* guix/channels.scm (<channel-introduction>): Rename constructor to
'%make-channel-introduction'.
(make-channel-introduction): New procedure.
* tests/channels.scm ("authenticate-channel, wrong first commit signer")
("authenticate-channel, .guix-authorizations"): Use
'make-channel-introduction' without '@@' and without third argument.
* doc/guix.texi (Channels)[Channel Authentication, Specifying Channel
Authorizations]: New subsections.
* guix/channels.scm (latest-channel-instance): Raise an error instead of
warning when 'guix is unauthenticated.
* tests/channels.scm ("latest-channel-instances, missing introduction for 'guix'"):
New test.
Fixes <https://bugs.gnu.org/42077>.
Reported by Jan Nieuwenhuizen <janneke@gnu.org>.
The typo was introduced in 7b06781a58.
* tests/git-authenticate.scm <top level>: Remove call to 'which'
around (gpg+git-available?).
Until now the test would always succeed because it would return
'failed, which has truth value. The exercise
'verify-introductory-commit', we need to add a second commit beyond the
introductory commit, which is what we do here.
* tests/channels.scm ("authenticate-channel, wrong first commit
signer"): Add a second commit and authenticate up to that one. Change
'message?' to 'message-condition?'.
This test was skipped since the switch to Guile 3 because
'assert-container-features' would be inlined and thus accessing it with
@@ would fail with an unbound-variable error.
* guix/scripts/environment.scm (assert-container-features): Export.
* tests/guix-environment-container.sh: Use single '@'.
This should come before patching, authentication, etc.
* guix/channels.scm (latest-channel-instance): Add #:validate-pull
parameter and honor it. Return a single value: the instance.
(ensure-forward-channel-update): Change 'instance' parameter to 'commit'
and adjust accordingly.
(latest-channel-instances): Adjust to 'latest-channel-instance' changes.
* guix/scripts/pull.scm (warn-about-backward-updates): Change 'instance'
parameter to 'commit' and adjust accordingly.
* tests/channels.scm ("latest-channel-instances #:validate-pull"):
Likewise.
Fixes <https://bugs.gnu.org/22883>.
* guix/channels.scm (<channel>)[introduction]: New field.
(<channel-introduction>): New record type.
(%guix-channel-introduction): New variable.
(%default-channels): Use it.
(<channel-metadata>)[keyring-reference]: New field.
(%default-keyring-reference): New variable.
(read-channel-metadata, read-channel-metadata-from-source): Initialize
the 'keyring-reference' field.
(commit-short-id, verify-introductory-commit)
(authenticate-channel): New procedures.
(latest-channel-instance): Call 'authenticate-channel' when CHANNEL has
an introduction.
* tests/channels.scm (gpg+git-available?, commit-id-string): New
procedures.
("authenticate-channel, wrong first commit signer"):
("authenticate-channel, .guix-authorizations"): New tests.
* doc/guix.texi (Invoking guix pull): Mention authentication.
* guix/git-authenticate.scm (commit-signing-key): Add
#:disallowed-hash-algorithms and honor it.
(authenticate-commit)[recent-commit?]: New variable.
Pass #:disallowed-hash-algorithms to 'commit-signing-key'.
* tests/git-authenticate.scm ("signed commits, SHA1 signature"): New test.
Fixes <https://bugs.gnu.org/41796>.
Reported by Jakub Kądziołka <kuba@kadziolka.net>.
* guix/packages.scm (input-graft): Add 'output' parameter and honor it.
Add OUTPUT to the cache key.
(input-cross-graft): Likewise.
(fold-bag-dependencies): Operate on inputs instead of nodes. Turn
VISITED into a vhash instead of a set. Pass PROC HEAD and OUTPUT
instead of just HEAD.
(bag-grafts): Adjust accordingly.
* tests/packages.scm ("package-grafts, dependency on several outputs"):
New test.
* guix/git.scm (commit-difference): Initialize VISITED to the closure of
OLD and EXCLUDED, as written in the docstring.
* tests/git.scm ("commit-difference, excluded commits"): Adjust
accordingly.
