Re: ghostscript vulnerabilities

2016-10-15 Thread Mark H Weaver 
l...@gnu.org (Ludovic Courtès) writes:

> Hello Didier and all,
>
> We are wondering about the applicability to GNU Ghostscript of the
> recent vulnerabilities discovered in AGPL Ghostscript:
>
> Alex Vong  skribis:
>
>> Salvatore Bonaccorso  writes:
>>
>>> -
>>> Debian Security Advisory DSA-3691-1   secur...@debian.org
>>> https://www.debian.org/security/ Salvatore Bonaccorso
>>> October 12, 2016  https://www.debian.org/security/faq
>>> -
>>>
>>> Package: ghostscript
>>> CVE ID : CVE-2013-5653 CVE-2016-7976 CVE-2016-7977 CVE-2016-7978 
>>>  CVE-2016-7979 CVE-2016-8602
>>> Debian Bug : 839118 839260 839841 839845 839846 840451
>>>
>>> Several vulnerabilities were discovered in Ghostscript, the GPL
>>> PostScript/PDF interpreter, which may lead to the execution of arbitrary
>>> code or information disclosure if a specially crafted Postscript file is
>>> processed.
>
> [...]
>
>> I've checked just now. GNU Ghostscript is also affected at least by
>> CVE-2016-8602. Looking at the patch in this bug report[0] and the
>> source[1], one can see that the vulnerable lines are present in GNU
>> Ghostscript. What should we do now?
>>
>> [0]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840451
>> [1]: http://git.savannah.gnu.org/cgit/ghostscript.git/tree/psi/zht2.c
>
> WDYT?  Perhaps a new release incorporating the fixes is in order?

FYI, I ported the upstream patches to GNU ghostscript for GNU Guix.
You can find them here:

http://git.savannah.gnu.org/cgit/guix.git/commit/?id=1de17a648fa631f0074d315bfff0716220ce4880

  Mark

Re: Making substitute* throw an error if substition failed?

2016-10-15 Thread Hartmut Goebel 
Am 15.10.2016 um 00:05 schrieb Ricardo Wurmus:
> Would it be desirable to change “substitute*” (or replace it) such that
> it throws an error or returns a value if substitution failed?  This

+1 for returning a value

-- 
Regards
Hartmut Goebel

| Hartmut Goebel  | h.goe...@crazy-compilers.com   |
| www.crazy-compilers.com | compilers which you thought are impossible |

Specifying and build output separately?

2016-10-15 Thread Hartmut Goebel 
Hi,

we have several cyclic dependencies due to e.g. packages depending on
each other only for building the documentation. Examples are numpy and
matpltlib.

So I wonder it it would be possible to to something like this:

(define-public numpy:doc
  (inherit numpy)
  (name "numpy:doc")
  (outputs "doc")
  (inputs … matplotlib …)
  (… modify-phases …))


This would at least help breaking cycles where only specific the
documentation is effected. It will still not solve more complex
situation we have for python--tk--libxck--python, i assume. But maybe
this could be generalized.

-- 
Regards
Hartmut Goebel

| Hartmut Goebel  | h.goe...@crazy-compilers.com   |
| www.crazy-compilers.com | compilers which you thought are impossible |

Re: Making substitute* throw an error if substition failed?

2016-10-15 Thread Danny Milosavljevic 
Hi,

On Sat, 15 Oct 2016 00:05:56 +0200
Ricardo Wurmus  wrote:
> Would it be desirable to change “substitute*” (or replace it) such that
> it throws an error or returns a value if substitution failed?  This
> might be helpful for the more complex packages with many substitutions.
> If we make it return a value (#f for error) it would also make our build
> phases a little prettier, I think.  (Now we forcefully return #t in any
> case and that seems wrong.)

While it's a big change I am for substitute* throwing an error if it can't find 
one of the patterns - and #t otherwise. It's true that these substitutions that 
are necessary but cannot be found would not be noticed in a long time otherwise.

I'm against it returning a value #f in the error case - it should just unwind. 
If you don't want it to unwind (in a few cases) you can always protect against 
it manually.

Re: locales gone

2016-10-15 Thread Danny Milosavljevic 
Hi,

On Fri, 14 Oct 2016 12:59:10 +0200
l...@gnu.org (Ludovic Courtès) wrote:
> Then you’d have to strace psql to see why it thinks that en_US.UTF-8 is
> unavailable.

connect(3, {sa_family=AF_FILE, sun_path="/tmp/.s.PGSQL.5432"}, 110) = 0
getsockopt(3, SOL_SOCKET, SO_ERROR, [0], [4]) = 0
getsockname(3, {sa_family=AF_FILE, NULL}, [2]) = 0
poll([{fd=3, events=POLLOUT|POLLERR}], 1, 4294967295) = 1 ([{fd=3, 
revents=POLLOUT}])
sendto(3, 
"\0\0\0U\0\3\0\0user\0postgres\0database\0template1\0application_name\0psql\0client_encoding\0UTF8\0\0",
 85, MSG_NOSIGNAL, NULL, 0) = 85
poll([{fd=3, events=POLLIN|POLLERR}], 1, 4294967295) = 1 ([{fd=3, 
revents=POLLIN}])
recvfrom(3, "R\0\0\0\10\0\0\0\0E\0\0\1\34SFATAL\0CXX000\0Mdatabase locale is 
incompatible with operating system\0DThe database was initialized with 
LC_COLLATE \"en_US.UTF-8\",  which is not recognized by setlocale().\0HRecreate 
the database with another locale or install the missing 
locale.\0Fpostinit.c\0L368\0RCheckMyDatabase\0\0", 16384, 0, NULL, NULL) = 294
write(2, "psql: FATAL:  database locale is incompatible with operating 
system\nDETAIL:  The database was initialized with LC_COLLATE \"en_US.UTF-8\",  
which is not recognized by setlocale().\nHINT:  Recreate the database with 
another locale or install the missing locale.\n", 258psql: FATAL:  database 
locale is incompatible with operating system
DETAIL:  The database was initialized with LC_COLLATE "en_US.UTF-8",  which is 
not recognized by setlocale().
HINT:  Recreate the database with another locale or install the missing locale.
) = 258
close(3)= 0
exit_group(2)   = ?

So it seems the message comes from the server.

Re: locales gone

2016-10-15 Thread Danny Milosavljevic 
And if I strace postgres service I get

[pid  6184] 
open("/gnu/store/m9vxvhdj691bq1f85lpflvnhcvrdilih-glibc-2.23/lib/locale/locale-archive",
 O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid  6184] 
open("/gnu/store/m9vxvhdj691bq1f85lpflvnhcvrdilih-glibc-2.23/share/locale/locale.alias",
 O_RDONLY|O_CLOEXEC) = 3
[pid  6184] fstat(3, {st_mode=S_IFREG|0444, st_size=2997, ...}) = 0
[pid  6184] read(3, "# Locale name alias data base.\n#"..., 4096) = 2997
[pid  6184] read(3, "", 4096)   = 0
[pid  6184] close(3)= 0
[pid  6184] 
open("/gnu/store/m9vxvhdj691bq1f85lpflvnhcvrdilih-glibc-2.23/lib/locale/en_US.UTF-8/LC_COLLATE",
 O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid  6184] 
open("/gnu/store/m9vxvhdj691bq1f85lpflvnhcvrdilih-glibc-2.23/lib/locale/en_US.utf8/LC_COLLATE",
 O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid  6184] 
open("/gnu/store/m9vxvhdj691bq1f85lpflvnhcvrdilih-glibc-2.23/lib/locale/en_US/LC_COLLATE",
 O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid  6184] 
open("/gnu/store/m9vxvhdj691bq1f85lpflvnhcvrdilih-glibc-2.23/lib/locale/en.UTF-8/LC_COLLATE",
 O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid  6184] 
open("/gnu/store/m9vxvhdj691bq1f85lpflvnhcvrdilih-glibc-2.23/lib/locale/en.utf8/LC_COLLATE",
 O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
[pid  6184] 
open("/gnu/store/m9vxvhdj691bq1f85lpflvnhcvrdilih-glibc-2.23/lib/locale/en/LC_COLLATE",
 O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)

And indeed those don't exist.

/gnu/store/m9vxvhdj691bq1f85lpflvnhcvrdilih-glibc-2.23 does exist. There's a 
share/locale in there but no lib/locale .

Re: locales gone

2016-10-15 Thread Danny Milosavljevic 
And the postgres service has these environment variables:

HOME=/
TERM=linux
BOOT_IMAGE=/gnu/store/1w33nqlw4il84i4xr3pif45insmz82ln-linux-libre-4.7.2/bzImage
--root=dayas:/
--system=/gnu/store/v4za34zybd8743cvxyx9j73w492c7nca-system
--load=/gnu/store/v4za34zybd8743cvxyx9j73w492c7nca-system/boot
crashkernel=256M
root_trim=yes
PATH=/gnu/store/qfqdkv99yhjqlza4sz198vzx03pnsg8i-shadow-4.2.1/sbin

No locale stuff...

Also, crashkernel=256M and root_trim come from my (kernel-arguments 
'("crashkernel=256M" "modprobe.blacklist=pcspkr,snd_pcsp" "quiet" 
"acpi_osi=Linux" "clocksource=acpi_pm" "allow-discards" "root_trim=yes"))

[PATCH] add fbida

2016-10-15 Thread Julien Lepiller 
Hi,

I attached a patch to add fbida, a frame-buffer based image and pdf
viewer. I created a new file, since I didn't find an existing one
where it could go. Let me know if you prefer it in an existing file.From 0867f891e7ceecde3e307fa88b572622a2ad416e Mon Sep 17 00:00:00 2001
From: Julien Lepiller 
Date: Sat, 15 Oct 2016 14:40:30 +0200
Subject: [PATCH] gnu: Add fbida

* gnu/packages/fbida.scm: New file.
* gnu/local.mk (GNU_SYSTEM_MOULES): Add it.
---
 gnu/local.mk   |  1 +
 gnu/packages/fbida.scm | 85 ++
 2 files changed, 86 insertions(+)
 create mode 100644 gnu/packages/fbida.scm

diff --git a/gnu/local.mk b/gnu/local.mk
index a9343f0..91dc42a 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -117,6 +117,7 @@ GNU_SYSTEM_MODULES =\
   %D%/packages/enlightenment.scm		\
   %D%/packages/entr.scm\
   %D%/packages/erlang.scm			\
+  %D%/packages/fbida.scm\
   %D%/packages/fcitx.scm			\
   %D%/packages/feh.scm  \
   %D%/packages/figlet.scm			\
diff --git a/gnu/packages/fbida.scm b/gnu/packages/fbida.scm
new file mode 100644
index 000..a5efdc7
--- /dev/null
+++ b/gnu/packages/fbida.scm
@@ -0,0 +1,85 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2014 Ian Denhardt 
+;;; Copyright © 2016 Efraim Flashner 
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see .
+
+(define-module (gnu packages fbida)
+  #:use-module (gnu packages)
+  #:use-module (gnu packages curl)
+  #:use-module (gnu packages fontutils)
+  #:use-module (gnu packages gl)
+  #:use-module (gnu packages glib)
+  #:use-module (gnu packages gtk)
+  #:use-module (gnu packages image)
+  #:use-module (gnu packages imagemagick)
+  #:use-module (gnu packages linux)
+  #:use-module (gnu packages pdf)
+  #:use-module (gnu packages photo)
+  #:use-module (gnu packages pkg-config)
+  #:use-module (gnu packages xdisorg)
+  #:use-module (guix packages)
+  #:use-module (guix download)
+  #:use-module (guix build-system gnu)
+  #:use-module ((guix licenses) #:prefix license:))
+
+(define-public fbida
+  (package
+(name "fbida")
+(version "2.12")
+(home-page "https://www.kraxel.org/blog/linux/fbida/";)
+(source (origin
+  (method url-fetch)
+  (uri (string-append "https://www.kraxel.org/releases/fbida/";
+  name "-" version ".tar.gz"))
+  (sha256
+   (base32
+"0bw224vb7jh0lrqaf4jgxk48xglvxs674qcpj5y0axyfbh896cfk"
+(build-system gnu-build-system)
+(arguments
+  '(#:phases (alist-cons-after
+  'unpack 'patch-ldconfig
+  (lambda _
+   (substitute* "mk/Autoconf.mk"
+(("/sbin/ldconfig -p") "echo lib")) #t)
+  (alist-delete 'configure %standard-phases))
+#:tests? #f
+#:make-flags (list "CC=gcc"
+   (string-append "prefix=" (assoc-ref %outputs "out")
+(inputs `(("libjpeg" ,libjpeg)
+  ("curl" ,curl)
+  ("libtiff" ,libtiff)
+  ("libudev" ,eudev)
+  ("libwebp" ,libwebp)
+  ("libdrm" ,libdrm)
+  ("imagemagick" ,imagemagick)
+  ("giflib" ,giflib)
+  ("glib" ,glib)
+  ("cairo-xcb" ,cairo-xcb)
+  ("freetype" ,freetype)
+  ("fontconfig" ,fontconfig)
+  ("libexif" ,libexif)
+  ("mesa" ,mesa)
+  ("libepoxy" ,libepoxy)
+  ("libpng" ,libpng)
+  ("poppler" ,poppler)))
+(native-inputs `(("pkg-config" ,pkg-config)))
+(synopsis "Framebuffer and drm-based image viewer")
+(description
+  "fbida contains a few applications for viewing and editing images on
+the framebuffer.")
+
+(license license:gpl2+)))
-- 
2.9.2

[PATCH] gnu: Add python-whoosh.

