amaharaneko/guix-mirrors
1
1
Fork 0
mirror of https://codeberg.org/guix/guix.git synced 2025-10-02 02:15:12 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

gnu: subversion: Add package and rename former to subversion/pinned.

Browse source 
Subversion currently has CVEs. IMHO, it's unsafe to carry them around
in a profile. However, updating subversion potential leads to a lot of
rebuilds and I don't want to tackle this right now.

As for other packages, the way forward is to add a variant of the
package only used for svn-fetch, here subversion/pinned.

* gnu/packages/version-control.scm (subversion): Update to 1.14.5.
(subversion/pinned): Inherit from subversion, but build the exact same
derivation as the previous subversion variable.

* guix/svn-download.scm (subversion-package): Use subversion/pinned.

Signed-off-by: Ludovic Courtès <ludo@gnu.org>
This commit is contained in:
Nicolas Graves 2025-08-27 14:45:02 +02:00 committed by Ludovic Courtès
parent a5ff617c24
commit 6c71c8dc4a
No known key found for this signature in database
GPG key ID: 090B11993D9AEBB5
2 changed files with 17 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

18
gnu/packages/version-control.scm
View file

@ -2992,14 +2992,14 @@ following features:
(define-public subversion (define-public subversion
(package (package
(name "subversion") (name "subversion")
(version "1.14.3") (version "1.14.5")
(source (origin (source (origin
(method url-fetch) (method url-fetch)
(uri (string-append "mirror://apache/subversion/" (uri (string-append "mirror://apache/subversion/"
"subversion-" version ".tar.bz2")) "subversion-" version ".tar.bz2"))
(sha256 (sha256
(base32 (base32
"0h54l4p2dlk1rm4zm428hi6ij6xpqxqlqmvkhmz5yhq9392zv7ll")))) "18a4avism0a7b1siikkm6v2snhanlmqqzl4p8hspp2vbfvkjk2p7"))))
(build-system gnu-build-system) (build-system gnu-build-system)
(arguments (arguments
(list (list
@ -3068,6 +3068,20 @@ usage; and its ability to support the needs of a wide variety of users and
projects, from individuals to large-scale enterprise operations.") projects, from individuals to large-scale enterprise operations.")
(license license:asl2.0))) (license license:asl2.0)))
(define-public subversion/pinned
(hidden-package
(package
(inherit subversion)
(name "subversion")
(version "1.14.3")
(source
(origin
(method url-fetch)
(uri (string-append "mirror://apache/subversion/"
"subversion-" version ".tar.bz2"))
(sha256
(base32 "0h54l4p2dlk1rm4zm428hi6ij6xpqxqlqmvkhmz5yhq9392zv7ll")))))))
(define-public rcs (define-public rcs
(package (package
(name "rcs") (name "rcs")

2
guix/svn-download.scm
View file

@ -72,7 +72,7 @@
(define (subversion-package) (define (subversion-package)
"Return the default Subversion package." "Return the default Subversion package."
(let ((distro (resolve-interface '(gnu packages version-control)))) (let ((distro (resolve-interface '(gnu packages version-control))))
(module-ref distro 'subversion))) (module-ref distro 'subversion/pinned)))
(define (svn-fetch-builder svn hash-algo) (define (svn-fetch-builder svn hash-algo)
(define guile-json (define guile-json