bug#22883: [PATCH 1/9] git-authenticate: Cache takes a key parameter.

[Ludovic Courtès]

Gah, I messed up.  Please followup to 41...@debbugs.gnu.org!

Ludo’.

bug#41702: `guix environment` performance issues

[Ludovic Courtès]

Hi,

Lars-Dominik Braun  skribis:

>> --8<---cut here---start->8---
>> $ time guix environment --ad-hoc r-learnr --search-paths
>> export 
>> PATH="/gnu/store/n4wxbmqpafjfyawrla8xymzzdm5hxwph-profile/bin${PATH:+:}$PATH"
>> 
>> real 0m11.328s
>> user 0m20.155s
>> sys  0m0.172s
>> $ time ./pre-inst-env guix environment --ad-hoc r-learnr --search-paths
>> export 
>> PATH="/gnu/store/if6z77la3mx0qdzvcyl4qv9i5cyp48i0-profile/bin${PATH:+:}$PATH"
>> 
>> real 0m4.602s
>> user 0m6.189s
>> sys  0m0.136s
>> --8<---cut here---end--->8---
> that’s awesome and brings me much closer to my goal of running all 
> applications
> inside a `guix environment` container for reproducibility. Including the
> protocol fixes from #41720 I’m now down to ~30s from ~50s, which may be called
> somewhat usable. Obviously I’d be very interested in further speedups.

That’s over SSH, right?

Probably what’s killing us is the round-trip time for all these small
RPCs.  We would need pipelining but the RPC protocol is not designed to
make that easy.

Perhaps you could “strace -Tt” the thing to check whether this
hypothesis is correct by looking at the time we spend waiting for
replies?

As for the CPU cost (i.e., going below the 4.6s above), we should keep
profiling just like you did.

Thanks,
Ludo’.

bug#22883: [PATCH 3/9] tests: Move OpenPGP helpers to (guix tests gnupg).

[Ludovic Courtès]

* tests/git-authenticate.scm (key-id): Remove.
(%ed25519-public-key-file, %ed25519-secret-key-file)
(%ed25519bis-public-key-file, %ed25519bis-secret-key-file)
(read-openpgp-packet, key-fingerprint): Move to...
* guix/tests/gnupg.scm: ... here.
---
 guix/tests/gnupg.scm   | 32 +++-
 tests/git-authenticate.scm | 25 -
 2 files changed, 31 insertions(+), 26 deletions(-)

diff --git a/guix/tests/gnupg.scm b/guix/tests/gnupg.scm
index 47c858d232..eb8ff63a43 100644
--- a/guix/tests/gnupg.scm
+++ b/guix/tests/gnupg.scm
@@ -17,12 +17,23 @@
 ;;; along with GNU Guix.  If not, see .
 
 (define-module (guix tests gnupg)
+  #:use-module (guix openpgp)
   #:use-module (guix utils)
   #:use-module (guix build utils)
+  #:use-module (rnrs io ports)
   #:use-module (ice-9 match)
   #:export (gpg-command
 gpgconf-command
-with-fresh-gnupg-setup))
+with-fresh-gnupg-setup
+
+%ed25519-public-key-file
+%ed25519-secret-key-file
+%ed25519bis-public-key-file
+%ed25519bis-secret-key-file
+
+read-openpgp-packet
+key-fingerprint
+key-id))
 
 (define gpg-command
   (make-parameter "gpg"))
@@ -50,3 +61,22 @@ listed in IMPORTED, and only them, have been imported.  This 
sets 'GNUPGHOME'
 such that the user's real GnuPG files are left untouched.  The 'gpg-agent'
 process is terminated afterwards."
   (call-with-fresh-gnupg-setup imported (lambda () exp ...)))
+
+(define %ed25519-public-key-file
+  (search-path %load-path "tests/ed25519.key"))
+(define %ed25519-secret-key-file
+  (search-path %load-path "tests/ed25519.sec"))
+(define %ed25519bis-public-key-file
+  (search-path %load-path "tests/ed25519bis.key"))
+(define %ed25519bis-secret-key-file
+  (search-path %load-path "tests/ed25519bis.sec"))
+
+(define (read-openpgp-packet file)
+  (get-openpgp-packet
+   (open-bytevector-input-port
+(call-with-input-file file read-radix-64
+
+(define key-fingerprint
+  (compose openpgp-format-fingerprint
+   openpgp-public-key-fingerprint
+   read-openpgp-packet))
diff --git a/tests/git-authenticate.scm b/tests/git-authenticate.scm
index 84689d628e..d713fa6a22 100644
--- a/tests/git-authenticate.scm
+++ b/tests/git-authenticate.scm
@@ -32,31 +32,6 @@
 
 ;; Test the (guix git-authenticate) tools.
 
-(define %ed25519-public-key-file
-  (search-path %load-path "tests/ed25519.key"))
-(define %ed25519-secret-key-file
-  (search-path %load-path "tests/ed25519.sec"))
-(define %ed25519bis-public-key-file
-  (search-path %load-path "tests/ed25519bis.key"))
-(define %ed25519bis-secret-key-file
-  (search-path %load-path "tests/ed25519bis.sec"))
-
-(define (read-openpgp-packet file)
-  (get-openpgp-packet
-   (open-bytevector-input-port
-(call-with-input-file file read-radix-64
-
-(define key-fingerprint
-  (compose openpgp-format-fingerprint
-   openpgp-public-key-fingerprint
-   read-openpgp-packet))
-
-(define (key-id file)
-  (define id
-(openpgp-public-key-id (read-openpgp-packet)))
-
-  (string-pad (number->string id 16) 16 #\0))
-
 (define (gpg+git-available?)
   (and (which (git-command))
(which (gpg-command)) (which (gpgconf-command
-- 
2.26.2

bug#22883: [PATCH 4/9] channels: 'latest-channel-instance' authenticates Git checkouts.

[Ludovic Courtès]

Fixes .

* guix/channels.scm ()[introduction]: New field.
(): New record type.
(%guix-channel-introduction): New variable.
(%default-channels): Use it.
()[keyring-reference]: New field.
(%default-keyring-reference): New variable.
(read-channel-metadata, read-channel-metadata-from-source): Initialize
the 'keyring-reference' field.
(commit-short-id, verify-introductory-commit)
(authenticate-channel): New procedures.
(latest-channel-instance): Call 'authenticate-channel' when CHANNEL has
an introduction.
* tests/channels.scm (gpg+git-available?, commit-id-string): New
procedures.
("authenticate-channel, wrong first commit signer"):
("authenticate-channel, .guix-authorizations"): New tests.
* doc/guix.texi (Invoking guix pull): Mention authentication.
---
 .dir-locals.el |   1 +
 doc/guix.texi  |   6 +-
 guix/channels.scm  | 182 +++--
 tests/channels.scm | 122 ++
 4 files changed, 304 insertions(+), 7 deletions(-)

diff --git a/.dir-locals.el b/.dir-locals.el
index dc8bc0e437..7ac1eb7509 100644
--- a/.dir-locals.el
+++ b/.dir-locals.el
@@ -95,6 +95,7 @@
(eval . (put 'eventually 'scheme-indent-function 1))
 
(eval . (put 'call-with-progress-reporter 'scheme-indent-function 1))
+   (eval . (put 'with-repository 'scheme-indent-function 2))
(eval . (put 'with-temporary-git-repository 'scheme-indent-function 2))
(eval . (put 'with-environment-variables 'scheme-indent-function 1))
(eval . (put 'with-fresh-gnupg-setup 'scheme-indent-function 1))
diff --git a/doc/guix.texi b/doc/guix.texi
index 056bf011f6..6fcb47970b 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -3719,13 +3719,17 @@ this option is primarily useful when the daemon was 
running with
 @cindex updating Guix
 @cindex @command{guix pull}
 @cindex pull
+@cindex security, @command{guix pull}
+@cindex authenticity, of code obtained with @command{guix pull}
 Packages are installed or upgraded to the latest version available in
 the distribution currently available on your local machine.  To update
 that distribution, along with the Guix tools, you must run @command{guix
 pull}: the command downloads the latest Guix source code and package
 descriptions, and deploys it.  Source code is downloaded from a
 @uref{https://git-scm.com, Git} repository, by default the official
-GNU@tie{}Guix repository, though this can be customized.
+GNU@tie{}Guix repository, though this can be customized.  @command{guix
+pull} ensures that the code it downloads is @emph{authentic} by
+verifying that commits are signed by Guix developers.
 
 Specifically, @command{guix pull} downloads code from the @dfn{channels}
 (@pxref{Channels}) specified by one of the followings, in this order:
diff --git a/guix/channels.scm b/guix/channels.scm
index 84c47fc0d0..c2ea0e26ff 100644
--- a/guix/channels.scm
+++ b/guix/channels.scm
@@ -21,6 +21,11 @@
 (define-module (guix channels)
   #:use-module (git)
   #:use-module (guix git)
+  #:use-module (guix git-authenticate)
+  #:use-module ((guix openpgp)
+#:select (openpgp-public-key-fingerprint
+  openpgp-format-fingerprint))
+  #:use-module (guix base16)
   #:use-module (guix records)
   #:use-module (guix gexp)
   #:use-module (guix modules)
@@ -28,6 +33,7 @@
   #:use-module (guix monads)
   #:use-module (guix profiles)
   #:use-module (guix packages)
+  #:use-module (guix progress)
   #:use-module (guix derivations)
   #:use-module (guix combinators)
   #:use-module (guix diagnostics)
@@ -48,17 +54,23 @@
   #:autoload   (guix self) (whole-package make-config.scm)
   #:autoload   (guix inferior) (gexp->derivation-in-inferior) ;FIXME: circular 
dep
   #:autoload   (guix quirks) (%quirks %patches applicable-patch? apply-patch)
+  #:use-module (ice-9 format)
   #:use-module (ice-9 match)
   #:use-module (ice-9 vlist)
   #:use-module ((ice-9 rdelim) #:select (read-string))
+  #:use-module ((rnrs bytevectors) #:select (bytevector=?))
   #:export (channel
 channel?
 channel-name
 channel-url
 channel-branch
 channel-commit
+channel-introduction
 channel-location
 
+channel-introduction?
+;;  accessors purposefully omitted for now.
+
 %default-channels
 guix-channel?
 
