Merge remote-tracking branch 'origin/master' into core-updates

This commit is contained in:
Andreas Enge 2016-07-25 21:58:36 +02:00
commit 14656f4495
No known key found for this signature in database
GPG Key ID: F7D5C9BF765C61E3
37 changed files with 867 additions and 178 deletions

12
HACKING
View File

@ -2,7 +2,7 @@
#+TITLE: Hacking GNU Guix and Its Incredible Distro
Copyright © 2012, 2013, 2014 Ludovic Courtès <ludo@gnu.org>
Copyright © 2012, 2013, 2014, 2016 Ludovic Courtès <ludo@gnu.org>
Copyright © 2015 Mathieu Lirzin <mthl@openmailbox.org>
Copying and distribution of this file, with or without modification,
@ -35,9 +35,13 @@ upgrading GnuTLS or GLib.) We have a mailing list for commit notifications
(guix-commits@gnu.org), so people can notice. Before pushing your changes,
make sure to run git pull --rebase.
All commits that are pushed to the central repository on Savannah should be
signed with a PGP key, and the public key should be uploaded to your user
account on Savannah.
All commits that are pushed to the central repository on Savannah must be
signed with an OpenPGP key, and the public key should be uploaded to your user
account on Savannah and to public key servers, such as pgp.mit.edu. To
configure Git to automatically sign commits, run:
git config commit.gpgsign true
git config user.signingkey CABBA6EA1DC0FF33
For anything else, please post to guix-devel@gnu.org and leave time for a
review, without committing anything. If you didnt receive any reply

View File

@ -15,6 +15,10 @@ our project uses a ``Contributor Covenant'', which was adapted from
@url{http://contributor-covenant.org/}. You can find a local version in
the @file{CODE-OF-CONDUCT} file in the source tree.
Contributors are not required to use their legal name in patches and
on-line communication; they can use any name or pseudonym of their
choice.
@menu
* Building from Git:: The latest and greatest.
* Running Guix Before It Is Installed:: Hacker tricks.
@ -333,4 +337,7 @@ referring to people, such as
When posting a patch to the mailing list, use @samp{[PATCH] @dots{}} as
a subject. You may use your email client or the @command{git
send-email} command.
send-email} command. We prefer to get patches in plain text messages,
either inline or as MIME attachments. You are advised to pay attention if
your email client changes anything like line breaks or indentation which
could could potentially break the patches.

View File

@ -13,6 +13,7 @@
Copyright @copyright{} 2012, 2013, 2014, 2015, 2016 Ludovic Courtès@*
Copyright @copyright{} 2013, 2014, 2016 Andreas Enge@*
Copyright @copyright{} 2013 Nikita Karetnikov@*
Copyright @copyright{} 2014, 2015, 2016 Alex Kost@*
Copyright @copyright{} 2015, 2016 Mathieu Lirzin@*
Copyright @copyright{} 2014 Pierre-Antoine Rault@*
Copyright @copyright{} 2015 Taylan Ulrich Bayırlı/Kammer@*
@ -1208,6 +1209,24 @@ for Chinese languages:
guix package -i font-adobe-source-han-sans:cn
@end example
Older programs such as @command{xterm} do not use Fontconfig and instead
rely on server-side font rendering. Such programs require to specify a
full name of a font using XLFD (X Logical Font Description), like this:
@example
-*-dejavu sans-medium-r-normal-*-*-100-*-*-*-*-*-1
@end example
To be able to use such full names for the TrueType fonts installed in
your Guix profile, you need to extend the font path of the X server:
@example
xset +fp ~/.guix-profile/share/fonts/truetype
@end example
After that, you can run @code{xlsfonts} (from @code{xlsfonts} package)
to make sure your TrueType fonts are listed there.
@subsection X.509 Certificates
The @code{nss-certs} package provides X.509 certificates, which allow
@ -4517,8 +4536,9 @@ You can freely access a huge library of build logs!
@cindex package definition, editing
So many packages, so many source files! The @command{guix edit} command
facilitates the life of packagers by pointing their editor at the source
file containing the definition of the specified packages. For instance:
facilitates the life of users and packagers by pointing their editor at
the source file containing the definition of the specified packages.
For instance:
@example
guix edit gcc@@4.9 vim
@ -4526,9 +4546,15 @@ guix edit gcc@@4.9 vim
@noindent
launches the program specified in the @code{VISUAL} or in the
@code{EDITOR} environment variable to edit the recipe of GCC@tie{}4.9.3
@code{EDITOR} environment variable to view the recipe of GCC@tie{}4.9.3
and that of Vim.
If you are using a Guix Git checkout (@pxref{Building from Git}), or
have created your own packages on @code{GUIX_PACKAGE_PATH}
(@pxref{Defining Packages}), you will be able to edit the package
recipes. Otherwise, you will be able to examine the read-only recipes
for packages currently in the store.
If you are using Emacs, note that the Emacs user interface provides the
@kbd{M-x guix-edit} command and a similar functionality in the ``package
info'' and ``package list'' buffers created by the @kbd{M-x

View File

@ -683,6 +683,9 @@ dist_patch_DATA = \
%D%/packages/patches/openjpeg-CVE-2015-6581.patch \
%D%/packages/patches/openjpeg-use-after-free-fix.patch \
%D%/packages/patches/openssh-CVE-2015-8325.patch \
%D%/packages/patches/openssh-CVE-2016-6210-1.patch \
%D%/packages/patches/openssh-CVE-2016-6210-2.patch \
%D%/packages/patches/openssh-CVE-2016-6210-3.patch \
%D%/packages/patches/openssl-runpath.patch \
%D%/packages/patches/openssl-c-rehash-in.patch \
%D%/packages/patches/openssl-CVE-2016-2177.patch \

View File

@ -106,8 +106,7 @@ spying and/or modification by the server.")
(source
(origin
(method url-fetch)
;; Source tarballs are not versioned
(uri "http://archive.miek.nl/projects/hdup2/hdup.tar.bz2")
(uri "https://fossies.org/linux/privat/old/hdup-2.0.14.tar.bz2")
(sha256
(base32
"02bnczg01cyhajmm4rhbnc0ja0dd9ikv9fwv28asxh1rlx9yr0b7"))))

View File

@ -36,6 +36,7 @@
#:use-module (guix build-system gnu)
#:use-module (guix build-system perl)
#:use-module (gnu packages)
#:use-module (gnu packages assembly)
#:use-module (gnu packages autotools)
#:use-module (gnu packages backup)
#:use-module (gnu packages base)
@ -834,3 +835,39 @@ also be used to apply such patches. xdelta is similar to @command{diff} and
@command{patch}, but is not limited to plain text and does not generate
human-readable output.")
(license license:asl2.0)))
(define-public lrzip
(package
(name "lrzip")
(version "0.630")
(source
(origin
(method url-fetch)
(uri (string-append
"http://ck.kolivas.org/apps/lrzip/lrzip-" version ".tar.bz2"))
(sha256
(base32
"01ykxliqw4cavx9f2gawxfa9wf52cjy1qx28cnkrh6i3lfzzcq94"))))
(build-system gnu-build-system)
(native-inputs
`(;; nasm is only required when building for 32-bit x86 platforms
,@(if (string-prefix? "i686" (or (%current-target-system)
(%current-system)))
`(("nasm" ,nasm))
'())
("perl" ,perl)))
(inputs
`(("bzip2" ,bzip2)
("lzo" ,lzo)
("zlib" ,zlib)))
(home-page "http://ck.kolivas.org/apps/lrzip/")
(synopsis "Large file compressor with a very high compression ratio")
(description "lrzip is a compression utility that uses long-range
redundancy reduction to improve the subsequent compression ratio of
larger files. It can then further compress the result with the ZPAQ or
LZMA algorithms for maximum compression, or LZO for maximum speed. This
choice between size or speed allows for either better compression than
even LZMA can provide, or a higher speed than gzip while compressing as
well as bzip2.")
(license (list license:gpl3+
license:public-domain)))) ; most files in lzma/