2016-10-15 Thread Ricardo Wurmus 
* gnu/packages/python.scm (python-whoosh, python2-whoosh): New variables.
---
 gnu/packages/python.scm | 30 ++
 1 file changed, 30 insertions(+)

diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm
index 6207896..69c7d36 100644
--- a/gnu/packages/python.scm
+++ b/gnu/packages/python.scm
@@ -8823,6 +8823,36 @@ library.")
   (native-inputs `(("python2-setuptools" ,python2-setuptools)
,@(package-native-inputs responses))
 
+(define-public python-whoosh
+  (package
+(name "python-whoosh")
+(version "2.7.4")
+(source
+ (origin
+   (method url-fetch)
+   (uri (pypi-uri "Whoosh" version))
+   (sha256
+(base32
+ "10qsqdjpbc85fykc1vgcs8xwbgn4l2l52c8d83xf1q59pwyn79bw"
+(build-system python-build-system)
+(native-inputs
+ `(("python-setuptools" ,python-setuptools)
+   ("python-pytest" ,python-pytest)))
+(home-page "http://bitbucket.org/mchaput/whoosh";)
+(synopsis "Full text indexing, search, and spell checking library")
+(description
+ "Whoosh is a fast, pure-Python full text indexing, search, and spell
+checking library.")
+(license license:bsd-2)))
+
+(define-public python2-whoosh
+  (let ((whoosh (package-with-python2 (strip-python2-variant python-whoosh
+(package (inherit whoosh)
+  (propagated-inputs
+   `(("python2-backport-ssl-match-hostname"
+  ,python2-backport-ssl-match-hostname)
+  ,@(package-propagated-inputs whoosh))
+
 (define-public python-pathlib
   (package
 (name "python-pathlib")
-- 
2.10.0

[PATCH] import: utils: Remove dependency on (json) module.

2016-10-15 Thread Alex Kost 
Commit fbe9c1012820 introduced unneeded dependency on (json) module,
i.e. 'guile-json' is a hard dependency of Guix now.

Was it an accident, or do I miss anything?

>From cb529053b90cd4067fb6cb9a256b1ce3bd2a24f7 Mon Sep 17 00:00:00 2001
From: Alex Kost 
Date: Sat, 15 Oct 2016 19:41:35 +0300
Subject: [PATCH] import: utils: Remove dependency on (json) module.

This fixes a regression introduced by commit
fbe9c1012820ab72f022a6ec958c35b431ae7a74.

* guix/import/utils.scm: Remove unused (json) module.
---
 guix/import/utils.scm | 1 -
 1 file changed, 1 deletion(-)

diff --git a/guix/import/utils.scm b/guix/import/utils.scm
index e4059ca..057c2d9 100644
--- a/guix/import/utils.scm
+++ b/guix/import/utils.scm
@@ -26,7 +26,6 @@
   #:use-module (guix utils)
   #:use-module (ice-9 match)
   #:use-module (ice-9 regex)
-  #:use-module (json)
   #:use-module (srfi srfi-1)
   #:export (factorize-uri
 
-- 
2.9.2

Re: Making substitute* throw an error if substition failed?

2016-10-15 Thread Alex Kost 
Ricardo Wurmus (2016-10-15 00:05 +0200) wrote:

> Hi Guix,
>
> it happened a couple of times already that a “substitute*” expression
> silently failed and I only found out about it when investigating the
> remains of a failing build (“guix build -K”).  This can easily happen
> when a package is updated and substitutions “anchors” no longer exist in
> the updated source code.
>
> Would it be desirable to change “substitute*” (or replace it) such that
> it throws an error or returns a value if substitution failed?  This
> might be helpful for the more complex packages with many substitutions.
> If we make it return a value (#f for error) it would also make our build
> phases a little prettier, I think.  (Now we forcefully return #t in any
> case and that seems wrong.)

This was also discussed a bit around here:
.
As I mentioned in that message, I'm for returning #t/#f for
succeeded/failed substitution.

-- 
Alex

Re: Guile 2.0.13

2016-10-15 Thread Efraim Flashner 
On Thu, Oct 13, 2016 at 11:11:38PM +0200, Ludovic Courtès wrote:
> 
> More generally, we could try to have a “staging” branch for safe changes
> that involve a rebuild of between ~300 and ~1200 packages, that we’d
> merge more frequently than ‘core-updates’ (I think the Nix folks do
> that).  By “safe” I mean things like ungrafting, minor upgrades and
> improvements; the goal would be to reduce the latency for such changes.
> 
> Things that rebuild more than ~1200 packages would still go to
> ‘core-updates’.
> 
> WDYT?
> 
> Thanks!
> 
> Ludo’.
> 

This sounds like a good idea in general. A quick `guix refresh -l cmake'
showed ~1100 packages, which would make this a good spot for the patch I
tossed into core-updates to also build the ccmake binary.

Currently I think most of us try to keep the number of rebuilds under
~150, so it might be nice to have some sort of guidelines in a separate
post (and in HACKING eventually) so that people don't miss it.

-- 
Efraim Flashner  אפרים פלשנר
GPG key = A28B F40C 3E55 1372 662D  14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted


signature.asc
Description: PGP signature

Re: Security bugs in freeimage bundled libraries [was Re: 01/02: gnu: freeimage: Fix CVE-2016-5684.]

2016-10-15 Thread Efraim Flashner 
On Fri, Oct 14, 2016 at 08:09:08PM -0400, Kei Kebreau wrote:
> Leo Famulari  writes:
> 
> > On Fri, Oct 14, 2016 at 10:44:05AM +, Efraim Flashner wrote:
> >> efraim pushed a commit to branch master
> >> in repository guix.
> >> 
> >> commit 76e8566c1b3c4876d649e712a5c8c473fd48d134
> >> Author: Efraim Flashner 
> >> Date:   Fri Oct 14 11:28:21 2016 +0300
> >> 
> >> gnu: freeimage: Fix CVE-2016-5684.
> >> 
> >> * gnu/packages/image.scm (freeimage)[source]: Add patch.
> >> * gnu/packages/patches/freeimage-CVE-2016-5684.patch: New file.
> >> * gnu/local.mk (dist_patch_DATA): Register it.
> >> ---
> >>  gnu/local.mk   |1 +
> >>  gnu/packages/image.scm |3 +-
> >>  gnu/packages/patches/freeimage-CVE-2016-5684.patch |   34 
> >> 
> >>  3 files changed, 37 insertions(+), 1 deletion(-)
> >
> > Efraim pointed out on IRC that our freeimage packages bundles many
> > 3rd-party libraries:
> >
> > $ ls -1 FreeImage/Source
> > CacheFile.h
> > DeprecationManager
> > FreeImage
> > FreeImage.h
> > FreeImageIO.h
> > FreeImageLib
> > FreeImageToolkit
> > LibJPEG
> > LibJXR
> > LibOpenJPEG
> > LibPNG
> > LibRawLite
> > LibTIFF4
> > LibWebP
> > MapIntrospector.h
> > Metadata
> > OpenEXR
> > Plugin.h
> > Quantizers.h
> > ToneMapping.h
> > Utilities.h
> > ZLib
> >
> > Debian has a patch to make it use "system" copies of the libraries:
> >
> > https://anonscm.debian.org/cgit/debian-science/packages/freeimage.git/tree/debian/patches/Disable-vendored-dependencies.patch?h=debian/sid
> >
> > For now, our freeimage package is probably vulnerable to many publicly
> > disclosed security bugs.
> >
> > Who volunteers to try fixing this?
> 
> The patch is attached. I've removed the bit from Debian that disables JPEG
> transformation functions, as seen below. JPEGTransform.cpp (in
> Source/FreeImageToolkit) gave me some trouble when I left that part of
> the patch alone.
> 
> @@ -473,6 +477,9 @@ FI_ENUM(FREE_IMAGE_DITHER) {
>   FID_BAYER16x16  = 6 //! Bayer ordered dispersed dot 
> dithering (order 4 dithering matrix)
>  };
>  
> +/* Debian: The JPEGTransform functions are deliberately disabled in our build
> +   of FreeImage, since they require usage of the vendored copy of libjpeg. */
> +#if 0
>  /** Lossless JPEG transformations
>  Constants used in FreeImage_JPEGTransform
>  */
> @@ -486,6 +493,7 @@ FI_ENUM(FREE_IMAGE_JPEG_OPERATION) {
>   FIJPEG_OP_ROTATE_180= 6,//! 180-degree rotation
>   FIJPEG_OP_ROTATE_270= 7 //! 270-degree clockwise (or 90 
> ccw)
>  };
> +#endif
>  
>  /** Tone mapping operators.
>  Constants used in FreeImage_ToneMapping.
> @@ -1076,7 +1084,9 @@ DLL_API const char* DLL_CALLCONV 
> FreeImage_TagToString(FREE_IMAGE_MDMODEL model,
>  // --
>  // JPEG lossless transformation routines
>  // --
> -
> +/* Debian: The JPEGTransform functions are deliberately disabled in our build
> +   of FreeImage, since they require usage of the vendored copy of libjpeg. */
> +#if 0
>  DLL_API BOOL DLL_CALLCONV FreeImage_JPEGTransform(const char *src_file, 
> const char *dst_file, FREE_IMAGE_JPEG_OPERATION operation, BOOL perfect 
> FI_DEFAULT(TRUE));
>  DLL_API BOOL DLL_CALLCONV FreeImage_JPEGTransformU(const wchar_t *src_file, 
> const wchar_t *dst_file, FREE_IMAGE_JPEG_OPERATION operation, BOOL perfect 
> FI_DEFAULT(TRUE));
>  DLL_API BOOL DLL_CALLCONV FreeImage_JPEGCrop(const char *src_file, const 
> char *dst_file, int left, int top, int right, int bottom);
> @@ -1085,6 +1095,7 @@ DLL_API BOOL DLL_CALLCONV 
> FreeImage_JPEGTransformFromHandle(FreeImageIO* src_io,
>  DLL_API BOOL DLL_CALLCONV FreeImage_JPEGTransformCombined(const char 
> *src_file, const char *dst_file, FREE_IMAGE_JPEG_OPERATION operation, int* 
> left, int* top, int* right, int* bottom, BOOL perfect FI_DEFAULT(TRUE));
>  DLL_API BOOL DLL_CALLCONV FreeImage_JPEGTransformCombinedU(const wchar_t 
> *src_file, const wchar_t *dst_file, FREE_IMAGE_JPEG_OPERATION operation, int* 
> left, int* top, int* right, int* bottom, BOOL perfect FI_DEFAULT(TRUE));
>  DLL_API BOOL DLL_CALLCONV 
> FreeImage_JPEGTransformCombinedFromMemory(FIMEMORY* src_stream, FIMEMORY* 
> dst_stream, FREE_IMAGE_JPEG_OPERATION operation, int* left, int* top, int* 
> right, int* bottom, BOOL perfect FI_DEFAULT(TRUE));
> +#endif

> From 4ef0c85c769aa4bc7a528c13eee1c61705e61479 Mon Sep 17 00:00:00 2001
> From: Kei Kebreau 
> Date: Fri, 14 Oct 2016 18:09:45 -0400
> Subject: [PATCH] gnu: freeimage: Disable in-tree third-party libraries.
> 
> * gnu/packages/image.scm (freeimage)[source]: Add patch.
> * gnu/packages/patches/freeimage-disable-vendored-dependencies.patch: New 
> file.
> * gnu/local.mk (dist_patch_DATA): Register it.
> ---
>  gnu/local.mk   |   1 +
>  gnu/pa

Re: [PATCH] gnu: Add vim-full.

