From 3de898b43c1388a9244bdedd2d9f11511c9571d2 Mon Sep 17 00:00:00 2001 From: Maxim Cournoyer Date: Mon, 9 Nov 2020 13:14:31 -0500 Subject: [PATCH 01/22] maint: update-guix-package: Optionally add sources to store. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Following discussions in , keeping a copy of the updated package source is desirable when generating a release. * build-aux/update-guix-package.scm (version-controlled?): Remove variable. (call-with-temporary-git-worktree): Renamed from 'with-temporary-git-worktree'. Update doc. Do not change directory implicitly. Define as a procedure, not a syntax. (keep-source-in-store): New procedure. (main): Adjust to use with call-with-temporary-git-worktree. Add the sources to the store when GUIX_ALLOW_ME_TO_USE_PRIVATE_COMMIT is set. Exit gracefully when FIND-ORIGIN-REMOTE returns #f. (%savannah-guix-git-repo-push-url-regexp): Adjust match for a potential colon separator. * Makefile.am (GUIX_ALLOW_ME_TO_USE_PRIVATE_COMMIT): Adjust. * .dir-locals.el (scheme-mode): Remove entry for with-temporary-git-worktree. * doc/contributing.texi (Updating the Guix Package): Update doc. Co-authored-by: Ludovic Courtès --- .dir-locals.el | 1 - Makefile.am | 14 +++--- build-aux/update-guix-package.scm | 73 ++++++++++++++++++++++--------- doc/contributing.texi | 11 ++--- 4 files changed, 63 insertions(+), 36 deletions(-) diff --git a/.dir-locals.el b/.dir-locals.el index 8e5d3902e3..b1cb936a55 100644 --- a/.dir-locals.el +++ b/.dir-locals.el @@ -123,7 +123,6 @@ (eval . (put 'call-with-progress-reporter 'scheme-indent-function 1)) (eval . (put 'with-repository 'scheme-indent-function 2)) (eval . (put 'with-temporary-git-repository 'scheme-indent-function 2)) - (eval . (put 'with-temporary-git-worktree 'scheme-indent-function 2)) (eval . (put 'with-environment-variables 'scheme-indent-function 1)) (eval . (put 'with-fresh-gnupg-setup 'scheme-indent-function 1)) diff --git a/Makefile.am b/Makefile.am index e7053ee4f4..6faf8c9349 100644 --- a/Makefile.am +++ b/Makefile.am @@ -826,9 +826,10 @@ release: dist-with-updated-version $(MKDIR_P) "$(releasedir)" rm -f "$(releasedir)"/* mv $(SOURCE_TARBALLS) "$(releasedir)" - $(top_builddir)/pre-inst-env "$(GUILE)" \ - $(top_srcdir)/build-aux/update-guix-package.scm \ - "`git rev-parse HEAD`" "$(PACKAGE_VERSION)" + GUIX_ALLOW_ME_TO_USE_PRIVATE_COMMIT=yes \ + $(top_builddir)/pre-inst-env "$(GUILE)" \ + $(top_srcdir)/build-aux/update-guix-package.scm \ + "`git rev-parse HEAD`" "$(PACKAGE_VERSION)" git add $(top_srcdir)/gnu/packages/package-management.scm git commit -m "gnu: guix: Update to $(PACKAGE_VERSION)." $(top_builddir)/pre-inst-env guix build $(GUIX_FOR_BINARY_TARBALL) \ @@ -840,9 +841,10 @@ release: dist-with-updated-version mv "guix-binary.$$system.tar.xz" \ "$(releasedir)/guix-binary-$(PACKAGE_VERSION).$$system.tar.xz" ; \ done - $(top_builddir)/pre-inst-env "$(GUILE)" \ - $(top_srcdir)/build-aux/update-guix-package.scm \ - "`git rev-parse HEAD`" + GUIX_ALLOW_ME_TO_USE_PRIVATE_COMMIT=yes \ + $(top_builddir)/pre-inst-env "$(GUILE)" \ + $(top_srcdir)/build-aux/update-guix-package.scm \ + "`git rev-parse HEAD`" git add $(top_srcdir)/gnu/packages/package-management.scm git commit -m "gnu: guix: Update to `git rev-parse HEAD | cut -c1-7`." $(top_builddir)/pre-inst-env guix build guix \ diff --git a/build-aux/update-guix-package.scm b/build-aux/update-guix-package.scm index ff6b105468..9fe6c201cc 100644 --- a/build-aux/update-guix-package.scm +++ b/build-aux/update-guix-package.scm @@ -44,9 +44,6 @@ (define %top-srcdir (string-append (current-source-directory) "/..")) -(define version-controlled? - (git-predicate %top-srcdir)) - (define (package-definition-location) "Return the source properties of the definition of the 'guix' package." (call-with-input-file (location-file (package-location guix)) @@ -114,8 +111,9 @@ (define (git-add-worktree directory commit) "Create a new git worktree at DIRECTORY, detached on commit COMMIT." (invoke "git" "worktree" "add" "--detach" directory commit)) -(define-syntax-rule (with-temporary-git-worktree commit body ...) - "Execute BODY in the context of a temporary git worktree created from COMMIT." +(define (call-with-temporary-git-worktree commit proc) + "Execute PROC in the context of a temporary git worktree created from +COMMIT. PROC receives the temporary directory file name as an argument." (call-with-temporary-directory (lambda (tmp-directory) (dynamic-wind @@ -123,12 +121,12 @@ (define-syntax-rule (with-temporary-git-worktree commit body ...) #t) (lambda () (git-add-worktree tmp-directory commit) - (with-directory-excursion tmp-directory body ...)) + (proc tmp-directory)) (lambda () (invoke "git" "worktree" "remove" "--force" tmp-directory)))))) (define %savannah-guix-git-repo-push-url-regexp - "git.(savannah|sv).gnu.org/srv/git/guix.git \\(push\\)") + "git.(savannah|sv).gnu.org:?/srv/git/guix.git \\(push\\)") (define-syntax-rule (with-input-pipe-to-string prog arg ...) (let* ((input-pipe (open-pipe* OPEN_READ prog arg ...)) @@ -156,27 +154,60 @@ (define (commit-already-pushed? remote commit) "git" "branch" "-r" "--contains" commit (string-append remote "/master"))))) +(define (keep-source-in-store store source) + "Add SOURCE to the store under the name that the 'guix' package expects." + + ;; Add SOURCE to the store, but this time under the real name used in the + ;; 'origin'. This allows us to build the package without having to make a + ;; real checkout; thus, it also works when working on a private branch. + (reload-module + (resolve-module '(gnu packages package-management))) + + (let* ((source (add-to-store store + (origin-file-name (package-source guix)) + #t "sha256" source + #:select? (git-predicate source))) + (root (store-path-package-name source))) + + ;; Add an indirect GC root for SOURCE in the current directory. + (false-if-exception (delete-file root)) + (symlink source root) + (add-indirect-root store + (string-append (getcwd) "/" root)) + + (info (G_ "source code kept in ~a (GC root: ~a)~%") + source root))) + (define (main . args) (match args ((commit version) (with-directory-excursion %top-srcdir (or (getenv "GUIX_ALLOW_ME_TO_USE_PRIVATE_COMMIT") - (commit-already-pushed? (find-origin-remote) commit) + (let ((remote (find-origin-remote))) + (unless remote + (leave (G_ "Failed to find the origin git remote.~%"))) + (commit-already-pushed? remote commit)) (leave (G_ "Commit ~a is not pushed upstream. Aborting.