diff options
| author | Ting-Wei Lan | 2021-03-02 00:44:59 +0800 |
|---|---|---|
| committer | Ting-Wei Lan | 2021-03-02 00:44:59 +0800 |
| commit | a02116f66d91f8c4357772005ad8d5c592642b5f (patch) | |
| tree | 75bc27553e087940ead76f1a2bc3b3cc2c578f0f | |
| parent | 33a5149b43b05cc0ef75f0f7bf00099b7d1f3a4d (diff) | |
| download | aur-a02116f66d91f8c4357772005ad8d5c592642b5f.tar.gz | |
guix: 1.1.0 -> 1.2.0
| -rw-r--r-- | .SRCINFO | 42 | ||||
| -rw-r--r-- | PKGBUILD | 58 | ||||
| -rw-r--r-- | guix-1.2.0-guile-json-4.5.patch | 65 | ||||
| -rw-r--r-- | guix-1.2.0-json-crate.patch | 84 | ||||
| -rw-r--r-- | guix-1.2.0-json-cve-swh.patch | 44 | ||||
| -rw-r--r-- | guix-1.2.0-revert-verify-swh-certificate.patch | 159 |
6 files changed, 420 insertions, 32 deletions
@@ -1,38 +1,50 @@ pkgbase = guix pkgdesc = A purely functional package manager for the GNU system - pkgver = 1.1.0 - pkgrel = 2 - url = https://www.gnu.org/software/guix/ + pkgver = 1.2.0 + pkgrel = 1 + url = https://guix.gnu.org install = guix.install arch = x86_64 arch = i686 arch = armv7h license = GPL3 + makedepends = guile-ssh>=0.13.0 + makedepends = guile-zstd + makedepends = guile-semver makedepends = bash-completion makedepends = fish - makedepends = guile-json3 - makedepends = guile-ssh>=0.10.2 makedepends = help2man makedepends = po4a depends = guile>=2.2.4 - depends = guile-gcrypt - depends = guile-git-lib - depends = guile-sqlite3 + depends = guile-gcrypt>=0.1.0 + depends = guile-sqlite3>=0.1.0 + depends = guile-zlib + depends = guile-lzlib + depends = guile-avahi + depends = guile-git-lib>=0.3.0 + depends = guile-json>=4.3.0 depends = sqlite>=3.6.19 depends = bzip2 depends = gnutls depends = libgcrypt - depends = lzlib - depends = zlib optdepends = bash-completion: to enable bash programmable completion - optdepends = guile-json3: to import packages from cpan, gem, pypi optdepends = guile-ssh: to offload builds to other machines + optdepends = guile-zstd: to use and publish zstd substitutes + optdepends = guile-semver: to use the crate importer options = !strip - source = https://ftp.gnu.org/gnu/guix/guix-1.1.0.tar.gz - source = https://ftp.gnu.org/gnu/guix/guix-1.1.0.tar.gz.sig + source = https://ftp.gnu.org/gnu/guix/guix-1.2.0.tar.gz + source = https://ftp.gnu.org/gnu/guix/guix-1.2.0.tar.gz.sig + source = guix-1.2.0-json-cve-swh.patch + source = guix-1.2.0-json-crate.patch + source = guix-1.2.0-guile-json-4.5.patch + source = guix-1.2.0-revert-verify-swh-certificate.patch validpgpkeys = 3CE464558A84FDC69DB40CFB090B11993D9AEBB5 - sha256sums = 5c59106ff4ac497c6097686834b0c914109cf5e44eb6b94ebce818923043640f - sha256sums = 0416a733ba9b4410897d744a24388a43ba11bd8c427c7d08e649c8875119333d + sha256sums = 5ecdf7ced25b1fb0ca7c57e794b7b60c8a7adcb15261dec2af37925c838c6d74 + sha256sums = e278e3aba3fe9acd35aa6586933d940f0c847ccfb6d1370cb5c4f754732d2fb6 + sha256sums = 39fba6b74fcc97155f0e81c603d3e0a0dcc17ce8070faa47dec5bd637383aedd + sha256sums = 1b62d816090305ce5e5742813341409aa7b68157cc1c3cfc0b0fff3a583d2762 + sha256sums = 837def9c966f14e29291dfac6c8c642d8b64eda46458605bef6416a155d5ba4e + sha256sums = 921c6fd2849c38d93e1f23e5d1f582889e2fc705c1827702bddecede3344088b pkgname = guix @@ -6,43 +6,67 @@ # gpg --recv-keys 3CE464558A84FDC69DB40CFB090B11993D9AEBB5 pkgname=guix -pkgver=1.1.0 -pkgrel=2 -pkgdesc="A purely functional package manager for the GNU system" +pkgver=1.2.0 +pkgrel=1 +pkgdesc='A purely functional package manager for the GNU system' arch=('x86_64' 'i686' 'armv7h') -url="https://www.gnu.org/software/guix/" +url='https://guix.gnu.org' license=('GPL3') options=('!strip') makedepends=( + 'guile-ssh>=0.13.0' + 'guile-zstd' + 'guile-semver' 'bash-completion' 'fish' - 'guile-json3' - 'guile-ssh>=0.10.2' 'help2man' 'po4a') depends=( 'guile>=2.2.4' - 'guile-gcrypt' - 'guile-git-lib' - 'guile-sqlite3' + 'guile-gcrypt>=0.1.0' + 'guile-sqlite3>=0.1.0' + 'guile-zlib' + 'guile-lzlib' + 'guile-avahi' + 'guile-git-lib>=0.3.0' + 'guile-json>=4.3.0' 'sqlite>=3.6.19' 'bzip2' 'gnutls' - 'libgcrypt' - 'lzlib' - 'zlib') + 'libgcrypt') optdepends=( 'bash-completion: to enable bash programmable completion' - 'guile-json3: to import packages from cpan, gem, pypi' - 'guile-ssh: to offload builds to other machines') + 'guile-ssh: to offload builds to other machines' + 'guile-zstd: to use and publish zstd substitutes' + 'guile-semver: to use the crate importer') source=( - "https://ftp.gnu.org/gnu/${pkgname}/${pkgname}-${pkgver}.tar.gz"{,.sig}) + "https://ftp.gnu.org/gnu/${pkgname}/${pkgname}-${pkgver}.tar.gz"{,.sig} + 'guix-1.2.0-json-cve-swh.patch' + 'guix-1.2.0-json-crate.patch' + 'guix-1.2.0-guile-json-4.5.patch' + 'guix-1.2.0-revert-verify-swh-certificate.patch') install="${pkgname}.install" sha256sums=( - '5c59106ff4ac497c6097686834b0c914109cf5e44eb6b94ebce818923043640f' - '0416a733ba9b4410897d744a24388a43ba11bd8c427c7d08e649c8875119333d') + '5ecdf7ced25b1fb0ca7c57e794b7b60c8a7adcb15261dec2af37925c838c6d74' + 'e278e3aba3fe9acd35aa6586933d940f0c847ccfb6d1370cb5c4f754732d2fb6' + '39fba6b74fcc97155f0e81c603d3e0a0dcc17ce8070faa47dec5bd637383aedd' + '1b62d816090305ce5e5742813341409aa7b68157cc1c3cfc0b0fff3a583d2762' + '837def9c966f14e29291dfac6c8c642d8b64eda46458605bef6416a155d5ba4e' + '921c6fd2849c38d93e1f23e5d1f582889e2fc705c1827702bddecede3344088b') validpgpkeys=('3CE464558A84FDC69DB40CFB090B11993D9AEBB5') +prepare() { + cd "${srcdir}/${pkgname}-${pkgver}" + local source_file + for source_file in "${source[@]}"; do + case "${source_file}" in + *.patch) + patch -p1 < "${srcdir}/${source_file}" + ;; + esac + done +} + build() { local bash_completion_dir="$(pkg-config --variable=completionsdir bash-completion)" local fish_completion_dir="$(pkg-config --variable=completionsdir fish)" diff --git a/guix-1.2.0-guile-json-4.5.patch b/guix-1.2.0-guile-json-4.5.patch new file mode 100644 index 000000000000..07f7140189bc --- /dev/null +++ b/guix-1.2.0-guile-json-4.5.patch @@ -0,0 +1,65 @@ +From 3d43b7aef3d5b7ad2ba0418d2afd657e5fedeaf5 