bug#41764: `make authenticate` fails to find the keyring branch

[Miguel Ángel Arruga Vivas]

Hi,

Ludovic Courtès  writes:
> Hi,
>
> Leo Famulari  skribis:
>
>> I just tried pushing for the first time since installing the new
>> pre-push hook that runs `make authenticate`.
>>
>> This failed with the following error:
>>
>> Git error: cannot locate remote-tracking branch 'keyring'
>>
>> However, `git branch --all` includes "remotes/origin/keyring".
>>
>> After I did `git checkout origin/keyring`, it worked.
>
> Right, since commit 512b9e2da26968ebafdd47f701edd8fc3936d3e8, you have
> to have a local ‘keyring’ branch.

I've hit this too...

>> Let's update the manual section Commit Access with the recommended way
>> to make this branch accessible to `make authenticate`. Maybe it should
>> even do it automatically?
>
> I don’t think it can do it automatically because it cannot guess what
> the remote is called (Tobias reported an issue earlier because
> “origin/keyring” was hard-coded and Tobias didn’t have an “origin”
> remote.)

I'd say this isn't really a solution: hard-coding the origin is bad but
not the branch name?  Someone who wants to have a local branch called
keyring for whatever reason will have the exact same problem.

From my POV, "origin/keyring" should be the *default*, as only people
modifying its contents should have a local branch pointing to it, but
the moment you name it hard- instead of normal-code you can clearly say
there's a configuration need. :-)

The attached patch exposes a variable for make called GUIX_GIT_KEYRING
to provide the keyring reference to guix git authenticate, including an
example in the manual, as everything else is already there.  WDYT?

Happy hacking!
Miguel

From 479ac6846cb228b67b778965f0f5299ea3172424 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Miguel=20=C3=81ngel=20Arruga=20Vivas?=
 
Date: Sat, 24 Oct 2020 14:35:09 +0200
Subject: [PATCH] build: Add GUIX_GIT_KEYRING variable for make authenticate.

* Makefile.am (GUIX_GIT_KEYRING): New variable.
(authenticate): Use GUIX_GIT_KEYRING to select the keyring branch
reference.
* doc/contributing.texi (Building from Git): Add an example about the
use of GUIX_GIT_KEYRING.
---
 Makefile.am   |  2 ++
 doc/contributing.texi | 10 ++
 2 files changed, 12 insertions(+)

diff --git a/Makefile.am b/Makefile.am
index c509562567..e6cef9ec1a 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -666,9 +666,11 @@ channel_intro_commit = 9edb3f66fd807b096b48283debdcddccfea34bad
 channel_intro_signer = BBB0 2DDF 2CEA F6A8 0D1D  E643 A2A0 6DF2 A33A 54FA
 
 # Authenticate the current Git checkout by checking signatures on every commit.
+GUIX_GIT_KEYRING = origin/keyring
 authenticate:
 	$(AM_V_at)echo "Authenticating Git checkout..." ;	\
 	guix git authenticate	\
+	--keyring=$(GUIX_GIT_KEYRING)			\
 	--cache-key=channels/guix --stats			\
 	"$(channel_intro_commit)" "$(channel_intro_signer)"
 
diff --git a/doc/contributing.texi b/doc/contributing.texi
index 26a4627464..9312faa849 100644
--- a/doc/contributing.texi
+++ b/doc/contributing.texi
@@ -140,6 +140,16 @@ make authenticate
 
 The first run takes a couple of minutes, but subsequent runs are faster.
 
+Or, when your configuration for your local git repository doesn't match
+the default one, you can provide the reference for the @code{keyring}
+branch through the variable @code{GUIX_GIT_KEYRING}.  The following
+example assumes that you have a git remote called @samp{myremote}
+pointing to the official repository:
+
+@example
+make authenticate GUIX_GIT_KEYRING=myremote/keyring
+@end example
+
 @quotation Note
 You are advised to run @command{make authenticate} after every
 @command{git pull} invocation.  This ensures you keep receiving valid
-- 
2.28.0



signature.asc
Description: PGP signature

bug#41764: `make authenticate` fails to find the keyring branch

[Ludovic Courtès]

Hi!

