guix
/
guix
mirror of git://git.savannah.gnu.org/guix.git
3
5
Fork 0
Code Issues Releases Wiki Activity

Merge remote-tracking branch 'origin/version-1.2.0' into master 

Conflicts:
	gnu/packages/bioinformatics.scm

The python-pysam package fixed in master was kept instead of the update done
in the version-1.2.0 branch.
This commit is contained in:
Maxim Cournoyer 2020-11-17 18:00:28 -05:00
parent 5f9c92dd62 9113de2ca2
commit 129b9b16d9
No known key found for this signature in database
GPG Key ID: 1260E46482E63562
18 changed files with 431 additions and 91 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.dir-locals.el
View File

@ -134,7 +134,6 @@
(eval . (put 'call-with-progress-reporter 'scheme-indent-function 1))
(eval . (put 'with-repository 'scheme-indent-function 2))
(eval . (put 'with-temporary-git-repository 'scheme-indent-function 2))
(eval . (put 'with-temporary-git-worktree 'scheme-indent-function 2))
(eval . (put 'with-environment-variables 'scheme-indent-function 1))
(eval . (put 'with-fresh-gnupg-setup 'scheme-indent-function 1))

23
Makefile.am
View File

@ -562,7 +562,7 @@ dist_zshcompletion_DATA = etc/completion/zsh/_guix
dist_fishcompletion_DATA = etc/completion/fish/guix.fish
# SELinux policy
nodist_selinux_policy_DATA = etc/guix-daemon.cil.in
nodist_selinux_policy_DATA = etc/guix-daemon.cil
EXTRA_DIST += \
HACKING \
@ -570,6 +570,7 @@ EXTRA_DIST += \
TODO \
CODE-OF-CONDUCT \
.dir-locals.el \
.guix-authorizations \
.guix-channel \
scripts/guix.in \
etc/guix-install.sh \
@ -710,7 +711,7 @@ AM_DISTCHECK_CONFIGURE_FLAGS = \
ac_cv_guix_test_root="$(GUIX_TEST_ROOT)"
# Name of the 'guix' package shipped in the binary tarball.
GUIX_FOR_BINARY_TARBALL = guile3.0-guix
GUIX_FOR_BINARY_TARBALL = guix
# The self-contained tarball.
guix-binary.%.tar.xz:
@ -730,8 +731,8 @@ distcheck-hook: assert-binaries-available assert-final-inputs-self-contained
EXTRA_DIST += $(top_srcdir)/.version
BUILT_SOURCES += $(top_srcdir)/.version
$(top_srcdir)/.version:
echo $(VERSION) > "$@-t" && mv "$@-t" "$@"
$(top_srcdir)/.version: config.status
$(AM_V_GEN)echo $(VERSION) > "$@-t" && mv "$@-t" "$@"
gen-tarball-version:
echo $(VERSION) > "$(distdir)/.tarball-version"
@ -826,9 +827,10 @@ release: dist-with-updated-version
$(MKDIR_P) "$(releasedir)"
rm -f "$(releasedir)"/*
mv $(SOURCE_TARBALLS) "$(releasedir)"
$(top_builddir)/pre-inst-env "$(GUILE)" \
$(top_srcdir)/build-aux/update-guix-package.scm \
"`git rev-parse HEAD`" "$(PACKAGE_VERSION)"
GUIX_ALLOW_ME_TO_USE_PRIVATE_COMMIT=yes \
$(top_builddir)/pre-inst-env "$(GUILE)" \
$(top_srcdir)/build-aux/update-guix-package.scm \
"`git rev-parse HEAD`" "$(PACKAGE_VERSION)"
git add $(top_srcdir)/gnu/packages/package-management.scm
git commit -m "gnu: guix: Update to $(PACKAGE_VERSION)."
$(top_builddir)/pre-inst-env guix build $(GUIX_FOR_BINARY_TARBALL) \
@ -840,9 +842,10 @@ release: dist-with-updated-version
mv "guix-binary.$$system.tar.xz" \
"$(releasedir)/guix-binary-$(PACKAGE_VERSION).$$system.tar.xz" ; \
done
$(top_builddir)/pre-inst-env "$(GUILE)" \
$(top_srcdir)/build-aux/update-guix-package.scm \
"`git rev-parse HEAD`"
GUIX_ALLOW_ME_TO_USE_PRIVATE_COMMIT=yes \
$(top_builddir)/pre-inst-env "$(GUILE)" \
$(top_srcdir)/build-aux/update-guix-package.scm \
"`git rev-parse HEAD`"
git add $(top_srcdir)/gnu/packages/package-management.scm
git commit -m "gnu: guix: Update to `git rev-parse HEAD | cut -c1-7`."
$(top_builddir)/pre-inst-env guix build guix \

