* guix/graph.scm (traverse/depth-first): New procedure, based on code
formerly in 'node-transitive-edges'.
(node-transitive-edges): Rewrite in terms of it.
This avoids ~20s of XML parsing when running 'guix lint -c cve'.
* guix/cve.scm (vulnerability->sexp, sexp->vulnerability)
(fetch-vulnerabilities): New procedures.
(current-vulnerabilities): Use 'fetch-vulnerabilities'.
Fixes <http://bugs.gnu.org/23132>.
Reported by Mark H Weaver <mhw@netris.org>.
* guix/build/graft.scm (rename-matching-files): New procedure.
(rewrite-directory): Use it.
* tests/grafts.scm ("graft-derivation, renaming"): New test.
Before, something like:
echo have /gnu/foo | ./test-env guix substitute --query
would lead to an ugly backtrace.
* guix/scripts/substitute.scm (narinfo-cache-file): Call 'leave' when
'store-hash-part' returns #f.
* guix/derivations.scm (derivation-input<?): New procedure.
(write-derivation)[coalesce-duplicate-inputs]: Remove.
Remove calls to 'sort'.
(coalesce-duplicate-inputs): New procedure.
(derivation-hash): Sort INPUTS and use 'coalesce-duplicate-inputs'.
(derivation)[input->derivation-input]
[coalesce-duplicate-inputs]: New procedures.
Sort OUTPUTS, INPUTS, and ENV-VARS.
* tests/derivations.scm ("read-derivation vs. derivation"): New test.
Previously, something like 'guix import gnu which' would spit out a
backtrace if, say, the 'which' tarball could not be authenticated.
* guix/upstream.scm (download-tarball): Mention failure modes in
docstring.
* guix/import/gnu.scm (gnu-package->sexp): Return #f when
'download-tarball' returns #f.
* guix/scripts/import.scm (guix-import): Call 'leave' when IMPORTER does
not return a (package ...) sexp.
* guix/download.scm (%content-addressed-mirrors)
(%content-addressed-mirror-file): New variables.
* guix/download.scm (url-fetch)[builder]: Define
'value-from-environment. Pass #:hashes and
#:content-addressed-mirrors to 'url-fetch'.
Define "guix download hashes" environment variable.
* guix/build/download.scm (url-fetch): Add #:content-addressed-mirrors
and #:hashes.
[content-addressed-urls]: New variable.
Use it.
This procedure was redundant with SRFI-1's 'break'.
* guix/utils.scm (split): Remove.
* tests/utils.scm ("split, element is in list")
("split, element is not in list"): Remove.
This makes (gnu services herd) independent of (guix ui).
* gnu/services/herd.scm (&shepherd-error, &service-not-found-error)
(&action-not-found-error, &action-exception-error)
(&unknown-shepherd-error): New error condition types.
(report-action-error): Remove.
(raise-shepherd-error): New procedure.
(display-message): Do not use 'info' and '_'.
(invoke-action): Use 'raise-shepherd-error' instead of
'report-action-error'. Do not use 'warning'.
(current-services): Do not use 'warning'.
* guix/scripts/system.scm (with-shepherd-error-handling): New macro.
(report-shepherd-error, call-with-service-upgrade-info): New
procedures.
(upgrade-shepherd-services): Use it.
* guix/build/syscalls.scm (bits->symbols-body, define-bits)
(local-flags): New macros.
(TCSANOW, TCSADRAIN, TCSAFLUSH): New variables.
(<termios>): New record type.
(%termios): New C structure.
(tcgetattr, tcsetattr): New procedures.
* tests/syscalls.scm ("tcgetattr ENOTTY", "tcgetattr")
("tcsetattr"): New tests.
* guix/build/syscalls.scm (bits->symbols-body, define-bits)
(local-flags): New macros.
(TCSANOW, TCSADRAIN, TCSAFLUSH): New variables.
(<termios>): New record type.
(%termios): New C structure.
(tcgetattr, tcsetattr): New procedures.
* tests/syscalls.scm ("tcgetattr ENOTTY", "tcgetattr")
("tcsetattr"): New tests.
This reduces the size of the image produced by 'guix system vm' from
26 MiB to 9 MiB.
* gnu/system/vm.scm (system-qemu-image/shared-store):
(system-qemu-image/shared-store-script): Change the default
value of #:disk-image-size to 30 MiB when not FULL-BOOT?.
* guix/scripts/system.scm (system-derivation-for-action): Likewise for
the 'vm' action.
* guix/scripts/lint.scm (check-vulnerabilities): Check the replacement
of PACKAGE.
* tests/lint.scm ("cve: patched vulnerability in replacement"): New test.
Suggested by John Darrington <john@darrington.wattle.id.au>.
* guix/scripts/challenge.scm (guix-challenge): Exit with 2 when MISSING
is not empty.
* doc/guix.texi (Invoking guix challenge): Document it.
Suggested by John Darrington.
