Re: python-mistune

[Tobias Geerinckx-Rice]

On 26/01/17 08:32, Tobias Geerinckx-Rice wrote:
> I'll keep using the ‘emacs && guix build && guix build’ updater for
> now. :-)

Or rather: guix build || guix build. That's the ticket.

Kind regards,

T G-R



signature.asc
Description: OpenPGP digital signature

Re: python-mistune

[Tobias Geerinckx-Rice]

Frederico,

On 25/01/17 21:58, Federico Beffa wrote:
> Hi Thomas,

Might you've confused Thomas & me? I'm the one who updated the package
in question. It should be fixed in master now[0].

> It seems that version 0.7.3 is not present from the source that you 
> indicated:

This was my first try at using the Pypi updater — which is really cool,
but it seems to have downloaded & hashed at least two packages[1] from a
new URI while leaving the old one in place.

Everything works fine here, then blows up on other folks' machines. Not
a great feeling. I'll keep using the ‘emacs && guix build && guix build’
updater for now. :-)

Anyone: does the updater use pypi-uri unconditionally? I don't remember
ignoring any warnings.

Kind regards,

T G-R

[0]: Commit eff8d773d65d031e67f492c790de3b4b48549883.
[1]: 5e217a8b4b47fc8914f623db5acf96d0e5099c2c fixes a similar issue.



signature.asc
Description: OpenPGP digital signature

Re: 01/01: gnu: gnutls: Replace with 3.5.8 [fixes GNUTLS-SA-2017-{1, 2}].

[Leo Famulari]

On Tue, Jan 10, 2017 at 10:40:40PM +, Ludovic Court�s wrote:
> civodul pushed a commit to branch master
> in repository guix.
> 
> commit 3c0f7910e4724ed79d3b17e3727dc7879ad246d3
> Author: Ludovic Courtès 
> Date:   Tue Jan 10 23:11:18 2017 +0100
> 
> gnu: gnutls: Replace with 3.5.8 [fixes GNUTLS-SA-2017-{1,2}].
> 
> * gnu/packages/tls.scm (gnutls-3.5.8): New variable.
> (gnutls)[replacement]: New field.

This commit got lost on core-updates. I just pushed the update to 3.5.8:

commit 9b9e147117e6009451d7acc1f8f156e041263e32
Author: Leo Famulari 
Date:   Wed Jan 25 23:42:11 2017 -0500

gnu: gnutls: Update to 3.5.8.

* gnu/packages/tls.scm (gnutls): Update to 3.5.8.

http://git.savannah.gnu.org/cgit/guix.git/commit/?h=core-updates=9b9e147117e6009451d7acc1f8f156e041263e32


signature.asc
Description: PGP signature

Auto-compilation warning/errors caused by guild

[Maxim Cournoyer]

Hello Guix,

I was looking at the build log of the "gnucash" package, trying to
investigate why it doesn't remember its settings, and stumbled on many
warning/errors like:

[...]
/gnu/store/70f2l7892914g6mv0w4hwfcmnd7xg2fs-guile-2.0.12/bin/guild compile -o 
de_DE.go de_DE.scm
;;; note: auto-compilation is enabled, set GUILE_AUTO_COMPILE=0
;;;   or pass the --no-auto-compile argument to disable.
;;; compiling /gnu/store/70f2l7892914g6mv0w4hwfcmnd7xg2fs-guile-2.0.12/bin/guild
;;; WARNING: compilation of 
/gnu/store/70f2l7892914g6mv0w4hwfcmnd7xg2fs-guile-2.0.12/bin/guild failed:
;;; ERROR: failed to create path for auto-compiled file 
"/gnu/store/70f2l7892914g6mv0w4hwfcmnd7xg2fs-guile-2.0.12/bin/guild"
wrote `taxtxf.go'
[...]

Apparently these are caused by the fact that "guild" is a scheme script (it's 
part
of the guile package) which doesn't have a compiled version (a .go file)
in the store: when using this script guile tries to auto-compile it but
fails to write it (I guess because there is no $HOME and the store
location is read-only?)

Would it be possible to have our guile package(s) include any bundled
scheme file such as guild have their built ".go" counterpart? Would this
resolve these errors?

Failing that, I could add a the make flag GUILE_AUTO_COMPILE=0 in the
gnucash build recipe, but fixing the problem at its root would be much better.

Thanks,

Maxim


signature.asc
Description: PGP signature

Re: Debugging and source code

[Pjotr Prins]

On Wed, Jan 25, 2017 at 09:41:09PM +0100, Danny Milosavljevic wrote:
> Hi,
> 
> On Wed, 25 Jan 2017 14:22:48 +0100
> l...@gnu.org (Ludovic Courtès) wrote:
> 
> > Pjotr Prins  skribis:
> > 
> > > Since we allow for debug symbols using :debug (great feature!), 
> 
> Aha? Why's that not available in our icecat package? I have to find out how 
> it's done elsewhere and copy it :)

The beauty of it that it is already there - at least for the gnu build
system. Just add the debug output.

> > You can always get the right source code by running “guix build -S
> > package”.
> > 
> > OTOH having the source directly in the “debug” (or “source”?) output as
> > you suggest would be more convenient.
> > 
> > The only downside is the extra size of the “debug” output.  Most of the
> > time that’s a price people are happy to pay when they are installing the
> > “debug” output.  But sometimes maybe not.
> 
> Ahhh that's a difficult call. I think it would be best if we collected some 
> statistics before we decided that. For example how big is the source code of 
> a package versus the binary? On average? Depending on the language? How many 
> % of the total size is the source code?

If we add debug output by default I suppose we don't have to
distribute binary packages. Likewise an output with source code
included. That means there would be no cost involved other than
building and testing.
-- 

Re: Debugging and source code

[Pjotr Prins]

On Wed, Jan 25, 2017 at 06:54:30PM +0100, Ludovic Courtès wrote:
> Pjotr Prins  skribis:
> 
> > On Wed, Jan 25, 2017 at 02:22:48PM +0100, Ludovic Courtès wrote:
> >> You can always get the right source code by running “guix build -S
> >> package”.
> >> 
> >> OTOH having the source directly in the “debug” (or “source”?) output as
> >> you suggest would be more convenient.
> >> 
> >> The only downside is the extra size of the “debug” output.  Most of the
> >> time that’s a price people are happy to pay when they are installing the
> >> “debug” output.  But sometimes maybe not.
> >
> > How about a :debug-full switch?
> 
> There’s no switch, only a “debug” output.

yes, yes. I meant a "debug-full" output.

-- 

Re: [PATCH 1/2] gnu: Add mbedtls.

[Leo Famulari]

On Wed, Jan 25, 2017 at 12:25:17PM +, contact@cryptolab.net wrote:
> * gnu/packages/tls.scm (mbedtls): New variable.

> +   ;; FIXME: Tarball on tls.mbed.org can no be fetched by our downloader.

Please add a comment explaining what goes wrong.

> +(native-inputs
> + `(("perl" ,perl) ; Tests
> +   ("doxygen" ,doxygen)
> +   ("graphviz" ,graphviz)))
> +(inputs
> + `(("zlib" ,zlib)
> +   ("openssl" ,openssl)))

The only dependency it needs to build is Perl.

The rest can be missing and mbedtls will still pass its test suite.

Doxygen seems unused; no documentation is installed when its available.

If they are available, zlib and openssl are not referred to by the output
(checked with `guix gc --references`).

[PATCH] gnu: Add python-pyodbc-c.

[Danny Milosavljevic]

* gnu/packages/databases.scm (python-pyodbc-c, python2-pyodbc-c):
  New variables.
---
 gnu/packages/databases.scm | 26 ++
 1 file changed, 26 insertions(+)

diff --git a/gnu/packages/databases.scm b/gnu/packages/databases.scm
index e8be17980..fc576888d 100644
--- a/gnu/packages/databases.scm
+++ b/gnu/packages/databases.scm
@@ -1312,3 +1312,29 @@ development.")
 ;; test/crypto.test are licensed under a 3-clause BSD license. All other
 ;; source files are in the public domain.
 (license (list license:public-domain license:bsd-3
+
+(define-public python-pyodbc-c
+  (package
+(name "python-pyodbc-c")
+(version "3.1.2")
+(source
+ (origin
+   (method url-fetch)
+   (uri (string-append "https://gitlab.com/daym/pyodbc-c/repository/;
+   "archive.tar.gz?ref=v" version))
+   (sha256
+(base32 "0nl11n3mgrcfnhimjqgv48rxqnb21l5m6s7p8ps2fa4nn4z6rzy0"))
+   (file-name (string-append name "-" version ".tar.gz"
+(build-system python-build-system)
+(inputs
+ `(("unixodbc" ,unixodbc)))
+(arguments
+ `(#:tests? #f ; no tests exist
+  ))
+(home-page "https://github.com/mkleehammer/pyodbc;)
+(synopsis "Python ODBC Library")
+(description "This package provides a Python DB-API driver for ODBC.")
+(license (license:x11-style "file://LICENSE.TXT"
+
+(define-public python2-pyodbc-c
+  (package-with-python2 python-pyodbc-c))

[PATCH] gnu: u-boot: Use scandir.

[Danny Milosavljevic]

* gnu/packages/u-boot.scm (make-u-boot-package): Modify.
---
 gnu/packages/u-boot.scm | 16 
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/gnu/packages/u-boot.scm b/gnu/packages/u-boot.scm
index cdd52d874..6173e619a 100644
--- a/gnu/packages/u-boot.scm
+++ b/gnu/packages/u-boot.scm
@@ -99,19 +99,19 @@ also initializes the boards (RAM etc).")
(modify-phases %standard-phases
  (replace 'configure
(lambda* (#:key outputs make-flags #:allow-other-keys)
+ (use-modules ((ice-9 ftw)))
  (let ((config-name (string-append ,board "_defconfig")))
(if (file-exists? (string-append "configs/" config-name))
(zero? (apply system* "make" `(,@make-flags ,config-name)))
(begin
  (display "Invalid board name. Valid board names are:")
- (let ((dir (opendir "configs"))
-   (suffix-length (string-length "_defconfig")))
-   (do ((file-name (readdir dir) (readdir dir)))
-   ((eof-object? file-name))
- (when (string-suffix? "_defconfig" file-name)
-   (format #t "- ~A\n"
-   (string-drop-right file-name 
suffix-length
-   (closedir dir))
+ (let ((suffix-length (string-length "_defconfig")))
+   (scandir "configs"
+ (lambda (file-name)
+   (when (string-suffix? "_defconfig" file-name)
+ (format #t "- ~A\n"
+ (string-drop-right file-name
+suffix-length))
  #f)
  (replace 'install
(lambda* (#:key outputs make-flags #:allow-other-keys)

Re: [PATCH 0/1] Help wanted fixing a ruby-minitar bug

[Leo Famulari]

On Thu, Jan 26, 2017 at 08:30:01AM +1000, Ben Woodcroft wrote:
> qOn 26/01/17 03:42, Leo Famulari wrote:
> > On Wed, Jan 25, 2017 at 09:32:22AM +1000, Ben Woodcroft wrote:
> > > Well, it is unpacking a .gem file rather than a tar.gz, and patching 
> > > rubygem
> > > sources has never worked. It might be worth fixing this in general, or
> > > perhaps packaging minitar from GitHub rather than rubygems.
> > Would you like to try packaging minitar from the Git repo so we can get
> > this bug-fix?
> Sure, pushed as bfaf8efd74e88d99f743845357e3f1ff191e23c2.

