diff --git a/.dir-locals.el b/.dir-locals.el index bad3900a96..4eb27d8b1b 100644 --- a/.dir-locals.el +++ b/.dir-locals.el @@ -134,7 +134,6 @@ (eval . (put 'call-with-progress-reporter 'scheme-indent-function 1)) (eval . (put 'with-repository 'scheme-indent-function 2)) (eval . (put 'with-temporary-git-repository 'scheme-indent-function 2)) - (eval . (put 'with-temporary-git-worktree 'scheme-indent-function 2)) (eval . (put 'with-environment-variables 'scheme-indent-function 1)) (eval . (put 'with-fresh-gnupg-setup 'scheme-indent-function 1)) diff --git a/Makefile.am b/Makefile.am index e7053ee4f4..d63f2ae4b7 100644 --- a/Makefile.am +++ b/Makefile.am @@ -562,7 +562,7 @@ dist_zshcompletion_DATA = etc/completion/zsh/_guix dist_fishcompletion_DATA = etc/completion/fish/guix.fish # SELinux policy -nodist_selinux_policy_DATA = etc/guix-daemon.cil.in +nodist_selinux_policy_DATA = etc/guix-daemon.cil EXTRA_DIST += \ HACKING \ @@ -570,6 +570,7 @@ EXTRA_DIST += \ TODO \ CODE-OF-CONDUCT \ .dir-locals.el \ + .guix-authorizations \ .guix-channel \ scripts/guix.in \ etc/guix-install.sh \ @@ -710,7 +711,7 @@ AM_DISTCHECK_CONFIGURE_FLAGS = \ ac_cv_guix_test_root="$(GUIX_TEST_ROOT)" # Name of the 'guix' package shipped in the binary tarball. -GUIX_FOR_BINARY_TARBALL = guile3.0-guix +GUIX_FOR_BINARY_TARBALL = guix # The self-contained tarball. guix-binary.%.tar.xz: @@ -730,8 +731,8 @@ distcheck-hook: assert-binaries-available assert-final-inputs-self-contained EXTRA_DIST += $(top_srcdir)/.version BUILT_SOURCES += $(top_srcdir)/.version -$(top_srcdir)/.version: - echo $(VERSION) > "$@-t" && mv "$@-t" "$@" +$(top_srcdir)/.version: config.status + $(AM_V_GEN)echo $(VERSION) > "$@-t" && mv "$@-t" "$@" gen-tarball-version: echo $(VERSION) > "$(distdir)/.tarball-version" @@ -826,9 +827,10 @@ release: dist-with-updated-version $(MKDIR_P) "$(releasedir)" rm -f "$(releasedir)"/* mv $(SOURCE_TARBALLS) "$(releasedir)" - $(top_builddir)/pre-inst-env "$(GUILE)" \ - $(top_srcdir)/build-aux/update-guix-package.scm \ - "`git rev-parse HEAD`" "$(PACKAGE_VERSION)" + GUIX_ALLOW_ME_TO_USE_PRIVATE_COMMIT=yes \ + $(top_builddir)/pre-inst-env "$(GUILE)" \ + $(top_srcdir)/build-aux/update-guix-package.scm \ + "`git rev-parse HEAD`" "$(PACKAGE_VERSION)" git add $(top_srcdir)/gnu/packages/package-management.scm git commit -m "gnu: guix: Update to $(PACKAGE_VERSION)." $(top_builddir)/pre-inst-env guix build $(GUIX_FOR_BINARY_TARBALL) \ @@ -840,9 +842,10 @@ release: dist-with-updated-version mv "guix-binary.$$system.tar.xz" \ "$(releasedir)/guix-binary-$(PACKAGE_VERSION).$$system.tar.xz" ; \ done - $(top_builddir)/pre-inst-env "$(GUILE)" \ - $(top_srcdir)/build-aux/update-guix-package.scm \ - "`git rev-parse HEAD`" + GUIX_ALLOW_ME_TO_USE_PRIVATE_COMMIT=yes \ + $(top_builddir)/pre-inst-env "$(GUILE)" \ + $(top_srcdir)/build-aux/update-guix-package.scm \ + "`git rev-parse HEAD`" git add $(top_srcdir)/gnu/packages/package-management.scm git commit -m "gnu: guix: Update to `git rev-parse HEAD | cut -c1-7`." $(top_builddir)/pre-inst-env guix build guix \ diff --git a/NEWS b/NEWS index ab1838398c..62b599c9c9 100644 --- a/NEWS +++ b/NEWS @@ -60,6 +60,8 @@ Please send Guix bug reports to bug-guix@gnu.org. *** ‘swap-devices’ field of ‘operating-system’ can contains UUIDs and labels *** Graphical installer uses UUIDs for unencrypted swap partitions *** Graphical installer now supports NTFS file systems +*** File systems UUIDs and labels now recognized for F2FS and NTFS +*** Root file system can now be on NFS *** New services autossh, ganeti, gmnisrv, guix-build-coordinator, @@ -96,6 +98,8 @@ simulated-wifi, udev-rules, unattended-upgrade, webssh, zram () *** ‘guix system reconfigure’ now starts services not currently running () +*** Desktop environments now detect newly installed applications + () *** Offloading and copying small items is now much faster () *** GCC switched back to C_INCLUDE_PATH & co. from CPATH diff --git a/build-aux/update-guix-package.scm b/build-aux/update-guix-package.scm index ff6b105468..9fe6c201cc 100644 --- a/build-aux/update-guix-package.scm +++ b/build-aux/update-guix-package.scm @@ -44,9 +44,6 @@ (define %top-srcdir (string-append (current-source-directory) "/..")) -(define version-controlled? - (git-predicate %top-srcdir)) - (define (package-definition-location) "Return the source properties of the definition of the 'guix' package." (call-with-input-file (location-file (package-location guix)) @@ -114,8 +111,9 @@ (define (git-add-worktree directory commit) "Create a new git worktree at DIRECTORY, detached on commit COMMIT." (invoke "git" "worktree" "add" "--detach" directory commit)) -(define-syntax-rule (with-temporary-git-worktree commit body ...) - "Execute BODY in the context of a temporary git worktree created from COMMIT." +(define (call-with-temporary-git-worktree commit proc) + "Execute PROC in the context of a temporary git worktree created from +COMMIT. PROC receives the temporary directory file name as an argument." (call-with-temporary-directory (lambda (tmp-directory) (dynamic-wind @@ -123,12 +121,12 @@ (define-syntax-rule (with-temporary-git-worktree commit body ...) #t) (lambda () (git-add-worktree tmp-directory commit) - (with-directory-excursion tmp-directory body ...)) + (proc tmp-directory)) (lambda () (invoke "git" "worktree" "remove" "--force" tmp-directory)))))) (define %savannah-guix-git-repo-push-url-regexp - "git.(savannah|sv).gnu.org/srv/git/guix.git \\(push\\)") + "git.(savannah|sv).gnu.org:?/srv/git/guix.git \\(push\\)") (define-syntax-rule (with-input-pipe-to-string prog arg ...) (let* ((input-pipe (open-pipe* OPEN_READ prog arg ...)) @@ -156,27 +154,60 @@ (define (commit-already-pushed? remote commit) "git" "branch" "-r" "--contains" commit (string-append remote "/master"))))) +(define (keep-source-in-store store source) + "Add SOURCE to the store under the name that the 'guix' package expects." + + ;; Add SOURCE to the store, but this time under the real name used in the + ;; 'origin'. This allows us to build the package without having to make a + ;; real checkout; thus, it also works when working on a private branch. + (reload-module + (resolve-module '(gnu packages package-management))) + + (let* ((source (add-to-store store + (origin-file-name (package-source guix)) + #t "sha256" source + #:select? (git-predicate source))) + (root (store-path-package-name source))) + + ;; Add an indirect GC root for SOURCE in the current directory. + (false-if-exception (delete-file root)) + (symlink source root) + (add-indirect-root store + (string-append (getcwd) "/" root)) + + (info (G_ "source code kept in ~a (GC root: ~a)~%") + source root))) + (define (main . args) (match args ((commit version) (with-directory-excursion %top-srcdir (or (getenv "GUIX_ALLOW_ME_TO_USE_PRIVATE_COMMIT") - (commit-already-pushed? (find-origin-remote) commit) + (let ((remote (find-origin-remote))) + (unless remote + (leave (G_ "Failed to find the origin git remote.~%"))) + (commit-already-pushed? remote commit)) (leave (G_ "Commit ~a is not pushed upstream. Aborting.~%") commit)) - (let* ((hash (with-temporary-git-worktree commit - (nix-base32-string->bytevector - (string-trim-both - (with-output-to-string - (lambda () - (guix-hash "-rx" "."))))))) - (location (package-definition-location)) - (old-hash (content-hash-value - (origin-hash (package-source guix))))) - (edit-expression location - (update-definition commit hash - #:old-hash old-hash - #:version version))))) + (call-with-temporary-git-worktree commit + (lambda (tmp-directory) + (let* ((hash (nix-base32-string->bytevector + (string-trim-both + (with-output-to-string + (lambda () + (guix-hash "-rx" tmp-directory)))))) + (location (package-definition-location)) + (old-hash (content-hash-value + (origin-hash (package-source guix))))) + (edit-expression location + (update-definition commit hash + #:old-hash old-hash + #:version version)) + ;; When GUIX_ALLOW_ME_TO_USE_PRIVATE_COMMIT is set, the sources are + ;; added to the store. This is used as part of 'make release'. + (when (getenv "GUIX_ALLOW_ME_TO_USE_PRIVATE_COMMIT") + (with-store store + (keep-source-in-store store tmp-directory)))))))) ((commit) ;; Automatically deduce the version and revision numbers. (main commit #f)))) diff --git a/doc/contributing.texi b/doc/contributing.texi index d3f6325c3f..d8de71055a 100644 --- a/doc/contributing.texi +++ b/doc/contributing.texi @@ -1368,11 +1368,6 @@ commit that others can't refer to, a check is made that the commit used has already been pushed