Hi João. On distribution other than Guix System, the upgrade of the guix-daemon is done by a `guix pull` with the root account then a restart of the guix-daemon. To avoid being subject to the vulnerability during this upgrade, you can add `--no-substitutes` to the pull command. But it will take some times, as it will build Guix and its dependencies from sources.
This will give you: sudo --login guix pull --no-substitutes sudo systemctl restart guix-daemon.service In hope it help. Best regards ------- Gendre Sébastien João Augusto <[email protected]> writes: > Hi all, just read the thread. > > As I recently installed the system on top of a Debian distribution and ran > `guix pull` and then `guix upgrade`. Would that fix the vulnerabilities, > since we are using the latest commit? > > Also, maybe would be good to just include a heads-up in the installation > guide, at least until the next release? > > Sorry if this is somewhat a dumb idea or question, I'm pretty new to the > system. > > > > > João Augusto > > -------- Original Message -------- > On Saturday, 07/11/26 at 10:55 Tomas Volf <[email protected]> wrote: > Sébastien Gendre <[email protected]> writes: > >> Thank you for your reply. >> >> Do you know if using `guix time-machine' from a fixed version of >> Guix-daemon could bring back the vulnerability during the time of the >> transaction ? > > I am pretty sure that should not be possible. All the fixes were in > guix-daemon, and that is being managed by shepherd or some other service > manager. guix-time-machine controls the Guix version used, but it still > speak to the same guix-daemon instance as you would without the time > travel. > > At least that is how I understand it. > > Tomas
signature.asc
Description: PGP signature
