Re: [PATCH]: Add vim-full.

[ng0]

ng0  writes:

>  [PATCH] gnu: Add vim-full.
>
>
> This patch adds a variant of vim which includes most if not all optional
> features. These can not be moved into separate outputs.
> VIM is actually version 8.0.0002, so I added patches sequentially up to
> 8.0.0005 to solve this 
> https://github.com/vim/vim/issues/1070#issuecomment-247141940 bug, tests 
> succeed now while they failed with vim 8.0.0002 (release we package with vim).
>
> This patch makes the previous send 'add ruby' obsolete.
>
>

ng0@shadowwalker ~$ vim --version
VIM - Vi IMproved 8.0 (2016 Sep 12) )
Included patches: 1-5
Compiled by nixbld@localhost
Huge version with GTK2 GUI.  Features included (+) or not (-):
+acl +file_in_path+mouse_sgr   +tag_old_static
+arabic  +find_in_path-mouse_sysmouse  -tag_any_white
+autocmd +float   +mouse_urxvt +tcl
+balloon_eval+folding +mouse_xterm +termguicolors
+browse  -footer  +multi_byte  +terminfo
++builtin_terms  +fork()  +multi_lang  +termresponse
+byte_offset +gettext -mzscheme+textobjects
+channel -hangul_input+netbeans_intg   +timers
+cindent +iconv   +num64   +title
+clientserver+insert_expand   +packages+toolbar
+clipboard   +job +path_extra  +user_commands
+cmdline_compl   +jumplist+perl+vertsplit
+cmdline_hist+keymap  +persistent_undo +virtualedit
+cmdline_info+lambda  +postscript  +visual
+comments+langmap +printer +visualextra
+conceal +libcall +profile +viminfo
+cryptv  +linebreak   -python  +vreplace
+cscope  +lispindent  +python3 +wildignore
+cursorbind  +listcmds+quickfix+wildmenu
+cursorshape +localmap+reltime +windows
+dialog_con_gui  +lua +rightleft   +writebackup
+diff+menu+ruby+X11
+digraphs+mksession   +scrollbind  -xfontset
+dnd +modify_fname+signs   +xim
-ebcdic  +mouse   +smartindent +xpm
+emacs_tags  +mouseshape  +startuptime +xsmp_interact
+eval+mouse_dec   +statusline  +xterm_clipboard
+ex_extra+mouse_gpm   -sun_workshop-xterm_save
+extra_search-mouse_jsbterm   +syntax  
+farsi   +mouse_netterm   +tag_binary  
   system vimrc file: "$VIM/vimrc"
 user vimrc file: "$HOME/.vimrc"
 2nd user vimrc file: "~/.vim/vimrc"
  user exrc file: "$HOME/.exrc"
  system gvimrc file: "$VIM/gvimrc"
user gvimrc file: "$HOME/.gvimrc"
2nd user gvimrc file: "~/.vim/gvimrc"
   defaults file: "$VIMRUNTIME/defaults.vim"
system menu file: "$VIMRUNTIME/menu.vim"
  fall-back for $VIM: "
/gnu/store/4ycsqihmz3kh98c0z2x2275ym94m7x7a-vim-full-8.0/share/vim"
Compilation: gcc -c -I. -Iproto -DHAVE_CONFIG_H -DFEAT_GUI_GTK  -pthread 
-I/gnu/store/vq1fk3zi8lkjds25h44y819aa19x78i3-atk-2.20.0/include/atk-1.0 
-I/gnu/store/ra7d6fva92ndwdd5kz4h8xq2qrq3lq8s-cairo-1.14.6/include/cairo 
-I/gnu/store/qxak8dv68cmrxj590r8db2g34bnnsdag-freetype-2.6.3/include/freetype2 
-I/gnu/store/36s16c5s9c702vzm9q6g9idc7fvds2ks-libpng-1.5.26/include/libpng15 
-I/gnu/store/qxak8dv68cmrxj590r8db2g34bnnsdag-freetype-2.6.3/include/freetype2 
-I/gnu/store/dl1iv83q3kz632g127f4gzcmhpdxj5n0-gdk-pixbuf-2.34.0/include/gdk-pixbuf-2.0
 -I/gnu/store/l1s4cw9g58hmcpd2qgbckfl228143qzx-glib-2.48.0/include/glib-2.0 
-I/gnu/store/l1s4cw9g58hmcpd2qgbckfl228143qzx-glib-2.48.0/lib/glib-2.0/include 
-I/gnu/store/xycg7fj6gcvlvjh35w27ljzgpf8jwkvp-gtk+-2.24.30/include/gtk-2.0 
-I/gnu/store/xycg7fj6gcvlvjh35w27ljzgpf8jwkvp-gtk+-2.24.30/lib/gtk-2.0/include 
-I/gnu/store/xp330hq98mz8qsqfwpqw0274zwb606c1-harfbuzz-1.2.4/include/harfbuzz 
-I/gnu/store/36s16c5s9c702vzm9q6g9idc7fvds2ks-libpng-1.5.26/include/libpng15 
-I/gnu/store/rqla9asxbz3lsgf3crl6gs5i21j9kd2z-pango-1.40.1/include/pango-1.0 
-I/gnu/store/d3d724jkz27w13kychb56r6p7xxbyibr-pixman-0.34.0/include/pixman-1   
-g -O2 -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=1  
Linking: gcc -L/gnu/store/vq1fk3zi8lkjds25h44y819aa19x78i3-atk-2.20.0/lib 
-L/gnu/store/ra7d6fva92ndwdd5kz4h8xq2qrq3lq8s-cairo-1.14.6/lib 
-L/gnu/store/1rcsqn8h2xwmgdra3zr33xv73d44wf1s-fontconfig-2.11.94/lib 
-L/gnu/store/qxak8dv68cmrxj590r8db2g34bnnsdag-freetype-2.6.3/lib 
-L/gnu/store/dl1iv83q3kz632g127f4gzcmhpdxj5n0-gdk-pixbuf-2.34.0/lib 
-L/gnu/store/l1s4cw9g58hmcpd2qgbckfl228143qzx-glib-2.48.0/lib 
-L/gnu/store/xycg7fj6gcvlvjh35w27ljzgpf8jwkvp-gtk+-2.24.30/lib 
-L/gnu/store/rqla9asxbz3lsgf3crl6gs5i21j9kd2z-pango-1.40.1/lib  -L. 
-fstack-protector -rdynamic -Wl,-export-dynamic -Wl,-E 
-Wl,-rpath,/gnu/store/7nfjg3f2c4s0jpz3vqh3iqdn9j1c3prq-perl-5.22.1/lib/perl5/5.22.1/x86_64-linux/CORE
   -Wl,--as-needed -o vim   

Re: bug#24418: GnuTLS security update

[Ludovic Courtès]

Hello!

l...@gnu.org (Ludovic Courtès) skribis:

> $ git describe
> v0.11.0-970-g8d4169a
> $ guix gc --references $(./pre-inst-env guix build msmtp)|grep gnutls
> /gnu/store/yrl3c1mxqwcpppyh0sjlwn3sj2w5qj54-gnutls-3.5.2
> $ ./pre-inst-env guix build gnutls
> /gnu/store/4x9r7rkinycxr7xda5a92knm8ikila6p-gnutls-3.5.2-debug
> /gnu/store/n93gb4n301rz46k9cm0d12hb26gq5lg5-gnutls-3.5.2-doc
> /gnu/store/di3yhn5hy4hzshpazkc6dkb4r67dbhks-gnutls-3.5.2
> $ ./pre-inst-env guix build gnutls --no-grafts
> /gnu/store/23vx0mdw6q96pakyps2cjjvcjng1mxqx-gnutls-3.5.2-debug
> /gnu/store/p0zrk9424l0aljzsqyqx5zgh86x9glmi-gnutls-3.5.2-doc
> /gnu/store/1qv5i6rfxjc4d0rg7z6r9dapmf85kzmy-gnutls-3.5.2
> $ /gnu/store/yrl3c1mxqwcpppyh0sjlwn3sj2w5qj54-gnutls-3.5.2/bin/gnutls-cli 
> --version
> gnutls-cli 3.5.2
> Copyright (C) 2000-2016 Free Software Foundation, and others, all rights 
> reserved.
> This is free software. It is licensed for use, modification and
> redistribution under the terms of the GNU General Public License,
> version 3 or later 
>
>
> Please send bug reports to:  
> $ /gnu/store/di3yhn5hy4hzshpazkc6dkb4r67dbhks-gnutls-3.5.2/bin/gnutls-cli 
> --version
> gnutls-cli 3.5.4
> Copyright (C) 2000-2016 Free Software Foundation, and others, all rights 
> reserved.
> This is free software. It is licensed for use, modification and
> redistribution under the terms of the GNU General Public License,
> version 3 or later 

AFAICS this is fixed by these two patches:

b013c33 * grafts: 'graft-derivation' does now introduce grafts that shadow 
other grafts.
d0025d0 * packages: 'package-grafts' applies grafts on replacement.

