* guix/gexp.scm (<raw-derivation-file>): New record type.
(raw-derivation-file-compiler): New gexp compiler.
* tests/gexp.scm ("lower-gexp, raw-derivation-file")
("raw-derivation-file"): New tests.
* guix/scripts/challenge.scm (call-with-nar): New procedure.
(narinfo-contents): Express in terms of 'call-with-nar'.
(call-with-mismatches, report-differing-files/external): New
procedures.
(%diffoscope-command): New variable.
(%options): Support "diffoscope" and a string starting with "/".
* tests/challenge.scm (call-mismatch-test): New procedure.
("differing-files"): Rewrite in terms of 'call-mismatch-test'.
("call-with-mismatches"): New test.
* doc/guix.texi (Invoking guix challenge): Document it.
* guix/scripts/archive.scm (show-help, %options): Add '--list'.
(list-contents): New procedure.
(guix-archive): Honor the '--list' option.
* tests/guix-archive.sh: Test it.
* doc/guix.texi (Invoking guix archive): Document it.
* guix/import/crate.scm (%dual-license-rx): Removed function.
(crate->guix-package): Handle most of the multi-licensing cases.
* tests/crate.scm (licenses): Add tests for some licenses.
Co-authored-by: Ludovic Courtès <ludo@gnu.org>
* guix/derivations.scm (derivation-input-fold): New procedure.
(substitution-oracle)[closure]: Rewrite in terms of
'derivation-input-fold'.
* tests/derivations.scm ("derivation-input-fold"): New test.
* guix/gexp.scm (local-file): Distinguish the case where FILE is a
literal string and when it's not. Add a clause for when FILE is not a
literal string.
* tests/gexp.scm ("local-file, non-literal relative file name"): New test.
* doc/guix.texi (G-Expressions): Update accordingly.
Previously, there was a possibility that "guix install emacs" would grab
the lock before "guix package -m $module_dir/manifest.scm". When that
happened, the test would start building Emacs and all its dependencies,
which could take a while and some disk space.
This is a followup to b1fb663404.
* tests/guix-package.sh: In profile locking test, emit
"$module_dir/ready" from the manifest and wait for it to exist before
running "guix install emacs".
* guix/scripts/substitute.scm (warn-about-missing-authentication): New
procedure.
(%allow-unauthenticated-substitutes?): Turn into a public parameter and
use 'warn-about-missing-authentication'.
(valid-narinfo?): Adjust accordingly.
* tests/substitute.scm (call-with-narinfo): Likewise.
* guix/scripts/pack.scm (guix-pack): Collect 'manifest' options, and
concatenate the resulting manifests.
* tests/guix-pack.sh: Test it.
* doc/guix.texi (Invoking guix pack): Document it.
* guix/scripts/package.scm (manifest-action): Remove.
(%actions): Remove it.
(load-manifest): New procedure.
(process-actions): Handle 'manifest' options. Define 'files' from
'manifest' options. Define 'manifest' based on FILES. Define 'trans'
to represent the final transaction.
* tests/guix-package.sh: Test it.
* doc/guix.texi (Invoking guix package): Mention
* tests/guix-environment.sh: Test 'guix environment' with two '-m' options.
* doc/guix.texi (Invoking guix environment): Explain that '-m' can be
passed multiple times.
* guix/scripts/pack.scm (%options, show-help): Add "--derivation".
(guix-pack): Honor it.
* tests/guix-pack.sh: Test it.
* doc/guix.texi (Invoking guix pack): Document it.
This lets the daemon substitute missing derivations, as in the example
at <https://bugs.gnu.org/38226>, instead of failing with ENOENT.
* guix/scripts/build.scm (options->things-to-build): In the
'derivation-path?' case, don't fail when 'read-derivation-from-file'
raises to ENOENT; return the empty list in that case.
(guix-build): Add non-existent '.drv' files to ITEMS.
Pass ITEMS in addition to DRV to 'build-derivations'.
* tests/guix-build.sh: Add test.
Fixes <https://bugs.gnu.org/38093>.
When running:
guix build --target=arm-linux-gnueabihf -e '(@ (gnu packages base) coreutils)'
the '%current-target-system' parameter is set by the time the top-level
of (gnu packages commencement) is evaluated. Consequently, we need to
ensure that the 'pkg-config' macro evaluates in a context where
'%current-target-system' is unset.
* gnu/packages/commencement.scm (gnu-make-final): Refer to '%pkg-config'
instead of 'pkg-config'.
* tests/guix-build.sh: Add test.
* gnu/services/networking.scm (ntp-server->string): Use the textual
representation of the values as printed by 'display' rather than 'write', to
avoid inserting double quotes in the generated config.
* tests/networking.scm (%ntp-server-sample): Add a comment and make one of the
options a string, to exercise the fix.
("ntp-server->string"): Move the expected value to the first argument.
("ntp configuration servers deprecated form"): Likewise.
("openntpd generated config string ends with a newline"): Likewise.
The XML feed was discontinued on Oct. 16th, 2019:
<https://nvd.nist.gov/General/News/XML-Vulnerability-Feed-Retirement-Phase-3>
* guix/cve.scm (string->date*): New procedure.
(<cve-item>, <cve>, <cve-reference>): New record types.
(cpe-match->cve-configuration, configuration-data->cve-configurations)
(json->cve-items, version-matches?): New procedures.
(yearly-feed-uri): Change URL to refer to JSON feed.
