diff options
Diffstat (limited to 'etc')
| -rwxr-xr-x | etc/committer.scm.in | 25 | ||||
| -rwxr-xr-x | etc/git/post-merge | 3 | ||||
| -rwxr-xr-x | etc/git/pre-push | 4 | ||||
| -rw-r--r-- | etc/guix-daemon.conf.in | 2 | ||||
| -rw-r--r-- | etc/guix-daemon.service.in | 3 | ||||
| -rwxr-xr-x | etc/guix-install.sh | 81 | ||||
| -rw-r--r-- | etc/init.d/guix-daemon.in | 4 | ||||
| -rw-r--r-- | etc/manifests/disarchive.scm (renamed from etc/disarchive-manifest.scm) | 2 | ||||
| -rw-r--r-- | etc/manifests/hurd.scm (renamed from etc/hurd-manifest.scm) | 0 | ||||
| -rw-r--r-- | etc/manifests/kernels.scm (renamed from etc/kernels-manifest.scm) | 0 | ||||
| -rw-r--r-- | etc/manifests/release.scm (renamed from etc/release-manifest.scm) | 12 | ||||
| -rw-r--r-- | etc/manifests/source.scm (renamed from etc/source-manifest.scm) | 13 | ||||
| -rw-r--r-- | etc/manifests/system-tests.scm (renamed from etc/system-tests.scm) | 0 | ||||
| -rw-r--r-- | etc/manifests/time-travel.scm (renamed from etc/time-travel-manifest.scm) | 0 | ||||
| -rw-r--r-- | etc/manifests/ungraft.scm | 49 | ||||
| -rw-r--r-- | etc/manifests/upgrade.scm | 140 | ||||
| -rw-r--r-- | etc/news.scm | 495 | ||||
| -rw-r--r-- | etc/snippets/tempel/scheme-mode.eld (renamed from etc/snippets/tempel/scheme-mode) | 2 | ||||
| -rw-r--r-- | etc/snippets/tempel/text-mode.eld (renamed from etc/snippets/tempel/text-mode) | 2 | ||||
| -rwxr-xr-x | etc/teams.scm | 90 | ||||
| -rw-r--r-- | etc/teams/rust/rusty-packages.scm | 46 |
21 files changed, 908 insertions, 65 deletions
diff --git a/etc/committer.scm.in b/etc/committer.scm.in index 0705b29fd9..9b128c8f1e 100755 --- a/etc/committer.scm.in +++ b/etc/committer.scm.in @@ -3,7 +3,7 @@ !# ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2020, 2021 Ricardo Wurmus <rekado@elephly.net> +;;; Copyright © 2020, 2021, 2022, 2023 Ricardo Wurmus <rekado@elephly.net> ;;; Copyright © 2021 Sarah Morgensen <iskarian@mgsn.dev> ;;; Copyright © 2021 Xinglu Chen <public@yoctocell.xyz> ;;; Copyright © 2022 Maxim Cournoyer <maxim.cournoyer@gmail.com> @@ -255,10 +255,18 @@ corresponding to the top-level definition containing the staged changes." (define* (change-commit-message file-name old new #:optional (port (current-output-port))) "Print ChangeLog commit message for changes between OLD and NEW." (define (get-values expr field) - (match ((xpath:sxpath `(// ,field quasiquote *)) expr) + (match ((xpath:node-or + (xpath:sxpath `(*any* *any* package ,field quasiquote *)) + ;; For let binding + (xpath:sxpath `(*any* *any* (*any*) package ,field quasiquote *))) + (cons '*TOP* expr)) (() ;; New-style plain lists - (match ((xpath:sxpath `(// ,field list *)) expr) + (match ((xpath:node-or + (xpath:sxpath `(*any* *any* package ,field list *)) + ;; For let binding + (xpath:sxpath `(*any* *any* (*any*) package ,field list *))) + (cons '*TOP* expr)) ((inner) inner) (_ '()))) ;; Old-style labelled inputs @@ -275,7 +283,11 @@ corresponding to the top-level definition containing the staged changes." (define variable-name (second old)) (define version - (and=> ((xpath:sxpath '(// version *any*)) new) + (and=> ((xpath:node-or + (xpath:sxpath '(*any* *any* package version *any*)) + ;; For let binding + (xpath:sxpath '(*any* *any* (*any*) package version *any*))) + (cons '*TOP* new)) first)) (format port "gnu: ~a: Update to ~a.~%~%* ~a (~a): Update to ~a.~%" @@ -289,8 +301,9 @@ corresponding to the top-level definition containing the staged changes." (format port "[~a]: ~a~%" field (break-string - (match (list (map symbol->string removed) - (map symbol->string added)) + ;; A dependency can be a list of (pkg output). + (match (list (map object->string removed) + (map object->string added)) ((() added) (format #f "Add ~a." (listify added))) diff --git a/etc/git/post-merge b/etc/git/post-merge new file mode 100755 index 0000000000..f2ad37d35c --- /dev/null +++ b/etc/git/post-merge @@ -0,0 +1,3 @@ +#!/bin/sh +# Authenticate the repo upon 'git pull' and similar. +exec guix git authenticate diff --git a/etc/git/pre-push b/etc/git/pre-push index 59671b0d58..325b23854b 100755 --- a/etc/git/pre-push +++ b/etc/git/pre-push @@ -32,7 +32,9 @@ do # Only use the hook when pushing to Savannah. case "$2" in *.gnu.org*) - exec make authenticate check-channel-news + set -e + make check-channel-news + exec guix git authenticate exit 127 ;; *) diff --git a/etc/guix-daemon.conf.in b/etc/guix-daemon.conf.in index fb681d1f80..aa368d6272 100644 --- a/etc/guix-daemon.conf.in +++ b/etc/guix-daemon.conf.in @@ -7,4 +7,4 @@ start on runlevel [2345] stop on runlevel [016] -exec @localstatedir@/guix/profiles/per-user/root/current-guix/bin/guix-daemon --build-users-group=guixbuild --discover=no +exec @localstatedir@/guix/profiles/per-user/root/current-guix/bin/guix-daemon --build-users-group=guixbuild --discover=no --substitute-urls='@GUIX_SUBSTITUTE_URLS@' diff --git a/etc/guix-daemon.service.in b/etc/guix-daemon.service.in index 5e75379b5e..5c43d9b7f1 100644 --- a/etc/guix-daemon.service.in +++ b/etc/guix-daemon.service.in @@ -7,7 +7,8 @@ Description=Build daemon for GNU Guix [Service] ExecStart=@localstatedir@/guix/profiles/per-user/root/current-guix/bin/guix-daemon \ - --build-users-group=guixbuild --discover=no + --build-users-group=guixbuild --discover=no \ + --substitute-urls='@GUIX_SUBSTITUTE_URLS@' Environment='GUIX_LOCPATH=@localstatedir@/guix/profiles/per-user/root/guix-profile/lib/locale' LC_ALL=en_US.utf8 StandardOutput=journal StandardError=journal diff --git a/etc/guix-install.sh b/etc/guix-install.sh index 72b456ee7a..f07b2741bb 100755 --- a/etc/guix-install.sh +++ b/etc/guix-install.sh @@ -14,6 +14,8 @@ # Copyright © 2023 Andrew Tropin <andrew@trop.in> # Copyright © 2020 David A. Redick <david.a.redick@gmail.com> # Copyright © 2024 Janneke Nieuwenhuizen <janneke@gnu.org> +# Copyright © 2024 Tomas Volf <~@wolfsden.cz> +# Copyright © 2024 Richard Sent <richard@freakingpenguin.com> # # This file is part of GNU Guix. # @@ -80,6 +82,12 @@ REQUIRE=( "xz" ) +# Add variables using form FOO_INIT_REQUIRE when init system FOO dependencies +# should be checked. +SYSV_INIT_REQUIRE=( + "daemonize" +) + PAS=$'[ \033[32;1mPASS\033[0m ] ' ERR=$'[ \033[31;1mFAIL\033[0m ] ' WAR=$'[ \033[33;1mWARN\033[0m ] ' @@ -147,6 +155,18 @@ chk_require() _msg "${PAS}verification of required commands completed" } +add_init_sys_require() +{ # Add the elements of FOO_INIT_SYS to REQUIRE + local init_require="${INIT_SYS}_REQUIRE[@]" + if [[ ! -z "$init_require" ]]; then + # Have to add piecemeal because ${!foo[@]} performs direct array