[PATCH] scripts: container: Pass through TERM when calling exec
* guix/scripts/container/exec.scm (guix-container-exec): Capture the value of
the TERM environment variable, and pass it through to the container. This
means some applications now work where they did not before (e.g. htop), and
others have more functionality, providing that the terminal was capable of
enabling that functionality in the first place.
---
guix/scripts/container/exec.scm | 15 ++-
1 file changed, 14 insertions(+), 1 deletion(-)
diff --git a/guix/scripts/container/exec.scm b/guix/scripts/container/exec.scm
index 10e70568c..2dd6d802d 100644
--- a/guix/scripts/container/exec.scm
+++ b/guix/scripts/container/exec.scm
@@ -74,7 +74,17 @@ and the other containing arguments for the command to be
executed."
(let* ((opts (parse-command-line args %options '(())
#:argument-handler
handle-argument))
- (pid (assoc-ref opts 'pid)))
+ (pid (assoc-ref opts 'pid))
+ (environment (fold (lambda (name alist)
+ (let ((value (getenv name)))
+(if value
+(cons (cons name value) alist)
+alist)))
+'()
+;; Pass through the TERM environment variable
+;; to inform processes about the capabilities
+;; of the terminal
+'("TERM"
(unless pid
(leave (_ "no pid specified~%")))
@@ -89,6 +99,9 @@ and the other containing arguments for the command to be
executed."
(lambda ()
(match command
((program . program-args)
+ (for-each
+ (match-lambda ((name . value) (setenv name
value)))
+ environment)
(apply execlp program program program-args)))
(unless (zero? result)
(leave (_ "exec failed with status ~d~%") result)))
--
2.11.0
Debugging and source code
Since we allow for debug symbols using :debug (great feature!), can we also add the unpacked source tree to the package by default? Say in ~/.guix-profile/lib/debug/ or some place. Anyone who wants to debug has to fetch that anyway and that raises the problem of what source code to fetch.
Re: GeoIP database redistribution? - Now dealing with very large
files Reply-To: In-Reply-To: <8737g85dkd.fsf@kirby.i-did-not-set--mail-host-address--so-tickle-me> On Tue, Jan 24, 2017 at 10:54:26PM +0100, Marius Bakke wrote: > Just to note, I don't think Pjotr was referring to this particular > package (geolite database). I just checked, and the City DB is 19.8MiB > compressed and 104.1 MiB uncompressed. The Country DB is ~2MiB and the > IPv6 databases are tiny. Yes, sorry for being inaccurate. We would like to fetch large files as part of a pipeline setup. Ideally a simple work flow can be a package built on a local host - it should not go on the main build farm - but, at this point, Guix does not allow using files from 'outside' the build setup - which means we have to pull them in before build. It may be interesting to have access to external data files during build time. Something to discuss at FOSDEM. Pj. --
Re: gnu: Add syncthing.
On Fri, Dec 16, 2016 at 01:48:57PM +0100, Petter wrote: > On 2016-12-16 02:52, Leo Famulari wrote: > > On Thu, Dec 15, 2016 at 10:06:59PM +0100, Petter wrote: > > > +(arguments > > > + `(#:import-path "github.com/syncthing/syncthing" > > > > What do you think about having the go-build-system try to automatically > > generate the import-path based on the source URL, with the option for > > the packager to set it manually, as shown here? > > > > For many of the packages in this patch (which will eventually be split > > into one package per patch ;) ), that auto-generated import-path > > could be correct. > > > > I think that an (arguments) field indicates that the package's build > > scripts have deviated from the standard. If a Guix build system requires > > all of its packages to do something in (arguments), the build system > > should be extended :) > > This is my goal, and I tried to accomplish this initially, because as > you can see for git checkouts most of the time import-path is url > minus scheme://. But I was unable to retrieve the url in the build > phases. So I did it like this instead, to get something that worked; > also something like #:import-path is required where import-path can't > be derived from the url. > > I would need concrete help with this, that is getting the url and > perhaps what (method) was used. Does anyone have any advice here? The issue is that the Go build tools typically want the source code to be unpacked in a directory structure based on the URL of the Git repo. We can set it "by hand" in the package definition, which is what the current go-build-system patches do, but it would be great to have a default that worked most of the time.
Re: IcedTea 1 / OpenJDK 6 discontinued
On Tue, Jan 24, 2017 at 10:07:28PM -0500, Kei Kebreau wrote: > I agree with Marius's option 5. I don't see an immediate reason to > remove it, and we can build icedtea-7 using gcj. I actually hadn't noticed that icedtea-7 builds with icedtea-6. I thought it simply inherited from the package definition. I don't think we should remove it in that case. And GCJ has been removed from GCC AFAIK. signature.asc Description: PGP signature
Re: IcedTea 1 / OpenJDK 6 discontinued
Marius Bakke writes: > Hi Leo, > > Leo Famulari writes: > >> Time marches on and IcedTea 1, which provides OpenJDK 6, is approaching >> the end of its life: >> >> http://blog.fuseyism.com/index.php/2017/01/11/discontinuation-of-support-for-icedtea-1-x/ >> >> There will be one more release in the series, 1.14.0. >> >> Thankfully, we have zero packages that depend on it, except for >> icedtea-7, which inherits from it. > > Thanks for the heads-up. > >> What does everyone think we should do? I see 4 options: >> >> 1) Distributions like ours will have to support it ourselves. That means >> fixing bugs, including security issues. This would probably be a >> cross-distro effort. >> >> 2) We will continue to package it, but not try to support it. The >> package will be stuck in time, and we should mark it as deprecated >> somehow, at least with a comment in the package description. >> >> 3) We Will remove the package and adjust our icedtea-7 package to no >> longer inherit from icedtea-6. >> >> 4) Something else... > > 5) 2+3: Carry icedtea@6 until we have a reason to remove it (e.g. > security problems), but make sure it can go on short notice (no > inheritance). I agree with Marius's option 5. I don't see an immediate reason to remove it, and we can build icedtea-7 using gcj. signature.asc Description: PGP signature
Re: gnu: gnutls: Add gnutls-3.5.5 and gnutls-with-guile-next.
Ludovic Courtès writes: > Hello! > > Christopher Allan Webber skribis: > >> Hello! I was talking in #guile and realized that even though guile-next >> now includes glorious https support via gnutls, few have tried it or >> know how to use it. >> >> It turns out you need a specially packaged version of gnutls! Or, >> specially packaged until `guile-next' becomes just `guile'. >> >> Here's a patch that will give you that package. You can give it a shot >> like so: >> >> $ guix environment --ad-hoc guile-next gnutls-with-guile-next --pure > > Good idea! I ended up pushing a slightly different patch, calling the > package ‘guile2.2-gnutls’ to match what ‘package-for-guile-2.2’ does: > > > http://git.savannah.gnu.org/cgit/guix.git/commit/?id=079f013be2a3601518a67d65f4e39f7fabddb053 > > Let me know if anything’s wrong! Yay! Thanks for the push. I'll test shortly. >> Have fun hacking with https support, > > BTW, it would be nice :-) to port this to Guile as well: > > > http://git.savannah.gnu.org/cgit/guix.git/commit/?id=bc3c41ce36349ed4ec758c70b48a7059e363043a > > http://git.savannah.gnu.org/cgit/guix.git/commit/?id=580deec5b44d623e994e59ef07e9e0c5496762fd > > Anyway, thanks for the heads-up! > > Ludo’. Oh, those look important. I've made a TODO item and I'll try to get to them soon, but who knows if I will...
Re: A postinst equivalent in Guix?
Ludovic Courtès writes:
> Georgi Kirilov skribis:
>
>> On Sat, Jan 21, 2017 at 04:34:55PM +0100, Ludovic Courtès wrote:
>>
>>>To make things more concrete, we could discuss specific packages you are
>>>interested in and see how we could provide them in Guix{,SD}.
>>
>> The package is the old bsd-games bundle. Some of the games need to
>> write score files under /var/lib/bsdgames/
>> You can find attached my patch so far.
>
> The patch looks good to me!
>
> As for /var/lib/bsdgames, then it’s up to the admin to set the right
> permissions on it. We can ensure that it exists and has the right
> permissions on GuixSD, but on foreign distros, there’s nothing we can
> do.
>
> We could also modify bsd-games such that it falls back to
> ~/.local/bsdgames when /var/lib/bsdgames isn’t accessible (and it would
> be worth submitting upstream). ISTR this was discussed for one of the
> games present in Guix.
>
> WDYT?
>
> Ludo’.
I'm a bit wary about GuixSD packages declaring being able to write to
/var/ anything by default. What would the permissions be? I guess if
it were world-writable to all "users" group users it would be okayish.
Note that KoboDeluxe includes a patch snarfed from Debian that comments
out the ability to save score files for this same reason, and it was
marked in Debian as a security patch IIRC...
Re: [PATCH 0/1] Help wanted fixing a ruby-minitar bug
Hi Leo, On 25/01/17 07:40, Ludovic Courtès wrote: Leo Famulari skribis: I tried using this patch to fix a bug in ruby-minitar, but the build fails as shown below. Any ideas? $ ./pre-inst-env guix build ruby-minitar The following derivations will be built: /gnu/store/naprvm320mvzlhv4ciax0436qqm3r8zj-ruby-minitar-0.5.4.drv /gnu/store/vz70g01wln7aflljz65yf425pppcgpjd-minitar-0.5.4.tar.xz.drv @ build-started /gnu/store/vz70g01wln7aflljz65yf425pppcgpjd-minitar-0.5.4.tar.xz.drv - x86_64-linux /var/log/guix/drvs/vz//70g01wln7aflljz65yf425pppcgpjd-minitar-0.5.4.tar.xz.drv.bz2 data.tar.gz metadata.gz source is under 'data.tar.gz' [...] ?: 0 [chdir "data.tar.gz"] This is apparently a “tarbomb”: it unpacks more than one file in $PWD. The ‘first-subdirectory’ procedure in gnu-build-system.scm is a bit stupid and takes the first file in $PWD as the directory to cd to. Well, it is unpacking a .gem file rather than a tar.gz, and patching rubygem sources has never worked. It might be worth fixing this in general, or perhaps packaging minitar from GitHub rather than rubygems. As usual, thanks for keeping on top of all this. ben
[PATCH] services: Fix 'mkdir-p' in activation scripts.
