Commit Graph

3135 Commits

Author SHA1 Message Date
Ludovic Courtès cdea30e061 substitute-binary: Defer narinfo authentication and authorization checks.
* guix/scripts/substitute-binary.scm (narinfo-signature->canonical-sexp):
  Catch 'gcry-error' around 'string->canonical-sexp' call, and re-raise
  as a SRFI-35 &message and &nar-signature-error.
  (narinfo-maker): Handle when SIGNATURE is #f or an invalid canonical
  sexp.
  (&nar-signature-error, &nar-invalid-hash-error): New variables.
  (assert-valid-signature): Use them.  Expect 'signature' to be a
  canonical sexp.
  (read-narinfo): Remove authentication and authorization checks.
  (%signature-line-rx): New variable.
  (assert-valid-narinfo, valid-narinfo?): New procedures.
  (guix-substitute-binary): Wrap body in 'with-error-handling'.
  [valid?]: New procedure.
  <--query>: Show only store items of narinfos that match
  'valid-narinfo?'.
  <--substitute>: Call 'assert-valid-narinfo'.
* tests/substitute-binary.scm (test-error*): Use 'test-equal'.
  (%keypair): Remove.
  (%public-key, %private-key): Load from signing-key.{pub,sec}.
  (signature-body): Add #:public-key parameter.
  (call-with-narinfo): New procedure.
  (with-narinfo): New macro.
  ("corrupt signature data", "unauthorized public key", "invalid
  signature"): Make the first argument to 'assert-valid-signature' a
  canonical sexp.
  ("invalid hash", "valid read-narinfo", "valid write-narinfo"):
  Remove.
  ("query narinfo with invalid hash", "query narinfo signed with
  authorized key", "query narinfo signed with unauthorized key",
  "substitute, invalid hash", "substitute, unauthorized key"): New
  tests.
2014-03-30 22:32:11 +02:00
Ludovic Courtès 00230df107 substitute-binary: Store the cache's URI in the local cached narinfo.
* guix/scripts/substitute-binary.scm (<narinfo>)[uri-base]: New field.
  (narinfo-maker): Pass CACHE-URL as the 'uri-base' value.
  (string->narinfo): Add 'cache-uri' parameter.
  (lookup-narinfo)[cache-entry]: Switch to version 1.  Add 'cache-uri'
  field.  Adjust body accordingly.
  (remove-expired-cached-narinfos): Switch to version 1 by default.
2014-03-30 12:02:10 +02:00
Nikita Karetnikov e9c6c58418 substitute-binary: Support the Signature field of a narinfo file.
* guix/scripts/substitute-binary.scm (<narinfo>): Add the 'signature'
  and 'contents' fields.
  (narinfo-signature->canonical-sexp): New function.
  (narinfo-maker): Add the 'signature' argument and use it.
  (assert-valid-signature): New function.
  (read-narinfo): Support the Signature field.
  (write-narinfo): Use 'narinfo-contents'.
  (%allow-unauthenticated-substitutes?): New variable.
* guix/base64.scm, tests/base64.scm, tests/substitute-binary.scm: New files.
* Makefile.am (SCM_TESTS): Add tests/base64.scm and
  tests/substitute-binary.scm.
  (MODULES): Add guix/base64.scm.
* test-env.in: Set 'GUIX_ALLOW_UNAUTHENTICATED_SUBSTITUTES'.
2014-03-30 12:02:10 +02:00
Nikita Karetnikov 24194b6b54 nar: Clarify that 'assert-valid-signature' accepts a string.
* guix/nar.scm (assert-valid-signature): Improve the wording.
2014-03-30 12:02:10 +02:00
Ludovic Courtès 3f5497ee10 gnu: ed: Upgrade to 1.10.
* gnu/packages/ed.scm (ed): Upgrade to 1.10.  Use '.tar.lz' file, and
  add 'native-inputs' field.
2014-03-29 23:15:27 +01:00
Ludovic Courtès 18fae7b939 gnu: ocrad: Upgrade to 0.23.
* gnu/packages/ocrad.scm (ocrad): Upgrade to 0.23.
2014-03-29 23:14:37 +01:00
Ludovic Courtès e4629ef43b tests: Make sure 'guix archive --import' succeeds.
* tests/guix-archive.sh: Check the exit value of 'guix archive
  --import'.
2014-03-29 22:59:46 +01:00
Ludovic Courtès c9e2b0b16e daemon: Add tests for substitutes and --no-substitutes.
