bug#42553: python-gevent is broken on i686-linux (tests fail)

[Jakub Kądziołka]

On Thu Jul 14, 2022 at 4:40 AM CEST, Maxim Cournoyer wrote:
> Finally disabled the test in 692c2ad327.
>
> Closing.

Are we sure this is the appropriate course of action? It sounds like the
test is exposing a bug in our packaging that might affect users of
python-gevent. It might be better to have the package build than not, of
course, but still we might want to investigate why the test fails.

Regards,
Kuba

bug#42342: Wine64 segfaults (5.12/staging)

[Jakub Kądziołka]

On Sun, Aug 09, 2020 at 04:03:07PM +0200, Pierre Neidhardt wrote:
> OK, I think I got it.  I had to have _both_ wine and wine64 (staging or
> not) in my profile.

Interesting. Perhaps we should merge the two packages, then? We'd need
to take care to make it work right on i686-linux, but I don't think
that's unsurmountable...

> Previously, the "wine" executable (for 32-bit apps) used to work when
> wine64 alone was in the profile.  Now it looks like we need both.  Any
> idea what changed?

Perhaps loading 32-bit programs with the wine64 wasn't supposed to work
in the first place, and we were relying on some implementation quirk?
Alternatively, cross-compiling from 64 to 32 bit is less tested by
upstream than compiling natively on 64 or 32 bit, and we're hitting an
upstream bug?

Regards,
Jakub Kądziołka


signature.asc
Description: PGP signature

bug#37013: LyX can not find refstyle.sty

[Jakub Kądziołka]

It seems that this issue is not caused by any behavior of LyX, since
merely adding LyX to a profile breaks the existing texlive installation:


~/tmp$ cat test.tex
\documentclass[a4paper]{article}
\usepackage{url}
\begin{document}
\end{document}
~/tmp$ guix environment --pure --ad-hoc texlive -- pdflatex test.tex
This is pdfTeX, Version 3.14159265-2.6-1.40.20 (TeX Live 2019) (preloaded 
format=pdflatex)
 restricted \write18 enabled.
entering extended mode
(./test.tex
LaTeX2e <2018-12-01>

(/gnu/store/wyp70a5a4spmj1g2wvm27d5968sssvwq-texlive-texmf-20190410/share/texmf
-dist/tex/latex/base/article.cls
Document Class: article 2018/09/03 v1.4i Standard LaTeX document class

(/gnu/store/wyp70a5a4spmj1g2wvm27d5968sssvwq-texlive-texmf-20190410/share/texmf
-dist/tex/latex/base/size10.clo))
(/gnu/store/wyp70a5a4spmj1g2wvm27d5968sssvwq-texlive-texmf-20190410/share/texmf
-dist/tex/latex/url/url.sty)
No file test.aux.
(./test.aux) )
No pages of output.
Transcript written on test.log.
~/tmp$ guix environment --pure --ad-hoc texlive lyx -- pdflatex test.tex
This is pdfTeX, Version 3.14159265-2.6-1.40.20 (TeX Live 2019) (preloaded 
format=pdflatex)
 restricted \write18 enabled.
entering extended mode
(./test.tex
LaTeX2e <2018-12-01>
(/gnu/store/xq0b0mgz5h6invz9fh13n29mb2jfdb0s-texlive-union-51265/share/texmf-dist/tex/latex/base/article.cls
Document Class: article 2018/09/03 v1.4i Standard LaTeX document class
(/gnu/store/xq0b0mgz5h6invz9fh13n29mb2jfdb0s-texlive-union-51265/share/texmf-dist/tex/latex/base/size10.clo))

! LaTeX Error: File `url.sty' not found.

Type X to quit or  to proceed,
or enter new name. (Default extension: sty)

Enter file name:
====

Regards,
Jakub Kądziołka


signature.asc
Description: PGP signature

bug#42342: Wine64 segfaults (5.12/staging)

[Jakub Kądziołka]

On Tue, Jul 28, 2020 at 05:58:08PM +0200, Pierre Neidhardt wrote:
> Cc-ing to Tobias and Jakub.
> 
> -- 
> Pierre Neidhardt
> https://ambrevar.xyz/

Hi,

I can't reproduce this. I usually use 32-bit wine, so when it complained
about the bitness of the wineprefix, I did

$ mv ~/.wine ~/.wine32

then

$ guix environment --ad-hoc wine64 -- wine64 regedit

fired up the registry editor just fine.

