Merge remote-tracking branch 'origin/version-1.2.0' into master
Conflicts: gnu/packages/bioinformatics.scm The python-pysam package fixed in master was kept instead of the update done in the version-1.2.0 branch.master
commit
129b9b16d9
|
@ -134,7 +134,6 @@
|
||||||
(eval . (put 'call-with-progress-reporter 'scheme-indent-function 1))
|
(eval . (put 'call-with-progress-reporter 'scheme-indent-function 1))
|
||||||
(eval . (put 'with-repository 'scheme-indent-function 2))
|
(eval . (put 'with-repository 'scheme-indent-function 2))
|
||||||
(eval . (put 'with-temporary-git-repository 'scheme-indent-function 2))
|
(eval . (put 'with-temporary-git-repository 'scheme-indent-function 2))
|
||||||
(eval . (put 'with-temporary-git-worktree 'scheme-indent-function 2))
|
|
||||||
(eval . (put 'with-environment-variables 'scheme-indent-function 1))
|
(eval . (put 'with-environment-variables 'scheme-indent-function 1))
|
||||||
(eval . (put 'with-fresh-gnupg-setup 'scheme-indent-function 1))
|
(eval . (put 'with-fresh-gnupg-setup 'scheme-indent-function 1))
|
||||||
|
|
||||||
|
|
23
Makefile.am
23
Makefile.am
|
@ -562,7 +562,7 @@ dist_zshcompletion_DATA = etc/completion/zsh/_guix
|
||||||
dist_fishcompletion_DATA = etc/completion/fish/guix.fish
|
dist_fishcompletion_DATA = etc/completion/fish/guix.fish
|
||||||
|
|
||||||
# SELinux policy
|
# SELinux policy
|
||||||
nodist_selinux_policy_DATA = etc/guix-daemon.cil.in
|
nodist_selinux_policy_DATA = etc/guix-daemon.cil
|
||||||
|
|
||||||
EXTRA_DIST += \
|
EXTRA_DIST += \
|
||||||
HACKING \
|
HACKING \
|
||||||
|
@ -570,6 +570,7 @@ EXTRA_DIST += \
|
||||||
TODO \
|
TODO \
|
||||||
CODE-OF-CONDUCT \
|
CODE-OF-CONDUCT \
|
||||||
.dir-locals.el \
|
.dir-locals.el \
|
||||||
|
.guix-authorizations \
|
||||||
.guix-channel \
|
.guix-channel \
|
||||||
scripts/guix.in \
|
scripts/guix.in \
|
||||||
etc/guix-install.sh \
|
etc/guix-install.sh \
|
||||||
|
@ -710,7 +711,7 @@ AM_DISTCHECK_CONFIGURE_FLAGS = \
|
||||||
ac_cv_guix_test_root="$(GUIX_TEST_ROOT)"
|
ac_cv_guix_test_root="$(GUIX_TEST_ROOT)"
|
||||||
|
|
||||||
# Name of the 'guix' package shipped in the binary tarball.
|
# Name of the 'guix' package shipped in the binary tarball.
|
||||||
GUIX_FOR_BINARY_TARBALL = guile3.0-guix
|
GUIX_FOR_BINARY_TARBALL = guix
|
||||||
|
|
||||||
# The self-contained tarball.
|
# The self-contained tarball.
|
||||||
guix-binary.%.tar.xz:
|
guix-binary.%.tar.xz:
|
||||||
|
@ -730,8 +731,8 @@ distcheck-hook: assert-binaries-available assert-final-inputs-self-contained
|
||||||
|
|
||||||
EXTRA_DIST += $(top_srcdir)/.version
|
EXTRA_DIST += $(top_srcdir)/.version
|
||||||
BUILT_SOURCES += $(top_srcdir)/.version
|
BUILT_SOURCES += $(top_srcdir)/.version
|
||||||
$(top_srcdir)/.version:
|
$(top_srcdir)/.version: config.status
|
||||||
echo $(VERSION) > "$@-t" && mv "$@-t" "$@"
|
$(AM_V_GEN)echo $(VERSION) > "$@-t" && mv "$@-t" "$@"
|
||||||
|
|
||||||
gen-tarball-version:
|
gen-tarball-version:
|
||||||
echo $(VERSION) > "$(distdir)/.tarball-version"
|
echo $(VERSION) > "$(distdir)/.tarball-version"
|
||||||
|
@ -826,9 +827,10 @@ release: dist-with-updated-version
|
||||||
$(MKDIR_P) "$(releasedir)"
|
$(MKDIR_P) "$(releasedir)"
|
||||||
rm -f "$(releasedir)"/*
|
rm -f "$(releasedir)"/*
|
||||||
mv $(SOURCE_TARBALLS) "$(releasedir)"
|
mv $(SOURCE_TARBALLS) "$(releasedir)"
|
||||||
$(top_builddir)/pre-inst-env "$(GUILE)" \
|
GUIX_ALLOW_ME_TO_USE_PRIVATE_COMMIT=yes \
|
||||||
$(top_srcdir)/build-aux/update-guix-package.scm \
|
$(top_builddir)/pre-inst-env "$(GUILE)" \
|
||||||
"`git rev-parse HEAD`" "$(PACKAGE_VERSION)"
|
$(top_srcdir)/build-aux/update-guix-package.scm \
|
||||||
|
"`git rev-parse HEAD`" "$(PACKAGE_VERSION)"
|
||||||
git add $(top_srcdir)/gnu/packages/package-management.scm
|
git add $(top_srcdir)/gnu/packages/package-management.scm
|
||||||
git commit -m "gnu: guix: Update to $(PACKAGE_VERSION)."
|
git commit -m "gnu: guix: Update to $(PACKAGE_VERSION)."
|
||||||
$(top_builddir)/pre-inst-env guix build $(GUIX_FOR_BINARY_TARBALL) \
|
$(top_builddir)/pre-inst-env guix build $(GUIX_FOR_BINARY_TARBALL) \
|
||||||
|
@ -840,9 +842,10 @@ release: dist-with-updated-version
|
||||||
mv "guix-binary.$$system.tar.xz" \
|
mv "guix-binary.$$system.tar.xz" \
|
||||||
"$(releasedir)/guix-binary-$(PACKAGE_VERSION).$$system.tar.xz" ; \
|
"$(releasedir)/guix-binary-$(PACKAGE_VERSION).$$system.tar.xz" ; \
|
||||||
done
|
done
|
||||||
$(top_builddir)/pre-inst-env "$(GUILE)" \
|
GUIX_ALLOW_ME_TO_USE_PRIVATE_COMMIT=yes \
|
||||||
$(top_srcdir)/build-aux/update-guix-package.scm \
|
$(top_builddir)/pre-inst-env "$(GUILE)" \
|
||||||
"`git rev-parse HEAD`"
|
$(top_srcdir)/build-aux/update-guix-package.scm \
|
||||||
|
"`git rev-parse HEAD`"
|
||||||
git add $(top_srcdir)/gnu/packages/package-management.scm
|
git add $(top_srcdir)/gnu/packages/package-management.scm
|
||||||
git commit -m "gnu: guix: Update to `git rev-parse HEAD | cut -c1-7`."
|
git commit -m "gnu: guix: Update to `git rev-parse HEAD | cut -c1-7`."
|
||||||
$(top_builddir)/pre-inst-env guix build guix \
|
$(top_builddir)/pre-inst-env guix build guix \
|
||||||
|
|
4
NEWS
4
NEWS
|
@ -60,6 +60,8 @@ Please send Guix bug reports to bug-guix@gnu.org.
|
||||||
*** ‘swap-devices’ field of ‘operating-system’ can contains UUIDs and labels
|
*** ‘swap-devices’ field of ‘operating-system’ can contains UUIDs and labels
|
||||||
*** Graphical installer uses UUIDs for unencrypted swap partitions
|
*** Graphical installer uses UUIDs for unencrypted swap partitions
|
||||||
*** Graphical installer now supports NTFS file systems
|
*** Graphical installer now supports NTFS file systems
|
||||||
|
*** File systems UUIDs and labels now recognized for F2FS and NTFS
|
||||||
|
*** Root file system can now be on NFS
|
||||||
*** New services
|
*** New services
|
||||||
|
|
||||||
autossh, ganeti, gmnisrv, guix-build-coordinator,
|
autossh, ganeti, gmnisrv, guix-build-coordinator,
|
||||||
|
@ -96,6 +98,8 @@ simulated-wifi, udev-rules, unattended-upgrade, webssh, zram
|
||||||
(<https://issues.guix.gnu.org/35394>)
|
(<https://issues.guix.gnu.org/35394>)
|
||||||
*** ‘guix system reconfigure’ now starts services not currently running
|
*** ‘guix system reconfigure’ now starts services not currently running
|
||||||
(<https://bugs.gnu.org/43720>)
|
(<https://bugs.gnu.org/43720>)
|
||||||
|
*** Desktop environments now detect newly installed applications
|
||||||
|
(<https://bugs.gnu.org/35594>)
|
||||||
*** Offloading and copying small items is now much faster
|
*** Offloading and copying small items is now much faster
|
||||||
(<https://issues.guix.gnu.org/43340>)
|
(<https://issues.guix.gnu.org/43340>)
|
||||||
*** GCC switched back to C_INCLUDE_PATH & co. from CPATH
|
*** GCC switched back to C_INCLUDE_PATH & co. from CPATH
|
||||||
|
|
|
@ -44,9 +44,6 @@
|
||||||
(define %top-srcdir
|
(define %top-srcdir
|
||||||
(string-append (current-source-directory) "/.."))