@@ -67,6 +79,7 @@
 channel-instance-commit
 channel-instance-checkout
 
+authenticate-channel
 latest-channel-instances
 checkout->channel-instance
 latest-channel-derivation
@@ -104,15 +117,44 @@
   (url   channel-url)
   (branchchannel-branch (default "master"))
   (commitchannel-commit (default #f))
+  (introduction channel-introduction (default #f))
   (location  channel-location
  (default (current-source-location)) (innate)))
 
+;; Channel introductions.  A "channel introduction" provides a 

bug#22883: [PATCH 6/9] .guix-channel: Add 'keyring-reference'.

[Ludovic Courtès]

* .guix-channel: Add 'keyring-reference'.
---
 .guix-channel | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.guix-channel b/.guix-channel
index 3e618d79f8..f4459f1de1 100644
--- a/.guix-channel
+++ b/.guix-channel
@@ -2,4 +2,5 @@
 
 (channel
   (version 0)
-  (news-file "etc/news.scm"))
+  (news-file "etc/news.scm")
+  (keyring-reference "keyring"))
-- 
2.26.2

bug#41768: x265 fails to build on i686

[Marius Bakke]

Hello,

Since commit bec45e6ddb0fd8b8feff3c0147936e4d8f41208d, 'x265' fails to
build on i686:

--8<---cut here---start->8---
[ 29%] Building ASM_NASM object common/CMakeFiles/common.dir/x86/ssd-a.asm.o
/tmp/guix-build-x265-3.3.drv-0/x265_3.3/source/common/x86/ssd-a.asm:827: error: 
invalid combination of opcode and operands
/tmp/guix-build-x265-3.3.drv-0/x265_3.3/source/common/x86/ssd-a.asm:119: ... 
from macro `SSD_ONE' defined here
/tmp/guix-build-x265-3.3.drv-0/x265_3.3/source/common/../common/x86/x86inc.asm:1373:
 ... from macro `movq' defined here
/tmp/guix-build-x265-3.3.drv-0/x265_3.3/source/common/../common/x86/x86inc.asm:1225:
 ... from macro `RUN_AVX_INSTR' defined here
/tmp/guix-build-x265-3.3.drv-0/x265_3.3/source/common/x86/ssd-a.asm:828: error: 
invalid combination of opcode and operands
/tmp/guix-build-x265-3.3.drv-0/x265_3.3/source/common/x86/ssd-a.asm:119: ... 
from macro `SSD_ONE' defined here
/tmp/guix-build-x265-3.3.drv-0/x265_3.3/source/common/../common/x86/x86inc.asm:1373:
 ... from macro `movq' defined here
/tmp/guix-build-x265-3.3.drv-0/x265_3.3/source/common/../common/x86/x86inc.asm:1225:
 ... from macro `RUN_AVX_INSTR' defined here
/tmp/guix-build-x265-3.3.drv-0/x265_3.3/source/common/x86/ssd-a.asm:829: error: 
invalid combination of opcode and operands
/tmp/guix-build-x265-3.3.drv-0/x265_3.3/source/common/x86/ssd-a.asm:119: ... 
from macro `SSD_ONE' defined here
/tmp/guix-build-x265-3.3.drv-0/x265_3.3/source/common/../common/x86/x86inc.asm:1373:
 ... from macro `movq' defined here
/tmp/guix-build-x265-3.3.drv-0/x265_3.3/source/common/../common/x86/x86inc.asm:1225:
 ... from macro `RUN_AVX_INSTR' defined here
/tmp/guix-build-x265-3.3.drv-0/x265_3.3/source/common/x86/ssd-a.asm:832: error: 
invalid combination of opcode and operands
/tmp/guix-build-x265-3.3.drv-0/x265_3.3/source/common/x86/ssd-a.asm:119: ... 
from macro `SSD_ONE' defined here
/tmp/guix-build-x265-3.3.drv-0/x265_3.3/source/common/../common/x86/x86inc.asm:1373:
 ... from macro `movq' defined here
/tmp/guix-build-x265-3.3.drv-0/x265_3.3/source/common/../common/x86/x86inc.asm:1225:
 ... from macro `RUN_AVX_INSTR' defined here
/tmp/guix-build-x265-3.3.drv-0/x265_3.3/source/common/x86/ssd-a.asm:833: error: 
invalid combination of opcode and operands
/tmp/guix-build-x265-3.3.drv-0/x265_3.3/source/common/x86/ssd-a.asm:119: ... 
from macro `SSD_ONE' defined here
/tmp/guix-build-x265-3.3.drv-0/x265_3.3/source/common/../common/x86/x86inc.asm:1373:
 ... from macro `movq' defined here
/tmp/guix-build-x265-3.3.drv-0/x265_3.3/source/common/../common/x86/x86inc.asm:1225:
 ... from macro `RUN_AVX_INSTR' defined here
/tmp/guix-build-x265-3.3.drv-0/x265_3.3/source/common/x86/ssd-a.asm:843: error: 
invalid combination of opcode and operands
/tmp/guix-build-x265-3.3.drv-0/x265_3.3/source/common/x86/ssd-a.asm:262: ... 
from macro `SSD_ONE_SS_32' defined here
/tmp/guix-build-x265-3.3.drv-0/x265_3.3/source/common/../common/x86/x86inc.asm:1373:
 ... from macro `movq' defined here
/tmp/guix-build-x265-3.3.drv-0/x265_3.3/source/common/../common/x86/x86inc.asm:1225:
 ... from macro `RUN_AVX_INSTR' defined here
/tmp/guix-build-x265-3.3.drv-0/x265_3.3/source/common/x86/ssd-a.asm:844: error: 
invalid combination of opcode and operands
/tmp/guix-build-x265-3.3.drv-0/x265_3.3/source/common/x86/ssd-a.asm:348: ... 
from macro `SSD_ONE_SS_64' defined here
/tmp/guix-build-x265-3.3.drv-0/x265_3.3/source/common/../common/x86/x86inc.asm:1373:
 ... from macro `movq' defined here
/tmp/guix-build-x265-3.3.drv-0/x265_3.3/source/common/../common/x86/x86inc.asm:1225:
 ... from macro `RUN_AVX_INSTR' defined here
/tmp/guix-build-x265-3.3.drv-0/x265_3.3/source/common/x86/ssd-a.asm:853: error: 
invalid combination of opcode and operands
/tmp/guix-build-x265-3.3.drv-0/x265_3.3/source/common/x86/ssd-a.asm:130: ... 
from macro `SSD_ONE' defined here
/tmp/guix-build-x265-3.3.drv-0/x265_3.3/source/common/../common/x86/x86inc.asm:1373:
 ... from macro `movq' defined here
/tmp/guix-build-x265-3.3.drv-0/x265_3.3/source/common/../common/x86/x86inc.asm:1225:
 ... from macro `RUN_AVX_INSTR' defined here
/tmp/guix-build-x265-3.3.drv-0/x265_3.3/source/common/x86/ssd-a.asm:854: error: 
invalid combination of opcode and operands
/tmp/guix-build-x265-3.3.drv-0/x265_3.3/source/common/x86/ssd-a.asm:130: ... 
from macro `SSD_ONE' defined here
/tmp/guix-build-x265-3.3.drv-0/x265_3.3/source/common/../common/x86/x86inc.asm:1373:
 ... from macro `movq' defined here
/tmp/guix-build-x265-3.3.drv-0/x265_3.3/source/common/../common/x86/x86inc.asm:1225:
 ... from macro `RUN_AVX_INSTR' defined here
make[2]: *** [common/CMakeFiles/common.dir/build.make:78: 
common/CMakeFiles/common.dir/x86/ssd-a.asm.o] Error 1
--8<---cut here---end--->8---


signature.asc
Description: PGP signature

bug#22883: [PATCH 1/9] git-authenticate: Cache takes a key parameter.

[Ludovic Courtès]

* guix/git-authenticate.scm (authenticated-commit-cache-file)
(cache-authenticated-commit, previously-authenticated-commits): Add
'key' parameter and honor it.
* build-aux/git-authenticate.scm (git-authenticate): Pass
"channels/guix" as the key.
---
 build-aux/git-authenticate.scm |  5 +++--
 guix/git-authenticate.scm  | 24 
 2 files changed, 15 insertions(+), 14 deletions(-)

diff --git a/build-aux/git-authenticate.scm b/build-aux/git-authenticate.scm
index 5e1fdaaa24..a3d4b40ccf 100644
--- a/build-aux/git-authenticate.scm
+++ b/build-aux/git-authenticate.scm
@@ -252,7 +252,7 @@
  (filter-map (lambda (id)
(false-if-exception
 (commit-lookup repository (string->oid id
- (previously-authenticated-commits)))
+ (previously-authenticated-commits "channels/guix")))
 
(define commits
  ;; Commits to authenticate, excluding the closure of
@@ -274,7 +274,8 @@
   #:default-authorizations
   
%historical-authorized-signing-keys
   #:report-progress report)
- (cache-authenticated-commit (oid->string (commit-id end-commit)))
+ (cache-authenticated-commit "channels/guix"
+ (oid->string (commit-id end-commit)))
 