View File

@ -33,9 +33,7 @@
(source
(origin
(method url-fetch)
(uri (string-append
"http://miller.emu.id.au/pmiller/software/cook/cook-" version
".tar.gz"))
(uri "http://fossies.org/linux/misc/old/cook-2.34.tar.gz")
(sha256
(base32
"104saqnqql1l7zr2pm3f718fdky3ds8j07c6xvwrs1rfkhrw58yw"))))

View File

@ -1,7 +1,7 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2015 Ricardo Wurmus <rekado@elephly.net>
;;; Copyright © 2015, 2016 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2015 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2015, 2016 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2016 Danny Milosavljevic <dannym@scratchpost.org>
;;;
;;; This file is part of GNU Guix.
@ -303,14 +303,14 @@ device-specific programs to convert and print many types of files.")
(define-public hplip
(package
(name "hplip")
(version "3.16.3")
(version "3.16.7")
(source (origin
(method url-fetch)
(uri (string-append "mirror://sourceforge/hplip/hplip/" version
"/hplip-" version ".tar.gz"))
(sha256
(base32
"1501qdnkjp1ybgagy5188fmf6cgmj5555ygjl3543nlbwcp31lj2"))))
"1hpzyf9ifs0vilsbwxcgpv8g9557p1x8w5qwgz5l0avgcd10dzlx"))))
(build-system gnu-build-system)
(home-page "http://hplipopensource.com/")
(synopsis "HP Printer Drivers")

View File

@ -117,9 +117,7 @@
(lambda* (#:key inputs outputs #:allow-other-keys)
(let* ((guix-src (assoc-ref inputs "guix-src"))
(out (assoc-ref outputs "out"))
(lisp-dir (string-append out "/share/emacs/"
,(version-major+minor version)
"/site-lisp"))
(lisp-dir (string-append out "/share/emacs/site-lisp"))
(unpack (assoc-ref %standard-phases 'unpack)))
(mkdir "guix")
(with-directory-excursion "guix"
@ -2079,9 +2077,7 @@ It is built on top of the custom theme support in Emacs 24 or later.")
"1ha3slc6d9wi9ilkhmwrzkvf308n6ph7b0k69pk369s9304awxzx"))))
(build-system emacs-build-system)
(propagated-inputs
`(("emacs-dash" ,emacs-dash)
("emacs-f" ,emacs-f)
("emacs-s" ,emacs-s)))
`(("emacs-dash" ,emacs-dash)))
(home-page "http://github.com/bbatsov/solarized-emacs")
(synopsis "Port of the Solarized theme for Emacs")
(description

View File

@ -29,14 +29,14 @@
(define-public fish
(package
(name "fish")
(version "2.3.0")
(version "2.3.1")
(source (origin
(method url-fetch)
(uri (string-append "http://fishshell.com/files/"
(uri (string-append "https://fishshell.com/files/"
version "/fish-" version ".tar.gz"))
(sha256
(base32
"1ralmp7lavdl0plc09ppm232aqsn0crxx6m3hgaa06ibam3sqawi"))
"0r46p64lg6da3v6chsa4gisvl04kd3rpy60yih8r870kbp9wm2ij"))
(modules '((guix build utils)))
;; Don't try to install /etc/fish/config.fish.
(snippet
@ -61,5 +61,5 @@ has extensive and discoverable help. A special help command gives access to
all the fish documentation in your web browser. Other features include smart
terminal handling based on terminfo, an easy to search history, and syntax
highlighting.")
(home-page "http://fishshell.com/")
(home-page "https://fishshell.com/")
(license gpl2)))

View File

@ -37,8 +37,10 @@
(version "0.25")
(source (origin
(method url-fetch)
(uri (string-append "http://www.exiv2.org/exiv2-"
version ".tar.gz"))
(uri (list (string-append "http://www.exiv2.org/exiv2-"
version ".tar.gz")
(string-append "https://fossies.org/linux/misc/exiv2-"
version ".tar.gz")))
(sha256
(base32
"197g6vgcpyf9p2cwn5p5hb1r714xsk1v4p96f5pv1z8mi9vzq2y8"))))

View File

@ -235,13 +235,14 @@ compatible to GNU Pth.")
("sqlite" ,sqlite)
("zlib" ,zlib)))
(arguments
`(#:phases
(alist-cons-before
'configure 'patch-config-files
`(#:configure-flags '("--enable-gpg2-is-gpg")
#:phases
(modify-phases %standard-phases
(add-before 'configure 'patch-config-files
(lambda _
(substitute* "tests/openpgp/defs.inc"
(("/bin/pwd") (which "pwd"))))
%standard-phases)))
(("/bin/pwd") (which "pwd")))
#t)))))
(home-page "https://gnupg.org/")
(synopsis "GNU Privacy Guard")
(description
@ -280,12 +281,25 @@ libskba (working with X.509 certificates and CMS data).")
("readline" ,readline)))
(arguments
`(#:phases
(alist-cons-before
'configure 'patch-config-files
(modify-phases %standard-phases
(add-before 'configure 'patch-config-files
(lambda _
(substitute* "tests/openpgp/Makefile.in"
(("/bin/sh") (which "bash"))))
%standard-phases)))))
(("/bin/sh") (which "bash")))
#t))
(add-after 'install 'rename-v2-commands
(lambda* (#:key outputs #:allow-other-keys)
;; Upstream suggests removing the trailing '2' from command names:
;; <http://debbugs.gnu.org/cgi/bugreport.cgi?bug=22883#58>.
(let ((out (assoc-ref outputs "out")))
(with-directory-excursion (string-append out "/bin")
(rename-file "gpgv2" "gpgv")
(rename-file "gpg2" "gpg")
;; Keep the old name around to ease transition.
(symlink "gpgv" "gpgv2")
(symlink "gpg" "gpg2")
#t)))))))))
(define-public gnupg-1
(package (inherit gnupg)

View File

@ -293,16 +293,16 @@ standards.")
(define-public icecat
(package
(name "icecat")
(version "38.8.0-gnu1")
(version "38.8.0-gnu2")
(source
(origin
(method url-fetch)
(uri (string-append "mirror://gnu/gnuzilla/"
(first (string-split version #\-)) "/"
version "/"
name "-" version ".tar.bz2"))
(sha256
(base32
"0v4k47ziqsyfksv9sn4v1xvk4q414rc883hb1qzld63grj2nxxwp"))
"1yb7a1zsqpra9cgq8hrzrbm5v31drb9367cwvwiksz0ngqy342hb"))
(patches (search-patches
"icecat-avoid-bundled-includes.patch"
"icecat-CVE-2016-2818-pt1.patch"
@ -405,7 +405,7 @@ standards.")
(arguments
`(#:tests? #f ; no check target
#:out-of-source? #t ; must be built outside of the source directory
#:parallel-build? #f
;; XXX: There are RUNPATH issues such as
;; $prefix/lib/icecat-31.6.0/plugin-container NEEDing libmozalloc.so,