Regards,
Jakub Kądziołka


signature.asc
Description: PGP signature

bug#42553: python-gevent is broken on i686-linux (tests fail)

[Jakub Kądziołka]

The package python-gevent doesn't build on i686-linux, the following
test failure occurs:

  ==
  FAIL: test_unlink (gevent.tests.test__core_stat.TestCoreStat)
  --
  Traceback (most recent call last):
File 
"/tmp/guix-build-python-gevent-20.6.2.drv-0/gevent-20.6.2/build/lib.linux-i686-3.8/gevent/testing/errorhandler.py",
 line 47, in wrapper
  return method(self, *args, **kwargs)
File 
"/tmp/guix-build-python-gevent-20.6.2.drv-0/gevent-20.6.2/build/lib.linux-i686-3.8/gevent/testing/errorhandler.py",
 line 34, in wrapper
  return method(self, *args, **kwargs)
File 
"/tmp/guix-build-python-gevent-20.6.2.drv-0/gevent-20.6.2/build/lib.linux-i686-3.8/gevent/testing/testcase.py",
 line 182, in wrapper
  return method(self, *args, **kwargs)
File 
"/tmp/guix-build-python-gevent-20.6.2.drv-0/gevent-20.6.2/build/lib.linux-i686-3.8/gevent/tests/test__core_stat.py",
 line 114, in test_unlink
  self._check_attr('attr', True)
File 
"/tmp/guix-build-python-gevent-20.6.2.drv-0/gevent-20.6.2/build/lib.linux-i686-3.8/gevent/tests/test__core_stat.py",
 line 66, in _check_attr
  self.assertIsNone(x, name)
  AssertionError: os.stat_result(st_mode=997, st_ino=0, 
st_dev=74395714104328192, st_nlink=3, st_uid=0, st_gid=0, 
st_size=6851593278123409408, st_atime=1595260873, st_mtime=0, st_ctime=-2) is 
not None : attr
  
  --
  Ran 48 tests in 1.238s

I have created a simple standalone script based on this test case:

import os, tempfile, gevent
fd, path = tempfile.mkstemp('.test')
os.close(fd)
hub = gevent.get_hub()
watcher = hub.loop.stat(path, interval=-1)
hub.loop.update_now()
gevent.spawn_later(0.5, os.unlink, path)
hub.wait(watcher)
print(watcher.attr)
print(watcher.prev)

After adding a (delete 'check) to python-gevent's arguments, we observe
the following:

% ./pre-inst-env guix environment --ad-hoc python python-gevent -- python3 
~/tmp/gevent-test.py
None
os.stat_result(st_mode=33152, st_ino=44162375, st_dev=2052, st_nlink=1, 
st_uid=1000, st_gid=1000, st_size=0, st_atime=1595787602, st_mtime=1595787602, 
st_ctime=1595787602)
% ./pre-inst-env guix environment --system=i686-linux --ad-hoc python 
python-gevent -- python3 ~/tmp/gevent-test.py
os.stat_result(st_mode=1000, st_ino=0, st_dev=189675956338688000, 
st_nlink=1000, st_uid=0, st_gid=0, st_size=6853855360088801280, 
st_atime=1595787555, st_mtime=0, st_ctime=-2)
os.stat_result(st_mode=33152, st_ino=2052, st_dev=2052, st_nlink=1, 
st_uid=1000, st_gid=1000, st_size=17592186044416, st_atime=1595787555, 
st_mtime=1595787555, st_ctime=0)

Namely, the i686 variant returns entirely bogus values.

I have tried reproducing this in a Guix-less environment in a Docker
container based on the i386/debian:bullseye image, but I haven't had any
luck.

Regards,
Jakub Kądziołka


signature.asc
Description: PGP signature

bug#42164: Combining file-append with gexps results in incomprehensible errors

[Jakub Kądziołka]

Consider this minimal operating-system definition:

(use-modules (gnu))
(use-package-modules gcc)

(operating-system
  (host-name "test")
  (timezone "UTC")
  (bootloader (bootloader-configuration
(bootloader grub-efi-bootloader)
(target "/boot/efi")))
  (file-systems (cons*
  (file-system
(device (file-system-label "root"))
(mount-point "/")
(type "ext4"))
  %base-file-systems))
  (packages '())
  (services (cons*
  (service special-files-service-type
   `(("/lib64" ,(directory-union "rustup-libs"
  (list
(file-append glibc "/lib")
(file-append #~#$gcc:lib "/lib"))
  %base-services)))

I would expect this way of specifying a specific output of a package to
work, but it results in the following error:

ice-9/boot-9.scm:1515:18: object is not an exception of the right type 
#<&gexp-input-error input: #:lib> 7f06c6b06990>> #

This also happens when I omit the directory-union:

  (service special-files-service-type
   `(("/lib64" ,(file-append #~#$gcc:lib "/lib"

What *does* work, is this variant with string-append:

  (service special-files-service-type
   `(("/lib64" ,#~(string-append #$gcc:lib "/lib"

However, using it in the directory-union breaks again:

  (service special-files-service-type
   `(("/lib64" ,(directory-union "rustup-libs"
  (list
(file-append glibc "/lib")
#~(string-append #$gcc:lib "/lib"))

ERROR: In procedure opendir:
Wrong type (expecting string): (string-append 
"/gnu/store/mdxmdhrlkgdik6ay9pzmmy8mjcbibpwb-gcc-7.5.0-lib" "/lib")
builder for `/gnu/store/p5hf7hqxn35fgsb75s5i7326vyzb8jkr-rustup-libs.drv' 
failed with exit code 1

I have figured out that the following does work:

  (service special-files-service-type
   `(("/lib64" ,#~(directory-union "rustup-libs"
(list
  (string-append #$glibc "/lib")
  (string-append #$gcc:lib "/lib"))

However, I would expect the other variants to work as well. The
documentation and error messages are lacking in this regard.

Regards,
Jakub Kądziołka


signature.asc
Description: PGP signature

bug#41872: emacs-irony-mode fails to build on LLVM 10

[Jakub Kądziołka]

On Tue, Jun 16, 2020 at 12:13:52PM +0200, Ludovic Courtès wrote:
> Hi,
> 
> Alternatively, we can try building clang@10 with the flags Pierre
> mentioned recently on this list so that we’re only building shared
> libraries; that should take up less space.

I'm currently building clang@10 with -DCLANG_LINK_CLANG_DYLIB=ON, but
unfortunately this flag requires -DLLVM_LINK_LLVM_DYLIB=ON, and it
doesn't work if LLVM wasn't build with that same flag.

Unfortunately, LLVM is a reverse-dep to the entire mesa mess, so this
approach would require a trip through staging (unless we create a
separate llvm-for-mesa package - would that be reasonable?).

Thoughts?

Regards,
Jakub Kądziołka


signature.asc
Description: PGP signature

bug#41872: emacs-irony-mode fails to build on LLVM 10

[Jakub Kądziołka]

I was trying to update the default LLVM.


diff --git a/gnu/packages/llvm.scm b/gnu/packages/llvm.scm
index 11e4cfbe4c..b0e80507f4 100644
--- a/gnu/packages/llvm.scm
+++ b/gnu/packages/llvm.scm
@@ -527,10 +527,10 @@ output), and Binutils.")
   (make-clang-toolchain clang-9))

 ;; Default LLVM and Clang version.
-(define-public llvm llvm-9)
-(define-public clang-runtime clang-runtime-9)
-(define-public clang clang-9)
-(define-public clang-toolchain clang-toolchain-9)
+(define-public llvm llvm-10)
+(define-public clang-runtime clang-runtime-10)
+(define-public clang clang-10)
+(define-public clang-toolchain clang-toolchain-10)

 (define-public llvm-8
   (package


With the help of `guix refresh', I have identified all packages that
depended on LLVM 9 and will now potentially be using LLVM 10. Among
those is emacs-irony-mode-server, which fails to build with the
following error:


CMake Error at 
/gnu/store/4ml806jam2af7f8i8sg8xi7b4mw81x9g-clang-10.0.0/lib/cmake/clang/ClangTargets.cmake:627
 (message):
  The imported target "clangApplyReplacements" references the file

 
"/gnu/store/4ml806jam2af7f8i8sg8xi7b4mw81x9g-clang-10.0.0/lib/libclangApplyReplacements.a"

  but this file does not exist.  Possible reasons include:

  * The file was deleted, renamed, or moved to another location.

  * An install or uninstall procedure did not complete successfully.

  * The installation package was faulty and contained

 
"/gnu/store/4ml806jam2af7f8i8sg8xi7b4mw81x9g-clang-10.0.0/lib/cmake/clang/ClangTargets.cmake"

  but not all the files it references.

Call Stack (most recent call first):
  
/gnu/store/4ml806jam2af7f8i8sg8xi7b4mw81x9g-clang-10.0.0/lib/cmake/clang/ClangConfig.cmake:18
 (include)
  src/CMakeLists.txt:4 (find_package)


-- Configuring incomplete, errors occurred!
See also 
"/tmp/guix-build-emacs-irony-mode-server-1.4.0.drv-0/source/CMakeFiles/CMakeOutput.log".
command "cmake" "server" 
"-DCMAKE_INSTALL_PREFIX=/gnu/store/5clyjcgw8g9jhryhk8bhljg950ijmwm4-emacs-irony-mode-server-1.4.0"
 failed with status 1
builder for 
`/gnu/store/qiiqbbzpigs7lnywplbwjdsh4qc2ic94-emacs-irony-mode-server-1.4.0.drv' 
failed with exit code 1