Thank you!

[PATCH core-updates] gnu: gtk+: Enable broadway backend.

[Danny Milosavljevic]

* gnu/packages/gtk.scm (gtk+)[arguments]: Modify configure-flags.
---
 gnu/packages/gtk.scm | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/gnu/packages/gtk.scm b/gnu/packages/gtk.scm
index a506949ab..9498ce780 100644
--- a/gnu/packages/gtk.scm
+++ b/gnu/packages/gtk.scm
@@ -695,7 +695,8 @@ application suites.")
   ;; to "doc".
   #:configure-flags (list (string-append "--with-html-dir="
  (assoc-ref %outputs "doc")
- "/share/gtk-doc/html"))
+ "/share/gtk-doc/html")
+  "--enable-broadway-backend")
   #:phases (modify-phases %standard-phases
 (add-before 'configure 'pre-configure
   (lambda _

Re: [PATCH 0/1] Help wanted fixing a ruby-minitar bug

[Ben Woodcroft]

qOn 26/01/17 03:42, Leo Famulari wrote:

On Wed, Jan 25, 2017 at 09:32:22AM +1000, Ben Woodcroft wrote:

Well, it is unpacking a .gem file rather than a tar.gz, and patching rubygem
sources has never worked. It might be worth fixing this in general, or
perhaps packaging minitar from GitHub rather than rubygems.

Would you like to try packaging minitar from the Git repo so we can get
this bug-fix?

Sure, pushed as bfaf8efd74e88d99f743845357e3f1ff191e23c2.
ben

Re: [PATCH] guix: copy: Use userauth-public-key/auto! for ssh authentification.

[Mathieu OTHACEHE]

> I was surprised to see guix copy unable to authenticate to my servers whereas
> guix offload is working. It's because guix offload uses ~/.ssh/id_rsa as a
> fallback and guix copy doesn't.

And I forget to mention that I wasn't running ssh-agent ...

Sorry,

Mathieu

[PATCH] guix: copy: Use userauth-public-key/auto! for ssh authentification.

[Mathieu Othacehe]

* guix/scripts/copy.scm (open-ssh-session): Replace userauth-agent! by
  userauth-public-key/auto!. This way, if ssh-agent is not run,
  default ssh key (~/.ssh/id_rsa) will be used as a fallback.
---
Hi,

I was surprised to see guix copy unable to authenticate to my servers whereas
guix offload is working. It's because guix offload uses ~/.ssh/id_rsa as a
fallback and guix copy doesn't.

With this patch we can keep using ssh-agent in priority
but fallback to default ssh keys if ssh-agent is not started.

Thanks,

Mathieu

 guix/scripts/copy.scm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/guix/scripts/copy.scm b/guix/scripts/copy.scm
index 9ae204e6c..89f430d81 100644
--- a/guix/scripts/copy.scm
+++ b/guix/scripts/copy.scm
@@ -64,7 +64,7 @@ Throw an error on failure."
 (match (connect! session)
   ('ok
;; Let the SSH agent authenticate us to the server.
-   (match (userauth-agent! session)
+   (match (userauth-public-key/auto! session)
  ('success
   session)
  (x
-- 
2.11.0

python-mistune

[Federico Beffa]

Hi Thomas,

It seems that version 0.7.3 is not present from the source that you indicated:

Starting download of
/gnu/store/iwgpsb0p487iydbs7nkblhvcl3a5wf3d-mistune-0.7.3.tar.gz
>From https://pypi.python.org/packages/source/m/mistune/mistune-0.7.3.tar.gz...
ERROR: download failed
"https://pypi.python.org/packages/source/m/mistune/mistune-0.7.3.tar.gz;
404 "Not Found"

Would you mind fixing it?

Thanks,
Fede

Re: [PATCH core-updates] guix: cmake-build-system: Enable offscreen Qt backend for tests.

[Danny Milosavljevic]

Note: If we do that, we should adapt the packages openimageio, kconfig, 
kidletime, kitemviews, kplotting, kwidgetsaddons, kcrash, kimageformats, 
kdeclarative because these currently invoke Xvfb which would be later 
unnecessary (but harmless, I think).

Not sure why kwidgetsaddons does both set QT_QPA_PLATFORM=offscreen AND invoke 
Xvfb... why?

[PATCH core-updates] guix: cmake-build-system: Enable offscreen Qt backend for tests.

[Danny Milosavljevic]

* guix/build/cmake-build-system.scm (cmake-build-system): Set QT_QPA_PLATFORM 
to "offscreen".
---
 guix/build/cmake-build-system.scm | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/guix/build/cmake-build-system.scm 
b/guix/build/cmake-build-system.scm
index 27f2b5c87..dfe61ce56 100644
--- a/guix/build/cmake-build-system.scm
+++ b/guix/build/cmake-build-system.scm
@@ -67,6 +67,8 @@
 #:allow-other-keys)
   (let ((gnu-check (assoc-ref gnu:%standard-phases 'check)))
 (setenv "CTEST_OUTPUT_ON_FAILURE" "1")
+;; Automated tests can't access user's X session anyway
+(setenv "QT_QPA_PLATFORM" "offscreen")
 (gnu-check #:tests? tests? #:test-target test-target
   #:parallel-tests? parallel-tests?)))
 

[PATCH] bournish: Extend 'rm' command.

[Ricardo Wurmus]

* guix/build/bournish.scm (rm-command): New procedure.
(%commands): Use it.
* tests/bournish.scm: Add tests for "rm" and "rm -r".
---
 guix/build/bournish.scm | 11 ++-
 tests/bournish.scm  | 12 
 2 files changed, 22 insertions(+), 1 deletion(-)

diff --git a/guix/build/bournish.scm b/guix/build/bournish.scm
index 51dad17ba..e948cd03d 100644
--- a/guix/build/bournish.scm
+++ b/guix/build/bournish.scm
@@ -1,6 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2016 Ludovic Courtès 
 ;;; Copyright © 2016 Efraim Flashner 
+;;; Copyright © 2017 Ricardo Wurmus 
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -105,6 +106,14 @@ characters."
((@ (guix build utils) dump-port) port (current-output-port))
*unspecified*)))
 
+(define (rm-command . args)
+  "Emit code for the 'rm' command."
+  (cond ((member "-r" args)
+ `(for-each (@ (guix build utils) delete-file-recursively)
+(list ,@(delete "-r" args
+(else
+ `(for-each delete-file (list ,@args)
+
 (define (lines+chars port)
   "Return the number of lines and number of chars read from PORT."
   (let loop ((lines 0) (chars 0))
@@ -194,7 +203,7 @@ commands such as 'ls' and 'cd'; it lacks globbing, 
pipes---everything.\n"))
   `(("echo"   ,(lambda strings `(list ,@strings)))
 ("cd" ,(lambda (dir) `(chdir ,dir)))
 ("pwd",(lambda () `(getcwd)))
-("rm" ,(lambda (file) `(delete-file ,file)))
+("rm" ,rm-command)
 ("cp" ,(lambda (source dest) `(copy-file ,source ,dest)))
 ("help"   ,help-command)
 ("ls" ,ls-command)
diff --git a/tests/bournish.scm b/tests/bournish.scm
index 0f529ce42..3b40ce264 100644
--- a/tests/bournish.scm
+++ b/tests/bournish.scm
@@ -1,5 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2016 Ludovic Courtès 
+;;; Copyright © 2017 Ricardo Wurmus 
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -38,5 +39,16 @@
   (read-and-compile (open-input-string "cd /foo\npwd\nls")
 #:from %bournish-language #:to 'scheme))
 
+(test-equal "rm"
+  '(for-each delete-file (list "foo" "bar"))
+  (read-and-compile (open-input-string "rm foo bar\n")
+#:from %bournish-language #:to 'scheme))
+
+(test-equal "rm -r"
+  '(for-each (@ (guix build utils) delete-file-recursively)
+ (list "/foo" "/bar"))
+  (read-and-compile (open-input-string "rm -r /foo /bar\n")
+#:from %bournish-language #:to 'scheme))
+
 (test-end "bournish")
 
-- 
2.11.0

Re: [PATCH core-updates 0/6] Wait up!

[Leo Famulari]

On Wed, Jan 25, 2017 at 06:19:32PM +0100, Marius Bakke wrote:
> Sorry for the late series, but I see core-updates isn't fully rolling
> yet. This updates xorg and the latter patch has a proper fix for
> c254ac32004 (untested, though).
> 
> Note: "bdftopcf" is the only package using "libxfont" after this, and
> "xorg-server" gains a hard dependency on "libepoxy".
> 
> Marius Bakke (6):
>   gnu: Add libxfont2.
>   gnu: xorg-server: Use 'modify-phases' syntax.
>   gnu: xorg-server: Update to 1.19.1.
>   gnu: xf86-video-qxl: Change to libxfont2 ABI.
>   gnu: xf86-video-intel: Update to 2.99.917-2-028c946.
>   utils: Add helper method to make files writable.

I have a WIP branch for updating the xorg suite:

https://github.com/lfam/guix/tree/contrib-xorg-server

I was waiting for a few drivers to be updated to the new X server, based
on this thread:
https://lists.freedesktop.org/archives/xorg-devel/2016-November/051849.html

Let's combine our efforts :)

[PATCH 1/1] gnu: mupdf, cups-filters: Incorporated grafted changes.

