Commit graph

133301 commits

Author SHA1 Message Date
Ludovic Courtès
ff1251de0b
daemon: Address shortcoming in previous security fix for CVE-2024-27297.
This is a followup to 8f4ffb3fae.

Commit 8f4ffb3fae fell short in two
ways: (1) it didn’t have any effet for fixed-output derivations
performed in a chroot, which is the case for all of them except those
using “builtin:download” and “builtin:git-download”, and (2) it did not
preserve ownership when copying, leading to “suspicious ownership or
permission […] rejecting this build output” errors.

* nix/libstore/build.cc (DerivationGoal::buildDone): Account for
‘chrootRootDir’ when copying ‘drv.outputs’.
* nix/libutil/util.cc (copyFileRecursively): Add ‘fchown’ and ‘fchownat’
calls to preserve file ownership; this is necessary for chrooted
fixed-output derivation builds.
* nix/libutil/util.hh: Update comment.

Change-Id: Ib59f040e98fed59d1af81d724b874b592cbef156
2024-03-12 14:07:28 +01:00
Zheng Junjie
fc1762fe38
gnu: ruby-x25519: Fix build on non x86_64.
* gnu/packages/patches/ruby-x25519-automatic-fallback-non-x86_64.patch:
New patch.
* gnu/packages/ruby.scm (ruby-x25519)[source]: Use it.
* gnu/local.mk (dist_patch_DATA): Register it.

Change-Id: If9c3b8dd8d818094f4cc5392bd5717f1430c369a
Signed-off-by: Efraim Flashner <efraim@flashner.co.il>
2024-03-12 13:50:33 +02:00
Giacomo Leidi
a42ce77f1b
gnu: ssh-to-age: Update to 1.1.7.
* gnu/packages/password-utils.scm (ssh-to-age): Update to 1.1.7.
[synopsis]: Remove period at the end of the sentence.

Change-Id: Ide1bab2490b52459c31191d578619f9ea1edcbaf
Signed-off-by: Efraim Flashner <efraim@flashner.co.il>
2024-03-12 13:48:32 +02:00
Lars Bilke
f7e6a84e98
gnu: hypre: Honor the #:tests? flag.
* gnu/packages/maths.scm (hypre)[arguments]: Adjust 'check phase to
honor the #:tests? flag.

Change-Id: I475fabd7d9f73ed320b97a4767830d82190c2b15
Signed-off-by: Efraim Flashner <efraim@flashner.co.il>
2024-03-12 13:48:32 +02:00
Lars Bilke
6cff29fb6e
gnu: petsc: Add tunable property.
Tested with some real-world simulations on multpiple HPC systems.

* gnu/packages/maths.scm (petsc)[properties]: Add tunable? flag.

Change-Id: I81588d0556c4176f29d7ab760322cd7aec271f12
Signed-off-by: Efraim Flashner <efraim@flashner.co.il>
2024-03-12 13:48:32 +02:00
Efraim Flashner
ac74586ff3
gnu: syncthing: Mark as tunable.
* gnu/packages/syncthing.scm (syncthing)[properties]: Mark package as
tunable.

Change-Id: Ia885bbd32f043e83b231359cca438ea9caf4e8dc
2024-03-12 13:48:32 +02:00
Efraim Flashner
62d8b14e32
gnu: rust-bindgen-cli: Add shell completions.
* gnu/packages/rust-apps.scm (rust-bindgen-cli)[arguments]: Add a phase
to install shell completions.

Change-Id: Ia476d02a7c2d75518da2624b09b7091fafb70d8d
2024-03-12 13:48:32 +02:00
aurtzy
4ef63d7ed0
gnu: Add rust-bindgen-cli-0.69.
* gnu/packages/rust-apps.scm (rust-bindgen-cli): New variable.
(rust-bindgen): Remove this package.

