From f662d534068736d0770f9988a29e268db2db2a51 Mon Sep 17 00:00:00 2001 From: jgart Date: Mon, 22 Sep 2025 10:35:51 -0500 Subject: [PATCH 01/45] gnu: trealla: Update to 2.83.4. * gnu/packages/prolog.scm (trealla): Update to 2.83.4. Change-Id: I893a4d728734c3e7bed61b740b6a7eed7f1f7d9f --- gnu/packages/prolog.scm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/gnu/packages/prolog.scm b/gnu/packages/prolog.scm index 01de0c511f2..427a2077feb 100644 --- a/gnu/packages/prolog.scm +++ b/gnu/packages/prolog.scm @@ -185,7 +185,7 @@ it.") (define-public trealla (package (name "trealla") - (version "2.82.40") + (version "2.83.4") (source (origin (method git-fetch) @@ -194,7 +194,7 @@ it.") (url "https://github.com/trealla-prolog/trealla") (commit (string-append "v" version)))) (sha256 - (base32 "1n8yi49nlqqjwzrnriz1j6kajlxs17qakjgijw6qq1cxvq5c1iw4")) + (base32 "021cf2fi1zm5iyhk8s5i9xsxj7z0i23nsibm5nj5zijwnpwpvhvv")) (file-name (git-file-name name version)))) (build-system gnu-build-system) (native-inputs From 5ca1fc21b14ceebd085e41cb221b107b2eeffed0 Mon Sep 17 00:00:00 2001 From: Oleg Pykhalov Date: Fri, 5 Sep 2025 17:47:10 +0300 Subject: [PATCH 02/45] gnu: looking-glass-client: Update to B7. * gnu/packages/virtualization.scm (looking-glass-client): Update to B7. Change-Id: If1e3663b38f2ea46ef53a47a91b762bf214b63c0 --- gnu/packages/virtualization.scm | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/gnu/packages/virtualization.scm b/gnu/packages/virtualization.scm index fbe6c8723d9..a621ab72c5a 100644 --- a/gnu/packages/virtualization.scm +++ b/gnu/packages/virtualization.scm @@ -24,7 +24,7 @@ ;;; Copyright © 2021 Vincent Legoll ;;; Copyright © 2021 Petr Hodina ;;; Copyright © 2021 Raghav Gururajan -;;; Copyright © 2022, 2024 Oleg Pykhalov +;;; Copyright © 2022, 2024, 2025 Oleg Pykhalov ;;; Copyright © 2022, 2023 Ekaitz Zarraga ;;; Copyright © 2022 Arun Isaac ;;; Copyright © 2022 Zhu Zihao @@ -2269,7 +2269,7 @@ Machine Protocol.") (define-public looking-glass-client (package (name "looking-glass-client") - (version "B6") + (version "B7") (source (origin (method url-fetch) (uri (string-append "https://looking-glass.io/artifact/" version @@ -2277,7 +2277,7 @@ Machine Protocol.") (file-name (string-append name "-" version ".tar.gz")) (sha256 (base32 - "15d7wwbzfw28yqbz451b6n33ixy50vv8acyzi8gig1mq5a8gzdib")))) + "11crsvy783ig7kzmr2cr68wv9zsjkcbp1akcs28rc6yc1ik0dr89")))) (build-system cmake-build-system) (inputs (list bash-minimal font-dejavu From 3300dba9eb9ba279b0373940eb26974e95da0629 Mon Sep 17 00:00:00 2001 From: Oleg Pykhalov Date: Thu, 4 Sep 2025 23:40:10 +0300 Subject: [PATCH 03/45] gnu: obs-looking-glass: Update to B7. * gnu/packages/video.scm (obs-looking-glass): Update to B7. Change-Id: I3dac87411adb90feb34544d73aaba8dbcccce8e7 --- gnu/packages/video.scm | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/gnu/packages/video.scm b/gnu/packages/video.scm index bd3d1aeb0f4..761ad02db2f 100644 --- a/gnu/packages/video.scm +++ b/gnu/packages/video.scm @@ -34,7 +34,7 @@ ;;; Copyright © 2019 Timo Eisenmann ;;; Copyright © 2019 Arne Babenhauserheide ;;; Copyright © 2019 Riku Viitanen -;;; Copyright © 2020, 2021, 2023, 2024 Oleg Pykhalov +;;; Copyright © 2020, 2021, 2023, 2024, 2025 Oleg Pykhalov ;;; Copyright © 2020 Josh Holland ;;; Copyright © 2020, 2021 Brice Waegeneire ;;; Copyright © 2020 Vincent Legoll @@ -4320,7 +4320,7 @@ to OBS Studio.") (define-public obs-looking-glass (package (name "obs-looking-glass") - (version "B6") + (version "B7") (source (origin (method url-fetch) (uri (string-append "https://looking-glass.io/artifact/" version @@ -4328,7 +4328,7 @@ to OBS Studio.") (file-name (string-append name "-" version ".tar.gz")) (sha256 (base32 - "15d7wwbzfw28yqbz451b6n33ixy50vv8acyzi8gig1mq5a8gzdib")))) + "11crsvy783ig7kzmr2cr68wv9zsjkcbp1akcs28rc6yc1ik0dr89")))) (build-system cmake-build-system) (arguments (list From 7bf508edfe129709c5b44d0e7318c5ba385055e7 Mon Sep 17 00:00:00 2001 From: Oleg Pykhalov Date: Thu, 4 Sep 2025 23:43:16 +0300 Subject: [PATCH 04/45] gnu: kvmfr-linux-module: Update to B7. * gnu/packages/video.scm (kvmfr-linux-module)[version]: Update to B7. [source]: Remove patch. * gnu/packages/patches/kvmfr-linux-module-fix-build.patch: Remove file. * gnu/local.mk (dist_patch_DATA): Unregister file. Change-Id: I5cb6dadd6640a34d0f667079e272a97d7abae0aa --- gnu/local.mk | 3 +- .../kvmfr-linux-module-fix-build.patch | 41 ------------------- gnu/packages/video.scm | 5 +-- 3 files changed, 3 insertions(+), 46 deletions(-) delete mode 100644 gnu/packages/patches/kvmfr-linux-module-fix-build.patch diff --git a/gnu/local.mk b/gnu/local.mk index ab53474192f..f42542a0fcf 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -17,7 +17,7 @@ # Copyright © 2017, 2020 Mathieu Othacehe # Copyright © 2017, 2018, 2019 Gábor Boskovits # Copyright © 2018 Amirouche Boubekki -# Copyright © 2018, 2019, 2020, 2021, 2022, 2024 Oleg Pykhalov +# Copyright © 2018, 2019, 2020, 2021, 2022, 2024, 2025 Oleg Pykhalov # Copyright © 2018 Stefan Stefanović # Copyright © 2018, 2020-2025 Maxim Cournoyer # Copyright © 2019, 2020, 2021, 2022, 2024 Guillaume Le Vaillant @@ -1706,7 +1706,6 @@ dist_patch_DATA = \ %D%/packages/patches/kodi-set-libcurl-ssl-parameters.patch \ %D%/packages/patches/krita-bump-sip-abi-version-to-12.8.patch \ %D%/packages/patches/krita-xsimd-13-compat.patch \ - %D%/packages/patches/kvmfr-linux-module-fix-build.patch \ %D%/packages/patches/kwayland-5-fix-build.patch \ %D%/packages/patches/kwin-unwrap-executable-name-for-dot-desktop-search.patch\ %D%/packages/patches/laby-make-install.patch \ diff --git a/gnu/packages/patches/kvmfr-linux-module-fix-build.patch b/gnu/packages/patches/kvmfr-linux-module-fix-build.patch deleted file mode 100644 index 49c1a713a52..00000000000 --- a/gnu/packages/patches/kvmfr-linux-module-fix-build.patch +++ /dev/null @@ -1,41 +0,0 @@ -Copied from -https://github.com/gnif/LookingGlass/issues/1075#issuecomment-1546422678 and -https://github.com/gnif/LookingGlass/issues/1134 with adjustments for current -kvmfr source version. - -From c4950a830fbe2ca27337793aa227c86f5c044f46 Mon Sep 17 00:00:00 2001 -From: Oleg Pykhalov -Date: Sat, 5 Oct 2024 16:11:45 +0300 -Subject: [PATCH] Fix build - ---- - module/kvmfr.c | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/module/kvmfr.c b/module/kvmfr.c -index 121aae5..4c386f9 100644 ---- a/module/kvmfr.c -+++ b/module/kvmfr.c -@@ -30,6 +30,7 @@ - #include - #include - #include -+#include - - #include - -@@ -539,7 +540,11 @@ static int __init kvmfr_module_init(void) - if (kvmfr->major < 0) - goto out_free; - -+#if LINUX_VERSION_CODE < KERNEL_VERSION(6, 4, 0) - kvmfr->pClass = class_create(THIS_MODULE, KVMFR_DEV_NAME); -+#else -+ kvmfr->pClass = class_create(KVMFR_DEV_NAME); -+#endif - if (IS_ERR(kvmfr->pClass)) - goto out_unreg; - --- -2.41.0 - diff --git a/gnu/packages/video.scm b/gnu/packages/video.scm index 761ad02db2f..467904e5dc2 100644 --- a/gnu/packages/video.scm +++ b/gnu/packages/video.scm @@ -4392,7 +4392,7 @@ your host privately.") (define-public kvmfr-linux-module (package (name "kvmfr-linux-module") - (version "B6") + (version "B7") (source (origin (method url-fetch) (uri (string-append "https://looking-glass.io/artifact/" version @@ -4400,8 +4400,7 @@ your host privately.") (file-name (string-append name "-" version ".tar.gz")) (sha256 (base32 - "15d7wwbzfw28yqbz451b6n33ixy50vv8acyzi8gig1mq5a8gzdib")) - (patches (search-patches "kvmfr-linux-module-fix-build.patch")))) + "11crsvy783ig7kzmr2cr68wv9zsjkcbp1akcs28rc6yc1ik0dr89")))) (build-system linux-module-build-system) (inputs (list bash-minimal)) (arguments From 642083da2bbf2e85cabee7d895d7fc4d981f59b4 Mon Sep 17 00:00:00 2001 From: Cayetano Santos Date: Thu, 4 Sep 2025 17:32:56 +0200 Subject: [PATCH 05/45] gnu: Add ieee-p1076. * gnu/packages/electronics.scm (ieee-p1076): New variable. Change-Id: I45f4ef920f1d5768249cb542874ed012be77a13c Signed-off-by: Gabriel Wicki --- gnu/packages/electronics.scm | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/gnu/packages/electronics.scm b/gnu/packages/electronics.scm index cf49c267f78..49ff1ce67f7 100644 --- a/gnu/packages/electronics.scm +++ b/gnu/packages/electronics.scm @@ -248,6 +248,42 @@ individual low-level driver modules.") (home-page "https://www.comedi.org/") (license license:lgpl2.1))) +(define-public ieee-p1076 + (package + (name "ieee-p1076") + (version "2019") + (source + (origin + (method git-fetch) + (uri (git-reference + (url "https://opensource.ieee.org/vasg/Packages/") + (commit (string-append "1076-" version)))) + (file-name (git-file-name name version)) + (sha256 + (base32 "1va626i5ww2ziw3dghw0d2mq7mrj5dwcn0h019h77866yw2pq9xn")))) + (build-system copy-build-system) + (native-inputs (list python-minimal-wrapper nvc python-vunit)) + (arguments + (list + ;; Not all 2019 features are supported by nvc compiler. + ;; pass 1055 of 1648 + #:tests? #f + #:install-plan + #~'(("ieee" "share/ieee/p1076/ieee" #:include ("vhdl")) + ("std" "share/ieee/p1076/std" #:include ("vhdl"))))) + (native-search-paths + (list (search-path-specification + (variable "IEEE-1076") + (separator #f) + (files (list "share/ieee/p1076"))))) + (home-page "https://IEEE-P1076.gitlab.io") + (synopsis "VHDL libraries corresponding to the IEEE 1076 standard") + (description + "Open source materials intended for reference by the IEEE standard 1076, +as approved and published by the @acronym{VHDL, Very High Speed Hardware +Description Language} Analysis and Standardization Group.") + (license license:asl2.0))) + (define-public fftgen (let ((commit "3378b77d83a98b06184656a5cb9b54e50dfe4485") ;no releases (revision "1")) From 1aa6da547dac764f72476b155b26844e3d93b632 Mon Sep 17 00:00:00 2001 From: Simeon Prause Date: Mon, 22 Sep 2025 12:33:17 +0200 Subject: [PATCH 06/45] gnu: opusfile: Fix CVE-2022-47021 [security-fix]. * gnu/packages/patches/opusfile-CVE-2022-47021.patch: New patch. * gnu/local.mk (dist_patch_DATA): Register it. * gnu/packages/xiph.scm (opusfile): Apply it. Change-Id: I32ce75de721778165da3627df34cad99e6d79630 Signed-off-by: Gabriel Wicki --- gnu/local.mk | 1 + .../patches/opusfile-CVE-2022-47021.patch | 40 +++++++++++++++++++ gnu/packages/xiph.scm | 3 +- 3 files changed, 43 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/opusfile-CVE-2022-47021.patch diff --git a/gnu/local.mk b/gnu/local.mk index f42542a0fcf..6ea7ca806cd 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1994,6 +1994,7 @@ dist_patch_DATA = \ %D%/packages/patches/openssl-hurd64.patch \ %D%/packages/patches/opentaxsolver-file-browser-fix.patch \ %D%/packages/patches/open-zwave-hidapi.patch \ + %D%/packages/patches/opusfile-CVE-2022-47021.patch \ %D%/packages/patches/orangeduck-mpc-fix-pkg-config.patch \ %D%/packages/patches/orbit2-fix-array-allocation-32bit.patch \ %D%/packages/patches/orpheus-cast-errors-and-includes.patch \ diff --git a/gnu/packages/patches/opusfile-CVE-2022-47021.patch b/gnu/packages/patches/opusfile-CVE-2022-47021.patch new file mode 100644 index 00000000000..b41ef35eb06 --- /dev/null +++ b/gnu/packages/patches/opusfile-CVE-2022-47021.patch @@ -0,0 +1,40 @@ +From 0a4cd796df5b030cb866f3f4a5e41a4b92caddf5 Mon Sep 17 00:00:00 2001 +From: Ralph Giles +Date: Tue, 6 Sep 2022 19:04:31 -0700 +Subject: [PATCH] Propagate allocation failure from ogg_sync_buffer. + +Instead of segfault, report OP_EFAULT if ogg_sync_buffer returns +a null pointer. This allows more graceful recovery by the caller +in the unlikely event of a fallible ogg_malloc call. + +We do check the return value elsewhere in the code, so the new +checks make the code more consistent. + +Thanks to https://github.com/xiph/opusfile/issues/36 for reporting. + +Signed-off-by: Timothy B. Terriberry +Signed-off-by: Mark Harris +--- + src/opusfile.