bug#68841: guix pack -f squashfs silently ignores symlinks

Let's make a basic Singularity file system containing certificates at the place many programs expect them to be, i.e. /etc/ssl: $ guix pack -S /etc/ssl=etc/ssl --format=squashfs bash nss-certs /gnu/store/mxyc56nsrcgcclvm5qsz5c9fkqwdswpw-bash-nss-certs-squashfs-pack.gz.squashfs There is no error

bug#68831: gnu: torbrowser: noscript gets picked up by icecat

Hello André, On Tue, Jan 30 2024, André Batista wrote: > Hi guix! > > It seems that 'make-icecat-extension' is not sufficiently kosher. When > torbrowser and icecat are both installed to the same user profile, > noscript gets picked up by icecat too. The same also happens when > mullvadbrowser

bug#68835: Resolving package inheritance issue

Hi Guix! > ./etc/teams.scm cc core - g...@cbaines.net - d...@jpoiret.xyz - l...@gnu.org - othac...@gnu.org - rek...@elephly.net - zimon.touto...@gmail.com - m...@tobias.gr Long story short, how to resolve package inheritance which would not break CI ;-) ? While reviewing and amending patch

bug#46961: Nginx and certbot cervices don't play well togther

Removing guix-devel. On Tue, Jan 30 2024, Carlo Zancanaro wrote: > +(define (file-contains? file string) > + (string-contains (call-with-input-file file > + get-string-all) > + string)) > + > +

bug#46961: Nginx and certbot cervices don't play well togther

I removed guix-devel, not sure we need to spam it. On Tue, Jan 30 2024, Carlo Zancanaro wrote: > +(define %default-deploy-hook > + (program-file > + "reload-nginx.scm" > + (with-imported-modules '((gnu services herd)) > + #~(begin > + (use-modules (gnu services herd)) > +

bug#46961: [PATCH v2 0/4] Make certbot play more nicely with nginx

I sympathize with your approach (I, too, have been supplementing Certbot with self-signed certs for some time). What would also be cool is not to have `certbot-service-type` depend on `nginx-service-type` in the first place. So that one can more easily use another HTTP server. It can of course

bug#68831: gnu: torbrowser: noscript gets picked up by icecat

Hi guix! It seems that 'make-icecat-extension' is not sufficiently kosher. When torbrowser and icecat are both installed to the same user profile, noscript gets picked up by icecat too. The same also happens when mullvadbrowser is installed: ublock extension is picked up by torbrowser.

bug#68811: build hash inconsistency

Hi Josselin, Alas, the problem persists ~.~ Device A: ~ $ guix time-machine --commit=deeb7d1f53d7ddfa977b3eadd760312bbd0a2509 -- build qtwebengine --derivations --system=aarch64-linux --no-grafts --dry-run /gnu/store/gnrk76mlrv3ipm2k3lpmy1533mn9dqc3-qtwebengine-6.5.2.drv Device B: ~ $ guix

bug#46961: [PATCH v2 0/4] Make certbot play more nicely with nginx

Hi Felix, On Tue, Jan 30 2024, Felix Lechner wrote: On Tue, Jan 30 2024, Carlo Zancanaro wrote: certbot can't produce certificates without a functional nginx Yes, it can. The option is called --standalone. [1] You are correct, of course. If I had been more precise I would have said "with

bug#68747: Extending postgresql-role-service-type as shown in manual leads to crash

Hi Maxim, I guess this is not explained that well, but the service-extension snippet is supposed to go under the (extensions ...) field of a record. If you want to extend this in your system config, you want (simple-service ...) instead, with e.g. --8<---cut

bug#68760: I guess I found a bug in "guix pull" ?

