Timezone problems

[Alex Sassmannshausen]

Hello all,

I'm running into issues whereby the 'date' command that is part of the
coreutils package (installed through guix) returns non-timezone
corrected values (i.e. it returns UTC even for local time).

I suspect this was to do with the locale complications of the earlier
gcc version that was part of guix, and that locale issue seems to be
resolved now: Guile 2.0.9 compiled with the new gcc does not complain
about locale settings anymore.

Would guix normally have recompiled coreutils following the gcc upgrade
too? If so then the problem must be something else — but the date
program invoked through /bin/date returns the correct local time (installed
through aptitude), so it seems guix specific.

If not — is there a way to force re-installation from scratch for just
coreutils?

Best wishes,

Alex

Re: 'python-build-system'

[Ludovic Courtès]

Nikita Karetnikov nik...@karetnikov.org skribis:

 With these changes in place, OK to commit.

 I've just pushed both patches.  Please have a look.

 To answer your previous question, this ‘wrap’ phase serves a different
 (but related) purpose than the ‘native-search-paths’ thing: it ensures
 that the ‘bzr’ program, when run by the user, finds all its Python
 modules.

 I know.  But why do we need to use 'native-search-paths' to set
 PYTHONPATH if we wrap all executables anyway?  What is the purpose of
 'native-search-paths' in this case?

Not all Python packages have binaries, and when they do, they can often
be used either as stand-alone binaries or as Python modules.

Does that clarify?

Ludo’.

Re: Timezone problems

[Ludovic Courtès]

Alex Sassmannshausen alex.sassmannshau...@gmail.com skribis:

 I'm running into issues whereby the 'date' command that is part of the
 coreutils package (installed through guix) returns non-timezone
 corrected values (i.e. it returns UTC even for local time).

Actually you first need to install the ‘tzdata’ package (which I just
added yesterday!).  Then you must set the TZDIR environment variable to
point to it, like this:

  export TZDIR=$HOME/.guix-profile/share/zoneinfo

The C library (the one from Guix) will then get timezone info from there.

 I suspect this was to do with the locale complications of the earlier
 gcc version that was part of guix, and that locale issue seems to be
 resolved now: Guile 2.0.9 compiled with the new gcc does not complain
 about locale settings anymore.

This is actually unrelated but yes, this one’s fixed too.

 Would guix normally have recompiled coreutils following the gcc upgrade
 too? If so then the problem must be something else — but the date
 program invoked through /bin/date returns the correct local time (installed
 through aptitude), so it seems guix specific.

 If not — is there a way to force re-installation from scratch for just
 coreutils?

What matters most is what’s in your profile.  I just run ‘guix package 
--upgrade’,
which atomically upgrades everything that’s installed in your profile
(so you get the new Coreutils, and everything linked against the new libc.)

HTH!

Ludo’.

Re: Literate programming

[Nikita Karetnikov]

 I wouldn’t want to automatically extract command-line doc.  First,
 because --help needs to be concise, whereas the manual can give
 additional details (compare ‘guix package --help’ and “Invoking guix
 packages”.)  Second, because the manual should include cross-references
 and examples to make things more understandable.

Here is how I see the process: one creates a command-line tool and uses
Commentary to document it.  Then the person should manually @include the
output of extracted and converted Commentary (e.g., 'filename.texi'),
which isn't created at this point.  After that it's only necessary to
run 'make' to compile 'filename.texi' and 'guix.texi'.  (Note that it's
possible to use cross-references.)

I've created a rough example.  'doc/hash-texi.scm' shows how to extract
and convert Commentary.  The same thing should be done for all scripts.
So each 'file.scm' should have a corresponding 'file.texi'.  Other files
in 'guix' will need a different extraction scheme because it's necessary
to get docstrings as well.  I'd like to write a couple of procedures and
put them into a makefile.  Still, it'll be necessary to @include files
manually.

I guess this sounds like a lot of work, but the same approach is also
used with LaTeX [1].  You have a main file, a style file, and other files
which will be included into the main file.

I'd also like to find a way to automatically create a table of contents.

[1] https://en.wikibooks.org/wiki/LaTeX/Modular_Documents

diff --git a/doc/guix.texi b/doc/guix.texi
index 9147f43..17f7e14 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -1214,36 +1214,7 @@ the @code{package-derivation} procedure of the @code{(guix packages)}
 module, and to the @code{build-derivations} procedure of the @code{(guix
 store)} module.
 
-@node Invoking guix hash
-@section Invoking @command{guix hash}
-
-The @command{guix hash} command allows to check the integrity of a file.
-It is primarily a convenience tool for anyone contributing to the
-distribution: it computes the cryptographic hash of a file, which can be
-used in the definition of a package (@pxref{Defining Packages}).
-
-The general syntax is:
-
-@example
-guix hash @var{option} @var{file}
-@end example
-
-@command{guix hash} has the following option:
-
-@table @code
-
-@item --format=@var{fmt}
-@itemx -f @var{fmt}
-Write the hash in the given format.
-
-Supported formats: @code{nix-base32}, @code{base32}, @code{base16}
-(@code{hex} and @code{hexadecimal} can be used as well).
-
-If the @option{--format} option is not specified, @command{guix hash}
-will output the hash in @code{nix-base32}.  This representation is used
-in the definitions of packages.
-
-@end table
+@include hash.texi
 