* gnu/system/hurd.scm (%hurd-def%hurd-default-operating-system-kernel,
%hurd-default-operating-system): New exported variables.
* gnu/system/examples/bare-hurd.tmpl: New file.
* Makefile.am (EXAMPLES): Add it.
* tests/guix-system.sh: Add --target=i586-pc-gnu when testing it.
Fixes <https://bugs.gnu.org/41527>.
Regression introduced in d03001a31a.
* guix/gexp.scm (lower+expand-object): When LOWERED is not a struct and
EXPAND is true, call EXPAND.
* tests/gexp.scm ("file-append, raw store item"): New test.
* guix/channels.scm (latest-channel-instance): Add #:starting-commit and
pass it to 'update-cached-checkout'. Return the commit relation as a
second value.
(ensure-forward-channel-update): New procedure.
(latest-channel-instances): Add #:current-channels and #:validate-pull.
[current-commit]: New procedure.
Pass #:starting-commit to 'latest-channel-instance'. When the returned
relation is true, call VALIDATE-PULL.
(latest-channel-derivation): Add #:current-channels and #:validate-pull.
Pass them to 'latest-channel-instances*'.
* tests/channels.scm ("latest-channel-instances #:validate-pull"): New
test.
* guix/git.scm (update-cached-checkout): Add #:starting-commit
parameter. Call 'commit-relation' when #:starting-commit is true.
Always return the relation or #f as the third value.
(latest-repository-commit): Adjust accordingly.
* guix/import/opam.scm (get-opam-repository): Likewise.
* tests/channels.scm ("latest-channel-instances includes channel dependencies")
("latest-channel-instances excludes duplicate channel dependencies"):
Update mock of 'update-cached-checkout' accordingly.
* guix/scripts/package.scm (process-query): List installed multiple profiles.
* tests/guix-package-net.sh: Test it.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* tests/packages.scm: Use #:prefix instead of #:hide for (gcrypt hash).
This accomodates for 'sha512' syntax literal matches with Guile-Gcrypt 0.3.0,
which exports 'sha512' in addition to 'sha256'.
* gnu/bootloader/grub.scm (strip-mount-point): Remove procedure.
(normalize-file): Add procedure.
(grub-configuration-file): New BTRFS-SUBVOLUME-FILE-NAME parameter. When
defined, prepend its value to the kernel and initrd file names, using the
NORMALIZE-FILE procedure. Adjust the call to EYE-CANDY to pass the
BTRFS-SUBVOLUME-FILE-NAME argument. Normalize the KEYMAP file as well.
(eye-candy): Add a BTRFS-SUBVOLUME-FILE-NAME parameter, and use it, along with
the NORMALIZE-FILE procedure, to normalize the FONT-FILE and IMAGE nested
variables. Adjust doc.
* gnu/bootloader/depthcharge.scm (depthcharge-configuration-file): Adapt.
* gnu/bootloader/extlinux.scm (extlinux-configuration-file): Likewise.
* gnu/system/file-systems.scm (btrfs-subvolume?)
(btrfs-store-subvolume-file-name): New procedures.
* gnu/system.scm (operating-system-bootcfg): Specify the Btrfs
subvolume file name the store resides on to the
`operating-system-bootcfg' procedure, using the new
BTRFS-SUBVOLUME-FILE-NAME argument.
* doc/guix.texi (File Systems): Add a Btrfs subsection to document the use of
subvolumes.
* gnu/tests/install.scm (%btrfs-root-on-subvolume-os)
(%btrfs-root-on-subvolume-os-source)
(%btrfs-root-on-subvolume-installation-script)
(%test-btrfs-root-on-subvolume-os): New variables.
* guix/gexp.scm (<system-binding>): New record type.
(let-system): New macro.
(system-binding-compiler): New procedure.
(default-expander): Add 'self-quoting?' case.
(self-quoting?): New procedure.
(lower-inputs): Add 'filterm'. Pass the result of
'mapm/accumulate-builds' through FILTERM.
(gexp->sexp)[self-quoting?]: Remove.
* tests/gexp.scm ("let-system", "let-system, target")
("let-system, ungexp-native, target")
("let-system, nested"): New tests.
