aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--.dir-locals.el1
-rw-r--r--Makefile.am23
-rw-r--r--NEWS4
-rw-r--r--build-aux/update-guix-package.scm73
-rw-r--r--doc/contributing.texi11
-rw-r--r--etc/guix-daemon.cil.in180
-rw-r--r--gnu/local.mk1
-rw-r--r--gnu/packages/glib.scm14
-rw-r--r--gnu/packages/package-management.scm16
-rw-r--r--gnu/packages/patches/glib-appinfo-watch.patch92
-rw-r--r--gnu/packages/python-web.scm33
-rw-r--r--gnu/services/base.scm21
-rw-r--r--guix/scripts/build.scm4
-rw-r--r--guix/scripts/pack.scm5
-rw-r--r--guix/scripts/publish.scm28
-rw-r--r--guix/scripts/pull.scm2
-rw-r--r--guix/self.scm10
-rw-r--r--tests/build-utils.scm4
18 files changed, 431 insertions, 91 deletions
diff --git a/.dir-locals.el b/.dir-locals.el
index bad3900a96..4eb27d8b1b 100644
--- a/.dir-locals.el
+++ b/.dir-locals.el
@@ -134,7 +134,6 @@
(eval . (put 'call-with-progress-reporter 'scheme-indent-function 1))
(eval . (put 'with-repository 'scheme-indent-function 2))
(eval . (put 'with-temporary-git-repository 'scheme-indent-function 2))
- (eval . (put 'with-temporary-git-worktree 'scheme-indent-function 2))
(eval . (put 'with-environment-variables 'scheme-indent-function 1))
(eval . (put 'with-fresh-gnupg-setup 'scheme-indent-function 1))
diff --git a/Makefile.am b/Makefile.am
index e7053ee4f4..d63f2ae4b7 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -562,7 +562,7 @@ dist_zshcompletion_DATA = etc/completion/zsh/_guix
dist_fishcompletion_DATA = etc/completion/fish/guix.fish
# SELinux policy
-nodist_selinux_policy_DATA = etc/guix-daemon.cil.in
+nodist_selinux_policy_DATA = etc/guix-daemon.cil
EXTRA_DIST += \
HACKING \
@@ -570,6 +570,7 @@ EXTRA_DIST += \
TODO \
CODE-OF-CONDUCT \
.dir-locals.el \
+ .guix-authorizations \
.guix-channel \
scripts/guix.in \
etc/guix-install.sh \
@@ -710,7 +711,7 @@ AM_DISTCHECK_CONFIGURE_FLAGS = \
ac_cv_guix_test_root="$(GUIX_TEST_ROOT)"
# Name of the 'guix' package shipped in the binary tarball.
-GUIX_FOR_BINARY_TARBALL = guile3.0-guix
+GUIX_FOR_BINARY_TARBALL = guix
# The self-contained tarball.
guix-binary.%.tar.xz:
@@ -730,8 +731,8 @@ distcheck-hook: assert-binaries-available assert-final-inputs-self-contained
EXTRA_DIST += $(top_srcdir)/.version
BUILT_SOURCES += $(top_srcdir)/.version
-$(top_srcdir)/.version:
- echo $(VERSION) > "$@-t" && mv "$@-t" "$@"
+$(top_srcdir)/.version: config.status
+ $(AM_V_GEN)echo $(VERSION) > "$@-t" && mv "$@-t" "$@"
gen-tarball-version:
echo $(VERSION) > "$(distdir)/.tarball-version"
@@ -826,9 +827,10 @@ release: dist-with-updated-version
$(MKDIR_P) "$(releasedir)"
rm -f "$(releasedir)"/*
mv $(SOURCE_TARBALLS) "$(releasedir)"
- $(top_builddir)/pre-inst-env "$(GUILE)" \
- $(top_srcdir)/build-aux/update-guix-package.scm \
- "`git rev-parse HEAD`" "$(PACKAGE_VERSION)"
+ GUIX_ALLOW_ME_TO_USE_PRIVATE_COMMIT=yes \
+ $(top_builddir)/pre-inst-env "$(GUILE)" \
+ $(top_srcdir)/build-aux/update-guix-package.scm \
+ "`git rev-parse HEAD`" "$(PACKAGE_VERSION)"
git add $(top_srcdir)/gnu/packages/package-management.scm
git commit -m "gnu: guix: Update to $(PACKAGE_VERSION)."
$(top_builddir)/pre-inst-env guix build $(GUIX_FOR_BINARY_TARBALL) \
@@ -840,9 +842,10 @@ release: dist-with-updated-version
mv "guix-binary.$$system.tar.xz" \
"$(releasedir)/guix-binary-$(PACKAGE_VERSION).$$system.tar.xz" ; \
done
- $(top_builddir)/pre-inst-env "$(GUILE)" \
- $(top_srcdir)/build-aux/update-guix-package.scm \
- "`git rev-parse HEAD`"
+ GUIX_ALLOW_ME_TO_USE_PRIVATE_COMMIT=yes \
+ $(top_builddir)/pre-inst-env "$(GUILE)" \
+ $(top_srcdir)/build-aux/update-guix-package.scm \
+ "`git rev-parse HEAD`"
git add $(top_srcdir)/gnu/packages/package-management.scm
git commit -m "gnu: guix: Update to `git rev-parse HEAD | cut -c1-7`."