Miguel Ángel Arruga Vivas  skribis:

> From 479ac6846cb228b67b778965f0f5299ea3172424 Mon Sep 17 00:00:00 2001
> From: =?UTF-8?q?Miguel=20=C3=81ngel=20Arruga=20Vivas?=
>  
> Date: Sat, 24 Oct 2020 14:35:09 +0200
> Subject: [PATCH] build: Add GUIX_GIT_KEYRING variable for make authenticate.
>
> * Makefile.am (GUIX_GIT_KEYRING): New variable.
> (authenticate): Use GUIX_GIT_KEYRING to select the keyring branch
> reference.
> * doc/contributing.texi (Building from Git): Add an example about the
> use of GUIX_GIT_KEYRING.
> ---
>  Makefile.am   |  2 ++
>  doc/contributing.texi | 10 ++
>  2 files changed, 12 insertions(+)
>
> diff --git a/Makefile.am b/Makefile.am
> index c509562567..e6cef9ec1a 100644
> --- a/Makefile.am
> +++ b/Makefile.am
> @@ -666,9 +666,11 @@ channel_intro_commit = 
> 9edb3f66fd807b096b48283debdcddccfea34bad
>  channel_intro_signer = BBB0 2DDF 2CEA F6A8 0D1D  E643 A2A0 6DF2 A33A 54FA
>  
>  # Authenticate the current Git checkout by checking signatures on every 
> commit.
> +GUIX_GIT_KEYRING = origin/keyring

You need “?=” or users won’t be able to override it.

>  authenticate:
>   $(AM_V_at)echo "Authenticating Git checkout..." ;   \
>   guix git authenticate   \
> + --keyring=$(GUIX_GIT_KEYRING)   \
>   --cache-key=channels/guix --stats   \
>   "$(channel_intro_commit)" "$(channel_intro_signer)"
>  
> diff --git a/doc/contributing.texi b/doc/contributing.texi
> index 26a4627464..9312faa849 100644
> --- a/doc/contributing.texi
> +++ b/doc/contributing.texi
> @@ -140,6 +140,16 @@ make authenticate
>  
>  The first run takes a couple of minutes, but subsequent runs are faster.
>  
> +Or, when your configuration for your local git repository doesn't match
> +the default one, you can provide the reference for the @code{keyring}
> +branch through the variable @code{GUIX_GIT_KEYRING}.  The following
> +example assumes that you have a git remote called @samp{myremote}
> +pointing to the official repository:
> +
> +@example
> +make authenticate GUIX_GIT_KEYRING=myremote/keyring
> +@end example

s/git/Git/ in the paragraph, but otherwise LGTM!  ‘origin/keyring’ is
certainly a better default than ‘keyring’.

Thanks,
Ludo’.

bug#44194: Cuirass ignoring proc_args on Berlin

[Marius Bakke]

Hello,

Cuirass is currently evaluating all of 'core-updates':

  https://ci.guix.gnu.org/jobset/core-updates-core-updates

This is despite (subset . core) in "proc_args".

Any idea what's going on here?


signature.asc
Description: PGP signature

bug#41764: `make authenticate` fails to find the keyring branch

[Miguel Ángel Arruga Vivas]

Hi Ludo,

Thanks for the quick revision.

Ludovic Courtès  writes:
>>  # Authenticate the current Git checkout by checking signatures on every 
>> commit.
>> +GUIX_GIT_KEYRING = origin/keyring
>
> You need “?=” or users won’t be able to override it.

The macro definitions provided through the command line are equivalent
to adding these definitions to the end of the file, so this wouldn't
make any difference, so I leave it as only =.
>
> s/git/Git/ in the paragraph, but otherwise LGTM!  ‘origin/keyring’ is
> certainly a better default than ‘keyring’.

Pushed with this change as ef6596a20c to master.

Happy hacking!
Miguel


signature.asc
Description: PGP signature

bug#44196: Problems with /gnu/store in a different btrfs subvolume

[Miguel Ángel Arruga Vivas]

I've been testing the installation and the use case for separate btrfs
subvolumes, so I created two different btrfs subvolumes for the root
file system (/rootfs) and the store (/storefs), and installed with guix
system init and a basic operating-system configuration.

The problems detected were:

  - [ ] Grub localization doesn't properly work as the root file system
is not located in the literal route (that I hard-coded based on
grub defaults).
This was the main test, I still don't have a patch, but I'm
thinking that we should generate the locale and provide there
the store path.  WDYT?
  - [*] The keymap doesn't work on stage2, as the path contains the
wrong prefix for the store file.  Fixed with patch 1.
  - [?] The store-prefix was not being provided in other places than
the generation of a new system generation (sic), so
"guix system delete-generations" generates grub.cfg with wrong
paths.  This should be fixed with patch 2, but I'm not sure how
to write another test with a marionette: gnu/tests/installer.scm
contains most of the code needed, but I'm not sure how to do it.

