vm-image.tmpl: Do not leak local checkout URL.

Follow up of 94c9e53fa4 that made similar change, but in gnu/system/install.scm. Change local checkout url for the default channel url to ensure release images will not leak local checkout url. * gnu/system/examples/vm-image.tmpl: Change channel of ‘guix’ package to inherit from ‘%default-guix-channel’. Change-Id: I1c633b44cfa067cae1d2948e7e7ef6922995c27d Signed-off-by: Ludovic Courtès <ludo@gnu.org>
author: Rutherther <rutherther@ditigal.xyz> 2025-09-21 21:20:09 +0200
committer: Ludovic Courtès <ludo@gnu.org> 2025-10-21 16:30:23 +0200
commit: 4641d4bb8eab7d05b4915d20361d1902e1499d33 (patch)
tree: c8182ef829ce78c5a78330c90fccf147c79dd032 /gnu/system/examples/vm-image.tmpl
parent: 17f14d45f78ba87ff21c0f625613a8faa3523b6d (diff)
1 files changed, 23 insertions, 2 deletions
diff --git a/gnu/system/examples/vm-image.tmpl b/gnu/system/examples/vm-image.tmpl
index 205ae73a9fc..d3e70642b9e 100644
--- a/gnu/system/examples/vm-image.tmpl
+++ b/gnu/system/examples/vm-image.tmpl
@@ -5,7 +5,12 @@
 ;;   guix system reconfigure /etc/config.scm
 ;;
 
-(use-modules (gnu) (guix) (srfi srfi-1))
+(use-modules (gnu)
+             (guix)
+             (srfi srfi-1)
+             (ice-9 match)
+             (guix channels)
+             (gnu system image))
 (use-service-modules desktop mcron networking spice ssh xorg sddm)
 (use-package-modules bootloaders fonts
                      package-management xdisorg xorg)
@@ -25,6 +30,15 @@ Run '\x1b[1;37minfo guix\x1b[0m' to browse documentation.
 accounts.\x1b[0m
 "))
 
+(define (guix-package-commit guix)
+  ;; Extract the commit of the GUIX package.
+  (match (package-source guix)
+    ((? channel? source)
+     (channel-commit source))
+    (_
+     (apply (lambda* (#:key commit #:allow-other-keys) commit)
+            (package-arguments guix)))))
+
 (operating-system
   (host-name "gnu")
   (timezone "Etc/UTC")
@@ -123,7 +137,14 @@ root ALL=(ALL) ALL
                      (guix-service-type config =>
                                         (guix-configuration
                                          (inherit config)
-                                         (guix (current-guix))))))))
+                                         (guix
+                                          (let ((guix (current-guix)))
+                                            (package
+                                              (inherit guix)
+                                              ;; Do not leak the local checkout URL.
+                                              (source (channel
+                                                        (inherit %default-guix-channel)
+                                                        (commit (guix-package-commit guix)))))))))))))
 
   ;; Allow resolution of '.local' host names with mDNS.
   (name-service-switch %mdns-host-lookup-nss))
author	Rutherther <rutherther@ditigal.xyz>	2025-09-21 21:20:09 +0200
committer	Ludovic Courtès <ludo@gnu.org>	2025-10-21 16:30:23 +0200
commit	4641d4bb8eab7d05b4915d20361d1902e1499d33 (patch)
tree	c8182ef829ce78c5a78330c90fccf147c79dd032 /gnu/system/examples/vm-image.tmpl
parent	17f14d45f78ba87ff21c0f625613a8faa3523b6d (diff)