Change-Id: I0841f34d73acf4e161c9f0ba0c6543d7f0d03092
Signed-off-by: Efraim Flashner <efraim@flashner.co.il>
2024-03-12 13:48:28 +02:00
宋文武
a52701a4d3
gnu: cagebreak: Update to 2.3.1.
* gnu/packages/wm.scm (cagebreak): Update to 2.3.1.
[inputs]: Replace wlroots-0.16 with wlroots.

Change-Id: I1e14c45790aa633c200f604243bcd61b269bc231
2024-03-12 18:10:36 +08:00
宋文武
2a739c4d21
gnu: manaplus: Update to 2.1.3.17.
* gnu/packages/games.scm (manaplus): Update to 2.1.3.17.
[arguments]: Pass "--with-sdl2" as configure-flags.
[inputs]: Replace sdl-union with sdl2, sdl2-image, sdl2-mixer, sdl2-net and
sdl2-ttf.

Change-Id: I223150d559bce21e055b44262c7c97b3ccfa8dc2
2024-03-12 18:09:26 +08:00
宋文武
91efdc55f6
gnu: ltris: Update to 1.3.
* gnu/packages/games.scm (ltris): Update to 1.3.

Change-Id: I52e61633449100d945f52160c689d5a9d27da66a
2024-03-12 18:08:57 +08:00
宋文武
e0ada527e5
gnu: xfce: Add xfwm4-themes.
* gnu/packages/xfce.scm (xfce)[inputs]: Add xfwm4-themes.

Change-Id: If68db115691bdb0dc324ca502f1853d51e9d52b8
2024-03-12 18:02:07 +08:00
宋文武
671acb67ab
gnu: Add xfwm4-themes.
* gnu/packages/xfce.scm (xfwm4-themes): New package.

Change-Id: I01f7c7e095234c408c40cf344f6332753289d55f
2024-03-12 18:02:07 +08:00
宋文武
ff055e80e4
gnu: xfce4-dev-tools: Update to 4.18.1.
* gnu/packages/xfce.scm (xfce4-dev-tools): Update to 4.18.1.

Change-Id: I4e5b30d2dc70ba50b560d777a8b10ecb421dcbd9
2024-03-12 18:02:07 +08:00
宋文武
0888676854
gnu: xfce4-power-manager: Update to 4.18.3.
* gnu/packages/xfce.scm (xfce4-power-manager): Update to 4.18.3.

Change-Id: I64cb289730b4fea2af5e3cbffef5500e1bfe1382
2024-03-12 18:02:07 +08:00
宋文武
30e6d0a192
gnu: xfce4-terminal: Update to 1.1.3.
* gnu/packages/xfce.scm (xfce4-terminal): Update to 1.1.3.

Change-Id: Ic6589ee48f8e406f4d6b7b12ead165119b904e7f
2024-03-12 18:02:07 +08:00
宋文武
ad5faf2775
gnu: thunar: Update to 4.18.10.
* gnu/packages/xfce.scm (thunar): Update to 4.18.10.

Change-Id: I170cfa24d0086d6c1d2707d4c5693f28678adf3e
2024-03-12 18:02:07 +08:00
宋文武
80679b5c05
gnu: xfce4-settings: Update to 4.18.4.
* gnu/packages/xfce.scm (xfce4-settings): Update to 4.18.4.

Change-Id: If945317a90a0e0325bac352024c98920b8c6c86c
2024-03-12 18:02:07 +08:00
宋文武
b6701d3a84
gnu: xfce4-appfinder: Update to 4.18.1.
* gnu/packages/xfce.scm (xfce4-appfinder): Update to 4.18.1.

Change-Id: Ice902179d6991d9e887aeb2d9dfe144530c5dcf7
2024-03-12 18:02:07 +08:00
宋文武
43fb294937
gnu: xfce4-panel: Update to 4.18.6.
* gnu/packages/xfce.scm (xfce4-panel): Update to 4.18.6.

Change-Id: I29a0372692fc9896cdfa083e07c0e4a0255108c5
2024-03-12 18:02:07 +08:00
宋文武
359cef96d3
gnu: tumbler: Update to 4.18.2.
* gnu/packages/xfce.scm (tumbler): Update to 4.18.2.