The patches will follow this email.

bug#44196: [PATCH 1/3] system: Fix grub keymap with store in btrfs subvolume.

[Miguel Ángel Arruga Vivas]

>From b310cb18021e421be3256b85ab3f2d8f61fe0ab8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Miguel=20=C3=81ngel=20Arruga=20Vivas?=
 
Date: Sat, 24 Oct 2020 17:48:28 +0200
Subject: [PATCH 1/2] system: Fix grub keymap with store in btrfs subvolume.

* gnu/bootloader/grub.scm (grub-configuration-file)
[keyboard-layout-config]: Use normalize-file.
---
 gnu/bootloader/grub.scm | 9 +
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/gnu/bootloader/grub.scm b/gnu/bootloader/grub.scm
index 611580a350..f1479024e6 100644
--- a/gnu/bootloader/grub.scm
+++ b/gnu/bootloader/grub.scm
@@ -421,11 +421,12 @@ set lang=~a~%" locale
 (bootloader-configuration-bootloader config)))
(keymap* (and layout
  (keyboard-layout-file layout #:grub grub)))
+   (entry (first all-entries))
+   (device (menu-entry-device entry))
+   (mount-point (menu-entry-device-mount-point entry))
(keymap (and keymap*
-(if store-directory-prefix
-#~(string-append #$store-directory-prefix
- #$keymap*)
-keymap*
+(normalize-file keymap* mount-point
+store-directory-prefix
   #~(when #$keymap
   (format port "\
 insmod keylayouts
-- 
2.28.0

bug#44196: [PATCH 2/3] system: Add store-directory-prefix to boot-parameters.

[Miguel Ángel Arruga Vivas]

>From 527a9271122f7b83f31dc0b910c6704af81bde66 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Miguel=20=C3=81ngel=20Arruga=20Vivas?=
 
Date: Sat, 24 Oct 2020 18:15:53 +0200
Subject: [PATCH 2/2] system: Add store-directory-prefix to boot-parameters.

* gnu/machine/ssh.scm (roll-back-managed-host): Use
boot-parameters-store-directory-prefix.
* gnu/system.scm (define-module): Export
boot-parameters-store-directory-prefix.
()[store-directory-prefix]: New field.
[boot-parameters-store-directory-prefix]: New accessor.
(read-boot-parameters): Read directory-prefix from store field.
(operating-system-boot-parameters-file): Add directory-prefix to
store field.
* guix/scripts/system.scm (reinstall-bootloader): Use
boot-parameters-store-directory-prefix.
* test/boot-parameters.scm (%default-btrfs-subvolume,
%default-store-directory-prefix): New variables.
(%grub-boot-parameters): Use %default-store-directory-prefix.
(%default-operating-system): Use %default-btrfs-subvolume.
(test-boot-parameters): Add directory-prefix.
(test optional fields): Add test for directory-prefix.
(test os store-directory-prefix): New test.
---
 gnu/machine/ssh.scm   |  3 +++
 gnu/system.scm| 19 ++-
 guix/scripts/system.scm   |  3 +++
 tests/boot-parameters.scm | 23 ---
 4 files changed, 44 insertions(+), 4 deletions(-)