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@gnu.org> +Date: Wed, 20 Jan 2021 11:35:10 +0100 +Subject: [PATCH] import, swh: Adjust to Guile-JSON 4.5.x unspecified value + handling. + +* guix/import/cpan.scm (<cpan-release>)[home-page]: Add 'unspecified?' +case. +* guix/import/gem.scm (<gem>)[licenses]: Likewise. +(json->gem-dependency-list): Likewise. +* guix/swh.scm (<directory-entry>)[checksums]: Likewise. +--- + guix/import/cpan.scm | 3 ++- + guix/import/gem.scm | 5 +++-- + guix/swh.scm | 3 ++- + 3 files changed, 7 insertions(+), 4 deletions(-) + +diff --git a/guix/import/cpan.scm b/guix/import/cpan.scm +index 514417f781..87abe9c2f1 100644 +--- a/guix/import/cpan.scm ++++ b/guix/import/cpan.scm +@@ -109,6 +109,7 @@ + (home-page cpan-release-home-page "resources" + (match-lambda + (#f #f) ++ ((? unspecified?) #f) + ((lst ...) (assoc-ref lst "homepage")))) + (dependencies cpan-release-dependencies "dependency" + (lambda (vector) +diff --git a/guix/import/gem.scm b/guix/import/gem.scm +index 1f6f94532e..418d716be6 100644 +--- a/guix/import/gem.scm ++++ b/guix/import/gem.scm +@@ -49,6 +49,7 @@ + ;; This is sometimes #nil (the JSON 'null' value). Arrange + ;; to always return a list. + (cond ((not licenses) '()) ++ ((unspecified? licenses) '()) + ((vector? licenses) (vector->list licenses)) + (else '())))) + (info gem-info) +@@ -69,7 +70,7 @@ + json->gem-dependency-list)) + + (define (json->gem-dependency-list vector) +- (if vector ++ (if (and vector (not (unspecified? vector))) + (map json->gem-dependency (vector->list vector)) + '())) + +diff --git a/guix/swh.scm b/guix/swh.scm +index 0b765cc743..f11b7ea2d5 100644 +--- a/guix/swh.scm ++++ b/guix/swh.scm +@@ -348,6 +348,7 @@ FALSE-IF-404? is true, return #f upon 404 responses." + (checksums directory-entry-checksums "checksums" + (match-lambda + (#f #f) ++ ((? unspecified?) #f) + (lst (json->checksums lst)))) + (id directory-entry-id "dir_id") + (length directory-entry-length) +-- +2.29.2 + diff --git a/guix-1.2.0-json-crate.patch b/guix-1.2.0-json-crate.patch new file mode 100644 index 000000000000..3677946a873b --- /dev/null +++ b/guix-1.2.0-json-crate.patch @@ -0,0 +1,84 @@ +From 23862011c3d02814181399765a024c7fa3fadd97 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@gnu.org> +Date: Wed, 13 Jan 2021 22:42:49 +0100 +Subject: [PATCH] tests: Fix JSON syntax error in 'crate.scm'. + +This issue is caught with Guile-JSON 4.4.1, but not by 4.3.2. + +* tests/crate.scm (test-root-dependencies): Add missing comma. +--- + tests/crate.scm | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tests/crate.scm b/tests/crate.scm +index bb7032c344..b6c3a7ee2e 100644 +--- a/tests/crate.scm ++++ b/tests/crate.scm +@@ -36,8 +36,8 @@ + \"description\": \"summary\", + \"homepage\": \"http://example.com\", + \"repository\": \"http://example.com\", +- \"keywords\": [\"dummy\" \"test\"], +- \"categories\": [\"test\"] ++ \"keywords\": [\"dummy\", \"test\"], ++ \"categories\": [\"test\"], + \"actual_versions\": [ + { \"id\": \"foo\", + \"num\": \"1.0.0\", +@@ -68,7 +68,7 @@ + \"description\": \"summary\", + \"homepage\": \"http://example.com\", + \"repository\": \"http://example.com\", +- \"keywords\": [\"dummy\" \"test\"], ++ \"keywords\": [\"dummy\", \"test\"], + \"categories\": [\"test\"] + \"actual_versions\": [ + { \"id\": \"foo\", +@@ -92,7 +92,7 @@ + { + \"crate_id\": \"intermediate-2\", + \"kind\": \"normal\" +- } ++ }, + { + \"crate_id\": \"leaf-alice\", + \"kind\": \"normal\" +@@ -112,7 +112,7 @@ + \"description\": \"summary\", + \"homepage\": \"http://example.com\", + \"repository\": \"http://example.com\", +- \"keywords\": [\"dummy\" \"test\"], ++ \"keywords\": [\"dummy\", \"test\"], + \"categories\": [\"test\"] + \"actual_versions\": [ + { \"id\": \"intermediate-1\", +@@ -152,7 +152,7 @@ + \"description\": \"summary\", + \"homepage\": \"http://example.com\", + \"repository\": \"http://example.com\", +- \"keywords\": [\"dummy\" \"test\"], ++ \"keywords\": [\"dummy\", \"test\"], + \"categories\": [\"test\"] + \"actual_versions\": [ + { \"id\": \"intermediate-2\", +@@ -184,7 +184,7 @@ + \"description\": \"summary\", + \"homepage\": \"http://example.com\", + \"repository\": \"http://example.com\", +- \"keywords\": [\"dummy\" \"test\"], ++ \"keywords\": [\"dummy\", \"test\"], + \"categories\": [\"test\"] + \"actual_versions\": [ + { \"id\": \"leaf-alice\", +@@ -211,7 +211,7 @@ + \"description\": \"summary\", + \"homepage\": \"http://example.com\", + \"repository\": \"http://example.com\", +- \"keywords\": [\"dummy\" \"test\"], ++ \"keywords\": [\"dummy\", \"test\"], + \"categories\": [\"test\"] + \"actual_versions\": [ + { \"id\": \"leaf-bob\", +-- +2.29.2 + diff --git a/guix-1.2.0-json-cve-swh.patch b/guix-1.2.0-json-cve-swh.patch new file mode 100644 index 000000000000..aff4c89ca322 --- /dev/null +++ b/guix-1.2.0-json-cve-swh.patch @@ -0,0 +1,44 @@ +From 9608f4003dedd8dfe99327c15668ca1a43ebd93b Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@gnu.org> +Date: Mon, 21 Dec 2020 11:44:19 +0100 +Subject: [PATCH] tests: Fix malformed JSON. + +Guile-JSON 4.3.2 would parse in spite of these typos, but 4.4.1 is +stricter. + +* tests/swh.scm (%directory-entries): Add missing comma. +* tests/cve-sample.json: Likewise. +--- + tests/cve-sample.json | 2 +- + tests/swh.scm | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/tests/cve-sample.json b/tests/cve-sample.json +index 39816f9dd4..11b71817bb 100644 +--- a/tests/cve-sample.json ++++ b/tests/cve-sample.json +@@ -49,7 +49,7 @@ + "vulnerable" : true, + "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:*:*:*:*:*:*:*" + } ] +- } { ++ }, { + "operator" : "OR", + "cpe_match" : [ { + "vulnerable" : true, +diff --git a/tests/swh.scm b/tests/swh.scm +index aef68acbe7..06984b2a80 100644 +--- a/tests/swh.scm ++++ b/tests/swh.scm +@@ -33,7 +33,7 @@ + "[ { \"name\": \"one\", + \"type\": \"regular\", + \"length\": 123, +- \"dir_id\": 1 } ++ \"dir_id\": 1 }, + { \"name\": \"two\", + \"type\": \"regular\", + \"length\": 