* gnu/services/cups.scm (%cups-activation): Import (guix build utils). * gnu/services/mail.scm (opensmtpd-activation): Idem. * gnu/services/networking.scm (ntp-service-activation): Idem. * gnu/services/spice.scm (spice-vdagent-activation): Idem. * gnu/services/ssh.scm (openssh-activation): Idem. (dropbear-activation): Idem. * gnu/services/vpn.scm (%openvpn-activation): Idem. --- gnu/services/cups.scm | 2 ++ gnu/services/mail.scm | 2 ++ gnu/services/networking.scm | 2 ++ gnu/services/spice.scm | 5 - gnu/services/ssh.scm| 3 +++ gnu/services/vpn.scm| 5 - 6 files changed, 17 insertions(+), 2 deletions(-) diff --git a/gnu/services/cups.scm b/gnu/services/cups.scm index df1843e43..70b858479 100644 --- a/gnu/services/cups.scm +++ b/gnu/services/cups.scm @@ -1,5 +1,6 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2016 Andy Wingo +;;; Copyright © 2017 Clément Lassieur ;;; ;;; This file is part of GNU Guix. ;;; @@ -811,6 +812,7 @@ IPP specifications.") ;; Activation gexp. (with-imported-modules '((guix build utils)) #~(begin +(use-modules (guix build utils)) (define (mkdir-p/perms directory owner perms) (mkdir-p directory) (chown "/var/run/cups" (passwd:uid owner) (passwd:gid owner)) diff --git a/gnu/services/mail.scm b/gnu/services/mail.scm index c1381405d..30b1672d3 100644 --- a/gnu/services/mail.scm +++ b/gnu/services/mail.scm @@ -1,5 +1,6 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2015 Andy Wingo +;;; Copyright © 2017 Clément Lassieur ;;; ;;; This file is part of GNU Guix. ;;; @@ -1601,6 +1602,7 @@ accept from local for any relay (($ package config-file) (let ((smtpd (file-append package "/sbin/smtpd"))) #~(begin + (use-modules (guix build utils)) ;; Create mbox and spool directories. (mkdir-p "/var/mail") (mkdir-p "/var/spool/smtpd") diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm index 8f136f0dc..f7412ff29 100644 --- a/gnu/services/networking.scm +++ b/gnu/services/networking.scm @@ -3,6 +3,7 @@ ;;; Copyright © 2015 Mark H Weaver ;;; Copyright © 2016 Efraim Flashner ;;; Copyright © 2016 John Darrington +;;; Copyright © 2017 Clément Lassieur ;;; ;;; This file is part of GNU Guix. ;;; @@ -332,6 +333,7 @@ restrict -6 ::1\n")) "Return the activation gexp for CONFIG." (with-imported-modules '((guix build utils)) #~(begin +(use-modules (guix build utils)) (define %user (getpw "ntpd")) diff --git a/gnu/services/spice.scm b/gnu/services/spice.scm index bd0a53834..2f9dfd57a 100644 --- a/gnu/services/spice.scm +++ b/gnu/services/spice.scm @@ -1,5 +1,6 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2016 David Craven +;;; Copyright © 2017 Clément Lassieur ;;; ;;; This file is part of GNU Guix. ;;; @@ -35,7 +36,9 @@ (define (spice-vdagent-activation config) "Return the activation gexp for CONFIG." - #~(mkdir-p "/var/run/spice-vdagentd")) + #~(begin + (use-modules (guix build utils)) + (mkdir-p "/var/run/spice-vdagentd"))) (define (spice-vdagent-shepherd-service config) "Return a for spice-vdagentd with CONFIG." diff --git a/gnu/services/ssh.scm b/gnu/services/ssh.scm index 6da612da6..58c35c9f5 100644 --- a/gnu/services/ssh.scm +++ b/gnu/services/ssh.scm @@ -2,6 +2,7 @@ ;;; Copyright © 2014, 2015, 2016 Ludovic Courtès ;;; Copyright © 2016 David Craven ;;; Copyright © 2016 Julien Lepiller +;;; Copyright © 2017 Clément Lassieur ;;; ;;; This file is part of GNU Guix. ;;; @@ -292,6 +293,7 @@ The other options should be self-descriptive." (define (openssh-activation config) "Return the activation GEXP for CONFIG." #~(begin + (use-modules (guix build utils)) (mkdir-p "/etc/ssh") (mkdir-p (dirname #$(openssh-configuration-pid-file config))) @@ -388,6 +390,7 @@ The other options should be self-descriptive." (define (dropbear-activation config) "Return the activation gexp for CONFIG." #~(begin + (use-modules (guix build utils)) (mkdir-p "/etc/dropbear"))) (define (dropbear-shepherd-service config) diff --git a/gnu/services/vpn.scm b/gnu/services/vpn.scm index f577e0851..844a11b3d 100644 --- a/gnu/services/vpn.scm +++ b/gnu/services/vpn.scm @@ -1,5 +1,6 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2017 Julien Lepiller +;;; Copyright © 2017 Clément Lassieur ;;; ;;; This file is part of GNU Guix. ;;; @@ -444,7 +445,9 @@ is trunkated and rewritten every minute.") (shell (file-append shadow "/sbin/nologin") (define %openvpn-activation - #~(mkdir-p "/var/run/openvpn")) + #~(begin + (use-modules (guix build utils)) + (mkdir-p "/var/run/openvpn"))) (define openvpn-server-service-type (service-type (name 'openvpn-server) -- 2.11.0
Re: [PATCH] services: Fix 'mkdir-p' in activation scripts.
Hi Ludovic, > Apart from that the patch LGTM. Could you send an updated version just > without these two things? Thanks for the review! Sure, here is the updated patch. Clément
Re: Hardening (was: Re: tor: update to 0.2.9.9)
ng0 writes: > Leo Famulari writes: > >> On Tue, Jan 24, 2017 at 09:18:55PM +, ng0 wrote: >>> ng0 writes: >>> > Leo Famulari writes: >>> >>> It would be great to see some movement on this during this >>> >>> year. I volunteer to help with it, though I don't have as much >>> >>> experience with SELinux (and only basic experience with >>> >>> GrSecurity without a modular kernel like GuixSD uses). >>> >> >>> >> Yes, this effort needs a champion. >>> >>> No, I would say this needs an effort of more than one person. At >>> best a team of people who either are willing to learn about >>> system hardening or already know enough, maybe even a combination >>> of both to share knowledge :) >> >> Sure, the more people the better. But so far, not a single person has >> begun working on it, so I'd be happy with just one. > > I feel confident enough to do it, but I also know that I am > overloaded with packages and services I work on. > > For starters, I think we could have an "hardened-wip" branch on > savannah (I can't commit anyway directly) and that we can target > SELinux for now, look at Hardened-gentoo and other systems how > they solve issues. Afterwards we need to address the toolchain > level, which to our advantage can be an make and break by hydra > and everyone who wants to contribute to fixing issues can run > their system from the hardening-toolchain-wip branch to > contribute to fixing all the breaking applications. > > Then we need to discuss wether we want to provide this by default > (my choice) OR if we want to offer a branch-choice model. > Supporting both vanilla and hardened might take some more burden > on fixing issues, that's why I'm all for forming a team of people > who work on this, and when they no longer want to, other people > join the rest of the old team, etc. > > Right now I'm trying to get uclib-ng done for a while, and when > this is added, we could at some point handle more than one > toolchain (and hardened), where it gets complicated. Actually, the statement about more libcs (musl, glibc, uclibc) making it all more complicated isn't true. In 99% of cases uclibc-ng just works as good as glibc and musl is the one odd bird you have to patch applications for sometimes, but even there enough work has already been done by other systems. -- ♥Ⓐ ng0 -- https://www.inventati.org/patternsinthechaos/
Re: [PATCH] update haunt to 0.2.1
Catonano skribis:
> From 015719506600bcb674b1d47398af27c2b4f32d18 Mon Sep 17 00:00:00 2001
> From: humanitiesNerd
> Date: Tue, 24 Jan 2017 14:55:12 +0100
> Subject: [PATCH] gnu: haunt: Update to 0.2.1
>
> * gnu/packages/guile.scm (haunt): Update to 0.2.1.
Applied, thanks. :-)
> (propagated-inputs
> - `(("guile-reader" ,guile-reader)))
> + `(("guile-reader" ,guile-reader)
> + ("guile-commonmark" ,guile-commonmark)))
We could (should?) avoid this by augmenting the ‘wrap-haunt’ phase.
Thoughts?
Ludo’.
Re: IcedTea 1 / OpenJDK 6 discontinued
Hi Leo, Leo Famulari writes: > Time marches on and IcedTea 1, which provides OpenJDK 6, is approaching > the end of its life: > > http://blog.fuseyism.com/index.php/2017/01/11/discontinuation-of-support-for-icedtea-1-x/ > > There will be one more release in the series, 1.14.0. > > Thankfully, we have zero packages that depend on it, except for > icedtea-7, which inherits from it. Thanks for the heads-up. > What does everyone think we should do? I see 4 options: > > 1) Distributions like ours will have to support it ourselves. That means > fixing bugs, including security issues. This would probably be a > cross-distro effort. > > 2) We will continue to package it, but not try to support it. The > package will be stuck in time, and we should mark it as deprecated > somehow, at least with a comment in the package description. > > 3) We Will remove the package and adjust our icedtea-7 package to no > longer inherit from icedtea-6. > > 4) Something else... 5) 2+3: Carry icedtea@6 until we have a reason to remove it (e.g. security problems), but make sure it can go on short notice (no inheritance). signature.asc Description: PGP signature
Re: Hardening (was: Re: tor: update to 0.2.9.9)
Leo Famulari writes: > On Tue, Jan 24, 2017 at 09:18:55PM +, ng0 wrote: >> ng0 writes: >> > Leo Famulari writes: >> >>> It would be great to see some movement on this during this >> >>> year. I volunteer to help with it, though I don't have as much >> >>> experience with SELinux (and only basic experience with >> >>> GrSecurity without a modular kernel like GuixSD uses). >> >> >> >> Yes, this effort needs a champion. >> >> No, I would say this needs an effort of more than one person. At >> best a team of people who either are willing to learn about >> system hardening or already know enough, maybe even a combination >> of both to share knowledge :) > > Sure, the more people the better. But so far, not a single person has > begun working on it, so I'd be happy with just one. I feel confident enough to do it, but I also know that I am overloaded with packages and services I work on. For starters, I think we could have an "hardened-wip" branch on savannah (I can't commit anyway directly) and that we can target SELinux for now, look at Hardened-gentoo and other systems how they solve issues. Afterwards we need to address the toolchain level, which to our advantage can be an make and break by hydra and everyone who wants to contribute to fixing issues can run their system from the hardening-toolchain-wip branch to contribute to fixing all the breaking applications. Then we need to discuss wether we want to provide this by default (my choice) OR if we want to offer a branch-choice model. Supporting both vanilla and hardened might take some more burden on fixing issues, that's why I'm all for forming a team of people who work on this, and when they no longer want to, other people join the rest of the old team, etc. Right now I'm trying to get uclib-ng done for a while, and when this is added, we could at some point handle more than one toolchain (and hardened), where it gets complicated. -- ♥Ⓐ ng0 -- https://www.inventati.org/patternsinthechaos/
Re: GeoIP database redistribution?
Ludovic Courtès writes: > Pjotr Prins skribis: > >> On Mon, Jan 23, 2017 at 07:17:12PM +0100, Marius Bakke wrote: >>> ng0 writes: >>> >>> > I want to slowly package OONI (https://ooni.torproject.org/). >>> > One of its dependencies, txtorcon, requires python-geoip which >>> > depends on geoip-c-api. I've got both covered, but both of them >>> > want (either to download or to be present) for tests (a/the) >>> > legacy database file of maxmind. >>> > >>> > Question 1: Can we distribute the database in a source? I can't >>> > access the homepage of maxmind for cloudflare reasons. >>> >>> The database is distributed freely under cc-by-sa4.0: >>> >>> https://dev.maxmind.com/geoip/legacy/geolite/#License >>> >>> So packaging it should be fine. :) >> >> This actually raises the issue of packaging large data files (we are >> getting into TB's). Could there be a way Guix fetches external >> datasets as part of the distribution? I think that if it is not >> executable code and SHA values/pfff values match it would be safe to >> do. > > If we do add something this big, we’ll have to make sure it’s not > substitutable and does not ever land on the build machines. Just to note, I don't think Pjotr was referring to this particular package (geolite database). I just checked, and the City DB is 19.8MiB compressed and 104.1 MiB uncompressed. The Country DB is ~2MiB and the IPv6 databases are tiny. signature.asc Description: PGP signature
Re: [PATCH] gnu: r: Add which to propagated-inputs.