[Leo Famulari]

* gnu/packages/pdf.scm (mupdf)[replacement]: Remove field.
[source]: Add 'mupdf-mujs-CVE-2016-10132.patch' and
'mupdf-mujs-CVE-2016-10133.patch'.
(mupdf/fixed): Remove variable.
* gnu/packages/cups.scm (cups-filters)[replacement]: Remove field.
(mupdf/fixed-instead-of-mupdf),(cups-filters/fixed): Remove variables.
---
 gnu/packages/cups.scm |  8 
 gnu/packages/pdf.scm  | 17 +++--
 2 files changed, 3 insertions(+), 22 deletions(-)

diff --git a/gnu/packages/cups.scm b/gnu/packages/cups.scm
index 39ab41c19..94f8e91f1 100644
--- a/gnu/packages/cups.scm
+++ b/gnu/packages/cups.scm
@@ -52,7 +52,6 @@
 (define-public cups-filters
   (package
 (name "cups-filters")
-(replacement cups-filters/fixed)
 (version "1.13.1")
 (source(origin
   (method url-fetch)
@@ -135,13 +134,6 @@ filters for the PDF-centric printing workflow introduced 
by OpenPrinting.")
license:lgpl2.0+
license:expat
 
-(define mupdf/fixed-instead-of-mupdf
-  (package-input-rewriting `((,mupdf . ,(@@ (gnu packages pdf) mupdf/fixed)
-
-;;; Fix CVE-2016-10132 and CVE-2016-10133. See mupdf/fixed for more 
information.
-(define cups-filters/fixed
-  (mupdf/fixed-instead-of-mupdf cups-filters))
-
 ;; CUPS on non-MacOS systems requires cups-filters.  Since cups-filters also
 ;; depends on CUPS libraries and binaries, cups-minimal has been added to
 ;; satisfy this dependency.
diff --git a/gnu/packages/pdf.scm b/gnu/packages/pdf.scm
index 2ea48e599..d449b72ee 100644
--- a/gnu/packages/pdf.scm
+++ b/gnu/packages/pdf.scm
@@ -481,7 +481,6 @@ extracting content or merging files.")
 (define-public mupdf
   (package
 (name "mupdf")
-(replacement mupdf/fixed)
 (version "1.10a")
 (source
   (origin
@@ -491,7 +490,9 @@ extracting content or merging files.")
 (sha256
  (base32
   "0dm8wcs8i29aibzkqkrn8kcnk4q0kd1v66pg48h5c3qqp4v1zk5a"))
-(patches (search-patches "mupdf-build-with-openjpeg-2.1.patch"))
+(patches (search-patches "mupdf-build-with-openjpeg-2.1.patch"
+ "mupdf-mujs-CVE-2016-10132.patch"
+ "mupdf-mujs-CVE-2016-10133.patch"))
 (modules '((guix build utils)))
 (snippet
 ;; Delete all the bundled libraries except for mujs, which is
@@ -540,18 +541,6 @@ line tools for batch rendering (pdfdraw), rewriting files 
(pdfclean),
 and examining the file structure (pdfshow).")
 (license license:agpl3+)))
 
-(define mupdf/fixed
-  (package
-(inherit mupdf)
-(source
-  (origin
-(inherit (package-source mupdf))
-(patches
-  (append
-(origin-patches (package-source mupdf))
-(search-patches "mupdf-mujs-CVE-2016-10132.patch"
-"mupdf-mujs-CVE-2016-10133.patch")))
-
 (define-public qpdf
   (package
(name "qpdf")
-- 
2.11.0

[PATCH 0/1] Unwinding the mupdf / cups-filters grafts

[Leo Famulari]

Please review this patch for correctness and style. Thanks in advance :)

Leo Famulari (1):
  gnu: mupdf, cups-filters: Incorporated grafted changes.

 gnu/packages/cups.scm |  8 
 gnu/packages/pdf.scm  | 17 +++--
 2 files changed, 3 insertions(+), 22 deletions(-)

-- 
2.11.0

Re: [PATCH] update haunt to 0.2.1

[Ludovic Courtès]

Howdy David!

"Thompson, David"  skribis:

> On Tue, Jan 24, 2017 at 5:12 PM, Ludovic Courtès  wrote:
>> Catonano  skribis:
>>
>>> From 015719506600bcb674b1d47398af27c2b4f32d18 Mon Sep 17 00:00:00 2001
>>> From: humanitiesNerd 
>>> Date: Tue, 24 Jan 2017 14:55:12 +0100
>>> Subject: [PATCH] gnu: haunt: Update to 0.2.1
>>>
>>> * gnu/packages/guile.scm (haunt): Update to 0.2.1.
>>
>> Applied, thanks.  :-)
>>
>>>  (propagated-inputs
>>> - `(("guile-reader" ,guile-reader)))
>>> + `(("guile-reader" ,guile-reader)
>>> +   ("guile-commonmark" ,guile-commonmark)))
>>
>> We could (should?) avoid this by augmenting the ‘wrap-haunt’ phase.
>>
>> Thoughts?
>
> Agreed, but even better would be if I knew how to make upstream just
> do the right thing to begin with. ;)  Do you know how this could be
> done?

For Haunt’s own modules, you could set the right search path in the
‘haunt’ command itself, like the Shepherd and Guix do.

For these external dependencies, you could always use ‘search-path’ at
configure time to hard-wire their locations in ‘haunt’ as well.  (Guix
does not do that and I don’t know of any project that does, but IWBN.)

Ludo’.

Re: [PATCH] services: Export guix-configuration getters.

[Ludovic Courtès]

Mathieu Othacehe  skribis:

> * gnu/services/base.scm (guix-configuration-*): Export.

Makes sense.  Applied, thanks!

Ludo’.

Re: [PATCH] gnu: coreutils: Fix cross-compilation.

[Ludovic Courtès]

Hi Manolis!

manolis...@gmail.com skribis:

> From: Manolis Ragkousis 
>
> * gnu/packages/patches/coreutils-fix-cross-compilation.patch: New file.
> * gnu/local.mk (dist_patch_DATA): Add it.
> * gnu/packages/base.scm [source]: Use it.

[...]

> --- /dev/null
> +++ b/gnu/packages/patches/coreutils-fix-cross-compilation.patch
> @@ -0,0 +1,15 @@
> +Coreutils fails to cross compile for other platforms because 
> cu_install_program
> +is not being evaluated properly. This patch fixes it.
> +See 
> +--- a/Makefile.in
>  b/Makefile.in
> +@@ -5023,7 +5023,7 @@ pr = progs-readme
> + @CROSS_COMPILING_FALSE@cu_install_program = src/ginstall
> + 
> + # Use the just-built 'ginstall', when not cross-compiling.
> +-@CROSS_COMPILING_TRUE@cu_install_program = @INSTALL_PROGRAM@
> ++@CROSS_COMPILING_TRUE@cu_install_program := @INSTALL@
> + info_TEXINFOS = doc/coreutils.texi

LGTM!  Even if upstream settles on a different approach, this patch is
fine for our purposes.

Thanks for investigating!

Ludo’.

Re: [PATCH 00/96] ocaml-build-system and packages

[Ludovic Courtès]

Hey Julien,

I think I missed the answer to that question:

> Do you have an OPAM importer for this?  We should probably consider
> adding one and an updater as well.  :-)

Ludo’.

Re: Debugging and source code

[Ludovic Courtès]

Pjotr Prins  skribis:

> On Wed, Jan 25, 2017 at 02:22:48PM +0100, Ludovic Courtès wrote:
>> You can always get the right source code by running “guix build -S
>> package”.
>> 
>> OTOH having the source directly in the “debug” (or “source”?) output as
>> you suggest would be more convenient.
>> 
>> The only downside is the extra size of the “debug” output.  Most of the
>> time that’s a price people are happy to pay when they are installing the
>> “debug” output.  But sometimes maybe not.
>
> How about a :debug-full switch?

There’s no switch, only a “debug” output.

Ludo’.

Re: [PATCH 0/1] Help wanted fixing a ruby-minitar bug

[Leo Famulari]

On Wed, Jan 25, 2017 at 09:32:22AM +1000, Ben Woodcroft wrote:
> Well, it is unpacking a .gem file rather than a tar.gz, and patching rubygem
> sources has never worked. It might be worth fixing this in general, or
> perhaps packaging minitar from GitHub rather than rubygems.

Would you like to try packaging minitar from the Git repo so we can get
this bug-fix?

Re: [PATCH] gnu: nss: Update to 3.28.1

[Leo Famulari]

On Wed, Jan 25, 2017 at 11:39:03AM +0100, Mathieu Othacehe wrote:
> * gnu/packages/gnuzilla.scm: Update nss to 3.28.1

Thanks for sending these patches!

We actually already have them on the nss-updates branch:

http://git.savannah.gnu.org/cgit/guix.git/log/?h=nss-updates

But, Mark tried building it on armhf and reported a test failure. Mark,
or anyone else with armhf hardware, can you share some details about how
the tests failed?

gnu: ghc-8: Update to 8.0.2

[Federico Beffa]

beHi,

I've updated our ghc-8 Haskell compiler to the latest version (8.0.2)
and in doing so I've investigated why both 8.0.1 and 8.0.2 do not work
without setting LD_LIBRARY_PATH to the required system libraries.
I've found that NIX had the same problem.  The root cause for them was
that their gcc-wrapper was not able to properly handle arguments
passed through response files.  I suspect that we have the same
problem.

https://github.com/NixOS/nixpkgs/issues/10752
https://github.com/NixOS/nixpkgs/issues/11762

For the moment I've borrowed a patch for GHC that they did use before
fixing the gcc-wrapper. Going forward it would probably be wise to fix
our gcc/ld wrapper as well.

Regards,
Fede
From 35c4fa12cf2eb7316583b41c0c4e8b60f7a59bdc Mon Sep 17 00:00:00 2001
From: Federico Beffa 
Date: Wed, 25 Jan 2017 18:21:43 +0100
Subject: [PATCH] gnu: ghc-8: Update to 8.0.2.

* gnu/packages/haskell.scm (ghc-8): Update to 8.0.2.
* gnu/packages/patches/ghc-dont-pass-linker-flags-via-response-files.patch:
  New file.
* gnu/local.mk (dist_patch_DATA): Add it.
---
 gnu/local.mk   |  1 +
 gnu/packages/haskell.scm   | 31 ++
 ...dont-pass-linker-flags-via-response-files.patch | 24 +
 3 files changed, 33 insertions(+), 23 deletions(-)
 create mode 100644 gnu/packages/patches/ghc-dont-pass-linker-flags-via-response-files.patch

diff --git a/gnu/local.mk b/gnu/local.mk
index 24013a5..93b0c3d 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -549,6 +549,7 @@ dist_patch_DATA =		\
   %D%/packages/patches/gd-fix-tests-on-i686.patch		\
   %D%/packages/patches/gegl-CVE-2012-4433.patch			\
   %D%/packages/patches/geoclue-config.patch			\
+  %D%/packages/patches/ghc-dont-pass-linker-flags-via-response-files.patch	\
   %D%/packages/patches/ghostscript-CVE-2013-5653.patch		\
   %D%/packages/patches/ghostscript-CVE-2015-3228.patch		\
   %D%/packages/patches/ghostscript-CVE-2016-7976.patch		\
diff --git a/gnu/packages/haskell.scm b/gnu/packages/haskell.scm
index 331057a..bdcda7f 100644
--- a/gnu/packages/haskell.scm
+++ b/gnu/packages/haskell.scm
@@ -31,6 +31,7 @@
   #:use-module (guix utils)
   #:use-module (guix build-system gnu)
   #:use-module (guix build-system haskell)
+  #:use-module (gnu packages)
   #:use-module (gnu packages pkg-config)
   #:use-module (gnu packages perl)
   #:use-module (gnu packages compression)
@@ -264,14 +265,17 @@ interactive environment for the functional language Haskell.")
 (define-public ghc-8
   (package
 (name "ghc")
-(version "8.0.1")
+(version "8.0.2")
 (source
  (origin
   (method url-fetch)
   (uri (string-append "https://www.haskell.org/ghc/dist/;
   version "/" name "-" version "-src.tar.xz"))
   (sha256
-   (base32 "1lniqy29djhjkddnailpaqhlqh4ld2mqvb1fxgxw1qqjhz6j1ywh"
+   (base32 "1c8qc4fhkycynk4g1f9hvk53dj6a1vvqi6bklqznns6hw59m8qhi"))
+  (patches
+   (search-patches
+"ghc-dont-pass-linker-flags-via-response-files.patch"
 (build-system gnu-build-system)
 (supported-systems '("i686-linux" "x86_64-linux"))
 (outputs '("out" "doc"))
@@ -287,7 +291,7 @@ interactive environment for the functional language Haskell.")
  "https://www.haskell.org/ghc/dist/;
  version "/" name "-" version "-testsuite.tar.xz"))
(sha256
-(base32 "0lc1vjivkxn01aw3jg2gd7fmqb5pj7a5j987c7pn5r7caqv1cmxw"))
+(base32 "1wjc3x68l305bl1h1ijd3yhqp2vqj83lkp3kqbr94qmmkqlms8sj"))
 (native-inputs
  `(("perl" ,perl)
("python" ,python-2); for tests
@@ -309,13 +313,6 @@ interactive environment for the functional language Haskell.")
;; then complains that they don't match.
#:build #f
 
