Fixes <https://bugs.gnu.org/44574>.
Reported by Efraim Flashner <efraim@flashner.co.il>.
* guix/scripts/weather.scm (guix-weather): Fix when substitute-urls
is a list.
Signed-off-by: Mathieu Othacehe <othacehe@gnu.org>
* guix/build/cargo-build-system.scm (configure): When gettext is
available in the build environment set the GETTEXT_SYSTEM variable.
* gnu/packages/crates-io.scm (rust-gettext-rs-0.5, rust-gettext-rs-0.4,
rust-gettext-sys-0.19)[arguments]: Remove phase to help find system gettext.
* guix/build/cargo-build-system.scm (configure): When clang is available
in the build environment set the LIBCLANG_PATH variable.
* gnu/packages/crates-graphics.scm (rust-aom-sys-0.1,
uust-dav1d-sys-0.3),
* gnu/packages/crates-io.scm (rust-bindgen-0.55, rust-bindgen-0.54,
rust-bindgen-0.53, rust-bindgen-0.52, rust-cexpr-0.4, rust-cexpr-0.3,
rust-cexpr-0.2, rust-clang-sys-1, rust-clang-sys-0.29,
rust-clang-sys-0.26, rust-clang-sys-0.22, rust-clang-sys-0.11,
rust-libpijul-0.12, rust-nettle-7, rust-nettle-sys-2,
rust-sequoia-openpgp-0.9)[arguments]: Remove phases which set an
environment variable to find clang.
[inputs]: Rename instances of libclang with clang.
* guix/build/cargo-build-system.scm (configure): When openssl is
available set the OPENSSL_DIR variable to discover its location.
* gnu/packages/crates-io.scm (rust-curl-sys-0.4, rust-libgit2-sys-0.10,
rust-libpijul-0.12, rust-libssh2-sys-0.2, rust-native-tls-0.2,
rust-openssl-sys-0.9, rust-openssl-0.7, rust-trust-dns-rustls-0.6),
* gnu/packages/rust-apps.scm (tokei, exa)[arguments]: Remove redundant
setenv for openssl.
* guix/lint.scm (check-haskell-stackage): New procedure.
(%network-dependent-checkers): Add 'haskell-stackage' checker.
* guix/import/hackage.scm (%hackage-url): New variable.
(hackage-source-url, hackage-cabal-url): Use it in place of a
hard-coded string.
* guix/import/stackage.scm (%stackage-url): Make it a parameter.
(stackage-lts-info-fetch): Update accordingly.
* tests/lint.scm ("hackage-stackage"): New test.
* guix/scripts/lint.scm (emit-warnings): Use 'current-output-port'
instead of 'current-error-port'.
Signed-off-by: Christopher Baines <mail@cbaines.net>
Fixes <https://bugs.gnu.org/44692>.
* guix/build/cargo-build-system.scm (build): Default to the empty list for
FEATURES. Check whether the list is empty when building the Cargo arguments.
* guix/scripts/refresh.scm (list-dependents)[lst]: Use ~d for the
singular format string, as the argument jumping would trigger an error
during en@boldquot.mo generation.
And add a new '--volatile' option to have it volatile otherwise.
* guix/scripts/system.scm (%options)[volatile-root?]: New boolean option.
(%default-options): Set its default value to #f.
(show-help): Add help doc.
* guix/scripts/system.scm (perform-action): Propagate option...
(system-derivation-for-action): ...here. Use it to set the volatile-root?
field of the image object passed to SYSTEM-IMAGE.
* doc/guix.texi (Invoking guix system): Document it.
This change harmonizes the way we configure the buffer sizes and the socket
options, so that we don't forget to change it at one place like it happened in
commit 5e3d169945.
* guix/scripts/publish.scm (%default-buffer-size)
(%default-socket-options): New variables.
* guix/scripts/publish.scm (configure-socket): New procedure.
(compress-nar): Use %default-buffer-size for the buffer size, increased from
128 to 208 KiB.
(nar-response-port): Likewise, increased from 64 to 208 KiB.
(http-write): Use configure-socket to set socket options.
(open-server-socket): Likewise.