* doc/guix.texi (G-Expressions): Document it.
* gnu/packages/aux-files/run-in-namespace.c (HAVE_EXEC_WITH_LOADER): New
macro.
(bind_mount): Rename to...
(mirror_directory): ... this. Add 'firmlink' argument and use it
instead of calling mkdir/open/close/mount directly.
(bind_mount, make_symlink): New functions.
(exec_in_user_namespace): Adjust accordingly.
(exec_with_loader) [HAVE_EXEC_WITH_LOADER]: New function.
(exec_performance): New function.
(engines): Add them.
* guix/scripts/pack.scm (wrapped-package)[fakechroot-library]
[audit-module]: New procedures.
[audit-source]: New variable.
[build](elf-interpreter, elf-loader-compile-flags): New procedures.
(build-wrapper): Use them.
* tests/guix-pack-relocatable.sh: Test with
'GUIX_EXECUTION_ENGINE=fakechroot'.
* doc/guix.texi (Invoking guix pack): Document the 'performance' and
'fakechroot' engines.
* gnu/packages/aux-files/pack-audit.c: New file.
* Makefile.am (AUX_FILES): Add it.
* gnu/packages/aux-files/run-in-namespace.c (struct engine): New type.
(exec_default): New function.
(engines): New variable.
(execution_engine): New function.
(main): Use it instead of calling 'exec_in_user_namespace' and
'exec_with_proot' directly.
* tests/guix-pack-relocatable.sh: Add test with 'GUIX_EXECUTION_ENGINE'.
* doc/guix.texi (Invoking guix pack): Document 'GUIX_EXECUTION_ENGINE'.
Fixes a bug whereby a bag's transitive dependencies would depend on the
global '%current-target-system' value.
Partly fixes <https://issues.guix.gnu.org/41182>.
* guix/packages.scm (bag-transitive-inputs)
(bag-transitive-build-inputs, bag-transitive-target-inputs):
Parameterize '%current-target-system'.
* tests/packages.scm ("package->bag, sensitivity to %current-target-system"):
New test.
The graph traversal procedures in (guix graph) assume that nodes can be
compared with 'eq?', which was not the case for nodes of
%REFERENCE-NODE-TYPE and %REFERRER-NODE-TYPE (strings).
* guix/scripts/graph.scm (intern): New procedure.
(ensure-store-items, references*)
(%reference-node-type, non-derivation-referrers)
(%referrer-node-type): Use it on all store items.
* tests/graph.scm ("node-transitive-edges, references"): New test.
* guix/channels.scm (<patch>): New record type.
(apply-patches): New procedure.
(latest-channel-instance)[dot-git?]: New procedure.
Use 'update-cached-checkout' and 'add-to-store' instead of
'latest-repository-commit'. Call 'apply-patches' when CHANNEL is the
'guix channel.
(%patches): New variable.
* guix/git.scm (url+commit->name): Make public.
* tests/channels.scm ("latest-channel-instances includes channel dependencies")
("latest-channel-instances excludes duplicate channel dependencies"):
Mock 'update-cached-checkout' instead of 'latest-repository-commit'.
Wrap body in 'with-store' and pass the store to 'latest-channel-instances'.
* guix/openpgp.scm (string->openpgp-packet): New procedure.
* tests/openpgp.scm ("verify-openpgp-signature, missing key")
("verify-openpgp-signature, good signatures")
("verify-openpgp-signature, bad signature"): Use it.
Previously, 'lookup-key-by-{id,fingerprint}' would always return the
list of packets where the primary key is first. Thus, the caller would
need to use 'find' to actually find the requested key.
* guix/openpgp.scm (keyring-insert): Always add KEY to PACKETS.
(lookup-key-by-id, lookup-key-by-fingerprint): Change to return the key
as the first value.
(verify-openpgp-signature): Remove now unneeded call to 'find'.
* tests/openpgp.scm ("get-openpgp-keyring"): Adjust accordingly.
* guix/openpgp.scm (verify-openpgp-signature): Use
'lookup-key-by-fingerprint' when SIG contains a fingerprint.