Please let know if you notice anything wrong.

For debugging purposes, I found it easier to have the attached patch
applied, so that replacements are easily distinguishable from the
original packages.  You might want to use it too.  :-)

(I didn’t apply it to master because it would lead to merge conflicts in
core-updates, but feel free to apply it if that seems OK to you.)

Thanks,
Ludo’.

modified   gnu/packages/gnupg.scm
@@ -138,15 +138,14 @@ generation.")
 (define libgcrypt-1.5.6
   (package
 (inherit libgcrypt-1.5)
-(source
- (let ((version "1.5.6"))
-   (origin
- (method url-fetch)
- (uri (string-append "mirror://gnupg/libgcrypt/libgcrypt-"
- version ".tar.bz2"))
- (sha256
-  (base32
-   "0ydy7bgra5jbq9mxl5x031nif3m6y3balc6ndw2ngj11wnsjc61h")))
+(version "1.5.6")
+(source (origin
+  (method url-fetch)
+  (uri (string-append "mirror://gnupg/libgcrypt/libgcrypt-"
+  version ".tar.bz2"))
+  (sha256
+   (base32
+"0ydy7bgra5jbq9mxl5x031nif3m6y3balc6ndw2ngj11wnsjc61h"))
 
 (define-public libassuan
   (package
modified   gnu/packages/tls.scm
@@ -215,16 +215,15 @@ required structures.")
 (define gnutls-3.5.4
   (package
 (inherit gnutls)
-(source
-  (let ((version "3.5.4"))
-(origin
-  (method url-fetch)
-  (uri (string-append "mirror://gnupg/gnutls/v"
-  (version-major+minor version)
-  "/gnutls-" version ".tar.xz"))
-  (sha256
-   (base32
-"1sx8p7v452s9m854r2c5pvcd1k15a3caiv5h35fhrxz0691h2f2f")))
+(version "3.5.4")
+(source (origin
+  (method url-fetch)
+  (uri (string-append "mirror://gnupg/gnutls/v"
+  (version-major+minor version)
+  "/gnutls-" version ".tar.xz"))
+  (sha256
+   (base32
+"1sx8p7v452s9m854r2c5pvcd1k15a3caiv5h35fhrxz0691h2f2f"))
 
 (define-public openssl

Re: [PATCH] vim: Build with ruby support.

[ng0]

ng0  writes:

> This is needed to build the vim bindings of notmuch:
> https://git.notmuchmail.org/git/notmuch/blob/HEAD:/vim/README
>
>
>

Obsolete, see new patch "vim-full".

[PATCH]: Add vim-full.

[ng0]

 [PATCH] gnu: Add vim-full.


This patch adds a variant of vim which includes most if not all optional
features. These can not be moved into separate outputs.
VIM is actually version 8.0.0002, so I added patches sequentially up to
8.0.0005 to solve this 
https://github.com/vim/vim/issues/1070#issuecomment-247141940 bug, tests 
succeed now while they failed with vim 8.0.0002 (release we package with vim).

This patch makes the previous send 'add ruby' obsolete.

[PATCH] gnu: Add vim-full.

[ng0]

* gnu/packages/vim.scm (vim-full): New variable.
* gnu/packages/patches/vim-8.0.0003.patch: New file.
* gnu/packages/patches/vim-8.0.0004.patch: New file.
* gnu/packages/patches/vim-8.0.0005.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add patches.
---
 gnu/local.mk |  3 ++
 gnu/packages/vim.scm | 82 
 2 files changed, 85 insertions(+)

diff --git a/gnu/local.mk b/gnu/local.mk
index 526756f..79c1326 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -874,6 +874,9 @@ dist_patch_DATA =   
\
   %D%/packages/patches/util-linux-tests.patch  \
   %D%/packages/patches/upower-builddir.patch   \
   %D%/packages/patches/valgrind-enable-arm.patch   \
+  %D%/packages/patches/vim-8.0.0003.patch   \
+  %D%/packages/patches/vim-8.0.0004.patch   \
+  %D%/packages/patches/vim-8.0.0005.patch   \
   %D%/packages/patches/vorbis-tools-CVE-2014-9638+CVE-2014-9639.patch  
\
   %D%/packages/patches/vorbis-tools-CVE-2014-9640.patch\
   %D%/packages/patches/vorbis-tools-CVE-2015-6749.patch\
diff --git a/gnu/packages/vim.scm b/gnu/packages/vim.scm
index b1ee527..58ea3e1 100644
--- a/gnu/packages/vim.scm
+++ b/gnu/packages/vim.scm
@@ -1,6 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2013 Cyril Roelandt 
 ;;; Copyright © 2016 Efraim Flashner 
+;;; Copyright © 2016 ng0 
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -26,6 +27,21 @@
   #:use-module (gnu packages gawk)
   #:use-module (gnu packages ncurses)
   #:use-module (gnu packages perl)
+  #:use-module (gnu packages ruby)
+  #:use-module (gnu packages acl)
+  #:use-module (gnu packages attr)
+  #:use-module (gnu packages fontutils)
+  #:use-module (gnu packages gettext)
+  #:use-module (gnu packages glib)
+  #:use-module (gnu packages gtk)
+  #:use-module (gnu packages image)
+  #:use-module (gnu packages linux)
+  #:use-module (gnu packages lua)
+  #:use-module (gnu packages pkg-config)
+  #:use-module (gnu packages python)
+  #:use-module (gnu packages tcl)
+  #:use-module (gnu packages xdisorg)
+  #:use-module (gnu packages xorg)
   #:use-module (gnu packages admin) ; For GNU hostname
   #:use-module (gnu packages shells))
 
@@ -79,3 +95,69 @@ that many consider it an entire IDE.  It's not just for 
programmers, though.
 Vim is perfect for all kinds of text editing, from composing email to editing
 configuration files.")
 (license license:vim)))
+
+(define-public vim-full
+  (package
+(inherit vim)
+(name "vim-full")
+(version (package-version vim))
+(source
+ (origin
+   (method url-fetch)
+   (uri (string-append "ftp://ftp.vim.org/pub/vim/unix/vim-;
+   version ".tar.bz2"))
+   (sha256
+(base32
+ "1s34rf8089klsbdx5l0iw7vjymir0kzfrx8wb30s31wygnq29axc"))
+   ;; Patches need to be applied sequentially. 8.0 is the release of
+   ;; vim version 8.0.0002 so we start at 8.0.0003
+   (patches (search-patches "vim-8.0.0003.patch"
+"vim-8.0.0004.patch"
+"vim-8.0.0005.patch"
+(arguments
+ `(#:configure-flags
+   (list (string-append "--with-lua-prefix="
+(assoc-ref %build-inputs "lua"))
+ "--with-features=huge"
+ "--enable-python3interp=yes"
+ "--enable-perlinterp=yes"
+ "--enable-rubyinterp=yes"
+ "--enable-tclinterp=yes"
+ "--enable-luainterp=yes"
+ "--enable-cscope"
+ "--enable-sniff"
+ "--enable-multibyte"
+ "--enable-xim"
+ "--disable-selinux"
+ "--enable-gui")
+   ,@(package-arguments vim)))
+(native-inputs
+ `(("pkg-config" ,pkg-config)))
+(inputs
+ `(("acl" ,acl)
+   ("atk" ,atk)
+   ("attr" ,attr)
+   ("cairo" ,cairo)
+   ("fontconfig" ,fontconfig)
+   ("freetype" ,freetype)
+   ("gdk-pixbuf" ,gdk-pixbuf)
+   ("gettext" ,gnu-gettext)
+   ("glib" ,glib)
+   ("gpm" ,gpm)
+   ("gtk" ,gtk+-2)
+   ("harfbuzz" ,harfbuzz)
+   ("libice" ,libice)
+   ("libpng" ,libpng)
+   ("libsm" ,libsm)
+   ("libx11" ,libx11)
+   ("libxdmcp" ,libxdmcp)
+   ("libxt" ,libxt)
+   ("libxpm" ,libxpm)
+   ("lua" ,lua)
+   ("pango" ,pango)
+   ("pixman" ,pixman)
+   ("python" ,python-wrapper)
+   ("python" ,python-2)
+   ("ruby" ,ruby)
+   ("tcl" ,tcl)
+   ,@(package-inputs vim)
-- 
2.10.1

[PATCH 3/3] gnu: Add mod-utilities.

