Suggested by Leo Famulari and others.
* guix/scripts/system.scm (maybe-suggest-running-guix-pull): New
procedure.
(perform-action): Call it when ACTION is 'reconfigure.
This allows GuixSD to default to the right list of URLs, with
mirror.hydra.gnu.org coming first.
Reported by Chris Marusich <cmmarusich@gmail.com>.
* guix/store.scm (%default-substitute-urls): Prepend
"mirror.hydra.gnu.org."
Switching to execlp means that the process spawned in a container is PID
1, which obsoleted one of the 'guix environment --container' tests
because the init process can't be killed in the usual manner.
* guix/scripts/environment.scm (launch-environment/fork): New procedure.
(launch-environment): Switch from system* to execlp. Add handler for
SIGINT.
(guix-environment): Use launch-environment/fork.
* tests/guix-environment-container.sh: Replace abnormal exit test with
one that works now that the spawned process is PID 1.
* guix/scripts/environment.scm (launch-environment/container): Change
$HOME to the current user's home directory instead of
/homeless-shelter. Create a dummy /etc/passwd with a single entry for
the current user.
* doc/guix.texi ("invoking guix environment"): Add a note about the
dummy home directory and /etc/passwd.
* guix/scripts/build.scm: Use the right 'package-name->name+version'
procedure. Fixes a regression introduced in
1b846da8c3.
* tests/scripts-build.scm ("options->transformation, with-source, with
version"): New test.
Suggested by Jookia.
* guix/derivations.scm (&file-search-error): New error condition.
(search-path*): Raise it when 'search-path' returns #f.
* guix/gexp.scm (search-path*): Remove.
* guix/ui.scm (call-with-error-handling): Add case for
'file-search-error?'.
* tests/derivations.scm ("build-expression->derivation and invalid
module name"): New test.
Fixes <http://bugs.gnu.org/23062>.
Reported by Danny Milosavljevic <dannym@scratchpost.org>.
* guix/import/pypi.scm (make-pypi-sexp): Check whether 'pypi-uri'
returns SOURCE-URL and fall back to the full URL otherwise.
* tests/pypi.scm ("pypi->guix-package"): Adjust expected URI
accordingly.
Co-authored-by: Danny Milosavljevic <dannym@scratchpost.org>
Partially fixes <http://bugs.gnu.org/20145>.
* guix/build/download.scm (add-weak-reference): Remove.
(%tls-ports): New variable.
(register-tls-record-port): New procedure.
(tls-wrap): Use it instead of 'add-weak-reference'.
(close-connection): New procedure.
Before that, 'guix build --substitute-urls=""' would lead to using the
daemon's own URL list instead of the empty list. The 'or*' hack, which
is to blame, had become unnecessary since commit
fb4bf72be3.
Reported by Mark H Weaver <mhw@netris.org>.
* guix/scripts/substitute.scm (or*): Remove.
(%cache-urls): Use 'or' instead of 'or*'.
* tests/store.scm ("substitute query, alternating URLs"): Add test with
empty URL list.
* doc/guix.texi (Common Build Options): Mention the empty string.
This allows substitute servers to tell 'guix substitute' how long they
can cache narinfo lookups.
* guix/scripts/substitute.scm (cache-narinfo!): Add 'ttl' parameter.
[cache-entry]: Honor it.
(fetch-narinfos)[handle-narinfo-response]: Check the 'Cache-Control'
header of RESPONSE and pass its 'max-age' value to 'cache-narinfo!'.
* guix/scripts/substitute.scm (cached-narinfo): Expect 'narinfo' sexp
version 2 with a 'ttl' field.
(cache-narinfo!)[cache-entry]: Produce 'narinfo' sexp version 2 with a
'ttl' field.
(remove-expired-cached-narinfos)[expired?]: Read 'narinfo' sexp version 2.
The connection used to fetch /nix-cache-info is now reused for the
subsequent narinfo requests.
* guix/scripts/substitute.scm (download-cache-info)[download]: Remove.
[uri, read-cache-info]: New variables.
Rewrite in terms of 'http-fetch' instead of 'fetch'. Return an open
port in addition to a <cache-info>.
* guix/scripts/substitute.scm (http-multiple-get): Add #:port parameter
and honor it.
(fetch-narinfos)[do-fetch]: Add 'port' parameter.
Adjust to new 'download-cache-info' and 'do-fetch' signatures.
This parameter became unused with the switch to HTTP pipelining in
commit d3a652037e.
* guix/scripts/substitute.scm (fetch): Remove #:quiet-404? and adjust
accordingly.
The "Modified" database that we were reading is much smaller, but it
only shows CVEs modified over the past week.
* guix/cve.scm (%now, %current-year, %past-year): New variables.
(yearly-feed-uri): New procedure.
(%cve-feed-uri, %ttl): Remove.
(%current-year-ttl, %past-year-ttl): New variables.
(call-with-cve-port): Add 'uri' and 'ttl' parameters and honor them.
Add 'setvbuf' call.
(current-vulnerabilities)[read-vulnerabilities]: New procedure.
Read from both %LAST-YEAR and %CURRENT-YEAR.
Fixes <http://bugs.gnu.org/22937>.
Reported by Chris Marusich <cmmarusich@gmail.com>.
* guix/scripts/substitute.scm (fetch): Add 'https' alongside 'http'.
Use 'open-connection-for-uri' instead of 'open-socket-for-uri'. Call
'setvbuf' only when PORT matches 'file-port?'.
(http-multiple-get): Likewise. Change 'base-url' parameter to
'base-uri'.
(fetch-narinfos)[do-fetch]: Add 'https' case alongside 'http'. Pass URI
instead of URL to 'http-multiple-get'.
* doc/guix.texi (Requirements): Move GnuTLS one level higher and mention
HTTPS substitutes.
(Substitutes): Mention HTTPS and recommend it. Explain why servers
are not authenticated. Add "On Trusting Binaries" subsection.
Reported in <http://bugs.gnu.org/22937>
by Chris Marusich <cmmarusich@gmail.com>.
* guix/scripts/substitute.scm (fetch): Add 'else' case and call 'leave'.
Previously, the resulting 'signature-urls' would contain N times the
same URL.
* guix/upstream.scm (coalesce-sources): Fix TWO in 'signature-urls'.
* tests/upstream.scm: New file.
* Makefile.am (SCM_TESTS): Add it.