diff --git a/gnu/machine/ssh.scm b/gnu/machine/ssh.scm
index 5020bd362f..a3a12fb54b 100644
--- a/gnu/machine/ssh.scm
+++ b/gnu/machine/ssh.scm
@@ -482,6 +482,8 @@ an environment type of 'managed-host."
 (list (second boot-parameters
(locale -> (boot-parameters-locale
(second boot-parameters)))
+   (store-dir -> (boot-parameters-store-directory-prefix
+  (second boot-parameters)))
(old-entries -> (map boot-parameters->menu-entry
 (drop boot-parameters 2)))
(bootloader -> (operating-system-bootloader
@@ -492,6 +494,7 @@ an environment type of 'managed-host."
 bootloader))
   bootloader entries
   #:locale locale
+  #:store-directory-prefix store-dir
   #:old-entries old-entries)))
(remote-result (machine-remote-eval machine remote-exp)))
 (when (eqv? 'error remote-result)
diff --git a/gnu/system.scm b/gnu/system.scm
index a3122eaa65..30a5c418d0 100644
--- a/gnu/system.scm
+++ b/gnu/system.scm
@@ -148,6 +148,7 @@
 boot-parameters-bootloader-name
 boot-parameters-bootloader-menu-entries
 boot-parameters-store-device
+boot-parameters-store-directory-prefix
 boot-parameters-store-mount-point
 boot-parameters-locale
 boot-parameters-kernel
@@ -299,6 +300,7 @@ directly by the user."
boot-parameters-bootloader-menu-entries)
   (store-device boot-parameters-store-device)
   (store-mount-point boot-parameters-store-mount-point)
+  (store-directory-prefix boot-parameters-store-directory-prefix)
   (locale   boot-parameters-locale)
   (kernel   boot-parameters-kernel)
   (kernel-arguments boot-parameters-kernel-arguments)
@@ -394,6 +396,17 @@ file system labels."
   (_  ;the old format
root-device
 
+  (store-directory-prefix
+   (match (assq 'store rest)
+ (('store . store-data)
+  (match (assq 'directory-prefix store-data)
+(('directory-prefix prefix) prefix)
+;; No directory-prefix found.
+(_ #f)))
+ (_
+  ;; No store found, old format.
+  #f)))
+
   (store-mount-point
(match (assq 'store rest)
  (('store ('device _) ('mount-point mount-point) _ ...)
@@ -1294,6 +1307,7 @@ such as '--root' and '--load' to ."
   (let* ((initrd  (and (not (operating-system-hurd os))
(operating-system-initrd-file os)))
  (store   (operating-system-store-file-system os))
+ (file-systems(operating-system-file-systems os))
  (locale  (operating-system-locale os))
  (bootloader  (bootloader-configuration-bootloader
(operating-system-bootloader os)))
@@ -1315,6 +1329,7 @@ such as '--root' and '--load' to ."
   (bootloader-configuration-menu-entries (operating-system-bootloader os)))
  (locale locale)
  (store-device (ensure-not-/dev (file-system-device store)))
+ (store-directory-prefix (btrfs-store-subvolume-file-name file-systems))
  (store-mount-point (file-system-mount-point store)
 
 (define (device->sexp device)
@@ -1371,7 +1386,9 @@ being stored into the \"para

bug#44196: [PATCH 3/3] gnu: grub: Add output locale

[Miguel Ángel Arruga Vivas]

Hi!

This solves Grub localization too, even though I'm not very happy with
the gexp juggling...  Any idea?

Happy hacking!
Miguel

>From 333a12f2eff427986efd0ed660fff7d7bb113839 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Miguel=20=C3=81ngel=20Arruga=20Vivas?=
 
Date: Sat, 24 Oct 2020 20:36:21 +0200
Subject: [PATCH 3/3] gnu: grub: Add output locale.

* gnu/bootloader/grub.scm (define-module): Use (guix packages).
(grub-configuration-file)[locale-config]: Use grub:locale output.
* gnu/packages/bootloaders.scm (grub)[outputs]: Define output "locale".
[arguments]: Populate "locale" output with new phase 'install-locale.
---
 gnu/bootloader/grub.scm  | 34 +++---
 gnu/packages/bootloaders.scm | 17 -
 2 files changed, 39 insertions(+), 12 deletions(-)

diff --git a/gnu/bootloader/grub.scm b/gnu/bootloader/grub.scm
index f1479024e6..fedb609095 100644
--- a/gnu/bootloader/grub.scm
+++ b/gnu/bootloader/grub.scm
@@ -25,6 +25,7 @@
 
 (define-module (gnu bootloader grub)
   #:use-module (guix build union)
+  #:use-module (guix packages)
   #:use-module (guix records)
   #:use-module (guix store)
   #:use-module (guix utils)
@@ -402,18 +403,29 @@ menuentry ~s {
  #:port #~port)))
 
