ (let ((buf (catch 'system-error
+ (lambda ()
+ (call-with-input-file "/dev/hwrng"
+ (lambda (hwrng)
+ (get-bytevector-n hwrng 512))))
+ ;; Silence is golden...
+ (const #f))))
+ (when buf
+ (call-with-output-file "/dev/urandom"
+ (lambda (urandom)
+ (put-bytevector urandom buf)))))
+
;; Immediately refresh the seed in case the system doesn't
;; shut down cleanly.
(call-with-input-file "/dev/urandom"
(service-type (name 'urandom-seed)
(extensions
(list (service-extension shepherd-root-service-type
- urandom-seed-shepherd-service)))
+ urandom-seed-shepherd-service)
+
+ ;; Have 'user-processes' depend on 'urandom-seed'.
+ ;; This ensures that user processes and daemons don't
+ ;; start until we have seeded the PRNG.
+ (service-extension user-processes-service-type
+ (const '(urandom-seed)))))
+ (default-value #f)
(description
"Seed the @file{/dev/urandom} pseudo-random number
generator (RNG) with the value recorded when the system was last shut
down.")))
-(define (urandom-seed-service)
- (service urandom-seed-service-type #f))
+(define-deprecated (urandom-seed-service)
+ urandom-seed-service-type
+ (service urandom-seed-service-type))
;;;
"Return a service that sets the host name to @var{name}."
(service host-name-service-type name))
-(define (unicode-start tty)
- "Return a gexp to start Unicode support on @var{tty}."
- (with-imported-modules '((guix build syscalls))
- #~(let* ((fd (open-fdes #$tty O_RDWR))
- (termios (tcgetattr fd)))
- (define (set-utf8-input termios)
- (set-field termios (termios-input-flags)
- (logior (input-flags IUTF8)
- (termios-input-flags termios))))
-
- ;; See console_codes(4).
- (display "\x1b%G" (fdes->outport fd))
-
- (tcsetattr fd (tcsetattr-action TCSAFLUSH)
- (set-utf8-input termios))
-
- ;; TODO: ioctl(fd, KDSKBMODE, K_UNICODE);
- (close-fdes fd)
- #t)))
+(define virtual-terminal-service-type
+ ;; Ensure that virtual terminals run in UTF-8 mode. This is the case by
+ ;; default with recent Linux kernels, but this service allows us to ensure
+ ;; this. This service must start before any 'term-' service so that newly
+ ;; created terminals inherit this property. See
+ ;; <https://bugs.gnu.org/30505> for a discussion.
+ (shepherd-service-type
+ 'virtual-terminal
+ (lambda (utf8?)
+ (let ((knob "/sys/module/vt/parameters/default_utf8"))
+ (shepherd-service
+ (documentation "Set virtual terminals in UTF-8 module.")
+ (provision '(virtual-terminal))
+ (requirement '(root-file-system))
+ (start #~(lambda _
+ ;; In containers /sys is read-only so don't insist on
+ ;; writing to this file.
+ (unless (= 1 (call-with-input-file #$knob read))
+ (call-with-output-file #$knob
+ (lambda (port)
+ (display 1 port))))
+ #t))
+ (stop #~(const #f)))))
+ #t)) ;default to UTF-8
(define console-keymap-service-type
(shepherd-service-type
#$@files))))
(respawn? #f)))))
-(define (console-keymap-service . files)
+(define-deprecated (console-keymap-service #:rest files)
+ #f
"Return a service to load console keymaps from @var{files}."
(service console-keymap-service-type files))
(requirement (list (symbol-append 'term-
(string->symbol tty))))
- (modules '((guix build syscalls) ;for 'tcsetattr'
- (srfi srfi-9 gnu))) ;for 'set-field'
(start #~(lambda _
;; It could be that mingetty is not fully ready yet,
;; which we check by calling 'ttyname'.
(usleep 500)
(loop (- i 1))))
- (and #$(unicode-start device)
- ;; 'setfont' returns EX_OSERR (71) when an
- ;; KDFONTOP ioctl fails, for example. Like
- ;; systemd's vconsole support, let's not treat
- ;; this as an error.
- (case (status:exit-val
- (system* #$(file-append kbd "/bin/setfont")
- "-C" #$device #$font))
- ((0 71) #t)
- (else #f)))))
+ ;; Assume the VT is already in UTF-8 mode, thanks to
+ ;; the 'virtual-terminal' service.
+ ;;
+ ;; 'setfont' returns EX_OSERR (71) when an
+ ;; KDFONTOP ioctl fails, for example. Like
+ ;; systemd's vconsole support, let's not treat
+ ;; this as an error.
+ (case (status:exit-val
+ (system* #$(file-append kbd "/bin/setfont")
+ "-C" #$device #$font))
+ ((0 71) #t)
+ (else #f))))
(stop #~(const #t))
(respawn? #f)))))
tty+font))
"Return the list of PAM service needed for CONF."
;; Let 'login' be known to PAM.
(list (unix-pam-service "login"
+ #:login-uid? #t
#:allow-empty-passwords?
(login-configuration-allow-empty-passwords? config)
#:motd
(service-type (name 'login)
(extensions (list (service-extension pam-root-service-type
login-pam-service)))
+ (default-value (login-configuration))
(description
"Provide a console log-in service as specified by its
configuration value, a @code{login-configuration} object.")))
agetty-configuration?
(agetty agetty-configuration-agetty ;<package>
(default util-linux))
- (tty agetty-configuration-tty) ;string
+ (tty agetty-configuration-tty) ;string | #f
(term agetty-term ;string | #f
(default #f))
(baud-rate agetty-baud-rate ;string | #f
;;; (default #f))
)
+(define (default-serial-port)
+ "Return a gexp that determines a reasonable default serial port
+to use as the tty. This is primarily useful for headless systems."