Hi Ludo,
On Tue, Jan 24, 2017 at 10:04 PM Ludovic Courtès wrote:
Hi,
Raoul Bonnal skribis:
> From: Raoul Jean Pierre Bonnal
>
> * gnu/packages/statistics.scm (r)[propagated-inputs]: Add which.
> ---
>
> Notes:
> In my local installation of R
>
> Sys.which(c("bash"))
>
> was not working properly, inspecting the function(below) I had not
installed which beforehand.
> > Sys.which
> function (names)
> {
> res <- character(length(names))
> names(res) <- names
> which <-
"/gnu/store/cn670s29lsf2nr5axd8gmhl8sb9qpyiq-which-2.21/bin/which"
This function contains the absolute file name of ‘which’, so everything
should work?
That is what I expected. The R function was not working till I explicitly
installed the package 'which', maybe it was something strange on my side.
Doing this (modifying the code to refer to external commands by absolute
file names) is preferable over propagating inputs, because it avoids
clobbering user profiles.
Thanks.
Ra
Re: [PATCH 1/1] gnu: ruby-minitar: Fix an arbitrary file overwrite bug.
Leo Famulari skribis: > * gnu/packages/patches/minitar-fix-arbitrary-file-overwrite.patch: New file. > * gnu/local.mk (dist_patch_DATA): Add it. > * gnu/packages/ruby.scm (ruby-minitar)[source]: Use it. Maybe exclude the History.md changes from the patch, but otherwise LGTM. Thank you! Ludo’.
Re: [GuixSD on GCE]: Anyone working on this?
I tried creating an image but it complains about the not able to install grub on blocklist.. I am not highly familiar with lower level details related to bootup of system. I really need to debug that. Any good reference to get practical knowledge about grub, init, ramdisk etc? Not all these are required to get the above mentioned issue resolved but these once in a while do trouble me. -Rohit On Tue, Jan 24, 2017 at 12:57 PM, Leo Famulari wrote: > On Mon, Jan 23, 2017 at 05:17:16PM -0600, rohit yadav wrote: > > Sorry for incomplete info. > > > > GCE - Google Compute Engine (Platform). > > > > I want to run guixsd on google compute engine. > > I haven't heard of anybody working on this. But it sounds useful! >
Re: [PATCH 0/1] Help wanted fixing a ruby-minitar bug
Leo Famulari skribis: > I tried using this patch to fix a bug in ruby-minitar, but the build > fails as shown below. Any ideas? > > $ ./pre-inst-env guix build ruby-minitar > The following derivations will be built: >/gnu/store/naprvm320mvzlhv4ciax0436qqm3r8zj-ruby-minitar-0.5.4.drv >/gnu/store/vz70g01wln7aflljz65yf425pppcgpjd-minitar-0.5.4.tar.xz.drv > @ build-started > /gnu/store/vz70g01wln7aflljz65yf425pppcgpjd-minitar-0.5.4.tar.xz.drv - > x86_64-linux > /var/log/guix/drvs/vz//70g01wln7aflljz65yf425pppcgpjd-minitar-0.5.4.tar.xz.drv.bz2 > data.tar.gz > metadata.gz > source is under 'data.tar.gz' [...] >?: 0 [chdir "data.tar.gz"] This is apparently a “tarbomb”: it unpacks more than one file in $PWD. The ‘first-subdirectory’ procedure in gnu-build-system.scm is a bit stupid and takes the first file in $PWD as the directory to cd to. To work around that, use ‘url-fetch/tarbomb’. HTH! Ludo’.
Re: [PATCH 2/2] gnu: Add hyperestraier.
Thomas Danckaert skribis: > * gnu/packages/search.scm (hyperestraier): New variable. Applied, thanks!
Re: [PATCH 1/2] gnu: Add qdbm.
Thomas Danckaert skribis: > * gnu/packages/databases.scm (qdbm): New variable. Applied, thanks!
Re: Hardening (was: Re: tor: update to 0.2.9.9)
On Tue, Jan 24, 2017 at 09:18:55PM +, ng0 wrote: > ng0 writes: > > Leo Famulari writes: > >>> It would be great to see some movement on this during this > >>> year. I volunteer to help with it, though I don't have as much > >>> experience with SELinux (and only basic experience with > >>> GrSecurity without a modular kernel like GuixSD uses). > >> > >> Yes, this effort needs a champion. > > No, I would say this needs an effort of more than one person. At > best a team of people who either are willing to learn about > system hardening or already know enough, maybe even a combination > of both to share knowledge :) Sure, the more people the better. But so far, not a single person has begun working on it, so I'd be happy with just one.
Re: [PATCH 6/6] gnu: Add neovim.
Ricardo Wurmus skribis:
> * gnu/packages/vim.scm (neovim): New variable.
[...]
> + (modify-phases %standard-phases
> + (add-after 'unpack 'set-lua-paths
> + (lambda* (#:key inputs #:allow-other-keys)
Maybe add a comment/link about the placeholder thing.
> +(inputs
> + `(("libuv" ,libuv)
> + ("gettext" ,gettext-minimal)
> + ("gperf" ,gperf)
I’d expect gettext and gperf to be native inputs instead?
Otherwise LGTM, thanks!
Ludo’.
Re: GeoIP database redistribution?
Pjotr Prins skribis: > On Mon, Jan 23, 2017 at 07:17:12PM +0100, Marius Bakke wrote: >> ng0 writes: >> >> > I want to slowly package OONI (https://ooni.torproject.org/). >> > One of its dependencies, txtorcon, requires python-geoip which >> > depends on geoip-c-api. I've got both covered, but both of them >> > want (either to download or to be present) for tests (a/the) >> > legacy database file of maxmind. >> > >> > Question 1: Can we distribute the database in a source? I can't >> > access the homepage of maxmind for cloudflare reasons. >> >> The database is distributed freely under cc-by-sa4.0: >> >> https://dev.maxmind.com/geoip/legacy/geolite/#License >> >> So packaging it should be fine. :) > > This actually raises the issue of packaging large data files (we are > getting into TB's). Could there be a way Guix fetches external > datasets as part of the distribution? I think that if it is not > executable code and SHA values/pfff values match it would be safe to > do. If we do add something this big, we’ll have to make sure it’s not substitutable and does not ever land on the build machines. Ludo’.
Re: GeoIP database redistribution?
Efraim Flashner skribis: > On Tue, Jan 24, 2017 at 06:06:21AM +, Pjotr Prins wrote: >> On Mon, Jan 23, 2017 at 07:17:12PM +0100, Marius Bakke wrote: >> > ng0 writes: >> > >> > > I want to slowly package OONI (https://ooni.torproject.org/). >> > > One of its dependencies, txtorcon, requires python-geoip which >> > > depends on geoip-c-api. I've got both covered, but both of them >> > > want (either to download or to be present) for tests (a/the) >> > > legacy database file of maxmind. >> > > >> > > Question 1: Can we distribute the database in a source? I can't >> > > access the homepage of maxmind for cloudflare reasons. >> > >> > The database is distributed freely under cc-by-sa4.0: >> > >> > https://dev.maxmind.com/geoip/legacy/geolite/#License >> > >> > So packaging it should be fine. :) >> >> This actually raises the issue of packaging large data files (we are >> getting into TB's). Could there be a way Guix fetches external >> datasets as part of the distribution? I think that if it is not >> executable code and SHA values/pfff values match it would be safe to >> do. >> > > The other thing is that guix downloads the files into ram and then > writes them into the store, which can be a problem if the source is > larger than the available memory. It’s only if the file is added via the ‘add-to-store’ RPC, and not via ‘import-path’ or a substitute: https://bugs.gnu.org/23666 But yes, that can be a problem. Ludo’.
Re: [PATCH] services: Fix 'mkdir-p' in activation scripts.
Clément Lassieur skribis: > * gnu/services/cuirass.scm (cuirass-activation): Import (guix build utils) and > remove (with-imported-modules '((guix build utils))). > * gnu/services/cups.scm (%cups-activation): Idem. > * gnu/services/networking.scm (ntp-service-activation): Idem. > > * gnu/services/mail.scm (opensmtpd-activation): Import (guix build utils). > * gnu/services/spice.scm (spice-vdagent-activation): Idem. > * gnu/services/ssh.scm (openssh-activation): Idem. > (dropbear-activation): Idem. > * gnu/services/vpn.scm (%openvpn-activation): Idem. Good catch! > (db(dirname (cuirass-configuration-database config))) > (user (cuirass-configuration-user config)) > (group (cuirass-configuration-group config))) > -(with-imported-modules '((guix build utils)) > - #~(begin > - (use-modules (guix build utils)) > +#~(begin > +(use-modules (guix build utils)) > +(mkdir-p #$cache) > +(mkdir-p #$db) The ‘with-imported-modules’ form should be preserved: it ensures that (guix build utils) is present in the build and/or execution environment. It’s the other places, those that lack it, that should be fixed. That should go into a different patch though, and there’s no rush since those gexps are actually used in a context where (guix build utils) happens to be available anyway. > (define %cups-activation >;; Activation gexp. > - (with-imported-modules '((guix build utils)) > -#~(begin Same here. Apart from that the patch LGTM. Could you send an updated version just without these two things? Thank you! Ludo’.
Re: Hardening (was: Re: tor: update to 0.2.9.9)
ng0 writes: > Leo Famulari writes: > >> On Tue, Jan 24, 2017 at 08:56:48PM +, ng0 wrote: >>> Leo Famulari writes: >>> > Should we build Tor with "--enable-expensive-hardening"? >>> >>> I will take a look later what can be applied other than the >>> default configure flags. >>> >>> I'm all for hardening, but it seems that the first basic ideas >>> for Guix are stuck in the idea state. >> >> As far as I can tell, --enable-expensive-hardening is specific to Tor, >> so it's not relevant to the project of hardening all Guix packages. > > Yes. > > I'm building this change right now: > > +(arguments > + `(#:configure-flags (list "--enable-expensive-hardening" > + "--enable-gcc-hardening" > + "--enable-linker-hardening"))) > > Taken from Gentoo, I trust their hardening project to debug and > discover good usage. > >>> It would be great to see some movement on this during this >>> year. I volunteer to help with it, though I don't have as much >>> experience with SELinux (and only basic experience with >>> GrSecurity without a modular kernel like GuixSD uses). >> >> Yes, this effort needs a champion. No, I would say this needs an effort of more than one person. At best a team of people who either are willing to learn about system hardening or already know enough, maybe even a combination of both to share knowledge :) -- ♥Ⓐ ng0 -- https://www.inventati.org/patternsinthechaos/
Re: [PATCH 0/1] OpenJPEG CVE-2016-9572 CVE-2016-9573
Leo Famulari skribis: > This patch fixes CVE-2016-9572 and CVE-2016-9573 in OpenJPEG. > > Notice that the patch is not from the official OpenJPEG repository. I've > asked for clarification here: > > https://github.com/uclouvain/openjpeg/issues/863#issuecomment-274271277 > > Debian has applied it to their openjpeg2 2.1.0-2+deb8u2 package (sorry, > I can't find a link to their package code; download the tarball and > inspect it manually): > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851422 > https://tracker.debian.org/pkg/openjpeg2 [...] > * gnu/packages/patches/openjpeg-CVE-2016-9572-CVE-2016-9573.patch: New file. > * gnu/local.mk (dist_patch_DATA): Add it. > * gnu/packages/image.scm (openjpeg-2.1.2)[source]: Use it. Looks reasonable to me. Thank you! Ludo’.
