bug#47253: network-manager shepherd services does not wait to be online

I have a small number of daemons that need access to the network at startup. I have configured their Shepherd services to require `networking`. However, to my puzzlement, I consistently find that they are unable to access the network at startup. One daemon dies (and gets respawned so often

bug#47221: Guile not in native-inputs when it should

On Thu, 2021-03-18 at 15:01 +0100, Maxime Devos wrote: > This fixes some uses of wrap-script. There's a bug in the patch (a missing #:input argument), so don't apply yet. Will be fixed in the next revision (along with more cross-compilation fixes). signature.asc Description: This is a

bug#47144: [PATCH 1/1] gnu: patch: Update to 2.7.6-7623b2d [security fixes].

Hi, Léo Le Bouter via Bug reports for GNU Guix skribis: > * gnu/packages/base.scm (patch/fixed): New variable. > (patch)[replacement]: Graft. It’s (almost) useless to provide a graft of ‘patch’ because patch is usually a build-time only dependency. (Maybe we can tell it’s not vulnerable to

bug#47020: [PATCH 1/4] gnu: gnu-make-boot0: Don't include debug output.

Hi Efraim, Efraim Flashner skribis: > * gnu/packages/commencement.scm (gnu-make-boot0)[outputs]: Remove debug > from inherited outputs. Make sure nothing inherits from these packages, in which case we might inadvertently override ‘outputs’ in those packages too. Otherwise this and the

bug#47229: Local privilege escalation via guix-daemon and ‘--keep-failed’

On Thu, Mar 18, 2021 at 12:17:15PM +0100, Ludovic Courtès wrote: > It does not affect multi-user setups where ‘guix-daemon’ runs on a > separate machine and is accessed over the network, via > ‘GUIX_DAEMON_SOCKET’, as is customary on cluster setups. Machines where > the Linux “protected

bug#47097: eolie broken => unworking example from manual

Hi, Leo Prikler skribis: > This fixes errors observed directly at launch of Eolie inside pure > environments. (See for more information.) > It is still not possible to launch Eolie inside a container, however. > (See also .) > > *

bug#47230: Build phase to graft during build for better grafts QA

Hi, Léo Le Bouter skribis: > I am having an hard time testing grafts in GNU Guix while I think we > could have better tooling around this. > > For example, we could have a package transformation that can add a > phase before 'check (or others) to graft any intermediate build binary > and all

bug#46707: TeXmacs: Segmentation fault when starting interactive session

Hi Ludovic, ‐‐‐ Original Message ‐‐‐ On Thursday, March 18, 2021 4:05 PM, Ludovic Courtès wrote: > Hi Luis, > > Luis Felipe luis.felipe...@protonmail.com skribis: > > > The program crashes when starting any interactive session (except for a > > Scheme session). > > TeXmacs 1.99.18 > >

bug#46707: TeXmacs: Segmentation fault when starting interactive session

Hi Luis, Luis Felipe skribis: > The program crashes when starting any interactive session (except for a > Scheme session). > > TeXmacs 1.99.18 > Guix c5dc87f > Guix System Linux gnu 5.10.14-gnu TeXmacs has since been updated. Could you check whether this still happens? Thanks, Ludo’.

bug#47157: “Bad Read-Header-Line header: #” while substituting

This should now be fixed by c37e3b92ad0334ba2fe7ee4e98631f0a4edeee21. Thanks, Chris! Ludo’.

bug#47241: [website] return 404 with header 'Accept-Language: zh-CN, zh'

Hello! My webbrowser has set ‘Accept-Language’ to 'zh-CN,zh' by default, and https://guix.gnu.org will return 404. I have tested with curl, 'zh-CN,zh', 'zh-CN', 'zh-cn' is 404 while 'zh', 'zh_CN' is 200. The first time I found it is on 2021-02-23. And it didn't happened about one or two months

bug#47239: Test failure in tests/publish.scm with commit 1955ef93b76e51cab5bed4c90f7eb9df7035355a

