From ee2a5da80a9bda25542c00a7a35a9ddddcbd58af Mon Sep 17 00:00:00 2001 From: Mathieu Othacehe Date: Tue, 19 Jan 2021 18:09:28 +0100 Subject: scripts: system: Remove 'vm-image' command. Remove the 'vm-image' command that has been superseded by the 'image' command. * gnu/system/vm.scm (system-qemu-image): Remove it. * guix/scripts/system.scm (system-derivation-for-action): Mark 'vm-image' command as deprecated and use the image API to produce the VM image. (perform-action, show-help): Adapt accordingly. * tests/guix-system.sh: Ditto. * doc/guix.texi (Invoking guix system, Running Guix in a VM): Ditto. * etc/completion/fish/guix.fish: Ditto. * etc/completion/zsh/_guix: Ditto. --- etc/completion/fish/guix.fish | 7 +++---- etc/completion/zsh/_guix | 2 +- 2 files changed, 4 insertions(+), 5 deletions(-) (limited to 'etc') diff --git a/etc/completion/fish/guix.fish b/etc/completion/fish/guix.fish index 73bd176112..422baab4bb 100644 --- a/etc/completion/fish/guix.fish +++ b/etc/completion/fish/guix.fish @@ -133,7 +133,7 @@ complete -f -c guix -n '__fish_guix_using_command pull' -l url -d 'download the complete -f -c guix -n '__fish_guix_using_command pull' -l bootstrap -d 'use the bootstrap Guile to build the new Guix' #### system -set -l remotecommands reconfigure roll-back switch-generation list-generations build container vm vm-image disk-image init extension-graph shepherd-graph load-path keep-failed keep-going dry-run fallback no-substitutes substitutes-urls no-grafts no-offload max-silent-time timeout verbosity rounds cores max-jobs derivation on-error image-size no-grub share expose full-boot +set -l remotecommands reconfigure roll-back switch-generation list-generations build container vm image init extension-graph shepherd-graph load-path keep-failed keep-going dry-run fallback no-substitutes substitutes-urls no-grafts no-offload max-silent-time timeout verbosity rounds cores max-jobs derivation on-error image-size no-grub share expose full-boot complete -f -c guix -n '__fish_guix_needs_command' -a system -d 'Build the operating system declared in FILE according to ACTION.' complete -f -c guix -n '__fish_guix_using_command system' -l reconfigure -d 'switch to a new operating system configuration' complete -f -c guix -n '__fish_guix_using_command system' -l roll-back -d 'switch to the previous operating system configuration' @@ -142,8 +142,7 @@ complete -f -c guix -n '__fish_guix_using_command system' -l list-generations -d complete -f -c guix -n '__fish_guix_using_command system' -l build -d 'build the operating system without installing anything' complete -f -c guix -n '__fish_guix_using_command system' -l container -d 'build a container that shares the host\'s store' complete -f -c guix -n '__fish_guix_using_command system' -l vm -d 'build a virtual machine image that shares the host\'s store' -complete -f -c guix -n '__fish_guix_using_command system' -l vm-image -d 'build a freestanding virtual machine image' -complete -f -c guix -n '__fish_guix_using_command system' -l disk-image -d 'build a disk image, suitable for a USB stick' +complete -f -c guix -n '__fish_guix_using_command system' -l image -d 'build a disk image, suitable for a USB stick' complete -f -c guix -n '__fish_guix_using_command system' -l init -d 'initialize a root file system to run GNU' complete -f -c guix -n '__fish_guix_using_command system' -l extension-graph -d 'emit the service extension graph in Dot format' complete -f -c guix -n '__fish_guix_using_command system' -l shepherd-graph -d 'emit the graph of shepherd services in Dot format' @@ -167,7 +166,7 @@ complete -f -c guix -n '__fish_guix_using_command system' -s M -d 'allow at most complete -f -c guix -n '__fish_guix_using_command system' -a "--max-jobs=" -d 'allow at most N build jobs' complete -f -c guix -n '__fish_guix_using_command system' -s d -l derivation -d 'return the derivation of the given system' complete -f -c guix -n '__fish_guix_using_command system' -a "--on-error=" -d 'apply STRATEGY when an error occurs while reading FILE' -complete -f -c guix -n '__fish_guix_using_command system' -a "--image-size=" -d 'for \'vm-image\', produce an image of SIZE' +complete -f -c guix -n '__fish_guix_using_command system' -a "--image-size=" -d 'for \'image\', produce an image of SIZE' complete -f -c guix -n '__fish_guix_using_command system' -l no-grub -d 'for \'init\', do not install GRUB' complete -f -c guix -n '__fish_guix_using_command system' -a "--share=" -d 'for \'vm\', share host file system according to SPEC' complete -f -c guix -n '__fish_guix_using_command system' -a "--expose=" -d 'for \'vm\', expose host file system according to SPEC' diff --git a/etc/completion/zsh/_guix b/etc/completion/zsh/_guix index ae93b62b1d..aa1a859e0d 100644 --- a/etc/completion/zsh/_guix +++ b/etc/completion/zsh/_guix @@ -383,7 +383,7 @@ _guix_list_installed_packages() '--max-jobs=[allow at most N build jobs]:N' \ '--derivation[return the derivation of the given system]' \ '--on-error=[apply STRATEGY when an error occurs while reading FILE]:STRATEGY' \ - '--image-size=[for "vm-image", produce an image of SIZE]:SIZE' \ + '--image-size=[for "image", produce an image of SIZE]:SIZE' \ '--no-grub[for "init", do not install GRUB]' \ '--share=[for "vm", share host file system according to SPEC]:SPEC' \ '--expose=[for "vm", expose host file system according to SPEC]:SPEC' \ -- cgit v1.2.3 From 3acf140736b1b797c21f9aacfdc6854157b6a312 Mon Sep 17 00:00:00 2001 From: Mathieu Othacehe Date: Wed, 17 Feb 2021 13:30:30 +0100 Subject: news: Add entry for "guix system image". * etc/news.scm: New entry. --- etc/news.scm | 24 +++++++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) (limited to 'etc') diff --git a/etc/news.scm b/etc/news.scm index 1b92886dca..afccd0c6f4 100644 --- a/etc/news.scm +++ b/etc/news.scm @@ -7,7 +7,7 @@ ;; Copyright © 2019, 2020 Julien Lepiller ;; Copyright © 2019, 2020, 2021 Florian Pelz ;; Copyright © 2020 Marius Bakke -;; Copyright © 2020 Mathieu Othacehe +;; Copyright © 2020, 2021 Mathieu Othacehe ;; Copyright © 2020 Jan (janneke) Nieuwenhuizen ;; Copyright © 2020 Maxim Cournoyer ;; @@ -18,6 +18,28 @@ (channel-news (version 0) + (entry (commit "6e8cdf1d26092cb9654e179b04730fff7c15c94f") + (title + (en "The @command{guix system image} command can now operate on image records") + (fr "La commande @command{guix system image} peut désormais fonctionner sur des images")) + (body + (en "The @command{guix system image} command can now operate on +@code{image} records. This means that the file parameter or the expression +passed to this command can return @code{image} or @code{operating-system} +records. + +The @file{gnu/system/images} directory contains default images that can be +built by running @command{guix system image gnu/system/images/pine64.scm} for +instance.") + (fr "La commande @command{guix system image} peut désormais +fonctionner sur des images. Cela signifie que le fichier ou l'expression +passé en paramètre de cette commande peuvent retourner une structure de type +@code{image} ou @code{operating-system}. + +Le dossier @file{gnu/system/images} contient des images par défaut qui peuvent +être construites en lançant la commande @command{guix system image +gnu/system/images/pine64.scm} par exemple."))) + (entry (commit "aa8de806252e3835d57fab351b02d13db762deac") (title (en "Risk of local privilege escalation @i{via} setuid programs") -- cgit v1.2.3 From fb2498aaa12eededef16f1645df79eb7602176d7 Mon Sep 17 00:00:00 2001 From: Florian Pelz Date: Thu, 18 Feb 2021 10:48:35 +0100 Subject: news: Add ‘de’ translation. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- etc/news.scm | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'etc') diff --git a/etc/news.scm b/etc/news.scm index afccd0c6f4..167fbd2f5f 100644 --- a/etc/news.scm +++ b/etc/news.scm @@ -21,6 +21,7 @@ (entry (commit "6e8cdf1d26092cb9654e179b04730fff7c15c94f") (title (en "The @command{guix system image} command can now operate on image records") + (de "Der Befehl @command{guix system image} kann jetzt auch mit @code{image}-Verbundsobjekten umgehen") (fr "La commande @command{guix system image} peut désormais fonctionner sur des images")) (body (en "The @command{guix system image} command can now operate on @@ -31,6 +32,14 @@ records. The @file{gnu/system/images} directory contains default images that can be built by running @command{guix system image gnu/system/images/pine64.scm} for instance.") + (de "Sie können den Befehl @command{guix system image} jetzt auch auf +Verbundsobjekte vom Typ @code{image} anwenden. Das heißt, wenn Sie eine Datei +oder einen Ausdruck als Parameter übergeben, darf dieser ein Verbundsobjekt +vom Typ @code{image} oder @code{operating-system} zurückliefern. + +Im Verzeichnis @file{gnu/system/images} finden Sie vorkonfigurierte Abbilder +als @code{image}-Verbundsobjekte. Sie können zum Beispiel @command{guix system +image gnu/system/images/pine64.scm} ausführen, um das Abbild zu erstellen.") (fr "La commande @command{guix system image} peut désormais fonctionner sur des images. Cela signifie que le fichier ou l'expression passé en paramètre de cette commande peuvent retourner une structure de type -- cgit v1.2.3 From a4458eb0ea4a8ab3801253f3843f6b5abe57e6be Mon Sep 17 00:00:00 2001 From: Zhu Zihao Date: Sun, 14 Feb 2021 21:40:02 +0800 Subject: news: Add 'zh' translation. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Ludovic Courtès --- etc/news.scm | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) (limited to 'etc') diff --git a/etc/news.scm b/etc/news.scm index 167fbd2f5f..5c5f26d96d 100644 --- a/etc/news.scm +++ b/etc/news.scm @@ -53,7 +53,8 @@ gnu/system/images/pine64.scm} par exemple."))) (title (en "Risk of local privilege escalation @i{via} setuid programs") (de "Risiko lokaler Rechteausweitung bei setuid-Programmen") - (fr "Risque de gain local de privilèges @i{via} les programmes setuid")) + (fr "Risque de gain local de privilèges @i{via} les programmes setuid") + (zh "存在通过 setuid 程序进行本地提权的风险")) (body (en "On Guix System, setuid programs were, until now, installed as setuid-root @emph{and} setgid-root (in the @file{/run/setuid-programs} @@ -101,7 +102,19 @@ guix system reconfigure /run/current-system/configuration.scm Les usagers de Guix sur une distrib externe ne sont pas touché·es. Plus d'informations sont disponibles à @url{https://issues.guix.gnu.org/46395} (en -anglais)."))) +anglais).") + (zh "到目前为止,Guix 系统上的 setuid 程序(位于 @file{/run/setuid-programs}) +同时具有 setuid-root @emph{和} setgid-root 权限。然而,此类程序大多被设计为在拥有 +setuid 权限而非 setgid 权限时运行。因此,这样的设置可能会使系统受到本地提权攻击。 + +此漏洞已经被修复,同时建议用户使用下列命令升级他们的系统: + +@example +guix system reconfigure /run/current-system/configuration.scm +@end example + +在 ``第三方宿主系统'' 上使用 Guix 的用户不受此漏洞影响,详情请参阅 +@url{https://issues.guix.gnu.org/46395}。"))) (entry (commit "aedbc5ff32a62f45aeed74c6833399a6cf2c22dc") (title -- cgit v1.2.3 From a78058a80bd618a09280db430fa89158a7e3b6b6 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Fri, 26 Feb 2021 17:15:19 -0500 Subject: news: Add entry for the linux-libre 5.11 update. * etc/news.scm: Add entry. --- etc/news.scm | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) (limited to 'etc') diff --git a/etc/news.scm b/etc/news.scm index 5c5f26d96d..3b8685549b 100644 --- a/etc/news.scm +++ b/etc/news.scm @@ -10,6 +10,7 @@ ;; Copyright © 2020, 2021 Mathieu Othacehe ;; Copyright © 2020 Jan (janneke) Nieuwenhuizen ;; Copyright © 2020 Maxim Cournoyer +;; Copyright © 2021 Leo Famulari ;; ;; Copying and distribution of this file, with or without modification, are ;; permitted in any medium without royalty provided the copyright notice and @@ -18,6 +19,23 @@ (channel-news (version 0) + (entry (commit "1b5b882120daf7d111aa351a919a90e818324347") + (title + (en "The @code{linux-libre} kernel is updated to 5.11.2") + (fr "Le noyau @code{linux-libre} est mis à jour vers la 5.11.2")) + (body + (en "The default @code{linux-libre} kernel is now based on the 5.11 +stable kernel series, beginning with version 5.11.2. Promiment features include +improved Wine performance, unprivileged Overlayfs mounts, support for Intel