[Ricardo Wurmus]

* gnu/packages/music.scm (mod-utilities): New variable.
---
 gnu/packages/music.scm | 34 ++
 1 file changed, 34 insertions(+)

diff --git a/gnu/packages/music.scm b/gnu/packages/music.scm
index d2e252e..e5715de 100644
--- a/gnu/packages/music.scm
+++ b/gnu/packages/music.scm
@@ -2442,3 +2442,37 @@ slow gear audio effect to produce volume swells."
   (synopsis "Wah emulation with switchless activation")
   (description "This package provides the LV2 plugin \"GxSwitchlessWah\",
 a simulation of an analog Wah pedal with switchless activation."
+
+(define-public mod-utilities
+  (let ((commit "7cdeeac26ae682730740105ece121d4dddb8ba3f")
+(revision "1"))
+(package
+  (name "mod-utilities")
+  (version (string-append "0-" revision "." (string-take commit 9)))
+  (source (origin
+(method git-fetch)
+(uri (git-reference
+  (url "https://github.com/moddevices/mod-utilities.git;)
+  (commit commit)))
+(sha256
+ (base32
+  "1ilnkbrmwrszxvc21qlb86h29yz7cnc6rcp0jmna1y693ny2qhf4"))
+(file-name (string-append name "-" version "-checkout"
+  (build-system gnu-build-system)
+  (arguments
+   `(#:tests? #f ; there are no tests
+ #:make-flags
+ (list (string-append "INSTALL_PATH="
+  (assoc-ref %outputs "out")
+  "/lib/lv2"))
+ #:phases
+ (modify-phases %standard-phases
+   (delete 'configure
+  (inputs
+   `(("lv2" ,lv2)))
+  (home-page "https://github.com/moddevices/mod-utilities;)
+  (synopsis "LV2 utility plugins")
+  (description "This package provides LV2 audio utility plugins, such as
+filters, crossovers, simple gain plugins without zipper noise, switch box
+plugins, a switch trigger, a toggle switch, and a peakmeter.")
+  (license license:gpl2+
-- 
2.10.0

[PATCH 2/3] gnu: Add jalv-select.

[Ricardo Wurmus]

* gnu/packages/music.scm (jalv-select): New variable.
---
 gnu/packages/music.scm | 40 
 1 file changed, 40 insertions(+)

diff --git a/gnu/packages/music.scm b/gnu/packages/music.scm
index ff2ee64..d2e252e 100644
--- a/gnu/packages/music.scm
+++ b/gnu/packages/music.scm
@@ -838,6 +838,46 @@ your own lessons.")
 Editor.  It is compatible with Power Tab Editor 1.7 and Guitar Pro.")
 (license license:gpl3+)))
 
+(define-public jalv-select
+  (package
+(name "jalv-select")
+(version "0.7")
+(source (origin
+  (method url-fetch)
+  (uri (string-append "https://github.com/brummer10/jalv_select/;
+  "archive/V" version ".tar.gz"))
+  (sha256
+   (base32
+"01y93l5c1f8za04a0y4b3v0nhsm1lhj6rny9xpdgd7jz6sl6w581"
+(build-system gnu-build-system)
+(arguments
+ `(#:make-flags
+   (list (string-append "PREFIX=" (assoc-ref %outputs "out")))
+   #:phases
+   (modify-phases %standard-phases
+ (delete 'configure)
+ (add-after 'unpack 'ignore-PATH
+   (lambda* (#:key inputs #:allow-other-keys)
+ (substitute* "jalv.select.cpp"
+   (("echo \\$PATH | tr ':' '\\\n' | xargs ls")
+(string-append "ls -1 " (assoc-ref inputs "jalv") "/bin")))
+ (substitute* "jalv.select.h"
+   (("gtkmm.h") "gtkmm-2.4/gtkmm.h"))
+ #t)
+(inputs
+ `(("lilv" ,lilv)
+   ("lv2" ,lv2)
+   ("jalv" ,jalv)
+   ("gtkmm" ,gtkmm-2)))
+(native-inputs
+ `(("pkg-config" ,pkg-config)))
+(home-page "https://github.com/brummer10/jalv_select;)
+(synopsis "GUI to select LV2 plugins and run them with jalv")
+(description
+ "jalv.select provides a graphical user interface allowing users to select
+LV2 plugins and run them with jalv.")
+(license license:public-domain)))
+
 (define-public synthv1
   (package
 (name "synthv1")
-- 
2.10.0

[PATCH 1/3] gnu: Add mod-host.

[Ricardo Wurmus]

* gnu/packages/music.scm (mod-host): New variable.
---
 gnu/packages/music.scm | 49 +
 1 file changed, 49 insertions(+)

diff --git a/gnu/packages/music.scm b/gnu/packages/music.scm
index d5805b0..ff2ee64 100644
--- a/gnu/packages/music.scm
+++ b/gnu/packages/music.scm
@@ -1646,6 +1646,55 @@ follows a traditional multi-track tape recorder control 
paradigm.")
 analogue-like user interface.")
 (license license:gpl2+)))
 
+(define-public mod-host
+  ;; The last release was in 2014 but since then more than 140 commits have
+  ;; been made.
+  (let ((commit "72aca771e3a4e3889641b9bab84985586c9bb926")
+(revision "1"))
+(package
+  (name "mod-host")
+  (version (string-append "0.10.6-" revision "." (string-take commit 9)))
+  (source (origin
+(method git-fetch)
+(uri (git-reference
+  (url "https://github.com/moddevices/mod-host;)
+  (commit commit)))
+(sha256
+ (base32
+  "19szi8cy65jlchbrmbjbma03g6gxj9zyyp4dgw1k06r0cxbx82gq"))
+(file-name (string-append name "-" version "-checkout"
+  (build-system gnu-build-system)
+  (arguments
+   `(#:tests? #f ; no tests included
+ #:make-flags
+ (list (string-append "PREFIX=" (assoc-ref %outputs "out"))
+   "CC=gcc")
+ #:phases
+ (modify-phases %standard-phases
+   (delete 'configure)
+   (add-after 'unpack 'fix-jack-installation-directory
+ (lambda _
+   ;; Do not attempt to install files to output of "jack" package.
+   (substitute* "Makefile"
+ (("\\$\\(shell pkg-config --variable=libdir jack\\)")
+  "lib"))
+   #t)
+  (inputs
+   `(("lilv" ,lilv)
+ ("fftw" ,fftw)
+ ("fftwf" ,fftwf)
+ ("lv2" ,lv2)
+ ("jack" ,jack-1)
+ ("readline" ,readline)))
+  (native-inputs
+   `(("pkg-config" ,pkg-config)
+ ("python" ,python-2)))
+  (home-page "https://github.com/moddevices/mod-host;)
+  (synopsis "LV2 host for Jack controllable via socket or command line")
+  (description "mod-host is an LV2 plugin host for JACK, controllable via
+socket or command line.")
+  (license license:gpl3+
+
 (define-public pianobar
   (package
 (name "pianobar")
-- 
2.10.0

Re: [PATCH 00/13] Add a bunch of LV2 audio effects!

[Ricardo Wurmus]

Andreas Enge  writes:

> Hello Ricardo,
>
> On Wed, Oct 12, 2016 at 08:12:36PM +0200, Ricardo Wurmus wrote:
>> here's a simple patch set to add 13 new LV2 audio plugins.
>
> the packages fail to build on arm due to their use of SSE instructions:
>http://hydra.gnu.org:3000/build/1528551
> Could these be disabled, or should the packages as a whole be disabled on arm?

These packages should now be okay on ARM.  The Makefiles contain tests
for whether SSE instructions are supported, but the tests contained
syntax errors, so they would always result in SSE instructions to be
enabled.  I reported this upstream and fixed our packages.

> Also jack-keyboard fails:
>http://hydra.gnu.org:3000/build/1532070 ,
> but here the reason is a failing dependency.

lash fails on armhf because it uses a feature that is not available on
ARM.  I guess we could patch the sources there.

~~ Ricardo

Re: [PATCH] gnu: mail: Add notifymuch.

[Hartmut Goebel]

Am 13.10.2016 um 22:10 schrieb Ludovic Courtès:
> Hartmut, since the rest of the patch looked non controversial, and if
> ‘guix lint’ doesn’t complain, you can push to ‘master’ with the synopsis
> above.

Done with minor adjustments.
0350a8bb1eef12927964fb6ce62ae64f10fa6f8d

-- 
Regards
Hartmut Goebel

| Hartmut Goebel  | h.goe...@crazy-compilers.com   |
| www.crazy-compilers.com | compilers which you thought are impossible |

Re: 07/07: guix: python-build-system: Fix an outdated comment.

[Hartmut Goebel]

Am 13.10.2016 um 21:39 schrieb Leo Famulari:
>> > This change triggered over 6300 rebuilds on 'master'.  I reverted it.
>> > Please beware that changing some files in guix/build/*.scm can trigger a
>> > large number of rebuilds, because some of these files are implicitly
>> > used as inputs to a large number of builds.
> Sorry, I didn't realize that altering comments here would have an
> effect; I would have warned Hartmut if I had.