   (define locale-config
-#~(let ((locale #$(and locale
-   (locale-definition-source
-(locale-name->definition locale)
-(when locale
-  (format port "\
+(let* ((entry (first all-entries))
+   (device (menu-entry-device entry))
+   (bootloader (bootloader-configuration-bootloader config))
+   (grub (bootloader-package bootloader))
+   (locale-dir (normalize-file #~(format #f "~a" #$grub:locale)
+   (menu-entry-device-mount-point entry)
+   store-directory-prefix)))
+  #~(let ((locale #$(and locale
+ (locale-definition-source
+  (locale-name->definition locale)
+  (when locale
+(format port "\
 # Localization configuration.
-if search --file --set boot_partition /grub/grub.cfg; then
-set locale_dir=(${boot_partition})/grub/locale
-else
-set locale_dir=/boot/grub/locale
-fi
-set lang=~a~%" locale
+~a
+set locale_dir=~a
+set lang=~a~%"
+;; We search an auto-generated file because the
+;; locale name might not match the .mo file name.
+#$(grub-root-search device
+#~(string-append #$locale-dir
+ "/e...@quot.mo"))
+#$locale-dir
+locale)
 
   (define keyboard-layout-config
 (let* ((layout (bootloader-configuration-keyboard-layout config))
diff --git a/gnu/packages/bootloaders.scm b/gnu/packages/bootloaders.scm
index d1de5cea4e..985b7b89eb 100644
--- a/gnu/packages/bootloaders.scm
+++ b/gnu/packages/bootloaders.scm
@@ -99,6 +99,7 @@
"grub-verifiers-Blocklist-fallout-cleanup.patch"
"grub-cross-system-i686.patch"
 (build-system gnu-build-system)
+(outputs '("out" "locale"))
 (arguments
  `(#:configure-flags
;; Counterintuitively, this *disables* a spurious Python dependency by
@@ -148,7 +149,21 @@
   (substitute* "Makefile.in"
 (("test_unset grub_func_test")
   "test_unset"))
-  #t)))
+  #t))
+  (add-after 'install 'install-locale
+;; Install mo files with the expected names at boot-time.
+(lambda* (#:key outputs #:allow-other-keys)
+  (let ((locale-out (assoc-ref outputs "locale")))
+(mkdir-p locale-out)
+(for-each (lambda (file)
+(let ((mo (string-append
+   (basename file ".gmo")
+   ".mo")))
+  (copy-file file
+ (string-append locale-out
+"/" mo
+  (find-files "po" "\\.gmo$"))
+#t
;; Disable tests on ARM and AARCH64 platforms.
#:tests? ,(not (any (cute string-prefix? <> (or (%current-target-system)
(%current-system)))
-- 
2.28.0

bug#39819: [PATCH 1/2] services: guix: Make /etc/guix/acl really declarative by default.

[Ludovic Courtès]

Hello!

I went ahead and pushed this as c6ef627c97e5e6a94688baf20892ae3429f86897
with the changes below, accounting for Vagrant’s comment and for the
fact that childhurds rely on the non-declarative behavior (which hadn’t
occurred to me before), as well as fixing other typos.

Let me know if anything is amiss!

Thanks,
Ludo’.

diff --git a/doc/guix.texi b/doc/guix.texi
index 021d430c39..efb4ea1c47 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -14690,14 +14690,14 @@ Whether to authorize the substitute keys listed in
 @code{authorized-keys}---by default that of @code{@value{SUBSTITUTE-SERVER}}
 (@pxref{Substitutes}).
 
-When @code{authorize-keys?} is true, @file{/etc/guix/acl} cannot be
+When @code{authorize-key?} is true, @file{/etc/guix/acl} cannot be
 changed by invoking @command{guix archive --authorize}.  You must
 instead adjust @code{guix-configuration} as you wish and reconfigure the
 system.  This ensures that your operating system configuration file is
 self-contained.
 
 @quotation Note
-When booting or reconfiguring to a system where @code{authorize-keys?}
+When booting or reconfiguring to a system where @code{authorize-key?}
 is true, the existing @file{/etc/guix/acl} file is backed up as
 @file{/etc/guix/acl.bak} if it was determined to be a manually modified
 file.  This is to facilitate migration from earlier versions, which
@@ -14717,7 +14717,7 @@ Whether to use substitutes.
 @item @code{substitute-urls} (default: @code{%default-substitute-urls})
 The list of URLs where to look for substitutes by default.
 
