* guix/ui.scm (show-what-to-build): When VERBOSITY is 1, add a newline
before the "would/will be downloaded" line, and wrap that message in
'highlight'.
In practice we're always using the same key pair,
/etc/guix/signing-key.{pub,sec}. Keeping them in cache allows us to
avoid redundant I/O and parsing when signing multiple store items in a
row.
* guix/scripts/authenticate.scm (load-key-pair): New procedure.
(sign-with-key): Remove 'key-file' parameter and add 'public-key' and
'secret-key'. Adjust accordingly.
(validate-signature): Add 'acl' parameter and pass it to
'authorized-key?'.
(guix-authenticate)[call-with-reply]: New procedure.
[with-reply]: New macro.
Call 'current-acl' upfront and cache its result. Add 'key-pairs' as an
argument to 'loop' and use it as a cache of key pairs.
Previously, we'd spawn 'guix authenticate' once for each item that has
to be signed (when exporting) or authenticated (when importing). Now,
we spawn it once for all and then follow a request/reply protocol. This
reduces the wall-clock time of:
guix archive --export -r $(guix build coreutils -d)
from 30s to 2s.
* guix/scripts/authenticate.scm (sign-with-key): Return the signature
instead of displaying it. Raise a &formatted-message instead of calling
'leave'.
(validate-signature): Likewise.
(read-command): New procedure.
(define-enumerate-type, reply-code): New macros.
(guix-authenticate)[send-reply]: New procedure.
Change to read commands from current-input-port.
* nix/libstore/local-store.cc (runAuthenticationProgram): Remove.
(authenticationAgent, readInteger, readAuthenticateReply): New
functions.
(signHash, verifySignature): Rewrite in terms of the agent.
* tests/store.scm ("import not signed"): Remove 'pk' call.
("import signed by unauthorized key"): Check the error message of C.
* tests/guix-authenticate.sh: Rewrite using the new protocol.
fixlet
* guix/svn-download.scm (download-svn-to-store): Add a subdirectory to
the download path. The subdirectory is used as the target for the 'svn
export' command, avoiding a 'directory exists' error when attempting to
use the parent directory directly.
It was made transactional in a4678c6ba1, with
the reasoning to prevent broken intermediate states from being visible. I
think this means something like an entry being in ValidPaths, but the Refs not
being inserted.
Using a transaction for this makes sense, but I think using one single
transaction for the whole register-items call is unnecessary to avoid broken
states from being visible, and could block other writes to the store database
while register-items is running. Because the deduplication and resetting
timestamps happens within the transaction as well, even though these things
don't involve the database, writes to the database will still be blocked while
this is happening.
To reduce the potential for register-items to block other writers to the
database for extended periods, this commit moves the transaction to just wrap
the call to sqlite-register. This is the one place where writes occur, so that
should prevent the broken intermediate states issue above. The one difference
this will make is some of the registered items will be visible to other
connections while others may be still being added. I think this is OK, as it's
equivalent to just registering different items.
* guix/store/database.scm (register-items): Reduce transaction scope.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
It's necessary that store items be locked and protected from garbage
collection while they are being registered. This documents that.
* guix/store/database.scm (register-path, register-items): document GC
protection and locking requirements.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
This causes with-writable-file to take into consideration the actual store
being used, as passed to 'deduplicate', rather than
whatever (%store-directory) may return.
* guix/store/deduplication.scm (replace-with-link): new keyword argument
'store'. Pass to with-writable-file.
(with-writable-file, call-with-writable-file): new store argument.
(deduplicate): pass store to replace-with-link.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* guix/ui.scm (show-manifest-transaction)[package-strings]: Add an
OLD-VERSIONS keyword parameter. Absorb the code path previously found in the
upgrade-string. Remove upgrade-string.
(show-manifest-transaction): Adjust to the above changes.
There's no reason at this point to mimic the calling convention of the
'openssl' command.
* nix/libstore/local-store.cc (LocalStore::exportPath): Add only "sign"
and HASH to ARGS. Remove 'tmpDir' and 'hashFile'.
(LocalStore::importPath): Add only "verify" and SIGNATURE to
* guix/scripts/authenticate.scm (guix-authenticate): Adjust
accordingly; remove the OpenSSL-style clauses.
(read-hash-data): Remove.
(sign-with-key): Replace 'port' with 'sha256' and adjust accordingly.
(validate-signature): Export SIGNATURE to be a canonical sexp.
* tests/guix-authenticate.sh: Adjust tests accordingly.
* doc/guix.texi (Invoking guix archive): Introduce the term "nar bundle"
and clarify what the output of "guix archive --export" really is.