I'm sorry, too. I didn't expect that changing a comment would have any
impact on building packages. Aren't the the files converted to some
canonical form prior to deciding whether they changed?

(I'll take this change to the wip-python-build-system).

-- 
Regards
Hartmut Goebel

| Hartmut Goebel  | h.goe...@crazy-compilers.com   |
| www.crazy-compilers.com | compilers which you thought are impossible |

Re: [PATCH 00/13] Add a bunch of LV2 audio effects!

[Andreas Enge]

Hello Ricardo,

On Wed, Oct 12, 2016 at 08:12:36PM +0200, Ricardo Wurmus wrote:
> here's a simple patch set to add 13 new LV2 audio plugins.

the packages fail to build on arm due to their use of SSE instructions:
   http://hydra.gnu.org:3000/build/1528551
Could these be disabled, or should the packages as a whole be disabled on arm?

Also jack-keyboard fails:
   http://hydra.gnu.org:3000/build/1532070 ,
but here the reason is a failing dependency.

Could you have a look, please?

Andreas

Re: [WIP v3 0/5] Update Sphinx to 1.4.8

[Hartmut Goebel]

Am 13.10.2016 um 23:16 schrieb Danny Milosavljevic:
> python-ipython requires python-numpy

You could use numpy-bootstrap here, too. The only difference between
numpy and numpy-bootstrap ist that the former includes the documentation.

Also if you look at the requirements [*], numpy is only used for running
the tests. Thus we could again build a package "ipython-bootstrap"
without the docs and untested.

[*] https://github.com/ipython/ipython/blob/5.1.0/setup.py#L181

BTW: Maybe it's worth moving ipython and with whole jupyter stuff into a
new .scm file. jupyther is becoming more and more language agnostic,
thus in the long run it may lead to trouble having ipython in
python-scm. (And may lead to a really big python.scm), See  the graphics
at http://jupyter.readthedocs.io/en/latest/projects/content-projects.html

-- 
Regards
Hartmut Goebel

| Hartmut Goebel  | h.goe...@crazy-compilers.com   |
| www.crazy-compilers.com | compilers which you thought are impossible |

Re: [PATCH 00/13] Add a bunch of LV2 audio effects!

[Ricardo Wurmus]

Andreas Enge  writes:

> Hello Ricardo,
>
> On Wed, Oct 12, 2016 at 08:12:36PM +0200, Ricardo Wurmus wrote:
>> here's a simple patch set to add 13 new LV2 audio plugins.
>
> the packages fail to build on arm due to their use of SSE instructions:
>http://hydra.gnu.org:3000/build/1528551
> Could these be disabled, or should the packages as a whole be disabled on arm?

That’s unfortunate.  They should work on arm.  The build system probes
for CPU features, actually, and conditionally uses extended
instructions.

I’ll investigate.

> Also jack-keyboard fails:
>http://hydra.gnu.org:3000/build/1532070 ,
> but here the reason is a failing dependency.
>
> Could you have a look, please?

Thanks for the hint.  I’ll check it out.

~~ Ricardo

Re: [PATCH] gnu: Add hdf4

[Andreas Enge]

Hello,

the packages fail to compile on arm and mips:
   http://hydra.gnu.org/eval/109281#tabs-new
   http://hydra.gnu.org/build/1521682

Could you maybe have a look at them?

Thanks!

Andreas

Re: locales gone

[Ludovic Courtès]

Danny Milosavljevic  skribis:

> On Thu, 13 Oct 2016 22:22:47 +0200
> l...@gnu.org (Ludovic Courtès) wrote:
>
>>   ldd $(which psql) | grep glibc
>
> $ ldd $(which psql) |grep glibc
> libm.so.6 => 
> /gnu/store/m9vxvhdj691bq1f85lpflvnhcvrdilih-glibc-2.23/lib/libm.so.6 
> (0x7fc4b8c49000)
> libc.so.6 => 
> /gnu/store/m9vxvhdj691bq1f85lpflvnhcvrdilih-glibc-2.23/lib/libc.so.6 
> (0x7fc4b8691000)
> libpthread.so.0 => 
> /gnu/store/m9vxvhdj691bq1f85lpflvnhcvrdilih-glibc-2.23/lib/libpthread.so.0 
> (0x7fc4b8474000)
> 
> /gnu/store/m9vxvhdj691bq1f85lpflvnhcvrdilih-glibc-2.23/lib/ld-linux-x86-64.so.2
>  (0x7fc4b93be000)

Then you’d have to strace psql to see why it thinks that en_US.UTF-8 is
unavailable.

Ludo’.

Re: [PATCH 4/5] gnu: python.scm: Update some home-page urls and descriptions.

[Hartmut Goebel]

Am 13.10.2016 um 22:14 schrieb Ludovic Courtès:
> Yes, one patch for each logical change.  See

Fine, this is how I normally do it.

-- 
Regards
Hartmut Goebel

| Hartmut Goebel  | h.goe...@crazy-compilers.com   |
| www.crazy-compilers.com | compilers which you thought are impossible |

Re: [PATCH] gnu: Add emacs-nginx-mode.

[Arun Isaac]

> Applied as commit 71d3ee1, thanks!

Thank you!


signature.asc
Description: PGP signature

Re: [PATCH] guxi: cmake-build-system: Enable output for failing test-cases.

[Hartmut Goebel]

Am 13.10.2016 um 22:12 schrieb Ludovic Courtès:
> It’s a good idea, but it would entail a rebuild of 1,000+ packages.  Can
> you save it for the next big-rebuild cycle?

No problem.

Still have to learn what "next big-rebuild cycle" means. Is there a
branch for it?

-- 
Regards
Hartmut Goebel

| Hartmut Goebel  | h.goe...@crazy-compilers.com   |
| www.crazy-compilers.com | compilers which you thought are impossible |

Making substitute* throw an error if substition failed?

[Ricardo Wurmus]

Hi Guix,

it happened a couple of times already that a “substitute*” expression
silently failed and I only found out about it when investigating the
remains of a failing build (“guix build -K”).  This can easily happen
when a package is updated and substitutions “anchors” no longer exist in
the updated source code.

Would it be desirable to change “substitute*” (or replace it) such that
it throws an error or returns a value if substitution failed?  This
might be helpful for the more complex packages with many substitutions.
If we make it return a value (#f for error) it would also make our build
phases a little prettier, I think.  (Now we forcefully return #t in any
case and that seems wrong.)

~~ Ricardo

[PATCH] gnu: node: Update to 6.8.0.

[Al McElrath]

I took Jelle's 6.4.0 patch and updated it to 6.8.0. I only updated the
version and included a patch that is specific to 6.8.0. Hopefully this
version will have more success. I reset the author to myself. Not sure
what the protocol is for patching someone else's patch.

>From e847558aa98e7f3f1d7abe3b89bcf52d8122b325 Mon Sep 17 00:00:00 2001
From: Al McElrath 
Date: Fri, 14 Oct 2016 16:39:44 -0700
Subject: [PATCH] gnu: node: Update to 6.8.0.

Remove  and
 workaround.

* gnu/packages/node.scm (node): Update to 6.8.0.
  (node)[arguments]: Disabled more tests. Remove custom 'patch-shebangs'
  phase. Manually patch npm script shebang in new 'patch-npm-shebang'
  phase.
* gnu/packages/patches/node-9077.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add patches.
---
 gnu/local.mk |  1 +
 gnu/packages/node.scm| 34 +++---
 gnu/packages/patches/node-9077.patch | 30 ++
 3 files changed, 46 insertions(+), 19 deletions(-)
 create mode 100644 gnu/packages/patches/node-9077.patch