~%") commit)) - (let* ((hash (with-temporary-git-worktree commit - (nix-base32-string->bytevector - (string-trim-both - (with-output-to-string - (lambda () - (guix-hash "-rx" "."))))))) - (location (package-definition-location)) - (old-hash (content-hash-value - (origin-hash (package-source guix))))) - (edit-expression location - (update-definition commit hash - #:old-hash old-hash - #:version version))))) + (call-with-temporary-git-worktree commit + (lambda (tmp-directory) + (let* ((hash (nix-base32-string->bytevector + (string-trim-both + (with-output-to-string + (lambda () + (guix-hash "-rx" tmp-directory)))))) + (location (package-definition-location)) + (old-hash (content-hash-value + (origin-hash (package-source guix))))) + (edit-expression location + (update-definition commit hash + #:old-hash old-hash + #:version version)) + ;; When GUIX_ALLOW_ME_TO_USE_PRIVATE_COMMIT is set, the sources are + ;; added to the store. This is used as part of 'make release'. + (when (getenv "GUIX_ALLOW_ME_TO_USE_PRIVATE_COMMIT") + (with-store store + (keep-source-in-store store tmp-directory)))))))) ((commit) ;; Automatically deduce the version and revision numbers. (main commit #f)))) diff --git a/doc/contributing.texi b/doc/contributing.texi index d3f6325c3f..d8de71055a 100644 --- a/doc/contributing.texi +++ b/doc/contributing.texi @@ -1368,11 +1368,6 @@ commit that others can't refer to, a check is made that the commit used has already been pushed to the Savannah-hosted Guix git repository. This check can be disabled, @emph{at your own peril}, by setting the -@code{GUIX_ALLOW_ME_TO_USE_PRIVATE_COMMIT} environment variable. - -To build the resulting 'guix' package when using a private commit, the -following command can be used: - -@example -./pre-inst-env guix build guix --with-git-url=guix=$PWD -@end example +@code{GUIX_ALLOW_ME_TO_USE_PRIVATE_COMMIT} environment variable. When +this variable is set, the updated package source is also added to the +store. This is used as part of the release process of Guix. From a4cfdab56a09edf24c6a338a4752e7a70d235b35 Mon Sep 17 00:00:00 2001 From: Maxim Cournoyer Date: Thu, 12 Nov 2020 15:16:06 -0500 Subject: [PATCH 02/22] gnu: python-flask-basicauth: Fix build. * gnu/packages/python-web.scm (python-flask-basicauth)[phases]: Add a 'fix-imports phase. --- gnu/packages/python-web.scm | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/gnu/packages/python-web.scm b/gnu/packages/python-web.scm index cf71a64e7c..fccb7603ac 100644 --- a/gnu/packages/python-web.scm +++ b/gnu/packages/python-web.scm @@ -26,7 +26,7 @@ ;;; Copyright © 2018 Tomáš Čech ;;; Copyright © 2018, 2019 Nicolas Goaziou ;;; Copyright © 2018 Mathieu Othacehe -;;; Copyright © 2018 Maxim Cournoyer +;;; Copyright © 2018, 2020 Maxim Cournoyer ;;; Copyright © 2019 Vagrant Cascadian ;;; Copyright © 2019 Brendan Tildesley ;;; Copyright © 2019 Pierre Langlois @@ -2895,6 +2895,17 @@ (define-public python-flask-basicauth (base32 "1zq1spkjr4sjdnalpp8wl242kdqyk6fhbnhr8hi4r4f0km4bspnz")))) (build-system python-build-system) + (arguments + `(#:phases (modify-phases %standard-phases + (add-after 'unpack 'fix-imports + (lambda _ + (substitute* '("docs/index.rst" + "docs/conf.py" + "flask_basicauth.py" + "test_basicauth.py") + (("flask\\.ext\\.basicauth") + "flask_basicauth")) + #t))))) (propagated-inputs `(("python-flask" ,python-flask))) (home-page From c410e9e531b999546f033d35266f8ac488dee7e0 Mon Sep 17 00:00:00 2001 From: Maxim Cournoyer Date: Thu, 12 Nov 2020 15:17:57 -0500 Subject: [PATCH 03/22] gnu: python-flask-basicauth: Fix indentation. * gnu/packages/python-web.scm (python-flask-basicauth): Fix indentation. --- gnu/packages/python-web.scm | 20 +++++++++----------- 1 file changed, 9 insertions(+), 11 deletions(-) diff --git a/gnu/packages/python-web.scm b/gnu/packages/python-web.scm index fccb7603ac..b05de077d2 100644 --- a/gnu/packages/python-web.scm +++ b/gnu/packages/python-web.scm @@ -2888,12 +2888,12 @@ (define-public python-flask-basicauth (name "python-flask-basicauth") (version "0.2.0") (source - (origin - (method url-fetch) - (uri (pypi-uri "Flask-BasicAuth" version)) - (sha256 - (base32 - "1zq1spkjr4sjdnalpp8wl242kdqyk6fhbnhr8hi4r4f0km4bspnz")))) + (origin + (method url-fetch) + (uri (pypi-uri "Flask-BasicAuth" version)) + (sha256 + (base32 + "1zq1spkjr4sjdnalpp8wl242kdqyk6fhbnhr8hi4r4f0km4bspnz")))) (build-system python-build-system) (arguments `(#:phases (modify-phases %standard-phases @@ -2908,12 +2908,10 @@ (define-public python-flask-basicauth #t))))) (propagated-inputs `(("python-flask" ,python-flask))) - (home-page - "https://github.com/jpvanhal/flask-basicauth") - (synopsis - "HTTP basic access authentication for Flask") + (home-page "https://github.com/jpvanhal/flask-basicauth") + (synopsis "HTTP basic access authentication for Flask") (description - "This package provides HTTP basic access authentication for Flask.") + "This package provides HTTP basic access authentication for Flask.") (license license:bsd-3))) (define-public python-flask-htpasswd From a30e7a72fce5b2357a2ccd4fb49980090425579c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= Date: Thu, 12 Nov 2020 23:08:48 +0100 Subject: [PATCH 04/22] maint: Use 'guix' instead of 'guile3.0-guix' for the binary tarball. * Makefile.am (GUIX_FOR_BINARY_TARBALL): Change to 'guix'. --- Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile.am b/Makefile.am index 6faf8c9349..ad301c9fc2 100644 --- a/Makefile.am +++ b/Makefile.am @@ -710,7 +710,7 @@ AM_DISTCHECK_CONFIGURE_FLAGS = \ ac_cv_guix_test_root="$(GUIX_TEST_ROOT)" # Name of the 'guix' package shipped in the binary tarball. -GUIX_FOR_BINARY_TARBALL = guile3.0-guix +GUIX_FOR_BINARY_TARBALL = guix # The self-contained tarball. guix-binary.%.tar.xz: From ae10ec441aa524bf267f9cefd4a319b44d0b8b44 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= Date: Thu, 12 Nov 2020 16:35:24 +0100 Subject: [PATCH 05/22] gnu: glib: Graft patch to detect changes to the installed applications. Fixes . Reported by sirgazil and others. * gnu/packages/patches/glib-appinfo-watch.