Commit graph

29 commits

Author SHA1 Message Date
Ludovic Courtès
323b58ac18
channels: ‘latest-channel-instances’ traverses user-provided channels first.
Previously, ‘latest-channel-instances’ would perform a depth-first
traversal of channels.  Since dependencies specified in ‘.guix-channel’
are usually less specific that those provided by the user, this would
lead to the use of instances corresponding to those less specific specs,
which in turn might declare dependencies that do not exist for the more
specific instances.

This commit changes ‘latest-channel-instances’ to perform a
breadth-first traversal, thereby giving user-supplied channels higher
precedence over dependencies found via ‘.guix-channel’.

Fixes <https://issues.guix.gnu.org/68822>.

* guix/channels.scm (latest-channel-instances)[ignore?]: Remove.
[instance-name, same-named?, more-specific?]: New procedures.
Rewrite as a breadth-first traversal using a regular loop.
* tests/channels.scm ("latest-channel-instances reads dependencies from most-specific instance"):
New test.

Change-Id: Iba518145cfd209f04293a56246dbfee3b714650b
2024-01-31 09:07:25 +01:00
Ludovic Courtès
36d654fa54
channels: Tweak test.
* tests/channels.scm ("latest-channel-instances excludes duplicate channel dependencies"):
Use ‘equal?’ rather than ‘string=?’ since we can get #f.

Change-Id: I437b9d7e23200cf0c98b1593e68b1d355bc2de01
2024-01-31 09:07:25 +01:00
Ludovic Courtès
ba21eeb565
tests: Assume ‘git’ is always available.
* tests/channels.scm (gpg+git-available?): Check for ‘gpg-command’
only.
Remove all ‘test-skip’ statements.
* tests/derivations.scm: Likewise.
* tests/git-authenticate.scm: Likewise.
* tests/git.scm: Likewise.
* tests/import-git.scm: Likewise.
2023-09-26 17:36:59 +02:00
Ludovic Courtès
a3619079f9
Remove now unnecessary uses of (guix grafts).
These modules would use (guix grafts) just to access '%graft?' and
related bindings, which are now in (guix store).

* gnu/ci.scm,
guix/gexp.scm,
guix/lint.scm,
guix/scripts.scm,
guix/scripts/archive.scm,
guix/scripts/build.scm,
guix/scripts/challenge.scm,
guix/scripts/deploy.scm,
guix/scripts/environment.scm,
guix/scripts/home.scm,
guix/scripts/pack.scm,
guix/scripts/package.scm,
guix/scripts/pull.scm,
guix/scripts/size.scm,
guix/scripts/system.scm,
guix/scripts/weather.scm,
tests/builders.scm,
tests/channels.scm,
tests/cpan.scm,
tests/derivations.scm,
tests/gexp.scm,
tests/graph.scm,
tests/guix-daemon.sh,
tests/monads.scm,
tests/pack.scm,
tests/packages.scm,
tests/profiles.scm,
tests/system.scm: Remove #:use-module (guix grafts).
2022-10-22 01:46:55 +02:00
Ludovic Courtès
ca87601dd9
git-authenticate: Ensure the target is a descendant of the introductory commit.
Fixes a bug whereby authentication of a commit *not* descending from the
introductory commit could succeed, provided the commit verifies the
authorization invariant.

In the example below, A is a common ancestor of the introductory commit
I and of commit X.  Authentication of X would succeed, even though it is
not a descendant of I, as long as X is authorized according to the
'.guix-authorizations' in A:

   X   	 I
    \   /
      A

This is because, 'authenticate-repository' would not check whether X
descends from I, and the call (commit-difference X I) would return X.

In practice that only affects forks because it means that ancestors of
the introductory commit already contain a '.guix-authorizations' file.

* guix/git-authenticate.scm (authenticate-repository): Add call to
'commit-descendant?'.
* tests/channels.scm ("authenticate-channel, not a descendant of introductory commit"):
New test.
* tests/git-authenticate.scm ("authenticate-repository, target not a descendant of intro"):
New test.
* tests/guix-git-authenticate.sh: Expect earlier test to fail since
9549f0283a is not a descendant of
$intro_commit.  Add new test targeting an ancestor of the introductory
commit, and another test targeting the v1.2.0 commit.
* doc/guix.texi (Specifying Channel Authorizations): Add a sentence.
2022-02-14 11:23:08 +01:00
Attila Lendvai
9ebc9ca070
tests: Move keys into ./tests/keys/ and add a third ed25519 key.
The third key will be used in an upcoming commit.

