bug#41575: [PATCH] doc: prevent host/container nscd mismatch

[edk]

doc/guix.texi: (Name Service Switch) add a workaround for bug #41575
---
 doc/guix.texi | 16 +++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/doc/guix.texi b/doc/guix.texi
index a6e14ea177..a9472e680e 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -1706,6 +1706,20 @@ this binary incompatibility problem because those 
@code{libnss_*.so}
 files are loaded in the @command{nscd} process, not in applications
 themselves.
 
+For applications running in containers (@pxref{Invokin guix container}),
+however, @code{nscd} may leak information from the host to the container.
+If there is a configuration mismatch between the two ---e.g., the host
+has no @code{sshd} user while the container needs one--- then it may be
+worthwhile to limit which kind of information the host's @code{nscd}
+daemon may give to the container by adding the following to
+@code{/etc/nscd.conf}.
+
+@example
+enable-cachepasswd  no
+enable-cachegroup   no
+enable-cachenetgroupno
+@end example
+
 @subsection X11 Fonts
 
 @cindex fonts
@@ -27582,7 +27596,7 @@ that should be preferably killed.
 
 @item @code{avoid-regexp} (default: @code{#f})
 A regular expression (as a string) to match the names of the processes
-that should @emph{not} be killed.
+that should @emph{not} be kcoilled.
 
 @item @code{memory-report-interval} (default: @code{0})
 The interval in seconds at which a memory report is printed.  It is
-- 
2.28.0

bug#41575: Container with openssh-service requires sshd user on the host

[edk]

Thank you for this thourough investigation and for finding the
workaround !

I just submitted a patch to the doc based on your email.

Cheers,

Edouard.
conjaroy writes:

> In an eariler bug comment [1] I corroborated that nscd was leaking
> /etc/passwd information from the host OS into the Guix container, and I
> wondered aloud why the container would use the host OS's nscd if there was
> a risk of this happening.
>
> I've looked into how Guix configures its own nscd, and it turns out that by
> default it enables lookups only for `hosts` and `services` - not for
> `passwd`, `group`, or `netgroup`. Presumably, then, this configuration is
> sufficient for nscd to prevent the glibc compatibility issues described in
> the manual [3].
>
> After adding the following 3 lines in nscd.conf on my foreign distro
> (Debian 10) and restarting nscd, my Guix system containers were able to
> boot successfully while talking to the daemon:
>
> enable-cachepasswd  no
> enable-cachegroup   no
> enable-cachenetgroupno
>
> So I think the bug here is that the Guix manual page advising the use of
> nscd on a foreign distro [3] doesn't elaborate on which types of service
> lookups are safe to enable in the daemon. If Guix is used only to build and
> run binaries then perhaps it could use nscd for all lookups, but this is
> evidently not the case for Guix system containers.
>
>
> Cheers,
>
> Jason
>
>
> [1] https://www.mail-archive.com/bug-guix@gnu.org/msg19915.html
> [2]
> https://git.savannah.gnu.org/cgit/guix.git/tree/gnu/services/base.scm?h=version-1.1.0#n1238
> [3] https://guix.gnu.org/manual/en/html_node/Application-Setup.html
>
> On Mon, Aug 24, 2020 at 11:15 PM conjaroy  wrote:
>
>> I've observed this error under similar circumstances: launching a guix
>> system container script with network sharing enabled, on a foreign disto
>> (Debian 10) with nscd running.
>>
>> Using `strace -f /gnu/store/...-run-container`, we can observe the
>> container's lookup of user accounts via the foreign distro's nscd socket:
>>
>> [pid 16582] socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 11
>> [pid 16582] connect(11, {sa_family=AF_UNIX,
>> sun_path="/var/run/nscd/socket"}, 110) = 0
>> [pid 16582] sendto(11, "\2\0\0\0\0\0\0\0\t\0\0\0postgres\0", 21,
>> MSG_NOSIGNAL, NULL, 0) = 21
>> [pid 16582] poll([{fd=11, events=POLLIN|POLLERR|POLLHUP}], 1, 5000) = 1
>> ([{fd=11, revents=POLLIN}])
>> [pid 16582] read(11,
>> "\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\377\377\377\377\377\377\377\377\0\0\0\0\0\0\0\0"...,
>> 36) = 36
>> [pid 16582] close(11)   = 0
>>
>> Since the user ("postgres") is indeed missing in the foreign disto, the
>> lookup fails. In this case, disabling nscd on the foreign distro allowed
>> the container script to run without error.
>>
>> Based on comments in https://issues.guix.info/issue/28128, I see that it
>> was a deliberate choice to bind-mount the foreign distro's nscd socket
>> inside the container (instead of starting a separate containerized nscd
>> instance). But I'm having trouble seeing why it's acceptable to leak state
>> from the foreign distro's user space into the container. Is there something
>> I'm missing?
>>
>> Cheers,
>>
>> Jason
>>