|
(string-append (current-source-directory) "/.."))
|
||||||
|
|
||||||
(define version-controlled?
|
|
||||||
(git-predicate %top-srcdir))
|
|
||||||
|
|
||||||
(define (package-definition-location)
|
(define (package-definition-location)
|
||||||
"Return the source properties of the definition of the 'guix' package."
|
"Return the source properties of the definition of the 'guix' package."
|
||||||
(call-with-input-file (location-file (package-location guix))
|
(call-with-input-file (location-file (package-location guix))
|
||||||
|
@ -114,8 +111,9 @@ COMMIT."
|
||||||
"Create a new git worktree at DIRECTORY, detached on commit COMMIT."
|
"Create a new git worktree at DIRECTORY, detached on commit COMMIT."
|
||||||
(invoke "git" "worktree" "add" "--detach" directory commit))
|
(invoke "git" "worktree" "add" "--detach" directory commit))
|
||||||
|
|
||||||
(define-syntax-rule (with-temporary-git-worktree commit body ...)
|
(define (call-with-temporary-git-worktree commit proc)
|
||||||
"Execute BODY in the context of a temporary git worktree created from COMMIT."
|
"Execute PROC in the context of a temporary git worktree created from
|
||||||
|
COMMIT. PROC receives the temporary directory file name as an argument."
|
||||||
(call-with-temporary-directory
|
(call-with-temporary-directory
|
||||||
(lambda (tmp-directory)
|
(lambda (tmp-directory)
|
||||||
(dynamic-wind
|
(dynamic-wind
|
||||||
|
@ -123,12 +121,12 @@ COMMIT."
|
||||||
#t)
|
#t)
|
||||||
(lambda ()
|
(lambda ()
|
||||||
(git-add-worktree tmp-directory commit)
|
(git-add-worktree tmp-directory commit)
|
||||||
(with-directory-excursion tmp-directory body ...))
|
(proc tmp-directory))
|
||||||
(lambda ()
|
(lambda ()
|
||||||
(invoke "git" "worktree" "remove" "--force" tmp-directory))))))
|
(invoke "git" "worktree" "remove" "--force" tmp-directory))))))
|
||||||
|
|
||||||
(define %savannah-guix-git-repo-push-url-regexp
|
(define %savannah-guix-git-repo-push-url-regexp
|
||||||
"git.(savannah|sv).gnu.org/srv/git/guix.git \\(push\\)")
|
"git.(savannah|sv).gnu.org:?/srv/git/guix.git \\(push\\)")
|
||||||
|
|
||||||
(define-syntax-rule (with-input-pipe-to-string prog arg ...)
|
(define-syntax-rule (with-input-pipe-to-string prog arg ...)
|
||||||
(let* ((input-pipe (open-pipe* OPEN_READ prog arg ...))
|
(let* ((input-pipe (open-pipe* OPEN_READ prog arg ...))
|
||||||
|
@ -156,27 +154,60 @@ COMMIT."
|
||||||
"git" "branch" "-r" "--contains" commit
|
"git" "branch" "-r" "--contains" commit
|
||||||
(string-append remote "/master")))))
|
(string-append remote "/master")))))
|
||||||
|
|
||||||
|
(define (keep-source-in-store store source)
|
||||||
|
"Add SOURCE to the store under the name that the 'guix' package expects."
|
||||||
|
|
||||||
|
;; Add SOURCE to the store, but this time under the real name used in the
|
||||||
|
;; 'origin'. This allows us to build the package without having to make a
|
||||||
|
;; real checkout; thus, it also works when working on a private branch.
|
||||||
|
(reload-module
|
||||||
|
(resolve-module '(gnu packages package-management)))
|
||||||
|
|
||||||
|
(let* ((source (add-to-store store
|
||||||
|
(origin-file-name (package-source guix))
|
||||||
|
#t "sha256" source
|
||||||
|
#:select? (git-predicate source)))
|
||||||
|
(root (store-path-package-name source)))
|
||||||
|
|
||||||
|
;; Add an indirect GC root for SOURCE in the current directory.
|
||||||
|
(false-if-exception (delete-file root))
|
||||||
|
(symlink source root)
|
||||||
|
(add-indirect-root store
|
||||||
|
(string-append (getcwd) "/" root))
|
||||||
|
|
||||||
|
(info (G_ "source code kept in ~a (GC root: ~a)~%")
|
||||||
|
source root)))
|
||||||
|
|
||||||
|
|
||||||
(define (main . args)
|
(define (main . args)
|
||||||
(match args
|
(match args
|
||||||
((commit version)
|
((commit version)
|
||||||
(with-directory-excursion %top-srcdir
|
(with-directory-excursion %top-srcdir
|
||||||
(or (getenv "GUIX_ALLOW_ME_TO_USE_PRIVATE_COMMIT")
|
(or (getenv "GUIX_ALLOW_ME_TO_USE_PRIVATE_COMMIT")
|
||||||
(commit-already-pushed? (find-origin-remote) commit)
|
(let ((remote (find-origin-remote)))
|
||||||
|
(unless remote
|
||||||
|
(leave (G_ "Failed to find the origin git remote.~%")))
|
||||||
|
(commit-already-pushed? remote commit))
|
||||||
(leave (G_ "Commit ~a is not pushed upstream. Aborting.~%") commit))
|
(leave (G_ "Commit ~a is not pushed upstream. Aborting.~%") commit))
|
||||||
(let* ((hash (with-temporary-git-worktree commit
|
(call-with-temporary-git-worktree commit
|
||||||
(nix-base32-string->bytevector
|
(lambda (tmp-directory)
|
||||||
(string-trim-both
|
(let* ((hash (nix-base32-string->bytevector
|
||||||
(with-output-to-string
|
(string-trim-both
|
||||||
(lambda ()
|
(with-output-to-string
|
||||||
(guix-hash "-rx" ".")))))))
|
(lambda ()
|
||||||
(location (package-definition-location))
|
(guix-hash "-rx" tmp-directory))))))
|
||||||
(old-hash (content-hash-value
|
(location (package-definition-location))
|
||||||
(origin-hash (package-source guix)))))
|
(old-hash (content-hash-value
|
||||||
(edit-expression location
|
(origin-hash (package-source guix)))))
|
||||||
(update-definition commit hash
|
(edit-expression location
|
||||||
#:old-hash old-hash
|
(update-definition commit hash
|
||||||
#:version version)))))
|
#:old-hash old-hash
|
||||||
|
#:version version))
|
||||||
|
;; When GUIX_ALLOW_ME_TO_USE_PRIVATE_COMMIT is set, the sources are
|
||||||
|
;; added to the store. This is used as part of 'make release'.
|
||||||
|
(when (getenv "GUIX_ALLOW_ME_TO_USE_PRIVATE_COMMIT")
|
||||||
|
(with-store store
|
||||||
|
(keep-source-in-store store tmp-directory))))))))
|
||||||
((commit)
|
((commit)
|
||||||
;; Automatically deduce the version and revision numbers.
|
;; Automatically deduce the version and revision numbers.
|
||||||
(main commit #f))))
|
(main commit #f))))
|
||||||
|
|
|
@ -1368,11 +1368,6 @@ commit that others can't refer to, a check is made that the commit used
|
||||||
has already been pushed to the Savannah-hosted Guix git repository.
|
has already been pushed to the Savannah-hosted Guix git repository.
|
||||||
|
|
||||||
This check can be disabled, @emph{at your own peril}, by setting the
|
This check can be disabled, @emph{at your own peril}, by setting the
|
||||||
@code{GUIX_ALLOW_ME_TO_USE_PRIVATE_COMMIT} environment variable.
