| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
| |
* guix/scripts/package.scm (search-path-environment-variables)[manifest-entry->package]:
Use 'find-best-packages-by-name' instead of 'find-packages-by-name'.
On a profile with 140 packages, this reduces execution time of this
procedure from 5.8 seconds to 2.9 seconds (50% improvement.)
|
|
|
|
|
|
| |
* guix/scripts/package.scm (maybe-register-gc-root): New procedure.
* tests/guix-package.sh (profile): Grep the output of "guix gc
--list-live" in a couple of places.
|
|
|
|
|
|
|
|
| |
* guix/pki.scm (acl-entry-sexp, acl-sexp): Remove.
(public-keys->acl, current-acl): Return a native sexp.
(acl->public-keys, authorized-key?): Expect ACL to be a native sexp.
* guix/scripts/archive.scm (authorize-key): Convert ACL to
canonical-sexp when writing it.
|
|
|
|
|
| |
* guix/scripts/substitute-binary.scm (regexp-exec): Change formals
to (rx str . rest).
|
|
|
|
|
|
| |
* guix/scripts/substitute-binary.scm (guix-substitute-binary) <--query>:
Cache the result of (current-acl); pass it to 'valid-narinfo?' calls.
This saves 12% wall-clock time for "guix build emacs -n".
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* guix/nar.scm (restore-file-set)[assert-valid-signature]: Rewrite in
terms of 'signature-case'.
* guix/scripts/substitute-binary.scm (narinfo-signature->canonical-sexp):
Call 'leave' instead of 'raise' when SIGNATURE is invalid.
(&nar-signature-error, &nar-invalid-hash-error): Remove.
(assert-valid-signature): Add 'narinfo' parameter; remove 'port'.
Rewrite in terms of 'signature-case' and 'leave'. Mention NARINFO's
URI in error messages. Adjust caller.
(narinfo-sha256): New procedure.
(assert-valid-narinfo): Use it.
(valid-narinfo?): Rewrite using 'narinfo-sha256' and
'signature-case'.
* tests/substitute-binary.scm (assert-valid-signature,
test-error-condition): Remove.
("corrupt signature data", "unauthorized public key", "invalid
signature"): Remove.
|
|
|
|
|
|
|
|
|
| |
* guix/pki.scm (%signature-status): New procedure.
(signature-case): New macro.
* tests/pki.scm (%secret-key, %alternate-secret-key): New variables.
("signature-case valid-signature", "signature-case invalid-signature",
"signature-case hash-mismatch", "signature-case unauthorized-key",
"signature-case corrupt-signature"): New tests.
|
|
|
|
|
|
| |
* guix/scripts/substitute-binary.scm (assert-valid-narinfo): Add
#:verbose? parameter; when true, write "found valid signature".
(valid-narinfo?): Pass #:verbose? #f.
|
|
|
|
|
| |
* guix/scripts/archive.scm (authorize-key): Add 'mkdir-p' call.
Reported by Alex Sassmannshausen <alex.sassmannshausen@gmail.com>.
|
|
|
|
|
| |
* guix/scripts/offload.scm (transfer-and-offload): Exit with code 100
upon build failure.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* guix/scripts/substitute-binary.scm (narinfo-signature->canonical-sexp):
Catch 'gcry-error' around 'string->canonical-sexp' call, and re-raise
as a SRFI-35 &message and &nar-signature-error.
(narinfo-maker): Handle when SIGNATURE is #f or an invalid canonical
sexp.
(&nar-signature-error, &nar-invalid-hash-error): New variables.
(assert-valid-signature): Use them. Expect 'signature' to be a
canonical sexp.
(read-narinfo): Remove authentication and authorization checks.
(%signature-line-rx): New variable.
(assert-valid-narinfo, valid-narinfo?): New procedures.
(guix-substitute-binary): Wrap body in 'with-error-handling'.
[valid?]: New procedure.
<--query>: Show only store items of narinfos that match
'valid-narinfo?'.
<--substitute>: Call 'assert-valid-narinfo'.
* tests/substitute-binary.scm (test-error*): Use 'test-equal'.
(%keypair): Remove.
(%public-key, %private-key): Load from signing-key.{pub,sec}.
(signature-body): Add #:public-key parameter.
(call-with-narinfo): New procedure.
(with-narinfo): New macro.
("corrupt signature data", "unauthorized public key", "invalid
signature"): Make the first argument to 'assert-valid-signature' a
canonical sexp.
("invalid hash", "valid read-narinfo", "valid write-narinfo"):
Remove.
