diff options
Diffstat (limited to 'guix')
| -rw-r--r-- | guix/build-system/linux-module.scm | 4 | ||||
| -rw-r--r-- | guix/build-system/minify.scm | 4 | ||||
| -rw-r--r-- | guix/build-system/qt.scm | 214 | ||||
| -rw-r--r-- | guix/build/download.scm | 81 | ||||
| -rw-r--r-- | guix/build/emacs-utils.scm | 8 | ||||
| -rw-r--r-- | guix/describe.scm | 18 | ||||
| -rw-r--r-- | guix/download.scm | 1 | ||||
| -rw-r--r-- | guix/gexp.scm | 31 | ||||
| -rw-r--r-- | guix/git.scm | 14 | ||||
| -rw-r--r-- | guix/gnupg.scm | 150 | ||||
| -rw-r--r-- | guix/http-client.scm | 13 | ||||
| -rw-r--r-- | guix/import/cran.scm | 12 | ||||
| -rw-r--r-- | guix/import/crate.scm | 9 | ||||
| -rw-r--r-- | guix/inferior.scm | 14 | ||||
| -rw-r--r-- | guix/lint.scm | 9 | ||||
| -rw-r--r-- | guix/packages.scm | 4 | ||||
| -rw-r--r-- | guix/profiles.scm | 10 | ||||
| -rw-r--r-- | guix/scripts/import/crate.scm | 2 | ||||
| -rw-r--r-- | guix/scripts/pack.scm | 63 | ||||
| -rw-r--r-- | guix/scripts/package.scm | 7 | ||||
| -rwxr-xr-x | guix/scripts/substitute.scm | 7 | ||||
| -rw-r--r-- | guix/scripts/system.scm | 14 | ||||
| -rw-r--r-- | guix/store.scm | 7 | ||||
| -rw-r--r-- | guix/swh.scm | 2 | ||||
| -rw-r--r-- | guix/ui.scm | 4 | ||||
| -rw-r--r-- | guix/upstream.scm | 24 |
26 files changed, 419 insertions, 307 deletions
diff --git a/guix/build-system/linux-module.scm b/guix/build-system/linux-module.scm index 6084d22210..ba76ab85c3 100644 --- a/guix/build-system/linux-module.scm +++ b/guix/build-system/linux-module.scm @@ -126,6 +126,7 @@ (outputs '("out")) (system (%current-system)) (guile #f) + (substitutable? #t) (imported-modules %linux-module-build-system-modules) (modules '((guix build linux-module-build-system) @@ -164,7 +165,8 @@ #:inputs inputs #:modules imported-modules #:outputs outputs - #:guile-for-build guile-for-build)) + #:guile-for-build guile-for-build + #:substitutable? substitutable?)) (define linux-module-build-system (build-system diff --git a/guix/build-system/minify.scm b/guix/build-system/minify.scm index 1418a71091..28a6781c06 100644 --- a/guix/build-system/minify.scm +++ b/guix/build-system/minify.scm @@ -44,8 +44,8 @@ (define (default-uglify-js) "Return the default package to minify JavaScript source files." ;; Lazily resolve the binding to avoid a circular dependency. - (let ((js-mod (resolve-interface '(gnu packages javascript)))) - (module-ref js-mod 'uglify-js))) + (let ((mod (resolve-interface '(gnu packages lisp-xyz)))) + (module-ref mod 'uglify-js))) (define* (lower name #:key source inputs native-inputs outputs system diff --git a/guix/build-system/qt.scm b/guix/build-system/qt.scm index b776845377..118022ec45 100644 --- a/guix/build-system/qt.scm +++ b/guix/build-system/qt.scm @@ -106,60 +106,60 @@ (define* (qt-build store name inputs - #:key (guile #f) - (outputs '("out")) (configure-flags ''()) - (search-paths '()) - (make-flags ''()) - (out-of-source? #t) - (build-type "RelWithDebInfo") - (tests? #t) - (test-target "test") - (parallel-build? #t) (parallel-tests? #f) - (validate-runpath? #t) - (patch-shebangs? #t) - (strip-binaries? #t) - (strip-flags ''("--strip-debug")) - (strip-directories ''("lib" "lib64" "libexec" - "bin" "sbin")) - (phases '(@ (guix build qt-build-system) - %standard-phases)) - (qt-wrap-excluded-outputs ''()) - (system (%current-system)) - (imported-modules %qt-build-system-modules) - (modules '((guix build cmake-build-system) - (guix build utils)))) + #:key (guile #f) + (outputs '("out")) (configure-flags ''()) + (search-paths '()) + (make-flags ''()) + (out-of-source? #t) + (build-type "RelWithDebInfo") + (tests? #t) + (test-target "test") + (parallel-build? #t) (parallel-tests? #f) + (validate-runpath? #t) + (patch-shebangs? #t) + (strip-binaries? #t) + (strip-flags ''("--strip-debug")) + (strip-directories ''("lib" "lib64" "libexec" + "bin" "sbin")) + (phases '(@ (guix build qt-build-system) + %standard-phases)) + (qt-wrap-excluded-outputs ''()) + (system (%current-system)) + (imported-modules %qt-build-system-modules) + (modules '((guix build qt-build-system) + (guix build utils)))) "Build SOURCE using CMAKE, and with INPUTS. This assumes that SOURCE provides a 'CMakeLists.txt' file as its build system." (define builder `(begin (use-modules ,@modules) - (cmake-build #:source ,(match (assoc-ref inputs "source") - (((? derivation? source)) - (derivation->output-path source)) - ((source) - source) - (source - source)) - #:system ,system - #:outputs %outputs - #:inputs %build-inputs - #:search-paths ',(map search-path-specification->sexp - search-paths) - #:phases ,phases - #:qt-wrap-excluded-outputs ,qt-wrap-excluded-outputs - #:configure-flags ,configure-flags - #:make-flags ,make-flags - #:out-of-source? ,out-of-source? - #:build-type ,build-type - #:tests? ,tests? - #:test-target ,test-target - #:parallel-build? ,parallel-build? - #:parallel-tests? ,parallel-tests? - #:validate-runpath? ,validate-runpath? - #:patch-shebangs? ,patch-shebangs? - #:strip-binaries? ,strip-binaries? - #:strip-flags ,strip-flags - #:strip-directories ,strip-directories))) + (qt-build #:source ,(match (assoc-ref inputs "source") + (((? derivation? source)) + (derivation->output-path source)) + ((source) + source) + (source + source)) + #:system ,system + #:outputs %outputs + #:inputs %build-inputs + #:search-paths ',(map search-path-specification->sexp + search-paths) + #:phases ,phases + #:qt-wrap-excluded-outputs ,qt-wrap-excluded-outputs + #:configure-flags ,configure-flags + #:make-flags ,make-flags + #:out-of-source? ,out-of-source? + #:build-type ,build-type + #:tests? ,tests? + #:test-target ,test-target + #:parallel-build? ,parallel-build? + #:parallel-tests? ,parallel-tests? + #:validate-runpath? ,validate-runpath? + #:patch-shebangs? ,patch-shebangs? + #:strip-binaries? ,strip-binaries? + #:strip-flags ,strip-flags + #:strip-directories ,strip-directories))) (define guile-for-build (match guile @@ -183,33 +183,33 @@ provides a 'CMakeLists.txt' file as its build system." ;;; (define* (qt-cross-build store name - #:key - target native-drvs target-drvs - (guile #f) - (outputs '("out")) - (configure-flags ''()) - (search-paths '()) - (native-search-paths '()) - (make-flags ''()) - (out-of-source? #t) - (build-type "RelWithDebInfo") - (tests? #f) ; nothing can be done - (test-target "test") - (parallel-build? #t) (parallel-tests? #f) - (validate-runpath? #t) - (patch-shebangs? #t) - (strip-binaries? #t) - (strip-flags ''("--strip-debug" - "--enable-deterministic-archives")) - (strip-directories ''("lib" "lib64" "libexec" - "bin" "sbin")) - (phases '(@ (guix build qt-build-system) + #:key + target native-drvs target-drvs + (guile #f) + (outputs '("out")) + (configure-flags ''()) + (search-paths '()) + (native-search-paths '()) + (make-flags ''()) + (out-of-source? #t) + (build-type "RelWithDebInfo") + (tests? #f) ; nothing can be done + (test-target "test") + (parallel-build? #t) (parallel-tests? #f) + (validate-runpath? #t) + (patch-shebangs? #t) + (strip-binaries? #t) + (strip-flags ''("--strip-debug" + "--enable-deterministic-archives")) + (strip-directories ''("lib" "lib64" "libexec" + "bin" "sbin")) + (phases '(@ (guix build qt-build-system) %standard-phases)) - (system (%current-system)) - (build (nix-system->gnu-triplet system)) - (imported-modules %qt-build-system-modules) - (modules '((guix build cmake-build-system) - (guix build utils)))) + (system (%current-system)) + (build (nix-system->gnu-triplet system)) + (imported-modules %qt-build-system-modules) + (modules '((guix build qt-build-system) + (guix build utils)))) "Cross-build NAME using CMAKE for TARGET, where TARGET is a GNU triplet and with INPUTS. This assumes that SOURCE provides a 'CMakeLists.txt' file as its build system." @@ -237,38 +237,38 @@ build system." `(,name . ,path))) target-drvs)) - (cmake-build #:source ,(match (assoc-ref native-drvs "source") - (((? derivation? source)) - (derivation->output-path source)) - ((source) - source) - (source - source)) - #:system ,system - #:build ,build - #:target ,target - #:outputs %outputs - #:inputs %build-target-inputs - #:native-inputs %build-host-inputs - #:search-paths ',(map search-path-specification->sexp - search-paths) - #:native-search-paths ',(map - search-path-specification->sexp - native-search-paths) - #:phases ,phases - #:configure-flags ,configure-flags - #:make-flags ,make-flags - #:out-of-source? ,out-of-source? - #:build-type ,build-type - #:tests? ,tests? - #:test-target ,test-target - #:parallel-build? ,parallel-build? - #:parallel-tests? ,parallel-tests? - #:validate-runpath? ,validate-runpath? - #:patch-shebangs? ,patch-shebangs? - #:strip-binaries? ,strip-binaries? - #:strip-flags ,strip-flags - #:strip-directories ,strip-directories)))) + (qt-build #:source ,(match (assoc-ref native-drvs "source") + (((? derivation? source)) + (derivation->output-path source)) + ((source) + source) + (source + source)) + #:system ,system + #:build ,build + #:target ,target + #:outputs %outputs + #:inputs %build-target-inputs + #:native-inputs %build-host-inputs + #:search-paths ',(map search-path-specification->sexp + search-paths) + #:native-search-paths ',(map + search-path-specification->sexp + native-search-paths) + #:phases ,phases + #:configure-flags ,configure-flags + #:make-flags ,make-flags + #:out-of-source? ,out-of-source? + #:build-type ,build-type + #:tests? ,tests? + #:test-target ,test-target + #:parallel-build? ,parallel-build? + #:parallel-tests? ,parallel-tests? + #:validate-runpath? ,validate-runpath? + #:patch-shebangs? ,patch-shebangs? + #:strip-binaries? ,strip-binaries? + #:strip-flags ,strip-flags + #:strip-directories ,strip-directories)))) (define guile-for-build (match guile diff --git a/guix/build/download.scm b/guix/build/download.scm index 141ef409d6..a7bb3b0d6e 100644 --- a/guix/build/download.scm +++ b/guix/build/download.scm @@ -28,6 +28,7 @@ #:use-module (guix build utils) #:use-module (guix progress) #:use-module (rnrs io ports) + #:use-module ((ice-9 binary-ports) #:select (unget-bytevector)) #:use-module (rnrs bytevectors) #:use-module (srfi srfi-1) #:use-module (srfi srfi-11) @@ -158,16 +159,7 @@ out if the connection could not be established in less than TIMEOUT seconds." ;; See <http://bugs.gnu.org/12202>. (module-autoload! (current-module) '(gnutls) - '(gnutls-version make-session connection-end/client)) - -(define %tls-ports - ;; Mapping of session record ports to the underlying file port. - (make-weak-key-hash-table)) - -(define (register-tls-record-port record-port port) - "Hold a weak reference from RECORD-PORT to PORT, where RECORD-PORT is a TLS -session record port using PORT as its underlying communication port." - (hashq-set! %tls-ports record-port port)) + '(make-session connection-end/client)) (define %x509-certificate-directory ;; The directory where X.509 authority PEM certificates are stored. @@ -273,18 +265,7 @@ host name without trailing dot." ;; "(gnutls) Priority Strings"); see <http://bugs.gnu.org/23311>. ;; Explicitly disable SSLv3, which is insecure: ;; <https://tools.ietf.org/html/rfc7568>. - ;; - ;; FIXME: Since we currently fail to handle TLS 1.3 (with GnuTLS 3.6.5), - ;; remove it; see <https://bugs.gnu.org/34102>. - (set-session-priorities! session - (string-append - "NORMAL:%COMPAT:-VERS-SSL3.0" - - ;; The "VERS-TLS1.3" priority string is not - ;; supported by GnuTLS 3.5. - (if (string-prefix? "3.5." (gnutls-version)) - "" - ":-VERS-TLS1.3"))) + (set-session-priorities! session "NORMAL:%COMPAT:-VERS-SSL3.0") (set-session-credentials! session (if (and verify-certificate? ca-certs) @@ -322,17 +303,40 @@ host name without trailing dot." (apply throw args)))) (let ((record (session-record-port session))) - ;; Since we use `fileno' above, the file descriptor behind PORT would be - ;; closed when PORT is GC'd. If we used `port->fdes', it would instead - ;; never be closed. So we use `fileno', but keep a weak reference to - ;; PORT, so the file descriptor gets closed when RECORD is GC'd. - (register-tls-record-port record port) - - ;; Write HTTP requests line by line rather than byte by byte: - ;; <https://bugs.gnu.org/22966>. This is possible with Guile >= 2.2. - (setvbuf record 'line) - - record))) + (define (read! bv start count) + (define read-bv (get-bytevector-some record)) + (if (eof-object? read-bv) + 0 ; read! returns 0 on eof-object + (let ((read-bv-len (bytevector-length read-bv))) + (bytevector-copy! read-bv 0 bv start (min read-bv-len count)) + (when (< count read-bv-len) + (unget-bytevector record bv count (- read-bv-len count))) + read-bv-len))) + (define (write! bv start count) + (put-bytevector record bv start count) + (force-output record) + count) + (define (get-position) + (port-position record)) + (define (set-position! new-position) + (set-port-position! record new-position)) + (define (close) + (unless (port-closed? port) + (close-port port)) + (unless (port-closed? record) + (close-port record))) + + (setvbuf record 'block) + + ;; Return a port that wraps RECORD to ensure that closing it also + ;; closes PORT, the actual socket port, and its file descriptor. + ;; XXX: This wrapper would be unnecessary if GnuTLS could + ;; automatically close SESSION's file descriptor when RECORD is + ;; closed, but that doesn't seem to be possible currently (as of + ;; 3.6.9). + (make-custom-binary-input/output-port "gnutls wrapped port" read! write! + get-position set-position! + close)))) (define (ensure-uri uri-or-string) ;XXX: copied from (web http) (cond @@ -440,16 +444,9 @@ VERIFY-CERTIFICATE? is true, verify HTTPS server certificates." #:verify-certificate? verify-certificate?) s))))) -(define (close-connection port) - "Like 'close-port', but (1) idempotent, and (2) also closes the underlying -port if PORT is a TLS session record port." - ;; FIXME: This is a partial workaround for <http://bugs.gnu.org/20145>, - ;; because 'http-fetch' & co. may return a chunked input port whose 'close' - ;; method calls 'close-port', not 'close-connection'. +(define (close-connection port) ;deprecated (unless (port-closed? port) - (close-port port)) - (and=> (hashq-ref %tls-ports port) - close-connection)) + (close-port port))) ;; XXX: This is an awful hack to make sure the (set-port-encoding! p ;; "ISO-8859-1") call in `read-response' passes, even during bootstrap diff --git a/guix/build/emacs-utils.scm b/guix/build/emacs-utils.scm index fdacd30dd6..885fd0a217 100644 --- a/guix/build/emacs-utils.scm +++ b/guix/build/emacs-utils.scm @@ -2,6 +2,7 @@ ;;; Copyright © 2014, 2018 Mark H Weaver <mhw@netris.org> ;;; Copyright © 2014 Alex Kost <alezost@gmail.com> ;;; Copyright © 2018 Maxim Cournoyer <maxim.cournoyer@gmail.com> +;;; Copyright © 2019 Leo Prikler <leo.prikler@student.tugraz.at> ;;; ;;; This file is part of GNU Guix. ;;; @@ -23,6 +24,7 @@ #:export (%emacs emacs-batch-eval emacs-batch-edit-file + emacs-batch-disable-compilation emacs-generate-autoloads emacs-byte-compile-directory emacs-substitute-sexps @@ -50,6 +52,12 @@ (string-append "--visit=" file) (format #f "--eval=~S" expr))) +(define (emacs-batch-disable-compilation file) + (emacs-batch-edit-file file + '(progn + (add-file-local-variable 'no-byte-compile t) + (basic-save-buffer)))) + (define (emacs-generate-autoloads name directory) "Generate autoloads for Emacs package NAME placed in DIRECTORY." (let* ((file (string-append directory "/" name "-autoloads.el")) diff --git a/guix/describe.scm b/guix/describe.scm index 893dca2640..6b9b219113 100644 --- a/guix/describe.scm +++ b/guix/describe.scm @@ -30,7 +30,8 @@ current-profile-entries package-path-entries - package-provenance)) + package-provenance + manifest-entry-with-provenance)) ;;; Commentary: ;;; @@ -144,3 +145,18 @@ property of manifest entries, or #f if it could not be determined." (and main `(,main ,@(if extra (list extra) '())))))))))) + +(define (manifest-entry-with-provenance entry) + "Return ENTRY with an additional 'provenance' property if it's not already +there." + (let ((properties (manifest-entry-properties entry))) + (if (assq 'properties properties) + entry + (let ((item (manifest-entry-item entry))) + (manifest-entry + (inherit entry) + (properties + (match (and (package? item) (package-provenance item)) + (#f properties) + (sexp `((provenance ,@sexp) + ,@properties))))))))) diff --git a/guix/download.scm b/guix/download.scm index 47c8087732..b6b4812fa7 100644 --- a/guix/download.scm +++ b/guix/download.scm @@ -132,7 +132,6 @@ "ftp://ftp.hu.netfilter.org/" "ftp://www.lt.netfilter.org/pub/") (kernel.org - "http://ramses.wh2.tu-dresden.de/pub/mirrors/kernel.org/" "http://linux-kernel.uio.no/pub/" "http://kernel.osuosl.org/pub/" "http://ftp.be.debian.org/pub/" diff --git a/guix/gexp.scm b/guix/gexp.scm index 411f0844ff..912960fd1d 100644 --- a/guix/gexp.scm +++ b/guix/gexp.scm @@ -1,7 +1,8 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2014, 2015, 2016, 2017, 2018, 2019 Ludovic Courtès <ludo@gnu.org> +;;; Copyright © 2014, 2015, 2016, 2017, 2018, 2019, 2020 Ludovic Courtès <ludo@gnu.org> ;;; Copyright © 2018 Clément Lassieur <clement@lassieur.org> ;;; Copyright © 2018 Jan Nieuwenhuizen <janneke@gnu.org> +;;; Copyright © 2019 Mathieu Othacehe <m.othacehe@gmail.com> ;;; ;;; This file is part of GNU Guix. ;;; @@ -456,7 +457,10 @@ This is the declarative counterpart of 'gexp->file'." ;; Compile FILE by returning a derivation that builds the file. (match file (($ <scheme-file> name gexp splice?) - (gexp->file name gexp #:splice? splice?)))) + (gexp->file name gexp + #:splice? splice? + #:system