2016-10-15 Thread Efraim Flashner 
On Fri, Oct 14, 2016 at 09:16:15PM +, ng0 wrote:
> * gnu/packages/vim.scm (vim-full): New variable.
> * gnu/packages/patches/vim-8.0.0003.patch: New file.
> * gnu/packages/patches/vim-8.0.0004.patch: New file.
> * gnu/packages/patches/vim-8.0.0005.patch: New file.
> * gnu/local.mk (dist_patch_DATA): Add patches.
> ---
>  gnu/local.mk |  3 ++
>  gnu/packages/vim.scm | 82 
> 
>  2 files changed, 85 insertions(+)
> 
> diff --git a/gnu/local.mk b/gnu/local.mk
> index 526756f..79c1326 100644
> --- a/gnu/local.mk
> +++ b/gnu/local.mk
> @@ -874,6 +874,9 @@ dist_patch_DATA = 
> \
>%D%/packages/patches/util-linux-tests.patch\
>%D%/packages/patches/upower-builddir.patch \
>%D%/packages/patches/valgrind-enable-arm.patch \
> +  %D%/packages/patches/vim-8.0.0003.patch   \
> +  %D%/packages/patches/vim-8.0.0004.patch   \
> +  %D%/packages/patches/vim-8.0.0005.patch   \
>%D%/packages/patches/vorbis-tools-CVE-2014-9638+CVE-2014-9639.patch
> \
>%D%/packages/patches/vorbis-tools-CVE-2014-9640.patch  \
>%D%/packages/patches/vorbis-tools-CVE-2015-6749.patch  \
> diff --git a/gnu/packages/vim.scm b/gnu/packages/vim.scm
> index b1ee527..58ea3e1 100644
> --- a/gnu/packages/vim.scm
> +++ b/gnu/packages/vim.scm
> @@ -1,6 +1,7 @@
>  ;;; GNU Guix --- Functional package management for GNU
>  ;;; Copyright © 2013 Cyril Roelandt 
>  ;;; Copyright © 2016 Efraim Flashner 
> +;;; Copyright © 2016 ng0 
>  ;;;
>  ;;; This file is part of GNU Guix.
>  ;;;
> @@ -26,6 +27,21 @@
>#:use-module (gnu packages gawk)
>#:use-module (gnu packages ncurses)
>#:use-module (gnu packages perl)
> +  #:use-module (gnu packages ruby)
> +  #:use-module (gnu packages acl)
> +  #:use-module (gnu packages attr)
> +  #:use-module (gnu packages fontutils)
> +  #:use-module (gnu packages gettext)
> +  #:use-module (gnu packages glib)
> +  #:use-module (gnu packages gtk)
> +  #:use-module (gnu packages image)
> +  #:use-module (gnu packages linux)
> +  #:use-module (gnu packages lua)
> +  #:use-module (gnu packages pkg-config)
> +  #:use-module (gnu packages python)
> +  #:use-module (gnu packages tcl)
> +  #:use-module (gnu packages xdisorg)
> +  #:use-module (gnu packages xorg)
>#:use-module (gnu packages admin) ; For GNU hostname
>#:use-module (gnu packages shells))
>  
> @@ -79,3 +95,69 @@ that many consider it an entire IDE.  It's not just for 
> programmers, though.
>  Vim is perfect for all kinds of text editing, from composing email to editing
>  configuration files.")
>  (license license:vim)))
> +
> +(define-public vim-full
> +  (package
> +(inherit vim)
> +(name "vim-full")
> +(version (package-version vim))
> +(source
> + (origin
> +   (method url-fetch)
> +   (uri (string-append "ftp://ftp.vim.org/pub/vim/unix/vim-";
> +   version ".tar.bz2"))
> +   (sha256
> +(base32
> + "1s34rf8089klsbdx5l0iw7vjymir0kzfrx8wb30s31wygnq29axc"))
> +   ;; Patches need to be applied sequentially. 8.0 is the release of
> +   ;; vim version 8.0.0002 so we start at 8.0.0003
> +   (patches (search-patches "vim-8.0.0003.patch"
> +"vim-8.0.0004.patch"
> +"vim-8.0.0005.patch"

vim-7.4 went to over 2000 patches. If we do start applying patches to
our vim package then we should apply them to both versions, and it would
probably be better to use the bash patch method.

> +(arguments
> + `(#:configure-flags
> +   (list (string-append "--with-lua-prefix="
> +(assoc-ref %build-inputs "lua"))
> + "--with-features=huge"
> + "--enable-python3interp=yes"
> + "--enable-perlinterp=yes"
> + "--enable-rubyinterp=yes"
> + "--enable-tclinterp=yes"
> + "--enable-luainterp=yes"
> + "--enable-cscope"
> + "--enable-sniff"
> + "--enable-multibyte"
> + "--enable-xim"
> + "--disable-selinux"
> + "--enable-gui")
> +   ,@(package-arguments vim)))
> +(native-inputs
> + `(("pkg-config" ,pkg-config)))
> +(inputs
> + `(("acl" ,acl)
> +   ("atk" ,atk)
> +   ("attr" ,attr)
> +   ("cairo" ,cairo)
> +   ("fontconfig" ,fontconfig)
> +   ("freetype" ,freetype)
> +   ("gdk-pixbuf" ,gdk-pixbuf)
> +   ("gettext" ,gnu-gettext)
> +   ("glib" ,glib)
> +   ("gpm" ,gpm)
> +   ("gtk" ,gtk+-2)
> +   ("harfbuzz" ,harfbuzz)
> +   ("libice" ,libice)
> +   ("libpng" ,libpng)
> +   ("libsm" ,libsm)
> +   ("libx11" ,libx11)
> +   ("libxdmcp" ,libxdmcp)
> +   ("libxt" ,libxt)
> +   ("libxpm" ,libxpm)
> +   ("l

Re: Security bugs in freeimage bundled libraries [was Re: 01/02: gnu: freeimage: Fix CVE-2016-5684.]

2016-10-15 Thread Kei Kebreau 
Efraim Flashner  writes:

> On Fri, Oct 14, 2016 at 08:09:08PM -0400, Kei Kebreau wrote:
>> Leo Famulari  writes:
>> 
>> > On Fri, Oct 14, 2016 at 10:44:05AM +, Efraim Flashner wrote:
>> >> efraim pushed a commit to branch master
>> >> in repository guix.
>> >> 
>> >> commit 76e8566c1b3c4876d649e712a5c8c473fd48d134
>> >> Author: Efraim Flashner 
>> >> Date:   Fri Oct 14 11:28:21 2016 +0300
>> >> 
>> >> gnu: freeimage: Fix CVE-2016-5684.
>> >> 
>> >> * gnu/packages/image.scm (freeimage)[source]: Add patch.
>> >> * gnu/packages/patches/freeimage-CVE-2016-5684.patch: New file.
>> >> * gnu/local.mk (dist_patch_DATA): Register it.
>> >> ---
>> >>  gnu/local.mk   |1 +
>> >>  gnu/packages/image.scm |3 +-
>> >>  gnu/packages/patches/freeimage-CVE-2016-5684.patch |   34 
>> >> 
>> >>  3 files changed, 37 insertions(+), 1 deletion(-)
>> >
>> > Efraim pointed out on IRC that our freeimage packages bundles many
>> > 3rd-party libraries:
>> >
>> > $ ls -1 FreeImage/Source
>> > CacheFile.h
>> > DeprecationManager
>> > FreeImage
>> > FreeImage.h
>> > FreeImageIO.h
>> > FreeImageLib
>> > FreeImageToolkit
>> > LibJPEG
>> > LibJXR
>> > LibOpenJPEG
>> > LibPNG
>> > LibRawLite
>> > LibTIFF4
>> > LibWebP
>> > MapIntrospector.h
>> > Metadata
>> > OpenEXR
>> > Plugin.h
>> > Quantizers.h
>> > ToneMapping.h
>> > Utilities.h
>> > ZLib
>> >
>> > Debian has a patch to make it use "system" copies of the libraries:
>> >
>> > https://anonscm.debian.org/cgit/debian-science/packages/freeimage.git/tree/debian/patches/Disable-vendored-dependencies.patch?h=debian/sid
>> >
>> > For now, our freeimage package is probably vulnerable to many publicly
>> > disclosed security bugs.
>> >
>> > Who volunteers to try fixing this?
>> 
>> The patch is attached. I've removed the bit from Debian that disables JPEG
>> transformation functions, as seen below. JPEGTransform.cpp (in
>> Source/FreeImageToolkit) gave me some trouble when I left that part of
>> the patch alone.
>> 
>> @@ -473,6 +477,9 @@ FI_ENUM(FREE_IMAGE_DITHER) {
>>  FID_BAYER16x16  = 6 //! Bayer ordered dispersed dot 
>> dithering (order 4 dithering matrix)
>>  };
>>  
>> +/* Debian: The JPEGTransform functions are deliberately disabled in our 
>> build
>> +   of FreeImage, since they require usage of the vendored copy of libjpeg. 
>> */
>> +#if 0
>>  /** Lossless JPEG transformations
>>  Constants used in FreeImage_JPEGTransform
>>  */
>> @@ -486,6 +493,7 @@ FI_ENUM(FREE_IMAGE_JPEG_OPERATION) {
>>  FIJPEG_OP_ROTATE_180= 6,//! 180-degree rotation
>>  FIJPEG_OP_ROTATE_270= 7 //! 270-degree clockwise (or 90 
>> ccw)
>>  };
>> +#endif
>>  
>>  /** Tone mapping operators.
>>  Constants used in FreeImage_ToneMapping.
>> @@ -1076,7 +1084,9 @@ DLL_API const char* DLL_CALLCONV 
>> FreeImage_TagToString(FREE_IMAGE_MDMODEL model,
>>  // 
>> --
>>  // JPEG lossless transformation routines
>>  // 
>> --
>> -
>> +/* Debian: The JPEGTransform functions are deliberately disabled in our 
>> build
>> +   of FreeImage, since they require usage of the vendored copy of libjpeg. 
>> */
>> +#if 0
>>  DLL_API BOOL DLL_CALLCONV FreeImage_JPEGTransform(const char *src_file, 
>> const char *dst_file, FREE_IMAGE_JPEG_OPERATION operation, BOOL perfect 
>> FI_DEFAULT(TRUE));
>>  DLL_API BOOL DLL_CALLCONV FreeImage_JPEGTransformU(const wchar_t *src_file, 
>> const wchar_t *dst_file, FREE_IMAGE_JPEG_OPERATION operation, BOOL perfect 
>> FI_DEFAULT(TRUE));
>>  DLL_API BOOL DLL_CALLCONV FreeImage_JPEGCrop(const char *src_file, const 
>> char *dst_file, int left, int top, int right, int bottom);
>> @@ -1085,6 +1095,7 @@ DLL_API BOOL DLL_CALLCONV 
>> FreeImage_JPEGTransformFromHandle(FreeImageIO* src_io,
>>  DLL_API BOOL DLL_CALLCONV FreeImage_JPEGTransformCombined(const char 
>> *src_file, const char *dst_file, FREE_IMAGE_JPEG_OPERATION operation, int* 
>> left, int* top, int* right, int* bottom, BOOL perfect FI_DEFAULT(TRUE));
>>  DLL_API BOOL DLL_CALLCONV FreeImage_JPEGTransformCombinedU(const wchar_t 
>> *src_file, const wchar_t *dst_file, FREE_IMAGE_JPEG_OPERATION operation, 
>> int* left, int* top, int* right, int* bottom, BOOL perfect FI_DEFAULT(TRUE));
>>  DLL_API BOOL DLL_CALLCONV 
>> FreeImage_JPEGTransformCombinedFromMemory(FIMEMORY* src_stream, FIMEMORY* 
>> dst_stream, FREE_IMAGE_JPEG_OPERATION operation, int* left, int* top, int* 
>> right, int* bottom, BOOL perfect FI_DEFAULT(TRUE));
>> +#endif
>
>> From 4ef0c85c769aa4bc7a528c13eee1c61705e61479 Mon Sep 17 00:00:00 2001
>> From: Kei Kebreau 
>> Date: Fri, 14 Oct 2016 18:09:45 -0400
>> Subject: [PATCH] gnu: freeimage: Disable in-tree third-party libraries.
>> 
>> * gnu/packages/image.scm (freeimage)[source]: Add patch.
>> * gnu/packages/patches/freeimage-disabl

Re: Guile 2.0.13

2016-10-15 Thread Leo Famulari 
On Sat, Oct 15, 2016 at 08:13:12PM +0300, Efraim Flashner wrote:
> On Thu, Oct 13, 2016 at 11:11:38PM +0200, Ludovic Courtès wrote:
> > 
> > More generally, we could try to have a “staging” branch for safe changes
> > that involve a rebuild of between ~300 and ~1200 packages, that we’d
> > merge more frequently than ‘core-updates’ (I think the Nix folks do
> > that).  By “safe” I mean things like ungrafting, minor upgrades and
> > improvements; the goal would be to reduce the latency for such changes.
> > 
> > Things that rebuild more than ~1200 packages would still go to
> > ‘core-updates’.
> > 
> > WDYT?
> > 
> > Thanks!
> > 
> > Ludo’.
> > 
> 
> This sounds like a good idea in general. A quick `guix refresh -l cmake'
> showed ~1100 packages, which would make this a good spot for the patch I
> tossed into core-updates to also build the ccmake binary.