("query narinfo with invalid hash", "query narinfo signed with
authorized key", "query narinfo signed with unauthorized key",
"substitute, invalid hash", "substitute, unauthorized key"): New
tests.
|
|
|
|
|
|
|
|
|
| |
* guix/scripts/substitute-binary.scm (<narinfo>)[uri-base]: New field.
(narinfo-maker): Pass CACHE-URL as the 'uri-base' value.
(string->narinfo): Add 'cache-uri' parameter.
(lookup-narinfo)[cache-entry]: Switch to version 1. Add 'cache-uri'
field. Adjust body accordingly.
(remove-expired-cached-narinfos): Switch to version 1 by default.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* guix/scripts/substitute-binary.scm (<narinfo>): Add the 'signature'
and 'contents' fields.
(narinfo-signature->canonical-sexp): New function.
(narinfo-maker): Add the 'signature' argument and use it.
(assert-valid-signature): New function.
(read-narinfo): Support the Signature field.
(write-narinfo): Use 'narinfo-contents'.
(%allow-unauthenticated-substitutes?): New variable.
* guix/base64.scm, tests/base64.scm, tests/substitute-binary.scm: New files.
* Makefile.am (SCM_TESTS): Add tests/base64.scm and
tests/substitute-binary.scm.
(MODULES): Add guix/base64.scm.
* test-env.in: Set 'GUIX_ALLOW_UNAUTHENTICATED_SUBSTITUTES'.
|
|
|
|
| |
* guix/nar.scm (assert-valid-signature): Improve the wording.
|
|
|
|
|
|
|
| |
* guix/svn-download.scm, guix/build/svn.scm: New files.
* Makefile.am (MODULES): Add them.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
|
|\ |
|
| |\ |
|
| |\ \ |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* gnu/packages/ld-wrapper.scm (%store-directory): Change the default to
/gnu/store.
* guix/build/utils.scm (%store-directory): New procedure.
(remove-store-references): Use it for the default value of 'store'.
* guix/packages.scm (patch-and-repack)[builder]: Change default store to
/gnu/store.
|
| |\ \ \ |
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
* guix/packages.scm (patch-and-repack)[numeric-extension?, tarxz-name]:
New procedures.
[builder]: Adjust to deal with SOURCE when it's a directory.
<body>: Use 'tarxz-name'. Always add (guix build utils) to
IMPORTED-MODULES.
|
| |\ \ \ \
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Conflicts:
gnu/packages/libwebsockets.scm
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
* guix/build/gnu-build-system.scm (unpack): Check if SOURCE is a
directory, and copy it locally if it is.
* gnu/packages/libwebsockets.scm (libwebsockets)[arguments]: Remove
'unpack' phase.
|
| |\ \ \ \ \
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Conflicts:
gnu-system.am
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
* guix/build/gnu-build-system.scm (configure):
Change docdir directory from "doc" to "share/doc".
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
This reverts commit 65529e49ff5b9052544271b1b7923feed4312849.
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Suggested by John Darrington <john@darrington.wattle.id.au>
and Mark H Weaver <mhw@netris.org>.
* guix/build/gnu-build-system.scm (configure): Pass --localstatedir=/var
--sharedstatedir=/com.
* gnu/packages/admin.scm (dmd): Remove 'arguments' field.
* gnu/packages/avahi.scm (avahi): Remove --localstatedir flag.
* gnu/packages/glib.scm (dbus): Likewise.
* gnu/packages/package-management.scm (guix): Likewise.
* gnu/packages/pulseaudio.scm (pulseaudio): Likewise.
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
* gnu/system.scm (union, file-union, links): Pass #:local-build? #t to
'derivation-expression'.
* guix/derivations.scm (imported-files, compiled-modules): Likewise.
* guix/profiles.scm (profile-derivation): Likewise.
|
| |\ \ \ \ \ \ |
|
| |\ \ \ \ \ \ \ |
|
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
* guix/build/gnu-build-system.scm: Add new configure flag: CC_FOR_BUILD=gcc
* gnu/packages/gnupg.scm, gnu/packages/guile.scm, gnu/packages/make-bootstrap.scm:
remove CC_FOR_BUILD from these package descriptions.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
|
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
* guix/scripts/offload.scm (send-files): Remove 'close-pipe' call from
'guard' handler ('pipe' here referred to Guile's 'pipe' procedure.)
|
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
* guix/scripts/offload.scm (send-files): Keep the second return value of
'filtered-port'. Call 'waitpid' on it.
|
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
* guix/scripts/offload.scm (transfer-and-offload): Use 'upload' lock
instead of 'bandwidth' around 'send-files' calls, and 'download' lock
around 'retrieve-files' call.
|
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
* guix/scripts/offload.scm (remote-pipe): Remove '-z' lsh command line
argument. This makes transfers almost an order of magnitude slower.