-Support you would like to fetch substitutes from @code{guix.example.org}
+Suppose you would like to fetch substitutes from @code{guix.example.org}
 in addition to @code{@value{SUBSTITUTE-SERVER}}.  You will need to do
 two things: (1) add @code{guix.example.org} to @code{substitute-urls},
 and (2) authorize its signing key, having done appropriate checks
diff --git a/gnu/services/virtualization.scm b/gnu/services/virtualization.scm
index edd0b644f5..eaf0bbde43 100644
--- a/gnu/services/virtualization.scm
+++ b/gnu/services/virtualization.scm
@@ -875,7 +875,16 @@ that will be listening to receive secret keys on port 1004, TCP."
  (permit-root-login #t)
  (allow-empty-passwords? #t)
  (password-authentication? #t)))
-   %base-services/hurd
+
+   ;; By default, the secret service introduces a pre-initialized
+   ;; /etc/guix/acl file in the childhurd.  Thus, clear
+   ;; 'authorize-key?' so that it's not overridden at activation
+   ;; time.
+   (modify-services %base-services/hurd
+ (guix-service-type config =>
+(guix-configuration
+ (inherit config)
+ (authorize-key? #f
 
 (define-record-type* 
   hurd-vm-configuration make-hurd-vm-configuration

bug#39819: [PATCH 1/2] services: guix: Make /etc/guix/acl really declarative by default.

[Ludovic Courtès]

BTW, attached it the script I used to retrieve the signing keys of all
the build nodes of the build farm so we can have them declared in the
config of the head node.  You may find it handy if you have a similar
setup!

Ludo’.

(use-modules (guix scripts offload)
 (guix ssh)
 (guix inferior)
 (ssh session)
 (srfi srfi-34)
 (ice-9 match))

(define open-ssh-session
  (@@ (guix scripts offload) open-ssh-session))

(define build-machine-name (@@ (guix scripts offload) build-machine-name))
(define build-machine-port (@@ (guix scripts offload) build-machine-port))

(define (fetch-key machine)
  (format #t "fetching key from ~s...~%" machine)
  (let* ((session  (open-ssh-session machine 5))
 (inferior (remote-inferior session)))
(define key
  (inferior-eval '(begin
(use-modules (rnrs io ports))

(with-fluids ((%default-port-encoding "ISO-8859-1"))
  (call-with-input-file "/etc/guix/signing-key.pub"
get-string-all)))
 inferior))

(define file
  (string-append (build-machine-name machine)
 (match (build-machine-port machine)
   (22 "")
   (port
(string-append ":"
   (number->string
port
 ".pub"))

(with-fluids ((%default-port-encoding "ISO-8859-1"))
  (call-with-output-file file
(lambda (port)
  (display key port

(close-inferior inferior)
(disconnect! session)))

(let ((machines (load "/etc/guix/machines.scm")))
  (for-each (lambda (machine)
  (guard (c (pk 'fail c))
(fetch-key machine)))
machines))

bug#43818: Use of local-file in icecat-source definition breaks REPL)

[Maxim Cournoyer]

reopen
thanks

I thought I had this understood, but there is still an issue.  At least
this time I could pinpoint precisely what makes it fail.  It had nothing
to do with the use of `eval-after-load' in my .dir-locals file.

To reproduce the problem, it suffices to append a trailing slash to the Guix 
entry in the
GUILE_LOAD_PATH:

--8<---cut here---start->8---
maxim@hurd ~/src/guix$ GUILE_LOAD_PATH=$PWD:$GUILE_LOAD_PATH 
GUILE_LOAD_COMPILED_PATH=$PWD:$GUILE_LOAD_COMPILED_PATH guile
GNU Guile 3.0.4
Copyright (C) 1995-2020 Free Software Foundation, Inc.

Guile comes with ABSOLUTELY NO WARRANTY; for details type `,show w'.
This program is free software, and you are welcome to redistribute it
under certain conditions; type `,show c' for details.

Enter `,help' for help.
scheme@(guile-user)> %load-path
$1 = ("/home/maxim/src/guix" "/home/maxim/src/guile-hacks" 
"/home/maxim/.guix-profile/share/guile/site/3.0" 
"/run/current-system/profile/share/g0.4/share/guile/3.0" 
"/gnu/store/ah16zr8mmfkqy23rr7jy5a842ca1q9h1-guile-3.0.4/share/guile/site/3.0" 
"/gnu/store/ah16zr8mmfkqy23rr7jy5a842ca1q9h1ca1q9h1-guile-3.0.4/share/guile")
scheme@(guile-user)> ,use (gnu packages linux)
scheme@(guile-user)> 

maxim@hurd ~/src/guix$ GUILE_LOAD_PATH=$PWD/:$GUILE_LOAD_PATH 
GUILE_LOAD_COMPILED_PATH=$PWD/:$GUILE_LOAD_COMPILED_PATH guile
GNU Guile 3.0.4
Copyright (C) 1995-2020 Free Software Foundation, Inc.