$(top_builddir)/pre-inst-env guix build guix \
diff --git a/NEWS b/NEWS
index ab1838398c..62b599c9c9 100644
--- a/NEWS
+++ b/NEWS
@@ -60,6 +60,8 @@ Please send Guix bug reports to bug-guix@gnu.org.
*** ‘swap-devices’ field of ‘operating-system’ can contains UUIDs and labels
*** Graphical installer uses UUIDs for unencrypted swap partitions
*** Graphical installer now supports NTFS file systems
+*** File systems UUIDs and labels now recognized for F2FS and NTFS
+*** Root file system can now be on NFS
*** New services
autossh, ganeti, gmnisrv, guix-build-coordinator,
@@ -96,6 +98,8 @@ simulated-wifi, udev-rules, unattended-upgrade, webssh, zram
(<https://issues.guix.gnu.org/35394>)
*** ‘guix system reconfigure’ now starts services not currently running
(<https://bugs.gnu.org/43720>)
+*** Desktop environments now detect newly installed applications
+ (<https://bugs.gnu.org/35594>)
*** Offloading and copying small items is now much faster
(<https://issues.guix.gnu.org/43340>)
*** GCC switched back to C_INCLUDE_PATH & co. from CPATH
diff --git a/build-aux/update-guix-package.scm b/build-aux/update-guix-package.scm
index ff6b105468..9fe6c201cc 100644
--- a/build-aux/update-guix-package.scm
+++ b/build-aux/update-guix-package.scm
@@ -44,9 +44,6 @@
(define %top-srcdir
(string-append (current-source-directory) "/.."))
-(define version-controlled?
- (git-predicate %top-srcdir))
-
(define (package-definition-location)
"Return the source properties of the definition of the 'guix' package."
(call-with-input-file (location-file (package-location guix))
@@ -114,8 +111,9 @@ COMMIT."
"Create a new git worktree at DIRECTORY, detached on commit COMMIT."
(invoke "git" "worktree" "add" "--detach" directory commit))
-(define-syntax-rule (with-temporary-git-worktree commit body ...)
- "Execute BODY in the context of a temporary git worktree created from COMMIT."
+(define (call-with-temporary-git-worktree commit proc)
+ "Execute PROC in the context of a temporary git worktree created from
+COMMIT. PROC receives the temporary directory file name as an argument."
(call-with-temporary-directory
(lambda (tmp-directory)
(dynamic-wind
@@ -123,12 +121,12 @@ COMMIT."
#t)
(lambda ()
(git-add-worktree tmp-directory commit)
- (with-directory-excursion tmp-directory body ...))
+ (proc tmp-directory))
(lambda ()
(invoke "git" "worktree" "remove" "--force" tmp-directory))))))
(define %savannah-guix-git-repo-push-url-regexp
- "git.(savannah|sv).gnu.org/srv/git/guix.git \\(push\\)")
+ "git.(savannah|sv).gnu.org:?/srv/git/guix.git \\(push\\)")
(define-syntax-rule (with-input-pipe-to-string prog arg ...)
(let* ((input-pipe (open-pipe* OPEN_READ prog arg ...))
@@ -156,27 +154,60 @@ COMMIT."
"git" "branch" "-r" "--contains" commit
(string-append remote "/master")))))
+(define (keep-source-in-store store source)
+ "Add SOURCE to the store under the name that the 'guix' package expects."
+
+ ;; Add SOURCE to the store, but this time under the real name used in the
+ ;; 'origin'. This allows us to build the package without having to make a
+ ;; real checkout; thus, it also works when working on a private branch.
+ (reload-module
+ (resolve-module '(gnu packages package-management)))
+
+ (let* ((source (add-to-store store
+ (origin-file-name (package-source guix))
+ #t "sha256" source
+ #:select? (git-predicate source)))
+ (root (store-path-package-name source)))
+
+ ;; Add an indirect GC root for SOURCE in the current directory.
+ (false-if-exception (delete-file root))
+ (symlink source root)
+ (add-indirect-root store
+ (string-append (getcwd) "/" root))
+
+ (info (G_ "source code kept in ~a (GC root: ~a)~%")
+ source root)))
+
(define (main . args)
(match args
((commit version)
(with-directory-excursion %top-srcdir
(or (getenv "GUIX_ALLOW_ME_TO_USE_PRIVATE_COMMIT")
- (commit-already-pushed? (find-origin-remote) commit)
+ (let ((remote (find-origin-remote)))
+ (unless remote
+ (leave (G_ "Failed to find the origin git remote.~%")))
+ (commit-already-pushed? remote commit))
(leave (G_ "Commit ~a is not pushed upstream. Aborting.~%") commit))
- (let* ((hash (with-temporary-git-worktree commit
- (nix-base32-string->bytevector
- (string-trim-both
- (with-output-to-string
- (lambda ()
- (guix-hash "-rx" ".")))))))
- (location (package-definition-location))
- (old-hash (content-hash-value
- (origin-hash (package-source guix)))))
- (edit-expression location
- (update-definition commit hash
- #:old-hash old-hash
- #:version version)))))
+ (call-with-temporary-git-worktree commit
+ (lambda (tmp-directory)
+ (let* ((hash (nix-base32-string->bytevector
+ (string-trim-both
+ (with-output-to-string
+ (lambda ()
+ (guix-hash "-rx" tmp-directory))))))
+ (location (package-definition-location))
+ (old-hash (content-hash-value
+ (origin-hash (package-source guix)))))
+ (edit-expression location
+ (update-definition commit hash
+ #:old-hash old-hash
+ #:version version))
+ ;; When GUIX_ALLOW_ME_TO_USE_PRIVATE_COMMIT is set, the sources are
+ ;; added to the store. This is used as part of 'make release'.
