Re: [PATCH] gnu: lynx: Fix GnuTLS support.

[ng0]

Tobias Geerinckx-Rice  writes:

> [ Unknown signature status ]
> On 07/10/16 03:56, Tobias Geerinckx-Rice wrote:
>> Interestingly,
>> 
>>   $ lynx https://google.com
>> 
>> works just fin—
>
> (In the interest of balance,
>
>   $ lynx https://duckduckgo.com
>
> works just fin– as well.)
>
> Kind regards,
>
> T G-R
>

Without knowing all the history of this bug, could it be related to the
curl problem (which currently keeps my darcs, pbpst, and probably
something else from getting into master)? Do we need some environment
variable to pass or work into lynx to make it work for us? or patch lynx
at its source?

[PATCH] gnu: sane-backends: Update to 1.0.25

[Al McElrath]

Attached is a patch to update sane-backends to 1.0.25. I checked and the
tests are still failing.

>From deaf7c884363361b043e5b1008e30bfc84f7216c Mon Sep 17 00:00:00 2001
From: Al McElrath 
Date: Thu, 6 Oct 2016 12:01:31 -0700
Subject: [PATCH] gnu: sane-backends: Update to 1.0.25.

* gnu/packages/scanner.scm (sane-backends): Update to 1.0.25.
---
 gnu/packages/scanner.scm | 9 -
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/gnu/packages/scanner.scm b/gnu/packages/scanner.scm
index 76e11a9..76817b3 100644
--- a/gnu/packages/scanner.scm
+++ b/gnu/packages/scanner.scm
@@ -29,15 +29,15 @@
 (define-public sane-backends
   (package
 (name "sane-backends")
-(version "1.0.24")
+(version "1.0.25")
 (source (origin
  (method url-fetch)
- (uri (string-append 
-   "https://alioth.debian.org/frs/download.php/file/3958/";
+ (uri (string-append
+   "https://alioth.debian.org/frs/download.php/file/4146/";
name "-" version ".tar.gz"))
  (sha256
   (base32
-   "0ba68m6bzni54axjk15i51rya7hfsdliwvqyan5msl7iaid0iir7"
+   "0b3fvhrxl4l82bf3v0j47ypjv6a0k5lqbgknrq1agpmjca6vmmx4"
 (build-system gnu-build-system)
 (native-inputs
  `(("pkg-config" ,pkg-config)))
@@ -73,4 +73,3 @@ proving access to any raster image scanner hardware (flatbed scanner,
 hand-held scanner, video- and still-cameras, frame-grabbers, etc.).  The
 package contains the library and drivers.")
 (license licence:gpl2+))) ; plus linking exception
-
-- 
2.6.3

Re: [PATCH] gnu: lynx: Fix GnuTLS support.

[Tobias Geerinckx-Rice]

On 07/10/16 03:56, Tobias Geerinckx-Rice wrote:
> Interestingly,
> 
>   $ lynx https://google.com
> 
> works just fin—

(In the interest of balance,

  $ lynx https://duckduckgo.com

works just fin– as well.)

Kind regards,

T G-R



signature.asc
Description: OpenPGP digital signature

Re: [PATCH] gnu: lynx: Fix GnuTLS support.

[Tobias Geerinckx-Rice]

Kei,

On 07/10/16 03:28, Leo Famulari wrote:
> On Thu, Oct 06, 2016 at 08:48:31PM -0400, Kei Kebreau wrote:
>> HTTPS connections using lynx work on my machine with this patch. Would
>> someone else like to see about this?
> 
> Thanks for working on this!

+1!

On 07/10/16 03:28, Leo Famulari wrote:
> It still fails for me, but in a different way than before:
> $ lynx https://famulari.name

On my pure GuixSD machine,

  $ lynx https://tobias.gr

suffers the same fate. Interestingly,

  $ lynx https://google.com

works just fin— Wait a minute, this all sounds terribly familiar.

https://lists.gnu.org/archive/html/guix-devel/2016-03/msg00135.html

I gave up at this point, as Guix was new and scary and my need for Lynx
vanished anyway. It looks like there might some Lynx-specific quirks
involved as well (e.g. ‘--with-gnutls=’ sufficing, at least back then).

Kind regards/good luck,

T G-R



signature.asc
Description: OpenPGP digital signature

Re: [PATCH] gnu: lynx: Fix GnuTLS support.

[Leo Famulari]

On Thu, Oct 06, 2016 at 08:48:31PM -0400, Kei Kebreau wrote:
> HTTPS connections using lynx work on my machine with this patch. Would
> someone else like to see about this?

Thanks for working on this!

It still fails for me, but in a different way than before [0]:

-
$ lynx https://famulari.name   

Looking up famulari.name
Making HTTPS connection to famulari.name
Retrying connection without TLS.
Looking up famulari.name
Making HTTPS connection to famulari.name
Alert!: Unable to make secure connection to remote host.

lynx: Can't access startfile https://famulari.name/
-

I assume that I'm missing some environment variable on this Guix /
Debian system. Any ideas?

If it works for you, I'd say go for it.

> From c18ab7b9c24f07ab86529d7f5f08f4dd21cea549 Mon Sep 17 00:00:00 2001
> From: Kei Kebreau 
> Date: Thu, 6 Oct 2016 20:38:39 -0400
> Subject: [PATCH] gnu: lynx: Fix GnuTLS support.
> 
> * gnu/packages/lynx.scm (lynx)[arguments]: Pass "--with-gnutls" in

I think this commit message is truncated.

[0] Without this patch, lynx says:
Alert!: This client does not contain support for HTTPS URLs.


signature.asc
Description: PGP signature

Re: [PATCH v2 00/13]: Add asdf-build-system.

[宋文武]

l...@gnu.org (Ludovic Courtès) writes:

> Hi!
>
> Andy Patterson  skribis:
>
>> Here's the next round of the series. In addition to the changes proposed by
>> 宋文武, I homogenized the phases of the compiled packages, in order to
>> simplify transformations. I also added a package transformer system similar 
>> to
>> package-with-python2. Finally, I decided to have all packages bundle a copy 
>> of
>> their source, and use it while building, rather than using the source 
>> packages
>> as a build input, which had some complications.
>>
>> Further comments are appreciated.
>
> 宋文武, I take it that you’ll be looking at this patch series, right?
> If you’d like others to chime in, please let us know.  :-)
>

Yes, at this point Andy Patterson had addressed most my questions in his
latest reply, so I plan to merge them once a new 'asdf-build-system'
patch is out (fix typo, add more document, etc.) and if no new concerns
appear.  It will be great if others review and comment on them too, in
case I overlooked something :-)

Re: [PATCH] gnu: Add epic5.

[Leo Famulari]

On Thu, Oct 06, 2016 at 10:02:18PM +, ng0 wrote:
> Hi,
> 
> you are probably busy so I'd like to ask if this requires further
> changes or if it is good to go. Someone else can review it too.

Can you submit a revised patch using 'non-copyleft' for the license? Or
are there more packages on the way using the epic5 license?

[PATCH] gnu: lynx: Fix GnuTLS support.

[Kei Kebreau]

HTTPS connections using lynx work on my machine with this patch. Would
someone else like to see about this?
From c18ab7b9c24f07ab86529d7f5f08f4dd21cea549 Mon Sep 17 00:00:00 2001
From: Kei Kebreau 
Date: Thu, 6 Oct 2016 20:38:39 -0400
Subject: [PATCH] gnu: lynx: Fix GnuTLS support.

* gnu/packages/lynx.scm (lynx)[arguments]: Pass "--with-gnutls" in
---
 gnu/packages/lynx.scm | 28 +++-
 1 file changed, 15 insertions(+), 13 deletions(-)

diff --git a/gnu/packages/lynx.scm b/gnu/packages/lynx.scm
index 3182b3e..71bed77 100644
--- a/gnu/packages/lynx.scm
+++ b/gnu/packages/lynx.scm
@@ -53,19 +53,21 @@
   ("gzip" ,gzip)
   ("bzip2" ,bzip2)))
 (arguments
- `(#:configure-flags '("--with-pkg-config"
-   "--with-screen=ncurses"
-   "--with-zlib"
-   "--with-bzlib"
-   "--with-gnutls"
-   ;; "--with-socks5"; XXX TODO
-   "--enable-widec"
-   "--enable-ascii-ctypes"
-   "--enable-local-docs"
-   "--enable-htmlized-cfg"
-   "--enable-gzip-help"
-   "--enable-nls"
-   "--enable-ipv6")
+ `(#:configure-flags
+   (let ((gnutls (assoc-ref %build-inputs "gnutls")))
+ `("--with-pkg-config"
+   "--with-screen=ncurses"
+   "--with-zlib"
+   "--with-bzlib"
+   ,(string-append "--with-gnutls=" gnutls)
+   ;; "--with-socks5"; XXX TODO
+   "--enable-widec"
+   "--enable-ascii-ctypes"
+   "--enable-local-docs"
+   "--enable-htmlized-cfg"
+   "--enable-gzip-help"
+   "--enable-nls"
+   "--enable-ipv6"))
#:tests? #f  ; no check target
#:phases (alist-replace
  'install
-- 
2.10.0



signature.asc
Description: PGP signature

gforth->forth, add colorforth for review

[ng0]

The following 2 patches move gforth.scm to forth.scm as originally intended and 
previously discussed here, and they also add colorforth.
However for the lack of native 32bit or the author providing bad instructions 
(https://github.com/narke/colorForth) I need someone who either tells me this 
is bad, don't add it or who can actually run it..
I'm waiting for a PSU for my old i686 board.
Qemu as build by guix on x86_64 GuixSD when run with "qemu-system-i386 -boot a 
-fda cf2012.img" says
a long version of "nope!" and refuses to fully start this. I'm no expert in 
qemu yet..