bug#43293: Icecat is missing glyphs after the last update

[Marinus Savoritias]

So it seems like two of the problems fixed themselves.
I still cant see any number in the browser though.
In their place there is just a blank space.

Marinus Savoritias

On 9/9/20 3:10 PM, Marinus Savoritias wrote:
I forgot to add that the issue seems specific to icecat. Qutebrowser 
works fine.


Marinus Savoritias

On 9/9/20 3:08 PM, Marinus Savoritias wrote:

The numbers and some of the letters are missing from the last release.
If I open the guix home page in the Download button the numbers are 
not shown for example. Also the star is missing from the bookmark 
button on the top.


Guix git commit:
   guix 057d584
 repository URL: https://git.savannah.gnu.org/git/guix.git
 branch: master
 commit: 057d584b981d9a3293be03ee863d40a61c8aae74

With Icecat: 68.12.0-guix0-preview1

Marinus Savoritias

bug#43088: GNU Mailutils fails its test suite on aarch64

[Pierre Langlois]

Pierre Langlois writes:

> Hi Tobias,
>
> Tobias Geerinckx-Rice via Bug reports for GNU Guix writes:
>
>> Guix,
>>
>> ‘readmsg’ from mailutils@3.10 segfaults on aarch64, blocking 
>> ‘emacs’
>> and ‘emacs-no-x’, but not ‘emacs-minimal’.
>>
>> --- ./readmsg/tests/testsuite.dir/4/testsuite.log
>> ---
>>
>> # -*- compilation -*-
>> 4. hdr.at:17: testing readmsg -h ...
>> ./hdr.at:17:
>> MAIL=$abs_top_srcdir/testsuite/spool/mbox1
>> FOLDER=$MAIL
>> export MAIL FOLDER
>> readmsg --no-site --no-user readmsg -h SOMETHING
>> --- /dev/null   2020-08-25 23:01:26.06400 +
>> +++
>> /tmp/guix-build-mailutils-3.10.drv-0/mailutils-3.10/readmsg/tests/testsuite.dir/at-groups/4/stderr
>>  
>> 2020-08-
>> 27 15:25:42.447733149 +
>> @@ -0,0 +1 @@
>> +/tmp/guix-build-mailutils-3.10.drv-0/mailutils-3.10/readmsg/tests/testsuite.dir/at-groups/4/test-source:
>> line 2
>> 1: 30506 Segmentation fault  readmsg --no-site --no-user readmsg -h
>> SOMETHING
>> --- -   2020-08-27 15:25:42.455592145 +
>> +++
>> /tmp/guix-build-mailutils-3.10.drv-0/mailutils-3.10/readmsg/tests/testsuite.dir/at-groups/4/stdout
>>  
>> 2020-08-
>> 27 15:25:42.451733151 +
>> @@ -1,17 +1,2 @@
>> From b...@dontmailme.org  Fri Dec 28 23:28:09 2001
>> -Received: (from b...@dontmailme.org)
>> -   by dontmailme.org id fERKR9N16790
>> -   for foo...@nonexistent.net; Fri, 28 Dec 2001 22:18:08 +0200
>> -Date: Fri, 28 Dec 2001 23:28:08 +0200
>> -From: Bar 
>> -To: Foo Bar 
>> -Message-Id: <200112232808.ferkr9n16...@dontmailme.org>
>> -Subject: Re: Jabberwocky
>> -
>> -It seems very pretty, but it's *rather* hard to understand!'
>> -Somehow it seems to fill my head with ideas -- only I don't
>> -exactly know what they are!  However, SOMEBODY killed SOMETHING:
>> -that's clear, at any rate...
>> -
>> -
>>
>> ./hdr.at:17: exit code was 139, expected 0
>> 4. hdr.at:17: 4. readmsg -h (hdr.at:17): FAILED (hdr.at:17)
>
> I've been hit by this as well so I thought I'd look into it today, and I
> think I found the problem! I just sent an email upstream to
> bug-mailut...@gnu.org about it.