Honor FINGERPRINT in the 'find' predicate. Upon missing-key, return
FINGERPRINT if available.
* tests/openpgp.scm ("verify-openpgp-signature, missing key"): Adjust
expected value accordingly.
* guix/openpgp.scm (SUBPACKET-ISSUER-FINGERPRINT): New variable.
(openpgp-signature-issuer-fingerprint): New procedure.
(key-id-matches-fingerprint?): New procedure.
(get-signature): Look for the 'issuer and 'issuer-fingerprint
subpackets. Ensure the issuer key ID matches the fingerprint when both
are available.
(parse-subpackets): Handle SUBPACKET-ISSUER-FINGERPRINT.
* tests/openpgp.scm (%rsa-key-fingerprint)
(%dsa-key-fingerprint, %ed25519-key-fingerprint): New variables.
* tests/openpgp.scm ("get-openpgp-detached-signature/ascii"): Check the
result of 'openpgp-signature-issuer-fingerprint'.
Fixes <https://bugs.gnu.org/40816>.
Reported by Jan (janneke) Nieuwenhuizen <janneke@gnu.org>.
* gnu/packages/aux-files/run-in-namespace.c (main): In the 'default'
case, check 'WIFEXITED (status)' and exit with the corresponding code in
that case. Exit with 255 in other cases.
* tests/guix-pack-relocatable.sh: Add test.
Previous, things like 'ld-wrapper-boot0' would be memoized with
(mlambda () …). However, the definition of 'ld-wrapper-boot0' depends
on the result of (%boot0-inputs), which is itself a function
of (%current-system). Thus, if one first calls:
(parameterize ((%current-system "x86_64-linux"))
(ld-wrapper-boot0))
then, in all subsequent calls to 'ld-wrapper-boot0', the value
of (%current-system) would be ignored because the result is already
memoized. Concretely, 'ld-wrapper-boot0' would always have the
dependencies it has on x86_64-linux, even though they are different than
those on armhf-linux, say ("bash-mesboot" vs. "bootstrap-binaries").
Fixes <https://bugs.gnu.org/40482>.
Reported by Marius Bakke <mbakke@fastmail.com>.
* gnu/packages/commencement.scm (define/system-dependent): New macro.
(linux-libre-headers-boot0, hurd-core-headers-boot0, ld-wrapper-boot0)
(gcc-boot0-intermediate-wrapped, gcc-boot0-wrapped, ld-wrapper-boot3):
Define using 'define/system-dependent' instead of 'define' + 'mlambda'.
Adjust users so they no longer look like procedure calls.
* tests/guix-build.sh: Add test.
This is a followup to efa578ecae.
* tests/guix-build-branch.sh: Adjust '--with-commit=guile-gcrypt=v0.1.0'
test to expect the tag ID rather than the commit ID.
Fixes <https://bugs.gnu.org/40428>.
Reported by Marius Bakke <mbakke@fastmail.com> and 白い熊.
Regression introduced with the first uses of 'with-build-handler' in
commit 62195b9a8f and subsequent.
* guix/store.scm (call-with-store): Use 'catch #t' instead of
'dynamic-wind'. This ensures STORE remains open when a non-local exit
other than an exception occurs, such as an abort to the build handler
prompt.
* tests/store.scm ("with-build-handler + with-store"): New test.
Fixes <https://bugs.gnu.org/35872>.
Reported by Andy Tai <atai@atai.org>.
* guix/profiles.scm (list=?, manifest-entry=?): New procedures.
* guix/scripts/package.scm (transaction-upgrade-entry): In the '=' case,
use 'manifest-entry=?' to determine whether it's an upgrade.
* tests/packages.scm ("transaction-upgrade-entry, zero upgrades,
propagated inputs"): New test.
Fixes a regression introduced in
131f50cdc9 whereby the install/upgrade
message would not be displayed:
$ guix upgrade -n
2.1 MB would be downloaded:
/gnu/store/…-something-1.2
/gnu/store/…-its-dependency-2.3
This is because we'd directly abort from 'transaction-upgrade-entry' to
the build handler of 'build-notifier'.