to the Savannah-hosted Guix git repository. This check can be disabled, @emph{at your own peril}, by setting the -@code{GUIX_ALLOW_ME_TO_USE_PRIVATE_COMMIT} environment variable. - -To build the resulting 'guix' package when using a private commit, the -following command can be used: - -@example -./pre-inst-env guix build guix --with-git-url=guix=$PWD -@end example +@code{GUIX_ALLOW_ME_TO_USE_PRIVATE_COMMIT} environment variable. When +this variable is set, the updated package source is also added to the +store. This is used as part of the release process of Guix. diff --git a/etc/guix-daemon.cil.in b/etc/guix-daemon.cil.in index e0c9113498..91958b7617 100644 --- a/etc/guix-daemon.cil.in +++ b/etc/guix-daemon.cil.in @@ -1,6 +1,8 @@ ; -*- lisp -*- ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2018 Ricardo Wurmus +;;; Copyright © 2020 Daniel Brooks +;;; Copyright © 2020 Marius Bakke ;;; ;;; This file is part of GNU Guix. ;;; @@ -21,6 +23,18 @@ ;; Intermediate Language (CIL). It refers to types that must be defined in ;; the system's base policy. +;; If you, like me, need advice about fixing an SELinux policy, I recommend +;; reading https://danwalsh.livejournal.com/55324.html + +;; In particular, you can run semanage permissive -a guix_daemon.guix_daemon_t +;; to allow guix-daemon to do whatever it wants. SELinux will still check its +;; permissions, and when it doesn't have permission it will still send an +;; audit message to your system logs. This lets you know what permissions it +;; ought to have. Use ausearch --raw to find the permissions violations, then +;; pipe that to audit2allow to generate an updated policy. You'll still need +;; to translate that policy into CIL in order to update this file, but that's +;; fairly straight-forward. Annoying, but easy. + (block guix_daemon ;; Require existing types (typeattributeset cil_gen_require init_t) @@ -34,14 +48,19 @@ (roletype object_r guix_daemon_t) (type guix_daemon_conf_t) (roletype object_r guix_daemon_conf_t) + (typeattributeset file_type guix_daemon_conf_t) (type guix_daemon_exec_t) (roletype object_r guix_daemon_exec_t) + (typeattributeset file_type guix_daemon_exec_t) (type guix_daemon_socket_t) (roletype object_r guix_daemon_socket_t) + (typeattributeset file_type guix_daemon_socket_t) (type guix_store_content_t) (roletype object_r guix_store_content_t) + (typeattributeset file_type guix_store_content_t) (type guix_profiles_t) (roletype object_r guix_profiles_t) + (typeattributeset file_type guix_profiles_t) ;; These types are domains, thereby allowing process rules (typeattributeset domain (guix_daemon_t guix_daemon_exec_t)) @@ -55,6 +74,30 @@ (typetransition guix_store_content_t guix_daemon_exec_t process guix_daemon_t) + (roletype system_r guix_daemon_t) + + ;; allow init_t to read and execute guix files + (allow init_t + guix_profiles_t + (lnk_file (read))) + (allow init_t + guix_daemon_exec_t + (file (execute))) + (allow init_t + guix_daemon_t + (process (transition))) + (allow init_t + guix_store_content_t + (lnk_file (read))) + (allow init_t + guix_store_content_t + (file (open read execute))) + + ;; guix-daemon needs to know the names of users + (allow guix_daemon_t + passwd_file_t + (file (getattr open read))) + ;; Permit communication with NSCD (allow guix_daemon_t nscd_var_run_t @@ -71,25 +114,44 @@ (allow guix_daemon_t nscd_t (unix_stream_socket (connectto))) + (allow guix_daemon_t nscd_t + (nscd (getgrp gethost getpwd getserv shmemgrp shmemhost shmempwd shmemserv))) + + ;; permit downloading packages via HTTP(s) + (allow guix_daemon_t http_port_t + (tcp_socket (name_connect))) + (allow guix_daemon_t ftp_port_t + (tcp_socket (name_connect))) + (allow guix_daemon_t ephemeral_port_t + (tcp_socket (name_connect))) ;; Permit logging and temp file access (allow guix_daemon_t tmp_t - (lnk_file (setattr unlink))) + (lnk_file (create rename setattr unlink))) (allow guix_daemon_t tmp_t - (dir (create - rmdir + (file (link rename create execute execute_no_trans write unlink setattr map relabelto))) + (allow guix_daemon_t + tmp_t + (fifo_file (open read write create getattr ioctl setattr unlink))) + (allow guix_daemon_t + tmp_t + (dir (create rename + rmdir relabelto add_name remove_name open read write getattr setattr