  (unless (null? stats)
(format #t (G_ "Signing statistics:~%"))
diff --git a/guix/git-authenticate.scm b/guix/git-authenticate.scm
index c333717136..6d71228d72 100644
--- a/guix/git-authenticate.scm
+++ b/guix/git-authenticate.scm
@@ -272,33 +272,33 @@ The OpenPGP keyring is loaded from KEYRING-REFERENCE in 
REPOSITORY."
 ;;; Caching.
 ;;;
 
-(define (authenticated-commit-cache-file)
+(define (authenticated-commit-cache-file key)
   "Return the name of the file that contains the cache of
-previously-authenticated commits."
-  (string-append (cache-directory) "/authentication/channels/guix"))
+previously-authenticated commits for KEY."
+  (string-append (cache-directory) "/authentication/" key))
 
-(define (previously-authenticated-commits)
-  "Return the previously-authenticated commits as a list of commit IDs (hex
-strings)."
+(define (previously-authenticated-commits key)
+  "Return the previously-authenticated commits under KEY as a list of commit
+IDs (hex strings)."
   (catch 'system-error
 (lambda ()
-  (call-with-input-file (authenticated-commit-cache-file)
+  (call-with-input-file (authenticated-commit-cache-file key)
 read))
 (lambda args
   (if (= ENOENT (system-error-errno args))
   '()
   (apply throw args)
 
-(define (cache-authenticated-commit commit-id)
-  "Record in ~/.cache COMMIT-ID and its closure as authenticated (only
-COMMIT-ID is written to cache, though)."
+(define (cache-authenticated-commit key commit-id)
+  "Record in ~/.cache, under KEY, COMMIT-ID and its closure as
+authenticated (only COMMIT-ID is written to cache, though)."
   (define %max-cache-length
 ;; Maximum number of commits in cache.
 200)
 
   (let ((lst  (delete-duplicates
-   (cons commit-id (previously-authenticated-commits
-(file (authenticated-commit-cache-file)))
+   (cons commit-id (previously-authenticated-commits key
+(file (authenticated-commit-cache-file key)))
 (mkdir-p (dirname file))
 (with-atomic-file-output file
   (lambda (port)
-- 
2.26.2

bug#22883: [PATCH 7/9] channels: Automatically add introduction for the official 'guix' channel.

[Ludovic Courtès]

This is useful when people run "guix time-machine -C channels.scm",
where 'channels.scm' misses channel introductions.

* guix/channels.scm (%default-channel-url): New variable.
(%default-channels): Use it.
(ensure-default-introduction): New procedure.
(latest-channel-instance): Call it.
---
 guix/channels.scm | 20 ++--
 1 file changed, 18 insertions(+), 2 deletions(-)

diff --git a/guix/channels.scm b/guix/channels.scm
index 6047b51010..43ddff6f7c 100644
--- a/guix/channels.scm
+++ b/guix/channels.scm
@@ -148,18 +148,32 @@
 "BBB0 2DDF 2CEA F6A8 0D1D  E643 A2A0 6DF2 A33A 54FA")))
#f))   ;TODO: Add an intro signature so it can be exported.
 
+(define %default-channel-url
+  ;; URL of the default 'guix' channel.
+  "https://git.savannah.gnu.org/git/guix.git;)
+
 (define %default-channels
   ;; Default list of channels.
   (list (channel
  (name 'guix)
  (branch "master")
- (url "https://git.savannah.gnu.org/git/guix.git;)
+ (url %default-channel-url)
  (introduction %guix-channel-introduction
 
 (define (guix-channel? channel)
   "Return true if CHANNEL is the 'guix' channel."
   (eq? 'guix (channel-name channel)))
 
+(define (ensure-default-introduction chan)
+  "If CHAN represents the \"official\" 'guix' channel and lacks an
+introduction, add it."
+  (if (and (guix-channel? chan)
+   (not (channel-introduction chan))
+   (string=? (channel-url chan) %default-channel-url))
+  (channel (inherit chan)
+   (introduction %guix-channel-introduction))
+  chan))
+
 (define-record-type 
   (channel-instance channel commit checkout)
   channel-instance?
@@ -386,7 +400,9 @@ their relation."
 (and (string=? (basename file) ".git")
  (eq? 'directory (stat:type stat
 
-  (let-values (((checkout commit relation)
+  (let-values (((channel)
+(ensure-default-introduction channel))
+   ((checkout commit relation)
 (update-cached-checkout (channel-url channel)
 #:ref (channel-reference channel)
 #:starting-commit starting-commit)))
-- 
2.26.2

bug#22883: [PATCH 5/9] channels: Make 'validate-pull' call right after clone/pull.

[Ludovic Courtès]

This should come before patching, authentication, etc.

* guix/channels.scm (latest-channel-instance): Add #:validate-pull
parameter and honor it.  Return a single value: the instance.
(ensure-forward-channel-update): Change 'instance' parameter to 'commit'
and adjust accordingly.
(latest-channel-instances): Adjust to 'latest-channel-instance' changes.
* guix/scripts/pull.scm (warn-about-backward-updates): Change 'instance'
parameter to 'commit' and adjust accordingly.
* tests/channels.scm ("latest-channel-instances #:validate-pull"):
Likewise.
---
 guix/channels.scm | 37 -
 guix/scripts/pull.scm | 10 --
 tests/channels.scm|  4 ++--
 3 files changed, 26 insertions(+), 25 deletions(-)

diff --git a/guix/channels.scm b/guix/channels.scm
index c2ea0e26ff..6047b51010 100644
--- a/guix/channels.scm
+++ b/guix/channels.scm
@@ -376,9 +376,12 @@ commits ~a to ~a (~h new commits)...~%")
 
 (define* (latest-channel-instance store channel
   #:key (patches %patches)
-  starting-commit)
-  "Return two values: the latest channel instance for CHANNEL, and its
-relation to STARTING-COMMIT when provided."
+  starting-commit
+  (validate-pull
+   ensure-forward-channel-update))
+  "Return the latest channel instance for CHANNEL.  When STARTING-COMMIT is
+true, call VALIDATE-PULL with CHANNEL, STARTING-COMMIT, the target commit, and
+their relation."
   (define (dot-git? file stat)
 (and (string=? (basename file) ".git")
  (eq? 'directory (stat:type stat
@@ -387,6 +390,9 @@ relation to STARTING-COMMIT when provided."
 (update-cached-checkout (channel-url channel)
 #:ref (channel-reference channel)
 #:starting-commit starting-commit)))
+(when relation
+  (validate-pull channel starting-commit commit relation))
+
 (if (channel-introduction channel)
 (authenticate-channel channel checkout commit)
 ;; TODO: Warn for all the channels once the authentication interface
@@ -403,12 +409,11 @@ relation to STARTING-COMMIT when provided."
 (let* ((name (url+commit->name (channel-url channel) commit))
(checkout (add-to-store store name #t "sha256" checkout
#:select? (negate dot-git?
-  (values (channel-instance channel commit checkout)
-  relation
+  (channel-instance channel commit checkout
 
-(define (ensure-forward-channel-update channel start instance relation)
+(define (ensure-forward-channel-update channel start commit relation)
   "Raise an error if RELATION is not 'ancestor, meaning that START is not an
-ancestor of the commit in INSTANCE, unless CHANNEL specifies a commit.
+ancestor of COMMIT, unless CHANNEL specifies a commit.
 
 This procedure implements a channel update policy meant to be used as a
 #:validate-pull argument."
@@ -422,8 +427,7 @@ This procedure implements a channel update policy meant to 
be used as a
  (format #f (G_ "\
 aborting update of channel '~a' to commit ~a, which is not a descendant of ~a")
  (channel-name channel)
- (channel-instance-commit instance)
- start
+ commit start
 
  ;; If the user asked for a specific commit, they might want
  ;; that to happen nevertheless, so tell them about the
@@ -482,14 +486,13 @@ depending on the policy it implements."
  (G_ "Updating channel '~a' from Git repository at 
'~a'...~%")
  (channel-name channel)
  (channel-url channel))
- (let*-values (((current)
-(current-commit (channel-name channel)))
-   ((instance relation)
-(latest-channel-instance store channel
- #:starting-commit
- current)))
-   (when relation
- (validate-pull channel current instance relation))
+ (let* ((current (current-commit (channel-name channel)))
+(instance
+ (latest-channel-instance store channel
+  #:validate-pull
+  validate-pull
+  #:starting-commit
+  current)))
 
(let-values (((new-instances 

bug#22883: [PATCH 2/9] git-authenticate: 'authenticate-commits' takes a #:keyring parameter.

[Ludovic Courtès]

* guix/git-authenticate.scm (authenticate-commits): Add #:keyring
parameter.
---
 guix/git-authenticate.scm | 8 
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/guix/git-authenticate.scm b/guix/git-authenticate.scm
index 6d71228d72..4795ccf12a 100644
--- a/guix/git-authenticate.scm
+++ b/guix/git-authenticate.scm
@@ -248,13 +248,13 @@ an OpenPGP keyring."
#:key
(default-authorizations '())
(keyring-reference "keyring")
+   (keyring (load-keyring-from-reference
+ repository keyring-reference))
(report-progress (const #t)))
   "Authenticate COMMITS, a list of commit objects, calling REPORT-PROGRESS for
 each of them.  Return an alist showing the number of occurrences of each key.
-The OpenPGP keyring is loaded from KEYRING-REFERENCE in REPOSITORY."
-  (define keyring
-(load-keyring-from-reference repository keyring-reference))
-
+If KEYRING is omitted, the OpenPGP keyring is loaded from KEYRING-REFERENCE in
+REPOSITORY."
   (fold (lambda (commit stats)
   (report-progress)
   (let ((signer (authenticate-commit repository commit keyring
-- 
2.26.2

bug#22883: [PATCH 8/9] pull: Add '--disable-authentication'.

