On Wed, Oct 26, 2016 at 11:21:32PM +0200, Danny Milosavljevic wrote:
---
gnu/packages/admin.scm | 14 +-
1 file changed, 9 insertions(+), 5 deletions(-)
diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm
index d9b08ef..856d946 100644
---
l...@gnu.org (Ludovic Courtès) writes:
> Well, the kernel Linux will forever support setuid binaries
That can be selectively turned off per-mount, simply specify the nosuid
option. And so eventually we can get to a point where setuid is a Linux
build configuration option, which distros can turn
Ludovic Courtès writes:
>> From c51f44edf3293aae323eded49dcba750f54607cb Mon Sep 17 00:00:00 2001
>> From: Marius Bakke
>> Date: Wed, 26 Oct 2016 06:39:34 +0100
>> Subject: [PATCH] gnu: mupdf: Modify CVE-2016-8674 patch to apply to 1.9a.
>>
>> The fix from
- non-root usage
+ file system virtualization needed
* map ~/.local/gnu/store to /gnu/store
* user name spaces?
* [[https://github.com/proot-me/PRoot/][PRoot]]? but performance problems?
* common interface, like “guix enter” spawns a shell where
/gnu/store is
Hello David,
David Craven writes:
> Do we need to export all of these?
>
> +cuirass-configuration-cache-directory
> +cuirass-configuration-group
> +cuirass-configuration-interval
> +cuirass-configuration-database
> +
Dear Guix,
When running R, it executes a wrapper script that relies on
@code{uname} to be available in PATH:
> R_HOME_DIR=/gnu/store/dz83xhn43qc2dpdrja8mhx78l7qffqvq-r-3.3.0/lib/R
> if test "${R_HOME_DIR}" =
> "/gnu/store/dz83xhn43qc2dpdrja8mhx78l7qffqvq-r-3.3.0/lib/R"; then
>case
On Wed, Oct 26, 2016 at 03:05:58PM +0200, Mathieu Lirzin wrote:
>
> * gnu/services/cuirass.scm: New file.
> * gnu/local.mk (GNU_SYSTEM_MODULES): Add it.
> * doc/guix.texi (Continuous integration): New node.
> +In order to add build jobs you will have to set the
> +@code{specifications} field.
Marius:
Thanks for your mentoring on this. :)
On Mon, Oct 24, 2016 at 17:21:18 +0100, Marius Bakke wrote:
> I'll continue working on getting ccid integrated and eventually make a
> pcscd service for GuixSD.
Is there anything you'd like help on? I'd be happy to test whatever you
come up with as
Kei Kebreau writes:
> Is it frowned upon to revert that commit on its own (it's the third to
> last commit as I write this), or should I attempt to patch on top of it?
I've modified the patch to apply to 1.9a, but it was far from trivial
due to many context changes in
Ludovic Courtès writes:
> SSH is a complex protocol and its implementations are complex too. I
> would find it unreasonable to replace ‘su’ and ‘sudo’ with something
> this complex, that goes through the TCP/IP stack, etc.
I agree. We could maybe have a pseudo-sudo service that is built just
David Craven writes:
> I don't think we need this:
>
> (arguments
> + '(#:phases
> + (modify-phases %standard-phases
> + (add-before 'configure 'bootstrap
> +(lambda _
> + (system* "./bootstrap")
> + #t)
>
>> +
Ludovic Courtès writes:
> Christopher Allan Webber skribis:
>
>> I'm currently looking at building a version of coreboot. Unfortunately,
>> the mortal enemy of every GuixSD user, #!/usr/bin/env, lurks around
>> every corner.
>>
>> Wingo made an interesting suggestion on
On Sat, Oct 15, 2016 at 09:01:00PM +, ng0 wrote:
> From: ng0
>
> * gnu/packages/lolcode.scm: New file.
> * gnu/local.mk (GNU_SYSTEM_MODULES): Add it.
> ---
> gnu/local.mk | 1 +
> gnu/packages/lolcode.scm | 60
>
Ludovic Courtès writes:
> Hello Guix!