-   #:modules ((guix build gnu-build-system)
-  (guix build utils)
-  (guix build rpath)
-  (srfi srfi-26)
-  (srfi srfi-1))
-   #:imported-modules (,@%gnu-build-system-modules
-   (guix build rpath))
#:configure-flags
(list
 (string-append "--with-gmp-libraries="
@@ -363,19 +360,7 @@ interactive environment for the functional language Haskell.")
"testsuite/tests/programs/life_space_leak/life.test")
(("/bin/sh") (which "sh"))
(("/bin/rm") "rm"))
- #t))
- ;; the testsuite can't find shared libraries.
- (add-before 'check 'configure-testsuite
-   (lambda* (#:key inputs #:allow-other-keys)
- (let* ((gmp (assoc-ref inputs "gmp"))
-(gmp-lib (string-append gmp "/lib"))
-(ffi (assoc-ref inputs "libffi"))
-(ffi-lib (string-append ffi "/lib"))
-(ncurses (assoc-ref inputs "ncurses"))
-(ncurses-lib 

[PATCH core-updates 2/6] gnu: xorg-server: Use 'modify-phases' syntax.

[Marius Bakke]

* gnu/packages/xorg.scm (xorg-server)[arguments]: Use 'modify-phases'.
---
 gnu/packages/xorg.scm | 24 +---
 1 file changed, 13 insertions(+), 11 deletions(-)

diff --git a/gnu/packages/xorg.scm b/gnu/packages/xorg.scm
index eefb24116..0bff1159d 100644
--- a/gnu/packages/xorg.scm
+++ b/gnu/packages/xorg.scm
@@ -5061,17 +5061,19 @@ over Xlib, including:
  "--enable-kdrive"
  "--enable-xephyr")
 
-   #:phases (alist-cons-before
- 'configure 'pre-configure
- (lambda _
-   (substitute* (find-files "." "\\.c$")
- (("/bin/sh") (which "sh")))
-
-   ;; Don't try to 'mkdir /var'.
-   (substitute* "hw/xfree86/Makefile.in"
- (("\\$\\(MKDIR_P\\).*logdir.*")
-  "true\n")))
- %standard-phases)))
+   #:phases
+   (modify-phases %standard-phases
+ (add-before
+  'configure 'pre-configure
+  (lambda _
+(substitute* (find-files "." "\\.c$")
+  (("/bin/sh") (which "sh")))
+
+;; Don't try to 'mkdir /var'.
+(substitute* "hw/xfree86/Makefile.in"
+  (("\\$\\(MKDIR_P\\).*logdir.*")
+   "true\n"))
+#t)
 (home-page "https://www.x.org/wiki/;)
 (synopsis "Xorg implementation of the X Window System")
 (description
-- 
2.11.0

[PATCH core-updates 0/6] Wait up!

[Marius Bakke]

Sorry for the late series, but I see core-updates isn't fully rolling
yet. This updates xorg and the latter patch has a proper fix for
c254ac32004 (untested, though).

Note: "bdftopcf" is the only package using "libxfont" after this, and
"xorg-server" gains a hard dependency on "libepoxy".

Marius Bakke (6):
  gnu: Add libxfont2.
  gnu: xorg-server: Use 'modify-phases' syntax.
  gnu: xorg-server: Update to 1.19.1.
  gnu: xf86-video-qxl: Change to libxfont2 ABI.
  gnu: xf86-video-intel: Update to 2.99.917-2-028c946.
  utils: Add helper method to make files writable.

 gnu/build/activation.scm|  5 
 gnu/packages/xorg.scm   | 56 +++--
 guix/build/gnu-build-system.scm |  6 +++--
 guix/build/utils.scm|  6 +
 4 files changed, 47 insertions(+), 26 deletions(-)

-- 
2.11.0

[PATCH core-updates 1/6] gnu: Add libxfont2.

[Marius Bakke]

* gnu/packages/xorg.scm (libxfont2): New variable.
---
 gnu/packages/xorg.scm | 15 +++
 1 file changed, 15 insertions(+)

diff --git a/gnu/packages/xorg.scm b/gnu/packages/xorg.scm
index 7a534592b..eefb24116 100644
--- a/gnu/packages/xorg.scm
+++ b/gnu/packages/xorg.scm
@@ -4787,6 +4787,21 @@ not be used by normal X11 clients.  X11 clients access 
fonts via either the
 new API's in libXft, or the legacy API's in libX11.")
 (license license:x11)))
 
+;; This package is cut from the libxfont sources, but is distributed
+;; under a new name. See release announcement for details:
+;; https://lists.x.org/archives/xorg-announce/2015-December/002661.html
+(define-public libxfont2
+  (package
+(inherit libxfont)
+(name "libxfont2")
+(version "2.0.1")
+(source (origin
+  (method url-fetch)
+  (uri (string-append "mirror://xorg/individual/lib/libXfont2-"
+  version ".tar.bz2"))
+  (sha256
+   (base32
+"0znvwk36nhmyqpmhbm9mzisgixp1mp5qkfald8x1n5yxbm3vpyz9"))
 
 (define-public libxi
   (package
-- 
2.11.0

[PATCH core-updates 5/6] gnu: xf86-video-intel: Update to 2.99.917-2-028c946.

[Marius Bakke]

* gnu/packages/xorg.scm (xf86-video-intel): Update to 2.99.917-2-028c946.
[inputs]: Change LIBXFONT to LIBXFONT2.
---
 gnu/packages/xorg.scm | 8 
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/gnu/packages/xorg.scm b/gnu/packages/xorg.scm
index db9ced9e5..9955ef5b4 100644
--- a/gnu/packages/xorg.scm
+++ b/gnu/packages/xorg.scm
@@ -2770,10 +2770,10 @@ X server.")
 
 
 (define-public xf86-video-intel
-  (let ((commit "d1672806a5222f00dcc2eb24ccddd03f727f71bc"))
+  (let ((commit "028c946df0855728b2a34d1d588701dc6c5ad4c1"))
 (package
   (name "xf86-video-intel")
-  (version (string-append "2.99.917-1-" (string-take commit 7)))
+  (version (string-append "2.99.917-2-" (string-take commit 7)))
   (source
(origin
  ;; there's no current tarball
@@ -2783,13 +2783,13 @@ X server.")
(commit commit)))
  (sha256
   (base32
-   "16hfcj11lbn6lp0hgrixidbfb7mghm1yn4lynmymm985w1gg0n72"))
+   "1z88lz87ry211mv1s03nvyawi4yrj2cngsq45914njqc0sdbz2af"))
  (file-name (string-append name "-" version
   (build-system gnu-build-system)
   (inputs `(("mesa" ,mesa)
 ("udev" ,eudev)
 ("libx11" ,libx11)
-("libxfont" ,libxfont)
+("libxfont2" ,libxfont2)
 ("xorg-server" ,xorg-server)))
   (native-inputs
`(("pkg-config" ,pkg-config)
-- 
2.11.0

[PATCH core-updates 4/6] gnu: xf86-video-qxl: Change to libxfont2 ABI.

[Marius Bakke]

* gnu/packages/xorg.scm (xf86-video-qxl)[inputs]: Change LIBXFONT to LIBXFONT2.
---
 gnu/packages/xorg.scm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gnu/packages/xorg.scm b/gnu/packages/xorg.scm
index 5c38685bb..db9ced9e5 100644
--- a/gnu/packages/xorg.scm
+++ b/gnu/packages/xorg.scm
@@ -3047,7 +3047,7 @@ UniChrome Pro and Chrome9 integrated graphics 
processors.")
 (build-system gnu-build-system)
 (inputs
   `(("fontsproto" ,fontsproto)
-("libxfont" ,libxfont)
+("libxfont2" ,libxfont2)
 ("spice-protocol" ,spice-protocol)
 ("xf86dgaproto" ,xf86dgaproto)
 ("xorg-server" ,xorg-server)
-- 
2.11.0

[PATCH core-updates 6/6] utils: Add helper method to make files writable.

[Marius Bakke]

* gnu/build/activation.scm (make-file-writable): Move this to ...
* guix/build/utils.scm (make-file-writable): ... here. Export it.
* guix/build/gnu-build-system.scm (strip): Use it.
---
 gnu/build/activation.scm| 5 -
 guix/build/gnu-build-system.scm | 6 --
 guix/build/utils.scm| 6 ++
 3 files changed, 10 insertions(+), 7 deletions(-)

diff --git a/gnu/build/activation.scm b/gnu/build/activation.scm
index 1b31dc153..756a6872b 100644
--- a/gnu/build/activation.scm
+++ b/gnu/build/activation.scm
@@ -78,11 +78,6 @@
 (define (dot-or-dot-dot? file)
   (member file '("." "..")))
 