|
@code{GUIX_ALLOW_ME_TO_USE_PRIVATE_COMMIT} environment variable. When
|
||||||
|
this variable is set, the updated package source is also added to the
|
||||||
To build the resulting 'guix' package when using a private commit, the
|
store. This is used as part of the release process of Guix.
|
||||||
following command can be used:
|
|
||||||
|
|
||||||
@example
|
|
||||||
./pre-inst-env guix build guix --with-git-url=guix=$PWD
|
|
||||||
@end example
|
|
||||||
|
|
|
@ -1,6 +1,8 @@
|
||||||
; -*- lisp -*-
|
; -*- lisp -*-
|
||||||
;;; GNU Guix --- Functional package management for GNU
|
;;; GNU Guix --- Functional package management for GNU
|
||||||
;;; Copyright © 2018 Ricardo Wurmus <rekado@elephly.net>
|
;;; Copyright © 2018 Ricardo Wurmus <rekado@elephly.net>
|
||||||
|
;;; Copyright © 2020 Daniel Brooks <db48x@db48x.net>
|
||||||
|
;;; Copyright © 2020 Marius Bakke <marius@gnu.org>
|
||||||
;;;
|
;;;
|
||||||
;;; This file is part of GNU Guix.
|
;;; This file is part of GNU Guix.
|
||||||
;;;
|
;;;
|
||||||
|
@ -21,6 +23,18 @@
|
||||||
;; Intermediate Language (CIL). It refers to types that must be defined in
|
;; Intermediate Language (CIL). It refers to types that must be defined in
|
||||||
;; the system's base policy.
|
;; the system's base policy.
|
||||||
|
|
||||||
|
;; If you, like me, need advice about fixing an SELinux policy, I recommend
|
||||||
|
;; reading https://danwalsh.livejournal.com/55324.html
|
||||||
|
|
||||||
|
;; In particular, you can run semanage permissive -a guix_daemon.guix_daemon_t
|
||||||
|
;; to allow guix-daemon to do whatever it wants. SELinux will still check its
|
||||||
|
;; permissions, and when it doesn't have permission it will still send an
|
||||||
|
;; audit message to your system logs. This lets you know what permissions it
|
||||||
|
;; ought to have. Use ausearch --raw to find the permissions violations, then
|
||||||
|
;; pipe that to audit2allow to generate an updated policy. You'll still need
|
||||||
|
;; to translate that policy into CIL in order to update this file, but that's
|
||||||
|
;; fairly straight-forward. Annoying, but easy.
|
||||||
|
|
||||||
(block guix_daemon
|
(block guix_daemon
|
||||||
;; Require existing types
|
;; Require existing types
|
||||||
(typeattributeset cil_gen_require init_t)
|
(typeattributeset cil_gen_require init_t)
|
||||||
|
@ -34,14 +48,19 @@
|
||||||
(roletype object_r guix_daemon_t)
|
(roletype object_r guix_daemon_t)
|
||||||
(type guix_daemon_conf_t)
|
(type guix_daemon_conf_t)
|
||||||
(roletype object_r guix_daemon_conf_t)
|
(roletype object_r guix_daemon_conf_t)
|
||||||
|
(typeattributeset file_type guix_daemon_conf_t)
|
||||||
(type guix_daemon_exec_t)
|
(type guix_daemon_exec_t)
|
||||||
(roletype object_r guix_daemon_exec_t)
|
(roletype object_r guix_daemon_exec_t)
|
||||||
|
(typeattributeset file_type guix_daemon_exec_t)
|
||||||
(type guix_daemon_socket_t)
|
(type guix_daemon_socket_t)
|
||||||
(roletype object_r guix_daemon_socket_t)
|
(roletype object_r guix_daemon_socket_t)
|
||||||
|
(typeattributeset file_type guix_daemon_socket_t)
|
||||||
(type guix_store_content_t)
|
(type guix_store_content_t)
|
||||||
(roletype object_r guix_store_content_t)
|
(roletype object_r guix_store_content_t)
|
||||||
|
(typeattributeset file_type guix_store_content_t)
|
||||||
(type guix_profiles_t)
|
(type guix_profiles_t)
|
||||||
(roletype object_r guix_profiles_t)
|
(roletype object_r guix_profiles_t)
|
||||||
|
(typeattributeset file_type guix_profiles_t)
|
||||||
|
|
||||||
;; These types are domains, thereby allowing process rules
|
;; These types are domains, thereby allowing process rules
|
||||||
(typeattributeset domain (guix_daemon_t guix_daemon_exec_t))
|
(typeattributeset domain (guix_daemon_t guix_daemon_exec_t))
|
||||||
|
@ -55,6 +74,30 @@
|
||||||
(typetransition guix_store_content_t guix_daemon_exec_t
|
(typetransition guix_store_content_t guix_daemon_exec_t
|
||||||
process guix_daemon_t)
|
process guix_daemon_t)
|
||||||
|
|
||||||
|
(roletype system_r guix_daemon_t)
|
||||||
|
|
||||||
|
;; allow init_t to read and execute guix files
|
||||||
|
(allow init_t
|
||||||
|
guix_profiles_t
|
||||||
|
(lnk_file (read)))
|
||||||
|
(allow init_t
|
||||||
|
guix_daemon_exec_t
|
||||||
|
(file (execute)))
|
||||||
|
(allow init_t
|
||||||
|
guix_daemon_t
|
||||||
|
(process (transition)))
|
||||||
|
(allow init_t
|
||||||
|
guix_store_content_t
|
||||||
|
(lnk_file (read)))
|
||||||
|
(allow init_t
|
||||||
|
guix_store_content_t
|
||||||
|
(file (open read execute)))
|
||||||
|
|
||||||
|
;; guix-daemon needs to know the names of users
|
||||||
|
(allow guix_daemon_t
|
||||||
|
passwd_file_t
|
||||||
|
(file (getattr open read)))
|
||||||
|
|
||||||
;; Permit communication with NSCD
|
;; Permit communication with NSCD
|
||||||
(allow guix_daemon_t
|
(allow guix_daemon_t
|
||||||
nscd_var_run_t
|
nscd_var_run_t
|
||||||
|
@ -71,25 +114,44 @@
|
||||||
(allow guix_daemon_t
|
(allow guix_daemon_t
|
||||||
nscd_t
|
nscd_t
|
||||||
(unix_stream_socket (connectto)))
|
(unix_stream_socket (connectto)))
|
||||||
|
(allow guix_daemon_t nscd_t
|
||||||
|
(nscd (getgrp gethost getpwd getserv shmemgrp shmemhost shmempwd shmemserv)))
|
||||||
|
|
||||||
|
;; permit downloading packages via HTTP(s)
|
||||||
|
(allow guix_daemon_t http_port_t
|
||||||
|
(tcp_socket (name_connect)))
|
||||||
|
(allow guix_daemon_t ftp_port_t
|
||||||
|
(tcp_socket (name_connect)))
|
||||||
|
(allow guix_daemon_t ephemeral_port_t
|
||||||
|
(tcp_socket (name_connect)))
|
||||||
|
|
||||||
;; Permit logging and temp file access
|
;; Permit logging and temp file access
|
||||||
(allow guix_daemon_t
|
(allow guix_daemon_t
|
||||||
tmp_t
|
tmp_t
|
||||||
(lnk_file (setattr unlink)))
|
(lnk_file (create rename setattr unlink)))
|
||||||
(allow guix_daemon_t
|
(allow guix_daemon_t
|
||||||
tmp_t
|
tmp_t
|
||||||
(dir (create
|
(file (link rename create execute execute_no_trans write unlink setattr map relabelto)))
|
||||||
rmdir
|
(allow guix_daemon_t
|
||||||
|
tmp_t
|
||||||
|
(fifo_file (open read write create getattr ioctl setattr unlink)))
|
||||||
|
(allow guix_daemon_t
|
||||||
|
tmp_t
|
||||||
|
(dir (create rename
|
||||||
|
rmdir relabelto
|
||||||
add_name remove_name
|
add_name remove_name
|
||||||
open read write
|
open read write
|
||||||