4
NEWS
View File

@ -60,6 +60,8 @@ Please send Guix bug reports to bug-guix@gnu.org.
*** swap-devices field of operating-system can contains UUIDs and labels
*** Graphical installer uses UUIDs for unencrypted swap partitions
*** Graphical installer now supports NTFS file systems
*** File systems UUIDs and labels now recognized for F2FS and NTFS
*** Root file system can now be on NFS
*** New services
autossh, ganeti, gmnisrv, guix-build-coordinator,
@ -96,6 +98,8 @@ simulated-wifi, udev-rules, unattended-upgrade, webssh, zram
(<https://issues.guix.gnu.org/35394>)
*** guix system reconfigure now starts services not currently running
(<https://bugs.gnu.org/43720>)
*** Desktop environments now detect newly installed applications
(<https://bugs.gnu.org/35594>)
*** Offloading and copying small items is now much faster
(<https://issues.guix.gnu.org/43340>)
*** GCC switched back to C_INCLUDE_PATH & co. from CPATH

73
build-aux/update-guix-package.scm
View File

@ -44,9 +44,6 @@
(define %top-srcdir
(string-append (current-source-directory) "/.."))
(define version-controlled?
(git-predicate %top-srcdir))
(define (package-definition-location)
"Return the source properties of the definition of the 'guix' package."
(call-with-input-file (location-file (package-location guix))
@ -114,8 +111,9 @@ COMMIT."
"Create a new git worktree at DIRECTORY, detached on commit COMMIT."
(invoke "git" "worktree" "add" "--detach" directory commit))
(define-syntax-rule (with-temporary-git-worktree commit body ...)
"Execute BODY in the context of a temporary git worktree created from COMMIT."
(define (call-with-temporary-git-worktree commit proc)
"Execute PROC in the context of a temporary git worktree created from
COMMIT. PROC receives the temporary directory file name as an argument."
(call-with-temporary-directory
(lambda (tmp-directory)
(dynamic-wind
@ -123,12 +121,12 @@ COMMIT."
#t)
(lambda ()
(git-add-worktree tmp-directory commit)
(with-directory-excursion tmp-directory body ...))
(proc tmp-directory))
(lambda ()
(invoke "git" "worktree" "remove" "--force" tmp-directory))))))
(define %savannah-guix-git-repo-push-url-regexp
"git.(savannah|sv).gnu.org/srv/git/guix.git \\(push\\)")
"git.(savannah|sv).gnu.org:?/srv/git/guix.git \\(push\\)")
(define-syntax-rule (with-input-pipe-to-string prog arg ...)
(let* ((input-pipe (open-pipe* OPEN_READ prog arg ...))
@ -156,27 +154,60 @@ COMMIT."
"git" "branch" "-r" "--contains" commit
(string-append remote "/master")))))
(define (keep-source-in-store store source)
"Add SOURCE to the store under the name that the 'guix' package expects."
;; Add SOURCE to the store, but this time under the real name used in the
;; 'origin'. This allows us to build the package without having to make a
;; real checkout; thus, it also works when working on a private branch.
(reload-module
(resolve-module '(gnu packages package-management)))
(let* ((source (add-to-store store
(origin-file-name (package-source guix))
#t "sha256" source
#:select? (git-predicate source)))
(root (store-path-package-name source)))
;; Add an indirect GC root for SOURCE in the current directory.
(false-if-exception (delete-file root))
(symlink source root)
(add-indirect-root store
(string-append (getcwd) "/" root))
(info (G_ "source code kept in ~a (GC root: ~a)~%")
source root)))
(define (main . args)
(match args
((commit version)
(with-directory-excursion %top-srcdir
(or (getenv "GUIX_ALLOW_ME_TO_USE_PRIVATE_COMMIT")
(commit-already-pushed? (find-origin-remote) commit)
(let ((remote (find-origin-remote)))
(unless remote
(leave (G_ "Failed to find the origin git remote.~%")))
(commit-already-pushed? remote commit))
(leave (G_ "Commit ~a is not pushed upstream. Aborting.~%") commit))
(let* ((hash (with-temporary-git-worktree commit
(nix-base32-string->bytevector
(string-trim-both
(with-output-to-string
(lambda ()
(guix-hash "-rx" ".")))))))
(location (package-definition-location))
(old-hash (content-hash-value
(origin-hash (package-source guix)))))
(edit-expression location
(update-definition commit hash
#:old-hash old-hash
#:version version)))))
(call-with-temporary-git-worktree commit
(lambda (tmp-directory)
(let* ((hash (nix-base32-string->bytevector
(string-trim-both
(with-output-to-string
(lambda ()
(guix-hash "-rx" tmp-directory))))))
(location (package-definition-location))
(old-hash (content-hash-value
(origin-hash (package-source guix)))))
(edit-expression location
(update-definition commit hash
#:old-hash old-hash
#:version version))
;; When GUIX_ALLOW_ME_TO_USE_PRIVATE_COMMIT is set, the sources are
;; added to the store. This is used as part of 'make release'.
(when (getenv "GUIX_ALLOW_ME_TO_USE_PRIVATE_COMMIT")
(with-store store
(keep-source-in-store store tmp-directory))))))))
((commit)
;; Automatically deduce the version and revision numbers.
(main commit #f))))