* guix/nar.scm (restore-one-item, restore-file-set): Use the term "nar
bundle" in docstrings.
Fixes <https://bugs.gnu.org/43039>.
Reported by Adam Griffiths <adam.lw.griffiths@gmail.com>.
Previously, a client could lead 'guix substitute' to run in a non-UTF-8
locale, such as the "C" locale. Consequently, 'guix substitute' would
now fail to decode UTF-8 file names such as those that appear in the
'nss-certs' package.
* guix/scripts/substitute.scm (guix-substitute): Set LC_MESSAGES, not LC_ALL.
In order to do so, default to an empty options list, and expose options whose
default values are sensitive directly as keyword arguments.
* guix/gexp.scm (computed-file): Extract the LOCAL-BUILD? parameter from the
OPTIONS parameter to make it a stand-alone keyword argument. Introduce an
OPTIONS* binding which is obtained by combining the LOCAL-BUILD? keyword and
its value with OPTIONS.
* doc/guix.texi (G-Expressions): Adjust doc.
Suggested-by: Ludovic Courtès <ludo@gnu.org>
* guix/scripts/system.scm (%options): Add `--label'.
(system-derivation-for-action): Take a #:label key to set volume ID.
(perform-action): Take a #:label key.
(%default-options): Add default label value.
(process-action): Pass label value from command-line to perform-action.
* gnu/system/image.scm (image-with-label): New procedure.
Suggested by Robin Green <greenrd@greenrd.org>.
* guix/packages.scm (print-content-hash): Gracefully deal with cases
with 'content-hash-value' returns #f, as is the case for 'linux-libre'.
Fixes <https://bugs.gnu.org/42740>.
* guix/scripts/copy.scm (send-to-remote-host): Keep the result of
'connect-to-remote-daemon' in scope, and explicitly close it after the
call to 'send-files'.
(retrieve-from-remote-host): Explicitly close REMOTE and disconnect
SESSION.
* guix/scripts/offload.scm (transfer-and-offload): Explicitly close
STORE and disconnect SESSION upon completion.
This leads a 4% improvement on the wall-clock time of:
guix build -e '(@@ (gnu packages libreoffice) libreoffice)' --no-grafts -d
* guix/derivations.scm (escaped-string): New procedure.
(write-derivation)[write-escaped-string]: New procedure.
[write-string-list, write-output, write-env-var]: Use it.
This yields a 4% improvement on the wall-clock time of:
guix build -e '(@@ (gnu packages libreoffice) libreoffice)' --no-grafts -d
* guix/derivations.scm (write-sequence, write-list, write-tuple): Use
'put-char' instead of 'display'.
(write-derivation): Use 'put-string' and 'put-char', and remove unused
'format' binding.
* guix/scripts/pull.scm (ensure-default-profile): Do not call
'migrate-generations' when
%USER-PROFILE-DIRECTORY (~/.config/guix/current) does not exist. This
avoids a confusing "Migrating profile" message when the user runs 'guix
pull' for the first time.
This improves the error message when unable to access ~/.cache as
reported by Jonathan Brielmaier <jonathan.brielmaier@web.de> in
<https://bugs.gnu.org/42859>.
* guix/scripts/lint.scm (guix-lint): Wrap body in 'with-error-handling'.
* guix/scripts/offload.scm (<build-machine>)[systems]: New field.
[system]: Accessor changed to %build-machine-system. Default to #f.
* guix/scripts/offload.scm (build-machine-system): Wrap %build-machine-system
with a deprecation warning.
(build-machine-systems): Access the new systems field or fallback to use
build-machine-system, for backward compatibility.
(machine-matches?): Adjust.
* tests/offload.scm: Add tests...
* Makefile.am (SCM_TESTS): ...and register them.
* doc/guix.texi (Daemon Offload Setup): Update doc.
This commit adds support for GZIP compression for linux-libre kernel
modules. The initrd modules are kept uncompressed as the initrd is already
compressed as a whole.
The linux-libre kernel also supports XZ compression, but as Guix does not have
any available bindings for now, and the compression time is far more
significant, GZIP seems to be a better option.
* gnu/build/linux-modules.scm (modinfo-section-contents): Use
'call-with-gzip-input-port' to read from a module file using '.gz' extension,
(strip-extension): new procedure,
(dot-ko): adapt to support compression,
(ensure-dot-ko): ditto,
(file-name->module-name): ditto,
(find-module-file): ditto,
(load-linux-module*): ditto,
(module-name->file-name/guess): ditto,
(module-name-lookup): ditto,
(write-module-name-database): ditto,
(write-module-alias-database): ditto,
(write-module-device-database): ditto.