>
> In the ‘wip-haunt’ branch of guix-artwork.git, I started switching the
> web site to use Haunt, as was suggested long ago:
>
> https://lists.gnu.org/archive/html/guix-devel/2015-11/msg00087.html
>
> The goal is to manage news using Haunt, and to have a
Christopher Allan Webber writes:
> So, you're running psudo, and this thing maybe accepts connections over
> something more secure, *maybe* unix domain sockets... so restrict group
> access to the socket to users in the "psudo" group.
>
> From there, maybe it could require
* gnu/packages/gnuzilla.scm (icecat)[inputs]: Add gtk+.
[arguments]: Use --enable-default-toolkit=cairo-gtk3. Force light
gtk theme in desktop file to avoid unreadable input fields.
---
gnu/packages/gnuzilla.scm | 11 ---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git
Hi!
Eric Bavier skribis:
>> - non-root usage
>
> The Singularity project advertises that it does not use a root-owned
> daemon http://singularity.lbl.gov/about#no-root-owned-daemon-processes
> but it does not in the same section explain that it uses a setuid
>
> There is no configure script in the release tarball, so I think we
> either need this or:
Ah ok then... (zero? (system* "autoreconf" "-vfi")) might be nicer
than (system* "./bootstrap.sh") but doesn't really matter. I thought
that when you create a tarball with `make dist` the configure file is
Hello Guix!
In the ‘wip-haunt’ branch of guix-artwork.git, I started switching the
web site to use Haunt, as was suggested long ago:
https://lists.gnu.org/archive/html/guix-devel/2015-11/msg00087.html
The goal is to manage news using Haunt, and to have a page to display
them on the web site,
Hi,
ren...@openmailbox.org skribis:
> The Guix website(Packages), appears updated with the date: October 14,
> 2016.
>
> https://www.gnu.org/software/guix/packages/
Thanks, this is now fixed (commit
19262a718e97d6ebc782c8dc7e53d04cfb5f794d).
This was caused by an invalid ‘license’ field in a
This is an attempt to make it generic enough for middleware and drivers
such as pcsc-lite and ccid, in addition to tools for other devices.
Other options include "authentication.scm", "auth-token.scm",
"security.scm" and a lot more..
What do you think?
>From
Marius Bakke skribis:
> * gnu/packages/mail.scm (offlineimap)[native-inputs]: Add asciidoc and
> libxslt.
> [arguments]: Add phases 'build-documentation' and
> 'install-documentation' to build and install manpages. Also remove
> unneeded key 'inputs' from 'wrap-binary'
Marius Bakke skribis:
> This is an attempt to make it generic enough for middleware and drivers
> such as pcsc-lite and ccid, in addition to tools for other devices.
Good idea.
> Other options include "authentication.scm", "auth-token.scm",
> "security.scm" and a lot
Kei Kebreau writes:
> Mark H Weaver writes:
>
>> Leo Famulari writes:
>>
>>> On Tue, Oct 25, 2016 at 12:53:28PM -0400, Kei Kebreau wrote:
Fix for
Marius Bakke writes:
> diff --git a/gnu/local.mk b/gnu/local.mk
> index ff2d976..cd6c715 100644
> --- a/gnu/local.mk
> +++ b/gnu/local.mk
> @@ -325,6 +325,7 @@ GNU_SYSTEM_MODULES = \
>%D%/packages/scsi.scm \
>
Marius Bakke skribis:
> If you can read this message, this seems to work for me.. ;)
A good test. :-)
> From afb9160f1968447c318aa0f2508de2ab396ce1ba Mon Sep 17 00:00:00 2001
> From: Marius Bakke
> Date: Tue, 25 Oct 2016 20:10:35 +0100
> Subject:
On Thu, Oct 13, 2016 at 11:45:13AM +0200, Hartmut Goebel wrote:
> Adding only the Python 2 variant, since for Python 3 our minimum version
> is 3.4 which already includes this package as part of the standard library.