11
doc/contributing.texi
View File

@ -1368,11 +1368,6 @@ commit that others can't refer to, a check is made that the commit used
has already been pushed to the Savannah-hosted Guix git repository.
This check can be disabled, @emph{at your own peril}, by setting the
@code{GUIX_ALLOW_ME_TO_USE_PRIVATE_COMMIT} environment variable.
To build the resulting 'guix' package when using a private commit, the
following command can be used:
@example
./pre-inst-env guix build guix --with-git-url=guix=$PWD
@end example
@code{GUIX_ALLOW_ME_TO_USE_PRIVATE_COMMIT} environment variable. When
this variable is set, the updated package source is also added to the
store. This is used as part of the release process of Guix.

180
etc/guix-daemon.cil.in
View File

@ -1,6 +1,8 @@
; -*- lisp -*-
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2018 Ricardo Wurmus <rekado@elephly.net>
;;; Copyright © 2020 Daniel Brooks <db48x@db48x.net>
;;; Copyright © 2020 Marius Bakke <marius@gnu.org>
;;;
;;; This file is part of GNU Guix.
;;;
@ -21,6 +23,18 @@
;; Intermediate Language (CIL). It refers to types that must be defined in
;; the system's base policy.
;; If you, like me, need advice about fixing an SELinux policy, I recommend
;; reading https://danwalsh.livejournal.com/55324.html
;; In particular, you can run semanage permissive -a guix_daemon.guix_daemon_t
;; to allow guix-daemon to do whatever it wants. SELinux will still check its
;; permissions, and when it doesn't have permission it will still send an
;; audit message to your system logs. This lets you know what permissions it
;; ought to have. Use ausearch --raw to find the permissions violations, then
;; pipe that to audit2allow to generate an updated policy. You'll still need
;; to translate that policy into CIL in order to update this file, but that's
;; fairly straight-forward. Annoying, but easy.
(block guix_daemon
;; Require existing types
(typeattributeset cil_gen_require init_t)
@ -34,14 +48,19 @@
(roletype object_r guix_daemon_t)
(type guix_daemon_conf_t)
(roletype object_r guix_daemon_conf_t)
(typeattributeset file_type guix_daemon_conf_t)
(type guix_daemon_exec_t)
(roletype object_r guix_daemon_exec_t)
(typeattributeset file_type guix_daemon_exec_t)
(type guix_daemon_socket_t)
(roletype object_r guix_daemon_socket_t)
(typeattributeset file_type guix_daemon_socket_t)
(type guix_store_content_t)
(roletype object_r guix_store_content_t)
(typeattributeset file_type guix_store_content_t)
(type guix_profiles_t)
(roletype object_r guix_profiles_t)
(typeattributeset file_type guix_profiles_t)
;; These types are domains, thereby allowing process rules
(typeattributeset domain (guix_daemon_t guix_daemon_exec_t))
@ -55,6 +74,30 @@
(typetransition guix_store_content_t guix_daemon_exec_t
process guix_daemon_t)
(roletype system_r guix_daemon_t)
;; allow init_t to read and execute guix files
(allow init_t
guix_profiles_t
(lnk_file (read)))
(allow init_t
guix_daemon_exec_t
(file (execute)))
(allow init_t
guix_daemon_t
(process (transition)))
(allow init_t
guix_store_content_t
(lnk_file (read)))
(allow init_t
guix_store_content_t
(file (open read execute)))
;; guix-daemon needs to know the names of users
(allow guix_daemon_t
passwd_file_t
(file (getattr open read)))
;; Permit communication with NSCD
(allow guix_daemon_t
nscd_var_run_t
@ -71,25 +114,44 @@
(allow guix_daemon_t
nscd_t
(unix_stream_socket (connectto)))
(allow guix_daemon_t nscd_t
(nscd (getgrp gethost getpwd getserv shmemgrp shmemhost shmempwd shmemserv)))
;; permit downloading packages via HTTP(s)
(allow guix_daemon_t http_port_t
(tcp_socket (name_connect)))
(allow guix_daemon_t ftp_port_t
(tcp_socket (name_connect)))
(allow guix_daemon_t ephemeral_port_t
(tcp_socket (name_connect)))
;; Permit logging and temp file access
(allow guix_daemon_t
tmp_t
(lnk_file (setattr unlink)))
(lnk_file (create rename setattr unlink)))
(allow guix_daemon_t
tmp_t
(dir (create
rmdir
(file (link rename create execute execute_no_trans write unlink setattr map relabelto)))
(allow guix_daemon_t
tmp_t
(fifo_file (open read write create getattr ioctl setattr unlink)))
(allow guix_daemon_t
tmp_t
(dir (create rename
rmdir relabelto
add_name remove_name
open read write
getattr setattr
search)))
(allow guix_daemon_t
tmp_t
(sock_file (create getattr setattr unlink write)))
(allow guix_daemon_t
var_log_t
(file (create getattr open write)))
(allow guix_daemon_t
var_log_t
(dir (getattr write add_name)))
(dir (getattr create write add_name)))
(allow guix_daemon_t
var_run_t
(lnk_file (read)))
@ -100,10 +162,10 @@
;; Spawning processes, execute helpers
(allow guix_daemon_t
self
(process (fork)))
