This makes collisions less likely than when using a label to look up the
partition. See <https://bugs.gnu.org/27735>.
* gnu/system/vm.scm (operating-system-uuid): New procedure.
(system-disk-image): Define 'root-uuid' and use it for the root file
system. Pass it to 'iso9660-image' and 'qemu-image'.
* gnu/system.scm (read-boot-parameters)[device->sexp]: New procedure.
Use it for 'root-device' and 'store-device'.
(device->sexp): Serialize the UUID type in addition to its bytevector.
Conceptually a UUID is just a bytevector. However, there's software out
there such as GRUB that relies on the string representation of different
UUID types (e.g., the string representation of DCE UUIDs differs from
that of ISO-9660 UUIDs, even if they are actually bytevectors of the
same length). This new <uuid> record type allows us to preserve
information about the type of UUID so we can eventually convert it to a
string using the right representation.
* gnu/system/uuid.scm (<uuid>): New record type.
(bytevector->uuid): New procedure.
(uuid): Return calls to 'make-uuid'.
(uuid->string): Rewrite using 'match-lambda*' to accept a single 'uuid?'
argument.
* gnu/bootloader/grub.scm (grub-root-search): Check for 'uuid?' instead
of 'bytevector?'.
* gnu/system.scm (bootable-kernel-arguments): Check whether ROOT-DEVICE
is 'uuid?'.
(read-boot-parameters): Use 'bytevector->uuid' when the
store device is a bytevector.
(read-boot-parameters-file): Check for 'uuid?' instead of 'bytevector?'.
(device->sexp): New procedure.
(operating-system-boot-parameters-file): Use it for 'root-device' and
'store'.
(operating-system-bootcfg): Remove conditional in definition of
'root-device'.
* gnu/system/file-systems.scm (file-system->spec): Check for 'uuid?' on
DEVICE and take its bytevector.
* gnu/system/mapped-devices.scm (open-luks-device): Likewise.
* gnu/system/vm.scm (iso9660-image): Call 'uuid-bytevector' for the
#:volume-uuid argument.
* gnu/build/vm.scm (<partition>)[uuid]: New field.
(create-ext-file-system): Add #:uuid and honor it.
(create-fat-file-system): Add #:uuid.
(format-partition): Add #:uuid and honor it.
(initialize-partition): Honor the 'uuid' field of PARTITION.
* gnu/packages/patches/emacs-unsafe-enriched-mode-translations.patch:
New file.
* gnu/packages/emacs.scm (emacs)[source](patches): Add it.
* gnu/local.mk (dist_patch_DATA): Add it.
Before this, accessing HTTPS will throw an exception about 'nss.cfg' could not
be found.
* gnu/packages/java.scm (icedtea-8)[arguments]: Copy 'nss.cfg' from JDK into
JRE in the install phase.
* guix/gnu-maintenance.scm (latest-gnu-release): Return a list of
matching tarballs instead of just the first one. This gives us .tar.gz,
.tar.xz, etc.
* guix/gnu-maintenance.scm (latest-gnu-release): Add calls to
'sans-extension'. This fixes version comparison, which could be fooled
with the ".tar.gz" extension.
This allows substitutes to be downloaded from unauthorized servers, as
long as they advertise the same hash and references as one of the
authorized servers.
* guix/scripts/substitute.scm (assert-valid-narinfo): Remove.
(valid-narinfo?): Add #:verbose?. Handle each case of
'signature-case'.
(equivalent-narinfo?): New procedure.
(lookup-narinfos/diverse): Add 'authorized?' parameter and honor it.
[select-hit]: New procedure.
(lookup-narinfo): Add 'authorized?' parameter and pass it.
(process-query): Adjust callers accordingly.
(process-substitution): Remove call to 'assert-valid-narinfo'. Check
whether 'lookup-narinfo' returns true and call 'leave' if not.
* tests/substitute.scm (%main-substitute-directory)
(%alternate-substitute-directory): New variables.
(call-with-narinfo): Make 'narinfo-directory' a parameter. Call
'mkdir-p' to create it. Change unwind handler to check whether
CACHE-DIRECTORY exists before deleting it.
(with-narinfo*): New macro.
("substitute, no signature")
("substitute, invalid hash")
("substitute, unauthorized key"): Change expected error message to "no
valid substitute".
("substitute, unauthorized narinfo comes first")
("substitute, unsigned narinfo comes first")
("substitute, first narinfo is unsigned and has wrong hash")
("substitute, first narinfo is unsigned and has wrong refs")
("substitute, unsigned narinfo comes first")
("substitute, two invalid narinfos"): New tests.
* doc/guix.texi (Substitutes): Explain the new behavior.
* guix/scripts/substitute.scm (%cache-urls): Rename to...
(%default-substitute-urls): ... this.
(substitute-urls): New variable.
(guix-substitute): Use it instead of %CACHE-URLS.
* tests/substitute.scm: Likewise.
* gnu/packages/python.scm (python-apsw)[phases]: Replace build phase; add flag
to build all extensions. Add build-test-helper to allow testing of
extensions.
This is a followup to commit d02aabaf1b.
* gnu/packages/patches/foomatic-filters-CVE-2015-8327.patch: New file.
* gnu/packages/patches/foomatic-filters-CVE-2015-8560.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add them.