Dear Guix Gurus, I am trying to compile Guix (commit 1955ef93b76e51cab5bed4c90f7eb9df7035355a) from source, on a computer running Ubuntu 20.04 with Guix added via a binary installation. I get one test failure, whose test-suite.log is attached. Cheers, Konrad.

bug#46669: Godot fails to start

Hello, libx11 was grafted in 826428ab5bd347954ee6be70a6a6596000f8583 due to a CVE, and as a side effect Godot is now working fine. I will close this issue then. Thanks for the comments!

bug#47221: Guile not in native-inputs when it should

This fixes some uses of wrap-script. From c451edc7ba759cf31f5d0ca113f7df9e28ccfe3b Mon Sep 17 00:00:00 2001 From: Maxime Devos Date: Thu, 18 Mar 2021 14:40:20 +0100 Subject: [PATCH] gnu: Explicitely pass the guile binary to wrap-script. If the #:guile argument of wrap-script is not set, then a

bug#47217: generic-html updater does not work with sqlite package

Léo Le Bouter skribis: > + (properties > +`((release-monitoring-url . "https://sqlite.org/download.html;))) Unfortunately this page uses JavaScript. Without JS, you get: sqlite-autoconf-3350200.tar.gz(2.82 MiB) We’d need to find a web page that directly links to the tarball, but I

bug#47226: fennel package not working with generic-html refresh updater

Léo Le Bouter skribis: > After applying: > > diff --git a/gnu/packages/lua.scm b/gnu/packages/lua.scm > index edb3f85109..36fd1eb066 100644 > --- a/gnu/packages/lua.scm > +++ b/gnu/packages/lua.scm > @@ -1175,6 +1175,8 @@ enabled.") >(snippet > '(begin >

bug#47228: Check binary consistency after grafting with e.g. ldd

Hi, (Cc: Leo Famulari who has been taking care of many security issues in Guix over years.) Léo Le Bouter skribis: > We had an issue after grafting ImageMagick fixed by < > https://git.savannah.gnu.org/cgit/guix.git/commit/?id=2e0ff59f0cd836b156f1ef2e78791d864ce3cfcd >>. > > Basically Inkscape

bug#47188: "guix lint -c cve" does not account for language prefixes (rust-, python-, go-, ..)

Hi, Léo Le Bouter skribis: > ./pre-inst-env guix lint -c cve python-urllib3@1.26.2 > Here this should return at least CVE-2021-28363 but it does not because > the CVE database contains urllib3 and not python-urllib3 (which AFAICT > the cve linter searches for). > > Annotating each and every

bug#47218: glibc 2.33's HWCAPS and GCC Function Multiversioning for performance

Hi Léo, Léo Le Bouter skribis: > Please see: > - > https://www.gnu.org/software/libc/manual/html_mono/libc.html#Hardware-Capability-Tunables > - https://www.phoronix.com/scan.php?page=news_item=glibc-hwcaps-RFC > - https://gcc.gnu.org/onlinedocs/gcc/Function-Multiversioning.html > > This could

bug#47229: Local privilege escalation via guix-daemon and ‘--keep-failed’

An additional data point: guix-daemon chowns build trees to the caller upon failure (a very handy feature) since this 2016 commit: https://git.savannah.gnu.org/cgit/guix.git/commit/?id=2608e40988ba8cf51723fe0d21bdedf6b3997c9c The Nix build daemon, which guix-daemon is based on, did not have

bug#47229: Local privilege escalation via guix-daemon and ‘--keep-failed’

Thanks a lot to the reporter and for working on this! signature.asc Description: This is a digitally signed message part

bug#47229: Local privilege escalation via guix-daemon and ‘--keep-failed’

Ludovic Courtès skribis: > The fix (patch attached) consists in adding a root-owned “wrapper” > directory in which the build directory itself is located. The fix has now been pushed: https://git.savannah.gnu.org/cgit/guix.git/commit/?id=ec7fb669945bfb47c5e1fdf7de3a5d07f7002ccf Followed by

bug#47231: sqlite package is vulnerable to CVE-2020-11655, CVE-2020-11656, CVE-2020-13434, CVE-2020-13435, CVE-2020-13630, CVE-2020-13631, CVE-2020-13632, CVE-2020-15358 and CVE-2020-9327