system + #:target target)))) ;; Appending SUFFIX to BASE's output file name. (define-record-type <file-append> @@ -1598,12 +1602,19 @@ imported modules in its search path. Look up EXP's modules in MODULE-PATH." (chmod port #o555)))) #:system system #:target target - #:module-path module-path))) + #:module-path module-path + + ;; These derivations are not worth offloading or + ;; substituting. + #:local-build? #t + #:substitutable? #f))) (define* (gexp->file name exp #:key (set-load-path? #t) (module-path %load-path) - (splice? #f)) + (splice? #f) + (system (%current-system)) + target) "Return a derivation that builds a file NAME containing EXP. When SPLICE? is true, EXP is considered to be a list of expressions that will be spliced in the resulting file. @@ -1626,10 +1637,14 @@ Lookup EXP's modules in MODULE-PATH." exp (gexp ((ungexp exp))))))))) #:local-build? #t - #:substitutable? #f) + #:substitutable? #f + #:system system + #:target target) (mlet %store-monad ((set-load-path (load-path-expression modules module-path - #:extensions extensions))) + #:extensions extensions + #:system system + #:target target))) (gexp->derivation name (gexp (call-with-output-file (ungexp output) @@ -1642,7 +1657,9 @@ Lookup EXP's modules in MODULE-PATH." (gexp ((ungexp exp))))))))) #:module-path module-path #:local-build? #t - #:substitutable? #f)))) + #:substitutable? #f + #:system system + #:target target)))) (define* (text-file* name #:rest text) "Return as a monadic value a derivation that builds a text file containing diff --git a/guix/git.scm b/guix/git.scm index d7dddde3a7..83af596ef5 100644 --- a/guix/git.scm +++ b/guix/git.scm @@ -347,10 +347,11 @@ Log progress and checkout info to LOG-PORT." ;;; Commit difference. ;;; -(define (commit-closure commit) - "Return the closure of COMMIT as a set." +(define* (commit-closure commit #:optional (visited (setq))) + "Return the closure of COMMIT as a set. Skip commits contained in VISITED, +a set, and adjoin VISITED to the result." (let loop ((commits (list commit)) - (visited (setq))) + (visited visited)) (match commits (() visited) @@ -360,15 +361,16 @@ Log progress and checkout info to LOG-PORT." (loop (append (commit-parents head) tail) (set-insert head visited))))))) -(define (commit-difference new old) +(define* (commit-difference new old #:optional (excluded '())) "Return the list of commits between NEW and OLD, where OLD is assumed to be -an ancestor of NEW. +an ancestor of NEW. Exclude all the commits listed in EXCLUDED along with +their ancestors. Essentially, this computes the set difference between the closure of NEW and that of OLD." (let loop ((commits (list new)) (result '()) - (visited (commit-closure old))) + (visited (commit-closure old (list->setq excluded)))) (match commits (() (reverse result)) diff --git a/guix/gnupg.scm b/guix/gnupg.scm index 40feb44561..bf0283f8fe 100644 --- a/guix/gnupg.scm +++ b/guix/gnupg.scm @@ -1,5 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2010, 2011, 2013, 2014, 2016, 2018 Ludovic Courtès <ludo@gnu.org> +;;; Copyright © 2010, 2011, 2013, 2014, 2016, 2018, 2019 Ludovic Courtès <ludo@gnu.org> ;;; Copyright © 2013 Nikita Karetnikov <nikita@karetnikov.org> ;;; ;;; This file is part of GNU Guix. @@ -59,28 +59,37 @@ ;; unreliable. (make-parameter "pool.sks-keyservers.net")) +;; Regexps for status lines. See file `doc/DETAILS' in GnuPG. + +(define sigid-rx + (make-regexp + "^\\[GNUPG:\\] SIG_ID ([A-Za-z0-9+/]+) ([[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2}) ([[:digit:]]+)")) +(define goodsig-rx + (make-regexp "^\\[GNUPG:\\] GOODSIG ([[:xdigit:]]+) (.+)$")) +(define validsig-rx + (make-regexp + "^\\[GNUPG:\\] VALIDSIG ([[:xdigit:]]+) ([[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2}) ([[:digit:]]+) .*$")) +(define expkeysig-rx ; good signature, but expired key + (make-regexp "^\\[GNUPG:\\] EXPKEYSIG ([[:xdigit:]]+) (.*)$")) +(define errsig-rx + ;; Note: The fingeprint part (the last element of the line) appeared in + ;; GnuPG 2.2.7 according to 'doc/DETAILS', and it may be missing. + (make-regexp + "^\\[GNUPG:\\] ERRSIG ([[:xdigit:]]+) ([^ ]+) ([^ ]+) ([^ ]+) ([[:digit:]]+) ([[:digit:]]+)(.*)")) + + (define* (gnupg-verify sig file #:optional (keyring (current-keyring))) "Verify signature SIG for FILE against the keys in KEYRING. All the keys in KEYRING as assumed to be \"trusted\", whether or not they expired or were revoked. Return a status s-exp if GnuPG failed." - (define (status-line->sexp line) - ;; See file `doc/DETAILS' in GnuPG. - (define sigid-rx - (make-regexp - "^\\[GNUPG:\\] SIG_ID ([A-Za-z0-9+/]+) ([[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2}) ([[:digit:]]+)")) - (define goodsig-rx - (make-regexp "^\\[GNUPG:\\] GOODSIG ([[:xdigit:]]+) (.+)$")) - (define validsig-rx - (make-regexp - "^\\[GNUPG:\\] VALIDSIG ([[:xdigit:]]+) ([[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2}) ([[:digit:]]+) .*$")) - (define expkeysig-rx ; good signature, but expired key - (make-regexp "^\\[GNUPG:\\] EXPKEYSIG ([[:xdigit:]]+) (.