* guix/scripts/archive.scm (authorize-key): Warn when %ACL-FILE is a
symbolic link and print an additional hint for Guix System users.
Co-authored-by: Ludovic Courtès <ludo@gnu.org>
`hg-predicate' acts for mercurial repositories as `git-predicate' acts
for git-repositories.
* guix/hg-download.scm (hg-predicate): New procedure.
Signed-off-by: Christopher Baines <mail@cbaines.net>
* guix/lint.scm (check-patch-file-names): Remove 'message-condition?'
guard, which is useless since d51bfe242f.
Remove call to 'format' in the 'formatted-message?' case.
This increases throughput tenfold (!) on localhost when downloading
large nars without '--cache'. This is a followup to
5e3d169945.
Reported by Maxim Cournoyer.
* guix/scripts/publish.scm (http-write): In the
'application/x-nix-archive' case, add call to 'setsockopt'.
Reported by Ricardo Wurmus <rekado@elephly.net>.
* guix/scripts/publish.scm (compress-nar): Add 'chmod' call to ensure
PORT is #o644, in the uncompressed case.
(bake-narinfo+nar): Likewise for the narinfo file.
* tests/publish.scm ("with cache"): Check permissions on CACHED and NAR.
Reported by Ricardo Wurmus <rekado@elephly.net>.
* guix/scripts/publish.scm (compress-nar): Add 'chmod' call to ensure
PORT is #o644, in the uncompressed case.
(bake-narinfo+nar): Likewise for the narinfo file.
* tests/publish.scm ("with cache"): Check permissions on CACHED and NAR.
While importing those modules from the host system is valid, it is often
a mistake that introduces non-reproducibility. This patch prints a
warning when that happens.
* guix/gexp.scm (gexp-attribute): Add #:validate parameter and honor it.
(gexp-modules)[validate-modules]: New procedure.
Pass it to 'gexp-attribute'.
* tests/gexp.scm ("gexp-modules, warning"): New test.
* guix/gexp.scm (<gexp>)[location]: New field.
(gexp-location): New procedure.
(write-gexp): Print the location of GEXP.
(gexp->derivation): Adjust call to 'make-gexp'.
(gexp): Likewise.
Fixes <https://bugs.gnu.org/44442>.
Regression introduced in 2b2ab7796a.
* guix/scripts/publish.scm (render-nar/cached): Do not call
'bypass-cache?' when ITEM is the empty string.
* tests/publish.scm ("with cache, cache bypass, unmapped hash part"):
New test.
In particular, this means that 'guix lint' won't warn to update to
versions that won't necessarily fit our package set well.
* guix/import/stackage.scm (%stackage-url): Change to "https",
avoiding redirect log messages.
(%default-lts-version): New variable.
(stackage-lts-info-fetch, stackage->guix-package,
latest-lts-release): Use it.
(lts-info-ghc-version): Remove unused procedure.
Signed-off-by: Timothy Sample <samplet@ngyro.com>
Fixes: <https://issues.guix.gnu.org/44101>.
* gnu/build/bootloader.scm (write-file-on-device): Pass 'no-fail flag instead
of 'no-create. Use a latin-1 transcoder.
* guix/scripts/system/reconfigure.scm (install-bootloader-program): Add a
"disk-installer" argument and use it as a fallback.
(install-bootloader): Adapt accordingly.
* gnu/tests/reconfigure.scm (run-install-bootloader-test): Ditto.
Partly fixes <https://bugs.gnu.org/44053>.
Reported by Joshua Branson <jbranso@dismail.de>
and Maxim Cournoyer <maxim.cournoyer@gmail.com>.
* guix/profiles.scm (xdg-mime-database): When PKGDIRS contains only one
element, symlink directly to it. Invoke 'update-mime-database' only
when PKGDIRS contains two or more elements, which is less frequent.
Fixes <http://issues.guix.gnu.org/44196>
* gnu/machine/ssh.scm (roll-back-managed-host): Use
boot-parameters-store-directory-prefix.
* gnu/system.scm (define-module): Export
boot-parameters-store-directory-prefix.