+ (when (getenv "GUIX_ALLOW_ME_TO_USE_PRIVATE_COMMIT")
+ (with-store store
+ (keep-source-in-store store tmp-directory))))))))
((commit)
;; Automatically deduce the version and revision numbers.
(main commit #f))))
diff --git a/doc/contributing.texi b/doc/contributing.texi
index d3f6325c3f..d8de71055a 100644
--- a/doc/contributing.texi
+++ b/doc/contributing.texi
@@ -1368,11 +1368,6 @@ commit that others can't refer to, a check is made that the commit used
has already been pushed to the Savannah-hosted Guix git repository.
This check can be disabled, @emph{at your own peril}, by setting the
-@code{GUIX_ALLOW_ME_TO_USE_PRIVATE_COMMIT} environment variable.
-
-To build the resulting 'guix' package when using a private commit, the
-following command can be used:
-
-@example
-./pre-inst-env guix build guix --with-git-url=guix=$PWD
-@end example
+@code{GUIX_ALLOW_ME_TO_USE_PRIVATE_COMMIT} environment variable. When
+this variable is set, the updated package source is also added to the
+store. This is used as part of the release process of Guix.
diff --git a/etc/guix-daemon.cil.in b/etc/guix-daemon.cil.in
index e0c9113498..91958b7617 100644
--- a/etc/guix-daemon.cil.in
+++ b/etc/guix-daemon.cil.in
@@ -1,6 +1,8 @@
; -*- lisp -*-
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2018 Ricardo Wurmus <rekado@elephly.net>
+;;; Copyright © 2020 Daniel Brooks <db48x@db48x.net>
+;;; Copyright © 2020 Marius Bakke <marius@gnu.org>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -21,6 +23,18 @@
;; Intermediate Language (CIL). It refers to types that must be defined in
;; the system's base policy.
+;; If you, like me, need advice about fixing an SELinux policy, I recommend
+;; reading https://danwalsh.livejournal.com/55324.html
+
+;; In particular, you can run semanage permissive -a guix_daemon.guix_daemon_t
+;; to allow guix-daemon to do whatever it wants. SELinux will still check its
+;; permissions, and when it doesn't have permission it will still send an
+;; audit message to your system logs. This lets you know what permissions it
+;; ought to have. Use ausearch --raw to find the permissions violations, then
+;; pipe that to audit2allow to generate an updated policy. You'll still need
+;; to translate that policy into CIL in order to update this file, but that's
+;; fairly straight-forward. Annoying, but easy.
+
(block guix_daemon
;; Require existing types
(typeattributeset cil_gen_require init_t)
@@ -34,14 +48,19 @@
(roletype object_r guix_daemon_t)
(type guix_daemon_conf_t)
(roletype object_r guix_daemon_conf_t)
+ (typeattributeset file_type guix_daemon_conf_t)
(type guix_daemon_exec_t)
(roletype object_r guix_daemon_exec_t)
+ (typeattributeset file_type guix_daemon_exec_t)
(type guix_daemon_socket_t)
(roletype object_r guix_daemon_socket_t)
+ (typeattributeset file_type guix_daemon_socket_t)
(type guix_store_content_t)
(roletype object_r guix_store_content_t)
+ (typeattributeset file_type guix_store_content_t)
(type guix_profiles_t)
(roletype object_r guix_profiles_t)
+ (typeattributeset file_type guix_profiles_t)
;; These types are domains, thereby allowing process rules
(typeattributeset domain (guix_daemon_t guix_daemon_exec_t))
@@ -55,6 +74,30 @@
(typetransition guix_store_content_t guix_daemon_exec_t
process guix_daemon_t)
+ (roletype system_r guix_daemon_t)
+
+ ;; allow init_t to read and execute guix files
+ (allow init_t
+ guix_profiles_t
+ (lnk_file (read)))
+ (allow init_t
+ guix_daemon_exec_t
+ (file (execute)))
+ (allow init_t
+ guix_daemon_t
+ (process (transition)))
+ (allow init_t
+ guix_store_content_t
+ (lnk_file (read)))
+ (allow init_t
+ guix_store_content_t
+ (file (open read execute)))
+
+ ;; guix-daemon needs to know the names of users
+ (allow guix_daemon_t
+ passwd_file_t
+ (file (getattr open read)))
+
;; Permit communication with NSCD
(allow guix_daemon_t
nscd_var_run_t
@@ -71,25 +114,44 @@
(allow guix_daemon_t
nscd_t
(unix_stream_socket (connectto)))
+ (allow guix_daemon_t nscd_t
+ (nscd (getgrp gethost getpwd getserv shmemgrp shmemhost shmempwd shmemserv)))
+
+ ;; permit downloading packages via HTTP(s)
+ (allow guix_daemon_t http_port_t
+ (tcp_socket (name_connect)))
+ (allow guix_daemon_t ftp_port_t
+ (tcp_socket (name_connect)))
+ (allow guix_daemon_t ephemeral_port_t
+ (tcp_socket (name_connect)))
;; Permit logging and temp file access
(allow guix_daemon_t
tmp_t
- (lnk_file (setattr unlink)))
+ (lnk_file (create rename setattr unlink)))
+ (allow guix_daemon_t
+ tmp_t
+ (file (link rename create execute execute_no_trans write unlink setattr map relabelto)))
+ (allow guix_daemon_t
+ tmp_t
+ (fifo_file (open read write create getattr ioctl setattr unlink)))
(allow guix_daemon_t
tmp_t
- (dir (create
- rmdir
+ (dir (create rename
+ rmdir relabelto
add_name remove_name
open read write
getattr setattr
search)))
(allow guix_daemon_t