456, +-- +2.29.2 + diff --git a/guix-1.2.0-revert-verify-swh-certificate.patch b/guix-1.2.0-revert-verify-swh-certificate.patch new file mode 100644 index 000000000000..567896f5a6e6 --- /dev/null +++ b/guix-1.2.0-revert-verify-swh-certificate.patch @@ -0,0 +1,159 @@ +From 951f5cca43676dbdde2f5c01118bce63905f7444 Mon Sep 17 00:00:00 2001 +From: Ting-Wei Lan <lantw44@gmail.com> +Date: Wed, 17 Feb 2021 21:53:27 +0800 +Subject: [PATCH 1/2] Revert "git-download: Don't verify X.509 certificate of + SWH." + +This reverts commit a7696b9733d4ede9817a0a0accb5ce5b85d9a2d3. +--- + guix/git-download.scm | 4 +--- + 1 file changed, 1 insertion(+), 3 deletions(-) + +diff --git a/guix/git-download.scm b/guix/git-download.scm +index 8e575e3b5f..1267986fe8 100644 +--- a/guix/git-download.scm ++++ b/guix/git-download.scm +@@ -131,11 +131,9 @@ HASH-ALGO (a symbol). Use NAME as the file name, or a generic name if #f." + (download-nar #$output) + + ;; As a last resort, attempt to download from Software Heritage. +- ;; Disable X.509 certificate verification to avoid depending +- ;; on nss-certs--we're authenticating the checkout anyway. + ;; XXX: Currently recursive checkouts are not supported. + (and (not recursive?) +- (parameterize ((%verify-swh-certificate? #f)) ++ (begin + (format (current-error-port) + "Trying to download from Software Heritage...~%") + (swh-download (getenv "git url") (getenv "git commit") +-- +2.29.2 + + +From bf6def8cc3bf569a93cb66dd76f0b78f06ed393b Mon Sep 17 00:00:00 2001 +From: Ting-Wei Lan <lantw44@gmail.com> +Date: Wed, 17 Feb 2021 21:53:28 +0800 +Subject: [PATCH 2/2] Revert "swh: Allow callers to disable X.509 certificate + verification." + +This reverts commit 722ad41c44a499d2250c79527ef7d069ca728de0. +--- + guix/swh.scm | 34 +++++++++------------------------- + 1 file changed, 9 insertions(+), 25 deletions(-) + +diff --git a/guix/swh.scm b/guix/swh.scm +index 0b765cc743..d9f7d6f508 100644 +--- a/guix/swh.scm ++++ b/guix/swh.scm +@@ -34,7 +34,6 @@ + #:use-module (ice-9 popen) + #:use-module ((ice-9 ftw) #:select (scandir)) + #:export (%swh-base-url +- %verify-swh-certificate? + %allow-request? + + request-rate-limit-reached? +@@ -126,10 +125,6 @@ + ;; Presumably we won't need to change it. + (make-parameter "https://archive.softwareheritage.org")) + +-(define %verify-swh-certificate? +- ;; Whether to verify the X.509 HTTPS certificate for %SWH-BASE-URL. +- (make-parameter #t)) +- + (define (swh-url path . rest) + ;; URLs returned by the API may be relative or absolute. This has changed + ;; without notice before. Handle both cases by detecting whether the path +@@ -147,13 +142,6 @@ + url + (string-append url "/"))) + +-;; XXX: Work around a bug in Guile 3.0.2 where #:verify-certificate? would +-;; be ignored (<https://bugs.gnu.org/40486>). +-(define* (http-get* uri #:rest rest) +- (apply http-request uri #:method 'GET rest)) +-(define* (http-post* uri #:rest rest) +- (apply http-request uri #:method 'POST rest)) +- + (define %date-regexp + ;; Match strings like "2014-11-17T22:09:38+01:00" or + ;; "2018-09-30T23:20:07.815449+00:00"". +@@ -190,7 +178,7 @@ Software Heritage." + + (define %allow-request? + ;; Takes a URL and method (e.g., the 'http-get' procedure) and returns true +- ;; to keep going. This can be used to disallow requests when ++ ;; to keep going. This can be used to disallow a requests when + ;; 'request-rate-limit-reached?' returns true, for instance. + (make-parameter (const #t))) + +@@ -206,7 +194,7 @@ Software Heritage." + (string->uri url)) + + (define reset-time +- (if (and (eq? method http-post*) ++ (if (and (eq? method http-post) + (string-prefix? "/api/1/origin/save/" (uri-path uri))) + %save-rate-limit-reset-time + %general-rate-limit-reset-time)) +@@ -219,23 +207,21 @@ RESPONSE." + (let ((uri (string->uri url))) + (match (assq-ref (response-headers response) 'x-ratelimit-reset) + ((= string->number (? number? reset)) +- (if (and (eq? method http-post*) ++ (if (and (eq? method http-post) + (string-prefix? "/api/1/origin/save/" (uri-path uri))) + (set! %save-rate-limit-reset-time reset) + (set! %general-rate-limit-reset-time reset))) + (_ + #f)))) + +-(define* (call url decode #:optional (method http-get*) ++(define* (call url decode #:optional (method http-get) + #:key (false-if-404? #t)) + "Invoke the endpoint at URL using METHOD. Decode the resulting JSON body + using DECODE, a one-argument procedure that takes an input port. When + FALSE-IF-404? is true, return #f upon 404 responses." + (and ((%allow-request?) url method) + (let*-values (((response port) +- (method url #:streaming? #t +- #:verify-certificate? +- (%verify-swh-certificate?)))) ++ (method url #:streaming? #t))) + ;; See <https://archive.softwareheritage.org/api/#rate-limiting>. + (match (assq-ref (response-headers response) 'x-ratelimit-remaining) + (#f #t) +@@ -480,7 +466,7 @@ directory entries; if it has type 'file, return its <content> object." + (define* (save-origin url #:optional (type "git")) + "Request URL to be saved." + (call (swh-url "/api/1/origin/save" type "url" url) json->save-reply +- http-post*)) ++ http-post)) + + (define-query (save-origin-status url type) + "Return the status of a /save request for URL and TYPE (e.g., \"git\")." +@@ -502,7 +488,7 @@ directory entries; if it has type 'file, return its <content> object." + to the vault. Return a <vault-reply>." + (call (swh-url "/api/1/vault" (symbol->string kind) id) + json->vault-reply +- http-post*)) ++ http-post)) + + (define* (vault-fetch id kind + #:key (log-port (current-error-port))) +@@ -521,10 +507,8 @@ revision, it is a gzip-compressed stream for 'git fast-import'." + ('done + ;; Fetch the bundle. + (let-values (((response port) +- (http-get* (swh-url (vault-reply-fetch-url reply)) +- #:streaming? #t +- #:verify-certificate? +- (%verify-swh-certificate?)))) ++ (http-get (swh-url (vault-reply-fetch-url reply)) ++ #:streaming? #t))) + (if (= (response-code response) 200) + port + (begin ;shouldn't happen +-- +2.29.2 + |