View File

@ -6,6 +6,7 @@
;;; Copyright © 2016 Ricardo Wurmus <rekado@elephly.net>
;;; Copyright © 2016 Erik Edrosa <erik.edrosa@gmail.com>
;;; Copyright © 2016 Eraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2016 Alex Kost <alezost@gmail.com>
;;;
;;; This file is part of GNU Guix.
;;;
@ -50,6 +51,8 @@
#:use-module (gnu packages sdl)
#:use-module (gnu packages maths)
#:use-module (gnu packages image)
#:use-module (gnu packages xdisorg)
#:use-module (gnu packages xorg)
#:use-module (guix packages)
#:use-module (guix download)
#:use-module (guix git-download)
@ -1123,4 +1126,58 @@ It currently supports MySQL, Postgres and SQLite3.")
SQL databases. This package implements the interface for SQLite.")
(license gpl2+)))
(define-public guile-xosd
(package
(name "guile-xosd")
(version "0.2")
(source (origin
(method url-fetch)
(uri (string-append "https://github.com/alezost/" name
"/releases/download/v" version
"/" name "-" version ".tar.gz"))
(sha256
(base32
"1j0b07kycccfslp5n6q0hz7adwc7k41fpzds2dvrly67gavjqljv"))))
(build-system gnu-build-system)
(native-inputs
`(("pkg-config" ,pkg-config)))
(inputs
`(("guile" ,guile-2.0)
("libx11" ,libx11)
("libxext" ,libxext)
("libxinerama" ,libxinerama)
("xosd" ,xosd)))
(home-page "https://github.com/alezost/guile-xosd")
(synopsis "XOSD bindings for Guile")
(description
"Guile-XOSD provides Guile bindings for @code{libxosd},
@uref{http://sourceforge.net/projects/libxosd/, the X On Screen Display
library}.")
(license gpl3+)))
(define-public guile-daemon
(package
(name "guile-daemon")
(version "0.1")
(source (origin
(method url-fetch)
(uri (string-append "https://github.com/alezost/" name
"/releases/download/v" version
"/" name "-" version ".tar.gz"))
(sha256
(base32
"1s90h8qhblhhz4ahn3p5d573a24px6cdjq2w311ibpgwnsni4qvq"))))
(build-system gnu-build-system)
(native-inputs
`(("pkg-config" ,pkg-config)))
(inputs
`(("guile" ,guile-2.0)))
(home-page "https://github.com/alezost/guile-daemon")
(synopsis "Evaluate code in a running Guile process")
(description
"Guile-Daemon is a small Guile program that loads your initial
configuration file, and then reads and evaluates Guile expressions that
you send to a FIFO file.")
(license gpl3+)))
;;; guile.scm ends here

View File

@ -5,6 +5,7 @@
;;; Copyright © 2015 Eric Bavier <bavier@member.fsf.org>
;;; Copyright © 2016 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2016 ng0 <ng0@we.make.ritual.n0.is>
;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
;;;
;;; This file is part of GNU Guix.
;;;
@ -6008,14 +6009,14 @@ generators, and more.")
(define-public ghc-memory
(package
(name "ghc-memory")
(version "0.10")
(version "0.13")
(source (origin
(method url-fetch)
(uri (string-append "https://hackage.haskell.org/package/"
"memory/memory-" version ".tar.gz"))
(sha256
(base32
"1xqs9zmjbjihb7gfbk25f2q00m2lsi4kc3jv672175ac8a36pgag"))))
"02l742qxjqy3jw1a347gb7sn7pn7a5qha1vzi2qqbvgafcjn0wyw"))))
(build-system haskell-build-system)
(native-inputs
`(("ghc-tasty" ,ghc-tasty)

View File

@ -535,17 +535,38 @@ build process and its dependencies, whereas Make uses Makefile format.")
"/etc/ssl/certs"))
(keytool (string-append (assoc-ref outputs "jdk")
"/bin/keytool")))
(define (extract-cert file target)
(call-with-input-file file
(lambda (in)
(call-with-output-file target
(lambda (out)
(let loop ((line (read-line in 'concat))
(copying? #f))
(cond
((eof-object? line) #t)
((string-prefix? "-----BEGIN" line)
(display line out)
(loop (read-line in 'concat) #t))
((string-prefix? "-----END" line)
(display line out)
#t)
(else
(when copying? (display line out))
(loop (read-line in 'concat) copying?)))))))))
(define (import-cert cert)
(format #t "Importing certificate ~a\n" (basename cert))
(let* ((port (open-pipe* OPEN_WRITE keytool
(let ((temp "tmpcert"))
(extract-cert cert temp)
(let ((port (open-pipe* OPEN_WRITE keytool
"-import"
"-alias" (basename cert)
"-keystore" keystore
"-storepass" "changeit"
"-file" cert)))
"-file" temp)))
(display "yes\n" port)
(when (not (zero? (status:exit-val (close-pipe port))))
(error "failed to import" cert))))
(error "failed to import" cert)))
(delete-file temp)))
;; This is necessary because the certificate directory contains
;; files with non-ASCII characters in their names.

View File

@ -4,6 +4,7 @@
;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
;;; Copyright © 2016 Federico Beffa <beffa@fbengineering.ch>
;;; Copyright © 2016 ng0 <ng0@we.make.ritual.n0.is>
;;; Copyright © 2016 Andy Patterson <ajpatter@uwaterloo.ca>
;;;
;;; This file is part of GNU Guix.
;;;
@ -102,15 +103,15 @@ interface to the Tk widget system.")
(define-public ecl
(package
(name "ecl")
(version "15.2.21")
(version "16.1.2")
(source
(origin
(method url-fetch)
(uri (string-append "mirror://sourceforge/ecls/ecls/"
(version-major+minor version)
"/ecl-" version ".tgz"))
(uri (string-append
"https://common-lisp.net/project/ecl/static/files/release/"
name "-" version ".tgz"))
(sha256
(base32 "05di23v977byf67rq5bdshw8lqbby1ycbscdcl1vca0z6r1s204j"))))
(base32 "16ab8qs3awvdxy8xs8jy82v8r04x4wr70l9l2j45vgag18d2nj1d"))))
(build-system gnu-build-system)
;; src/configure uses 'which' to confirm the existence of 'gzip'.
(native-inputs `(("which" ,which)))
@ -119,30 +120,38 @@ interface to the Tk widget system.")
("libgc" ,libgc)
("libffi" ,libffi)))
(arguments
'(;; During 'make check', ECL fails to initialize with "protocol not
;; supported", presumably because /etc/protocols is missing in the
;; build environment. See <http://sourceforge.net/p/ecls/bugs/300/>.
;;
;; Should the test suite be re-enabled, it might be necessary to add
;; '#:parallel-tests #f'. See the same bug report as above.
;;
;; The following might also be necessary, due to 'make check' assuming
;; ECL is installed. See <http://sourceforge.net/p/ecls/bugs/299/>.
;;
;; #:phases
;; (let* ((check-phase (assq-ref %standard-phases 'check))
;; (rearranged-phases
;; (alist-cons-after 'install 'check check-phase
;; (alist-delete 'check %standard-phases))))
;; (alist-cons-before
;; 'check 'pre-check
;; (lambda* (#:key outputs #:allow-other-keys)
;; (substitute* '("build/tests/Makefile")
;; (("ECL=ecl")
;; (string-append
;; "ECL=" (assoc-ref outputs "out") "/bin/ecl"))))
;; rearranged-phases))
#:tests? #f))
'(#:tests? #t
#:make-flags `(,(string-append "ECL="
(assoc-ref %outputs "out")
"/bin/ecl"))
#:parallel-tests? #f
#:phases
(modify-phases %standard-phases
(delete 'check)
(add-after 'install 'wrap
(lambda* (#:key inputs outputs #:allow-other-keys)
(let* ((ecl (assoc-ref outputs "out"))
(input-path (lambda (lib path)
(string-append
(assoc-ref inputs lib) path)))
(libraries '("gmp" "libatomic-ops" "libgc" "libffi" "libc"))
(binaries '("gcc" "ld-wrapper" "binutils"))
(library-directories
(map (lambda (lib) (input-path lib "/lib"))
libraries)))
(wrap-program (string-append ecl "/bin/ecl")
`("PATH" prefix
,(map (lambda (binary)
(input-path binary "/bin"))
binaries))
`("CPATH" suffix
,(map (lambda (lib)
(input-path lib "/include"))
`("linux-headers" ,@libraries)))
`("LIBRARY_PATH" suffix ,library-directories)
`("LD_LIBRARY_PATH" suffix ,library-directories)))))
(add-after 'wrap 'check (assoc-ref %standard-phases 'check)))))
(home-page "http://ecls.sourceforge.net/")
(synopsis "Embeddable Common Lisp")
(description "ECL is an implementation of the Common Lisp language as
@ -209,14 +218,14 @@ an interpreter, a compiler, a debugger, and much more.")
(define-public sbcl
(package
(name "sbcl")
(version "1.2.8")
(version "1.3.7")
(source
(origin
(method url-fetch)
(uri (string-append "mirror://sourceforge/sbcl/sbcl/" version "/sbcl-"
version "-source.tar.bz2"))
(sha256
(base32 "0ab9lw056yf6y0rjmx3iirn5n59pmssqxf00fbmpyl6qsnpaja1d"))))
(base32 "0fjdqnb2rsm2vi9794ywp27jr239ddvzc4xfr0dk49jd4v7p2kc5"))))
(build-system gnu-build-system)
(outputs '("out" "doc"))
;; Bootstrap with CLISP.
@ -243,7 +252,11 @@ an interpreter, a compiler, a debugger, and much more.")
;; occurs in some .sh files too (which contain Lisp code). Use
;; ISO-8859-1 because some of the files are ISO-8859-1 encoded.
(with-fluids ((%default-port-encoding #f))
(substitute* (find-files "." "\\.(lisp|sh)$")
;; The removed file is utf-16-be encoded, which gives substitute*
;; trouble. It does not contain references to the listed programs.
(substitute* (delete
"./tests/data/compile-file-pos-utf16be.lisp"
(find-files "." "\\.(lisp|sh)$"))
(("\"/bin/sh\"") (quoted-path bash "/bin/sh"))
(("\"/usr/bin/env\"") (quoted-path coreutils "/usr/bin/env"))
(("\"/bin/cat\"") (quoted-path coreutils "/bin/cat"))

