Some arguments used for lower but not for the builder were passed as
arguments to the builders. Remove this ambiguity.
* guix/build-system/rakudo.scm (lower)[private-keywords]: Add keywords
with-prove6? and with-zed?,...
(rakudo-build): ... removed from here.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
An unused glibc package made its way into the copy-build-system.
It's confusing, so remove it.
* guix/build-system/copy.scm (default-glibc): Remove variable.
(lower): Remove glibc keyword.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* guix/build/tree-sitter-build-system.scm (install): Switch to
building with -std=c11.
Fixes: guix/guix#2215
Change-Id: I04f3ede07aeaaa9cf95272611d6346295f603b69
Signed-off-by: Danny Milosavljevic <dannym@friendly-machines.com>
"guix perform-download" is used to implement the daemon's "download" and
"git-download" builtin builders. Because these are builtins, it runs without
any additional isolation beyond merely running as a build user. In such a
context, allowing arbitrary user-supplied code to be evaluated will easily
lead to the build user being taken over, which can then be used to corrupt
future builds, enable exploitation of certain vulnerabilities, and in the case
of the rootless daemon completely take over guix-daemon.
Use (ice-9 sandbox) to ensure that only safe bindings are available during the
evaluation of the content-addressed-mirrors file.
* guix/perform-download.scm (%safe-bindings, %sandbox-module): new variables.
(syntax-noop): new syntax.
(eval-content-addressed-mirrors, assert-store-file,
call-with-input-file/no-symlinks): new procedures.
(perform-download): use assert-store-file to ensure files are in the store
before being read. Use call-with-input-file/no-symlinks for opening
untrusted files. Use eval-content-addressed-mirrors to evaluate the
content-addressed-mirrors file.
Change-Id: I8ed27a95d84dbcc7d72d0d75f172d113f8be6c79
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* guix/build/download.scm (url-fetch): don't pass the return value from a
content-addressed-mirror procedure to 'string->uri' if it is #f.
Change-Id: Ic4f94f86fcfebe6f2e60cb3c4330ce57886ab647
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Since this is used to implement the "download" and "git-download" builtins,
which are run outside of any chroot, this is trusted code with respect to the
user-supplied strings it reads.
* guix/scripts/perform-download.scm (read/safe): new procedure.
(perform-download, perform-git-download): use it.
(guix-perform-download): explicitly set 'read-eval?' to #f and
'read-hash-procedures' to '(). #f is the default value of 'read-eval?' on
startup, but set it anyway to be certain.
Change-Id: I93cb8e32607a6f9a559a26c1cbd6b88212ead884
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Mercurial currently has CVEs. IMHO, it's unsafe to carry them around
in a profile. However, updating mercurial potential leads to a lot of
rebuilds and I don't want to tackle this right now.
As for other packages, the way forward is to add a variant of the
package only used for hg-fetch, here mercurial/pinned.
* gnu/packages/version-control.scm
(mercurial-check-phase): Add helper variable.
(mercurial): Update to 7.1.
[arguments]: Use gexps.
<#:phases>: Refresh them. Add phase 'add-install-to-pythonpath for
running tests. Run tests after install. Add phase 'configure-check.
<#:imported-modules, #:modules>: Add them for
'add-install-for-pythonpath.k
[native-inputs]: Remove python-nose. Add python-setuptools-next,
python-setuptools-scm-next.
(mercurial/pinned): Inherit from mercurial, but build the exact same
derivation as the previous mercurial variable.
* guix/hg-download.scm (hg-package): Use mercurial/pinned.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Subversion currently has CVEs. IMHO, it's unsafe to carry them around
in a profile. However, updating subversion potential leads to a lot of
rebuilds and I don't want to tackle this right now.
As for other packages, the way forward is to add a variant of the
package only used for svn-fetch, here subversion/pinned.
* gnu/packages/version-control.scm (subversion): Update to 1.14.5.
(subversion/pinned): Inherit from subversion, but build the exact same
derivation as the previous subversion variable.
* guix/svn-download.scm (subversion-package): Use subversion/pinned.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* guix/build-system/cargo.scm (lower): Emit warning when using #:cargo-inputs
or #:cargo-development-inputs.
* doc/guix.texi (Build Systems)[cargo-build-system]: Deprecate #:cargo-inputs
and #:cargo-development-inputs.
Change-Id: I43ed66e04c55368159aed309367c4ac278d8cc58
* gnu/packages/tree-sitter.scm (tree-sitter): Update to 0.25.3.
[arguments]<#:phases>: Add 'patch-_ts_dup-visibility for linking with Rust
bindings.
(tree-sitter-cli)[source]: Keep files required for building bindings.
[inputs]: Use ‘cargo-inputs’.
[arguments]: Remove #:cargo-inputs, #:cargo-development-inputs.
<#:cargo-test-flags>: Adjust failing tests to skip.
<#:cargo-install-paths>: Add "cli".
<#:phases>: Merge 'patch-node and 'patch-dot into 'patch-references.
Update their references and use ‘search-input-file’.
Remove modification of 'install, #:cargo-install-paths now takes care of the
installation.
* gnu/packages/rust-crates.scm (lookup-cargo-inputs)[tree-sitter-cli]: New
entry.
* guix/build/tree-sitter-build-system.scm
(patch-dependencies): Drop `peerDependencies' from package.json.
(build): Remove deprecated ‘--no-bindings’ option.
(check): Set CC.
(install): Add `src' to include directories in order for external
scanners to find `tree_sitter/parser.h'.