(process (fork execmem setrlimit setpgid setsched)))
(allow guix_daemon_t
guix_daemon_exec_t
(file (execute execute_no_trans read open)))
(file (execute execute_no_trans read open entrypoint map)))
;; TODO: unknown
(allow guix_daemon_t
@ -119,38 +181,51 @@
;; Build isolation
(allow guix_daemon_t
guix_store_content_t
(file (mounton)))
(file (ioctl mounton)))
(allow guix_store_content_t
fs_t
(filesystem (associate)))
(allow guix_daemon_t
guix_store_content_t
(dir (mounton)))
(dir (read mounton)))
(allow guix_daemon_t
guix_daemon_t
(capability (net_admin
fsetid fowner
chown setuid setgid
dac_override dac_read_search
sys_chroot)))
sys_chroot
sys_admin)))
(allow guix_daemon_t
fs_t
(filesystem (unmount)))
(allow guix_daemon_t
devpts_t
(dir (search)))
(allow guix_daemon_t
devpts_t
(filesystem (mount)))
(allow guix_daemon_t
devpts_t
(chr_file (setattr getattr)))
(chr_file (ioctl open read write setattr getattr)))
(allow guix_daemon_t
tmpfs_t
(filesystem (mount)))
(filesystem (getattr mount)))
(allow guix_daemon_t
tmpfs_t
(dir (getattr)))
(file (create open read unlink write)))
(allow guix_daemon_t
tmpfs_t
(dir (getattr add_name remove_name write)))
(allow guix_daemon_t
proc_t
(filesystem (mount)))
(file (getattr open read)))
(allow guix_daemon_t
proc_t
(dir (read)))
(allow guix_daemon_t
proc_t
(filesystem (associate mount)))
(allow guix_daemon_t
null_device_t
(chr_file (getattr open read write)))
@ -179,7 +254,7 @@
search rename
add_name remove_name
open write
rmdir)))
rmdir relabelfrom)))
(allow guix_daemon_t
guix_store_content_t
(file (create
@ -189,7 +264,7 @@
link unlink
map
rename
open read write)))
open read write relabelfrom)))
(allow guix_daemon_t
guix_store_content_t
(lnk_file (create
@ -197,17 +272,23 @@
link unlink
read
rename)))
(allow guix_daemon_t
guix_store_content_t
(fifo_file (create getattr open read unlink write)))
(allow guix_daemon_t
guix_store_content_t
(sock_file (create getattr unlink write)))
;; Access to configuration files and directories
(allow guix_daemon_t
guix_daemon_conf_t
(dir (search
(dir (search create
setattr getattr
add_name remove_name
open read write)))
(allow guix_daemon_t
guix_daemon_conf_t
(file (create
(file (create rename
lock
map
getattr setattr
@ -216,11 +297,17 @@
(allow guix_daemon_t
guix_daemon_conf_t
(lnk_file (create getattr rename unlink)))
(allow guix_daemon_t net_conf_t
(file (getattr open read)))
(allow guix_daemon_t net_conf_t
(lnk_file (read)))
(allow guix_daemon_t NetworkManager_var_run_t
(dir (search)))
;; Access to profiles
(allow guix_daemon_t
guix_profiles_t
(dir (getattr setattr read open)))
(dir (search getattr setattr read write open create add_name)))
(allow guix_daemon_t
guix_profiles_t
(lnk_file (read getattr)))
@ -233,8 +320,22 @@
(allow guix_daemon_t
user_home_t
(dir (search)))
(allow guix_daemon_t
cache_home_t
(dir (search)))
;; self upgrades
(allow guix_daemon_t
self
(dir (add_name write)))
(allow guix_daemon_t
self
(netlink_route_socket (bind create getattr nlmsg_read read write)))
;; Socket operations
(allow guix_daemon_t
guix_daemon_socket_t
(sock_file (unlink)))
(allow guix_daemon_t
init_t
(fd (use)))
@ -253,12 +354,53 @@
read write
connect bind accept
getopt setopt)))
(allow guix_daemon_t
self
(tcp_socket (accept listen bind connect create setopt getopt getattr ioctl read write shutdown)))
(allow guix_daemon_t
unreserved_port_t
(tcp_socket (name_bind name_connect accept listen)))
(allow guix_daemon_t
self
(udp_socket (connect getattr bind getopt setopt)))
(allow guix_daemon_t
self
(fifo_file (write read)))
(allow guix_daemon_t
self
(udp_socket (ioctl create)))
(allow guix_daemon_t
self
(unix_stream_socket (connectto)))
(allow guix_daemon_t
node_t
(tcp_socket (node_bind)))
(allow guix_daemon_t
node_t
(udp_socket (node_bind)))
(allow guix_daemon_t
port_t
(tcp_socket (name_connect)))
(allow guix_daemon_t
rtp_media_port_t
(udp_socket (name_bind)))
(allow guix_daemon_t
vnc_port_t
(tcp_socket (name_bind)))
;; I guess sometimes it needs random numbers
(allow guix_daemon_t
random_device_t
(chr_file (read)))
;; guix system vm
(allow guix_daemon_t
kvm_device_t
(chr_file (ioctl open read write)))
(allow guix_daemon_t
kernel_t
(system (ipc_info)))
;; Label file system
(filecon "@guix_sysconfdir@/guix(/.*)?"
@ -277,5 +419,7 @@
file (system_u object_r guix_daemon_exec_t (low low)))
(filecon "@storedir@/.+-(guix-.+|profile)/bin/guix-daemon"
file (system_u object_r guix_daemon_exec_t (low low)))
(filecon "@storedir@/[a-z0-9]+-guix-daemon"
file (system_u object_r guix_daemon_exec_t (low low)))
(filecon "@guix_localstatedir@/guix/daemon-socket/socket"
any (system_u object_r guix_daemon_socket_t (low low))))