* tests/guix-daemon.sh: Add substituter tests.
2014-03-27 23:56:47 +01:00
Ludovic Courtès 968e84a6cf daemon: Clear $NIX_SUBSTITUTERS when passed '--no-substitutes'.
* nix/nix-daemon/guix-daemon.cc (main): When --no-substitutes is used,
  clear NIX_SUBSTITUTERS.  Before that, and after
  89faa5c75c, '--no-substitutes' would
  lead to attempts to use 'download-using-manifests.pl', which in
  practice would gracelessly fail.
2014-03-27 23:56:47 +01:00
Ludovic Courtès ad0ab74eef daemon: Change some options via 'settings.set'.
* nix/nix-daemon/guix-daemon.cc (parse_opt): Use 'settings.set' instead
  of direct field access for 'buildCores', 'maxBuildJobs', and
  'useSubstitutes'.
  (main): Call 'settings.update' after 'argp_parse'.
2014-03-27 23:56:47 +01:00
Mark H Weaver 15f682f4a3 gnu: tcl: Install man pages in share/man.
* gnu/packages/tcl.scm (tcl): Add --mandir configure flag.
2014-03-26 21:33:36 -04:00
Sree Harsha Totakura b3acf3656e Add (guix svn-download).
* guix/svn-download.scm, guix/build/svn.scm: New files.
* Makefile.am (MODULES): Add them.

Signed-off-by: Ludovic Courtès <ludo@gnu.org>
2014-03-27 00:21:44 +01:00
Andreas Enge 8bae41a4ce gnu: gnu-pw-mgr: Fix download location.
* gnu/packages/gnu-pw-mgr.scm (gnu-pw-mgr): Fix download location.
2014-03-26 21:35:54 +01:00
Eric Bavier 5da64c7d5d gnu: Add mc
* gnu/packages/mc.scm: New file
* gnu/packages/patches/mc-fix-ncurses-build.patch: New patch
* gnu-system.am (GNU_SYSTEM_MODULES): Add mc.scm.
(dist_patch_DATA): Add patch
2014-03-26 10:50:01 -05:00
Eric Bavier e9c14f37a8 gnu: libssh2: Fix use with libssh2.pc
* gnu/packages/ssh.scm (libssh2): Pass --with-libgcrypt configure flag and
  propagate inputs.
2014-03-26 10:50:00 -05:00
Ludovic Courtès 4979ee04f0 Merge branch 'core-updates' 2014-03-26 16:31:57 +01:00
Ludovic Courtès 07fb21b231 offload: Remove erroneous 'close-pipe' call.
* guix/scripts/offload.scm (send-files): Remove 'close-pipe' call from
  'guard' handler ('pipe' here referred to Guile's 'pipe' procedure.)
2014-03-26 16:27:46 +01:00
Ludovic Courtès 6c41cce0be offload: Wait for the processes involved in 'guix archive --missing'.
* guix/scripts/offload.scm (send-files): Keep the second return value of
  'filtered-port'.  Call 'waitpid' on it.
2014-03-26 16:27:46 +01:00
Andreas Enge c67ccedd9e gnu: gp2c: Upgrade to 0.0.8pl1.
* gnu/packages/algebra.scm (gp2c): Upgrade to 0.0.8pl1, add native input perl.
2014-03-26 15:50:25 +01:00
Ludovic Courtès 236e66481d offload: Allow one transfer in each direction simultaneously.
* guix/scripts/offload.scm (transfer-and-offload): Use 'upload' lock
  instead of 'bandwidth' around 'send-files' calls, and 'download' lock
  around 'retrieve-files' call.
2014-03-26 15:06:52 +01:00
Ludovic Courtès 3dfd8af534 offload: Disable SSH-level compression.
* guix/scripts/offload.scm (remote-pipe): Remove '-z' lsh command line
  argument.  This makes transfers almost an order of magnitude slower.
  OpenSSH's ssh(1) man page notes: "Compression is desirable on modem lines
  and other slow connections, but will only slow down things on fast
  networks."  See also
  <http://www.spikelab.org/blog/transfer-largedata-scp-tarssh-tarnc-compared.html>.
2014-03-26 15:06:52 +01:00
Andreas Enge ee172b1a06 gnu: pari-gp: Upgrade to 2.7.0.
* gnu/packages/algebra.scm (pari-gp): Upgrade to 2.7.0.