+ #~(begin
+ ;; console=device,options
+ ;; device: can be tty0, ttyS0, lp0, ttyUSB0 (serial).
+ ;; options: BBBBPNF. P n|o|e, N number of bits,
+ ;; F flow control (r RTS)
+ (let* ((not-comma (char-set-complement (char-set #\,)))
+ (command (linux-command-line))
+ (agetty-specs (find-long-options "agetty.tty" command))
+ (console-specs (filter (lambda (spec)
+ (and (string-prefix? "tty" spec)
+ (not (or
+ (string-prefix? "tty0" spec)
+ (string-prefix? "tty1" spec)
+ (string-prefix? "tty2" spec)
+ (string-prefix? "tty3" spec)
+ (string-prefix? "tty4" spec)
+ (string-prefix? "tty5" spec)
+ (string-prefix? "tty6" spec)
+ (string-prefix? "tty7" spec)
+ (string-prefix? "tty8" spec)
+ (string-prefix? "tty9" spec)))))
+ (find-long-options "console" command)))
+ (specs (append agetty-specs console-specs)))
+ (match specs
+ (() #f)
+ ((spec _ ...)
+ ;; Extract device name from first spec.
+ (match (string-tokenize spec not-comma)
+ ((device-name _ ...)
+ device-name)))))))
+
(define agetty-shepherd-service
(match-lambda
(($ <agetty-configuration> agetty tty term baud-rate auto-login
erase-characters kill-characters chdir delay nice extra-options)
(list
(shepherd-service
+ (modules '((ice-9 match) (gnu build linux-boot)))
(documentation "Run agetty on a tty.")
- (provision (list (symbol-append 'term- (string->symbol tty))))
+ (provision (list (symbol-append 'term- (string->symbol (or tty "auto")))))
;; Since the login prompt shows the host name, wait for the 'host-name'
;; service to be done. Also wait for udev essentially so that the tty
;; mingetty-shepherd-service).
(requirement '(user-processes host-name udev))
- (start #~(make-forkexec-constructor
- (list #$(file-append util-linux "/sbin/agetty")
- #$@extra-options
- #$@(if eight-bits?
- #~("--8bits")
- #~())
- #$@(if no-reset?
- #~("--noreset")
- #~())
- #$@(if remote?
- #~("--remote")
- #~())
- #$@(if flow-control?
- #~("--flow-control")
- #~())
- #$@(if host
- #~("--host" #$host)
- #~())
- #$@(if no-issue?
- #~("--noissue")
- #~())
- #$@(if init-string
- #~("--init-string" #$init-string)
- #~())
- #$@(if no-clear?
- #~("--noclear")
- #~())
+ (start #~(lambda args
+ (let ((defaulted-tty #$(or tty (default-serial-port))))
+ (apply
+ (if defaulted-tty
+ (make-forkexec-constructor
+ (list #$(file-append util-linux "/sbin/agetty")
+ #$@extra-options
+ #$@(if eight-bits?
+ #~("--8bits")
+ #~())
+ #$@(if no-reset?
+ #~("--noreset")
+ #~())
+ #$@(if remote?
+ #~("--remote")
+ #~())
+ #$@(if flow-control?
+ #~("--flow-control")
+ #~())
+ #$@(if host
+ #~("--host" #$host)
+ #~())
+ #$@(if no-issue?
+ #~("--noissue")
+ #~())
+ #$@(if init-string
+ #~("--init-string" #$init-string)
+ #~())
+ #$@(if no-clear?
+ #~("--noclear")
+ #~())
;;; FIXME This doesn't work as expected. According to agetty(8), if this option
;;; is not passed, then the default is 'auto'. However, in my tests, when that
;;; option is selected, agetty never presents the login prompt, and the
;;; term-ttyS0 service respawns every few seconds.
- #$@(if local-line
- #~(#$(match local-line
- ('auto "--local-line=auto")
- ('always "--local-line=always")
- ('never "-local-line=never")))
- #~())
- #$@(if extract-baud?
- #~("--extract-baud")
- #~())
- #$@(if skip-login?
- #~("--skip-login")
- #~())
- #$@(if no-newline?
- #~("--nonewline")
- #~())
- #$@(if login-options
- #~("--login-options" #$login-options)
- #~())
- #$@(if chroot
- #~("--chroot" #$chroot)
- #~())
- #$@(if hangup?
- #~("--hangup")
- #~())
- #$@(if keep-baud?
- #~("--keep-baud")
- #~())
- #$@(if timeout
- #~("--timeout" #$(number->string timeout))
- #~())
- #$@(if detect-case?
- #~("--detect-case")
- #~())
- #$@(if wait-cr?
- #~("--wait-cr")
- #~())
- #$@(if no-hints?
- #~("--nohints?")
- #~())
- #$@(if no-hostname?
- #~("--nohostname")
- #~())
- #$@(if long-hostname?
- #~("--long-hostname")
- #~())
- #$@(if erase-characters
- #~("--erase-chars" #$erase-characters)
- #~())
- #$@(if kill-characters
- #~("--kill-chars" #$kill-characters)
- #~())
- #$@(if chdir
- #~("--chdir" #$chdir)
- #~())
- #$@(if delay
- #~("--delay" #$(number->string delay))
- #~())
- #$@(if nice
- #~("--nice" #$(number->string nice))
- #~())
- #$@(if auto-login
- (list "--autologin" auto-login)
- '())
- #$@(if login-program
- #~("--login-program" #$login-program)
- #~())
- #$@(if login-pause?