SGX, +support for new graphics hardware, and improved performance of the Btrfs +file system.") + (fr "Le noyau @code{linux-libre} par défaut est maintenant basé sur la +lignée stable 5.11 du noyau, à commencer par la version 5.11.2. Parmi les +fonctionnalités notables on trouve des performances améliorées pour Wine, le +montage Overlayfs non privilégié, la prise en charge d'Intel SGX, celle des +nouveaux périphériques graphiques et de meilleures performances du système de +fichiers Btrfs."))) + (entry (commit "6e8cdf1d26092cb9654e179b04730fff7c15c94f") (title (en "The @command{guix system image} command can now operate on image records") -- cgit v1.2.3 From 20b5cf8304ef2c0fd16515f289ff0d5a21c7a96f Mon Sep 17 00:00:00 2001 From: Tobias Geerinckx-Rice Date: Sun, 28 Feb 2021 22:37:40 +0100 Subject: news: Add ‘nl’ translation. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * etc/news.scm: Add a Dutch translation. --- etc/news.scm | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) (limited to 'etc') diff --git a/etc/news.scm b/etc/news.scm index 3b8685549b..8f8e6e3f79 100644 --- a/etc/news.scm +++ b/etc/news.scm @@ -22,7 +22,8 @@ (entry (commit "1b5b882120daf7d111aa351a919a90e818324347") (title (en "The @code{linux-libre} kernel is updated to 5.11.2") - (fr "Le noyau @code{linux-libre} est mis à jour vers la 5.11.2")) + (fr "Le noyau @code{linux-libre} est mis à jour vers la 5.11.2") + (nl "De @code{linux-libre}-kernel werd bijgewertk naar 5.11.2")) (body (en "The default @code{linux-libre} kernel is now based on the 5.11 stable kernel series, beginning with version 5.11.2. Promiment features include @@ -34,7 +35,12 @@ lignée stable 5.11 du noyau, à commencer par la version 5.11.2. Parmi les fonctionnalités notables on trouve des performances améliorées pour Wine, le montage Overlayfs non privilégié, la prise en charge d'Intel SGX, celle des nouveaux périphériques graphiques et de meilleures performances du système de -fichiers Btrfs."))) +fichiers Btrfs.") + (nl "De standaard @code{linux-libre}-kernel is nu geëent op de +stabiele 5.11-reeks, te beginnen met versie 5.11.2. Deze update biedt onder +andere verbeterde prestaties voor Wine en het Btfrs-bestandssysteem, laat +gewone gebruikers toe om met Overlayfs bestandssystemen te combineren, en +ondersteunt Intel SGX en nieuwe grafische apparatuur."))) (entry (commit "6e8cdf1d26092cb9654e179b04730fff7c15c94f") (title -- cgit v1.2.3 From d6547b1e40b0bc6a85b742e6b465ccddfdf70765 Mon Sep 17 00:00:00 2001 From: Florian Pelz Date: Tue, 2 Mar 2021 10:53:22 +0100 Subject: news: Add ‘de’ translation. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- etc/news.scm | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'etc') diff --git a/etc/news.scm b/etc/news.scm index 8f8e6e3f79..ff90afc8dc 100644 --- a/etc/news.scm +++ b/etc/news.scm @@ -22,6 +22,7 @@ (entry (commit "1b5b882120daf7d111aa351a919a90e818324347") (title (en "The @code{linux-libre} kernel is updated to 5.11.2") + (de "Der Kernel @code{linux-libre} wird auf 5.11.2 aktualisiert") (fr "Le noyau @code{linux-libre} est mis à jour vers la 5.11.2") (nl "De @code{linux-libre}-kernel werd bijgewertk naar 5.11.2")) (body @@ -30,6 +31,11 @@ stable kernel series, beginning with version 5.11.2. Promiment features include improved Wine performance, unprivileged Overlayfs mounts, support for Intel SGX, support for new graphics hardware, and improved performance of the Btrfs file system.") + (de "Der standardmäßig verwendete @code{linux-libre}-Kernel basiert +jetzt auf der 5.11-„stable“-Versionsreihe, angefangen mit Version 5.11.2. Zu +den markanten Neuerungen gehören bessere Wine-Unterstützung, Einbinden per +Overlayfs für Nutzer ohne erweiterte Rechte, Unterstützung für Intel SGX, für +neue Grafikhardware und bessere Leistung beim Btrfs-Dateisystem.") (fr "Le noyau @code{linux-libre} par défaut est maintenant basé sur la lignée stable 5.11 du noyau, à commencer par la version 5.11.2. Parmi les fonctionnalités notables on trouve des performances améliorées pour Wine, le -- cgit v1.2.3