View File

@ -293,7 +293,7 @@ and corrections. It is based on a Bayesian filter.")
(define-public offlineimap
(package
(name "offlineimap")
(version "6.7.0.1")
(version "7.0.0")
(source (origin
(method url-fetch)
(uri (string-append "https://github.com/OfflineIMAP/offlineimap/"
@ -301,10 +301,10 @@ and corrections. It is based on a Bayesian filter.")
(file-name (string-append name "-" version ".tar.gz"))
(sha256
(base32
"1ys26v2w3vws08acjs7w5irjgahdxyad00pmj7fhcx91hbvizs80"))))
"0hnyfby6ib7i7yblg7qpabdyl35n9l3n0a6agk47w1crpn2lsric"))))
(build-system python-build-system)
(native-inputs `(("python" ,python-2)))
(inputs `(("python2-pysqlite" ,python2-pysqlite)))
(inputs `(("python2-pysqlite" ,python2-pysqlite)
("python2-six" ,python2-six)))
(arguments
;; The setup.py script expects python-2.
`(#:python ,python-2

View File

@ -44,7 +44,7 @@
(define-public parallel
(package
(name "parallel")
(version "20160622")
(version "20160722")
(source
(origin
(method url-fetch)
@ -52,7 +52,7 @@
version ".tar.bz2"))
(sha256
(base32
"1axng9bwapmb0vrrv67pp787gv7r5g02zyrfwnrhpxhi8zmm1jmg"))))
"08gm0i9vj2nz8qgqi98z00myypgb3dni0s5yf3l17fp8h78fp4g3"))))
(build-system gnu-build-system)
(inputs `(("perl" ,perl)))
(home-page "http://www.gnu.org/software/parallel/")

View File

@ -0,0 +1,114 @@
From e5ef9d3942cebda819a6fd81647b51c8d87d23df Mon Sep 17 00:00:00 2001
From: Darren Tucker <dtucker@zip.com.au>
Date: Fri, 15 Jul 2016 13:32:45 +1000
Subject: Determine appropriate salt for invalid users.
When sshd is processing a non-PAM login for a non-existent user it uses
the string from the fakepw structure as the salt for crypt(3)ing the
password supplied by the client. That string has a Blowfish prefix, so on
systems that don't understand that crypt will fail fast due to an invalid
salt, and even on those that do it may have significantly different timing
from the hash methods used for real accounts (eg sha512). This allows
user enumeration by, eg, sending large password strings. This was noted
by EddieEzra.Harari at verint.com (CVE-2016-6210).
To mitigate, use the same hash algorithm that root uses for hashing
passwords for users that do not exist on the system. ok djm@
Origin: upstream, https://anongit.mindrot.org/openssh.git/commit/?id=9286875a73b2de7736b5e50692739d314cd8d9dc
Bug-Debian: https://bugs.debian.org/831902
Last-Update: 2016-07-22
Patch-Name: CVE-2016-6210-1.patch
---
auth-passwd.c | 12 ++++++++----
openbsd-compat/xcrypt.c | 34 ++++++++++++++++++++++++++++++++++
2 files changed, 42 insertions(+), 4 deletions(-)
diff --git a/auth-passwd.c b/auth-passwd.c
index 63ccf3c..530b5d4 100644
--- a/auth-passwd.c
+++ b/auth-passwd.c
@@ -193,7 +193,7 @@ int
sys_auth_passwd(Authctxt *authctxt, const char *password)
{
struct passwd *pw = authctxt->pw;
- char *encrypted_password;
+ char *encrypted_password, *salt = NULL;
/* Just use the supplied fake password if authctxt is invalid */
char *pw_password = authctxt->valid ? shadow_pw(pw) : pw->pw_passwd;
@@ -202,9 +202,13 @@ sys_auth_passwd(Authctxt *authctxt, const char *password)
if (strcmp(pw_password, "") == 0 && strcmp(password, "") == 0)
return (1);
- /* Encrypt the candidate password using the proper salt. */
- encrypted_password = xcrypt(password,
- (pw_password[0] && pw_password[1]) ? pw_password : "xx");
+ /*
+ * Encrypt the candidate password using the proper salt, or pass a
+ * NULL and let xcrypt pick one.
+ */
+ if (authctxt->valid && pw_password[0] && pw_password[1])
+ salt = pw_password;
+ encrypted_password = xcrypt(password, salt);
/*
* Authentication is accepted if the encrypted passwords
diff --git a/openbsd-compat/xcrypt.c b/openbsd-compat/xcrypt.c
index 8577cbd..8913bb8 100644
--- a/openbsd-compat/xcrypt.c
+++ b/openbsd-compat/xcrypt.c
@@ -25,6 +25,7 @@
#include "includes.h"
#include <sys/types.h>
+#include <string.h>
#include <unistd.h>
#include <pwd.h>
@@ -62,11 +63,44 @@
# define crypt DES_crypt
# endif
+/*
+ * Pick an appropriate password encryption type and salt for the running
+ * system.
+ */
+static const char *
+pick_salt(void)
+{
+ struct passwd *pw;
+ char *passwd, *p;
+ size_t typelen;
+ static char salt[32];
+
+ if (salt[0] != '\0')
+ return salt;
+ strlcpy(salt, "xx", sizeof(salt));
+ if ((pw = getpwuid(0)) == NULL)
+ return salt;
+ passwd = shadow_pw(pw);
+ if (passwd[0] != '$' || (p = strrchr(passwd + 1, '$')) == NULL)
+ return salt; /* no $, DES */
+ typelen = p - passwd + 1;
+ strlcpy(salt, passwd, MIN(typelen, sizeof(salt)));
+ explicit_bzero(passwd, strlen(passwd));
+ return salt;
+}
+
char *
xcrypt(const char *password, const char *salt)
{
char *crypted;
+ /*
+ * If we don't have a salt we are encrypting a fake password for
+ * for timing purposes. Pick an appropriate salt.
+ */
+ if (salt == NULL)
+ salt = pick_salt();
+
# ifdef HAVE_MD5_PASSWORDS
if (is_md5_salt(salt))
crypted = md5_crypt(password, salt);