Rename public keys to .pub.

* guix/tests/gnupg.scm (%ed25519-3-public-key-file): New variable.
(%ed25519-3-secret-key-file): New variable.
(%ed25519-2-public-key-file): Renamed from %ed25519bis-public-key-file.
(%ed25519-2-secret-key-file): Renamed from %ed25519bis-secret-key-file.
* tests/keys/ed25519-3.key: New file.
* tests/keys/ed25519-3.sec: New file.

Signed-off-by: Mathieu Othacehe <othacehe@gnu.org>
2021-12-22 10:53:19 +01:00
Ludovic Courtès
778c1fb4ea
channels: 'channel-news-entry-commit' correctly resolves annotated tags.
Previously, 'channel-news-entry-commit' would return the tag ID rather
than the commit ID when the news entry was referred to via an annotated
tag.

Reported by Xinglu Chen <public@yoctocell.xyz>.

* guix/channels.scm (resolve-channel-news-entry-tag): Check whether the
reference points to annotated tag; resolve it if it does.
* tests/channels.scm ("channel-news, annotated tag"): New test.
2021-09-18 19:37:45 +02:00
Ludovic Courtès
d3162b98a8
tests: Add missing copyright line.
* tests/channels.scm: Add copyright line for past changes.
2020-10-12 18:23:47 +02:00
Ludovic Courtès
6c46e477eb
channels: Address test failure.
Fixes <https://bugs.gnu.org/43940>.
Reported by Maxim Cournoyer <maxim.cournoyer@gmail.com>.

The "channel-instances->manifest" test would fail since
1d4ab335b2: 'quiet-guile' would be passed #f
as GUILE, and thus 'package-version' would fail with wrong-type-arg.

* guix/channels.scm (whole-package-for-legacy): Pass #:guile to
'whole-package'.
* tests/channels.scm ("channel-instances->manifest"): Remove 'test-expect-fail'.
2020-10-12 11:28:56 +02:00
Maxim Cournoyer
875c01f82d
tests: Mark the channel-instances->manifest as expected to fail.
Allow the Guix package to be updated while awaiting resolution for
<https://issues.guix.gnu.org/43940>.

* tests/channels.scm (channel-instances->manifest): Mark test as expected to
fail.
2020-10-12 00:30:14 -04:00
Ludovic Courtès
d51bfe242f
Use 'formatted-message' instead of '&message' where appropriate.
* gnu.scm (%try-use-modules): Use 'formatted-message' instead of
'&message'.
* gnu/machine/digital-ocean.scm (maybe-raise-unsupported-configuration-error):
Likewise.
* gnu/machine/ssh.scm (machine-check-file-system-availability): Likewise.
(machine-check-building-for-appropriate-system): Likewise.
(deploy-managed-host): Likewise.
(maybe-raise-unsupported-configuration-error): Likewise.
* gnu/packages.scm (search-patch): Likewise.
* gnu/services.scm (%service-with-default-value): Likewise.
(files->etc-directory): Likewise.
(fold-services): Likewise.
* gnu/system.scm (locale-name->definition*): Likewise.
* gnu/system/mapped-devices.scm (check-device-initrd-modules): Likewise.
(check-luks-device): Likewise.
* guix/channels.scm (latest-channel-instance): Likewise.
* guix/cve.scm (json->cve-items): Likewise.
* guix/git-authenticate.scm (commit-signing-key): Likewise.
(commit-authorized-keys): Likewise.
(authenticate-commit): Likewise.
(verify-introductory-commit): Likewise.
* guix/remote.scm (remote-pipe-for-gexp): Likewise.
* guix/scripts/graph.scm (assert-package): Likewise.
* guix/scripts/offload.scm (private-key-from-file*): Likewise.
* guix/ssh.scm (authenticate-server*): Likewise.
(open-ssh-session): Likewise.
(remote-inferior): Likewise.
* guix/ui.scm (matching-generations): Likewise.
* guix/upstream.scm (package-update): Likewise.
* tests/channels.scm ("latest-channel-instances, missing introduction for 'guix'"):
Catch 'formatted-message?'.
("authenticate-channel, wrong first commit signer"): Likewise.
* tests/lint.scm ("patches: not found"): Adjust message string.
* tests/packages.scm ("patch not found yields a run-time error"): Catch
'formatted-message?'.
* guix/lint.scm (check-patch-file-names): Handle 'formatted-message?'.
(check-derivation): Ditto.
2020-07-25 19:11:37 +02:00
Ludovic Courtès
a5e2fc7376
utils: Move <location> and '&error-location' to (guix diagnostics).
* guix/utils.scm (<location>, source-properties->location)
(location->source-properties, &error-location): Move to...
* guix/diagnostics.scm: ... here.
* gnu.scm: Adjust imports accordingly.
* gnu/machine.scm: Likewise.
* gnu/system.scm: Likewise.
* gnu/tests.scm: Likewise.
* guix/inferior.scm: Likewise.
* tests/channels.scm: Likewise.
* tests/packages.scm: Likewise.
2020-07-25 19:11:36 +02:00
Ludovic Courtès
d774c7b121
channels: Dependencies listed in '.guix-channel' can have an introduction.
Suggested by Ricardo Wurmus and Simon Tournier.