The ClangTargets.cmake file for LLVM 10 gained ApplyReplacements in a
list of libraries provided by clang, but Guix removes these libraries:


;; Remove MiBs of .a files coming from
;; 'clang-tools-extra'.
(for-each (lambda (component)
(delete-file
 (string-append lib "/libclang"
component ".a")))
  '("ApplyReplacements"
"ChangeNamespace"
"Daemon"
"DaemonTweaks"
"Doc"
"IncludeFixer"
"IncludeFixerPlugin"
"Move"))


The code was introduced in this commit:

commit 77a87ad4aceed9d89d615540e0fd147e3a8b2f64
Author: Ludovic Courtès 
Date:   Thu May 28 11:46:59 2020 +0200

gnu: clang: Build 'clang-tools-extra'.

* gnu/packages/llvm.scm (clang-from-llvm): Add #:tools-extra.
Add 'output' field.  In 'inputs', add TOOLS-EXTRA when it's given.
In 'arguments', add 'add-tools-extra' and 'move-extra-tools' phases when
TOOLS-EXTRA is given.

I don't know cmake nearly well enough to fix this.

Regards,
Jakub Kądziołka


signature.asc
Description: PGP signature

bug#41796: Grafts don't handle outputs other than out

[Jakub Kądziołka]

$ cat test.scm
(use-modules
  (guix packages)
  (guix build-system trivial))

(define-public core-pkg
  (package
(name "core-pkg")
(version "1.0")
(replacement core-pkg/fixed)
(source #f)
(outputs '("out" "lib"))
(build-system trivial-build-system)
(arguments
 `(#:modules ((guix build utils))
   #:builder
   (begin
 (use-modules (guix build utils))
 (let ((outdir (assoc-ref %outputs "out"))
   (libdir (assoc-ref %outputs "lib")))
   (mkdir-p outdir)
   (mkdir-p libdir)
   #t
(synopsis #f)
(description #f)
(home-page #f)
(license #f)))

(define-public core-pkg/fixed
  (package
(inherit core-pkg)
(version "1.1")))

(package
  (name "other-pkg")
  (version "4.2")
  (source #f)
  (build-system trivial-build-system)
  (inputs
  `(("core-pkg" ,core-pkg)
("core-pkg:lib" ,core-pkg "lib")))
  (arguments
  `(#:modules ((guix build utils))
#:builder
(begin
  (use-modules (guix build utils))
  (let ((outdir (assoc-ref %outputs "out")))
(mkdir-p outdir)
(with-output-to-file (string-append outdir "/hello")
  (lambda ()
(display (assoc-ref %build-inputs "core-pkg"))
(newline)
(display (assoc-ref %build-inputs "core-pkg:lib"))
(newline)))
#t
  (synopsis #f)
  (description #f)
  (home-page #f)
  (license #f))
~$ cat `guix build --no-offload -f test.scm`/hello
/gnu/store/pmz07rzm63z02lkyyldsw3srf98h01y2-core-pkg-1.1
/gnu/store/pivsji8qfpln4i4v0f5v5cjmzakmcmvg-core-pkg-1.0-lib

Expected output: the second line contains -core-pkg-1.1-lib.

Regards,
Jakub Kądziołka


signature.asc
Description: PGP signature

bug#41715: The program '/gnu/store/foobar/compute-guix-derivation' failed to compute the derivation for guix

[Jakub Kądziołka]

Hi,

I encountered a similar error message today, but it worked fine after
retrying. After digging around in /var/log/guix/drvs, I found these
lines in an appropriately-timestamped log file:

substitute: guix substitute: warning: ci.guix.gnu.org: connection failed: 
Connection timed out
@ build-started 
/gnu/store/klyq05c1q8jzwnwrlmvy4ma6m2h6hbk0-compute-guix-derivation.drv - 
x86_64-linux 
/var/log/guix/drvs/kl//yq05c1q8jzwnwrlmvy4ma6m2h6hbk0-compute-guix-derivation.drv.bz2
 3907994
@ build-succeeded 
/gnu/store/klyq05c1q8jzwnwrlmvy4ma6m2h6hbk0-compute-guix-derivation.drv -

I do recall seeing the Connection timed out message, I'd even say it's
probably the reason why I decided to retry the pull without much
investigation.