- #~("--login-pause")
- #~())
- #$tty
- #$@(if baud-rate
- #~(#$baud-rate)
- #~())
- #$@(if term
- #~(#$term)
- #~()))))
+ #$@(if local-line
+ #~(#$(match local-line
+ ('auto "--local-line=auto")
+ ('always "--local-line=always")
+ ('never "-local-line=never")))
+ #~())
+ #$@(if tty
+ #~()
+ #~("--keep-baud"))
+ #$@(if extract-baud?
+ #~("--extract-baud")
+ #~())
+ #$@(if skip-login?
+ #~("--skip-login")
+ #~())
+ #$@(if no-newline?
+ #~("--nonewline")
+ #~())
+ #$@(if login-options
+ #~("--login-options" #$login-options)
+ #~())
+ #$@(if chroot
+ #~("--chroot" #$chroot)
+ #~())
+ #$@(if hangup?
+ #~("--hangup")
+ #~())
+ #$@(if keep-baud?
+ #~("--keep-baud")
+ #~())
+ #$@(if timeout
+ #~("--timeout" #$(number->string timeout))
+ #~())
+ #$@(if detect-case?
+ #~("--detect-case")
+ #~())
+ #$@(if wait-cr?
+ #~("--wait-cr")
+ #~())
+ #$@(if no-hints?
+ #~("--nohints?")
+ #~())
+ #$@(if no-hostname?
+ #~("--nohostname")
+ #~())
+ #$@(if long-hostname?
+ #~("--long-hostname")
+ #~())
+ #$@(if erase-characters
+ #~("--erase-chars" #$erase-characters)
+ #~())
+ #$@(if kill-characters
+ #~("--kill-chars" #$kill-characters)
+ #~())
+ #$@(if chdir
+ #~("--chdir" #$chdir)
+ #~())
+ #$@(if delay
+ #~("--delay" #$(number->string delay))
+ #~())
+ #$@(if nice
+ #~("--nice" #$(number->string nice))
+ #~())
+ #$@(if auto-login
+ (list "--autologin" auto-login)
+ '())
+ #$@(if login-program
+ #~("--login-program" #$login-program)
+ #~())
+ #$@(if login-pause?
+ #~("--login-pause")
+ #~())
+ defaulted-tty
+ #$@(if baud-rate
+ #~(#$baud-rate)
+ #~())
+ #$@(if term
+ #~(#$term)
+ #~())))
+ (const #f)) ; never start.
+ args))))
(stop #~(make-kill-destructor)))))))
(define agetty-service-type
;; Since the login prompt shows the host name, wait for the 'host-name'
;; service to be done. Also wait for udev essentially so that the tty
;; text is not lost in the middle of kernel messages (XXX).
- (requirement '(user-processes host-name udev))
+ (requirement '(user-processes host-name udev virtual-terminal))
(start #~(make-forkexec-constructor
(list #$(file-append mingetty "/sbin/mingetty")
- "--noclear" #$tty
+ "--noclear"
+
+ ;; Avoiding 'vhangup' allows us to avoid 'setfont'
+ ;; errors down the path where various ioctls get
+ ;; EIO--see 'hung_up_tty_ioctl' in driver/tty/tty_io.c
+ ;; in Linux.
+ "--nohangup" #$tty
+
#$@(if auto-login
#~("--autologin" #$auto-login)
#~())
(string-concatenate
(map cache->config caches)))))))
+(define (nscd-action-procedure nscd config option)
+ ;; XXX: This is duplicated from mcron; factorize.
+ #~(lambda (_ . args)
+ ;; Run 'nscd' in a pipe so we can explicitly redirect its output to
+ ;; 'current-output-port', which at this stage is bound to the client
+ ;; connection.
+ (let ((pipe (apply open-pipe* OPEN_READ #$nscd
+ "-f" #$config #$option args)))
+ (let loop ()
+ (match (read-line pipe 'concat)
+ ((? eof-object?)
+ (catch 'system-error
+ (lambda ()
+ (zero? (close-pipe pipe)))
+ (lambda args
+ ;; There's a race with the SIGCHLD handler, which could
+ ;; call 'waitpid' before 'close-pipe' above does. If we
+ ;; get ECHILD, that means we lost the race; in that case, we
+ ;; cannot tell what the exit code was (FIXME).
+ (or (= ECHILD (system-error-errno args))
+ (apply throw args)))))
+ (line
+ (display line)
+ (loop)))))))
+
+(define (nscd-actions nscd config)
+ "Return Shepherd actions for NSCD."
+ ;; Make this functionality available as actions because that's a simple way
+ ;; to run the right 'nscd' binary with the right config file.
+ (list (shepherd-action
+ (name 'statistics)
+ (documentation "Display statistics about nscd usage.")
+ (procedure (nscd-action-procedure nscd config "--statistics")))
+ (shepherd-action
+ (name 'invalidate)
+ (documentation
+ "Invalidate the given cache--e.g., 'hosts' for host name lookups.")
+ (procedure (nscd-action-procedure nscd config "--invalidate")))))
+
(define (nscd-shepherd-service config)
"Return a shepherd service for CONFIG, an <nscd-configuration> object."
- (let ((nscd.conf (nscd.conf-file config))
+ (let ((nscd (file-append (nscd-configuration-glibc config)
+ "/sbin/nscd"))
+ (nscd.conf (nscd.conf-file config))
(name-services (nscd-configuration-name-services config)))
(list (shepherd-service
(documentation "Run libc's name service cache daemon (nscd).")
