Re: [PATCH] gnu: Update sunxi-tools to 1.4

On Wed, Oct 26, 2016 at 11:21:32PM +0200, Danny Milosavljevic wrote: --- gnu/packages/admin.scm | 14 +- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm index d9b08ef..856d946 100644 ---

Re: Providing an alternative to setuid in GuixSD

l...@gnu.org (Ludovic Courtès) writes: > Well, the kernel Linux will forever support setuid binaries That can be selectively turned off per-mount, simply specify the nosuid option. And so eventually we can get to a point where setuid is a Linux build configuration option, which distros can turn

Re: [PATCH] gnu: mupdf: Fix CVE-2016-8674.

Ludovic Courtès writes: >> From c51f44edf3293aae323eded49dcba750f54607cb Mon Sep 17 00:00:00 2001 >> From: Marius Bakke >> Date: Wed, 26 Oct 2016 06:39:34 +0100 >> Subject: [PATCH] gnu: mupdf: Modify CVE-2016-8674 patch to apply to 1.9a. >> >> The fix from

Re: Guix on clusters and in HPC

- non-root usage + file system virtualization needed * map ~/.local/gnu/store to /gnu/store * user name spaces? * [[https://github.com/proot-me/PRoot/][PRoot]]? but performance problems? * common interface, like “guix enter” spawns a shell where /gnu/store is

Re: [PATCH 2/2] services: Add 'cuirass-service'.

Hello David, David Craven writes: > Do we need to export all of these? > > +cuirass-configuration-cache-directory > +cuirass-configuration-group > +cuirass-configuration-interval > +cuirass-configuration-database > +

[PATCH] gnu: r: Use uname from Guix

Dear Guix, When running R, it executes a wrapper script that relies on @code{uname} to be available in PATH: > R_HOME_DIR=/gnu/store/dz83xhn43qc2dpdrja8mhx78l7qffqvq-r-3.3.0/lib/R > if test "${R_HOME_DIR}" = > "/gnu/store/dz83xhn43qc2dpdrja8mhx78l7qffqvq-r-3.3.0/lib/R"; then >case

Re: [PATCH 2/2] services: Add 'cuirass-service'.

On Wed, Oct 26, 2016 at 03:05:58PM +0200, Mathieu Lirzin wrote: > > * gnu/services/cuirass.scm: New file. > * gnu/local.mk (GNU_SYSTEM_MODULES): Add it. > * doc/guix.texi (Continuous integration): New node. > +In order to add build jobs you will have to set the > +@code{specifications} field.

Re: [PATCH 0/2] gnu: Add libpcsclite

Marius: Thanks for your mentoring on this. :) On Mon, Oct 24, 2016 at 17:21:18 +0100, Marius Bakke wrote: > I'll continue working on getting ccid integrated and eventually make a > pcscd service for GuixSD. Is there anything you'd like help on? I'd be happy to test whatever you come up with as

Re: [PATCH] gnu: mupdf: Fix CVE-2016-8674.

Kei Kebreau writes: > Is it frowned upon to revert that commit on its own (it's the third to > last commit as I write this), or should I attempt to patch on top of it? I've modified the patch to apply to 1.9a, but it was far from trivial due to many context changes in

Re: Providing an alternative to setuid in GuixSD

Ludovic Courtès writes: > SSH is a complex protocol and its implementations are complex too. I > would find it unreasonable to replace ‘su’ and ‘sudo’ with something > this complex, that goes through the TCP/IP stack, etc. I agree. We could maybe have a pseudo-sudo service that is built just

Re: [PATCH 2/3] gnu: Add hidapi.

David Craven writes: > I don't think we need this: > > (arguments > + '(#:phases > + (modify-phases %standard-phases > + (add-before 'configure 'bootstrap > +(lambda _ > + (system* "./bootstrap") > + #t) > >> +

Re: #!/usr/bin/env in containers, or something

Ludovic Courtès writes: > Christopher Allan Webber skribis: > >> I'm currently looking at building a version of coreboot. Unfortunately, >> the mortal enemy of every GuixSD user, #!/usr/bin/env, lurks around >> every corner. >> >> Wingo made an interesting suggestion on

Re: [PATCH] gnu: Add lci.