Regards,
Jakub Kądziołka


signature.asc
Description: PGP signature

bug#41596: [staging] 'librsvg-next' build failure

[Jakub Kądziołka]

On Fri, May 29, 2020 at 03:17:51PM +0200, Marius Bakke wrote:
> On the 'staging' branch, "librsvg-next" (a dependency of GNOME) fails to
> compile the 'xml-rs' Rust crate:
> 
> --8<---cut here---start->8---
>Compiling xml-rs v0.8.1
> error[E0658]: `cfg(doctest)` is experimental and subject to change
>  --> 
> /tmp/guix-build-librsvg-2.46.4.drv-0/librsvg-2.46.4/vendor/rust-xml-rs-0.8.1.tar.gz/src/lib.rs:9:7
>   |
> 9 | #[cfg(doctest)]
>   |   ^^^
>   |
>   = note: for more information, see 
> https://github.com/rust-lang/rust/issues/62210

That's a feature that was stabilized in Rust 1.40. I have a WIP patch
that updates Rust upto 1.43.1, but it's blocked on a LLVM 9 patch backport I
haven't had time to prepare yet. I won't have the time to look into it
properly right now, but here are the relevant links:

https://github.com/rust-lang/llvm-project/commit/7d5e7c023053660ffe494d72ce471e48ecc7f49b
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959877
https://github.com/rust-lang/llvm-project/pull/43

Regards,
Jakub Kądziołka


signature.asc
Description: PGP signature

bug#41491: docker fails to build on foreign Debian system

[Jakub Kądziołka]

I am trying to build the `docker' package on a foreign distro.
Specifically, Debian sid. This results in the following test failures:

--
=== Failed
=== FAIL: daemon/graphdriver/quota 
TestBlockDev/testBlockDevQuotaDisabled (0.03s)
--- FAIL: TestBlockDev/testBlockDevQuotaDisabled (0.03s)
projectquota_test.go:83: assertion failed: error is not nil: exit 
status 1: mount failed: mount: 
/tmp/guix-build-docker-19.03.7.drv-0/xfs-mountPoint-325789281: mount failed: 
Operation not permitted.


=== FAIL: daemon/graphdriver/quota 
TestBlockDev/testBlockDevQuotaEnabled (0.02s)
--- FAIL: TestBlockDev/testBlockDevQuotaEnabled (0.02s)
projectquota_test.go:83: assertion failed: error is not nil: exit 
status 1: mount failed: mount: 
/tmp/guix-build-docker-19.03.7.drv-0/xfs-mountPoint-054602316: mount failed: 
Operation not permitted.


=== FAIL: daemon/graphdriver/quota TestBlockDev/testSmallerThanQuota 
(0.01s)
--- FAIL: TestBlockDev/testSmallerThanQuota (0.01s)
projectquota_test.go:83: assertion failed: error is not nil: exit 
status 1: mount failed: mount: 
/tmp/guix-build-docker-19.03.7.drv-0/xfs-mountPoint-879061307: mount failed: 
Operation not permitted.


=== FAIL: daemon/graphdriver/quota TestBlockDev/testBiggerThanQuota 
(0.01s)
--- FAIL: TestBlockDev/testBiggerThanQuota (0.01s)
projectquota_test.go:83: assertion failed: error is not nil: exit 
status 1: mount failed: mount: 
/tmp/guix-build-docker-19.03.7.drv-0/xfs-mountPoint-487602526: mount failed: 
Operation not permitted.


=== FAIL: daemon/graphdriver/quota TestBlockDev/testRetrieveQuota 
(0.01s)
--- FAIL: TestBlockDev/testRetrieveQuota (0.01s)
projectquota_test.go:83: assertion failed: error is not nil: exit 
status 1: mount failed: mount: 
/tmp/guix-build-docker-19.03.7.drv-0/xfs-mountPoint-717635877: mount failed: 
Operation not permitted.


=== FAIL: daemon/graphdriver/quota TestBlockDev (0.38s)
projectquota_test.go:50: 
meta-data=/tmp/guix-build-docker-19.03.7.drv-0/xfs-image973358730 isize=256
agcount=4, agsize=4096 blks
 =   sectsz=512   attr=2, projid32bit=1
 =   crc=0finobt=0, sparse=0, 
rmapbt=0
 =   reflink=0
data =   bsize=4096   blocks=16384, imaxpct=25
 =   sunit=0  swidth=0 blks
naming   =version 2  bsize=4096   ascii-ci=0, ftype=1
log  =internal log   bsize=4096   blocks=853, version=2
 =   sectsz=512   sunit=0 blks, lazy-count=1
realtime =none   extsz=4096   blocks=0, rtextents=0
--

This suggests that there's an issue with permissions. I recalled that
Debian ships a custom kernel patch that disables unprivileged
namespaces by default. However, after setting

kernel.unprivileged_userns_clone = 1

the problem persisted.