[PATCH 1/2] gnu: Rename gforth module to forth.
[PATCH 2/2] gnu: Add colorforth.

[PATCH 2/2] gnu: Add colorforth.

[ng0]

* gnu/packages/forth.scm (colorforth): New variable.
---
 gnu/packages/forth.scm | 38 ++
 1 file changed, 38 insertions(+)

diff --git a/gnu/packages/forth.scm b/gnu/packages/forth.scm
index 67de966..8f32455 100644
--- a/gnu/packages/forth.scm
+++ b/gnu/packages/forth.scm
@@ -21,7 +21,9 @@
   #:use-module ((guix licenses) #:prefix license:)
   #:use-module (guix packages)
   #:use-module (guix download)
+  #:use-module (guix git-download)
   #:use-module (guix build-system gnu)
+  #:use-module (gnu packages assembly)
   #:use-module (gnu packages m4))
 
 (define-public gforth
@@ -58,3 +60,39 @@ and history.  A generic virtual machine environment, vmgen, 
is also
 included.")
 (home-page "https://www.gnu.org/software/gforth/";)
 (license license:gpl3+)))
+
+(define-public colorforth
+  (let ((commit "94aec438f1ded202681f18801b98c52dc3beee41")
+(revision "1"))
+(package
+  (name "colorforth")
+  (version (string-append "0.0.0-" revision "." (string-take commit 7)))
+  (source (origin
+(method git-fetch)
+(uri (git-reference
+  (url "https://github.com/narke/colorForth";)
+  (commit commit)))
+(sha256
+ (base32
+  "0s602k568bm6vmvpahsms77liicg38vksn59j5m8ax4h9l9ca77r"
+  (arguments
+   `(#:tests? #f
+ #:phases
+ (modify-phases %standard-phases
+   (delete 'configure) ; no configure script
+   (replace 'install ; There is no 'install
+ (lambda _
+   (install-file "cf2012.img"
+ (string-append (assoc-ref %outputs "out")
+"/bin")))
+  (native-inputs
+   `(("nasm" ,nasm)))
+  (build-system gnu-build-system)
+  (home-page "https://github.com/narke/colorForth";)
+  (synopsis "Native 32-bit colorForth for PCs, Bochs and Qemu")
+  (description
+   "Native colorForth for 32-bit PCs, at least compilable on Linux
+ and runnable on both Bochs and Qemu.  It is adapted from
+ @url{http://sourceforge.net/projects/colorforth, colorforth}.
+ The original colorforth is public domain software.")
+  (license license:public-domain ; clarify upstream
-- 
2.10.1

[PATCH 1/2] gnu: Rename gforth module to forth.

[ng0]

* gnu/local.mk (GNU_SYSTEM_MODULES): Rename gforth.scm to forth.scm.
* gnu/packages/gforth.scm: Rename file to forth.scm.
* gnu/packages/forth.scm: Renamed from gforth.scm.
---
 gnu/local.mk   | 2 +-
 gnu/packages/{gforth.scm => forth.scm} | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)
 rename gnu/packages/{gforth.scm => forth.scm} (96%)

diff --git a/gnu/local.mk b/gnu/local.mk
index 1ce95f2..3094c75 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -127,6 +127,7 @@ GNU_SYSTEM_MODULES =\
   %D%/packages/fltk.scm\
   %D%/packages/fonts.scm   \
   %D%/packages/fontutils.scm   \
+  %D%/packages/forth.scm   \
   %D%/packages/freedesktop.scm \
   %D%/packages/freeipmi.scm\
   %D%/packages/ftp.scm \
@@ -142,7 +143,6 @@ GNU_SYSTEM_MODULES =\
   %D%/packages/geo.scm \
   %D%/packages/geeqie.scm  \
   %D%/packages/gettext.scm \
-  %D%/packages/gforth.scm  \
   %D%/packages/ghostscript.scm \
   %D%/packages/gimp.scm\
   %D%/packages/gkrellm.scm \
diff --git a/gnu/packages/gforth.scm b/gnu/packages/forth.scm
similarity index 96%
rename from gnu/packages/gforth.scm
rename to gnu/packages/forth.scm
index b2a67ce..67de966 100644
--- a/gnu/packages/gforth.scm
+++ b/gnu/packages/forth.scm
@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2016 ng0 
+;;; Copyright © 2016 ng0 
 ;;; Copyright © 2016 Sou Bunnbu 
 ;;;
 ;;; This file is part of GNU Guix.
@@ -17,7 +17,7 @@
 ;;; You should have received a copy of the GNU General Public License
 ;;; along with GNU Guix.  If not, see .
 
-(define-module (gnu packages gforth)
+(define-module (gnu packages forth)
   #:use-module ((guix licenses) #:prefix license:)
   #:use-module (guix packages)
   #:use-module (guix download)
-- 
2.10.1

Re: [PATCH] gnu: Add epic5.

[ng0]

Hi,

you are probably busy so I'd like to ask if this requires further
changes or if it is good to go. Someone else can review it too.

Thanks

ng0  writes:

> Leo Famulari  writes:
>
>> [ Unknown signature status ]
>> On Sat, Sep 24, 2016 at 01:04:47PM +, ng0 wrote:
>>> I tried to get ssl working via:
>>> - patching include/config.h
>>> - just export the variable which was in include/config.h without
>>>   patching it.
>>> 
>>> but it seems like epic5 does something different which 'justworks™' in
>>> ircii. epic5 is based on ircii.
>>> If ssl is mandatory, I'll check their git repository and see if there
>>> have been any commits recently fixing this.
>>
>> In general, SSL / TLS support is not mandatory for packages that do
>> network traffic. But, users should not be misled into thinking that they
>> are using TLS when it doesn't work.
>>
>> So, what happens when you use this epic5 to connect to an IRC server
>> that uses TLS?
>>
>> Does it fail silently? That's not okay.
>
> No, it fails with (for me) cryptic failures like ircII used to do. You
> can try it out yourself by comparing ircii and epic5 while trying
> chat.freenode.net 6697
>
> unset IRCSERVER; epic5 chat.freenode.net -p 6697
> output:
>
> *** I can't find your mailbox.
> *** Performing DNS lookup for [chat.freenode.net] (server 0)
> *** DNS lookup for server 0 [chat.freenode.net] returned (15) addresses
> *** Connecting to server refnum 0 (chat.freenode.net), using address 1 
> (164.132.77.237:6697)
> *** INFO -- unix_recv: read(3) failed: Connection reset by peer
> *** INFO -- new_io_event: fd 3 must be closed
> *** INFO -- dgets: fd [3] must be closed
> *** Connection closed from chat.freenode.net
>
>
> ... I assume that epic5 just isn't up to date or does handle something
> differently which ircii succeeds with. ircii added this
> functionality/variable:
> export IRCSERVER="SSLIRC/chat.freenode.net:6697"
> |
> so if you prepend "SSLIRC/" and use |
> :whatever-port-the-networks-ircs-port-is 
> you get a connection to ircs, otherwise it fails.
> Best is to try this yourself for comparing outputs.
>
>>> Subject: [PATCH 1/2] licenses: Add epic.
>>> 
>>> * guix/licenses.scm (epic): New variable.
>>
>> Does anything else use this license? If not, I would leave it out and
>> use non-copyleft for the epic5 package license.
>>
>>> Subject: [PATCH 2/2] gnu: Add epic5.
>>> 
>>> * gnu/packages/irc.scm (epic5): New variable.
>>
>>> + (add-after 'unpack 'patch-bsdinstall
>>> +   ;; We should include this in the build-system, bsdinstall is a 
>>> standard.
>>> +   ;; If we just remove /bin/ some part of the bsdinstall breaks.
>>> +   (lambda _
>>> + (substitute* "bsdinstall"
>>> +   (("/bin/strip") "strip")
>>> +   (("/bin/cp") "cp")
>>> +   (("/bin/chmod") "chmod")
>>> +   (("/etc/chown") "chown")
>>> +   (("/bin/chgrp") "chgrp")
>>> +   (("/bin/mkdir") "mkdir")
>>> +   (("/bin/rm") "rm")
>>> +   (("/bin/mv") "mv")
>>> +   (("/etc/") ""
>>
>> "/etc/" is not an executable path. Do we need to substitute it here?
>> What happens when you don't change that line?
>
> bsdinstalls has a reference to /etc/chmod there - if we leave /etc/ in,
> install fails.
>
>>> +   (zero?
>>> +(system* "./configure"
>>> + (string-append "--prefix=" out)
>>> + "--with-ipv6" "--with-libarchive"
>>
>> What does it use libarchive for? What happens if we leave it out?
>
> I added it because of our "maximum features" goal.
>
> UPDATES:1473:*** News 01/03/2008 -- $info(o) values for libarchive, iconv 
> support
> UPDATES:1474:   If the binary supports libarchive, $info(o) will include 'r'.
> UPDATES:1509:*** News 11/29/2007 -- Support for ZIP files from libarchive
> UPDATES:1529:   All of this is based on 'libarchive' being installed.  You 
> will need
> UPDATES:1530:   to re-run configure in order to pick up libarchive support 
> after you
>
> Details:
>
> *** News 01/03/2008 -- $info(o) values for libarchive, iconv support
> If the binary supports libarchive, $info(o) will include 'r'.
> If the binary supports iconv, $info(o) will include 'v'.
> Libarchive support is required to /load from a .zip file
> Iconv support is required to be able to do character set translation.
>
> *** News 11/29/2007 -- Support for ZIP files from libarchive
> Support for loading files from .zip files has been added.  This first
> round of implementation just adds the raw ability, but it's not 
> totaly ready to be used yet.  You're welcome to start playing with
> it and reporting any problems you have.
>
> You can $open() a file for reading or /load it from a zip file:
> /load foo.zip/file
> and
> @fd =