On Sat, Oct 15, 2016 at 09:01:00PM +, ng0 wrote: > From: ng0 > > * gnu/packages/lolcode.scm: New file. > * gnu/local.mk (GNU_SYSTEM_MODULES): Add it. > --- > gnu/local.mk | 1 + > gnu/packages/lolcode.scm | 60 >

Re: Web site news to move to Haunt

Ludovic Courtès writes: > Hello Guix! > > In the ‘wip-haunt’ branch of guix-artwork.git, I started switching the > web site to use Haunt, as was suggested long ago: > > https://lists.gnu.org/archive/html/guix-devel/2015-11/msg00087.html > > The goal is to manage news using Haunt, and to have a

Re: Providing an alternative to setuid in GuixSD

Christopher Allan Webber writes: > So, you're running psudo, and this thing maybe accepts connections over > something more secure, *maybe* unix domain sockets... so restrict group > access to the socket to users in the "psudo" group. > > From there, maybe it could require

[PATCH] gnu: icecat: Enable gtk3 support.

* gnu/packages/gnuzilla.scm (icecat)[inputs]: Add gtk+. [arguments]: Use --enable-default-toolkit=cairo-gtk3. Force light gtk theme in desktop file to avoid unreadable input fields. --- gnu/packages/gnuzilla.scm | 11 --- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git

Re: Guix on clusters and in HPC

Hi! Eric Bavier skribis: >> - non-root usage > > The Singularity project advertises that it does not use a root-owned > daemon http://singularity.lbl.gov/about#no-root-owned-daemon-processes > but it does not in the same section explain that it uses a setuid >

Re: [PATCH 2/3] gnu: Add hidapi.

> There is no configure script in the release tarball, so I think we > either need this or: Ah ok then... (zero? (system* "autoreconf" "-vfi")) might be nicer than (system* "./bootstrap.sh") but doesn't really matter. I thought that when you create a tarball with `make dist` the configure file is

Web site news to move to Haunt

Hello Guix! In the ‘wip-haunt’ branch of guix-artwork.git, I started switching the web site to use Haunt, as was suggested long ago: https://lists.gnu.org/archive/html/guix-devel/2015-11/msg00087.html The goal is to manage news using Haunt, and to have a page to display them on the web site,

Re: Guix website

Hi, ren...@openmailbox.org skribis: > The Guix website(Packages), appears updated with the date: October 14, > 2016. > > https://www.gnu.org/software/guix/packages/ Thanks, this is now fixed (commit 19262a718e97d6ebc782c8dc7e53d04cfb5f794d). This was caused by an invalid ‘license’ field in a

[PATCH] gnu: yubico.scm: Rename to security-token.scm.

This is an attempt to make it generic enough for middleware and drivers such as pcsc-lite and ccid, in addition to tools for other devices. Other options include "authentication.scm", "auth-token.scm", "security.scm" and a lot more.. What do you think? >From

Re: [PATCH 1/1] gnu: offlineimap: Install documentation.

Marius Bakke skribis: > * gnu/packages/mail.scm (offlineimap)[native-inputs]: Add asciidoc and > libxslt. > [arguments]: Add phases 'build-documentation' and > 'install-documentation' to build and install manpages. Also remove > unneeded key 'inputs' from 'wrap-binary'

Re: [PATCH] gnu: yubico.scm: Rename to security-token.scm.

Marius Bakke skribis: > This is an attempt to make it generic enough for middleware and drivers > such as pcsc-lite and ccid, in addition to tools for other devices. Good idea. > Other options include "authentication.scm", "auth-token.scm", > "security.scm" and a lot

Re: [PATCH] gnu: mupdf: Fix CVE-2016-8674.

Kei Kebreau writes: > Mark H Weaver writes: > >> Leo Famulari writes: >> >>> On Tue, Oct 25, 2016 at 12:53:28PM -0400, Kei Kebreau wrote: Fix for

Re: [PATCH] gnu: yubico.scm: Rename to security-token.scm.

Marius Bakke writes: > diff --git a/gnu/local.mk b/gnu/local.mk > index ff2d976..cd6c715 100644 > --- a/gnu/local.mk > +++ b/gnu/local.mk > @@ -325,6 +325,7 @@ GNU_SYSTEM_MODULES = \ >%D%/packages/scsi.scm \ >

Re: [PATCH] gnu: notmuch: Update to 0.23.1.

Marius Bakke skribis: > If you can read this message, this seems to work for me.. ;) A good test. :-) > From afb9160f1968447c318aa0f2508de2ab396ce1ba Mon Sep 17 00:00:00 2001 > From: Marius Bakke > Date: Tue, 25 Oct 2016 20:10:35 +0100 > Subject:

Re: [PATCH] gnu: Add python2-pathlib2.