(<boot-parameters>)[store-directory-prefix]: New field. It is used to
generate the correct paths when /gnu/store is installed on a btrfs
subvolume whose name doesn't match the final runtime path, as the
bootloader doesn't have knowledge about the final mounting points.
[boot-parameters-store-directory-prefix]: New accessor.
(read-boot-parameters): Read directory-prefix from store field.
(operating-system-boot-parameters-file): Add directory-prefix to
store field.
* guix/scripts/system.scm (reinstall-bootloader): Use
boot-parameters-store-directory-prefix.
* test/boot-parameters.scm (%default-btrfs-subvolume,
%default-store-directory-prefix): New variables.
(%grub-boot-parameters): Use %default-store-directory-prefix.
(%default-operating-system): Use %default-btrfs-subvolume.
(test-boot-parameters): Add directory-prefix.
(test optional fields): Add test for directory-prefix.
(test os store-directory-prefix): New test.
* guix/transformations.scm (evaluate-replacement-specs)
(package-git-url, evaluate-git-replacement-specs)
(transform-package-source-git-url)
(transform-package-toolchain): Use 'raise' and 'formatted-message'
instead of 'leave'.
* guix/scripts/build.scm (<downloaded-file>): New record type.
(download-to-store*): New variable.
(compile-downloaded-file): New procedure.
(package-with-source): Remove 'store' parameter. Use 'downloaded-file'
instead of 'download-to-store'.
(transform-package-source): Adjust accordingly.
* guix/scripts/pack.scm (wrapped-package)<build>: Build wrappers for
executable files and symlink others.
* tests/guix-pack-relocatable.sh: Test relocatable example of mixed
executable and non-executable files.
Fixes wrapping of non-package things, where the target store directory may
differ in length from the original.
* guix/scripts/pack.scm (wrapped-package)<build-wrapper>: Define
WRAPPER_PROGRAM macro with wrapper's file name.
* gnu/packages/aux-files/run-in-namespace.c (main): Offset index by len of
that file name.
* guix/scripts/substitute.scm (fetch-narinfos)
[handle-narinfo-response]: Add code 202 to the condition. This will
allow in the future the use of 404 for nar requests which cannot be
built in the present, leaving for the 202 to indicate that a request has
triggered a nar generation that might be completed later, as specified
in <https://www.ietf.org/rfc/rfc2616.txt>.
* guix/scripts/publish.scm (render-signing-key): New procedure.
(render-home-page): Add link to it.
(make-request-handler): Handle it.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* guix/scripts/offload.scm (open-ssh-session): Have 'max-silent-time'
default to #f rather than -1, which is not a valid timeout value.
Adjust body accordingly.
Fixes <https://bugs.gnu.org/39260>.
This uses the API of the yet-to-be-released Guile-Git 0.4.0. Using an
older version is still possible, but progress report is disabled.
* guix/git.scm (show-progress, make-default-fetch-options): New
procedures.
(clone*, update-cached-checkout): Use it instead of
'make-fetch-options'.
* guix/git.scm (auth-supported?): Remove.
(clone*): Inline code that was dependent on AUTH-SUPPORTED?.
(update-cached-checkout): Likewise.
(resolve-reference): Remove check for 'object-lookup-prefix' and use it
unconditionally.
(load-git-submodules): Remove.
(update-submodules): Use 'repository-submodules', 'submodule-lookup',
etc. unconditionally.
(update-cached-checkout): Use 'repository-close!' unconditionally.
* m4/guix.m4 (GUIX_CHECK_GUILE_GIT): New macro.
* configure.ac: Use it and error out when it fails.
* doc/guix.texi (Requirements): Bump to Guile-Git 0.3.0.
* guix/scripts/build.scm (transform-package-with-debug-info): New
procedure.
(%transformations): Add 'with-debug-info'.
(%transformation-options, show-transformation-options-help): Add
'--with-debug-info'.
* tests/scripts-build.scm ("options->transformation, with-debug-info"):
New test.
* doc/guix.texi (Package Transformation Options): Document
'--with-debug-info'.