-(define (make-file-writable file)
-  "Make FILE writable for its owner.."
-  (let ((stat (lstat file)))  ;XXX: symlinks
-(chmod file (logior #o600 (stat:perms stat)
-
 (define* (copy-account-skeletons home
  #:optional (directory %skeleton-directory))
   "Copy the account skeletons from DIRECTORY to HOME."
diff --git a/guix/build/gnu-build-system.scm b/guix/build/gnu-build-system.scm
index 59394c2ca..e83ec22ae 100644
--- a/guix/build/gnu-build-system.scm
+++ b/guix/build/gnu-build-system.scm
@@ -393,8 +393,10 @@ makefiles."
  (or (elf-file? file) (ar-file? file))
  (or (not debug-output)
  (make-debug-file file))
- ;; Ensure libraries are writable.
- (chmod file #o755)
+
+ ;; Ensure the file is writable.
+ (make-file-writable file)
+
  (zero? (apply system* strip-command
(append strip-flags (list file
  (or (not debug-output)
diff --git a/guix/build/utils.scm b/guix/build/utils.scm
index cf0932639..021df1bfb 100644
--- a/guix/build/utils.scm
+++ b/guix/build/utils.scm
@@ -48,6 +48,7 @@
 with-directory-excursion
 mkdir-p
 install-file
+make-file-writable
 copy-recursively
 delete-file-recursively
 file-name-predicate
@@ -237,6 +238,11 @@ name."
   (mkdir-p directory)
   (copy-file file (string-append directory "/" (basename file
 
+(define (make-file-writable file)
+  "Make FILE writable for its owner.."
+  (let ((stat (lstat file)))  ;XXX: symlinks
+(chmod file (logior #o600 (stat:perms stat)
+
 (define* (copy-recursively source destination
#:key
(log (current-output-port))
-- 
2.11.0

[PATCH core-updates 3/6] gnu: xorg-server: Update to 1.19.1.

[Marius Bakke]

* gnu/packages/xorg.scm (xorg-server, xorg-server-xwayland): Update to 1.19.1.
[inputs]: Change from LIBXFONT to LIBXFONT2. Add LIBEPOXY.
---
 gnu/packages/xorg.scm | 7 ---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/gnu/packages/xorg.scm b/gnu/packages/xorg.scm
index 0bff1159d..5c38685bb 100644
--- a/gnu/packages/xorg.scm
+++ b/gnu/packages/xorg.scm
@@ -4969,7 +4969,7 @@ over Xlib, including:
 (define-public xorg-server
   (package
 (name "xorg-server")
-(version "1.18.4")
+(version "1.19.1")
 (source
   (origin
 (method url-fetch)
@@ -4978,7 +4978,7 @@ over Xlib, including:
   name "-" version ".tar.bz2"))
 (sha256
  (base32
-  "1j1i3n5xy1wawhk95kxqdc54h34kg7xp4nnramba2q8xqfr5k117"
+  "1yx7cnlhl14hsdq5lg0740s4nxqxkmaav38x428llv1zkprjrbkr"
 (build-system gnu-build-system)
 (propagated-inputs
   `(("dri2proto" ,dri2proto)
@@ -5007,12 +5007,13 @@ over Xlib, including:
 ("dbus" ,dbus)
 ("dmxproto" ,dmxproto)
 ("libdmx" ,libdmx)
+("libepoxy" ,libepoxy)
 ("libgcrypt" ,libgcrypt)
 ("libxau" ,libxau)
 ("libxaw" ,libxaw)
 ("libxdmcp" ,libxdmcp)
 ("libxfixes" ,libxfixes)
-("libxfont" ,libxfont)
+("libxfont2" ,libxfont2)
 ("libxkbfile" ,libxkbfile)
 ("libxrender" ,libxrender)
 ("libxres" ,libxres)
-- 
2.11.0

[PATCH] services: Export guix-configuration getters.

[Mathieu Othacehe]

* gnu/services/base.scm (guix-configuration-*): Export.
---
Hi,

I have multiple configurations inheriting from one another.
In one of them I use this code:

(services
(modify-services %common-services
(guix-service-type
 config =>
 (guix-configuration
  (inherit config)
  (substitute-urls
   (cons "http://192.168.0.20:8081;
 (guix-configuration-substitute-urls config))

So I think guix-configuration-* getters should be exported to
allow this kind of code.

Thanks,

Mathieu

 gnu/services/base.scm | 12 
 1 file changed, 12 insertions(+)

diff --git a/gnu/services/base.scm b/gnu/services/base.scm
index 1b1ce0d5e..ef4d4b723 100644
--- a/gnu/services/base.scm
+++ b/gnu/services/base.scm
@@ -99,6 +99,18 @@
 %default-authorized-guix-keys
 guix-configuration
 guix-configuration?
+
+guix-configuration-guix
+guix-configuration-build-group
+guix-configuration-build-accounts
+guix-configuration-authorize-key?
+guix-configuration-authorized-keys
+guix-configuration-use-substitutes?
+guix-configuration-substitute-urls
+guix-configuration-extra-options
+guix-configuration-log-file
+guix-configuration-lsof
+
 guix-service
 guix-service-type
 guix-publish-configuration
-- 
2.11.0

Re: A postinst equivalent in Guix?

[Christopher Allan Webber]

John Darrington writes:

> On Wed, Jan 25, 2017 at 02:15:12PM +0100, Ludovic Court??s wrote:
>  Christopher Allan Webber  skribis:
>
>  > Ludovic Court??s writes:
>  >
>  >> Georgi Kirilov  skribis:
>  >>
>  >>> On Sat, Jan 21, 2017 at 04:34:55PM +0100, Ludovic Court??s wrote:
>  >>>
>  To make things more concrete, we could discuss specific packages you 
> are
>  interested in and see how we could provide them in Guix{,SD}.
>  >>>
>  >>> The package is the old bsd-games bundle. Some of the games need to
>  >>> write score files under /var/lib/bsdgames/
>  >>> You can find attached my patch so far.
>  >>
>  >> The patch looks good to me!
>  >>
>  >> As for /var/lib/bsdgames, then it???s up to the admin to set the right
>  >> permissions on it.  We can ensure that it exists and has the right
>  >> permissions on GuixSD, but on foreign distros, there???s nothing we 
> can
>  >> do.
>  >>
>  >> We could also modify bsd-games such that it falls back to
>  >> ~/.local/bsdgames when /var/lib/bsdgames isn???t accessible (and it 
> would
>  >> be worth submitting upstream).  ISTR this was discussed for one of the
>  >> games present in Guix.
>  >>
>  >> WDYT?
>  >>
>  >> Ludo???.
>  >
>  > I'm a bit wary about GuixSD packages declaring being able to write to
>  > /var/ anything by default.  What would the permissions be?  I guess if
>  > it were world-writable to all "users" group users it would be okayish.
>  >
>  > Note that KoboDeluxe includes a patch snarfed from Debian that comments
>  > out the ability to save score files for this same reason, and it was
>  > marked in Debian as a security patch IIRC...
>
>  Yeah, I think scores in /var are a remnant of the past.  Unix just lacks
>  a good way to address this use case.
>
>  So it sounds best for games to use a score file under $HOME by default.
>
> I always thought the unix way was rather nice.   The scores file was owned by
> "games" and programs which wanted to write to them were setuid games.
>
> That way everyone on the system shares the same scores file.
>
> J'

It's fun but... does anyone still play games on the same shared machine
anymore and compare score files?

Except for maybe nethack on fencepost ... ;)

Re: [PATCH] update haunt to 0.2.1

[Thompson, David]

Hey Ludo,

On Tue, Jan 24, 2017 at 5:12 PM, Ludovic Courtès  wrote:
> Catonano  skribis:
>
>> From 015719506600bcb674b1d47398af27c2b4f32d18 Mon Sep 17 00:00:00 2001
>> From: humanitiesNerd 
>> Date: Tue, 24 Jan 2017 14:55:12 +0100
>> Subject: [PATCH] gnu: haunt: Update to 0.2.1
>>
>> * gnu/packages/guile.scm (haunt): Update to 0.2.1.
>
> Applied, thanks.  :-)
>
>>  (propagated-inputs
>> - `(("guile-reader" ,guile-reader)))
>> + `(("guile-reader" ,guile-reader)
>> +   ("guile-commonmark" ,guile-commonmark)))
>
> We could (should?) avoid this by augmenting the ‘wrap-haunt’ phase.
>
> Thoughts?

Agreed, but even better would be if I knew how to make upstream just
do the right thing to begin with. ;)  Do you know how this could be
done?

Thanks,

- Dave

Re: [PATCH] scripts: container: Pass through TERM when calling exec

[Thompson, David]

Hey Christopher,

On Wed, Jan 25, 2017 at 2:24 AM, Christopher Baines  wrote:
> * guix/scripts/container/exec.scm (guix-container-exec): Capture the value of
>   the TERM environment variable, and pass it through to the container.  This
>   means some applications now work where they did not before (e.g. htop), and
>   others have more functionality, providing that the terminal was capable of
>   enabling that functionality in the first place.

Good idea! Thanks for doing this!

- Dave

[PATCH] gnu: coreutils: Fix cross-compilation.

[manolis837]

From: Manolis Ragkousis 

* gnu/packages/patches/coreutils-fix-cross-compilation.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/base.scm [source]: Use it.
---
 gnu/local.mk  |  1 +
 gnu/packages/base.scm |  3 ++-
 .../patches/coreutils-fix-cross-compilation.patch | 15 +++
 3 files changed, 18 insertions(+), 1 deletion(-)
 create mode 100644 gnu/packages/patches/coreutils-fix-cross-compilation.patch

diff --git a/gnu/local.mk b/gnu/local.mk
index 532ea51dd..82bf89cf7 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -510,6 +510,7 @@ dist_patch_DATA =   
\
   %D%/packages/patches/clx-remove-demo.patch   \
   %D%/packages/patches/cmake-fix-tests.patch   \
   %D%/packages/patches/coda-use-system-libs.patch  \
+  %D%/packages/patches/coreutils-fix-cross-compilation.patch\
   %D%/packages/patches/cpio-CVE-2016-2037.patch\
   %D%/packages/patches/cpufrequtils-fix-aclocal.patch  \
   %D%/packages/patches/cracklib-CVE-2016-6318.patch\
diff --git a/gnu/packages/base.scm b/gnu/packages/base.scm
index f6946f3c9..703274d0c 100644
--- a/gnu/packages/base.scm
+++ b/gnu/packages/base.scm
@@ -291,7 +291,8 @@ used to apply commands with arbitrarily long arguments.")
 version ".tar.xz"))
 (sha256
  (base32
-  "13lspazc7xkviy93qz7ks9jv4sldvgmwpq36ghrbrqpq93br8phm"
+  "13lspazc7xkviy93qz7ks9jv4sldvgmwpq36ghrbrqpq93br8phm"))
+(patches (search-patches 
"coreutils-fix-cross-compilation.patch"
(build-system gnu-build-system)
(inputs `(("acl"  ,acl); TODO: add SELinux
  ("gmp"  ,gmp);bignums in 'expr', yay!
diff --git a/gnu/packages/patches/coreutils-fix-cross-compilation.patch 
b/gnu/packages/patches/coreutils-fix-cross-compilation.patch
new file mode 100644
index 0..3f0d35c33
--- /dev/null
+++ b/gnu/packages/patches/coreutils-fix-cross-compilation.patch
@@ -0,0 +1,15 @@
+Coreutils fails to cross compile for other platforms because cu_install_program
+is not being evaluated properly. This patch fixes it.
+See 
+--- a/Makefile.in
 b/Makefile.in
+@@ -5023,7 +5023,7 @@ pr = progs-readme
+ @CROSS_COMPILING_FALSE@cu_install_program = src/ginstall
+ 
+ # Use the just-built 'ginstall', when not cross-compiling.
+-@CROSS_COMPILING_TRUE@cu_install_program = @INSTALL_PROGRAM@
++@CROSS_COMPILING_TRUE@cu_install_program := @INSTALL@
+ info_TEXINFOS = doc/coreutils.texi
+ doc_coreutils_TEXINFOS = \
+   doc/perm.texi \
+
-- 
2.11.0

Re: A postinst equivalent in Guix?