diff --git a/gnu/local.mk b/gnu/local.mk
index a9343f0..979569a 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -722,6 +722,7 @@ dist_patch_DATA =		\
   %D%/packages/patches/ngircd-no-dns-in-tests.patch		\
   %D%/packages/patches/ninja-tests.patch			\
   %D%/packages/patches/ninja-zero-mtime.patch			\
+  %D%/packages/patches/node-9077.patch\
   %D%/packages/patches/nss-pkgconfig.patch			\
   %D%/packages/patches/nvi-assume-preserve-path.patch		\
   %D%/packages/patches/nvi-dbpagesize-binpower.patch		\
diff --git a/gnu/packages/node.scm b/gnu/packages/node.scm
index 887ef93..617dffc 100644
--- a/gnu/packages/node.scm
+++ b/gnu/packages/node.scm
@@ -25,6 +25,7 @@
   #:use-module (guix derivations)
   #:use-module (guix download)
   #:use-module (guix build-system gnu)
+  #:use-module (gnu packages)
   #:use-module (gnu packages base)
   #:use-module (gnu packages compression)
   #:use-module (gnu packages gcc)
@@ -37,14 +38,16 @@
 (define-public node
   (package
 (name "node")
-(version "6.0.0")
+(version "6.8.0")
 (source (origin
   (method url-fetch)
   (uri (string-append "http://nodejs.org/dist/v; version
   "/node-v" version ".tar.gz"))
   (sha256
(base32
-"0cpw7ng193jgfbw2g1fd0kcglmjjkbj4xb89g00z8zz0lj0nvdbd"
+"0lj3250hglz4w5ic4svd7wlg2r3qc49hnasvbva1v69l8yvx98m8"))
+  ;; https://github.com/nodejs/node/pull/9077
+  (patches (search-patches "node-9077.patch"
 (build-system gnu-build-system)
 (arguments
  ;; TODO: Package http_parser and add --shared-http-parser.
@@ -78,10 +81,10 @@
  ;; FIXME: These tests fail in the build container, but they don't
  ;; seem to be indicative of real problems in practice.
  (for-each delete-file
-   '("test/parallel/test-cluster-master-error.js"
+   '("test/parallel/test-dgram-membership.js"
+ "test/parallel/test-cluster-master-error.js"
  "test/parallel/test-cluster-master-kill.js"
  "test/parallel/test-npm-install.js"
- "test/parallel/test-stdout-close-unref.js"
  "test/sequential/test-child-process-emfile.js"))
  #t))
  (replace 'configure
@@ -101,22 +104,15 @@
  (string-append (assoc-ref inputs "python")
 "/bin/python")
  "configure" flags)
- (replace 'patch-shebangs
-   (lambda* (#:key outputs #:allow-other-keys #:rest all)
- ;; Work around .
- (let* ((patch  (assoc-ref %standard-phases 'patch-shebangs))
-(npm(string-append (assoc-ref outputs "out")
-   "/bin/npm"))
+ (add-after 'patch-shebangs 'patch-npm-shebang
+   (lambda* (#:key outputs #:allow-other-keys)
+ (let* ((bindir (string-append (assoc-ref outputs "out")
+   "/bin"))
+(npm(string-append bindir "/npm"))
 (target (readlink npm)))
-   (and (apply patch all)
-(with-directory-excursion (dirname npm)
-  ;; Turn NPM into a symlink to TARGET again, which 'npm'
-  ;; relies on for the resolution of relative file names
-  ;; in JS files.
-  (delete-file target)
-  (rename-file npm target)
-  (symlink target npm)
-  #t
+   (with-directory-excursion bindir
+ 

Re: [core-updates]: cycle detected in the references of ...gtk+-3.20.9-bin

[宋文武]

Leo Famulari  writes:

> On Fri, Oct 14, 2016 at 11:03:59PM +0800, 宋文武 wrote:
>> 
>> >> [...]
>> >> Move all the 3 desktop files into 'bin' output should work.  (I could
>> >> patch that next day, but won't be able to test it due to slow
>> >> substitute/download/build speed though.)
>> >
>> > That should work.  You can post the patch here so we can test, if you
>> > want.
>> 
>> Sure, here is it:
>> 
>
>> From 4746292d8a672dbc3ea8d058baf6239974d92103 Mon Sep 17 00:00:00 2001
>> From: =?UTF-8?q?=E5=AE=8B=E6=96=87=E6=AD=A6?= 
>> Date: Fri, 14 Oct 2016 22:57:53 +0800
>> Subject: [PATCH] gnu: gtk+: Move desktop files into "bin" output.
>> 
>> * gnu/packages/gtk.scm (gtk+)[arguments]: Add 'move-desktop-files' phase.
>
> Thanks, this works for me! With this patch, `guix system build` passed
> the point where it previously failed.

Pushed, thanks!

Re: More duplicate package definitions

[Ricardo Wurmus]

Leo Famulari  writes:

> On Thu, Oct 13, 2016 at 03:17:54PM +0200, Hartmut Goebel wrote:
>> Hi Danny,
>> 
>> thanks for pointing this out.
>> > python2-msgpack has a duplicate too. 
>> 
>> I removed this one, too.
>> 
>> > And so do ruby-arel, r-codetools, r-gtable.
>> 
>> 
>> These have different versions and are not defined just below each other.
>> Somebody else needs to work on this.
>
> We should CC whoever added those second patches to get their input. At
> least, we can add comments to the package definitions to explain why we
> need to keep multiple versions around.

Looks like I added the “r-codetools” dupe.  It’s the same version and it
wasn’t on purpose, as far as I can tell.  It’s okay to remove it.

“r-gtable” seems to be the same.  What’s weird is that I added both
versions according to git blame, so maybe it’s been a careless merge?
I’d suggest removing the older version.

~~ Ricardo

Re: Developing libraries for the GNU system with Guix

[Ludovic Courtès]

Hello!

sba...@catern.com skribis:

> When I am hacking on some library Z, I continuously want to test the
> effects that my changes to Z have on packages A/B/C which depend on
> Z. The same applies, in general, when hacking on any package Z which
> other packages A/B/C depend on: While developing, I want to be able to
> rapidly mutate Z and see how this affects A/B/C.

A very common use case.  Others have asked about it.

> I am not sure how to best achieve this. Here are some solutions:
>
> - When you change Z, rebuild A/B/C.
>   This is much too slow at present.

Right, but note that it’s the only way to be confident that the change
in Z doesn’t break A/B/C.  That said, I do understand that sometimes,
you want an “I know what I’m doing” (i.e., the ABI of Z hasn’t changed)
option to bypass that and test the run-time behavior of A/B/C.

For cases where you do want to rebuild anyway, I was thinking of making
the ‘--with-source’ option “recursive”, such that:

  guix build --with-source=./guile-2.0.14rc1.tar.gz guile-json

would replace the source of Guile and build Guile-JSON against that.

> - Use grafts to update A/B/C through binary patching.
>   This is also too slow, and AFAIK it can't really be sped up.

A/B/C have to be really big for this to be too slow!  I think grafting
processes several MiB/s on my SSD laptop.

Again to make this more convenient, I thought we could have a
--with-graft option, which would work like --with-input except that it
would graft the new Z onto A/B/C instead of rebuilding them.

> - Use LD_LIBRARY_PATH to cause A/B/C to search for Z in a mutable place.
>   This works for C libraries, but not generically; there are equivalent
>   variables for some other languages but it's not a full solution.

Yeah, not great.

> - Before starting to hack on Z, build a new version of Z which includes
>   a random hash and which A/B/C depend on; then bind-mount a mutable
>   directory on top of that. (suggested by mark_weaver on IRC)
>   This is the most palatable hack, but still a hack. The inclusion of a
>   random hash prevents collision with other packages and the use of
>   bind-mounting means we aren't actually mutating the store. This
>   unfortunately also requires privileges: it's not usable by
>   unprivileged users.

It is usable by unprivileged users when user namespaces are available.
Under these conditions, you could use ‘call-with-container’ and
bind-mount anything anywhere.  Doesn’t sound too nice to me though.

> Here are some not currently available possibilities:
>
> - Create some kind of GUIX_LIBRARY_PATH in which packages are looked up
>   first before looking at the compiled-in hash.
>   This would be an attempt to make a generic equivalent of
>   LD_LIBRARY_PATH. This could theoretically be implemented with variant
>   symlinks, if they were available: https://lwn.net/Articles/680705/

At first sight this sounds very hacky, very much against the whole idea
of functional package management.

> - Currently every dependency is located at a well known globally unique
>   and globally meaningful path; add some kind of "variant package"
>   construct which specifies a package which is "passed in" to the
>   environment (maybe by bind-mounting it in a filesystem namespace;
>   implementation specifics aren't important). To put this in a
>   programming language sense, one of these packages being present would
>   turn a Guix distribution from a value into a function.

Not sure I understand.  What do you mean by “passed in to the
environment”?

> - Massively speed up rebuilding A/B/C by performing incremental
>   builds. Not sure how exactly this could work, it's just a thought.

No idea how this could work either.

Thanks for raising the issue!

Ludo’.

Re: [PATCH] gnu: Add hdf4

[Thomas Danckaert]

From: Andreas Enge 
Subject: Re: [PATCH] gnu: Add hdf4
Date: Fri, 14 Oct 2016 10:11:45 +0200


Hello,

the packages fail to compile on arm and mips:
   http://hydra.gnu.org/eval/109281#tabs-new
   http://hydra.gnu.org/build/1521682


Hi,

as far as I understand, the header hdfi.h defines fixed width 
datatypes such as float64, uint8, int32, ... depending on the 
detected architecture, and it's not detecting mips and arm properly.


I've checked, and see that Debian has a number patches for this and 
related issues, but I'm a bit out of my depth here (and don't have 
arm or mips systems to test before submitting any patches).  What are 
the options?  It would take me quite a bit of time to understand the 
Debian patches and see what we need.