* guix/scripts/package.scm (transaction-upgrade-entry): Call 'string=?'
expression in 'with-build-handler'.
* tests/packages.scm ("transaction-upgrade-entry, grafts"): New test.
* guix/store.scm (<unresolved>): New record type.
(build-accumulator, map/accumulate-builds, mapm/accumulate-builds): New
procedures.
* tests/store.scm ("map/accumulate-builds", "mapm/accumulate-builds"):
New tests.
This is a followup to 3e5ab0a7a9.
* tests/ui.scm ("show-manifest-transaction"): Update regexp.
* tests/guix-package.sh: Adjust Emacs regexp in --with-source test.
* guix/store.scm (current-build-prompt): New variable.
(call-with-build-handler, invoke-build-handler): New procedures.
(with-build-handler): New macro.
* tests/store.scm ("with-build-handler"): New test.
* guix/inferior.scm (port->inferior): Bump protocol to (0 1 1).
(&inferior-exception)[stack]: New field.
(read-repl-response): Recognize 'exception' form for protocol (0 1 1).
* tests/inferior.scm ("&inferior-exception"): Check the value returned
by 'inferior-exception-stack'.
* guix/gexp.scm (<parameterized>): New record type.
(with-parameters): New macro.
(compile-parameterized): New gexp compiler.
* tests/gexp.scm ("with-parameters for %current-system")
("with-parameters for %current-target-system")
("with-parameters + file-append"): New tests.
* doc/guix.texi (G-Expressions): Document it.
This avoids ambiguities when looking at a backtrace where the exception
was actually thrown by an inferior in a very different context.
* guix/inferior.scm (&inferior-exception): New condition type.
(read-repl-response): Add optional 'inferior' parameter. Raise
'&inferior-exception' instead of rethrowing to KEY when receiving an
'exception' message.
(read-inferior-response): Pass INFERIOR to 'read-repl-response'.
* tests/inferior.scm ("&inferior-exception"): New test.
* guix/import/pypi.scm (non-empty-string-or-false): New procedure.
(<pypi-project>, <project-info>, <distribution>): New record types.
(pypi-fetch): Call 'json->pypi-project'.
(latest-source-release, latest-wheel-release): Use the new record
accessors instead of 'assoc-ref*'.
(pypi->guix-package, latest-release): Likewise.
* tests/pypi.scm (test-json): Add mandatory fields.
* guix/gexp.scm (lower-object): Set target argument to 'current by default and
look for the current target system at bind time if needed,
(gexp->file): ditto,
(gexp->script): ditto,
(lower-gexp): make sure lowered extensions are not cross-compiled.
* tests/gexp.scm: Add cross-compilation test-cases for gexp->script and
gexp->file with a target passed explicitely and with a default target.
* guix/scripts/build.scm (options->things-to-build)[manifest->packages]:
Remove.
Inline map of 'manifest-entry-item'.
* tests/guix-build.sh: Add test for "guix build -m" with non-package object.
Reported by Pierre Neidhardt <mail@ambrevar.xyz>.
* guix/ui.scm (size->number)[unit-pos]: Add #\. to CHAR-SET:DIGIT.
* tests/ui.scm ("size->number, 1.M"): New test.
* guix/scripts/build.scm (show-help): Document --manifest argument.
(options->things-to-build): When given a manifest, evaluate all the entries.
* tests/guix-build.sh: Add test for --manifest.
* doc/guix.texi (Additional Build Options): Mention --manifest.
* etc/completion/bash/guix: Complete file name if 'guix build' argument is
-m.
Fixes <https://bugs.gnu.org/25476>.
Reported by Paul Garlick <pgarlick@tourbillion-technology.com>.
* tests/syscalls.scm ("pivot-root"): Skip only when
PERFORM-CONTAINER-TESTS? is true. Rewrite to use a socket pair instead
of a pipe. Synchronize parent and child so that the parent can
initialize the child's UID and GID mappings before continuing.
This is a followup to 87858bc526.
Partly fixes <https://bugs.gnu.org/39374>.