[Georgi Kirilov]

On Mon, Jan 23, 2017 at 10:34:55AM +0100, Ludovic Courtès wrote:

As for /var/lib/bsdgames, then it’s up to the admin to set the right
permissions on it.  We can ensure that it exists and has the right
permissions on GuixSD, but on foreign distros, there’s nothing we can
do.


Yep, I think making it work in GuixSD is enough :)
Other distros have their own package.

I tried adding a gnu/services/games.scm and mimicking what the other 
services did, but I don't even know how to trigger the code.

I would appreciate any help.

On Wed, Jan 25, 2017 at 02:42:41PM +0100, John Darrington wrote:

I always thought the unix way was rather nice.   The scores file was owned by
"games" and programs which wanted to write to them were setuid games.

That way everyone on the system shares the same scores file.


Yes, some of these games maintain and query a system-wide top scores 
list so users can try to beat each other's top scores.


On Tue, Jan 24, 2017 at 06:26:28PM -0600, Christopher Allan Webber wrote:

I'm a bit wary about GuixSD packages declaring being able to write to
/var/ anything by default.  What would the permissions be?  I guess if
it were world-writable to all "users" group users it would be okayish.


This is exactly how this package does it - it installs initial, empty 
score files and chgrp's them to 'users'.

Re: A postinst equivalent in Guix?

[John Darrington]

On Wed, Jan 25, 2017 at 02:15:12PM +0100, Ludovic Court??s wrote:
 Christopher Allan Webber  skribis:
 
 > Ludovic Court??s writes:
 >
 >> Georgi Kirilov  skribis:
 >>
 >>> On Sat, Jan 21, 2017 at 04:34:55PM +0100, Ludovic Court??s wrote:
 >>>
 To make things more concrete, we could discuss specific packages you 
are
 interested in and see how we could provide them in Guix{,SD}.
 >>>
 >>> The package is the old bsd-games bundle. Some of the games need to
 >>> write score files under /var/lib/bsdgames/
 >>> You can find attached my patch so far.
 >>
 >> The patch looks good to me!
 >>
 >> As for /var/lib/bsdgames, then it???s up to the admin to set the right
 >> permissions on it.  We can ensure that it exists and has the right
 >> permissions on GuixSD, but on foreign distros, there???s nothing we can
 >> do.
 >>
 >> We could also modify bsd-games such that it falls back to
 >> ~/.local/bsdgames when /var/lib/bsdgames isn???t accessible (and it 
would
 >> be worth submitting upstream).  ISTR this was discussed for one of the
 >> games present in Guix.
 >>
 >> WDYT?
 >>
 >> Ludo???.
 >
 > I'm a bit wary about GuixSD packages declaring being able to write to
 > /var/ anything by default.  What would the permissions be?  I guess if
 > it were world-writable to all "users" group users it would be okayish.
 >
 > Note that KoboDeluxe includes a patch snarfed from Debian that comments
 > out the ability to save score files for this same reason, and it was
 > marked in Debian as a security patch IIRC...
 
 Yeah, I think scores in /var are a remnant of the past.  Unix just lacks
 a good way to address this use case.
 
 So it sounds best for games to use a score file under $HOME by default.
 
I always thought the unix way was rather nice.   The scores file was owned by 
"games" and programs which wanted to write to them were setuid games.

That way everyone on the system shares the same scores file.

J'
 

-- 
Avoid eavesdropping.  Send strong encrypted email.
PGP Public key ID: 1024D/2DE827B3 
fingerprint = 8797 A26D 0854 2EAB 0285  A290 8A67 719C 2DE8 27B3
See http://sks-keyservers.net or any PGP keyserver for public key.



signature.asc
Description: Digital signature

Re: [PATCH] gnu: Add stunnel.

[Ludovic Courtès]

Hello,

Thomas Danckaert  skribis:

> this patch adds stunnel. For the description, I just used stunnel's “about”
> page, so the second sentence is perhaps not 100% neutral.

That’s OK.  :-)

> Also, I wasn't sure if this should go in web.scm, networking.scm,
> tls.scm, or still somewhere else.

Dunno, web.scm is OK I think.

> From 354c89c91414412127bc1ae54ccce0d9f0f51b0a Mon Sep 17 00:00:00 2001
> From: Thomas Danckaert 
> Date: Wed, 25 Jan 2017 08:50:30 +0100
> Subject: [PATCH] gnu: Add stunnel.
>
> * gnu/packages/web.scm (stunnel): New variable.

Pushed, thanks!

Ludo’.

Re: Debugging and source code

[Pjotr Prins]

On Wed, Jan 25, 2017 at 02:22:48PM +0100, Ludovic Courtès wrote:
> You can always get the right source code by running “guix build -S
> package”.
> 
> OTOH having the source directly in the “debug” (or “source”?) output as
> you suggest would be more convenient.
> 
> The only downside is the extra size of the “debug” output.  Most of the
> time that’s a price people are happy to pay when they are installing the
> “debug” output.  But sometimes maybe not.

How about a :debug-full switch?

Pj.

Re: [PATCH] scripts: container: Pass through TERM when calling exec

[Ludovic Courtès]

Christopher Baines  skribis:

> + (environment (fold (lambda (name alist)
> +  (let ((value (getenv name)))
> +(if value
> +(cons (cons name value) alist)
> +alist)))
> +'()
> +;; Pass through the TERM environment variable
> +;; to inform processes about the capabilities
> +;; of the terminal
> +'("TERM"

I changed that to ‘filter-map’, which is slightly more concise.

Ludo’.

Re: [PATCH] scripts: container: Pass through TERM when calling exec

[Ludovic Courtès]

Christopher Baines  skribis:

> * guix/scripts/container/exec.scm (guix-container-exec): Capture the value of
>   the TERM environment variable, and pass it through to the container.  This
>   means some applications now work where they did not before (e.g. htop), and
>   others have more functionality, providing that the terminal was capable of
>   enabling that functionality in the first place.

Good idea.  Applied, thanks!

Ludo’.

Re: Debugging and source code

[Ludovic Courtès]

Pjotr Prins  skribis:

> Since we allow for debug symbols using :debug (great feature!), can we
> also add the unpacked source tree to the package by default? Say in
> ~/.guix-profile/lib/debug/ or some place. Anyone who wants to debug
> has to fetch that anyway and that raises the problem of what source
> code to fetch.

You can always get the right source code by running “guix build -S
package”.

OTOH having the source directly in the “debug” (or “source”?) output as
you suggest would be more convenient.

The only downside is the extra size of the “debug” output.  Most of the
time that’s a price people are happy to pay when they are installing the
“debug” output.  But sometimes maybe not.

For example, I always have gcc-toolchain:debug, libgc:debug, and a few
others in my profile, “just in case.”  My goal is to have libc and libgc
symbols when I something goes wrong, but I typically already have
checkouts of these libraries elsewhere.  If the source was in the
“debug” output, I’d pay a pretty high cost (esp. for libc) that I could
have avoided.  Maybe this is a corner case, though.

What do people think?

Ludo’.

Re: A postinst equivalent in Guix?

[Ludovic Courtès]

Christopher Allan Webber  skribis:

> Ludovic Courtès writes:
>
>> Georgi Kirilov  skribis:
>>
>>> On Sat, Jan 21, 2017 at 04:34:55PM +0100, Ludovic Courtès wrote:
>>>
To make things more concrete, we could discuss specific packages you are
interested in and see how we could provide them in Guix{,SD}.
>>>
>>> The package is the old bsd-games bundle. Some of the games need to
>>> write score files under /var/lib/bsdgames/
>>> You can find attached my patch so far.
>>
>> The patch looks good to me!
>>
>> As for /var/lib/bsdgames, then it’s up to the admin to set the right
>> permissions on it.  We can ensure that it exists and has the right
>> permissions on GuixSD, but on foreign distros, there’s nothing we can
>> do.
>>
>> We could also modify bsd-games such that it falls back to
>> ~/.local/bsdgames when /var/lib/bsdgames isn’t accessible (and it would
>> be worth submitting upstream).  ISTR this was discussed for one of the
>> games present in Guix.
>>
>> WDYT?
>>
>> Ludo’.
>
> I'm a bit wary about GuixSD packages declaring being able to write to
> /var/ anything by default.  What would the permissions be?  I guess if
> it were world-writable to all "users" group users it would be okayish.
>
> Note that KoboDeluxe includes a patch snarfed from Debian that comments
> out the ability to save score files for this same reason, and it was
> marked in Debian as a security patch IIRC...

Yeah, I think scores in /var are a remnant of the past.  Unix just lacks
a good way to address this use case.

So it sounds best for games to use a score file under $HOME by default.

Ludo’.

Re: [PATCH] services: Fix 'mkdir-p' in activation scripts.

[Ludovic Courtès]

Clément Lassieur  skribis:

> * gnu/services/cups.scm (%cups-activation): Import (guix build utils).
> * gnu/services/mail.scm (opensmtpd-activation): Idem.
> * gnu/services/networking.scm (ntp-service-activation): Idem.
> * gnu/services/spice.scm (spice-vdagent-activation): Idem.
> * gnu/services/ssh.scm (openssh-activation): Idem.
>   (dropbear-activation): Idem.
> * gnu/services/vpn.scm (%openvpn-activation): Idem.

Applied, thanks!

Ludo’.

Re: Hardening

[Ludovic Courtès]

Hi!

ng0  skribis:

> For starters, I think we could have an "hardened-wip" branch on
> savannah (I can't commit anyway directly) and that we can target
> SELinux for now, look at Hardened-gentoo and other systems how
> they solve issues.  Afterwards we need to address the toolchain
> level, which to our advantage can be an make and break by hydra
> and everyone who wants to contribute to fixing issues can run
> their system from the hardening-toolchain-wip branch to
> contribute to fixing all the breaking applications.
>
> Then we need to discuss wether we want to provide this by default
> (my choice) OR if we want to offer a branch-choice model.
> Supporting both vanilla and hardened might take some more burden
> on fixing issues, that's why I'm all for forming a team of people
> who work on this, and when they no longer want to, other people
> join the rest of the old team, etc.

Before creating a branch, I think we need a plan.  :-)

Alex Vong proposed ways to achieve it a while back:

  https://lists.gnu.org/archive/html/guix-devel/2015-12/msg00702.html

I suggest taking a look at the discussion and starting from there.

The best option is probably to start small (limited set of
features/flags/options) and then incrementally improve that.

Ludo’.

