Before, 'guix lint -c cve' would report the vulnerabilities of the
original package while pretending they are the vulnerabilities of the
replacement.
* guix/scripts/lint.scm (check-vulnerabilities): Consider the package
replacement before calling 'package-vulnerabilities'.
* tests/lint.scm ("cve: vulnerability fixed in replacement version"):
New test.
* guix/build/graft.scm (replace-store-references): REPLACEMENT is now
the full string, not just the hash.
(rewrite-directory)[hash-mapping](valid-suffix?): Remove.
(hash+suffix): Rename to...
(hash+rest): ... this. Change to return the whole string as the second
element of the list. Adjust 'match-lambda' expression accordingly;
check whether the string length of the origin and replacement match.
* tests/grafts.scm ("graft-derivation, grafted item uses a different
name"): New test.
* doc/guix.texi (Security Updates): Update sentence on the name/version
restriction.
This is a followup to 8a54c0ec69.
* tests/guix-build.sh: Allow 'guix build -S' to succeed with source-less
packages. Check that the result is the empty string.
* gnu/services/admin.scm (%rotated-files): Add "/var/log/maillog".
(syslog-rotation-config): Change parameter to 'files'. Return a
string-append gexp for all of FILES.
(simple-rotation-config): Remove unnecessary 'postrotate' and
'endscript'.
(%default-rotations): Adjust accordingly.