[Ludovic Courtès]

* guix/channels.scm (latest-channel-instance): Add #:authenticate? and
honor it.
(latest-channel-instances): Likewise.
* guix/scripts/pull.scm (%default-options): Add 'authenticate-channels?'.
(show-help, %options): Add '--disable-authentication'.
(guix-pull): Pass #:authenticate? to 'latest-channel-instances'.
* doc/guix.texi (Invoking guix pull): Document it.
---
 doc/guix.texi | 14 ++
 guix/channels.scm | 25 +
 guix/scripts/pull.scm | 14 --
 3 files changed, 43 insertions(+), 10 deletions(-)

diff --git a/doc/guix.texi b/doc/guix.texi
index 6fcb47970b..8131b3bf0d 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -3927,6 +3927,20 @@ Make sure you understand its security implications 
before using
 @option{--allow-downgrades}.
 @end quotation
 
+@item --disable-authentication
+Allow pulling channel code without authenticating it.
+
+@cindex authentication, of channel code
+By default, @command{guix pull} authenticates code downloaded from
+channels by verifying that its commits are signed by authorized
+developers, and raises an error if this is not the case.  This option
+instructs it to not perform any such verification.
+
+@quotation Note
+Make sure you understand its security implications before using
+@option{--disable-authentication}.
+@end quotation
+
 @item --system=@var{system}
 @itemx -s @var{system}
 Attempt to build for @var{system}---e.g., @code{i686-linux}---instead of
diff --git a/guix/channels.scm b/guix/channels.scm
index 43ddff6f7c..9e6adda5e9 100644
--- a/guix/channels.scm
+++ b/guix/channels.scm
@@ -391,11 +391,12 @@ commits ~a to ~a (~h new commits)...~%")
 (define* (latest-channel-instance store channel
   #:key (patches %patches)
   starting-commit
+  (authenticate? #f)
   (validate-pull
ensure-forward-channel-update))
   "Return the latest channel instance for CHANNEL.  When STARTING-COMMIT is
 true, call VALIDATE-PULL with CHANNEL, STARTING-COMMIT, the target commit, and
-their relation."
+their relation.  When AUTHENTICATE? is false, CHANNEL is not authenticated."
   (define (dot-git? file stat)
 (and (string=? (basename file) ".git")
  (eq? 'directory (stat:type stat
@@ -409,13 +410,15 @@ their relation."
 (when relation
   (validate-pull channel starting-commit commit relation))
 
-(if (channel-introduction channel)
-(authenticate-channel channel checkout commit)
-;; TODO: Warn for all the channels once the authentication interface
-;; is public.
-(when (guix-channel? channel)
-  (warning (G_ "the code of channel '~a' cannot be authenticated~%")
-   (channel-name channel
+(if authenticate?
+(if (channel-introduction channel)
+(authenticate-channel channel checkout commit)
+;; TODO: Warn for all the channels once the authentication 
interface
+;; is public.
+(when (guix-channel? channel)
+  (warning (G_ "the code of channel '~a' cannot be 
authenticated~%")
+   (channel-name channel
+(warning (G_ "channel authentication disabled~%")))
 
 (when (guix-channel? channel)
   ;; Apply the relevant subset of PATCHES directly in CHECKOUT.  This is
@@ -463,11 +466,15 @@ allow non-forward updates."))
 (define* (latest-channel-instances store channels
#:key
(current-channels '())
+   (authenticate? #t)
(validate-pull
 ensure-forward-channel-update))
   "Return a list of channel instances corresponding to the latest checkouts of
 CHANNELS and the channels on which they depend.
 
+When AUTHENTICATE? is true, authenticate the subset of CHANNELS that has a
+\"channel introduction\".
+
 CURRENT-CHANNELS is the list of currently used channels.  It is compared
 against the newly-fetched instances of CHANNELS, and VALIDATE-PULL is called
 for each channel update and can choose to emit warnings or raise an error,
@@ -505,6 +512,8 @@ depending on the policy it implements."
  (let* ((current (current-commit (channel-name channel)))
 (instance
  (latest-channel-instance store channel
+  #:authenticate?
+  authenticate?
   #:validate-pull
   validate-pull
   #:starting-commit
diff --git a/guix/scripts/pull.scm b/guix/scripts/pull.scm
index d3d0d2bd64..f953957161 100644
--- 

bug#22883: [PATCH 9/9] DROP? channels: Add prehistorical authorizations to .

[Ludovic Courtès]

This allows users to authenticate commits that were made before
'.guix-authorizations' was introduced.

* guix/channels.scm ()[prehistorical-authorizations]:
New field.
(%guix-historical-committers): New variable.
(openpgp-fingerprint->bytevector): New procedure.
(%guix-channel-introduction): Add 'prehistorical-authorizations' field.
(authenticate-channel): Honor it.  Pass it as #:default-authorizations
to 'authenticate-commits'.
* build-aux/git-authenticate.scm (%historical-committers)
(%historical-authorized-signing-keys, commit-short-id): Remove.
* build-aux/git-authenticate.scm (git-authenticate): Rewrite to use
'authenticate-channel'.
* tests/channels.scm ("authenticate-channel, wrong first commit signer")
("authenticate-channel, .guix-authorizations"): Adjust accordingly.
---
 build-aux/git-authenticate.scm | 247 ++---
 guix/channels.scm  | 213 ++--
 tests/channels.scm |   2 +
 3 files changed, 214 insertions(+), 248 deletions(-)

diff --git a/build-aux/git-authenticate.scm b/build-aux/git-authenticate.scm
index a3d4b40ccf..a84b79dfe7 100644
--- a/build-aux/git-authenticate.scm
+++ b/build-aux/git-authenticate.scm
@@ -25,6 +25,7 @@
  (guix base16)
  (guix git)
  (guix git-authenticate)
+ (guix channels)
  (guix i18n)
  ((guix openpgp)
   #:select (openpgp-public-key-fingerprint
@@ -37,186 +38,6 @@
  (ice-9 pretty-print))
 
 
-(define %historical-committers
-  ;; List of "historical" committers---people once authorized committers
-  ;; before the '.guix-authorizations' file was created.
-  ;;
-  ;; These are the user names found on
-  ;;  along with
-  ;; the fingerprint of the signing (sub)key.
-  '(("andreas"
- "AD17 A21E F8AE D8F1 CC02  DBD9 F7D5 C9BF 765C 61E3")
-("ajgrf"
- "2A39 3FFF 68F4 EF7A 3D29  12AF 6F51 20A0 22FB B2D5")
-("alexvong1995"
- "306F CB8F 2C01 C25D 29D3  0556 61EF 502E F602 52F2")
-("alezost"
- "4FB9 9F49 2B12 A365 7997  E664 8246 0C08 2A0E E98F")
-("ambrevar"
- "50F3 3E2E 5B0C 3D90 0424  ABE8 9BDC F497 A4BB CC7F")
-("apteryx"
- "27D5 86A4 F890 0854 329F  F09F 1260 E464 82E6 3562")
-("arunisaac"
- "7F73 0343 F2F0 9F3C 77BF  79D3 2E25 EE8B 6180 2BB3")
-("atheia"
- ;; primary: "3B12 9196 AE30 0C3C 0E90  A26F A715 5567 3271 9948"
- "9A2B 401E D001 0650 1584  BAAC 8BC4 F447 6E8A 8E00")
-("bandali"
- ;; primary: "BE62 7373 8E61 6D6D 1B3A  08E8 A21A 0202 4881 6103"
- "39B3 3C8D 9448 0D2D DCC2  A498 8B44 A0CD C7B9 56F2")
-("bavier"
- ;; primary: "34FF 38BC D151 25A6 E340  A0B5 3453 2F9F AFCA 8B8E"
- "A0C5 E352 2EF8 EF5C 64CD  B7F0 FD73 CAC7 19D3 2566")
-("beffa"
- "3774 8024 880F D3FF DCA2  C9AB 5893 6E0E 2F1B 5A4C")
-("benwoodcroft"
- "BCF8 F737 2CED 080A 67EB  592D 2A6A D9F4 AAC2 0DF6")
-("biscuolo"
- "45CC 63B8 5258 C9D5 5F34  B239 D37D 0EA7 CECC 3912")
-("boskovits"
- "7988 3B9F 7D6A 4DBF 3719  0367 2506 A96C CF63 0B21")
-("brettgilio"
- "DFC0 C7F7 9EE6 0CA7 AE55  5E19 6722 43C4 A03F 0EEE")
-("carl"
- ;; primary: "0401 7A2A 6D9A 0CCD C81D  8EC2 96AB 007F 1A7E D999"
- "09CD D25B 5244 A376 78F6  EEA8 0CC5 2153 1979 91A5")
-("cbaines"
- "3E89 EEE7 458E 720D 9754  E0B2 5E28 A33B 0B84 F577")
-("civodul"
- "3CE4 6455 8A84 FDC6 9DB4  0CFB 090B 1199 3D9A EBB5")
-("cwebber"
- "510A 8628 E2A7 7678 8F8C  709C 4BC0 2592 5FF8 F4D3")
-("dannym"
- ;; primary: "295A F991 6F46 F8A1 34B0  29DA 8086 3842 F0FE D83B"
- "76CE C6B1 7274 B465 C02D  B3D9 E71A 3554 2C30 BAA5")
-("davexunit"
- "B3C0 DB4D AD73 BA5D 285E  19AE 5143 0234 CEFD 87C3")
-("davexunit (2nd)";FIXME: to be confirmed!
- "8CCB A7F5 52B9 CBEA E1FB  2915 8328 C747 0FF1 D807")
-("daviwil"
- "53C4 1E6E 41AA FE55 335A  CA5E 446A 2ED4 D940 BF14")
-("dvc"
- "6909 6DFD D702 8BED ACC5  884B C5E0 51C7 9C0B ECDB")
-("dvc (old)"
- "5F43 B681 0437 2F4B A898  A64B 33B9 E9FD E28D 2C23")
-("efraim"
- "A28B F40C 3E55 1372 662D  14F7 41AA E7DC CA3D 8351")
-("efraim (old)"
- "9157 41FE B22F A4E3 3B6E  8F8D F4C1 D391 7EAC EE93")
-("glv"
- ;; primary: "2453 02B1 BAB1 F867 FDCA  96BC 8F3F 861F 82EB 7A9A"
- "CBC5 9C66 EC27 B971 7940  6B3E 6BE8 208A DF21 FE3F")
-("hoebjo"
- "2219 43F4 9E9F 276F 9499  3382 BF28 6CB6 593E 5FFD")
-("htgoebel"
- "B943 509D 633E 80DD 27FC  4EED 634A 8DFF D3F6 31DF")
-("ipetkov"
- "7440 26BA 7CA3 C668 E940  1D53 0B43 1E98 3705 6942")
-("iyzsong"
- ;; primary: "66A5 6D9C 9A98 BE7F 719A  B401 2652 5665 AE72 7D37"
- "0325 78A6 8298 94E7 2AA2  66F5 D415 BF25 3B51 5976")
-
-;; https://lists.gnu.org/archive/html/guix-devel/2018-04/msg00229.html
-("janneke (old)"
- "DB34 CB51 D25C 9408 156F  CDD6 

bug#41764: `make authenticate` fails to find the keyring branch

[Leo Famulari]