key + # expansion, not indirect plain array expansion. + for r in "${!init_require}"; do + REQUIRE+=("$r") + done + fi +} + chk_gpg_keyring() { # Check whether the Guix release signing public key is present. _debug "--- [ ${FUNCNAME[0]} ] ---" @@ -216,7 +236,7 @@ chk_init_sys() _msg "${INF}init system is: sysv-init" INIT_SYS="sysv-init" return 0 - elif [[ $(openrc --version 2>/dev/null) =~ \(OpenRC\) ]]; then + elif [[ $(openrc --version 2>/dev/null) =~ \(OpenRC ]]; then _msg "${INF}init system is: OpenRC" INIT_SYS="openrc" return 0 @@ -390,8 +410,8 @@ sys_delete_store() _msg "${INF}removing /gnu" rm -rf /gnu - _msg "${INF}removing ${ROOT_HOME}/.config/guix" - rm -rf ${ROOT_HOME}/.config/guix + _msg "${INF}removing ~root/.config/guix" + rm -rf ~root/.config/guix } sys_create_build_user() @@ -431,11 +451,15 @@ sys_create_build_user() sys_delete_build_user() { for i in $(seq -w 1 10); do - userdel -f guixbuilder${i} + if id -u "guixbuilder${i}" &>/dev/null; then + userdel -f guixbuilder${i} + fi done _msg "${INF}delete group guixbuild" - groupdel -f guixbuild + if getent group guixbuild &>/dev/null; then + groupdel -f guixbuild + fi } sys_enable_guix_daemon() @@ -549,14 +573,16 @@ sys_delete_guix_daemon() ;; systemd) - _msg "${INF}disabling guix-daemon" - systemctl disable guix-daemon - _msg "${INF}stopping guix-daemon" - systemctl stop guix-daemon - _msg "${INF}removing guix-daemon" - rm -f /etc/systemd/system/guix-daemon.service + if [ -f /etc/systemd/system/guix-daemon.service ]; then + _msg "${INF}disabling guix-daemon" + systemctl disable guix-daemon + _msg "${INF}stopping guix-daemon" + systemctl stop guix-daemon + _msg "${INF}removing guix-daemon" + rm -f /etc/systemd/system/guix-daemon.service + fi - if [ -x /etc/systemd/system/gnu-store.mount ]; then + if [ -f /etc/systemd/system/gnu-store.mount ]; then _msg "${INF}disabling gnu-store.mount" systemctl disable gnu-store.mount _msg "${INF}stopping gnu-store.mount" @@ -574,7 +600,7 @@ sys_delete_guix_daemon() ;; NA|*) _msg "${ERR}unsupported init system; disable, stop and remove the daemon manually:" - echo " ${ROOT_HOME}/.config/guix/current/bin/guix-daemon --build-users-group=guixbuild" + echo " ~root/.config/guix/current/bin/guix-daemon --build-users-group=guixbuild" ;; esac @@ -613,6 +639,7 @@ sys_create_init_profile() cat <<"EOF" > /etc/profile.d/zzz-guix.sh # Explicitly initialize XDG base directory variables to ease compatibility # with Guix System: see <https://issues.guix.gnu.org/56050#3>. +export XCURSOR_PATH="${XCURSOR_PATH:-/usr/local/share/icons:/usr/share/icons}" export XDG_DATA_HOME="${XDG_DATA_HOME:-$HOME/.local/share}" export XDG_CONFIG_HOME="${XDG_CONFIG_HOME:-$HOME/.config}" export XDG_STATE_HOME="${XDG_STATE_HOME:-$HOME/.local/state}" @@ -624,22 +651,23 @@ export XDG_CACHE_HOME="${XDG_CACHE_HOME:-$HOME/.cache}" # _GUIX_PROFILE: `guix pull` profile _GUIX_PROFILE="$HOME/.config/guix/current" export PATH="$_GUIX_PROFILE/bin${PATH:+:}$PATH" -# Export INFOPATH so that the updated info pages can be found -# and read by both /usr/bin/info and/or $GUIX_PROFILE/bin/info -# When INFOPATH is unset, add a trailing colon so that Emacs -# searches 'Info-default-directory-list'. -export INFOPATH="$_GUIX_PROFILE/share/info:$INFOPATH" # GUIX_PROFILE: User's default profile and home profile GUIX_PROFILE="$HOME/.guix-profile" [ -f "$GUIX_PROFILE/etc/profile" ] && . "$GUIX_PROFILE/etc/profile" -[ -L "$GUIX_PROFILE" ] || \ -GUIX_LOCPATH="$GUIX_PROFILE/lib/locale:${GUIX_LOCPATH:+:}$GUIX_LOCPATH" +[ -L "$GUIX_PROFILE" ] && \ +GUIX_LOCPATH="$GUIX_PROFILE/lib/locale${GUIX_LOCPATH:+:}$GUIX_LOCPATH" + +# Export INFOPATH so that the updated info pages can be found +# and read by both /usr/bin/info and/or $GUIX_PROFILE/bin/info +# When INFOPATH is unset, add a trailing colon so that Emacs +# searches 'Info-default-directory-list'. +export INFOPATH="$_GUIX_PROFILE/share/info:$GUIX_PROFILE/share/info:$INFOPATH" GUIX_PROFILE="$HOME/.guix-home/profile" [ -f "$GUIX_PROFILE/etc/profile" ] && . "$GUIX_PROFILE/etc/profile" -[ -L "$GUIX_PROFILE" ] || \ -GUIX_LOCPATH="$GUIX_PROFILE/lib/locale:${GUIX_LOCPATH:+:}$GUIX_LOCPATH" +[ -L "$GUIX_PROFILE" ] && \ +GUIX_LOCPATH="$GUIX_PROFILE/lib/locale${GUIX_LOCPATH:+:}$GUIX_LOCPATH" export GUIX_LOCPATH @@ -721,9 +749,9 @@ sys_delete_init_profile() sys_delete_user_profiles() { - _msg "${INF}removing ${ROOT_HOME}/.guix-profile" - rm -f ${ROOT_HOME}/.guix-profile - rm -rf ${ROOT_HOME}/.cache/guix + _msg "${INF}removing ~root/.guix-profile" + rm -f ~root/.guix-profile + rm -rf ~root/.cache/guix _msg "${INF}removing .guix-profile, .cache/guix and .config/guix of all /home users" for user in `ls -1 /home`; do @@ -791,9 +819,10 @@ main_install() _msg "Starting installation ($(date))" chk_term + chk_init_sys + add_init_sys_require chk_require "${REQUIRE[@]}" chk_gpg_keyring - chk_init_sys chk_sys_arch chk_sys_nscd diff --git a/etc/init.d/guix-daemon.in b/etc/init.d/guix-daemon.in index b7d4bb72bb..913210a543 100644 --- a/etc/init.d/guix-daemon.in +++ b/etc/init.d/guix-daemon.in @@ -36,7 +36,9 @@ start) -E LC_ALL=en_US.utf8 \ -p "/var/run/guix-daemon.pid" \ @localstatedir@/guix/profiles/per-user/root/current-guix/bin/guix-daemon \ - --build-users-group=guixbuild --discover=no + --build-users-group=guixbuild --discover=no \ + --substitute-urls='@GUIX_SUBSTITUTE_URLS@' + fi ;; stop) diff --git a/etc/disarchive-manifest.scm b/etc/manifests/disarchive.scm index 3dbfa356df..a7f71414b6 100644 --- a/etc/disarchive-manifest.scm +++ b/etc/manifests/disarchive.scm @@ -24,7 +24,7 @@ (guix base16) (gnu packages)) -(include "source-manifest.scm") +(include "source.scm") (define (tarball-origin? origin) (match (origin-actual-file-name origin) diff --git a/etc/hurd-manifest.scm b/etc/manifests/hurd.scm index cb6b82d5f8..cb6b82d5f8 100644 --- a/etc/hurd-manifest.scm +++ b/etc/manifests/hurd.scm diff --git a/etc/kernels-manifest.scm b/etc/manifests/kernels.scm index bacb222d64..bacb222d64 100644 --- a/etc/kernels-manifest.scm +++ b/etc/manifests/kernels.scm diff --git a/etc/release-manifest.scm b/etc/manifests/release.scm index 773910ac80..b003f216ff 100644 --- a/etc/release-manifest.scm +++ b/etc/manifests/release.scm @@ -1,5 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2020-2022 Ludovic Courtès <ludo@gnu.org> +;;; Copyright © 2020-2022, 2024 Ludovic Courtès <ludo@gnu.org> ;;; Copyright © 2020 Jan (janneke) Nieuwenhuizen <janneke@gnu.org> ;;; Copyright © 2023 Andreas Enge <andreas@enge.fr> ;;; @@ -145,6 +145,16 @@ TARGET." "x86_64-linux-gnu" "i686-linux-gnu" + ;; Ignore obsolete