View File

@ -0,0 +1,111 @@
From dde63f7f998ac3812a26bbb2c1b2947f24fcd060 Mon Sep 17 00:00:00 2001
From: Darren Tucker <dtucker@zip.com.au>
Date: Fri, 15 Jul 2016 13:49:44 +1000
Subject: Mitigate timing of disallowed users PAM logins.
When sshd decides to not allow a login (eg PermitRootLogin=no) and
it's using PAM, it sends a fake password to PAM so that the timing for
the failure is not noticeably different whether or not the password
is correct. This behaviour can be detected by sending a very long
password string which is slower to hash than the fake password.
Mitigate by constructing an invalid password that is the same length
as the one from the client and thus takes the same time to hash.
Diff from djm@
Origin: upstream, https://anongit.mindrot.org/openssh.git/commit/?id=283b97ff33ea2c641161950849931bd578de6946
Bug-Debian: https://bugs.debian.org/831902
Last-Update: 2016-07-22
Patch-Name: CVE-2016-6210-2.patch
---
auth-pam.c | 35 +++++++++++++++++++++++++++++++----
1 file changed, 31 insertions(+), 4 deletions(-)
diff --git a/auth-pam.c b/auth-pam.c
index 8425af1..abd6a5e 100644
--- a/auth-pam.c
+++ b/auth-pam.c
@@ -232,7 +232,6 @@ static int sshpam_account_status = -1;
static char **sshpam_env = NULL;
static Authctxt *sshpam_authctxt = NULL;
static const char *sshpam_password = NULL;
-static char badpw[] = "\b\n\r\177INCORRECT";
/* Some PAM implementations don't implement this */
#ifndef HAVE_PAM_GETENVLIST
@@ -810,12 +809,35 @@ sshpam_query(void *ctx, char **name, char **info,
return (-1);
}
+/*
+ * Returns a junk password of identical length to that the user supplied.
+ * Used to mitigate timing attacks against crypt(3)/PAM stacks that
+ * vary processing time in proportion to password length.
+ */
+static char *
+fake_password(const char *wire_password)
+{
+ const char junk[] = "\b\n\r\177INCORRECT";
+ char *ret = NULL;
+ size_t i, l = wire_password != NULL ? strlen(wire_password) : 0;
+
+ if (l >= INT_MAX)
+ fatal("%s: password length too long: %zu", __func__, l);
+
+ ret = malloc(l + 1);
+ for (i = 0; i < l; i++)
+ ret[i] = junk[i % (sizeof(junk) - 1)];
+ ret[i] = '\0';
+ return ret;
+}
+
/* XXX - see also comment in auth-chall.c:verify_response */
static int
sshpam_respond(void *ctx, u_int num, char **resp)
{
Buffer buffer;
struct pam_ctxt *ctxt = ctx;
+ char *fake;
debug2("PAM: %s entering, %u responses", __func__, num);
switch (ctxt->pam_done) {
@@ -836,8 +858,11 @@ sshpam_respond(void *ctx, u_int num, char **resp)
(sshpam_authctxt->pw->pw_uid != 0 ||
options.permit_root_login == PERMIT_YES))
buffer_put_cstring(&buffer, *resp);
- else
- buffer_put_cstring(&buffer, badpw);
+ else {
+ fake = fake_password(*resp);
+ buffer_put_cstring(&buffer, fake);
+ free(fake);
+ }
if (ssh_msg_send(ctxt->pam_psock, PAM_AUTHTOK, &buffer) == -1) {
buffer_free(&buffer);
return (-1);
@@ -1181,6 +1206,7 @@ sshpam_auth_passwd(Authctxt *authctxt, const char *password)
{
int flags = (options.permit_empty_passwd == 0 ?
PAM_DISALLOW_NULL_AUTHTOK : 0);
+ char *fake = NULL;
if (!options.use_pam || sshpam_handle == NULL)
fatal("PAM: %s called when PAM disabled or failed to "
@@ -1196,7 +1222,7 @@ sshpam_auth_passwd(Authctxt *authctxt, const char *password)
*/
if (!authctxt->valid || (authctxt->pw->pw_uid == 0 &&
options.permit_root_login != PERMIT_YES))
- sshpam_password = badpw;
+ sshpam_password = fake = fake_password(password);
sshpam_err = pam_set_item(sshpam_handle, PAM_CONV,
(const void *)&passwd_conv);
@@ -1206,6 +1232,7 @@ sshpam_auth_passwd(Authctxt *authctxt, const char *password)
sshpam_err = pam_authenticate(sshpam_handle, flags);
sshpam_password = NULL;
+ free(fake);
if (sshpam_err == PAM_SUCCESS && authctxt->valid) {
debug("PAM: password authentication accepted for %.100s",
authctxt->user);

View File

@ -0,0 +1,60 @@
From abde8dda29c2db2405d6fbca2fe022430e2c1177 Mon Sep 17 00:00:00 2001
From: Darren Tucker <dtucker@zip.com.au>
Date: Thu, 21 Jul 2016 14:17:31 +1000
Subject: Search users for one with a valid salt.
If the root account is locked (eg password "!!" or "*LK*") keep looking
until we find a user with a valid salt to use for crypting passwords of
invalid users. ok djm@
Origin: upstream, https://anongit.mindrot.org/openssh.git/commit/?id=dbf788b4d9d9490a5fff08a7b09888272bb10fcc
Bug-Debian: https://bugs.debian.org/831902
Last-Update: 2016-07-22
Patch-Name: CVE-2016-6210-3.patch
---
openbsd-compat/xcrypt.c | 24 +++++++++++++++---------
1 file changed, 15 insertions(+), 9 deletions(-)
diff --git a/openbsd-compat/xcrypt.c b/openbsd-compat/xcrypt.c
index 8913bb8..cf6a9b9 100644
--- a/openbsd-compat/xcrypt.c
+++ b/openbsd-compat/xcrypt.c
@@ -65,7 +65,9 @@
/*
* Pick an appropriate password encryption type and salt for the running
- * system.
+ * system by searching through accounts until we find one that has a valid
+ * salt. Usually this will be root unless the root account is locked out.
+ * If we don't find one we return a traditional DES-based salt.
*/
static const char *
pick_salt(void)
@@ -78,14 +80,18 @@ pick_salt(void)
if (salt[0] != '\0')
return salt;
strlcpy(salt, "xx", sizeof(salt));
- if ((pw = getpwuid(0)) == NULL)
- return salt;
- passwd = shadow_pw(pw);
- if (passwd[0] != '$' || (p = strrchr(passwd + 1, '$')) == NULL)
- return salt; /* no $, DES */
- typelen = p - passwd + 1;
- strlcpy(salt, passwd, MIN(typelen, sizeof(salt)));
- explicit_bzero(passwd, strlen(passwd));
+ setpwent();
+ while ((pw = getpwent()) != NULL) {
+ passwd = shadow_pw(pw);
+ if (passwd[0] == '$' && (p = strrchr(passwd+1, '$')) != NULL) {
+ typelen = p - passwd + 1;
+ strlcpy(salt, passwd, MIN(typelen, sizeof(salt)));
+ explicit_bzero(passwd, strlen(passwd));
+ goto out;
+ }
+ }
+ out:
+ endpwent();
return salt;
}