Change-Id: I99c65a09b5fe4b02e4d678f64721a713cde09b87
2024-03-12 18:02:07 +08:00
宋文武
64794c145a
gnu: garcon: Update to 4.18.2.
* gnu/packages/xfce.scm (garcon): Update to 4.18.2.

Change-Id: I45cfb8bca3556849cc08c00053696b077553f4f6
2024-03-12 18:02:07 +08:00
宋文武
351303a944
gnu: xfconf: Update to 4.18.3.
* gnu/packages/xfce.scm (xfconf): Update to 4.18.3.

Change-Id: I938fa3a1d8770c62a1456a814144b24ed1b4a025
2024-03-12 18:02:07 +08:00
Florian Pelz
0547fe862c
news: Add 'de' translation.
* etc/news.scm: Add German translation.

Change-Id: Ia2a11f71cdee5ccbf2a7fbe176e713418771599e
2024-03-12 10:26:17 +01:00
Ludovic Courtès
7fa8bf8520
news: Give upgrade instructions for foreign distros.
* etc/news.scm: Update entry.

Change-Id: Ia7c326bc97042d92a8d499ee27dd41d15f1f0d29
2024-03-12 09:52:50 +01:00
Efraim Flashner
7f1145d11a
gnu: icedove-minimal: Build with newest rust-cbindgen.
* gnu/packages/gnuzilla.scm (icedove-minimal)[inputs]: Replace
rust-cbindgen-0.23 with rust-cbindgen.

Change-Id: I7e8f1edca86a5faf5a148e34a1ff20b85f16e039
2024-03-12 08:36:29 +02:00
Efraim Flashner
bacc391eba
gnu: icecat: Build with latest rust-cbindgen.
* gnu/packages/gnuzilla.scm (icecat-minimal)[inputs]: Replace
rust-cbindgen-0.24 with rust-cbindgen.

Change-Id: I147c6facf297f19f24c12b908a8a43793fa6c153
2024-03-12 08:36:29 +02:00
Efraim Flashner
79163d2c3c
gnu: tor-browser: Build with newest rust-cbindgen.
* gnu/packages/tor-browsers.scm (make-torbrowser)[inputs]: Replace
rust-cbindgen-0.24 with rust-cbindgen.

Change-Id: I6263a11342cb506c6c271e0360b7273c35be585d
2024-03-12 08:36:26 +02:00
Ludovic Courtès
4003c60abf
news: Add entry for the daemon fixed-output derivation vulnerability.
* etc/news.scm: Add entry.

Change-Id: Ib3f9c22eda1e8b9075620ec01b4edf2f24cfcf93
2024-03-11 23:14:37 +01:00
Ludovic Courtès
b8954a7fae
gnu: guix: Update to 8f4ffb3.
* gnu/packages/package-management.scm (guix): Update to 8f4ffb3.

Change-Id: I4574442c529f49881df03501d000e2da68618417
2024-03-11 23:14:37 +01:00
Vagrant Cascadian
5f100c68a4
etc: systemd services: switch to "journal" for output and error logging.
The "syslog" method has been deprecated for years, and issues a warning:

  Standard output type syslog is obsolete, automatically updating to
  journal. Please update your unit file, and consider removing the setting
  altogether.

Fixes: #48323

* etc/guix-daemon.service.in (StandardOutput): Use "journal"
(StandardError): Likewise.
* etc/guix-publish.service.in (StandardOutput): Likewise.
(StandardError): Likewise.
2024-03-11 14:34:25 -07:00
Ludovic Courtès
8f4ffb3fae
daemon: Protect against FD escape when building fixed-output derivations (CVE-2024-27297).
This fixes a security issue (CVE-2024-27297) whereby a fixed-output
derivation build process could open a writable file descriptor to its
output, send it to some outside process for instance over an abstract
AF_UNIX socket, which would then allow said process to modify the file
in the store after it has been marked as “valid”.

Vulnerability discovered by puck <https://github.com/puckipedia>.