I am attaching the full build log.


x1kdy6a8qnigmlp045m81rqhw8dl9w-docker-19.03.7.drv.bz2
Description: Binary data


signature.asc
Description: PGP signature

bug#39930: python-virtualenv produces a broken pip when network is available

[Jakub Kądziołka]

I am encountering a weird error:

| ~/tmp$ guix environment --pure --ad-hoc python python-virtualenv coreutils
| ~/tmp% pip3 --version
| pip 19.0.3 from 
/gnu/store/az4z48nrlyhrpkj2njs6xz3p0mj71wi7-profile/lib/python3.7/site-packages/pip
 (python 3.7)
| ~/tmp% virtualenv venv
| Using base prefix '/gnu/store/608bvypsh90c58apvd2cgg3m9l2pwjqn-python-3.7.4'
| New python executable in /home/kuba/tmp/venv/bin/python
| Installing setuptools, pip, wheel...
| done.
| ~/tmp% . venv/bin/activate
| (venv) ~/tmp% pip3 --version # or any other command
| Traceback (most recent call last):
|   File "/home/kuba/tmp/venv/bin/pip3", line 7, in 
| from pip._internal.cli.main import main
| ModuleNotFoundError: No module named 'pip._internal.cli.main'

Note that unsetting PYTHONPATH helps:

| (venv) ~/tmp% PYTHONPATH= pip3 --version
| pip 20.0.2 from /home/kuba/tmp/venv/lib/python3.7/site-packages/pip (python 
3.7)

Similarily, omitting the python package from the environment also helps:

| ~/tmp$ guix environment --pure --ad-hoc python-virtualenv coreutils
| ~/tmp% virtualenv venv
| Using base prefix '/gnu/store/608bvypsh90c58apvd2cgg3m9l2pwjqn-python-3.7.4'
| New python executable in /home/kuba/tmp/venv/bin/python
| Installing setuptools, pip, wheel...
| done.
| ~/tmp% . venv/bin/activate
| (venv) ~/tmp% pip3 --version
| pip 20.0.2 from /home/kuba/tmp/venv/lib/python3.7/site-packages/pip (python 
3.7)

Interestingly, even with PYTHONPATH set, everything works in a container
started without network access:

| ~/tmp$ guix environment --container --ad-hoc python python-virtualenv 
coreutils
| kuba@gravity ~/tmp [env]$ virtualenv venv
| Using base prefix '/gnu/store/608bvypsh90c58apvd2cgg3m9l2pwjqn-python-3.7.4'
| New python executable in /home/kuba/tmp/venv/bin/python
| Installing setuptools, pip, wheel...
| done.
| kuba@gravity ~/tmp [env]$ . venv/bin/activate
| (venv) kuba@gravity ~/tmp [env]$ pip3 --version
| pip 19.0.3 from 
/gnu/store/az4z48nrlyhrpkj2njs6xz3p0mj71wi7-profile/lib/python3.7/site-packages/pip
 (python 3.7)

My guess as to what's happening: virtualenv tries to use a newer pip
than is provided by Guix. It then generates an entrypoint appropriate
for the pip version it chose and installed into the venv. Unfortunately,
the $PYTHONPATH set by Guix overrides virtualenv's mechanism for
directing Python to venv/lib/python3.7/site-packages. This makes an
entrypoint designed for pip 20.0.2 try to load pip 19.0.3. pip's main
function was relocated between releases, making this problematic.

I am not sure which part of that is wrong here, nor how to go about
fixing it. The problem would disappear temporarily when we merged
core-updates into master, but keeping up with Python's release schedule
doesn't sound feasible.

Note that while virtualenv doesn't change PYTHONPATH, it does unset
PYTHONHOME - maybe that's a more appropriate environment variable to use
for pointing Python to the primary modules directory?

While debugging this, I noticed that the virtualenv we ship is outdated.
I prepared a patchstack, which I will send later today, to update the
version to latest virtualenv. The behavior didn't change, apart from
slightly different output formatting of virtualenv.