+1

> Currently I think most of us try to keep the number of rebuilds under
> ~150, so it might be nice to have some sort of guidelines in a separate
> post (and in HACKING eventually) so that people don't miss it.


signature.asc
Description: PGP signature

Re: Security bugs in freeimage bundled libraries [was Re: 01/02: gnu: freeimage: Fix CVE-2016-5684.]

2016-10-15 Thread Leo Famulari 
On Sat, Oct 15, 2016 at 02:57:37PM -0400, Kei Kebreau wrote:
> Efraim Flashner  writes:
> > On Fri, Oct 14, 2016 at 08:09:08PM -0400, Kei Kebreau wrote:
> >> Leo Famulari  writes:
> >> > Debian has a patch to make it use "system" copies of the libraries:
> >> >
> >> > https://anonscm.debian.org/cgit/debian-science/packages/freeimage.git/tree/debian/patches/Disable-vendored-dependencies.patch?h=debian/sid
> >> >
> >> > For now, our freeimage package is probably vulnerable to many publicly
> >> > disclosed security bugs.
> >> >
> >> > Who volunteers to try fixing this?
> >> 
> >> The patch is attached. I've removed the bit from Debian that disables JPEG
> >> transformation functions, as seen below. JPEGTransform.cpp (in
> >> Source/FreeImageToolkit) gave me some trouble when I left that part of
> >> the patch alone.
>
> > I was looking at it and I thought it was going to be much more than 400
> > lines in the end.
> >
> > Did we also need the other patch?
> > https://sources.debian.net/src/freeimage/3.17.0%2Bds1-3/debian/patches/Use-system-dependencies.patch/
> >
> > On one hand we could carry a modified version of Debian's patch, on the
> > other hand some of these look like they could be a series of substitute*
> > commands. I started looking through the patch and thinking how to
> > convert them from "../path/to/header.h" to  and realizing I
> > myself wouldn't want to do that, so that could easily be an option for
> > another time :).
> 
> Looking at its contents, adding that patch would make a lot of sense. :-)

Yes, I think we need to use both patches. Will you submit an updated
version of your patch?


signature.asc
Description: PGP signature

Re: [SECURITY] [PATCH] gnu: libraw: Update to 0.17.2.

2016-10-15 Thread Leo Famulari 
On Sat, Oct 15, 2016 at 08:31:33AM +0800, Alex Vong wrote:
> Leo Famulari  writes:
> 
> > On Fri, Oct 14, 2016 at 10:02:58PM +0800, Alex Vong wrote:
> >> Hi,
> >> 
> >> I find out that our libraw (0.17.0) is vulnerable to CVE-2015-{8366,
> >> 8367}[0], which is fixed in 0.17.1[1]. The patch below updates libraw to
> >> 0.17.2.
> >> 
> >
> >> From 4618436db68adbb74f01eb8e771a448cd20e415f Mon Sep 17 00:00:00 2001
> >> From: Alex Vong 
> >> Date: Fri, 14 Oct 2016 21:45:47 +0800
> >> Subject: [PATCH] gnu: libraw: Update to 0.17.2.
> >> 
> >> * gnu/packages/photo.scm (libraw): Update to 0.17.2.
> >
> > Thank you for catching this and sending a patch!
> >
> > I added the CVE IDs to the commit message and pushed as
> > b280e67ca6f62c176c72439df4533a9737b9130a.
> >
> >> I think we really need a security tracker as suggested earlier (by Leo I
> >> think), because the bug was disclosed in Dec 2015, so our libraw is
> >> being vulnerable for 3/4 year, which is pretty scary!
> >
> > Did I suggest that? I don't usually suggest creating new infrastructure
> > :)
> >
> Ok. It must be someone else suggesting creating a website... :)
> 
> > If we had a security tracker that is as good as Debian's, I would be
> > thrilled. I look at their tracker almost daily. On the other hand, there
> > are parts of Debian's web infrastructure that seem to be "crumbling" —
> > dead links et cetera. I'm loathe to add non-automated infrastructure to
> > Guix if we can't support it properly. I'd rather lack the infrastructure
> > than have it half-baked.
> >
> > For now I use `guix lint -c cve` and my mailing list / bug tracker
> > subscriptions.
> >
> > By the way, `guix lint -c cve` didn't report these two bugs because they
> > are still not "disclosed" in the database from which we pull our CVE
> > information [0]:
> > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8366
> > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8367
> >
> > That's why it's important for Guix developers / users to pay attention
> > to the upstream development of packages they are interested in. Until
> > upstream security fixes can be reliably detected by an automated system,
> > there are no substitutes for human attention, only complements.
> >
> > [0]
> > http://git.savannah.gnu.org/cgit/guix.git/tree/guix/cve.scm#n41
> 
> Thanks for explaining the current situation. I don't know about
> `guix lint -c cve`. It reports many CVE vulnerabilities. How does it
> knows if a particular vulnerability is fixed by a patch?

If I understand correctly, the linter looks for a CVE ID in the patch
file names [0]:

--
(define (check-vulnerabilities package)
  "Check for known vulnerabilities for PACKAGE."
  (let ((package (or (package-replacement package) package)))
(match (package-vulnerabilities package)
  (()
   #t)
  ((vulnerabilities ...)
   (let* ((patches   (filter-map patch-file-name
 (or (and=> (package-source package)
origin-patches)
 '(
  (unpatched (remove (lambda (vuln)
   (find (cute string-contains
   <> (vulnerability-id vuln))
 patches))
 vulnerabilities)))
 (unless (null? unpatched)
   (emit-warning package
 (format #f (_ "probably vulnerable to ~a")
 (string-join (map vulnerability-id unpatched)
  ", ")
--

[0]
http://git.savannah.gnu.org/cgit/guix.git/tree/guix/scripts/lint.scm#n684


signature.asc
Description: PGP signature

[PATCH] gnu: gd: Fix CVE-2016-8670.

2016-10-15 Thread Kei Kebreau 
This patch fixes the gd library's most recent published vulnerability on
the oss-security list.
From dc48d5c020c0795c966501b83ac2d4b4ae0e4caa Mon Sep 17 00:00:00 2001
From: Kei Kebreau 
Date: Sat, 15 Oct 2016 15:57:21 -0400
Subject: [PATCH] gnu: gd: Fix CVE-2016-8670.

* gnu/packages/patches/gd-CVE-2016-8670.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/gd.scm (gd)[source]: Use it.
---
 gnu/local.mk|  1 +
 gnu/packages/gd.scm |  1 +
 gnu/packages/patches/gd-CVE-2016-8670.patch | 12 
 3 files changed, 14 insertions(+)
 create mode 100644 gnu/packages/patches/gd-CVE-2016-8670.patch

diff --git a/gnu/local.mk b/gnu/local.mk
index a151d2b..68b4bf3 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -536,6 +536,7 @@ dist_patch_DATA =   
\
   %D%/packages/patches/gcc-libvtv-runpath.patch\
   %D%/packages/patches/gcc-5.0-libvtv-runpath.patch\
   %D%/packages/patches/gd-CVE-2016-7568.patch  \
+  %D%/packages/patches/gd-CVE-2016-8670.patch  \
   %D%/packages/patches/gd-fix-gd2-read-test.patch  \
   %D%/packages/patches/gd-fix-tests-on-i686.patch  \
   %D%/packages/patches/gegl-CVE-2012-4433.patch\
diff --git a/gnu/packages/gd.scm b/gnu/packages/gd.scm
index 6c94d35..0241a81 100644
--- a/gnu/packages/gd.scm
+++ b/gnu/packages/gd.scm
@@ -51,6 +51,7 @@
   (base32
"0g3xz8jpz1pl2zzmssglrpa9nxiaa7rmcmvgpbrjz8k9cyynqsvl"))
  (patches (search-patches "gd-CVE-2016-7568.patch"
+  "gd-CVE-2016-8670.patch"
   "gd-fix-gd2-read-test.patch"
   "gd-fix-tests-on-i686.patch"
 (build-system gnu-build-system)
diff --git a/gnu/packages/patches/gd-CVE-2016-8670.patch 
b/gnu/packages/patches/gd-CVE-2016-8670.patch
new file mode 100644
index 000..21d5fd9
--- /dev/null
+++ b/gnu/packages/patches/gd-CVE-2016-8670.patch
@@ -0,0 +1,12 @@
+diff -u -r libgd-2.2.3.old/src/gd_io_dp.c libgd-2.2.3/src/gd_io_dp.c
+--- libgd-2.2.3.old/src/gd_io_dp.c 1969-12-31 19:00:00.0 -0500
 libgd-2.2.3/src/gd_io_dp.c 2016-10-15 15:49:04.478163658 -0400
+@@ -276,7 +276,7 @@
+   if(remain >= len) {
+   rlen = len;
+   } else {
+-  if(remain == 0) {
++  if(remain <= 0) {
+   /* 2.0.34: EOF is incorrect. We use 0 for
+* errors and EOF, just like fileGetbuf,
+* which is a simple fread() wrapper.
-- 
2.10.1



signature.asc
Description: PGP signature

Go 1.4.3 failing on core-updates

2016-10-15 Thread Leo Famulari 
Go version 1.4.3, which is required to build the latest Go version, is
failing to build on core-updates:

https://hydra.gnu.org/build/1493335

Here's the tail of the log:
--
archive/tar
go/doc
crypto/elliptic
cmd/addr2line
encoding/asn1
crypto/rand
crypto/dsa
cmd/cgo
go/format
crypto/rsa
cmd/fix
cmd/gofmt
go/build
crypto/ecdsa
crypto/x509/pkix
cmd/nm
cmd/objdump
cmd/pprof/internal/plugin
html/template
cmd/pprof/internal/symbolizer
cmd/pprof/internal/symbolz
cmd/yacc
archive/zip
cmd/pprof/internal/report
compress/lzw
compress/zlib
database/sql/driver
database/sql
encoding/csv
encoding/gob
image/gif
image/png
runtime/debug
testing
testing/iotest
cmd/pprof/internal/commands
testing/quick
text/scanner
cmd/pprof/internal/driver
runtime/cgo
net
os/user
# net
cannot load DWARF output from $WORK/net/_obj//_cgo_.o: decoding dwarf section 
info at offset 0x4: unsupported version 0
# os/user
cannot load DWARF output from $WORK/os/user/_obj//_cgo_.o: decoding dwarf 
section info at offset 0x4: unsupported version 0
phase `build' failed after 15.9 seconds
builder for `/gnu/store/gs9r320hhlmi87k3xbswng57icxsxv4n-go-1.4.3.drv' failed 
with exit code 1
@ build-failed /gnu/store/gs9r320hhlmi87k3xbswng57icxsxv4n-go-1.4.3.drv - 1 
builder for `/gnu/store/gs9r320hhlmi87k3xbswng57icxsxv4n-go-1.4.3.drv' failed 
with exit code 1
guix build: error: build failed: build of 
`/gnu/store/gs9r320hhlmi87k3xbswng57icxsxv4n-go-1.4.3.drv' failed
--

Any ideas?

[PATCH] Add vim-full (this time with the patches included)

2016-10-15 Thread ng0 
Forgot the patches last time. Here they are included.

[PATCH] gnu: Add vim-full.