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/glib.scm (glib)[replacement]: New field. (glib-with-gio-patch): New variable. (glib-with-documentation): Use 'package/inherit'. --- gnu/local.mk | 1 + gnu/packages/glib.scm | 14 ++- gnu/packages/patches/glib-appinfo-watch.patch | 92 +++++++++++++++++++ 3 files changed, 105 insertions(+), 2 deletions(-) create mode 100644 gnu/packages/patches/glib-appinfo-watch.patch diff --git a/gnu/local.mk b/gnu/local.mk index d5a13cbdbd..2301a04d2f 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1050,6 +1050,7 @@ dist_patch_DATA = \ %D%/packages/patches/ghostscript-no-header-id.patch \ %D%/packages/patches/ghostscript-no-header-uuid.patch \ %D%/packages/patches/ghostscript-no-header-creationdate.patch \ + %D%/packages/patches/glib-appinfo-watch.patch \ %D%/packages/patches/glib-tests-timer.patch \ %D%/packages/patches/glibc-CVE-2018-11236.patch \ %D%/packages/patches/glibc-CVE-2018-11237.patch \ diff --git a/gnu/packages/glib.scm b/gnu/packages/glib.scm index 901222476a..43523e516d 100644 --- a/gnu/packages/glib.scm +++ b/gnu/packages/glib.scm @@ -181,6 +181,7 @@ (define glib (package (name "glib") (version "2.62.6") + (replacement glib-with-gio-patch) (source (origin (method url-fetch) (uri (string-append "mirror://gnome/sources/" @@ -387,11 +388,20 @@ (define pattern+procs (home-page "https://developer.gnome.org/glib/") (license license:lgpl2.1+))) +(define glib-with-gio-patch + ;; GLib with a fix for . + ;; TODO: Fold into 'glib' above in the next rebuild cycle. + (package + (inherit glib) + (source (origin + (inherit (package-source glib)) + (patches (cons (search-patch "glib-appinfo-watch.patch") + (origin-patches (package-source glib)))))))) + (define-public glib-with-documentation ;; glib's doc must be built in a separate package since it requires gtk-doc, ;; which in turn depends on glib. - (package - (inherit glib) + (package/inherit glib (properties (alist-delete 'hidden? (package-properties glib))) (outputs (cons "doc" (package-outputs glib))) ; 20 MiB of GTK-Doc reference (native-inputs diff --git a/gnu/packages/patches/glib-appinfo-watch.patch b/gnu/packages/patches/glib-appinfo-watch.patch new file mode 100644 index 0000000000..638a5e0949 --- /dev/null +++ b/gnu/packages/patches/glib-appinfo-watch.patch @@ -0,0 +1,92 @@ +This patch lets GLib's GDesktopAppInfo API watch and notice changes +to the Guix user and system profiles. That way, the list of available +applications shown by the desktop environment is immediately updated +when the user runs "guix install", "guix remove", or "guix system +reconfigure" (see ). + +It does so by monitoring /var/guix/profiles (for changes to the system +profile) and /var/guix/profiles/per-user/USER (for changes to the user +profile) and crawling their share/applications sub-directory when +changes happen. + +diff --git a/gio/gdesktopappinfo.c b/gio/gdesktopappinfo.c +index f1e2fdd..095c110 100644 +--- a/gio/gdesktopappinfo.c ++++ b/gio/gdesktopappinfo.c +@@ -148,6 +148,7 @@ typedef struct + gchar *alternatively_watching; + gboolean is_config; + gboolean is_setup; ++ gchar *guix_profile_watch_dir; + GFileMonitor *monitor; + GHashTable *app_names; + GHashTable *mime_tweaks; +@@ -180,6 +181,7 @@ desktop_file_dir_unref (DesktopFileDir *dir) + { + desktop_file_dir_reset (dir); + g_free (dir->path); ++ g_free (dir->guix_profile_watch_dir); + g_free (dir); + } + } +@@ -204,6 +206,13 @@ desktop_file_dir_get_alternative_dir (DesktopFileDir *dir) + { + gchar *parent; + ++ /* If DIR is a profile, watch the specified directory--e.g., ++ * /var/guix/profiles/per-user/$USER/ for the user profile. Do not watch ++ * ~/.guix-profile or /run/current-system/profile because GFileMonitor does ++ * not pass IN_DONT_FOLLOW and thus cannot notice any change. */ ++ if (dir->guix_profile_watch_dir != NULL) ++ return g_strdup (dir->guix_profile_watch_dir); ++ + /* If the directory itself exists then we need no alternative. */ + if (g_access (dir->path, R_OK | X_OK) == 0) + return NULL; +@@ -249,11 +258,11 @@ desktop_file_dir_changed (GFileMonitor *monitor, + * + * If this is a notification for a parent directory (because the + * desktop directory didn't exist) then we shouldn't fire the signal +- * unless something actually changed. ++ * unless something actually changed or it's in /var/guix/profiles. + */ + g_mutex_lock (&desktop_file_dir_lock); + +- if (dir->alternatively_watching) ++ if (dir->alternatively_watching && dir->guix_profile_watch_dir == NULL) + { + gchar *alternative_dir; + +@@ -1555,6 +1564,32 @@ desktop_file_dirs_lock (void) + for (i = 0; dirs[i]; i++) + g_ptr_array_add (desktop_file_dirs, desktop_file_dir_new (dirs[i])); + ++ { ++ /* Monitor the system and user profile under /var/guix/profiles and ++ * treat modifications to them as if they were modifications to their ++ * /share sub-directory. */ ++ const gchar *user; ++ DesktopFileDir *system_profile_dir, *user_profile_dir; ++ ++ system_profile_dir = ++ desktop_file_dir_new ("/var/guix/profiles/system/profile/share"); ++ system_profile_dir->guix_profile_watch_dir = g_strdup ("/var/guix/profiles"); ++ g_ptr_array_add (desktop_file_dirs, desktop_file_dir_ref (system_profile_dir)); ++ ++ user = g_get_user_name (); ++ if (user != NULL) ++ { ++ gchar *profile_dir, *user_data_dir; ++ ++ profile_dir = g_build_filename ("/var/guix/profiles/per-user", user, NULL); ++ user_data_dir = g_build_filename (profile_dir, "guix-profile", "share", NULL); ++ user_profile_dir = desktop_file_dir_new (user_data_dir); ++ user_profile_dir->guix_profile_watch_dir = profile_dir; ++ g_ptr_array_add (desktop_file_dirs, desktop_file_dir_ref (user_profile_dir)); ++ g_free (user_data_dir); ++ } ++ } ++ + /* The list of directories will never change after this, unless + * g_get_user_config_dir() changes due to %G_TEST_OPTION_ISOLATE_DIRS. */ + desktop_file_dirs_config_dir = user_config_dir; From 1e272d42f6217b70c9801b93e46b144e9ab27664 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= Date: Fri, 13 Nov 2020 09:08:02 +0100 Subject: [PATCH 06/22] Update NEWS. --- NEWS | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/NEWS b/NEWS index ab1838398c..62b599c9c9 100644 --- a/NEWS +++ b/NEWS @@ -60,6 +60,8 @@ Please send Guix bug reports to bug-guix@gnu.org. *** ‘swap-devices’ field of ‘operating-system’ can contains UUIDs and labels *** Graphical installer uses UUIDs for unencrypted swap partitions *** Graphical installer now supports NTFS file systems +*** File systems UUIDs and labels now recognized for F2FS and NTFS +*** Root file system can now be on NFS *** New services autossh, ganeti, gmnisrv, guix-build-coordinator, @@ -96,6 +98,8 @@ simulated-wifi, udev-rules, unattended-upgrade, webssh, zram () *** ‘guix system reconfigure’ now starts services not currently running () +*** Desktop environments now detect newly installed applications + () *** Offloading and copying small items is now much faster () *** GCC switched back to C_INCLUDE_PATH & co. from CPATH From 3ba6ffd0dd092ae879d014e4971989f231eaa56d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= Date: Fri, 13 Nov 2020 14:40:28 +0100 Subject: [PATCH 07/22] gnu: guix: Update to 1.2.0rc1. --- gnu/packages/package-management.scm | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/gnu/packages/package-management.scm b/gnu/packages/package-management.scm index 93bc4d7ee6..48b75fc96b 100644 --- a/gnu/packages/package-management.scm +++ b/gnu/packages/package-management.scm @@ -130,9 +130,9 @@ (define-public guix ;; Latest version of Guix, which may or may not correspond to a release. ;; Note: the 'update-guix-package.scm' script expects this definition to ;; start precisely like this. - (let ((version "1.1.0") - (commit "5e7cf66fb35780f930ad0bc5fe21ac330df4411d") - (revision 32)) + (let ((version "1.2.0rc1") + (commit "1e272d42f6217b70c9801b93e46b144e9ab27664") + (revision 0)) (package (name "guix") @@ -148,7 +148,7 @@ (define-public guix (commit commit))) (sha256 (base32 - "15clfjp845gvl0p6qw0b1gdibqfq20zwzr6dbxvq8l9fgzj1kb6b")) + "05g5l7bm2fpzwp1rbffv4pc0snjxl8b5z9fzjb1vyh775gqwj0ph")) (file-name (string-append "guix-" version "-checkout")))) (build-system gnu-build-system) (arguments From 4b2ce77ca0f71f23ec68da1f3a1f5b643a26ca98 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= Date: Fri, 13 Nov 2020 15:01:25 +0100 Subject: [PATCH 08/22] gnu: guix: Update to 3ba6ffd. --- gnu/packages/package-management.scm | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/gnu/packages/package-management.scm b/gnu/packages/package-management.scm index 48b75fc96b..86e3f2bf00 100644 --- a/gnu/packages/package-management.scm +++ b/gnu/packages/package-management.scm @@ -131,8 +131,8 @@ (define-public guix ;; Note: the 'update-guix-package.scm' script expects this definition to ;; start precisely like this. (let ((version "1.2.0rc1") - (commit "1e272d42f6217b70c9801b93e46b144e9ab27664") - (revision 0)) + (commit "3ba6ffd0dd092ae879d014e4971989f231eaa56d") + (revision 1)) (package (name "guix") @@ -148,7 +148,7 @@ (define-public guix (commit commit))) (sha256 (base32 - "05g5l7bm2fpzwp1rbffv4pc0snjxl8b5z9fzjb1vyh775gqwj0ph")) + "1wa67gdipmzqr400hp0cw5ih0rlfvj345h65rqbk9s4g3bkg38hm")) (file-name (string-append "guix-" version "-checkout")))) (build-system gnu-build-system) (arguments From 4e01bc440a4f20bf1597db2ed852e541da45efce Mon Sep 17 00:00:00 2001 From: Maxim Cournoyer Date: Fri, 13 Nov 2020 09:39:36 -0500 Subject: [PATCH 09/22] gnu: python-pysam: Update to version 0.16.0.1. The check phase was failing with: starting phase `check' make: Entering directory '...drv-0/python-pysam-0.15.1-checkout/tests/pysam_data' samtools faidx ex1.fa samtools import ex1.fa.fai ex1.sam.gz ex1.bam [main] "samtools import" has been removed. Please use "samtools view" instead. make: *** [Makefile:56: ex1.bam] Error 1 * gnu/packages/bioinformatics.scm (python-pysam): Update to version 0.16.0.1. [phases]{check}: Delete a couple more failing test files. [native-inputs]: Add python-pytest. --- gnu/packages/bioinformatics.scm | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/gnu/packages/bioinformatics.scm b/gnu/packages/bioinformatics.scm index 4c49b00252..f63ae5f324 100644 --- a/gnu/packages/bioinformatics.scm +++ b/gnu/packages/bioinformatics.scm @@ -12,7 +12,7 @@ ;;; Copyright © 2018 Joshua Sierles, Nextjournal ;;; Copyright © 2018 Gábor Boskovits ;;; Copyright © 2018, 2019, 2020 Mădălin Ionel Patrașcu -;;; Copyright © 2019 Maxim Cournoyer +;;; Copyright © 2019, 2020 Maxim Cournoyer ;;; Copyright © 2019 Brian Leung ;;; Copyright © 2019 Brett Gilio ;;; Copyright © 2020 Björn Höfling @@ -1894,7 +1894,7 @@ (define-public python2-bx-python (define-public python-pysam (package (name "python-pysam") - (version "0.15.1") + (version "0.16.0.1") (source (origin (method git-fetch) ;; Test data is missing on PyPi. @@ -1904,7 +1904,7 @@ (define-public python-pysam (file-name (git-file-name name version)) (sha256 (base32 - "1vj367w6xbn9bpmksm162l1aipf7cj97h1q83y7jcpm33ihwpf7x")) + "168bwwm8c2k22m7paip8q0yajyl7xdxgnik0bgjl7rhqg0majz0f")) (modules '((guix build utils))) (snippet '(begin ;; Drop bundled htslib. TODO: Also remove samtools @@ -1934,8 +1934,13 @@ (define-public python-pysam ;; This file contains tests that require a connection to the ;; internet. (delete-file "tests/tabix_test.py") - ;; FIXME: This test fails + ;; These tests fail (see: + ;; https://github.com/pysam-developers/pysam/issues/939). + (delete-file "tests/compile_test.py") (delete-file "tests/AlignmentFile_test.py") + (delete-file "tests/AlignmentFileHeader_test.py") + (delete-file "tests/StreamFiledescriptors_test.py") + (delete-file "tests/VariantRecord_test.py") ;; Add first subdirectory of "build" directory to PYTHONPATH. (setenv "PYTHONPATH" (string-append @@ -1965,7 +1970,8 @@ (define-public python-pysam ;; Dependencies below are are for tests only. ("samtools" ,samtools) ("bcftools" ,bcftools) - ("python-nose" ,python-nose))) + ("python-nose" ,python-nose) + ("python-pytest" ,python-pytest))) (home-page "https://github.com/pysam-developers/pysam") (synopsis "Python bindings to the SAMtools C API") (description From e783cd51ba9c5e347bc9f778beafaf3cc2e1e6c5 Mon Sep 17 00:00:00 2001 From: John Soo Date: Thu, 12 Nov 2020 21:47:36 -0800 Subject: [PATCH 10/22] pack: Expose some bindings for third-party use. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * guix/scripts/pack.scm (compressor-name, compressor-extension, compressor-command, %compressors, %formats): Export. Signed-off-by: Ludovic Courtès --- guix/scripts/pack.scm | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/guix/scripts/pack.scm b/guix/scripts/pack.scm index 06509ace2d..0b29997200 100644 --- a/guix/scripts/pack.scm +++ b/guix/scripts/pack.scm @@ -59,11 +59,16 @@ (define-module (guix scripts pack) #:use-module (srfi srfi-37) #:use-module (ice-9 match) #:export (compressor? + compressor-name + compressor-extenstion + compressor-command + %compressors lookup-compressor self-contained-tarball docker-image squashfs-image + %formats guix-pack)) ;; Type of a compression tool. From 0cdc13ce43fac7987adcd4af3c9660544eb94e86 Mon Sep 17 00:00:00 2001 From: John Soo Date: Thu, 12 Nov 2020 21:54:45 -0800 Subject: [PATCH 11/22] guix build: Expose log-url for third parties. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * guix/scripts/build.scm (log-url): Expose it. Signed-off-by: Ludovic Courtès --- guix/scripts/build.scm | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/guix/scripts/build.scm b/guix/scripts/build.scm index e9de97c881..cc020632af 100644 --- a/guix/scripts/build.scm +++ b/guix/scripts/build.scm @@ -51,7 +51,9 @@ (define-module (guix scripts build) #:use-module ((guix progress) #:select (current-terminal-columns)) #:use-module ((guix build syscalls) #:select (terminal-columns)) #:use-module (guix transformations) - #:export (%standard-build-options + #:export (log-url + + %standard-build-options set-build-options-from-command-line set-build-options-from-command-line* show-build-options-help From 627e61f1a8e08fcc2290df12309a6e0712a6c7f4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= Date: Fri, 13 Nov 2020 21:31:03 +0100 Subject: [PATCH 12/22] maint: Add '.guix-authorizations' to the distribution. Reported by Vagrant Cascadian. * Makefile.am (EXTRA_DIST): Add .guix-authorizations. --- Makefile.am | 1 + 1 file changed, 1 insertion(+) diff --git a/Makefile.am b/Makefile.am index ad301c9fc2..9ef05ad27d 100644 --- a/Makefile.am +++ b/Makefile.am @@ -570,6 +570,7 @@ EXTRA_DIST += \ TODO \ CODE-OF-CONDUCT \ .dir-locals.el \ + .guix-authorizations \ .guix-channel \ scripts/guix.in \ etc/guix-install.sh \ From c6e8f40f2ce6082171c18b4aad9877b0ad022563 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= Date: Fri, 13 Nov 2020 22:48:34 +0100 Subject: [PATCH 13/22] maint: Rebuild '.version' when 'config.status' changes. * Makefile.am ($(top_srcdir)/.version): Depend on 'config.status'. Use $(AM_V_GEN). --- Makefile.am | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Makefile.am b/Makefile.am index 9ef05ad27d..5b84d74f08 100644 --- a/Makefile.am +++ b/Makefile.am @@ -731,8 +731,8 @@ distcheck-hook: assert-binaries-available assert-final-inputs-self-contained EXTRA_DIST += $(top_srcdir)/.version BUILT_SOURCES += $(top_srcdir)/.version -$(top_srcdir)/.version: - echo $(VERSION) > "$@-t" && mv "$@-t" "$@" +$(top_srcdir)/.version: config.status + $(AM_V_GEN)echo $(VERSION) > "$@-t" && mv "$@-t" "$@" gen-tarball-version: echo $(VERSION) > "$(distdir)/.tarball-version" From 62343288ef6dc56027d268ef773ae699a4bbb76d Mon Sep 17 00:00:00 2001 From: Daniel Brooks Date: Mon, 9 Nov 2020 07:03:42 -0800 Subject: [PATCH 14/22] etc: Updates for the guix-daemon SELinux policy. * etc/guix-daemon.cil.in (guix_daemon): Specify more permissions for guix-daemon to account for daemon updates and newer SELinux. I can't promise that this is a complete list of everything that guix-daemon needs, but it's probably most of them. It can search for, install, upgrade, and remove packages, create virtual machines and containers, update itself, and so on. Signed-off-by: Marius Bakke --- etc/guix-daemon.cil.in | 180 ++++++++++++++++++++++++++++++++++++----- 1 file changed, 162 insertions(+), 18 deletions(-) diff --git a/etc/guix-daemon.cil.in b/etc/guix-daemon.cil.in index e0c9113498..91958b7617 100644 --- a/etc/guix-daemon.cil.in +++ b/etc/guix-daemon.cil.in @@ -1,6 +1,8 @@ ; -*- lisp -*- ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2018 Ricardo Wurmus +;;; Copyright © 2020 Daniel Brooks +;;; Copyright © 2020 Marius Bakke ;;; ;;; This file is part of GNU Guix. ;;; @@ -21,6 +23,18 @@ ;; Intermediate Language (CIL). It refers to types that must be defined in ;; the system's base policy. +;; If you, like me, need advice about fixing an SELinux policy, I recommend +;; reading https://danwalsh.livejournal.com/55324.html + +;; In particular, you can run semanage permissive -a guix_daemon.guix_daemon_t +;; to allow guix-daemon to do whatever it wants. SELinux will still check its +;; permissions, and when it doesn't have permission it will still send an +;; audit message to your system logs. This lets you know what permissions it +;; ought to have. Use ausearch --raw to find the permissions violations, then +;; pipe that to audit2allow to generate an updated policy. You'll still need +;; to translate that policy into CIL in order to update this file, but that's +;; fairly straight-forward. Annoying, but easy. + (block guix_daemon ;; Require existing types (typeattributeset cil_gen_require init_t) @@ -34,14 +48,19 @@ (roletype object_r guix_daemon_t) (type guix_daemon_conf_t) (roletype object_r guix_daemon_conf_t) + (typeattributeset file_type guix_daemon_conf_t) (type guix_daemon_exec_t) (roletype object_r guix_daemon_exec_t) + (typeattributeset file_type guix_daemon_exec_t) (type guix_daemon_socket_t) (roletype object_r guix_daemon_socket_t) + (typeattributeset file_type guix_daemon_socket_t) (type guix_store_content_t) (roletype object_r guix_store_content_t) + (typeattributeset file_type guix_store_content_t) (type guix_profiles_t) (roletype object_r guix_profiles_t) + (typeattributeset file_type guix_profiles_t) ;; These types are domains, thereby allowing process rules (typeattributeset domain (guix_daemon_t guix_daemon_exec_t)) @@ -55,6 +74,30 @@ (typetransition guix_store_content_t guix_daemon_exec_t process guix_daemon_t) + (roletype system_r guix_daemon_t) + + ;; allow init_t to read and execute guix files + (allow init_t + guix_profiles_t + (lnk_file (read))) + (allow init_t + guix_daemon_exec_t + (file (execute))) + (allow init_t + guix_daemon_t + (process (transition))) + (allow init_t + guix_store_content_t + (lnk_file (read))) + (allow init_t + guix_store_content_t + (file (open read execute))) + + ;; guix-daemon needs to know the names of users + (allow guix_daemon_t + passwd_file_t + (file (getattr open read))) + ;; Permit communication with NSCD (allow guix_daemon_t nscd_var_run_t @@ -71,25 +114,44 @@ (allow guix_daemon_t nscd_t (unix_stream_socket (connectto))) + (allow guix_daemon_t nscd_t + (nscd (getgrp gethost getpwd getserv shmemgrp shmemhost shmempwd shmemserv))) + + ;; permit downloading packages via HTTP(s) + (allow guix_daemon_t http_port_t + (tcp_socket (name_connect))) + (allow guix_daemon_t ftp_port_t + (tcp_socket (name_connect))) + (allow guix_daemon_t ephemeral_port_t + (tcp_socket (name_connect))) ;; Permit logging and temp file access (allow guix_daemon_t tmp_t - (lnk_file (setattr unlink))) + (lnk_file (create rename setattr unlink))) (allow guix_daemon_t tmp_t - (dir (create - rmdir + (file (link rename create execute execute_no_trans write unlink setattr map relabelto))) + (allow guix_daemon_t + tmp_t + (fifo_file (open read write create getattr ioctl setattr unlink))) + (allow guix_daemon_t + tmp_t + (dir (create rename + rmdir relabelto add_name remove_name open read write getattr setattr search))) + (allow guix_daemon_t + tmp_t + (sock_file (create getattr setattr unlink write))) (allow guix_daemon_t var_log_t (file (create getattr open write))) (allow guix_daemon_t var_log_t - (dir (getattr write add_name))) + (dir (getattr create write add_name))) (allow guix_daemon_t var_run_t (lnk_file (read))) @@ -100,10 +162,10 @@ ;; Spawning processes, execute helpers (allow guix_daemon_t self - (process (fork))) + (process (fork execmem setrlimit setpgid setsched))) (allow guix_daemon_t guix_daemon_exec_t - (file (execute execute_no_trans read open))) + (file (execute execute_no_trans read open entrypoint map))) ;; TODO: unknown (allow guix_daemon_t @@ -119,38 +181,51 @@ ;; Build isolation (allow guix_daemon_t guix_store_content_t - (file (mounton))) + (file (ioctl mounton))) (allow guix_store_content_t fs_t (filesystem (associate))) (allow