Re: 01/01: gnu: btrfs-progs: Update to 4.8.

[Leo Famulari]

On Wed, Oct 05, 2016 at 08:07:35PM +, Tobias Geerinckx-Rice wrote:
> nckx pushed a commit to branch master
> in repository guix.
> 
> commit 151df6ab3dd15c1c8fba3347022ebcb7bc05a5d5
> Author: Tobias Geerinckx-Rice 
> Date:   Wed Oct 5 22:06:46 2016 +0200
> 
> gnu: btrfs-progs: Update to 4.8.
> 
> * gnu/packages/linux.scm (btrfs-progs): Update to 4.8.

I noticed this failed to build on 32-bit machines on Hydra. And here is
the upstream bug report:

https://patchwork.kernel.org/patch/9363537/

Tobias, can you follow that discussion / fix this build failure for us?

:)

Re: OpenSSL security updates

[Leo Famulari]

On Thu, Oct 06, 2016 at 09:53:47PM +0200, Ludovic Courtès wrote:
> Leo Famulari  skribis:
> 
> > On Mon, Sep 26, 2016 at 01:01:38PM -0400, Leo Famulari wrote:
> >> Subject: [PATCH] gnu: openssl: Update replacement to 1.0.2j [fixes
> >>  CVE-2016-7052].
> >> 
> >> * gnu/packages/tls.scm (openssl): Update replacement to 1.0.2j.
> >> (openssl-1.0.2i): Replace with...
> >> (openssl-1.0.2j): ... new variable.
> >
> > Ludo, you mentioned you were using this graft as a test case for
> > improvements to `guix lint`. Let us know if you are done with it so it
> > can be ungrafted on the core-updates branch.
> 
> Go ahead, I’m done!
> 
> What I meant by “test case” is just commit
> 8389e6f06efde73ebb849a82e0967eb6afec8c39: now the replacement is called
> “1.0.2j”, not “1.0.2h”.

Ungrafted with 1d8de185b80958cbb0c10621e1dd790aa327064b !

Re: [PATCH 2/2] gnu: tzdata: Use modify-phases

[Leo Famulari]

On Thu, Oct 06, 2016 at 09:36:37PM +0200, Ludovic Courtès wrote:
> John Darrington  skribis:
> 
> > * gnu/packages/base.scm (tzdata)[arguments]: Replace alist- procedures
> > with modify-phases
> 
> OK for core-updates!

I took the opportunity to update tzdata to the latest release, 2016g.

Re: [PATCH 2/2] gnu: Add gnome-clocks.

[Ludovic Courtès]

rennes  skribis:

> From fd784203294523120f09312ffe9699a4983e6156 Mon Sep 17 00:00:00 2001
> From: Rene Saavedra 
> Date: Sat, 1 Oct 2016 07:22:39 -0500
> Subject: [PATCH 2/2] gnu: Add gnome-clocks.
>
>   * gnu/packages/gnome-clocks.scm (gnome-clocks): New variable.

Could you please move it to gnome.scm, as Harmut suggests?

> +(home-page "https://wiki.gnome.org/Apps/Clocks";)
> +(synopsis "Clocks applications for GNOME")

Singular.

> +(description
> + "Simple clock application for GNOME.  It includes world clocks,
 ^
Make a full sentence.

> +(license license:gpl2)))

Most likely ‘gpl2+’ (please check).

Could you send an updated patch?

Thanks!

Ludo’.

Re: [PATCH 1/2] gnu: Add gsound.

[Ludovic Courtès]

Hello,

rennes  skribis:

> From 1d8368a12295c223626a3638d45e50a2043b980c Mon Sep 17 00:00:00 2001
> From: Rene Saavedra 
> Date: Sat, 1 Oct 2016 07:17:34 -0500
> Subject: [PATCH 1/2] gnu: Add gsound.
>
>   * gnu/packages/gsound.scm (gsound): New variable.
  ^^

Extra space here.  :-)

I think this should go to libcanberra.scm rather than its own module.
WDYT?

> +(description
> + "Designed to be used via GObject Introspection,
> +and is a thin wrapper around the libcanberra C library.")

Could you improve this description, as per
?

> +(license license:lgpl2.1)))

It should be ‘lgpl2.1+’ (meaning “or any later version”), unless the “or
any later version” wording has been explicitly removed from the
copyright headers or the license file says so (unlikely in this case).

Could you send an updated patch?

Thanks!

Ludo’.

Re: [PACKAGE] musl libc

[ng0]

Hi,

Vincent Legoll  writes:

>>> We usually don’t use the “gcc” package directly in Guix.  Instead we use
>>> “gcc-toolchain”, which also comes with a wrapper around the linker that
>>> ensures that binaries are linked with libraries in the store, ensuring
>>> that things generally just work™.
>>>
>>> I think more work would be needed to ensure that packages can actually
>>> successfully be linked with musl, but I’m not at all familiar with this.
>>> I had mixed success with a GCC ARM cross-compiler toolchain linking with
>>> newlib, so I know that it’s not exactly obvious how to do this right,
>>> but I find it hard to understand this.
>>>
>>> Have you tried building something that links with the libc provided by
>>> this musl package instead of the GNU libc?  I’m not opposed to adding
>>> the package, but I’d like it to be usable.
>
> I'm not sure...
>
> I built musl, made the sinit package use the musl-wrapper as CC,
> and it worked (it builds => it works) but couldn't test that sinit as
> replacement for pid 1...

I was wondering what happened to musl? Are there any problems left,
anything the people you have been working with can help you to solve? I
had the impression it was almost ready.

> -- 
> Vincent Legoll

Re: [PATCH v2 00/13]: Add asdf-build-system.

[Ludovic Courtès]

Hi!

Andy Patterson  skribis:

> Here's the next round of the series. In addition to the changes proposed by
> 宋文武, I homogenized the phases of the compiled packages, in order to
> simplify transformations. I also added a package transformer system similar to
> package-with-python2. Finally, I decided to have all packages bundle a copy of
> their source, and use it while building, rather than using the source packages
> as a build input, which had some complications.
>
> Further comments are appreciated.

宋文武, I take it that you’ll be looking at this patch series, right?
If you’d like others to chime in, please let us know.  :-)

Thanks,
Ludo’.

Re: [PATCH] doc: Add guide how to specify dependencies for Python packages

[Ludovic Courtès]

Hartmut Goebel  skribis:

> * doc/guix.texi (Python Modules): New sub-subsection "Specifying
>   Dependencies".

Cool, thanks for working on it.

> +@subsubsection Specifying Dependencies
> +@cindex inputs, for Python packages
> +
> +@itemize

Could you add a sentence or two before @itemize to give some context?

> +@item
> +All Python package required at run-time need to go into

s/All Python package/Python packages/
s/run-time/run time/

> +@code{propagated-inputs}.  These are typically defined in
   ^
(@pxref{package Reference, @code{propagated-inputs}})

> +@code{install_requires} or in a requirements-file.

Perhaps this is obvious to a seasoned Python programmer, but I think
we should clarify this:

  in the @code{install_requires} field of whatever(?), or in a
  @file{requirements.txt} file.