>
> gnu/packages/python.scm (python2-pathlib2): New variable.
> ---
>
* gnu/services/cuirass.scm: New file.
* gnu/local.mk (GNU_SYSTEM_MODULES): Add it.
* doc/guix.texi (Continuous integration): New node.
---
doc/guix.texi| 86 +++
gnu/local.mk | 1 +
gnu/services/cuirass.scm | 128
* gnu/packages/ci.scm (cuirass): New variable.
Co-authored-by: Jan Nieuwenhuizen
---
gnu/packages/ci.scm | 51 +++
1 file changed, 51 insertions(+)
diff --git a/gnu/packages/ci.scm b/gnu/packages/ci.scm
index 3f54ff1..3cacc23
Hello,
Here is a package definition and service for Cuirass.
As documented both in the second patch, the service is not really useful as it
is. TL;DR Cuirass needs to be launched the first time with the
"--specifications" option and then without it, because it has a side effect on
the database.
On Tue, Oct 04, 2016 at 08:34:29AM +, ng0 wrote:
> * gnu/packages/psyc.scm (psyced): New variable.
> ---
> gnu/packages/psyc.scm | 103
> ++
> 1 file changed, 103 insertions(+)
>
> diff --git a/gnu/packages/psyc.scm b/gnu/packages/psyc.scm
>
Benz Schenk skribis:
> On Tue, 25 Oct 2016 18:01:23 +0200
> Roel Janssen wrote:
[...]
>> There's only one thing:
>> Would it make more sense to stick to the chronology of the generations
>> (sorting them before displaying them)?
>
> IMO it's useful to see the
Hi,
myglc2 skribis:
> The scheduler that I am most familiar with, SGE, supports the
> proposition that compute hosts are heterogeneous and that they each have
> a fixed software and/or hardware configuration. As a result, users need
> to specify resources, such as SW packages
Christopher Allan Webber skribis:
> From c718ca3986750c255a58b87d9e6805e56c1ffc72 Mon Sep 17 00:00:00 2001
> From: Christopher Allan Webber
> Date: Mon, 8 Feb 2016 16:01:49 -0800
> Subject: [PATCH] gnu: Add autossh.
>
> * gnu/packages/ssh.scm
Ricardo Wurmus skribis:
> Ludovic Courtès writes:
>
>> Your thoughts about the point about Galaxy?
>
> I talked to one of the Galaxy core developers at a conference and they
> told me they have implemented Docker support recently. Essentially,
> they build
Roel Janssen skribis:
> I realize I never shared my proof-of-concept implementation. I attached
> my motivations for having a workflow language in Guix, and my code.
Nice work, thanks for sharing!
> The subcommand "guix workflow" does not work (yet) here. I currently
> execute
Hi Theodoros,
Do we really need this patch? Is there a reason why it hasn't been
upstreamed yet?
(add-before 'configure 'bootstrap
+ (lambda _
+ (system* "aclocal")
+ (system* "libtoolize" "--automake" "--copy")
+ (system* "autoconf")
+
Christopher Allan Webber skribis:
> I'm currently looking at building a version of coreboot. Unfortunately,
> the mortal enemy of every GuixSD user, #!/usr/bin/env, lurks around
> every corner.
>
> Wingo made an interesting suggestion on IRC today: maybe we could have
>
I don't think we need this:
(arguments
+ '(#:phases
+ (modify-phases %standard-phases
+ (add-before 'configure 'bootstrap
+(lambda _
+ (system* "./bootstrap")
+ #t)
> +(native-inputs `(("autoconf" ,autoconf)
Hello!
sba...@catern.com skribis:
> == Why remove setuid binaries? ==
>
> setuid binaries are problematic for two reasons:
>
> 1. Each binary is an attack surface which is frequently exploited by
>attackers for local privilege escalation. So getting rid of them
>would improve security.
>
Marius Bakke skribis:
> I've modified the patch to apply to 1.9a, but it was far from trivial
> due to many context changes in upstream git. The attached patch makes
> mupdf build at least, and viewing PDF still works...