2014-03-26 13:48:49 +01:00
Eric Bavier 7216a04158 gnu: gnu-pw-mgr: Upgrade to 1.2
* gnu/packages/gnu-pw-mgr.scm: Upgrade to 1.2
2014-03-25 17:09:48 -05:00
Ludovic Courtès eafee15b3c check-available-binaries: Make sure substitutes are enabled.
* build-aux/check-available-binaries.scm: Add call to
  'set-build-options'.
2014-03-25 20:45:13 +01:00
Ludovic Courtès 1971737f2b hydra: Hard-code target systems.
* build-aux/hydra/gnu-system.scm (hydra-jobs)[systems]: Define locally,
  independently of ARGUMENTS.  This matches the new Hydra convention,
  where using a 'system' input is deprecated.
2014-03-25 18:57:07 +01:00
Ludovic Courtès afde8da3f2 gnu: guile-ssh: Upgrade to 0.6.0.
* gnu/packages/ssh.scm (guile-ssh): Upgrade to 0.6.0.
  [arguments]: Remove #:tests? #f; add #:parallel-build? #f.
2014-03-25 18:54:53 +01:00
Ludovic Courtès b8c291fc88 gnu: recutils: Upgrade to 1.7.
* gnu/packages/recutils.scm (recutils): Upgrade to 1.7.
  Add 'arguments' field.
2014-03-25 18:54:53 +01:00
Ludovic Courtès 212ece42b0 download: Don't use 'http-get*' on Guile 2.0.10+.
* guix/build/download.scm (http-fetch)[post-2.0.7?]: Use
  'string->number' and numeric comparison.  This fixes version
  comparison with "2.0.10" and subsequent 2.0 releases.
2014-03-25 18:54:52 +01:00
Eric Bavier 505b1aa88f gnu: Add cursynth
* gnu/packages/cursynth.scm: New file
* gnu-system.am (GNU_SYSTEM_MODULES): Add it
2014-03-25 11:41:01 -05:00
Cyril Roelandt 9214f9bc0a gnu: remove python-fix-dbm.patch
* gnu/packages/patches/python-fix-dbm.patch: remove file. It is not needed
  anymore, and is probably a left-over of a failed merge.
* gnu-system.am: remove gnu/packages/patches/python-fix-dbm.patch
2014-03-25 14:41:32 +01:00
Cyril Roelandt 9a9a3adf66 gnu: Enable tests in Python 3.
* gnu/packages/python.scm: enable tests for Python 3
* gnu/packages/python-fix-tests.patch: New file.
* gnu/packages/gnu-system.am (dist_patch_DATA): add it.
2014-03-25 14:41:32 +01:00
Cyril Roelandt 70318b4672 gnu: Python: use /nix/.../sh instead of /bin/sh in the subprocess module
* gnu/packages/python.scm (python-2): patch Lib/subprocess.py to use
  /nix/.../sh.
2014-03-25 14:41:32 +01:00
Cyril Roelandt b10ab7230f gnu: Enable the 'ctypes' module in Python.
* gnu/packages/python.scm (python-2): add libffi to the inputs and use it to
  build the ctypes module.
2014-03-25 14:41:32 +01:00
Ludovic Courtès d452b595f9 hydra: Fix typo in core package list.
* build-aux/hydra/gnu-system.scm: Use (gnu packages gcc).
  (%core-packages): Remove nonexistent 'gcc'; add GCC-4.8 and GCC-4.7.
2014-03-25 13:57:51 +01:00
Ludovic Courtès e795890212 hydra: Remove cross-builds from i686-linux to mips64el-linux-gnuabi64.
* build-aux/hydra/gnu-system.scm (hydra-jobs)[cross-jobs]: Define
  'from-32-to-64?'.  Filter out %CROSS-TARGETS that match.
2014-03-25 13:55:56 +01:00
Ludovic Courtès 707c8b2ca7 hydra: Build GCC and glibc, not their '-final' variant.
* build-aux/hydra/gnu-system.scm (%core-packages): Replace GCC-FINAL and
  GLIBC-FINAL with GCC and GLIBC.
2014-03-25 13:40:27 +01:00
Manolis Ragkousis c6e9628078 gnu: autotools: Add Autoconf 2.68; turn 'autoconf-wrapper' into a procedure.
* gnu/packages/autotools.scm (autoconf-2.68): New variable.
  (autoconf-wrapper): Turn into a procedure.  Turn comment into a
  docstring.
  (automake): Adjust accordingly.

Co-authored-by: Ludovic Courtès <ludo@gnu.org>
2014-03-24 23:57:38 +01:00
Ludovic Courtès 8b7af63754 offload: Compress files being sent/retrieved.