On Thu, Oct 13, 2016 at 11:45:13AM +0200, Hartmut Goebel wrote: > Adding only the Python 2 variant, since for Python 3 our minimum version > is 3.4 which already includes this package as part of the standard library. > > gnu/packages/python.scm (python2-pathlib2): New variable. > --- >

[PATCH 2/2] services: Add 'cuirass-service'.

* gnu/services/cuirass.scm: New file. * gnu/local.mk (GNU_SYSTEM_MODULES): Add it. * doc/guix.texi (Continuous integration): New node. --- doc/guix.texi| 86 +++ gnu/local.mk | 1 + gnu/services/cuirass.scm | 128

[PATCH 1/2] gnu: Add Cuirass.

* gnu/packages/ci.scm (cuirass): New variable. Co-authored-by: Jan Nieuwenhuizen --- gnu/packages/ci.scm | 51 +++ 1 file changed, 51 insertions(+) diff --git a/gnu/packages/ci.scm b/gnu/packages/ci.scm index 3f54ff1..3cacc23

[PATCH 0/2] Cuirass package + service.

Hello, Here is a package definition and service for Cuirass. As documented both in the second patch, the service is not really useful as it is. TL;DR Cuirass needs to be launched the first time with the "--specifications" option and then without it, because it has a side effect on the database.

Re: [PATCH 4/4] gnu: Add psyced.

On Tue, Oct 04, 2016 at 08:34:29AM +, ng0 wrote: > * gnu/packages/psyc.scm (psyced): New variable. > --- > gnu/packages/psyc.scm | 103 > ++ > 1 file changed, 103 insertions(+) > > diff --git a/gnu/packages/psyc.scm b/gnu/packages/psyc.scm >

Re: Display diffs between generations.

Benz Schenk skribis: > On Tue, 25 Oct 2016 18:01:23 +0200 > Roel Janssen wrote: [...] >> There's only one thing: >> Would it make more sense to stick to the chronology of the generations >> (sorting them before displaying them)? > > IMO it's useful to see the

Re: Guix on clusters and in HPC

Hi, myglc2 skribis: > The scheduler that I am most familiar with, SGE, supports the > proposition that compute hosts are heterogeneous and that they each have > a fixed software and/or hardware configuration. As a result, users need > to specify resources, such as SW packages

Re: half-package of autossh

Christopher Allan Webber skribis: > From c718ca3986750c255a58b87d9e6805e56c1ffc72 Mon Sep 17 00:00:00 2001 > From: Christopher Allan Webber > Date: Mon, 8 Feb 2016 16:01:49 -0800 > Subject: [PATCH] gnu: Add autossh. > > * gnu/packages/ssh.scm

Re: Guix on clusters and in HPC

Ricardo Wurmus skribis: > Ludovic Courtès writes: > >> Your thoughts about the point about Galaxy? > > I talked to one of the Galaxy core developers at a conference and they > told me they have implemented Docker support recently. Essentially, > they build

Re: Workflow management with GNU Guix

Roel Janssen skribis: > I realize I never shared my proof-of-concept implementation. I attached > my motivations for having a workflow language in Guix, and my code. Nice work, thanks for sharing! > The subcommand "guix workflow" does not work (yet) here. I currently > execute

Re: [PATCH 3/3] gnu: Add openocd.

Hi Theodoros, Do we really need this patch? Is there a reason why it hasn't been upstreamed yet? (add-before 'configure 'bootstrap + (lambda _ + (system* "aclocal") + (system* "libtoolize" "--automake" "--copy") + (system* "autoconf") +

Re: #!/usr/bin/env in containers, or something

Christopher Allan Webber skribis: > I'm currently looking at building a version of coreboot. Unfortunately, > the mortal enemy of every GuixSD user, #!/usr/bin/env, lurks around > every corner. > > Wingo made an interesting suggestion on IRC today: maybe we could have >

Re: [PATCH 2/3] gnu: Add hidapi.

I don't think we need this: (arguments + '(#:phases + (modify-phases %standard-phases + (add-before 'configure 'bootstrap +(lambda _ + (system* "./bootstrap") + #t) > +(native-inputs `(("autoconf" ,autoconf)

Re: Providing an alternative to setuid in GuixSD

Hello! sba...@catern.com skribis: > == Why remove setuid binaries? == > > setuid binaries are problematic for two reasons: > > 1. Each binary is an attack surface which is frequently exploited by >attackers for local privilege escalation. So getting rid of them >would improve security. >

Re: [PATCH] gnu: mupdf: Fix CVE-2016-8674.