*)$")) - (define errsig-rx - (make-regexp - "^\\[GNUPG:\\] ERRSIG ([[:xdigit:]]+) ([^ ]+) ([^ ]+) ([^ ]+) ([[:digit:]]+) ([[:digit:]]+)")) + (define (maybe-fingerprint str) + (match (string-trim-both str) + ((or "-" "") #f) + (fpr fpr))) + (define (status-line->sexp line) (cond ((regexp-exec sigid-rx line) => (lambda (match) @@ -108,7 +117,7 @@ revoked. Return a status s-exp if GnuPG failed." ((regexp-exec errsig-rx line) => (lambda (match) - `(signature-error ,(match:substring match 1) ; key id or fingerprint + `(signature-error ,(match:substring match 1) ; key id ,(match:substring match 2) ; pubkey algo ,(match:substring match 3) ; hash algo ,(match:substring match 4) ; sig class @@ -120,7 +129,9 @@ revoked. Return a status s-exp if GnuPG failed." (case rc ((9) 'missing-key) ((4) 'unknown-algorithm) - (else rc)))))) + (else rc))) + ,(maybe-fingerprint ; fingerprint or #f + (match:substring match 7))))) (else `(unparsed-line ,line)))) @@ -142,33 +153,37 @@ revoked. Return a status s-exp if GnuPG failed." (define (gnupg-status-good-signature? status) "If STATUS, as returned by `gnupg-verify', denotes a good signature, return -a key-id/user pair; return #f otherwise." - (any (lambda (sexp) - (match sexp - (((or 'good-signature 'expired-key-signature) key-id user) - (cons key-id user)) - (_ #f))) - status)) +a fingerprint/user pair; return #f otherwise." + (match (assq 'valid-signature status) + (('valid-signature fingerprint date timestamp) + (match (or (assq 'good-signature status) + (assq 'expired-key-signature status)) + ((_ key-id user) (cons fingerprint user)) + (_ #f))) + (_ + #f))) (define (gnupg-status-missing-key? status) - "If STATUS denotes a missing-key error, then return the key-id of the -missing key." + "If STATUS denotes a missing-key error, then return the fingerprint of the +missing key or its key id if the fingerprint is unavailable." (any (lambda (sexp) (match sexp - (('signature-error key-id _ ...) - key-id) + (('signature-error key-id _ ... 'missing-key fingerprint) + (or fingerprint key-id)) (_ #f))) status)) -(define* (gnupg-receive-keys key-id server +(define* (gnupg-receive-keys fingerprint/key-id server #:optional (keyring (current-keyring))) + "Download FINGERPRINT/KEY-ID from SERVER, a key server, and add it to +KEYRING." (unless (file-exists? keyring) (mkdir-p (dirname keyring)) (call-with-output-file keyring (const #t))) ;create an empty keybox - (system* (%gpg-command) "--keyserver" server - "--no-default-keyring" "--keyring" keyring - "--recv-keys" key-id)) + (zero? (system* (%gpg-command) "--keyserver" server + "--no-default-keyring" "--keyring" keyring + "--recv-keys" fingerprint/key-id))) (define* (gnupg-verify* sig file #:key @@ -176,35 +191,48 @@ missing key." (server (%openpgp-key-server)) (keyring (current-keyring))) "Like `gnupg-verify', but try downloading the public key if it's missing. -Return #t if the signature was good, #f otherwise. KEY-DOWNLOAD specifies a -download policy for missing OpenPGP keys; allowed values: 'always', 'never', -and 'interactive' (default)." +Return two values: 'valid-signature and a fingerprint/name pair upon success, +'missing-key and a fingerprint if the key could not be found, and +'invalid-signature with a fingerprint if the signature is invalid. + +KEY-DOWNLOAD specifies a download policy for missing OpenPGP keys; allowed +values: 'always', 'never', and 'interactive' (default). Return a +fingerprint/user name pair on success and #f otherwise." (let ((status (gnupg-verify sig file))) - (or (gnupg-status-good-signature? status) - (let ((missing (gnupg-status-missing-key? status))) - (define (download-and-try-again) - ;; Download the missing key and try again. - (begin - (gnupg-receive-keys missing server keyring) - (gnupg-status-good-signature? (gnupg-verify sig file - keyring)))) - - (define (receive?) - (let ((answer - (begin - (format #t (G_ "Would you like to add this key \ + (match (gnupg-status-good-signature? status) + ((fingerprint . user) + (values 'valid-signature (cons fingerprint user))) + (#f + (let ((missing (gnupg-status-missing-key? status))) + (define (download-and-try-again) + ;; Download the missing key and try again. + (if (gnupg-receive-keys missing server keyring) + (match (gnupg-status-good-signature? + (gnupg-verify sig file keyring)) + (#f + (values 'invalid-signature missing)) + ((fingerprint . user) + (values 'valid-signature + (cons fingerprint user)))) + (values 'missing-key missing))) + + (define (receive?) + (let ((answer + (begin + (format #t (G_ "Would you like to add this key \ to keyring '~a'?~%") - keyring) - (read-line)))) - (string-match (locale-yes-regexp) answer))) - - (and missing - (case key-download - ((never) #f) - ((always) - (download-and-try-again)) - (else - (and (receive?) - (download-and-try-again))))))))) + keyring) + (read-line)))) + (string-match (locale-yes-regexp) answer))) + + (case key-download + ((never) + (values 'missing-key missing)) + ((always) + (download-and-try-again)) + (else + (if (receive?) + (download-and-try-again) + (values 'missing-key missing))))))))) ;;; gnupg.scm ends here diff --git a/guix/http-client.scm b/guix/http-client.scm index 067002a79a..5a5a33b4c0 100644 --- a/guix/http-client.scm +++ b/guix/http-client.scm @@ -70,14 +70,13 @@ (define* (http-fetch uri #:key port (text? #f) (buffered? #t) - keep-alive? (verify-certificate? #t) + (verify-certificate? #t) (headers '((user-agent . "GNU Guile")))) "Return an input port containing the data at URI, and the expected number of bytes available or #f. If TEXT? is true, the data at URI is considered to be textual. Follow any HTTP redirection. When BUFFERED? is #f, return an -unbuffered port, suitable for use in `filtered-port'. When KEEP-ALIVE? is -true, send a 'Connection: keep-alive' HTTP header, in which case PORT may be -reused for future HTTP requests. HEADERS is an alist of extra HTTP headers. +unbuffered port, suitable for use in `filtered-port'. HEADERS is an alist of +extra HTTP headers. When VERIFY-CERTIFICATE? is true, verify HTTPS server certificates. @@ -100,7 +99,11 @@ Raise an '&http-get-error' condition if downloading fails." (setvbuf port 'none)) (let*-values (((resp data) (http-get uri #:streaming? #t #:port port - #:keep-alive? #t + ;; XXX: When #:keep-alive? is true, if DATA is + ;; a chunked-encoding port, closing DATA won't + ;; close PORT, leading to a file descriptor + ;; leak. + #:keep-alive? #f #:headers headers)) ((code) (response-code resp))) diff --git a/guix/import/cran.scm b/guix/import/cran.scm index f3f1747e43..13771ec598 100644 --- a/guix/import/cran.scm +++ b/guix/import/cran.scm @@ -1,6 +1,6 