Follow up of 66463356ce.
Because of the mentioned change, update-cached-checkout doesn't
update the checkout for branches, commits or tags.
This means `guix pull` with %default-channels no longer pulls
newer versions. `forward-update-check` no longer fetches the
commit to check relations for, leading to an error that
reference is not available.
* guix/git.scm (update-cached-checkout): Fetch remote even if symref-list is
empty.
Change-Id: Ia6bb1c669065cf19a6dd16c2a403e8590bc07613
Fixesguix/guix#2410.
Until now, ‘guix shell’ and ‘guix time-machine’ would store GC roots under
~/.cache/guix. However, this directory is unreadable to guix-daemon when it’s
running without root privileges. This commit changes ‘guix shell’ and ‘guix
time-machine’ so they store GC roots under /var/guix/profiles/per-user/$USER,
in a world-readable directory.
An added benefit is that, in cluster setups, user homes no longer need to be
mounted on the head node for GC to work (assuming ‘guix build -r’ and similar
are not used).
* guix/inferior.scm (%inferior-cache-directory): Change default value to be
under ‘%profile-directory’.
(%legacy-inferior-cache-directory): New variable.
(cached-channel-instance): Add ‘maybe-remove-expired-cache-entries’ call.
* guix/scripts/environment.scm (launch-environment/container)[nesting-mappings]:
Add /inferiors and /profiles sub-directories of ‘%profile-directory’. Call
‘mkdir-p’ for these two directories.
* guix/scripts/shell.scm (%profile-cache-directory): Change default value to
be under ‘%profile-directory’.
(%legacy-cache-directory): New variable.
(guix-shell): Add call to ‘maybe-remove-expired-cache-entries’.
Change-Id: Ie7d6c16a55b35c7beb18078c967d6fc902bf68d0
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
This allows ‘update-cached-checkout’ to fetch symbolic references such as
those created by the AGit workflow with Forgejo instances.
* guix/git.scm (update-cached-checkout): Create/update remote references
locally.
Change-Id: Ice761d09eebc4f1275381a4eefbdd679d9b95127
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* guix/inferior.scm (channel-full-commit): Use channel-reference to get a Git reference.
Change-Id: Ia07f8d202ba1df1497d2763d8d49d547c6955ca6
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Fixesguix/guix#2450.
This reverts commit b5745a327e, which introduced
discrepancies in how substitutes are served; in particular, narinfos of
non-substitutable items would still be served, and likewise for narinfos and
nars of dependents of non-substitutable items.
Fixesguix/guix#1901.
Previously, ‘guix gc --list-busy’ (which is invoked by ‘guix-daemon’) would
open a connection to the daemon, which in turn attempts to create
/var/guix/profiles/per-user/$USER. However, when ‘guix-daemon‘ is running as
an unprivileged user, creating that directory fails with EPERM. Because of
this, garbage collection would always fail when running the unprivileged
daemon on Guix System.
* guix/scripts/gc.scm (guix-gc): Remove upfront call to ‘open-connection’.
Instead, use ‘with-store’ only for operations that require it.
Change-Id: I1fbfd97cf7ba9e3087f7287b4776ea2f6623400d
This reverts commit a7db92d9b3, this time with
the more careful command, to avoid a world rebuild:
grep -rl --exclude-dir=build --exclude-dir=patches --exclude=ld-wrapper.in \
--exclude=sitecustomize.py --exclude=guix-emacs.el maxim.cournoyer@gmail.com |
xargs sed -i 's/maxim.cournoyer@gmail.com/maxim@guixotic.coop/g'
Change-Id: I0871f5cf9ace79e34e78e24154d0da6ea95a3a91
The change was automated via:
git grep -l maxim.cournoyer@gmail.com |
xargs sed -i 's/maxim.cournoyer@gmail.com/maxim@guixotic.coop/g'
* .mailmap: New entry.
Change-Id: Iaa88b1e51c94159c49138fb43910badb990eb169
* guix/scripts/home.scm (spawn-home-container): Add ‘options’ field to
the /run/user/$UID and ‘home-directory’ file systems.
Change-Id: Ic6d987fe186f9c49718f15c71867953a20f2fb68
Fixesguix/guix#1975.
When using ‘read’, ‘package-field-location’ would not get source location for
atoms such as symbols, typically making it impossible to get the location of
the value of a field list (build-system gnu-build-system). This fixes that.