guix_daemon_t guix_store_content_t - (dir (mounton))) + (dir (read mounton))) (allow guix_daemon_t guix_daemon_t (capability (net_admin fsetid fowner chown setuid setgid dac_override dac_read_search - sys_chroot))) + sys_chroot + sys_admin))) (allow guix_daemon_t fs_t (filesystem (unmount))) + (allow guix_daemon_t + devpts_t + (dir (search))) (allow guix_daemon_t devpts_t (filesystem (mount))) (allow guix_daemon_t devpts_t - (chr_file (setattr getattr))) + (chr_file (ioctl open read write setattr getattr))) (allow guix_daemon_t tmpfs_t - (filesystem (mount))) + (filesystem (getattr mount))) (allow guix_daemon_t tmpfs_t - (dir (getattr))) + (file (create open read unlink write))) + (allow guix_daemon_t + tmpfs_t + (dir (getattr add_name remove_name write))) (allow guix_daemon_t proc_t - (filesystem (mount))) + (file (getattr open read))) + (allow guix_daemon_t + proc_t + (dir (read))) + (allow guix_daemon_t + proc_t + (filesystem (associate mount))) (allow guix_daemon_t null_device_t (chr_file (getattr open read write))) @@ -179,7 +254,7 @@ search rename add_name remove_name open write - rmdir))) + rmdir relabelfrom))) (allow guix_daemon_t guix_store_content_t (file (create @@ -189,7 +264,7 @@ link unlink map rename - open read write))) + open read write relabelfrom))) (allow guix_daemon_t guix_store_content_t (lnk_file (create @@ -197,17 +272,23 @@ link unlink read rename))) + (allow guix_daemon_t + guix_store_content_t + (fifo_file (create getattr open read unlink write))) + (allow guix_daemon_t + guix_store_content_t + (sock_file (create getattr unlink write))) ;; Access to configuration files and directories (allow guix_daemon_t guix_daemon_conf_t - (dir (search + (dir (search create setattr getattr add_name remove_name open read write))) (allow guix_daemon_t guix_daemon_conf_t - (file (create + (file (create rename lock map getattr setattr @@ -216,11 +297,17 @@ (allow guix_daemon_t guix_daemon_conf_t (lnk_file (create getattr rename unlink))) + (allow guix_daemon_t net_conf_t + (file (getattr open read))) + (allow guix_daemon_t net_conf_t + (lnk_file (read))) + (allow guix_daemon_t NetworkManager_var_run_t + (dir (search))) ;; Access to profiles (allow guix_daemon_t guix_profiles_t - (dir (getattr setattr read open))) + (dir (search getattr setattr read write open create add_name))) (allow guix_daemon_t guix_profiles_t (lnk_file (read getattr))) @@ -233,8 +320,22 @@ (allow guix_daemon_t user_home_t (dir (search))) + (allow guix_daemon_t + cache_home_t + (dir (search))) + + ;; self upgrades + (allow guix_daemon_t + self + (dir (add_name write))) + (allow guix_daemon_t + self + (netlink_route_socket (bind create getattr nlmsg_read read write))) ;; Socket operations + (allow guix_daemon_t + guix_daemon_socket_t + (sock_file (unlink))) (allow guix_daemon_t init_t (fd (use))) @@ -253,12 +354,53 @@ read write connect bind accept getopt setopt))) + (allow guix_daemon_t + self + (tcp_socket (accept listen bind connect create setopt getopt getattr ioctl read write shutdown))) + (allow guix_daemon_t + unreserved_port_t + (tcp_socket (name_bind name_connect accept listen))) + (allow guix_daemon_t + self + (udp_socket (connect getattr bind getopt setopt))) (allow guix_daemon_t self (fifo_file (write read))) (allow guix_daemon_t self (udp_socket (ioctl create))) + (allow guix_daemon_t + self + (unix_stream_socket (connectto))) + + (allow guix_daemon_t + node_t + (tcp_socket (node_bind))) + (allow guix_daemon_t + node_t + (udp_socket (node_bind))) + (allow guix_daemon_t + port_t + (tcp_socket (name_connect))) + (allow guix_daemon_t + rtp_media_port_t + (udp_socket (name_bind))) + (allow guix_daemon_t + vnc_port_t + (tcp_socket (name_bind))) + + ;; I guess sometimes it needs random numbers + (allow guix_daemon_t + random_device_t + (chr_file (read))) + + ;; guix system vm + (allow guix_daemon_t + kvm_device_t + (chr_file (ioctl open read write))) + (allow guix_daemon_t + kernel_t + (system (ipc_info))) ;; Label file system (filecon "@guix_sysconfdir@/guix(/.*)?" @@ -277,5 +419,7 @@ file (system_u object_r guix_daemon_exec_t (low low))) (filecon "@storedir@/.+-(guix-.+|profile)/bin/guix-daemon" file (system_u object_r guix_daemon_exec_t (low low))) + (filecon "@storedir@/[a-z0-9]+-guix-daemon" + file (system_u object_r guix_daemon_exec_t (low low))) (filecon "@guix_localstatedir@/guix/daemon-socket/socket" any (system_u object_r guix_daemon_socket_t (low low)))) From 630602831dd93e7bc9a8e64fba958300e8cb0474 Mon Sep 17 00:00:00 2001 From: Maxim Cournoyer Date: Tue, 10 Nov 2020 16:59:13 -0500 Subject: [PATCH 15/22] publish: Harmonize buffer size values and configuration. This change harmonizes the way we configure the buffer sizes and the socket options, so that we don't forget to change it at one place like it happened in commit 5e3d169945935b53325e6b738a307ba286751259. * guix/scripts/publish.scm (%default-buffer-size) (%default-socket-options): New variables. * guix/scripts/publish.scm (configure-socket): New procedure. (compress-nar): Use %default-buffer-size for the buffer size, increased from 128 to 208 KiB. (nar-response-port): Likewise, increased from 64 to 208 KiB. (http-write): Use configure-socket to set socket options. (open-server-socket): Likewise. --- guix/scripts/publish.scm | 28 ++++++++++++++++++++++------ 1 file changed, 22 insertions(+), 6 deletions(-) diff --git a/guix/scripts/publish.scm b/guix/scripts/publish.scm index a976a9ac60..f1a9970a7f 100644 --- a/guix/scripts/publish.scm +++ b/guix/scripts/publish.scm @@ -2,6 +2,7 @@ ;;; Copyright © 2015 David Thompson ;;; Copyright © 2020 by Amar M. Singh ;;; Copyright © 2015, 2016, 2017, 2018, 2019, 2020 Ludovic Courtès +;;; Copyright © 2020 Maxim Cournoyer ;;; ;;; This file is part of GNU Guix. ;;; @@ -250,6 +251,21 @@ (define %nix-cache-info ("WantMassQuery" . 0) ("Priority" . 