I just tried pushing for the first time since installing the new
pre-push hook that runs `make authenticate`.

This failed with the following error:

Git error: cannot locate remote-tracking branch 'keyring'

However, `git branch --all` includes "remotes/origin/keyring".

After I did `git checkout origin/keyring`, it worked.

Let's update the manual section Commit Access with the recommended way
to make this branch accessible to `make authenticate`. Maybe it should
even do it automatically?

bug#34275: clementine-1.3.1 fails test

[Marius Bakke]

Thorsten Wilms  writes:

> I ignored Clementine failing at updates a few times ... and now checked
> to see that it fails at a different test!
>
> [100%] Linking CXX executable fmpsparser_test
> cd /tmp/guix-build-clementine-1.3.1-2.4619a4c.drv-0/build/tests
> && /gnu/store/89rj5fqcg48afgk99639ds602pgf92k4-cmake-minimal-3.16.5/bin/cmake
> -E cmake_link_script CMakeFiles/fmpsparser_test.dir/link.txt
> --verbose=1 /gnu/store/rn75fm7adgx3pw5j8pg3bczfqq1y17lk-gcc-7.5.0/bin/c+
> +   -std=c++0x -fpermissive -Wno-c++11-narrowing -U__STRICT_ANSI__ -O2
> -g -DNDEBUG  -rdynamic
> CMakeFiles/fmpsparser_test.dir/fmpsparser_test.cpp.o  -o
> fmpsparser_test  libgmock.a libgtest.a ../src/libclementine_lib.a
> libtest_utils.a 
> /gnu/store/nash8slqngrzn2pgqrff6abz8vp6vws6-qtbase-5.12.7/lib/libQt5Test.so.
> 5.12.7 libtest_main.a libgmock.a
> libgtest.a ../src/libclementine_lib.a 
> ../ext/libclementine-spotifyblob/libclementine-spotifyblob-messages.a 
> ../ext/libclementine-tagreader/liblibclementine-tagreader.a 
> ../ext/libclementine-remote/liblibclementine-remote.a 
> ../ext/libclementine-common/liblibclementine-common.a
> -lprotobuf -lssl -lcrypto -ltag -lmygpo-qt5 -lQt5Network -lQt5Core
> -lchromaprint ../3rdparty/qtsingleapplication/libqtsingleapplication.a 
> ../3rdparty/qtiocompressor/libqtiocompressor.a
> -lgio-2.0 -lgstapp-1.0 -lgsttag-1.0 -lgstpbutils-1.0 -lgstvideo-1.0 -lz
> -lgio-2.0 -lgstapp-1.0 -lgsttag-1.0 -lgstpbutils-1.0 -lgstvideo-1.0 -lz
> -lpthread ../3rdparty/qocoa/libQocoa.a 
> /gnu/store/nash8slqngrzn2pgqrff6abz8vp6vws6-qtbase-5.12.7/lib/libQt5OpenGL.so.
> 5.12.7 
> /gnu/store/nash8slqngrzn2pgqrff6abz8vp6vws6-qtbase-5.12.7/lib/libQt5Network.so.
> 5.12.7 
> /gnu/store/nash8slqngrzn2pgqrff6abz8vp6vws6-qtbase-5.12.7/lib/libQt5Xml.so.
> 5.12.7 
> /gnu/store/nash8slqngrzn2pgqrff6abz8vp6vws6-qtbase-5.12.7/lib/libQt5Concurrent.so.
> 5.12.7 
> /gnu/store/nash8slqngrzn2pgqrff6abz8vp6vws6-qtbase-5.12.7/lib/libQt5DBus.so.
> 5.12.7 -lcdio -lm ../gst/moodbar/libgstmoodbar.a -lgobject-2.0
> -lglib-2.0 -lgstbase-1.0 -lgstreamer-1.0 -lgstaudio-1.0 -lgobject-2.0
> -lglib-2.0 -lgstbase-1.0 -lgstreamer-1.0 -lgstaudio-1.0 -lfftw3 -lmtp
> -lpulse ../3rdparty/qxt/libqxt.a 
> /gnu/store/nash8slqngrzn2pgqrff6abz8vp6vws6-qtbase-5.12.7/lib/libQt5Widgets.so.
> 5.12.7 
> /gnu/store/353jqf59wb1nmcd49zx3301r34nr8ibw-qtx11extras-5.12.7/lib/libQt5X11Extras.so.
> 5.12.7 
> /gnu/store/nash8slqngrzn2pgqrff6abz8vp6vws6-qtbase-5.12.7/lib/libQt5Gui.so.
> 5.12.7 ../3rdparty/qsqlite/libqsqlite.a 
> /gnu/store/nash8slqngrzn2pgqrff6abz8vp6vws6-qtbase-5.12.7/lib/libQt5Sql.so.
> 5.12.7 
> /gnu/store/nash8slqngrzn2pgqrff6abz8vp6vws6-qtbase-5.12.7/lib/libQt5Core.so.
> 5.12.7 -lsqlite3 -lX11 -ldl collect2: error: ld returned 1 exit status
> make[3]: *** [tests/CMakeFiles/fmpsparser_test.dir/build.make:120:
> tests/fmpsparser_test] Error 1 make[3]: Leaving directory
> '/tmp/guix-build-clementine-1.3.1-2.4619a4c.drv-0/build' make[2]: ***
> [CMakeFiles/Makefile2:1592: tests/CMakeFiles/fmpsparser_test.dir/all]
> Error 2 make[2]: Leaving directory
> '/tmp/guix-build-clementine-1.3.1-2.4619a4c.drv-0/build' make[1]: ***
> [CMakeFiles/Makefile2:990: tests/CMakeFiles/clementine_test.dir/rule]
> Error 2 make[1]: Leaving directory
> '/tmp/guix-build-clementine-1.3.1-2.4619a4c.drv-0/build' make: ***
> [Makefile:388: clementine_test] Error 2

I'm not able to reproduce this failure, and clementine builds on the CI:

  https://ci.guix.gnu.org/search?query=clementine+system%3Ax86_64-linux

What architecture are you on, and what does 'guix describe' say?


signature.asc
Description: PGP signature

bug#41760: ganv-1.5.4 fails at configure

[Marius Bakke]

Thorsten Wilms  writes:

> During ‘package -u’, ganv fails to build due to some python issue in the 
> configure phase:
>
> starting phase `configure'
> running "python waf" with command "configure" and parameters 
> ("--prefix=/gnu/store/lvvgxdx6fnmbya1bpyjhvzcvlbw7r3hi-ganv-1.5.4-1.12f7d6b04")
> Traceback (most recent call last):
>   File 
> "/tmp/guix-build-ganv-1.5.4-1.12f7d6b04.drv-0/source/.waf3-1.8.22-cd01c337ef788738c16f5e03aaddf994/waflib/Node.py",
>  line 312, in ant_iter
> raise StopIteration
> StopIteration

ganv was updated to 1.6.0 a while back.  Do you get the same failure
after a 'guix pull'?


signature.asc
Description: PGP signature

bug#41598: [staging] calibre build failure

[Marius Bakke]

Marius Bakke  writes:

> Marius Bakke  writes:
>
>> On the 'staging' branch (commit
>> 8a7a5dc7805f4628e60f90af6b2416f951d0c034), "calibre" fails to build:
>>
>> g++ -c -pipe -O2 -Wall -Wextra -D_REENTRANT -fPIC -DQT_NO_DEBUG -DQT_PLUGIN 
>> -DQT_THEME_SUPPORT_LIB -DQT_FONTDATABASE_SUPPORT_LIB 
>> -DQT_SERVICE_SUPPORT_LIB -DQT_EVENTDISPATCHER_SUPPORT_LIB -DQT_GUI_LIB 
>> -DQT_DBUS_LIB -DQT_CORE_LIB -I. -isystem 
>> /gnu/store/3x2kak8abb6z2klch72kfff2qxzv00pj-libpng-1.6.37/include/libpng16 
>> -isystem 
>> /gnu/store/haaam6v8l4s75mj9xmpb9gc78xk001y9-freetype-2.10.1/include/freetype2
>>  -isystem 
>> /gnu/store/59dq1n4wj3maa3kcar6hspj2zd82as7q-qtbase-5.14.2/include/qt5 
>> -isystem 
>> /gnu/store/59dq1n4wj3maa3kcar6hspj2zd82as7q-qtbase-5.14.2/include/qt5/QtThemeSupport
>>  -isystem 
>> /gnu/store/59dq1n4wj3maa3kcar6hspj2zd82as7q-qtbase-5.14.2/include/qt5/QtThemeSupport/5.14.2
>>  -isystem 
>> /gnu/store/59dq1n4wj3maa3kcar6hspj2zd82as7q-qtbase-5.14.2/include/qt5/QtThemeSupport/5.14.2/QtThemeSupport
>>  -isystem 
>> /gnu/store/59dq1n4wj3maa3kcar6hspj2zd82as7q-qtbase-5.14.2/include/qt5/QtFontDatabaseSupport
>>  -isystem 
>> /gnu/store/59dq1n4wj3maa3kcar6hspj2zd82as7q-qtbase-5.14.2/include/qt5/QtFontDatabaseSupport/5.14.2
>>  -isystem 
>> /gnu/store/59dq1n4wj3maa3kcar6hspj2zd82as7q-qtbase-5.14.2/include/qt5/QtFontDatabaseSupport/5.14.2/QtFontDatabaseSupport
>>  -isystem 
>> /gnu/store/59dq1n4wj3maa3kcar6hspj2zd82as7q-qtbase-5.14.2/include/qt5/QtServiceSupport
>>  -isystem 
>> /gnu/store/59dq1n4wj3maa3kcar6hspj2zd82as7q-qtbase-5.14.2/include/qt5/QtServiceSupport/5.14.2
>>  -isystem 
>> /gnu/store/59dq1n4wj3maa3kcar6hspj2zd82as7q-qtbase-5.14.2/include/qt5/QtServiceSupport/5.14.2/QtServiceSupport
>>  -isystem 
>> /gnu/store/59dq1n4wj3maa3kcar6hspj2zd82as7q-qtbase-5.14.2/include/qt5/QtEventDispatcherSupport
>>  -isystem 
>> /gnu/store/59dq1n4wj3maa3kcar6hspj2zd82as7q-qtbase-5.14.2/include/qt5/QtEventDispatcherSupport/5.14.2
>>  -isystem 
>> /gnu/store/59dq1n4wj3maa3kcar6hspj2zd82as7q-qtbase-5.14.2/include/qt5/QtEventDispatcherSupport/5.14.2/QtEventDispatcherSupport
>>  -isystem 
>> /gnu/store/59dq1n4wj3maa3kcar6hspj2zd82as7q-qtbase-5.14.2/include/qt5/QtGui/5.14.2
>>  -isystem 
>> /gnu/store/59dq1n4wj3maa3kcar6hspj2zd82as7q-qtbase-5.14.2/include/qt5/QtGui/5.14.2/QtGui
>>  -isystem 
>> /gnu/store/59dq1n4wj3maa3kcar6hspj2zd82as7q-qtbase-5.14.2/include/qt5/QtGui 
>> -isystem 
>> /gnu/store/59dq1n4wj3maa3kcar6hspj2zd82as7q-qtbase-5.14.2/include/qt5/QtCore/5.14.2
>>  -isystem 
>> /gnu/store/59dq1n4wj3maa3kcar6hspj2zd82as7q-qtbase-5.14.2/include/qt5/QtCore/5.14.2/QtCore
>>  -isystem 
>> /gnu/store/59dq1n4wj3maa3kcar6hspj2zd82as7q-qtbase-5.14.2/include/qt5/QtDBus 
>> -isystem 
>> /gnu/store/59dq1n4wj3maa3kcar6hspj2zd82as7q-qtbase-5.14.2/include/qt5/QtCore 
>> -I. -isystem 
>> /gnu/store/ka6amik38awpprjmbj01pnl9zsxgjjgz-libdrm-2.4.101/include/libdrm 
>> -I/gnu/store/59dq1n4wj3maa3kcar6hspj2zd82as7q-qtbase-5.14.2/lib/qt5/mkspecs/linux-g++
>>  -o main.o 
>> /tmp/guix-build-calibre-3.42.0.drv-0/calibre-3.42.0/src/calibre/headless/main.cpp
>> /tmp/guix-build-calibre-3.42.0.drv-0/calibre-3.42.0/src/calibre/headless/headless_integration.cpp:
>>  In constructor ‘HeadlessIntegration::HeadlessIntegration(const 
>> QStringList&)’:
>> /tmp/guix-build-calibre-3.42.0.drv-0/calibre-3.42.0/src/calibre/headless/headless_integration.cpp:61:5:
>>  error: ‘screenAdded’ was not declared in this scope
>>  screenAdded(mPrimaryScreen);
>>  ^~~
>> make: *** [Makefile:336: headless_integration.o] Error 1
>>
>> Presumably this can be fixed by updating to the latest version of
>> Calibre (4.17.0!).  Any takers?  :-)
>
> I started working on this.  It now needs 'python2-pyqtwebengine', but
> has some trouble because PyQt apparently really wants all the components
> (sip, pyqt, pyqtwebengine) to live in the same directory, and does not
> respect the standard search paths.
>
> The Calibre build script works if I run it in a 'guix environment -C',
> because that would set up a single union profile with all the packages.

As it turns out, the reason it worked in a container was not because of
the union profile.  That was just one of many red herrings in the strace
output...

Ultimately all it needed were TrueType fonts, which were available in my
container because of the fontconfig graft.

Update pushed in d79ec4fd343bc2a72652aa3a4b4ae14bd8df88ac.  \o/

Testers welcome!


signature.asc
Description: PGP signature

bug#41762: Python's pip works from the store but not from profiles

[zimoun]

Hi Pierre,

On Mon, 8 Jun 2020 at 19:09, Pierre Neidhardt  wrote:
>
> On Guix fa122ac4ca2bd4c87b216e2f478397bcde2c1d8f.

With e78275608065ef073775fabb9f1a757da65851f2 it works.


> This works:
>
> --8<---cut here---start->8---
> /gnu/store/czfix13276dvibyf0l4lbk92wiinha37-python-pip-20.0.2/bin/pip install 
> -r requirements/dev.txt
> --8<---cut here---end--->8---


What do you have in 'requirements/dev.txt'?

--8<---cut here---start->8---
$ guix install pip
$ echo sentinelhub > /tmp/req.txt
$ pip install -r /tmp/req.txt
Defaulting to user installation because normal site-packages is not writeable
Collecting sentinelhub
  Using cached sentinelhub-3.0.3.tar.gz (176 kB)
Collecting wheel
  Using cached wheel-0.34.2-py2.py3-none-any.whl (26 kB)
Requirement already satisfied: requests>=2.5.0 in
/gnu/store/qzkgxkivp99ql828sx891hi49asamm3m-profile/lib/python3.8/site-packages
(from sentinelhub->-r /tmp/req.txt (line 1)) (2.22.0)
Collecting click
  Using cached click-7.1.2-py2.py3-none-any.whl (82 kB)
Requirement already satisfied: numpy in
/gnu/store/qzkgxkivp99ql828sx891hi49asamm3m-profile/lib/python3.8/site-packages
(from sentinelhub->-r /tmp/req.txt (line 1)) (1.17.3)
Collecting tifffile
[...]
--8<---cut here---end--->8---


> Traceback (most recent call last):
>   File "/path/to/myprofile/bin/pip", line 6, in 

Have you modified the path?  Looks weird.


Cheers,
simon

bug#41760: ganv-1.5.4 fails at configure

[Thorsten Wilms]

During ‘package -u’, ganv fails to build due to some python issue in the 
configure phase:

starting phase `configure'
running "python waf" with command "configure" and parameters 
("--prefix=/gnu/store/lvvgxdx6fnmbya1bpyjhvzcvlbw7r3hi-ganv-1.5.4-1.12f7d6b04")
Traceback (most recent call last):
  File 
"/tmp/guix-build-ganv-1.5.4-1.12f7d6b04.drv-0/source/.waf3-1.8.22-cd01c337ef788738c16f5e03aaddf994/waflib/Node.py",
 line 312, in ant_iter
raise StopIteration
StopIteration