getattr setattr
|
getattr setattr
|
||||||
search)))
|
search)))
|
||||||
|
(allow guix_daemon_t
|
||||||
|
tmp_t
|
||||||
|
(sock_file (create getattr setattr unlink write)))
|
||||||
(allow guix_daemon_t
|
(allow guix_daemon_t
|
||||||
var_log_t
|
var_log_t
|
||||||
(file (create getattr open write)))
|
(file (create getattr open write)))
|
||||||
(allow guix_daemon_t
|
(allow guix_daemon_t
|
||||||
var_log_t
|
var_log_t
|
||||||
(dir (getattr write add_name)))
|
(dir (getattr create write add_name)))
|
||||||
(allow guix_daemon_t
|
(allow guix_daemon_t
|
||||||
var_run_t
|
var_run_t
|
||||||
(lnk_file (read)))
|
(lnk_file (read)))
|
||||||
|
@ -100,10 +162,10 @@
|
||||||
;; Spawning processes, execute helpers
|
;; Spawning processes, execute helpers
|
||||||
(allow guix_daemon_t
|
(allow guix_daemon_t
|
||||||
self
|
self
|
||||||
(process (fork)))
|
(process (fork execmem setrlimit setpgid setsched)))
|
||||||
(allow guix_daemon_t
|
(allow guix_daemon_t
|
||||||
guix_daemon_exec_t
|
guix_daemon_exec_t
|
||||||
(file (execute execute_no_trans read open)))
|
(file (execute execute_no_trans read open entrypoint map)))
|
||||||
|
|
||||||
;; TODO: unknown
|
;; TODO: unknown
|
||||||
(allow guix_daemon_t
|
(allow guix_daemon_t
|
||||||
|
@ -119,38 +181,51 @@
|
||||||
;; Build isolation
|
;; Build isolation
|
||||||
(allow guix_daemon_t
|
(allow guix_daemon_t
|
||||||
guix_store_content_t
|
guix_store_content_t
|
||||||
(file (mounton)))
|
(file (ioctl mounton)))
|
||||||
(allow guix_store_content_t
|
(allow guix_store_content_t
|
||||||
fs_t
|
fs_t
|
||||||
(filesystem (associate)))
|
(filesystem (associate)))
|
||||||
(allow guix_daemon_t
|
(allow guix_daemon_t
|
||||||
guix_store_content_t
|
guix_store_content_t
|
||||||
(dir (mounton)))
|
(dir (read mounton)))
|
||||||
(allow guix_daemon_t
|
(allow guix_daemon_t
|
||||||
guix_daemon_t
|
guix_daemon_t
|
||||||
(capability (net_admin
|
(capability (net_admin
|
||||||
fsetid fowner
|
fsetid fowner
|
||||||
chown setuid setgid
|
chown setuid setgid
|
||||||
dac_override dac_read_search
|
dac_override dac_read_search
|
||||||
sys_chroot)))
|
sys_chroot
|
||||||
|
sys_admin)))
|
||||||
(allow guix_daemon_t
|
(allow guix_daemon_t
|
||||||
fs_t
|
fs_t
|
||||||
(filesystem (unmount)))
|
(filesystem (unmount)))
|
||||||
|
(allow guix_daemon_t
|
||||||
|
devpts_t
|
||||||
|
(dir (search)))
|
||||||
(allow guix_daemon_t
|
(allow guix_daemon_t
|
||||||
devpts_t
|
devpts_t
|
||||||
(filesystem (mount)))
|
(filesystem (mount)))
|
||||||
(allow guix_daemon_t
|
(allow guix_daemon_t
|
||||||
devpts_t
|
devpts_t
|
||||||
(chr_file (setattr getattr)))
|
(chr_file (ioctl open read write setattr getattr)))
|
||||||
(allow guix_daemon_t
|
(allow guix_daemon_t
|
||||||
tmpfs_t
|
tmpfs_t
|
||||||
(filesystem (mount)))
|
(filesystem (getattr mount)))
|
||||||
(allow guix_daemon_t
|
(allow guix_daemon_t
|
||||||
tmpfs_t
|
tmpfs_t
|
||||||
(dir (getattr)))
|
(file (create open read unlink write)))
|
||||||
|
(allow guix_daemon_t
|
||||||
|
tmpfs_t
|
||||||
|
(dir (getattr add_name remove_name write)))
|
||||||
(allow guix_daemon_t
|
(allow guix_daemon_t
|
||||||
proc_t
|
proc_t
|
||||||
(filesystem (mount)))
|
(file (getattr open read)))
|
||||||
|
(allow guix_daemon_t
|
||||||
|
proc_t
|
||||||
|
(dir (read)))
|
||||||
|
(allow guix_daemon_t
|
||||||
|
proc_t
|
||||||
|
(filesystem (associate mount)))
|
||||||
(allow guix_daemon_t
|
(allow guix_daemon_t
|
||||||
null_device_t
|
null_device_t
|
||||||
(chr_file (getattr open read write)))
|
(chr_file (getattr open read write)))
|
||||||
|
@ -179,7 +254,7 @@
|
||||||
search rename
|
search rename
|
||||||
add_name remove_name
|
add_name remove_name
|
||||||
open write
|
open write
|
||||||
rmdir)))
|
rmdir relabelfrom)))
|
||||||
(allow guix_daemon_t
|
(allow guix_daemon_t
|
||||||
guix_store_content_t
|
guix_store_content_t
|
||||||
(file (create
|
(file (create
|
||||||
|
@ -189,7 +264,7 @@
|
||||||
link unlink
|
link unlink
|
||||||
map
|
map
|
||||||
rename
|
rename
|
||||||
open read write)))
|
open read write relabelfrom)))
|
||||||
(allow guix_daemon_t
|
(allow guix_daemon_t
|
||||||
guix_store_content_t
|
guix_store_content_t
|
||||||
(lnk_file (create
|
(lnk_file (create
|
||||||
|
@ -197,17 +272,23 @@
|
||||||
link unlink
|
link unlink
|
||||||
read
|
read
|
||||||
rename)))
|
rename)))
|
||||||
|
(allow guix_daemon_t
|
||||||
|
guix_store_content_t
|
||||||
|
(fifo_file (create getattr open read unlink write)))
|
||||||
|
(allow guix_daemon_t
|
||||||
|
guix_store_content_t
|
||||||
|
(sock_file (create getattr unlink write)))
|
||||||
|
|
||||||
;; Access to configuration files and directories
|
;; Access to configuration files and directories
|
||||||
(allow guix_daemon_t
|
(allow guix_daemon_t
|
||||||
guix_daemon_conf_t
|
guix_daemon_conf_t
|
||||||
(dir (search
|
(dir (search create
|
||||||
setattr getattr
|
setattr getattr
|
||||||
add_name remove_name
|
add_name remove_name
|
||||||
open read write)))
|
open read write)))
|
||||||
(allow guix_daemon_t
|
(allow guix_daemon_t
|
||||||
guix_daemon_conf_t
|
guix_daemon_conf_t
|
||||||
(file (create
|
(file (create rename
|
||||||
lock
|
lock
|
||||||
map
|
map
|
||||||
getattr setattr
|
getattr setattr
|
||||||
|
@ -216,11 +297,17 @@
|
||||||
(allow guix_daemon_t
|
(allow guix_daemon_t
|
||||||
guix_daemon_conf_t
|
guix_daemon_conf_t
|
||||||
(lnk_file (create getattr rename unlink)))
|
(lnk_file (create getattr rename unlink)))
|
||||||
|
(allow guix_daemon_t net_conf_t
|
||||||
|
(file (getattr open read)))
|
||||||
|
(allow guix_daemon_t net_conf_t
|
||||||
|
(lnk_file (read)))
|
||||||
|
(allow guix_daemon_t NetworkManager_var_run_t
|
||||||
|
(dir (search)))
|
||||||
|
|
||||||
;; Access to profiles
|
;; Access to profiles
|
||||||
(allow guix_daemon_t
|
(allow guix_daemon_t
|
||||||
guix_profiles_t
|
guix_profiles_t
|
||||||
(dir (getattr setattr read open)))
|
(dir (search getattr setattr read write open create add_name)))
|
||||||
(allow guix_daemon_t
|
(allow guix_daemon_t
|
||||||
guix_profiles_t
|
guix_profiles_t
|
||||||
(lnk_file (read getattr)))
|
(lnk_file (read getattr)))
|
||||||
|
@ -233,8 +320,22 @@
|
||||||
(allow guix_daemon_t
|
(allow guix_daemon_t
|
||||||
user_home_t
|
user_home_t
|
||||||
(dir (search)))
|
(dir (search)))
|
||||||
|
(allow guix_daemon_t
|
||||||
|