2016-10-15 Thread ng0 
* gnu/packages/vim.scm (vim-full): New variable.
* gnu/packages/patches/vim-8.0.0003.patch: New file.
* gnu/packages/patches/vim-8.0.0004.patch: New file.
* gnu/packages/patches/vim-8.0.0005.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add patches.
---
 gnu/local.mk|  3 ++
 gnu/packages/patches/vim-8.0.0003.patch | 87 +
 gnu/packages/patches/vim-8.0.0004.patch | 60 +++
 gnu/packages/patches/vim-8.0.0005.patch | 45 +
 gnu/packages/vim.scm| 82 +++
 5 files changed, 277 insertions(+)
 create mode 100644 gnu/packages/patches/vim-8.0.0003.patch
 create mode 100644 gnu/packages/patches/vim-8.0.0004.patch
 create mode 100644 gnu/packages/patches/vim-8.0.0005.patch

diff --git a/gnu/local.mk b/gnu/local.mk
index 526756f..79c1326 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -874,6 +874,9 @@ dist_patch_DATA =   
\
   %D%/packages/patches/util-linux-tests.patch  \
   %D%/packages/patches/upower-builddir.patch   \
   %D%/packages/patches/valgrind-enable-arm.patch   \
+  %D%/packages/patches/vim-8.0.0003.patch   \
+  %D%/packages/patches/vim-8.0.0004.patch   \
+  %D%/packages/patches/vim-8.0.0005.patch   \
   %D%/packages/patches/vorbis-tools-CVE-2014-9638+CVE-2014-9639.patch  
\
   %D%/packages/patches/vorbis-tools-CVE-2014-9640.patch\
   %D%/packages/patches/vorbis-tools-CVE-2015-6749.patch\
diff --git a/gnu/packages/patches/vim-8.0.0003.patch 
b/gnu/packages/patches/vim-8.0.0003.patch
new file mode 100644
index 000..11e9c91
--- /dev/null
+++ b/gnu/packages/patches/vim-8.0.0003.patch
@@ -0,0 +1,87 @@
+To: vim_...@googlegroups.com
+Subject: Patch 8.0.0003
+Fcc: outbox
+From: Bram Moolenaar 
+Mime-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+
+Patch 8.0.0003
+Problem:getwinvar() returns wrong Value of boolean and number options,
+especially non big endian systems. (James McCoy)
+Solution:   Cast the pointer to long or int. (closes #1060)
+Files:  src/option.c, src/testdir/test_bufwintabinfo.vim
+
+
+*** vim80/src/option.c 2016-09-02 19:26:03.0 +0200
+--- vim80/src/option.c 2016-09-12 19:20:38.051099762 +0200
+***
+*** 12363,12370 
+   {
+   if (opt->flags & P_STRING)
+   dict_add_nr_str(d, opt->fullname, 0L, *(char_u **)varp);
+   else
+!  dict_add_nr_str(d, opt->fullname, *varp, NULL);
+   }
+   }
+  }
+--- 12363,12372 
+   {
+   if (opt->flags & P_STRING)
+   dict_add_nr_str(d, opt->fullname, 0L, *(char_u **)varp);
++  else if (opt->flags & P_NUM)
++  dict_add_nr_str(d, opt->fullname, *(long *)varp, NULL);
+   else
+!  dict_add_nr_str(d, opt->fullname, *(int *)varp, NULL);
+   }
+   }
+  }
+*** vim80/src/testdir/test_bufwintabinfo.vim   2016-08-27 21:14:58.0 
+0200
+--- vim80/src/testdir/test_bufwintabinfo.vim   2016-09-12 19:31:06.346360420 
+0200
+***
+*** 87,95 
+--- 87,103 
+  endfunc
+  
+  function Test_get_win_options()
++   if has('folding')
++ set foldlevel=999
++   endif
++   set list
+let opts = getwinvar(1, '&')
+call assert_equal(v:t_dict, type(opts))
+call assert_equal(0, opts.linebreak)
++   call assert_equal(1, opts.list)
++   if has('folding')
++ call assert_equal(999, opts.foldlevel)
++   endif
+if has('signs')
+  call assert_equal('auto', opts.signcolumn)
+endif
+***
+*** 97,103 
+--- 105,116 
+let opts = gettabwinvar(1, 1, '&')
+call assert_equal(v:t_dict, type(opts))
+call assert_equal(0, opts.linebreak)
++   call assert_equal(1, opts.list)
+if has('signs')
+  call assert_equal('auto', opts.signcolumn)
+endif
++   set list&
++   if has('folding')
++ set foldlevel=0
++   endif
+  endfunc
+*** vim80/src/version.c2016-09-12 16:30:42.348454179 +0200
+--- vim80/src/version.c2016-09-12 19:24:10.184148642 +0200
+***
+*** 766,767 
+--- 766,769 
+  {   /* Add new patch number below this line */
++ /**/
++ 3,
+  /**/
+
+-- 
diff --git a/gnu/packages/patches/vim-8.0.0004.patch 
b/gnu/packages/patches/vim-8.0.0004.patch
new file mode 100644
index 000..5d4071b
--- /dev/null
+++ b/gnu/packages/patches/vim-8.0.0004.patch
@@ -0,0 +1,60 @@
+To: vim_...@googlegroups.com
+Subject: Patch 8.0.0004
+Fcc: outbox
+From: Bram Moolenaar 
+Mime-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+
+Patch 8.0.0004
+Problem:A string argument for function() that is not a function name
+resul

[PATCH] gnu: dbus@1.10.12: Fix search paths.

2016-10-15 Thread Andy Patterson 
Hello,

I noticed that since 34f9582a, dbus wasn't starting up colord or
elogind on GuixSD. The following patch aims to address that.

--
Andy


From dd248d4cc7eccba01119dfd50701f75c1ee5fec8 Mon Sep 17 00:00:00 2001
From: Andy Patterson 
Date: Sat, 15 Oct 2016 15:38:27 -0400
Subject: [PATCH] gnu: dbus@1.10.12: Fix search paths.

Add the patches from dbus' source field back into its replacement. This
ensures that the grafted dbus package can find its services on GuixSD.

* gnu/packages/glib.scm (dbus-1.10.12)[source]: Inherit from
  '(package-source dbus)'
---
 gnu/packages/glib.scm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gnu/packages/glib.scm b/gnu/packages/glib.scm
index e549dd7..802c809 100644
--- a/gnu/packages/glib.scm
+++ b/gnu/packages/glib.scm
@@ -139,7 +139,7 @@ shared NFS home directories.")
 (source
   (let ((version "1.10.12"))
 (origin
-  (method url-fetch)
+  (inherit (package-source dbus))
   (uri (string-append
 "https://dbus.freedesktop.org/releases/dbus/dbus-";
 version ".tar.gz"))
-- 
2.10.1

Re: Writing recipe for Crypto++, and getting build errors

2016-10-15 Thread Adonay Felipe Nogueira 
Note: I'm using Guix with other distribution, not GuixSD.

I was trying to find out what is the "working tree" in my case, and I
decided to investigate "/gnu/store", and I found three possible places
that are directories:

/gnu/store/...-guix-0.11.0-1.4420
/gnu/store/...-guix-latest
/gnu/store/...-guix-source

Which one is my "working tree"?


signature.asc
Description: This is a digitally signed message part

Re: [PATCH] add fbida

2016-10-15 Thread Kei Kebreau 
Julien Lepiller  writes:

> Hi,
>
> I attached a patch to add fbida, a frame-buffer based image and pdf
> viewer. I created a new file, since I didn't find an existing one
> where it could go. Let me know if you prefer it in an existing file.

Hi Julien! Your patch looks fine as far as linting and reproducibility
goes. Some pointers for your patch:

In my opinion, this can go in pdf.scm, as the mupdf package is there and
it has similar functions to fbida. Also, when you add fbida to pdf.scm,
don't forget to add a copyright notice for yourself!


signature.asc
Description: PGP signature

Re: Writing recipe for Crypto++, and getting build errors

2016-10-15 Thread Efraim Flashner 
On Sat, Oct 15, 2016 at 05:47:01PM -0300, Adonay Felipe Nogueira wrote:
> Note: I'm using Guix with other distribution, not GuixSD.
> 
> I was trying to find out what is the "working tree" in my case, and I
> decided to investigate "/gnu/store", and I found three possible places
> that are directories:
> 
> /gnu/store/...-guix-0.11.0-1.4420
> /gnu/store/...-guix-latest
> /gnu/store/...-guix-source
> 
> Which one is my "working tree"?

ls -l .config/guix/latest
on my machine it points to /gnu/store/...-guix-latest


-- 
Efraim Flashner  אפרים פלשנר
GPG key = A28B F40C 3E55 1372 662D  14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted


signature.asc
Description: PGP signature

[PATCH] gnu: Add lci.

2016-10-15 Thread ng0 
From: ng0 

* gnu/packages/lolcode.scm: New file.
* gnu/local.mk (GNU_SYSTEM_MODULES): Add it.
---
 gnu/local.mk |  1 +
 gnu/packages/lolcode.scm | 60 
 2 files changed, 61 insertions(+)
 create mode 100644 gnu/packages/lolcode.scm

diff --git a/gnu/local.mk b/gnu/local.mk
index 06e23cd..0dab053 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -226,6 +226,7 @@ GNU_SYSTEM_MODULES =\
   %D%/packages/llvm.scm\
   %D%/packages/lout.scm\
   %D%/packages/logging.scm \
+  %D%/packages/lolcode.scm  \
   %D%/packages/lsof.scm\
   %D%/packages/lua.scm \
   %D%/packages/lxde.scm\
diff --git a/gnu/packages/lolcode.scm b/gnu/packages/lolcode.scm
new file mode 100644
index 000..b566099
--- /dev/null
+++ b/gnu/packages/lolcode.scm
@@ -0,0 +1,60 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2016 ng0 
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see .
+
+(define-module (gnu packages lolcode)
+  #:use-module (gnu packages)
+  #:use-module (gnu packages documentation)
+  #:use-module (gnu packages python)
+  #:use-module (gnu packages readline)
+  #:use-module (guix build-system cmake)
+  #:use-module (guix download)
+  #:use-module ((guix licenses) #:prefix license:)
+  #:use-module (guix packages))
+
+(define-public lci
+  (package
+(name "lci")
+(version "0.11.2")
+(source (origin
+  (method url-fetch)
+  (uri (string-append "https://github.com/justinmeza/lci/archive/v";
+  version ".tar.gz"))
+  (sha256
+   (base32
+"1li7ikcrs7wqah7gqkirg0k61n6pm12w7pydin966x1sdn9na46b"))
+  (file-name (string-append name "-" version ".tar.gz"
+(build-system cmake-build-system)
+(inputs
+ `(("python-2" ,python-2)
+   ("readline" ,readline)))
+(native-inputs
+ `(("doxygen" ,doxygen)))
+(synopsis "LOLCODE interpreter written in C")
+(description
+ "@code{lci} is a LOLCODE interpreter written in C and is designed to be 
correct,
+portable, fast, and precisely documented.
+@enumerate
+@item correct: Every effort has been made to test lci's conformance to the
+LOLCODE language specification.  Unit tests come packaged with the lci source 
code.
+@item portable: lci follows the widely ported ANSI C specification allowing it
+to compile on a broad range of systems.
+@item fast: Much effort has gone into producing simple and efficient code
+whenever possible to the extent that the above points are not compromized.
+@end enumerate")
+(home-page "http://lolcode.org/";)
+(license license:gpl3+)))
-- 
2.10.1

[PATCH] Add lci.

2016-10-15 Thread ng0 
This adds lci, a lolcode interpreter. This time I removed the typo with two 
(native-input) so it works again.

Re: [PATCH] gnu: Add python-whoosh.

2016-10-15 Thread Kei Kebreau 
Ricardo Wurmus  writes:

> * gnu/packages/python.scm (python-whoosh, python2-whoosh): New variables.
> ---
>  gnu/packages/python.scm | 30 ++
>  1 file changed, 30 insertions(+)
>
> diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm
> index 6207896..69c7d36 100644
> --- a/gnu/packages/python.scm
> +++ b/gnu/packages/python.scm
> @@ -8823,6 +8823,36 @@ library.")
>(native-inputs `(("python2-setuptools" ,python2-setuptools)
> ,@(package-native-inputs responses))
>  
> +(define-public python-whoosh
> +  (package
> +(name "python-whoosh")
> +(version "2.7.4")
> +(source
> + (origin
> +   (method url-fetch)
> +   (uri (pypi-uri "Whoosh" version))
> +   (sha256
> +(base32
> + "10qsqdjpbc85fykc1vgcs8xwbgn4l2l52c8d83xf1q59pwyn79bw"
> +(build-system python-build-system)
> +(native-inputs
> + `(("python-setuptools" ,python-setuptools)
> +   ("python-pytest" ,python-pytest)))
> +(home-page "http://bitbucket.org/mchaput/whoosh";)
> +(synopsis "Full text indexing, search, and spell checking library")
> +(description
> + "Whoosh is a fast, pure-Python full text indexing, search, and spell
> +checking library.")
> +(license license:bsd-2)))
> +
> +(define-public python2-whoosh
> +  (let ((whoosh (package-with-python2 (strip-python2-variant 
> python-whoosh
> +(package (inherit whoosh)
> +  (propagated-inputs
> +   `(("python2-backport-ssl-match-hostname"
> +  ,python2-backport-ssl-match-hostname)
> +  ,@(package-propagated-inputs whoosh))
> +
>  (define-public python-pathlib
>(package
>  (name "python-pathlib")

Linting works fine, but outputs differ on each build. Is this a common
problem with python packages?


signature.asc
Description: PGP signature

Re: [PATCH] gnu: Add vim-full.

