Re: [PATCH 1/4] gnu: Separate util-linux into three packages.

[John Darrington]

On Sat, Nov 12, 2016 at 11:55:13PM +0100, Ludovic Court??s wrote:
 John Darrington  skribis:
 
 > On Sat, Nov 12, 2016 at 04:28:08PM +0100, John Darrington wrote:
 >   
 >   If so, would it work to just do:
 >   
 > "--enable-fs-paths-default=/run/current-system/profile/sbin"
 >   
 >   ?
 >   
 >   That would only work on GuixSD, but Guix???s ???mount??? is 
certainly not very
 >   useful on foreign distros.
 >  
 >  That would certainly be a solution easier to do.   
 >  But doesn't it mean that we have a "functionally impure" system?
 >  
 >
 > Also, it would only work if nfs-utils was installed in the current 
system profile,
 > which need not be the case.  It might be installed only in root's 
profile or I might 
 > want to see what happens if I use an alternative version of nfs-utils.
 
 That ???mount??? can invoke ???mount.nfs??? looks like a convenience to 
me, not
 something highly critical.

Well it's critical if "mount -a" is going to work, and thus if NFS filesystems 
(such as /home in
many networks) can be automatically mounted at boot time.
 
 I would say that dynamic composition (???mount??? looking up 
???mount.nfs??? &
 co. in $PATH) is OK in this case.  The NFS service in GuixSD could
 extend ???profile-service-type??? such that ???nfs-utils??? is indeed in 
the
 system profile.
 
Ok If you think it's acceptable I'll push a change with just the
"--enable-fs-paths-default=/run/current-system/profile/sbin" option for now.  
If it
turns out not to be good enough then we can rethink it later.

J'

-- 
Avoid eavesdropping.  Send strong encrypted email.
PGP Public key ID: 1024D/2DE827B3 
fingerprint = 8797 A26D 0854 2EAB 0285  A290 8A67 719C 2DE8 27B3
See http://sks-keyservers.net or any PGP keyserver for public key.



signature.asc
Description: Digital signature

[PATCH 1/1] gnu: readline-6.2: Fix CVE-2014-2524.

[Leo Famulari]

* gnu/packages/patches/readline-6.2-CVE-2014-2524.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/readline.scm (readline-6.2): Use it.
---
 gnu/local.mk   |  1 +
 .../patches/readline-6.2-CVE-2014-2524.patch   | 42 ++
 gnu/packages/readline.scm  |  2 ++
 3 files changed, 45 insertions(+)
 create mode 100644 gnu/packages/patches/readline-6.2-CVE-2014-2524.patch

diff --git a/gnu/local.mk b/gnu/local.mk
index ce0fdeb..070e35e 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -828,6 +828,7 @@ dist_patch_DATA =   
\
   %D%/packages/patches/rapicorn-isnan.patch\
   %D%/packages/patches/ratpoison-shell.patch   \
   %D%/packages/patches/readline-link-ncurses.patch \
+  %D%/packages/patches/readline-6.2-CVE-2014-2524.patch\
   %D%/packages/patches/ripperx-missing-file.patch  \
   %D%/packages/patches/rpm-CVE-2014-8118.patch \
   %D%/packages/patches/rsem-makefile.patch \
diff --git a/gnu/packages/patches/readline-6.2-CVE-2014-2524.patch 
b/gnu/packages/patches/readline-6.2-CVE-2014-2524.patch
new file mode 100644
index 000..12db684
--- /dev/null
+++ b/gnu/packages/patches/readline-6.2-CVE-2014-2524.patch
@@ -0,0 +1,42 @@
+Fix CVE-2014-2524:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2524
+http://lists.gnu.org/archive/html/bug-readline/2014-03/msg00057.html
+
+Patch copied from:
+https://ftp.gnu.org/gnu/readline/readline-6.3-patches/readline63-003
+
+  READLINE PATCH REPORT
+  =
+
+Readline-Release: 6.3
+Patch-ID: readline63-003
+
+Bug-Reported-by:
+Bug-Reference-ID:
+Bug-Reference-URL:
+
+Bug-Description:
+
+There are debugging functions in the readline release that are theoretically
+exploitable as security problems.  They are not public functions, but have
+global linkage.
+
+Patch (apply with `patch -p0'):
+
+*** ../readline-6.3/util.c 2013-09-02 13:36:12.0 -0400
+--- util.c 2014-03-20 10:25:53.0 -0400
+***
+*** 477,480 
+--- 479,483 
+  }
+  
++ #if defined (DEBUG)
+  #if defined (USE_VARARGS)
+  static FILE *_rl_tracefp;
+***
+*** 539,542 
+--- 542,546 
+  }
+  #endif
++ #endif /* DEBUG */
diff --git a/gnu/packages/readline.scm b/gnu/packages/readline.scm
index 6435e98..4381779 100644
--- a/gnu/packages/readline.scm
+++ b/gnu/packages/readline.scm
@@ -84,6 +84,8 @@ comfortable for anyone.")
   (method url-fetch)
   (uri (string-append "mirror://gnu/readline/readline-"
   version ".tar.gz"))
+  (patches (search-patches "readline-6.2-CVE-2014-2524.patch"))
+  (patch-flags '("-p0"))
   (sha256
(base32
 "10ckm2bd2rkxhvdmj7nmbsylmihw0abwcsnxf8y27305183rd9kr"))
-- 
2.10.2