1
gnu/local.mk
View File

@ -1054,6 +1054,7 @@ dist_patch_DATA = \
%D%/packages/patches/ghostscript-no-header-id.patch \
%D%/packages/patches/ghostscript-no-header-uuid.patch \
%D%/packages/patches/ghostscript-no-header-creationdate.patch \
%D%/packages/patches/glib-appinfo-watch.patch \
%D%/packages/patches/glib-tests-timer.patch \
%D%/packages/patches/glibc-CVE-2018-11236.patch \
%D%/packages/patches/glibc-CVE-2018-11237.patch \

14
gnu/packages/glib.scm
View File

@ -181,6 +181,7 @@ shared NFS home directories.")
(package
(name "glib")
(version "2.62.6")
(replacement glib-with-gio-patch)
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnome/sources/"
@ -387,11 +388,20 @@ dynamic loading, and an object system.")
(home-page "https://developer.gnome.org/glib/")
(license license:lgpl2.1+)))
(define glib-with-gio-patch
;; GLib with a fix for <https://bugs.gnu.org/35594>.
;; TODO: Fold into 'glib' above in the next rebuild cycle.
(package
(inherit glib)
(source (origin
(inherit (package-source glib))
(patches (cons (search-patch "glib-appinfo-watch.patch")
(origin-patches (package-source glib))))))))
(define-public glib-with-documentation
;; glib's doc must be built in a separate package since it requires gtk-doc,
;; which in turn depends on glib.
(package
(inherit glib)
(package/inherit glib
(properties (alist-delete 'hidden? (package-properties glib)))
(outputs (cons "doc" (package-outputs glib))) ; 20 MiB of GTK-Doc reference
(native-inputs

16
gnu/packages/package-management.scm
View File

@ -130,9 +130,9 @@
;; Latest version of Guix, which may or may not correspond to a release.
;; Note: the 'update-guix-package.scm' script expects this definition to
;; start precisely like this.
(let ((version "1.1.0")
(commit "5e7cf66fb35780f930ad0bc5fe21ac330df4411d")
(revision 32))
(let ((version "1.2.0rc1")
(commit "3ba6ffd0dd092ae879d014e4971989f231eaa56d")
(revision 1))
(package
(name "guix")
@ -148,7 +148,7 @@
(commit commit)))
(sha256
(base32
"15clfjp845gvl0p6qw0b1gdibqfq20zwzr6dbxvq8l9fgzj1kb6b"))
"1wa67gdipmzqr400hp0cw5ih0rlfvj345h65rqbk9s4g3bkg38hm"))
(file-name (string-append "guix-" version "-checkout"))))
(build-system gnu-build-system)
(arguments
@ -336,7 +336,13 @@ $(prefix)/etc/init.d\n")))
(let ((bash (assoc-ref inputs "bash")))
(substitute* (string-append out "/bin/guix")
(("^#!.*/bash") (string-append "#! " bash "/bin/bash")))))
#t))))))
#t)))
;; The 'guix' executable has 'OUT/libexec/guix/guile' has
;; its shebang; that should remain unchanged, thus remove
;; the 'patch-shebangs' phase, which would otherwise
;; change it to 'GUILE/bin/guile'.
(delete 'patch-shebangs))))
(native-inputs `(("pkg-config" ,pkg-config)
;; Guile libraries are needed here for

