This reverts commit e94dcbf3c2.
"gnu: icecat: Update to 102.10.0-guix0-preview1 [security fixes]." was
already pushed as 3ab983d630. And the
`icecat-102.9.0-source` was removed in
"gnu: icedove: Update to 102.10.0 [security fixes]." a741b554cb.
* gnu/packages/patches/zig-do-not-link-against-librt.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/zig.scm (zig-0.10): Use it. Also force LLVM to be dynamically
linked, and set up the CC env variable.
(zig-0.9): Also use the above patch.
Signed-off-by: Andreas Enge <andreas@enge.fr>
The timezone database should not be depended on by packages, but rather found at
runtime in the environment. Otherwise, this package will eventually report the
incorrect time, because time zones change regularly.
This reverts commit 99c1c7a30c.
Add a new 'proxy' field to openssh-host to allow ProxyCommand or
ProxyJump, but not both, to be configured. Configuring both would cause
the serialization order to determine which one is used. Deprecate the
'proxy-command' field because the 'proxy' field replaces it.
* gnu/home/services/ssh.scm (proxy-jump->string,
proxy-command-or-jump-list?, serialize-proxy-command-or-jump-list,
sanitize-proxy-command): New procedure.
(proxy-jump, proxy-command): New record type.
(openssh-host)[proxy-command]: Mark field as deprecated because OpenSSH
can't have ProxyCommand and ProxyJump configured at the same time.
* doc/guix.texi (Secure Shell): Update to match the changes to the
service.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Previously 'package-direct-sources' would trigger a wrong-type-arg error
when passed a package whose 'source' is not an origin, such as
'ruby-sorbet-runtime'.
* guix/packages.scm (package-direct-sources): Call 'expand' if and only
if (package-source package) is an origin.
* tests/guix-package-aliases.sh: "guix upgrade foo bar" has always
returned zero; adjust accordingly.
* tests/guix-refresh.sh: "guix refresh -t test idutils" and similar
return zero; adjust accordingly.
Addresses <https://issues.guix.gnu.org/62406>.
With 'set -e', a return status inverted with '!' does not cause the shell to
exit immediately. Instead use '&& false' to indicate an expected failure.
* tests/guix-archive.sh, tests/guix-build-branch.sh, tests/guix-build.sh,
tests/guix-daemon.sh, tests/guix-download.sh,
tests/guix-environment-container.sh, tests/guix-environment.sh,
tests/guix-gc.sh, tests/guix-git-authenticate.sh, tests/guix-graph.sh,
tests/guix-hash.sh, tests/guix-home.sh, tests/guix-pack-relocatable.sh,
tests/guix-pack.sh, tests/guix-package-aliases.sh, tests/guix-package-net.sh,
tests/guix-package.sh, tests/guix-refresh.sh, tests/guix-shell.sh,
tests/guix-style.sh, tests/guix-system.sh: Replace uses of '! ...' with
'... && false' or `test ! ...` as appropriate.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
By merely forking PID 1, details from PID 1 (shepherd) would leak into
the marionette process, such as the set of modules in scope and state
inherited from the shepherd process (<service> instances, fibers,
etc.). Running a fresh Guile instance avoids that.
* gnu/tests.scm (marionette-program): New procedure.
(marionette-shepherd-service): Change 'start' to use
'make-forkexec-constructor', and run the result of 'marionette-program'.
The previous code worked "by chance": 'start' from (shepherd service)
happened to be in scope because the marionette REPL is created by a mere
'primitive-fork', and 'start' happened to kinda work.
* gnu/tests/base.scm (run-basic-test): Use 'start-service' from (gnu
services herd), not 'start' from (shepherd service), which is not
supposed to work.
* gnu/tests/install.scm (run-install): Likewise.
This fixes CVE-2022-39316, CVE-2022-39317, CVE-2022-39318, CVE-2022-39319,
CVE-2022-39320, CVE-2022-41877, CVE-2022-39347, CVE-2022-39282,
CVE-2022-39283, CVE-2021-41159 and CVE-2021-41160.
* gnu/packages/rdesktop.scm (freerdp): Update to 2.2.0.
[arguments]: Use gexps. Do not set DOCBOOKXSL_DIR in #:configureflags.
This fixes CVE-2022-39316, CVE-2022-39317, CVE-2022-39318, CVE-2022-39319,
CVE-2022-39320, CVE-2022-41877, CVE-2022-39347, CVE-2022-39282,
CVE-2022-39283, CVE-2021-41159 and CVE-2021-41160.
* gnu/packages/rdesktop.scm (freerdp): Update to 2.2.0.
[arguments]: Use gexps. Do not set DOCBOOKXSL_DIR in #:configureflags.
This causes authentication failures such as those generated by SSH brute force
attacks to appear in /var/log/secure, which is picked up by tools such as
fail2ban.
* gnu/services/base.scm (%default-syslog.conf): Add a auth.info selector for
the /var/log/secure log.
Series-to: 62802@debbugs.gnu.org
This is a cosmetic change.
* gnu/services/base.scm (%default-syslog.conf): Add a comment referencing the
documentation. Strip the extraneous leading trailing white space indent.
Having the configuration live at a static location makes it possible to
hot-reload it.
* gnu/services/base.scm (syslog.conf): New variable.
(syslog-etc, syslog-shepherd-service): New procedures.
(syslog-service-type): Rewrite using the above new variable and procedures,
extending etc-service-type with its configuration file.
* gnu/packages/bioinformatics.scm (bppsuite): Update to 2.4.1.
[source]: Remove the commit and use the release version. Changed to the github
repo.
[arguments]: Remove the disabled parallel-build.
[inputs]: Use list.
[home-page]: Changed to github page.
* gnu/packages/bioinformatics.scm (bpp-popgen): Update to 2.4.1.
[source]: Remove the commit and use the release version. Changed to the github
repo.
[arguments]: Remove the disabled parallel-build.
[home-page]: Changed to new host Université Claude-Bernard Lyon 1.
* gnu/packages/machine-learning.scm (tensorflow)[arguments]: Replace build
phase 'python3.9-compatibility with 'python3.10-compatibility; patch for move
from "collections" to "collections.abc"; add well-meaning but potentially
reckless patch to remove overwrite error for __or__ and __ror__ methods;
adjust farmhash sources to build with GCC 11; do not use distutils.sysconfig.