Guile comes with ABSOLUTELY NO WARRANTY; for details type `,show w'.
This program is free software, and you are welcome to redistribute it
under certain conditions; type `,show c' for details.

Enter `,help' for help.
scheme@(guile-user)> %load-path
$1 = ("/home/maxim/src/guix/" "/home/maxim/src/guile-hacks" 
"/home/maxim/.guix-profile/share/guile/site/3.0" 
"/run/current-system/profile/share/.0.4/share/guile/3.0" 
"/gnu/store/ah16zr8mmfkqy23rr7jy5a842ca1q9h1-guile-3.0.4/share/guile/site/3.0" 
"/gnu/store/ah16zr8mmfkqy23rr7jy5a842ca1q9h2ca1q9h1-guile-3.0.4/share/guile")
scheme@(guile-user)> ,use (gnu packages linux)
While executing meta-command:
ERROR:
  1. &formatted-message:
  format: "~a: patch not found\n"
  arguments: ("icecat-use-older-reveal-hidden-html.patch")
scheme@(guile-user)>
--8<---cut here---end--->8---

To be continued...

Maxim

bug#44175: [optimization] Grafting is too slow

[Maxim Cournoyer]

Hello!

Ludovic Courtès  writes:

> Maxim Cournoyer  skribis:
>
>> Lars-Dominik Braun  writes:
>>
>>> Hi Maxim,
>>>
 Judging from the above, it seems this issue has been resolved.
>>> grafting is still a performance issue imo. Compare for example:
>>>
>>> $ time guix environment --ad-hoc  --search-paths r-learnr
>>> guix environment --ad-hoc --search-paths r-learnr  5,90s user 0,09s system 
>>> 210% cpu 2,844 total
>>> $ time guix environment --ad-hoc  --search-paths r-learnr --no-grafts
>>> guix environment --ad-hoc --search-paths r-learnr --no-grafts  2,03s user 
>>> 0,08s system 164% cpu 1,277 total
>>
>> I'm opening a new issue to track optimizing the grafting code, since
>> it's independent of environments (grafts are applied anytime a
>> derivation is built, AFAICT).  Grafting is inherently IO-bound,
>
> What is slow above is not grafting itself: it’s determining what to
> graft that takes CPU time.

On my system, grafting seems IO rather than CPU bound, I'm guessing
because of the need to scan all the files for strings to replace in the
graft process.

> I had reopened the initial bug at ;
> should we close this one?

Many optimizations were made in the above issue that were not related to
the grafting process, so to me a fresh entry such as this one is clearer
to follow.  That said, feel free to proceed as you see fit, being the
issue "owner" :-).

Thanks,

Maxim

bug#43893: [PATCH v3] maint: update-guix-package: Prevent accidentally breaking guix pull.

[Maxim Cournoyer]

Hi Ludovic,

Ludovic Courtès  writes:

[...]

>> Currently, we have:
>>
>> time make update-guix-package
>> git rev-parse HEAD
>> 4893a1394e2eb8b97995b491f2f37ed85513a20f
>> ./pre-inst-env 
>> "/gnu/store/i7z4pfa0c22q0qkxyl7fy2nlp3w658yg-profile/bin/guile"  
>> \
>>./build-aux/update-guix-package.scm  \
>>"`git rev-parse HEAD`"
>> error: Commit 4893a1394e2eb8b97995b491f2f37ed85513a20f is not pushed 
>> upstream.  Aborting.
>> make: *** [Makefile:6507: update-guix-package] Error 1
>
> I agree that the better diagnostic is nice.  Though it’s a script that’s
> essentially for a handful of people, who can certainly cope with the
> ugly error.
>
> Anyway, I think we didn’t analyze the initial situation well enough
> (myself included, by not commenting early and accurately).  I’m also not
> fond of the added complexity and the risk of surprises when we make the
> release, but OTOH, it’s no big deal in the big picture!

