guix-commits
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

02/02: doc: Explain how to check whether security updates are used.


From: Ludovic Courtès
Subject: 02/02: doc: Explain how to check whether security updates are used.
Date: Sat, 05 Mar 2016 21:54:35 +0000

civodul pushed a commit to branch master
in repository guix.

commit 59a4dd509bdbaaf112e86d10cc43b45e68ddff0e
Author: Ludovic Courtès <address@hidden>
Date:   Sat Mar 5 22:34:46 2016 +0100

    doc: Explain how to check whether security updates are used.
    
    Based on
    <https://lists.gnu.org/archive/html/guix-devel/2016-03/msg00009.html>.
    
    * doc/guix.texi (Security Updates): Explain how to check whether we're
    using a grafted version.
---
 doc/guix.texi |   41 +++++++++++++++++++++++++++++++++++++++++
 1 files changed, 41 insertions(+), 0 deletions(-)

diff --git a/doc/guix.texi b/doc/guix.texi
index e67782a..0e8e5ad 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -10269,6 +10269,47 @@ Other restrictions may apply: for instance, when 
adding a graft to a
 package providing a shared library, the original shared library and its
 replacement must have the same @code{SONAME} and be binary-compatible.
 
+The @option{--no-grafts} command-line option allows you to forcefully
+avoid grafting (@pxref{Common Build Options, @option{--no-grafts}}).
+Thus, the command:
+
address@hidden
+guix build bash --no-grafts
address@hidden example
+
address@hidden
+returns the store file name of the original Bash, whereas:
+
address@hidden
+guix build bash
address@hidden example
+
address@hidden
+returns the store file name of the ``fixed'', replacement Bash.  This
+allows you to distinguish between the two variants of Bash.
+
+To verify which Bash your whole profile refers to, you can run
+(@pxref{Invoking guix gc}):
+
address@hidden
+guix gc -R `readlink -f ~/.guix-profile` | grep bash
address@hidden example
+
address@hidden
address@hidden and compare the store file names that you get with those above.
+Likewise for a complete GuixSD system generation:
+
address@hidden
+guix gc -R `guix system build my-config.scm` | grep bash
address@hidden example
+
+Lastly, to check which Bash running processes are using, you can use the
address@hidden command:
+
address@hidden
+lsof | grep /gnu/store/.*bash
address@hidden example
+
 
 @node Package Modules
 @section Package Modules



reply via email to

[Prev in Thread] Current Thread [Next in Thread]