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2015, 2016, 2017, 2018, 2019 Ricardo Wurmus <rekado@elephly.net> -;;; Copyright © 2015, 2016, 2017, 2019 Ludovic Courtès <ludo@gnu.org> +;;; Copyright © 2015, 2016, 2017, 2019, 2020 Ludovic Courtès <ludo@gnu.org> ;;; Copyright © 2017 Mathieu Othacehe <m.othacehe@gmail.com> ;;; ;;; This file is part of GNU Guix. @@ -161,7 +161,10 @@ release." ;; alist of attributes. (map (lambda (chunk) (description->alist (string-join chunk "\n"))) - (chunk-lines (read-lines (http-fetch/cached url))))))) + (let* ((port (http-fetch/cached url)) + (lines (read-lines port))) + (close-port port) + (chunk-lines lines)))))) (define* (latest-bioconductor-package-version name #:optional type) "Return the version string corresponding to the latest release of the @@ -206,7 +209,10 @@ from ~s: ~a (~s)~%" (http-get-error-code c) (http-get-error-reason c)) #f)) - (description->alist (read-string (http-fetch url)))))) + (let* ((port (http-fetch url)) + (result (description->alist (read-string port)))) + (close-port port) + result)))) ((bioconductor) ;; Currently, the bioconductor project does not offer a way to access a ;; package's DESCRIPTION file over HTTP, so we determine the version, diff --git a/guix/import/crate.scm b/guix/import/crate.scm index 4c3f8000d0..405a26a877 100644 --- a/guix/import/crate.scm +++ b/guix/import/crate.scm @@ -231,10 +231,13 @@ latest version of CRATE-NAME." string->license)) (append cargo-inputs cargo-development-inputs))))) -(define (crate-recursive-import crate-name) +(define* (crate-recursive-import crate-name #:optional version) (recursive-import crate-name #f - #:repo->guix-package (lambda (name repo) - (crate->guix-package name)) + #:repo->guix-package + (lambda (name repo) + (let ((version (and (string=? name crate-name) + version))) + (crate->guix-package name version))) #:guix-name crate-name->package-name)) (define (guix-package->crate-name package) diff --git a/guix/inferior.scm b/guix/inferior.scm index 71dae89e92..c4969cd56a 100644 --- a/guix/inferior.scm +++ b/guix/inferior.scm @@ -82,6 +82,7 @@ inferior-package-native-search-paths inferior-package-transitive-native-search-paths inferior-package-search-paths + inferior-package-provenance inferior-package-derivation inferior-package->manifest-entry @@ -416,6 +417,19 @@ package." (define inferior-package-transitive-native-search-paths (cut %inferior-package-search-paths <> 'package-transitive-native-search-paths)) +(define (inferior-package-provenance package) + "Return a \"provenance sexp\" for PACKAGE, an inferior package. The result +is similar to the sexp returned by 'package-provenance' for regular packages." + (inferior-package-field package + '(let* ((describe + (false-if-exception + (resolve-interface '(guix describe)))) + (provenance + (false-if-exception + (module-ref describe + 'package-provenance)))) + (or provenance (const #f))))) + (define (proxy client backend) ;adapted from (guix ssh) "Proxy communication between CLIENT and BACKEND until CLIENT closes the connection, at which point CLIENT is closed (both CLIENT and BACKEND must be diff --git a/guix/lint.scm b/guix/lint.scm index cd2ea571ed..41ddff584d 100644 --- a/guix/lint.scm +++ b/guix/lint.scm @@ -1,7 +1,7 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2014 Cyril Roelandt <tipecaml@gmail.com> ;;; Copyright © 2014, 2015 Eric Bavier <bavier@member.fsf.org> -;;; Copyright © 2013, 2014, 2015, 2016, 2017, 2018, 2019 Ludovic Courtès <ludo@gnu.org> +;;; Copyright © 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020 Ludovic Courtès <ludo@gnu.org> ;;; Copyright © 2015, 2016 Mathieu Lirzin <mthl@gnu.org> ;;; Copyright © 2016 Danny Milosavljevic <dannym+a@scratchpost.org> ;;; Copyright © 2016 Hartmut Goebel <h.goebel@crazy-compilers.com> @@ -26,7 +26,7 @@ ;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>. (define-module (guix lint) - #:use-module ((guix store) #:hide (close-connection)) + #:use-module (guix store) #:use-module (guix base32) #:use-module (guix diagnostics) #:use-module (guix download) @@ -54,8 +54,7 @@ #:use-module ((guix build download) #:select (maybe-expand-mirrors (open-connection-for-uri - . guix:open-connection-for-uri) - close-connection)) + . guix:open-connection-for-uri))) #:use-module (web request) #:use-module (web response) #:use-module (srfi srfi-1) @@ -453,7 +452,7 @@ for connections to complete; when TIMEOUT is #f, wait as long as needed." (force-output port) (read-response port)) (lambda () - (close-connection port)))) + (close-port port)))) (case (response-code response) ((302 ; found (redirection) diff --git a/guix/packages.scm b/guix/packages.scm index c98fb98aec..5ecb97f946 100644 --- a/guix/packages.scm +++ b/guix/packages.scm @@ -3,7 +3,7 @@ ;;; Copyright © 2014, 2015, 2017, 2018 Mark H Weaver <mhw@netris.org> ;;; Copyright © 2015 Eric Bavier <bavier@member.fsf.org> ;;; Copyright © 2016 Alex Kost <alezost@gmail.com> -;;; Copyright © 2017 Efraim Flashner <efraim@flashner.co.il> +;;; Copyright © 2017, 2019 Efraim Flashner <efraim@flashner.co.il> ;;; Copyright © 2019 Marius Bakke <mbakke@fastmail.com> ;;; ;;; This file is part of GNU Guix. @@ -236,7 +236,7 @@ name of its URI." (define %hurd-systems ;; The GNU/Hurd systems for which support is being developed. - '("i585-gnu" "i686-gnu")) + '("i586-gnu" "i686-gnu")) (define %hydra-supported-systems ;; This is the list of system types for which build machines are available. diff --git a/guix/profiles.scm b/guix/profiles.scm index 616605151e..0d38b2513f 100644 --- a/guix/profiles.scm +++ b/guix/profiles.scm @@ -9,6 +9,7 @@ ;;; Copyright © 2017 Huang Ying <huang.ying.caritas@gmail.com> ;;; Copyright © 2017 Maxim Cournoyer <maxim.cournoyer@gmail.com> ;;; Copyright © 2019 Kyle Meyer <kyle@kyleam.com> +;;; Copyright © 2019 Mathieu Othacehe <m.othacehe@gmail.com> ;;; ;;; This