Security-Enhancement: Fine Control for guix pull --allow-downgrades

Hi geeks, I've wrote a patch aimed at improving security by introducing fine-grained control over the `guix pull --allow-downgrades`. This allows for precise management of channel downgrades during `guix pull`. Examples: $ guix pull --allow-downgrades # same behavior as before - all

Re: [shepherd] several patches that i deem ready

Hi Attila, Attila Lendvai skribis: > i have prepared the rest of my commits that were needed to hunt down the > shepherd hanging bug. you can find them at: > > https://codeberg.org/attila-lendvai-patches/shepherd/commits/branch/attila > > there's some dependency among the commits, so sending

Re: HEPiX Spring 2024 in Paris, France

Felix Lechner via "Development of GNU Guix and the GNU System distribution." skribis: > An event for system administrators in high-energy physics may still be > looking for for talks for next week in Paris: > > https://indico.cern.ch/event/1377701/overview > > The event is called HEPiX: > >

Re: The `channels' field of `operating-system' record

Hello, Tomas Volf <~@wolfsden.cz> skribis: > After ~2 hours of digging I realized this is caused by the changes in > 883e69cdfd226c8f40b6e3b76ce0740b59857de6. > > I see couple of issues here (in no particular order, questions prefixed with > Q): > > * My configuration file just *silently*

Re: A paper about Plan 9 and Guix

Hi, Edouard Klein skribis: > I'll be presenting it not next week end, but the one after (12-14 April > 2024). Yay, congrats! > I'd be happy if some of you would be so kind as to read it with their > extensive knowledge of Guix, in case I've made a mistake somewhere. > >

Re: Should we include nss-certs out of the box?

Hi, Maxim Cournoyer skribis: > It's been Guix policy to let people choose whether to install or not TLS > root certificates and which one to their machine. While I applaud the > idea to have the users make a conscious decision about it, in practice I > suppose very few of us choose to *not*

Re: Shepherd timers

Felix Lechner skribis: > The status seems a bit bungled, though. I now use a lambda, i.e. no > 'command', with a fresh pull from 'devel'. Thanks! [...] > Upcoming timer alarms: > Backtrace: >8 (primitive-load "/run/current-system/profile/bin/herd") > In shepherd/scripts/herd.scm:

Re: Shepherd timers

Hi! Felix Lechner skribis: > On Sun, Mar 24 2024, Ludovic Courtès wrote: > >> you can do anything you can do with a service: stop it, unload it, >> load a replacement, and so on. > > Wow, do I love those timers! I just converted my system Mcron jobs to > Shepherd timers. The user jobs are

Re: Status of ‘core-updates’

Hello! Josselin Poiret skribis: > Disclaimer: I've been quite busy with work recently and haven't been > able to work on core-updates that much (having to build the world > locally doesn't help). No problem. We should find someone willing to pick up the coordination work for the coming month

Re: Error handling when 'guix substitute' dies

Ludovic Courtès writes: > Hi, > > Philip McGrath skribis: > >> I don't know if the root cause is related, but this reminded me of >> some networking errors I sometimes get accessing substitutes. I had >> the luck (good or bad?) to get an example while building >>

Fix grammar and markup (was Re: Feedback of the GNU Guix manual)

We're working through a list of feedback one item at a time: https://lists.gnu.org/archive/html/guix-devel/2024-01/msg00117.html We have completed the first two items. The next item reported is: #+begin_quote 2.4 Setting up the deamon Seems like an issue with info. Have seen this in the Emacs

Re: Emacs and Gnome branches are merged now

Hello, Liliana Marie Prikler skribis: > I've now pushed the merge commits for both emacs-team and gnome-team. > If you have a weak machine, PLEASE DO NOT PULL IMMEDIATELY AND WAIT FOR > CI TO CATCH UP! Despite efforts to prebuild things on the respective > branches, the merge commit carries

Re: guix --container is RAM hungry

Hi, Edouard Klein skribis: > Maxim Cournoyer writes: > >> Hi Ludovic, >> >> Ludovic Courtès writes: >> >>> Hi Edouard, >>> >>> Edouard Klein skribis: >>> I'm a huge fan of guix --container, and I created a system to use those by default for network services. But the VPS these

Re: backdoor injection via release tarballs combined with binary artifacts (was Re: Backdoor in upstream xz-utils)

Hi, Ekaitz Zarraga skribis: > On 2024-04-04 21:48, Attila Lendvai wrote: >> all in all, just by following my gut insctincts, i was advodating >> for building everything from git even before the exposure of this >> backdoor. in fact, i found it surprising as a guix newbie that not >> everything

Re: Error handling when 'guix substitute' dies

Hi, Lars Bilke skribis: > I ran the command in a loop on 4 machines for around 2 hours doing 1 request > per machine per second but no errors occured... Hmm OK, thanks for testing. Not sure how to understand the problem then. It could be triggered keep-alive and connection reuse, who knows.

Re: Error handling when 'guix substitute' dies

Hi, Philip McGrath skribis: > I don't know if the root cause is related, but this reminded me of > some networking errors I sometimes get accessing substitutes. I had > the luck (good or bad?) to get an example while building > , so I thought I'd report. > >>

policy for packaging insecure apps

the context: there's an app currently packaged in guix, namely gnome-shell-extension-clipboard-indicator, that has a rather questionable practice: by default it saves the clipboard history (passwords included) in clear text, and the preferences for it is called something obscure.

Re: Google Summer of Code Inquiry

On Tue, Apr 09, 2024 at 05:25:35PM +0200, Ludovic Courtès wrote: > Hi Sebastian, > > Sebastian Dümcke skribis: > > > just wanted to chime in. Since last week I have some working code to > > generate AppImages with guix pack. I was planning on tidying this up > > for submission over the next

Re: [fr] Moment de convivialité Guix@Paris en avril

(Warning: this email is in french because the meeting is supposed to be held in French.) Bonjour Guix, Pour rappel, Guix@Paris c'est demain soir !  C'est toujours à 19h au local de l'April… ou chez Easter-eggs. Et pour celles et ceux qui ne veulent pas braver la circulation parisienne, c’est en

Clojure is working on better supporting XDG base directory rules

Hello. I just wanted to mention that the Clojure project had recently accepted to work on enhancing its support to XDG base directory rules, as described in their ticket TDEPS-262[1] I'm sure there are important considerations related to your work. For example, how would an eventual change