* guix/packages.scm (field-value-location): New procedure.
(package-field-location): Use it instead of inline code.
* tests/packages.scm ("package-field-location"): Test the ‘build-system’
field.
Reported-by: Nicolas Graves <ngraves@ngraves.fr>
Change-Id: I98c694bb6f1999fa9ca80e145fa016640067af55
* guix/build/emacs-utils.scm (emacs-makeinfo): New variable.
* gnu/packages/emacs-xyz.scm (emacs-show-font, emacs-mct, emacs-corfu)
(emacs-cape, emacs-embark, emacs-orderless, emacs-consult, emacs-marginalia)
(emacs-logos, emacs-tmr, emacs-beframe, emacs-tempel, emacs-lin, emacs-pulsar)
(emacs-dired-preview, emacs-modus-themes, emacs-org-glossary, emacs-vertico)
(emacs-org-margin, emacs-osm)[#:phases]<makeinfo>: Use it.
Move before ‘install’ if it was previously after ‘install’.
This hides these lines from codespell so it doesn't try to fix the
spelling of these intentional typos.
* guix/lint.scm (check-description-style)[check-description-typo]: Add
codespell hints to ignore some lines.
Change-Id: I002d2ba6079a5dcf9165d3821eda579f6dfa2ecf
Signed-off-by: Efraim Flashner <efraim@flashner.co.il>
Some arguments used for lower but not for the builder were passed as
arguments to the builders. Remove this ambiguity.
* guix/build-system/rakudo.scm (lower)[private-keywords]: Add keywords
with-prove6? and with-zed?,...
(rakudo-build): ... removed from here.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
An unused glibc package made its way into the copy-build-system.
It's confusing, so remove it.
* guix/build-system/copy.scm (default-glibc): Remove variable.
(lower): Remove glibc keyword.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* guix/build/tree-sitter-build-system.scm (install): Switch to
building with -std=c11.
Fixes: guix/guix#2215
Change-Id: I04f3ede07aeaaa9cf95272611d6346295f603b69
Signed-off-by: Danny Milosavljevic <dannym@friendly-machines.com>
"guix perform-download" is used to implement the daemon's "download" and
"git-download" builtin builders. Because these are builtins, it runs without
any additional isolation beyond merely running as a build user. In such a
context, allowing arbitrary user-supplied code to be evaluated will easily
lead to the build user being taken over, which can then be used to corrupt
future builds, enable exploitation of certain vulnerabilities, and in the case
of the rootless daemon completely take over guix-daemon.
Use (ice-9 sandbox) to ensure that only safe bindings are available during the
evaluation of the content-addressed-mirrors file.
* guix/perform-download.scm (%safe-bindings, %sandbox-module): new variables.
(syntax-noop): new syntax.
(eval-content-addressed-mirrors, assert-store-file,
call-with-input-file/no-symlinks): new procedures.
(perform-download): use assert-store-file to ensure files are in the store
before being read. Use call-with-input-file/no-symlinks for opening
untrusted files. Use eval-content-addressed-mirrors to evaluate the
content-addressed-mirrors file.
Change-Id: I8ed27a95d84dbcc7d72d0d75f172d113f8be6c79
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* guix/build/download.scm (url-fetch): don't pass the return value from a
content-addressed-mirror procedure to 'string->uri' if it is #f.
Change-Id: Ic4f94f86fcfebe6f2e60cb3c4330ce57886ab647
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Since this is used to implement the "download" and "git-download" builtins,
which are run outside of any chroot, this is trusted code with respect to the
user-supplied strings it reads.
* guix/scripts/perform-download.scm (read/safe): new procedure.
(perform-download, perform-git-download): use it.
(guix-perform-download): explicitly set 'read-eval?' to #f and
'read-hash-procedures' to '(). #f is the default value of 'read-eval?' on
startup, but set it anyway to be certain.
Change-Id: I93cb8e32607a6f9a559a26c1cbd6b88212ead884
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Mercurial currently has CVEs. IMHO, it's unsafe to carry them around
in a profile. However, updating mercurial potential leads to a lot of
rebuilds and I don't want to tackle this right now.
As for other packages, the way forward is to add a variant of the
package only used for hg-fetch, here mercurial/pinned.