Re: [PATCH python-tests] gnu: python-2.7: Enable UCS-4 Unicode encoding.
Hi Danny, Danny Milosavljevic skribis: >> > Otherwise LGTM. I checked some other distros and they seem to have >> > this enabled. Thanks! >> That means that strings are internally UCS-4-encoded, right? >> What’s the rationale, and what happens when this flag is omitted? > > The CPython C interface changes depending on the flag and some Python > extensions don't work with the narrow UTF-16 Unicode - which is what > it would use if you don't specify. > > The default, UTF-16, is basically just historical baggage from when > Unicode had fewer than 65536 codepoints in the standard. [...] Thanks for the explanation, it makes a lot of sense! Ludo’.
Re: Hardening (was: Re: tor: update to 0.2.9.9)
Leo Famulari writes: > On Tue, Jan 24, 2017 at 08:56:48PM +, ng0 wrote: >> Leo Famulari writes: >> > Should we build Tor with "--enable-expensive-hardening"? >> >> I will take a look later what can be applied other than the >> default configure flags. >> >> I'm all for hardening, but it seems that the first basic ideas >> for Guix are stuck in the idea state. > > As far as I can tell, --enable-expensive-hardening is specific to Tor, > so it's not relevant to the project of hardening all Guix packages. Yes. I'm building this change right now: +(arguments + `(#:configure-flags (list "--enable-expensive-hardening" + "--enable-gcc-hardening" + "--enable-linker-hardening"))) Taken from Gentoo, I trust their hardening project to debug and discover good usage. >> It would be great to see some movement on this during this >> year. I volunteer to help with it, though I don't have as much >> experience with SELinux (and only basic experience with >> GrSecurity without a modular kernel like GuixSD uses). > > Yes, this effort needs a champion. -- ♥Ⓐ ng0 -- https://www.inventati.org/patternsinthechaos/
Re: [PATCH] update haunt to 0.2.1
On Tue, Jan 24, 2017 at 09:49:34PM +0100, Catonano wrote: > Leo, > > 2017-01-24 15:11 GMT+01:00 Catonano : > > > Hello guixers, > > > > the attached patch updates Haunt to the recently released version 0.2.1 > > > > Would you mind to take care of this one too ? This is even simpler than > Wiredtiger I didn't address this package because I don't know enough about it, and the upstream developer is a Guix contributor.
Re: [PATCH] gnu: claws-mail: Enable compface.
Danny Milosavljevic skribis: > * gnu/packages/mail.scm (claws-mail)[inputs]: Add compface. > [arguments]: Enable compface. LGTM, thanks! Ludo'.
Re: [PATCH] gnu: exempi: Enable more tests.
Danny Milosavljevic skribis: > * gnu/packages/freedesktop.scm (exempi)[native-inputs]: Add valgrind. LGTM, thanks!
Re: [Installing Grub on blocklist]: Failing to create bootable disk on GCE
Hi, rohit yadav skribis: > I am trying to create bootable image on GCE using guix. It leads to following > error. > > > Installing for i386-pc platform. > grub-install: warning: File system `ext2' doesn't support embedding. > grub-install: warning: Embedding is not possible. GRUB can only be installed > in this setup by using blocklists. However, blocklists are UNRELIABLE and > their use is discouraged.. > grub-install: error: will not proceed with blocklists. > guix system: error: failed to install GRUB on device > '/dev/disk/by-id/google-rowhit-guixsd-template-00' > == It seems you’re installing GRUB to a file system (“embedding”) instead of installing it to the MBR. Is it intended? Ludo’.
Re: [PATCH] gnu: r: Add which to propagated-inputs.
Hi,
Raoul Bonnal skribis:
> From: Raoul Jean Pierre Bonnal
>
> * gnu/packages/statistics.scm (r)[propagated-inputs]: Add which.
> ---
>
> Notes:
> In my local installation of R
>
> Sys.which(c("bash"))
>
> was not working properly, inspecting the function(below) I had not
> installed which beforehand.
> > Sys.which
> function (names)
> {
> res <- character(length(names))
> names(res) <- names
> which <-
> "/gnu/store/cn670s29lsf2nr5axd8gmhl8sb9qpyiq-which-2.21/bin/which"
This function contains the absolute file name of ‘which’, so everything
should work?
Doing this (modifying the code to refer to external commands by absolute
file names) is preferable over propagating inputs, because it avoids
clobbering user profiles.
Thanks,
Ludo’.
Re: Hardening (was: Re: tor: update to 0.2.9.9)
On Tue, Jan 24, 2017 at 08:56:48PM +, ng0 wrote: > Leo Famulari writes: > > Should we build Tor with "--enable-expensive-hardening"? > > I will take a look later what can be applied other than the > default configure flags. > > I'm all for hardening, but it seems that the first basic ideas > for Guix are stuck in the idea state. As far as I can tell, --enable-expensive-hardening is specific to Tor, so it's not relevant to the project of hardening all Guix packages. > It would be great to see some movement on this during this > year. I volunteer to help with it, though I don't have as much > experience with SELinux (and only basic experience with > GrSecurity without a modular kernel like GuixSD uses). Yes, this effort needs a champion.
Hardening (was: Re: tor: update to 0.2.9.9)
Leo Famulari writes: > On Tue, Jan 24, 2017 at 11:19:33AM +, contact@cryptolab.net wrote: >> Changes in version 0.2.9.9 - 2017-01-23 >> o Major bugfixes (security): >> - Downgrade the "-ftrapv" option from "always on" to "only on when >> --enable-expensive-hardening is provided." This hardening option, >> like others, can turn survivable bugs into crashes -- and having >> it on by default made a (relatively harmless) integer overflow bug >> into a denial-of-service bug. Fixes bug 21278 (TROVE-2017-001); >> bugfix on 0.2.9.1-alpha. > > I'm not familiar with Tor's build system. > > Should we build Tor with "--enable-expensive-hardening"? I will take a look later what can be applied other than the default configure flags. I'm all for hardening, but it seems that the first basic ideas for Guix are stuck in the idea state. It would be great to see some movement on this during this year. I volunteer to help with it, though I don't have as much experience with SELinux (and only basic experience with GrSecurity without a modular kernel like GuixSD uses). -- ♥Ⓐ ng0 -- https://www.inventati.org/patternsinthechaos/
Re: [PATCH] update haunt to 0.2.1
Leo, 2017-01-24 15:11 GMT+01:00 Catonano : > Hello guixers, > > the attached patch updates Haunt to the recently released version 0.2.1 > Would you mind to take care of this one too ? This is even simpler than Wiredtiger Thanks
Re: [PATCH] update wiredtiger to 2.9.1
On Tue, Jan 24, 2017 at 08:31:14PM +0100, Catonano wrote: > I couldn't manage to connect to the new Wiredtiger through Amz3's machinery > (I have a hard time with dynamic ffi) but the tests pass. All of them > From b965e3c92ec55252fc2bd73712ae5b0c02127fa2 Mon Sep 17 00:00:00 2001 > From: humanitiesNerd > Date: Tue, 24 Jan 2017 19:35:58 +0100 > Subject: [PATCH] gnu: wiredtiger: Update to 2.9.1 > > * gnu/packages/databases.scm (wiredtiger): Update to 2.9.1. Thanks! Applied as 81e95821057a3df50952f979bf767012ddbbf8c2
Re: [PATCH] gnu: Add emacs-mew.
From: Thomas Danckaert Subject: [PATCH] gnu: Add emacs-mew. Date: Tue, 24 Jan 2017 18:01:11 +0100 (CET) > From 3759a0a4720165e0443bdb7522f6b4b7515aec6f Mon Sep 17 00:00:00 2001 > From: Thomas Danckaert > Date: Tue, 24 Jan 2017 09:41:42 +0100 > Subject: [PATCH] gnu: Add emacs-mew. > > * gnu/packages/mail.scm (emacs-mew): New variable. I've just discovered this patch doesn't add the package to emacs' load-path, so please disregard for now. (and/or tell me how to fix this :) ) Thomas
[PATCH 1/1] gnu: ruby-minitar: Fix an arbitrary file overwrite bug.