* guix/scripts/lint.scm (check-description-style): Emit a warning when
DESCRIPTION is not a string.
(check-synopsis-style): Likewise.
(check-gnu-synopsis+description): Likewise.
* tests/lint.scm ("description: not a string", "synopsis: not a
string"): New tests.
Modules may be removed from Perl's core, so we must check for a removal
version.
* guix/import/cpan.scm (cpan-module->sexp)[core-module?]: Also check
version upper bound.
* guix/build/syscalls.scm (define-c-struct)[read]: OFFSET defaults to 0.
(unfold-interface-list): Remove second argument to 'read-ifaddrs'.
(terminal-window-size): Remove second argument to 'read-winsize'.
This follows a convention used by some other GNU packages like Autoconf,
Bison, Coreutils, and Gnulib.
* doc.am: Rename to ...
* doc/local.mk: ... this.
* emacs.am: Rename to ...
* emacs/local.mk: ... this.
* gnu-system.am: Rename to ...
* gnu/local.mk: ... this.
* daemon.am: Rename to ...
* nix/local.mk: ... this.
* Makefile.am: Adapt to them.
* doc/guix.texi (Porting to a New Platform): Adapt documentation.
* guix/config.scm.in (%state-directory, %config-directory): Adapt comments.
* emacs/guix-config.el.in (guix-config-state-directory): Likewise.
Suggested by Danny Milosavljevic <dannym@scratchpost.org>.
* guix/build/download.scm (nar-uri-abbreviation): New procedure.
* guix/scripts/substitute.scm (process-substitution): Use it instead of
'store-path-abbreviation'.
* guix/build/syscalls.scm (syscall->procedure): New procedure.
(mount, umount, swapon, swapoff, clone, pivot-root): Use it.
(clone): Add case for nonexistent syscall id.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* guix/build/syscalls.scm (terminal-columns): Call
'terminal-window-size' only when PORT is a file port.
* tests/syscalls.scm ("terminal-columns non-file port"): New test.
* guix/store.scm (set-build-options): Add #:terminal-columns parameter
and honor it.
* guix/scripts/substitute.scm (client-terminal-columns): New procedure.
(guix-substitute): Use it to parameterize 'current-terminal-columns'.
* guix/build/syscalls.scm (TIOCGWINSZ): New macro.
(<window-size>): New record type.
(winsize): New C struct.
(winsize-struct): New variable.
(terminal-window-size, terminal-columns): New procedures.
Fixes <http://bugs.gnu.org/23275>.
Reported by Albin Söderqvist <albin@fripost.org>.
* guix/build/download.scm (http-fetch): Follow redirections upon 307.
This is what 'binaries.openttd.org' does.
Reported by John Darrington.
* guix/scripts/challenge.scm (guix-challenge): Add an explicit 'exit'
call when ISSUES is empty.
* scripts/guix.in: Add comment about 'exit'.
* doc/guix.texi (Invoking guix challenge): Mention the behavior and exit
code.
Suggested by Leo Famulari and others.
* guix/scripts/system.scm (maybe-suggest-running-guix-pull): New
procedure.
(perform-action): Call it when ACTION is 'reconfigure.
This allows GuixSD to default to the right list of URLs, with
mirror.hydra.gnu.org coming first.
Reported by Chris Marusich <cmmarusich@gmail.com>.
* guix/store.scm (%default-substitute-urls): Prepend
"mirror.hydra.gnu.org."
Switching to execlp means that the process spawned in a container is PID
1, which obsoleted one of the 'guix environment --container' tests
because the init process can't be killed in the usual manner.
* guix/scripts/environment.scm (launch-environment/fork): New procedure.
(launch-environment): Switch from system* to execlp. Add handler for
SIGINT.
(guix-environment): Use launch-environment/fork.
* tests/guix-environment-container.sh: Replace abnormal exit test with
one that works now that the spawned process is PID 1.
* guix/scripts/environment.scm (launch-environment/container): Change
$HOME to the current user's home directory instead of
/homeless-shelter. Create a dummy /etc/passwd with a single entry for
the current user.
* doc/guix.texi ("invoking guix environment"): Add a note about the
dummy home directory and /etc/passwd.
* guix/scripts/build.scm: Use the right 'package-name->name+version'
procedure. Fixes a regression introduced in
1b846da8c3.
* tests/scripts-build.scm ("options->transformation, with-source, with
version"): New test.
Suggested by Jookia.
* guix/derivations.scm (&file-search-error): New error condition.
(search-path*): Raise it when 'search-path' returns #f.
* guix/gexp.scm (search-path*): Remove.
* guix/ui.scm (call-with-error-handling): Add case for
'file-search-error?'.
* tests/derivations.scm ("build-expression->derivation and invalid
module name"): New test.
Fixes <http://bugs.gnu.org/23062>.
Reported by Danny Milosavljevic <dannym@scratchpost.org>.
* guix/import/pypi.scm (make-pypi-sexp): Check whether 'pypi-uri'
returns SOURCE-URL and fall back to the full URL otherwise.