2016-10-15 Thread ng0 
Efraim Flashner  writes:

> [ Unknown signature status ]
> On Fri, Oct 14, 2016 at 09:16:15PM +, ng0 wrote:
>> * gnu/packages/vim.scm (vim-full): New variable.
>> * gnu/packages/patches/vim-8.0.0003.patch: New file.
>> * gnu/packages/patches/vim-8.0.0004.patch: New file.
>> * gnu/packages/patches/vim-8.0.0005.patch: New file.
>> * gnu/local.mk (dist_patch_DATA): Add patches.
>> ---
>>  gnu/local.mk |  3 ++
>>  gnu/packages/vim.scm | 82 
>> 
>>  2 files changed, 85 insertions(+)
>> 
>> diff --git a/gnu/local.mk b/gnu/local.mk
>> index 526756f..79c1326 100644
>> --- a/gnu/local.mk
>> +++ b/gnu/local.mk
>> @@ -874,6 +874,9 @@ dist_patch_DATA =
>> \
>>%D%/packages/patches/util-linux-tests.patch   \
>>%D%/packages/patches/upower-builddir.patch\
>>%D%/packages/patches/valgrind-enable-arm.patch\
>> +  %D%/packages/patches/vim-8.0.0003.patch   \
>> +  %D%/packages/patches/vim-8.0.0004.patch   \
>> +  %D%/packages/patches/vim-8.0.0005.patch   \
>>%D%/packages/patches/vorbis-tools-CVE-2014-9638+CVE-2014-9639.patch   
>> \
>>%D%/packages/patches/vorbis-tools-CVE-2014-9640.patch \
>>%D%/packages/patches/vorbis-tools-CVE-2015-6749.patch \
>> diff --git a/gnu/packages/vim.scm b/gnu/packages/vim.scm
>> index b1ee527..58ea3e1 100644
>> --- a/gnu/packages/vim.scm
>> +++ b/gnu/packages/vim.scm
>> @@ -1,6 +1,7 @@
>>  ;;; GNU Guix --- Functional package management for GNU
>>  ;;; Copyright © 2013 Cyril Roelandt 
>>  ;;; Copyright © 2016 Efraim Flashner 
>> +;;; Copyright © 2016 ng0 
>>  ;;;
>>  ;;; This file is part of GNU Guix.
>>  ;;;
>> @@ -26,6 +27,21 @@
>>#:use-module (gnu packages gawk)
>>#:use-module (gnu packages ncurses)
>>#:use-module (gnu packages perl)
>> +  #:use-module (gnu packages ruby)
>> +  #:use-module (gnu packages acl)
>> +  #:use-module (gnu packages attr)
>> +  #:use-module (gnu packages fontutils)
>> +  #:use-module (gnu packages gettext)
>> +  #:use-module (gnu packages glib)
>> +  #:use-module (gnu packages gtk)
>> +  #:use-module (gnu packages image)
>> +  #:use-module (gnu packages linux)
>> +  #:use-module (gnu packages lua)
>> +  #:use-module (gnu packages pkg-config)
>> +  #:use-module (gnu packages python)
>> +  #:use-module (gnu packages tcl)
>> +  #:use-module (gnu packages xdisorg)
>> +  #:use-module (gnu packages xorg)
>>#:use-module (gnu packages admin) ; For GNU hostname
>>#:use-module (gnu packages shells))
>>  
>> @@ -79,3 +95,69 @@ that many consider it an entire IDE.  It's not just for 
>> programmers, though.
>>  Vim is perfect for all kinds of text editing, from composing email to 
>> editing
>>  configuration files.")
>>  (license license:vim)))
>> +
>> +(define-public vim-full
>> +  (package
>> +(inherit vim)
>> +(name "vim-full")
>> +(version (package-version vim))
>> +(source
>> + (origin
>> +   (method url-fetch)
>> +   (uri (string-append "ftp://ftp.vim.org/pub/vim/unix/vim-";
>> +   version ".tar.bz2"))
>> +   (sha256
>> +(base32
>> + "1s34rf8089klsbdx5l0iw7vjymir0kzfrx8wb30s31wygnq29axc"))
>> +   ;; Patches need to be applied sequentially. 8.0 is the release of
>> +   ;; vim version 8.0.0002 so we start at 8.0.0003
>> +   (patches (search-patches "vim-8.0.0003.patch"
>> +"vim-8.0.0004.patch"
>> +"vim-8.0.0005.patch"
>
> vim-7.4 went to over 2000 patches. If we do start applying patches to
> our vim package then we should apply them to both versions, and it would
> probably be better to use the bash patch method.

I'vre just send in a new patch of this, I forgot the patches.
I only included the patches which are needed to make the testsuite to
succeed. This is not needed at all in the current vim we have.

I did what I can, I do not understand the bash method. Someone who does
can apply the method used in bash.scm, I won't.

>> +(arguments
>> + `(#:configure-flags
>> +   (list (string-append "--with-lua-prefix="
>> +(assoc-ref %build-inputs "lua"))
>> + "--with-features=huge"
>> + "--enable-python3interp=yes"
>> + "--enable-perlinterp=yes"
>> + "--enable-rubyinterp=yes"
>> + "--enable-tclinterp=yes"
>> + "--enable-luainterp=yes"
>> + "--enable-cscope"
>> + "--enable-sniff"
>> + "--enable-multibyte"
>> + "--enable-xim"
>> + "--disable-selinux"
>> + "--enable-gui")
>> +   ,@(package-arguments vim)))
>> +(native-inputs
>> + `(("pkg-config" ,pkg-config)))
>> +(inputs
>> + `(("acl" ,acl)
>> +   ("atk" ,atk)
>> +   ("a

Re: Writing recipe for Crypto++, and getting build errors

2016-10-15 Thread Adonay Felipe Nogueira 
Thank you very much! :)

I have good news: The patch suggested by Ludovic does work. :)

I did a test with a simple recipe (because I no longer need to deal with
zipbomb itself, since I found the tar.gz generated by their repository,
which luckly isn't a tarbomb).

Now, reverting the patch with `patch -p1 -R`. :)


signature.asc
Description: This is a digitally signed message part

Re: [PATCH] gnu: Add python-whoosh.

2016-10-15 Thread Marius Bakke 
Kei Kebreau  writes:

> Ricardo Wurmus  writes:
>
>> * gnu/packages/python.scm (python-whoosh, python2-whoosh): New variables.
>> ---
>>  gnu/packages/python.scm | 30 ++
>>  1 file changed, 30 insertions(+)
>>
>> diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm
>> index 6207896..69c7d36 100644
>> --- a/gnu/packages/python.scm
>> +++ b/gnu/packages/python.scm
>> @@ -8823,6 +8823,36 @@ library.")
>>(native-inputs `(("python2-setuptools" ,python2-setuptools)
>> ,@(package-native-inputs responses))
>>  
>> +(define-public python-whoosh
>> +  (package
>> +(name "python-whoosh")
>> +(version "2.7.4")
>> +(source
>> + (origin
>> +   (method url-fetch)
>> +   (uri (pypi-uri "Whoosh" version))
>> +   (sha256
>> +(base32
>> + "10qsqdjpbc85fykc1vgcs8xwbgn4l2l52c8d83xf1q59pwyn79bw"
>> +(build-system python-build-system)
>> +(native-inputs
>> + `(("python-setuptools" ,python-setuptools)
>> +   ("python-pytest" ,python-pytest)))
>> +(home-page "http://bitbucket.org/mchaput/whoosh";)
>> +(synopsis "Full text indexing, search, and spell checking library")
>> +(description
>> + "Whoosh is a fast, pure-Python full text indexing, search, and spell
>> +checking library.")
>> +(license license:bsd-2)))
>> +
>> +(define-public python2-whoosh
>> +  (let ((whoosh (package-with-python2 (strip-python2-variant 
>> python-whoosh
>> +(package (inherit whoosh)
>> +  (propagated-inputs
>> +   `(("python2-backport-ssl-match-hostname"
>> +  ,python2-backport-ssl-match-hostname)
>> +  ,@(package-propagated-inputs whoosh))
>> +
>>  (define-public python-pathlib
>>(package
>>  (name "python-pathlib")
>
> Linting works fine, but outputs differ on each build. Is this a common
> problem with python packages?

Yes, it's a common problem with python packages. This should be largely
fixed by the new python build system however.

Wrt the patch, setuptools is not required for the python3 variant. But
since it will no longer be required for python2 either after the new
build system, I think it's okay to keep it for now, since it would
complicate the patch a lot.

LGTM.

Re: [PATCH] gnu: gd: Fix CVE-2016-8670.

2016-10-15 Thread Marius Bakke 
Kei Kebreau  writes:

> This patch fixes the gd library's most recent published vulnerability on
> the oss-security list.

Looks like this was already applied by Leo in
e1376e25a755a7368d095b4eb2daf42be9e63b0d.

Re: [PATCH] gnu: dbus@1.10.12: Fix search paths.

2016-10-15 Thread Leo Famulari 
On Sat, Oct 15, 2016 at 03:49:13PM -0400, Andy Patterson wrote:
> Hello,
> 
> I noticed that since 34f9582a, dbus wasn't starting up colord or
> elogind on GuixSD. The following patch aims to address that.

Mea culpa!

Thanks for catching this and sending a patch. Pushed as
fcb9b9340fd9557441bf42ca9b93a7651a5c94f9.

Re: 07/07: guix: python-build-system: Fix an outdated comment.

2016-10-15 Thread Ludovic Courtès 
Danny Milosavljevic  skribis:

>> Sorry, I didn't realize that altering comments here would have an
>> effect; I would have warned Hartmut if I had.
>
> Out of curiousity, why does it have an effect?

The file is imported in the build environment (chroot) of all the
packages that use ‘python-build-system’.  It’s an input of the
derivation of those packages, so when it changes, all these derivations
change.

Hartmut Goebel  skribis:

>> Sorry, I didn't realize that altering comments here would have an
>> effect; I would have warned Hartmut if I had.
>
> I'm sorry, too. I didn't expect that changing a comment would have any
> impact on building packages. Aren't the the files converted to some
> canonical form prior to deciding whether they changed?

No.  There’s no “decision” as to whether they changed; instead, they
just happen to be part of the hash of the output file name.

That said, don’t be sorry gentlefolks: these things happen.  ;-)

Ludo’.

Re: [PATCH] gnu: gd: Fix CVE-2016-8670.

2016-10-15 Thread Leo Famulari 
On Sat, Oct 15, 2016 at 10:55:52PM +0100, Marius Bakke wrote:
> Kei Kebreau  writes:
> 
> > This patch fixes the gd library's most recent published vulnerability on
> > the oss-security list.
> 
> Looks like this was already applied by Leo in
> e1376e25a755a7368d095b4eb2daf42be9e63b0d.

It's always good to see what somebody else would have done. I'm glad our
patches made the same change in this case :)

Re: [PATCH] gnu: Add python-whoosh.

2016-10-15 Thread Leo Famulari 
On Sat, Oct 15, 2016 at 05:05:23PM -0400, Kei Kebreau wrote:
> Ricardo Wurmus  writes:
> 
> > * gnu/packages/python.scm (python-whoosh, python2-whoosh): New variables.
> > ---
> >  gnu/packages/python.scm | 30 ++
> >  1 file changed, 30 insertions(+)
> >
> > diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm
> > index 6207896..69c7d36 100644
> > --- a/gnu/packages/python.scm
> > +++ b/gnu/packages/python.scm
> > @@ -8823,6 +8823,36 @@ library.")
> >(native-inputs `(("python2-setuptools" ,python2-setuptools)
> > ,@(package-native-inputs responses))
> >  
> > +(define-public python-whoosh
> > +  (package
> > +(name "python-whoosh")
> > +(version "2.7.4")
> > +(source
> > + (origin
> > +   (method url-fetch)
> > +   (uri (pypi-uri "Whoosh" version))
> > +   (sha256
> > +(base32
> > + "10qsqdjpbc85fykc1vgcs8xwbgn4l2l52c8d83xf1q59pwyn79bw"
> > +(build-system python-build-system)
> > +(native-inputs
> > + `(("python-setuptools" ,python-setuptools)
> > +   ("python-pytest" ,python-pytest)))
> > +(home-page "http://bitbucket.org/mchaput/whoosh";)
> > +(synopsis "Full text indexing, search, and spell checking library")
> > +(description
> > + "Whoosh is a fast, pure-Python full text indexing, search, and spell
> > +checking library.")
> > +(license license:bsd-2)))
> > +
> > +(define-public python2-whoosh
> > +  (let ((whoosh (package-with-python2 (strip-python2-variant 
> > python-whoosh
> > +(package (inherit whoosh)
> > +  (propagated-inputs
> > +   `(("python2-backport-ssl-match-hostname"
> > +  ,python2-backport-ssl-match-hostname)
> > +  ,@(package-propagated-inputs whoosh))
> > +
> >  (define-public python-pathlib
> >(package
> >  (name "python-pathlib")
> 
> Linting works fine, but outputs differ on each build. Is this a common
> problem with python packages?

The Python 3.4.3 (what we have on master) bytecode compiler puts
timestamps in the bytecode:

https://bugs.gnu.org/22533

I think this issue will be fixed when we upgrade to Python 3.5.2.