OpenSSH's ssh(1) man page notes: "Compression is desirable on modem lines
and other slow connections, but will only slow down things on fast
networks." See also
<http://www.spikelab.org/blog/transfer-largedata-scp-tarssh-tarnc-compared.html>.
|
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
* guix/build/download.scm (http-fetch)[post-2.0.7?]: Use
'string->number' and numeric comparison. This fixes version
comparison with "2.0.10" and subsequent 2.0 releases.
|
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
* guix/scripts/offload.scm (send-files): Add "xz -dc |" to the remote
pipe command. Pass PIPE through 'call-with-compressed-output-port'.
Remove 'close-pipe' call.
(retrieve-files): Add "| xz -c" to the remote pipe command. Pass PIPE
through 'call-with-decompressed-port'. Remove 'close-pipe' call.
|
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
* guix/utils.scm (call-with-decompressed-port,
call-with-compressed-output-port): New procedures.
* tests/utils.scm ("compressed-output-port + decompressed-port"):
Rewrite to use them.
|
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
* guix/utils.scm (filtered-output-port, compressed-output-port): New
procedures.
* tests/utils.scm ("compressed-output-port + decompressed-port"): New
test.
|
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
* guix/scripts/authenticate.scm (guix-authenticate): Add clauses
for ("rsautl" "-sign" "-inkey" key) and ("rsautl" "-verify" "-inkey" _
"-pubin").
* tests/guix-authenticate.sh (hash): Add test using -sign and -verify in
a pipeline.
|
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
* guix/scripts/authenticate.scm (read-canonical-sexp): Change to expect
a port instead of a file name.
(read-hash-data): Likewise.
(sign-with-key, validate-signature): New procedures.
(guix-authenticate): Rewrite in terms of these two procedures.
|
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
* guix/utils.scm (decompressed-port, compressed-port): New procedures.
* guix/scripts/substitute-binary.scm (decompressed-port): Remove.
(guix-substitute-binary): Pass a symbol or #f as the first argument to
'decompress-port'.
* tests/utils.scm ("compressed-port, decompressed-port, non-file"): New
test.
|
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
* guix/utils.scm (filtered-port): Make sure the 'execl' child process
always exits, and does (primitive-_exit 1) upon execution failure.
Use 'primitive-_exit' in the 'dump-port' child process.
* tests/utils.scm ("filtered-port, does not exist"): New test.
|
| |_|_|_|_|_|_|/
|/| | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
* guix/licenses.scm: Fix Nixpkgs URL in comment.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
|
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
* guix/pk-crypto.scm (gcrypt-version): New procedure.
* guix/scripts/archive.scm (%key-generation-parameters): New variable.
(%options) <generate-key>: Use it.
* tests/pk-crypto.scm ("sign + verify, Ed25519"): Skip if using gcrypt < 1.6.0.
|
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
* guix/scripts/offload.scm (with-error-to-port): New macro.
(remote-pipe): Add #:error-port parameter. Use 'with-error-to-port'
around 'open-pipe*' call.
(build-log-port): New procedure.
(offload): Change #:log-port to default to (build-log-port). Call
'remote-pipe' with #:error-port LOG-PORT.
|
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
* guix/scripts/substitute-binary.scm (fetch): Add #:quiet-404?
parameter. Upon &http-get-error, re-raise C if the QUIET-404? is
true and the code is 404.
(fetch-narinfo): Pass #:quiet-404? #t.
|
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
* guix/pk-crypto.scm (bytevector->hash-data): Add #:key-type parameter.
Use the 'pkcs1' flag when KEY-TYPE is 'rsa', and 'rfc6979' when
KEY-TYPE is 'ecc' or 'dsa'.
(key-type): New procedure.
* guix/scripts/authenticate.scm (read-hash-data): Add 'key-type'
parameter. Pass it to 'bytevector->hash-data'. Adjust caller
accordingly.
* tests/pk-crypto.scm (%ecc-key-pair): New variable.
("key-type"): New test.
("sign + verify"): Pass #:key-type to 'bytevector->hash-data'.
("sign + verify, Ed25519"): New test.
|
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
* guix/scripts/archive.scm (%options) <generate-key>: Default to curve
Ed25519. Suggested by Christian Grothoff <grothoff@in.tum.de>.
|
| |_|_|_|_|_|/
|/| | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
* guix/scripts/archive.scm (%options) <generate-key>: Report the error
source and string when 'string->canonical-sexp' fails.
|