* tests/pypi.scm ("pypi->guix-package"): Adjust expected URI
accordingly.
Co-authored-by: Danny Milosavljevic <dannym@scratchpost.org>
Partially fixes <http://bugs.gnu.org/20145>.
* guix/build/download.scm (add-weak-reference): Remove.
(%tls-ports): New variable.
(register-tls-record-port): New procedure.
(tls-wrap): Use it instead of 'add-weak-reference'.
(close-connection): New procedure.
Before that, 'guix build --substitute-urls=""' would lead to using the
daemon's own URL list instead of the empty list. The 'or*' hack, which
is to blame, had become unnecessary since commit
fb4bf72be3.
Reported by Mark H Weaver <mhw@netris.org>.
* guix/scripts/substitute.scm (or*): Remove.
(%cache-urls): Use 'or' instead of 'or*'.
* tests/store.scm ("substitute query, alternating URLs"): Add test with
empty URL list.
* doc/guix.texi (Common Build Options): Mention the empty string.
This allows substitute servers to tell 'guix substitute' how long they
can cache narinfo lookups.
* guix/scripts/substitute.scm (cache-narinfo!): Add 'ttl' parameter.
[cache-entry]: Honor it.
(fetch-narinfos)[handle-narinfo-response]: Check the 'Cache-Control'
header of RESPONSE and pass its 'max-age' value to 'cache-narinfo!'.
* guix/scripts/substitute.scm (cached-narinfo): Expect 'narinfo' sexp
version 2 with a 'ttl' field.
(cache-narinfo!)[cache-entry]: Produce 'narinfo' sexp version 2 with a
'ttl' field.
(remove-expired-cached-narinfos)[expired?]: Read 'narinfo' sexp version 2.
The connection used to fetch /nix-cache-info is now reused for the
subsequent narinfo requests.
* guix/scripts/substitute.scm (download-cache-info)[download]: Remove.
[uri, read-cache-info]: New variables.
Rewrite in terms of 'http-fetch' instead of 'fetch'. Return an open
port in addition to a <cache-info>.
* guix/scripts/substitute.scm (http-multiple-get): Add #:port parameter
and honor it.
(fetch-narinfos)[do-fetch]: Add 'port' parameter.
Adjust to new 'download-cache-info' and 'do-fetch' signatures.
This parameter became unused with the switch to HTTP pipelining in
commit d3a652037e.
* guix/scripts/substitute.scm (fetch): Remove #:quiet-404? and adjust
accordingly.
The "Modified" database that we were reading is much smaller, but it
only shows CVEs modified over the past week.
* guix/cve.scm (%now, %current-year, %past-year): New variables.
(yearly-feed-uri): New procedure.
(%cve-feed-uri, %ttl): Remove.
(%current-year-ttl, %past-year-ttl): New variables.
(call-with-cve-port): Add 'uri' and 'ttl' parameters and honor them.
Add 'setvbuf' call.
(current-vulnerabilities)[read-vulnerabilities]: New procedure.
Read from both %LAST-YEAR and %CURRENT-YEAR.
Fixes <http://bugs.gnu.org/22937>.
Reported by Chris Marusich <cmmarusich@gmail.com>.
* guix/scripts/substitute.scm (fetch): Add 'https' alongside 'http'.
Use 'open-connection-for-uri' instead of 'open-socket-for-uri'. Call
'setvbuf' only when PORT matches 'file-port?'.
(http-multiple-get): Likewise. Change 'base-url' parameter to
'base-uri'.
(fetch-narinfos)[do-fetch]: Add 'https' case alongside 'http'. Pass URI
instead of URL to 'http-multiple-get'.
* doc/guix.texi (Requirements): Move GnuTLS one level higher and mention
HTTPS substitutes.
(Substitutes): Mention HTTPS and recommend it. Explain why servers
are not authenticated. Add "On Trusting Binaries" subsection.
Reported in <http://bugs.gnu.org/22937>
by Chris Marusich <cmmarusich@gmail.com>.
* guix/scripts/substitute.scm (fetch): Add 'else' case and call 'leave'.
Previously, the resulting 'signature-urls' would contain N times the
same URL.
* guix/upstream.scm (coalesce-sources): Fix TWO in 'signature-urls'.
* tests/upstream.scm: New file.
* Makefile.am (SCM_TESTS): Add it.
This reduces the wall-clock time of
guix environment gnutls --pure -E true
by ~35%.
* guix/packages.scm (%graft-cache): New variable.
(input-graft): Use 'cached' to cache to %GRAFT-CACHE.
This reduces the wall-clock time of
guix environment gnutls --pure -E true
by ~25%.
* guix/packages.scm (%bag-cache): New variable.
(package->bag): Use 'cached' to cache things to %BAG-CACHE.
* guix/packages.scm (cache): Rename to...
(cache!): ... this. Add 'cache' parameter, and use it.
(cached): Add a rule to allow the cache to be specified.