Regards,
Jakub Kądziołka


signature.asc
Description: PGP signature

bug#39402: [PATCH] services: xorg: Filter modules based on system

[Jakub Kądziołka]

On Sun, Feb 09, 2020 at 09:31:09PM +, shtwzrd wrote:
> @@ -356,7 +361,7 @@ in @var{config}, are available.  The result should be 
> used in place of
>  #~(apply execl #$X #$X ;; Second #$X is for argv[0].
>   "-logverbose" "-verbose" "-terminate"
>   #$@(xorg-configuration-server-arguments config)
> -  (cdr (command-line
> + (cdr (command-line
>  
>(program-file "startx" exp))
>  
> @@ -477,7 +482,7 @@ desktop session from the system or user profile will be 
> used."
>(auto-login? slim-configuration-auto-login?
> (default #f))
>(default-user slim-configuration-default-user
> -(default ""))
> +(default ""))
>(theme slim-configuration-theme
>   (default %default-slim-theme))
>(theme-name slim-configuration-theme-name
> @@ -870,10 +875,10 @@ the GNOME desktop environment.")
> "Enable=" (if (gdm-configuration-debug? config)
>   "true"
>   "false") "\n"
> -   "\n"
> -   "[security]\n"
> -   "#DisallowTCP=true\n"
> -   "#AllowRemoteAutoLogin=false\n"))
> + "\n"
> + "[security]\n"
> + "#DisallowTCP=true\n"
> + "#AllowRemoteAutoLogin=false\n"))
>  
>  (define (gdm-pam-service config)
>"Return a PAM service for @command{gdm}."
Looks like you reformatted the file by accident. Apart from that, LGTM,
so pushed as 779d96c9b0ee38cbaca9f8577e6cc7f907fb29cb after removing the
formatting mishap.

Thanks for the patch!


signature.asc
Description: PGP signature

bug#25240: Fixed on core-updates

[Jakub Kądziołka]

A patch that fixes this landed on core-updates, see #38873. A follow-up
bug regarding some cleanup is #39415.


signature.asc
Description: PGP signature

bug#39415: [core-updates] Removing SSL patches in CMake and Kodi - help wanted

[Jakub Kądziołka]

In commit a76a343082d61d5303b61a9e4cbde4ab8515a1e7 (currently on
CORE-UPDATES), the patch curl-use-ssl-cert-env.patch was added. This
makes programs linking to curl work with Guix's SSL certificates.
Previously, separate workarounds for each dependent package were
required.

This means that the following patches are, as far as I know, obsolete:
- cmake-curl-certificates.patch
- kodi-set-libcurl-ssl-parameters.patch

However, I don't use neither cmake nor kodi, and as such I don't think I
can sufficiently test that these patches are no longer needed. I would
like to ask somebody more familiar with those packages to verify.

Regards,
Jakub Kądziołka


signature.asc
Description: PGP signature

bug#38884: guix system roll-back doesn't roll setuid-programs back

[Jakub Kądziołka]

Steps to reproduce:

1. Add a setuid program to your config:

(setuid-programs (cons*
   (file-append hello "/bin/hello")
   %setuid-programs))

2. guix system reconfigure
3. Observe that /run/setuid-programs/hello got created
4. Undo the configuration change
5. guix system reconfigure
6. Observe that /run/setuid-programs/hello no longer exists
7. guix system roll-back

Expected behavior:
/run/setuid-programs/hello appears again

Actual behavior:
/run/setuid-programs/hello still doesn't exist

Similarly, when roll-back is supposed to remove a file, it doesn't.

Previously mentioned in https://debbugs.gnu.org/38800.

Regards,
Jakub Kądziołka

bug#38838: 'whatis' doesn't work

[Jakub Kądziołka]

The 'whatis' utility from man-db 2.9.0 doesn't work for me. This
includes both my user profile and 'guix environment's. 'apropos' works,
so the man database is present and working.

$ guix environment --pure --ad-hoc man-db man-pages
[env] $ apropos memcpy
memcpy (3)   - copy memory area
wmemcpy (3)  - copy an array of wide-characters
[env] $ whatis memcpy
memcpy: nothing appropriate.

Regards,
Jakub Kądziołka

bug#22883: Authenticating Git checkouts: step #1

[Jakub Kądziołka]

Hi Guix!

Ludovic Courtès wrote:
> --8<---cut here---start->8---
> If you want to hack Guix itself, it is recommended to use the latest
> version from the Git repository:
> 
>  git clone https://git.savannah.gnu.org/git/guix.git
> 
>How do you ensure that you obtained a genuine copy of the repository?
> Guix itself provides a tool to “authenticate” your checkout, but you
> must first make sure this tool is genuine in order to “bootstrap” the
> trust chain.  To do that, run:
> 
>  git verify-commit `git log --format=%H build-aux/git-authenticate.scm`
> 
>The output must look something like:
> 
>  gpg: Signature made Fri 27 Dec 2019 01:27:41 PM CET
>  gpg:using RSA key 
> 3CE464558A84FDC69DB40CFB090B11993D9AEBB5
>  ...
>  gpg: Signature made Fri 27 Dec 2019 01:25:22 PM CET
>  gpg:using RSA key 
> 3CE464558A84FDC69DB40CFB090B11993D9AEBB5
>  ...
> 
> ...  meaning that changes to this file are all signed with key
> ‘3CE464558A84FDC69DB40CFB090B11993D9AEBB5’ (you may need to fetch this
> key from a key server, if you have not done it yet).
> 
>From there on, you can authenticate all the commits included in your
> checkout by running:
> 
>  make authenticate
> 
>The first run takes a couple of minutes, but subsequent runs are
> faster.
> 
>  Note: You are advised to run ‘make authenticate’ after every ‘git
>  pull’ invocation.  This ensures you keep receiving valid changes to
>  the repository
> --8<---cut here---end--->8---