* gnu/packages/version-control.scm
(mercurial-check-phase): Add helper variable.
(mercurial): Update to 7.1.
[arguments]: Use gexps.
<#:phases>: Refresh them. Add phase 'add-install-to-pythonpath for
running tests. Run tests after install. Add phase 'configure-check.
<#:imported-modules, #:modules>: Add them for
'add-install-for-pythonpath.k
[native-inputs]: Remove python-nose. Add python-setuptools-next,
python-setuptools-scm-next.
(mercurial/pinned): Inherit from mercurial, but build the exact same
derivation as the previous mercurial variable.
* guix/hg-download.scm (hg-package): Use mercurial/pinned.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Subversion currently has CVEs. IMHO, it's unsafe to carry them around
in a profile. However, updating subversion potential leads to a lot of
rebuilds and I don't want to tackle this right now.
As for other packages, the way forward is to add a variant of the
package only used for svn-fetch, here subversion/pinned.
* gnu/packages/version-control.scm (subversion): Update to 1.14.5.
(subversion/pinned): Inherit from subversion, but build the exact same
derivation as the previous subversion variable.
* guix/svn-download.scm (subversion-package): Use subversion/pinned.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* guix/build-system/cargo.scm (lower): Emit warning when using #:cargo-inputs
or #:cargo-development-inputs.
* doc/guix.texi (Build Systems)[cargo-build-system]: Deprecate #:cargo-inputs
and #:cargo-development-inputs.
Change-Id: I43ed66e04c55368159aed309367c4ac278d8cc58
* gnu/packages/tree-sitter.scm (tree-sitter): Update to 0.25.3.
[arguments]<#:phases>: Add 'patch-_ts_dup-visibility for linking with Rust
bindings.
(tree-sitter-cli)[source]: Keep files required for building bindings.
[inputs]: Use ‘cargo-inputs’.
[arguments]: Remove #:cargo-inputs, #:cargo-development-inputs.
<#:cargo-test-flags>: Adjust failing tests to skip.
<#:cargo-install-paths>: Add "cli".
<#:phases>: Merge 'patch-node and 'patch-dot into 'patch-references.
Update their references and use ‘search-input-file’.
Remove modification of 'install, #:cargo-install-paths now takes care of the
installation.
* gnu/packages/rust-crates.scm (lookup-cargo-inputs)[tree-sitter-cli]: New
entry.
* guix/build/tree-sitter-build-system.scm
(patch-dependencies): Drop `peerDependencies' from package.json.
(build): Remove deprecated ‘--no-bindings’ option.
(check): Set CC.
(install): Add `src' to include directories in order for external
scanners to find `tree_sitter/parser.h'.
Co-authored-by: Hilton Chain <hako@ultrarare.space>
Change-Id: I3941a1785be8deb60f288fcd5983255f075f9215
Signed-off-by: Hilton Chain <hako@ultrarare.space>
This is a workaround to support Rust cross-compilation in build systems other
than cargo-build-system. Since there's no interface for target-inputs, using
native-inputs makes most sense.
* guix/build-system/cargo.scm (lower)[bag]<target-inputs>: Label rust-sysroot
with its package name.
* guix/build/cargo-build-system.scm (configure): Use it.
When cross-compiling, accept rust-sysroot from native-inputs if there's none
in inputs.
Change-Id: I5cb63c8c815d3a2c9f0ece01857254f6d0090dd1
This will make Rust cross compilation support in other build systems easier.
* guix/build-system/cargo.scm (cargo-triplet): Export.
Make ‘target’ argument optional.
Change-Id: I226bf4a7d8065eb7911da148d0cdf3352a47bde6
No special value is required for this environment variable.
* guix/build/cargo-build-system.scm (configure): Set GETTEXT_SYSTEM
unconditionally.
Change-Id: Id40fecaf75fa76c7b7f1404db226fa1ca6a45a5e
* guix/build/cargo-build-system.scm (crate-src?): Also don't try to
check python scripts for Cargo.toml.
Change-Id: I001a89b83d2e472706b1263007be45d1153c140f
This will make it easier to use these phases in other bulid systems.
* guix/build/cargo-build-system.scm (unpack-rust-crates, configure, build)
(package, install): Set default value for arguments specific to this build
system.
Change-Id: I1dde1b063d8eee57967903abd2fce94574211a0a
