* guix/scripts/lint.scm (check-vulnerabilities): Also check for CVEs
listed as mitigated in the package properties.
* tests/lint.scm ("cve: known safe from vulnerability"): New test.
'package-grafts' returns a list of potentially applicable grafts, which
'cumulative-grafts' then narrows by looking at store item references and
determining the subset of the grafts that's actually applicable.
Until now, 'package-grafts' would traverse native inputs and would thus
return a large superset of the applicable grafts, since native inputs
are not in the reference graph by definition. This patch fixes that by
having 'package-grafts' ignore entirely native inputs from the
dependency graph.
* guix/packages.scm (fold-bag-dependencies)[bag-direct-inputs*]: Add
special case for libc.
* guix/packages.scm (bag-grafts)[native-grafts, target-grafts]: Remove.
[grafts]: New procedure.
Use it.
* tests/packages.scm ("package-grafts, grafts of native inputs
ignored"): New test.
Previously recursive calls to 'loop' would always consider all the bag
inputs rather than those corresponding to NATIVE?.
* guix/packages.scm (fold-bag-dependencies)[bag-direct-inputs*]: New
procedure. Use it both in the 'match' expression and in its body.
This is a followup to 2815fca142.
* guix/profiles.scm (profile-derivation)[builder]: Remove
'debug-disable' call, which was ineffective.
Pass #:env-vars to 'gexp->derivation'.
This fixes a regression introduced in
2f60084f77, whereby the profile derivation
would fail to run on Guile 2.0 (as is the case with "guix package
--bootstrap").
Reported by Christopher Baines.
* guix/profiles.scm (profile-derivation)[builder]: Use _IO* but add
'debug-disable' call.
Previously the "manual-database" derivation would always import the
host's srfi-{19,26}.scm files in the build side. In practice this means
that different users could get different manual-database.drv depending
on the Guile version they're using in the host.
For example, the (gnu tests install) tests would fail if the host was
running Guile 2.2.3 because the guest is running 2.2.2, and thus has
different srfi-{19,26}.scm files. The manual-database.drv would need to
be built from source, which would fail because prerequisites were
missing.
Reported by Mathieu Othacehe <m.othacehe@gmail.com>
at <https://debbugs.gnu.org/cgi/bugreport.cgi?bug=29409#96>.
* guix/profiles.scm (manual-database): Do not pass #:modules to
'gexp->derivation'. Wrap 'build' gexp in 'with-imported-modules' form.
* guix/scripts/offload.scm (build-machines): Comment out
'(set! %fresh-auto-compile #t)' since with Guile 2.2.3 it could lead to
an actual rebuild of everything that gets loaded from there on. See
<https://bugs.gnu.org/29226>.
* guix/ui.scm (load*): Likewise.
Until now it would print the name of each store item being copied, which
was verbose and unhelpful.
* guix/scripts/system.scm (copy-closure): Use 'progress-reporter/bar'
and 'call-with-progress-reporter'.
(guix-system): Parameterize 'current-terminal-columns'.
* guix/scripts/system.scm (copy-item): Add 'references' argument and
remove 'references*' call. Turn into a non-monadic procedure.
(copy-closure): Remove initial call to 'references*'. Only pass ITEM to
'topologically-sorted*' since that's equivalent. Compute the list of
references corresponding to TO-COPY and pass it to 'copy-item'.
Previously things returned by 'program-file', such as %MODPROBE-WRAPPER
in (gnu services), would refer to 'guile-final'. This would introduce
'guile-final' in the system closure, which is otherwise absent. By
referring to 'guile-2.2' we remove that extra Guile.
* guix/gexp.scm (default-guile): Refer to GUILE-2.2 instead of
GUILE-FINAL.
This avoids repeated deprecation messages, particularly while running
'guix system build' or similar.
* guix/gexp.scm (gexp->derivation): Add #:deprecation-warnings. Pass it
to 'compiled-modules'.
(compiled-modules): Add #:deprecation-warnings and honor it.
* doc/guix.texi (G-Expressions): Update 'gexp->derivation'
documentation.
* guix/packages.scm (patch-and-repack): Pass #:deprecation-warnings #t.
Reported at <https://bugs.gnu.org/27943>
by Danny Milosavljevic <dannym@scratchpost.org>.
* guix/scripts/lint.scm (%distro-directory): New variable.
(check-patch-file-names): Add check for the file name length.
* tests/lint.scm ("patches: file name too long"): New test.
Fixes <https://bugs.gnu.org/25020>.
Reported by Hartmut Goebel <h.goebel@crazy-compilers.com>.
* guix/gnu-maintenance.scm (latest-ftp-release)[contains-digit?]: Remove.
Relax test as to whether to recurse into subdirectories.
Fixes <https://bugs.gnu.org/29358>.
Reported by Marius Bakke <mbakke@fastmail.com>.
* guix/ui.scm (known-variable-definition): Add 'visited' set to guard
against cycles on 2.0.
This reverts commit 5f93d97005.
'guix pull' would fail because (guix self) needs 'scheme-files'
from (guix discovery), which was not exported until now.
This mitigates <https://bugs.gnu.org/27284>.
* guix/self.scm: New file.
* Makefile.am (MODULES): Add it.
* build-aux/build-self.scm (libgcrypt, zlib, gzip, bzip2, xz)
(false-if-wrong-guile, package-for-current-guile, guile-json)
(guile-ssh, guile-git, guile-bytestructures): Remove.
(build): Rewrite to simply delegate to 'compiled-guix'.
* gnu/packages.scm (%distro-root-directory): Rewrite to try different
directories.
* guix/discovery.scm (guix): Export 'scheme-files'.
* guix/scripts/pull.scm (build-and-install): Split into...
(install-latest): ... this. New procedure. And...
(build-and-install): ... this, which now takes a monadic value argument.
(indirect-root-added): Remove.
(guix-pull): Call 'add-indirect-root'. Call 'build-from-source' and
pass the result to 'build-and-install'.
This makes 'latest-repository-commit' significantly more efficient and
reduces disk usage in the store.
* guix/git.scm (copy-to-store)[dot-git?]: New procedure.
Pass it as the #:select? argument to 'add-to-store'.
Fixes <https://bugs.gnu.org/29335>.
* guix/zlib.scm (close-procedure): Remove.
(make-gzip-input-port): Do (dup (fileno port)) to get a file descriptor
for 'gzdopen'. Close PORT before returning. Use 'gzclose' as the
'close' procedure of the returned port.
(make-gzip-output-port): Likewise.
* guix/workers.scm (worker-thunk): Add (const #f) as the 'catch'
handler, and move previous handler as pre-unwind handler. Protect
against 'make-stack' returning #f.
Fixes <https://bugs.gnu.org/28779>.
Reported by Eric Bavier <bavier@cray.com>.
* guix/workers.scm (<pool>)[busy]: New field.
(worker-thunk): Add #:idle and #:busy and use them.
(make-pool): Pass #:busy and #:idle to 'worker-thunk'. Pass a 'busy'
value to '%make-pool'.
* guix/workers.scm (pool-idle?): Check whether 'pool-busy' returns zero
and adjust docstring.
That way CVE fetching benefits from 'If-Modified-Since' handling.
* guix/http-client.scm (http-fetch/cached): Add #:write-cache and
#:cache-miss parameters and honor them.
* guix/cve.scm (%current-year-ttl, %past-year-ttl): Reduce.
(call-with-cve-port): Remove.
(write-cache): New procedure.
(fetch-vulnerabilities): Rewrite in terms of 'http-fetch/cached'.