Cool, upstream fixed the bug! [0]

Here's a patch to apply the fix before we get the next release.

OK to commit?

Thanks,
Pierre

[0]: 
https://git.savannah.gnu.org/cgit/mailutils.git/commit/?id=5ca6382fe8adb5bc436a6d873c8b86c69d5abfd1



signature.asc
Description: PGP signature
From 0aac8082acd0c19a2d991376c7527053e196a1fd Mon Sep 17 00:00:00 2001
From: Pierre Langlois 
Date: Sun, 13 Sep 2020 13:02:52 +0100
Subject: [PATCH] gnu: mailutils: Fix unitialized variable in readmsg.

Fixes mailutils on aarch64, see .

* gnu/packages/patches/mailutils-fix-uninitialized-variable.patch: New
file.
* gnu/packages/mail.scm (mailutils)[source]: Add patch.
* gnu/local.mk (dist_patch_DATA): Register patch.
---
 gnu/local.mk  |  1 +
 gnu/packages/mail.scm |  5 +++-
 ...mailutils-fix-uninitialized-variable.patch | 26 +++
 3 files changed, 31 insertions(+), 1 deletion(-)
 create mode 100644 gnu/packages/patches/mailutils-fix-uninitialized-variable.patch

diff --git a/gnu/local.mk b/gnu/local.mk
index 1baa8405c5..6cdbe0d778 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1291,6 +1291,7 @@ dist_patch_DATA =		\
   %D%/packages/patches/luajit-no_ldconfig.patch			\
   %D%/packages/patches/luit-posix.patch\
   %D%/packages/patches/lvm2-static-link.patch			\
+  %D%/packages/patches/mailutils-fix-uninitialized-variable.patch	\
   %D%/packages/patches/make-impure-dirs.patch			\
   %D%/packages/patches/mariadb-client-test-32bit.patch		\
   %D%/packages/patches/mars-install.patch			\
diff --git a/gnu/packages/mail.scm b/gnu/packages/mail.scm
index 4a9c6fc90f..45d7877c27 100644
--- a/gnu/packages/mail.scm
+++ b/gnu/packages/mail.scm
@@ -197,7 +197,10 @@ example, modify the message headers or body, or encrypt or sign the message.")
  version ".tar.xz"))
  (sha256
   (base32
-   "17smrxjdgbbzbzakik30vj46q4iib85ksqhb82jr4vjp57akszh9"
+   "17smrxjdgbbzbzakik30vj46q4iib85ksqhb82jr4vjp57akszh9"))
+ (patches
+  ;; Fixes https://issues.guix.gnu.org/43088.
+  (search-patches "mailutils-fix-uninitialized-variable.patch"
 (build-system gnu-build-system)
 (arguments
  `(#:phases
diff --git a/gnu/packages/patches/mailutils-fix-uninitialized-variable.patch b/gnu/packages/patches/mailutils-fix-uninitialized-variable.patch
new file mode 100644
index 00..2a1c81648b
--- /dev/null
+++ b/gnu/packages/patches/mailutils-fix-uninitialized-variable.patch
@@ -0,0 +1,26 @@
+From 5ca6382fe8adb5bc436a6d873c8b86c69d5abfd1 Mon Sep 17 00:00:00 2001
+From: Sergey Poznyakoff 
+Date: Sun, 13 Sep 2020 14:43:46 +0300
+Subject: [PATCH] Fix uninitialized variable in readmsg
+
+* readmsg/readmsg.c (main): Init

bug#40039: 'wrap-script' introduces spurious argument

[Ricardo Wurmus]