+ tmp_t
+ (sock_file (create getattr setattr unlink write)))
+ (allow guix_daemon_t
var_log_t
(file (create getattr open write)))
(allow guix_daemon_t
var_log_t
- (dir (getattr write add_name)))
+ (dir (getattr create write add_name)))
(allow guix_daemon_t
var_run_t
(lnk_file (read)))
@@ -100,10 +162,10 @@
;; Spawning processes, execute helpers
(allow guix_daemon_t
self
- (process (fork)))
+ (process (fork execmem setrlimit setpgid setsched)))
(allow guix_daemon_t
guix_daemon_exec_t
- (file (execute execute_no_trans read open)))
+ (file (execute execute_no_trans read open entrypoint map)))
;; TODO: unknown
(allow guix_daemon_t
@@ -119,38 +181,51 @@
;; Build isolation
(allow guix_daemon_t
guix_store_content_t
- (file (mounton)))
+ (file (ioctl mounton)))
(allow guix_store_content_t
fs_t
(filesystem (associate)))
(allow guix_daemon_t
guix_store_content_t
- (dir (mounton)))
+ (dir (read mounton)))
(allow guix_daemon_t
guix_daemon_t
(capability (net_admin
fsetid fowner
chown setuid setgid
dac_override dac_read_search
- sys_chroot)))
+ sys_chroot
+ sys_admin)))
(allow guix_daemon_t
fs_t
(filesystem (unmount)))
(allow guix_daemon_t
devpts_t
+ (dir (search)))
+ (allow guix_daemon_t
+ devpts_t
(filesystem (mount)))
(allow guix_daemon_t
devpts_t
- (chr_file (setattr getattr)))
+ (chr_file (ioctl open read write setattr getattr)))
(allow guix_daemon_t
tmpfs_t
- (filesystem (mount)))
+ (filesystem (getattr mount)))
+ (allow guix_daemon_t
+ tmpfs_t
+ (file (create open read unlink write)))
(allow guix_daemon_t
tmpfs_t
- (dir (getattr)))
+ (dir (getattr add_name remove_name write)))
(allow guix_daemon_t
proc_t
- (filesystem (mount)))
+ (file (getattr open read)))
+ (allow guix_daemon_t
+ proc_t
+ (dir (read)))
+ (allow guix_daemon_t
+ proc_t
+ (filesystem (associate mount)))
(allow guix_daemon_t
null_device_t
(chr_file (getattr open read write)))
@@ -179,7 +254,7 @@
search rename
add_name remove_name
open write
- rmdir)))
+ rmdir relabelfrom)))
(allow guix_daemon_t
guix_store_content_t
(file (create
@@ -189,7 +264,7 @@
link unlink
map
rename
- open read write)))
+ open read write relabelfrom)))
(allow guix_daemon_t
guix_store_content_t
(lnk_file (create
@@ -197,17 +272,23 @@
link unlink
read
rename)))
+ (allow guix_daemon_t
+ guix_store_content_t
+ (fifo_file (create getattr open read unlink write)))
+ (allow guix_daemon_t
+ guix_store_content_t
+ (sock_file (create getattr unlink write)))
;; Access to configuration files and directories
(allow guix_daemon_t
guix_daemon_conf_t
- (dir (search
+ (dir (search create
setattr getattr
add_name remove_name
open read write)))
(allow guix_daemon_t
guix_daemon_conf_t
- (file (create
+ (file (create rename
lock
map
getattr setattr
@@ -216,11 +297,17 @@
(allow guix_daemon_t
guix_daemon_conf_t
(lnk_file (create getattr rename unlink)))
+ (allow guix_daemon_t net_conf_t
+ (file (getattr open read)))
+ (allow guix_daemon_t net_conf_t
+ (lnk_file (read)))
+ (allow guix_daemon_t NetworkManager_var_run_t
+ (dir (search)))
;; Access to profiles
(allow guix_daemon_t
guix_profiles_t
- (dir (getattr setattr read open)))
+ (dir (search getattr setattr read write open create add_name)))
(allow guix_daemon_t
guix_profiles_t
(lnk_file (read getattr)))
@@ -233,9 +320,23 @@
(allow guix_daemon_t
user_home_t
(dir (search)))
+ (allow guix_daemon_t
+ cache_home_t
+ (dir (search)))
+
+ ;; self upgrades
+ (allow guix_daemon_t
+ self
+ (dir (add_name write)))
+ (allow guix_daemon_t
+ self
+ (netlink_route_socket (bind create getattr nlmsg_read read write)))
;; Socket operations
(allow guix_daemon_t
+ guix_daemon_socket_t
+ (sock_file (unlink)))
+ (allow guix_daemon_t
init_t
(fd (use)))
(allow guix_daemon_t
@@ -255,10 +356,51 @@
getopt setopt)))
(allow guix_daemon_t
self
+ (tcp_socket (accept listen bind connect create setopt getopt getattr ioctl read write shutdown)))
+ (allow guix_daemon_t
+ unreserved_port_t
+ (tcp_socket (name_bind name_connect accept listen)))
+ (allow guix_daemon_t
+ self
+ (udp_socket (connect getattr bind getopt setopt)))
+ (allow guix_daemon_t
+ self
(fifo_file (write read)))
(allow guix_daemon_t
self
(udp_socket (ioctl create)))
+ (allow guix_daemon_t
+ self
+ (unix_stream_socket (connectto)))
+
+ (allow guix_daemon_t
+ node_t
+ (tcp_socket (node_bind)))
+ (allow guix_daemon_t
+ node_t
+ (udp_socket (node_bind)))
+ (allow guix_daemon_t
+ port_t
+ (tcp_socket (name_connect)))
+ (allow guix_daemon_t
+ rtp_media_port_t
+ (udp_socket (name_bind)))
+ (allow guix_daemon_t
+ vnc_port_t
+ (tcp_socket (name_bind)))
+
+ ;; I guess sometimes it needs random numbers
+ (allow guix_daemon_t
+ random_device_t
+ (chr_file (read)))
+
+ ;; guix system vm
+ (allow guix_daemon_t
+ kvm_device_t
+ (chr_file (ioctl open read write)))
+ (allow guix_daemon_t
+ kernel_t
+ (system (ipc_info)))
;; Label file system
(filecon "@guix_sysconfdir@/guix(/.*)?"