Ideally, HDF4 maintainers would fix this in a future release.  I can 
try to contact them.


cheers,

Thomas

Re: [core-updates]: cycle detected in the references of ...gtk+-3.20.9-bin

[宋文武]

>> [...]
>> Move all the 3 desktop files into 'bin' output should work.  (I could
>> patch that next day, but won't be able to test it due to slow
>> substitute/download/build speed though.)
>
> That should work.  You can post the patch here so we can test, if you
> want.

Sure, here is it:

>From 4746292d8a672dbc3ea8d058baf6239974d92103 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=AE=8B=E6=96=87=E6=AD=A6?= 
Date: Fri, 14 Oct 2016 22:57:53 +0800
Subject: [PATCH] gnu: gtk+: Move desktop files into "bin" output.

* gnu/packages/gtk.scm (gtk+)[arguments]: Add 'move-desktop-files' phase.
---
 gnu/packages/gtk.scm | 11 ++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/gnu/packages/gtk.scm b/gnu/packages/gtk.scm
index 183989b..0de1409 100644
--- a/gnu/packages/gtk.scm
+++ b/gnu/packages/gtk.scm
@@ -685,7 +685,16 @@ application suites.")
 (substitute* "testsuite/Makefile.in"
   (("SUBDIRS = gdk gtk a11y css reftests")
"SUBDIRS = gdk"))
-#t)
+#t))
+(add-after 'install 'move-desktop-files
+  ;; Move desktop files into 'bin' to avoid cycle references.
+  (lambda* (#:key outputs #:allow-other-keys)
+(let ((out (assoc-ref outputs "out"))
+  (bin (assoc-ref outputs "bin")))
+  (mkdir-p (string-append bin "/share"))
+  (rename-file (string-append out "/share/applications")
+   (string-append bin "/share/applications"))
+  #t))
(native-search-paths
 (list (search-path-specification
(variable "GUIX_GTK3_PATH")
-- 
2.10.0


Please test it, Thanks!

Re: Developing libraries for the GNU system with Guix

[sbaugh]

l...@gnu.org (Ludovic Courtès) writes:
> sba...@catern.com skribis:
>> - Currently every dependency is located at a well known globally unique
>>   and globally meaningful path; add some kind of "variant package"
>>   construct which specifies a package which is "passed in" to the
>>   environment (maybe by bind-mounting it in a filesystem namespace;
>>   implementation specifics aren't important). To put this in a
>>   programming language sense, one of these packages being present would
>>   turn a Guix distribution from a value into a function.
>
> Not sure I understand.  What do you mean by “passed in to the
> environment”?

I just mean that this would be a path that is not necessarily pointing
to a directory containing the files desired by other packages depending
on it. To make a complete functioning system, the path would need to be
pointed at something containing the right files. (something of the right
type) It could be pointed at different directories in different
filesystem namespaces, and that "pointing" would happen outside the
filesystem namespace when the namespace is created.

Re: node is failing

[Ludovic Courtès]

Hi,

ng0  skribis:

> [0]: http://hydra.gnu.org/job/gnu/core-updates/node-6.0.0.x86_64-linux

The build history on this page suggests that 6.0.0 never built
successfully.

David, did you have success with it before?  It doesn’t seem to be a
non-deterministic failure at first sight.

Thanks,
Ludo’.

[SECURITY] [PATCH] gnu: libraw: Update to 0.17.2.

[Alex Vong]

Hi,

I find out that our libraw (0.17.0) is vulnerable to CVE-2015-{8366,
8367}[0], which is fixed in 0.17.1[1]. The patch below updates libraw to
0.17.2.

From 4618436db68adbb74f01eb8e771a448cd20e415f Mon Sep 17 00:00:00 2001
From: Alex Vong 
Date: Fri, 14 Oct 2016 21:45:47 +0800
Subject: [PATCH] gnu: libraw: Update to 0.17.2.

* gnu/packages/photo.scm (libraw): Update to 0.17.2.
---
 gnu/packages/photo.scm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/gnu/packages/photo.scm b/gnu/packages/photo.scm
index 8eb5337..f4d110e 100644
--- a/gnu/packages/photo.scm
+++ b/gnu/packages/photo.scm
@@ -51,14 +51,14 @@
 (define-public libraw
   (package
 (name "libraw")
-(version "0.17.0")
+(version "0.17.2")
 (source (origin
   (method url-fetch)
   (uri (string-append "http://www.libraw.org/data/LibRaw-;
   version ".tar.gz"))
   (sha256
(base32
-"043kckxjqanw8dl3m9f6kvsf0l20ywxmgxd1xb0slj6m8l4w4hz6"
+"0p6imxpsfn82i0i9w27fnzq6q6gwzvb9f7sygqqakv36fqnc9c4j"
 (build-system gnu-build-system)
 (home-page "http://www.libraw.org;)
 (synopsis "Raw image decoder")
-- 
2.10.1


I think we really need a security tracker as suggested earlier (by Leo I
think), because the bug was disclosed in Dec 2015, so our libraw is
being vulnerable for 3/4 year, which is pretty scary!

Alex

[0]: https://security-tracker.debian.org/tracker/source-package/libraw
[1]: 
https://github.com/LibRaw/LibRaw/commit/89d065424f09b788f443734d44857289489ca9e2


signature.asc
Description: PGP signature

Re: Security bugs in freeimage bundled libraries [was Re: 01/02: gnu: freeimage: Fix CVE-2016-5684.]

[Kei Kebreau]

Leo Famulari  writes:

> On Fri, Oct 14, 2016 at 10:44:05AM +, Efraim Flashner wrote:
>> efraim pushed a commit to branch master
>> in repository guix.
>> 
>> commit 76e8566c1b3c4876d649e712a5c8c473fd48d134
>> Author: Efraim Flashner 
>> Date:   Fri Oct 14 11:28:21 2016 +0300
>> 
>> gnu: freeimage: Fix CVE-2016-5684.
>> 
>> * gnu/packages/image.scm (freeimage)[source]: Add patch.
>> * gnu/packages/patches/freeimage-CVE-2016-5684.patch: New file.
>> * gnu/local.mk (dist_patch_DATA): Register it.
>> ---
>>  gnu/local.mk   |1 +
>>  gnu/packages/image.scm |3 +-
>>  gnu/packages/patches/freeimage-CVE-2016-5684.patch |   34 
>> 
>>  3 files changed, 37 insertions(+), 1 deletion(-)
>
> Efraim pointed out on IRC that our freeimage packages bundles many
> 3rd-party libraries:
>
> $ ls -1 FreeImage/Source
> CacheFile.h
> DeprecationManager
> FreeImage
> FreeImage.h
> FreeImageIO.h
> FreeImageLib
> FreeImageToolkit
> LibJPEG
> LibJXR
> LibOpenJPEG
> LibPNG
> LibRawLite
> LibTIFF4
> LibWebP
> MapIntrospector.h
> Metadata
> OpenEXR
> Plugin.h
> Quantizers.h
> ToneMapping.h
> Utilities.h
> ZLib
>
> Debian has a patch to make it use "system" copies of the libraries:
>
> https://anonscm.debian.org/cgit/debian-science/packages/freeimage.git/tree/debian/patches/Disable-vendored-dependencies.patch?h=debian/sid
>
> For now, our freeimage package is probably vulnerable to many publicly
> disclosed security bugs.
>
> Who volunteers to try fixing this?

The patch is attached. I've removed the bit from Debian that disables JPEG
transformation functions, as seen below. JPEGTransform.cpp (in
Source/FreeImageToolkit) gave me some trouble when I left that part of
the patch alone.

@@ -473,6 +477,9 @@ FI_ENUM(FREE_IMAGE_DITHER) {
FID_BAYER16x16  = 6 //! Bayer ordered dispersed dot 
dithering (order 4 dithering matrix)
 };
 
+/* Debian: The JPEGTransform functions are deliberately disabled in our build
+   of FreeImage, since they require usage of the vendored copy of libjpeg. */
+#if 0
 /** Lossless JPEG transformations
 Constants used in FreeImage_JPEGTransform
 */
@@ -486,6 +493,7 @@ FI_ENUM(FREE_IMAGE_JPEG_OPERATION) {
FIJPEG_OP_ROTATE_180= 6,//! 180-degree rotation
FIJPEG_OP_ROTATE_270= 7 //! 270-degree clockwise (or 90 
ccw)
 };
+#endif
 