Brendan Tildesley  writes:

> Hi Ricardo, Ludovic... I was wondering if we could revisit and fix
> this.

Yes, let’s try to fix this.  I think it would be good to have a bunch of
automated tests that we can work with to validate the feature even in
somewhat obscure circumstances.

It’s been a while since I originally wrote the code, so some decisions
are no longer obvious to me, but I’ll try to familiarize myself with it
once again.

-- 
Ricardo

bug#43377: Possible Bug

[Çağlar Yıldız]

Hello,

I’m having trouble installing Guix System 1.1.0 on my computer. Installation 
sequence reinitiates itself without giving any errors. Here are the steps I’ve 
taken during installation:

  *   Locale Language -> English
  *   Locale Location -> United States
  *   Gnu Guix Install -> Graphical install using a terminal based interface
  *   Timezone -> America / Chicago
  *   Layout -> English US
  *   Variant -> English US
  *   Hostname -> “hostname”
  *   Internet Access -> Wired
  *   System Administrator Password -> “password"
  *   User Creation -> “username”
  *   Desktop Environment -> Xfce
  *   Network Service ->
 *   OpenSSH secure shell daemon (sshd)
 *   Tor anonymous network router
 *   Mozilla NSS certificates, for HTTPS access
  *   Partitioning method -> Guided using entire disk
  *   Disk -> ATA ST200LX001-1R01 (SCSI) /dev/sda 2000GB msdos

After I select the disk, I briefly see a cursor blinking on the left top corner 
of the screen and system goes back to Locale language selecting step without 
giving any error. I’ve verified the authenticity of the file after I download 
it. I’ve tried restarting the computer and doing all over again but nothing 
changed. It just repeats itself. Please let me know if you need any further 
information. Thank you for your time.

Best,

Caglar

bug#41575: Container with openssh-service requires sshd user on the host

[conjaroy]

My pleasure, Edouard. Thanks for the doc update!

Jason

On Sun, Sep 13, 2020 at 6:39 AM  wrote:

> Thank you for this thourough investigation and for finding the
> workaround !
>
> I just submitted a patch to the doc based on your email.
>
> Cheers,
>
> Edouard.
> conjaroy writes:
>
> > In an eariler bug comment [1] I corroborated that nscd was leaking
> > /etc/passwd information from the host OS into the Guix container, and I
> > wondered aloud why the container would use the host OS's nscd if there
> was
> > a risk of this happening.
> >
> > I've looked into how Guix configures its own nscd, and it turns out that
> by
> > default it enables lookups only for `hosts` and `services` - not for
> > `passwd`, `group`, or `netgroup`. Presumably, then, this configuration is
> > sufficient for nscd to prevent the glibc compatibility issues described
> in
> > the manual [3].
> >
> > After adding the following 3 lines in nscd.conf on my foreign distro
> > (Debian 10) and restarting nscd, my Guix system containers were able to
> > boot successfully while talking to the daemon:
> >
> > enable-cachepasswd  no
> > enable-cachegroup   no
> > enable-cachenetgroupno
> >
> > So I think the bug here is that the Guix manual page advising the use of
> > nscd on a foreign distro [3] doesn't elaborate on which types of service
> > lookups are safe to enable in the daemon. If Guix is used only to build
> and
> > run binaries then perhaps it could use nscd for all lookups, but this is
> > evidently not the case for Guix system containers.
> >
> >
> > Cheers,
> >
> > Jason
> >
> >
> > [1] https://www.mail-archive.com/bug-guix@gnu.org/msg19915.html
> > [2]
> >
> https://git.savannah.gnu.org/cgit/guix.git/tree/gnu/services/base.scm?h=version-1.1.0#n1238
> > [3] https://guix.gnu.org/manual/en/html_node/Application-Setup.html
> >
> > On Mon, Aug 24, 2020 at 11:15 PM conjaroy  wrote:
> >
> >> I've observed this error under similar circumstances: launching a guix
> >> system container script with network sharing enabled, on a foreign disto
> >> (Debian 10) with nscd running.
> >>
> >> Using `strace -f /gnu/store/...-run-container`, we can observe the
> >> container's lookup of user accounts via the foreign distro's nscd
> socket:
> >>
> >> [pid 16582] socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0)
> = 11
> >> [pid 16582] connect(11, {sa_family=AF_UNIX,
> >> sun_path="/var/run/nscd/socket"}, 110) = 0
> >> [pid 16582] sendto(11, "\2\0\0\0\0\0\0\0\t\0\0\0postgres\0", 21,
> >> MSG_NOSIGNAL, NULL, 0) = 21
> >> [pid 16582] poll([{fd=11, events=POLLIN|POLLERR|POLLHUP}], 1, 5000) = 1
> >> ([{fd=11, revents=POLLIN}])
> >> [pid 16582] read(11,
> >>
> "\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\377\377\377\377\377\377\377\377\0\0\0\0\0\0\0\0"...,
> >> 36) = 36
> >> [pid 16582] close(11)   = 0
> >>
> >> Since the user ("postgres") is indeed missing in the foreign disto, the
> >> lookup fails. In this case, disabling nscd on the foreign distro allowed
> >> the container script to run without error.
> >>
> >> Based on comments in https://issues.guix.info/issue/28128, I see that
> it
> >> was a deliberate choice to bind-mount the foreign distro's nscd socket
> >> inside the container (instead of starting a separate containerized nscd
> >> instance). But I'm having trouble seeing why it's acceptable to leak
> state
> >> from the foreign distro's user space into the container. Is there
> something
> >> I'm missing?
> >>
> >> Cheers,
> >>
> >> Jason
> >>
>
>

bug#43321: [PATCH] gnu: Fix a crash in NTP and Chrony.

[Leo Famulari]

I tested on bare metal and virtualized x86-64 with NTP.

The bug reporter [0] tested that the fix worked for Chrony.

Pushed as 898fbb60b2354e82e5b7f259b44dbfed112a83aa

[0] https://debbugs.gnu.org/cgi/bugreport.cgi?bug=43321#5


signature.asc
Description: PGP signature

bug#43291: ntp or nptd services on aarch64

[Leo Famulari]

On Wed, Sep 09, 2020 at 06:35:34PM +0700, Vtly Shtrv wrote:
> Hello Guixen.
> From the Guix System (aarch64) powering a RockPro64 SBC.
> 
> 
> What's broken:  ntp-service-type
> chrony
> 
> How it's broken:
> ntp-service-type segfaults (Mike seen).
> chrony segfaults:

I fixed a crash of Chrony and NTP with commit
898fbb60b2354e82e5b7f259b44dbfed112a83aa.

https://git.savannah.gnu.org/cgit/guix.git/commit/?id=898fbb60b2354e82e5b7f259b44dbfed112a83aa

Can you check if it fixes this bug for you?

bug#41575: [bug#43371] [PATCH] doc: prevent host/container nscd mismatch

[Ludovic Courtès]

Hi,

e...@beaver-labs.com skribis:

> doc/guix.texi: (Name Service Switch) add a workaround for bug #41575
> ---
>  doc/guix.texi | 16 +++-
>  1 file changed, 15 insertions(+), 1 deletion(-)
>
> diff --git a/doc/guix.texi b/doc/guix.texi
> index a6e14ea177..a9472e680e 100644
> --- a/doc/guix.texi
> +++ b/doc/guix.texi
> @@ -1706,6 +1706,20 @@ this binary incompatibility problem because those 
> @code{libnss_*.so}
>  files are loaded in the @command{nscd} process, not in applications
>  themselves.
>  
> +For applications running in containers (@pxref{Invokin guix container}),
> +however, @code{nscd} may leak information from the host to the container.
> +If there is a configuration mismatch between the two ---e.g., the host
> +has no @code{sshd} user while the container needs one--- then it may be

I find the example is hard to understand.  How about: “applications in
the container could end up looking users in the host”?