(Installing Debugging Files): Introduce sections. Remove bit about
eventual "opt-out" since this is not happening. Document
'--with-debug-info' under "Rebuilding with Debugging Info".
Fixes a bug whereby the presence of propagated inputs could lead to two
non-eq? but actually equal packages in a bag's inputs. The problem
would manifest itself when running, for instance:
guix build inkscape -d --with-graft=glib=glib-networking --no-grafts
The resulting derivation would differ due from that without
'--with-graft'. This was due to the fact that glib propagates libffi;
this instance of libffi was not rewritten even though other instances in
the graph were rewritten. Thus, glib would end up with two non-eq?
libffi instances, which in turn would lead to duplicate entries in its
'%build-inputs' variable.
Fixes <https://bugs.gnu.org/43890>.
* guix/packages.scm (package-mapping)[rewrite]: Remove call to 'cut?'
and call 'replace' unconditionally.
[replace]: Add 'cut?' case.
* tests/guix-build.sh: Add test combining '--no-grafts' and
'--with-graft'.
* tests/packages.scm ("package-input-rewriting/spec, identity")
("package-input-rewriting, identity"): New tests.
Fixes <https://bugs.gnu.org/43843>.
* guix/build-system/haskell.scm (haskell-build): Turn off PARALLEL-BUILD? by
default.
Signed-off-by: Marius Bakke <marius@gnu.org>
* gnu/machine/ssh.scm (roll-back-managed-host): Use locale information
from boot-parameters.
* gnu/system.scm (operating-system-bootcfg): Provide locale information
to the bootloader.
* guix/system/script.scm (reinstall-bootloader): Use locale information
from boot-parameters.
Fixes a bug introduced in 5d4ad8e1be,
whereby files enclosed in 'assume-valid-file-name' would be looked up
relative to the source directory instead of relative to the current
directory.
* guix/gexp.scm (local-file): In the 'assume-valid-file-name' case, look
up FILE relative to the current working directory.
* guix/licenses.scm (cua-opl1.0): New variable.
* guix/import/utils.scm (spdx-string->license): Rename licenses to fit
the internal names and add a notice pointing to guix/licenses.scm.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Fixes <https://bugs.gnu.org/43498>.
Reported by Tobias Geerinckx-Rice <me@tobias.gr>.
* guix/ui.scm (known-variable-definition): Check for variables in the
public interface of HEAD, not in HEAD itself.
* tests/guix-build.sh: Add test.
* guix/licenses.scm (nmap): Rename to ...
(npsl): ... this. Adjust name and URL, and remove outdated Fedora wiki
entry in favor of nmap's own annotated version.
* gnu/packages/admin.scm (nmap)[license]: Adjust accordingly.
This (notably) works around the fact that nvd.nist.gov is currently
inaccessible over IPv6.
* guix/cve.scm (fetch-vulnerabilities): Add #:timeout and pass it to
'http-fetch/cached'.
(current-vulnerabilities): Add #:timeout and pass it to
'fetch-vulnerabilities'.
* guix/lint.scm (current-vulnerabilities*): Pass #:timeout to
'current-vulnerabilities'.
* guix/http-client.scm (http-fetch): Add #:timeout and pass it to
'guix:open-connection-for-uri'.
(http-fetch/cached): Add #:timeout parameter and pass it to
'http-fetch'.
Fixes <https://bugs.gnu.org/43940>.
Reported by Maxim Cournoyer <maxim.cournoyer@gmail.com>.
The "channel-instances->manifest" test would fail since
1d4ab335b2: 'quiet-guile' would be passed #f
as GUILE, and thus 'package-version' would fail with wrong-type-arg.
* guix/channels.scm (whole-package-for-legacy): Pass #:guile to
'whole-package'.
* tests/channels.scm ("channel-instances->manifest"): Remove 'test-expect-fail'.
Fixes <https://bugs.gnu.org/43720>.
Reported by Andreas Enge <andreas@enge.fr>.
The bug was introduced in 5c793753b3,
which changed the way TO-START is computed: as a function of the running
services first, and then as a function of the live services (which
includes services not currently running).
* guix/scripts/system/reconfigure.scm (running-services): Serialize the
'running' field and return it.