Re: [PATCH 1/4] gnu: Separate util-linux into three packages.

[Ludovic Courtès]

John Darrington  skribis:

> On Sat, Nov 12, 2016 at 11:55:13PM +0100, Ludovic Court??s wrote:

[...]

>  > Also, it would only work if nfs-utils was installed in the current 
> system profile,
>  > which need not be the case.  It might be installed only in root's 
> profile or I might 
>  > want to see what happens if I use an alternative version of nfs-utils.
>  
>  That ???mount??? can invoke ???mount.nfs??? looks like a convenience to 
> me, not
>  something highly critical.
>
> Well it's critical if "mount -a" is going to work, and thus if NFS 
> filesystems (such as /home in
> many networks) can be automatically mounted at boot time.

GuixSD doesn’t use the ‘mount’ command to mount file systems so that
shouldn’t have any influence.

>  I would say that dynamic composition (???mount??? looking up 
> ???mount.nfs??? &
>  co. in $PATH) is OK in this case.  The NFS service in GuixSD could
>  extend ???profile-service-type??? such that ???nfs-utils??? is indeed in 
> the
>  system profile.
>  
> Ok If you think it's acceptable I'll push a change with just the
> "--enable-fs-paths-default=/run/current-system/profile/sbin" option for now.  
> If it
> turns out not to be good enough then we can rethink it later.

Yes, I agree.

1,093 packages depend on util-linux.  Per the strategy outlined at

this could go to ‘staging’ but I think this should go to ‘core-updates’
which we’ll reopen to fix .

Thanks,
Ludo’.

Re: [PATCH] gnu: clisp: Use readline@6.2.

[Ludovic Courtès]

Andy Patterson  skribis:

> From 399f770b50cdbd9df57db99dd87e05b7d3d0c94c Mon Sep 17 00:00:00 2001
> From: Andy Patterson 
> Date: Sat, 12 Nov 2016 19:52:22 -0500
> Subject: [PATCH] gnu: clisp: Use readline@6.2.
>
> * gnu/packages/lisp.scm (clisp)[inputs]: Use readline-6.2.

Applied, thanks!

Ludo’.

Re: [PATCH] tests: Don't check file-systems in container tests.

[Ludovic Courtès]

Hi,

Andy Patterson  skribis:

> The containers test was hanging for me, and this patch fixed the
> problem.

[...]

> From 945ad44acf489b7f3a398d4ab739ec2b48477502 Mon Sep 17 00:00:00 2001
> From: Andy Patterson 
> Date: Sat, 12 Nov 2016 22:10:01 -0500
> Subject: [PATCH] tests: Don't check file-systems in container tests.
>
> * tests/containers.scm ("call-with-container, mnt namespace"): Don't
> check file-system in 'call-with-container' call.
> * tests/containers.scm
> ("call-with-container, mnt namespace, wrong bindmount"): Likewise.
> ---
>  tests/containers.scm | 6 --
>  1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/tests/containers.scm b/tests/containers.scm
> index ccd122a..745b56b 100644
> --- a/tests/containers.scm
> +++ b/tests/containers.scm
> @@ -84,7 +84,8 @@
> (call-with-container (list (file-system
>  (device "none")
>  (mount-point "/testing")
> -(type "tmpfs")))
> +(type "tmpfs")
> +(check? #f)))

Do you know exactly how/why it was hanging?  I imagine
‘mount-file-system’ would try to invoke fsck.tmpfs, which doesn’t exist,
thus we get a REPL, which hangs forever.