Hi, jbranso--- via Bug reports for GNU Guix writes: > message: "error parsing derivation > `/gnu/store/3nppfdxy9vgg9ls6qi8j8pkzw2khi98h-git-minimal-2.41.0.drv': > expected string `Derive(['" > status: 1 > guix pull: error: You found a bug: the program >

bug#68811: build hash inconsistency

Hi Zacchaeus, Can you try the same, but this time with the --no-grafts option? That could be a source of issues. Best, -- Josselin Poiret signature.asc Description: PGP signature

bug#46961: [PATCH v2 0/4] Make certbot play more nicely with nginx

On Tue, Jan 30 2024, Felix Lechner via Bug reports for GNU Guix wrote: > Hi Carlo, > > On Tue, Jan 30 2024, Carlo Zancanaro wrote: > >> certbot can't produce certificates without a functional nginx > > Yes, it can. The option is called --standalone. [1] > > Maybe another way to bootstrap the

bug#68811: build hash inconsistency

Saku Laesvuori writes: > Those hashes are not comparable: i9ir..nd (A) is the hash of the built > store item and 6n9aq..qn (B) is the hash of the derivation that builds > the store item. Ah, rookie mistake :| > But I do think it is weird if the derivation is not present on the > machine that

bug#68474: [Guix-Past]: openssl@1.0.2u does not pass tests

Hi, Jean-Pierre De Jesus Diaz skribis: > And the from the error file that the test writes: > > $ cat /tmp/guix-build-openssl-1.0.2u.drv-0/openssl-1.0.2u/test/cms.err > Verification failure > 140737353281920:error:21075075:PKCS7 routines:PKCS7_verify:certificate > verify

bug#68822: Channel dependencies picked at the wrong commit

When a channel is specified both implicitly, as the dependency of another channel, and explicitly, in the user-provided channels file, the “most specific” one wins—the one that has a non-#f ‘commit’ field. However, the dependencies of that channel may be read from the wrong one—the least-specific

bug#30130: Add ‘guix whereis’ command

I’m closing this because we now have “guix locate”. -- Ricardo

bug#68195: flite fails to build on core-updates

This was obsoleted by commit 5528123265f9, "gnu: flite: Disable parallel build." -- Simon South si...@simonsouth.net

bug#46961: [PATCH v2 0/4] Make certbot play more nicely with nginx

Hi Carlo, On Tue, Jan 30 2024, Carlo Zancanaro wrote: > certbot can't produce certificates without a functional nginx Yes, it can. The option is called --standalone. [1] Maybe another way to bootstrap the certificates would be to hold off on starting Nginx or Apache until all certificates are

bug#46961: [PATCH v2 2/4] services: certbot: Create self-signed certificates before certbot runs.

* gnu/services/certbot.scm (): Add start-self-signed? field. (generate-certificate-gexp): New procedure. (certbot-activation): Generate self-signed certificates when start-self-signed? is #t. * doc/guix.texi (Certificate services): Document start-self-signed?. Change-Id:

bug#46961: [PATCH v2 4/4] services: certbot: Add one-shot service to renew certificates.

* gnu/services/certbot.scm (certbot-renewal-one-shot): New procedure. (certbot-service-type)[extensions]: Add it to shepherd-root extension. (certbot-command): Make connection errors return a different exit code. (certbot-activation): Remove message with certificate renewal instructions.

bug#46961: [PATCH v2 1/4] services: certbot: Symlink certificates to /etc/certs.

* gnu/services/certbot.scm (certbot-deploy-hook): New procedure. (certbot-command): Pass new deploy hook to certbot. * doc/guix.texi: Replace "letsencrypt/live" with "certs" throughout. Change-Id: I2ba5e4903d1e293e566b732a84b07d5a134b697d --- doc/guix.texi| 26

bug#46961: [PATCH v2 0/4] Make certbot play more nicely with nginx

Hi Guix, This patch series is a few changes to make certbot default to doing "the right thing" in the common case of wanting certificates for an nginx web server. The initial change (in v1 of these patches) was to solve the certbot bootstrapping problem. Nginx won't start without valid

bug#46961: [PATCH v2 3/4] services: certbot: Add a default deploy hook to reload nginx.

* gnu/services/certbot.scm (%default-deploy-hook): New variable. ()[deploy-hook]: Use it as default deploy hook. * doc/guix.texi (Certificate services): Document new default deploy hook. Change-Id: Ibb10481170a6fda7df72492072b939dd6a6ad176 --- doc/guix.texi| 6 +-