 @node Invoking guix refresh
 @section Invoking @command{guix refresh}
diff --git a/doc/hash-texi.scm b/doc/hash-texi.scm
new file mode 100644
index 000..801f92f
--- /dev/null
+++ b/doc/hash-texi.scm
@@ -0,0 +1,29 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2013 Nikita Karetnikov nik...@karetnikov.org
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see http://www.gnu.org/licenses/.
+
+(use-modules (texinfo serialize)
+ (ice-9 session))
+
+;; 'string-stexi' and 'module-commentary' are used instead of
+;; 'module-stexi-documentation' because we do not want to mention 'guix-hash'
+;; and the names of sections.
+(call-with-output-file doc/hash.texi
+  (lambda (out)
+(format out ~a~%
+(stexi-texi ((@@ (texinfo reflection) string-stexi)
+  (module-commentary '(guix scripts hash)))
\ No newline at end of file
diff --git a/doc/hash.texi b/doc/hash.texi
new file mode 100644
index 000..a6469da
--- /dev/null
+++ b/doc/hash.texi
@@ -0,0 +1,35 @@
+
+@c %start of fragment
+
+@node Invoking guix hash
+@section Invoking @command{guix hash}
+The @command{guix hash} command allows to check the integrity of a file.
+It is primarily a convenience tool for anyone contributing to the
+distribution: it computes the cryptographic hash of a file, which can be
+used in the definition of a package (@pxref{Defining Packages}).
+
+The general syntax is:
+
+@example 
+ guix hash @var{option} @var{file}
+@end example
+
+@command{guix hash} has the following option:
+
+@table @code
+@item --format=@var{fmt}
+@itemx -f @var{fmt}
+Write the hash in the given format.
+

Re: New “guix refresh” command

[Nikita Karetnikov]

 Objects aren’t malicious.  Perhaps you’re talking about situations where
 a mirror provides a tarball along with a valid signature, but said
 signature is made with a random key, and the tarball is actually not
 genuine, right?

Yep.

 Second, this is the same model as used by the OpenSSH client.  When the
 client is first introduced to a host, it presents you its key
 fingerprint, you type ‘y’, and that key gets added to your known hosts
 file.  From there on, person-in-the-middle attacks are trivially
 detected as a key mismatch.

AFAICT, 'guix refresh' doesn't allow to check fingerprints.  If so, we
must change it.

Am I mistaken?  I'm not sure because it fails on my machine:

# ./pre-inst-env guix refresh -u

[...]

In execlp of gpg2: No such file or directory
guix refresh: warning: signature verification failed for `guile-2.0.9.tar.gz'
guix refresh: warning: (could be because the public key is not in your keyring)
gnu/packages/guile.scm:48:12: guile: updating from version 1.8.8 to version 
2.0.9...
Backtrace:
In ice-9/boot-9.scm:
 157: 12 [catch #t #catch-closure 954b170 ...]
In unknown file:
   ?: 11 [apply-smob/1 #catch-closure 954b170]
In ice-9/boot-9.scm:
  63: 10 [call-with-prompt prompt0 ...]
In ice-9/eval.scm:
 432: 9 [eval # #]
In ice-9/boot-9.scm:
2320: 8 [save-module-excursion #procedure 93f9e80 at ice-9/boot-9.scm:3961:3 
()]
3966: 7 [#procedure 93f9e80 at ice-9/boot-9.scm:3961:3 ()]
In unknown file:
   ?: 6 [load-compiled/vm 
/root/.cache/guile/ccache/2.0-LE-4-2.0/home/guix-test2/scripts/guix.go]
In guix/ui.scm:
 417: 5 [guix-main /home/guix-test2/scripts/guix refresh -u]
In ice-9/boot-9.scm:
 157: 4 [catch srfi-34 #procedure 9858520 at guix/ui.scm:138:2 () ...]
In srfi/srfi-1.scm:
 619: 3 [for-each #procedure 98580e0 at guix/scripts/refresh.scm:151:22 
(package) ...]
In guix/scripts/refresh.scm:
 167: 2 [#procedure 98580e0 at guix/scripts/refresh.scm:151:22 (package) #]
In ice-9/boot-9.scm:
 788: 1 [call-with-input-file #f ...]
In unknown file:
   ?: 0 [open-file #f r #:encoding #f #:guess-encoding #f]

ERROR: In procedure open-file:
ERROR: Wrong type (expecting string): #f

 It’s exactly what I would do manually.  What about you?

It depends.  I usually use a similar page [1] to compare fingerprints
and also check via keys.gnupg.net.  Sometimes I try to get more
information elsewhere.  Again, the sad truth is that it's easier not to
sign an ingenuine tarball at all.

 Is it possible to use three mirrors to check keys and tarballs?

 Check against what?  What do you want to address?

Check them against each other.  But it's not the case because 'guix
refresh' uses one server per package.

 I’ve made this suggestion to one of the FSF sysadmins, but it seems to
 need further discussion, and probably input from crypto-savvy people.

OK. 

[1] http://gcc.gnu.org/mirrors.html


pgpcwwBzmDSzj.pgp
Description: PGP signature