 /** Tone mapping operators.
 Constants used in FreeImage_ToneMapping.
@@ -1076,7 +1084,9 @@ DLL_API const char* DLL_CALLCONV 
FreeImage_TagToString(FREE_IMAGE_MDMODEL model,
 // --
 // JPEG lossless transformation routines
 // --
-
+/* Debian: The JPEGTransform functions are deliberately disabled in our build
+   of FreeImage, since they require usage of the vendored copy of libjpeg. */
+#if 0
 DLL_API BOOL DLL_CALLCONV FreeImage_JPEGTransform(const char *src_file, const 
char *dst_file, FREE_IMAGE_JPEG_OPERATION operation, BOOL perfect 
FI_DEFAULT(TRUE));
 DLL_API BOOL DLL_CALLCONV FreeImage_JPEGTransformU(const wchar_t *src_file, 
const wchar_t *dst_file, FREE_IMAGE_JPEG_OPERATION operation, BOOL perfect 
FI_DEFAULT(TRUE));
 DLL_API BOOL DLL_CALLCONV FreeImage_JPEGCrop(const char *src_file, const char 
*dst_file, int left, int top, int right, int bottom);
@@ -1085,6 +1095,7 @@ DLL_API BOOL DLL_CALLCONV 
FreeImage_JPEGTransformFromHandle(FreeImageIO* src_io,
 DLL_API BOOL DLL_CALLCONV FreeImage_JPEGTransformCombined(const char 
*src_file, const char *dst_file, FREE_IMAGE_JPEG_OPERATION operation, int* 
left, int* top, int* right, int* bottom, BOOL perfect FI_DEFAULT(TRUE));
 DLL_API BOOL DLL_CALLCONV FreeImage_JPEGTransformCombinedU(const wchar_t 
*src_file, const wchar_t *dst_file, FREE_IMAGE_JPEG_OPERATION operation, int* 
left, int* top, int* right, int* bottom, BOOL perfect FI_DEFAULT(TRUE));
 DLL_API BOOL DLL_CALLCONV FreeImage_JPEGTransformCombinedFromMemory(FIMEMORY* 
src_stream, FIMEMORY* dst_stream, FREE_IMAGE_JPEG_OPERATION operation, int* 
left, int* top, int* right, int* bottom, BOOL perfect FI_DEFAULT(TRUE));
+#endif
From 4ef0c85c769aa4bc7a528c13eee1c61705e61479 Mon Sep 17 00:00:00 2001
From: Kei Kebreau 
Date: Fri, 14 Oct 2016 18:09:45 -0400
Subject: [PATCH] gnu: freeimage: Disable in-tree third-party libraries.

* gnu/packages/image.scm (freeimage)[source]: Add patch.
* gnu/packages/patches/freeimage-disable-vendored-dependencies.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
---
 gnu/local.mk   |   1 +
 gnu/packages/image.scm |   6 +-
 .../freeimage-disable-vendored-dependencies.patch  | 398 +
 3 files changed, 404 insertions(+), 1 deletion(-)
 create mode 100644 

Re: [SECURITY] [PATCH] gnu: libraw: Update to 0.17.2.

[Alex Vong]

Leo Famulari  writes:

> On Fri, Oct 14, 2016 at 10:02:58PM +0800, Alex Vong wrote:
>> Hi,
>> 
>> I find out that our libraw (0.17.0) is vulnerable to CVE-2015-{8366,
>> 8367}[0], which is fixed in 0.17.1[1]. The patch below updates libraw to
>> 0.17.2.
>> 
>
>> From 4618436db68adbb74f01eb8e771a448cd20e415f Mon Sep 17 00:00:00 2001
>> From: Alex Vong 
>> Date: Fri, 14 Oct 2016 21:45:47 +0800
>> Subject: [PATCH] gnu: libraw: Update to 0.17.2.
>> 
>> * gnu/packages/photo.scm (libraw): Update to 0.17.2.
>
> Thank you for catching this and sending a patch!
>
> I added the CVE IDs to the commit message and pushed as
> b280e67ca6f62c176c72439df4533a9737b9130a.
>
>> I think we really need a security tracker as suggested earlier (by Leo I
>> think), because the bug was disclosed in Dec 2015, so our libraw is
>> being vulnerable for 3/4 year, which is pretty scary!
>
> Did I suggest that? I don't usually suggest creating new infrastructure
> :)
>
Ok. It must be someone else suggesting creating a website... :)

> If we had a security tracker that is as good as Debian's, I would be
> thrilled. I look at their tracker almost daily. On the other hand, there
> are parts of Debian's web infrastructure that seem to be "crumbling" —
> dead links et cetera. I'm loathe to add non-automated infrastructure to
> Guix if we can't support it properly. I'd rather lack the infrastructure
> than have it half-baked.
>
> For now I use `guix lint -c cve` and my mailing list / bug tracker
> subscriptions.
>
> By the way, `guix lint -c cve` didn't report these two bugs because they
> are still not "disclosed" in the database from which we pull our CVE
> information [0]:
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8366
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8367
>
> That's why it's important for Guix developers / users to pay attention
> to the upstream development of packages they are interested in. Until
> upstream security fixes can be reliably detected by an automated system,
> there are no substitutes for human attention, only complements.
>
> [0]
> http://git.savannah.gnu.org/cgit/guix.git/tree/guix/cve.scm#n41

Thanks for explaining the current situation. I don't know about
`guix lint -c cve`. It reports many CVE vulnerabilities. How does it
knows if a particular vulnerability is fixed by a patch?


signature.asc
Description: PGP signature

Re: node is failing

[Pjotr Prins]

On Thu, Oct 13, 2016 at 10:55:26PM +, ng0 wrote:
> I know many things are failing right now, but I do not have enough
> knowledge of node to understand why the test suite fails suddenly. Maybe
> some dependency needed only for the test which is failing before node?
> 
> 
> === release test-tls-alpn-server-client ===   
>  
> Path: parallel/test-tls-alpn-server-client
> assert.js:90
>   throw new assert.AssertionError({
>   ^
> AssertionError: 'first-priority-unsupported' === false
> at checkResults 
> (/tmp/guix-build-node-6.0.0.drv-0/node-v6.0.0/test/parallel/test-tls-alpn-server-client.js:32:10)
> at 
> /tmp/guix-build-node-6.0.0.drv-0/node-v6.0.0/test/parallel/test-tls-alpn-server-client.js:101:5
> at TLSSocket. 
> (/tmp/guix-build-node-6.0.0.drv-0/node-v6.0.0/test/parallel/test-tls-alpn-server-client.js:66:9)
> at TLSSocket.g (events.js:286:16)
> at emitNone (events.js:86:13)
> at TLSSocket.emit (events.js:185:7)
> at TLSSocket. (_tls_wrap.js:1072:16)
> at emitNone (events.js:86:13)
> at TLSSocket.emit (events.js:185:7)
> at TLSSocket._finishInit (_tls_wrap.js:580:8)
> Command: out/Release/node 
> /tmp/guix-build-node-6.0.0.drv-0/node-v6.0.0/test/parallel/test-tls-alpn-server-client.js
> [01:28|% 100|+ 1077|-   1]: Done  
>  
> make: *** [Makefile:118: test] Error 1

libtls updates have been cause for more errors the last months. I suggest
disabling this test for now. Someone posted a patch for a node update
earlier, but that also has errors - trying to use network sockets in a
test.

The sane thing to do here is upgrade to the latest patch and disable
the few failing tests. Node has been broken in Guix since late July -
and that is not good. This is an important package.

Pj.

Re: [PATCH] Update networkmanager+nm-applet

[ng0]

ng0  writes:

>  [PATCH 1/2] gnu: network-manager: Update to 1.4.2.
>  [PATCH 2/2] gnu: network-manager-applet: Update to 1.4.2.
>
> Update to 1.4.2 for both, nm-applet is build without WWAN support until we 
> have glib updated to 2.50,
> which should be done in core-updates if it isn't already being worked on.
>
>

After updating the nm pair, someone could try the service and see if
there was improvement over the 1.2.x state.

Re: [SECURITY] [PATCH] gnu: libraw: Update to 0.17.2.

[Leo Famulari]

On Fri, Oct 14, 2016 at 10:02:58PM +0800, Alex Vong wrote:
> Hi,
> 
> I find out that our libraw (0.17.0) is vulnerable to CVE-2015-{8366,
> 8367}[0], which is fixed in 0.17.1[1]. The patch below updates libraw to
> 0.17.2.
> 

> From 4618436db68adbb74f01eb8e771a448cd20e415f Mon Sep 17 00:00:00 2001
> From: Alex Vong 
> Date: Fri, 14 Oct 2016 21:45:47 +0800
> Subject: [PATCH] gnu: libraw: Update to 0.17.2.
> 
> * gnu/packages/photo.scm (libraw): Update to 0.17.2.

Thank you for catching this and sending a patch!

I added the CVE IDs to the commit message and pushed as
b280e67ca6f62c176c72439df4533a9737b9130a.

> I think we really need a security tracker as suggested earlier (by Leo I
> think), because the bug was disclosed in Dec 2015, so our libraw is
> being vulnerable for 3/4 year, which is pretty scary!

Did I suggest that? I don't usually suggest creating new infrastructure
:)

If we had a security tracker that is as good as Debian's, I would be
thrilled. I look at their tracker almost daily. On the other hand, there
are parts of Debian's web infrastructure that seem to be "crumbling" —
dead links et cetera. I'm loathe to add non-automated infrastructure to
Guix if we can't support it properly. I'd rather lack the infrastructure
than have it half-baked.