cache_home_t
|
||||||
|
(dir (search)))
|
||||||
|
|
||||||
|
;; self upgrades
|
||||||
|
(allow guix_daemon_t
|
||||||
|
self
|
||||||
|
(dir (add_name write)))
|
||||||
|
(allow guix_daemon_t
|
||||||
|
self
|
||||||
|
(netlink_route_socket (bind create getattr nlmsg_read read write)))
|
||||||
|
|
||||||
;; Socket operations
|
;; Socket operations
|
||||||
|
(allow guix_daemon_t
|
||||||
|
guix_daemon_socket_t
|
||||||
|
(sock_file (unlink)))
|
||||||
(allow guix_daemon_t
|
(allow guix_daemon_t
|
||||||
init_t
|
init_t
|
||||||
(fd (use)))
|
(fd (use)))
|
||||||
|
@ -253,12 +354,53 @@
|
||||||
read write
|
read write
|
||||||
connect bind accept
|
connect bind accept
|
||||||
getopt setopt)))
|
getopt setopt)))
|
||||||
|
(allow guix_daemon_t
|
||||||
|
self
|
||||||
|
(tcp_socket (accept listen bind connect create setopt getopt getattr ioctl read write shutdown)))
|
||||||
|
(allow guix_daemon_t
|
||||||
|
unreserved_port_t
|
||||||
|
(tcp_socket (name_bind name_connect accept listen)))
|
||||||
|
(allow guix_daemon_t
|
||||||
|
self
|
||||||
|
(udp_socket (connect getattr bind getopt setopt)))
|
||||||
(allow guix_daemon_t
|
(allow guix_daemon_t
|
||||||
self
|
self
|
||||||
(fifo_file (write read)))
|
(fifo_file (write read)))
|
||||||
(allow guix_daemon_t
|
(allow guix_daemon_t
|
||||||
self
|
self
|
||||||
(udp_socket (ioctl create)))
|
(udp_socket (ioctl create)))
|
||||||
|
(allow guix_daemon_t
|
||||||
|
self
|
||||||
|
(unix_stream_socket (connectto)))
|
||||||
|
|
||||||
|
(allow guix_daemon_t
|
||||||
|
node_t
|
||||||
|
(tcp_socket (node_bind)))
|
||||||
|
(allow guix_daemon_t
|
||||||
|
node_t
|
||||||
|
(udp_socket (node_bind)))
|
||||||
|
(allow guix_daemon_t
|
||||||
|
port_t
|
||||||
|
(tcp_socket (name_connect)))
|
||||||
|
(allow guix_daemon_t
|
||||||
|
rtp_media_port_t
|
||||||
|
(udp_socket (name_bind)))
|
||||||
|
(allow guix_daemon_t
|
||||||
|
vnc_port_t
|
||||||
|
(tcp_socket (name_bind)))
|
||||||
|
|
||||||
|
;; I guess sometimes it needs random numbers
|
||||||
|
(allow guix_daemon_t
|
||||||
|
random_device_t
|
||||||
|
(chr_file (read)))
|
||||||
|
|
||||||
|
;; guix system vm
|
||||||
|
(allow guix_daemon_t
|
||||||
|
kvm_device_t
|
||||||
|
(chr_file (ioctl open read write)))
|
||||||
|
(allow guix_daemon_t
|
||||||
|
kernel_t
|
||||||
|
(system (ipc_info)))
|
||||||
|
|
||||||
;; Label file system
|
;; Label file system
|
||||||
(filecon "@guix_sysconfdir@/guix(/.*)?"
|
(filecon "@guix_sysconfdir@/guix(/.*)?"
|
||||||
|
@ -277,5 +419,7 @@
|
||||||
file (system_u object_r guix_daemon_exec_t (low low)))
|
file (system_u object_r guix_daemon_exec_t (low low)))
|
||||||
(filecon "@storedir@/.+-(guix-.+|profile)/bin/guix-daemon"
|
(filecon "@storedir@/.+-(guix-.+|profile)/bin/guix-daemon"
|
||||||
file (system_u object_r guix_daemon_exec_t (low low)))
|
file (system_u object_r guix_daemon_exec_t (low low)))
|
||||||
|
(filecon "@storedir@/[a-z0-9]+-guix-daemon"
|
||||||
|
file (system_u object_r guix_daemon_exec_t (low low)))
|
||||||
(filecon "@guix_localstatedir@/guix/daemon-socket/socket"
|
(filecon "@guix_localstatedir@/guix/daemon-socket/socket"
|
||||||
any (system_u object_r guix_daemon_socket_t (low low))))
|
any (system_u object_r guix_daemon_socket_t (low low))))
|
||||||
|
|
|
@ -1054,6 +1054,7 @@ dist_patch_DATA = \
|
||||||
%D%/packages/patches/ghostscript-no-header-id.patch \
|
%D%/packages/patches/ghostscript-no-header-id.patch \
|
||||||
%D%/packages/patches/ghostscript-no-header-uuid.patch \
|
%D%/packages/patches/ghostscript-no-header-uuid.patch \
|
||||||
%D%/packages/patches/ghostscript-no-header-creationdate.patch \
|
%D%/packages/patches/ghostscript-no-header-creationdate.patch \
|
||||||
|
%D%/packages/patches/glib-appinfo-watch.patch \
|
||||||
%D%/packages/patches/glib-tests-timer.patch \
|
%D%/packages/patches/glib-tests-timer.patch \
|
||||||
%D%/packages/patches/glibc-CVE-2018-11236.patch \
|
%D%/packages/patches/glibc-CVE-2018-11236.patch \
|
||||||
%D%/packages/patches/glibc-CVE-2018-11237.patch \
|
%D%/packages/patches/glibc-CVE-2018-11237.patch \
|
||||||
|
|
|
@ -181,6 +181,7 @@ shared NFS home directories.")
|
||||||
(package
|
(package
|
||||||
(name "glib")
|
(name "glib")
|
||||||
(version "2.62.6")
|
(version "2.62.6")
|
||||||
|
(replacement glib-with-gio-patch)
|
||||||
(source (origin
|
(source (origin
|
||||||
(method url-fetch)
|
(method url-fetch)
|
||||||
(uri (string-append "mirror://gnome/sources/"
|
(uri (string-append "mirror://gnome/sources/"
|
||||||
|
@ -387,11 +388,20 @@ dynamic loading, and an object system.")
|
||||||
(home-page "https://developer.gnome.org/glib/")
|
(home-page "https://developer.gnome.org/glib/")
|
||||||
(license license:lgpl2.1+)))
|
(license license:lgpl2.1+)))
|
||||||
|
|
||||||
|
(define glib-with-gio-patch
|
||||||
|
;; GLib with a fix for <https://bugs.gnu.org/35594>.
|
||||||
|
;; TODO: Fold into 'glib' above in the next rebuild cycle.
|
||||||
|
(package
|
||||||
|
(inherit glib)
|
||||||
|
(source (origin
|
||||||
|
(inherit (package-source glib))
|
||||||
|
(patches (cons (search-patch "glib-appinfo-watch.patch")
|
||||||
|
(origin-patches (package-source glib))))))))
|
||||||
|
|
||||||
(define-public glib-with-documentation
|
(define-public glib-with-documentation
|
||||||
;; glib's doc must be built in a separate package since it requires gtk-doc,
|
;; glib's doc must be built in a separate package since it requires gtk-doc,
|
||||||
;; which in turn depends on glib.
|
;; which in turn depends on glib.
|
||||||
(package
|
(package/inherit glib
|
||||||
(inherit glib)
|
|
||||||
(properties (alist-delete 'hidden? (package-properties glib)))
|
(properties (alist-delete 'hidden? (package-properties glib)))
|
||||||
(outputs (cons "doc" (package-outputs glib))) ; 20 MiB of GTK-Doc reference
|
(outputs (cons "doc" (package-outputs glib))) ; 20 MiB of GTK-Doc reference
|
||||||
(native-inputs
|
(native-inputs
|
||||||
|
|
|
@ -130,9 +130,9 @@
|
||||||
;; Latest version of Guix, which may or may not correspond to a release.
|
;; Latest version of Guix, which may or may not correspond to a release.
|
||||||
;; Note: the 'update-guix-package.scm' script expects this definition to
|
;; Note: the 'update-guix-package.scm' script expects this definition to
|
||||||
;; start precisely like this.
|
;; start precisely like this.