Re: [PATCH 1/2] gnu: Add mbedtls.

[ng0]

Actually it is 1/2 because this is a requirement for hiawatha
webserver, but I checked the bin/hello of mbedtls and it
worked. I'm positive this is functional without the need for a
PoC application which depends on it.

contact@cryptolab.net writes:

> From: ng0 
>
> * gnu/packages/tls.scm (mbedtls): New variable.
> ---
>  gnu/packages/tls.scm | 36 +++-
>  1 file changed, 35 insertions(+), 1 deletion(-)
>
> diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
> index 1198eb7d0..aa6837f78 100644
> --- a/gnu/packages/tls.scm
> +++ b/gnu/packages/tls.scm
> @@ -7,7 +7,7 @@
>  ;;; Copyright © 2015, 2016 Leo Famulari 
>  ;;; Copyright © 2015, 2016, 2017 Leo Famulari 
>  ;;; Copyright © 2016 Efraim Flashner 
> -;;; Copyright © 2016 ng0 
> +;;; Copyright © 2016, 2017 ng0 
>  ;;; Copyright © 2016 Hartmut Goebel 
>  ;;;
>  ;;; This file is part of GNU Guix.
> @@ -33,9 +33,12 @@
>#:use-module (guix build-system gnu)
>#:use-module (guix build-system perl)
>#:use-module (guix build-system python)
> +  #:use-module (guix build-system cmake)
>#:use-module (gnu packages compression)
> +  #:use-module (gnu packages documentation)
>#:use-module (gnu packages)
>#:use-module (gnu packages guile)
> +  #:use-module (gnu packages graphviz)
>#:use-module (gnu packages libbsd)
>#:use-module (gnu packages libffi)
>#:use-module (gnu packages libidn)
> @@ -769,3 +772,34 @@ then ported to the GNU / Linux environment.")
>  ;; acme-client is distributed under the ISC license, but the files 
> 'jsmn.h'
>  ;; and 'jsmn.c' are distributed under the Expat license.
>  (license (list license:isc license:expat
> +
> +(define-public mbedtls
> +  (package
> +(name "mbedtls")
> +(version "2.4.1")
> +(source
> + (origin
> +   (method url-fetch)
> +   ;; FIXME: Tarball on tls.mbed.org can no be fetched by our downloader.
> +   (uri (string-append "https://github.com/ARMmbed/mbedtls/archive;
> +   "/mbedtls-" version ".tar.gz"))
> +   (file-name (string-append name "-" version ".tgz"))
> +   (sha256
> +(base32
> + "1jzl99vkrddyjb1ldxygnql1hlxx846drvqpiwf6nhphw5czx18c"
> +(build-system cmake-build-system)
> +(native-inputs
> + `(("perl" ,perl) ; Tests
> +   ("doxygen" ,doxygen)
> +   ("graphviz" ,graphviz)))
> +(inputs
> + `(("zlib" ,zlib)
> +   ("openssl" ,openssl)))
> +(synopsis "Small TLS library")
> +(description
> + "@code{mbed TLS}, formerly known as PolarSSL, makes it trivially easy
> +for developers to include cryptographic and SSL/TLS capabilities in their
> +(embedded) products, facilitating this functionality with a minimal
> +coding footprint.")
> +(home-page "https://tls.mbed.org;)
> +(license license:asl2.0)))
> -- 
> 2.11.0
>
>

-- 
♥Ⓐ  ng0 -- https://www.inventati.org/patternsinthechaos/

[PATCH 1/2] gnu: Add mbedtls.

[contact . ng0]

From: ng0 

* gnu/packages/tls.scm (mbedtls): New variable.
---
 gnu/packages/tls.scm | 36 +++-
 1 file changed, 35 insertions(+), 1 deletion(-)

diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index 1198eb7d0..aa6837f78 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -7,7 +7,7 @@
 ;;; Copyright © 2015, 2016 Leo Famulari 
 ;;; Copyright © 2015, 2016, 2017 Leo Famulari 
 ;;; Copyright © 2016 Efraim Flashner 
-;;; Copyright © 2016 ng0 
+;;; Copyright © 2016, 2017 ng0 
 ;;; Copyright © 2016 Hartmut Goebel 
 ;;;
 ;;; This file is part of GNU Guix.
@@ -33,9 +33,12 @@
   #:use-module (guix build-system gnu)
   #:use-module (guix build-system perl)
   #:use-module (guix build-system python)
+  #:use-module (guix build-system cmake)
   #:use-module (gnu packages compression)
+  #:use-module (gnu packages documentation)
   #:use-module (gnu packages)
   #:use-module (gnu packages guile)
+  #:use-module (gnu packages graphviz)
   #:use-module (gnu packages libbsd)
   #:use-module (gnu packages libffi)
   #:use-module (gnu packages libidn)
@@ -769,3 +772,34 @@ then ported to the GNU / Linux environment.")
 ;; acme-client is distributed under the ISC license, but the files 'jsmn.h'
 ;; and 'jsmn.c' are distributed under the Expat license.
 (license (list license:isc license:expat
+
+(define-public mbedtls
+  (package
+(name "mbedtls")
+(version "2.4.1")
+(source
+ (origin
+   (method url-fetch)
+   ;; FIXME: Tarball on tls.mbed.org can no be fetched by our downloader.
+   (uri (string-append "https://github.com/ARMmbed/mbedtls/archive;
+   "/mbedtls-" version ".tar.gz"))
+   (file-name (string-append name "-" version ".tgz"))
+   (sha256
+(base32
+ "1jzl99vkrddyjb1ldxygnql1hlxx846drvqpiwf6nhphw5czx18c"
+(build-system cmake-build-system)
+(native-inputs
+ `(("perl" ,perl) ; Tests
+   ("doxygen" ,doxygen)
+   ("graphviz" ,graphviz)))
+(inputs
+ `(("zlib" ,zlib)
+   ("openssl" ,openssl)))
+(synopsis "Small TLS library")
+(description
+ "@code{mbed TLS}, formerly known as PolarSSL, makes it trivially easy
+for developers to include cryptographic and SSL/TLS capabilities in their
+(embedded) products, facilitating this functionality with a minimal
+coding footprint.")
+(home-page "https://tls.mbed.org;)
+(license license:asl2.0)))
-- 
2.11.0

Re: Hardening

[ng0]

Ricardo Wurmus  writes:

> Leo Famulari  writes:
>
>> On Tue, Jan 24, 2017 at 08:56:48PM +, ng0 wrote:
>>> Leo Famulari  writes:
>>> > Should we build Tor with "--enable-expensive-hardening"?
>>>
>>> I will take a look later what can be applied other than the
>>> default configure flags.
>>>
>>> I'm all for hardening, but it seems that the first basic ideas
>>> for Guix are stuck in the idea state.
>>
>> As far as I can tell, --enable-expensive-hardening is specific to Tor,
>> so it's not relevant to the project of hardening all Guix packages.
>>
>>> It would be great to see some movement on this during this
>>> year. I volunteer to help with it, though I don't have as much
>>> experience with SELinux (and only basic experience with
>>> GrSecurity without a modular kernel like GuixSD uses).
>>
>> Yes, this effort needs a champion.
>
> I know SELinux and I have a couple of almost-ready packages for it.  The
> bigger problem for us is writing SELinux policies, because we cannot
> just use those from Fedora.

Oh, this is good to hear!

> SELinux policies are applied to file paths (which are not stable in
> Guix) and are “remembered” using extended file attributes.  This means
> we’d have to write policies that can deal with arbitrary prefixes and
> we’d have to add an optional service to automatically label all store
> items (that’s expensive but maybe it can be done incrementally).

Oh.

> However, this is completely separate from enabling a configure flag for
> Tor.

That's why I changed the subject of the email, I am aware that
this has nothing to do with tor configure-flags.

-- 
♥Ⓐ  ng0 -- https://www.inventati.org/patternsinthechaos/

[PATCH] gnu: nspr: Update to 4.13.1

[Mathieu Othacehe]

* gnu/packages/gnuzilla.scm: Update nspr to 4.13.1
---
 gnu/packages/gnuzilla.scm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/gnu/packages/gnuzilla.scm b/gnu/packages/gnuzilla.scm
index 7758f27f8..354cc0228 100644
--- a/gnu/packages/gnuzilla.scm
+++ b/gnu/packages/gnuzilla.scm
@@ -152,7 +152,7 @@ in C/C++.")
 (define-public nspr
   (package
 (name "nspr")
-(version "4.12")
+(version "4.13.1")
 (source (origin
  (method url-fetch)
  (uri (string-append
@@ -160,7 +160,7 @@ in C/C++.")
version "/src/nspr-" version ".tar.gz"))
  (sha256
   (base32
-   "1pk98bmc5xzbl62q5wf2d6mryf0v95z6rsmxz27nclwiaqg0mcg0"
+   "1arkg08l6zlp8v44shqbk2c8qzwd913lgh60fb3yfxls6d8ifk2y"
 (build-system gnu-build-system)
 (native-inputs
   `(("perl" ,perl)))
-- 
2.11.0

[PATCH] gnu: nss: Update to 3.28.1

[Mathieu Othacehe]

* gnu/packages/gnuzilla.scm: Update nss to 3.28.1
---
 gnu/packages/gnuzilla.scm| 4 ++--
 gnu/packages/patches/nss-pkgconfig.patch | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/gnu/packages/gnuzilla.scm b/gnu/packages/gnuzilla.scm
index 354cc0228..a27dc9435 100644
--- a/gnu/packages/gnuzilla.scm
+++ b/gnu/packages/gnuzilla.scm
@@ -186,7 +186,7 @@ in the Mozilla clients.")
 (define-public nss
   (package
 (name "nss")
-(version "3.27.1")
+(version "3.28.1")
 (source (origin
   (method url-fetch)
   (uri (let ((version-with-underscores
@@ -197,7 +197,7 @@ in the Mozilla clients.")
   "nss-" version ".tar.gz")))
   (sha256
(base32
-"0sraxk26swlgl7rl742rkfp5k251v5z3lqw9k8ikin0cjfhkfdpx"))
+"1bc23bg7adrxds3k3jdahy6g8f1ma57sggi0v3k275gdq02hrk2q"))
   ;; Create nss.pc and nss-config.
   (patches (search-patches "nss-pkgconfig.patch"
 (build-system gnu-build-system)
diff --git a/gnu/packages/patches/nss-pkgconfig.patch 
b/gnu/packages/patches/nss-pkgconfig.patch
index e611f69be..a33e05fcf 100644
--- a/gnu/packages/patches/nss-pkgconfig.patch
+++ b/gnu/packages/patches/nss-pkgconfig.patch
@@ -221,5 +221,5 @@ Later adapted to apply cleanly to nss-3.21.
  
  RELEASE = nss
  
--DIRS = coreconf lib cmd external_tests
-+DIRS = coreconf lib cmd external_tests config
+-DIRS = coreconf lib cmd gtests
++DIRS = coreconf lib cmd gtests config
-- 
2.11.0

[PATCH] gnu: dtc: Make home-page field value more useful.