(provision '(nscd))
(requirement '(user-processes))
(start #~(make-forkexec-constructor
- (list #$(file-append (nscd-configuration-glibc config)
- "/sbin/nscd")
- "-f" #$nscd.conf "--foreground")
+ (list #$nscd "-f" #$nscd.conf "--foreground")
;; Wait for the PID file. However, the PID file is
;; written before nscd is actually listening on its
(string-append dir "/lib"))
(list #$@name-services))
":")))))
- (stop #~(make-kill-destructor))))))
+ (stop #~(make-kill-destructor))
+ (modules `((ice-9 popen) ;for the actions
+ (ice-9 rdelim)
+ (ice-9 match)
+ ,@%default-modules))
+ (actions (nscd-actions nscd nscd.conf))))))
(define nscd-activation
;; Actions to take before starting nscd.
(name-services (append
(nscd-configuration-name-services config)
name-services)))))
+ (default-value %nscd-default-configuration)
(description
"Runs libc's @dfn{name service cache daemon} (nscd) with the
given configuration---an @code{<nscd-configuration>} object. @xref{Name
(define* (guix-build-accounts count #:key
(group "guixbuild")
- (first-uid 30001)
(shadow shadow))
- "Return a list of COUNT user accounts for Guix build users, with UIDs
-starting at FIRST-UID, and under GID."
+ "Return a list of COUNT user accounts for Guix build users with the given
+GID."
(unfold (cut > <> count)
(lambda (n)
(user-account
(name (format #f "guixbuilder~2,'0d" n))
(system? #t)
- (uid (+ first-uid n -1))
(group group)
;; guix-daemon expects GROUP to be listed as a
1+
1))
-(define (hydra-key-authorization key guix)
- "Return a gexp with code to register KEY, a file containing a 'guix archive'
-public key, with GUIX."
- #~(unless (file-exists? "/etc/guix/acl")
- (let ((pid (primitive-fork)))
- (case pid
- ((0)
- (let* ((key #$key)
- (port (open-file key "r0b")))
- (format #t "registering public key '~a'...~%" key)
- (close-port (current-input-port))
- (dup port 0)
- (execl #$(file-append guix "/bin/guix")
- "guix" "archive" "--authorize")
- (exit 1)))
- (else
- (let ((status (cdr (waitpid pid))))
- (unless (zero? status)
- (format (current-error-port) "warning: \
-failed to register hydra.gnu.org public key: ~a~%" status))))))))
+(define not-config?
+ ;; Select (guix …) and (gnu …) modules, except (guix config).
+ (match-lambda
+ (('guix 'config) #f)
+ (('guix rest ...) #t)
+ (('gnu rest ...) #t)
+ (rest #f)))
+
+(define (hydra-key-authorization keys guix)
+ "Return a gexp with code to register KEYS, a list of files containing 'guix
+archive' public keys, with GUIX."
+ (define default-acl
+ (with-extensions (list guile-gcrypt)
+ (with-imported-modules `(((guix config) => ,(make-config.scm))
+ ,@(source-module-closure '((guix pki))
+ #:select? not-config?))
+ (computed-file "acl"
+ #~(begin
+ (use-modules (guix pki)
+ (gcrypt pk-crypto)
+ (ice-9 rdelim))
+
+ (define keys
+ (map (lambda (file)
+ (call-with-input-file file
+ (compose string->canonical-sexp
+ read-string)))
+ '(#$@keys)))
+
+ (call-with-output-file #$output
+ (lambda (port)
+ (write-acl (public-keys->acl keys)
+ port))))))))
+
+ (with-imported-modules '((guix build utils))
+ #~(begin
+ (use-modules (guix build utils))
+
+ (unless (file-exists? "/etc/guix/acl")
+ (mkdir-p "/etc/guix")
+ (copy-file #+default-acl "/etc/guix/acl")
+ (chmod "/etc/guix/acl" #o600)))))
(define %default-authorized-guix-keys
;; List of authorized substitute keys.
(default #t))
(substitute-urls guix-configuration-substitute-urls ;list of strings
(default %default-substitute-urls))
+ (chroot-directories guix-configuration-chroot-directories ;list of file-like/strings
+ (default '()))
(max-silent-time guix-configuration-max-silent-time ;integer
(default 0))
(timeout guix-configuration-timeout ;integer
(default 0))
+ (log-compression guix-configuration-log-compression
+ (default 'bzip2))
(extra-options guix-configuration-extra-options ;list of strings
(default '()))
(log-file guix-configuration-log-file ;string
(define (guix-shepherd-service config)
"Return a <shepherd-service> for the Guix daemon service with CONFIG."
- (match config
- (($ <guix-configuration> guix build-group build-accounts
- authorize-key? keys
- use-substitutes? substitute-urls
- max-silent-time timeout
- extra-options
- log-file http-proxy tmpdir)
- (list (shepherd-service
- (documentation "Run the Guix daemon.")
- (provision '(guix-daemon))
- (requirement '(user-processes))
- (start
- #~(make-forkexec-constructor
- (list #$(file-append guix "/bin/guix-daemon")
+ (match-record config <guix-configuration>
+ (guix build-group build-accounts authorize-key? authorized-keys
+ use-substitutes? substitute-urls max-silent-time timeout
+ log-compression extra-options log-file http-proxy tmpdir
+ chroot-directories)
+ (list (shepherd-service
+ (documentation "Run the Guix daemon.")