> +worthwhile to limit which kind of information the host's @code{nscd}
> +daemon may give to the container by adding the following to
> +@code{/etc/nscd.conf}.
> +
> +@example
> +enable-cachepasswd  no
> +enable-cachegroup   no
> +enable-cachenetgroupno
> +@end example

Actually, perhaps the better fix is to never use the host’s nscd?  We
could change ‘containerized-operating-system’ accordingly.

That would allow guest OSes to work correctly regardless of the host’s
nscd config, which seems like an improvement.

Thoughts?

Ludo’.

bug#43384: guix pull: backtrace "no route to host"

[Jan Wielkiewicz]

Hello, 
I tried running "guix pull" but it gave me a backtrace.

guix substitute: error: connect: No route to host
@ substituter-failed
/gnu/store/c4mzhay8jrg5r43wkn4f9004afvly0ad-po4a-0.57 256 fetching path
`/gnu/store/c4mzhay8jrg5r43wkn4f9004afvly0ad-po4a-0.57' failed with
exit code 1 @ substituter-started
/gnu/store/s6ha2sssblw06sjpw4zawzx98zwbj5m7-graphviz-2.42.3 substitute
killing process 6694 Backtrace: 11 (primitive-load
"/gnu/store/lardz9zqi5ypgrdrj6dyfgj9p3bca2ab-compute-guix-derivation")
In ice-9/eval.scm: 155:9 10 (_ _) 159:9  9 (_
#(#(#(#(#(#(#(#(#(#(#(#(#(# ?) ?)
?) ?) ?) ?) ?) ?) ?) ?) ?) ?) ?)) In ./guix/store.scm: 2042:24  8
(run-with-store # _
#:guile-for-build _ #:system _ #:target _) 1876:8  7 (_ _) In
./guix/gexp.scm: 244:18  6 (_ _)
   1064:2  5 (_ _)
924:2  4 (_ _)
785:4  3 (_ _)
In ./guix/store.scm:
  1924:12  2 (_ #)
   1357:5  1 (map/accumulate-builds # _ _) 1368:15  0 (_ # 7fe2f10265f0> _ _)

./guix/store.scm:1368:15: ERROR:
  1. &store-protocol-error:
  message: "some substitutes for the outputs of derivation
`/gnu/store/bxw2dzjmdrq7qmv0w1mpzqrkfqs9p7q2-po4a-0.57.drv' failed
(usually happens due to networking issues); try `--fallback' to build
derivation from source " status: 1 guix pull: error: You found a bug:
the program
'/gnu/store/lardz9zqi5ypgrdrj6dyfgj9p3bca2ab-compute-guix-derivation'
failed to compute the derivation for Guix (version:
"71992a532dd0bb88b39dda285482b332a24dae66"; system: "x86_64-linux";
host version: "1192ae940434808560b3170107e4ce44855816c3"; pull-version:
1). Please report it by email to .


Jan Wielkiewicz

bug#43387: sxiv package missing sxiv.desktop file

[bdju]

I need the sxiv.desktop file so that I can set it as the default program
in xdg to open jpg and png files.
guix (GNU Guix) 58a2c8084c66d9949933950fbf316eb95a46b1a4
sxiv 26

bug#43388: sxiv gif support is not working

[bdju]

You should be able to run `sxiv -a filename.gif` to view gifs, but I
just get an error:
sxiv: /home/user/picture.gif: Error opening image
sxiv: no more files to display, aborting

It works as expected on my friend's machine running Arch.