search))) + (allow guix_daemon_t + tmp_t + (sock_file (create getattr setattr unlink write))) (allow guix_daemon_t var_log_t (file (create getattr open write))) (allow guix_daemon_t var_log_t - (dir (getattr write add_name))) + (dir (getattr create write add_name))) (allow guix_daemon_t var_run_t (lnk_file (read))) @@ -100,10 +162,10 @@ ;; Spawning processes, execute helpers (allow guix_daemon_t self - (process (fork))) + (process (fork execmem setrlimit setpgid setsched))) (allow guix_daemon_t guix_daemon_exec_t - (file (execute execute_no_trans read open))) + (file (execute execute_no_trans read open entrypoint map))) ;; TODO: unknown (allow guix_daemon_t @@ -119,38 +181,51 @@ ;; Build isolation (allow guix_daemon_t guix_store_content_t - (file (mounton))) + (file (ioctl mounton))) (allow guix_store_content_t fs_t (filesystem (associate))) (allow guix_daemon_t guix_store_content_t - (dir (mounton))) + (dir (read mounton))) (allow guix_daemon_t guix_daemon_t (capability (net_admin fsetid fowner chown setuid setgid dac_override dac_read_search - sys_chroot))) + sys_chroot + sys_admin))) (allow guix_daemon_t fs_t (filesystem (unmount))) + (allow guix_daemon_t + devpts_t + (dir (search))) (allow guix_daemon_t devpts_t (filesystem (mount))) (allow guix_daemon_t devpts_t - (chr_file (setattr getattr))) + (chr_file (ioctl open read write setattr getattr))) (allow guix_daemon_t tmpfs_t - (filesystem (mount))) + (filesystem (getattr mount))) (allow guix_daemon_t tmpfs_t - (dir (getattr))) + (file (create open read unlink write))) + (allow guix_daemon_t + tmpfs_t + (dir (getattr add_name remove_name write))) (allow guix_daemon_t proc_t - (filesystem (mount))) + (file (getattr open read))) + (allow guix_daemon_t + proc_t + (dir (read))) + (allow guix_daemon_t + proc_t + (filesystem (associate mount))) (allow guix_daemon_t null_device_t (chr_file (getattr open read write))) @@ -179,7 +254,7 @@ search rename add_name remove_name open write - rmdir))) + rmdir relabelfrom))) (allow guix_daemon_t guix_store_content_t (file (create @@ -189,7 +264,7 @@ link unlink map rename - open read write))) + open read write relabelfrom))) (allow guix_daemon_t guix_store_content_t (lnk_file (create @@ -197,17 +272,23 @@ link unlink read rename))) + (allow guix_daemon_t + guix_store_content_t + (fifo_file (create getattr open read unlink write))) + (allow guix_daemon_t + guix_store_content_t + (sock_file (create getattr unlink write))) ;; Access to configuration files and directories (allow guix_daemon_t guix_daemon_conf_t - (dir (search + (dir (search create setattr getattr add_name remove_name open read write))) (allow guix_daemon_t guix_daemon_conf_t - (file (create + (file (create rename lock map getattr setattr @@ -216,11 +297,17 @@ (allow guix_daemon_t guix_daemon_conf_t (lnk_file (create getattr rename unlink))) + (allow guix_daemon_t net_conf_t + (file (getattr open read))) + (allow guix_daemon_t net_conf_t + (lnk_file (read))) + (allow guix_daemon_t NetworkManager_var_run_t + (dir (search))) ;; Access to profiles (allow guix_daemon_t guix_profiles_t - (dir (getattr setattr read open))) + (dir (search getattr setattr read write open create add_name))) (allow guix_daemon_t guix_profiles_t (lnk_file (read getattr))) @@ -233,8 +320,22 @@ (allow guix_daemon_t user_home_t (dir (search))) + (allow guix_daemon_t + cache_home_t + (dir (search))) + + ;; self upgrades + (allow guix_daemon_t + self + (dir (add_name write))) + (allow guix_daemon_t + self + (netlink_route_socket (bind create getattr nlmsg_read read write))) ;; Socket operations + (allow guix_daemon_t + guix_daemon_socket_t + (sock_file (unlink))) (allow guix_daemon_t init_t (fd (use))) @@ -253,12 +354,53 @@ read write connect bind accept getopt setopt))) + (allow guix_daemon_t + self + (tcp_socket (accept listen bind connect create setopt getopt getattr ioctl read write shutdown))) + (allow guix_daemon_t + unreserved_port_t + (tcp_socket (name_bind name_connect accept listen))) + (allow guix_daemon_t + self + (udp_socket (connect getattr bind getopt setopt))) (allow guix_daemon_t self (fifo_file (write read))) (allow guix_daemon_t self (udp_socket (ioctl create))) + (allow guix_daemon_t + self + (unix_stream_socket (connectto))) + + (allow guix_daemon_t + node_t + (tcp_socket (node_bind))) + (allow guix_daemon_t + node_t + (udp_socket (node_bind))) + (allow guix_daemon_t + port_t + (tcp_socket (name_connect))) + (allow guix_daemon_t + rtp_media_port_t + (udp_socket (name_bind))) + (allow guix_daemon_t + vnc_port_t + (tcp_socket (name_bind))) + + ;; I guess sometimes it needs random numbers + (allow guix_daemon_t + random_device_t + (chr_file (read))) + + ;; guix system vm + (allow guix_daemon_t + kvm_device_t + (chr_file (ioctl open read write))) + (allow guix_daemon_t + kernel_t + (system (ipc_info))) ;; Label file system (filecon "@guix_sysconfdir@/guix(/.