* gnu/installer.scm (installer-program): Add "guile-zlib" to the extensions.
* gnu/machine/ssh.scm (machine-check-initrd-modules): Ditto.
* gnu/services.scm (activation-script): Ditto.
* gnu/services/base.scm (default-serial-port): Ditto,
(agetty-shepherd-service): ditto,
(udev-service-type): ditto.
* gnu/system/image.scm (gcrypt-sqlite3&co): Ditto.
* gnu/system/linux-initrd.scm (flat-linux-module-directory): Add "guile-zlib"
to the extensions and make sure that the initrd only contains
uncompressed module files.
* gnu/system/shadow.scm (account-shepherd-service): Add "guile-zlib" to the
extensions.
* guix/profiles.scm (linux-module-database): Ditto.
* Makefile.am (MODULES): Remove guix/zlib.scm and guix/lzlib.scm,
(SCM_TESTS): remove tests/zlib.scm, tests/lzlib.scm.
* build-aux/build-self.scm (make-config.scm): Remove unused %libz variable.
* configure.ac: Remove LIBZ and LIBLZ variables and check instead for
Guile-zlib and Guile-lzlib.
* doc/guix.texi ("Requirements"): Remove zlib requirement and add Guile-zlib
and Guile-lzlib instead.
* gnu/packages/package-management.scm (guix)[native-inputs]: Add "guile-zlib"
and "guile-lzlib",
[inputs]: remove "zlib" and "lzlib",
[propagated-inputs]: ditto,
[arguments]: add "guile-zlib" and "guile-lzlib" to Guile load path.
* guix/config.scm.in (%libz, %liblz): Remove them.
* guix/lzlib.scm: Remove it.
* guix/man-db.scm: Use (zlib) instead of (guix zlib).
* guix/profiles.scm (manual-database): Do not stub (guix config) in imported
modules list, instead add "guile-zlib" to the extension list.
* guix/scripts/publish.scm: Use (zlib) instead of (guix zlib) and (lzlib)
instead of (guix lzlib),
(string->compression-type, effective-compression): do not check for zlib and
lzlib availability.
* guix/scripts/substitute.scm (%compression-methods): Do not check for lzlib
availability.
* guix/self.scm (specification->package): Add "guile-zlib" and "guile-lzlib"
and remove "zlib" and "lzlib",
(compiled-guix): remove "zlib" and "lzlib" arguments and add guile-zlib and
guile-lzlib to the dependencies, also do not pass "zlib" and "lzlib" to
"make-config.scm" procedure,
(make-config.scm): remove "zlib" and "lzlib" arguments as well as %libz and
%liblz variables.
* guix/utils.scm (lzip-port): Use (lzlib) instead of (guix lzlib) and do not
check for lzlib availability.
* guix/zlib.scm: Remove it.
* m4/guix.m4 (GUIX_LIBZ_LIBDIR, GUIX_LIBLZ_FILE_NAME): Remove them.
* tests/lzlib.scm: Use (zlib) instead of (guix zlib) and (lzlib)
instead of (guix lzlib), and do not check for zlib and lzlib availability.
* tests/publish.scm: Ditto.
* tests/substitute.scm: Do not check for lzlib availability.
* tests/utils.scm: Ditto.
* tests/zlib.scm: Remove it.
* Makefile.am (MODULES): Move guix/build/download-nar.scm to ...
(MODULES_NOT_COMPILED): ... here.
* guix/build/download-nar.scm: Use (zlib) instead of (guix zlib).
* guix/cvs-download.scm (cvs-fetch): Do not stub (guix config) in imported
modules list, instead add "guile-zlib" to the extension list.
* guix/git-download.scm (git-fetch): Ditto.
* guix/hg-download.scm (hg-fetch): Do not stub (guix config) in imported
modules list, instead add "guile-zlib" to the extension list.
Fixes <https://bugs.gnu.org/42543>.
Reported by Jack Hill <jackhill@jackhill.us>.
* guix/lint.scm (check-formatting): Always return a list (previously we
would return #f when 'search-path' returns #f). Check whether
LOCATION's file is a relative file name. Return a warning if not.
* tests/guix-lint.sh: Add test.
The "--bindir" option is not as useful as it seems as the configured location
is embedded in the outputs. Instead of using "--bindir" it seems better to
build a statically linked binary and move the binary to its own output to
avoid references between the "out" and "bin" outputs.
* guix/build/haskell-build-system.scm (configure): Do not pass "--bindir".
See <https://bugs.gnu.org/39309>.
* guix/build-system/haskell.scm (lower): Include the transitive
propagated inputs of 'extra-directories' inputs.