92
gnu/packages/patches/glib-appinfo-watch.patch Normal file
View File

@ -0,0 +1,92 @@
This patch lets GLib's GDesktopAppInfo API watch and notice changes
to the Guix user and system profiles. That way, the list of available
applications shown by the desktop environment is immediately updated
when the user runs "guix install", "guix remove", or "guix system
reconfigure" (see <https://issues.guix.gnu.org/35594>).
It does so by monitoring /var/guix/profiles (for changes to the system
profile) and /var/guix/profiles/per-user/USER (for changes to the user
profile) and crawling their share/applications sub-directory when
changes happen.
diff --git a/gio/gdesktopappinfo.c b/gio/gdesktopappinfo.c
index f1e2fdd..095c110 100644
--- a/gio/gdesktopappinfo.c
+++ b/gio/gdesktopappinfo.c
@@ -148,6 +148,7 @@ typedef struct
gchar *alternatively_watching;
gboolean is_config;
gboolean is_setup;
+ gchar *guix_profile_watch_dir;
GFileMonitor *monitor;
GHashTable *app_names;
GHashTable *mime_tweaks;
@@ -180,6 +181,7 @@ desktop_file_dir_unref (DesktopFileDir *dir)
{
desktop_file_dir_reset (dir);
g_free (dir->path);
+ g_free (dir->guix_profile_watch_dir);
g_free (dir);
}
}
@@ -204,6 +206,13 @@ desktop_file_dir_get_alternative_dir (DesktopFileDir *dir)
{
gchar *parent;
+ /* If DIR is a profile, watch the specified directory--e.g.,
+ * /var/guix/profiles/per-user/$USER/ for the user profile. Do not watch
+ * ~/.guix-profile or /run/current-system/profile because GFileMonitor does
+ * not pass IN_DONT_FOLLOW and thus cannot notice any change. */
+ if (dir->guix_profile_watch_dir != NULL)
+ return g_strdup (dir->guix_profile_watch_dir);
+
/* If the directory itself exists then we need no alternative. */
if (g_access (dir->path, R_OK | X_OK) == 0)
return NULL;
@@ -249,11 +258,11 @@ desktop_file_dir_changed (GFileMonitor *monitor,
*
* If this is a notification for a parent directory (because the
* desktop directory didn't exist) then we shouldn't fire the signal
- * unless something actually changed.
+ * unless something actually changed or it's in /var/guix/profiles.
*/
g_mutex_lock (&desktop_file_dir_lock);
- if (dir->alternatively_watching)
+ if (dir->alternatively_watching && dir->guix_profile_watch_dir == NULL)
{
gchar *alternative_dir;
@@ -1555,6 +1564,32 @@ desktop_file_dirs_lock (void)
for (i = 0; dirs[i]; i++)
g_ptr_array_add (desktop_file_dirs, desktop_file_dir_new (dirs[i]));
+ {
+ /* Monitor the system and user profile under /var/guix/profiles and
+ * treat modifications to them as if they were modifications to their
+ * /share sub-directory. */
+ const gchar *user;
+ DesktopFileDir *system_profile_dir, *user_profile_dir;
+
+ system_profile_dir =
+ desktop_file_dir_new ("/var/guix/profiles/system/profile/share");
+ system_profile_dir->guix_profile_watch_dir = g_strdup ("/var/guix/profiles");
+ g_ptr_array_add (desktop_file_dirs, desktop_file_dir_ref (system_profile_dir));
+
+ user = g_get_user_name ();
+ if (user != NULL)
+ {
+ gchar *profile_dir, *user_data_dir;
+
+ profile_dir = g_build_filename ("/var/guix/profiles/per-user", user, NULL);
+ user_data_dir = g_build_filename (profile_dir, "guix-profile", "share", NULL);
+ user_profile_dir = desktop_file_dir_new (user_data_dir);
+ user_profile_dir->guix_profile_watch_dir = profile_dir;
+ g_ptr_array_add (desktop_file_dirs, desktop_file_dir_ref (user_profile_dir));
+ g_free (user_data_dir);
+ }
+ }
+
/* The list of directories will never change after this, unless
* g_get_user_config_dir() changes due to %G_TEST_OPTION_ISOLATE_DIRS. */
desktop_file_dirs_config_dir = user_config_dir;