Sadly, these instructions don't work from a fresh clone. There is only
Makefile.am and no Makefile itself, so you get

$ make authenticate
make: *** No rule to make target 'authenticate'.  Stop.

Moreover, I don't think running 'make authenticate' after 'git pull'
would really work -- after you pulled, git-authenticate could've been
modified, so the verify-commit you did earlier doesn't apply anymore.

There's also the issue of trusting pre-inst-env, which is used to run
the verification. Should that be passed to 'git log --format=%H' next to
git-authenticate.scm? This also applies to any scripts you use to drive
this process, like the Makefile.

Regards,
Kuba

bug#38831: IceCat: some codecs don't work without workaround

[Jakub Kądziołka]

Hello,

I had some problems with video codecs in IceCat 68.3.0-guix0-preview1.
For example, consider this page: http://demo.nimius.net/video_test/. By
default, the videos under the headings H.264 / AAC and MPEG4 don't work
("No video with supported format and MIME type found.").

The following steps make the first of these videos work:
1. Open about:config
2. Click "I accept the risk!"
3. Set security.sandbox.content.read_path_whitelist to /gnu/store/
   (the trailing / is important).

The instructions were originally sketched out in this help-guix
message:
https://lists.gnu.org/archive/html/help-guix/2019-12/msg00150.html

I believe it would be beneficial to make this a default.

On IRC, bandali suggested that it would be better to only whitelist the
necessary store subdirectories. I don't know how to gather such a list,
but it it seems like a good idea.

I don't know how about:config entries modified by the user behave when
IceCat is updated, but in some of the behaviors I can imagine, the
config entry stops updating, in which case it would be better to add
the paths to some internal whitelist (I reckon such a whitelist already
exists and contains something like /usr/lib).

Regards,
Jakub Kądziołka

CC: mhw as suggested by nckx

bug#38800: Non-existent setuid programs make "guix system reconfigure" break mid-generation-switch

[Jakub Kądziołka]

Steps to reproduce:

0. [IMPORTANT] Make sure you will be able to reconfigure your system
   when all setuid binaries stop working (this includes sudo, which
   makes this, IMHO, a serious bug).

   Namely, either make sure you can log in as root, or keep a "sudo -s"
   shell open. The latter is slightly more dangerous in the event of a
   power outage.

   I would also recommend running "guix pull" in this recovery shell, as
   a root login shell will use root's profile, and not your own.
1. Add a non-existant file to your system configuration's
   setuid-programs. For example,

   (setuid-programs (cons*
  #~(string-append #$bash "/bin/enoent")
  %setuid-programs))

2. Reconfigure your system.

   $ sudo guix system reconfigure /etc/config.scm

Actual behavior:

   activating system...
   substitute: updating substitutes from 'https://ci.guix.gnu.org'...  100.0%
   building 
/gnu/store/0ay9wd3wz4x0f5mgmbdfs72w98qvm68z-switch-to-system.scm.drv...
   making '/gnu/store/7vwa2xd378fgwrkgwif7pi6ymshsf2jc-system' the current 
system...
   setting up setuid programs in '/run/setuid-programs'...
   guix system: error: copy-file: No such file or directory: 
"/run/setuid-programs/enoent"
   $ sudoedit /etc/config.scm
   -bash: /run/setuid-programs/sudoedit: No such file or directory
   $ ls -l /run/setuid-programs
   total 0

Expected behavior: the running system is left untouched.
/run/setuid-programs is still populated with the previous generation's
setuid programs. The error message says that the source of the copy-file
doesn't exist, not the destination. (While the latter is technically
correct, it's utterly unhelpful)

3. [OPTIONAL] Run a rollback.

   # guix system roll-back

Expected behavior: /run/setuid-programs gets populated again.
Actual behavior: /run/setuid-programs is still empty.

(Is this a separate bug with roll-back not restoring setuid-programs? No
idea, didn't test)

4. Remove the changes made to the configuration and run reconfigure
   again.

   # guix system reconfigure /etc/config.scm

Expected & actual behavior: system is back in (AFAIK) a well-defined
state.

Regards,
Jakub Kądziołka