aboutsummaryrefslogtreecommitdiff
path: root/doc/guix.texi
diff options
context:
space:
mode:
authorLudovic Courtès <ludovic.courtes@inria.fr>2019-08-30 00:54:15 +0200
committerLudovic Courtès <ludo@gnu.org>2019-09-02 15:25:01 +0200
commit55549c7b9b778a79d3e1f3d085861ef36aabdca6 (patch)
tree575d8fdc610a97fd7d0b3711492f57fb688d1857 /doc/guix.texi
parentd370cc73193f42fb86f08237b4ebb612ef822ae7 (diff)
downloadpatches-55549c7b9b778a79d3e1f3d085861ef36aabdca6.tar
patches-55549c7b9b778a79d3e1f3d085861ef36aabdca6.tar.gz
lint: Add 'archival' checker.
* guix/lint.scm (check-archival): New procedure. (%network-dependent-checkers): Add 'archival' checker. * tests/lint.scm ("archival: missing content") ("archival: content available") ("archival: missing revision") ("archival: revision available") ("archival: rate limit reached"): New tests. * doc/guix.texi (Invoking guix lint): Document it.
Diffstat (limited to 'doc/guix.texi')
-rw-r--r--doc/guix.texi25
1 files changed, 25 insertions, 0 deletions
diff --git a/doc/guix.texi b/doc/guix.texi
index 0510f57c23..de02ad8687 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -9249,6 +9249,31 @@ Parse the @code{source} URL to determine if a tarball from GitHub is
autogenerated or if it is a release tarball. Unfortunately GitHub's
autogenerated tarballs are sometimes regenerated.
+@item archival
+@cindex Software Heritage, source code archive
+@cindex archival of source code, Software Heritage
+Checks whether the package's source code is archived at
+@uref{https://www.softwareheritage.org, Software Heritage}.
+
+When the source code that is not archived comes from a version-control system
+(VCS)---e.g., it's obtained with @code{git-fetch}, send Software Heritage a
+``save'' request so that it eventually archives it. This ensures that the
+source will remain available in the long term, and that Guix can fall back to
+Software Heritage should the source code disappear from its original host.
+The status of recent ``save'' requests can be
+@uref{https://archive.softwareheritage.org/save/#requests, viewed on-line}.
+
+When source code is a tarball obtained with @code{url-fetch}, simply print a
+message when it is not archived. As of this writing, Software Heritage does
+not allow requests to save arbitrary tarballs; we are working on ways to
+ensure that non-VCS source code is also archived.
+
+Software Heritage
+@uref{https://archive.softwareheritage.org/api/#rate-limiting, limits the
+request rate per IP address}. When the limit is reached, @command{guix lint}
+prints a message and the @code{archival} checker stops doing anything until
+that limit has been reset.
+
@item cve
@cindex security vulnerabilities
@cindex CVE, Common Vulnerabilities and Exposures