|
||||||
(let ((version "1.1.0")
|
(let ((version "1.2.0rc1")
|
||||||
(commit "5e7cf66fb35780f930ad0bc5fe21ac330df4411d")
|
(commit "3ba6ffd0dd092ae879d014e4971989f231eaa56d")
|
||||||
(revision 32))
|
(revision 1))
|
||||||
(package
|
(package
|
||||||
(name "guix")
|
(name "guix")
|
||||||
|
|
||||||
|
@ -148,7 +148,7 @@
|
||||||
(commit commit)))
|
(commit commit)))
|
||||||
(sha256
|
(sha256
|
||||||
(base32
|
(base32
|
||||||
"15clfjp845gvl0p6qw0b1gdibqfq20zwzr6dbxvq8l9fgzj1kb6b"))
|
"1wa67gdipmzqr400hp0cw5ih0rlfvj345h65rqbk9s4g3bkg38hm"))
|
||||||
(file-name (string-append "guix-" version "-checkout"))))
|
(file-name (string-append "guix-" version "-checkout"))))
|
||||||
(build-system gnu-build-system)
|
(build-system gnu-build-system)
|
||||||
(arguments
|
(arguments
|
||||||
|
@ -336,7 +336,13 @@ $(prefix)/etc/init.d\n")))
|
||||||
(let ((bash (assoc-ref inputs "bash")))
|
(let ((bash (assoc-ref inputs "bash")))
|
||||||
(substitute* (string-append out "/bin/guix")
|
(substitute* (string-append out "/bin/guix")
|
||||||
(("^#!.*/bash") (string-append "#! " bash "/bin/bash")))))
|
(("^#!.*/bash") (string-append "#! " bash "/bin/bash")))))
|
||||||
#t))))))
|
#t)))
|
||||||
|
|
||||||
|
;; The 'guix' executable has 'OUT/libexec/guix/guile' has
|
||||||
|
;; its shebang; that should remain unchanged, thus remove
|
||||||
|
;; the 'patch-shebangs' phase, which would otherwise
|
||||||
|
;; change it to 'GUILE/bin/guile'.
|
||||||
|
(delete 'patch-shebangs))))
|
||||||
(native-inputs `(("pkg-config" ,pkg-config)
|
(native-inputs `(("pkg-config" ,pkg-config)
|
||||||
|
|
||||||
;; Guile libraries are needed here for
|
;; Guile libraries are needed here for
|
||||||
|
|
|
@ -0,0 +1,92 @@
|
||||||
|
This patch lets GLib's GDesktopAppInfo API watch and notice changes
|
||||||
|
to the Guix user and system profiles. That way, the list of available
|
||||||
|
applications shown by the desktop environment is immediately updated
|
||||||
|
when the user runs "guix install", "guix remove", or "guix system
|
||||||
|
reconfigure" (see <https://issues.guix.gnu.org/35594>).
|
||||||
|
|
||||||
|
It does so by monitoring /var/guix/profiles (for changes to the system
|
||||||
|
profile) and /var/guix/profiles/per-user/USER (for changes to the user
|
||||||
|
profile) and crawling their share/applications sub-directory when
|
||||||
|
changes happen.
|
||||||
|
|
||||||
|
diff --git a/gio/gdesktopappinfo.c b/gio/gdesktopappinfo.c
|
||||||
|
index f1e2fdd..095c110 100644
|
||||||
|
--- a/gio/gdesktopappinfo.c
|
||||||
|
+++ b/gio/gdesktopappinfo.c
|
||||||
|
@@ -148,6 +148,7 @@ typedef struct
|
||||||
|
gchar *alternatively_watching;
|
||||||
|
gboolean is_config;
|
||||||
|
gboolean is_setup;
|
||||||
|
+ gchar *guix_profile_watch_dir;
|
||||||
|
GFileMonitor *monitor;
|
||||||
|
GHashTable *app_names;
|
||||||
|
GHashTable *mime_tweaks;
|
||||||
|
@@ -180,6 +181,7 @@ desktop_file_dir_unref (DesktopFileDir *dir)
|
||||||
|
{
|
||||||
|
desktop_file_dir_reset (dir);
|
||||||
|
g_free (dir->path);
|
||||||
|
+ g_free (dir->guix_profile_watch_dir);
|
||||||
|
g_free (dir);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
@@ -204,6 +206,13 @@ desktop_file_dir_get_alternative_dir (DesktopFileDir *dir)
|
||||||
|
{
|
||||||
|
gchar *parent;
|
||||||
|
|
||||||
|
+ /* If DIR is a profile, watch the specified directory--e.g.,
|
||||||
|
+ * /var/guix/profiles/per-user/$USER/ for the user profile. Do not watch
|
||||||
|
+ * ~/.guix-profile or /run/current-system/profile because GFileMonitor does
|
||||||
|
+ * not pass IN_DONT_FOLLOW and thus cannot notice any change. */
|
||||||
|
+ if (dir->guix_profile_watch_dir != NULL)
|
||||||
|
+ return g_strdup (dir->guix_profile_watch_dir);
|
||||||
|
+
|
||||||
|
/* If the directory itself exists then we need no alternative. */
|
||||||
|
if (g_access (dir->path, R_OK | X_OK) == 0)
|
||||||
|
return NULL;
|
||||||
|
@@ -249,11 +258,11 @@ desktop_file_dir_changed (GFileMonitor *monitor,
|
||||||
|
*
|
||||||
|
* If this is a notification for a parent directory (because the
|
||||||
|
* desktop directory didn't exist) then we shouldn't fire the signal
|
||||||
|
- * unless something actually changed.
|
||||||
|
+ * unless something actually changed or it's in /var/guix/profiles.
|
||||||
|
*/
|
||||||
|
g_mutex_lock (&desktop_file_dir_lock);
|
||||||
|
|
||||||
|
- if (dir->alternatively_watching)
|
||||||
|
+ if (dir->alternatively_watching && dir->guix_profile_watch_dir == NULL)
|
||||||
|
{
|
||||||
|
gchar *alternative_dir;
|
||||||
|
|
||||||
|
@@ -1555,6 +1564,32 @@ desktop_file_dirs_lock (void)
|
||||||
|
for (i = 0; dirs[i]; i++)
|
||||||
|
g_ptr_array_add (desktop_file_dirs, desktop_file_dir_new (dirs[i]));
|
||||||
|
|
||||||
|
+ {
|
||||||
|
+ /* Monitor the system and user profile under /var/guix/profiles and
|
||||||
|
+ * treat modifications to them as if they were modifications to their
|
||||||
|
+ * /share sub-directory. */
|
||||||
|
+ const gchar *user;
|
||||||
|
+ DesktopFileDir *system_profile_dir, *user_profile_dir;
|
||||||
|
+
|
||||||
|
+ system_profile_dir =
|
||||||
|
+ desktop_file_dir_new ("/var/guix/profiles/system/profile/share");
|
||||||
|
+ system_profile_dir->guix_profile_watch_dir = g_strdup ("/var/guix/profiles");
|
||||||
|
+ g_ptr_array_add (desktop_file_dirs, desktop_file_dir_ref (system_profile_dir));
|
||||||
|
+
|
||||||
|
+ user = g_get_user_name ();
|
||||||
|
+ if (user != NULL)
|
||||||
|
+ {
|
||||||
|
+ gchar *profile_dir, *user_data_dir;
|
||||||
|
+
|
||||||
|
+ profile_dir = g_build_filename ("/var/guix/profiles/per-user", user, NULL);
|
||||||
|
+ user_data_dir = g_build_filename (profile_dir, "guix-profile", "share", NULL);
|
||||||
|
+ user_profile_dir = desktop_file_dir_new (user_data_dir);
|
||||||
|
+ user_profile_dir->guix_profile_watch_dir = profile_dir;
|
||||||
|
+ g_ptr_array_add (desktop_file_dirs, desktop_file_dir_ref (user_profile_dir));
|
||||||
|
+ g_free (user_data_dir);
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
/* The list of directories will never change after this, unless
|
||||||
|
* g_get_user_config_dir() changes due to %G_TEST_OPTION_ISOLATE_DIRS. */
|
||||||
|
desktop_file_dirs_config_dir = user_config_dir;
|
|
@ -26,7 +26,7 @@
|
||||||
;;; Copyright © 2018 Tomáš Čech <sleep_walker@gnu.org>
|
;;; Copyright © 2018 Tomáš Čech <sleep_walker@gnu.org>
|
||||||
;;; Copyright © 2018, 2019 Nicolas Goaziou <mail@nicolasgoaziou.fr>
|
;;; Copyright © 2018, 2019 Nicolas Goaziou <mail@nicolasgoaziou.fr>
|
||||||
;;; Copyright © 2018 Mathieu Othacehe <m.othacehe@gmail.com>
|
;;; Copyright © 2018 Mathieu Othacehe <m.othacehe@gmail.com>
|
||||||
;;; Copyright © 2018 Maxim Cournoyer <maxim.cournoyer@gmail.com>
|
;;; Copyright © 2018, 2020 Maxim Cournoyer <maxim.cournoyer@gmail.com>
|
||||||
;;; Copyright © 2019 Vagrant Cascadian <vagrant@debian.org>
|
;;; Copyright © 2019 Vagrant Cascadian <vagrant@debian.org>
|
||||||
;;; Copyright © 2019 Brendan Tildesley <mail@brendan.scot>
|
;;; Copyright © 2019 Brendan Tildesley <mail@brendan.scot>
|
||||||
;;; Copyright © 2019 Pierre Langlois <pierre.langlois@gmx.com>
|
;;; Copyright © 2019 Pierre Langlois <pierre.langlois@gmx.com>
|
||||||
|
@ -2893,21 +2893,30 @@ pretty printer and a tree visitor.")