systems, as in (gnu ci). + "mips64el-linux-gnu" + "powerpc-linux-gnu" + "powerpc64-linux-gnu" + + ;; Ignore bare-metal targets. + "avr" + "or1k-elf" + "xtensa-ath9k-elf" + ;; XXX: Important bits like libsigsegv and libffi don't ;; support RISCV at the moment, so don't require RISCV ;; support. diff --git a/etc/source-manifest.scm b/etc/manifests/source.scm index f96a5da6f7..3e1ae07959 100644 --- a/etc/source-manifest.scm +++ b/etc/manifests/source.scm @@ -1,5 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2021 Ludovic Courtès <ludo@gnu.org> +;;; Copyright © 2021, 2024 Ludovic Courtès <ludo@gnu.org> ;;; ;;; This file is part of GNU Guix. ;;; @@ -25,17 +25,6 @@ (guix packages) (guix profiles) (gnu packages)) -(define (all-packages) - "Return the list of all the packages, public or private, omitting only -superseded packages." - (fold-packages (lambda (package lst) - (match (package-replacement package) - (#f (cons package lst)) - (replacement - (append (list replacement package) lst)))) - '() - #:select? (negate package-superseded))) - (define (upstream-origin source) "Return SOURCE without any patches or snippet." (origin (inherit source) diff --git a/etc/system-tests.scm b/etc/manifests/system-tests.scm index 221a63bb7f..221a63bb7f 100644 --- a/etc/system-tests.scm +++ b/etc/manifests/system-tests.scm diff --git a/etc/time-travel-manifest.scm b/etc/manifests/time-travel.scm index 039ca89889..039ca89889 100644 --- a/etc/time-travel-manifest.scm +++ b/etc/manifests/time-travel.scm diff --git a/etc/manifests/ungraft.scm b/etc/manifests/ungraft.scm new file mode 100644 index 0000000000..3e42b98ece --- /dev/null +++ b/etc/manifests/ungraft.scm @@ -0,0 +1,49 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2024 Ludovic Courtès <ludo@gnu.org> +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>. + +;; This manifest "ungrafts" all the currently grafted packages and returns +;; said packages and all their dependents. + +(use-modules (guix diagnostics) + (guix i18n) + (guix packages) + (guix profiles) + (guix store) + ((guix scripts build) #:select (dependents)) + ((gnu packages) #:select (all-packages)) + (srfi srfi-1)) + +(define (grafted-packages) + (info (G_ "enumerating grafted packages...~%")) + (let ((result (filter package-replacement (all-packages)))) + (info (G_ "found ~d grafted packages:~{ ~a~}~%") + (length result) (map package-full-name result)) + result)) + +(manifest + (with-store store + (let* ((grafted (grafted-packages)) + (ungraft-all (package-input-rewriting + (map (lambda (package) + `(,package . ,(package-replacement package))) + grafted)))) + (map (lambda (package) + (manifest-entry + (inherit (package->manifest-entry (ungraft-all package))) + (name (string-append (package-name package) "-ungrafted")))) + (dependents store grafted))))) diff --git a/etc/manifests/upgrade.scm b/etc/manifests/upgrade.scm new file mode 100644 index 0000000000..03a7d6d319 --- /dev/null +++ b/etc/manifests/upgrade.scm @@ -0,0 +1,140 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2024 Ludovic Courtès <ludo@gnu.org> +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>. + +;; This manifest computes upgrades of key packages using updaters from (guix +;; upstream) and supporting code for the 'with-latest' transformation. + +(use-modules (guix memoization) + (guix monads) + (guix graph) + (guix packages) + (guix profiles) + (guix store) + (guix transformations) + (guix upstream) + ((guix scripts build) #:select (dependents)) + ((guix scripts graph) #:select (%bag-node-type)) + ((guix import github) #:select (%github-api)) + (guix build-system gnu) + (guix build-system cmake) + ((gnu packages) + #:select (all-packages specification->package)) + + (gnu packages backup) + (gnu packages curl) + (gnu packages freedesktop) + (gnu packages gnupg) + (gnu packages ssh) + (gnu packages tls) + (gnu packages xorg) + + (ice-9 match) + (srfi srfi-1)) + +;; Bypass the GitHub updater: we'd need an API token or we would hit the rate +;; limit. +(%github-api "http://example.org") + +(define security-packages + (list xorg-server + elogind + + openssl + gnutls + curl + curl-ssh + + libarchive + libssh + + ;; Since there are several libgit2 versions, pick the latest one and + ;; compute the upgrade against that one. + (specification->package "libgit2") + + ;; GnuPG. + libassuan + libgpg-error + libgcrypt + libksba + npth + gnupg + gpgme + pinentry)) + +(define latest-version + (mlambdaq (package) + (package-with-upstream-version package + ;; Preserve patches and snippets to get + ;; exactly the same as what we'd have with + ;; 'guix refresh -u PACKAGE'. + #:preserve-patches? #t + + ;; XXX: Disable source code authentication: + ;; this requires a local keyring, populated + ;; from key servers, but key servers may be + ;; unreliable or may lack the upstream + ;; keys. Leave it up to packagers to + ;; actually authenticate code and make sure + ;; it matches what this manifest computed. + #:authenticate? #f))) + +(define individual-security-upgrades + ;; Upgrades of individual packages with their direct dependents built + ;; against that upgrade. + (manifest + (with-store store + (append-map (lambda (package) + (let* ((name (package-name package)) + (newest (latest-version package)) + (update (package-input-rewriting + `((,package . ,newest))))) + (map (lambda (package) + (manifest-entry + (inherit (package->manifest-entry + (update package))) + (name (string-append (package-name package) + "-with-latest-" name)))) + (dependents store (list package) 1)))) + security-packages)))) + +(define joint-security-upgrades + ;; All of SECURITY-PACKAGES updated at once, together with their dependents. + (manifest + (with-store store + (let ((update-all (package-input-rewriting + (map (lambda (package) + `(,package . ,(latest-version package))) + security-packages)))) + (map (lambda (package) + (manifest-entry + (inherit (package->manifest-entry + (update-all package))) + (name (string-append (package-name package) "-full-upgrade")))) + (dependents store security-packages 2)))))) + +;; Install a UTF-8 locale so that file names in Git checkouts are interpreted +;; as UTF-8 (the libgit2 source tree contains non-ASCII file names, for +;; instance). XXX: This works around the fact that 'cuirass register' and +;; thus 'cuirass evaluate' may not be running with a UTF-8 locale. +(unless (string-suffix? ".UTF-8" (setlocale LC_ALL)) + (or (false-if-exception (setlocale LC_ALL "C.UTF-8")) + (false-if-exception (setlocale LC_ALL "en_US.UTF-8")) + (format (current-error-port) "warning: failed to install UTF-8 locale~%"))) + +(concatenate-manifests + (list individual-security-upgrades joint-security-upgrades)) diff --git a/etc/news.scm b/etc/news.scm index 0be432f872..0628b0fdb4 100644 --- a/etc/news.scm +++ b/etc/news.scm @@ -1,7 +1,7 @@ ;; GNU Guix news, for use by 'guix pull'. ;; ;; Copyright © 2019-2024 Ludovic Courtès <ludo@gnu.org> -;; Copyright © 2019–2021 Tobias Geerinckx-Rice <me@tobias.gr> +;; Copyright © 2019–2021, 2024 Tobias Geerinckx-Rice <me@tobias.gr> ;; Copyright © 2019, 2020 Miguel Ángel Arruga Vivas <rosen644835@gmail.com> ;; Copyright © 2019, 2020 Konrad Hinsen <konrad.hinsen@fastmail.net> ;; Copyright © 2019, 2020, 2021, 2023 Julien Lepiller <julien@lepiller.eu> @@ -23,6 +23,10 @@ ;; Copyright © 2024 Hilton Chain <hako@ultrarare.space> ;; Copyright © 2024 Liliana Marie Prikler <liliana.prikler@gmail.com> ;; Copyright © 2024 Vivien Kraus <vivien@planete-kraus.eu> +;; Copyright © 2024 Guillaume Le Vaillant <glv@posteo.net> +;; Copyright © 2024 Zheng Junjie <873216071@qq.com> +;; Copyright © 2024 Nicolas Graves <ngraves@ngraves.fr> +;; Copyright © 2024 Sebastian Dümcke <code@sam-d.com> ;; ;; Copying and distribution of this file, with or without modification, are ;; permitted in any medium without royalty provided the copyright notice and @@ -30,6 +34,495 @@ (channel-news (version 0) + (entry (commit "ccf72d5074b0c5ba793e686cbb1d6eaad39824bf") + (title + (de "Neues Format @samp{appimage} für den Befehl @command{guix pack}") + (en "New @samp{AppImage} format for the @command{guix pack} command") + (fr "Nouveau format @samp{AppImage} pour la commande @command{guix pack}")) + (body + (de "@command{guix pack} kann nun AppImage-Dateien erstellen. Das +AppImage-Dateiformat erlaubt es, in einer einzelnen Datei Software zu verteilen. Die +AppImage-Datei lässt sich ohne besondere Benutzerrechte ausführen. Hier ist +ein Beispiel: + +@example +guix pack --format=appimage --entry-point=bin/hello hello +@end example + +Siehe @command{info \"(guix.de) Aufruf von guix pack\"} für mehr +Informationen.") + (en "@command{guix pack} can now produce AppImage a single file, +self-contained software archive. AppImage files are easily distributed and can +be run with user privileges. Here is an example for the @code{hello} package: + +@example +guix pack --format=appimage --entry-point=bin/hello hello +@end example + +See @command{info \"(guix) Invoking guix pack\"} for more information.") + (fr "@command{guix pack} peut désormais produire un fichier +AppImage. AppImage est une manière de distribuer les logiciels en un seul +fichier, qui peut être executé avec des droits d’utilisateur. Voici un +exemple pour le paquet @code{hello} : + +@example +guix pack --format=appimage --entry-point=bin/hello hello +@end example + +Consultez @command{info \"(guix.fr) Invoquer guix pack\"} pour plus +d’informations."))) + + (entry (commit "b93434e656eba4260df82158a96c295000d3ff44") + (title (en "PostgreSQL service upgrade") + (de "PostgreSQL-Dienst aktualisiert") + (fr "Mise à jour du service PostgreSQL")) + (body + (en "\ +This news entry concerns users of the @code{postgresql-service-type}. + +The default PostgreSQL used in @code{postgresql-configuration} has been +deprecated, and will be removed in a few months. However, the value of the +default @code{postgresql-configuration-postgresql} can't be directly changed +to a newer major version of PostgreSQL, because switching to a major version +currently requires a manual update of the database. + +Because of this, the default value of postgresql-configuration-postgresql has +been unset. Current users of the service will have to set it manually. If it +was unset, use @code{postgresql-10} and plan an upgrade in the next month to a +supported version of PostgreSQL. To upgrade, you will need to either dump +your database using your previous version of PostgreSQL and reload it in the +new version or use the @command{pg_upgrade} application. See +@url{https://www.postgresql.org/docs/current/upgrading.html} for more info.") + (de "\ +Diese Neuigkeit betrifft Nutzer des @code{postgresql-service-type}. + +Die in @code{postgresql-configuration} bisher vorgegebene Version von +PostgreSQL gilt als veraltet und wird in ein paar Monaten entfernt werden. +Allerdings können wir den Vorgabewert von +@code{postgresql-configuration-postgresql} nicht einfach für Sie auf eine +neuere große Version ändern, weil bei so einem Wechsel die Datenbank derzeit +manuell aktualisiert werden muss. + +Aus diesem Grund wurde der Vorgabewert von +@code{postgresql-configuration-postgresql} von nun an entfernt. Aktuelle +Nutzer des Dienstes müssen sie selbst setzen. Wenn kein Wert gesetzt war, +sollten Sie @code{postgresql-10} eintragen und dabei einplanen, dass Sie es +kommenden Monat auf eine unterstützte Version von PostgreSQL aktualisieren +müssen. Zum Aktualisieren werden Sie entweder mit der vorherigen Version von +PostgreSQL ein Dump Ihrer Datenbank exportieren, das Sie dann in der neuen +Version laden, oder Sie benutzen dafür die Anwendung @command{pg_upgrade}. +Siehe @url{https://www.postgresql.org/docs/current/upgrading.html} für weitere +Informationen.") + (fr "\ +Ce message concerne les utilisateurs du service-type PostgreSQL. + +La précédente version par défaut de PostgreSQL utilisée dans +@code{postgresqsl-configuration} est obsolète et sera supprimée dans quelques +mois. Cependant, la valeur de la configuration par défaut +@code{postgresql-configuration-postgresql} ne peut pas être changée +directement pour une version majeure prise en charge de PostgreSQL, car le +passage à une nouvelle version majeure nécessite actuellement une mise à jour +manuelle de la base de données. + +Pour cette raison, la valeur par défaut de +@code{postgresql-configuration-postgresql} a été supprimée et les utilisateurs +actuels du service doivent la configurer manuellement. Si elle n’était pas +définie, utilisez @code{postgresql-10} et prévoyez une mise à jour dans le +mois à venir vers une version plus récente de PostgreSQL. Pour effectuer la +mise à jour, vous devrez soit exporter votre base de données sous une version +de PostgreSQL puis la réimporter sous une nouvelle version, soit utiliser +l'application @command{pg_upgrade}. Pour plus d'informations, consultez +@url{https://www.postgresql.org/docs/current/upgrading.html}."))) + + (entry (commit "cfc85eb0c67a5cf10a3fbe2531b926cbb8c62489") + (title + (en "Linux-libre 6.10 removed due to end of upstream support") + (de "Linux-libre 6.10 wurde entfernt")) + (body + (en "The linux-libre 6.10 kernel series has reached the end of + its life, and is no longer supported upstream. For this + reason, it has been removed from GNU Guix.") + (de "Die @code{linux-libre} 6.10-Versionsreihe hat ihr +Supportende erreicht und wird nicht mehr unterstützt („end of life“). Daher ist die +Versionsreihe aus GNU Guix entfernt worden."))) + + (entry (commit "5966e0fdc78771c562e0f484a22f381a77908be0") + (title + (en "Daemon vulnerability allowing takeover of build users fixed") + (de "Schwachstelle im Daemon behoben, durch die Übernahme von Erstellungsbenutzern möglich ist")) + (body + (en "A vulnerability allowing a local user to execute arbitrary code +as any of the build users has been identified and fixed. Most notably, this +allows any local user to alter the result of any local build, even if it +happens inside a container. The only requirements to exploit this +vulnerability are the ability to start a derivation build and the ability to +run arbitrary code with access to the store in the root PID namespace on the +machine that build occurs on. This largely limits the vulnerability to +multi-user systems. + +This vulnerability is caused by the fact that @command{guix-daemon} does not +change ownership and permissions on the outputs of failed builds when it moves +them to the store, and is also caused by there being a window of time between +when it moves outputs of successful builds to the store and when it changes +their ownership and permissions. Because of this, a build can create a binary +with both setuid and setgid bits set and have it become visible to the outside +world once the build ends. At that point any process that can access the +store can execute it and gain the build user's privileges. From there any +process owned by that build user can be manipulated via procfs and signals at +will, allowing the attacker to control the output of its builds. + +You are advised to upgrade @command{guix-daemon}. Run @command{info \"(guix) +Upgrading Guix\"}, for info on how to do that. Additionally, if there is any +risk that a builder may have already created these setuid binaries (for +example on accident), run @command{guix gc} to remove all failed build +outputs. + +See @uref{https://issues.guix.gnu.org/73919} for more information on this +vulnerability.") + (de "Eine Sicherheitslücke, durch die ein lokaler Benutzer beliebigen +Code als jeder der Erstellungsbenutzer ausführen kann, wurde gefunden und +behoben. Diese hat zur Folge, dass jeder lokale Benutzer das Ergebnis jeder +lokalen Erstellung verändern kann, selbst wenn sie in einem Container isoliert +stattfindet. Um die Lücke auszunutzen, wird nur vorausgesetzt, dass er +Ableitungen erstellen lassen kann und beliebigen Code mit Store-Zugriff im +Wurzel-PID-Namensraum auf der Maschine laufen lassen kann, wo die Erstellung +abläuft. Somit sind vor allem Mehrbenutzersysteme betroffen. + +Ursache der Lücke ist, dass @command{guix-daemon} Besitzer und Berechtigungen +der Ausgaben einer fehlgeschlagenen Erstellung nicht ändert, wenn er sie in den +Store verschiebt. Auch bei erfolgreichen Erstellungen gibt es ein Zeitfenster +nachdem Ausgaben in den Store gelangen und bevor ihr Besitzer und +Berechtigungen angeglichen werden. So kann eine Erstellung eine Binärdatei +erzeugen, bei der die Bits für setuid und setgid gesetzt sind, die dann für die +Außenwelt sichtbar wird, wenn die Erstellung fertig ist. Ab dann kann jeder +Prozess mit Zugriff auf den Store diese ausführen und die Berechtigungen des +Erstellungsbenutzers erlangen, so dass jeder Prozess im Besitz des +Erstellungsbenutzers über procfs und Signale beeinflussbar ist und der +Angreifer Kontrolle darüber hat, welche Ausgabe Erstellungen haben. + +Wir raten Ihnen, @command{guix-daemon} zu aktualisieren. Führen Sie +@command{info \"(guix.de) Aktualisieren von Guix\"} aus für Erklärungen, wie +Sie ihn aktualisieren können. Wenn zudem Gefahr besteht, dass ein +Erstellungsprogramm bereits setuid-gesetzte Binärdateien angelegt hat (etwa +versehentlich), führen Sie @command{guix gc} aus, um alle fehlgeschlagenen +Erstellungsausgaben zu entfernen. + +Siehe @uref{https://issues.guix.gnu.org/73919} für weitere Details zu dieser +Sicherheitslücke."))) + + (entry (commit "2fae63df2138b74d30e120364f0f272871595862") + (title + (en "Core packages updated") + (de "Kernpakete aktualisiert") + (fr "Logiciels fondamentaux mis à jour")) + (body + (en "Core packages have been updated, in particular those that +are used to build every other package in the distribution. Noteworthy +upgrades include: + +@itemize +@item @code{glibc} 2.39 (was 2.35); +@item @code{gcc} 11.4.0 as the default compiler (was 11.3.0); +@item @code{binutils} 2.41 (was 2.38); +@item @code{make} 4.4.1 (was 4.3); +@item TeX@tie{}Live 2024.2 (was 20230313; note that due to the new +versioning scheme, @command{guix upgrade} will consider the new packages +as ``older'' than the previous ones so you may need to use +@command{guix install} to upgrade them). +@end itemize + +Additional improvements were made to build systems and related packages and +tools: + +@itemize +@item +the @code{glibc} package now includes the @code{C.UTF-8} locale, +suitable for use when a UTF-8 locale is necessary regardless of +any language or regional convention; +@item +origins that include patches are now repacked with zstd instead of xz, +which uses less CPU power and memory, both when compressing and when +decompressing; +@item +performance issues with the modular TeX@tie{}Live package set have +been fixed. +@end itemize + +If you encounter any problem, please check +@url{https://issues.guix.gnu.org} for existing reports and resolutions; +email @email{bug-guix@@gnu.org} to report new bugs.") + (de "Pakete, die den Kern der Distribution ausmachen, wurden +aktualisiert, insbesondere solche Pakete, aus denen heraus alle anderen Pakete +der Distribution erstellt werden. Zu den nennenswerten Neuerungen gehören: + +@itemize +@item @code{glibc} 2.39 (war 2.35), +@item @code{gcc} 11.4.0 ist der voreingestellte Compiler (war 11.3.0), +@item @code{binutils} 2.41 (war 2.38), +@item @code{make} 4.4.1 (war 4.3), +@item TeX@tie{}Live 2024.2 (war 20230313; das bedeutet, dass wegen der neuen +Versionsbezeichnungen @command{guix upgrade} die neuen Pakete für „älter“ als +die vorherigen hält und eine Aktualisierung unter Umständen nur zulässt, indem +Sie @command{guix install} benutzen). +@end itemize + +Weitere Verbesserungen wurden an Erstellungssystemen und zugehörigen Paketen +und Werkzeugen vorgenommen: + +@itemize +@item +Zu dem Paket @code{glibc} gehört jetzt die Locale für @code{C.UTF-8}, die +geeignet ist, wenn eine UTF-8-Locale gebraucht wird, aber Sprache und regionale +Konventionen unwichtig sind. +@item +Paketursprünge mit Patches werden jetzt in Archive mit zstd anstelle von xz +neu gepackt, wodurch weniger Rechenzeit und Speicher beim Komprimieren und +Dekomprimieren nötig sind. +@item +Performance-Probleme mit den modularen Paketsatz von TeX@tie{}Live wurden +behoben. +@end itemize + +Wenn Sie Probleme feststellen, schauen Sie bitte auf +@url{https://issues.guix.gnu.org} nach bisherigen Fehlerberichten und Lösungen +und schicken Sie eine E-Mail an @email{bug-guix@@gnu.org}, um neue Fehler zu +melden.") + (fr "Les logiciels fondamentaux on été mis à jour, en particulier +ceux qui servent à construire tous les autres logiciels de la distribution. +Les mises à jour notables sont : + +@itemize +@item @code{glibc} 2.39 (au lieu de 2.35) ; +@item @code{gcc} 11.4.0 comme compilateur par défaut (au lieu de 11.3.0) ; +@item @code{binutils} 2.41 (au lieu de 2.38) ; +@item @code{make} 4.4.1 (au lieu de 4.3) ; +@item TeX@tie{}Live 2024.2 (au lieu de 20230313 ; compte tenu du changement de +numérotation des versions, @command{guix upgrade} va croire que les nouveaux +paquets sont « plus vieux » que les précédents et il faudra donc utiliser +@command{guix install} pour les mettre à jour). +@end itemize + +Les systèmes de construction ainsi que les paquets et outils connexes ont été +améliorés : + +@itemize +@item +le paquet @code{glibc} inclut dorénavant la locale @code{C.UTF-8} qui convient +chaque fois qu'on a besoin d'une locale UTF-8 indépendemment d'un langage ou +de conventions régionales ; +@item +les origines qui incluent des @i{patches} sont maintenant recompressées avec +zstd au lieu de xz, ce qui demande moins de temps de calcul et de mémoire, à +la fois en compression et en décompression ; +@item +des problèmes de performance avec les paquets TeX@tie{}Live modulaires ont été +résolus. +@end itemize + +En cas de difficultés, merci de jeter un œil à +@url{https://issues.guix.gnu.org} pour voir la liste des problèmes qui ont été +remontés et les éventuelles solutions ; envoyer un courrier à +@email{bug-guix@@gnu.org} pour faire remonter de nouveaux bogues."))) + + (entry (commit "fc35b9fa6d6ed3583d4f3fc9214f657022d49678") + (title + (en "Linux-libre 6.9 removed due to end of upstream support") + (de "Linux-libre 6.9 wurde entfernt")) + (body + (en "The linux-libre 6.9 kernel series has reached the end of + its life, and is no longer supported upstream. For this + reason, it has been removed from GNU Guix.") + (de "Die @code{linux-libre} 6.9-Versionsreihe hat ihr +Supportende erreicht und wird nicht mehr unterstützt („end of life“). Daher ist die +Versionsreihe aus GNU Guix entfernt worden."))) + + (entry (commit "4e58dfee6c7456d1e662f66041b8a157efe8710a") + (title + (en "More capable @code{privileged-programs} replace @code{setuid-programs}") + (de "Befähigtere @code{privileged-programs} ersetzen @code{setuid-programs}") + (nl "Capabelere @code{privileged-programs} vervangen @code{setuid-programs}")) + (body + (en "Where the kernel supports it, Guix System can now assign +POSIX@tie{}@dfn{capabilities} to trusted executables. Capabilities offer a +more granular alternative to the traditional setuid and setgid permissions, +which remain available. + +To reflect this, @code{(gnu system setuid)} has been renamed to @code{(gnu +system privilege)}. @code{privileged-programs} replaces @code{setuid-programs} +as @code{operating-system} field and defaults to +@code{%default-privileged-programs}. The executables themselves have moved from +@file{/run/setuid-programs} to @file{/run/privileged/bin}.") + (de "Wo der Kernel dies unterstützt, kann Guix System nun +POSIX-@dfn{Capabilities} an die Anwendungen vergeben, denen besonders vertraut +wird. Capabilities bieten eine feinmaschigere Alternative zu den klassischen +setuid- und setgid-Berechtigungen, die auch verfügbar bleiben. + +Um dies deutlich zu machen, heißt @code{(gnu system setuid)} nun @code{(gnu +system privilege)}. Das Feld @code{privileged-programs} ersetzt +@code{setuid-programs} in jedem @code{operating-system}-Objekt und sein +Vorgabewert ist @code{%default-privileged-programs}. Die ausführbaren Dateien +wurden von @file{/run/setuid-programs} nach @file{/run/privileged/bin} +verschoben.") + (nl "Waar de kernel dit toelaat kan Guix System nu +POSIX@tie{}@dfn{capabilities} toewijzen aan vertrouwde uitvoerbare bestanden. +``Capabilities'' zijn een fijnmaziger alternatief voor de klassieke setuid- en +setgid-rechten, die ook beschikbaar blijven. + +Om dit duidelijk te maken heet @code{(gnu system setuid)} nu @code{(gnu system +privilege)}. @code{privileged-programs} vervangt @code{setuid-programs} als +veld in het @code{operating-system} en heeft @code{%default-privileged-programs} +als standaardwaarde. De uitvoerbare bestanden verhuizen van +@file{/run/setuid-programs} naar @file{/run/privileged/bin}."))) + (entry (commit "26638b8e8129aa755586d017677b4cf076bafda6") + (title + (en "The containerd service is separated from @code{docker-service-type}") + (ru "Сервис containerd отделен от @code{docker-service-type}") + (de "containerd-Dienst wurde vom @code{docker-service-type} getrennt")) + (body + (en "containerd service has been decoupled from the +@code{docker-service-type}. Moving forward, users are required to specify +containerd settings manually for their configurations. The +@code{containerd-service-type} service need to be added to a system +configuration, otherwise a message about not any service provides +@code{containerd} will be displayed during @code{guix system reconfigure}. + +Run @command{info \"(guix) Miscellaneous Services\"} for more info.") + (ru "Сервис containerd был отделен от @code{docker-service-type}. +Впредь пользователям потребуется указывать параметры containerd вручную для +своих конфигураций. Сервис @code{containerd-service-type} должен быть +добавлен в конфигурацию системы, в противном случае будет отображено сообщение +о том, что ни один сервис не предоставляет поддержку для @code{containerd} во +время выполнения команды @code{guix system reconfigure}. + +Смотрите @command{info \"(guix.ru) Разнообразные службы\"} для получения более +детальных сведений.") + (de "Es gibt einen eigenen containerd-Dienst losgelöst von +@code{docker-service-type}. In Zukunft müssen Nutzer dort manuelle +Einstellungen für containerd vornehmen. Der Dienst +@code{containerd-service-type} muss zur Systemkonfiguration hinzugefügt +werden, sonst wird durch @code{guix system reconfigure} eine Meldung +gezeigt, dass kein Dienst @code{containerd} zur Verfügung stellt. + +Siehe @command{info \"(guix.de) Verschiedene Dienste\"} für genauere +Informationen."))) + + (entry (commit "ee7e5e00bf2b9257e67d785b37efddb008c5da37") + (title + (en "Plasma updated to version 6.1.2") + (de "Plasma auf Version 6.1.2 aktualisiert") + (fr "Plasma passe à la version 6.1.2") + (zh "Plasma 更新到 6.1.2 版本")) + (body + (en "Plasma updated to 6.1.2, KDE Frameworks updated to 6.3.0, and +other KDE package updates. + +With Plasma updates, SDDM has QT6 enabled by default. If you want to still use a +Qt5 theme, you need to set the field @code{sddm} in @code{sddm-configuration} to +@code{sddm-qt5}.") + (de "Plasma wurde auf 6.1.2 aktualisiert, KDE Frameworks wurde +auf 6.3.0 aktualisiert und andere KDE-Pakete wurden aktualisiert. + +Mit der Aktualisierung von Plasma ist in SDDM die Version qt6 +vorgegeben. Wenn Sie ein Qt5-Thema benutzen möchten, müssen Sie +in der @code{sddm-configuration} das Feld @code{sddm} auf +@code{sddm-qt5} setzen.") + (fr "Plasma passe à la version 6.1.2, KDE Frameworks à la 6.3.0, et + d’autres logiciels KDE sont mis à jour. + + Avec ces mises à jour de Plasma, sddm utilise Qt 6 par défaut. Pour + utiliser un thème Qt 5, il faut mettre le champ @code{sddm} de + @code{sddm-configuration} à @code{sddm-qt5}.") + (zh "Plasma 更新到 6.1.2, KDE Frameworks 更新到 6.3.0, 及其他 KDE 软件包更新。 + +随着 Plasma 更新, SDDM 默认启用 Qt6, 如果您还想使用 Qt5 主题, 需要将 @code{sddm-configuration} 中的 +@code{sddm} 字段设置为 @code{sddm-qt5}."))) + + (entry (commit "a46908620fac09bd8ccd0f587a27e86035d3b1d7") + (title + (en "@code{stumpwm:lib} removed") + (de "@code{stumpwm:lib} wurde entfernt") + (fr "@code{stumpwm:lib} supprimé")) + (body + (en "The @code{lib} output of the @code{stumpwm} package has been +removed. If you have some personal package definitions depending on +@code{stumpwm:lib}, they should be updated to depend on @code{stumpwm} +instead.") + (de "Die Ausgabe @code{lib} des Pakets @code{stumpwm} gibt es nicht +mehr. Wenn Sie eigene Paketdefinitionen haben, die von @code{stumpwm:lib} +abhängen, müssen sie angepasst werden, um stattdessen von @code{stumpwm} +abzuhängen.") + (fr "La sortie @code{lib} du paquet @code{stumpwm} a été supprimée. +Si vous avez des définitions de paquets personnels dépendantes de +@code{stumpwm:lib}, elle doivent être modifiées pour dépendre de +@code{stumpwm} à la place."))) + + (entry (commit "6fad0fd1c32db2cb25447b694f08d5c7836536ad") + (title + (en "Linux-libre 6.8 removed due to end of upstream support") + (de "Linux-libre 6.8 wurde entfernt")) + (body + (en "The linux-libre 6.8 kernel series has reached the end of + its life, and is no longer supported upstream. For this + reason, it has been removed from GNU Guix.") + (de "Die @code{linux-libre} 6.8-Versionsreihe hat ihr +Supportende erreicht und wird nicht mehr unterstützt („end of life“). Daher ist die +Versionsreihe aus GNU Guix entfernt worden."))) + + (entry (commit "8d1d98a3aa3448b9d983e4bd64243a938b96e8ab") + (title + (en "@command{guix git authenticate} usage simplified") + (de "@command{guix git authenticate} ist leichter nutzbar") + (fr "@command{guix git authenticate} simplifiée")) + (body + (en "Usage of the @command{guix git authenticate} command has been +simplified. The command is useful to channel authors and to developers +willing to validate the provenance of their code. + +On your first use, @command{guix git authenticate} will now record the commit +and signer (the @dfn{introduction}) in the @file{.git/config} file of your +repository so that you don't have to pass them on the command line in +subsequent runs. It will also install pre-push and post-merge hooks, +unless preexisting hooks are found. + +Run @command{info \"(guix) Invoking guix authenticate\"} for more info.") + (de "Der Befehl @command{guix git authenticate} kann jetzt einfacher +benutzt werden. Mit dem Befehl können Kanalautoren und Entwickler die +Provenienz ihres Codes überprüfen. + +Beim ersten Gebrauch speichert @command{guix git authenticate} Commit und +Unterzeichner (wie in der @dfn{Kanaleinführung}) in der Datei +@file{.git/config} Ihres Repositorys, so dass Sie sie bei späteren +Ausführungen nicht mehr auf der Befehlszeile angeben müssen. Auch werden +Git-Hooks für pre-push und post-merge installiert, wenn es bisher keine +Hooks dieser Art gibt. + +Führen Sie @command{info \"(guix.de) Aufruf von guix git authenticate\"} +aus, wenn Sie mehr wissen wollen.") + (fr "L'utilisation de la commande @command{guix git authenticate} a +été simplifiée. Cette commande est utile aux auteur·rices de canaux et aux +développeur·euses souhaitant pouvoir valider l'origine de leur code. + +À la première utilisation, @command{guix git authenticate} enregistre +désormais le commit et signataire (l'@dfn{introduction}) dans le fichier +@file{.git/config} du dépôt, ce qui permet de ne pas avoir à les spécifier sur +la ligne de commande les fois suivantes. La commande installe aussi des +crochets « pre-push » et « post-merge », sauf si des crochets préexistants +sont trouvés. + +Lancer @command{info \"(guix.fr) Invoquer guix git authenticate\"} pour en +savoir plus."))) + + (entry (commit "238a74c7dfd1469af064b445abcee38fd7408d5b") + (title + (en "Linux-libre 6.7 removed due to end of upstream support") + (de "Linux-libre 6.7 wurde entfernt")) + (body + (en "The linux-libre 6.7 kernel series has reached the end of + its life, and is no longer supported upstream. For this + reason, it has been removed from GNU Guix.") + (de "Die @code{linux-libre} 6.7-Versionsreihe hat ihr +Supportende erreicht und wird nicht mehr unterstützt („end of life“). Daher ist die +Versionsreihe aus GNU Guix entfernt worden."))) (entry (commit "67a3a83170c038d2eb084d3f53a7ea7b033aea74") (title diff --git a/etc/snippets/tempel/scheme-mode b/etc/snippets/tempel/scheme-mode.eld index 249f4ce8e3..21a5dd6dee 100644 --- a/etc/snippets/tempel/scheme-mode +++ b/etc/snippets/tempel/scheme-mode.eld @@ -1,5 +1,3 @@ --*- mode: lisp-data -*- - scheme-mode (package... diff --git a/etc/snippets/tempel/text-mode b/etc/snippets/tempel/text-mode.eld index c635b7ee6f..397221b846 100644 --- a/etc/snippets/tempel/text-mode +++ b/etc/snippets/tempel/text-mode.eld @@ -1,5 +1,3 @@ --*- mode: lisp-data -*- - text-mode :when (bound-and-true-p git-commit-mode) (add\ "gnu: Add " diff --git a/etc/teams.scm b/etc/teams.scm index d537e83efc..6b492f1d4b 100755 --- a/etc/teams.scm +++ b/etc/teams.scm @@ -183,6 +183,36 @@ and the r-build-system." "Everything related to the Sugar Desktop and learning environment." #:scope (list "gnu/packages/sugar.scm"))) +(define-team sysadmin + (team 'sysadmin + #:name "Sysadmin team" + #:description + "Networking, server clustering, high availability." + #:scope (list "gnu/packages/admin.scm" + "gnu/packages/acl.scm" + "gnu/packages/adns.scm" + "gnu/packages/antivirus.scm" + "gnu/packages/apparmor.scm" + "gnu/packages/authentication.scm" + "gnu/packages/cluster.scm" + "gnu/packages/configuration-management" + "gnu/packages/databases.scm" + "gnu/packages/distributed.scm" + "gnu/packages/dns.scm" + "gnu/packages/high-availability.scm" + "gnu/packages/kerberos.scm" + "gnu/packages/logging.scm" + "gnu/packages/monitoring.scm" + "gnu/packages/nfs.scm" + "gnu/packages/openldap.scm" + "gnu/packages/openstack.scm" + "gnu/packages/prometheus.scm" + "gnu/packages/selinux.scm" + "gnu/packages/storage.scm" + "gnu/packages/task-runners.scm" + "gnu/packages/terraform.scm" + "gnu/packages/virtualization.scm"))) + (define-team telephony (team 'telephony #:name "Telephony team" @@ -434,6 +464,16 @@ asdf-build-system." (make-regexp* "^guix/scripts/") (make-regexp* "^guix/store/")))) +(define-team documentation + (team 'documentation + #:name "Documentation" + #:description "Documentation: the manual and cookbook." + #:scope (list (make-regexp* "\\.texi$") + "doc/build.scm" + "gnu/system/examples/bare-bones.tmpl" + "gnu/system/examples/lightweight-desktop.tmpl" + "gnu/system/examples/desktop.tmpl"))) + (define-team core-packages (team 'core-packages #:name "Core packages" @@ -444,7 +484,9 @@ asdf-build-system." "gnu/packages/cross-base.scm" "gnu/packages/gcc.scm" "gnu/packages/guile.scm" + "gnu/packages/ld-wrapper.in" "gnu/packages/make-bootstrap.scm" + "gnu/packages/multiprecision.scm" "guix/build/gnu-build-system.scm" "guix/build/utils.scm" "guix/build-system/gnu.scm"))) @@ -453,7 +495,8 @@ asdf-build-system." (team 'games #:name "Games and Toys" #:description "Packaging programs for amusement." - #:scope (list "gnu/packages/games.scm" + #:scope (list "gnu/packages/emulators.scm" + "gnu/packages/games.scm" "gnu/packages/game-development.scm" "gnu/packages/minetest.scm" "gnu/packages/esolangs.scm" ; granted, rather niche @@ -500,11 +543,12 @@ asdf-build-system." (team 'mozilla #:name "Mozilla" #:description - "Taking care about Icecat and Icedove, built from Mozilla Firefox -and Thunderbird." + "Taking care of Icedove and Web Browsers based on Mozilla Thunderbird +and Firefox." #:scope (list "gnu/build/icecat-extension.scm" "gnu/packages/browser-extensions.scm" "gnu/packages/gnuzilla.scm" + "gnu/packages/librewolf.scm" "gnu/packages/tor-browsers.scm"))) (define-team racket @@ -566,6 +610,15 @@ GLib/GIO, GTK, GStreamer and Webkit." "guix/build/zig-build-system.scm" "guix/build-system/zig.scm"))) +(define-team hurd + (team 'hurd + #:name "Team for the Hurd" + #:scope (list "gnu/system/hurd.scm" + "gnu/system/images/hurd.scm" + "gnu/build/hurd-boot.scm" + "gnu/services/hurd.scm" + "gnu/packages/hurd.scm"))) + (define-member (person "Eric Bavier" "bavier@posteo.net") @@ -581,11 +634,12 @@ GLib/GIO, GTK, GStreamer and Webkit." (define-member (person "Ludovic Courtès" "ludo@gnu.org") - core home bootstrap core-packages installer mentors) + core home bootstrap core-packages installer + documentation mentors) (define-member (person "Andreas Enge" "andreas@enge.fr") - lxqt science tex) + bootstrap core-packages lxqt science tex) (define-member (person "Tanguy Le Carrour" "tanguy@bioneland.org") @@ -593,7 +647,7 @@ GLib/GIO, GTK, GStreamer and Webkit." (define-member (person "Tobias Geerinckx-Rice" "me@tobias.gr") - core kernel mentors) + core mentors) (define-member (person "Leo Famulari" "leo@famulari.name") @@ -633,7 +687,7 @@ GLib/GIO, GTK, GStreamer and Webkit." (define-member (person "Ricardo Wurmus" "rekado@elephly.net") - core mentors r sugar tex) + r sugar) (define-member (person "Christopher Baines" "guix@cbaines.net") @@ -657,7 +711,7 @@ GLib/GIO, GTK, GStreamer and Webkit." (define-member (person "Simon Tournier" "zimon.toutoune@gmail.com") - julia core mentors) + julia core mentors r) (define-member (person "宋文武" "iyzsong@envs.net") @@ -677,7 +731,7 @@ GLib/GIO, GTK, GStreamer and Webkit." (define-member (person "Maxim Cournoyer" "maxim.cournoyer@gmail.com") - gnome qt telephony) + documentation gnome qt telephony) (define-member (person "Katherine Cox-Buday" "cox.katherine.e+guix@gmail.com") @@ -705,7 +759,7 @@ GLib/GIO, GTK, GStreamer and Webkit." (define-member (person "Sharlatan Hellseher" "sharlatanus@gmail.com") - go lisp python science) + go lisp python science sysadmin) (define-member (person "Vivien Kraus" "vivien@planete-kraus.eu") @@ -723,6 +777,22 @@ GLib/GIO, GTK, GStreamer and Webkit." "adam.faiz@disroot.org") games) +(define-member (person "Laurent Gatto" + "laurent.gatto@gmail.com") + r) + +(define-member (person "Nicolas Goaziou" + "guix@nicolasgoaziou.fr") + tex) + +(define-member (person "André Batista" + "nandre@riseup.net") + mozilla) + +(define-member (person "Janneke Nieuwenhuizen" + "janneke@gnu.org") + bootstrap core-packages home hurd installer) + (define (find-team name) (or (hash-ref %teams (string->symbol name)) diff --git a/etc/teams/rust/rusty-packages.scm b/etc/teams/rust/rusty-packages.scm new file mode 100644 index 0000000000..07928b1c74 --- /dev/null +++ b/etc/teams/rust/rusty-packages.scm @@ -0,0 +1,46 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2024 Efraim Flashner <efraim@flashner.co.il> +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>. + +;;; This file returns a manifest of packages built using the cargo-build-system +;;; which are NOT prefixed with 'rust-' and the packages which use rust itself +;;; as an input. This is a short list of packages which can be checked to see +;;; if a rust update has gone smoothly. It is used to assist continuous +;;; integration of the rust-team branch. + +(use-modules (guix packages) + (guix profiles) + (guix build-system) + (srfi srfi-1)) + +(manifest + (map package->manifest-entry + (fold-packages + (lambda (package lst) + (if (or + (and (eq? (build-system-name (package-build-system package)) + (quote cargo)) + (not (string-prefix? "rust-" (package-name package)))) + (any + (lambda (pkg) + (member (specification->package "rust") pkg)) + (append (package-native-inputs package) + (package-propagated-inputs package) + (package-inputs package)))) + (cons package lst) + lst)) + (list)))) |