* gnu/packages/patches/minitar-fix-arbitrary-file-overwrite.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/ruby.scm (ruby-minitar)[source]: Use it. --- gnu/local.mk | 1 + .../minitar-fix-arbitrary-file-overwrite.patch | 253 + gnu/packages/ruby.scm | 1 + 3 files changed, 255 insertions(+) create mode 100644 gnu/packages/patches/minitar-fix-arbitrary-file-overwrite.patch diff --git a/gnu/local.mk b/gnu/local.mk index 3963b97b7..14aa56a75 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -865,6 +865,7 @@ dist_patch_DATA = \ %D%/packages/patches/rpm-CVE-2014-8118.patch \ %D%/packages/patches/rsem-makefile.patch \ %D%/packages/patches/ruby-concurrent-ignore-broken-test.patch\ + %D%/packages/patches/minitar-fix-arbitrary-file-overwrite.patch \ %D%/packages/patches/ruby-puma-ignore-broken-test.patch \ %D%/packages/patches/ruby-rack-ignore-failing-test.patch \ %D%/packages/patches/ruby-tzinfo-data-ignore-broken-test.patch\ diff --git a/gnu/packages/patches/minitar-fix-arbitrary-file-overwrite.patch b/gnu/packages/patches/minitar-fix-arbitrary-file-overwrite.patch new file mode 100644 index 0..5d1836a09 --- /dev/null +++ b/gnu/packages/patches/minitar-fix-arbitrary-file-overwrite.patch @@ -0,0 +1,253 @@ +Fix a bug allowing arbitrary file overwrite during archive extraction +via '..' directory traversal: + +http://seclists.org/oss-sec/2017/q1/178 +https://github.com/halostatue/minitar/issues/16 + +Patch copied from upstream source repository: + +https://github.com/halostatue/minitar/commit/e25205ecbb6277ae8a3df1e6a306d7ed4458b6e4 + +From e25205ecbb6277ae8a3df1e6a306d7ed4458b6e4 Mon Sep 17 00:00:00 2001 +From: Austin Ziegler +Date: Sun, 13 Nov 2016 23:25:21 -0500 +Subject: [PATCH] Resolve relative path vulnerability + +Fixes #16 +--- + History.md | 37 + + lib/archive/tar/minitar.rb | 11 --- + lib/archive/tar/minitar/input.rb | 34 +++--- + minitar.gemspec | 2 +- + test/test_tar_input.rb | 32 + 5 files changed, 93 insertions(+), 23 deletions(-) + +diff --git a/History.md b/History.md +index 6fd68cc..adfd992 100644 +--- a/History.md b/History.md +@@ -8,6 +8,14 @@ + `archive-tar-minitar` will install both `minitar` and `minitar-cli`, at + least until version 1.0.) + ++* Minitar extraction before 0.6 traverses directories if the tarball ++includes a relative directory reference, as reported in [#16][] by ++@ecneladis. This has been disallowed entirely and will throw a ++SecureRelativePathError when found. Additionally, if the final ++destination of an entry is an already-existing symbolic link, the ++existing symbolic link will be removed and the file will be written ++correctly (on platforms that support symblic links). ++ + * Enhancements: + + * Licence change. After speaking with Mauricio Fernández, we have changed +@@ -51,18 +59,16 @@ + + * Bugs: + +-* Fix [#2](https://github.com/halostatue/minitar/issues/2) to handle IO +-streams that are not seekable, such as pipes, STDIN, or STDOUT. +-* Fix [#3](https://github.com/halostatue/minitar/issues/3) to make the +-test timezone resilient. +-* Fix [#4](https://github.com/halostatue/minitar/issues/4) for supporting +-the reading of tar files with filenames in the GNU long filename +-extension format. Ported from @atoulme’s fork, originally provided by +-Curtis Sampson. +-* Fix [#6](https://github.com/halostatue/minitar/issues/6) by making it +-raise the correct error for a long filename with no path components. +-* Fix [#14](https://github.com/halostatue/minitar/pull/6) provided by +-@kzys should fix Windows detection issues. ++* Fix [#2][] to handle IO streams that are not seekable, such as pipes, ++STDIN, or STDOUT. ++* Fix [#3][] to make the test timezone resilient. ++* Fix [#4][] for supporting the reading of tar files with filenames in ++the GNU long filename extension format. Ported from @atoulme’s fork, ++originally provided by Curtis Sampson. ++* Fix [#6][] by making it raise the correct error for a long filename ++with no path components. ++* Fix [#14][] provided by @kzys should fix Windows detection issues. ++* Fix [#16][] as specified above. + + * Development: + +@@ -83,3 +89,10 @@ + + * Initial release. Does files and directories. Command does create, extract, + and list. ++ ++[#2]: https://github.com/halostatue/minitar/issues/2 ++[#3]: https://github.com/halostatue/minitar/issues/3 ++[#4]: https://gith
[PATCH 0/1] Help wanted fixing a ruby-minitar bug
I tried using this patch to fix a bug in ruby-minitar, but the build fails as shown below. Any ideas? $ ./pre-inst-env guix build ruby-minitar The following derivations will be built: /gnu/store/naprvm320mvzlhv4ciax0436qqm3r8zj-ruby-minitar-0.5.4.drv /gnu/store/vz70g01wln7aflljz65yf425pppcgpjd-minitar-0.5.4.tar.xz.drv @ build-started /gnu/store/vz70g01wln7aflljz65yf425pppcgpjd-minitar-0.5.4.tar.xz.drv - x86_64-linux /var/log/guix/drvs/vz//70g01wln7aflljz65yf425pppcgpjd-minitar-0.5.4.tar.xz.drv.bz2 data.tar.gz metadata.gz source is under 'data.tar.gz' Backtrace: In ice-9/boot-9.scm: 160: 10 [catch #t # ...] In unknown file: ?: 9 [apply-smob/1 #] In ice-9/boot-9.scm: 66: 8 [call-with-prompt prompt0 ...] In ice-9/eval.scm: 432: 7 [eval # #] In ice-9/boot-9.scm: 2404: 6 [save-module-excursion #] 4056: 5 [#] 1727: 4 [%start-stack load-stack #] 1732: 3 [#] In unknown file: ?: 2 [primitive-load "/gnu/store/l936dy9y0hz8wxkp4n6y9birnl3fblbb-minitar-0.5.4.tar.xz-builder"] In ice-9/eval.scm: 432: 1 [eval # #] In unknown file: ?: 0 [chdir "data.tar.gz"] ERROR: In procedure chdir: ERROR: In procedure chdir: Not a directory builder for `/gnu/store/vz70g01wln7aflljz65yf425pppcgpjd-minitar-0.5.4.tar.xz.drv' failed with exit code 1 @ build-failed /gnu/store/vz70g01wln7aflljz65yf425pppcgpjd-minitar-0.5.4.tar.xz.drv - 1 builder for `/gnu/store/vz70g01wln7aflljz65yf425pppcgpjd-minitar-0.5.4.tar.xz.drv' failed with exit code 1 cannot build derivation `/gnu/store/naprvm320mvzlhv4ciax0436qqm3r8zj-ruby-minitar-0.5.4.drv': 1 dependencies couldn't be built guix build: error: build failed: build of `/gnu/store/naprvm320mvzlhv4ciax0436qqm3r8zj-ruby-minitar-0.5.4.drv' failed Leo Famulari (1): gnu: ruby-minitar: Fix an arbitrary file overwrite bug. gnu/local.mk | 1 + .../minitar-fix-arbitrary-file-overwrite.patch | 253 + gnu/packages/ruby.scm | 1 + 3 files changed, 255 insertions(+) create mode 100644 gnu/packages/patches/minitar-fix-arbitrary-file-overwrite.patch -- 2.11.0
IcedTea 1 / OpenJDK 6 discontinued
Time marches on and IcedTea 1, which provides OpenJDK 6, is approaching the end of its life: http://blog.fuseyism.com/index.php/2017/01/11/discontinuation-of-support-for-icedtea-1-x/ There will be one more release in the series, 1.14.0. Thankfully, we have zero packages that depend on it, except for icedtea-7, which inherits from it. What does everyone think we should do? I see 4 options: 1) Distributions like ours will have to support it ourselves. That means fixing bugs, including security issues. This would probably be a cross-distro effort. 2) We will continue to package it, but not try to support it. The package will be stuck in time, and we should mark it as deprecated somehow, at least with a comment in the package description. 3) We Will remove the package and adjust our icedtea-7 package to no longer inherit from icedtea-6. 4) Something else... signature.asc Description: PGP signature
[PATCH] update wiredtiger to 2.9.1
I couldn't manage to connect to the new Wiredtiger through Amz3's machinery
(I have a hard time with dynamic ffi) but the tests pass. All of them
From b965e3c92ec55252fc2bd73712ae5b0c02127fa2 Mon Sep 17 00:00:00 2001
From: humanitiesNerd
Date: Tue, 24 Jan 2017 19:35:58 +0100
Subject: [PATCH] gnu: wiredtiger: Update to 2.9.1
* gnu/packages/databases.scm (wiredtiger): Update to 2.9.1.
---
gnu/packages/databases.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/gnu/packages/databases.scm b/gnu/packages/databases.scm
index b70d48c..fb0266e 100644
--- a/gnu/packages/databases.scm
+++ b/gnu/packages/databases.scm
@@ -1085,7 +1085,7 @@ database and supports many programming languages. It is a NoSQL database.")
(define-public wiredtiger
(package
(name "wiredtiger")
-(version "2.8.0")
+(version "2.9.1")
(source (origin
(method url-fetch)
(uri (string-append
@@ -1093,7 +1093,7 @@ database and supports many programming languages. It is a NoSQL database.")
version ".tar.bz2"))
(sha256
(base32
-"1qh7y5paisdxq19jgg81ld7i32lz920n5k30hdpxnr8ll9c4hgjr"
+"0krwnb2zfbhvjaskwl875qzd3y626s84zcciq2mxr5c5riw3yh6s"
(build-system gnu-build-system)
(arguments
'(#:configure-flags '("--enable-lz4" "--enable-zlib")
--
2.7.4
Re: tor: update to 0.2.9.9
On Tue, Jan 24, 2017 at 11:19:33AM +, contact@cryptolab.net wrote: > Changes in version 0.2.9.9 - 2017-01-23 > o Major bugfixes (security): > - Downgrade the "-ftrapv" option from "always on" to "only on when > --enable-expensive-hardening is provided." This hardening option, > like others, can turn survivable bugs into crashes -- and having > it on by default made a (relatively harmless) integer overflow bug > into a denial-of-service bug. Fixes bug 21278 (TROVE-2017-001); > bugfix on 0.2.9.1-alpha. I'm not familiar with Tor's build system. Should we build Tor with "--enable-expensive-hardening"? signature.asc Description: PGP signature
Re: [PATCH 4/6] gnu: Add lua5.2-bitop.
On Tue, Jan 24, 2017 at 03:40:13PM +0100, Ricardo Wurmus wrote: > * gnu/packages/lua.scm (lua5.2-bitop): New variable. > +(arguments > + `(#:test-target "test" > + #:make-flags > + (list "INSTALL=install -pD" > + (string-append "INSTALLPATH=printf " What's up with this "printf"? Does it actually execute the value of INSTALLPATH?
Re: [PATCH 2/6] gnu: Add lua-libmpack.
On Tue, Jan 24, 2017 at 03:40:11PM +0100, Ricardo Wurmus wrote: > * gnu/packages/serialization.scm (lua-libmpack): New variable. > + "USE_SYSTEM_LUA=yes" It doesn't bundle Lua, right? I couldn't find a bundled copy in the source tarball, so I'm just asking in case I missed something obvious.
Re: 07/08: gnu: Add ocaml-ssl.
On Tue, Jan 24, 2017 at 10:31:49AM +0100, julien lepiller wrote: > Le 2017-01-23 22:31, Leo Famulari a écrit : > > Can you change these substitutions to use (which "sh") instead? > > I didn't think it would cause any issue, but sure I will. Hopefully it doesn't cause an issue, but we should stick with the upstream developers' choice of shell.
Re: [PATCH] gnu: tor: Update to 0.2.9.9.
On Tue, Jan 24, 2017 at 11:19:34AM +, contact@cryptolab.net wrote: > From: ng0 > > * gnu/packages/tor.scm (tor): Update to 0.2.9.9. Thanks! Applied as 7c04154940b746fb872536ea6833f5ef8ddbe288
Re: [GuixSD on GCE]: Anyone working on this?
On Mon, Jan 23, 2017 at 05:17:16PM -0600, rohit yadav wrote: > Sorry for incomplete info. > > GCE - Google Compute Engine (Platform). > > I want to run guixsd on google compute engine. I haven't heard of anybody working on this. But it sounds useful!
Re: Build custom packages with cuirass.
Hi, Mathieu OTHACEHE writes: > Using cuirass I also noticed two other things that might need to be fixed: > > * When network isn't up yet at cuirass service start, > or goes down for a moment, the url fetching > fails and cuirass service stays hanged and needs to be restarted. > > * For an unknown reason, I have random freezes of cuirass, the polling > stops and nothing is outputed to log. I'm stracing it to find out why > ... I have created 2 separate issues on Notabug Web interface to track those bugs: https://notabug.org/mthl/cuirass/issues Thanks for reporting them. -- Mathieu Lirzin GPG: F2A3 8D7E EB2B 6640 5761 070D 0ADE E100 9460 4D37
Re: [Basic Linux Question]: Is it possible to have two init system?
