The "Modified" database that we were reading is much smaller, but it
only shows CVEs modified over the past week.
* guix/cve.scm (%now, %current-year, %past-year): New variables.
(yearly-feed-uri): New procedure.
(%cve-feed-uri, %ttl): Remove.
(%current-year-ttl, %past-year-ttl): New variables.
(call-with-cve-port): Add 'uri' and 'ttl' parameters and honor them.
Add 'setvbuf' call.
(current-vulnerabilities)[read-vulnerabilities]: New procedure.
Read from both %LAST-YEAR and %CURRENT-YEAR.
Fixes <http://bugs.gnu.org/22937>.
Reported by Chris Marusich <cmmarusich@gmail.com>.
* guix/scripts/substitute.scm (fetch): Add 'https' alongside 'http'.
Use 'open-connection-for-uri' instead of 'open-socket-for-uri'. Call
'setvbuf' only when PORT matches 'file-port?'.
(http-multiple-get): Likewise. Change 'base-url' parameter to
'base-uri'.
(fetch-narinfos)[do-fetch]: Add 'https' case alongside 'http'. Pass URI
instead of URL to 'http-multiple-get'.
* doc/guix.texi (Requirements): Move GnuTLS one level higher and mention
HTTPS substitutes.
(Substitutes): Mention HTTPS and recommend it. Explain why servers
are not authenticated. Add "On Trusting Binaries" subsection.
Reported in <http://bugs.gnu.org/22937>
by Chris Marusich <cmmarusich@gmail.com>.
* guix/scripts/substitute.scm (fetch): Add 'else' case and call 'leave'.
Previously, the resulting 'signature-urls' would contain N times the
same URL.
* guix/upstream.scm (coalesce-sources): Fix TWO in 'signature-urls'.
* tests/upstream.scm: New file.
* Makefile.am (SCM_TESTS): Add it.
This reduces the wall-clock time of
guix environment gnutls --pure -E true
by ~35%.
* guix/packages.scm (%graft-cache): New variable.
(input-graft): Use 'cached' to cache to %GRAFT-CACHE.
This reduces the wall-clock time of
guix environment gnutls --pure -E true
by ~25%.
* guix/packages.scm (%bag-cache): New variable.
(package->bag): Use 'cached' to cache things to %BAG-CACHE.
* guix/packages.scm (cache): Rename to...
(cache!): ... this. Add 'cache' parameter, and use it.
(cached): Add a rule to allow the cache to be specified.
Before that, 'references/substitutes' would assume that
'substitutable-path-info' would return things in the same order as its
arguments, which is not the case. Thus, it would sometimes provide
incorrect reference information, occasionally leading to infinite
loop (because dependency information would denote cycles.)
Fixes <http://bugs.gnu.org/22914>.
Reported by Eric Bavier <ericbavier@openmailbox.org>.
* guix/store.scm (references/substitutes): Make ITEMS the first argument
of the loop; match on it. Use 'any' to find a matching substitute.
(substitutable-path-info): Clarify docstring about ordering.
The time for:
guix build inkscape -n --no-substitutes
goes down by 30% (in the presence of 3 replacements among all the
packages.)
* guix/grafts.scm (cumulative-grafts): Turn into a monadic procedure in
%STATE-MONAD. Use the current state as a derivation-to-graft cache.
(graft-derivation): Call 'cumulative-grafts' within 'run-with-state'.
This avoids starting derivation builds just for the sake of knowing the
references of their outputs, thereby restoring the expected behavior of
--dry-run when substitutes are available.
* guix/grafts.scm (non-self-references): Remove 'store' parameter, and
add 'references'. Use it. Update caller.
(references-oracle): New variable.
(cumulative-grafts): Add 'references' parameter and use it. Update
callers.
(graft-derivation): Remove 'build-derivations' call. Add call to
'references-oracle'.
This fixes a bug whereby, with grafts leading to builds very early,
build options such as --substitute-urls would not be taken into account
yet.
Reported by Andreas Enge <andreas@enge.fr>.
* guix/scripts/build.scm (guix-build): Move 'opts' to the beginning.
Use 'with-store' instead of 'open-connection'. Call
'set-build-options-from-command-line' right after 'with-store'.
Reported by Mark H Weaver.
* guix/scripts/build.scm (options->derivations): When SRC and GRAFT? are
true, use the source of P's replacement.
* tests/guix-build.sh: Add test.
This provides the ability to use numbers in package names.
Fixes <http://bugs.gnu.org/19219>.
* guix/utils.scm (package-name->name+version): New procedure.