+ (provision '(guix-daemon))
+ (requirement '(user-processes))
+ (modules '((srfi srfi-1)))
+ (start
+ #~(make-forkexec-constructor
+ (cons* #$(file-append guix "/bin/guix-daemon")
"--build-users-group" #$build-group
"--max-silent-time" #$(number->string max-silent-time)
"--timeout" #$(number->string timeout)
+ "--log-compression" #$(symbol->string log-compression)
#$@(if use-substitutes?
'()
'("--no-substitutes"))
"--substitute-urls" #$(string-join substitute-urls)
- #$@extra-options)
-
- #:environment-variables
- (list #$@(if http-proxy
- (list (string-append "http_proxy=" http-proxy))
- '())
- #$@(if tmpdir
- (list (string-append "TMPDIR=" tmpdir))
- '()))
-
- #:log-file #$log-file))
- (stop #~(make-kill-destructor)))))))
+ #$@extra-options
+
+ ;; Add CHROOT-DIRECTORIES and all their dependencies (if
+ ;; these are store items) to the chroot.
+ (append-map (lambda (file)
+ (append-map (lambda (directory)
+ (list "--chroot-directory"
+ directory))
+ (call-with-input-file file
+ read)))
+ '#$(map references-file chroot-directories)))
+
+ #:environment-variables
+ (list #$@(if http-proxy
+ (list (string-append "http_proxy=" http-proxy))
+ '())
+ #$@(if tmpdir
+ (list (string-append "TMPDIR=" tmpdir))
+ '())
+
+ ;; Make sure we run in a UTF-8 locale so that 'guix
+ ;; offload' correctly restores nars that contain UTF-8
+ ;; file names such as 'nss-certs'. See
+ ;; <https://bugs.gnu.org/32942>.
+ (string-append "GUIX_LOCPATH="
+ #$glibc-utf8-locales "/lib/locale")
+ "LC_ALL=en_US.utf8")
+
+ #:log-file #$log-file))
+ (stop #~(make-kill-destructor))))))
(define (guix-accounts config)
"Return the user accounts and user groups for CONFIG."
;; otherwise call 'chown' here, but the problem is that on a COW overlayfs,
;; chown leads to an entire copy of the tree, which is a bad idea.
- ;; Optionally authorize hydra.gnu.org's key.
+ ;; Optionally authorize substitute server keys.
(if authorize-key?
- #~(begin
- #$@(map (cut hydra-key-authorization <> guix) keys))
+ (hydra-key-authorization keys guix)
#~#f))))
+(define* (references-file item #:optional (name "references"))
+ "Return a file that contains the list of references of ITEM."
+ (if (struct? item) ;lowerable object
+ (computed-file name
+ (with-imported-modules (source-module-closure
+ '((guix build store-copy)))
+ #~(begin
+ (use-modules (guix build store-copy))
+
+ (call-with-output-file #$output
+ (lambda (port)
+ (write (map store-info-item
+ (call-with-input-file "graph"
+ read-reference-graph))
+ port)))))
+ #:options `(#:local-build? #f
+ #:references-graphs (("graph" ,item))))
+ (plain-file name "()")))
+
(define guix-service-type
(service-type
(name 'guix)
(service-extension activation-service-type guix-activation)
(service-extension profile-service-type
(compose list guix-configuration-guix))))
+
+ ;; Extensions can specify extra directories to add to the build chroot.
+ (compose concatenate)
+ (extend (lambda (config directories)
+ (guix-configuration
+ (inherit config)
+ (chroot-directories
+ (append (guix-configuration-chroot-directories config)
+ directories)))))
+
(default-value (guix-configuration))
(description
"Run the build daemon of GNU@tie{}Guix, aka. @command{guix-daemon}.")))
-(define* (guix-service #:optional (config %default-guix-configuration))
+(define-deprecated (guix-service #:optional
+ (config %default-guix-configuration))
+ guix-service-type
"Return a service that runs the Guix build daemon according to
@var{config}."
(service guix-service-type config))
(default 80))
(host guix-publish-configuration-host ;string
(default "localhost"))
- (compression-level guix-publish-configuration-compression-level ;integer
- (default 3))
+ (compression guix-publish-configuration-compression
+ (thunked)
+ (default (default-compression this-record
+ (current-source-location))))
+ (compression-level %guix-publish-configuration-compression-level ;deprecated
+ (default #f))
(nar-path guix-publish-configuration-nar-path ;string
(default "nar"))
(cache guix-publish-configuration-cache ;#f | string
(ttl guix-publish-configuration-ttl ;#f | integer
(default #f)))
-(define guix-publish-shepherd-service
- (match-lambda
- (($ <guix-publish-configuration> guix port host compression
- nar-path cache workers ttl)
- (list (shepherd-service
- (provision '(guix-publish))
- (requirement '(guix-daemon))
- (start #~(make-forkexec-constructor
- (list #$(file-append guix "/bin/guix")
- "publish" "-u" "guix-publish"
- "-p" #$(number->string port)
- "-C" #$(number->string compression)
- (string-append "--nar-path=" #$nar-path)
- (string-append "--listen=" #$host)
- #$@(if workers
- #~((string-append "--workers="
- #$(number->string
- workers)))
- #~())
- #$@(if ttl
- #~((string-append "--ttl="
- #$(number->string ttl)
- "s"))
- #~())
- #$@(if cache
- #~((string-append "--cache=" #$cache))
- #~()))
-
- ;; Make sure we run in a UTF-8 locale so we can produce
- ;; nars for packages that contain UTF-8 file names such
- ;; as 'nss-certs'. See <https://bugs.gnu.org/26948>.