Nix security advisory:
https://github.com/NixOS/nix/security/advisories/GHSA-2ffj-w4mj-pg37

Nix fix:
244f3eee0b

* nix/libutil/util.cc (readDirectory): Add variants that take a DIR* and
a file descriptor.  Rewrite the ‘Path’ variant accordingly.
(copyFile, copyFileRecursively): New functions.
* nix/libutil/util.hh (copyFileRecursively): New declaration.
* nix/libstore/build.cc (DerivationGoal::buildDone): When ‘fixedOutput’
is true, call ‘copyFileRecursively’ followed by ‘rename’ on each output.

Change-Id: I7952d41093eed26e123e38c14a4c1424be1ce1c4

Reported-by: Picnoir <picnoir@alternativebit.fr>, Théophane Hufschmitt <theophane.hufschmitt@tweag.io>
Change-Id: Idb5f2757f35af86b032a9851cecb19b70227bd88
2024-03-11 22:12:34 +01:00
Ludovic Courtès
a26bce55e6
time-machine: Allow time travels to v0.16.0.
* guix/scripts/time-machine.scm (%oldest-possible-commit): Change to
v0.16.0.
* tests/guix-time-machine.sh: Adjust comment.

Change-Id: I9ad82bd45fee0d172b5348a8ae16e990338a3a97
2024-03-11 22:12:34 +01:00
Leo Famulari
001dfb8957
gnu: Update the default linux-libre package to the 6.7 series.
* gnu/packages/linux.scm (linux-libre-version, linux-libre-gnu-revision,
linux-libre-pristine-source, linux-libre-source, linux-libre): Use
linux-libre-6.7.

Change-Id: I889a36129417363328d7509446dcedb31f816569
2024-03-11 11:20:43 -04:00
Wilko Meyer
29a3a25f8b
gnu: linux-libre 4.19: Update to 4.19.308.
* gnu/packages/linux.scm (linux-libre-4.19-version): Update to 4.19.308.
(linux-libre-4.19-pristine-source): Update hash.

Change-Id: Ifa9d16737ca5961672654822de3e5dd70cb3be1b
Signed-off-by: Leo Famulari <leo@famulari.name>
2024-03-11 11:20:43 -04:00
Wilko Meyer
86833f7791
gnu: linux-libre 5.4: Update to 5.4.270.
* gnu/packages/linux.scm (linux-libre-5.4-version): Update to 5.4.270.
(linux-libre-5.4-pristine-source): Update hash.

Change-Id: I1b5c3f1cb770c7d29cf4a9c678ea8786f89c31e3
Signed-off-by: Leo Famulari <leo@famulari.name>
2024-03-11 11:20:43 -04:00
Wilko Meyer
471b77355a
gnu: linux-libre 5.10: Update to 5.10.211.
* gnu/packages/linux.scm (linux-libre-5.10-version): Update to 5.10.211.
(linux-libre-5.10-pristine-source): Update hash.

Change-Id: I9171f5c2aa6b1184dbbcd12a8546c39ac775d0ce
Signed-off-by: Leo Famulari <leo@famulari.name>
2024-03-11 11:20:42 -04:00
Wilko Meyer
858435290e
gnu: linux-libre 5.15: Update to 5.15.150.
* gnu/packages/linux.scm (linux-libre-5.15-version): Update to 5.15.150.
(linux-libre-5.15-pristine-source, deblob-scripts-5.15): Update hashes.

Change-Id: I22b170d3af24151e22cc4f3c830ce91be1b00d0c
Signed-off-by: Leo Famulari <leo@famulari.name>
2024-03-11 11:20:42 -04:00
Wilko Meyer
7ea225f371
gnu: linux-libre 6.1: Update to 6.1.80.
* gnu/packages/linux.scm (linux-libre-6.1-version): Update to 6.1.80.
(linux-libre-6.1-pristine-source, deblob-scripts-6.1): Update hashes.