Reported by Ellen Papsch <ellen.papsch@wine-logistix.de>.
* tests/graph.scm ("reverse bag DAG"): Adjust test to latest OCaml
changes.
* gnu/services/linux.scm: New file.
* tests/services/linux.scm: Add test.
* Makefile.am (SCM_TESTS): Register test.
* doc/guix.texi (Linux Services): Add a new section and document the new
service and its configuration.
* guix/import/texlive.scm (fetch-sxml, sxml->package): Export.
* tests/texlive.scm <top level>: Call '%http-server-port'.
("fetch-sxml: returns SXML for valid XML"): Use 'with-http-server' and
set 'current-http-proxy' instead of using 'mock'.
("sxml->package"): Remove use of '@@'.
* guix/import/opam.scm (string-pat, multiline-string, list-pat)
(dict, condition): Export.
(opam-fetch): Add optional 'repository' parameter.
(opam->guix-package): Add #:repository parameter and pass it to
'opam-fetch'.
* tests/opam.scm ("opam->guix-package"): Remove use of 'mock' and pass
TEST-REPO to 'opam->guix-package' instead.
("parse-strings", "parse-multiline-strings")
("parse-lists", "parse-dicts", "parse-conditions"): Remove uses of '@@',
which are no longer needed.
* guix/lint.scm (check-vulnerabilities): Add 'package-vulnerabilities'
optional parameter.
* tests/lint.scm ("cve: one vulnerability"): Use it instead of 'mock'.
* guix/lzlib.scm (%compression-levels): Splice the rest of each element.
(dictionary-size+match-length-limit): New procedure.
(make-lzip-output-port, make-lzip-input-port/compressed): Use it.
* tests/lzlib.scm ("Bytevector of size relative to Lzip internal buffers (2 * dictionary)"):
Use 'dictionary-size+match-length-limit' instead of 'assoc-ref'.
Previously users would just see:
error: invalid field specifier
without source location or hints.
* guix/records.scm (expand): Add optional 'parent-form' parameter and
pass it to 'syntax-violation' when it is true.
(make-syntactic-constructor): Pass S as a third argument to
'report-invalid-field-specifier'.
* guix/ui.scm (report-load-error): For 'syntax-error', show SUBFORM or
FORM in the message.
* tests/records.scm ("define-record-type* & wrong field specifier"): Add
a 'subform' parameter and adjust test accordingly.
("define-record-type* & wrong field specifier, identifier"): New test.
* tests/guix-system.sh: Add test.
* guix/scripts/package.scm (transaction-upgrade-entry): Add 'store'
parameter and use it instead of (%store). Export.
* tests/packages.scm ("transaction-upgrade-entry, zero upgrades")
("transaction-upgrade-entry, one upgrade")
("transaction-upgrade-entry, superseded package"): Adjust accordingly.
* guix/import/cpan.scm (%metacpan-base-url): New variable.
(module->dist-name, cpan-fetch): Refer to it instead of the hard-coded URL.
* tests/cpan.scm ("cpan->guix-package"): Use 'with-http-server' instead
of 'mock'.
* guix/import/cpan.scm (<cpan-dependency>, <cpan-release>): New
JSON-mapped record types.
(metacpan-url->mirror-url): New procedure.
(cpan-source-url): Rewrite in terms of it.
(cpan-version): Remove.
(cpan-module->sexp): Rewrite to take a <cpan-release> instead of an
alist, and rename 'meta' to 'release'.
[convert-inputs]: Rewrite to use 'cpan-release-dependencies'.
Update calls to 'convert-inputs' to pass a list of symbols.
Replace 'assoc-ref' calls with the appropriate field accessors.
(cpan->guix-package): Rename 'module-meta' to 'release'.
(latest-release): Likewise, and use the appropriate accessors.
* tests/cpan.scm (test-json): Remove "prereqs" record; add "dependency"
list.
("source-url-http", "source-url-https"): Remove.
("metacpan-url->mirror-url, http")
("metacpan-url->mirror-url, https"): New tests.
* guix/gexp.scm (<raw-derivation-file>): New record type.
(raw-derivation-file-compiler): New gexp compiler.
