This allows substitutes to be downloaded from unauthorized servers, as
long as they advertise the same hash and references as one of the
authorized servers.
* guix/scripts/substitute.scm (assert-valid-narinfo): Remove.
(valid-narinfo?): Add #:verbose?. Handle each case of
'signature-case'.
(equivalent-narinfo?): New procedure.
(lookup-narinfos/diverse): Add 'authorized?' parameter and honor it.
[select-hit]: New procedure.
(lookup-narinfo): Add 'authorized?' parameter and pass it.
(process-query): Adjust callers accordingly.
(process-substitution): Remove call to 'assert-valid-narinfo'. Check
whether 'lookup-narinfo' returns true and call 'leave' if not.
* tests/substitute.scm (%main-substitute-directory)
(%alternate-substitute-directory): New variables.
(call-with-narinfo): Make 'narinfo-directory' a parameter. Call
'mkdir-p' to create it. Change unwind handler to check whether
CACHE-DIRECTORY exists before deleting it.
(with-narinfo*): New macro.
("substitute, no signature")
("substitute, invalid hash")
("substitute, unauthorized key"): Change expected error message to "no
valid substitute".
("substitute, unauthorized narinfo comes first")
("substitute, unsigned narinfo comes first")
("substitute, first narinfo is unsigned and has wrong hash")
("substitute, first narinfo is unsigned and has wrong refs")
("substitute, unsigned narinfo comes first")
("substitute, two invalid narinfos"): New tests.
* doc/guix.texi (Substitutes): Explain the new behavior.
* guix/scripts/substitute.scm (%cache-urls): Rename to...
(%default-substitute-urls): ... this.
(substitute-urls): New variable.
(guix-substitute): Use it instead of %CACHE-URLS.
* tests/substitute.scm: Likewise.
* gnu/packages/python.scm (python-apsw)[phases]: Replace build phase; add flag
to build all extensions. Add build-test-helper to allow testing of
extensions.
This is a followup to commit d02aabaf1b.
* gnu/packages/patches/foomatic-filters-CVE-2015-8327.patch: New file.
* gnu/packages/patches/foomatic-filters-CVE-2015-8560.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add them.
This package has not built successfully for a long time. Since it
appears to have no users, we remove it for now.
* gnu/packages/tls.scm (python2-acme): Remove variable.
Fixes a regression introduced in fbc7b1f125.
* gnu/tests/install.scm (run-install)[install]: Don't use 'file-append'
with a string as its first argument; use a gexp with 'string-append' instead.
Use a gexp instead of a list for "-cdrom IMG".
Fixes a regression introduced in
fa67d56541 whereby elogind would fail to
start with:
Cannot determine cgroup we are running in: No data available
Out of memory.
thereby preventing log-in altogether.
* gnu/packages/freedesktop.scm (elogind)[arguments]: Pass
"--with-cgroup-controller=elogind".
* gnu/tests/desktop.scm: New file.
* gnu/local.mk (GNU_SYSTEM_MODULES): Add it.
* gnu/build/marionette.scm (wait-for-file): Add #:read parameter and
honor it.
* gnu/tests/base.scm (run-basic-test)["login on tty1"]: Use
'wait-for-file' instead of inline code.