@@ -277,5 +419,7 @@
file (system_u object_r guix_daemon_exec_t (low low)))
(filecon "@storedir@/.+-(guix-.+|profile)/bin/guix-daemon"
file (system_u object_r guix_daemon_exec_t (low low)))
+ (filecon "@storedir@/[a-z0-9]+-guix-daemon"
+ file (system_u object_r guix_daemon_exec_t (low low)))
(filecon "@guix_localstatedir@/guix/daemon-socket/socket"
any (system_u object_r guix_daemon_socket_t (low low))))
diff --git a/gnu/local.mk b/gnu/local.mk
index d4d10bc32b..217c05eab6 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1054,6 +1054,7 @@ dist_patch_DATA = \
%D%/packages/patches/ghostscript-no-header-id.patch \
%D%/packages/patches/ghostscript-no-header-uuid.patch \
%D%/packages/patches/ghostscript-no-header-creationdate.patch \
+ %D%/packages/patches/glib-appinfo-watch.patch \
%D%/packages/patches/glib-tests-timer.patch \
%D%/packages/patches/glibc-CVE-2018-11236.patch \
%D%/packages/patches/glibc-CVE-2018-11237.patch \
diff --git a/gnu/packages/glib.scm b/gnu/packages/glib.scm
index 901222476a..43523e516d 100644
--- a/gnu/packages/glib.scm
+++ b/gnu/packages/glib.scm
@@ -181,6 +181,7 @@ shared NFS home directories.")
(package
(name "glib")
(version "2.62.6")
+ (replacement glib-with-gio-patch)
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnome/sources/"
@@ -387,11 +388,20 @@ dynamic loading, and an object system.")
(home-page "https://developer.gnome.org/glib/")
(license license:lgpl2.1+)))
+(define glib-with-gio-patch
+ ;; GLib with a fix for <https://bugs.gnu.org/35594>.
+ ;; TODO: Fold into 'glib' above in the next rebuild cycle.
+ (package
+ (inherit glib)
+ (source (origin
+ (inherit (package-source glib))
+ (patches (cons (search-patch "glib-appinfo-watch.patch")
+ (origin-patches (package-source glib))))))))
+
(define-public glib-with-documentation
;; glib's doc must be built in a separate package since it requires gtk-doc,
;; which in turn depends on glib.
- (package
- (inherit glib)
+ (package/inherit glib
(properties (alist-delete 'hidden? (package-properties glib)))
(outputs (cons "doc" (package-outputs glib))) ; 20 MiB of GTK-Doc reference
(native-inputs
diff --git a/gnu/packages/package-management.scm b/gnu/packages/package-management.scm
index 4a7a15c378..6075df6afa 100644
--- a/gnu/packages/package-management.scm
+++ b/gnu/packages/package-management.scm
@@ -130,9 +130,9 @@
;; Latest version of Guix, which may or may not correspond to a release.
;; Note: the 'update-guix-package.scm' script expects this definition to
;; start precisely like this.
- (let ((version "1.1.0")
- (commit "5e7cf66fb35780f930ad0bc5fe21ac330df4411d")
- (revision 32))
+ (let ((version "1.2.0rc1")
+ (commit "3ba6ffd0dd092ae879d014e4971989f231eaa56d")
+ (revision 1))
(package
(name "guix")
@@ -148,7 +148,7 @@
(commit commit)))
(sha256
(base32
- "15clfjp845gvl0p6qw0b1gdibqfq20zwzr6dbxvq8l9fgzj1kb6b"))
+ "1wa67gdipmzqr400hp0cw5ih0rlfvj345h65rqbk9s4g3bkg38hm"))
(file-name (string-append "guix-" version "-checkout"))))
(build-system gnu-build-system)
(arguments
@@ -336,7 +336,13 @@ $(prefix)/etc/init.d\n")))
(let ((bash (assoc-ref inputs "bash")))
(substitute* (string-append out "/bin/guix")
(("^#!.*/bash") (string-append "#! " bash "/bin/bash")))))
- #t))))))
+ #t)))
+
+ ;; The 'guix' executable has 'OUT/libexec/guix/guile' has
+ ;; its shebang; that should remain unchanged, thus remove
+ ;; the 'patch-shebangs' phase, which would otherwise
+ ;; change it to 'GUILE/bin/guile'.