* gnu/packages.scm (%find-package): Add a FALLBACK? keyword argument.
Use the previous method when no package is found.
(specification->package+output, specification->package): Adapt
documentation to new syntax.
* doc/guix.texi (Invoking guix package, Invoking guix import): Likewise.
* guix/ui.scm (package-specification->name+version+output): Likewise.
* guix/scripts/import/hackage.scm (show-help): Likewise.
* tests/guix-build.sh: Adapt to new syntax.
* tests/guix-lint.sh: Likewise.
* tests/guix-package.sh: Likewise.
* tests/ui.scm ("package-specification->name+version+output"): Likewise.
* tests/utils.scm ("package-name->name+version"): Likewise.
* NEWS: Mention new syntax.
Previously 'GUIX_BUILD_OPTIONS' would be honored, but 'guix graph' does
not support the common build options.
* guix/scripts/graph.scm (guix-graph): Use 'args-fold*' instead of
'parse-command-line'.
Fixes <http://bugs.gnu.org/22139>.
* guix/grafts.scm (graft-derivation): Rename to...
(graft-derivation/shallow): ... this.
(graft-origin-file-name, item->deriver, non-self-references)
(cumulative-grafts, graft-derivation): New procedures
* tests/grafts.scm ("graft-derivation, grafted item is a direct
dependency"): Clarify title. Use 'grafted' instead of 'graft' to refer
to the grafted derivation.
("graft-derivation, grafted item is an indirect dependency")
("graft-derivation, no dependencies on grafted output"): New tests.
* guix/packages.scm (input-graft): Change to take a package instead of
an input.
(input-cross-graft): Likewise.
(fold-bag-dependencies): New procedure.
(bag-grafts): Rewrite in terms of 'fold-bag-dependencies'.
* tests/packages.scm ("package-derivation, indirect grafts"): Comment out.
* doc/guix.texi (Security Updates): Mention run-time dependencies and
recursive grafting.
Before that, outputs of a derivation could be left referring to the
ungrafted version of the derivation.
* guix/grafts.scm (graft-derivation)[outputs]: Change to a list of
name/file pairs.
* guix/grafts.scm (graft-derivation)[build]: Add 'old-outputs' variable
and use it when computing 'mapping'. Use 'mapping' directly.
* tests/grafts.scm ("graft-derivation, multiple outputs"): New test.
* guix/store.scm (read-path-info): Use #f when we get the empty string
for DERIVER.
* guix/scripts/publish.scm (narinfo-string): Adjust accordingly.
* tests/store.scm ("path-info-deriver"): New test.
* guix/http-client.scm (cache-file-for-uri): New procedure.
(http-fetch/cached): Use it. Remove 'directory' variable.
[update-cache]: Make the 'dirname' of FILE.
Fixes <http://bugs.gnu.org/22753>.
Reported by Mark H Weaver <mhw@netris.org>.
* guix/scripts/system.scm (save-load-path-excursion): New variable.
(upgrade-shepherd-services): Add comment about the issue.
(switch-to-system): Use 'save-load-path-excursion' around
'primitive-load' call.
Before that, /nar requests could succeed if the requested store item
exists but is invalid (although such requests were unlikely because the
corresponding narinfo request would have failed.)
* guix/scripts/publish.scm (render-nar): Add 'store' parameter. Use
'valid-path?' instead of 'file-exists?'.
(make-request-handler): Adjust 'render-nar' call accordingly.
* tests/publish.scm ("/nar/invalid"): New test.
* guix/gnu-maintenance.scm (xorg-package?, latest-xorg-release): New
private functions.
(%xorg-updater): New public variable.
* guix/scripts/refresh.scm (%updaters): Add %xorg-updater.
* doc/guix.texi (Invoking guix refresh): Mention the new updater.
Reported by Leo Famulari <leo@famulari.name>
and Ben Woodcroft <b.woodcroft@uq.edu.au>
at <http://bugs.gnu.org/22752>.
* guix/scripts/refresh.scm: Remove unneeded and harmful import of (guix
import gem).
Suggested by Federico Beffa.
Fixes <http://bugs.gnu.org/22676>.
Reported by Danny Milosavljevic <dannym@scratchpost.org>.
* gnu/packages/engineering.scm (broken-tarball-fetch): Remove.
(fastcap)[source](method): Use URL-FETCH/TARBOMB instead.
* gnu/packages/scheme.scm (broken-tarball-fetch): Remove.
(scmutils)[source](method): Use URL-FETCH/TARBOMB instead.
* guix/download.scm (url-fetch/tarbomb): New procedure, renamed from
'broken-tarball-fetch'.