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File 
"/tmp/guix-build-ganv-1.5.4-1.12f7d6b04.drv-0/source/.waf3-1.8.22-cd01c337ef788738c16f5e03aaddf994/waflib/Scripting.py",
 line 114, in waf_entry_point
run_commands()
  File 
"/tmp/guix-build-ganv-1.5.4-1.12f7d6b04.drv-0/source/.waf3-1.8.22-cd01c337ef788738c16f5e03aaddf994/waflib/Scripting.py",
 line 171, in run_commands
parse_options()
  File 
"/tmp/guix-build-ganv-1.5.4-1.12f7d6b04.drv-0/source/.waf3-1.8.22-cd01c337ef788738c16f5e03aaddf994/waflib/Scripting.py",
 line 144, in parse_options
Context.create_context('options').execute()
  File 
"/tmp/guix-build-ganv-1.5.4-1.12f7d6b04.drv-0/source/.waf3-1.8.22-cd01c337ef788738c16f5e03aaddf994/waflib/Options.py",
 line 146, in execute
super(OptionsContext,self).execute()
  File 
"/tmp/guix-build-ganv-1.5.4-1.12f7d6b04.drv-0/source/.waf3-1.8.22-cd01c337ef788738c16f5e03aaddf994/waflib/Context.py",
 line 93, in execute
self.recurse([os.path.dirname(g_module.root_path)])
  File 
"/tmp/guix-build-ganv-1.5.4-1.12f7d6b04.drv-0/source/.waf3-1.8.22-cd01c337ef788738c16f5e03aaddf994/waflib/Context.py",
 line 134, in recurse
user_function(self)
  File "/tmp/guix-build-ganv-1.5.4-1.12f7d6b04.drv-0/source/wscript", line 21, 
in options
opt.load('compiler_c')
  File 
"/tmp/guix-build-ganv-1.5.4-1.12f7d6b04.drv-0/source/.waf3-1.8.22-cd01c337ef788738c16f5e03aaddf994/waflib/Context.py",
 line 90, in load
fun(self)
  File 
"/tmp/guix-build-ganv-1.5.4-1.12f7d6b04.drv-0/source/.waf3-1.8.22-cd01c337ef788738c16f5e03aaddf994/waflib/Tools/compiler_c.py",
 line 36, in options
opt.load_special_tools('c_*.py',ban=['c_dumbpreproc.py'])
  File 
"/tmp/guix-build-ganv-1.5.4-1.12f7d6b04.drv-0/source/.waf3-1.8.22-cd01c337ef788738c16f5e03aaddf994/waflib/Context.py",
 line 321, in load_special_tools
lst=self.root.find_node(waf_dir).find_node('waflib/extras').ant_glob(var)
  File 
"/tmp/guix-build-ganv-1.5.4-1.12f7d6b04.drv-0/source/.waf3-1.8.22-cd01c337ef788738c16f5e03aaddf994/waflib/Node.py",
 line 361, in ant_glob
ret=[x for x in 
self.ant_iter(accept=accept,pats=[to_pat(incl),to_pat(excl)],maxdepth=kw.get('maxdepth',25),dir=dir,src=src,remove=kw.get('remove',True))]
  File 
"/tmp/guix-build-ganv-1.5.4-1.12f7d6b04.drv-0/source/.waf3-1.8.22-cd01c337ef788738c16f5e03aaddf994/waflib/Node.py",
 line 361, in 
ret=[x for x in 
self.ant_iter(accept=accept,pats=[to_pat(incl),to_pat(excl)],maxdepth=kw.get('maxdepth',25),dir=dir,src=src,remove=kw.get('remove',True))]
RuntimeError: generator raised StopIteration
command "python" "waf" "configure" 
"--prefix=/gnu/store/lvvgxdx6fnmbya1bpyjhvzcvlbw7r3hi-ganv-1.5.4-1.12f7d6b04" 
failed with status 2

bug#41715: The program '/gnu/store/foobar/compute-guix-derivation' failed to compute the derivation for guix

[o . rojon]

Hi Ludo,

here is the log uploaded on mediafire: 
http://www.mediafire.com/file/ldqoi68y88rzrn9/log.bz2/file (note that if 
you can recommend another uploading service, feel free to!)


Since the log is in german, let me specify at least two of the recurrent 
phrases in english:
"Datei oder Verzeichnis nicht gefunden" means "file or directory not 
found"
"Die Ressource ist zur Zeit nicht verfügbar" means "Resource is 
currently unavailable"


If there is other things that need be translated, dont hesitate to tell 
me :)


Greetings,
Olivier

On 07.06.2020 21:47, Ludovic Courtès wrote:

Hi,

o.ro...@posteo.net skribis:


guix pull --roll-back did not solve the issue. The only thing I
believe to have changed is the "host version" portion of the error
message.


OK, that’s expected.


'which guix' actually points to
~/.configu/guix/current/bin/guix. Should this command yield a
different value?


No.


I have actually not done anything regarding either guix-daemon or
offloading. The only things I did after the fresh install were a
reconfigure and passing a manifest file to 'guix package -m'.

I may have misunderstood what Jakub wrote because I am unsure what a
transient failure is. The portion I believe to have understood
essentially says "try again later and it should work".


Yes, that’s the essence of it.  :-)


I found the logs of 'compute-guix-derivation', but I was unable to see
anything meaningful opening the .drv.bz2 file in emacs. Am I doing
something wrong?


Could you try this:

  strace -s 500 -o log guix pull

and post the ‘log’ file, compressed, somewhere?

Thanks,
Ludo’.

bug#41668: Failing test: gui-installed-desktop-os-encrypted

[Danny Milosavljevic]

Hi,

my CI setup for work automatically mails me failures.

It would be really nice to have that for guix master eventually, too.
Maybe just mail failures to guix-devel as they happen.

I don't check https://ci.guix.gnu.org/ so often, and even when I do the jobset
names are kinda weird there, and there's too few stuff on one page--and just in
general there's no good overview on there.  I mean I can search, but a server
can just automate that and just send me the results as they happen.

It could also automatically mail failures to the last commiters of the source
files that are relevant--but that's probably difficult to implement.

Or even use guix data service in order to find out where it failed exactly
and whether it does so for all archs--but maybe later.


pgpXKxfeugowF.pgp
Description: OpenPGP digital signature

bug#40406: python-matplotlib fails to build on i686-linux

[Diego Nicola Barbato]

Hey,

Diego Nicola Barbato  writes:

[...]

> Apparently there is nothing wrong with the slider.  Instead matrix
> multiplication, which is used under the hood for transformations, seems
> to sometimes produce incorrect results on i686-linux.  I have reported
> this as a separate bug (https://debbugs.gnu.org/41665).

I got this wrong: This issue isn't caused by the Numpy bug, since
Matplotlib doesn't use Numpy for transformations.  Both bugs are caused
by the excess precision of the x87 FPU's floating point registers.

I've attached a patch which makes sure that the C and C++ extensions are
compiled with -ffloat-store.  This doesn't get rid of all possible
rounding errors but it's enough for the slider test to pass.

[...]

Regards,

Diego

>From 7c60615e29a1aab7922139183d191cc8cedd5c7f Mon Sep 17 00:00:00 2001
From: Diego Nicola Barbato 
Date: Mon, 8 Jun 2020 02:31:17 +0200
Subject: [PATCH] gnu: python-matplotlib: Fix rounding errors on x86 CPUs.

Fixes .
Reported by Diego Nicola Barbato .

* gnu/packages/python-xyz.scm (python-matplotlib)[arguments]: Set the
environment variable CFLAGS to -ffloat-store.
---
 gnu/packages/python-xyz.scm | 5 +
 1 file changed, 5 insertions(+)

diff --git a/gnu/packages/python-xyz.scm b/gnu/packages/python-xyz.scm
index 94e63d1c74..f0b96c6fb0 100644
--- a/gnu/packages/python-xyz.scm
+++ b/gnu/packages/python-xyz.scm
@@ -81,6 +81,7 @@
 ;;; Copyright © 2020 Josh Holland 
 ;;; Copyright © 2020 Yuval Kogman 
 ;;; Copyright © 2020 Michael Rohleder 
+;;; Copyright © 2020 Diego N. Barbato 
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -4744,6 +4745,10 @@ convert between colorspaces like sRGB, XYZ, CIEL*a*b*, CIECAM02, CAM02-UCS, etc.
;; has not effect.
(setenv "LD_LIBRARY_PATH" (string-append cairo "/lib"))
(setenv "HOME" (getcwd))
+   ;; Fix rounding errors when using the x87 FPU.
+   ,@(if (string-prefix? "i686" (%current-system))
+ '((setenv "CFLAGS" "-ffloat-store"))
+ '())
(call-with-output-file "setup.cfg"
  (lambda (port)
(format port "[directories]~%
-- 
2.26.2

bug#41668: Failing test: gui-installed-desktop-os-encrypted

[Mathieu Othacehe]

Hey,

Turns out using "invoke/quiet" is not really convenient because it
stores all the command output, which can be pretty big, in memory.

Instead I did reimplement the command in (gnu installer utils) in the
attached patch :).

Thanks,

Mathieu
>From 7c1a03b03d5e62876a88d87aff36776c8ce4ddf2 Mon Sep 17 00:00:00 2001
From: Mathieu Othacehe 
Date: Mon, 8 Jun 2020 15:14:49 +0200
Subject: [PATCH] installer: utils: Dump command output to syslog when testing.

When debugging the installation tests, it can be very handy to be able to read
"run-command" output, for instance when executing "guix system init".

Introduce a new "invoke-with-log" procedure that is able to log a command
standard and error outputs to the syslog. Use it, only when running the
installation tests, to dump "run-command" output.

* gnu/installer/utils.scm (open-pipe-with-stderr, invoke-with-log): New
procedures,
(invoke-log-port): new variable,
(run-command): move to the end of the file and use invoke-with-log when
running the installation tests.
---
 gnu/installer/utils.scm | 166 +---
 1 file changed, 122 insertions(+), 44 deletions(-)

diff --git a/gnu/installer/utils.scm b/gnu/installer/utils.scm
index 5f8fe8ca01..b9d88e46d9 100644
--- a/gnu/installer/utils.scm
+++ b/gnu/installer/utils.scm
@@ -22,8 +22,13 @@
   #:use-module (guix build utils)
   #:use-module (guix i18n)
   #:use-module (srfi srfi-1)
+  #:use-module (srfi srfi-11)
+  #:use-module (srfi srfi-26)
   #:use-module (srfi srfi-34)
+  #:use-module (srfi srfi-34)
+  #:use-module (srfi srfi-35)
   #:use-module (ice-9 match)
+  #:use-module (ice-9 popen)
   #:use-module (ice-9 rdelim)
   #:use-module (ice-9 regex)
   #:use-module (ice-9 format)
@@ -68,50 +73,6 @@ number. If no percentage is found, return #f"
 (and result
  (string->number (match:substring result 1)
 
-(define* (run-command command #:key locale)
-  "Run COMMAND, a list of strings, in the given LOCALE.  Return true if
-COMMAND exited successfully, #f otherwise."
-  (define env (environ))
-
-  (define (pause)
-(format #t (G_ "Press Enter to continue.~%"))
-(send-to-clients '(pause))
-(environ env)   ;restore environment variables
-(match (select (cons (current-input-port) (current-clients))
- '() '())
-  (((port _ ...) _ _)
-   (read-line port
-
-  (setenv "PATH" "/run/current-system/profile/bin")
-
-  (when locale
-(let ((supported? (false-if-exception
-   (setlocale LC_ALL locale
-  ;; If LOCALE is not supported, then set LANGUAGE, which might at
-  ;; least give us translated messages.
-  (if supported?
-  (setenv "LC_ALL" locale)
-  (setenv "LANGUAGE"
-  (string-take locale
-   (or (string-index locale #\_)
-   (string-length locale)))
-
-  (guard (c ((invoke-error? c)
- (newline)
- (format (current-error-port)
- (G_ "Command failed with exit code ~a.~%")
- (invoke-error-exit-status c))
- (syslog "command ~s failed with exit code ~a"
- command (invoke-error-exit-status c))
- (pause)
- #f))
-(syslog "running command ~s~%" command)
-(apply invoke command)
-(syslog "command ~s succeeded~%" command)
-(newline)
-(pause)
-#t))
-
 
 ;;;
 ;;; Logging.
@@ -219,3 +180,120 @@ accepting socket."
 