* guix/scripts/offload.scm (send-files): Add "xz -dc |" to the remote
  pipe command.  Pass PIPE through 'call-with-compressed-output-port'.
  Remove 'close-pipe' call.
  (retrieve-files): Add "| xz -c" to the remote pipe command.  Pass PIPE
  through 'call-with-decompressed-port'.  Remove 'close-pipe' call.
2014-03-24 22:20:54 +01:00
Ludovic Courtès 01ac19dca4 utils: Add 'call-with-decompressed-port' and 'call-with-compressed-output-port'.
* guix/utils.scm (call-with-decompressed-port,
  call-with-compressed-output-port): New procedures.
* tests/utils.scm ("compressed-output-port + decompressed-port"):
  Rewrite to use them.
2014-03-24 22:15:29 +01:00
Ludovic Courtès 80dea563a3 utils: Add 'filtered-output-port' and 'compressed-output-port'.
* guix/utils.scm (filtered-output-port, compressed-output-port): New
  procedures.
* tests/utils.scm ("compressed-output-port + decompressed-port"): New
  test.
2014-03-24 21:09:15 +01:00
Ludovic Courtès 2ed6aa9e39 gnu: glibc: Patch mtrace.pl to avoid retaining a reference to Perl.
* gnu/packages/base.scm (glibc)[argument] <pre-configure phase>: Patch
  malloc/mtrace.pl.
2014-03-24 01:10:17 +01:00
Mark H Weaver 6ef91c8fc0 gnu: tor: Upgrade to 0.2.4.21.
* gnu/packages/tor.scm (tor): Upgrade to 0.2.4.21.
2014-03-23 04:36:03 -04:00
Ludovic Courtès 1950bf56d0 tests: Make sure substitutes are usable when we need them.
* tests/derivations.scm ("derivation-prerequisites-to-build and
  substitutes"): Add call to 'set-build-options'.
2014-03-22 22:57:10 +01:00
Ludovic Courtès 9b0a2233db authenticate: Support reading the hash or key from stdin.
* guix/scripts/authenticate.scm (guix-authenticate): Add clauses
  for ("rsautl" "-sign" "-inkey" key) and ("rsautl" "-verify" "-inkey" _
  "-pubin").
* tests/guix-authenticate.sh (hash): Add test using -sign and -verify in
  a pipeline.
2014-03-22 22:57:10 +01:00
Ludovic Courtès 9dbe6e43ea authenticate: Move actual work to separate procedures.
* guix/scripts/authenticate.scm (read-canonical-sexp): Change to expect
  a port instead of a file name.
  (read-hash-data): Likewise.
  (sign-with-key, validate-signature): New procedures.
  (guix-authenticate): Rewrite in terms of these two procedures.
2014-03-22 22:57:10 +01:00
Ludovic Courtès ed1aff038a Update 'nix-upstream' sub-module.
* nix-upstream: Update.
2014-03-22 22:57:10 +01:00
Ludovic Courtès 7a8024a33a utils: Add 'decompressed-port' and 'compressed-port'.
* guix/utils.scm (decompressed-port, compressed-port): New procedures.
* guix/scripts/substitute-binary.scm (decompressed-port): Remove.
  (guix-substitute-binary): Pass a symbol or #f as the first argument to
  'decompress-port'.
* tests/utils.scm ("compressed-port, decompressed-port, non-file"): New
  test.
2014-03-22 22:57:09 +01:00
Ludovic Courtès 443eb4e950 utils: 'filtered-port' doesn't leave dangling processes behind.
* guix/utils.scm (filtered-port): Make sure the 'execl' child process
  always exits, and does (primitive-_exit 1) upon execution failure.
  Use 'primitive-_exit' in the 'dump-port' child process.
* tests/utils.scm ("filtered-port, does not exist"): New test.
2014-03-22 22:57:09 +01:00
Yakkala Yagnesh Raghava ca534666aa licenses: Fix Nixpkgs license URL.
* guix/licenses.scm: Fix Nixpkgs URL in comment.

Signed-off-by: Ludovic Courtès <ludo@gnu.org>
2014-03-22 22:57:09 +01:00
Eric Bavier 7569c5cb35 gnu: Provide single-precision fftw library for pulseaudio
* gnu/packages/algebra.scm (fftwf): New variable
* gnu/packages/pulseaudio.scm (pulseaudio): Use it
2014-03-22 13:03:15 -05:00