*)?" @@ -277,5 +419,7 @@ file (system_u object_r guix_daemon_exec_t (low low))) (filecon "@storedir@/.+-(guix-.+|profile)/bin/guix-daemon" file (system_u object_r guix_daemon_exec_t (low low))) + (filecon "@storedir@/[a-z0-9]+-guix-daemon" + file (system_u object_r guix_daemon_exec_t (low low))) (filecon "@guix_localstatedir@/guix/daemon-socket/socket" any (system_u object_r guix_daemon_socket_t (low low)))) diff --git a/gnu/local.mk b/gnu/local.mk index d4d10bc32b..217c05eab6 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1054,6 +1054,7 @@ dist_patch_DATA = \ %D%/packages/patches/ghostscript-no-header-id.patch \ %D%/packages/patches/ghostscript-no-header-uuid.patch \ %D%/packages/patches/ghostscript-no-header-creationdate.patch \ + %D%/packages/patches/glib-appinfo-watch.patch \ %D%/packages/patches/glib-tests-timer.patch \ %D%/packages/patches/glibc-CVE-2018-11236.patch \ %D%/packages/patches/glibc-CVE-2018-11237.patch \ diff --git a/gnu/packages/glib.scm b/gnu/packages/glib.scm index 901222476a..43523e516d 100644 --- a/gnu/packages/glib.scm +++ b/gnu/packages/glib.scm @@ -181,6 +181,7 @@ (define glib (package (name "glib") (version "2.62.6") + (replacement glib-with-gio-patch) (source (origin (method url-fetch) (uri (string-append "mirror://gnome/sources/" @@ -387,11 +388,20 @@ (define pattern+procs (home-page "https://developer.gnome.org/glib/") (license license:lgpl2.1+))) +(define glib-with-gio-patch + ;; GLib with a fix for . + ;; TODO: Fold into 'glib' above in the next rebuild cycle. + (package + (inherit glib) + (source (origin + (inherit (package-source glib)) + (patches (cons (search-patch "glib-appinfo-watch.patch") + (origin-patches (package-source glib)))))))) + (define-public glib-with-documentation ;; glib's doc must be built in a separate package since it requires gtk-doc, ;; which in turn depends on glib. - (package - (inherit glib) + (package/inherit glib (properties (alist-delete 'hidden? (package-properties glib))) (outputs (cons "doc" (package-outputs glib))) ; 20 MiB of GTK-Doc reference (native-inputs diff --git a/gnu/packages/package-management.scm b/gnu/packages/package-management.scm index 4a7a15c378..6075df6afa 100644 --- a/gnu/packages/package-management.scm +++ b/gnu/packages/package-management.scm @@ -130,9 +130,9 @@ (define-public guix ;; Latest version of Guix, which may or may not correspond to a release. ;; Note: the 'update-guix-package.scm' script expects this definition to ;; start precisely like this. - (let ((version "1.1.0") - (commit "5e7cf66fb35780f930ad0bc5fe21ac330df4411d") - (revision 32)) + (let ((version "1.2.0rc1") + (commit "3ba6ffd0dd092ae879d014e4971989f231eaa56d") + (revision 1)) (package (name "guix") @@ -148,7 +148,7 @@ (define-public guix (commit commit))) (sha256 (base32 - "15clfjp845gvl0p6qw0b1gdibqfq20zwzr6dbxvq8l9fgzj1kb6b")) + "1wa67gdipmzqr400hp0cw5ih0rlfvj345h65rqbk9s4g3bkg38hm")) (file-name (string-append "guix-" version "-checkout")))) (build-system gnu-build-system) (arguments @@ -336,7 +336,13 @@ (define code (let ((bash (assoc-ref inputs "bash"))) (substitute* (string-append out "/bin/guix") (("^#!.