file is part of GNU Guix. ;;; @@ -93,6 +94,7 @@ manifest-pattern-output concatenate-manifests + map-manifest-entries manifest-remove manifest-add manifest-lookup @@ -520,6 +522,11 @@ procedure is here for backward-compatibility and will eventually vanish." "Concatenate the manifests listed in LST and return the resulting manifest." (manifest (append-map manifest-entries lst))) +(define (map-manifest-entries proc manifest) + "Apply PROC to all the entries of MANIFEST and return a new manifest." + (make-manifest + (map proc (manifest-entries manifest)))) + (define (entry-predicate pattern) "Return a procedure that returns #t when passed a manifest entry that matches NAME/OUTPUT/VERSION. OUTPUT and VERSION may be #f, in which case they @@ -1457,6 +1464,9 @@ are cross-built for TARGET." (mlet* %store-monad ((system (if system (return system) (current-system))) + (target (if target + (return target) + (current-target-system))) (ok? (if allow-collisions? (return #t) (check-for-collisions manifest system diff --git a/guix/scripts/import/crate.scm b/guix/scripts/import/crate.scm index 92034dab3c..d834518c18 100644 --- a/guix/scripts/import/crate.scm +++ b/guix/scripts/import/crate.scm @@ -100,7 +100,7 @@ Import and convert the crate.io package for PACKAGE-NAME.\n")) `(define-public ,(string->symbol name) ,pkg)) (_ #f)) - (crate-recursive-import name)) + (crate-recursive-import name version)) (let ((sexp (crate->guix-package name version))) (unless sexp (leave (G_ "failed to download meta-data for package '~a'~%") diff --git a/guix/scripts/pack.scm b/guix/scripts/pack.scm index bbacc93bc0..b84e37cbf2 100644 --- a/guix/scripts/pack.scm +++ b/guix/scripts/pack.scm @@ -319,7 +319,7 @@ to the search paths of PROFILE." entry-point localstatedir? (symlinks '()) - (archiver squashfs-tools-next)) + (archiver squashfs-tools)) "Return a squashfs image containing a store initialized with the closure of PROFILE, a derivation. The image contains a subset of /gnu/store, empty mount points for virtual file systems (like procfs), and optional symlinks. @@ -753,11 +753,6 @@ last resort for relocation." (manifest-entry-output entry) args)))) -(define (map-manifest-entries proc manifest) - "Apply PROC to all the entries of MANIFEST and return a new manifest." - (make-manifest - (map proc (manifest-entries manifest)))) - ;;; ;;; Command-line options. @@ -979,36 +974,32 @@ Create a bundle of PACKAGE.\n")) (('manifest . file) file) (_ #f)) opts))) - (define properties + (define with-provenance (if (assoc-ref opts 'save-provenance?) - (lambda (package) - (match (package-provenance package) - (#f - (warning (G_ "could not determine provenance of package ~a~%") - (package-full-name package)) - '()) - (sexp - `((provenance . ,sexp))))) - (const '()))) - - (cond - ((and (not (null? manifests)) (not (null? packages))) - (leave (G_ "both a manifest and a package list were given~%"))) - ((not (null? manifests)) - (concatenate-manifests - (map (lambda (file) - (let ((user-module (make-user-module - '((guix profiles) (gnu))))) - (load* file user-module))) - manifests))) - (else - (manifest - (map (match-lambda - ((package output) - (package->manifest-entry package output - #:properties - (properties package)))) - packages)))))) + (lambda (manifest) + (map-manifest-entries + (lambda (entry) + (let ((entry (manifest-entry-with-provenance entry))) + (unless (assq 'provenance (manifest-entry-properties entry)) + (warning (G_ "could not determine provenance of package ~a~%") + (manifest-entry-name entry))) + entry)) + manifest)) + identity)) + + (with-provenance + (cond + ((and (not (null? manifests)) (not (null? packages))) + (leave (G_ "both a manifest and a package list were given~%"))) + ((not (null? manifests)) + (concatenate-manifests + (map (lambda (file) + (let ((user-module (make-user-module + '((guix profiles) (gnu))))) + (load* file user-module))) + manifests))) + (else + (packages->manifest packages)))))) (with-error-handling (with-store store @@ -1045,7 +1036,7 @@ Create a bundle of PACKAGE.\n")) bootstrap-xz (assoc-ref opts 'compressor))) (archiver (if (equal? pack-format 'squashfs) - squashfs-tools-next + squashfs-tools (if bootstrap? %bootstrap-coreutils&co tar))) diff --git a/guix/scripts/package.scm b/guix/scripts/package.scm index 92c6e34194..ea16435d2d 100644 --- a/guix/scripts/package.scm +++ b/guix/scripts/package.scm @@ -38,7 +38,7 @@ #:use-module (guix config) #:use-module (guix scripts) #:use-module (guix scripts build) - #:autoload (guix describe) (package-provenance) + #:use-module (guix describe) #:autoload (guix store roots) (gc-roots) #:use-module ((guix build utils) #:select (directory-exists? mkdir-p)) @@ -883,7 +883,10 @@ processed, #f otherwise." opts)) (manifest (match files (() (profile-manifest profile)) - (_ (concatenate-manifests (map load-manifest files))))) + (_ (map-manifest-entries + manifest-entry-with-provenance + (concatenate-manifests + (map load-manifest files)))))) (step1 (options->removable opts manifest (manifest-transaction))) (step2 (options->installable opts manifest step1)) diff --git a/guix/scripts/substitute.scm b/guix/scripts/substitute.scm index 7eca2c6874..3bf9b8735f 100755 --- a/guix/scripts/substitute.scm +++ b/guix/scripts/substitute.scm @@ -1,5 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2013, 2014, 2015, 2016, 2017, 2018, 2019 Ludovic Courtès <ludo@gnu.org> +;;; Copyright © 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020 Ludovic Courtès <ludo@gnu.org> ;;; Copyright © 2014 Nikita Karetnikov <nikita@karetnikov.org> ;;; Copyright © 2018 Kyle Meyer <kyle@kyleam.com> ;;; @@ -20,7 +20,7 @@ (define-module (guix scripts substitute) #:use-module (guix ui) - #:use-module ((guix store) #:hide (close-connection)) + #:use-module (guix store) #:use-module (guix utils) #:use-module (guix combinators) #:use-module (guix