(haskell-build): Add the 'extra-directories' keyword and pass it through
to the builder.
* guix/build/haskell-build-system.scm (configure): Use it to select
which inputs get passed via 'extra-include-dirs' and 'extra-lib-dirs' to
Cabal.
* gnu/packages/haskell-xyz.scm (ghc-alsa-core, ghc-hmatrix,
ghc-hmatrix-gsl, ghc-hslua, ghc-iwlib, ghc-libyaml, ghc-ncurses,
ghc-openglraw, ghc-x11, ghc-x11-xft, ghc-zlib): Set 'extra-directories'.
* gnu/packages/haskell-crypto.scm (ghc-digest, ghc-hsopenssl): Likewise.
* guix/build/haskell-build-system.scm (register): Strip references to the doc
output from the generated package config files; move the haddock files from
the "doc" output to the "lib" output.
* guix/build-system/haskell.scm (lower): Add OUTPUTS keyword and add the
"static" output in the common case.
(haskell-build): Set the default value for the OUTPUTS keyword to include the
"static" output.
* guix/build/haskell-build-system.scm (install): Move static libraries to the
"static" output if it exists.
* guix/build/haskell-build-system.scm (configure): Add configure flags to
build shared libraries by default, to generate position independent code, and
to set the RUNPATH.
* guix/build-system/haskell.scm (haskell-build): Add keyword PARALLEL-BUILD?
and pass it on to the builder.
* guix/build/haskell-build-system.scm (build): Accept keyword PARALLEL-BUILD?
and pass the number of parallel jobs to GHC.
This is a followup to commit 8f53d73493,
which did not have the desired effect: the 'resolve-module' call was
bound to succeed since the inferior runs 'guix repl'.
* guix/ssh.scm (store-import-channel)[import]: Add call to
'resolve-module' and write '(module-error) upon error. Write
'(importing) when we're ready.
(send-files)[inferior-remote-eval*]: Remove.
[missing]: Remove call to 'resolve-module'.
Call 'handle-import/export-channel-error' when PORT doesn't
return '(importing).
(handle-import/export-channel-error): New procedure.
(retrieve-files*): Use it.
Fixes <https://bugs.gnu.org/42601>.
Reported by Jan Wielkiewicz <tona_kosmicznego_smiecia@interia.pl>.
Regression introduced in efe037fc5c
whereby errors like 'wrong-type-arg' would be improperly reported:
guix environment: error: Wrong type argument in position ~A (expecting ~A): ~S
See also commit a07d5e558b.
* guix/ui.scm (call-with-error-handling): Move 'message-condition?'
clause after '&exception-with-kind-and-args' clause.
* guix/ui.scm (%default-verbosity): New variable.
(show-what-to-build): Add #:verbosity and honor it.
(build-notifier): Add #:verbosity and pass it to 'show-what-to-build'.
Fixes <https://bugs.gnu.org/42558>.
Until now, loading 'pack-audit.so' in a truly non-Guix environment would
usually fail because 'pack-audit.so' depends on 'libgcc_s.so' and
'libc.so', none of which could be found.
Furthermore, the test was not working as expected: the trick
unshare -mrf sh -c 'mount -t tmpfs none /gnu ; ...'
would allow the fakechroot engine to make its store available as
/gnu/store as a result of another bug.
* gnu/packages/aux-files/run-in-namespace.c (relocated_search_path): New
function.
(exec_with_loader): Pass "--library-path" to the loader.
* guix/scripts/pack.scm (wrapped-package)[build](runpath): New procedure.
(elf-loader-compile-flags): Pass "-DLOADER_AUDIT_RUNPATH".
* tests/guix-pack-relocatable.sh: Remove 'STORE_PARENT'.
(run_without_store): New function. Erase $NIX_STORE_DIR instead of
$STORE_PARENT.
Use 'run_without_store' throughout.
scandir* uses readdir, which means that the file type property can be 'unknown
if the underlying file-system does not support d_type. Make sure to fallback
to lstat in that case.
Fixes: https://issues.guix.gnu.org/issue/42579.
* guix/store/deduplication.scm (deduplicate): Handle the case where properties
is 'unknown because the underlying file-system does not support d_type.
Fixes <https://bugs.gnu.org/42504>.
Reported by Alexandru-Sergiu Marton <brown121407@posteo.ro>.
* guix/upstream.scm (package-update/url-fetch): Handle the case where the
file name has no extension.
This is a followup to 8e31736b0a.
* guix/scripts/system/reconfigure.scm (check-forward-update): Add
#:current-channels. Use it instead of OLD.