And, IIRC, our version of Sphinx puts timestamps in man pages. This is
also fixed in more recent versions of Sphinx, again IIRC.


signature.asc
Description: PGP signature

Bash headers path changed in 4.4 (core-updates)

2016-10-15 Thread Leo Famulari 
While looking at the build failure of recutils on core-updates [0], I
noticed that the directory structure of bash:include changed from 4.3 to
4.4.

Using stdc.h as an example, For 4.3, our package creates a tree like this:
./include/bash/stdc.h

For 4.4, it's like this:
./include/bash/include/stdc.h

Is this intentional?

[0]
https://hydra.gnu.org/build/1538148/log/tail-reload

gnu: artanis: Remove implied $(DESTDIR) usage.

2016-10-15 Thread Adonay Felipe Nogueira 
My first patch to Guix project, I hope this helps. :)
-- 
# pt-BR: Brasileiro | en: Brazilian

* pt-BR: Palestra sobre liberdade de software (movimento filosófico 
político-social, não tecnológico).
  * en: Gives talks about software freedom (philosophical, political and social 
movement, not technological).
* pt-BR: Voluntário avaliador de liberdade de software (para software pagos ou 
gratuitos).
  * en: Volunteer evaluator of software freedom (for paid software, or gratis 
software).
* pt-BR: Presta suporte e consultoria básicos sobre software livre.
  * en: Gives basic support and consulting about free/libre software.

## pt-BR: Sobre mim e contato | en: About me and contact


From a51dc9fd4237a37a20fe457defa1821663c8e944 Mon Sep 17 00:00:00 2001
From: Adonay Felipe Nogueira 
Date: Sat, 15 Oct 2016 22:32:42 -0300
Subject: [PATCH] gnu: artanis: Remove implied $(DESTDIR) usage.

* gnu/packages/patches/artanis-fix-Makefile.in.patch: New patch.
* gnu/local.mk (dist_patch_DATA): Register patch.
* gnu/packages/guile.scm (artanis)[source]: Use patch.
---
 gnu/local.mk   |  2 +
 gnu/packages/guile.scm |  4 +-
 gnu/packages/patches/artanis-fix-Makefile.in.patch | 69 ++
 3 files changed, 74 insertions(+), 1 deletion(-)
 create mode 100644 gnu/packages/patches/artanis-fix-Makefile.in.patch

diff --git a/gnu/local.mk b/gnu/local.mk
index 06e23cd..0439a0a 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -5,6 +5,7 @@
 # Copyright © 2013, 2014, 2015, 2016 Mark H Weaver 
 # Copyright © 2016 Chris Marusich 
 # Copyright © 2016 Kei Kebreau 
+# Copyright © 2016 Adonay "adfeno" Felipe Nogueira  
 #
 # This file is part of GNU Guix.
 #
@@ -454,6 +455,7 @@ dist_patch_DATA =		\
   %D%/packages/patches/antiword-CVE-2014-8123.patch			\
   %D%/packages/patches/apr-skip-getservbyname-test.patch	\
   %D%/packages/patches/arb-ldconfig.patch			\
+  %D%/packages/patches/artanis-fix-Makefile.in.patch		\
   %D%/packages/patches/ath9k-htc-firmware-binutils.patch	\
   %D%/packages/patches/ath9k-htc-firmware-gcc.patch		\
   %D%/packages/patches/ath9k-htc-firmware-objcopy.patch		\
diff --git a/gnu/packages/guile.scm b/gnu/packages/guile.scm
index 7361f1f..a8adf10 100644
--- a/gnu/packages/guile.scm
+++ b/gnu/packages/guile.scm
@@ -7,6 +7,7 @@
 ;;; Copyright © 2016 Erik Edrosa 
 ;;; Copyright © 2016 Eraim Flashner 
 ;;; Copyright © 2016 Alex Kost 
+;;; Copyright © 2016 Adonay "adfeno" Felipe Nogueira  
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -305,7 +306,8 @@ applicable."
   version ".tar.gz"))
   (sha256
(base32
-"19m3ak12cqk8js9d2mdg11kh4fjsq8frfpd10qw75h0zpr5cywpp"
+"19m3ak12cqk8js9d2mdg11kh4fjsq8frfpd10qw75h0zpr5cywpp"))
+  (patches (search-patches "artanis-fix-Makefile.in.patch"
 (build-system gnu-build-system)
 ;; TODO: Add guile-dbi and guile-dbd optional dependencies.
 (inputs `(("guile" ,guile-2.0)))
diff --git a/gnu/packages/patches/artanis-fix-Makefile.in.patch b/gnu/packages/patches/artanis-fix-Makefile.in.patch
new file mode 100644
index 000..d2c19f1
--- /dev/null
+++ b/gnu/packages/patches/artanis-fix-Makefile.in.patch
@@ -0,0 +1,69 @@
+Applies until an Artanis release comes with patches #9130 and #9131
+applied.
+
+diff -ru artanis-0.1.2/Makefile.in artanis-0.1.2.1/Makefile.in
+--- artanis-0.1.2/Makefile.in	2016-02-10 12:35:18.800490571 -0200
 artanis-0.1.2.1/Makefile.in	2016-10-15 19:44:35.140907367 -0300
+@@ -19,9 +19,18 @@
+ MOD_OBJ := $(OBJ)/artanis
+ BIN := bin
+ TEMP_LIB_PATH := $(OBJ)
+-MOD_PATH := $(shell guile -c "(display (%site-dir))")
+ MOD_COMPILED_PATH := $(shell guile -c "(display (%site-ccache-dir))")
++
++ifdef DESTDIR
++INFO_DIR := $(DESTDIR)/share/info/
++MOD_PATH := $(DESTDIR)/$(shell guile -c "(display (%site-dir))")
+ MOD_TARGET_PATH := $(DESTDIR)/$(MOD_COMPILED_PATH)
++else
++INFO_DIR := $(PREFIX)/share/info/
++MOD_PATH := $(shell guile -c "(display (%site-dir))")
++MOD_TARGET_PATH := $(MOD_COMPILED_PATH)
++endif
++
+ GUILE_CFLAGS := -Wunsupported-warning -Wunbound-variable -Warity-mismatch -Wduplicate-case-datum -Wbad-case-datum -Wformat
+ GUILEC := GUILE_LOAD_COMPILED_PATH=$(TEMP_LIB_PATH) guild compile $(GUILE_CFLAGS)
+ ARTANIS_ETC := $(SRC)/etc/artanis
+@@ -36,7 +45,6 @@
+ GENDOCS :=$(BUILD_AUX)/gendocs.sh
+ CHK_TEXINFO := $(BUILD_AUX)/check_texinfo.scm
+ CP := cp -frd -P
+-INFO_DIR := $(PREFIX)/share/info/
+ TARBALL_NAME := artanis-$(VERSION)
+ TMP_DIR := $(shell mktemp -d)
+ ANN_GEN := $(BUILD_AUX)/announce-gen
+@@ -124,18 +132,29 @@
+ 	-rm -f config.{h,log}
+ 
+ install: $(ALL_TARGETS)
+-	mkdir -p $(DESTDIR)/$(MOD_PATH)
+-	$(CP) $(MOD) $(DESTDIR)/$(MOD_PATH)/
++	mkdir -p $(MOD_PATH)
++	$(CP) $(MOD) $(MOD_PATH)/
+ 	mkdir -p $(MOD_TARGET_PATH)/
+ 	$(C

[PATCH 1/4] gnu: python-rsa: Update to 3.4.2.

2016-10-15 Thread Leo Famulari 
* gnu/packages/python.scm (python-rsa, python2-rsa): Update to 3.4.2.
---
 gnu/packages/python.scm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm
index 6207896..485aba9 100644
--- a/gnu/packages/python.scm
+++ b/gnu/packages/python.scm
@@ -7772,14 +7772,14 @@ text.")
 (define-public python-rsa
   (package
(name "python-rsa")
-   (version "3.2")
+   (version "3.4.2")
(source
 (origin
  (method url-fetch)
  (uri (pypi-uri "rsa" version))
  (sha256
   (base32
-   "0xwp929g7lvb1sghxfpqlxvgg96qcwqdbhh27sjplx30n3xp3wrh"
+   "1dcxvszbikgzh99ybdc7jq0zb9wspy2ds8z9mjsqiyv3q884xpr5"
(build-system python-build-system)
(inputs
 `(("python-pyasn1" ,python-pyasn1)
-- 
2.10.1

[PATCH 2/4] gnu: python-botocore: Update to 1.4.62.

2016-10-15 Thread Leo Famulari 
* gnu/packages/python.scm (python-botocore, python2-botocore): Update to 1.4.62.
---
 gnu/packages/python.scm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm
index 485aba9..6a81455 100644
--- a/gnu/packages/python.scm
+++ b/gnu/packages/python.scm
@@ -7879,14 +7879,14 @@ document.")
 (define-public python-botocore
   (package
(name "python-botocore")
-   (version "1.3.17")
+   (version "1.4.62")
(source
 (origin
  (method url-fetch)
  (uri (pypi-uri "botocore" version))
  (sha256
   (base32
-   "08vpvdixx1c1lfv6vzjig68bpiir7wfyhzf49ysxgvhbprg5ra0w"
+   "1zxczlwqy9bl27d9bc5x99mb5mcsxm350240lp5nx7014xb311lj"
(build-system python-build-system)
(inputs
 `(("python-dateutil" ,python-dateutil-2)
-- 
2.10.1

[PATCH 3/4] gnu: Add python-s3transfer.

2016-10-15 Thread Leo Famulari 
* gnu/packages/python.scm (python-s3transfer, python2-s3transfer): New
variable.
---
 gnu/packages/python.scm | 31 +++
 1 file changed, 31 insertions(+)

diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm
index 6a81455..900e6ae 100644
--- a/gnu/packages/python.scm
+++ b/gnu/packages/python.scm
@@ -11030,3 +11030,34 @@ with an associated set of resolve methods that know 
how to fetch data.")
 provide extendible implementations of common aspects of a cloud so that you can
 focus on building massively scalable web applications.")
 (license license:expat)))
+
+(define-public python-s3transfer
+  (package
+(name "python-s3transfer")
+(version "0.1.8")
+(source (origin
+  (method url-fetch)
+  (uri (pypi-uri "s3transfer" version))
+  (sha256
+   (base32
+"1jivjkp3xqif9gzr5fiq28jsskmh50vzzd7ldsb4rbyiw1iyv3hy"
+(build-system python-build-system)
+(native-inputs
+ `(("python-docutils" ,python-docutils)))
+(inputs
+ `(("python-botocore" ,python-botocore)))
+(synopsis "Amazon S3 Transfer Manager")
+(description "S3transfer is a Python library for managing Amazon S3
+transfers.")
+(home-page "https://github.com/boto/s3transfer";)
+(license license:asl2.0)
+(properties `((python2-variant . ,(delay python2-s3transfer))
+
+(define-public python2-s3transfer
+  (let ((base (package-with-python2 (strip-python2-variant 
python-s3transfer
+(package
+  (inherit base)
+  (native-inputs
+   `(("python2-futures" ,python2-futures)
+ ("python2-setuptools" ,python2-setuptools)
+ ,@(package-native-inputs base))
-- 
2.10.1

[PATCH 4/4] gnu: awscli: Update to 1.11.5.

2016-10-15 Thread Leo Famulari 
* gnu/packages/python.scm (awscli): Update to 1.11.5.
[source]: Use pypi-uri.
[inputs]: Add python-s3transfer.
---
 gnu/packages/python.scm | 11 +--
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm
index 900e6ae..3694309 100644
--- a/gnu/packages/python.scm
+++ b/gnu/packages/python.scm
@@ -7909,16 +7909,14 @@ interface to the Amazon Web Services (AWS) API.")
 (define-public awscli
   (package
(name "awscli")
-   (version "1.9.17")
+   (version "1.11.5")
(source
 (origin
  (method url-fetch)
- (uri (string-append
-   "https://pypi.python.org/packages/source/a/awscli/awscli-";
-   version ".tar.gz"))
+ (uri (pypi-uri name version))
  (sha256
   (base32
-   "1nj7jqvlpq57hfhby1njsbf8303gapa3njc4dramr6p3ffzvfi2i"
+   "0lclasm0wnayd3b8zl9l91i32nbgrhh0ncf9lksss4cv0myfwmfg"
(build-system python-build-system)
(inputs
 `(("python-colorama" ,python-colorama)
@@ -7930,7 +7928,8 @@ interface to the Amazon Web Services (AWS) API.")
   ("python-sphinx" ,python-sphinx)
   ("python-tox" ,python-tox)
   ("python-wheel" ,python-wheel)
-  ("python-botocore" ,python-botocore)))
+  ("python-botocore" ,python-botocore)
+  ("python-s3transfer" ,python-s3transfer)))
(home-page "http://aws.amazon.com/cli/";)
(synopsis "Command line client for AWS")
(description "AWS CLI provides a unified command line interface to the
-- 
2.10.1

Re: Security bugs in freeimage bundled libraries [was Re: 01/02: gnu: freeimage: Fix CVE-2016-5684.]