|
||||||
(name "python-flask-basicauth")
|
(name "python-flask-basicauth")
|
||||||
(version "0.2.0")
|
(version "0.2.0")
|
||||||
(source
|
(source
|
||||||
(origin
|
(origin
|
||||||
(method url-fetch)
|
(method url-fetch)
|
||||||
(uri (pypi-uri "Flask-BasicAuth" version))
|
(uri (pypi-uri "Flask-BasicAuth" version))
|
||||||
(sha256
|
(sha256
|
||||||
(base32
|
(base32
|
||||||
"1zq1spkjr4sjdnalpp8wl242kdqyk6fhbnhr8hi4r4f0km4bspnz"))))
|
"1zq1spkjr4sjdnalpp8wl242kdqyk6fhbnhr8hi4r4f0km4bspnz"))))
|
||||||
(build-system python-build-system)
|
(build-system python-build-system)
|
||||||
|
(arguments
|
||||||
|
`(#:phases (modify-phases %standard-phases
|
||||||
|
(add-after 'unpack 'fix-imports
|
||||||
|
(lambda _
|
||||||
|
(substitute* '("docs/index.rst"
|
||||||
|
"docs/conf.py"
|
||||||
|
"flask_basicauth.py"
|
||||||
|
"test_basicauth.py")
|
||||||
|
(("flask\\.ext\\.basicauth")
|
||||||
|
"flask_basicauth"))
|
||||||
|
#t)))))
|
||||||
(propagated-inputs
|
(propagated-inputs
|
||||||
`(("python-flask" ,python-flask)))
|
`(("python-flask" ,python-flask)))
|
||||||
(home-page
|
(home-page "https://github.com/jpvanhal/flask-basicauth")
|
||||||
"https://github.com/jpvanhal/flask-basicauth")
|
(synopsis "HTTP basic access authentication for Flask")
|
||||||
(synopsis
|
|
||||||
"HTTP basic access authentication for Flask")
|
|
||||||
(description
|
(description
|
||||||
"This package provides HTTP basic access authentication for Flask.")
|
"This package provides HTTP basic access authentication for Flask.")
|
||||||
(license license:bsd-3)))
|
(license license:bsd-3)))
|
||||||
|
|
||||||
(define-public python-flask-htpasswd
|
(define-public python-flask-htpasswd
|
||||||
|
|
|
@ -106,6 +106,12 @@
|
||||||
agetty-service-type
|
agetty-service-type
|
||||||
|
|
||||||
mingetty-configuration
|
mingetty-configuration
|
||||||
|
mingetty-configuration-tty
|
||||||
|
mingetty-configuration-auto-login
|
||||||
|
mingetty-configuration-login-program
|
||||||
|
mingetty-configuration-login-pause?
|
||||||
|
mingetty-configuration-clear-on-logout?
|
||||||
|
mingetty-configuration-mingetty
|
||||||
mingetty-configuration?
|
mingetty-configuration?
|
||||||
mingetty-service
|
mingetty-service
|
||||||
mingetty-service-type
|
mingetty-service-type
|
||||||
|
@ -285,8 +291,19 @@ This service must be the root of the service dependency graph so that its
|
||||||
(define (file-system->shepherd-service-name file-system)
|
(define (file-system->shepherd-service-name file-system)
|
||||||
"Return the symbol that denotes the service mounting and unmounting
|
"Return the symbol that denotes the service mounting and unmounting
|
||||||
FILE-SYSTEM."
|
FILE-SYSTEM."
|
||||||
(symbol-append 'file-system-
|
(define valid-characters
|
||||||
(string->symbol (file-system-mount-point file-system))))
|
;; Valid store characters; see 'checkStoreName' in the daemon.
|
||||||
|
(string->char-set
|
||||||
|
"0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz+-._?="))
|
||||||
|
|
||||||
|
(define mount-point
|
||||||
|
(string-map (lambda (chr)
|
||||||
|
(if (char-set-contains? valid-characters chr)
|
||||||
|
chr
|
||||||
|
#\-))
|
||||||
|
(file-system-mount-point file-system)))
|
||||||
|
|
||||||
|
(symbol-append 'file-system- (string->symbol mount-point)))
|
||||||
|
|
||||||
(define (mapped-device->shepherd-service-name md)
|
(define (mapped-device->shepherd-service-name md)
|
||||||
"Return the symbol that denotes the shepherd service of MD, a <mapped-device>."
|
"Return the symbol that denotes the shepherd service of MD, a <mapped-device>."
|
||||||
|
|
|
@ -51,7 +51,9 @@
|
||||||
#:use-module ((guix progress) #:select (current-terminal-columns))
|
#:use-module ((guix progress) #:select (current-terminal-columns))
|
||||||
#:use-module ((guix build syscalls) #:select (terminal-columns))
|
#:use-module ((guix build syscalls) #:select (terminal-columns))
|
||||||
#:use-module (guix transformations)
|
#:use-module (guix transformations)
|
||||||
#:export (%standard-build-options
|
#:export (log-url
|
||||||
|
|
||||||
|
%standard-build-options
|
||||||
set-build-options-from-command-line
|
set-build-options-from-command-line
|
||||||
set-build-options-from-command-line*
|
set-build-options-from-command-line*
|
||||||
show-build-options-help
|
show-build-options-help
|
||||||
|
|
|
@ -59,11 +59,16 @@
|
||||||
#:use-module (srfi srfi-37)
|
#:use-module (srfi srfi-37)
|
||||||
#:use-module (ice-9 match)
|
#:use-module (ice-9 match)
|
||||||
#:export (compressor?
|
#:export (compressor?
|
||||||
|
compressor-name
|
||||||
|
compressor-extenstion
|
||||||
|
compressor-command
|
||||||
|
%compressors
|
||||||
lookup-compressor
|
lookup-compressor
|
||||||
self-contained-tarball
|
self-contained-tarball
|
||||||
docker-image
|
docker-image
|
||||||
squashfs-image
|
squashfs-image
|
||||||
|
|
||||||
|
%formats
|
||||||
guix-pack))
|
guix-pack))
|
||||||
|
|
||||||
;; Type of a compression tool.
|
;; Type of a compression tool.
|
||||||
|
|
|
@ -2,6 +2,7 @@
|
||||||
;;; Copyright © 2015 David Thompson <davet@gnu.org>
|
;;; Copyright © 2015 David Thompson <davet@gnu.org>
|
||||||
;;; Copyright © 2020 by Amar M. Singh <nly@disroot.org>
|
;;; Copyright © 2020 by Amar M. Singh <nly@disroot.org>
|
||||||
;;; Copyright © 2015, 2016, 2017, 2018, 2019, 2020 Ludovic Courtès <ludo@gnu.org>
|
;;; Copyright © 2015, 2016, 2017, 2018, 2019, 2020 Ludovic Courtès <ludo@gnu.org>
|
||||||
|
;;; Copyright © 2020 Maxim Cournoyer <maxim.cournoyer@gmail.com>
|
||||||
;;;
|
;;;
|
||||||
;;; This file is part of GNU Guix.
|
;;; This file is part of GNU Guix.
|
||||||
;;;
|
;;;
|
||||||
|
@ -250,6 +251,21 @@ usage."
|
||||||
("WantMassQuery" . 0)
|
("WantMassQuery" . 0)
|
||||||
("Priority" . 100)))
|
("Priority" . 100)))
|
||||||
|
|
||||||
|
;;; A common buffer size value used for the TCP socket SO_SNDBUF option and
|
||||||
|
;;; the gzip compressor buffer size.
|
||||||
|
(define %default-buffer-size
|
||||||
|
(* 208 1024))
|
||||||
|
|
||||||
|
(define %default-socket-options
|
||||||
|
;; List of options passed to 'setsockopt' when transmitting files.