View File

@ -5028,14 +5028,14 @@ connection to each user.")
(define-public python-waf
(package
(name "python-waf")
(version "1.8.8")
(version "1.9.1")
(source (origin
(method url-fetch)
(uri (string-append "https://waf.io/"
"waf-" version ".tar.bz2"))
(sha256
(base32
"0b5q307fgn6a5d8yjia2d1l4bk1q3ilvc0w8k4isfrrx2gbcw8wn"))))
"1nc4qaqx2vsanlpp9mcwvf91xjqpkvcc6fcxd5sb4fwvaxamw5v6"))))
(build-system python-build-system)
(arguments
'(#:phases
@ -5627,17 +5627,14 @@ and MAC network addresses.")
(define-public python-iso8601
(package
(name "python-iso8601")
(version "0.1.10")
(version "0.1.11")
(source
(origin
(method url-fetch)
(uri (string-append
"https://pypi.python.org/packages/source/i/iso8601/iso8601-"
version
".tar.gz"))
(uri (pypi-uri "iso8601" version))
(sha256
(base32
"1qf01afxh7j4gja71vxv345if8avg6nnm0ry0zsk6j3030xgy4p7"))))
"0c7gh3lsdjds262h0v1sqc66l7hqgfwbakn96qrhdbl0i3vm5yz8"))))
(build-system python-build-system)
(inputs
`(("python-setuptools" ,python-setuptools)))

View File

@ -39,29 +39,30 @@
(define-public iniparser
(package
(name "iniparser")
(version "3.1")
(version "4.0")
(source (origin
(method url-fetch)
(uri (string-append "http://ndevilla.free.fr/iniparser/iniparser-"
(uri (string-append "https://github.com/ndevilla/iniparser/archive/v"
version ".tar.gz"))
(file-name (string-append name "-" version ".tar.gz"))
(sha256
(base32
"1igmxzcy0s25zcy9vmcw0kd13lh60r0b4qg8lnp1jic33f427pxf"))))
"1flj7srvh2hp9ls96qz922bklyhw7f27mmn23b16839zpdjddfz0"))))
(build-system gnu-build-system)
(arguments
'(#:phases (alist-replace
'configure
'(#:phases
(modify-phases %standard-phases
(replace 'configure
(lambda* (#:key outputs #:allow-other-keys)
(substitute* "Makefile"
(substitute* '("Makefile" "test/Makefile")
(("/usr/lib")
(string-append (assoc-ref outputs "out") "/lib"))))
(alist-replace
'build
(string-append (assoc-ref outputs "out") "/lib"))
(("\\?= gcc") "= gcc"))))
(replace 'build
(lambda _
(and (zero? (system* "make" "libiniparser.so"))
(symlink "libiniparser.so.0" "libiniparser.so")))
(alist-replace
'install
(symlink "libiniparser.so.0" "libiniparser.so"))))
(replace 'install
(lambda* (#:key outputs #:allow-other-keys)
(let* ((out (assoc-ref outputs "out"))
(lib (string-append out "/lib"))
@ -85,9 +86,7 @@
(for-each (copy html)
(find-files "html" ".*"))
(for-each (copy doc)
'("AUTHORS" "INSTALL" "LICENSE"
"README"))))
%standard-phases)))))
'("AUTHORS" "INSTALL" "LICENSE" "README.md"))))))))
(home-page "http://ndevilla.free.fr/iniparser")
(synopsis "Standalone ini file parsing library")
(description

View File

@ -1,5 +1,6 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2016 Matthew Jordan <matthewjordandevops@yandex.com>
;;; Copyright © 2016 Alex Griffin <a@ajgrf.com>
;;;
;;; This file is part of GNU Guix.
;;;
@ -17,11 +18,14 @@
;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
(define-module (gnu packages shellutils)
#:use-module (gnu packages base)
#:use-module (gnu packages python)
#:use-module (guix licenses)
#:use-module (guix packages)
#:use-module (guix download)
#:use-module (guix utils)
#:use-module (guix build-system gnu))
#:use-module (guix build-system gnu)
#:use-module (guix build-system python))
(define-public envstore
(package
@ -48,3 +52,39 @@
between various shells or commands.")
(license
(non-copyleft "http://www.wtfpl.net/txt/copying/"))))
(define-public trash-cli
(package
(name "trash-cli")
(version "0.12.9.14")
(source
(origin
(method url-fetch)
(uri (pypi-uri "trash-cli" version))
(sha256
(base32
"1p4v2qx0sy47d9c9axszq04wns63s4b7rrhmsavg948sklqdaf54"))))
(build-system python-build-system)
(arguments
`(#:python ,python-2
#:tests? #f ; no tests
#:phases
(modify-phases %standard-phases
(add-before 'build 'patch-path-constants
(lambda* (#:key inputs #:allow-other-keys)
(let ((libc (assoc-ref inputs "libc"))
(coreutils (assoc-ref inputs "coreutils")))
(substitute* "trashcli/list_mount_points.py"
(("\"/lib/libc.so.6\".*")
(string-append "\"" libc "/lib/libc.so.6\"\n"))
(("\"df\"")
(string-append "\"" coreutils "/bin/df\"")))))))))
(inputs `(("coreutils" ,coreutils)))
(home-page "https://github.com/andreafrancia/trash-cli")
(synopsis "Trash can management tool")
(description
"trash-cli is a command line utility for interacting with the
FreeDesktop.org trash can used by GNOME, KDE, XFCE, and other common desktop
environments. It can move files to the trash, and remove or list files that
are already there.")
(license gpl2+)))

View File

@ -135,7 +135,10 @@ a server that supports the SSH-2 protocol.")
tail))))
(sha256 (base32
"132lh9aanb0wkisji1d6cmsxi520m8nh7c7i9wi6m1s3l38q29x7"))
(patches (search-patches "openssh-CVE-2015-8325.patch"))))
(patches (search-patches "openssh-CVE-2015-8325.patch"
"openssh-CVE-2016-6210-1.patch"
"openssh-CVE-2016-6210-2.patch"
"openssh-CVE-2016-6210-3.patch"))))
(build-system gnu-build-system)
(inputs `(("groff" ,groff)
("openssl" ,openssl)

View File

@ -62,7 +62,7 @@
(define-public pspp
(package
(name "pspp")
(version "0.10.1")
(version "0.10.2")
(source
(origin
(method url-fetch)
@ -70,7 +70,7 @@
version ".tar.gz"))
(sha256
(base32
"0xw61kq0hxh7f6a4yjhnqbhc0fj9r3wb3qnpq05qhdp79n30ik24"))))
"1afsq0a3iij64qacczvwhk81qg0q5rfqm055y5h9ls28d6paqz7p"))))
(build-system gnu-build-system)
(inputs
`(("cairo" ,cairo)