* tests/gexp.scm ("lower-gexp, raw-derivation-file")
("raw-derivation-file"): New tests.
* guix/scripts/challenge.scm (call-with-nar): New procedure.
(narinfo-contents): Express in terms of 'call-with-nar'.
(call-with-mismatches, report-differing-files/external): New
procedures.
(%diffoscope-command): New variable.
(%options): Support "diffoscope" and a string starting with "/".
* tests/challenge.scm (call-mismatch-test): New procedure.
("differing-files"): Rewrite in terms of 'call-mismatch-test'.
("call-with-mismatches"): New test.
* doc/guix.texi (Invoking guix challenge): Document it.
* guix/scripts/archive.scm (show-help, %options): Add '--list'.
(list-contents): New procedure.
(guix-archive): Honor the '--list' option.
* tests/guix-archive.sh: Test it.
* doc/guix.texi (Invoking guix archive): Document it.
* guix/import/crate.scm (%dual-license-rx): Removed function.
(crate->guix-package): Handle most of the multi-licensing cases.
* tests/crate.scm (licenses): Add tests for some licenses.
Co-authored-by: Ludovic Courtès <ludo@gnu.org>
* guix/derivations.scm (derivation-input-fold): New procedure.
(substitution-oracle)[closure]: Rewrite in terms of
'derivation-input-fold'.
* tests/derivations.scm ("derivation-input-fold"): New test.
* guix/gexp.scm (local-file): Distinguish the case where FILE is a
literal string and when it's not. Add a clause for when FILE is not a
literal string.
* tests/gexp.scm ("local-file, non-literal relative file name"): New test.
* doc/guix.texi (G-Expressions): Update accordingly.
Previously, there was a possibility that "guix install emacs" would grab
the lock before "guix package -m $module_dir/manifest.scm". When that
happened, the test would start building Emacs and all its dependencies,
which could take a while and some disk space.
This is a followup to b1fb663404.
* tests/guix-package.sh: In profile locking test, emit
"$module_dir/ready" from the manifest and wait for it to exist before
running "guix install emacs".
* guix/scripts/substitute.scm (warn-about-missing-authentication): New
procedure.
(%allow-unauthenticated-substitutes?): Turn into a public parameter and
use 'warn-about-missing-authentication'.
(valid-narinfo?): Adjust accordingly.
* tests/substitute.scm (call-with-narinfo): Likewise.
* guix/scripts/pack.scm (guix-pack): Collect 'manifest' options, and
concatenate the resulting manifests.
* tests/guix-pack.sh: Test it.
* doc/guix.texi (Invoking guix pack): Document it.
* guix/scripts/package.scm (manifest-action): Remove.
(%actions): Remove it.
(load-manifest): New procedure.
(process-actions): Handle 'manifest' options. Define 'files' from
'manifest' options. Define 'manifest' based on FILES. Define 'trans'
to represent the final transaction.
* tests/guix-package.sh: Test it.
* doc/guix.texi (Invoking guix package): Mention
* tests/guix-environment.sh: Test 'guix environment' with two '-m' options.
* doc/guix.texi (Invoking guix environment): Explain that '-m' can be
passed multiple times.
* guix/scripts/pack.scm (%options, show-help): Add "--derivation".
(guix-pack): Honor it.
* tests/guix-pack.sh: Test it.
* doc/guix.texi (Invoking guix pack): Document it.
This lets the daemon substitute missing derivations, as in the example
at <https://bugs.gnu.org/38226>, instead of failing with ENOENT.
* guix/scripts/build.scm (options->things-to-build): In the
'derivation-path?' case, don't fail when 'read-derivation-from-file'
raises to ENOENT; return the empty list in that case.
(guix-build): Add non-existent '.drv' files to ITEMS.
Pass ITEMS in addition to DRV to 'build-derivations'.
* tests/guix-build.sh: Add test.
Fixes <https://bugs.gnu.org/38093>.
When running:
guix build --target=arm-linux-gnueabihf -e '(@ (gnu packages base) coreutils)'
the '%current-target-system' parameter is set by the time the top-level
of (gnu packages commencement) is evaluated. Consequently, we need to
ensure that the 'pkg-config' macro evaluates in a context where
'%current-target-system' is unset.