+ (delete 'patch-shebangs))))
(native-inputs `(("pkg-config" ,pkg-config)
;; Guile libraries are needed here for
diff --git a/gnu/packages/patches/glib-appinfo-watch.patch b/gnu/packages/patches/glib-appinfo-watch.patch
new file mode 100644
index 0000000000..638a5e0949
--- /dev/null
+++ b/gnu/packages/patches/glib-appinfo-watch.patch
@@ -0,0 +1,92 @@
+This patch lets GLib's GDesktopAppInfo API watch and notice changes
+to the Guix user and system profiles. That way, the list of available
+applications shown by the desktop environment is immediately updated
+when the user runs "guix install", "guix remove", or "guix system
+reconfigure" (see <https://issues.guix.gnu.org/35594>).
+
+It does so by monitoring /var/guix/profiles (for changes to the system
+profile) and /var/guix/profiles/per-user/USER (for changes to the user
+profile) and crawling their share/applications sub-directory when
+changes happen.
+
+diff --git a/gio/gdesktopappinfo.c b/gio/gdesktopappinfo.c
+index f1e2fdd..095c110 100644
+--- a/gio/gdesktopappinfo.c
++++ b/gio/gdesktopappinfo.c
+@@ -148,6 +148,7 @@ typedef struct
+ gchar *alternatively_watching;
+ gboolean is_config;
+ gboolean is_setup;
++ gchar *guix_profile_watch_dir;
+ GFileMonitor *monitor;
+ GHashTable *app_names;
+ GHashTable *mime_tweaks;
+@@ -180,6 +181,7 @@ desktop_file_dir_unref (DesktopFileDir *dir)
+ {
+ desktop_file_dir_reset (dir);
+ g_free (dir->path);
++ g_free (dir->guix_profile_watch_dir);
+ g_free (dir);
+ }
+ }
+@@ -204,6 +206,13 @@ desktop_file_dir_get_alternative_dir (DesktopFileDir *dir)
+ {
+ gchar *parent;
+
++ /* If DIR is a profile, watch the specified directory--e.g.,
++ * /var/guix/profiles/per-user/$USER/ for the user profile. Do not watch
++ * ~/.guix-profile or /run/current-system/profile because GFileMonitor does
++ * not pass IN_DONT_FOLLOW and thus cannot notice any change. */
++ if (dir->guix_profile_watch_dir != NULL)
++ return g_strdup (dir->guix_profile_watch_dir);
++
+ /* If the directory itself exists then we need no alternative. */
+ if (g_access (dir->path, R_OK | X_OK) == 0)
+ return NULL;
+@@ -249,11 +258,11 @@ desktop_file_dir_changed (GFileMonitor *monitor,
+ *
+ * If this is a notification for a parent directory (because the
+ * desktop directory didn't exist) then we shouldn't fire the signal
+- * unless something actually changed.
++ * unless something actually changed or it's in /var/guix/profiles.
+ */
+ g_mutex_lock (&desktop_file_dir_lock);
+
+- if (dir->alternatively_watching)
++ if (dir->alternatively_watching && dir->guix_profile_watch_dir == NULL)
+ {
+ gchar *alternative_dir;
+
+@@ -1555,6 +1564,32 @@ desktop_file_dirs_lock (void)
+ for (i = 0; dirs[i]; i++)
+ g_ptr_array_add (desktop_file_dirs, desktop_file_dir_new (dirs[i]));
+
++ {
++ /* Monitor the system and user profile under /var/guix/profiles and
++ * treat modifications to them as if they were modifications to their
++ * /share sub-directory. */
++ const gchar *user;
++ DesktopFileDir *system_profile_dir, *user_profile_dir;
++
++ system_profile_dir =
++ desktop_file_dir_new ("/var/guix/profiles/system/profile/share");
++ system_profile_dir->guix_profile_watch_dir = g_strdup ("/var/guix/profiles");
++ g_ptr_array_add (desktop_file_dirs, desktop_file_dir_ref (system_profile_dir));
++
++ user = g_get_user_name ();
++ if (user != NULL)
++ {
++ gchar *profile_dir, *user_data_dir;
++
++ profile_dir = g_build_filename ("/var/guix/profiles/per-user", user, NULL);
++ user_data_dir = g_build_filename (profile_dir, "guix-profile", "share", NULL);
++ user_profile_dir = desktop_file_dir_new (user_data_dir);
++ user_profile_dir->guix_profile_watch_dir = profile_dir;
++ g_ptr_array_add (desktop_file_dirs, desktop_file_dir_ref (user_profile_dir));
++ g_free (user_data_dir);
++ }
++ }
++
+ /* The list of directories will never change after this, unless
+ * g_get_user_config_dir() changes due to %G_TEST_OPTION_ISOLATE_DIRS. */
+ desktop_file_dirs_config_dir = user_config_dir;
diff --git a/gnu/packages/python-web.scm b/gnu/packages/python-web.scm
index 6e1720376f..504d9a112a 100644
--- a/gnu/packages/python-web.scm
+++ b/gnu/packages/python-web.scm
@@ -26,7 +26,7 @@
;;; Copyright © 2018 Tomáš Čech <sleep_walker@gnu.org>
;;; Copyright © 2018, 2019 Nicolas Goaziou <mail@nicolasgoaziou.fr>
;;; Copyright © 2018 Mathieu Othacehe <m.othacehe@gmail.com>
-;;; Copyright © 2018 Maxim Cournoyer <maxim.cournoyer@gmail.com>
+;;; Copyright © 2018, 2020 Maxim Cournoyer <maxim.cournoyer@gmail.com>
;;; Copyright © 2019 Vagrant Cascadian <vagrant@debian.org>
;;; Copyright © 2019 Brendan Tildesley <mail@brendan.scot>
;;; Copyright © 2019 Pierre Langlois <pierre.langlois@gmx.com>
@@ -2893,21 +2893,30 @@ pretty printer and a tree visitor.")