100))) +;;; A common buffer size value used for the TCP socket SO_SNDBUF option and +;;; the gzip compressor buffer size. +(define %default-buffer-size + (* 208 1024)) + +(define %default-socket-options + ;; List of options passed to 'setsockopt' when transmitting files. + (list (list SO_SNDBUF %default-buffer-size))) + +(define* (configure-socket socket #:key (level SOL_SOCKET) + (options %default-socket-options)) + "Apply multiple option tuples in OPTIONS to SOCKET, using LEVEL." + (for-each (cut apply setsockopt socket level <>) + options)) + (define (signed-string s) "Sign the hash of the string S with the daemon's key. Return a canonical sexp for the signature." @@ -569,7 +585,7 @@ (define nar (lambda (port) (write-file item port)) #:level (compression-level compression) - #:buffer-size (* 128 1024)) + #:buffer-size %default-buffer-size) (rename-file (string-append nar ".tmp") nar)) ('lzip ;; Note: the file port gets closed along with the lzip port. @@ -866,7 +882,7 @@ (define (nar-response-port response compression) ;; 'make-gzip-output-port' wants a file port. (make-gzip-output-port (response-port response) #:level level - #:buffer-size (* 64 1024))) + #:buffer-size %default-buffer-size)) (($ 'lzip level) (make-lzip-output-port (response-port response) #:level level)) @@ -891,8 +907,7 @@ (define (http-write server client response body) client)) (port (begin (force-output client) - (setsockopt client SOL_SOCKET - SO_SNDBUF (* 128 1024)) + (configure-socket client) (nar-response-port response compression)))) ;; XXX: Given our ugly workaround for in ;; 'render-nar', BODY here is just the file name of the store item. @@ -922,7 +937,7 @@ (define (http-write server client response body) size) client)) (output (response-port response))) - (setsockopt client SOL_SOCKET SO_SNDBUF (* 128 1024)) + (configure-socket client) (if (file-port? output) (sendfile output input size) (dump-port input output)) @@ -1067,7 +1082,8 @@ (define* (run-publish-server socket store (define (open-server-socket address) "Return a TCP socket bound to ADDRESS, a socket address." (let ((sock (socket (sockaddr:fam address) SOCK_STREAM 0))) - (setsockopt sock SOL_SOCKET SO_REUSEADDR 1) + (configure-socket sock #:options (cons (list SO_REUSEADDR 1) + %default-socket-options)) (bind sock address) sock)) From 977eb5d023cfdf8e336f1896480eea9cef5c04e9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= Date: Mon, 16 Nov 2020 11:03:19 +0100 Subject: [PATCH 16/22] Properly deal with build directories containing '~'. Fixes . Reported by Vagrant Cascadian . * tests/build-utils.scm ("wrap-script, simple case"): Pass SCRIPT-CONTENTS to 'display' rather than 'format'. * gnu/services/base.scm (file-system->shepherd-service-name) [valid-characters, mount-point]: New variables. Filter out invalid store file name characters from the mount point of FILE-SYSTEM. --- gnu/services/base.scm | 15 +++++++++++++-- tests/build-utils.scm | 4 ++-- 2 files changed, 15 insertions(+), 4 deletions(-) diff --git a/gnu/services/base.scm b/gnu/services/base.scm index 499e50bfd7..712b3a018f 100644 --- a/gnu/services/base.scm +++ b/gnu/services/base.scm @@ -285,8 +285,19 @@ (define (root-file-system-service) (define (file-system->shepherd-service-name file-system) "Return the symbol that denotes the service mounting and unmounting FILE-SYSTEM." - (symbol-append 'file-system- - (string->symbol (file-system-mount-point file-system)))) + (define valid-characters + ;; Valid store characters; see 'checkStoreName' in the daemon. + (string->char-set + "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz+-._?=")) + + (define mount-point + (string-map (lambda (chr) + (if (char-set-contains? valid-characters chr) + chr + #\-)) + (file-system-mount-point file-system))) + + (symbol-append 'file-system- (string->symbol mount-point))) (define (mapped-device->shepherd-service-name md) "Return the symbol that denotes the shepherd service of MD, a ." diff --git a/tests/build-utils.scm b/tests/build-utils.scm index 47a57a984b..654b480ed9 100644 --- a/tests/build-utils.scm +++ b/tests/build-utils.scm @@ -1,5 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2012, 2015, 2016, 2019 Ludovic Courtès +;;; Copyright © 2012, 2015, 2016, 2019, 2020 Ludovic Courtès ;;; Copyright © 2019 Ricardo Wurmus ;;; ;;; This file is part of GNU Guix. @@ -174,7 +174,7 @@ (define-module (test-build-utils) (let ((script-file-name (string-append directory "/foo"))) (call-with-output-file script-file-name (lambda (port) - (format port script-contents))) + (display script-contents port))) (chmod script-file-name #o777) (wrap-script script-file-name `("GUIX_FOO" prefix ("/some/path" From 98750a9d9967b84a077735a2e4e6d5526256a5fd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= Date: Mon, 16 Nov 2020 11:40:53 +0100 Subject: [PATCH 17/22] self: Limit the number of threads used when translating manuals. * guix/self.scm (translate-texi-manuals)[build](parallel-jobs): New variable. Use it as first argument to 'n-par-for-each'. --- guix/self.scm | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/guix/self.scm b/guix/self.scm index bbfd2f1b95..026dcd9c1a 100644 --- a/guix/self.scm +++ b/guix/self.scm @@ -400,6 +400,12 @@ (define (available-translations directory domain) (find-files directory "\\.[a-z]{2}(_[A-Z]{2})?\\.po$"))) + (define parallel-jobs + ;; Limit thread creation by 'n-par-for-each'. Going beyond can + ;; lead libgc 8.0.4 to abort with: + ;; mmap(PROT_NONE) failed + (min (parallel-job-count) 4)) + (mkdir #$output) (copy-recursively #$documentation "." #:log (%make-void-port "w")) @@ -415,14 +421,14 @@ (define (available-translations directory domain) (setenv "LC_ALL" "en_US.UTF-8") (setlocale LC_ALL "en_US.UTF-8") - (n-par-for-each (parallel-job-count) + (n-par-for-each parallel-jobs (match-lambda ((language . po) (translate-texi "guix" po language #:extras '("contributing")))) (available-translations "." "guix-manual")) - (n-par-for-each (parallel-job-count) + (n-par-for-each parallel-jobs (match-lambda ((language . po) (translate-texi "guix-cookbook" po language))) From 29ed17d6345d30b0646f0a9b63ab201e0e6871ec Mon Sep 17 00:00:00 2001 From: Florian Pelz Date: Sat, 14 Nov 2020 23:36:52 +0100 Subject: [PATCH 18/22] pull: Do not suggest running `guix pull --news' on the first run. * guix/scripts/pull.scm (display-channel-news-headlines): If there are no news to display, return false instead of . --- guix/scripts/pull.scm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/guix/scripts/pull.scm b/guix/scripts/pull.scm index bb1b560a22..7fd8b3f1a4 100644 --- a/guix/scripts/pull.scm +++ b/guix/scripts/pull.scm @@ -385,7 +385,7 @@ (define previous (and=> (relative-generation profile -1) (cut generation-file-name profile <>))) - (when previous + (and previous (let ((old-channels (profile-channels previous)) (new-channels (profile-channels profile))) ;; Find the channels present in both PROFILE and PREVIOUS, and print From d4031410375834349bc0d56630be86b076a1d704 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= Date: Mon, 16 Nov 2020 15:23:40 +0100 Subject: [PATCH 19/22] maint: Install 'guix-daemon.cil' SELinux file. Fixes . Reported by Daniel Brooks . This is a followup to 6799e6e5780683cc20f250192fb84cbec135073b, which rightfully removed the '.cil' file from the distribution, but wrongfully installed the '.cil.in' file instead of the '.cil' file. * Makefile.am (nodist_selinux_policy_DATA): Remove ".in". --- Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile.am