(upgrade-shepherd-services): Comput RUNNING. Compute TO-START as the
difference between TARGET-SERVICES and RUNNING.
Fixes <https://issues.guix.gnu.org/43773>.
The computed normalized load was previously obtained by dividing the load
average as found in /proc/loadavg by the number of parallel builds defined for
a build machine.
This normalized load didn't allow to compare machines with different number of
cores, as the load average reported by /proc/loadavg can be as high as the
number of cores; thus comparing that value to a fixed threshold of 2.0 would
mean machines with multiple cores were more likely to be flagged as overloaded
compared to single core machines.
This can be fixed by normalizing using the available number of cores instead
of the number of parallel jobs.
* guix/scripts/offload.scm (<build-machine>)[overload-threshold]: New field.
(node-load): Modify to return a normalized load value between 0 and 1, taking
into account the number of cores available.
(normalized-load): Remove procedure.
(report-load): New procedure.
(choose-build-machine): Adjust to use the modified 'node-load' and the new
'report-load' and 'build-machine-overload-threshold' procedures.
(check-machine-status): Adjust.
* doc/guix.texi (Daemon Offload Setup): Document the offload scheduler and the
new 'overload-threshold' field.
This reverts commit 2fb12dd1bb, which
causes the 'svn export' command to fail with:
svn: E155000: Destination directory exists; please remove the directory
or use --force to overwrite
Since commit ba48895899, selected UTF-8
locales are bundled. However, because 'guix-command' is itself a Guile
script, users would still see Guile's warning, particularly on foreign
distros:
$ LC_ALL=sdf guix foo
guile: warning: failed to install locale
hint: Consider installing the `glibc-utf8-locales' [...]
User commands would print that warning, but more importantly, each
invocation of 'guix substitute' would print it, even though
'guix-daemon.service' explicitly chooses "en_US.utf8", which is in
'glibc-utf8-locales'. This leads to confusion since users would keep
seeing this message unless/until they realize they also need to install
'glibc-utf8-locales' in root's profile.
This patch gets rid of "guile: warning: ..." for a guix-pulled 'guix'
command.
* guix/self.scm (specification->package): Add "gcc-toolchain".
(quiet-guile): New procedure.
(guix-command): Use it.
* gnu/packages/aux-files/guile-launcher.c: New file.
* Makefile.am (AUX_FILES): Add it.
This is a followup to 0f53c801b9.
* guix/scripts/environment.scm (launch-environment/container): Add call
to 'set-network-interface-up'.
* tests/guix-environment-container.sh: Add test.
* guix/scripts/package.scm (transaction-upgrade-entry)[upgrade]: Add
'transform' parameter. Pass PKG through it. Use
'manifest-entry-with-transformations'.
Call 'options->transformation' to get the transformation procedure.
* tests/guix-package.sh: Add 'guix package -u' test.
* tests/packages.scm ("transaction-upgrade-entry, transformation options preserved"):
New test.
* doc/guix.texi (Invoking guix package): Mention that transformations
are preserved across upgrades.
(Package Transformation Options): Likewise.
With this change, package transformation options used while building a
manifest are saved in the metadata of the manifest entries.
* guix/scripts/build.scm (transformation-procedure): New procedure.
(options->transformation)[applicable]: Use it. Change to a list of
key/value/proc tuples instead of key/proc pairs.
[package-with-transformation-properties, tagged-object]: New
procedures. Use them.
(package-transformations, manifest-entry-with-transformations): New
procedures.
* guix/scripts/pack.scm (guix-pack)[with-transformations]: New
procedure.
Use it.
* guix/scripts/package.scm (process-actions)[transform-entry]: Use it.
* tests/guix-package-aliases.sh: Add test.
Since 313f492657 the target argument passed to
"guix system" was not honored for 'disk-image' command.
This forces the command line passed "target" to take precedence over the
"target" field of the <image> record returned by "os->image" procedure.
* guix/scripts/system.scm (system-derivation-for-action): Override the
"target" field of the "image" record using the "target" argument from the
command line.
Fixes a regression introduced in
f43ffee908.
Reported by jonsger on #guix.