* guix/channels.scm (sexp->channel-introduction): New procedure.
(read-channel-metadata): Use it.
(profile-channels)[sexp->channel-introduction]: Remove.
* tests/channels.scm ("latest-channel-instances, authenticate dependency"):
New test.
* doc/guix.texi (Channels)[Declaring Channel Dependencies]: Augment example.
2020-07-01 23:34:51 +02:00
Ludovic Courtès
884df77640
channels: Properly diagnose test failure.
This fixes a style issue similar to that of
a18d02def9.

* tests/channels.scm ("authenticate-channel, .guix-authorizations"):
Change to 'test-equal' so that test failures are properly diagnosed.
2020-07-01 23:34:51 +02:00
Ludovic Courtès
8b7d982e6a
channels: Make channel introductions public.
* guix/channels.scm (<channel-introduction>): Rename constructor to
'%make-channel-introduction'.
(make-channel-introduction): New procedure.
* tests/channels.scm ("authenticate-channel, wrong first commit signer")
("authenticate-channel, .guix-authorizations"): Use
'make-channel-introduction' without '@@' and without third argument.
* doc/guix.texi (Channels)[Channel Authentication, Specifying Channel
Authorizations]: New subsections.
2020-07-01 23:34:51 +02:00
Ludovic Courtès
ead5c46147
channels: Error out when the 'guix' channel lacks an introduction.
* guix/channels.scm (latest-channel-instance): Raise an error instead of
warning when 'guix is unauthenticated.
* tests/channels.scm ("latest-channel-instances, missing introduction for 'guix'"):
New test.
2020-06-28 23:26:53 +02:00
Ludovic Courtès
a18d02def9
channels: Fix test for introductory commit signer.
Until now the test would always succeed because it would return
'failed, which has truth value.  The exercise
'verify-introductory-commit', we need to add a second commit beyond the
introductory commit, which is what we do here.

* tests/channels.scm ("authenticate-channel, wrong first commit
signer"): Add a second commit and authenticate up to that one.  Change
'message?' to 'message-condition?'.
2020-06-25 01:20:31 +02:00
Ludovic Courtès
5bafc70d1e
channels: Make 'validate-pull' call right after clone/pull.
This should come before patching, authentication, etc.

* guix/channels.scm (latest-channel-instance): Add #:validate-pull
parameter and honor it.  Return a single value: the instance.
(ensure-forward-channel-update): Change 'instance' parameter to 'commit'
and adjust accordingly.
(latest-channel-instances): Adjust to 'latest-channel-instance' changes.
* guix/scripts/pull.scm (warn-about-backward-updates): Change 'instance'
parameter to 'commit' and adjust accordingly.
* tests/channels.scm ("latest-channel-instances #:validate-pull"):
Likewise.
2020-06-16 16:10:47 +02:00
Ludovic Courtès
43badf261f
channels: 'latest-channel-instance' authenticates Git checkouts.
Fixes <https://bugs.gnu.org/22883>.