   (current-clients (reverse remainder))
   exp)
+
+
+;;;
+;;; Run commands.
+;;;
+
+;; XXX: This is taken from (guix build utils) and could be factorized.
+(define (open-pipe-with-stderr program . args)
+  "Run PROGRAM with ARGS in an input pipe, but, unlike 'open-pipe*', redirect
+both its standard output and standard error to the pipe.  Return two value:
+the pipe to read PROGRAM's data from, and the PID of the child process running
+PROGRAM."
+  ;; 'open-pipe*' doesn't attempt to capture stderr in any way, which is why
+  ;; we need to roll our own.
+  (match (pipe)
+((input .  output)
+ (match (primitive-fork)
+   (0
+(dynamic-wind
+  (const #t)
+  (lambda ()
+(close-port input)
+(close-port (syslog-port))
+(dup2 (fileno output) 1)
+(dup2 (fileno output) 2)
+(apply execlp program program args))
+  (lambda ()
+(primitive-exit 127
+   (pid
+(close-port output)
+(values input pid))
+
+(define invoke-log-port
+  ;; Port used by INVOKE-WITH-LOG for logging.
+  (make-parameter #f))
+
+(define* (invoke-with-log program . args)
+  "Invoke PROGRAM with ARGS and log PROGRAM's standard output and standard
+error to INVOKE-LOG-PORT.  If PROGRAM succeeds, print nothing and return the
+unspecified value; otherwise, raise a '' error condition with the
+status code.  This procedure is very similar to 

bug#41710: Possibly found a bug while doing a "guix pull"

[Danny Milosavljevic]

Hi,

On Mon, 8 Jun 2020 01:15:46 +0200
Léon Lain Delysid  wrote:

>or
> if my system crashing twice during a pull command somehow broke it, 

Probably.

>but I
> hope this feedback helped. 

It sure helped.  It's good to know that that can happen.

I remember the first time I used Guix, I picked some file system that would
keep doing that: leave empty files if the system crashed (among lots of other
things).  And that system crashed a lot.  I had the same result as you,
and a lot of additional problems.

Back then we already improved a lot of places that were really really
important (added fsync calls), so the remaining places should be quite
harmless--like this one.  Because of Guix, you can always rebuild
/gnu/store just as it was--after a long build time maybe, but it's possible
(could be made a LOT more usable, though).

(fsync degrades performance, so it makes no sense to fsync for /gnu/store)

I think we can't really do more without imposing undue mainentance burden on
us (for something the file system shouldn't be doing in the first place),
or we could recommend another file system or different file system options
in the manual.  What would the latter be?

Also, how it the world didn't the file system checker fsck

(1) automatically run and
(2) fix this

in your case?

I mean what if those were user documents, which *couldn't* be restored so
easily?  Weird...


pgp7yap7myohD.pgp
Description: OpenPGP digital signature

bug#41702: `guix environment` performance issues

[Lars-Dominik Braun]

Hi Ludo,

> --8<---cut here---start->8---
> $ time guix environment --ad-hoc r-learnr --search-paths
> export 
> PATH="/gnu/store/n4wxbmqpafjfyawrla8xymzzdm5hxwph-profile/bin${PATH:+:}$PATH"
> 
> real  0m11.328s
> user  0m20.155s
> sys   0m0.172s
> $ time ./pre-inst-env guix environment --ad-hoc r-learnr --search-paths
> export 
> PATH="/gnu/store/if6z77la3mx0qdzvcyl4qv9i5cyp48i0-profile/bin${PATH:+:}$PATH"
> 
> real  0m4.602s
> user  0m6.189s
> sys   0m0.136s
> --8<---cut here---end--->8---
that’s awesome and brings me much closer to my goal of running all applications
inside a `guix environment` container for reproducibility. Including the
protocol fixes from #41720 I’m now down to ~30s from ~50s, which may be called
somewhat usable. Obviously I’d be very interested in further speedups.

Thanks,
Lars



signature.asc
Description: PGP signature

bug#41668: Failing test: gui-installed-desktop-os-encrypted

[Mathieu Othacehe]

Hey Ludo,

> How did you do it in the example above?  Perhaps we can have a local
> hack specifically in the installer (otherwise we’d find ourselves
> duplicating syslog-related logic there.)

I used a custom re-implementation of "invoke/quiet" printing every line
on the syslog port. Maybe, we could enable such a mechanism only during
the tests.

> I don’t have good ideas for (1), although I think the speedups induced
> by the new image API might help.

Yes, that's for sure making the debug more comfortable!

> As for (2), I think it’s kind of a problem of CI in general, connected
> with the fact that we’re all somewhat busy building stuff rather than
> waiting for CI notifications to act on.  :-)
>
> That’s my impression, but I’d really like to hear from people with
> experience in CI and/or the system tests.

Totally agree. When submitting patches to Linux for instance, the CI is
able to reply to the patch mail, and warn about any failures. An other
difference is that patches are often kept in the maintainer 'staging'
branches until the CI is over.

I don't know if Guix is a big enough project to appoint some maintainers
that would periodically merge their branches to 'master' or if it would
just be a huge burden. Something we need to discuss in the future maybe.

> Perfect, thanks!

Anyway, thanks for your fast review :)

Mathieu

bug#41607: Deleted store items are not actually deleted

[Chris Marusich]

Hi zimoun,

zimoun  writes:

> On Sun, 7 Jun 2020 at 03:31, Chris Marusich  wrote:
>
>> I have committed the fix in d445c30ea6 and updated the guix package
>> definition in ecbde6505c to ensure that the next time "guix pull" is
>> run, the new guix-daemon version will be used.
>
> Sorry to be late, I have things like that:
>
> [548 MiB] deleting 
> '/gnu/store/dkzivzn17qilmqdfpyps62b395wxhshh-openssl-1.1.1f'
> note: can't create move
> `/gnu/store/dkzivzn17qilmqdfpyps62b395wxhshh-openssl-1.1 unable to
> rename `/gnu/store/dkzivzn17qilmqdfpyps62b395wxhshh-openssl-1.1.1f' to
> `/gnu/store/trash/dkzivzn17qilmqdfpyps62b395wxhshh-openssl-1.1.1f':
> Invalid cross-device link
> [553 MiB] deleting '/gnu/store/yaajjri3cks8rhkb29z08d3q5waww0dx-packages.scm'

That looks normal to me.  Previously, the cross-device link error would
be silently ignored and the directory would not be deleted - no message
would be printed about the cross-device link error.

Now, however, the cross-device link error is reported, and the directory
is deleted.  If you find that the directory is not actually deleted,
please let me know so I can look into it more.  When I tested it on my
end, the directory was in fact deleted.

-- 
Chris


signature.asc
Description: PGP signature

bug#41738: Jupyter propagates two different versions of ipython

[Edouard Klein]

As I said on the other bug, this is my fault, sorry.

I'll try to fix it starting wednesday.

Sorry for the incovenience.


paul writes:

> Hi Guix,
>
> On Guix System
>
>   guix ecab53c
> repository URL: https://git.savannah.gnu.org/git/guix.git
> branch: master
> commit: ecab53c320b1584a08f811b17a92bd9a50a50ff3
>
> it's impossible to install jupyter in a new profile because it tries to
> propagate two different versions of python-ipython, you should be able to
> reproduce with:
>
> $ guix package -p /tmp/tmp-profile -i jupyter
> The following package will be installed:
>jupyter 1.0.0
>
> guix package: error: profile contains conflicting entries for python-ipython
> guix package: error:   first entry: python-ipython@7.9.0
> /gnu/store/z0yarar134q6sziqncjdlfg2h2w5b2yh-python-ipython-7.9.0
> guix package: error:... propagated from python-ipywidgets@7.5.1
> guix package: error:... propagated from jupyter@1.0.0
> guix package: error:   second entry: python-ipython@7.9.0
> /gnu/store/avmg5jd7kccchxadsd9c7zq0p3shlk3w-python-ipython-7.9.0
> guix package: error:... propagated from python-qtconsole@4.4.3
> guix package: error:... propagated from jupyter@1.0.0
> hint: You cannot have two different versions or variants of `jupyter' in the
> same profile.
>
>
> The conflict seems to be caused because:
>
> - 
> /gnu/store/avmg5jd7kccchxadsd9c7zq0p3shlk3w-python-ipython-7.9.0depends on
> python-prompt-toolkit@3.0.5
>
> - 
> /gnu/store/z0yarar134q6sziqncjdlfg2h2w5b2yh-python-ipython-7.9.0depends on
> python-prompt-toolkit@2.0.7
>
>
> This change seems to be introduced with 
> 32ba87c14fd5e5b54d95211cd9a159d568ce7c67
> , which updates python-prompt-toolkit to 3.0.5 and to prevent 
> python-ipywidgets,
> python-jupyter-console and python-widgetsnbextension tests from crashing 
> builds
> them with python-prompt-toolkit@2.0.7.
>
>
> Giacomo