* gnu/packages/commencement.scm (gnu-make-final): Refer to '%pkg-config'
instead of 'pkg-config'.
* tests/guix-build.sh: Add test.
* gnu/services/networking.scm (ntp-server->string): Use the textual
representation of the values as printed by 'display' rather than 'write', to
avoid inserting double quotes in the generated config.
* tests/networking.scm (%ntp-server-sample): Add a comment and make one of the
options a string, to exercise the fix.
("ntp-server->string"): Move the expected value to the first argument.
("ntp configuration servers deprecated form"): Likewise.
("openntpd generated config string ends with a newline"): Likewise.
The XML feed was discontinued on Oct. 16th, 2019:
<https://nvd.nist.gov/General/News/XML-Vulnerability-Feed-Retirement-Phase-3>
* guix/cve.scm (string->date*): New procedure.
(<cve-item>, <cve>, <cve-reference>): New record types.
(cpe-match->cve-configuration, configuration-data->cve-configurations)
(json->cve-items, version-matches?): New procedures.
(yearly-feed-uri): Change URL to refer to JSON feed.
(cpe->product-alist, %parse-vulnerability-feed)
(xml->vulnerabilities): Remove.
(cve-configuration->package-list, merge-package-lists)
(cve-item->vulnerability, json->vulnerabilities): New procedures.
(write-cache): Use 'json->vulnerabilities' instead of
'xml->vulnerabilities', and remove 'parameterize'.
(vulnerabilities->lookup-proc): Use 'version-matches?' when VERSION is
true.
* tests/cve.scm (%sample): Use 'tests/cve-sample.json'.
(%expected-vulnerabilities): Rewrite accordingly.
("json->cve-items", "cve-item-published-date")
("json->vulnerabilities"): New tests.
("xml->vulnerabilities"): Remove.
("vulnerabilities->lookup-proc"): Adjust to new vulnerabilities.
* tests/cve-sample.json: New file.
* tests/cve-sample.xml: Remove.
* Makefile.am (EXTRA_DIST): Adjust accordingly.
* doc/guix.texi (Invoking guix lint): Update nist.gov URLs.
* tests/cve.scm (vulnerability): Use 'make-struct/no-tail' instead of
'make-struct', which is deprecated.
* tests/lint.scm ("cve: one vulnerability")
("cve: one patched vulnerability")
("cve: known safe from vulnerability")
("cve: vulnerability fixed in replacement version")
("cve: patched vulnerability in replacement"): Likewise.
Fixes <https://bugs.gnu.org/37744>.
Reported at <https://www.openwall.com/lists/oss-security/2019/10/09/4>.
Based on Nix commit 5a303093dcae1e5ce9212616ef18f2ca51020b0d
by Eelco Dolstra <edolstra@gmail.com>.
* nix/libstore/local-store.cc (LocalStore::LocalStore): Set 'perUserDir'
to #o755 instead of #o1777.
(LocalStore::createUser): New function.
* nix/libstore/local-store.hh (LocalStore): Add it.
* nix/libstore/store-api.hh (StoreAPI): Add it.
* nix/nix-daemon/nix-daemon.cc (performOp): In 'wopSetOptions', add
condition to handle "user-name" property and honor it.
(processConnection): Add 'userId' parameter. Call 'store->createUser'
when userId is not -1.
* guix/profiles.scm (ensure-profile-directory): Note that this is now
handled by the daemon.
* guix/store.scm (current-user-name): New procedure.
(set-build-options): Add #:user-name parameter and pass it to the daemon.
* tests/guix-daemon.sh: Test the creation of 'profiles/per-user' when
listening on a TCP socket.
* tests/store.scm ("profiles/per-user exists and is not writable")
("profiles/per-user/$USER exists"): New tests.
* guix/build/syscalls.scm (RNDADDTOENTCNT): New variable.
(add-to-entropy-count): New procedure.
* tests/syscalls.scm ("add-to-entropy-count"): New test.