> +@item
> +Python packages required only for building (to be found e.g. in
> +@code{setup_requires}) or testing (to be found e.g. in

Remove “e.g.” here or put it at the beginning of the parenthetical
expression.

> +@code{tests_require}) go into @code{native-inputs}. Examples are
> +@emph{setuptools}, @emph{pytest}, @emph{mock}, and @emph{nose}. Of
> +course if any of these packages is required at run-time, it needs to be
> +set in @code{propagated-inputs}.

s/to be set in/to go to/

I’m not entirely convinced that this is an improvement of what “package
Reference” says.  In particular, it describes ‘native-inputs’ as having
nothing to do with cross-compilation.  OTOH, it has the advantage of
providing concrete instructions to someone focusing on Python.

Thoughts?

> +@item
> +@code{inputs} only contain programs or C-libraries (and such) required
> +for building Python packages containing c-extensions (or such).

“C libraries” and “C extensions”; remove “(and/or such)”.

> +@item
> +If a Python package has optional extra dependencies

s/extra//

> +(@code{extras_require}), not these are not listed here at all - except
^^^ ^^^
Remove “not”.
“at all---except”

> +if there is a test-case in which case they are added to
> +@code{native-inputs}.

“test case”

I’m not sure what “if there is a test case” means here; should it be “if
it is a test suite framework”?

> +
> +@item
> +If a packages has complicated optional extra dependencies you may want
   ^
> +to define another package to ease resolving these dependencies for the
> +user.  E.g. @code{python-abcdef-ssh} inherits @code{python-abcdef} and
> +adds the dependencies required for the @emph{ssh} extra feature.

The question of optional dependencies in general is already covered in
“Submitting Patches”, item 5.

Could you send an updated patch?

Thanks,
Ludo’.

Re: [PATCH 1/2] gnu: tzdata: Fix dangling symbolic link.

[Danny Milosavljevic]

>   (symlink "." (string-append out "/share/zoneinfo/posix"))

"..", no?

Re: [PATCH 3/3] gnu: lvm2: Make sure compiled objects are stripped.

[Ludovic Courtès]

Leo Famulari  skribis:

> * gnu/packages/linux.scm (lvm2)[arguments]: Add 'make-objects-writeable' 
> phase.

OK, thanks!

Ludo’.

Re: [PATCH 2/3] gnu: lvm2: Update to 2.02.166.

[Ludovic Courtès]

Leo Famulari  skribis:

> * gnu/packages/linux.scm (lvm2): Update to 2.02.166.

OK!

Re: [PATCH 1/3] gnu: lvm2: Use 'modify-phases'.

[Ludovic Courtès]

Leo Famulari  skribis:

> * gnu/packages/linux.scm (lvm2)[arguments]: Use 'modify-phases'.

OK!

Re: [PATCH] gnu: Add CUPS service.

[Ludovic Courtès]

Hello!

Andy Wingo  skribis:

> * gnu/services/cups.scm: New file.
> * gnu/local.mk (GNU_SYSTEM_MODULES): Add gnu/services/cups.scm.
> * doc/guix.texi (Printing Services): New section.

Awesome!

> +One way you might want to customize CUPS is to enable or disable the web 
> interface.  You can do that directly, like this:

Line too long.  :-)

> +The available configuration parameters follow.  Each parameter
> +definition is preceded by its type; for example, @samp{string-list foo}
> +indicates that the @code{foo} parameter should be specified as a list of
> +strings.  There is also a way to specify the configuration as a string,
> +if you have an old @code{cupsd.conf} file that you want to port over
> +from some other system; see the end for more details.

I like this approach.

> +@c The following documentation was initially generated by
> +@c (generate-documentation) in (gnu services cups).  Manually maintained
> +@c documentation is better, so we shouldn't hesitate to edit below as
> +@c needed.  However if the change you want to make to this documentation
> +@c can be done in an automated way, it's probably easier to change
> +@c (generate-documentation) than to make it below and have to deal with
> +@c the churn as CUPS updates.

Neat!

> +(define (validate-configuration config fields)
> +  (for-each (lambda (field)
> +  (let ((val ((configuration-field-getter field) config)))
> +(unless ((configuration-field-predicate field) val)
> +  (cups-configuration-field-error
> +   (configuration-field-name field) val
> +fields))

In the future I’d like to make such checks expansion-time, to the extent
possible.

> +#;
> +(define-record-type* 
> +  cups-configuration make-cups-configuration
> +  cups-configuration?
> +  (cups cups-configuration-cups ;
> +  (default cups))
> +  (config-filecups-configuration-file)
> +  (data-directory cups-configuration-data-directory))

Remove?

> +  (define %cups-accounts
   ^^
Space.

> +;; FIXME!
> +(define (access-control? x) #f)
> +(define (serialize-access-control x) #f)

That means that fields of type ‘access-control’ are never validated and
cannot be serialized?  Is it a problem?

> +(define %cups-activation
> +  ;; Activation gexp.
> +  #~(begin
> +  (use-modules (guix build utils))

To be sure:

  (with-imported-modules '((guix build utils))
#~(begin …))

> +  (define (build-subject parameters)
> +(string-concatenate
> + (map (lambda (pair)
> +(let ((k (car pair)) (v (cdr pair)))
> +  (define (escape-char str chr)
> +(string-join (string-split str chr) (string #\\ chr)))
> +  (string-append "/" k "="
> + (escape-char (escape-char v #\=) #\/
> +  (filter (lambda (pair) (cdr pair)) parameters
> +  (define* (create-self-signed-certificate-if-absent
> +#:key private-key public-key (owner (getpwnam "root"))
> +(common-name (gethostname))
> +(organization-name "GuixSD")
> +(organization-unit-name "Default Self-Signed Certificate")
> +(subject-parameters `(("CN" . ,common-name)
> +  ("O" . ,organization-name)
> +  ("OU" . ,organization-unit-name)))
> +(subject (build-subject subject-parameters)))
> +;; Note that by default, OpenSSL outputs keys in PEM format.  This
> +;; is what we want.
> +(unless (file-exists? private-key)
> +  (cond
> +   ((zero? (system* (string-append #$openssl "/bin/openssl")
> +"genrsa" "-out" private-key "2048"))
> +(chown private-key (passwd:uid owner) (passwd:gid owner))
> +(chmod private-key #o400))
> +   (else
> +(format (current-error-port)
> +"Failed to create private key at ~a.\n" private-key
> +(unless (file-exists? public-key)
> +  (cond
> +   ((zero? (system* (string-append #$openssl "/bin/openssl")
> +"req" "-new" "-x509" "-key" private-key
> +"-out" public-key "-days" "3650"
> +"-batch" "-subj" subject))
> +(chown public-key (passwd:uid owner) (passwd:gid owner))
> +(chmod public-key #o444))
> +   (else
> +(format (current-error-port)
> +"Failed to create public key at ~a.\n" public-key)
> +  (let ((user (getpwnam "cups")))
> +(mkdir-p/perms "/var/run/cups" user #o755)
> +(mkdir-p/perms "/var/spool/cups" user #o755)
> +(mkdir-p/perms "/var/log/cups" user #o755)
> +(mkdir-p/perms "/etc/cups" user #o755)
> +(mkdir-p/perms "/etc/cups/ssl" user #o700)
> +(create-self-sign

Re: [PATCH] gnu: Add CUPS service.

[Ludovic Courtès]

Danny Milosavljevic  skribis:

>> +  (define %cups-accounts
>> +  (list (user-group (name "cups") (system? #t))
>> +(user-account
>> + (name "cups")
>> + (group "cups")
>> + (system? #t)
>> + (comment "CUPS print server user")
>> + (home-directory "/var/empty")
>
>> + (shell (file-append shadow "/sbin/nologin")
>
> How does this work? shadow is a package and file-append expects a string...

No no, it’s correct.  :-)

Ludo’.

Re: OpenSSL security updates

[Ludovic Courtès]

Leo Famulari  skribis:

> On Mon, Sep 26, 2016 at 01:01:38PM -0400, Leo Famulari wrote:
>> Subject: [PATCH] gnu: openssl: Update replacement to 1.0.2j [fixes
>>  CVE-2016-7052].
>> 
>> * gnu/packages/tls.scm (openssl): Update replacement to 1.0.2j.
>> (openssl-1.0.2i): Replace with...
>> (openssl-1.0.2j): ... new variable.
>
> Ludo, you mentioned you were using this graft as a test case for
> improvements to `guix lint`. Let us know if you are done with it so it
> can be ungrafted on the core-updates branch.

Go ahead, I’m done!

What I meant by “test case” is just commit
8389e6f06efde73ebb849a82e0967eb6afec8c39: now the replacement is called
“1.0.2j”, not “1.0.2h”.

Ludo’.

Re: [PATCH (3)] gnu: Add NFS related services (moved idmap.conf out of /etc, added texinfo markup to documentation, s/dir/directory)

[Ludovic Courtès]

Hi!