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/opusfile.c b/src/opusfile.c +index ca219b2..3c3c81e 100644 +--- a/src/opusfile.c ++++ b/src/opusfile.c +@@ -148,6 +148,7 @@ static int op_get_data(OggOpusFile *_of,int _nbytes){ + int nbytes; + OP_ASSERT(_nbytes>0); + buffer=(unsigned char *)ogg_sync_buffer(&_of->oy,_nbytes); ++ if(OP_UNLIKELY(buffer==NULL))return OP_EFAULT; + nbytes=(int)(*_of->callbacks.read)(_of->stream,buffer,_nbytes); + OP_ASSERT(nbytes<=_nbytes); + if(OP_LIKELY(nbytes>0))ogg_sync_wrote(&_of->oy,nbytes); +@@ -1527,6 +1528,7 @@ static int op_open1(OggOpusFile *_of, + if(_initial_bytes>0){ + char *buffer; + buffer=ogg_sync_buffer(&_of->oy,(long)_initial_bytes); ++ if(OP_UNLIKELY(buffer==NULL))return OP_EFAULT; + memcpy(buffer,_initial_data,_initial_bytes*sizeof(*buffer)); + ogg_sync_wrote(&_of->oy,(long)_initial_bytes); + } diff --git a/gnu/packages/xiph.scm b/gnu/packages/xiph.scm index d58665f6c34..ffe1266f427 100644 --- a/gnu/packages/xiph.scm +++ b/gnu/packages/xiph.scm @@ -438,7 +438,8 @@ decoding .opus files.") ".tar.gz")) (sha256 (base32 - "02smwc5ah8nb3a67mnkjzqmrzk43j356hgj2a97s9midq40qd38i")))) + "02smwc5ah8nb3a67mnkjzqmrzk43j356hgj2a97s9midq40qd38i")) + (patches (search-patches "opusfile-CVE-2022-47021.patch")))) (build-system gnu-build-system) (arguments '(#:configure-flags '("--disable-static") From eb893dbdd5ceae1e51c8b611e122e717f974a5c4 Mon Sep 17 00:00:00 2001 From: Jean-Baptiste Note Date: Thu, 18 Sep 2025 17:41:03 +0200 Subject: [PATCH 07/45] gnu: hashcat: Remove nonfree unrar bundled dependency. Fixes: guix/guix#2784. * gnu/packages/password-utils.scm (hashcat)[source]: Remove "deps/unrar" from compiled directories. [arguments]<#:make-flags>: Add "ENABLE_UNRAR=0". Signed-off-by: Andreas Enge --- gnu/packages/password-utils.scm | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/gnu/packages/password-utils.scm b/gnu/packages/password-utils.scm index fd431989946..566e4849158 100644 --- a/gnu/packages/password-utils.scm +++ b/gnu/packages/password-utils.scm @@ -1684,7 +1684,8 @@ your online accounts makes it necessary.") (snippet ;; TODO: Unbundle LZMA-SDK as well #~(for-each delete-file-recursively - '("deps/zlib" "deps/xxHash" "deps/OpenCL-Headers"))))) + '("deps/unrar" ;; nonfree license + "deps/zlib" "deps/xxHash" "deps/OpenCL-Headers"))))) (inputs (list minizip opencl-headers xxhash zlib)) (build-system gnu-build-system) (arguments @@ -1692,6 +1693,7 @@ your online accounts makes it necessary.") #:make-flags #~(list (string-append "PREFIX=" #$output) (string-append "AR=" #$(ar-for-target)) (string-append "CC=" #$(cc-for-target)) + (string-append "ENABLE_UNRAR=0") (string-append "USE_SYSTEM_ZLIB=1") (string-append "USE_SYSTEM_OPENCL=1") (string-append "USE_SYSTEM_XXHASH=1")) From 96d87b4747c63bfce81f8b6ac8eba481f31ed44d Mon Sep 17 00:00:00 2001 From: Jean-Baptiste Note Date: Sun, 21 Sep 2025 21:54:30 +0200 Subject: [PATCH 08/45] gnu: hashcat: update to 7.1.2. * gnu/packages/password-utils (hashcat): Update to 7.1.2. Signed-off-by: Andreas Enge --- gnu/packages/password-utils.scm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/gnu/packages/password-utils.scm b/gnu/packages/password-utils.scm index 566e4849158..8451fafad8f 100644 --- a/gnu/packages/password-utils.scm +++ b/gnu/packages/password-utils.scm @@ -1671,14 +1671,14 @@ your online accounts makes it necessary.") (define-public hashcat (package (name "hashcat") - (version "6.2.6") + (version "7.1.2") (source (origin (method url-fetch) (uri (string-append "https://hashcat.net/files/hashcat-" version ".tar.gz")) (sha256 (base32 - "0akv1cgbmwyw8h8zbw5w5ixh92y95sdadh8qiz60hjgkpivi0pmj")) + "15lbzjfb6n3d06090g1dyf3llc20mnmrn1yc9ys30xbldlracilm")) (modules '((guix build utils))) ;; Delete bundled libraries. (snippet From d042111c9e7a530f6627fff2beae334db6d91fca Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= Date: Tue, 23 Sep 2025 11:11:46 +0200 Subject: [PATCH 09/45] gnu: libicns: Add missing gexp. The #~ annotation was removed in 24701a21e812acdbb9cad67d0af390528b572bdc. * gnu/packages/image.scm (libicns)[arguments]: Add missing gexp. Change-Id: I57a985a0d295f0b72bc9d6c0c0df79da1d8b1053 --- gnu/packages/image.scm | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm index 1088115d0e3..2b1a84eb05a 100644 --- a/gnu/packages/image.scm +++ b/gnu/packages/image.scm @@ -770,15 +770,15 @@ maximum quality factor.") (if (and (target-riscv64?) (%current-target-system)) (list #:phases - (modify-phases %standard-phases - (add-after 'unpack 'update-config-scripts - (lambda* (#:key native-inputs inputs #:allow-other-keys) - (for-each (lambda (file) - (install-file - (search-input-file - (or native-inputs inputs) - (string-append "/bin/" file)) ".")) - '("config.guess" "config.sub")))))) + #~(modify-phases %standard-phases + (add-after 'unpack 'update-config-scripts + (lambda* (#:key native-inputs inputs #:allow-other-keys) + (for-each (lambda (file) + (install-file + (search-input-file + (or native-inputs inputs) + (string-append "/bin/" file)) ".")) + '("config.guess" "config.sub")))))) '()))) (native-inputs (if (and (target-riscv64?) From c87a9b855e12fafbafcd2af37fd53374cf965ce8 Mon Sep 17 00:00:00 2001 From: Reepca Russelstein Date: Fri, 5 Sep 2025 01:59:12 -0500 Subject: [PATCH 10/45] daemon: Restore post-canonicalization permissions after moving. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit At this point the value of 'st.st_mode' is from before canonicalization, so restoring to that will undo the permissions aspect of the canonicalization for a top-level directory store item. Fixes #1104, introduced in ae18b3d9e6 (https://codeberg.org/guix/guix/commit/ae18b3d9e6bd0c184505a094851448d08555e23e). * nix/libstore/build.cc (DerivationGoal::registerOutputs): update 'st' with post-canonicalization permissions before making actualPath temporarily-writable. * tests/store.scm ("build outputs aren't writable"): new test. Change-Id: I5e5eaa79fa6b7f81e1d12fd285883c762a22ce5a Signed-off-by: Ludovic Courtès --- nix/libstore/build.cc | 8 ++++++-- tests/store.scm | 11 +++++++++++ 2 files changed, 17 insertions(+), 2 deletions(-) diff --git a/nix/libstore/build.cc b/nix/libstore/build.cc index 0a4de96d51d..a48214a9c0a 100644 --- a/nix/libstore/build.cc +++ b/nix/libstore/build.cc @@ -3139,10 +3139,14 @@ void DerivationGoal::registerOutputs() replaceValidPath(path, actualPath); else if (buildMode != bmCheck) { - if (S_ISDIR(st.st_mode)) + if (S_ISDIR(st.st_mode)) { + if (lstat(actualPath.c_str(), &st) == -1) + throw SysError(format("getting canonicalized permissions of directory `%1%'") % actualPath); /* Change mode on the directory to allow for rename(2). */ - chmod(actualPath.c_str(), st.st_mode | 0700); + if (chmod(actualPath.c_str(), st.st_mode | 0700) == -1) + throw SysError(format("making `%1%' writable for move from chroot to store") % actualPath); + } if (rename(actualPath.c_str(), path.c_str()) == -1) throw SysError(format("moving build output `%1%' from the chroot to the store") % path); if (S_ISDIR(st.st_mode) && chmod(path.c_str(), st.st_mode) == -1) diff --git a/tests/store.scm b/tests/store.scm index 112ea7e2fcb..16dcbf2396d 100644 --- a/tests/store.scm +++ b/tests/store.scm @@ -417,6 +417,17 @@ get-string-all) a)))) +;; https://codeberg.org/guix/guix/issues/1104 +(test-equal "build outputs aren't writable" + #o555 + (let ((drv (build-expression->derivation %store "writable-output" + `(begin + ,(random-text) + (mkdir %output) + (chmod %output #o755))))) + (build-derivations %store (list drv)) + (stat:perms (stat (derivation->output-path drv "out"))))) + (unless (unprivileged-user-namespace-supported?) (test-skip 1)) (test-equal "isolated environment" From b6a739465d8ab57afc1284656aa22abd7da84c51 Mon Sep 17 00:00:00 2001 From: Romain GARBAGE Date: Tue, 26 Aug 2025 16:04:12 +0200 Subject: [PATCH 11/45] channels: Export channel-reference. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * guix/channels.scm: Export channel-reference. Change-Id: I3da7b8d55c0ab563c1669c9e346bb3bd34e7f1db Signed-off-by: Ludovic Courtès --- guix/channels.scm | 1 + 1 file changed, 1 insertion(+) diff --git a/guix/channels.scm b/guix/channels.scm index 9644a86b352..0d544f95be7 100644 --- a/guix/channels.scm +++ b/guix/channels.scm @@ -72,6 +72,7 @@ channel-commit channel-introduction channel-location + channel-reference channel-introduction? make-channel-introduction From 0a670987c716937cee11e851ba645ee9b0c6ba26 Mon Sep 17 00:00:00 2001 From: Romain GARBAGE Date: Tue, 26 Aug 2025 16:05:32 +0200 Subject: [PATCH 12/45] inferior: Use channel-reference to get a Git reference. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * guix/inferior.scm (channel-full-commit): Use channel-reference to get a Git reference. Change-Id: Ia07f8d202ba1df1497d2763d8d49d547c6955ca6 Signed-off-by: Ludovic Courtès --- guix/inferior.scm | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/guix/inferior.scm b/guix/inferior.scm index 8066cce2fcf..680fe6a805b 100644 --- a/guix/inferior.scm +++ b/guix/inferior.scm @@ -872,7 +872,8 @@ prefix, resolve it; and if 'commit' is unset, fetch CHANNEL's branch tip." (branch (channel-branch channel))) (if (and commit (commit-id? commit)) commit - (let* ((ref (if commit `(tag-or-commit . ,commit) `(branch . ,branch))) + (let* ((ref (if commit `(tag-or-commit . ,commit) + (channel-reference channel))) (cache commit relation (update-cached-checkout (channel-url channel) #:ref ref From 66463356ce5868d3551ea7014acb34543972a5d8 Mon Sep 17 00:00:00 2001 From: Romain GARBAGE Date: Mon, 22 Sep 2025 11:24:31 +0200 Subject: [PATCH 13/45] git: Create/update remote references locally when needed. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This allows ‘update-cached-checkout’ to fetch symbolic references such as those created by the AGit workflow with Forgejo instances. * guix/git.scm (update-cached-checkout): Create/update remote references locally. Change-Id: Ice761d09eebc4f1275381a4eefbdd679d9b95127 Signed-off-by: Ludovic Courtès --- guix/git.scm | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/guix/git.scm b/guix/git.scm index 517e3b8ff0a..f6543d5222d 100644 --- a/guix/git.scm +++ b/guix/git.scm @@ -593,16 +593,20 @@ current settings unchanged." ;; left unchanged when cloning and pulling. (set-config-string config "core.autocrlf" "input") - ;; Only fetch remote if it has not been cloned just before. + ;; When using symrefs, fetch remote again even if it has been cloned just + ;; before as the requested reference are not fetched when cloning. (when (and cache-exists? + (not (null? symref-list)) (not (reference-available? repository ref))) (remote-fetch (remote-lookup repository "origin") #:fetch-options (make-default-fetch-options #:verify-certificate? verify-certificate?) - ;; Symbolic references are not fetched from the remote by - ;; default. - #:refspecs symref-list)) + ;; Build refspecs from symbolic references so they are + ;; created locally and updated if necessary. + #:refspecs (map (lambda (ref) + (string-append "+" ref ":" ref)) + symref-list))) (when recursive? (update-submodules repository #:log-port log-port #:fetch-options From 5b218cd2b9eccad6493f67b4c8b0b25dee148486 Mon Sep 17 00:00:00 2001 From: Martin Schitter Date: Tue, 16 Sep 2025 03:45:13 +0000 Subject: [PATCH 14/45] etc: guix-install.sh: Accept riscv64 as supported architecture. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Although the installer script will not find any officially released binary-tar-packages for riscv64 on the guix ftp mirrors until now we should at least support the installation of custom packed binary bundles for this platform. Changes to be committed: modified: etc/guix-install.sh Change-Id: I84c82388c7771d793b108b99e03d040bad9f1154 Signed-off-by: Ludovic Courtès --- etc/guix-install.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/etc/guix-install.sh b/etc/guix-install.sh index aae1f098c38..3215c4cfea9 100755 --- a/etc/guix-install.sh +++ b/etc/guix-install.sh @@ -293,6 +293,9 @@ chk_sys_arch() ppc64le | powerpc64le) local arch=powerpc64le ;; + riscv64) + local arch=riscv64 + ;; *) die "Unsupported CPU type: ${arch}" esac From d12c4452a49b355369636de1dfc766b5bad6437b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= Date: Tue, 2 Sep 2025 09:57:19 +0200 Subject: [PATCH 15/45] shell, inferior: Store GC roots under /var/guix/profiles. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fixes guix/guix#2410. Until now, ‘guix shell’ and ‘guix time-machine’ would store GC roots under ~/.cache/guix. However, this directory is unreadable to guix-daemon when it’s running without root privileges. This commit changes ‘guix shell’ and ‘guix time-machine’ so they store GC roots under /var/guix/profiles/per-user/$USER, in a world-readable directory. An added benefit is that, in cluster setups, user homes no longer need to be mounted on the head node for GC to work (assuming ‘guix build -r’ and similar are not used). * guix/inferior.scm (%inferior-cache-directory): Change default value to be under ‘%profile-directory’. (%legacy-inferior-cache-directory): New variable. (cached-channel-instance): Add ‘maybe-remove-expired-cache-entries’ call. * guix/scripts/environment.scm (launch-environment/container)[nesting-mappings]: Add /inferiors and /profiles sub-directories of ‘%profile-directory’. Call ‘mkdir-p’ for these two directories. * guix/scripts/shell.scm (%profile-cache-directory): Change default value to be under ‘%profile-directory’. (%legacy-cache-directory): New variable. (guix-shell): Add call to ‘maybe-remove-expired-cache-entries’. Change-Id: Ie7d6c16a55b35c7beb18078c967d6fc902bf68d0 Signed-off-by: Ludovic Courtès --- guix/inferior.scm | 20 ++++++++++++++++---- guix/scripts/environment.scm | 15 ++++++++++++++- guix/scripts/shell.scm | 20 +++++++++++++++----- 3 files changed, 45 insertions(+), 10 deletions(-) diff --git a/guix/inferior.scm b/guix/inferior.scm index 680fe6a805b..1440c684ccd 100644 --- a/guix/inferior.scm +++ b/guix/inferior.scm @@ -1,5 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2018-2024 Ludovic Courtès +;;; Copyright © 2018-2025 Ludovic Courtès ;;; ;;; This file is part of GNU Guix. ;;; @@ -860,9 +860,13 @@ failing when GUIX is too old and lacks the 'guix repl' command." ;;; (define %inferior-cache-directory - ;; Directory for cached inferiors (GC roots). - (make-parameter (string-append (cache-directory #:ensure? #f) - "/inferiors"))) + ;; Directory for cached inferiors (GC roots). It must be world-readable so + ;; the daemon can traverse it. + (make-parameter (string-append %profile-directory "/inferiors"))) + +(define %legacy-inferior-cache-directory + ;; Former directory for cached inferiors, by default under $HOME/.cache. + (string-append (cache-directory #:ensure? #f) "/inferiors")) (define* (channel-full-commit channel #:key (verify-certificate? #t)) "Return the commit designated by CHANNEL as quickly as possible. If @@ -950,6 +954,14 @@ X.509 host certificate; otherwise, warn about the problem and keep going." #:entry-expiration (file-expiration-time ttl)) + ;; Clean the legacy cache directory as well. Remove this call once at least + ;; one year has passed. + (maybe-remove-expired-cache-entries %legacy-inferior-cache-directory + cache-entries + #:entry-expiration + (file-expiration-time ttl)) + + (if (file-exists? cached) cached (run-with-store store diff --git a/guix/scripts/environment.scm b/guix/scripts/environment.scm index 41353e33053..15b84afb7fd 100644 --- a/guix/scripts/environment.scm +++ b/guix/scripts/environment.scm @@ -793,11 +793,24 @@ WHILE-LIST." (define (nesting-mappings) ;; Files shared with the host when enabling nesting. + + ;; Make sure these two directories exist so they can be shared. + (mkdir-p (string-append %profile-directory "/profiles")) + (mkdir-p (string-append %profile-directory "/inferiors")) + (cons* (file-system-mapping (source (%store-prefix)) (target source)) (file-system-mapping - (source (cache-directory)) + (source (cache-directory)) ;~/.cache/guix/checkouts etc. + (target source) + (writable? #t)) + (file-system-mapping ;'guix shell' cached GC roots + (source (string-append %profile-directory "/profiles")) + (target source) + (writable? #t)) + (file-system-mapping ;'guix time-machine' cached GC roots + (source (string-append %profile-directory "/inferiors")) (target source) (writable? #t)) (let ((uri (string->uri (%daemon-socket-uri)))) diff --git a/guix/scripts/shell.scm b/guix/scripts/shell.scm index d23362a15d5..80251606a32 100644 --- a/guix/scripts/shell.scm +++ b/guix/scripts/shell.scm @@ -1,5 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2021-2024 Ludovic Courtès +;;; Copyright © 2021-2025 Ludovic Courtès ;;; Copyright © 2023 Janneke Nieuwenhuizen ;;; ;;; This file is part of GNU Guix. @@ -327,10 +327,13 @@ echo ~a >> ~a ;;; (define %profile-cache-directory - ;; Directory where profiles created by 'guix shell' alone (without extra - ;; options) are cached. - (make-parameter (string-append (cache-directory #:ensure? #f) - "/profiles"))) + ;; Directory where profiles (GC roots) created by 'guix shell' are cached. + ;; It must be world-readable so the daemon can traverse it. + (make-parameter (string-append %profile-directory "/profiles"))) + +(define %legacy-cache-directory + ;; Former cache directory, by default under $HOME/.cache. + (string-append (cache-directory #:ensure? #f) "/profiles")) (define (profile-cache-primary-key) "Return the \"primary key\" used when computing keys for the profile cache. @@ -592,6 +595,13 @@ to make sure your shell does not clobber environment variables."))) ) (maybe-remove-expired-cache-entries (%profile-cache-directory) cache-entries + #:entry-expiration entry-expiration) + + ;; Clean the legacy cache directory as well. Remove this + ;; call once at least one year has passed. + (maybe-remove-expired-cache-entries + %legacy-cache-directory + cache-entries #:entry-expiration entry-expiration))) (if (assoc-ref opts 'export-manifest?) From d9e2ee3e99475cfa5caa7c9ee7f2f54e3f71215f Mon Sep 17 00:00:00 2001 From: Yelninei Date: Mon, 8 Sep 2025 13:39:35 +0000 Subject: [PATCH 16/45] packages: Add x86_64-gnu to %cuirass-supported-systems. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * guix/packages.scm (%cuirass-supported-systems): Add x86_64-gnu. Change-Id: I5aa8bcc511d3e12364a35ce8dac35965e0d9709b Signed-off-by: Ludovic Courtès --- guix/packages.scm | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/guix/packages.scm b/guix/packages.scm index 0e1ef541d94..272cb999154 100644 --- a/guix/packages.scm +++ b/guix/packages.scm @@ -437,8 +437,7 @@ from forcing GEXP-PROMISE." ;; ;; XXX: MIPS is unavailable in CI: ;; . - (fold delete %supported-systems '("mips64el-linux" "powerpc-linux" - "x86_64-gnu"))) + (fold delete %supported-systems '("mips64el-linux" "powerpc-linux"))) (define (maybe-add-input-labels inputs) "Add labels to INPUTS unless it already has them." From 6a57156e9746982f9cd491c6d90715b0d8662014 Mon Sep 17 00:00:00 2001 From: Maxim Cournoyer Date: Tue, 23 Sep 2025 21:23:48 +0900 Subject: [PATCH 17/45] gnu: fail2ban: Apply patch to fix sshd jail filter. Recent OpenSSH uses an 'sshd-session' instead of 'sshd' binary name. * gnu/packages/patches/fail2ban-fix-sshd-filter.patch: New file. * gnu/local.mk (dist_patch_DATA): Register it. * gnu/packages/admin.scm (fail2ban): Apply it. Change-Id: I1f46e6768f4e04e97a8fcec189de45c2f1c26e1e --- gnu/local.mk | 1 + gnu/packages/admin.scm | 3 +- .../patches/fail2ban-fix-sshd-filter.patch | 96 +++++++++++++++++++ 3 files changed, 99 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/fail2ban-fix-sshd-filter.patch diff --git a/gnu/local.mk b/gnu/local.mk index 6ea7ca806cd..66555c332ea 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1244,6 +1244,7 @@ dist_patch_DATA = \ %D%/packages/patches/exercism-disable-self-update.patch \ %D%/packages/patches/extempore-unbundle-external-dependencies.patch \ %D%/packages/patches/extundelete-e2fsprogs-1.44.patch \ + %D%/packages/patches/fail2ban-fix-sshd-filter.patch \ %D%/packages/patches/fail2ban-paths-guix-conf.patch \ %D%/packages/patches/faiss-tests-CMakeLists-find-googletest.patch \ %D%/packages/patches/falcosecurity-libs-shared-build.patch \ diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm index fb38a5349e1..2a6a490d259 100644 --- a/gnu/packages/admin.scm +++ b/gnu/packages/admin.scm @@ -6242,7 +6242,8 @@ alias cysdig=sudo csysdig --modern-bpf '("paths-arch.conf" "paths-debian.conf" "paths-fedora.conf" "paths-freebsd.conf" "paths-opensuse.conf" "paths-osx.conf"))))) - (patches (search-patches "fail2ban-paths-guix-conf.patch")))) + (patches (search-patches "fail2ban-fix-sshd-filter.patch" + "fail2ban-paths-guix-conf.patch")))) (build-system pyproject-build-system) (arguments (list diff --git a/gnu/packages/patches/fail2ban-fix-sshd-filter.patch b/gnu/packages/patches/fail2ban-fix-sshd-filter.patch new file mode 100644 index 00000000000..14ea5db076c --- /dev/null +++ b/gnu/packages/patches/fail2ban-fix-sshd-filter.patch @@ -0,0 +1,96 @@ +Retrieved from https://patch-diff.githubusercontent.com/raw/fail2ban/fail2ban/pull/3782.patch +With ChangeLog hunk removed since it would not apply cleanly. + +From 2fed408c05ac5206b490368d94599869bd6a056d Mon Sep 17 00:00:00 2001 +From: Fabian Dellwing +Date: Tue, 2 Jul 2024 07:54:15 +0200 +Subject: [PATCH 1/5] Adjust sshd filter for OpenSSH 9.8 new daemon name + +--- + config/filter.d/sshd.conf | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/config/filter.d/sshd.conf b/config/filter.d/sshd.conf +index 1c8a02deb5..a1fd749aed 100644 +--- a/config/filter.d/sshd.conf ++++ b/config/filter.d/sshd.conf +@@ -16,7 +16,7 @@ before = common.conf + + [DEFAULT] + +-_daemon = sshd ++_daemon = (?:sshd(?:-session)?) + + # optional prefix (logged from several ssh versions) like "error: ", "error: PAM: " or "fatal: " + __pref = (?:(?:error|fatal): (?:PAM: )?)? + +From 7b335f47ea112e2a36e59287582e613aef2fa0a3 Mon Sep 17 00:00:00 2001 +From: "Sergey G. Brester" +Date: Wed, 3 Jul 2024 19:09:28 +0200 +Subject: [PATCH 2/5] sshd: add test coverage for new format, gh-3782 + +--- + fail2ban/tests/files/logs/sshd | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/fail2ban/tests/files/logs/sshd b/fail2ban/tests/files/logs/sshd +index ed54ded4d4..7d3948ed80 100644 +--- a/fail2ban/tests/files/logs/sshd ++++ b/fail2ban/tests/files/logs/sshd +@@ -20,6 +20,9 @@ Feb 25 14:34:10 belka sshd[31603]: Failed password for invalid user ROOT from aa + # failJSON: { "time": "2005-02-25T14:34:11", "match": true , "host": "aaaa:bbbb:cccc:1234::1:1" } + Feb 25 14:34:11 belka sshd[31603]: Failed password for invalid user ROOT from aaaa:bbbb:cccc:1234::1:1 + ++# failJSON: { "time": "2005-07-03T14:59:17", "match": true , "host": "192.0.2.1", "desc": "new log with session in daemon prefix, gh-3782" } ++Jul 3 14:59:17 host sshd-session[1571]: Failed password for root from 192.0.2.1 port 56502 ssh2 ++ + #3 + # failJSON: { "time": "2005-01-05T01:31:41", "match": true , "host": "1.2.3.4" } + Jan 5 01:31:41 www sshd[1643]: ROOT LOGIN REFUSED FROM 1.2.3.4 + +From 8360776ce1b119d519a842069c73bec7f5e24fad Mon Sep 17 00:00:00 2001 +From: "Sergey G. Brester" +Date: Wed, 3 Jul 2024 19:33:39 +0200 +Subject: [PATCH 3/5] zzz-sshd-obsolete-multiline.conf: adjusted to new + sshd-session log format + +--- + fail2ban/tests/config/filter.d/zzz-sshd-obsolete-multiline.conf | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/fail2ban/tests/config/filter.d/zzz-sshd-obsolete-multiline.conf b/fail2ban/tests/config/filter.d/zzz-sshd-obsolete-multiline.conf +index ad8adeb69f..14256ba68c 100644 +--- a/fail2ban/tests/config/filter.d/zzz-sshd-obsolete-multiline.conf ++++ b/fail2ban/tests/config/filter.d/zzz-sshd-obsolete-multiline.conf +@@ -9,7 +9,7 @@ before = ../../../../config/filter.d/common.conf + + [DEFAULT] + +-_daemon = sshd ++_daemon = sshd(?:-session)? + + # optional prefix (logged from several ssh versions) like "error: ", "error: PAM: " or "fatal: " + __pref = (?:(?:error|fatal): (?:PAM: )?)? + +From 50ff131a0fd8f54fdeb14b48353f842ee8ae8c1a Mon Sep 17 00:00:00 2001 +From: "Sergey G. Brester" +Date: Wed, 3 Jul 2024 19:35:28 +0200 +Subject: [PATCH 4/5] filter.d/sshd.conf: ungroup (unneeded for _daemon) + +--- + config/filter.d/sshd.conf | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/config/filter.d/sshd.conf b/config/filter.d/sshd.conf +index a1fd749aed..3a84b1ba52 100644 +--- a/config/filter.d/sshd.conf ++++ b/config/filter.d/sshd.conf +@@ -16,7 +16,7 @@ before = common.conf + + [DEFAULT] + +-_daemon = (?:sshd(?:-session)?) ++_daemon = sshd(?:-session)? + + # optional prefix (logged from several ssh versions) like "error: ", "error: PAM: " or "fatal: " + __pref = (?:(?:error|fatal): (?:PAM: )?)? From 7d10553db78b0475542b32522b2ab9a3c5b9ea58 Mon Sep 17 00:00:00 2001 From: Maxim Cournoyer Date: Tue, 23 Sep 2025 21:30:37 +0900 Subject: [PATCH 18/45] services: fail2ban: Extend profile with fail2ban package. * gnu/services/security.scm (fail2ban-service-type): Register profile-service-type extension. Change-Id: Ia7d908ba68c82fb7b5f016d4d246112679c49415 --- gnu/services/security.scm | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/gnu/services/security.scm b/gnu/services/security.scm index e750bb468b4..2aecd15a58c 100644 --- a/gnu/services/security.scm +++ b/gnu/services/security.scm @@ -378,13 +378,17 @@ provided as a list of file-like objects.")) (service-type (name 'fail2ban) (extensions (list (service-extension shepherd-root-service-type - fail2ban-shepherd-service))) + fail2ban-shepherd-service) + ;; For the fail2ban-client and fail2ban-regex commands. + (service-extension + profile-service-type + (compose list fail2ban-configuration-fail2ban)))) (compose concatenate) (extend (lambda (config jails) (fail2ban-configuration - (inherit config) - (jails (append (fail2ban-configuration-jails config) - jails))))) + (inherit config) + (jails (append (fail2ban-configuration-jails config) + jails))))) (default-value (fail2ban-configuration)) (description "Run the fail2ban server."))) From ea4eeeed03b20f547b0ff26e2105035dd32d54e3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= Date: Tue, 23 Sep 2025 14:31:26 +0200 Subject: [PATCH 19/45] =?UTF-8?q?tests:=20Adjust=20=E2=80=98package-transi?