config) @@ -37,7 +37,6 @@ #:select (uri-abbreviation nar-uri-abbreviation (open-connection-for-uri . guix:open-connection-for-uri) - close-connection store-path-abbreviation byte-count->string)) #:use-module (guix progress) #:use-module ((guix build syscalls) @@ -556,7 +555,7 @@ initial connection on which HTTP requests are sent." ;; Note that even upon "Connection: close", we can read from BODY. (match (assq 'connection (response-headers resp)) (('connection 'close) - (close-connection p) + (close-port p) (connect #f ;try again (append tail (drop requests processed)) result)) diff --git a/guix/scripts/system.scm b/guix/scripts/system.scm index 3e9570753d..e69a3b6c97 100644 --- a/guix/scripts/system.scm +++ b/guix/scripts/system.scm @@ -1189,6 +1189,11 @@ resulting from command-line parsing." (define (process-command command args opts) "Process COMMAND, one of the 'guix system' sub-commands. ARGS is its argument list and OPTS is the option alist." + (define-syntax-rule (with-store* store exp ...) + (with-store store + (set-build-options-from-command-line store opts) + exp ...)) + (case command ;; The following commands do not need to use the store, and they do not need ;; an operating system configuration file. @@ -1213,22 +1218,20 @@ argument list and OPTS is the option alist." (() #f) ((pattern) pattern) (x (leave (G_ "wrong number of arguments~%")))))) - (with-store store + (with-store* store (delete-matching-generations store %system-profile pattern) (reinstall-bootloader store (generation-number %system-profile))))) ((switch-generation) (let ((pattern (match args ((pattern) pattern) (x (leave (G_ "wrong number of arguments~%")))))) - (with-store store - (set-build-options-from-command-line store opts) + (with-store* store (switch-to-system-generation store pattern)))) ((roll-back) (let ((pattern (match args (() "") (x (leave (G_ "wrong number of arguments~%")))))) - (with-store store - (set-build-options-from-command-line store opts) + (with-store* store (roll-back-system store)))) ;; The following commands need to use the store, and they also ;; need an operating system configuration file. @@ -1297,6 +1300,7 @@ argument list and OPTS is the option alist." ;;; Local Variables: ;;; eval: (put 'call-with-service-upgrade-info 'scheme-indent-function 1) +;;; eval: (put 'with-store* 'scheme-indent-function 1) ;;; End: ;;; system.scm ends here diff --git a/guix/store.scm b/guix/store.scm index cf25d347fc..f99fa581a8 100644 --- a/guix/store.scm +++ b/guix/store.scm @@ -1,6 +1,7 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019 Ludovic Courtès <ludo@gnu.org> ;;; Copyright © 2018 Jan Nieuwenhuizen <janneke@gnu.org> +;;; Copyright © 2019 Mathieu Othacehe <m.othacehe@gmail.com> ;;; ;;; This file is part of GNU Guix. ;;; @@ -159,6 +160,7 @@ %guile-for-build current-system set-current-system + current-target-system text-file interned-file interned-file-tree @@ -1816,6 +1818,11 @@ the store." (lambda (state) (values (%current-system system) state))) +(define-inlinable (current-target-system) + ;; Consult the %CURRENT-TARGET-SYSTEM fluid at bind time. + (lambda (state) + (values (%current-target-system) state))) + (define %guile-for-build ;; The derivation of the Guile to be used within the build environment, ;; when using 'gexp->derivation' and co. diff --git a/guix/swh.scm b/guix/swh.scm index 70eeef5c6b..3abf9aa1b5 100644 --- a/guix/swh.scm +++ b/guix/swh.scm @@ -244,7 +244,7 @@ FALSE-IF-404? is true, return #f upon 404 responses." docstring (call (swh-url components ...) json->value))))) -;; <https://archive.softwareheritage.org/api/1/origin/ttps://github.com/guix-mirror/guix/get> +;; <https://archive.softwareheritage.org/api/1/origin/https://github.com/guix-mirror/guix/get> (define-json-mapping <origin> make-origin origin? json->origin (id origin-id) diff --git a/guix/ui.scm b/guix/ui.scm index 540671f3dd..023e604085 100644 --- a/guix/ui.scm +++ b/guix/ui.scm @@ -1,5 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019 Ludovic Courtès <ludo@gnu.org> +;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020 Ludovic Courtès <ludo@gnu.org> ;;; Copyright © 2013, 2018 Mark H Weaver <mhw@netris.org> ;;; Copyright © 2013 Nikita Karetnikov <nikita@karetnikov.org> ;;; Copyright © 2014 Cyril Roelandt <tipecaml@gmail.com> @@ -494,7 +494,7 @@ See the \"Application Setup\" section in the manual, for more info.\n"))))) "Display version information for COMMAND and `(exit 0)'." (simple-format #t "~a (~a) ~a~%" command %guix-package-name %guix-version) - (format #t "Copyright ~a 2019 ~a" + (format #t "Copyright ~a 2020 ~a" ;; TRANSLATORS: Translate "(C)" to the copyright symbol ;; (C-in-a-circle), if this symbol is available in the user's ;; locale. Otherwise, do not translate "(C)"; leave it as-is. */ diff --git a/guix/upstream.scm b/guix/upstream.scm index aa47dab4b4..c11de0b25b 100644 --- a/guix/upstream.scm +++ b/guix/upstream.scm @@ -318,16 +318,20 @@ values: 'interactive' (default), 'always', and 'never'." (basename url) tarball))) (mbegin %store-monad (built-derivations (list drv)) - (return (derivation->output-path drv))))))) - - (ret (gnupg-verify* sig data #:key-download key-download))) - (if ret - tarball - (begin - (warning (G_ "signature verification failed for `~a'~%") - url) - (warning (G_ "(could be because the public key is not in your keyring)~%")) - #f)))))) + (return (derivation->output-path drv)))))))) + (let-values (((status data) + (gnupg-verify* sig data #:key-download key-download))) + (match status + ('valid-signature + tarball) + ('invalid-signature + (warning (G_ "signature verification failed for '~a' (key: ~a)~%") + url data) + #f) + ('missing-key + (warning (G_ "missing public key ~a for '~a'~%") + data url) + #f))))))) (define (find2 pred lst1 lst2) "Like 'find', but operate on items from both LST1 and LST2. Return two |