(cpe->product-alist, %parse-vulnerability-feed)
(xml->vulnerabilities): Remove.
(cve-configuration->package-list, merge-package-lists)
(cve-item->vulnerability, json->vulnerabilities): New procedures.
(write-cache): Use 'json->vulnerabilities' instead of
'xml->vulnerabilities', and remove 'parameterize'.
(vulnerabilities->lookup-proc): Use 'version-matches?' when VERSION is
true.
* tests/cve.scm (%sample): Use 'tests/cve-sample.json'.
(%expected-vulnerabilities): Rewrite accordingly.
("json->cve-items", "cve-item-published-date")
("json->vulnerabilities"): New tests.
("xml->vulnerabilities"): Remove.
("vulnerabilities->lookup-proc"): Adjust to new vulnerabilities.
* tests/cve-sample.json: New file.
* tests/cve-sample.xml: Remove.
* Makefile.am (EXTRA_DIST): Adjust accordingly.
* doc/guix.texi (Invoking guix lint): Update nist.gov URLs.
* tests/cve.scm (vulnerability): Use 'make-struct/no-tail' instead of
'make-struct', which is deprecated.
* tests/lint.scm ("cve: one vulnerability")
("cve: one patched vulnerability")
("cve: known safe from vulnerability")
("cve: vulnerability fixed in replacement version")
("cve: patched vulnerability in replacement"): Likewise.
Fixes <https://bugs.gnu.org/37744>.
Reported at <https://www.openwall.com/lists/oss-security/2019/10/09/4>.
Based on Nix commit 5a303093dcae1e5ce9212616ef18f2ca51020b0d
by Eelco Dolstra <edolstra@gmail.com>.
* nix/libstore/local-store.cc (LocalStore::LocalStore): Set 'perUserDir'
to #o755 instead of #o1777.
(LocalStore::createUser): New function.
* nix/libstore/local-store.hh (LocalStore): Add it.
* nix/libstore/store-api.hh (StoreAPI): Add it.
* nix/nix-daemon/nix-daemon.cc (performOp): In 'wopSetOptions', add
condition to handle "user-name" property and honor it.
(processConnection): Add 'userId' parameter. Call 'store->createUser'
when userId is not -1.
* guix/profiles.scm (ensure-profile-directory): Note that this is now
handled by the daemon.
* guix/store.scm (current-user-name): New procedure.
(set-build-options): Add #:user-name parameter and pass it to the daemon.
* tests/guix-daemon.sh: Test the creation of 'profiles/per-user' when
listening on a TCP socket.
* tests/store.scm ("profiles/per-user exists and is not writable")
("profiles/per-user/$USER exists"): New tests.
* guix/build/syscalls.scm (RNDADDTOENTCNT): New variable.
(add-to-entropy-count): New procedure.
* tests/syscalls.scm ("add-to-entropy-count"): New test.
Previously we would, for example, generate build scripts in the store;
when trying to run them, we'd get a 'read' error due to the presence
of #<foo> syntax in there.
* guix/gexp.scm (gexp->sexp)[self-quoting?]: New procedure.
[reference->sexp]: Check whether the argument in a <gexp-input> box is
self-quoting. Raise a '&gexp-input-error' condition if it's not.
* tests/gexp.scm ("lower-gexp, non-self-quoting input"): New test.
Suggested by Ricardo Wurmus <rekado@elephly.net>.
* guix/channels.scm (<channel-news-entry>)[tag]: New field.
(sexp->channel-news-entry): Accept either 'commit' or 'tag' in 'entry'
forms.
(resolve-channel-news-entry-tag): New procedure.
(channel-news-for-commit): Move 'with-repository' form one level
higher. Call 'resolve-channel-news-entry-tag' on all the news entries.
* guix/tests/git.scm (populate-git-repository): Add clause for 'tag'.
* tests/channels.scm ("channel-news, one entry"): Create a tag and add
an entry with a tag. Check that the tag is resolved and also visible in
the <channel-news-entry> record.
* doc/guix.texi (Channels): Mention tags in news entries.
* guix/channels.scm (<channel-metadata>)[news-file]: New field.
(read-channel-metadata): Set the 'news-file' field.
(read-channel-metadata-from-source): Likewise.
(<channel-news>, <channel-news-entry>): New record types.
(sexp->channel-news-entry, read-channel-news)
(channel-news-for-commit): New procedures.
* guix/tests/git.scm (populate-git-repository): For 'add', allow
CONTENTS to be a procedure.
* tests/channels.scm ("channel-news, no news")
("channel-news, one entry"): New tests.
* doc/guix.texi (Channels): Document it.
* guix/scripts/show.scm: New file.
* Makefile.am (MODULES): Add it.
* po/guix/POTFILES.in: Add it.
* tests/guix-package-aliases.sh: Add test.
* doc/guix.texi (Invoking guix package): Document it and use it in a example.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Until now '&store-protocol-error' conditions raised in the inferior
would not be correctly propagated because SRFI-35 records lack a read
syntax.
Reported at <https://bugs.gnu.org/37449>
by Carl Dong <contact@carldong.me>.
* guix/inferior.scm (port->inferior): Import (srfi srfi-34) in the inferior.
(inferior-eval-with-store): Define 'error?' and 'error-message'. Wrap
call to PROC in 'guard'. Check the response of INFERIOR for a
'store-protocol-error' or a 'result' tag.
* tests/inferior.scm ("inferior-eval-with-store, &store-protocol-error"):
New test.