(name "python-flask-basicauth")
(version "0.2.0")
(source
- (origin
- (method url-fetch)
- (uri (pypi-uri "Flask-BasicAuth" version))
- (sha256
- (base32
- "1zq1spkjr4sjdnalpp8wl242kdqyk6fhbnhr8hi4r4f0km4bspnz"))))
+ (origin
+ (method url-fetch)
+ (uri (pypi-uri "Flask-BasicAuth" version))
+ (sha256
+ (base32
+ "1zq1spkjr4sjdnalpp8wl242kdqyk6fhbnhr8hi4r4f0km4bspnz"))))
(build-system python-build-system)
+ (arguments
+ `(#:phases (modify-phases %standard-phases
+ (add-after 'unpack 'fix-imports
+ (lambda _
+ (substitute* '("docs/index.rst"
+ "docs/conf.py"
+ "flask_basicauth.py"
+ "test_basicauth.py")
+ (("flask\\.ext\\.basicauth")
+ "flask_basicauth"))
+ #t)))))
(propagated-inputs
`(("python-flask" ,python-flask)))
- (home-page
- "https://github.com/jpvanhal/flask-basicauth")
- (synopsis
- "HTTP basic access authentication for Flask")
+ (home-page "https://github.com/jpvanhal/flask-basicauth")
+ (synopsis "HTTP basic access authentication for Flask")
(description
- "This package provides HTTP basic access authentication for Flask.")
+ "This package provides HTTP basic access authentication for Flask.")
(license license:bsd-3)))
(define-public python-flask-htpasswd
diff --git a/gnu/services/base.scm b/gnu/services/base.scm
index 416bc02a96..e6341e3cd9 100644
--- a/gnu/services/base.scm
+++ b/gnu/services/base.scm
@@ -106,6 +106,12 @@
agetty-service-type
mingetty-configuration
+ mingetty-configuration-tty
+ mingetty-configuration-auto-login
+ mingetty-configuration-login-program
+ mingetty-configuration-login-pause?
+ mingetty-configuration-clear-on-logout?
+ mingetty-configuration-mingetty
mingetty-configuration?
mingetty-service
mingetty-service-type
@@ -285,8 +291,19 @@ This service must be the root of the service dependency graph so that its
(define (file-system->shepherd-service-name file-system)
"Return the symbol that denotes the service mounting and unmounting
FILE-SYSTEM."
- (symbol-append 'file-system-
- (string->symbol (file-system-mount-point file-system))))
+ (define valid-characters
+ ;; Valid store characters; see 'checkStoreName' in the daemon.
+ (string->char-set
+ "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz+-._?="))
+
+ (define mount-point
+ (string-map (lambda (chr)
+ (if (char-set-contains? valid-characters chr)
+ chr
+ #\-))
+ (file-system-mount-point file-system)))
+
+ (symbol-append 'file-system- (string->symbol mount-point)))
(define (mapped-device->shepherd-service-name md)
"Return the symbol that denotes the shepherd service of MD, a <mapped-device>."
diff --git a/guix/scripts/build.scm b/guix/scripts/build.scm
index e9de97c881..cc020632af 100644
--- a/guix/scripts/build.scm
+++ b/guix/scripts/build.scm
@@ -51,7 +51,9 @@
#:use-module ((guix progress) #:select (current-terminal-columns))
#:use-module ((guix build syscalls) #:select (terminal-columns))
#:use-module (guix transformations)
- #:export (%standard-build-options
+ #:export (log-url
+
+ %standard-build-options
set-build-options-from-command-line
set-build-options-from-command-line*
show-build-options-help
diff --git a/guix/scripts/pack.scm b/guix/scripts/pack.scm
index 06509ace2d..0b29997200 100644
--- a/guix/scripts/pack.scm
+++ b/guix/scripts/pack.scm
@@ -59,11 +59,16 @@
#:use-module (srfi srfi-37)
#:use-module (ice-9 match)
#:export (compressor?
+ compressor-name
+ compressor-extenstion
+ compressor-command
+ %compressors
lookup-compressor
self-contained-tarball
docker-image
squashfs-image
+ %formats
guix-pack))
;; Type of a compression tool.
diff --git a/guix/scripts/publish.scm b/guix/scripts/publish.scm
index a976a9ac60..f1a9970a7f 100644
--- a/guix/scripts/publish.scm
+++ b/guix/scripts/publish.scm
@@ -2,6 +2,7 @@
;;; Copyright © 2015 David Thompson <davet@gnu.org>
;;; Copyright © 2020 by Amar M. Singh <nly@disroot.org>
;;; Copyright © 2015, 2016, 2017, 2018, 2019, 2020 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2020 Maxim Cournoyer <maxim.cournoyer@gmail.com>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -250,6 +251,21 @@ usage."