Co-authored-by: Hilton Chain <hako@ultrarare.space>
Change-Id: I3941a1785be8deb60f288fcd5983255f075f9215
Signed-off-by: Hilton Chain <hako@ultrarare.space>
This is a workaround to support Rust cross-compilation in build systems other
than cargo-build-system. Since there's no interface for target-inputs, using
native-inputs makes most sense.
* guix/build-system/cargo.scm (lower)[bag]<target-inputs>: Label rust-sysroot
with its package name.
* guix/build/cargo-build-system.scm (configure): Use it.
When cross-compiling, accept rust-sysroot from native-inputs if there's none
in inputs.
Change-Id: I5cb63c8c815d3a2c9f0ece01857254f6d0090dd1
This will make Rust cross compilation support in other build systems easier.
* guix/build-system/cargo.scm (cargo-triplet): Export.
Make ‘target’ argument optional.
Change-Id: I226bf4a7d8065eb7911da148d0cdf3352a47bde6
No special value is required for this environment variable.
* guix/build/cargo-build-system.scm (configure): Set GETTEXT_SYSTEM
unconditionally.
Change-Id: Id40fecaf75fa76c7b7f1404db226fa1ca6a45a5e
* guix/build/cargo-build-system.scm (crate-src?): Also don't try to
check python scripts for Cargo.toml.
Change-Id: I001a89b83d2e472706b1263007be45d1153c140f
This will make it easier to use these phases in other bulid systems.
* guix/build/cargo-build-system.scm (unpack-rust-crates, configure, build)
(package, install): Set default value for arguments specific to this build
system.
Change-Id: I1dde1b063d8eee57967903abd2fce94574211a0a
*guix/build-system/cargo.scm (cargo-build, cargo-cross-build)
[#:cargo-install-paths]: New argument.
* guix/build/cargo-build-system.scm (install): Use it.
* doc/guix.texi (Build Systems)[cargo-build-system]: Document it.
Change-Id: I74ed1972a5716da05afeac8edb2b0e4b6834bf40
* guix/build-system/cargo.scm (cargo-build, cargo-cross-build)
[#:cargo-package-crates]: New argument.
* guix/build/cargo-build-system.scm (package): Use it.
* doc/guix.texi (Build Systems)[cargo-build-system]: Document it.
Change-Id: I45ccd95e90827d47127015cb0bda2d41f792335b
* guix/build/cargo-build-system.scm (%standard-phases): Move
‘unpack-rust-crates’ after ‘unpack’.
Move ‘check-for-pregenerated-files’ after ‘configure’.
(check-for-pregenerated-files): Only check non-empty files.
Print out binary files.
Run in parallel.
Don't fail to keep compatibility for phase order change.
Change-Id: I0a332fe843e97687324bd908fa111422a63e475d
This will make error messages more helpful.
* guix/build/cargo-build-system.scm (build, check, package, install): Pass
‘--offline’ to cargo.
Change-Id: Ic95f603b793319f99c9c1fbce43f773bfc8126c0
So that importers can adjust the file before inserting.
* guix/scripts/import.scm (%standard-import-options): Add ‘--file-to-insert’.
(guix-import): Pass it to importers when ‘--insert’ is set.
Change-Id: I8e7a18ee8e0f96d7fc5688a207a7a5390ad2fa30
* guix/utils.scm (find-definition-location): New procedure.
(find-definition-insertion-location): Define with it.
* guix/scripts/import.scm (import-as-definitions, guix-import): Support
expressions defined by 'define.
Change-Id: I03118e1a3372028b4f0530964aba871b4a1a4d25
For consistency with ‘insert-expression’.
* guix/scripts/import.scm (guix-import): Add two newlines after inserting.
Change-Id: I55b45ca137d175fdf6ee5c0bb2b6b1ca8385750d
* gnu/packages/golang.scm (%go-1.23-arm64-micro-architectures): New
variable.
(go-1.23)[compiler-cpu-architectures]: Add aarch64 micro-architectures.
* guix/transformations.scm (tuning-compiler): Update the go optimizer to
also support GOARM64.
Change-Id: I8825f9857e07c1634ea346d5a16ae9550f340e65
* guix/build/cmake-build-system.scm (configure): Add and use generator
field to configure the build system. Create and use CMake variable cache
file. Set the CMake variable BUILD_TESTING to the value of TESTS? so
that a package can optionally build tests. Set CMAKE_COLOR_DIAGNOSTICS
to ON. Set max load for parallel builds.
(build, install): New function.
(check): Replace call to gnu-build's non-parallelizable check with
function using cmake's ctest.
(%standard-phase): Add new build and install functions as phases.
* guix/build-system/cmake.scm (cmake-build, cmake-cross-build),
* guix/build-system/qt.scm (qt-build, qt-cross-build): Add generator
and test-exclude fields and remove unused test-target field.
* doc/guix.texi: Document new parameters.
* guix/build-system/cmake.scm (cmake-build),
* guix/build-system/qt.scm (qt-build): Add ninja to build-inputs.
Change-Id: Ifa8174c91f0fdc030ac5813e98f7c21cba1a7725
* guix/licenses.scm (ohl2-s): New variable.
(ohl2-p): New variable.
(ohl2-w): New variable.
* guix/import/utils.scm (%spdx-license-identifiers): Add references to them.
Change-Id: I212332041b6438af0ea7b869e38665147f6ce798
Signed-off-by: Danny Milosavljevic <dannym@friendly-machines.com>