View File

@ -113,14 +113,14 @@ as well as the classic centralized workflow.")
;; Keep in sync with 'git-manpages'!
(package
(name "git")
(version "2.9.1")
(version "2.9.2")
(source (origin
(method url-fetch)
(uri (string-append "mirror://kernel.org/software/scm/git/git-"
version ".tar.xz"))
(sha256
(base32
"18l2jb4bkp9ljz6p2aviwzxqyzza9z3v6h1pnkz7kjf1fay61zp8"))))
"1d9dmhgzcnwc2jbib4q23ypjbnw1gh1w8gif63qldwkpixj4dxgq"))))
(build-system gnu-build-system)
(native-inputs
`(("native-perl" ,perl)
@ -295,7 +295,7 @@ everything from small to very large projects with speed and efficiency.")
version ".tar.xz"))
(sha256
(base32
"1v9icsf85vvrrg7fakm91d11q23rvnh6dq4b4c4ya8v95z00mg8p"))))
"08y38w6yfvrpgj10dl3vghp05xjpl8jj37kkfna2nhf0wip52p2c"))))
(build-system trivial-build-system)
(arguments
'(#:modules ((guix build utils))

View File

@ -805,14 +805,7 @@ SVCD, DVD, 3ivx, DivX 3/4/5, WMV and H.264 movies.")
("pulseaudio" ,pulseaudio)
("rsound" ,rsound)
("vapoursynth" ,vapoursynth)
("waf" ,(origin
(method url-fetch)
;; Keep this in sync with the version in the bootstrap.py
;; script of the source tarball.
(uri "http://www.freehackers.org/~tnagy/release/waf-1.8.12")
(sha256
(base32
"12y9c352zwliw0zk9jm2lhynsjcf5jy0k1qch1c1av8hnbm2pgq1"))))
("waf" ,python-waf)
("youtube-dl" ,youtube-dl)
("zlib" ,zlib)))
(arguments
@ -902,7 +895,7 @@ access to mpv's powerful playback capabilities.")
(define-public youtube-dl
(package
(name "youtube-dl")
(version "2016.06.14")
(version "2016.07.22")
(source (origin
(method url-fetch)
(uri (string-append "https://youtube-dl.org/downloads/"
@ -910,7 +903,7 @@ access to mpv's powerful playback capabilities.")
version ".tar.gz"))
(sha256
(base32
"0fmvpqipc1xwagvk7ih4slmv1xz1rb6s8wpndhypwvrq4pnnm9ns"))))
"02wcxpcbpvsbvyxcnhhf94ma0x5dcg4fygnxxca2h31dp47dkak9"))))
(build-system python-build-system)
(home-page "https://youtube-dl.org")
(arguments

View File

@ -2390,18 +2390,21 @@ and IPv6 sockets, intended as a replacement for IO::Socket::INET.")
(define-public perl-io-socket-ssl
(package
(name "perl-io-socket-ssl")
(version "2.002")
(version "2.033")
(source (origin
(method url-fetch)
(uri (string-append "mirror://cpan/authors/id/S/SU/SULLR/"
"IO-Socket-SSL-" version ".tar.gz"))
(sha256
(base32
"1mph52lw6x5v44wf8mw00llzi8pp6k5c4jnrnrvlacrlfv260jb8"))
"01qggwmc97kpzx49fp4fxysrjyq8mpnx54nrb087ridj0ch3cf46"))
(patches (search-patches
"perl-io-socket-ssl-openssl-1.0.2f-fix.patch"))))
(build-system perl-build-system)
(propagated-inputs `(("perl-net-ssleay" ,perl-net-ssleay)))
(propagated-inputs
`(("perl-net-ssleay" ,perl-net-ssleay)
;; for IDN support
("perl-uri" ,perl-uri)))
(synopsis "Nearly transparent SSL encapsulation for IO::Socket::INET")
(description
"IO::Socket::SSL makes using SSL/TLS much easier by wrapping the

View File

@ -42,7 +42,8 @@
(source
(origin
(method url-fetch)
(uri (string-append "mirror://sourceforge/wxwindows/" version
(uri (string-append "https://github.com/wxWidgets/wxWidgets/"
"releases/download/v" version
"/wxWidgets-" version ".tar.bz2"))
(sha256
(base32 "0paq27brw4lv8kspxh9iklpa415mxi8zc117vbbbhfjgapf7js1l"))))
@ -88,8 +89,9 @@ and many other languages.")
(source
(origin
(method url-fetch)
(uri (string-append "mirror://sourceforge/wxwindows/" version
"/wxWidgets-" version ".tar.bz2"))
(uri (string-append "https://github.com/wxWidgets/wxWidgets/"
"releases/download/v" version
"/wxGTK-" version ".tar.gz"))
(sha256
(base32 "1gjs9vfga60mk4j4ngiwsk9h6c7j22pw26m3asxr1jwvqbr8kkqk"))))
(inputs

View File

@ -13,6 +13,7 @@
;;; Copyright © 2016 Ricardo Wurmus <rekado@elephly.net>
;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2016 Leo Famulari <leo@famulari.name>
;;; Copyright © 2016 Alex Kost <alezost@gmail.com>
;;;
;;; This file is part of GNU Guix.
;;;
@ -913,6 +914,28 @@ demos. It also acts as a nice screen locker.")
"http://metadata.ftp-master.debian.org/changelogs/"
"/main/x/xscreensaver/xscreensaver_5.34-2_copyright")))))
(define-public xdpyprobe
(package
(name "xdpyprobe")
(version "0.1")
(source (origin
(method url-fetch)
(uri (string-append "https://github.com/alezost/" name
"/releases/download/v" version
"/" name "-" version ".tar.gz"))
(sha256
(base32
"1h09wd2qcg08rj5hcakvdh9q01hkrj8vxly94ax3ch2x06lm0zq8"))))
(build-system gnu-build-system)
(inputs
`(("libx11" ,libx11)))
(home-page "https://github.com/alezost/xdpyprobe")
(synopsis "Probe X server for connectivity")
(description
"Xdpyprobe is a tiny C program whose only purpose is to probe a
connectivity of the X server running on a particular @code{DISPLAY}.")
(license license:gpl3+)))
(define-public rofi
(package
(name "rofi")