Hi Rohit, > Is it possible to run two init processes? No it is not. > beginners who are frustrated by standard distro Why are you frustrated with standard distro? > easily get all the features of guixsd on a standard linux distribution. You can run guix on a standard linux distro. > It will be really useful for but do not have time to learn the whole guix > ecosystem at once before using it reliably. The init system is not something that end users interact with much. The only thing you have to know is the herd command to start/stop services but this is not something you should have to do manually most of the time. herd start SERVICENAME and I bet you can guess the other command...
[PATCH 1/2] gnu: Add qdbm.
* gnu/packages/databases.scm (qdbm): New variable. --- gnu/packages/databases.scm | 28 1 file changed, 28 insertions(+) diff --git a/gnu/packages/databases.scm b/gnu/packages/databases.scm index b70d48c..4269458 100644 --- a/gnu/packages/databases.scm +++ b/gnu/packages/databases.scm @@ -14,6 +14,7 @@ ;;; Copyright © 2016 Jan Nieuwenhuizen ;;; Copyright © 2016 Andy Patterson ;;; Copyright © 2017 Marius Bakke +;;; Copyright © 2017 Thomas Danckaert ;;; ;;; This file is part of GNU Guix. ;;; @@ -425,6 +426,33 @@ TIMESTAMP. It also supports storage of binary large objects, including pictures, sounds, or video.") (license (x11-style "file://COPYRIGHT" +(define-public qdbm + (package +(name "qdbm") +(version "1.8.78") +(source + (origin + (method url-fetch) +(uri (string-append "http://fallabs.com/"; name "/" +name "-" version ".tar.gz")) + (sha256 +(base32 + "0gmpvhn02pkq280ffmn4da1g4mdr1xxz7l80b7y4n7km1mrzwrml" +(build-system gnu-build-system) +(arguments + `( #:configure-flags (list (string-append "LDFLAGS=-Wl,-rpath=" + (assoc-ref %outputs "out") + "/lib" +(home-page "http://fallabs.com/qdbm";) +(synopsis "Key-value database") +(description "QDBM is a library of routines for managing a +database. The database is a simple data file containing key-value +pairs. Every key and value is serial bytes with variable length. +Binary data as well as character strings can be used as a key or a +value. There is no concept of data tables or data types. Records are +organized in a hash table or B+ tree.") +(license license:lgpl2.1+))) + (define-public recutils (package (name "recutils") -- 2.7.4
[PATCH 2/2] gnu: Add hyperestraier.
* gnu/packages/search.scm (hyperestraier): New variable.
---
gnu/packages/search.scm | 30 +-
1 file changed, 29 insertions(+), 1 deletion(-)
diff --git a/gnu/packages/search.scm b/gnu/packages/search.scm
index cb8b670..9f06490 100644
--- a/gnu/packages/search.scm
+++ b/gnu/packages/search.scm
@@ -1,6 +1,7 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2014 Mark H Weaver
;;; Copyright © 2015, 2016 Eric Bavier
+;;; Copyright © 2017 Thomas Danckaert
;;;
;;; This file is part of GNU Guix.
;;;
@@ -19,7 +20,7 @@
(define-module (gnu packages search)
#:use-module ((guix licenses)
-#:select (gpl2 gpl2+ gpl3+ bsd-3 x11))
+#:select (gpl2 gpl2+ gpl3+ lgpl2.1+ bsd-3 x11))
#:use-module (guix packages)
#:use-module (guix download)
#:use-module (guix build-system gnu)
@@ -160,6 +161,33 @@ accounting for new lines and paragraph changes. It also
has robust support
for parsing HTML files.")
(license gpl3+)))
+(define-public hyperestraier
+ (package
+(name "hyperestraier")
+(version "1.4.13")
+(source
+ (origin
+(method url-fetch)
+(uri (string-append "http://fallabs.com/"; name "/"
+name "-" version ".tar.gz"))
+(sha256
+ (base32
+ "1qk3pxgzyrpcz5qfyd5xs2hw9q1cbb7j5zd4kp1diq501wcj2vs9"
+(inputs
+ `(("qdbm" ,qdbm)
+ ("zlib" ,zlib)))
+(build-system gnu-build-system)
+(arguments
+ `( #:configure-flags (list (string-append "LDFLAGS=-Wl,-rpath="
+ (assoc-ref %outputs "out")
+ "/lib"
+(home-page "http://fallabs.com/hyperestraier";)
+(synopsis "Full-text search system")
+(description "Hyper Estraier can be used to integrate full-text
+search into applications, using either the provided command line and CGI
+interfaces, or a C API.")
+(license lgpl2.1+)))
+
(define-public mlocate
(package
(name "mlocate")
--
2.7.4
[PATCH] gnu: Add emacs-mew.
From 3759a0a4720165e0443bdb7522f6b4b7515aec6f Mon Sep 17 00:00:00 2001
From: Thomas Danckaert
Date: Tue, 24 Jan 2017 09:41:42 +0100
Subject: [PATCH] gnu: Add emacs-mew.
* gnu/packages/mail.scm (emacs-mew): New variable.
---
gnu/packages/mail.scm | 30 ++
1 file changed, 30 insertions(+)
diff --git a/gnu/packages/mail.scm b/gnu/packages/mail.scm
index 2318ae9..8991d4d 100644
--- a/gnu/packages/mail.scm
+++ b/gnu/packages/mail.scm
@@ -20,6 +20,7 @@
;;; Copyright © 2016 Arun Isaac
;;; Copyright © 2016 John Darrington
;;; Copyright © 2016 Marius Bakke
+;;; Copyright © 2017 Thomas Danckaert
;;;
;;; This file is part of GNU Guix.
;;;
@@ -79,6 +80,7 @@
#:use-module (gnu packages flex)
#:use-module (gnu packages gdb)
#:use-module (gnu packages man)
+ #:use-module (gnu packages ruby)
#:use-module (gnu packages samba)
#:use-module (gnu packages screen)
#:use-module (gnu packages tls)
@@ -377,7 +379,34 @@ can read the same mailbox from multiple computers. It supports IMAP as REMOTE
repository and Maildir/IMAP as LOCAL repository.")
(license gpl2+)))
+(define-public emacs-mew
+ (package
+ (name "emacs-mew")
+ (version "6.7")
+ (source
+(origin
+ (method url-fetch)
+ (uri "http://mew.org/Release/mew-6.7.tar.gz";)
+ (sha256
+ (base32
+"03fzky2kz73vgx4cbps2psbbnrgqgkk5q7jwfldisymkzr9iz03y"
+ (inputs
+ `(("emacs" ,emacs-minimal)))
+ (propagated-inputs
+ `(("ruby-sqlite3" ,ruby-sqlite3) ; optionally uses an sqlite database of messages
+ ("ruby" ,ruby))) ; sets GEM_PATH so ruby-sqlite3 is found at runtime
+ (build-system gnu-build-system)
+ (arguments
+ `(#:phases
+ (modify-phases %standard-phases
+ (delete 'check ; there are no tests
+ (home-page "http://www.mew.org";)
+ (synopsis "Emacs e-mail client")
+ (description "Mew (Messaging in the Emacs World) is a user interface
+for text messages, multimedia messages (MIME), news articles and
+security functionality including PGP, S/MIME, SSH, and SSL.")
+ (license bsd-3)))
+
(define-public mu
(package
(name "mu")
--
2.7.4
[PATCH 5/6] gnu: Add lua5.2-lpeg.
* gnu/packages/lua.scm (lua5.2-lpeg): New variable.
---
gnu/packages/lua.scm | 20
1 file changed, 20 insertions(+)
diff --git a/gnu/packages/lua.scm b/gnu/packages/lua.scm
index 28f66a596..d0220a3b6 100644
--- a/gnu/packages/lua.scm
+++ b/gnu/packages/lua.scm
@@ -402,6 +402,26 @@ Grammars (PEGs).")
(home-page "http://www.inf.puc-rio.br/~roberto/lpeg";)
(license license:expat)))
+(define-public lua5.2-lpeg
+ (package (inherit lua-lpeg)
+(name "lua5.2-lpeg")
+(arguments
+ `(#:phases
+ (modify-phases %standard-phases
+ (delete 'configure)
+ ;; `make install` isn't available, so we have to do it manually
+ (replace 'install
+ (lambda* (#:key outputs #:allow-other-keys)
+ (let ((out (assoc-ref outputs "out"))
+ (lua-version ,(version-major+minor (package-version
lua-5.2
+ (install-file "lpeg.so"
+ (string-append out "/lib/lua/" lua-version))
+ (install-file "re.lua"
+ (string-append out "/share/lua/" lua-version))
+ #t
+ #:test-target "test"))
+(inputs `(("lua", lua-5.2)
+
;; Lua 5.3 is not supported.
(define-public lua5.2-bitop
(package
--
2.11.0
[PATCH 1/6] gnu: Add libmpack.
* gnu/packages/serialization.scm (libmpack): New variable.
---
gnu/packages/serialization.scm | 30 +-
1 file changed, 29 insertions(+), 1 deletion(-)
diff --git a/gnu/packages/serialization.scm b/gnu/packages/serialization.scm
index 8db81c581..ab794ef80 100644
--- a/gnu/packages/serialization.scm
+++ b/gnu/packages/serialization.scm
@@ -1,5 +1,5 @@
;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2015 Ricardo Wurmus
+;;; Copyright © 2015, 2017 Ricardo Wurmus
;;; Copyright © 2016 Lukas Gradl
;;; Copyright © 2016 David Craven
;;; Copyright © 2016 Marius Bakke
@@ -129,6 +129,34 @@ such as compact binary encodings, XML, or JSON.")
serialization.")
(license license:boost1.0)))
+(define-public libmpack
+ (package
+(name "libmpack")
+(version "1.0.3")
+(source (origin
+ (method url-fetch)
+ (uri (string-append "https://github.com/tarruda/libmpack/";
+ "archive/" version ".tar.gz"))
+ (file-name (string-append name "-" version ".tar.gz"))
+ (sha256
+ (base32
"08kfdl55yf66xk57aqsbf8n45f2jsw2v7qwnaan08ciim77j3sv5"
+(build-system gnu-build-system)
+(arguments
+ `(#:test-target "test"
+ #:make-flags
+ (list "CC=gcc"
+ (string-append "PREFIX=" (assoc-ref %outputs "out")))
+ #:phases
+ (modify-phases %standard-phases
+ (delete 'configure
+(native-inputs
+ `(("libtool" ,libtool)))
+(home-page "https://github.com/tarruda/libmpack";)
+(synopsis "Small binary serialization library")
+(description "Libmpack is a small binary serialization and RPC library
+that implements both the msgpack and msgpack-rpc specifications.")
+(license license:expat)))
+
(define-public yaml-cpp
(package
(name "yaml-cpp")
--
2.11.0
[PATCH 6/6] gnu: Add neovim.
* gnu/packages/vim.scm (neovim): New variable.
---
gnu/packages/vim.scm | 80
1 file changed, 80 insertions(+)
diff --git a/gnu/packages/vim.scm b/gnu/packages/vim.scm
index c2c0ccad9..e9aafa16d 100644
--- a/gnu/packages/vim.scm
+++ b/gnu/packages/vim.scm
@@ -2,6 +2,7 @@
;;; Copyright © 2013 Cyril Roelandt
;;; Copyright © 2016 Efraim Flashner
;;; Copyright © 2016 ng0
+;;; Copyright © 2017 Ricardo Wurmus
;;;
;;; This file is part of GNU Guix.