- #:environment-variables
- (list (string-append "GUIX_LOCPATH="
- #$glibc-utf8-locales "/lib/locale")
- "LC_ALL=en_US.utf8")))
- (stop #~(make-kill-destructor)))))))
+(define-deprecated (guix-publish-configuration-compression-level config)
+ "Return a compression level, the old way."
+ (match (guix-publish-configuration-compression config)
+ (((_ level) _ ...) level)))
+
+(define (default-compression config properties)
+ "Return the default 'guix publish' compression according to CONFIG, and
+raise a deprecation warning if the 'compression-level' field was used."
+ (match (%guix-publish-configuration-compression-level config)
+ (#f
+ '(("gzip" 3)))
+ (level
+ (warn-about-deprecation 'compression-level properties
+ #:replacement 'compression)
+ `(("gzip" ,level)))))
+
+(define (guix-publish-shepherd-service config)
+ (define (config->compression-options config)
+ (match (guix-publish-configuration-compression config)
+ (() ;empty list means "no compression"
+ '("-C0"))
+ (lst
+ (append-map (match-lambda
+ ((type level)
+ `("-C" ,(string-append type ":"
+ (number->string level)))))
+ lst))))
+
+ (match-record config <guix-publish-configuration>
+ (guix port host nar-path cache workers ttl)
+ (list (shepherd-service
+ (provision '(guix-publish))
+ (requirement '(guix-daemon))
+ (start #~(make-forkexec-constructor
+ (list #$(file-append guix "/bin/guix")
+ "publish" "-u" "guix-publish"
+ "-p" #$(number->string port)
+ #$@(config->compression-options config)
+ (string-append "--nar-path=" #$nar-path)
+ (string-append "--listen=" #$host)
+ #$@(if workers
+ #~((string-append "--workers="
+ #$(number->string
+ workers)))
+ #~())
+ #$@(if ttl
+ #~((string-append "--ttl="
+ #$(number->string ttl)
+ "s"))
+ #~())
+ #$@(if cache
+ #~((string-append "--cache=" #$cache))
+ #~()))
+
+ ;; Make sure we run in a UTF-8 locale so we can produce
+ ;; nars for packages that contain UTF-8 file names such
+ ;; as 'nss-certs'. See <https://bugs.gnu.org/26948>.
+ #:environment-variables
+ (list (string-append "GUIX_LOCPATH="
+ #$glibc-utf8-locales "/lib/locale")
+ "LC_ALL=en_US.utf8")
+ #:log-file "/var/log/guix-publish.log"))
+ (stop #~(make-kill-destructor))))))
(define %guix-publish-accounts
(list (user-group (name "guix-publish") (system? #t))
(home-directory "/var/empty")
(shell (file-append shadow "/sbin/nologin")))))
+(define %guix-publish-log-rotations
+ (list (log-rotation
+ (files (list "/var/log/guix-publish.log")))))
+
(define (guix-publish-activation config)
(let ((cache (guix-publish-configuration-cache config)))
(if cache
guix-publish-shepherd-service)
(service-extension account-service-type
(const %guix-publish-accounts))
+ (service-extension rottlog-service-type
+ (const %guix-publish-log-rotations))
(service-extension activation-service-type
guix-publish-activation)))
(default-value (guix-publish-configuration))
"Add a Shepherd service running @command{guix publish}, a
command that allows you to share pre-built binaries with others over HTTP.")))
-(define* (guix-publish-service #:key (guix guix) (port 80) (host "localhost"))
+(define-deprecated (guix-publish-service #:key (guix guix)
+ (port 80) (host "localhost"))
+ guix-publish-service-type
"Return a service that runs @command{guix publish} listening on @var{host}
and @var{port} (@pxref{Invoking guix publish}).
udev-configuration make-udev-configuration
udev-configuration?
(udev udev-configuration-udev ;<package>
- (default udev))
+ (default eudev))
(rules udev-configuration-rules ;list of <package>
(default '())))
(documentation "Populate the /dev directory, dynamically.")
(start #~(lambda ()
- (define find
- (@ (srfi srfi-1) find))
-
(define udevd
- ;; Choose the right 'udevd'.
- (find file-exists?
- (map (lambda (suffix)
- (string-append #$udev suffix))
- '("/libexec/udev/udevd" ;udev
- "/sbin/udevd")))) ;eudev
+ ;; 'udevd' from eudev.
+ #$(file-append udev "/sbin/udevd"))
(define (wait-for-udevd)
;; Wait until someone's listening on udevd's control
(string-append linux-module-directory "/"
kernel-release))
(old-umask (umask #o022)))
- (make-static-device-nodes directory)
+ ;; If we're in a container, DIRECTORY might not exist,
+ ;; for instance because the host runs a different
+ ;; kernel. In that case, skip it; we'll just miss a few
+ ;; nodes like /dev/fuse.
+ (when (file-exists? directory)
+ (make-static-device-nodes directory))
(umask old-umask))
- (let ((pid (primitive-fork)))
- (case pid
- ((0)
- (exec-command (list udevd)))
- (else
- ;; Wait until udevd is up and running. This
- ;; appears to be needed so that the events
- ;; triggered below are actually handled.
- (wait-for-udevd)
-
- ;; Trigger device node creation.
- (system* #$(file-append udev "/bin/udevadm")
- "trigger" "--action=add")
-
- ;; Wait for things to settle down.
- (system* #$(file-append udev "/bin/udevadm")
- "settle")
- pid)))))
+ (let ((pid (fork+exec-command (list udevd))))
+ ;; Wait until udevd is up and running. This appears to
+ ;; be needed so that the events triggered below are
+ ;; actually handled.
+ (wait-for-udevd)
+
+ ;; Trigger device node creation.