b/Makefile.am index 5b84d74f08..d63f2ae4b7 100644 --- a/Makefile.am +++ b/Makefile.am @@ -562,7 +562,7 @@ dist_zshcompletion_DATA = etc/completion/zsh/_guix dist_fishcompletion_DATA = etc/completion/fish/guix.fish # SELinux policy -nodist_selinux_policy_DATA = etc/guix-daemon.cil.in +nodist_selinux_policy_DATA = etc/guix-daemon.cil EXTRA_DIST += \ HACKING \ From 6cad3f6966e056c4d8a32cb85446040f56929c50 Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Mon, 16 Nov 2020 18:26:55 +0100 Subject: [PATCH 20/22] services: mingetty: Export configuration accessors. * gnu/services/base: Export configuration accessors for mingetty. --- gnu/services/base.scm | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/gnu/services/base.scm b/gnu/services/base.scm index 712b3a018f..55d8c91cb5 100644 --- a/gnu/services/base.scm +++ b/gnu/services/base.scm @@ -106,6 +106,12 @@ (define-module (gnu services base) agetty-service-type mingetty-configuration + mingetty-configuration-tty + mingetty-configuration-auto-login + mingetty-configuration-login-program + mingetty-configuration-login-pause? + mingetty-configuration-clear-on-logout? + mingetty-configuration-mingetty mingetty-configuration? mingetty-service mingetty-service-type From 37c21b130c0072f23bb735ca6903d8711416d5d9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= Date: Mon, 16 Nov 2020 23:05:49 +0100 Subject: [PATCH 21/22] gnu: guix: Use libexec/guix/guile in the 'guix' shebang. This is a followup to 880fe019ae64df37815bbdb1a22305f99dae759d. * gnu/packages/package-management.scm (guix)[arguments]: Delete 'patch-shebangs' phase. --- gnu/packages/package-management.scm | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/gnu/packages/package-management.scm b/gnu/packages/package-management.scm index 86e3f2bf00..512f1950a3 100644 --- a/gnu/packages/package-management.scm +++ b/gnu/packages/package-management.scm @@ -336,7 +336,13 @@ (define code (let ((bash (assoc-ref inputs "bash"))) (substitute* (string-append out "/bin/guix") (("^#!.*/bash") (string-append "#! " bash "/bin/bash"))))) - #t)))))) + #t))) + + ;; The 'guix' executable has 'OUT/libexec/guix/guile' has + ;; its shebang; that should remain unchanged, thus remove + ;; the 'patch-shebangs' phase, which would otherwise + ;; change it to 'GUILE/bin/guile'. + (delete 'patch-shebangs)))) (native-inputs `(("pkg-config" ,pkg-config) ;; Guile libraries are needed here for From 9113de2ca2db195908e3262b3752f8392ada8630 Mon Sep 17 00:00:00 2001 From: Mathieu Othacehe Date: Tue, 17 Nov 2020 09:50:01 +0100 Subject: [PATCH 22/22] installer: Fix device synchronization. Reported by Florian Pelz: https://lists.gnu.org/archive/html/guix-devel/2020-11/msg00326.html. * gnu/installer/utils.scm (call-with-time): New procedure, (let/time): new macro. * gnu/installer/parted.scm (with-delay-device-in-use?): Increase the retry count to 16. (non-install-devices): Remove the call to with-delay-device-in-use? as it doesn't return the expected result, and would block much longer now. (free-parted): Log the time required to sync each device. --- gnu/installer/parted.scm | 27 ++++++++++++++------------- gnu/installer/utils.scm | 14 ++++++++++++++ 2 files changed, 28 insertions(+), 13 deletions(-) diff --git a/gnu/installer/parted.scm b/gnu/installer/parted.scm index f592d315f5..9ef263d1f9 100644 --- a/gnu/installer/parted.scm +++ b/gnu/installer/parted.scm @@ -41,6 +41,7 @@ (define-module (gnu installer parted) #:use-module (ice-9 regex) #:use-module (rnrs io ports) #:use-module (srfi srfi-1) + #:use-module (srfi srfi-19) #:use-module (srfi srfi-26) #:use-module (srfi srfi-34) #:use-module (srfi srfi-35) @@ -318,7 +319,7 @@ (define (with-delay-device-in-use? file-name) fail. See rereadpt function in wipefs.c of util-linux for an explanation." ;; Kernel always return EINVAL for BLKRRPART on loopdevices. (and (not (string-match "/dev/loop*" file-name)) - (let loop ((try 4)) + (let loop ((try 16)) (usleep 250000) (let ((in-use? (device-in-use? file-name))) (if (and in-use? (> try 0)) @@ -339,15 +340,12 @@ (define (remove-logical-devices) (define (non-install-devices) "Return all the available devices, except the busy one, allegedly the install device. DEVICE-IS-BUSY? is a parted call, checking if the device is -mounted. The install image uses an overlayfs so the install device does not -appear as mounted and won't be considered as busy. So use also DEVICE-IN-USE? -from (guix build syscalls) module, who will try to re-read the device's -partition table to determine whether or not it is already used (like sfdisk -from util-linux)." +mounted." + ;; FIXME: The install image uses an overlayfs so the install device does not + ;; appear as mounted and won't be considered as busy. (remove (lambda (device) (let ((file-name (device-path device))) - (or (device-is-busy? device) - (with-delay-device-in-use? file-name)))) + (device-is-busy? device))) (devices))) @@ -1390,9 +1388,12 @@ (define (free-parted devices) (let ((device-file-names (map device-path devices))) (for-each force-device-sync devices) (for-each (lambda (file-name) - (let ((in-use? (with-delay-device-in-use? file-name))) - (and in-use? - (error - (format #f (G_ "Device ~a is still in use.") - file-name))))) + (let/time ((time in-use? + (with-delay-device-in-use? file-name))) + (if in-use? + (error + (format #f (G_ "Device ~a is still in use.") + file-name)) + (syslog "Syncing ~a took ~a seconds.~%" + file-name (time-second time))))) device-file-names))) diff --git a/gnu/installer/utils.scm b/gnu/installer/utils.scm index 5f8fe8ca01..a7fa66a199 100644 --- a/gnu/installer/utils.scm +++ b/gnu/installer/utils.scm @@ -22,6 +22,7 @@ (define-module (gnu installer utils) #:use-module (guix build utils) #:use-module (guix i18n) #:use-module (srfi srfi-1) + #:use-module (srfi srfi-19) #:use-module (srfi srfi-34) #:use-module (ice-9 match) #:use-module (ice-9 rdelim) @@ -36,6 +37,8 @@ (define-module (gnu installer utils) syslog-port syslog + call-with-time + let/time with-server-socket current-server-socket @@ -117,6 +120,17 @@ (define (pause) ;;; Logging. ;;; +(define (call-with-time thunk kont) + "Call THUNK and pass KONT the elapsed time followed by THUNK's return +values." + (let* ((start (current-time time-monotonic)) + (result (call-with-values thunk list)) + (end (current-time time-monotonic))) + (apply kont (time-difference end start) result))) + +(define-syntax-rule (let/time ((time result exp)) body ...) + (call-with-time (lambda () exp) (lambda (time result) body ...))) + (define (open-syslog-port) "Return an open port (a socket) to /dev/log or #f if that wasn't possible." (let ((sock (socket AF_UNIX SOCK_DGRAM 0)))