;;;
@@ -22,18 +23,23 @@
#:use-module ((guix licenses) #:prefix license:)
#:use-module (guix packages)
#:use-module (guix download)
+ #:use-module (guix build-system cmake)
#:use-module (guix build-system gnu)
#:use-module (gnu packages)
#:use-module (gnu packages acl)
#:use-module (gnu packages admin) ; For GNU hostname
#:use-module (gnu packages attr)
+ #:use-module (gnu packages base)
#:use-module (gnu packages fontutils)
#:use-module (gnu packages gawk)
#:use-module (gnu packages gettext)
#:use-module (gnu packages glib)
+ #:use-module (gnu packages gperf)
#:use-module (gnu packages groff)
#:use-module (gnu packages gtk)
#:use-module (gnu packages image)
+ #:use-module (gnu packages jemalloc)
+ #:use-module (gnu packages libevent)
#:use-module (gnu packages linux)
#:use-module (gnu packages lua)
#:use-module (gnu packages ncurses)
@@ -41,8 +47,10 @@
#:use-module (gnu packages pkg-config)
#:use-module (gnu packages python)
#:use-module (gnu packages ruby)
+ #:use-module (gnu packages serialization)
#:use-module (gnu packages shells)
#:use-module (gnu packages tcl)
+ #:use-module (gnu packages terminals)
#:use-module (gnu packages xdisorg)
#:use-module (gnu packages xorg))
@@ -149,6 +157,78 @@ configuration files.")
("tcl" ,tcl)
,@(package-inputs vim)
+(define-public neovim
+ (package
+(name "neovim")
+(version "0.1.7")
+(source
+ (origin
+ (method url-fetch)
+ (uri (string-append "https://github.com/neovim/neovim/";
+ "archive/v" version ".tar.gz"))
+ (file-name (string-append name "-" version ".tar.gz"))
+ (sha256
+(base32
+ "0zjbpc4rhv5bcr353xqnbrc36zjvn7qvh8xf6s7n1bdi3788by6q"
+(build-system cmake-build-system)
+(arguments
+ `(#:modules ((srfi srfi-26)
+ (guix build cmake-build-system)
+ (guix build utils))
+ #:phases
+ (modify-phases %standard-phases
+ (add-after 'unpack 'set-lua-paths
+ (lambda* (#:key inputs #:allow-other-keys)
+ (let* ((lua-version "5.2")
+(lua-cpath-spec
+ (lambda (prefix)
+ (let ((path (string-append prefix "/lib/lua/"
lua-version)))
+ (string-append path "/?.so;" path "/?/?.so"
+(lua-path-spec
+ (lambda (prefix)
+ (let ((path (string-append prefix "/share/lua/"
lua-version)))
+ (string-append path "/?.lua;" path "/?/?.lua"
+(lua-inputs (map (cute assoc-ref %build-inputs <>)
+ '("lua"
+ "lua-lpeg"
+ "lua-bitop"
+ "lua-libmpack"
+ (setenv "LUA_PATH"
+ (string-join (map lua-path-spec lua-inputs) ";"))
+ (setenv "LUA_CPATH"
+ (string-join (map lua-cpath-spec lua-inputs) ";"))
+ #t))
+(inputs
+ `(("libuv" ,libuv)
+ ("gettext" ,gettext-minimal)
+ ("gperf" ,gperf)
+ ("msgpack" ,msgpack)
+ ("libtermkey" ,libtermkey)
+ ("libvterm" ,libvterm)
+ ("unibilium" ,unibilium)
+ ("jemalloc" ,jemalloc)
+ ("libiconv" ,libiconv)
+ ("lua" ,lua-5.2)
+ ("lua-lpeg" ,lua5.2-lpeg)
+ ("lua-bitop" ,lua5.2-bitop)
+ ("lua-libmpack" ,lua5.2-libmpack)))
+(native-inputs
+ `(("pkg-config" ,pkg-config)))
+(home-page "http://neovim.io";)
+(synopsis "Fork of vim focused on extensibility and agility")
+(description "Neovim is a project that seeks to aggressively
+refactor Vim in order to:
+
+@itemize
+@item Simplify maintenance and encourage contributions
+@item Split the work between multiple developers
+@item Enable advanced external UIs without modifications to the core
+@item Improve extensibility with a new plugin architecture
+@end itemize\n")
+;; Neovim is licensed under the terms of the Apache 2.0 license,
+;; except for parts that were contributed under the Vim license.
+(license (list license:asl2.0 license:vim
+
(define-public vifm
(package
(name "vifm")
--
2.11.0
[PATCH 4/6] gnu: Add lua5.2-bitop.
* gnu/packages/lua.scm (lua5.2-bitop): New variable.
---
gnu/packages/lua.scm | 33 +
1 file changed, 33 insertions(+)
diff --git a/gnu/packages/lua.scm b/gnu/packages/lua.scm
index 721eceddf..28f66a596 100644
--- a/gnu/packages/lua.scm
+++ b/gnu/packages/lua.scm
@@ -401,3 +401,36 @@ Notable examples are GTK+, GStreamer and Webkit.")
Grammars (PEGs).")
(home-page "http://www.inf.puc-rio.br/~roberto/lpeg";)
(license license:expat)))
+
+;; Lua 5.3 is not supported.
+(define-public lua5.2-bitop
+ (package
+(name "lua5.2-bitop")
+(version "1.0.2")
+(source (origin
+ (method url-fetch)
+ (uri (string-append "http://bitop.luajit.org/download/";
+ "LuaBitOp-" version ".tar.gz"))
+ (sha256
+ (base32
+"16fffbrgfcw40kskh2bn9q7m3gajffwd2f35rafynlnd7llwj1qj"
+(build-system gnu-build-system)
+(arguments
+ `(#:test-target "test"
+ #:make-flags
+ (list "INSTALL=install -pD"
+ (string-append "INSTALLPATH=printf "
+(assoc-ref %outputs "out")
+"/lib/lua/"
+,(version-major+minor (package-version lua-5.2))
+"/bit/bit.so"))
+ #:phases
+ (modify-phases %standard-phases
+ (delete 'configure
+(inputs `(("lua", lua-5.2)))
+(home-page "http://bitop.luajit.org/index.html";)
+(synopsis "Bitwise operations on numbers for Lua")
+(description
+ "Lua BitOp is a C extension module for Lua which adds bitwise operations
+on numbers.")
+(license license:expat)))
--
2.11.0
[PATCH 3/6] gnu: Add lua5.2-libmpack.
* gnu/packages/serialization.scm (lua5.2-libmpack): New variable.
---
gnu/packages/serialization.scm | 20
1 file changed, 20 insertions(+)
diff --git a/gnu/packages/serialization.scm b/gnu/packages/serialization.scm
index d59ded313..9e073b7a9 100644
--- a/gnu/packages/serialization.scm
+++ b/gnu/packages/serialization.scm
@@ -193,6 +193,26 @@ that implements both the msgpack and msgpack-rpc
specifications.")
`(("pkg-config" ,pkg-config)))
(synopsis "Lua bindings for the libmpack binary serialization library")))
+(define-public lua5.2-libmpack
+ (package (inherit lua-libmpack)
+(name "lua5.2-libmpack")
+(arguments
+ (substitute-keyword-arguments (package-arguments lua-libmpack)
+ ((#:make-flags flags)
+`(let* ((lua-version ,(package-version lua-5.2))
+(lua-major+minor ,(version-major+minor (package-version
lua-5.2
+ (list "CC=gcc"
+ "USE_SYSTEM_LUA=yes"
+ (string-append "LUA_VERSION=" lua-version)
+ (string-append "LUA_VERSION_MAJ_MIN=" lua-major+minor)
+ (string-append "PREFIX="
+(assoc-ref %outputs "out"))
+ (string-append "LUA_CMOD_INSTALLDIR="
+(assoc-ref %outputs "out")
+"/lib/lua/" lua-major+minor))
+(inputs
+ `(("lua" ,lua-5.2)
+
(define-public yaml-cpp
(package
(name "yaml-cpp")
--
2.11.0
[PATCH 2/6] gnu: Add lua-libmpack.
* gnu/packages/serialization.scm (lua-libmpack): New variable.
---
gnu/packages/serialization.scm | 36
1 file changed, 36 insertions(+)
diff --git a/gnu/packages/serialization.scm b/gnu/packages/serialization.scm
index ab794ef80..d59ded313 100644
--- a/gnu/packages/serialization.scm
+++ b/gnu/packages/serialization.scm
@@ -24,6 +24,7 @@
#:use-module ((guix licenses) #:prefix license:)
#:use-module (guix packages)
#:use-module (guix download)
+ #:use-module (guix utils)
#:use-module (guix build-system cmake)
#:use-module (guix build-system gnu)
#:use-module (gnu packages)
@@ -32,6 +33,7 @@
#:use-module (gnu packages check)
#:use-module (gnu packages compression)
#:use-module (gnu packages documentation)
+ #:use-module (gnu packages lua)
#:use-module (gnu packages pkg-config)
#:use-module (gnu packages python))
@@ -157,6 +159,40 @@ serialization.")
that implements both the msgpack and msgpack-rpc specifications.")
(license license:expat)))
+(define-public lua-libmpack
+ (package (inherit libmpack)
+(name "lua-libmpack")
+(build-system gnu-build-system)
+(arguments
+ `(;; FIXME: tests require "busted", which is not yet available in Guix.
+ #:tests? #f
+ #:test-target "test"
+ #:make-flags
+ (let* ((lua-version ,(package-version lua))
+ (lua-major+minor ,(version-major+minor (package-version lua
+ (list "CC=gcc"
+ "USE_SYSTEM_LUA=yes"
+ (string-append "LUA_VERSION=" lua-version)
+ (string-append "LUA_VERSION_MAJ_MIN=" lua-major+minor)
+ (string-append "PREFIX="
+ (assoc-ref %outputs "out"))
+ (string-append "LUA_CMOD_INSTALLDIR="
+ (assoc-ref %outputs "out")
+ "/lib/lua/" lua-major+minor)
+ ;; This is unnecessary as of upstream commit 02886c13ff8a2,
+ ;; which is not part of the current release.
+ "CFLAGS=-DLUA_C89_NUMBERS -fPIC"))
+ #:phases
+ (modify-phases %standard-phases
+ (delete 'configure)
+ (add-after 'unpack 'chdir
+ (lambda _ (chdir "binding/lua") #t)
+(inputs
+ `(("lua" ,lua)))
+(native-inputs
+ `(("pkg-config" ,pkg-config)))
+(synopsis "Lua bindings for the libmpack binary serialization library")))
+
(define-public yaml-cpp
(package
(name "yaml-cpp")
--
2.11.0
Re: [PATCH 01/11] gnu: lxterminal: Update to 0.3.0.