33
gnu/packages/python-web.scm
View File

@ -26,7 +26,7 @@
;;; Copyright © 2018 Tomáš Čech <sleep_walker@gnu.org>
;;; Copyright © 2018, 2019 Nicolas Goaziou <mail@nicolasgoaziou.fr>
;;; Copyright © 2018 Mathieu Othacehe <m.othacehe@gmail.com>
;;; Copyright © 2018 Maxim Cournoyer <maxim.cournoyer@gmail.com>
;;; Copyright © 2018, 2020 Maxim Cournoyer <maxim.cournoyer@gmail.com>
;;; Copyright © 2019 Vagrant Cascadian <vagrant@debian.org>
;;; Copyright © 2019 Brendan Tildesley <mail@brendan.scot>
;;; Copyright © 2019 Pierre Langlois <pierre.langlois@gmx.com>
@ -2893,21 +2893,30 @@ pretty printer and a tree visitor.")
(name "python-flask-basicauth")
(version "0.2.0")
(source
(origin
(method url-fetch)
(uri (pypi-uri "Flask-BasicAuth" version))
(sha256
(base32
"1zq1spkjr4sjdnalpp8wl242kdqyk6fhbnhr8hi4r4f0km4bspnz"))))
(origin
(method url-fetch)
(uri (pypi-uri "Flask-BasicAuth" version))
(sha256
(base32
"1zq1spkjr4sjdnalpp8wl242kdqyk6fhbnhr8hi4r4f0km4bspnz"))))
(build-system python-build-system)
(arguments
`(#:phases (modify-phases %standard-phases
(add-after 'unpack 'fix-imports
(lambda _
(substitute* '("docs/index.rst"
"docs/conf.py"
"flask_basicauth.py"
"test_basicauth.py")
(("flask\\.ext\\.basicauth")
"flask_basicauth"))
#t)))))
(propagated-inputs
`(("python-flask" ,python-flask)))
(home-page
"https://github.com/jpvanhal/flask-basicauth")
(synopsis
"HTTP basic access authentication for Flask")
(home-page "https://github.com/jpvanhal/flask-basicauth")
(synopsis "HTTP basic access authentication for Flask")
(description
"This package provides HTTP basic access authentication for Flask.")
"This package provides HTTP basic access authentication for Flask.")
(license license:bsd-3)))
(define-public python-flask-htpasswd

21
gnu/services/base.scm
View File

@ -106,6 +106,12 @@
agetty-service-type
mingetty-configuration
mingetty-configuration-tty
mingetty-configuration-auto-login
mingetty-configuration-login-program
mingetty-configuration-login-pause?
mingetty-configuration-clear-on-logout?
mingetty-configuration-mingetty
mingetty-configuration?
mingetty-service
mingetty-service-type
@ -285,8 +291,19 @@ This service must be the root of the service dependency graph so that its
(define (file-system->shepherd-service-name file-system)
"Return the symbol that denotes the service mounting and unmounting
FILE-SYSTEM."
(symbol-append 'file-system-
(string->symbol (file-system-mount-point file-system))))
(define valid-characters
;; Valid store characters; see 'checkStoreName' in the daemon.
(string->char-set
"0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz+-._?="))
(define mount-point
(string-map (lambda (chr)
(if (char-set-contains? valid-characters chr)
chr
#\-))
(file-system-mount-point file-system)))
(symbol-append 'file-system- (string->symbol mount-point)))
(define (mapped-device->shepherd-service-name md)
"Return the symbol that denotes the shepherd service of MD, a <mapped-device>."

4
guix/scripts/build.scm
View File

@ -51,7 +51,9 @@
#:use-module ((guix progress) #:select (current-terminal-columns))
#:use-module ((guix build syscalls) #:select (terminal-columns))
#:use-module (guix transformations)
#:export (%standard-build-options
#:export (log-url
%standard-build-options
set-build-options-from-command-line
set-build-options-from-command-line*
show-build-options-help

5
guix/scripts/pack.scm
View File

@ -59,11 +59,16 @@
#:use-module (srfi srfi-37)
#:use-module (ice-9 match)
#:export (compressor?
compressor-name
compressor-extenstion
compressor-command
%compressors
lookup-compressor
self-contained-tarball
docker-image
squashfs-image
%formats
guix-pack))
;; Type of a compression tool.