= =?UTF-8?q?tive-supported-systems=E2=80=99=20test.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This test broke with commit 8c9493cb311a994c2565f71fb6270a1b26d8a644. * tests/packages.scm ("package-transitive-supported-systems, implicit inputs"): Change ‘%current-system’ to “riscv64-linux”. Change-Id: Ia6d69f086cffea4144d2f032038b27ec91e904f3 --- tests/packages.scm | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/tests/packages.scm b/tests/packages.scm index 6ff7b265844..0e0a1bd16eb 100644 --- a/tests/packages.scm +++ b/tests/packages.scm @@ -511,7 +511,11 @@ (build-system gnu-build-system) (supported-systems `("does-not-exist" "foobar" ,@%supported-systems))))) - (parameterize ((%current-system "armhf-linux")) ; a traditionally-bootstrapped architecture + ;; For '%current-system', pick an old-style-bootstrap (not full-source + ;; bootstrap) architecture, and one that uses a version of + ;; 'libstdc++-boot0' that has all of %SUPPORTED-SYSTEMS in its + ;; 'supported-systems' field. + (parameterize ((%current-system "riscv64-linux")) (package-transitive-supported-systems p)))) (test-equal "package-transitive-supported-systems: reduced binary seed, implicit inputs" From 7365e16db8abb0e66946404f621a30039ab38aa9 Mon Sep 17 00:00:00 2001 From: Alexey Abramov Date: Tue, 23 Sep 2025 11:44:58 +0200 Subject: [PATCH 20/45] services: dhcpcd: Add shepherd-provision field. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * doc/guix.texi (Networking Setup): Regenerate the dhcpcd-configuration documentation. * gnu/services/networking.scm (dhcpcd-configuration) : Add new field. Fix typo in client-id description. (dhcpcd-shepherd-service): Use it. Signed-off-by: Ludovic Courtès --- doc/guix.texi | 12 +++++++++++- gnu/services/networking.scm | 11 ++++++++--- 2 files changed, 19 insertions(+), 4 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index 759f0446594..fe057a98df2 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -22096,6 +22096,9 @@ resolver: @end lisp @end defvar + +@c %start of fragment + @deftp {Data Type} dhcpcd-configuration Available @code{dhcpcd-configuration} fields are: @@ -22150,11 +22153,15 @@ refer to @uref{https://www.rfc-editor.org/rfc/rfc2132#section-9.13,RFC @item @code{client-id} (type: maybe-string) Use the interface hardware address or the given string as a client -identifier, this is matually exclusive with the @code{duid} option. +identifier, this is mutually exclusive with the @code{duid} option. @item @code{extra-content} (type: maybe-string) Extra content to append to the configuration as-is. +@item @code{shepherd-provision} (default: @code{(networking)}) (type: list-of-symbols) +This is a list of symbols naming Shepherd services provided by this +service. + @item @code{shepherd-requirement} (default: @code{()}) (type: list-of-symbols) This is a list of symbols naming Shepherd services that this service will depend on. @@ -22163,6 +22170,9 @@ will depend on. @end deftp + +@c %end of fragment + @cindex NetworkManager @defvar network-manager-service-type diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm index b0d1c74490b..646c8620409 100644 --- a/gnu/services/networking.scm +++ b/gnu/services/networking.scm @@ -629,13 +629,18 @@ to @uref{https://www.rfc-editor.org/rfc/rfc2132#section-9.13,RFC 2132}.") (client-id maybe-string "Use the interface hardware address or the given string as a client identifier, -this is matually exclusive with the @code{duid} option.") +this is mutually exclusive with the @code{duid} option.") ;; Escape hatch for the generated configuration file. (extra-content maybe-string "Extra content to append to the configuration as-is.") + (shepherd-provision + (list-of-symbols '(networking)) + "This is a list of symbols naming Shepherd services provided by this service." + empty-serializer) + (shepherd-requirement (list-of-symbols '()) "This is a list of symbols naming Shepherd services that this service @@ -662,11 +667,11 @@ will depend on." (define (dhcpcd-shepherd-service config) (match-record config - (command-arguments interfaces shepherd-requirement) + (command-arguments interfaces shepherd-provision shepherd-requirement) (let ((config-file (dhcpcd-config-file config))) (list (shepherd-service (documentation "dhcpcd daemon.") - (provision '(networking)) + (provision shepherd-provision) (requirement `(user-processes udev ,@shepherd-requirement)) (actions (list (shepherd-configuration-action config-file))) (start From ef4e77e76dcbcb8b8159e9e355747cd7a9ec1306 Mon Sep 17 00:00:00 2001 From: Tom Fitzhenry Date: Tue, 16 Sep 2025 09:51:51 +1000 Subject: [PATCH 21/45] doc: Remove docs for non-existent virtio? parameter of raw-initrd. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit virtio? was removed in commit eac026e5c80caae88a6cef317a46007dca343578. * doc/guix.texi (Initial RAM Disk): Remove docs for virtio? in raw-initrd. Change-Id: I99aaf58f0c5239409511146c4617546a202f5041 Signed-off-by: Ludovic Courtès --- doc/guix.texi | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index fe057a98df2..ef9922c423b 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -46442,8 +46442,7 @@ user need to enter a passphrase or use the REPL, this happens using the intended keyboard layout. When @var{qemu-networking?} is true, set up networking with the standard QEMU -parameters. When @var{virtio?} is true, load additional modules so that the -initrd can be used as a QEMU guest with para-virtualized I/O drivers. +parameters. When @var{volatile-root?} is true, the root file system is writable but any changes to it are lost. From a68bcfd2f53a409c530629d8ec0d9d152a56e16b Mon Sep 17 00:00:00 2001 From: Richard Sent Date: Thu, 21 Aug 2025 15:17:27 -0400 Subject: [PATCH 22/45] home: services: sway: Export configuration file accessors. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * gnu/home/services/sway.scm: Export field accessors for sway-* configuration records. Change-Id: I0f116508bdd710dec810dcbb69cf3c7b91daead4 Signed-off-by: Ludovic Courtès --- gnu/home/services/sway.scm | 51 ++++++++++++++++++++++++++++++++++++-- 1 file changed, 49 insertions(+), 2 deletions(-) diff --git a/gnu/home/services/sway.scm b/gnu/home/services/sway.scm index 34447e95f2e..bf001de1e5a 100644 --- a/gnu/home/services/sway.scm +++ b/gnu/home/services/sway.scm @@ -34,15 +34,62 @@ ;; Configuration records. sway-configuration + sway-configuration-keybindings + sway-configuration-gestures + sway-configuration-packages + sway-configuration-variables + sway-configuration-inputs + sway-configuration-outputs + sway-configuration-bar + sway-configuration-modes + sway-configuration-startup+reload-programs + sway-configuration-startup-programs + sway-configuration-extra-content sway-bar + sway-bar-identifier + sway-bar-position + sway-bar-hidden-state + sway-bar-binding-mode-indicator + sway-bar-colors + sway-bar-status-command + sway-bar-mouse-bindings + sway-bar-extra-content sway-output + sway-output-identifier + sway-output-resolution + sway-output-position + sway-output-background + sway-output-extra-content sway-input - point + sway-input-identifier + sway-input-layout + sway-input-disable-while-typing + sway-input-disable-while-trackpointing + sway-input-tap + sway-input-extra-content sway-color + sway-color-background + sway-color-statusline + sway-color-focused-background + sway-color-focused-statusline + sway-color-focused-workspace + sway-color-active-workspace + sway-color-inactive-workspace + sway-color-urgent-workspace + sway-color-binding-mode sway-border-color + sway-border-color-border + sway-border-color-background + sway-border-color-text + sway-mode + sway-mode-mode-name + sway-mode-keybindings + sway-mode-mouse-bindings + point + + ;; Service type and helper function. home-sway-service-type sway-configuration->file - sway-mode ;; Default values. %sway-default-variables From 4660273f008704a5196ebadfe2281f2e59f65180 Mon Sep 17 00:00:00 2001 From: Cayetano Santos Date: Tue, 23 Sep 2025 11:11:51 +0200 Subject: [PATCH 23/45] gnu: icestorm: Update to 1.1. * gnu/packages/electronics.scm (icestorm): Update to 1.1. [#:phases] {fix-usr-local}: Fix config.mk. [native-inputs]: Replace python with python-minimal, add python-sphinxcontrib-svg2pdfconverter, remove python-sphinx. Change-Id: I9413c6ac1e620ede236e66b4a79c842f0a6741a0 Signed-off-by: Maxim Cournoyer --- gnu/packages/electronics.scm | 124 ++++++++++++++++++----------------- 1 file changed, 63 insertions(+), 61 deletions(-) diff --git a/gnu/packages/electronics.scm b/gnu/packages/electronics.scm index 49ff1ce67f7..fca50ff7540 100644 --- a/gnu/packages/electronics.scm +++ b/gnu/packages/electronics.scm @@ -407,68 +407,70 @@ For synthesis, the compiler generates netlists in the desired format.") (license (list license:gpl2 license:lgpl2.1+)))) (define-public icestorm - (let ((commit "3cdcf4b009bb8681ab7e2e09d65043f04334b60e") - (revision "5")) - (package - (name "icestorm") - (version (git-version "0.0" revision commit)) - (source - (origin - (method git-fetch) - (uri (git-reference - (url "https://github.com/YosysHQ/icestorm/") - (commit commit))) - (file-name (git-file-name name version)) - (sha256 - (base32 "0ygp6cj7grlnyji572kx215p2mw4crllskif9g795f390bp38g68")))) - (build-system gnu-build-system) - (arguments - (list - #:tests? #f ;avoid a cyclic dependency with nextpr-ice40 - #:make-flags - #~(list (string-append "CC=" - #$(cc-for-target)) - (string-append "CXX=" - #$(cxx-for-target)) - (string-append "PREFIX=" - #$output) - "ICEPROG=1") - #:phases - #~(modify-phases %standard-phases - (add-after 'unpack 'fix-usr-local - (lambda* (#:key outputs #:allow-other-keys) - (substitute* "icepack/Makefile" - (("/usr/local") - #$output)) - (substitute* "icebox/Makefile" - (("/usr/local") - #$output)) - (substitute* "icebox/icebox_vlog.py" - (("/usr/local") - #$output)))) - (add-after 'build 'make-info - (lambda* (#:key outputs #:allow-other-keys) - (with-directory-excursion "docs" - (invoke "make" "info") - (install-file "build/texinfo/projecticestorm.info" - (string-append #$output "/share/info")) - (copy-recursively "build/texinfo/projecticestorm-figures" - (string-append #$output - "/share/info/projecticestorm-figures"))))) - (delete 'configure)))) - (inputs (list libftdi)) - (native-inputs (list pkg-config - python - python-sphinx - python-sphinx-rtd-theme - texinfo)) - (home-page "https://prjicestorm.readthedocs.io/") - (synopsis "Bitstream tools for Lattice iCE40 FPGAs") - (description - "Project IceStorm aims at documenting the bitstream format of -Lattice iCE40 FPGAs and providing simple tools for analyzing and creating bitstream + (package + (name "icestorm") + (version "1.1") + (source + (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/YosysHQ/icestorm/") + (commit (string-append "v" version)))) + (file-name (git-file-name name version)) + (sha256 + (base32 "0yh36kd23y4sk65g34r1h244ax9fj5c668y6pwqwaq3c0nmb3d28")))) + (build-system gnu-build-system) + (arguments + (list + #:tests? #f ;no tests + #:make-flags + #~(list (string-append "CC=" + #$(cc-for-target)) + (string-append "CXX=" + #$(cxx-for-target)) + (string-append "PREFIX=" + #$output) + "ICEPROG=1") + #:phases + #~(modify-phases %standard-phases + (add-after 'unpack 'fix-usr-local + (lambda* (#:key outputs #:allow-other-keys) + (substitute* "config.mk" + (("/usr/local") + #$output)) + (substitute* "icepack/Makefile" + (("/usr/local") + #$output)) + (substitute* "icebox/Makefile" + (("/usr/local") + #$output)) + (substitute* "icebox/icebox_vlog.py" + (("/usr/local") + #$output)))) + (add-after 'build 'make-info + (lambda* (#:key outputs #:allow-other-keys) + (with-directory-excursion "docs" + (invoke "make" "info") + (install-file "build/texinfo/projecticestorm.info" + (string-append #$output "/share/info")) + (copy-recursively + "build/texinfo/projecticestorm-figures" + (string-append #$output + "/share/info/projecticestorm-figures"))))) + (delete 'configure)))) + (inputs (list libftdi)) + (native-inputs (list pkg-config + python-minimal + python-sphinx-rtd-theme + python-sphinxcontrib-svg2pdfconverter + texinfo)) + (home-page "https://prjicestorm.readthedocs.io/") + (synopsis "Bitstream tools for Lattice iCE40 FPGAs") + (description + "Project IceStorm aims at documenting the bitstream format of Lattice +iCE40 FPGAs and providing simple tools for analyzing and creating bitstream files.") - (license license:isc)))) + (license license:isc))) (define-public json-for-vhdl ;; No tagged releases. From 2ff3cdf8aa1235db05e8a11755189e77750a7907 Mon Sep 17 00:00:00 2001 From: Cayetano Santos Date: Tue, 23 Sep 2025 14:54:17 +0200 Subject: [PATCH 24/45] gnu: icestorm: Improve style. * gnu/packages/electronics.scm (icestorm): Improve style. Change-Id: I54af740aa866cd3d0f5a02c76ca30c8cf293cb63 Signed-off-by: Maxim Cournoyer --- gnu/packages/electronics.scm | 27 +++++++++++++-------------- 1 file changed, 13 insertions(+), 14 deletions(-) diff --git a/gnu/packages/electronics.scm b/gnu/packages/electronics.scm index fca50ff7540..576104a9256 100644 --- a/gnu/packages/electronics.scm +++ b/gnu/packages/electronics.scm @@ -424,17 +424,14 @@ For synthesis, the compiler generates netlists in the desired format.") (list #:tests? #f ;no tests #:make-flags - #~(list (string-append "CC=" - #$(cc-for-target)) - (string-append "CXX=" - #$(cxx-for-target)) - (string-append "PREFIX=" - #$output) + #~(list (string-append "CC=" #$(cc-for-target)) + (string-append "CXX=" #$(cxx-for-target)) + (string-append "PREFIX=" #$output) "ICEPROG=1") #:phases #~(modify-phases %standard-phases (add-after 'unpack 'fix-usr-local - (lambda* (#:key outputs #:allow-other-keys) + (lambda _ (substitute* "config.mk" (("/usr/local") #$output)) @@ -448,7 +445,7 @@ For synthesis, the compiler generates netlists in the desired format.") (("/usr/local") #$output)))) (add-after 'build 'make-info - (lambda* (#:key outputs #:allow-other-keys) + (lambda _ (with-directory-excursion "docs" (invoke "make" "info") (install-file "build/texinfo/projecticestorm.info" @@ -458,12 +455,14 @@ For synthesis, the compiler generates netlists in the desired format.") (string-append #$output "/share/info/projecticestorm-figures"))))) (delete 'configure)))) - (inputs (list libftdi)) - (native-inputs (list pkg-config - python-minimal - python-sphinx-rtd-theme - python-sphinxcontrib-svg2pdfconverter - texinfo)) + (inputs + (list libftdi)) + (native-inputs + (list pkg-config + python-minimal + python-sphinx-rtd-theme + python-sphinxcontrib-svg2pdfconverter + texinfo)) (home-page "https://prjicestorm.readthedocs.io/") (synopsis "Bitstream tools for Lattice iCE40 FPGAs") (description From 72f1f55961725bcab289add01253906aaa02ec95 Mon Sep 17 00:00:00 2001 From: "Artyom V. Poptsov" Date: Tue, 23 Sep 2025 16:16:35 +0300 Subject: [PATCH 25/45] gnu: fastfetch-minimal: Update to 2.53.0. * gnu/packages/admin.scm (fastfetch-minimal): Update to 2.53.0. Change-Id: I6e29ed36d7873befd826598155864597c2f759e8 --- gnu/packages/admin.scm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm index 2a6a490d259..57a75b549b4 100644 --- a/gnu/packages/admin.scm +++ b/gnu/packages/admin.scm @@ -4640,7 +4640,7 @@ information tool.") (define-public fastfetch-minimal (package (name "fastfetch-minimal") - (version "2.51.1") + (version "2.53.0") (source (origin (method git-fetch) @@ -4649,7 +4649,7 @@ information tool.") (commit version))) (file-name (git-file-name name version)) (sha256 - (base32 "1c5z1mgpgm8nzxkdjfh0412zdnv1f8i1vvic2h5v99f9cmdjwr25")) + (base32 "0w260lscjy3rqahhr2637hb3fqsklv2qx59f2v66wy99nnmqvbha")) (modules '((guix build utils))) (snippet '(begin (delete-file-recursively "src/3rdparty"))))) From c82011112e9b556e73915d85aaf16da9c1e9a40b Mon Sep 17 00:00:00 2001 From: "Artyom V. Poptsov" Date: Tue, 23 Sep 2025 16:18:18 +0300 Subject: [PATCH 26/45] gnu: hyfetch: Update to 2.0.2. * gnu/packages/admin.scm (hyfetch): Update to 2.0.2. Change-Id: I21502f5dbc9f159d21b7ad303193c72c1afbc987 --- gnu/packages/admin.scm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm index 57a75b549b4..2edb10bdb49 100644 --- a/gnu/packages/admin.scm +++ b/gnu/packages/admin.scm @@ -4420,7 +4420,7 @@ you are running, what theme or icon set you are using, etc.") (define-public hyfetch (package (name "hyfetch") - (version "2.0.1") + (version "2.0.2") (source (origin (method git-fetch) @@ -4429,7 +4429,7 @@ you are running, what theme or icon set you are using, etc.") (commit version))) (file-name (git-file-name name version)) (sha256 - (base32 "1c81425jaa2i0jdkfp2v7rsb0z7vzgba3735lgf5m921618k18rr")))) + (base32 "1h3s8m6csmxj815cpzh30m59132n8drxya0s2lh5ngjkpazgdnv3")))) (build-system pyproject-build-system) (native-inputs (list python-pytest From 1fc71fd013a752600de04e3f5a5757fc1eafc5e7 Mon Sep 17 00:00:00 2001 From: Maxim Cournoyer Date: Tue, 23 Sep 2025 22:39:29 +0900 Subject: [PATCH 27/45] .guix-authorizations: Authorize Sughosha (SameExpert). MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * .guix-authorizations (authorizations) : Register. Voucher: Z572 Voucher: Ludovic Courtès Voucher: Gabriel Wicki Change-Id: If90d8ca5f80f96ee4b3604e7fc4e1fbfbf44aea4 --- .guix-authorizations | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.guix-authorizations b/.guix-authorizations index 029e78b41ba..1c3b04205b1 100644 --- a/.guix-authorizations +++ b/.guix-authorizations @@ -98,6 +98,8 @@ ;; . "1EFB 0909 1F17 D28C CBF9 B13A 53D4 57B2 D636 EE82" (name "roptat")) + ("EAD1 89E4 799B 5E5E B20A 2A19 CDBC 0BD9 5943 A706" + (name "SameExpert")) (;; primary: "D6B0 C593 DA8C 5EDC A44C 7A58 C336 91F7 1188 B004" "A02C 2D82 0EF4 B25B A6B5 1D90 2AC6 A5EC 1C35 7C59" (name "samplet")) From d759207ff95ef041d95d73915ea1cb01dd6bb902 Mon Sep 17 00:00:00 2001 From: Maxim Cournoyer Date: Tue, 23 Sep 2025 22:41:17 +0900 Subject: [PATCH 28/45] teams: Register Sugosha's Codeberg username. * etc/teams.scm (members) : Register Codeberg username. Change-Id: Iebdedb245242855c1351cb122d9aec7226b35f0d --- etc/teams.scm | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/etc/teams.scm b/etc/teams.scm index e85bfa01007..54b2eba0e37 100755 --- a/etc/teams.scm +++ b/etc/teams.scm @@ -1256,7 +1256,8 @@ the \"texlive\" importer." core-packages qt kde) (define-member (person "Sughosha" - "sughosha@disroot.org") + "sughosha@disroot.org" + "SameExpert") audio kde) (define-member (person "Jelle Licht" From b03b8d23e0cda8b00d0bfb5e76b24c93c2b1544e Mon Sep 17 00:00:00 2001 From: Maxim Cournoyer Date: Tue, 23 Sep 2025 23:03:09 +0900 Subject: [PATCH 29/45] doc: Clarify how to create the Codeberg token for `sync-codeberg-teams'. * doc/contributing.texi (Teams): Mention needed permissions and provide the page URL. Change-Id: I4ba44379a4ce5df9e987b32f28ebac0c7dc35618 --- doc/contributing.texi | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/doc/contributing.texi b/doc/contributing.texi index 66e6f0c682b..6c4423a6900 100644 --- a/doc/contributing.texi +++ b/doc/contributing.texi @@ -2873,8 +2873,10 @@ Codeberg, a member of the ``Owners'' team can run: @end example @noindent -... where @var{token} is a token created on the Codeberg interface -granting access to the relevant settings. +... where @var{token} is a token created via the +@url{https://codeberg.org/user/settings/applications, Codeberg +applications settings page}, granting read/write access to the +@samp{organization} permission. @node Making Decisions @section Making Decisions From db0fdc19abffba67bb03acf4146e02c8e9738c78 Mon Sep 17 00:00:00 2001 From: Hartmut Goebel Date: Tue, 26 Aug 2025 21:46:37 +0200 Subject: [PATCH 30/45] gnu: ruby-vagrant-cloud: Relax version requirement for rexml. Relax the version requirement for rexml to allow this package to be used with newer versions of rexml. --- gnu/packages/ruby-xyz.scm | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/gnu/packages/ruby-xyz.scm b/gnu/packages/ruby-xyz.scm index 95a3f65958f..b5eb03c3f84 100644 --- a/gnu/packages/ruby-xyz.scm +++ b/gnu/packages/ruby-xyz.scm @@ -34,7 +34,7 @@ ;;; Copyright © 2023, 2024 gemmaro ;;; Copyright © 2023, 2024 Janneke Nieuwenhuizen ;;; Copyright © 2023, 2024 Zheng Junjie <873216071@qq.com> -;;; Copyright © 2023, 2024 Hartmut Goebel +;;; Copyright © 2023-2025 Hartmut Goebel ;;; Copyright © 2025 Nicolas Graves ;;; ;;; This file is part of GNU Guix. @@ -8970,7 +8970,15 @@ source projects must be able to link to it.") "0bnjd8b86lrgj5ar1l7pg5if95bv0sxa75mz7x2ikqyz6q8rmjb3")))) (build-system ruby-build-system) (arguments - `(#:test-target "spec")) + (list + #:test-target "spec" + #:phases + #~(modify-phases %standard-phases + (add-after 'extract-gemspec 'relax-requirements + (lambda _ + (substitute* "vagrant_cloud.gemspec" + (("dependency 'rexml', .*") + "dependency 'rexml'\n"))))))) (native-inputs (list ruby-rspec ruby-webmock)) (propagated-inputs (list ruby-excon ruby-log4r ruby-rexml)) (synopsis "Vagrant Cloud API library") From c3be000890446447c35703c7534dc0ca5cbaf1df Mon Sep 17 00:00:00 2001 From: Hartmut Goebel Date: Wed, 26 Jul 2023 20:46:47 +0200 Subject: [PATCH 31/45] gnu: Add vagrant. * gnu/packages/virtualization.scm (vagrant): New variable. * gnu/packages/patches/vagrant-Support-system-installed-plugins.patch, gnu/packages/patches/vagrant-Use-a-private-temporary-dir.patch gnu/packages/patches/vagrant-bin-vagrant-silence-warning-about-installer.patch: New files. * gnu/local.mk(dist_patch_DATA): Add them --- gnu/local.mk | 3 + ...ant-Support-system-installed-plugins.patch | 172 ++++++++++++++++++ .../vagrant-Use-a-private-temporary-dir.patch | 119 ++++++++++++ ...rant-silence-warning-about-installer.patch | 24 +++ gnu/packages/virtualization.scm | 114 +++++++++++- 5 files changed, 431 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/vagrant-Support-system-installed-plugins.patch create mode 100644 gnu/packages/patches/vagrant-Use-a-private-temporary-dir.patch create mode 100644 gnu/packages/patches/vagrant-bin-vagrant-silence-warning-about-installer.patch diff --git a/gnu/local.mk b/gnu/local.mk index 66555c332ea..2f65fd4a1f5 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -2419,6 +2419,9 @@ dist_patch_DATA = \ %D%/packages/patches/unzip-32bit-zipbomb-fix.patch \ %D%/packages/patches/ustr-fix-build-with-gcc-5.patch \ %D%/packages/patches/util-linux-tests.patch \ + %D%/packages/patches/vagrant-bin-vagrant-silence-warning-about-installer.patch \ + %D%/packages/patches/vagrant-Support-system-installed-plugins.patch \ + %D%/packages/patches/vagrant-Use-a-private-temporary-dir.patch \ %D%/packages/patches/vboot-utils-fix-format-load-address.patch \ %D%/packages/patches/vboot-utils-fix-tests-show-contents.patch \ %D%/packages/patches/vboot-utils-skip-test-workbuf.patch \ diff --git a/gnu/packages/patches/vagrant-Support-system-installed-plugins.patch b/gnu/packages/patches/vagrant-Support-system-installed-plugins.patch new file mode 100644 index 00000000000..3d57993921d --- /dev/null +++ b/gnu/packages/patches/vagrant-Support-system-installed-plugins.patch @@ -0,0 +1,172 @@ +From: Hartmut Goebel +Date: Mon, 07 Aug 2023 18:09:09 +0200 +Subject: Support system-installed plugins + +Plugins must be installed as regular Ruby libraries, and they must +contain share/vagrant-plugins/plugins.d/$PLUGINNAME.json with the +following content: + +{ + "${PLUGINNAME}": { + "ruby_version":"$(ruby -e 'puts RUBY_VERSION')", + "vagrant_version":"$(cat /usr/share/vagrant/version.txt)", + "gem_version":"", + "require":"", + "sources":[] + } +} + +This patch was based on the respective patch from Debian, anyhow heavily +adjusted to Guix and to support GUIX_VAGRANT_PLUGINS_PATH. + +Orignal-Author: Antonio Terceiro +Co-authored-by: Antonio Terceiro +--- + bin/vagrant | 15 +++++++++++++++ + lib/vagrant/bundler.rb | 2 +- + lib/vagrant/plugin/manager.rb | 4 ++-- + lib/vagrant/plugin/state_file.rb | 30 ++++++++++++++++++++++++++++-- + lib/vagrant/shared_helpers.rb | 8 ++++++++ + 5 files changed, 54 insertions(+), 5 deletions(-) + +diff --git a/bin/vagrant b/bin/vagrant +index d3f4ea6..cc00efa 100755 +--- a/bin/vagrant ++++ b/bin/vagrant +@@ -86,6 +86,21 @@ $stderr.sync = true + # so we can provide correct resolutions later + builtin_specs = [] + ++# Add the gem paths of vagrant plugins to the Gem search path ++# TODO: find a better way to add paths to the Gem search path ++gempath = [] ++if ENV['GEM_PATH'] ++ gempath.append(ENV['GEM_PATH']) ++end ++ENV['GUIX_VAGRANT_PLUGINS_PATH'].split(File::PATH_SEPARATOR).each do |pluginsdir| ++ gemdir = File.absolute_path(File.join(pluginsdir, "../../lib/ruby/vendor_ruby")) ++ gempath.append(gemdir) ++end ++ENV['GEM_PATH'] = gempath.join(':') ++gemdir = nil ++gempath = nil ++Gem.clear_paths() # make GEM_PATH be reevaluated ++ + vagrant_spec = Gem::Specification.find_all_by_name("vagrant").detect do |spec| + spec.version == Gem::Version.new(Vagrant::VERSION) + end +diff --git a/lib/vagrant/bundler.rb b/lib/vagrant/bundler.rb +index 46ef69f..27979b9 100644 +--- a/lib/vagrant/bundler.rb ++++ b/lib/vagrant/bundler.rb +@@ -665,7 +665,7 @@ module Vagrant + spec_dir = Gem::Specification.default_specifications_dir + end + directories = [spec_dir] +- if Vagrant.in_bundler? ++ if Vagrant.in_bundler? || Vagrant.in_guix_package? + Gem::Specification.find_all{true}.each do |spec| + list[spec.full_name] = spec + end +diff --git a/lib/vagrant/plugin/manager.rb b/lib/vagrant/plugin/manager.rb +index b73f07f..94cd609 100644 +--- a/lib/vagrant/plugin/manager.rb ++++ b/lib/vagrant/plugin/manager.rb +@@ -18,7 +18,7 @@ module Vagrant + + # Returns the path to the [StateFile] for system plugins. + def self.system_plugins_file +- dir = Vagrant.installer_embedded_dir ++ dir = nil + return nil if !dir + Pathname.new(dir).join("plugins.json") + end +@@ -38,7 +38,7 @@ module Vagrant + + system_path = self.class.system_plugins_file + @system_file = nil +- @system_file = StateFile.new(system_path) if system_path && system_path.file? ++ @system_file = StateFile.new(system_path, true) #if system_path && system_path.file? + + @local_file = nil + @globalized = @localized = false +diff --git a/lib/vagrant/plugin/state_file.rb b/lib/vagrant/plugin/state_file.rb +index c6872d4..b927fd8 100644 +--- a/lib/vagrant/plugin/state_file.rb ++++ b/lib/vagrant/plugin/state_file.rb +@@ -11,11 +11,17 @@ module Vagrant + # @return [Pathname] path to file + attr_reader :path + +- def initialize(path) ++ def initialize(path, system = false) + @path = path ++ @system = system + + @data = {} +- if @path.exist? ++ if system ++ if ENV.has_key?('GUIX_VAGRANT_PLUGINS_PATH') ++ @data["installed"] = {} ++ load_system_plugins ++ end ++ elsif @path.exist? + begin + @data = JSON.parse(@path.read) + rescue JSON::ParserError => e +@@ -30,6 +36,22 @@ module Vagrant + @data["installed"] ||= {} + end + ++ def load_system_plugins ++ ENV['GUIX_VAGRANT_PLUGINS_PATH'].split(File::PATH_SEPARATOR).each do |pluginsdir| ++ extra_plugins = Dir.glob(File.join(pluginsdir, 'plugins.d', '*.json')) ++ extra_plugins.each do |filename| ++ json = File.read(filename) ++ begin ++ plugin_data = JSON.parse(json) ++ @data["installed"].merge!(plugin_data) ++ rescue JSON::ParserError => e ++ raise Vagrant::Errors::PluginStateFileParseError, ++ path: filename, message: e.message ++ end ++ end ++ end ++ end ++ + # Add a plugin that is installed to the state file. + # + # @param [String] name The name of the plugin +@@ -107,6 +129,10 @@ module Vagrant + f.close + FileUtils.mv(f.path, @path) + end ++ rescue Errno::EACCES ++ # Ignore permission denied against system-installed plugins; regular ++ # users are not supposed to write there. ++ raise unless @system + end + + protected +diff --git a/lib/vagrant/shared_helpers.rb b/lib/vagrant/shared_helpers.rb +index 7b0b87c..eb9a21e 100644 +--- a/lib/vagrant/shared_helpers.rb ++++ b/lib/vagrant/shared_helpers.rb +@@ -43,6 +43,14 @@ module Vagrant + !defined?(::Bundler).nil? + end + ++ # This returns a true/false if we are running from a Guix package ++ # ++ # @return [Boolean] ++ def self.in_guix_package? ++ # FIXME write a proper check if this ever goes upstream ++ true ++ end ++ + # Returns the path to the embedded directory of the Vagrant installer, + # if there is one (if we're running in an installer). + # +-- +2.30.9 + diff --git a/gnu/packages/patches/vagrant-Use-a-private-temporary-dir.patch b/gnu/packages/patches/vagrant-Use-a-private-temporary-dir.patch new file mode 100644 index 00000000000..f55d28df9b5 --- /dev/null +++ b/gnu/packages/patches/vagrant-Use-a-private-temporary-dir.patch @@ -0,0 +1,119 @@ +From: Antonio Terceiro +Date: Wed, 22 Oct 2014 09:40:14 -0200 +Subject: Use a private temporary directory that is cleanup up on exit + +This avoids vagrant from cluttering $TMPDIR with dozens of even hundreds +of temporary files (~4 per vagrant invocation). +--- + lib/vagrant/box.rb | 3 ++- + lib/vagrant/util.rb | 1 + + lib/vagrant/util/caps.rb | 2 +- + lib/vagrant/util/platform.rb | 2 +- + lib/vagrant/util/tempfile.rb | 39 +++++++++++++++++++++++++++++++++++++++ + 5 files changed, 44 insertions(+), 3 deletions(-) + create mode 100644 lib/vagrant/util/tempfile.rb + +diff --git a/lib/vagrant/box.rb b/lib/vagrant/box.rb +index 90dc69d..4ee79b9 100644 +--- a/lib/vagrant/box.rb ++++ b/lib/vagrant/box.rb +@@ -12,6 +12,7 @@ require "vagrant/util/downloader" + require "vagrant/util/platform" + require "vagrant/util/safe_chdir" + require "vagrant/util/subprocess" ++# require "vagrant/util/tempfile" + + module Vagrant + # Represents a "box," which is a package Vagrant environment that is used +@@ -153,7 +154,7 @@ module Vagrant + # @param [Hash] download_options Options to pass to the downloader. + # @return [BoxMetadata] + def load_metadata(download_options={}) +- tf = Tempfile.new("vagrant-load-metadata") ++ tf = Util::Tempfile.new("vagrant-load-metadata") + tf.close + + url = @metadata_url +diff --git a/lib/vagrant/util.rb b/lib/vagrant/util.rb +index 4b3e0ff..36eb671 100644 +--- a/lib/vagrant/util.rb ++++ b/lib/vagrant/util.rb +@@ -57,6 +57,7 @@ module Vagrant + autoload :SilenceWarnings, 'vagrant/util/silence_warnings' + autoload :SSH, 'vagrant/util/ssh' + autoload :StackedProcRunner, 'vagrant/util/stacked_proc_runner' ++ autoload :Tempfile, 'vagrant/util/tempfile' + autoload :StringBlockEditor, 'vagrant/util/string_block_editor' + autoload :Subprocess, 'vagrant/util/subprocess' + autoload :TemplateRenderer, 'vagrant/util/template_renderer' +diff --git a/lib/vagrant/util/caps.rb b/lib/vagrant/util/caps.rb +index 310add3..55afc49 100644 +--- a/lib/vagrant/util/caps.rb ++++ b/lib/vagrant/util/caps.rb +@@ -31,7 +31,7 @@ module Vagrant + + def ensure_output_iso(file_destination) + if file_destination.nil? +- tmpfile = Tempfile.new(["vagrant", ".iso"]) ++ tmpfile = Util::Tempfile.new(["vagrant", ".iso"]) + file_destination = Pathname.new(tmpfile.path) + tmpfile.close + tmpfile.unlink +diff --git a/lib/vagrant/util/platform.rb b/lib/vagrant/util/platform.rb +index c8658e1..0421c70 100644 +--- a/lib/vagrant/util/platform.rb ++++ b/lib/vagrant/util/platform.rb +@@ -388,7 +388,7 @@ module Vagrant + + if wsl? + # Mark our filesystem with a temporary file having an unique name. +- marker = Tempfile.new(Time.now.to_i.to_s) ++ marker = Util::Tempfile.new(Time.now.to_i.to_s) + logger = Log4r::Logger.new("vagrant::util::platform::wsl") + + # Check for lxrun installation first +diff --git a/lib/vagrant/util/tempfile.rb b/lib/vagrant/util/tempfile.rb +new file mode 100644 +index 0000000..0cbbb53 +--- /dev/null ++++ b/lib/vagrant/util/tempfile.rb +@@ -0,0 +1,39 @@ ++require 'fileutils' ++require 'tmpdir' ++ ++module Vagrant ++ module Util ++ class Tempfile < ::Tempfile ++ ++ def initialize(basename) ++ super(basename, private_tmpdir) ++ end ++ ++ def private_tmpdir ++ self.class.private_tmpdir ++ end ++ ++ def self.private_tmpdir ++ @private_tmpdir ||= ++ begin ++ user = Etc.getpwuid.name ++ pid = Process.pid ++ tmpdir = File.join(Dir.tmpdir, "vagrant-#{user}-#{pid}") ++ FileUtils.mkdir_p(tmpdir) ++ FileUtils.chmod(0700, tmpdir) ++ tmpdir ++ end ++ end ++ ++ def self.mktmpdir(prefix_suffix) ++ Dir.mktmpdir(prefix_suffix, private_tmpdir) ++ end ++ ++ ++ end ++ end ++end ++ ++at_exit do ++ FileUtils.rm_rf(Vagrant::Util::Tempfile.private_tmpdir) ++end diff --git a/gnu/packages/patches/vagrant-bin-vagrant-silence-warning-about-installer.patch b/gnu/packages/patches/vagrant-bin-vagrant-silence-warning-about-installer.patch new file mode 100644 index 00000000000..4d4fed273cc --- /dev/null +++ b/gnu/packages/patches/vagrant-bin-vagrant-silence-warning-about-installer.patch @@ -0,0 +1,24 @@ +From: Antonio Terceiro +Date: Sat, 11 Oct 2014 16:54:58 -0300 +Subject: bin/vagrant: silence warning about installer + +--- + bin/vagrant | 5 ----- + 1 file changed, 5 deletions(-) + +diff --git a/bin/vagrant b/bin/vagrant +index 7ca30b3..d3f4ea6 100755 +--- a/bin/vagrant ++++ b/bin/vagrant +@@ -221,11 +221,6 @@ begin + end + end + +- if !Vagrant.in_installer? && !Vagrant.very_quiet? +- # If we're not in the installer, warn. +- env.ui.warn(I18n.t("vagrant.general.not_in_installer") + "\n", prefix: false) +- end +- + # Acceptable experimental flag values include: + # + # Unset - Disables experimental features diff --git a/gnu/packages/virtualization.scm b/gnu/packages/virtualization.scm index a621ab72c5a..66c6487a93f 100644 --- a/gnu/packages/virtualization.scm +++ b/gnu/packages/virtualization.scm @@ -31,7 +31,7 @@ ;;; Copyright © 2023 Juliana Sims ;;; Copyright © 2023 Ahmad Draidi ;;; Copyright © 2023 Sharlatan Hellseher -;;; Copyright © 2023, 2024 Hartmut Goebel +;;; Copyright © 2023-2025 Hartmut Goebel ;;; Copyright © 2024 Nicolas Graves ;;; Copyright © 2024 Janneke Nieuwenhuizen ;;; Copyright © 2024 Raven Hallsby @@ -2623,6 +2623,118 @@ helpers that let you write your own unit and acceptance tests for Vagrant.") (home-page "https://github.com/hashicorp/vagrant-spec") (license license:mpl2.0))) +(define-public vagrant + (package + (name "vagrant") + (version "2.3.7") ;; last release under BSD-3 license + (source (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/hashicorp/vagrant") + (commit (string-append "v" version)))) + (file-name (git-file-name name version)) + (sha256 + (base32 + "0c674c5v70skh38lpydz8cdmcp8wgr9h7rn00rxdpgizrzbfxl82")) + (patches (search-patches + "vagrant-bin-vagrant-silence-warning-about-installer.patch" + "vagrant-Support-system-installed-plugins.patch" + "vagrant-Use-a-private-temporary-dir.patch")))) + (build-system ruby-build-system) + (arguments + (list + #:tests? #f ; test require ruby-grpc-tools which are not packaged yet + #:phases + #~(modify-phases %standard-phases + (add-after 'unpack 'patch-gemfile + (lambda _ + (substitute* "Gemfile" + ((", git:.*") "\n")))) + (add-after 'unpack 'pin-executables + (lambda* (#:key inputs outputs #:allow-other-keys) + (let* ((bsdtar (search-input-file inputs "/bin/bsdtar")) + (curl (search-input-file inputs "/bin/curl")) + (dnsmasq (search-input-file inputs "/sbin/dnsmasq")) + (grep (search-input-file inputs "/bin/grep")) + (modinfo (search-input-file inputs "/bin/modinfo")) + (ps (search-input-file inputs "/bin/ps"))) + ;; bsdtar + (for-each + (lambda (rbfile) + (substitute* rbfile + (("\"bsdtar\",") (string-append "\"" bsdtar "\",")))) + (find-files "lib/vagrant/" "\\.rb$")) + ;; curl + (substitute* "lib/vagrant/util/downloader.rb" + (("\"curl\",") (string-append "\"" curl "\","))) + (substitute* "lib/vagrant/util/uploader.rb" + (("\"curl\",") (string-append "\"" curl "\","))) + (substitute* "plugins/hosts/linux/cap/nfs.rb" + ;; grep + (("\\| grep #\\{nfs_service") + (string-append "| " grep " #{nfs_service")) + (("\"grep\",") (string-append "\"" grep "\",")) + ;; modinfo + (("Vagrant::Util::Which.which\\(\"modinfo\"\\)") + (string-append "\"" modinfo "\""))) + ;; ssh, rsync: + ;; Don't pin ssh to allow different clients and to avoid + ;; configuration conflicts when running on a foreign distro. + ;; (substitute* "lib/vagrant/util/ssh.rb" + ;; (("Which.which\\(\"ssh\", original_path: true\\)") + ;; (string-append "\"" ssh "\""))) + ;; ps + (substitute* "lib/vagrant/util/platform.rb" + (("\"ps\",") (string-append "\"" ps "\",")))))) + (add-after 'extract-gemspec 'relax-requirements + (lambda _ + (substitute* "vagrant.gemspec" + ;; Relax some version specification. + (("s\\.required_ruby_version ") "# s.required_ruby_version ") + (("dependency \"rgl\", \"~> 0.5.10\"") + "dependency \"rgl\"") + (("dependency \"vagrant_cloud\", \"~> 3.0.5\"") + "dependency \"vagrant_cloud\"") + (("dependency \"rexml\", .*") + "dependency \"rexml\"\n") + ;; Remove Windows specific dependencies + ((".*dependency \"(wdm|winrm(|-elevated|-fs))\".*") "") + ;; Remove BSD dependency + ((".*dependency \"rb-kqueue\".