Hi, Thanks for reporting this issue, and I dropped encoding.c and its related translations from our code because we don't have encoding selection implemented properly. https://git.lxde.org/gitweb/?p=lxde/lxterminal.git;a=commit;h=3c9b0a033629913a30bdb0c3db3b62b6483982b2 If anyone wants to take this problem, it is always welcomed to revert this and implement proper encoding menu. (Though I think UTF-8 should be enough) Yao Wei On Mon, Jan 23, 2017 at 09:06:34PM +, ng0 wrote: > I have just updated our distributions lxterminal build, and I ran > into the problem described in the below quoted message. > > I've seen no recent commit which obviously fixes this issue. > Could you look into it? signature.asc Description: PGP signature
[PATCH] update haunt to 0.2.1
Hello guixers,
the attached patch updates Haunt to the recently released version 0.2.1
From 015719506600bcb674b1d47398af27c2b4f32d18 Mon Sep 17 00:00:00 2001
From: humanitiesNerd
Date: Tue, 24 Jan 2017 14:55:12 +0100
Subject: [PATCH] gnu: haunt: Update to 0.2.1
* gnu/packages/guile.scm (haunt): Update to 0.2.1.
---
gnu/packages/guile.scm | 7 ---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/gnu/packages/guile.scm b/gnu/packages/guile.scm
index 00f587d..ba45a63 100644
--- a/gnu/packages/guile.scm
+++ b/gnu/packages/guile.scm
@@ -938,14 +938,14 @@ Guile's foreign function interface.")
(define-public haunt
(package
(name "haunt")
-(version "0.2")
+(version "0.2.1")
(source (origin
(method url-fetch)
(uri (string-append "https://files.dthompson.us/haunt/haunt-";
version ".tar.gz"))
(sha256
(base32
-"1id83n8fs7jxys1d8jy70vylg8gzcvlw1y7hb41y3qxv5zi4671m"
+"1fpaf1vm6s7j13fs35barjh5yajcc2rc3pi8r7278wpgp4i2vs3w"
(build-system gnu-build-system)
(arguments
`(#:modules ((ice-9 match) (ice-9 ftw)
@@ -975,7 +975,8 @@ Guile's foreign function interface.")
(inputs
`(("guile" ,guile-2.0)))
(propagated-inputs
- `(("guile-reader" ,guile-reader)))
+ `(("guile-reader" ,guile-reader)
+ ("guile-commonmark" ,guile-commonmark)))
(synopsis "Functional static site generator")
(description "Haunt is a static site generator written in Guile
Scheme. Haunt features a functional build system and an extensible
--
2.7.4
Mailmap: Update to new address
In process of getting rid of my domains, here is the update to the mailmap file.
[PATCH] Update entries for ng0 in .mailmap.
From: ng0 * .mailmap: Update entries for ng0. --- .mailmap | 11 ++- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/.mailmap b/.mailmap index a6687ee44..a3ec47ff4 100644 --- a/.mailmap +++ b/.mailmap @@ -40,11 +40,12 @@ Marius Bakke Mathieu Lirzin Mathieu Lirzin Nikita Karetnikov -ng0 -ng0 -ng0 -ng0 -ng0 +ng0 +ng0 +ng0 +ng0 +ng0 +ng0 Pjotr Prins Pjotr Prins Pjotr Prins -- 2.11.0
[PATCH] gnu: tor: Update to 0.2.9.9.
From: ng0
* gnu/packages/tor.scm (tor): Update to 0.2.9.9.
---
gnu/packages/tor.scm | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/gnu/packages/tor.scm b/gnu/packages/tor.scm
index 6f26f404b..c7f97ab1b 100644
--- a/gnu/packages/tor.scm
+++ b/gnu/packages/tor.scm
@@ -2,7 +2,7 @@
;;; Copyright © 2013, 2014, 2015 Ludovic Courtès
;;; Copyright © 2014, 2015 Mark H Weaver
;;; Copyright © 2016 Efraim Flashner
-;;; Copyright © 2016 ng0
+;;; Copyright © 2016, 2017 ng0
;;;
;;; This file is part of GNU Guix.
;;;
@@ -39,14 +39,14 @@
(define-public tor
(package
(name "tor")
-(version "0.2.9.8")
+(version "0.2.9.9")
(source (origin
(method url-fetch)
(uri (string-append "https://dist.torproject.org/tor-";
version ".tar.gz"))
(sha256
(base32
- "0sklgmx4nikcfhqd606kvpwy1l8840w24ikli1xjjx25739k7pgv"
+ "0hqdk5p6dw4bpn7c8gmhyi8jjkhc37112pfw5nx4gl0g4lmmscik"
(build-system gnu-build-system)
(native-inputs
`(("python" ,python-2))) ; for tests
--
2.11.0
Re: GeoIP database redistribution?
Efraim Flashner writes: > On Tue, Jan 24, 2017 at 06:06:21AM +, Pjotr Prins wrote: >> On Mon, Jan 23, 2017 at 07:17:12PM +0100, Marius Bakke wrote: >> > ng0 writes: >> > >> > > I want to slowly package OONI (https://ooni.torproject.org/). >> > > One of its dependencies, txtorcon, requires python-geoip which >> > > depends on geoip-c-api. I've got both covered, but both of them >> > > want (either to download or to be present) for tests (a/the) >> > > legacy database file of maxmind. >> > > >> > > Question 1: Can we distribute the database in a source? I can't >> > > access the homepage of maxmind for cloudflare reasons. >> > >> > The database is distributed freely under cc-by-sa4.0: >> > >> > https://dev.maxmind.com/geoip/legacy/geolite/#License >> > >> > So packaging it should be fine. :) >> >> This actually raises the issue of packaging large data files (we are >> getting into TB's). Could there be a way Guix fetches external >> datasets as part of the distribution? I think that if it is not >> executable code and SHA values/pfff values match it would be safe to >> do. >> > > The other thing is that guix downloads the files into ram and then > writes them into the store, which can be a problem if the source is > larger than the available memory. > > -- > Efraim Flashner אפרים פלשנר > GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351 > Confidentiality cannot be guaranteed on emails sent or received unencrypted TB? Oh. Due to cloudflare I had no clue how big this is. In this case, for the current state of the way we distribute packages is not itself using a distributed network (if just keeping the space on hydra is the problem?), I would suggest that I package the updater I mentioned and mention it in the description for other MaxMind software. This database is also an optional dependency for tor and not just ooni if I understand it correctly, so even if it's not 100% accurate (their commercial solution claims to be more accurate) it would be nice to find a way to include it. But I think size is really an issue, for example Gentoo dropped the database from their source distribution network and points users to the updater I mentioned (that's how I learned about the updater). -- ♥Ⓐ ng0 -- https://www.inventati.org/patternsinthechaos/
tor: update to 0.2.9.9
This updates tor. I have seen no one prepare or commit a patch for this. Paste from the announcement email: Tor 0.2.9.9 fixes a denial-of-service bug where an attacker could cause relays and clients to crash, even if they were not built with the --enable-expensive-hardening option. This bug affects all 0.2.9.x versions, and also affects 0.3.0.1-alpha: all relays running an affected version should upgrade. This release also resolves a client-side onion service reachability bug, and resolves a pair of small portability issues. Changes in version 0.2.9.9 - 2017-01-23 o Major bugfixes (security): - Downgrade the "-ftrapv" option from "always on" to "only on when --enable-expensive-hardening is provided." This hardening option, like others, can turn survivable bugs into crashes -- and having it on by default made a (relatively harmless) integer overflow bug into a denial-of-service bug. Fixes bug 21278 (TROVE-2017-001); bugfix on 0.2.9.1-alpha. o Major bugfixes (client, onion service): - Fix a client-side onion service reachability bug, where multiple socks requests to an onion service (or a single slow request) could cause us to mistakenly mark some of the service's introduction points as failed, and we cache that failure so eventually we run out and can't reach the service. Also resolves a mysterious "Remote server sent bogus reason code 65021" log warning. The bug was introduced in ticket 17218, where we tried to remember the circuit end reason as a uint16_t, which mangled negative values. Partially fixes bug 21056 and fixes bug 20307; bugfix on 0.2.8.1-alpha. o Minor features (geoip): - Update geoip and geoip6 to the January 4 2017 Maxmind GeoLite2 Country database. o Minor bugfixes (portability): - Avoid crashing when Tor is built using headers that contain CLOCK_MONOTONIC_COARSE, but then tries to run on an older kernel without CLOCK_MONOTONIC_COARSE. Fixes bug 21035; bugfix on 0.2.9.1-alpha. - Fix Libevent detection on platforms without Libevent 1 headers installed. Fixes bug 21051; bugfix on 0.2.9.1-alpha.
Re: 07/08: gnu: Add ocaml-ssl.
Le 2017-01-23 22:31, Leo Famulari a écrit :
On Mon, Jan 16, 2017 at 09:35:17PM +, julien lepiller wrote:
roptat pushed a commit to branch master
in repository guix.
commit 37f17e2a1e797d3d1ea12da5afd69526e0abfd3e
Author: Julien Lepiller
Date: Fri Dec 30 11:53:24 2016 +0100
gnu: Add ocaml-ssl.
* gnu/packages/ocaml.scm (ocaml-ssl): New variable.
+ (substitute* "src/OCamlMakefile"
+ (("/bin/sh") (which "bash")))
+ (substitute* "configure"
+ (("/bin/sh") (which "bash"
Hi Julien!
I noticed that a handful of your new OCaml packages replace invocations
of 'sh' with 'bash'. These shells actually have different behavior even
though they are both provided by the Bash package (see INVOCATION in
bash(1)).
Can you change these substitutions to use (which "sh") instead?
I didn't think it would cause any issue, but sure I will.
Re: [PATCH python-tests] gnu: python-2.7: Enable UCS-4 Unicode encoding.
Hi Danny, thanks for the explanation. I wondered about this since I stepped over it the first time (but did not bother investigating it.) -- Regards Hartmut Goebel | Hartmut Goebel | h.goe...@crazy-compilers.com | | www.crazy-compilers.com | compilers which you thought are impossible | 0xBF773B65.asc Description: application/pgp-keys
Re: GeoIP database redistribution?
On Tue, Jan 24, 2017 at 06:06:21AM +, Pjotr Prins wrote: > On Mon, Jan 23, 2017 at 07:17:12PM +0100, Marius Bakke wrote: > > ng0 writes: > > > > > I want to slowly package OONI (https://ooni.torproject.org/). > > > One of its dependencies, txtorcon, requires python-geoip which > > > depends on geoip-c-api. I've got both covered, but both of them > > > want (either to download or to be present) for tests (a/the) > > > legacy database file of maxmind. > > > > > > Question 1: Can we distribute the database in a source? I can't > > > access the homepage of maxmind for cloudflare reasons. > > > > The database is distributed freely under cc-by-sa4.0: > > > > https://dev.maxmind.com/geoip/legacy/geolite/#License > > > > So packaging it should be fine. :) > > This actually raises the issue of packaging large data files (we are > getting into TB's). Could there be a way Guix fetches external > datasets as part of the distribution? I think that if it is not > executable code and SHA values/pfff values match it would be safe to > do. > The other thing is that guix downloads the files into ram and then writes them into the store, which can be a problem if the source is larger than the available memory. -- Efraim Flashner אפרים פלשנר GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351 Confidentiality cannot be guaranteed on emails sent or received unencrypted signature.asc Description: PGP signature