John Darrington  skribis:

> * gnu/services/nfs.scm (pipefs-service-type): New Variable,
> (gss-service-type): New Variable, (idmap-service-type) New Variable.
>
> * doc/guix.texi (Network File system): New Node.

Minor issues, and a suggestion for the pipefs service:

> +The @code{(gnu services nfs)} module provides the following services,
> +which are most commonly used in relation to mounting or exporting NFS
> +file systems.

Rather something like:
“mounting or exporting directory trees as @dfn{network file systems} (NFS).”

>  @subsubheading RPC Bind Service
>  @cindex rpcbind
>  
> -The @code{(gnu services nfs)} module provides the following:
> +The RPC Bind service provides a facility to map program numbers into

s/program numbers/ONC@tie{}RPC program numbers/

> +universal addresses.

“IP addresses”?

+ “ (RPC stands for @dfn{remote procedure call})”

> + (shepherd-service
> +(documentation "Mount the pipefs pseudo filesystem.")
  ^
Extra space.

> +(provision '(rpc-pipefs))
> +
> +(start #~(lambda ()
> +   (mkdir-p #$pipefs-directory)
> +   (mount "rpc_pipefs" #$pipefs-directory "rpc_pipefs")))
> +(stop #~(lambda (pid . args)
> +  (umount #$pipefs-directory MNT_DETACH)))

There’s the problem that ‘start’ must return a truth value (to tell the
Shepherd that the service was correctly “started”), so it’s better to
add an explicit #t at the end; conversely, ‘stop’ must return #f to
denote a successful stop.

However, as mentioned at
, I
think it would be best to achieve this by extending
‘file-system-service-type’.

Could you try that?  If it works, I don’t have any further comments.

> + (define idmap-command
> +   #~(list (string-append #$nfs-utils "/sbin/rpc.idmapd") "-f"

  #$(file-append nfs-utils "/sbin/rpc.idmapd")

> + (shepherd-service
> +  (documentation "Start the RPC IDMAP daemon.")
^
Missing space this time.  :-)

Thank you!

Ludo’.

Re: [PATCH 2/2] gnu: tzdata: Use modify-phases

[Ludovic Courtès]

John Darrington  skribis:

> * gnu/packages/base.scm (tzdata)[arguments]: Replace alist- procedures
> with modify-phases

OK for core-updates!

Re: [PATCH 1/2] gnu: tzdata: Fix dangling symbolic link.

[Ludovic Courtès]

John Darrington  skribis:

> * gnu/packages/base.scm (tzdata)[arguments]: Replace dangling symbolic link
> with the correct path.
> ---
>  gnu/packages/base.scm | 6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/gnu/packages/base.scm b/gnu/packages/base.scm
> index a476837..52d8de3 100644
> --- a/gnu/packages/base.scm
> +++ b/gnu/packages/base.scm
> @@ -946,11 +946,11 @@ command.")
>   (lambda* (#:key outputs #:allow-other-keys)
> ;; Move data in the right place.
> (let ((out (assoc-ref outputs "out")))
> - (copy-recursively (string-append out "/share/zoneinfo-posix")
> -   (string-append out "/share/zoneinfo/posix"))
> + (symlink (string-append out "/share/zoneinfo")
> +  (string-append out "/share/zoneinfo/posix"))

Or even:

  (symlink "." (string-append out "/share/zoneinfo/posix"))

OK for core-updates, thanks!

Ludo’.

Re: [PATCH] aarch64 support in isl

[Ludovic Courtès]

Efraim Flashner  skribis:

> This one is for core-updates. I've been carrying it around for months
> and short of updating isl or running autoconf on it before building it's
> needed for creating the cross-arch bootstrap tarballs.
>
> I'm still working on the aarch64 bootstrap binaries, still trying to get
> that to work.

Neat.

> From 8ad86edcc221e3505a645a3b75a8931efaa3f588 Mon Sep 17 00:00:00 2001
> From: Efraim Flashner 
> Date: Fri, 24 Jun 2016 13:33:31 +0300
> Subject: [PATCH 2/3] gnu: isl: Add support for aarch64.
>
> * gnu/packages/gcc.scm (isl)[source]: Add patch.
> * gnu/packages/patches/isl-0.11.1-aarch64-support.patch: New variable.

s/variable/file/ :-)

> * gnu/local.mk (dist_patch_DATA): Register it.

[...]

> --- /dev/null
> +++ b/gnu/packages/patches/isl-0.11.1-aarch64-support.patch
> @@ -0,0 +1,43 @@
> +From 5ad856cba6d08ae9e788198a7d56ef4e1c87 Mon Sep 17 00:00:00 2001
> +From: Efraim Flashner 
> +Date: Thu, 23 Jun 2016 09:39:56 +0300
> +Subject: [PATCH] autoreconf
> +
> +---
> + config.guess  |7 +++
> + config.sub|1 +
> + 2 files changed, 8 insertions(+)

You can remove this header and instead write “Add aarch64 support to
config.guess” or similar.

Otherwise OK for core-updates.

Thanks!

Ludo’.

Re: [PATCH 1/1] gnu: libupnp: Fix CVE-2016-6255.

[Ludovic Courtès]

Leo Famulari  skribis:

> * gnu/packages/patches/libupnp-CVE-2016-6255.patch: New file.
> * gnu/local.mk (dist_patch_DATA): Add it.
> * gnu/packages/libupnp.scm (libupnp): Use it.

[...]

> +From d64d6a44906b5aa5306bdf1708531d698654dda5 Mon Sep 17 00:00:00 2001
> +From: Matthew Garrett 
> +Date: Tue, 23 Feb 2016 13:53:20 -0800
> +Subject: [PATCH] Don't allow unhandled POSTs to write to the filesystem by
> + default
> +
> +If there's no registered handler for a POST request, the default behaviour
> +is to write it to the filesystem. Several million deployed devices appear
> +to have this behaviour, making it possible to (at least) store arbitrary
> +data on them. Add a configure option that enables this behaviour, and change
> +the default to just drop POSTs that aren't directly handled.

Fun.  :-)

> +diff --git a/configure.ac b/configure.ac
> +index 9548913..a8731b5 100644
> +--- a/configure.ac
>  b/configure.ac

Shouldn’t it require an autoreconf phase?

I would suggest shrinking this patch to just:

> +--- a/upnp/src/genlib/net/http/webserver.c
>  b/upnp/src/genlib/net/http/webserver.c
> +@@ -1367,9 +1367,13 @@ static int http_RecvPostMessage(
> + if (Fp == NULL)
> + return HTTP_INTERNAL_SERVER_ERROR;
> + } else {
> ++#ifdef UPNP_ENABLE_POST_WRITE
> + Fp = fopen(filename, "wb");
> + if (Fp == NULL)
> + return HTTP_UNAUTHORIZED;
> ++#else
> ++return HTTP_NOT_FOUND;
> ++#endif

… with “#if 0” instead of “#ifdef UPNP_ENABLE_POST_WRITE”.

WDYT?

Feel free to commit adjusted as you see fit!

Thanks,
Ludo’.

Re: Cosmetical change: remove inconsistent "$file ends here"?

[ng0]

Ludovic Courtès  writes:

> Alex Kost  skribis:
>
>> ng0 (2016-09-24 20:00 +) wrote:
>>
>>> We should either be consistent with this in all files or remove this
>>> altogether in my opinion.
>>>
 ng0@shadowwalker ~/src/guix/guix-no-changes$ egrep -nr "ends here"
 gnu/build/vm.scm:323:;;; vm.scm ends here
>> ...
>>> What do you think?
>>
>> I don't know what the original purpose of this convention is, it was
>> probably invented in those ancient times when dinosaurs walked by
>> streets, but I kinda like these "ends here" things :-)
>
> Yeah, I add them occasionally out of habit, but it’s not useful.
>
>> Anyway, I vote for leaving them and adding the missing ones.
>
> I vote for the status quo.  :-)  There’s not much value in spending time
> either way IMO.
>
> Ludo’.
>

Okay, let's keep it this way. There's nothing to be gained from this.

Re: Input needed regarding disk encryption/decryption

[Hartmut Goebel]

Am 06.10.2016 um 07:04 schrieb John Darrington:
> I understood something different by "while disk encryption".  I thought it 
> meant
> encrypting the whole disk (partition table and all) not just the partitions 
> on it.

I doubt this is possible without BIOS/UEFI support. And I'm not aware of
any such solution for Linux.