* guix/gexp.scm (local-file): In the non-literal case, add #:literal?
and #:location after REST.
Fixes <https://bugs.gnu.org/43736>.
Reported by Vitaliy Shatrov <guix.vits@disroot.org>.
* guix/gexp.scm (%local-file): Add #:literal? and #:location.
Emit a warning when LITERAL? is false and FILE is not absolute.
(local-file): In the non-literal case, pass #:location and #:literal?.
* po/guix/POTFILES.in: Add guix/gexp.scm.
* tests/guix-system.sh: Add test for the warning.
* guix/import/opam.scm (group-pat): Report in syntax tree.
(dependency->input, dependency->native-input, dependency->name):
consider the case of a group.
* guix/scripts/system.scm (list-image-types): New procedure,
(%options): add "image-type" and "list-image-types" options, remove
"file-system-type" option,
(show-help): adapt accordingly,
(%default-options): also adapt, and set the default "image-type" to "raw",
(perform-action): add image-type argument and remove file-system-type argument,
(process-action): adapt perform-action call,
(system-derivation-for-action): remove base-image
argument, add image-type argument, and use it to create the image passed to
"system-image".
* tests/guix-system.sh: Adapt accordingly and add a test for
"--list-image-types" command.
* doc/guix.texi (Building the Installation Image,
Invoking guix system): Adapt accordingly.
Signed-off-by: Mathieu Othacehe <othacehe@gnu.org>
* guix/packages.scm (package-input-rewriting): Add #:deep? and pass it
to 'package-mapping'.
[replacement-property]: New variable.
[rewrite]: Check it.
[cut?]: New procedure.
* tests/packages.scm ("package-input-rewriting"): Pass #:deep? #f and
ensure implicit inputs were not rewritten. Avoid 'eq?' comparisons.
("package-input-rewriting, deep"): New test.
* gnu/packages/guile.scm (package-for-guile-2.0, package-for-guile-3.0):
Pass #:deep? #f.
Previously, something like:
guix build glib --with-graft=glibc=glibc@2.29
would produce a result showing that rewriting rules were not applied to
libx11@1.6.A (a replacement).
* guix/packages.scm (package-mapping): Call REPLACE instead of PROC to
'replacement'.
* tests/packages.scm ("package-input-rewriting/spec, graft"): New test.
With this change, '--with-input', '--with-graft', etc. also apply to
implicit dependencies. Thus, it's now possible to do:
guix build python-itsdangerous --with-input=python-wrapper=python@2
or:
guix build hello --with-graft=glibc=glibc@2.29
Additionally, before, implicit inputs were not rewritten, which could
lead to duplicates in the output of 'bag-transitive-inputs' (packages
that are not 'eq?' but lead to the same derivation). This in turn would
lead to unnecessary rebuilds when using '--with-input' & co. This
change fixes it by ensuring even implicit inputs are rewritten.
Fixes <https://bugs.gnu.org/42156>.
* guix/packages.scm (package-input-rewriting/spec): Add #:deep?
defaulting to #true, and pass it to 'package-mapping'.
[replacement-property]: New variable.
[rewrite]: Check that property and set it on the result of PROC.
[cut?]: New procedure.
* tests/packages.scm ("package-input-rewriting/spec"): Ensure implicit
inputs were unchanged.
("package-input-rewriting/spec, partial match"): Pass #:deep? #f.
("package-input-rewriting/spec, deep")
("package-input-rewriting/spec, no duplicates"): New tests.
(package/inherit): Move before use.
* tests/guix-build.sh: Add tests.
* tests/scripts-build.scm ("options->transformation, with-graft"):
Compare dependencies by package name or derivation file name.
* doc/guix.texi (Defining Packages): Adjust accordingly.
* guix/packages.scm (build-system-with-package-mapping): New procedure.
(package-mapping): Add #:deep? and honor it.
* tests/packages.scm ("package-mapping"): Compare the direct inputs of
the bag of P0 and that of P1.
("package-mapping, deep"): New test.
Fixes <https://bugs.gnu.org/42688>.
Reported by pkill9 <pkill9@runbox.com>.