28
guix/scripts/publish.scm
View File

@ -2,6 +2,7 @@
;;; Copyright © 2015 David Thompson <davet@gnu.org>
;;; Copyright © 2020 by Amar M. Singh <nly@disroot.org>
;;; Copyright © 2015, 2016, 2017, 2018, 2019, 2020 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2020 Maxim Cournoyer <maxim.cournoyer@gmail.com>
;;;
;;; This file is part of GNU Guix.
;;;
@ -250,6 +251,21 @@ usage."
("WantMassQuery" . 0)
("Priority" . 100)))
;;; A common buffer size value used for the TCP socket SO_SNDBUF option and
;;; the gzip compressor buffer size.
(define %default-buffer-size
(* 208 1024))
(define %default-socket-options
;; List of options passed to 'setsockopt' when transmitting files.
(list (list SO_SNDBUF %default-buffer-size)))
(define* (configure-socket socket #:key (level SOL_SOCKET)
(options %default-socket-options))
"Apply multiple option tuples in OPTIONS to SOCKET, using LEVEL."
(for-each (cut apply setsockopt socket level <>)
options))
(define (signed-string s)
"Sign the hash of the string S with the daemon's key. Return a canonical
sexp for the signature."
@ -569,7 +585,7 @@ requested using POOL."
(lambda (port)
(write-file item port))
#:level (compression-level compression)
#:buffer-size (* 128 1024))
#:buffer-size %default-buffer-size)
(rename-file (string-append nar ".tmp") nar))
('lzip
;; Note: the file port gets closed along with the lzip port.
@ -866,7 +882,7 @@ or if EOF is reached."
;; 'make-gzip-output-port' wants a file port.
(make-gzip-output-port (response-port response)
#:level level
#:buffer-size (* 64 1024)))
#:buffer-size %default-buffer-size))
(($ <compression> 'lzip level)
(make-lzip-output-port (response-port response)
#:level level))
@ -891,8 +907,7 @@ blocking."
client))
(port (begin
(force-output client)
(setsockopt client SOL_SOCKET
SO_SNDBUF (* 128 1024))
(configure-socket client)
(nar-response-port response compression))))
;; XXX: Given our ugly workaround for <http://bugs.gnu.org/21093> in
;; 'render-nar', BODY here is just the file name of the store item.
@ -922,7 +937,7 @@ blocking."
size)
client))
(output (response-port response)))
(setsockopt client SOL_SOCKET SO_SNDBUF (* 128 1024))
(configure-socket client)
(if (file-port? output)
(sendfile output input size)
(dump-port input output))
@ -1067,7 +1082,8 @@ methods, return the applicable compression."
(define (open-server-socket address)
"Return a TCP socket bound to ADDRESS, a socket address."
(let ((sock (socket (sockaddr:fam address) SOCK_STREAM 0)))
(setsockopt sock SOL_SOCKET SO_REUSEADDR 1)
(configure-socket sock #:options (cons (list SO_REUSEADDR 1)
%default-socket-options))
(bind sock address)
sock))

2
guix/scripts/pull.scm
View File

@ -385,7 +385,7 @@ previous generation. Return true if there are news to display."
(and=> (relative-generation profile -1)
(cut generation-file-name profile <>)))
(when previous
(and previous
(let ((old-channels (profile-channels previous))
(new-channels (profile-channels profile)))
;; Find the channels present in both PROFILE and PREVIOUS, and print

10
guix/self.scm
View File

@ -400,6 +400,12 @@ a list of extra files, such as '(\"contributing\")."
(find-files directory
"\\.[a-z]{2}(_[A-Z]{2})?\\.po$")))
(define parallel-jobs
;; Limit thread creation by 'n-par-for-each'. Going beyond can
;; lead libgc 8.0.4 to abort with:
;; mmap(PROT_NONE) failed
(min (parallel-job-count) 4))
(mkdir #$output)
(copy-recursively #$documentation "."
#:log (%make-void-port "w"))
@ -415,14 +421,14 @@ a list of extra files, such as '(\"contributing\")."
(setenv "LC_ALL" "en_US.UTF-8")
(setlocale LC_ALL "en_US.UTF-8")
(n-par-for-each (parallel-job-count)
(n-par-for-each parallel-jobs
(match-lambda
((language . po)
(translate-texi "guix" po language
#:extras '("contributing"))))
(available-translations "." "guix-manual"))
(n-par-for-each (parallel-job-count)
(n-par-for-each parallel-jobs
(match-lambda
((language . po)
(translate-texi "guix-cookbook" po language)))

4
tests/build-utils.scm
View File

@ -1,5 +1,5 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2012, 2015, 2016, 2019 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2012, 2015, 2016, 2019, 2020 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2019 Ricardo Wurmus <rekado@elephly.net>
;;;
;;; This file is part of GNU Guix.
@ -174,7 +174,7 @@ echo hello world"))
(let ((script-file-name (string-append directory "/foo")))
(call-with-output-file script-file-name
(lambda (port)
(format port script-contents)))
(display script-contents port)))
(chmod script-file-name #o777)
(wrap-script script-file-name
`("GUIX_FOO" prefix ("/some/path"