-- 
Schönen Gruß
Hartmut Goebel
Dipl.-Informatiker (univ), CISSP, CSSLP, ISO 27001 Lead Implementer
Information Security Management, Security Governance, Secure Software
Development

Goebel Consult, Landshut
http://www.goebel-consult.de

Blog:
http://www.goebel-consult.de/blog/vorratsdatenspeicherung-jetzt-verfassungsbeschwerde-unterschreiben

Kolumne: http://www.cissp-gefluester.de/2010-07-passwoerter-lieben-lernen



smime.p7s
Description: S/MIME Cryptographic Signature

[PATCH 2/2] gnu: tzdata: Use modify-phases

[John Darrington]

* gnu/packages/base.scm (tzdata)[arguments]: Replace alist- procedures
with modify-phases
---
 gnu/packages/base.scm | 35 ++-
 1 file changed, 18 insertions(+), 17 deletions(-)

diff --git a/gnu/packages/base.scm b/gnu/packages/base.scm
index 52d8de3..0760c11 100644
--- a/gnu/packages/base.scm
+++ b/gnu/packages/base.scm
@@ -936,23 +936,24 @@ command.")
   (guix build gnu-build-system)
   (srfi srfi-1))
#:phases
-   (alist-replace
-'unpack
-(lambda* (#:key source inputs #:allow-other-keys)
-  (and (zero? (system* "tar" "xvf" source))
-   (zero? (system* "tar" "xvf" (assoc-ref inputs "tzcode")
-(alist-cons-after
- 'install 'post-install
- (lambda* (#:key outputs #:allow-other-keys)
-   ;; Move data in the right place.
-   (let ((out (assoc-ref outputs "out")))
- (symlink (string-append out "/share/zoneinfo")
-  (string-append out "/share/zoneinfo/posix"))
- (delete-file-recursively (string-append out 
"/share/zoneinfo-posix"))
- (copy-recursively (string-append out "/share/zoneinfo-leaps")
-   (string-append out "/share/zoneinfo/right"))
- (delete-file-recursively (string-append out 
"/share/zoneinfo-leaps"
- (alist-delete 'configure %standard-phases)
+   (modify-phases %standard-phases
+ (replace 'unpack
+   (lambda* (#:key source inputs #:allow-other-keys)
+ (and (zero? (system* "tar" "xvf" source))
+  (zero? (system* "tar" "xvf" (assoc-ref inputs "tzcode"))
+ (add-after 'install 'post-install
+   (lambda* (#:key outputs #:allow-other-keys)
+ ;; Move data in the right place.
+ (let ((out (assoc-ref outputs "out")))
+   (symlink (string-append out "/share/zoneinfo")
+(string-append out "/share/zoneinfo/posix"))
+   (delete-file-recursively
+(string-append out "/share/zoneinfo-posix"))
+   (copy-recursively (string-append out "/share/zoneinfo-leaps")
+ (string-append out "/share/zoneinfo/right"))
+   (delete-file-recursively
+(string-append out "/share/zoneinfo-leaps")
+ (delete 'configure
 (inputs `(("tzcode" ,(origin
   (method url-fetch)
   (uri (string-append
-- 
2.1.4

[PATCH 1/2] gnu: tzdata: Fix dangling symbolic link.

[John Darrington]

* gnu/packages/base.scm (tzdata)[arguments]: Replace dangling symbolic link
with the correct path.
---
 gnu/packages/base.scm | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/gnu/packages/base.scm b/gnu/packages/base.scm
index a476837..52d8de3 100644
--- a/gnu/packages/base.scm
+++ b/gnu/packages/base.scm
@@ -946,11 +946,11 @@ command.")
  (lambda* (#:key outputs #:allow-other-keys)
;; Move data in the right place.
(let ((out (assoc-ref outputs "out")))
- (copy-recursively (string-append out "/share/zoneinfo-posix")
-   (string-append out "/share/zoneinfo/posix"))
+ (symlink (string-append out "/share/zoneinfo")
+  (string-append out "/share/zoneinfo/posix"))
+ (delete-file-recursively (string-append out 
"/share/zoneinfo-posix"))
  (copy-recursively (string-append out "/share/zoneinfo-leaps")
(string-append out "/share/zoneinfo/right"))
- (delete-file-recursively (string-append out 
"/share/zoneinfo-posix"))
  (delete-file-recursively (string-append out 
"/share/zoneinfo-leaps"
  (alist-delete 'configure %standard-phases)
 (inputs `(("tzcode" ,(origin
-- 
2.1.4

Re: gnu/system/u-boot.scm

[David Craven]

I don't think we need an extlinux and a grub configuration file. But
we can probably improve the decoupling so that we don't need too much
code repetition.

Sorry, I got sidetracked with this. I've been working on rust, inox
(terrible python errors: EOF found but object expected on import,
racecondition? It reproduces, so it's a weird race condition) and
school. I'll probably resume work on guixsd on arm this weekend, but I
ordered a wandaboard after all - the bbb is too underpowered... I'd
like to use guixsd on arm for a small school project due date 11.11,
so I'll be focusing on this again...

Re: [PATCH] gnu: Add hdf-eos5.

[Ludovic Courtès]

Hi Thomas,

Thomas Danckaert  skribis:

> you were right, there was a lot of room to simplify.  This patch
> modifies autotools' generated files, so there's no need for autoreconf
> anymore.
>
> In the meantime, I discovered that the library can also build a
> Fortran wrapper.  I enabled this wrapper, but some of the Fortran
> tests contain some bugs (multi-line string formatting errors).  Fixing
> those tests requires a rather long (but simple) patch.  Alternatively,
> disabling the tests (or the Fortran wrapper) would shorten the patch.

Cool.

> From: l...@gnu.org (Ludovic Courtès)
> Subject: Re: [PATCH] gnu: Add hdf-eos5.
> Date: Mon, 03 Oct 2016 17:59:14 +0200
>
>> Also, for each patch, could you add a word stating what the upstream
>> status is, such as the URL of the upstream commit or discussion,
>> when it
>> exists?
>
> The patches related to actual bugs (fortrantests, fix-szip) were
> reported to the maintainer (The library is maintained for there's no
> public bugtracker, but a contact address in the documentation), and
> might be included in a future release.
>
> I didn't submit patches related to the shared build and removal of
> bundled GCTP, as I didn't think they would be interested to take up
> such “big” changes.

Makes sense.

> From 481d66b1178fdd539111ee54233c9dcc0376d986 Mon Sep 17 00:00:00 2001
> From: Thomas Danckaert 
> Date: Fri, 17 Jun 2016 10:51:38 +0200
> Subject: [PATCH] gnu: Add hdf-eos5.
>
> * gnu/packages/maths.scm (hdf-eos5): New variable.
> * gnu/packages/patches/hdf-eos5-build-shared.patch: New file.
> * gnu/packages/patches/hdf-eos5-remove-gctp.patch: New file.
> * gnu/packages/patches/hdf-eos5-fix-szip.patch: New file.
> * gnu/packages/patches/hdf-eos5-fortrantests.patch: New file.
> * gnu/local.mk (dist_patch_DATA): Add patches.

Applied.  I modified the ‘license’ field and added a comment after
checking what’s going on: their web page doesn’t say much, but all the
source files carry a lax license notice like this:

  
  |Copyright (c) 1999  Emergent IT Inc.  and Raytheon Systems Company|
  |  |
  |  Permission to use, modify, and distribute this software and its |
  |  documentation for any purpose without fee is hereby granted, provided   |
  |  that the above copyright notice appear in all copies and that both that |
  |  copyright notice and this permission notice appear in supporting|
  |  documentation.  |
  

Thank you!

Ludo’.

Re: [PATCH]Remove empty doc directory from Hack font installation.

[宋文武]

Dmitry Nikolaev  writes:

> Hi. Hack font original zip file does not contain any documentation about it, 
> so empty doc directory in its
> installation is useless. This patch removes it.

Applied, thanks!

Re: [PATCH]Add ati support to xorg configuration.

[宋文武]

Dmitry Nikolaev  writes:

> Hi. Without this patch I couldn't run X on my Radeon card.

Applied, thanks!

Just curious, does it work for you without firmwares?

Re: Input needed regarding disk encryption/decryption

[Christopher Allan Webber]

dian_ce...@zoho.com writes:

>  I am also pondering how to handle RAID and LVM at this time since all of
> this is all fairly closely related, though I'm not going to make any claims of
> responsibility for implementing anything other than disk encryption, and even
> that isn't promised.
>
>  However, I'm wanting feedback from others on this list (and if someone
> wants to crosspost this to the help-guix list for a little more visability, 
> feel
> free) on any possible scenerios need to be handled that I havn't mentioned 
> here.

I'm not sure enough to comment on RAID, but having an encrypted LVM
option is basically what Debian ships with out of the box, and that
seems good-enough to me.

Re: FOSDEM 2016 was awesome! Let's do FOSDEM 2017 (we are IN!)

[Amirouche Boubekki]

On 2016-10-05 16:09, Pjotr Prins wrote:

Good news!

We have just been informed that GNU Guile/Guix has a half day devroom
for FOSDEM 2017 again.

  https://fosdem.org/2017/

Book your resp. flights/trains/boats!

Pj.



Yeah! That is good news! I will prepare my slides (and finish my project 
;)

Re: [PATCH]Add ati support to xorg configuration.