bug#41575: [bug#43371] [PATCH] doc: prevent host/container nscd mismatch

[conjaroy]

Hello Ludo',

A separate nscd per container also seems like a reasonable option. However,
for the sake of machines hosting many long-lived containers, perhaps we
should consider reducing the cache size: currently it's 32MB for each name
service type, with an expiration of 12-24 hours:

https://git.savannah.gnu.org/cgit/guix.git/tree/gnu/services/base.scm?id=1042d269a723360a02b19a2baafef1e24a3bfc73#n1115

Cheers,

Jason

On Sun, Sep 13, 2020 at 5:05 PM Ludovic Courtès  wrote:

> Hi,
>
> e...@beaver-labs.com skribis:
>
> > doc/guix.texi: (Name Service Switch) add a workaround for bug #41575
> > ---
> >  doc/guix.texi | 16 +++-
> >  1 file changed, 15 insertions(+), 1 deletion(-)
> >
> > diff --git a/doc/guix.texi b/doc/guix.texi
> > index a6e14ea177..a9472e680e 100644
> > --- a/doc/guix.texi
> > +++ b/doc/guix.texi
> > @@ -1706,6 +1706,20 @@ this binary incompatibility problem because those
> @code{libnss_*.so}
> >  files are loaded in the @command{nscd} process, not in applications
> >  themselves.
> >
> > +For applications running in containers (@pxref{Invokin guix container}),
> > +however, @code{nscd} may leak information from the host to the
> container.
> > +If there is a configuration mismatch between the two ---e.g., the host
> > +has no @code{sshd} user while the container needs one--- then it may be
>
> I find the example is hard to understand.  How about: “applications in
> the container could end up looking users in the host”?
>
> > +worthwhile to limit which kind of information the host's @code{nscd}
> > +daemon may give to the container by adding the following to
> > +@code{/etc/nscd.conf}.
> > +
> > +@example
> > +enable-cachepasswd  no
> > +enable-cachegroup   no
> > +enable-cachenetgroupno
> > +@end example
>
> Actually, perhaps the better fix is to never use the host’s nscd?  We
> could change ‘containerized-operating-system’ accordingly.
>
> That would allow guest OSes to work correctly regardless of the host’s
> nscd config, which seems like an improvement.
>
> Thoughts?
>
> Ludo’.
>

bug#43390: eudev should have ability to add a hwdb file

[Stefan Huchler]

There is a configuration field for udev rules:

https://guix.gnu.org/manual/en/html_node/Base-Services.html
udev-service [#:udev eudev #:rules '()]

But there is no configuration option to add a hwdb file.

I don't know if that matters but nixos has such option:
services.udev.extraHwdb

That's the hwdb file I want to add:
https://github.com/spiderbit/emacs-ergo-thinkpad-kb-layout/archive/master.zip

bug#43392: utmp file not correctly updated when logging out from xfce to sddm

[Jesse Gibbons]

To replicate:

From a fresh startup,

1. log in to the XFCE window manager from the SDDM display manager.

2. log out

3. In a virtual console, log in with the same user and run `who`

Expected results:

The value of $USER should be listed once, because it is officially 
logged in only once.


Actual results:

The value of $USER is listed twice, and one of them is not associated 
with a virtual console.


Notes:

The way coreutils knows who is logged in is by referencing a file, 
referenced as UTMP_FILE in the coreutils source code, which should keep 
track of user logins. My guess is that something is not updating it in 
this case.


My current system config is a bit messy, so I will work on making a 
minimalist config file that can replicate this bug.

bug#43388: sxiv gif support is not working

[Timotej Lazar]

"bdju" via Bug reports for GNU Guix  [2020-09-13 
17:08:21-0500]:
> You should be able to run `sxiv -a filename.gif` to view gifs, but I
> just get an error:
> sxiv: /home/user/picture.gif: Error opening image

I tried [1] and it works with `sxiv -a` here. What does `file picture.gif` say 
for your file?

[1] https://upload.wikimedia.org/wikipedia/commons/7/7e/Rotating_earth.gif