* guix/channels.scm (<channel>)[introduction]: New field.
(<channel-introduction>): New record type.
(%guix-channel-introduction): New variable.
(%default-channels): Use it.
(<channel-metadata>)[keyring-reference]: New field.
(%default-keyring-reference): New variable.
(read-channel-metadata, read-channel-metadata-from-source): Initialize
the 'keyring-reference' field.
(commit-short-id, verify-introductory-commit)
(authenticate-channel): New procedures.
(latest-channel-instance): Call 'authenticate-channel' when CHANNEL has
an introduction.
* tests/channels.scm (gpg+git-available?, commit-id-string): New
procedures.
("authenticate-channel, wrong first commit signer"):
("authenticate-channel, .guix-authorizations"): New tests.
* doc/guix.texi (Invoking guix pull): Mention authentication.
2020-06-16 16:10:47 +02:00
Ludovic Courtès
872898f768
channels: 'latest-channel-instances' guards against non-forward updates.
* guix/channels.scm (latest-channel-instance): Add #:starting-commit and
pass it to 'update-cached-checkout'.  Return the commit relation as a
second value.
(ensure-forward-channel-update): New procedure.
(latest-channel-instances): Add #:current-channels and #:validate-pull.
[current-commit]: New procedure.
Pass #:starting-commit to 'latest-channel-instance'.  When the returned
relation is true, call VALIDATE-PULL.
(latest-channel-derivation): Add #:current-channels and #:validate-pull.
Pass them to 'latest-channel-instances*'.
* tests/channels.scm ("latest-channel-instances #:validate-pull"): New
test.
2020-05-25 00:00:28 +02:00
Ludovic Courtès
8d1d56578a
git: 'update-cached-checkout' returns the commit relation.
* guix/git.scm (update-cached-checkout): Add #:starting-commit
parameter.  Call 'commit-relation' when #:starting-commit is true.
Always return the relation or #f as the third value.
(latest-repository-commit): Adjust accordingly.
* guix/import/opam.scm (get-opam-repository): Likewise.
* tests/channels.scm ("latest-channel-instances includes channel dependencies")
("latest-channel-instances excludes duplicate channel dependencies"):
Update mock of 'update-cached-checkout' accordingly.
2020-05-25 00:00:28 +02:00
Ludovic Courtès
053b10c3ef
channels: Add mechanism to patch checkouts of the 'guix channel.
* guix/channels.scm (<patch>): New record type.
(apply-patches): New procedure.
(latest-channel-instance)[dot-git?]: New procedure.
Use 'update-cached-checkout' and 'add-to-store' instead of
'latest-repository-commit'.  Call 'apply-patches' when CHANNEL is the
'guix channel.
(%patches): New variable.
* guix/git.scm (url+commit->name): Make public.
* tests/channels.scm ("latest-channel-instances includes channel dependencies")
("latest-channel-instances excludes duplicate channel dependencies"):
Mock 'update-cached-checkout' instead of 'latest-repository-commit'.
Wrap body in 'with-store' and pass the store to 'latest-channel-instances'.
2020-05-07 10:06:15 +02:00
Ludovic Courtès
9719e8d37a
channels: Allow news entries to refer to a tag.
Suggested by Ricardo Wurmus <rekado@elephly.net>.

* guix/channels.scm (<channel-news-entry>)[tag]: New field.
(sexp->channel-news-entry): Accept either 'commit' or 'tag' in 'entry'
forms.
(resolve-channel-news-entry-tag): New procedure.
(channel-news-for-commit): Move 'with-repository' form one level
higher.  Call 'resolve-channel-news-entry-tag' on all the news entries.
* guix/tests/git.scm (populate-git-repository): Add clause for 'tag'.
* tests/channels.scm ("channel-news, one entry"): Create a tag and add
an entry with a tag.  Check that the tag is resolved and also visible in
the <channel-news-entry> record.
* doc/guix.texi (Channels): Mention tags in news entries.
2019-09-23 10:38:44 +02:00
Ludovic Courtès
8ba7fd3cd6
channels: Add support for a news file.
* guix/channels.scm (<channel-metadata>)[news-file]: New field.
(read-channel-metadata): Set the 'news-file' field.
(read-channel-metadata-from-source): Likewise.
(<channel-news>, <channel-news-entry>): New record types.
(sexp->channel-news-entry, read-channel-news)
(channel-news-for-commit): New procedures.
* guix/tests/git.scm (populate-git-repository): For 'add', allow
CONTENTS to be a procedure.
* tests/channels.scm ("channel-news, no news")
("channel-news, one entry"): New tests.
* doc/guix.texi (Channels): Document it.
2019-09-23 10:38:44 +02:00
Ludovic Courtès
ce5d9ec875
channels: Always provide a <channel-metadata> record.
This simplifies the code since one no longer needs to think about
whether '.guix-channel' was present.