[Marius Bakke]

Dmitry Nikolaev  writes:

> Hi. Without this patch I couldn't run X on my Radeon card.

Thanks! This looks good to me, but please add a commit message that
follows our conventions. Check "git log --grep service" for examples.

> Dmitry Nikolaev
> From 25f8f50e1bd6efaee0008283ca1de8b1fe951d7e Mon Sep 17 00:00:00 2001
> From: 8p8c 
> Date: Thu, 6 Oct 2016 00:09:00 +0300
> Subject: [PATCH] Add Ati drivers to xorg configuration
>
> ---
>  gnu/services/xorg.scm | 2 ++
>  1 file changed, 2 insertions(+)
>
> diff --git a/gnu/services/xorg.scm b/gnu/services/xorg.scm
> index d098d83..ccac677 100644
> --- a/gnu/services/xorg.scm
> +++ b/gnu/services/xorg.scm
> @@ -108,6 +108,7 @@ Section \"Files\"
>FontPath \"" font-adobe75dpi "/share/fonts/X11/75dpi\"
>ModulePath \"" xf86-video-vesa "/lib/xorg/modules/drivers\"
>ModulePath \"" xf86-video-fbdev "/lib/xorg/modules/drivers\"
> +  ModulePath \"" xf86-video-ati "/lib/xorg/modules/drivers\"
>ModulePath \"" xf86-video-modesetting "/lib/xorg/modules/drivers\"
>ModulePath \"" xf86-video-cirrus "/lib/xorg/modules/drivers\"
>ModulePath \"" xf86-video-intel "/lib/xorg/modules/drivers\"
> @@ -145,6 +146,7 @@ EndSection
>  (define %default-xorg-modules
>(list xf86-video-vesa
>  xf86-video-fbdev
> +xf86-video-ati
>  xf86-video-modesetting
>  xf86-video-cirrus
>  xf86-video-intel
> -- 
> 2.10.0

Re: [PATCH 0/7] Add pandoc-citeproc

[Ricardo Wurmus]

>   gnu: ghc-streaming-commons: Remove standard packages from inputs.
>   gnu: Add ghc-hs-bibutils.
>   gnu: Add ghc-rfc5051.
>   gnu: Add ghc-conduit-extra.
>   gnu: Add ghc-xml-types.
>   gnu: Add ghc-xml-conduit.
>   gnu: Add ghc-pandoc-citeproc.

I pushed this to master as eb0ff8a38257d61aee1c2e9430db98f6f8ee7b2c.
(“guix lint” is okay with the package definitions.)

~~ Ricardo

[PATCH] gnu: wpa-supplicant: Update to 2.6.

[Marius Bakke]

None of the patches applied, so I assume they are upstream.

Tested locally. Please push if it's good.

>From 28a85174650e5602364290f9b7d1259f4148bcf1 Mon Sep 17 00:00:00 2001
From: Marius Bakke 
Date: Wed, 5 Oct 2016 04:08:46 +0100
Subject: [PATCH] gnu: wpa-supplicant: Update to 2.6.

* gnu/packages/admin.scm (wpa-supplicant-minimal)[source]: Update to
  2.6. Remove 'patches' field.
* gnu/packages/patches/wpa-supplicant-CVE-2015-5310.patch,
  gnu/packages/patches/wpa-supplicant-CVE-2015-5314.patch,
  gnu/packages/patches/wpa-supplicant-CVE-2015-5315.patch,
  gnu/packages/patches/wpa-supplicant-CVE-2015-5316.patch,
  gnu/packages/patches/wpa-supplicant-CVE-2016-4476.patch,
  gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt1.patch,
  gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt2.patch,
  gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt3.patch,
  gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt4.patch: Delete
  files.
* gnu/local.mk (dist_patch_DATA): Remove them.
---
 gnu/local.mk   |  9 ---
 gnu/packages/admin.scm | 14 +---
 .../patches/wpa-supplicant-CVE-2015-5310.patch | 32 -
 .../patches/wpa-supplicant-CVE-2015-5314.patch | 51 --
 .../patches/wpa-supplicant-CVE-2015-5315.patch | 54 --
 .../patches/wpa-supplicant-CVE-2015-5316.patch | 34 -
 .../patches/wpa-supplicant-CVE-2016-4476.patch | 82 --
 .../patches/wpa-supplicant-CVE-2016-4477-pt1.patch | 51 --
 .../patches/wpa-supplicant-CVE-2016-4477-pt2.patch | 82 --
 .../patches/wpa-supplicant-CVE-2016-4477-pt3.patch | 62 
 .../patches/wpa-supplicant-CVE-2016-4477-pt4.patch | 50 -
 11 files changed, 2 insertions(+), 519 deletions(-)
 delete mode 100644 gnu/packages/patches/wpa-supplicant-CVE-2015-5310.patch
 delete mode 100644 gnu/packages/patches/wpa-supplicant-CVE-2015-5314.patch
 delete mode 100644 gnu/packages/patches/wpa-supplicant-CVE-2015-5315.patch
 delete mode 100644 gnu/packages/patches/wpa-supplicant-CVE-2015-5316.patch
 delete mode 100644 gnu/packages/patches/wpa-supplicant-CVE-2016-4476.patch
 delete mode 100644 gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt1.patch
 delete mode 100644 gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt2.patch
 delete mode 100644 gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt3.patch
 delete mode 100644 gnu/packages/patches/wpa-supplicant-CVE-2016-4477-pt4.patch

diff --git a/gnu/local.mk b/gnu/local.mk
index 867946d..32da04a 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -888,15 +888,6 @@ dist_patch_DATA =		\
   %D%/packages/patches/wordnet-CVE-2008-2149.patch			\
   %D%/packages/patches/wordnet-CVE-2008-3908-pt1.patch			\
   %D%/packages/patches/wordnet-CVE-2008-3908-pt2.patch			\
-  %D%/packages/patches/wpa-supplicant-CVE-2015-5310.patch	\
-  %D%/packages/patches/wpa-supplicant-CVE-2015-5314.patch	\
-  %D%/packages/patches/wpa-supplicant-CVE-2015-5315.patch	\
-  %D%/packages/patches/wpa-supplicant-CVE-2015-5316.patch	\
-  %D%/packages/patches/wpa-supplicant-CVE-2016-4476.patch	\
-  %D%/packages/patches/wpa-supplicant-CVE-2016-4477-pt1.patch	\
-  %D%/packages/patches/wpa-supplicant-CVE-2016-4477-pt2.patch	\
-  %D%/packages/patches/wpa-supplicant-CVE-2016-4477-pt3.patch	\
-  %D%/packages/patches/wpa-supplicant-CVE-2016-4477-pt4.patch	\
   %D%/packages/patches/xdotool-fix-makefile.patch   \
   %D%/packages/patches/xf86-video-ark-remove-mibstore.patch	\
   %D%/packages/patches/xf86-video-ast-remove-mibstore.patch	\
diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm
index cfb33c4..d9b08ef 100644
--- a/gnu/packages/admin.scm
+++ b/gnu/packages/admin.scm
@@ -862,7 +862,7 @@ commands and their arguments.")
 (define-public wpa-supplicant-minimal
   (package
 (name "wpa-supplicant-minimal")
-(version "2.5")
+(version "2.6")
 (source (origin
   (method url-fetch)
   (uri (string-append
@@ -871,17 +871,7 @@ commands and their arguments.")
 ".tar.gz"))
   (sha256
(base32
-"05mkp5bx1c3z7h5biddsv0p49gkrq9ksany3anp4wdiv92p5prfc"))
-  (patches
-   (search-patches "wpa-supplicant-CVE-2015-5310.patch"
-   "wpa-supplicant-CVE-2015-5314.patch"
-   "wpa-supplicant-CVE-2015-5315.patch"
-   "wpa-supplicant-CVE-2015-5316.patch"
-   "wpa-supplicant-CVE-2016-4476.patch"
-   "wpa-supplicant-CVE-2016-4477-pt1.patch"
-   "wpa-supplicant-CVE-2016-4477-pt2.patch"
-   "wpa-supplicant-CVE-2016-4477-pt3.patch"
-   "wpa-supplicant-CVE-2016-4477-pt4.patch"
+"0l0l5gz3d5j9bqjsbjlfcv4w4jwndllp9fmyai4x9kg6qhs6v4xl"
 (b

Re: Contents of /etc/hosts

[Hartmut Goebel]

Am 06.10.2016 um 02:57 schrieb John Darrington:
>127.0.0.1 localhost
>::1   localhost
>127.0.0.1 gambrinus
>::1   gambrinus
>  
>  Or am I missing something?
>
> Hmm.  I have never seen it done this way elsewhere, and I really wonder how 
> some
> services will react if they discover that 127.0.0.1 is not called 
> "localhost"?  
> Or that one address is known by two names.  I think it possible they might 
> assume a security breach and refuse to work. 