Marius Bakke skribis: > I've modified the patch to apply to 1.9a, but it was far from trivial > due to many context changes in upstream git. The attached patch makes > mupdf build at least, and viewing PDF still works... > > The interdiff is rather unintelligible, so to

Re: Display diffs between generations.

Benz Schenk writes: > On Tue, 25 Oct 2016 18:01:23 +0200 > Roel Janssen wrote: > >> Ludovic Courtès writes: >> >> > Hi! >> > >> > Benz Schenk skribis: >> > >> >> On Fri, 21 Oct 2016 11:37:00 +0200 >> >> Roel Janssen wrote: >> > >> > [...]

Re: workin on openvpn service

Hello! Julien Lepiller skribis: > I'm currently writing an openvpn service. Here is the patch (wip). It > works for the client part, I didn't test the server part yet (but it > generates a configuration file). Sounds useful! > First, how could I make openvpn-config-file

Re: Guix on clusters and in HPC

myglc2 writes: > While SGE is dated and can be a bear to use, it provides a useful > yardstick for HPC/Cluster functionality. So it is useful to consider how > Guix(SD) might impact this model. Presumably a defining characteristic > of GuixSD clusters is that the software

Re: [PATCH 1/3] gnu: Add gdb-arm-none-eabi.

LGTM!

Re: Guix world tour

l...@gnu.org (Ludovic Courtès) skribis: > Amirouche Boubekki skribis: > >> On Fri, Sep 30, 2016 at 11:45 AM Ludovic Courtès wrote: >> >>> The CUFP talk was in this very nice room with 60 people or so. I >>> focused on why and how we use Scheme

Re: Display diffs between generations.

On Tue, 25 Oct 2016 18:01:23 +0200 Roel Janssen wrote: > Ludovic Courtès writes: > > > Hi! > > > > Benz Schenk skribis: > > > >> On Fri, 21 Oct 2016 11:37:00 +0200 > >> Roel Janssen wrote: > > > > [...] > > > [...] > >> > >> I adapted

Re: [PATCH] gnu: icecat: Enable gtk3 support.

David Craven writes: > * gnu/packages/gnuzilla.scm (icecat)[inputs]: Add gtk+. > [arguments]: Use --enable-default-toolkit=cairo-gtk3. Force light > gtk theme in desktop file to avoid unreadable input fields. > --- > gnu/packages/gnuzilla.scm | 11 --- > 1 file

[PATCH v2 2/3] gnu: Add hidapi.

* gnu/packages/hidapi.scm: New file. * gnu/local.mk (GNU_SYSTEM_MODULES): Add it. --- gnu/local.mk| 1 + gnu/packages/hidapi.scm | 63 + 2 files changed, 64 insertions(+) create mode 100644 gnu/packages/hidapi.scm diff --git

Re: [PATCH 1/2] gnu: Add Cuirass.

LGTM!

Re: [PATCH 2/2] services: Add 'cuirass-service'.

Hi Mathieu, Do we need to export all of these? +cuirass-configuration-cache-directory +cuirass-configuration-group +cuirass-configuration-interval +cuirass-configuration-database +cuirass-configuration-specifications +

Re: Workflow management with GNU Guix

Ludovic Courtès writes: > Roel Janssen skribis: > >> I realize I never shared my proof-of-concept implementation. I attached >> my motivations for having a workflow language in Guix, and my code. > > Nice work, thanks for sharing! > >> The subcommand "guix workflow" does not work

Re: [PATCH 0/1] Perl-www-curl: Fix build failure

On Tue, Oct 25, 2016 at 08:01:30PM +0100, Marius Bakke wrote: > Leo Famulari writes: > > > This fixes the build failure of perl-www-curl build on core-updates: > > https://hydra.gnu.org/build/1553325/nixlog/2 > > > > The patch is copied from the upstream bug tracker, but the

[PATCH] gnu: Update sunxi-tools to 1.4

--- gnu/packages/admin.scm | 14 +- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm index d9b08ef..856d946 100644 --- a/gnu/packages/admin.scm +++ b/gnu/packages/admin.scm @@ -1859,14 +1859,14 @@ Kerberos and Heimdal and

Re: half-package of autossh

Ludovic Courtès writes: > Christopher Allan Webber skribis: > >> From c718ca3986750c255a58b87d9e6805e56c1ffc72 Mon Sep 17 00:00:00 2001 >> From: Christopher Allan Webber >> Date: Mon, 8 Feb 2016 16:01:49 -0800 >> Subject: [PATCH] gnu: Add autossh.