* guix/channels.scm (read-channel-metadata): Always pass a string as the
first argument to 'channel-metadata'.
(read-channel-metadata-from-source): Always return a <channel-metadata>
record.
(channel-instance-dependencies): Remove now unneeded 'match'.
(standard-module-derivation): Assume DIRECTORY is never #f and contains
a leading slash.
* tests/channels.scm (channel-metadata-directory)
(channel-metadata-dependencies): New procedures.
("channel-instance-metadata returns #f if .guix-channel does not
exist"): Remove.
("channel-instance-metadata returns default if .guix-channel does not
exist"): New test.
(make-instance): Use 'write' instead of 'display' when creating
'.guix-channel'.
(instance--no-deps): Remove dependencies.
(instance--sub-directory): New variable.
("channel-instance-metadata and default dependencies")
("channel-instance-metadata and directory"): New tests.
("latest-channel-instances excludes duplicate channel dependencies"):
Expect 'channel-commit' to return a string and adjust accordingly.
2019-07-19 11:53:47 +02:00
Ludovic Courtès
45b903323e
channels: Strictly check the version of '.guix-channel'.
Until now the 'version' field in '.guix-channel' could be omitted, or it
could be any value.

* guix/channels.scm (read-channel-metadata): Rename to...
(channel-instance-metadata): ... this.
(channel-instance-dependencies): Adjust accordingly.
(read-channel-metadata): New procedure.  Use 'match'
to require a 'version' field.  Provide proper error handling when the
channel sexp is malformed or when given an unsupported version number.
(read-channel-metadata-from-source): Use 'catch' and
'system-error-errno' instead of 'file-exists?'.
* tests/channels.scm (instance--unsupported-version): New variable.
(read-channel-metadata): Rename to...
(channel-instance-metadata): ... this.  Rename tests accordingly.
("channel-instance-metadata rejects unsupported version"): New test.
2019-07-19 11:53:47 +02:00
Ludovic Courtès
1fafc383b1
inferior: 'gexp->derivation-in-inferior' honors EXP's load path.
Previously the imported modules and extensions of EXP would be missing
from the load path of 'guix repl'.

* guix/inferior.scm (gexp->derivation-in-inferior)[script]: New
variable.
[trampoline]: Write (primitive-load #$script) to PIPE.  Add #$output.
* tests/channels.scm ("channel-instances->manifest")[depends?]: Check
for requisites rather than direct references.
Adjust callers accordingly.
2019-01-20 17:57:14 +01:00
Ludovic Courtès
ed75bdf35c
channels: Don't pull from the same channel more than once.
Previous 'channel-instance->manifest' would call
'latest-channel-derivation', which could trigger another round of
'latest-repository-commit' for no good reason.

* guix/channels.scm (resolve-dependencies): New procedure.
(channel-instance-derivations)[edges]: New variable.
[instance->derivation]: New procedure.
* tests/channels.scm (make-instance): Use 'checkout->channel-instance'
instead of 'channel-instance'.
("channel-instances->manifest"): New test.
2019-01-20 17:57:14 +01:00
Ricardo Wurmus
af12790bdd
guix: Add support for channel dependencies.
* guix/channels.scm (<channel-metadata>): New record.
(read-channel-metadata, channel-instance-dependencies): New procedures.
(latest-channel-instances): Include channel dependencies; add optional
argument PREVIOUS-CHANNELS.
(channel-instance-derivations): Build derivation for additional channels and
add it as dependency to the channel instance derivation.
* doc/guix.texi (Channels): Add subsection "Declaring Channel Dependencies".
* tests/channels.scm: New file.
* Makefile.am (SCM_TESTS): Add it.
2018-12-09 13:55:22 +01:00