This should not be a problem. One could always add several entries for
the same IP-address. And "getent hosts 127.0.0.1" will return the first
entry in /etc/hosts AFAIKT.

I started digging through the man pages, but did not finish. It's a deep
maybe recursive mess of documentation where nothing is said about  Maybe
we need to refer to the gethostbyname(2) and gethostbyname(3)
documentation, which both are listed in "man hostname".

* gethostbyname(2) [1], uses uname[2], which returns what ever has been
set with sethostname (AFAICT) and always returns a single string.

* gethostbyname(3) [3] returns a structure capable to hold an name,
several aliases, and several addresses.

Nevertheless my conclusion is that any program should be able to handle
any ip-address and and hostname and must not rely on any assumtion
regarding these. (Exept perhaps to assume "localhost" is defined.)

[1] http://man7.org/linux/man-pages/man2/gethostname.2.html
[2] http://man7.org/linux/man-pages/man2/uname.2.html
[3] http://man7.org/linux/man-pages/man3/gethostbyname.3.html
[4] http://man7.org/linux/man-pages/man5/hosts.5.html

> Kerberos is very fussy about such things.

Yes, it is, forward and backward resolution must match. But this can be
done with a the hostname's non-loopback IP-address being in front of the
loopback entry. ASAIK


-- 
Schönen Gruß
Hartmut Goebel
Dipl.-Informatiker (univ), CISSP, CSSLP, ISO 27001 Lead Implementer
Information Security Management, Security Governance, Secure Software
Development

Goebel Consult, Landshut
http://www.goebel-consult.de

Blog: http://www.goebel-consult.de/blog/feiertagsarbeit-bei-teletrust
Kolumne:
http://www.cissp-gefluester.de/2011-02-fleisige-datensammler-fur-lukratives-geschaeftsmodell-gesucht




smime.p7s
Description: S/MIME Cryptographic Signature

Re: Contents of /etc/hosts

[Hartmut Goebel]

Am 05.10.2016 um 20:31 schrieb John Darrington:
>   (shepherd-service-type
>'host-name
>(lambda (name)
>  (shepherd-service

I suggest adding a comment here whether this is the bare hostname or the
FQDN.

>  127.0.0.2 gambrinus
Now what happens if you "ping gambrinus"?

-- 
Schönen Gruß
Hartmut Goebel
Dipl.-Informatiker (univ), CISSP, CSSLP, ISO 27001 Lead Implementer
Information Security Management, Security Governance, Secure Software
Development

Goebel Consult, Landshut
http://www.goebel-consult.de

Blog: http://www.goebel-consult.de/blog/feiertagsarbeit-bei-teletrust
Kolumne:
http://www.cissp-gefluester.de/2011-02-fleisige-datensammler-fur-lukratives-geschaeftsmodell-gesucht

Re: [PATCH]Add PT Astra font.

[Hartmut Goebel]

Am 05.10.2016 um 23:06 schrieb Dmitry Nikolaev:
> +(synopsis "A typeface metric compatible with Times New Roman.")

AFAIK the synopsis should not start with an "A". Please verify be running

guix lint font-pt-astra


-- 
Schönen Gruß
Hartmut Goebel
Dipl.-Informatiker (univ), CISSP, CSSLP, ISO 27001 Lead Implementer
Information Security Management, Security Governance, Secure Software
Development

Goebel Consult, Landshut
http://www.goebel-consult.de

Blog: http://www.goebel-consult.de/blog/feiertagsarbeit-bei-teletrust
Kolumne:
http://www.cissp-gefluester.de/2011-02-fleisige-datensammler-fur-lukratives-geschaeftsmodell-gesucht




smime.p7s
Description: S/MIME Cryptographic Signature

Re: Input needed regarding disk encryption/decryption

[dian_cecht]

On Thu, Oct 06, 2016 at 07:04:14AM +0200, John Darrington wrote:
> I understood something different by "while disk encryption".  I thought it 
> meant
> encrypting the whole disk (partition table and all) not just the partitions 
> on it.

I am looking at whole disk encryption as well as other options.

Re: [PATCH] gnu: Add r-bsgenome-celegans-ucsc-ce10.

[Ricardo Wurmus]

Leo Famulari  writes:

> On Wed, Oct 05, 2016 at 02:27:20PM +0200, Ricardo Wurmus wrote:
>> * gnu/packages/bioinformatics.scm (r-bsgenome-celegans-ucsc-ce10): New
>> variable.
>
> Looks reasonable to this layperson.

Thanks for checking!  It’s very much like
“r-bsgenome-celegans-ucsc-ce6”, just a different genome revision.

Pushed as fc47c7d635e1ea65df5da8ef29cb56440835f71b.

~~ Ricardo

Re: gnu/system/u-boot.scm

[Danny Milosavljevic]

Hi,

so now that all of it works, I'd like to propose to change how it's done 
completely (muhahaha).

Ludo wrote:
>   2. (gnu system) should dispatch to either ‘grub-configuration-file’ or
>  ‘u-boot-configuration-file’ depending on whether the config
>  contains a ‘grub-configuration’ or a ‘u-boot-configuration’ object.

I think it would be better if (gnu system) installed *both* the grub 
configuration file *and* the u-boot configuration file.

The main advantage would be if the user already had a bootloader, it would be 
possible to leave the bootloader form off completely in /etc/config.scm . The 
bootloader configurations would still be updated and the right one should be 
picked up by the bootloader (Note: Libreboot checks for 
"grub/libreboot_grub.cfg"; U-Boot checks for "extlinux.conf" (and others); Grub 
checks for "grub/grub.cfg").

(This is in order to support bootloaders that are in ROM or Flash, mostly. One 
usually doesn't update those [I guess it doesn't hurt if you install another 
dummy bootloader on disk, though]. VMs also don't need a bootloader - but do 
need the config)

Another advantage would be that there would be no "u-boot-configuration" object 
and the user would not have to choose between it and "grub-configuration". It 
would be all the same configuration object (by then erroneously called 
"grub-configuration" - which we can keep for backward compatibility I guess). 

The programs "grub-install" and (future) "u-boot-install" expect a fixed 
filename for their config file - so they are not confused by it either. So 
that's neutral :)

There's no need to provide two different configuration objects (they are almost 
completely the same - save the output procedure). I'd say it's a maintenance 
advantage not to have them.

And the only disadvantage would be that the bootloader installation procedure 
would have to check whether "grub-install" exists. If it does, invoke it. 
Otherwise invoke "u-boot-install". Essentially success would be if either 
invocation succeeded (that is: the respective executable was found). [We could 
also add a "grub-install" executable to the u-boot packages if we wanted to 
avoid that]

grub-configuration would need just one new field "installer" which would list 
the package of the bootloader-to-install, if any. 

And there would need to be a new procedure "grub-configuration-files" with 
multiple files *instead* of "grub-configuration-file". (Think of "grub" as 
"bootloader" in this name)

operating-system-grub.cfg would also need to return multiple files (and maybe 
their target names, too?).

If we wanted to be backward compatible (probably), we could install grub if 
there was no field "installer" specified. (Although in a 
non-backward-compatible world I'd prefer if it installed no bootloader in that 
case - it wouldn't even have any fallout if it now didn't install the 
bootloader on existing systems)

What do you think?

If we want to do it, could you help me write "grub-configuration-files" ?

grub-configuration-file seems to use gexp->derivation at the end (which 
probably form a store monad). Can I just return a Scheme list of those or how 
would this work?

Do I then need to carry the target filename in a pair?

"grub.cfg" is a gc root. How would this need to be adapted?

If we later wanted to modify GuixSD to switch over to special configurations 
(although I don't see why we would), we can still do that without backward 
compat problems. So this wouldn't lock us in.

Re: CVE-2016-6255

[Efraim Flashner]

On Thu, Oct 06, 2016 at 02:16:26AM -0400, Leo Famulari wrote:
> Subject: [PATCH 0/1] libupnp remote filesystem access CVE-2016-6255
> 
> You can use libupnp on a remote server to read and write the filesystem
> with the privileges of the libupnp process:
> 
> http://seclists.org/oss-sec/2016/q3/102
> 
> This patch cherry-picks the upstream commit:
> 
> https://github.com/mrjimenez/pupnp/commit/d64d6a44906b5aa5306bdf1708531d698654dda5
> 
> Leo Famulari (1):
>   gnu: libupnp: Fix CVE-2016-6255.
> 
>  gnu/local.mk |  1 +
>  gnu/packages/libupnp.scm |  2 +
>  gnu/packages/patches/libupnp-CVE-2016-6255.patch | 86 
> 
>  3 files changed, 89 insertions(+)
>  create mode 100644 gnu/packages/patches/libupnp-CVE-2016-6255.patch
> 
> -- 
> 2.10.1
> 

Looks good to me

-- 
Efraim Flashner  אפרים פלשנר
GPG key = A28B F40C 3E55 1372 662D  14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted


signature.asc
Description: PGP signature