>
> The interdiff is rather unintelligible, so to
Benz Schenk writes:
> On Tue, 25 Oct 2016 18:01:23 +0200
> Roel Janssen wrote:
>
>> Ludovic Courtès writes:
>>
>> > Hi!
>> >
>> > Benz Schenk skribis:
>> >
>> >> On Fri, 21 Oct 2016 11:37:00 +0200
>> >> Roel Janssen wrote:
>> >
>> > [...]
Hello!
Julien Lepiller skribis:
> I'm currently writing an openvpn service. Here is the patch (wip). It
> works for the client part, I didn't test the server part yet (but it
> generates a configuration file).
Sounds useful!
> First, how could I make openvpn-config-file
myglc2 writes:
> While SGE is dated and can be a bear to use, it provides a useful
> yardstick for HPC/Cluster functionality. So it is useful to consider how
> Guix(SD) might impact this model. Presumably a defining characteristic
> of GuixSD clusters is that the software
LGTM!
l...@gnu.org (Ludovic Courtès) skribis:
> Amirouche Boubekki skribis:
>
>> On Fri, Sep 30, 2016 at 11:45 AM Ludovic Courtès wrote:
>>
>>> The CUFP talk was in this very nice room with 60 people or so. I
>>> focused on why and how we use Scheme
On Tue, 25 Oct 2016 18:01:23 +0200
Roel Janssen wrote:
> Ludovic Courtès writes:
>
> > Hi!
> >
> > Benz Schenk skribis:
> >
> >> On Fri, 21 Oct 2016 11:37:00 +0200
> >> Roel Janssen wrote:
> >
> > [...]
> >
> [...]
> >>
> >> I adapted
David Craven writes:
> * gnu/packages/gnuzilla.scm (icecat)[inputs]: Add gtk+.
> [arguments]: Use --enable-default-toolkit=cairo-gtk3. Force light
> gtk theme in desktop file to avoid unreadable input fields.
> ---
> gnu/packages/gnuzilla.scm | 11 ---
> 1 file
* gnu/packages/hidapi.scm: New file.
* gnu/local.mk (GNU_SYSTEM_MODULES): Add it.
---
gnu/local.mk| 1 +
gnu/packages/hidapi.scm | 63 +
2 files changed, 64 insertions(+)
create mode 100644 gnu/packages/hidapi.scm
diff --git
LGTM!
Hi Mathieu,
Do we need to export all of these?
+cuirass-configuration-cache-directory
+cuirass-configuration-group
+cuirass-configuration-interval
+cuirass-configuration-database
+cuirass-configuration-specifications
+
Ludovic Courtès writes:
> Roel Janssen skribis:
>
>> I realize I never shared my proof-of-concept implementation. I attached
>> my motivations for having a workflow language in Guix, and my code.
>
> Nice work, thanks for sharing!
>
>> The subcommand "guix workflow" does not work
On Tue, Oct 25, 2016 at 08:01:30PM +0100, Marius Bakke wrote:
> Leo Famulari writes:
>
> > This fixes the build failure of perl-www-curl build on core-updates:
> > https://hydra.gnu.org/build/1553325/nixlog/2
> >
> > The patch is copied from the upstream bug tracker, but the
---
gnu/packages/admin.scm | 14 +-
1 file changed, 9 insertions(+), 5 deletions(-)
diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm
index d9b08ef..856d946 100644
--- a/gnu/packages/admin.scm
+++ b/gnu/packages/admin.scm
@@ -1859,14 +1859,14 @@ Kerberos and Heimdal and
Ludovic Courtès writes:
> Christopher Allan Webber skribis:
>
>> From c718ca3986750c255a58b87d9e6805e56c1ffc72 Mon Sep 17 00:00:00 2001
>> From: Christopher Allan Webber
>> Date: Mon, 8 Feb 2016 16:01:49 -0800
>> Subject: [PATCH] gnu: Add autossh.
55 matches
Mail list logo