*") "") + ;; Remove cyclic inclusion of gem + (("^ gitignore_path = " line) + (string-append + "all_files.reject! { |file| file.match?(\"vagrant-.*\\.gem\") }\n" + line)))))))) + (native-search-paths + (list (search-path-specification + (variable "GUIX_VAGRANT_PLUGINS_PATH") + (files '("share/vagrant-plugins"))))) + ;; TODO: install bash/zsh completions, man-page, etc. + ;; see http://svnweb.mageia.org/packages/cauldron/vagrant/current/SPECS/vagrant.spec + (native-inputs (list ruby-fake-ftp ruby-webrick bundler ruby-vagrant-spec)) + (inputs (list curl dnsmasq grep kmod libarchive openssh procps)) + (propagated-inputs + (list ruby-bcrypt-pbkdf ruby-childprocess ruby-ed25519 ruby-erubi + ruby-googleapis-common-protos-types ruby-grpc + ruby-hashicorp-checkpoint ruby-i18n ruby-listen ruby-log4r + ruby-mime-types ruby-net-ftp ruby-net-ssh ruby-net-sftp + ruby-net-scp ruby-ipaddr ruby-rexml ruby-rgl ruby-rubyzip + ruby-vagrant-cloud ruby-vagrant-spec)) + (synopsis "Build and distribute virtualized development environments") + (description "Vagrant is the command line utility for managing the +lifecycle of virtual machines. Isolate dependencies and their configuration +within a single disposable and consistent environment. + +Note: Make sure to have @code{ssh} and @code{rsync} installed — if you use the +respective Vagrant functions. This package does not link to any specific +implementation of these to allow different clients and to avoid configuration +conflicts when running on a `foreign distribution'.") + (home-page "https://www.vagrantup.com") + ;; CVE-2021-21361 is related to the gradle-vagrant-plugin + (properties '((lint-hidden-cve . ("CVE-2021-21361")))) + (license license:bsd-3))) + (define-public python-vagrant (package (name "python-vagrant") From d91435919102861eae3df7e6648998c2614b6d1d Mon Sep 17 00:00:00 2001 From: Hartmut Goebel Date: Fri, 4 Aug 2023 17:49:42 +0200 Subject: [PATCH 32/45] gnu: Add vagrant-vai. * gnu/packages/virtualization.scm (vagrant-vai): New variable. --- gnu/packages/virtualization.scm | 48 +++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) diff --git a/gnu/packages/virtualization.scm b/gnu/packages/virtualization.scm index 66c6487a93f..86851d615dc 100644 --- a/gnu/packages/virtualization.scm +++ b/gnu/packages/virtualization.scm @@ -117,6 +117,7 @@ #:use-module (gnu packages gperf) #:use-module (gnu packages graphviz) #:use-module (gnu packages gtk) + #:use-module (gnu packages guile) #:use-module (gnu packages java) #:use-module (gnu packages haskell) #:use-module (gnu packages haskell-apps) @@ -2735,6 +2736,53 @@ conflicts when running on a `foreign distribution'.") (properties '((lint-hidden-cve . ("CVE-2021-21361")))) (license license:bsd-3))) +(define-public vagrant-vai + (package + (name "vagrant-vai") + (version "0.9.3") + (source (origin + (method url-fetch) + (uri (rubygems-uri "vai" version)) + (sha256 + (base32 + "041bi8hk03ybhacqzhw153j3knqhwvxn8aczzq6nikmpklcs4m4a")))) + (build-system ruby-build-system) + (arguments + (list + #:tests? #f ; tests involve running vagrant and downloading a box + #:phases + #~(modify-phases %standard-phases + (add-after 'install 'install-plugin.json + (lambda _ + (let* ((plugins.d (string-append + #$output "/share/vagrant-plugins/plugins.d")) + (plugin.json (string-append + plugins.d "/" #$name ".json"))) + (mkdir-p plugins.d) + #$(with-extensions (list guile-json-4) + #~(begin + (use-modules (json)) + (call-with-output-file plugin.json + (lambda (port) + (scm->json + '(("vai" ;; #$name + . + (("ruby_version" + . #$(package-version (this-package-input "ruby"))) + ("vagrant_version" + . #$(package-version (this-package-input "vagrant"))) + ("gem_version" . "") + ("require" . "") + ("installed_gem_version" . #$version) + ("sources" . #())))) + port))))))))))) + (inputs (list ruby vagrant)) + (synopsis "Vagrant provisioning plugin to output an Ansible inventory") + (description "This plugin creates an Ansible inventory file containing the +created virtual machines and the respective ssh-parameters.") + (home-page "https://github.com/MatthewMi11er/vai") + (license license:expat))) + (define-public python-vagrant (package (name "python-vagrant") From 3ba037d9434b715d8f1c15243df920580691fbc3 Mon Sep 17 00:00:00 2001 From: Hartmut Goebel Date: Sat, 5 Aug 2023 23:21:32 +0200 Subject: [PATCH 33/45] gnu: Add vagrant-cachier. * gnu/packages/virtualization.scm (vagrant-cachier): New variable. --- gnu/packages/virtualization.scm | 50 +++++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) diff --git a/gnu/packages/virtualization.scm b/gnu/packages/virtualization.scm index 86851d615dc..8eba5c9e7e6 100644 --- a/gnu/packages/virtualization.scm +++ b/gnu/packages/virtualization.scm @@ -2736,6 +2736,56 @@ conflicts when running on a `foreign distribution'.") (properties '((lint-hidden-cve . ("CVE-2021-21361")))) (license license:bsd-3))) +(define-public vagrant-cachier + (package + (name "vagrant-cachier") + (version "1.2.1") + (source (origin + (method url-fetch) + (uri (rubygems-uri "vagrant-cachier" version)) + (sha256 + (base32 + "0v11nf2d2y2knwm4zackd5ap8h2927n8rc1q73b6ii4hndv98fh9")))) + (build-system ruby-build-system) + (arguments + (list + #:tests? #f ; neither gem nor source actually has tests + #:phases + #~(modify-phases %standard-phases + (add-after 'install 'install-plugin.json + (lambda _ + (let* ((plugins.d (string-append + #$output "/share/vagrant-plugins/plugins.d")) + (plugin.json (string-append + plugins.d "/" #$name ".json"))) + (mkdir-p plugins.d) + #$(with-extensions (list guile-json-4) + #~(begin + (use-modules (json)) + (call-with-output-file plugin.json + (lambda (port) + (scm->json + '((#$name + . + (("ruby_version" + . #$(package-version (this-package-input "ruby"))) + ("vagrant_version" + . #$(package-version (this-package-input "vagrant"))) + ("gem_version" . "") + ("require" . "") + ("installed_gem_version" . #$version) + ("sources" . #())))) + port))))))))))) + (inputs (list ruby vagrant)) + (synopsis "Share a common package cache among similar VM instances") + (description "This package provides a Vagrant plugin that helps you reduce +the amount of coffee you drink while waiting for boxes to be provisioned by +sharing a common package cache among similar VM instances. Kinda like +vagrant-apt_cache or this magical snippet but targeting multiple package +managers and Linux distros.") + (home-page "https://github.com/fgrehm/vagrant-cachier") + (license license:expat))) + (define-public vagrant-vai (package (name "vagrant-vai") From 34778811bb33548bcfd1bdeef3c2ed175c14c64f Mon Sep 17 00:00:00 2001 From: Hartmut Goebel Date: Sun, 6 Aug 2023 17:56:41 +0200 Subject: [PATCH 34/45] gnu: Add vagrant-reload. * gnu/packages/virtualization.scm (vagrant-reload): New variable. --- gnu/packages/virtualization.scm | 52 +++++++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+) diff --git a/gnu/packages/virtualization.scm b/gnu/packages/virtualization.scm index 8eba5c9e7e6..9a2ebde5181 100644 --- a/gnu/packages/virtualization.scm +++ b/gnu/packages/virtualization.scm @@ -2786,6 +2786,58 @@ managers and Linux distros.") (home-page "https://github.com/fgrehm/vagrant-cachier") (license license:expat))) +(define-public vagrant-reload + (package + (name "vagrant-reload") + (version "0.0.1") + (source (origin + (method url-fetch) + (uri (rubygems-uri "vagrant-reload" version)) + (sha256 + (base32 + "0smy0px20xgakcyki5hdbk3n63k9c6ychh5pvbannn1p4zjxa0xa")))) + (build-system ruby-build-system) + (arguments + (list + #:tests? #f ; has no tests, testing as described in the Readme requires + ; running vagrant, a provider and downloading a box + #:phases + #~(modify-phases %standard-phases + (add-after 'unpack 'patch-gemfile + (lambda _ + (substitute* "Gemfile" + ((", :git.*") "\n")))) + (add-after 'install 'install-plugin.json + (lambda _ + (let* ((plugins.d (string-append + #$output "/share/vagrant-plugins/plugins.d")) + (plugin.json (string-append + plugins.d "/" #$name ".json"))) + (mkdir-p plugins.d) + #$(with-extensions (list guile-json-4) + #~(begin + (use-modules (json)) + (call-with-output-file plugin.json + (lambda (port) + (scm->json + '((#$name + . + (("ruby_version" + . #$(package-version (this-package-input "ruby"))) + ("vagrant_version" + . #$(package-version (this-package-input "vagrant"))) + ("gem_version" . "") + ("require" . "") + ("installed_gem_version" . #$version) + ("sources" . #())))) + port))))))))))) + (inputs (list ruby vagrant)) + (synopsis "Reload a Vagrant VM as a provisioning step") + (description "This Vagrant plugin enables reloading a Vagrant VM as a +provisioning step.") + (home-page "http://www.vagrantup.com") + (license license:expat))) + (define-public vagrant-vai (package (name "vagrant-vai") From 7679fdc8d42be26311db67ffc3a15418624989a1 Mon Sep 17 00:00:00 2001 From: Hartmut Goebel Date: Sun, 6 Aug 2023 19:51:41 +0200 Subject: [PATCH 35/45] gnu: Add vagrant-libvirt. * gnu/packages/virtualization.scm (vagrant-libvirt): New variable. --- gnu/packages/virtualization.scm | 55 +++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) diff --git a/gnu/packages/virtualization.scm b/gnu/packages/virtualization.scm index 9a2ebde5181..3d5e939a267 100644 --- a/gnu/packages/virtualization.scm +++ b/gnu/packages/virtualization.scm @@ -2786,6 +2786,61 @@ managers and Linux distros.") (home-page "https://github.com/fgrehm/vagrant-cachier") (license license:expat))) +(define-public vagrant-libvirt + (package + (name "vagrant-libvirt") + (version "0.12.2") + (source (origin + (method url-fetch) + (uri (rubygems-uri "vagrant-libvirt" version)) + (sha256 + (base32 + "013g6wn24k01lwwkzcb0vvxj959lws8c52bkyqi6b8shnn793j1l")))) + (build-system ruby-build-system) + (arguments + (list + #:tests? #f ; tests involve running vagrant, downloading a box and + ; access to libvirt socket + #:phases + #~(modify-phases %standard-phases + (add-after 'install 'install-plugin.json + (lambda _ + (let* ((plugins.d (string-append + #$output "/share/vagrant-plugins/plugins.d")) + (plugin.json (string-append + plugins.d "/" #$name ".json"))) + (mkdir-p plugins.d) + #$(with-extensions (list guile-json-4) + #~(begin + (use-modules (json)) + (call-with-output-file plugin.json + (lambda (port) + (scm->json + '((#$name + . + (("ruby_version" + . #$(package-version (this-package-input "ruby"))) + ("vagrant_version" + . #$(package-version (this-package-input "vagrant"))) + ("gem_version" . "") + ("require" . "") + ("installed_gem_version" . #$version) + ("sources" . #())))) + port))))))))))) + (inputs (list ruby vagrant)) + (propagated-inputs (list ruby-diffy + ruby-fog-core + ruby-fog-libvirt + ruby-nokogiri + ruby-rexml + ruby-xml-simple)) + (synopsis "Libvirt provider for Vagrant") + (description "This is a Vagrant plugin that adds a Libvirt provider to +Vagrant, allowing Vagrant to control and provision machines via the Libvirt +toolkit.") + (home-page "https://github.com/vagrant-libvirt/vagrant-libvirt") + (license license:expat))) + (define-public vagrant-reload (package (name "vagrant-reload") From 8e8681b28bf7a86d5c2577f0dd55154d72b5d08d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= Date: Tue, 23 Sep 2025 16:59:24 +0200 Subject: [PATCH 36/45] gnu: guix: Update to a68bcfd. * gnu/packages/package-management.scm (guix): Update to a68bcfd. Change-Id: Ia0c8824d1a2c65af04bd04551078ad1bf07182e9 --- gnu/packages/package-management.scm | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/gnu/packages/package-management.scm b/gnu/packages/package-management.scm index e66ceb612ec..5f8217ed177 100644 --- a/gnu/packages/package-management.scm +++ b/gnu/packages/package-management.scm @@ -194,8 +194,8 @@ ;; Note: the 'update-guix-package.scm' script expects this definition to ;; start precisely like this. (let ((version "1.4.0") - (commit "9202921e812708b23788b2209cdb576d456f56db") - (revision 43)) + (commit "a68bcfd2f53a409c530629d8ec0d9d152a56e16b") + (revision 44)) (package (name "guix") @@ -211,7 +211,7 @@ (commit commit))) (sha256 (base32 - "02cvf6rndj9fwp13gqrqw2r9icpls8p2pq8cxpqs6j7ayj0pj1hy")) + "10ri7f1pwq43ix0k59fqrrgdipz67sx9kyi3yw9x9n89v3k1ns62")) (file-name (string-append "guix-" version "-checkout")))) (build-system gnu-build-system) (arguments From 9debe9ecee68505866726fc0020fd6485156592c Mon Sep 17 00:00:00 2001 From: Andreas Enge Date: Tue, 23 Sep 2025 19:03:58 +0200 Subject: [PATCH 37/45] gnu: hashcat: Support only 64 bit systems. Builds