|
||||||
|
(list (list SO_SNDBUF %default-buffer-size)))
|
||||||
|
|
||||||
|
(define* (configure-socket socket #:key (level SOL_SOCKET)
|
||||||
|
(options %default-socket-options))
|
||||||
|
"Apply multiple option tuples in OPTIONS to SOCKET, using LEVEL."
|
||||||
|
(for-each (cut apply setsockopt socket level <>)
|
||||||
|
options))
|
||||||
|
|
||||||
(define (signed-string s)
|
(define (signed-string s)
|
||||||
"Sign the hash of the string S with the daemon's key. Return a canonical
|
"Sign the hash of the string S with the daemon's key. Return a canonical
|
||||||
sexp for the signature."
|
sexp for the signature."
|
||||||
|
@ -569,7 +585,7 @@ requested using POOL."
|
||||||
(lambda (port)
|
(lambda (port)
|
||||||
(write-file item port))
|
(write-file item port))
|
||||||
#:level (compression-level compression)
|
#:level (compression-level compression)
|
||||||
#:buffer-size (* 128 1024))
|
#:buffer-size %default-buffer-size)
|
||||||
(rename-file (string-append nar ".tmp") nar))
|
(rename-file (string-append nar ".tmp") nar))
|
||||||
('lzip
|
('lzip
|
||||||
;; Note: the file port gets closed along with the lzip port.
|
;; Note: the file port gets closed along with the lzip port.
|
||||||
|
@ -866,7 +882,7 @@ or if EOF is reached."
|
||||||
;; 'make-gzip-output-port' wants a file port.
|
;; 'make-gzip-output-port' wants a file port.
|
||||||
(make-gzip-output-port (response-port response)
|
(make-gzip-output-port (response-port response)
|
||||||
#:level level
|
#:level level
|
||||||
#:buffer-size (* 64 1024)))
|
#:buffer-size %default-buffer-size))
|
||||||
(($ <compression> 'lzip level)
|
(($ <compression> 'lzip level)
|
||||||
(make-lzip-output-port (response-port response)
|
(make-lzip-output-port (response-port response)
|
||||||
#:level level))
|
#:level level))
|
||||||
|
@ -891,8 +907,7 @@ blocking."
|
||||||
client))
|
client))
|
||||||
(port (begin
|
(port (begin
|
||||||
(force-output client)
|
(force-output client)
|
||||||
(setsockopt client SOL_SOCKET
|
(configure-socket client)
|
||||||
SO_SNDBUF (* 128 1024))
|
|
||||||
(nar-response-port response compression))))
|
(nar-response-port response compression))))
|
||||||
;; XXX: Given our ugly workaround for <http://bugs.gnu.org/21093> in
|
;; XXX: Given our ugly workaround for <http://bugs.gnu.org/21093> in
|
||||||
;; 'render-nar', BODY here is just the file name of the store item.
|
;; 'render-nar', BODY here is just the file name of the store item.
|
||||||
|
@ -922,7 +937,7 @@ blocking."
|
||||||
size)
|
size)
|
||||||
client))
|
client))
|
||||||
(output (response-port response)))
|
(output (response-port response)))
|
||||||
(setsockopt client SOL_SOCKET SO_SNDBUF (* 128 1024))
|
(configure-socket client)
|
||||||
(if (file-port? output)
|
(if (file-port? output)
|
||||||
(sendfile output input size)
|
(sendfile output input size)
|
||||||
(dump-port input output))
|
(dump-port input output))
|
||||||
|
@ -1067,7 +1082,8 @@ methods, return the applicable compression."
|
||||||
(define (open-server-socket address)
|
(define (open-server-socket address)
|
||||||
"Return a TCP socket bound to ADDRESS, a socket address."
|
"Return a TCP socket bound to ADDRESS, a socket address."
|
||||||
(let ((sock (socket (sockaddr:fam address) SOCK_STREAM 0)))
|
(let ((sock (socket (sockaddr:fam address) SOCK_STREAM 0)))
|
||||||
(setsockopt sock SOL_SOCKET SO_REUSEADDR 1)
|
(configure-socket sock #:options (cons (list SO_REUSEADDR 1)
|
||||||
|
%default-socket-options))
|
||||||
(bind sock address)
|
(bind sock address)
|
||||||
sock))
|
sock))
|
||||||
|
|
||||||
|
|
|
@ -385,7 +385,7 @@ previous generation. Return true if there are news to display."
|
||||||
(and=> (relative-generation profile -1)
|
(and=> (relative-generation profile -1)
|
||||||
(cut generation-file-name profile <>)))
|
(cut generation-file-name profile <>)))
|
||||||
|
|
||||||
(when previous
|
(and previous
|
||||||
(let ((old-channels (profile-channels previous))
|
(let ((old-channels (profile-channels previous))
|
||||||
(new-channels (profile-channels profile)))
|
(new-channels (profile-channels profile)))
|
||||||
;; Find the channels present in both PROFILE and PREVIOUS, and print
|
;; Find the channels present in both PROFILE and PREVIOUS, and print
|
||||||
|
|
|
@ -400,6 +400,12 @@ a list of extra files, such as '(\"contributing\")."
|
||||||
(find-files directory
|
(find-files directory
|
||||||
"\\.[a-z]{2}(_[A-Z]{2})?\\.po$")))
|
"\\.[a-z]{2}(_[A-Z]{2})?\\.po$")))
|
||||||
|
|
||||||
|
(define parallel-jobs
|
||||||
|
;; Limit thread creation by 'n-par-for-each'. Going beyond can
|
||||||
|
;; lead libgc 8.0.4 to abort with:
|
||||||
|
;; mmap(PROT_NONE) failed
|
||||||
|
(min (parallel-job-count) 4))
|
||||||
|
|
||||||
(mkdir #$output)
|
(mkdir #$output)
|
||||||
(copy-recursively #$documentation "."
|
(copy-recursively #$documentation "."
|
||||||
#:log (%make-void-port "w"))
|
#:log (%make-void-port "w"))
|
||||||
|
@ -415,14 +421,14 @@ a list of extra files, such as '(\"contributing\")."
|
||||||
(setenv "LC_ALL" "en_US.UTF-8")
|
(setenv "LC_ALL" "en_US.UTF-8")
|
||||||
(setlocale LC_ALL "en_US.UTF-8")
|
(setlocale LC_ALL "en_US.UTF-8")
|
||||||
|
|
||||||
(n-par-for-each (parallel-job-count)
|
(n-par-for-each parallel-jobs
|
||||||
(match-lambda
|
(match-lambda
|
||||||
((language . po)
|
((language . po)
|
||||||
(translate-texi "guix" po language
|
(translate-texi "guix" po language
|
||||||
#:extras '("contributing"))))
|
#:extras '("contributing"))))
|
||||||
(available-translations "." "guix-manual"))
|
(available-translations "." "guix-manual"))
|
||||||
|
|
||||||
(n-par-for-each (parallel-job-count)
|
(n-par-for-each parallel-jobs
|
||||||
(match-lambda
|
(match-lambda
|
||||||
((language . po)
|
((language . po)
|
||||||
(translate-texi "guix-cookbook" po language)))
|
(translate-texi "guix-cookbook" po language)))
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
;;; GNU Guix --- Functional package management for GNU
|
;;; GNU Guix --- Functional package management for GNU
|
||||||
;;; Copyright © 2012, 2015, 2016, 2019 Ludovic Courtès <ludo@gnu.org>
|
;;; Copyright © 2012, 2015, 2016, 2019, 2020 Ludovic Courtès <ludo@gnu.org>
|
||||||
;;; Copyright © 2019 Ricardo Wurmus <rekado@elephly.net>
|
;;; Copyright © 2019 Ricardo Wurmus <rekado@elephly.net>
|
||||||
;;;
|
;;;
|
||||||
;;; This file is part of GNU Guix.
|
;;; This file is part of GNU Guix.
|
||||||
|
@ -174,7 +174,7 @@ echo hello world"))
|
||||||
(let ((script-file-name (string-append directory "/foo")))
|
(let ((script-file-name (string-append directory "/foo")))
|
||||||
(call-with-output-file script-file-name
|
(call-with-output-file script-file-name
|
||||||
(lambda (port)
|
(lambda (port)
|
||||||
(format port script-contents)))
|
(display script-contents port)))
|
||||||
(chmod script-file-name #o777)
|
(chmod script-file-name #o777)
|
||||||
(wrap-script script-file-name
|
(wrap-script script-file-name
|
||||||
`("GUIX_FOO" prefix ("/some/path"
|
`("GUIX_FOO" prefix ("/some/path"
|
||||||
|
|
Reference in New Issue