I guess the real question is why I didn’t experience it, hmm…

Thanks,
Ludo’.

Re: [PATCH] gnu: mesa: Enable floating point textures.

[Ludovic Courtès]

"Thompson, David"  skribis:

> With this patch, I'm finally able to run programs that require OpenGL
> 3.0 when using a Nouveau powered GPU.  Floating point textures are
> disabled by default in Mesa due to patent concerns.  I assume that
> it's okay to include this in Guix because it's similar to how we
> include lame despite MP3 being patent encumbered.  Please correct me
> if I'm wrong! ;)

The FSDG leaves it up to us to decide what to do:

  https://www.gnu.org/distros/free-system-distribution-guidelines.html#patents

I’d argue that it’s fine to enable the code in question, as was
discussed recently for another package.

> From 1a8de1631ec4d538bdb9caa8b623e8bb62a6c203 Mon Sep 17 00:00:00 2001
> From: David Thompson 
> Date: Sat, 12 Nov 2016 17:59:16 -0500
> Subject: [PATCH] gnu: mesa: Enable floating point textures.
>
> * gnu/packages/gl.scm (mesa): Add --enable-texture-float to configure flags.

So if there are no objections, I think this can go in.

Per
,
this would go to a new ‘staging’ branch.

Thanks,
Ludo’.

Re: [PATCH 1/1] gnu: readline-6.2: Fix CVE-2014-2524.

[Ludovic Courtès]

Leo Famulari  skribis:

> * gnu/packages/patches/readline-6.2-CVE-2014-2524.patch: New file.
> * gnu/local.mk (dist_patch_DATA): Add it.
> * gnu/packages/readline.scm (readline-6.2): Use it.

LGTM, thank you!

Ludo’.

Re: [PATCH] import/cpan: Maybe coerce version to string.

[Ludovic Courtès]

Alex Sassmannshausen  skribis:

> * guix/import/cpan.scm (cpan-module->sexp) : Test if version in
>   meta is string or number.  If it is number, coerce to string.

LGTM, thanks!

Ludo’.

Re: [PATCH] build-system/perl: Add wrap phase.

[Ludovic Courtès]

Alex Sassmannshausen  skribis:

> * guix/build/perl-build-system.scm (wrap): New procedure.
>   (%standard-phases): Declare new phase, `wrap`, and use `wrap`
>   procedure.

Nice!

> +(define* (wrap #:key inputs outputs #:allow-other-keys)

Please add a docstring, even if the original code didn’t have one.  ;-)

> +  (define (list-of-files dir)
> +(map (cut string-append dir "/" <>)
> + (or (scandir dir (lambda (f)
> +(let ((s (stat (string-append dir "/" f
> +  (eq? 'regular (stat:type s)
> + '(
> +
> +  (define bindirs
> +(append-map (match-lambda
> + ((_ . dir)
> +  (list (string-append dir "/bin")
> +(string-append dir "/sbin"
> +outputs))
> +
> +  (let* ((out  (assoc-ref outputs "out"))
> + (perl (assoc-ref inputs "perl"))
> + (var `("PERL5LIB" prefix
> +,(cons (string-append out "/lib/perl5/site_perl/"
> +  ;; Like in python’s, we assume version
> +  ;; at end of `perl' string.
> +  (last (string-split perl #\-)))
> +   (search-path-as-string->list
> +(or (getenv "PERL5LIB") ""))
> +(for-each (lambda (dir)
> +(let ((files (list-of-files dir)))
> +  (for-each (cut wrap-program <> var)
> +files)))
> +  bindirs)))

Please have it return #t explicitly, for clarity.

Otherwise LGTM!