("WantMassQuery" . 0)
("Priority" . 100)))
+;;; A common buffer size value used for the TCP socket SO_SNDBUF option and
+;;; the gzip compressor buffer size.
+(define %default-buffer-size
+ (* 208 1024))
+
+(define %default-socket-options
+ ;; List of options passed to 'setsockopt' when transmitting files.
+ (list (list SO_SNDBUF %default-buffer-size)))
+
+(define* (configure-socket socket #:key (level SOL_SOCKET)
+ (options %default-socket-options))
+ "Apply multiple option tuples in OPTIONS to SOCKET, using LEVEL."
+ (for-each (cut apply setsockopt socket level <>)
+ options))
+
(define (signed-string s)
"Sign the hash of the string S with the daemon's key. Return a canonical
sexp for the signature."
@@ -569,7 +585,7 @@ requested using POOL."
(lambda (port)
(write-file item port))
#:level (compression-level compression)
- #:buffer-size (* 128 1024))
+ #:buffer-size %default-buffer-size)
(rename-file (string-append nar ".tmp") nar))
('lzip
;; Note: the file port gets closed along with the lzip port.
@@ -866,7 +882,7 @@ or if EOF is reached."
;; 'make-gzip-output-port' wants a file port.
(make-gzip-output-port (response-port response)
#:level level
- #:buffer-size (* 64 1024)))
+ #:buffer-size %default-buffer-size))
(($ <compression> 'lzip level)
(make-lzip-output-port (response-port response)
#:level level))
@@ -891,8 +907,7 @@ blocking."
client))
(port (begin
(force-output client)
- (setsockopt client SOL_SOCKET
- SO_SNDBUF (* 128 1024))
+ (configure-socket client)
(nar-response-port response compression))))
;; XXX: Given our ugly workaround for <http://bugs.gnu.org/21093> in
;; 'render-nar', BODY here is just the file name of the store item.
@@ -922,7 +937,7 @@ blocking."
size)
client))
(output (response-port response)))
- (setsockopt client SOL_SOCKET SO_SNDBUF (* 128 1024))
+ (configure-socket client)
(if (file-port? output)
(sendfile output input size)
(dump-port input output))
@@ -1067,7 +1082,8 @@ methods, return the applicable compression."
(define (open-server-socket address)
"Return a TCP socket bound to ADDRESS, a socket address."
(let ((sock (socket (sockaddr:fam address) SOCK_STREAM 0)))
- (setsockopt sock SOL_SOCKET SO_REUSEADDR 1)
+ (configure-socket sock #:options (cons (list SO_REUSEADDR 1)
+ %default-socket-options))
(bind sock address)
sock))
diff --git a/guix/scripts/pull.scm b/guix/scripts/pull.scm
index bb1b560a22..7fd8b3f1a4 100644
--- a/guix/scripts/pull.scm
+++ b/guix/scripts/pull.scm
@@ -385,7 +385,7 @@ previous generation. Return true if there are news to display."
(and=> (relative-generation profile -1)
(cut generation-file-name profile <>)))
- (when previous
+ (and previous
(let ((old-channels (profile-channels previous))
(new-channels (profile-channels profile)))
;; Find the channels present in both PROFILE and PREVIOUS, and print
diff --git a/guix/self.scm b/guix/self.scm
index bbfd2f1b95..026dcd9c1a 100644
--- a/guix/self.scm
+++ b/guix/self.scm
@@ -400,6 +400,12 @@ a list of extra files, such as '(\"contributing\")."
(find-files directory
"\\.[a-z]{2}(_[A-Z]{2})?\\.po$")))
+ (define parallel-jobs
+ ;; Limit thread creation by 'n-par-for-each'. Going beyond can
+ ;; lead libgc 8.0.4 to abort with:
+ ;; mmap(PROT_NONE) failed
+ (min (parallel-job-count) 4))
+
(mkdir #$output)
(copy-recursively #$documentation "."
#:log (%make-void-port "w"))
@@ -415,14 +421,14 @@ a list of extra files, such as '(\"contributing\")."
(setenv "LC_ALL" "en_US.UTF-8")
(setlocale LC_ALL "en_US.UTF-8")
- (n-par-for-each (parallel-job-count)
+ (n-par-for-each parallel-jobs
(match-lambda
((language . po)
(translate-texi "guix" po language
#:extras '("contributing"))))
(available-translations "." "guix-manual"))
- (n-par-for-each (parallel-job-count)
+ (n-par-for-each parallel-jobs
(match-lambda
((language . po)
(translate-texi "guix-cookbook" po language)))
diff --git a/tests/build-utils.scm b/tests/build-utils.scm
index 47a57a984b..654b480ed9 100644
--- a/tests/build-utils.scm
+++ b/tests/build-utils.scm
@@ -1,5 +1,5 @@
;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2012, 2015, 2016, 2019 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2012, 2015, 2016, 2019, 2020 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2019 Ricardo Wurmus <rekado@elephly.net>
;;;
;;; This file is part of GNU Guix.
@@ -174,7 +174,7 @@ echo hello world"))
(let ((script-file-name (string-append directory "/foo")))
(call-with-output-file script-file-name
(lambda (port)
- (format port script-contents)))
+ (display script-contents port)))
(chmod script-file-name #o777)
(wrap-script script-file-name
`("GUIX_FOO" prefix ("/some/path"