fail on i686 and armhf. * gnu/packages/password-utils.scm (hashcat)[supported-systems]: New field. Change-Id: I561c5fd9de87f350faecae4376627dfec90568bc --- gnu/packages/password-utils.scm | 1 + 1 file changed, 1 insertion(+) diff --git a/gnu/packages/password-utils.scm b/gnu/packages/password-utils.scm index 8451fafad8f..d9710427939 100644 --- a/gnu/packages/password-utils.scm +++ b/gnu/packages/password-utils.scm @@ -1704,6 +1704,7 @@ your online accounts makes it necessary.") (("\\$\\(shell date \\+%s\\)") "0")))) (delete 'configure)))) + (supported-systems %64bit-supported-systems) (home-page "https://hashcat.net/hashcat/") (synopsis "Advanced password recovery utility") (description From b9e46d05039707e1b3f7d09cacf11a214f250fb1 Mon Sep 17 00:00:00 2001 From: Lars Bilke Date: Mon, 22 Sep 2025 21:12:11 +0200 Subject: [PATCH 38/45] gnu: ogs-serial, ogs-petsc: Update to 6.5.6. * gnu/packages/geo.scm (ogs-serial): Update to 6.5.6. Change-Id: I7d81477488cab02c4592bd5d7091c8f1c81e7ace Signed-off-by: Andreas Enge --- gnu/packages/geo.scm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/gnu/packages/geo.scm b/gnu/packages/geo.scm index 959c7e2dd68..69238f28762 100644 --- a/gnu/packages/geo.scm +++ b/gnu/packages/geo.scm @@ -890,7 +890,7 @@ OpenGeoSys") (define-public ogs-serial (package (name "ogs-serial") - (version "6.5.5") + (version "6.5.6") (source (origin (method git-fetch) @@ -899,7 +899,7 @@ OpenGeoSys") (commit version))) (file-name (git-file-name name version)) (sha256 - (base32 "1zph6vlkcq6ph23hlwk4gx3xpdf98a2iz25viah429hm1agziqi4")))) + (base32 "0dpj0m1hp7pn8j5avk4gip80ccx08ik3jw5bknz722d7i9hm78dz")))) (build-system cmake-build-system) (arguments (list From 7d1d1d1f7c470f47776eedd49a1d63ca54f33d45 Mon Sep 17 00:00:00 2001 From: Rutherther Date: Tue, 23 Sep 2025 17:59:02 +0200 Subject: [PATCH 39/45] guix: update-cached-checkout: Fix fetching remote for branches, commits and tags. Follow up of 66463356ce5868d3551ea7014acb34543972a5d8. Because of the mentioned change, update-cached-checkout doesn't update the checkout for branches, commits or tags. This means `guix pull` with %default-channels no longer pulls newer versions. `forward-update-check` no longer fetches the commit to check relations for, leading to an error that reference is not available. * guix/git.scm (update-cached-checkout): Fetch remote even if symref-list is empty. Change-Id: Ia6bb1c669065cf19a6dd16c2a403e8590bc07613 --- guix/git.scm | 1 - 1 file changed, 1 deletion(-) diff --git a/guix/git.scm b/guix/git.scm index f6543d5222d..547585b27d3 100644 --- a/guix/git.scm +++ b/guix/git.scm @@ -596,7 +596,6 @@ current settings unchanged." ;; When using symrefs, fetch remote again even if it has been cloned just ;; before as the requested reference are not fetched when cloning. (when (and cache-exists? - (not (null? symref-list)) (not (reference-available? repository ref))) (remote-fetch (remote-lookup repository "origin") #:fetch-options (make-default-fetch-options From 7ba21ba7f5987d3e8c36b87148af3f7abd0a09ac Mon Sep 17 00:00:00 2001 From: Mark H Weaver Date: Tue, 23 Sep 2025 23:00:10 -0400 Subject: [PATCH 40/45] gnu: yt-dlp: Update to 2025.09.23. * gnu/packages/video.scm (yt-dlp): Update to 2025.09.23. --- gnu/packages/video.scm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/gnu/packages/video.scm b/gnu/packages/video.scm index 467904e5dc2..830bc0b6456 100644 --- a/gnu/packages/video.scm +++ b/gnu/packages/video.scm @@ -3144,7 +3144,7 @@ video streaming services of the Finnish national broadcasting company Yle.") (define-public yt-dlp (package (name "yt-dlp") - (version "2025.09.05") + (version "2025.09.23") (source (origin (method git-fetch) @@ -3156,7 +3156,7 @@ video streaming services of the Finnish national broadcasting company Yle.") (snippet #~(substitute* "pyproject.toml" (("^.*Programming Language :: Python :: 3\\.13.*$") ""))) (sha256 - (base32 "0cjcii3d7pj0wbz3166jpcr81j8x8ggrjiciig9x915sb58qwbpp")))) + (base32 "0x6yjvv0wwyx10bpk2s06k8amah4q6v1g2plwrng1ap2jza539x6")))) (build-system pyproject-build-system) (arguments (list From 8c95bba9ca3ecf375c930162742512b3a266aef3 Mon Sep 17 00:00:00 2001 From: Mark H Weaver Date: Tue, 23 Sep 2025 20:18:30 -0400 Subject: [PATCH 41/45] gnu: icecat: Update to 140.3.1-gnu1. Fixes Mozilla bug 1980812 (Websites take way too long to load): Improved reliability when HTTP/3 connections fail. IceCat no longer forces HTTP/2 during fallback, allowing the server to choose the protocol and preventing stalls on some sites. * gnu/packages/gnuzilla.scm (%icecat-base-version): Uncouple from mozjs and update. (%icecat-build-id): Update. (icecat-source): Uncouple 'upstream-firefox-source' from mozjs source. Update 'gnuzilla-commit' and hashes. --- gnu/packages/gnuzilla.scm | 21 ++++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) diff --git a/gnu/packages/gnuzilla.scm b/gnu/packages/gnuzilla.scm index 23a255cd940..b77147c1473 100644 --- a/gnu/packages/gnuzilla.scm +++ b/gnu/packages/gnuzilla.scm @@ -603,11 +603,9 @@ in the case of Firefox, it is browser/locales/all-locales." "zh-CN" "zh-TW")) -(define %icecat-base-version (package-version mozjs)) -;;; See -;;; for the source of truth regarding Firefox releases. +(define %icecat-base-version "140.3.1") (define %icecat-version (string-append %icecat-base-version "-gnu1")) -(define %icecat-build-id "20250916000000") ;must be of the form YYYYMMDDhhmmss +(define %icecat-build-id "20250923000000") ;must be of the form YYYYMMDDhhmmss ;; 'icecat-source' is a "computed" origin that generates an IceCat tarball ;; from the corresponding upstream Firefox ESR tarball, using the 'makeicecat' @@ -618,9 +616,18 @@ in the case of Firefox, it is browser/locales/all-locales." (sub-version (third (string-split %icecat-base-version #\.))) (upstream-firefox-version (string-append %icecat-base-version "esr")) - (upstream-firefox-source (package-source mozjs)) + (upstream-firefox-source + (origin + (method url-fetch) + (uri (string-append + "https://ftp.mozilla.org/pub/firefox/releases/" + upstream-firefox-version "/source/" + "firefox-" upstream-firefox-version ".source.tar.xz")) + (sha256 + (base32 + "0db7qgcvw4knl6qbkn0a52vh2pcghcw4s2djdvcna1zlqjhv6hqb")))) - (gnuzilla-commit "c939d76c33294791cce8ce1722bd6747dadbe31f") + (gnuzilla-commit "b7f0c6b7d19ececd92640f26eaa43cfec29cf728") (gnuzilla-source (origin (method git-fetch) @@ -631,7 +638,7 @@ in the case of Firefox, it is browser/locales/all-locales." (string-take gnuzilla-commit 8))) (sha256 (base32 - "03ly055r77fprm53474998hyjhb1a78spyxjs7998npyqzv3fscs")))) + "1hzwa4dbk5pvwas867vp2iivdr9zqppr9zbw2xgyd2mdf2kj4a20")))) ;; 'search-patch' returns either a valid file name or #f, so wrap it ;; in 'assume-valid-file-name' to avoid 'local-file' warnings. From 2830a706dc6a4260fce2e0741c8a42243c3af66e Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Fri, 19 Sep 2025 18:47:57 -0400 Subject: [PATCH 42/45] gnu: linux-libre: Update to 6.16.8. * gnu/packages/linux.scm (linux-libre-6.16-version): Update to 6.16.8. (linux-libre-6.16-pristine-source, deblob-scripts-6.16): Update hashes. Change-Id: I8877dbd174014a3f60cffeb4f0ef8bcde80a21cb --- gnu/packages/linux.scm | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index 5f18b22a414..771d59863c1 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -526,17 +526,17 @@ corresponding UPSTREAM-SOURCE (an origin), using the given DEBLOB-SCRIPTS." ;; The current "stable" kernels. That is, the most recently released major ;; versions that are still supported upstream. -(define-public linux-libre-6.16-version "6.16.7") +(define-public linux-libre-6.16-version "6.16.8") (define-public linux-libre-6.16-gnu-revision "gnu") (define deblob-scripts-6.16 (linux-libre-deblob-scripts linux-libre-6.16-version linux-libre-6.16-gnu-revision - (base32 "1s44yaxib45834mjmvqkl70s2lazbzvpxhp4z7qwxkrkpw94mdxx") + (base32 "0qwh82z5bjmq7hhx7s41mnybpr8ihdk2g0bgjb3hzd95x6pw4w51") (base32 "1i4kba2wpkc7jmj7b2qjkrgqsl0g0s1h7j9pfvc7zqyyn9v3kkqr"))) (define-public linux-libre-6.16-pristine-source (let ((version linux-libre-6.16-version) - (hash (base32 "108sk9r6ac0sc7h6ydvlyv7kib6z3af4v2f46kdinys2z6hxmqsv"))) + (hash (base32 "17x6pylbrbh4fyk088gvhbd3gy3gpr1vn9jdjhlk3p44f2yi24r3"))) (make-linux-libre-source version (%upstream-linux-source version hash) deblob-scripts-6.16))) From 62e3bcf504b44cafc08b3fe0e97802ac42e9e09a Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Fri, 19 Sep 2025 18:48:13 -0400 Subject: [PATCH 43/45] gnu: linux-libre 6.12: Update to 6.12.48. * gnu/packages/linux.scm (linux-libre-6.12-version): Update to 6.12.48. (linux-libre-6.12-pristine-source): Update hash. Change-Id: I47bd8732fcd21e999ab3942ade2532b67713c31a --- gnu/packages/linux.scm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index 771d59863c1..c7fb734e8a4 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -545,7 +545,7 @@ corresponding UPSTREAM-SOURCE (an origin), using the given DEBLOB-SCRIPTS." ;; Here are the support timelines: ;; -(define-public linux-libre-6.12-version "6.12.47") +(define-public linux-libre-6.12-version "6.12.48") (define-public linux-libre-6.12-gnu-revision "gnu") (define deblob-scripts-6.12 (linux-libre-deblob-scripts @@ -555,7 +555,7 @@ corresponding UPSTREAM-SOURCE (an origin), using the given DEBLOB-SCRIPTS." (base32 "1yl447396g454116j8v17wsqg5i0gyb2rrxvaygw6xdkbwrrj28j"))) (define-public linux-libre-6.12-pristine-source (let ((version linux-libre-6.12-version) - (hash (base32 "099fj9qd8knafbl400drm8aqn5h7y6g39gc7d4i4hc3lf44f8bz8"))) + (hash (base32 "1chx8ycj609pdpnkhl3d6dsimd4q49vkqdiqisbligsicxkypyav"))) (make-linux-libre-source version (%upstream-linux-source version hash) deblob-scripts-6.12))) From 4018dd05c4e57d3707c7c736ce3dbb45cdf4ab61 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Fri, 19 Sep 2025 18:48:26 -0400 Subject: [PATCH 44/45] gnu: linux-libre 6.6: Update to 6.6.107. * gnu/packages/linux.scm (linux-libre-6.6-version): Update to 6.6.107. (linux-libre-6.6-pristine-source): Update hash. Change-Id: I9ea059f1d69924844167f6bbc4da4f7592f8b74d --- gnu/packages/linux.scm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index c7fb734e8a4..fe7759ddd70 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -560,7 +560,7 @@ corresponding UPSTREAM-SOURCE (an origin), using the given DEBLOB-SCRIPTS." (%upstream-linux-source version hash) deblob-scripts-6.12))) -(define-public linux-libre-6.6-version "6.6.106") +(define-public linux-libre-6.6-version "6.6.107") (define-public linux-libre-6.6-gnu-revision "gnu") (define deblob-scripts-6.6 (linux-libre-deblob-scripts @@ -570,7 +570,7 @@ corresponding UPSTREAM-SOURCE (an origin), using the given DEBLOB-SCRIPTS." (base32 "11i7pvm5n31rvp05msbm3ciclr84cz9c94f5r5aa6mmzhslwpbxk"))) (define-public linux-libre-6.6-pristine-source (let ((version linux-libre-6.6-version) - (hash (base32 "18584vys8qmbqj4hndiyhwbsn6z3832djm1mx07vgl6wv3i80c8c"))) + (hash (base32 "0iz4kvnsvs5fx9m2zm93xla2pkr0hqqyahm5d6f7p1n7scbk1dy9"))) (make-linux-libre-source version (%upstream-linux-source version hash) deblob-scripts-6.6))) From ba6369c85b9c63749d36a56e4afd28cd0fc5fb3b Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Fri, 19 Sep 2025 18:48:41 -0400 Subject: [PATCH 45/45] gnu: linux-libre 6.1: Update to 6.1.153. * gnu/packages/linux.scm (linux-libre-6.1-version): Update to 6.1.153. (linux-libre-6.1-pristine-source): Update hash. Change-Id: Ibe36052df35e4f44e3e047d1350e3dd0469beba1 --- gnu/packages/linux.scm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index fe7759ddd70..7a8bcb3d99e 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -575,7 +575,7 @@ corresponding UPSTREAM-SOURCE (an origin), using the given DEBLOB-SCRIPTS." (%upstream-linux-source version hash) deblob-scripts-6.6))) -(define-public linux-libre-6.1-version "6.1.152") +(define-public linux-libre-6.1-version "6.1.153") (define-public linux-libre-6.1-gnu-revision "gnu") (define deblob-scripts-6.1 (linux-libre-deblob-scripts @@ -585,7 +585,7 @@ corresponding UPSTREAM-SOURCE (an origin), using the given DEBLOB-SCRIPTS." (base32 "0f3jgbfd2j7sz7h1hb30s1r9147g1cbb3ia09k9834fvbiz1ihaa"))) (define-public linux-libre-6.1-pristine-source (let ((version linux-libre-6.1-version) - (hash (base32 "1ndpnlmpsp2137aqis8bpa2cvdl28jg66pi0p2c6d26cm7i3n5qs"))) + (hash (base32 "0j4yzkhkbcsa9pgwcyqyfxi73avi7m0hd6xfaql73zwrb3hbvsvn"))) (make-linux-libre-source version (%upstream-linux-source version hash) deblob-scripts-6.1)))