There are 479 packages using ‘perl-build-system’ but in total 1,159
packages are affected:

--8<---cut here---start->8---
scheme@(guile-user)> ,use(gnu packages)
scheme@(guile-user)> ,use(guix build-system perl)
scheme@(guile-user)> ,use(guix)
scheme@(guile-user)> (fold-packages (lambda (p n)
  (if (eq? (package-build-system p)
   perl-build-system)
  (+ 1 n)
  n))
0)
$2 = 479
scheme@(guile-user)> ,use(guix graph)
scheme@(guile-user)> ,use(guix scripts graph)
scheme@(guile-user)> ,enter-store-monad
store-monad@(guile-user) [1]> (node-back-edges %package-node-type
   (fold-packages cons '()))
$3 = #
store-monad@(guile-user) [1]> ,q
scheme@(guile-user)> (node-reachable-count
  (fold-packages (lambda (p l)
   (if (eq? (package-build-system p)
perl-build-system)
   (cons p l)
   l))
 '())
  $3)
$4 = 1159
--8<---cut here---end--->8---

So I think this should go to ‘core-updates’.

We should probably factorize this in (guix build utils) eventually and
have both python-build-system and perl-build-system use it.  Like:

  (wrap-language-programs directories
  "PERL5LIB"
  (cons (string-append …)
(search-path-as-string->list …)))

Thanks!

Ludo’.

[PATCH] gnu: glibc-hurd: Force mach/hurd/libpthread subdirs to build

[manolis837]

Hello everyone,

This patch solves the undefined referrence issues I had when building the 
latest versions of glibc-hurd.

Manolis

[PATCH] gnu: glibc-hurd: Force mach/hurd/libpthread subdirs to build first.

[manolis837]

From: Manolis Ragkousis 

* gnu/packages/base.scm (glibc/hurd): Avoid linking errors by forcing
mach/hurd/libpthread glibc subdirs to build before anything else.
---
 gnu/packages/base.scm | 12 +++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/gnu/packages/base.scm b/gnu/packages/base.scm
index 1c01874..abefe4e 100644
--- a/gnu/packages/base.scm
+++ b/gnu/packages/base.scm
@@ -714,7 +714,17 @@ with the Linux kernel.")
  ;; Use the right 'pwd'.
  (substitute* "configure"
(("/bin/pwd") "pwd")))
-  ,original-phases)))
+   (alist-replace
+'build
+(lambda _
+  ;; Force mach/hurd/libpthread subdirs to build first in order to 
avoid
+  ;; linking errors.
+  (zero?
+   (and (system* "make" "mach/subdir_lib")
+(system* "make" "hurd/subdir_lib")
+(system* "make" "libpthread/subdir_lib")
+(system* "make"
+,original-phases
 ((#:configure-flags original-configure-flags)
 `(append (list "--host=i586-pc-gnu"
 
-- 
2.10.2

Re: Time to merge core-updates!

[Pjotr Prins]

On Sun, Nov 13, 2016 at 12:45:04AM +0100, Ludovic Courtès wrote:
> A recap of the news:
> 
>   • glibc upgraded to 2.24; make sure to reread
> 
> 
> and possibly add ‘glibc-2.23’ to ‘locale-libcs’.

I find locales problematic in a mixed Debian environment, even though
Guix actually solves the deeper problem. This may be helpful solving
locale errors by tracking dependencies, e.g.:

https://github.com/pjotrp/guix-notes/blob/master/INSTALL.org#set-locale

Re: [PATCH 1/4] gnu: Separate util-linux into three packages.

[John Darrington]

On Sun, Nov 13, 2016 at 12:59:50PM +0100, Ludovic Court??s wrote:
 John Darrington  skribis:
 
 > On Sat, Nov 12, 2016 at 11:55:13PM +0100, Ludovic Court??s wrote:
 
 [...]
 
 >  > Also, it would only work if nfs-utils was installed in the 
current system profile,
 >  > which need not be the case.  It might be installed only in root's 
profile or I might 
 >  > want to see what happens if I use an alternative version of 
nfs-utils.
 >  
 >  That ???mount??? can invoke ???mount.nfs??? looks like a 
convenience to me, not
 >  something highly critical.
 >
 > Well it's critical if "mount -a" is going to work, and thus if NFS 
filesystems (such as /home in
 > many networks) can be automatically mounted at boot time.
 
 GuixSD doesn???t use the ???mount??? command to mount file systems so that
 shouldn???t have any influence.

What does it use instead?
 
 1,093 packages depend on util-linux.  Per the strategy outlined at
 
 this could go to ???staging??? but I think this should go to 
???core-updates???
 which we???ll reopen to fix .

I'm irritated that util-linux has so many, completely unrelated things in it.  
For example
it contains the "mount", "cal" and "col" commands.Regardless of the NFS 
issues, I 
suggest we consider separating it anyway, into several packages all deriving 
from the common
source.
 