[Danny Milosavljevic]

* gnu/packages/u-boot.scm (dtc)[home-page]: Change.
---
 gnu/packages/u-boot.scm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gnu/packages/u-boot.scm b/gnu/packages/u-boot.scm
index cdd52d874..5d34f651e 100644
--- a/gnu/packages/u-boot.scm
+++ b/gnu/packages/u-boot.scm
@@ -53,7 +53,7 @@
#:phases
(modify-phases %standard-phases
  (delete 'configure
-(home-page "https://www.devicetree.org;)
+(home-page "http://elinux.org/Device_Tree_Usage;)
 (synopsis "Compiles device tree source files")
 (description "@command{dtc} compiles device tree source files to device
 tree binary files. These are board description files used by Linux and BSD.")

Add configure-flags to tor.

[contact . ng0]

This adds tor hardening flags.  Do you want me to document the flags in the 
package? I left it out since it's documented in the tor release itself.

Taken from ReleaseNotes:

'--enable-expensive-hardening'

   New --enable-expensive-hardening option to enable security
   hardening options that consume nontrivial amounts of CPU and
   memory. Right now, this includes AddressSanitizer and UbSan, which
   are supported in newer versions of GCC and Clang. Closes ticket
   11477.

'--enable-gcc-hardening'

  New "--enable-gcc-hardening" ./configure flag (off by default)
  to turn on gcc compile time hardening options. It ensures
  that signed ints have defined behavior (-fwrapv), enables
  -D_FORTIFY_SOURCE=2 (requiring -O2), adds stack smashing protection
  with canaries (-fstack-protector-all), turns on ASLR protection if
  supported by the kernel (-fPIE, -pie), and adds additional security
  related warnings. Verified to work on Mac OS X and Debian Lenny.

'--enable-linker-hardening'

  New "--enable-linker-hardening" ./configure flag (off by default)
  to turn on ELF specific hardening features (relro, now). This does
  not work with Mac OS X or any other non-ELF binary format.

[PATCH] gnu: tor: Add hardening configure-flags.

[contact . ng0]

From: ng0 

* gnu/packages/tor.scm (tor)[arguments]: Add '--enable-expensive-hardening',
'enable-gcc-hardening', '--enable-linker-hardening' to configure-flags.
---
 gnu/packages/tor.scm | 4 
 1 file changed, 4 insertions(+)

diff --git a/gnu/packages/tor.scm b/gnu/packages/tor.scm
index c7f97ab1b..ae8e59b70 100644
--- a/gnu/packages/tor.scm
+++ b/gnu/packages/tor.scm
@@ -48,6 +48,10 @@
   (base32
"0hqdk5p6dw4bpn7c8gmhyi8jjkhc37112pfw5nx4gl0g4lmmscik"
 (build-system gnu-build-system)
+(arguments
+ `(#:configure-flags (list "--enable-expensive-hardening"
+   "--enable-gcc-hardening"
+   "--enable-linker-hardening")))
 (native-inputs
  `(("python" ,python-2)))  ; for tests
 (inputs
-- 
2.11.0

Re: [PATCH] gnu: Add emacs-mew.

[Alex Kost]

Thomas Danckaert (2017-01-24 21:08 +0100) wrote:

> From: Thomas Danckaert 
> Subject: [PATCH] gnu: Add emacs-mew.
> Date: Tue, 24 Jan 2017 18:01:11 +0100 (CET)
>
>> From 3759a0a4720165e0443bdb7522f6b4b7515aec6f Mon Sep 17 00:00:00 2001
>> From: Thomas Danckaert 
>> Date: Tue, 24 Jan 2017 09:41:42 +0100
>> Subject: [PATCH] gnu: Add emacs-mew.
>> 
>> * gnu/packages/mail.scm (emacs-mew): New variable.
>
> I've just discovered this patch doesn't add the package to emacs'
> load-path, so please disregard for now. (and/or tell me how to fix
> this :) )

This could happen if it adds itself to a sub-directory of
"/share/emacs/site-lisp".  In 'magit' package, for example, it is fixed
by using "lispdir" makeflag.  Since this package uses a full GNU Build
System, there should probably be "--with-lispdir" configure flag.

BTW, I can't apply this patch on the current master.

-- 
Alex

Re: [PATCH 2/6] gnu: Add lua-libmpack.

[Ricardo Wurmus]

Leo Famulari  writes:

> On Tue, Jan 24, 2017 at 03:40:11PM +0100, Ricardo Wurmus wrote:
>> * gnu/packages/serialization.scm (lua-libmpack): New variable.
>
>> +   "USE_SYSTEM_LUA=yes"
>
> It doesn't bundle Lua, right? I couldn't find a bundled copy in the
> source tarball, so I'm just asking in case I missed something obvious.

It does not.  Without USE_SYSTEM_LUA the build system assumes that we
should use the luarocks package manager.

-- 
Ricardo

GPG: BCA6 89B6 3655 3801 C3C6  2150 197A 5888 235F ACAC
https://elephly.net

Re: [PATCH 4/6] gnu: Add lua5.2-bitop.

[Ricardo Wurmus]

Leo Famulari  writes:

> On Tue, Jan 24, 2017 at 03:40:13PM +0100, Ricardo Wurmus wrote:
>> * gnu/packages/lua.scm (lua5.2-bitop): New variable.
>
>> +(arguments
>> + `(#:test-target "test"
>> +   #:make-flags
>> +   (list "INSTALL=install -pD"
>> + (string-append "INSTALLPATH=printf "
>
> What's up with this "printf"? Does it actually execute the value of
> INSTALLPATH?

INSTALLPATH defaults to “lua somefile.lua”, and it is applied to the
name of the module (“bit”).  If I just changed INSTALLPATH to a literal
path, the “install” target would try to execute it with “bit” as an
argument.

This is why I’m using “printf”, which when given a string literal
ignores any other arguments.  The result is just the install path.  I
chose this method over patching the Makefile.

--
Ricardo

GPG: BCA6 89B6 3655 3801 C3C6  2150 197A 5888 235F ACAC
https://elephly.net

Re: Hardening (was: Re: tor: update to 0.2.9.9)

[Ricardo Wurmus]

Leo Famulari  writes:

> On Tue, Jan 24, 2017 at 08:56:48PM +, ng0 wrote:
>> Leo Famulari  writes:
>> > Should we build Tor with "--enable-expensive-hardening"?
>>
>> I will take a look later what can be applied other than the
>> default configure flags.
>>
>> I'm all for hardening, but it seems that the first basic ideas
>> for Guix are stuck in the idea state.
>
> As far as I can tell, --enable-expensive-hardening is specific to Tor,
> so it's not relevant to the project of hardening all Guix packages.
>
>> It would be great to see some movement on this during this
>> year. I volunteer to help with it, though I don't have as much
>> experience with SELinux (and only basic experience with
>> GrSecurity without a modular kernel like GuixSD uses).
>
> Yes, this effort needs a champion.

I know SELinux and I have a couple of almost-ready packages for it.  The
bigger problem for us is writing SELinux policies, because we cannot
just use those from Fedora.

SELinux policies are applied to file paths (which are not stable in
Guix) and are “remembered” using extended file attributes.  This means
we’d have to write policies that can deal with arbitrary prefixes and
we’d have to add an optional service to automatically label all store
items (that’s expensive but maybe it can be done incrementally).

However, this is completely separate from enabling a configure flag for
Tor.

--
Ricardo

GPG: BCA6 89B6 3655 3801 C3C6  2150 197A 5888 235F ACAC
https://elephly.net

Re: IcedTea 1 / OpenJDK 6 discontinued

[Ricardo Wurmus]

Leo Famulari  writes:

> On Tue, Jan 24, 2017 at 10:07:28PM -0500, Kei Kebreau wrote:
>> I agree with Marius's option 5. I don't see an immediate reason to
>> remove it, and we can build icedtea-7 using gcj.
>
> I actually hadn't noticed that icedtea-7 builds with icedtea-6. I
> thought it simply inherited from the package definition.

It does not.  Icedtea-7 builds with GCJ.

I see no problems with removing “icedtea-6” (after removing the
inheritance issues).  I would not like to wait for security advisories
to be published, because security vulnerabilities in Java are really
just a matter of time.  They may not even be reported in time because
hardly anyone uses that version any more.

--
Ricardo

GPG: BCA6 89B6 3655 3801 C3C6  2150 197A 5888 235F ACAC
https://elephly.net

[PATCH] gnu: Add stunnel.

[Thomas Danckaert]

Hi Guix,

this patch adds stunnel. For the description, I just used stunnel's “about”
page, so the second sentence is perhaps not 100% neutral.

Also, I wasn't sure if this should go in web.scm, networking.scm,
tls.scm, or still somewhere else.

Thomas
From 354c89c91414412127bc1ae54ccce0d9f0f51b0a Mon Sep 17 00:00:00 2001
From: Thomas Danckaert 
Date: Wed, 25 Jan 2017 08:50:30 +0100
Subject: [PATCH] gnu: Add stunnel.

* gnu/packages/web.scm (stunnel): New variable.
---
 gnu/packages/web.scm | 27 +++
 1 file changed, 27 insertions(+)

diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm
index c8f8c63ec..67b9797bb 100644
--- a/gnu/packages/web.scm
+++ b/gnu/packages/web.scm
@@ -17,6 +17,7 @@
 ;;; Copyright © 2016 Arun Isaac 
 ;;; Copyright © 2016 Tobias Geerinckx-Rice 
 ;;; Copyright © 2016 Bake Timmons 
+;;; Copyright © 2017 Thomas Danckaert 
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -3968,3 +3969,29 @@ useful for users behind restrictive firewalls.  As long as Web traffic is
 allowed, even through a HTTP-only proxy, httptunnel can be combined with other
 tools like SSH (Secure Shell) to reach the outside world.")
 (license l:gpl2+)))
+
+(define-public stunnel
+  (package
+  (name "stunnel")
+  (version "5.39")
+  (source
+(origin
+  (method url-fetch)
+  (uri (string-append "https://www.stunnel.org/downloads/stunnel-;
+  version ".tar.gz"))
+  (sha256
+   (base32
+"1vjdn32iw11zqsygwxbjmqgs4644dk3ql1h8ap890ls6a1x0i318"
+  (build-system gnu-build-system)
+  (inputs `(("openssl" ,openssl)))
+  (arguments
+   `(#:configure-flags
+ (list (string-append "--with-ssl=" (assoc-ref %build-inputs "openssl")
+  (home-page "https://www.stunnel.org;)
+  (synopsis "TLS proxy for clients or servers")
+  (description "Stunnel is a proxy designed to add TLS encryption
+functionality to existing clients and servers without any changes in the
+programs' code.  Its architecture is optimized for security, portability, and
+scalability (including load-balancing), making it suitable for large
+deployments.")
+  (license l:gpl2+)))
-- 
2.11.0