+ (system* #$(file-append udev "/bin/udevadm")
+ "trigger" "--action=add")
+
+ ;; Wait for things to settle down.
+ (system* #$(file-append udev "/bin/udevadm")
+ "settle")
+ pid)))
(stop #~(make-kill-destructor))
;; When halting the system, 'udev' is actually killed by
(respawn? #f)
;; We need additional modules.
(modules `((gnu build linux-boot)
- ,@%default-modules))))))))
+ ,@%default-modules))
+
+ (actions (list (shepherd-action
+ (name 'rules)
+ (documentation "Display the directory containing
+the udev rules in use.")
+ (procedure #~(lambda (_)
+ (display #$rules)
+ (newline))))))))))))
(define udev-service-type
(service-type (name 'udev)
(udev-configuration
(udev udev)
(rules (append initial-rules rules)))))))
+ (default-value (udev-configuration))
(description
"Run @command{udev}, which populates the @file{/dev}
directory dynamically. Get extra rules from the packages listed in the
"Return a service that uses @var{device} as a swap device."
(service swap-service-type device))
+(define %default-gpm-options
+ ;; Default options for GPM.
+ '("-m" "/dev/input/mice" "-t" "ps2"))
+
(define-record-type* <gpm-configuration>
gpm-configuration make-gpm-configuration gpm-configuration?
- (gpm gpm-configuration-gpm) ;package
- (options gpm-configuration-options)) ;list of strings
+ (gpm gpm-configuration-gpm ;package
+ (default gpm))
+ (options gpm-configuration-options ;list of strings
+ (default %default-gpm-options)))
(define gpm-shepherd-service
(match-lambda
(extensions
(list (service-extension shepherd-root-service-type
gpm-shepherd-service)))
+ (default-value (gpm-configuration))
(description
"Run GPM, the general-purpose mouse daemon, with the given
command-line options. GPM allows users to use the mouse in the console,
notably to select, copy, and paste text. The default options use the
@code{ps2} protocol, which works for both USB and PS/2 mice.")))
-(define* (gpm-service #:key (gpm gpm)
- (options '("-m" "/dev/input/mice" "-t" "ps2")))
+(define-deprecated (gpm-service #:key (gpm gpm)
+ (options %default-gpm-options))
+ gpm-service-type
"Run @var{gpm}, the general-purpose mouse daemon, with the given
command-line @var{options}. GPM allows users to use the mouse in the console,
notably to select, copy, and paste text. The default value of @var{options}
(default (file-append shadow "/bin/login")))
(login-arguments kmscon-configuration-login-arguments
(default '("-p")))
+ (auto-login kmscon-configuration-auto-login
+ (default #f))
(hardware-acceleration? kmscon-configuration-hardware-acceleration?
(default #f))) ; #t causes failure
(virtual-terminal (kmscon-configuration-virtual-terminal config))
(login-program (kmscon-configuration-login-program config))
(login-arguments (kmscon-configuration-login-arguments config))
+ (auto-login (kmscon-configuration-auto-login config))
(hardware-acceleration? (kmscon-configuration-hardware-acceleration? config)))
(define kmscon-command
#~(list
#$(file-append kmscon "/bin/kmscon") "--login"
"--vt" #$virtual-terminal
+ "--no-switchvt" ;Prevent a switch to the virtual terminal.
#$@(if hardware-acceleration? '("--hwaccel") '())
- "--" #$login-program #$@login-arguments))
+ "--login" "--"
+ #$login-program #$@login-arguments
+ #$@(if auto-login
+ #~(#$auto-login)
+ #~())))
(shepherd-service
(documentation "kmscon virtual terminal")
(start #~(make-forkexec-constructor #$kmscon-command))
(stop #~(make-kill-destructor)))))))
+(define-record-type* <static-networking>
+ static-networking make-static-networking
+ static-networking?
+ (interface static-networking-interface)
+ (ip static-networking-ip)
+ (netmask static-networking-netmask
+ (default #f))
+ (gateway static-networking-gateway ;FIXME: doesn't belong here
+ (default #f))
+ (provision static-networking-provision
+ (default #f))
+ (requirement static-networking-requirement
+ (default '()))
+ (name-servers static-networking-name-servers ;FIXME: doesn't belong here
+ (default '())))
+
+(define static-networking-shepherd-service
+ (match-lambda
+ (($ <static-networking> interface ip netmask gateway provision
+ requirement name-servers)
+ (let ((loopback? (and provision (memq 'loopback provision))))
+ (shepherd-service
+
+ (documentation
+ "Bring up the networking interface using a static IP address.")
+ (requirement requirement)
+ (provision (or provision
+ (list (symbol-append 'networking-
+ (string->symbol interface)))))
+
+ (start #~(lambda _
+ ;; Return #t if successfully started.
+ (let* ((addr (inet-pton AF_INET #$ip))
+ (sockaddr (make-socket-address AF_INET addr 0))
+ (mask (and #$netmask
+ (inet-pton AF_INET #$netmask)))
+ (maskaddr (and mask
+ (make-socket-address AF_INET
+ mask 0)))
+ (gateway (and #$gateway
+ (inet-pton AF_INET #$gateway)))
+ (gatewayaddr (and gateway
+ (make-socket-address AF_INET
+ gateway 0))))
+ (configure-network-interface #$interface sockaddr
+ (logior IFF_UP
+ #$(if loopback?
+ #~IFF_LOOPBACK
+ 0))
+ #:netmask maskaddr)
+ (when gateway
+ (let ((sock (socket AF_INET SOCK_DGRAM 0)))
+ (add-network-route/gateway sock gatewayaddr)
+ (close-port sock))))))
+ (stop #~(lambda _
+ ;; Return #f is successfully stopped.