*/bash") (string-append "#! " bash "/bin/bash"))))) - #t)))))) + #t))) + + ;; The 'guix' executable has 'OUT/libexec/guix/guile' has + ;; its shebang; that should remain unchanged, thus remove + ;; the 'patch-shebangs' phase, which would otherwise + ;; change it to 'GUILE/bin/guile'. + (delete 'patch-shebangs)))) (native-inputs `(("pkg-config" ,pkg-config) ;; Guile libraries are needed here for diff --git a/gnu/packages/patches/glib-appinfo-watch.patch b/gnu/packages/patches/glib-appinfo-watch.patch new file mode 100644 index 0000000000..638a5e0949 --- /dev/null +++ b/gnu/packages/patches/glib-appinfo-watch.patch @@ -0,0 +1,92 @@ +This patch lets GLib's GDesktopAppInfo API watch and notice changes +to the Guix user and system profiles. That way, the list of available +applications shown by the desktop environment is immediately updated +when the user runs "guix install", "guix remove", or "guix system +reconfigure" (see ). + +It does so by monitoring /var/guix/profiles (for changes to the system +profile) and /var/guix/profiles/per-user/USER (for changes to the user +profile) and crawling their share/applications sub-directory when +changes happen. + +diff --git a/gio/gdesktopappinfo.c b/gio/gdesktopappinfo.c +index f1e2fdd..095c110 100644 +--- a/gio/gdesktopappinfo.c ++++ b/gio/gdesktopappinfo.c +@@ -148,6 +148,7 @@ typedef struct + gchar *alternatively_watching; + gboolean is_config; + gboolean is_setup; ++ gchar *guix_profile_watch_dir; + GFileMonitor *monitor; + GHashTable *app_names; + GHashTable *mime_tweaks; +@@ -180,6 +181,7 @@ desktop_file_dir_unref (DesktopFileDir *dir) + { + desktop_file_dir_reset (dir); + g_free (dir->path); ++ g_free (dir->guix_profile_watch_dir); + g_free (dir); + } + } +@@ -204,6 +206,13 @@ desktop_file_dir_get_alternative_dir (DesktopFileDir *dir) + { + gchar *parent; + ++ /* If DIR is a profile, watch the specified directory--e.g., ++ * /var/guix/profiles/per-user/$USER/ for the user profile. Do not watch ++ * ~/.guix-profile or /run/current-system/profile because GFileMonitor does ++ * not pass IN_DONT_FOLLOW and thus cannot notice any change. */ ++ if (dir->guix_profile_watch_dir != NULL) ++ return g_strdup (dir->guix_profile_watch_dir); ++ + /* If the directory itself exists then we need no alternative. */ + if (g_access (dir->path, R_OK | X_OK) == 0) + return NULL; +@@ -249,11 +258,11 @@ desktop_file_dir_changed (GFileMonitor *monitor, + * + * If this is a notification for a parent directory (because the + * desktop directory didn't exist) then we shouldn't fire the signal +- * unless something actually changed. ++ * unless something actually changed or it's in /var/guix/profiles. + */ + g_mutex_lock (&desktop_file_dir_lock); + +- if (dir->alternatively_watching) ++ if (dir->alternatively_watching && dir->guix_profile_watch_dir == NULL) + { + gchar *alternative_dir; + +@@ -1555,6 +1564,32 @@ desktop_file_dirs_lock (void) + for (i = 0; dirs[i]; i++) + g_ptr_array_add (desktop_file_dirs, desktop_file_dir_new (dirs[i])); + ++ { ++ /* Monitor the system and user profile under /var/guix/profiles and ++ * treat modifications to them as if they were modifications to their ++ * /share sub-directory. */ ++ const gchar *user; ++ DesktopFileDir *system_profile_dir, *user_profile_dir; ++ ++ system_profile_dir = ++ desktop_file_dir_new ("/var/guix/profiles/system/profile/share"); ++ system_profile_dir->guix_profile_watch_dir = g_strdup ("/var/guix/profiles"); ++ g_ptr_array_add (desktop_file_dirs, desktop_file_dir_ref (system_profile_dir)); ++ ++ user = g_get_user_name (); ++ if (user != NULL) ++ { ++ gchar *profile_dir, *user_data_dir; ++ ++ profile_dir = g_build_filename ("/var/guix/profiles/per-user", user, NULL); ++ user_data_dir = g_build_filename (profile_dir, "guix-profile", "share", NULL); ++ user_profile_dir = desktop_file_dir_new (user_data_dir); ++ user_profile_dir->guix_profile_watch_dir = profile_dir; ++ g_ptr_array_add (desktop_file_dirs, desktop_file_dir_ref (user_profile_dir)); ++ g_free (user_data_dir); ++ } ++ } ++ + /* The list of directories will never change after this, unless + * g_get_user_config_dir() changes due to %G_TEST_OPTION_ISOLATE_DIRS. */ + desktop_file_dirs_config_dir = user_config_dir; diff --git a/gnu/packages/python-web.scm b/gnu/packages/python-web.scm index 6e1720376f..504d9a112a 100644 --- a/gnu/packages/python-web.scm +++ b/gnu/packages/python-web.scm @@ -26,7 +26,7 @@ ;;; Copyright © 2018 Tomáš Čech ;;; Copyright © 2018, 2019 Nicolas Goaziou ;;; Copyright © 2018 Mathieu Othacehe -;;; Copyright © 2018 Maxim Cournoyer +;;; Copyright © 2018, 2020 Maxim Cournoyer ;;; Copyright © 2019 Vagrant Cascadian ;;; Copyright © 2019 Brendan Tildesley ;;; Copyright © 2019 Pierre Langlois @@ -2893,21 +2893,30 @@ (define-public python-flask-basicauth (name "python-flask-basicauth") (version "0.2.0") (source - (origin - (method url-fetch) - (uri (pypi-uri "Flask-BasicAuth" version)) - (sha256 - (base32 - "1zq1spkjr4sjdnalpp8wl242kdqyk6fhbnhr8hi4r4f0km4bspnz")))) + (origin + (method url-fetch) + (uri (pypi-uri "Flask-BasicAuth" version)) + (sha256 + (base32 + "1zq1spkjr4sjdnalpp8wl242kdqyk6fhbnhr8hi4r4f0km4bspnz")))) (build-system python-build-system) + (arguments + `(#:phases (modify-phases %standard-phases + (add-after 'unpack 'fix-imports + (lambda _ + (substitute* '("docs/index.rst" + "docs/conf.py" + "flask_basicauth.py" + "test_basicauth.py") + (("flask\\.ext\\.basicauth") + "flask_basicauth")) + #t))))) (propagated-inputs `(("python-flask" ,python-flask))) - (home-page - "https://github.com/jpvanhal/flask-basicauth") - (synopsis - "HTTP basic access authentication for Flask") + (home-page "https://github.com/jpvanhal/flask-basicauth") + (synopsis "HTTP basic access authentication for Flask") (description - "This package provides HTTP basic access authentication for Flask.") + "This package provides HTTP basic access authentication for Flask.") (license license:bsd-3))) (define-public python-flask-htpasswd diff --git a/gnu/services/base.scm b/gnu/services/base.scm index 416bc02a96..e6341e3cd9 100644 --- a/gnu/services/base.scm +++ b/gnu/services/base.scm @@ -106,6 +106,12 @@ (define-module (gnu services base) agetty-service-type mingetty-configuration + mingetty-configuration-tty + mingetty-configuration-auto-login + mingetty-configuration-login-program + mingetty-configuration-login-pause? + mingetty-configuration-clear-on-logout? + mingetty-configuration-mingetty mingetty-configuration? mingetty-service mingetty-service-type @@ -285,8 +291,19 @@ (define (root-file-system-service) (define (file-system->shepherd-service-name file-system) "Return the symbol that denotes the service mounting and unmounting FILE-SYSTEM." - (symbol-append 'file-system- - (string->symbol (file-system-mount-point file-system)))) + (define valid-characters + ;; Valid store characters; see 'checkStoreName' in the daemon. + (string->char-set + "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz+-._?=")) + + (define mount-point + (string-map (lambda (chr) + (if (char-set-contains? valid-characters chr) + chr + #\-)) + (file-system-mount-point file-system))) + + (symbol-append 'file-system- (string->symbol mount-point))) (define (mapped-device->shepherd-service-name md) "Return the symbol that denotes the shepherd service of MD, a ." diff --git a/guix/scripts/build.scm b/guix/scripts/build.scm index e9de97c881..cc020632af 100644 --- a/guix/scripts/build.scm +++ b/guix/scripts/build.scm @@ -51,7 +51,9 @@ (define-module (guix scripts build) #:use-module ((guix progress) #:select (current-terminal-columns)) #:use-module ((guix build syscalls) #:select (terminal-columns)) #:use-module (guix transformations) - #:export (%standard-build-options + #:export (log-url + + %standard-build-options set-build-options-from-command-line set-build-options-from-command-line* show-build-options-help diff --git a/guix/scripts/pack.scm b/guix/scripts/pack.scm index 06509ace2d..0b29997200 100644 --- a/guix/scripts/pack.scm +++ b/guix/scripts/pack.scm @@ -59,11 +59,16 @@ (define-module (guix scripts pack) #:use-module (srfi srfi-37) #:use-module (ice-9 match) #:export (compressor? + compressor-name + compressor-extenstion + compressor-command + %compressors lookup-compressor self-contained-tarball docker-image squashfs-image + %formats guix-pack)) ;; Type of a compression tool. diff --git a/guix/scripts/publish.scm b/guix/scripts/publish.scm index a976a9ac60..f1a9970a7f 100644 --- a/guix/scripts/publish.scm +++ b/guix/scripts/publish.scm @@ -2,6 +2,7 @@ ;;; Copyright © 2015 David Thompson ;;; Copyright © 2020 by Amar M. Singh ;;; Copyright © 2015, 2016, 2017, 2018, 2019, 2020 Ludovic Courtès +;;; Copyright © 2020 Maxim Cournoyer ;;; ;;; This file is part of GNU Guix. ;;; @@ -250,6 +251,21 @@ (define %nix-cache-info ("WantMassQuery" . 0) ("Priority" . 