2016-10-15 Thread Kei Kebreau 
Leo Famulari  writes:

> On Sat, Oct 15, 2016 at 02:57:37PM -0400, Kei Kebreau wrote:
>> Efraim Flashner  writes:
>> > On Fri, Oct 14, 2016 at 08:09:08PM -0400, Kei Kebreau wrote:
>> >> Leo Famulari  writes:
>> >> > Debian has a patch to make it use "system" copies of the libraries:
>> >> >
>> >> > https://anonscm.debian.org/cgit/debian-science/packages/freeimage.git/tree/debian/patches/Disable-vendored-dependencies.patch?h=debian/sid
>> >> >
>> >> > For now, our freeimage package is probably vulnerable to many publicly
>> >> > disclosed security bugs.
>> >> >
>> >> > Who volunteers to try fixing this?
>> >> 
>> >> The patch is attached. I've removed the bit from Debian that disables JPEG
>> >> transformation functions, as seen below. JPEGTransform.cpp (in
>> >> Source/FreeImageToolkit) gave me some trouble when I left that part of
>> >> the patch alone.
>>
>> > I was looking at it and I thought it was going to be much more than 400
>> > lines in the end.
>> >
>> > Did we also need the other patch?
>> > https://sources.debian.net/src/freeimage/3.17.0%2Bds1-3/debian/patches/Use-system-dependencies.patch/
>> >
>> > On one hand we could carry a modified version of Debian's patch, on the
>> > other hand some of these look like they could be a series of substitute*
>> > commands. I started looking through the patch and thinking how to
>> > convert them from "../path/to/header.h" to  and realizing I
>> > myself wouldn't want to do that, so that could easily be an option for
>> > another time :).
>> 
>> Looking at its contents, adding that patch would make a lot of sense. :-)
>
> Yes, I think we need to use both patches. Will you submit an updated
> version of your patch?

I intend to. The updated patch requires a JPEG XR library to be packaged
(and maybe others), but I am having some trouble getting a source URL
from CodePlex.


signature.asc
Description: PGP signature

Re: [PATCH] gnu: gd: Fix CVE-2016-8670.

2016-10-15 Thread Kei Kebreau 
Leo Famulari  writes:

> On Sat, Oct 15, 2016 at 10:55:52PM +0100, Marius Bakke wrote:
>> Kei Kebreau  writes:
>> 
>> > This patch fixes the gd library's most recent published vulnerability on
>> > the oss-security list.
>> 
>> Looks like this was already applied by Leo in
>> e1376e25a755a7368d095b4eb2daf42be9e63b0d.
>
> It's always good to see what somebody else would have done. I'm glad our
> patches made the same change in this case :)

I see. Sometimes my tree gets behind on changes. Good thing it was only
a small patch!


signature.asc
Description: PGP signature

[PATCH] gnu: Add xpad.

2016-10-15 Thread rennes 

Hello,
this patch is Xpad, a sticky note application.

* I did not find the application in the GNOME repository.

Built, linted and tested.

Thank youFrom a4fea0abfeec4655beef2a0a44461e3e5d72620d Mon Sep 17 00:00:00 2001
From: Rene Saavedra 
Date: Sat, 15 Oct 2016 21:51:25 -0500
Subject: [PATCH] gnu: Add xpad.

* gnu/packages/gnome.scm (xpad): New variable.

---
 gnu/packages/gnome.scm | 28 
 1 file changed, 28 insertions(+)

diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm
index 2b75781..52d6cd4 100644
--- a/gnu/packages/gnome.scm
+++ b/gnu/packages/gnome.scm
@@ -5544,3 +5544,31 @@ handling the startup notification side.")
  "Calculator is an application that solves mathematical equations and
 is suitable as a default application in a Desktop environment.")
 (license license:gpl3)))
+
+(define-public xpad
+  (package
+(name "xpad")
+(version "4.8.0")
+(source
+ (origin
+   (method url-fetch)
+   (uri (string-append "https://launchpad.net/xpad/trunk/4.8.0/+download/";
+   name "-" version ".tar.bz2"))
+   (sha256
+(base32
+ "17f915yyvfa2fsavq6wh0q0dfhib28b4k1gc0292b9xdlrvy7f22"
+(build-system gnu-build-system)
+(native-inputs
+ `(("intltool" ,intltool)
+   ("pkg-config" ,pkg-config)))
+(inputs
+ `(("gtk+" ,gtk+)
+   ("gtksourceview" ,gtksourceview)
+   ("libsm" ,libsm)))
+(home-page "https://wiki.gnome.org/Apps/Xpad";)
+(synopsis "Virtual sticky note")
+(description
+ "Xpad is a sticky note that strives to be simple, fault tolerant,
+and customizable.  Xpad consists of independent pad windows, each is
+basically a text box in which notes can be written.")
+(license license:gpl3+)))
-- 
2.10.0

[PATCH] gnu: wrap-python3: Use a bash wrapper for 'python3-config'. (was: python-pycairo in core-updates)

2016-10-15 Thread 宋文武 

The revert isn't in 'core-updates', python-pycairo is broken again for
the same reason.

l...@gnu.org (Ludovic Courtès) writes:

> Hi,
>
> iyzs...@member.fsf.org (宋文武) skribis:
>
>> Hi, python-wrapper has a broken `python3-config', which
>> output cflags to the wrapper instead of the origin python3,
>> leading the build failure of python-pycairo.
>
> So it appears to resolve the CFLAGS it returns relative to its own
> argv[0] or /proc/self/exe, right?
>
> Eventually we should fix this and reinstate this commit, but reverting
> it was the right thing in the short term.
>

Here is a fix: 

>From b7badcf695fcb245224ffdf51cdb016b45f9a2a5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=AE=8B=E6=96=87=E6=AD=A6?= 
Date: Sun, 16 Oct 2016 10:44:29 +0800
Subject: [PATCH] gnu: wrap-python3:  Use a bash wrapper for 'python3-config'.

See 
for details.

* gnu/packages/python.scm (wrap-python3)[arguments]: Use a bash wrapper
instead of a symlink for python3-config.
---
 gnu/packages/python.scm | 18 --
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm
index 02ec731..9aa704b 100644
--- a/gnu/packages/python.scm
+++ b/gnu/packages/python.scm
@@ -52,6 +52,7 @@
   #:use-module (gnu packages adns)
   #:use-module (gnu packages attr)
   #:use-module (gnu packages backup)
+  #:use-module (gnu packages bash)
   #:use-module (gnu packages compression)
   #:use-module (gnu packages databases)
   #:use-module (gnu packages django)
@@ -379,6 +380,7 @@ data types.")
 (source #f)
 (build-system trivial-build-system)
 (outputs '("out"))
+(inputs `(("bash" ,bash)))
 (propagated-inputs `(("python" ,python)))
 (arguments
  `(#:modules ((guix build utils))
@@ -392,8 +394,20 @@ data types.")
   (lambda (old new)
 (symlink (string-append python old)
  (string-append bin "/" new)))
-  `("python3" ,"pydoc3" ,"idle3" ,"pip3" ,"python3-config")
-  `("python"  ,"pydoc"  ,"idle"  ,"pip"  ,"python-config"))
+  `("python3" ,"pydoc3" ,"idle3" ,"pip3")
+  `("python"  ,"pydoc"  ,"idle"  ,"pip"))
+;; python-config outputs search paths based upon its location,
+;; use a bash wrapper to avoid changing its behavior.
+(let ((bash (string-append (assoc-ref %build-inputs "bash")
+   "/bin/bash"))
+  (old  (string-append python "python3-config"))
+  (new  (string-append bin "/python-config")))
+  (with-output-to-file new
+(lambda ()
+  (format #t "#!~a~%" bash)
+  (format #t "exec \"~a\" \"$@\"~%" old)
+  (chmod new #o755)
+  #t)))
 (synopsis "Wrapper for the Python 3 commands")
 (description
  "This package provides wrappers for the commands of Python@tie{}3.x such
-- 
2.10.0

Re: Patches to implement system roll-back and switch-generation

2016-10-15 Thread Chris Marusich 
Hi Ludo,

l...@gnu.org (Ludovic Courtès) writes:

> Hello,
>
> Chris Marusich  skribis:
>
>> l...@gnu.org (Ludovic Courtès) writes:
>
> [...]
>
>>> Sorry about that!  Hopefully we can work around the conflicts.
>>
>> I think we can.  But I think it will require backwards incompatible
>> changes to the boot parameters file.  Here's why:
>>
>> Many of the existing procedures in (gnu system grub) take a "file
>> system" object as input (e.g. the 'grub-configuration-file' procedure).
>> However, the boot parameters file does not currently contain all the
>> information that a "file system" object contains.
>
> Good point.  This ‘store-fs’ argument was added in response to
> .
>
>> Here's an example of what it contains today:
>>
>> (boot-parameters
>>   (version 0)
>>   (label "GNU with Linux-Libre 4.1.20 (beta)")
>>   (root-device "root")
>>   (kernel
>> "/gnu/store/zygby8db0adcyj3m6rjflr80jarfy9b5-linux-libre-4.1.20")
>>   (kernel-arguments ())
>>   (initrd
>> (string-append
>>   "/gnu/store/hlra3a0g3a14bjvdn3vbagwfvy4nmhn8-base-initrd"
>>   "/initrd")))
>>
>> To avoid backwards-incompatible changes to the structure of the boot
>> parameters file, I had originally planned to refactor the procedures in
>> (gnu system grub) so that I could use them with the limited information
>> that is contained in the version 0 boot parameters file.  However,
>> commit 0f65f54e has modified these procedures in a way that makes it
>> very awkward to refactor the "file system" object out of them.  Now, to
>> re-use the existing procedures, I believe I will need to add this
>> missing information (i.e., the information contained in a file system
>> object) to the boot parameters file, so that I can construct a "file
>> system" object to pass to those procedures.  Does that sound right to
>> you?
>
> Yes, I think so.
>
> More precisely, I think we need to add a ‘device’ field to ,
> which could be the UUID or label of the device where the kernel and
> initrd are to be found, or #f, in which case grub.cfg would contain a
> “search --file” command (instead of “search --label” or “search
> --fs-uuid”).
>
> Correspondingly, we’d add a ‘device’ (or ‘boot-device’?) field to
> .  The key is that ‘device’ can be different from
> ‘root-device’ because the store and root devices can be different from
> one another.
>
> That way we could remove the ‘store-fs’ parameter of
> ‘grub-configuration-file’ since that information would now be contained
> in each .
>

That sounds promising!  I'll try that approach.

>
>> If I do that, then it will probably be a backwards-incompatible change,
>> so I will do it in the following way.  I will simply store an entire
>> "file system" object in the boot parameters file.  I will bump the
>> version of the boot parameters file from 0 to 1.  To ensure that all new
>> system generations use version 1, I will update commands like
>> "reconfigure" to always create a version 1 boot parameters file.  I will
>> make the new commands (roll-back and switch-generation) refuse to switch
>> to any system generation which uses version 0 (because it isn't possible
>> to construct a complete "file system" object from a version 0 boot
>> parameters file).  I will also update existing commands like
>> 'list-generations' so that they will gracefully handle both versions.
>>
>> Does this sound like the right approach to you?
>
> I think we don’t need to bump the version number: ‘read-boot-parameters’
> can simply do what it currently does for ‘initrd’ and
> ‘kernel-arguments’, which is to provide a default value when they’re
> missing.  Here the default value could be ‘root-device’.

I think you're probably right about this, too.  I'll try it that way.

>
>> I've tried using 'git send-email' on GuixSD before, and it didn't work
>> for me (because a mail transfer agent is not running on my GuixSD
>> system).  When the new patches are ready, I'll try once more to get it
>> working.
>
> AFAICT an MTA is not needed.
>

I'll let you know if it works!

>
 -  "Return the GRUB configuration file corresponding to CONFIG, a
 - object, and where the store is available at 
 STORE-FS, a
 - object.  OLD-ENTRIES is taken to be a list of menu entries
 -corresponding to old generations of the system."
 +  "Return a derivation which builds the GRUB configuration file 
 corresponding
 +to CONFIG, a  object, and where the store is 
 available at
 +STORE-FS, a  object.  OLD-ENTRIES is taken to be a list of 
 menu
 +entries corresponding to old generations of the system."
>>>
>>> OK, although I often write “Return something” when that really means
>>> “Return a derivation that builds something”.
>>
>> Upon closer inspection, it looks like this procedure,
>> 'grub-configuration-file', actually returns a monadic value (in the
>> store monad), which "contains" a derivation, which in turn builds the
>> grub configuration file.  Even in a case like this, where t