Hello Guix! A new patch series that has just landed¹ adds a ‘--dependents’ flag (and also ‘--development’) to ‘guix build’, which makes it easier to build dependents when modifying a package.
It also adds ‘etc/upgrade-manifest.scm’, a manifest that grabs and returns the latest upstream version of a few security-critical packages. More precisely, it returns two things: 1. Individual package updates. Update each of libgcrypt, libgit2, etc. independently and return the updated packages together with their direct dependents. 2. Joint package updates. Update all these packages at once and return their dependents at distance two. The result can be seen here (x86_64-linux only): https://ci.guix.gnu.org/jobset/security-updates You can go to the dashboard: https://ci.guix.gnu.org/eval/latest/dashboard?spec=security-updates … and type, for example, “latest-libgpg-error” (to view the libgpg-error update and its dependents) or “full-upgrade” (to view all the dependents of that set of packages). Some examples: • guile-ssh fails to build with the latest libssh: <https://ci.guix.gnu.org/build/6753990/log>. • libgcrypt cannot be upgraded without libgpg-error: <https://ci.guix.gnu.org/build/6754153/log>. • libgcrypt 1.11.0 builds fine when upgraded jointly with its dependents: <https://ci.guix.gnu.org/build/6754305/details> • gnutls 3.8.8 has one test failure: <https://ci.guix.gnu.org/build/6753571/log>. • curl 8.11.0 has one test failure: <https://ci.guix.gnu.org/build/6753884/log>. This manifest is just an example. We could come up with manifests targeting package collections like CRAN packages, astronomy packages, and so on. Feedback welcome! Ludo’. ¹ https://issues.guix.gnu.org/74542