100))) +;;; A common buffer size value used for the TCP socket SO_SNDBUF option and +;;; the gzip compressor buffer size. +(define %default-buffer-size + (* 208 1024)) + +(define %default-socket-options + ;; List of options passed to 'setsockopt' when transmitting files. + (list (list SO_SNDBUF %default-buffer-size))) + +(define* (configure-socket socket #:key (level SOL_SOCKET) + (options %default-socket-options)) + "Apply multiple option tuples in OPTIONS to SOCKET, using LEVEL." + (for-each (cut apply setsockopt socket level <>) + options)) + (define (signed-string s) "Sign the hash of the string S with the daemon's key. Return a canonical sexp for the signature." @@ -569,7 +585,7 @@ (define nar (lambda (port) (write-file item port)) #:level (compression-level compression) - #:buffer-size (* 128 1024)) + #:buffer-size %default-buffer-size) (rename-file (string-append nar ".tmp") nar)) ('lzip ;; Note: the file port gets closed along with the lzip port. @@ -866,7 +882,7 @@ (define (nar-response-port response compression) ;; 'make-gzip-output-port' wants a file port. (make-gzip-output-port (response-port response) #:level level - #:buffer-size (* 64 1024))) + #:buffer-size %default-buffer-size)) (($ 'lzip level) (make-lzip-output-port (response-port response) #:level level)) @@ -891,8 +907,7 @@ (define (http-write server client response body) client)) (port (begin (force-output client) - (setsockopt client SOL_SOCKET - SO_SNDBUF (* 128 1024)) + (configure-socket client) (nar-response-port response compression)))) ;; XXX: Given our ugly workaround for in ;; 'render-nar', BODY here is just the file name of the store item. @@ -922,7 +937,7 @@ (define (http-write server client response body) size) client)) (output (response-port response))) - (setsockopt client SOL_SOCKET SO_SNDBUF (* 128 1024)) + (configure-socket client) (if (file-port? output) (sendfile output input size) (dump-port input output)) @@ -1067,7 +1082,8 @@ (define* (run-publish-server socket store (define (open-server-socket address) "Return a TCP socket bound to ADDRESS, a socket address." (let ((sock (socket (sockaddr:fam address) SOCK_STREAM 0))) - (setsockopt sock SOL_SOCKET SO_REUSEADDR 1) + (configure-socket sock #:options (cons (list SO_REUSEADDR 1) + %default-socket-options)) (bind sock address) sock)) diff --git a/guix/scripts/pull.scm b/guix/scripts/pull.scm index bb1b560a22..7fd8b3f1a4 100644 --- a/guix/scripts/pull.scm +++ b/guix/scripts/pull.scm @@ -385,7 +385,7 @@ (define previous (and=> (relative-generation profile -1) (cut generation-file-name profile <>))) - (when previous + (and previous (let ((old-channels (profile-channels previous)) (new-channels (profile-channels profile))) ;; Find the channels present in both PROFILE and PREVIOUS, and print diff --git a/guix/self.scm b/guix/self.scm index bbfd2f1b95..026dcd9c1a 100644 --- a/guix/self.scm +++ b/guix/self.scm @@ -400,6 +400,12 @@ (define (available-translations directory domain) (find-files directory "\\.[a-z]{2}(_[A-Z]{2})?\\.po$"))) + (define parallel-jobs + ;; Limit thread creation by 'n-par-for-each'. Going beyond can + ;; lead libgc 8.0.4 to abort with: + ;; mmap(PROT_NONE) failed + (min (parallel-job-count) 4)) + (mkdir #$output) (copy-recursively #$documentation "." #:log (%make-void-port "w")) @@ -415,14 +421,14 @@ (define (available-translations directory domain) (setenv "LC_ALL" "en_US.UTF-8") (setlocale LC_ALL "en_US.UTF-8") - (n-par-for-each (parallel-job-count) + (n-par-for-each parallel-jobs (match-lambda ((language . po) (translate-texi "guix" po language #:extras '("contributing")))) (available-translations "." "guix-manual")) - (n-par-for-each (parallel-job-count) + (n-par-for-each parallel-jobs (match-lambda ((language . po) (translate-texi "guix-cookbook" po language))) diff --git a/tests/build-utils.scm b/tests/build-utils.scm index 47a57a984b..654b480ed9 100644 --- a/tests/build-utils.scm +++ b/tests/build-utils.scm @@ -1,5 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2012, 2015, 2016, 2019 Ludovic Courtès +;;; Copyright © 2012, 2015, 2016, 2019, 2020 Ludovic Courtès ;;; Copyright © 2019 Ricardo Wurmus ;;; ;;; This file is part of GNU Guix. @@ -174,7 +174,7 @@ (define-module (test-build-utils) (let ((script-file-name (string-append directory "/foo"))) (call-with-output-file script-file-name (lambda (port) - (format port script-contents))) + (display script-contents port))) (chmod script-file-name #o777) (wrap-script script-file-name `("GUIX_FOO" prefix ("/some/path"