* gnu/services.scm (sexp->system-provenance): New procedure.
(system-provenance): Use it.
* gnu/machine/ssh.scm (<machine-ssh-configuration>)[allow-downgrades?]:
New field.
(machine-check-forward-update): New procedure.
(check-deployment-sanity)[assertions]: Call it.
* doc/guix.texi (Invoking guix deploy): Document 'allow-downgrades?'
field.
Until now, the first few lines in the output of 'guix processes' could
disappear in 'less'.
* guix/ui.scm (call-with-paginated-output-port): Add #:less-options
parameter and honor it.
(with-paginated-output-port): Allow callers to pass #:less-options.
* guix/scripts/processes.scm (guix-processes): Pass #:less-options to
'with-paginated-output-port'.
* guix/scripts/system.scm (check-file-system-availability)[file-system-location*]:
Return a <location> record instead of a string.
[error]: Use 'report-error' instead of 'format'.
Change callers accordingly.
This allows 'gettext' to be called on the format string at the site
where the exception is caught (rather than the site where it's thrown).
It also allows for argument highlighting.
* guix/diagnostics.scm (&formatted-message): New condition type.
(check-format-string): New procedure.
(formatted-message): New macro.
* guix/ui.scm (report-load-error): Add clause for 'formatted-message?'.
(warn-about-load-error): Likewise.
(call-with-error-handling): Likewise.
(read/eval): Likewise.
Callers can pass 'report-error', 'warning', etc. to 'apply'.
* guix/diagnostics.scm (trivial-format-string?): New procedure, moved
from...
(highlight-argument): ... here.
(define-diagnostic): Add 'identifier?' clause.
(emit-diagnostic): New procedure.
The 'memoize' binding was re-exported in 2016, commit
19e1d5f7f9, as a backwards-compatibility
measure that makes little sense now.
* guix/utils.scm: Don't re-export 'memoize'.
* guix/import/pypi.scm: Adjust imports.
* tests/pypi.scm: Remove duplicate (guix memoization) import.
Fixes <https://bugs.gnu.org/42509>.
Reported by Alexandru-Sergiu Marton <brown121407@posteo.ro>.
* guix/import/github.scm (fetch-releases-or-tags): Use 'http-fetch'
instead of 'json-fetch', and guard against 404 errors. Upon 404, emit a
warning and return the empty vector.
This is similar to what 9744cc7b46 did for
'guix pull'.
* guix/scripts/system/reconfigure.scm (ensure-forward-reconfigure)
(warn-about-backward-reconfigure, channel-relations)
(check-forward-update): New procedures.
* guix/scripts/system.scm (perform-action): Add #:validate-reconfigure.
Call 'check-forward-update' when ACTION is 'reconfigure.
(%options, show-help): Add "--allow-downgrades".
(%default-options): Add 'validate-reconfigure' key.
(process-action): Pass #:validate-reconfigure to 'perform-action'.
* doc/guix.texi (Invoking guix system): Document 'guix system describe'
more prominently, and document '--allow-downgrades'.
Fixes a regression introduced in
c10526672e.
Previously we would return *unspecified* for a package whose source is
not an origin.
* guix/lint.scm (check-source): Add alternate 'if' branch.
This avoids a backtrace with "guix refresh -u rdiff-backup", which has
".asc" signatures instead of ".sig".
* guix/upstream.scm (download-tarball): Gracefully handle the case where
SIG is false.
* guix/gnu-maintenance.scm (latest-savannah-release): Add comment about
'file->signature'.
This fixes "guix refresh man-pages", for instance.
* guix/gnu-maintenance.scm (latest-savannah-release)
(latest-kernel.org-release): Handle the case where 'origin-uri' returns
a list.
This is a followup to 59a47fb678.
* guix/gnu-maintenance.scm (latest-savannah-release): Call
'adjusted-upstream-source' only when 'latest-html-release' returns
true.
(latest-kernel.org-release): Likewise.
This prepares for the migration to Guile-JSON 4.3.0.
* guix/json.scm (define-as-needed): New macro.
(define-json-mapping): Use 'define-as-needed' instead of
'define-syntax-rule'.
This makes sure they return 'mirror://' URLs rather that URLs pointing
to the specific mirror they talk to.
* guix/gnu-maintenance.scm (url-prefix-rewrite)
(adjusted-upstream-source): New procedures.
(latest-savannah-release, latest-kernel.org-release): Use it.
* guix/scripts/pack.scm (self-contained-tarball)
[set-utf8-locale]: New variable.
[build]: Use it.
* tests/pack.scm ("self-contained-tarball"): Use a <profile> record
instead of 'profile-derivation'.