For now I use `guix lint -c cve` and my mailing list / bug tracker
subscriptions.

By the way, `guix lint -c cve` didn't report these two bugs because they
are still not "disclosed" in the database from which we pull our CVE
information [0]:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8366
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8367

That's why it's important for Guix developers / users to pay attention
to the upstream development of packages they are interested in. Until
upstream security fixes can be reliably detected by an automated system,
there are no substitutes for human attention, only complements.

[0]
http://git.savannah.gnu.org/cgit/guix.git/tree/guix/cve.scm#n41


signature.asc
Description: PGP signature

Security bugs in freeimage bundled libraries [was Re: 01/02: gnu: freeimage: Fix CVE-2016-5684.]

[Leo Famulari]

On Fri, Oct 14, 2016 at 10:44:05AM +, Efraim Flashner wrote:
> efraim pushed a commit to branch master
> in repository guix.
> 
> commit 76e8566c1b3c4876d649e712a5c8c473fd48d134
> Author: Efraim Flashner 
> Date:   Fri Oct 14 11:28:21 2016 +0300
> 
> gnu: freeimage: Fix CVE-2016-5684.
> 
> * gnu/packages/image.scm (freeimage)[source]: Add patch.
> * gnu/packages/patches/freeimage-CVE-2016-5684.patch: New file.
> * gnu/local.mk (dist_patch_DATA): Register it.
> ---
>  gnu/local.mk   |1 +
>  gnu/packages/image.scm |3 +-
>  gnu/packages/patches/freeimage-CVE-2016-5684.patch |   34 
> 
>  3 files changed, 37 insertions(+), 1 deletion(-)

Efraim pointed out on IRC that our freeimage packages bundles many
3rd-party libraries:

$ ls -1 FreeImage/Source
CacheFile.h
DeprecationManager
FreeImage
FreeImage.h
FreeImageIO.h
FreeImageLib
FreeImageToolkit
LibJPEG
LibJXR
LibOpenJPEG
LibPNG
LibRawLite
LibTIFF4
LibWebP
MapIntrospector.h
Metadata
OpenEXR
Plugin.h
Quantizers.h
ToneMapping.h
Utilities.h
ZLib

Debian has a patch to make it use "system" copies of the libraries:

https://anonscm.debian.org/cgit/debian-science/packages/freeimage.git/tree/debian/patches/Disable-vendored-dependencies.patch?h=debian/sid

For now, our freeimage package is probably vulnerable to many publicly
disclosed security bugs.

Who volunteers to try fixing this?

[PATCH 1/2] gnu: network-manager: Update to 1.4.2.

[ng0]

* gnu/packages/gnome.scm (network-manager): Update to 1.4.2.
---
 gnu/packages/gnome.scm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm
index 2b75781..db34d38 100644
--- a/gnu/packages/gnome.scm
+++ b/gnu/packages/gnome.scm
@@ -4354,7 +4354,7 @@ users.")
 (define-public network-manager
   (package
 (name "network-manager")
-(version "1.2.0")
+(version "1.4.2")
 (source (origin
   (method url-fetch)
   (uri (string-append "mirror://gnome/sources/NetworkManager/"
@@ -4362,7 +4362,7 @@ users.")
   "NetworkManager-" version ".tar.xz"))
   (sha256
(base32
-"101axwk3bc1pm9m98vwrnxyjna6w0qgzaskgivldq69xz8qcyiz9"
+"016jc21mwjxvnfiblp5lji55sr8aq6w8a08fsjmqvnpnvm3y6r58"
 (build-system gnu-build-system)
 (outputs '("out"
"doc")) ; 8 MiB of gtk-doc HTML
-- 
2.10.1

[PATCH] Update networkmanager+nm-applet

[ng0]

 [PATCH 1/2] gnu: network-manager: Update to 1.4.2.
 [PATCH 2/2] gnu: network-manager-applet: Update to 1.4.2.

Update to 1.4.2 for both, nm-applet is build without WWAN support until we have 
glib updated to 2.50,
which should be done in core-updates if it isn't already being worked on.

[PATCH 2/2] gnu: network-manager-applet: Update to 1.4.2.

[ng0]

* gnu/packages/gnome.scm (network-manager-applet): Update to 1.4.2.
---
 gnu/packages/gnome.scm | 12 
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm
index db34d38..7ce7cc2 100644
--- a/gnu/packages/gnome.scm
+++ b/gnu/packages/gnome.scm
@@ -4472,7 +4472,7 @@ services.")
 (define-public network-manager-applet
   (package
 (name "network-manager-applet")
-(version "1.2.0")
+(version "1.4.2")
 (source (origin
   (method url-fetch)
   (uri (string-append "mirror://gnome/sources/" name "/"
@@ -4480,9 +4480,12 @@ services.")
   name "-" version ".tar.xz"))
   (sha256
(base32
-"0dhvk3dvy6djn6blpkv46dn6yfh28wsh6mpl0v53qxfip97j8kwk"
+"16a43sl9aijmvxbb08hbjqyjnlshj8dckycbgi9nm333fr47n6s3"
 (build-system glib-or-gtk-build-system)
-(arguments '(#:configure-flags '("--disable-migration")))
+;; TODO: WWAN support supposedly requires an update of glibmm which in turn
+;; requires an update of the its dependencies (glib and others).
+(arguments '(#:configure-flags '("--disable-migration"
+ "--without-wwan")))
 (native-inputs
  `(("intltool" ,intltool)
("gobject-introspection" ,gobject-introspection)
@@ -4496,7 +4499,8 @@ services.")
  `(("iso-codes" ,iso-codes)
("libgudev" ,libgudev)
("libnotify" ,libnotify)
-   ("libsecret" ,libsecret)))
+   ("libsecret" ,libsecret)
+   ("jansson" ,jansson))) ; For team support
 (synopsis "Applet for managing network connections")
 (home-page "http://www.gnome.org/projects/NetworkManager/;)
 (description
-- 
2.10.1

Re: [core-updates]: cycle detected in the references of ...gtk+-3.20.9-bin

[John Darrington]

On Fri, Oct 14, 2016 at 11:03:59PM +0800, ? wrote:
 
 >> [...]
 >> Move all the 3 desktop files into 'bin' output should work.  (I could
 >> patch that next day, but won't be able to test it due to slow
 >> substitute/download/build speed though.)
 >
 > That should work.  You can post the patch here so we can test, if you
 > want.
 
 Sure, here is it:

Where?
 


-- 
Avoid eavesdropping.  Send strong encrypted email.
PGP Public key ID: 1024D/2DE827B3 
fingerprint = 8797 A26D 0854 2EAB 0285  A290 8A67 719C 2DE8 27B3
See http://sks-keyservers.net or any PGP keyserver for public key.



signature.asc
Description: Digital signature

Re: Developing libraries for the GNU system with Guix

[Ricardo Wurmus]

Ludovic Courtès  writes:

> Again to make this more convenient, I thought we could have a
> --with-graft option, which would work like --with-input except that it
> would graft the new Z onto A/B/C instead of rebuilding them.

This is a good idea!

~~ Ricardo

Re: Finding dependency cycles

[Ricardo Wurmus]

Danny Milosavljevic  writes:

> Hi,
>
> so I'm trying to untangle the matplotlib -> ipython dependency cycle.
>
> Unfortunately, guix error message isn't really helpful in finding out what it 
> was.
>
> It says

[…]

Hmm, that really isn’t pretty.  Could you share your changes maybe?

FWIW, I still have an ancient branch that updates our ipython package to
version 4, but it needs some work to rebase onto master.

~~ Ricardo

Re: [core-updates]: cycle detected in the references of ...gtk+-3.20.9-bin

[Leo Famulari]

On Fri, Oct 14, 2016 at 11:03:59PM +0800, 宋文武 wrote:
> 
> >> [...]
> >> Move all the 3 desktop files into 'bin' output should work.  (I could
> >> patch that next day, but won't be able to test it due to slow
> >> substitute/download/build speed though.)
> >
> > That should work.  You can post the patch here so we can test, if you
> > want.
> 
> Sure, here is it:
> 

> From 4746292d8a672dbc3ea8d058baf6239974d92103 Mon Sep 17 00:00:00 2001
> From: =?UTF-8?q?=E5=AE=8B=E6=96=87=E6=AD=A6?= 
> Date: Fri, 14 Oct 2016 22:57:53 +0800
> Subject: [PATCH] gnu: gtk+: Move desktop files into "bin" output.
> 
> * gnu/packages/gtk.scm (gtk+)[arguments]: Add 'move-desktop-files' phase.

Thanks, this works for me! With this patch, `guix system build` passed
the point where it previously failed.