According to https://www.sqlite.org/versionnumbers.html major versions of sqlite remain ABI and file format backwards compatible. It means we could graft without trouble, 3.32.3 fixes all CVEs, however 3.32 introduces a test failure in Python 3.8.2 which is an errorneous test testing internal

bug#47230: Build phase to graft during build for better grafts QA

Hello! I am having an hard time testing grafts in GNU Guix while I think we could have better tooling around this. For example, we could have a package transformation that can add a phase before 'check (or others) to graft any intermediate build binary and all dependencies (if not done already)

bug#47229: Local privilege escalation via guix-daemon and ‘--keep-failed’

A security vulnerability that can lead to local privilege escalation has been found in ’guix-daemon’. It affects multi-user setups in which ’guix-daemon’ runs locally. It does not affect multi-user setups where ‘guix-daemon’ runs on a separate machine and is accessed over the network, via

bug#47228: Check binary consistency after grafting with e.g. ldd

Hello! We had an issue after grafting ImageMagick fixed by < https://git.savannah.gnu.org/cgit/guix.git/commit/?id=2e0ff59f0cd836b156f1ef2e78791d864ce3cfcd >. Basically Inkscape did not work because ImageMagick's soname had been bumped (probably for forward compat?):

bug#47186: python2 variants made through (package-with-python2 (strip-python2-variant ...)) don't inherit grafts

On Wed, 2021-03-17 at 04:05 -0400, Mark H Weaver wrote: > I've made an attempt to improve this situation in commit > 1a265842e634656411bc7304c4648273f174f65e on the 'master' branch. > Especially note the changes made in guix/build-system/python.scm. > > You might find that commit

bug#46967: Connection reuse for substitutes breaks with gzip

Bonface Munyoki K. skribis: > Ludovic Courtès writes: > >> Ludovic Courtès skribis: >> >>> Ludovic Courtès skribis: >>> I decided to take a heavy-handed solution to that problem, which is to augment Guile-zlib with an interface for gzip compression/decompression not restricted

bug#47221: Guile not in native-inputs when it should

On Wed, 2021-03-17 at 22:58 +0100, Maxime Devos wrote: > [...] > Some suspicious things: > * [...] > * clipmenu & others use "wrap-script" to define wrapper scripts > (in this case "guile" does not have to be in native-inputs). > The "wrap-script" procedure from (guix build utils) uses the >

bug#47227: Create git-tag refresh updater

We could do it without cloning the repos, for example the "fennel" package: $ git ls-remote --tags https://git.sr.ht/~technomancy/fennel e54a85b3525a44ac16d6a4e35d19a1d5d6948ce2refs/tags/0.1.0 5c58b24f5261734caff25b9cbe2e8b551027a8bdrefs/tags/0.1.1

bug#47226: fennel package not working with generic-html refresh updater

After applying: diff --git a/gnu/packages/lua.scm b/gnu/packages/lua.scm index edb3f85109..36fd1eb066 100644 --- a/gnu/packages/lua.scm +++ b/gnu/packages/lua.scm @@ -1175,6 +1175,8 @@ enabled.") (snippet '(begin (delete-file "fennelview.lua")

bug#47221: Guile not in native-inputs when it should

I made a spelling error in the command: ./pre-inst-env guix lint -c "inputs-should-also-be-native" I forgot to attach the output of "guix lint -c ..." (now attached). gnu/packages/admin.scm:1035:12: alive@2.0.3: 'guile' should probably also be a native input gnu/packages/audio.scm:4681:5:

bug#47225: QEMU warning about performance

While using `guix system vm`, I noticed this warning. I think it's new, maybe from the 5.2.0 update? -- qemu-system-x86_64: warning: 9p: degraded performance: a reasonable high msize should be chosen on client/guest side (chosen msize is <= 8192). See