I'm sorry but I don't agree with the "we didn't analyze the initial
situation well enough"; if I had to think about the best way to solve
this problem now, I'd still choose the way that was chosen then, as it
provides the best guarantee against producing a broken Guix package,
something that happened a couple times in the past, judging from git
log.  About complexity, I'd much rather the tool break on me than
breaking 'guix pull' for everyone :-).

It seems we'll have to disagree on this one; but as you said, it's a
tiny part of the bigger landscape!

>>> BTW, in ‘make release’ does ‘make update-guix-package’ and expects it to
>>> work with a not-pushed-yet commit.  So it’s a case where we need
>>> GUIX_ALLOW_ME_TO_USE_PRIVATE_COMMIT=yes.

I want to be able to run 'make release' first to test this works
correctly, but even after rebuilding my source tree from scratch
(following a 'make distclean'), and also attempting 'make download-po',
and following release.org from guix-maintenance, I still get:

make[3]: *** No rule to make target 'po/doc/guix-manual.pot', needed by 
'distdir-am'.  Stop.
make[3]: Leaving directory '/home/maxim/src/guix'
make[2]: *** [Makefile:5521: distdir] Error 2
make[2]: Leaving directory '/home/maxim/src/guix'
make[1]: *** [Makefile:5630: dist] Error 2
make[1]: Leaving directory '/home/maxim/src/guix'
make: *** [Makefile:6410: dist-with-updated-version] Error 2

Can you reproduce this problem?

Thank you,

Maxim

bug#43818: [PATCH] packages: Fix a bug in %patch-path.

[Maxim Cournoyer]

Fixes .

Having the Guix root trailed by a slash in the GUILE_LOAD_PATH would
previously cause %patch-path to not return an entry with the patches
sub-directory, leading to errors such as:

   While executing meta-command:
   ERROR:
 1. &formatted-message:
 format: "~a: patch not found\n"
 arguments: ("icecat-use-older-reveal-hidden-html.patch")

* gnu/packages.scm (strip-trailing-slash): New procedure.
(%patch-path): Use it to strip any trailing slash from the %load-path entries.
---
 gnu/packages.scm | 9 -
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/gnu/packages.scm b/gnu/packages.scm
index ccfc83dd11..f5acbda897 100644
--- a/gnu/packages.scm
+++ b/gnu/packages.scm
@@ -4,6 +4,7 @@
 ;;; Copyright ?? 2014 Eric Bavier 
 ;;; Copyright ?? 2016, 2017 Alex Kost 
 ;;; Copyright ?? 2016 Mathieu Lirzin 
+;;; Copyright ?? 2020 Maxim Cournoyer 
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -159,6 +160,12 @@ flags."
  %default-package-module-path
  channels-scm
 
+(define (strip-trailing-slash s)
+  ;; Strip the trailing slash of a string, if present.
+  (if (string-suffix? "/" s)
+  (string-drop-right s 1)
+  s))
+
 (define %patch-path
   ;; Define it after '%package-module-path' so that '%load-path' contains user
   ;; directories, allowing patches in $GUIX_PACKAGE_PATH to be found.
@@ -167,7 +174,7 @@ flags."
   (if (string=? directory %distro-root-directory)
   (string-append directory "/gnu/packages/patches")
   directory))
-%load-path)))
+(map strip-trailing-slash %load-path
 
 ;; This procedure is used by Emacs-Guix up to 0.5.1.1, so keep it for now.
 ;; See .
-- 
2.28.0

bug#39819: [PATCH 1/2] services: guix: Make /etc/guix/acl really declarative by default.

[Jan Nieuwenhuizen]

Ludovic Courtès writes:

Hello,

> I went ahead and pushed this as c6ef627c97e5e6a94688baf20892ae3429f86897
> with the changes below, accounting for Vagrant’s comment and for the
> fact that childhurds rely on the non-declarative behavior (which hadn’t
> occurred to me before), as well as fixing other typos.
>
>
> +   ;; By default, the secret service introduces a pre-initialized
> +   ;; /etc/guix/acl file in the childhurd.  Thus, clear
> +   ;; 'authorize-key?' so that it's not overridden at activation
> +   ;; time.
> +   (modify-services %base-services/hurd
> + (guix-service-type config =>
> +(guix-configuration
> + (inherit config)
> + (authorize-key? #f

Ah, good catch!

Janneke

-- 
Jan Nieuwenhuizen  | GNU LilyPond http://lilypond.org
Freelance IT http://JoyofSource.com | Avatar® http://AvatarAcademy.com