This ensures that 'guix repl -s SCRIPT' give SCRIPT the right value
of (current-profile), which in turn ensures that (%package-module-path)
is initialized with the right set of channels.
* guix/describe.scm (initial-program-arguments): New variable.
(current-profile): Use it.
* guix/scripts/repl.scm (guix-repl): Call 'current-profile' before
'set-program-arguments'.
* guix/build-system/asdf.scm (asdf-build): Remove the 'files' variable.
* guix/build/asd-build-system.scm (find-asd-files): New variable.
(build, check): Use it.
* guix/ui.scm (show-what-to-build): When VERBOSITY is 1, add a newline
before the "would/will be downloaded" line, and wrap that message in
'highlight'.
In practice we're always using the same key pair,
/etc/guix/signing-key.{pub,sec}. Keeping them in cache allows us to
avoid redundant I/O and parsing when signing multiple store items in a
row.
* guix/scripts/authenticate.scm (load-key-pair): New procedure.
(sign-with-key): Remove 'key-file' parameter and add 'public-key' and
'secret-key'. Adjust accordingly.
(validate-signature): Add 'acl' parameter and pass it to
'authorized-key?'.
(guix-authenticate)[call-with-reply]: New procedure.
[with-reply]: New macro.
Call 'current-acl' upfront and cache its result. Add 'key-pairs' as an
argument to 'loop' and use it as a cache of key pairs.
Previously, we'd spawn 'guix authenticate' once for each item that has
to be signed (when exporting) or authenticated (when importing). Now,
we spawn it once for all and then follow a request/reply protocol. This
reduces the wall-clock time of:
guix archive --export -r $(guix build coreutils -d)
from 30s to 2s.
* guix/scripts/authenticate.scm (sign-with-key): Return the signature
instead of displaying it. Raise a &formatted-message instead of calling
'leave'.
(validate-signature): Likewise.
(read-command): New procedure.
(define-enumerate-type, reply-code): New macros.
(guix-authenticate)[send-reply]: New procedure.
Change to read commands from current-input-port.
* nix/libstore/local-store.cc (runAuthenticationProgram): Remove.
(authenticationAgent, readInteger, readAuthenticateReply): New
functions.
(signHash, verifySignature): Rewrite in terms of the agent.
* tests/store.scm ("import not signed"): Remove 'pk' call.
("import signed by unauthorized key"): Check the error message of C.
* tests/guix-authenticate.sh: Rewrite using the new protocol.
fixlet
* guix/svn-download.scm (download-svn-to-store): Add a subdirectory to
the download path. The subdirectory is used as the target for the 'svn
export' command, avoiding a 'directory exists' error when attempting to
use the parent directory directly.
It was made transactional in a4678c6ba1, with
the reasoning to prevent broken intermediate states from being visible. I
think this means something like an entry being in ValidPaths, but the Refs not
being inserted.
Using a transaction for this makes sense, but I think using one single
transaction for the whole register-items call is unnecessary to avoid broken
states from being visible, and could block other writes to the store database
while register-items is running. Because the deduplication and resetting
timestamps happens within the transaction as well, even though these things
don't involve the database, writes to the database will still be blocked while
this is happening.
To reduce the potential for register-items to block other writers to the
database for extended periods, this commit moves the transaction to just wrap
the call to sqlite-register. This is the one place where writes occur, so that
should prevent the broken intermediate states issue above. The one difference
this will make is some of the registered items will be visible to other
connections while others may be still being added. I think this is OK, as it's
equivalent to just registering different items.
* guix/store/database.scm (register-items): Reduce transaction scope.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
It's necessary that store items be locked and protected from garbage
collection while they are being registered. This documents that.
* guix/store/database.scm (register-path, register-items): document GC
protection and locking requirements.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
This causes with-writable-file to take into consideration the actual store
being used, as passed to 'deduplicate', rather than
whatever (%store-directory) may return.
* guix/store/deduplication.scm (replace-with-link): new keyword argument
'store'. Pass to with-writable-file.
(with-writable-file, call-with-writable-file): new store argument.
(deduplicate): pass store to replace-with-link.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