View File

@ -8,6 +8,7 @@
;;; Copyright © 2015 Cyrill Schenkel <cyrill.schenkel@gmail.com>
;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2016 ng0 <ng0@we.make.ritual.n0.is>
;;; Copyright © 2016 Alex Kost <alezost@gmail.com>
;;;
;;; This file is part of GNU Guix.
;;;
@ -3870,6 +3871,97 @@ running on X server.")
protocol.")
(license license:x11)))
(define-public xfontsel
(package
(name "xfontsel")
(version "1.0.5")
(source (origin
(method url-fetch)
(uri (string-append
"mirror://xorg/individual/app/xfontsel-"
version ".tar.bz2"))
(sha256
(base32
"1grir464hy52a71r3mpm9mzvkf7nwr3vk0b1vc27pd3gp588a38p"))))
(build-system gnu-build-system)
(arguments
;; By default, it tries to install XFontSel file in
;; "/gnu/store/<libxt>/share/X11/app-defaults": it defines this
;; directory from 'libxt' (using 'pkg-config'). To put this file
;; inside output dir and to use it properly, we need to configure
;; --with-appdefaultdir and to wrap 'xfontsel' binary.
(let ((app-defaults-dir "/share/X11/app-defaults"))
`(#:configure-flags
(list (string-append "--with-appdefaultdir="
%output ,app-defaults-dir))
#:phases
(modify-phases %standard-phases
(add-after 'install 'wrap-xfontsel
(lambda* (#:key outputs #:allow-other-keys)
(let ((out (assoc-ref outputs "out")))
(wrap-program (string-append out "/bin/xfontsel")
`("XAPPLRESDIR" =
(,(string-append out ,app-defaults-dir)))))))))))
(inputs
`(("libx11" ,libx11)
("libxaw" ,libxaw)
("libxmu" ,libxmu)
("libxt" ,libxt)))
(native-inputs
`(("pkg-config" ,pkg-config)))
(home-page "https://www.x.org/wiki/")
(synopsis "Browse and select X font names")
(description
"XFontSel provides a simple way to display the X11 core protocol fonts
known to your X server, examine samples of each, and retrieve the X Logical
Font Description (XLFD) full name for a font.")
(license license:x11)))
(define-public xfd
(package
(name "xfd")
(version "1.1.2")
(source (origin
(method url-fetch)
(uri (string-append
"mirror://xorg/individual/app/xfd-"
version ".tar.bz2"))
(sha256
(base32
"0n97iqqap9wyxjan2n520vh4rrf5bc0apsw2k9py94dqzci258y1"))))
(build-system gnu-build-system)
(arguments
;; The same 'app-defaults' problem as with 'xfontsel' package.
(let ((app-defaults-dir "/share/X11/app-defaults"))
`(#:configure-flags
(list (string-append "--with-appdefaultdir="
%output ,app-defaults-dir))
#:phases
(modify-phases %standard-phases
(add-after 'install 'wrap-xfd
(lambda* (#:key outputs #:allow-other-keys)
(let ((out (assoc-ref outputs "out")))
(wrap-program (string-append out "/bin/xfd")
`("XAPPLRESDIR" =
(,(string-append out ,app-defaults-dir)))))))))))
(inputs
`(("fontconfig" ,fontconfig)
("libx11" ,libx11)
("libxaw" ,libxaw)
("libxft" ,libxft)
("libxmu" ,libxmu)
("libxrender" ,libxrender)))
(native-inputs
`(("gettext" ,gnu-gettext)
("pkg-config" ,pkg-config)))
(home-page "https://www.x.org/wiki/")
(synopsis "Display all the characters in an X font")
(description
"XFD (X Font Display) package provides an utility that displays a
window containing the name of the font being displayed, a row of command
buttons, several lines of text for displaying character metrics, and a grid
containing one glyph per cell.")
(license license:x11)))
(define-public xmodmap
(package
@ -4562,7 +4654,17 @@ protocol and arbitrary X extension protocol.")
(base32
"0c3563kw9fg15dpgx4dwvl12qz6sdqdns1pxa574hc7i5m42mman"))))
(build-system gnu-build-system)
(propagated-inputs
(arguments
'(#:phases
(modify-phases %standard-phases
(add-after 'install 'wrap-mkfontdir
(lambda* (#:key inputs outputs #:allow-other-keys)
(wrap-program (string-append (assoc-ref outputs "out")
"/bin/mkfontdir")
`("PATH" ":" prefix
(,(string-append (assoc-ref inputs "mkfontscale")
"/bin")))))))))
(inputs
`(("mkfontscale" ,mkfontscale)))
(native-inputs
`(("pkg-config" ,pkg-config)))

View File

@ -2,6 +2,7 @@
;;; Copyright © 2012, 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2013, 2014, 2015 Andreas Enge <andreas@enge.fr>
;;; Copyright © 2015 Federico Beffa <beffa@fbengineering.ch>
;;; Copyright © 2016 Alex Griffin <a@ajgrf.com>
;;;
;;; This file is part of GNU Guix.
;;;
@ -99,6 +100,7 @@
"http://www.centervenus.com/mirrors/nongnu/"
"http://download.savannah.gnu.org/releases-noredirect/")
(sourceforge ; https://sourceforge.net/p/forge/documentation/Mirrors/
"http://downloads.sourceforge.net/project/"
"http://ufpr.dl.sourceforge.net/project/"
"http://heanet.dl.sourceforge.net/project/"
"http://freefr.dl.sourceforge.net/project/"

View File

@ -1,7 +1,7 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2013 Nikita Karetnikov <nikita@karetnikov.org>
;;; Copyright © 2014 Alex Kost <alezost@gmail.com>
;;; Copyright © 2014, 2016 Alex Kost <alezost@gmail.com>
;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
;;; Copyright © 2015 Sou Bunnbu <iyzsong@gmail.com>
;;;
@ -756,10 +756,51 @@ entries. It's used to query the MIME type of a given file."
#:substitutable? #f)
(return #f))))
(define (fonts-dir-file manifest)
"Return a derivation that builds the @file{fonts.dir} and @file{fonts.scale}
files for the truetype fonts of the @var{manifest} entries."
(define mkfontscale
(module-ref (resolve-interface '(gnu packages xorg)) 'mkfontscale))
(define mkfontdir
(module-ref (resolve-interface '(gnu packages xorg)) 'mkfontdir))
(define build
#~(begin
(use-modules (srfi srfi-26)
(guix build utils)
(guix build union))
(let ((ttf-dirs (filter file-exists?
(map (cut string-append <>
"/share/fonts/truetype")
'#$(manifest-inputs manifest)))))
(mkdir #$output)
(if (null? ttf-dirs)
(exit #t)
(let* ((fonts-dir (string-append #$output "/share/fonts"))
(ttf-dir (string-append fonts-dir "/truetype"))
(mkfontscale (string-append #+mkfontscale
"/bin/mkfontscale"))
(mkfontdir (string-append #+mkfontdir
"/bin/mkfontdir")))
(mkdir-p fonts-dir)
(union-build ttf-dir ttf-dirs
#:log-port (%make-void-port "w"))
(with-directory-excursion ttf-dir
(exit (and (zero? (system* mkfontscale))
(zero? (system* mkfontdir))))))))))
(gexp->derivation "fonts-dir" build
#:modules '((guix build utils)
(guix build union))
#:local-build? #t
#:substitutable? #f))
(define %default-profile-hooks
;; This is the list of derivation-returning procedures that are called by
;; default when making a non-empty profile.
(list info-dir-file
fonts-dir-file
ghc-package-cache-file
ca-certificate-bundle
gtk-icon-themes

View File

@ -203,14 +203,25 @@ by two spaces; possible infraction~p at ~{~a~^, ~}")
(define (check-inputs-should-be-native package)
;; Emit a warning if some inputs of PACKAGE are likely to belong to its
;; native inputs.
(let ((inputs (package-inputs package)))
(let ((linted package)
(inputs (package-inputs package))
(native-inputs '("pkg-config" "glib:bin" "intltool" "itstool")))
(match inputs
(((labels packages . _) ...)
(when (member "pkg-config"
(map package-name (filter package? packages)))
(emit-warning package
(_ "pkg-config should probably be a native input")
'inputs))))))
(((labels packages . outputs) ...)
(for-each (lambda (package output)
(when (package? package)
(let ((input (string-append
(package-name package)
(if (> (length output) 0)
(string-append ":" (car output))
""))))
(when (member input native-inputs)
(emit-warning linted
(format #f (_ "'~a' should probably \
be a native input")
input)
'inputs)))))
packages outputs)))))
(define (package-name-regexp package)
"Return a regexp that matches PACKAGE's name as a word at the beginning of a

View File

@ -31,6 +31,7 @@
#:use-module (guix scripts lint)
#:use-module (guix ui)
#:use-module (gnu packages)
#:use-module (gnu packages glib)
#:use-module (gnu packages pkg-config)
#:use-module (web server)
#:use-module (web server http)
@ -319,7 +320,16 @@ string) on HTTP requests."
(let ((pkg (dummy-package "x"
(inputs `(("pkg-config" ,pkg-config))))))
(check-inputs-should-be-native pkg)))
"pkg-config should probably be a native input")))
"'pkg-config' should probably be a native input")))
(test-assert "inputs: glib:bin is probably a native input"
(->bool
(string-contains
(with-warnings
(let ((pkg (dummy-package "x"
(inputs `(("glib" ,glib "bin"))))))
(check-inputs-should-be-native pkg)))
"'glib:bin' should probably be a native input")))
(test-assert "patches: file names"
(->bool