Change-Id: Ieeb2db5249ef534a2cd00b66f1064673245c4b91
Signed-off-by: Leo Famulari <leo@famulari.name>
2024-03-11 11:20:42 -04:00
Wilko Meyer
7b99730b5d
gnu: linux-libre 6.6: Update to 6.6.19.
* gnu/packages/linux.scm (linux-libre-6.6-version): Update to 6.6.19.
(linux-libre-6.6-pristine-source, deblob-scripts-6.6): Update hashes.

Change-Id: I675043d5a7d7a58046c5c4883baf602997ab894c
Signed-off-by: Leo Famulari <leo@famulari.name>
2024-03-11 11:20:42 -04:00
Wilko Meyer
8bba5dd26a
gnu: linux-libre 6.7: Update to 6.7.7.
* gnu/packages/linux.scm (linux-libre-6.7-version): Update to 6.7.7.
(linux-libre-6.7-pristine-source, deblob-scripts-6.7): Update hashes.

Change-Id: Ibf045f6eccaa36acd373ca03dc6239174edbae20
Signed-off-by: Leo Famulari <leo@famulari.name>
2024-03-11 11:20:38 -04:00
Ricardo Wurmus
1e5e3d8e24
gnu: r-logger: Update to 0.3.0.
* gnu/packages/cran.scm (r-logger): Update to 0.3.0.

Change-Id: Id090ba50fe10b71785acf359f880ec030c9eb235
2024-03-11 13:31:06 +01:00
Ricardo Wurmus
776e4d083a
gnu: r-paws-common: Update to 0.7.1.
* gnu/packages/cran.scm (r-paws-common): Update to 0.7.1.

Change-Id: I114662deb79dcc063dcb74e4ab72739c185fb0f0
2024-03-11 13:31:06 +01:00
Ricardo Wurmus
b4065ef93d
gnu: r-rstan: Update to 2.32.6.
* gnu/packages/cran.scm (r-rstan): Update to 2.32.6.
[inputs]: Add pandoc.

Change-Id: Iddad21c83ce3f5af01c57027edc7157948092990
2024-03-11 13:31:06 +01:00
Ricardo Wurmus
0afc70e8f0
gnu: r-fda: Update to 6.1.8.
* gnu/packages/cran.scm (r-fda): Update to 6.1.8.

Change-Id: Iba11aa8b4b31b9bd95b4b819e759aa6d2d97e37a
2024-03-11 13:31:06 +01:00
Ricardo Wurmus
4bec8df853
gnu: r-accsda: Update to 1.1.3.
* gnu/packages/cran.scm (r-accsda): Update to 1.1.3.
[propagated-inputs]: Remove r-ggthemes.

Change-Id: I00d749030f50d5837a5572c0642551e212e97a1a
2024-03-11 13:31:06 +01:00
Ricardo Wurmus
d14a9951ec
gnu: r-graphlayouts: Update to 1.1.1.
* gnu/packages/cran.scm (r-graphlayouts): Update to 1.1.1.

Change-Id: I20a604015e7b16b0ac6fb83169f2fbd3002b2cb7
2024-03-11 13:31:06 +01:00
Ricardo Wurmus
63b649a2f7
gnu: r-systemfonts: Update to 1.0.6.
* gnu/packages/cran.scm (r-systemfonts): Update to 1.0.6.

Change-Id: I88b6bca71843e034780cc897506a5ca73d6288a8
2024-03-11 13:31:06 +01:00
Ricardo Wurmus
48de8d86df
gnu: r-ggraph: Update to 2.2.1.
* gnu/packages/cran.scm (r-ggraph): Update to 2.2.1.

Change-Id: I16a96877df3fa37c5065862a6768389e11299a8a
2024-03-11 13:31:06 +01:00
Ricardo Wurmus
fa0be5a49b
gnu: r-gmodels: Update to 2.19.1.
* gnu/packages/cran.scm (r-gmodels): Update to 2.19.1.

Change-Id: Ifdb09883a7093c4b3521dce0da6136f278f6ab9d
2024-03-11 13:31:06 +01:00