+ (let ((sock (socket AF_INET SOCK_STREAM 0)))
+ (when #$gateway
+ (delete-network-route sock
+ (make-socket-address
+ AF_INET INADDR_ANY 0)))
+ (set-network-interface-flags sock #$interface 0)
+ (close-port sock)
+ #f)))
+ (respawn? #f))))))
+
+(define (static-networking-etc-files interfaces)
+ "Return a /etc/resolv.conf entry for INTERFACES or the empty list."
+ (match (delete-duplicates
+ (append-map static-networking-name-servers
+ interfaces))
+ (()
+ '())
+ ((name-servers ...)
+ (let ((content (string-join
+ (map (cut string-append "nameserver " <>)
+ name-servers)
+ "\n" 'suffix)))
+ `(("resolv.conf"
+ ,(plain-file "resolv.conf"
+ (string-append "\
+# Generated by 'static-networking-service'.\n"
+ content))))))))
+
+(define (static-networking-shepherd-services interfaces)
+ "Return the list of Shepherd services to bring up INTERFACES, a list of
+<static-networking> objects."
+ (define (loopback? service)
+ (memq 'loopback (shepherd-service-provision service)))
+
+ (let ((services (map static-networking-shepherd-service interfaces)))
+ (match (remove loopback? services)
+ (()
+ ;; There's no interface other than 'loopback', so we assume that the
+ ;; 'networking' service will be provided by dhclient or similar.
+ services)
+ ((non-loopback ...)
+ ;; Assume we're providing all the interfaces, and thus, provide a
+ ;; 'networking' service.
+ (cons (shepherd-service
+ (provision '(networking))
+ (requirement (append-map shepherd-service-provision
+ services))
+ (start #~(const #t))
+ (stop #~(const #f))
+ (documentation "Bring up all the networking interfaces."))
+ services)))))
+
+(define static-networking-service-type
+ ;; The service type for statically-defined network interfaces.
+ (service-type (name 'static-networking)
+ (extensions
+ (list
+ (service-extension shepherd-root-service-type
+ static-networking-shepherd-services)
+ (service-extension etc-service-type
+ static-networking-etc-files)))
+ (compose concatenate)
+ (extend append)
+ (description
+ "Turn up the specified network interfaces upon startup,
+with the given IP address, gateway, netmask, and so on. The value for
+services of this type is a list of @code{static-networking} objects, one per
+network interface.")))
+
+(define* (static-networking-service interface ip
+ #:key
+ netmask gateway provision
+ ;; Most interfaces require udev to be usable.
+ (requirement '(udev))
+ (name-servers '()))
+ "Return a service that starts @var{interface} with address @var{ip}. If
+@var{netmask} is true, use it as the network mask. If @var{gateway} is true,
+it must be a string specifying the default network gateway.
+
+This procedure can be called several times, one for each network
+interface of interest. Behind the scenes what it does is extend
+@code{static-networking-service-type} with additional network interfaces
+to handle."
+ (simple-service 'static-network-interface
+ static-networking-service-type
+ (list (static-networking (interface interface) (ip ip)
+ (netmask netmask) (gateway gateway)
+ (provision provision)
+ (requirement requirement)
+ (name-servers name-servers)))))
+
\f
(define %base-services
;; Convenience variable holding the basic services.
- (list (login-service)
+ (list (service login-service-type)
+ (service virtual-terminal-service-type)
(service console-font-service-type
(map (lambda (tty)
(cons tty %default-console-font))
'("tty1" "tty2" "tty3" "tty4" "tty5" "tty6")))
- (mingetty-service (mingetty-configuration
- (tty "tty1")))
- (mingetty-service (mingetty-configuration
- (tty "tty2")))
- (mingetty-service (mingetty-configuration
- (tty "tty3")))
- (mingetty-service (mingetty-configuration
- (tty "tty4")))
- (mingetty-service (mingetty-configuration
- (tty "tty5")))
- (mingetty-service (mingetty-configuration
- (tty "tty6")))
+ (service agetty-service-type (agetty-configuration
+ (extra-options '("-L")) ; no carrier detect
+ (term "vt100")
+ (tty #f))) ; automatic
+
+ (service mingetty-service-type (mingetty-configuration
+ (tty "tty1")))
+ (service mingetty-service-type (mingetty-configuration
+ (tty "tty2")))
+ (service mingetty-service-type (mingetty-configuration
+ (tty "tty3")))
+ (service mingetty-service-type (mingetty-configuration
+ (tty "tty4")))
+ (service mingetty-service-type (mingetty-configuration
+ (tty "tty5")))
+ (service mingetty-service-type (mingetty-configuration
+ (tty "tty6")))
(service static-networking-service-type
(list (static-networking (interface "lo")
(ip "127.0.0.1")
+ (requirement '())
(provision '(loopback)))))
(syslog-service)
- (urandom-seed-service)
- (guix-service)
- (nscd-service)
+ (service urandom-seed-service-type)
+ (service guix-service-type)
+ (service nscd-service-type)
;; The LVM2 rules are needed as soon as LVM2 or the device-mapper is
;; used, so enable them by default. The FUSE and ALSA rules are
;; less critical, but handy.
- (udev-service #:rules (list lvm2 fuse alsa-utils crda))
+ (service udev-service-type
+ (udev-configuration
+ (rules (list lvm2 fuse alsa-utils crda))))
(service special-files-service-type
`(("/bin/sh" ,(file-append (canonical-package bash)