J'

-- 
Avoid eavesdropping.  Send strong encrypted email.
PGP Public key ID: 1024D/2DE827B3 
fingerprint = 8797 A26D 0854 2EAB 0285  A290 8A67 719C 2DE8 27B3
See http://sks-keyservers.net or any PGP keyserver for public key.



signature.asc
Description: Digital signature

Re: Patch: Add package definition for ruby-net-http-digest-auth

[Pjotr Prins]

Hi Fred,

Thank you for your first package! It is a simple one, so mostly looks
good to me. The synopsis and descr will need a little work:

On Fri, Nov 11, 2016 at 07:48:41PM +0300, Frederick Muriithi wrote:
> I have added a package definition for ruby-net-http-digest-auth and
> created the patch.
> 
> Please find it attached.
> 
> -- 
> Frederick M. Muriithi

> From 74daa07591f97fe9eb149781f3102490d5b93c71 Mon Sep 17 00:00:00 2001
> From: Muriithi Frederick Muriuki 
> Date: Fri, 11 Nov 2016 19:39:48 +0300
> Subject: [PATCH 2/2] gnu: ruby-net-http-digest-auth: Add new package
> 
> * gnu/packages/ruby.scm (ruby-net-http-digest-auth): Added a new
> package definition
> ---
>  gnu/packages/ruby.scm | 28 
>  1 file changed, 28 insertions(+)
> 
> diff --git a/gnu/packages/ruby.scm b/gnu/packages/ruby.scm
> index 42beda3..380777a 100644
> --- a/gnu/packages/ruby.scm
> +++ b/gnu/packages/ruby.scm
> @@ -4179,3 +4179,31 @@ patterns.")
>  libraries for compiling Ruby native extensions.")
>  (home-page "https://github.com/ruby-gnome2/pkg-config";)
>  (license license:lgpl2.0+)))
> +
> +(define-public ruby-net-http-digest-auth
> +  (package
> +(name "ruby-net-http-digest-auth")
> +(version "1.4")
> +(source
> + (origin
> +   (method url-fetch)
> +   (uri (rubygems-uri "net-http-digest_auth" version))
> +   (sha256
> +(base32
> + "14801gr34g0rmqz9pv4rkfa3crfdbyfk6r48vpg5a5407v0sixqi"
> +(build-system ruby-build-system)
> +(inputs
> + `(("ruby-hoe" ,ruby-hoe)))
> +(synopsis
> + "One implementation of RFC 2617 - Digest Access Authentication")

If you look at other synopses in ruby.scm how would you simplify this
one? I think it can be described as "Secure authentication library for
http based on RFC 2617" so you anyone can understand what it is. 

> +(description
> + "An implementation of RFC 2617 - Digest Access Authentication.  At this 
> time
> +the gem does not drop in to Net::HTTP and can be used for with other HTTP
> +clients.
> +
> +In order to use net-http-digest_auth you'll need to perform some request
> +wrangling on your own.  See the class documentation at Net::HTTP::DigestAuth
> +for an example.")

I think this can be simplified too and be done in one paragraph. If
compared with other descriptions, what do you propose?

The goal of the description is to add information to the synopsis - so
anyone who wants to know more about a package can read that. Compare
with existing package descriptions.

> +(home-page
> + "http://github.com/drbrain/net-http-digest_auth";)
> +(license license:expat)))

Pj.

Re: [PATCH] build-system/perl: Add wrap phase.

[Hartmut Goebel]

Am 13.11.2016 um 13:23 schrieb Ludovic Courtès:
> We should probably factorize this in (guix build utils) eventually and
> have both python-build-system and perl-build-system use it.  Like:

Since we are preparing the new python build system, now would be a good
time for doing so :-)

-- 
Regards
Hartmut Goebel

| Hartmut Goebel  | h.goe...@crazy-compilers.com   |
| www.crazy-compilers.com | compilers which you thought are impossible |

Re: [PATCH] tests: Don't check file-systems in container tests.

[Andy Patterson]

On Sun, 13 Nov 2016 13:05:43 +0100
l...@gnu.org (Ludovic Courtès) wrote:

> Hi,
> 
> Andy Patterson  skribis:
> 
> > The containers test was hanging for me, and this patch fixed the
> > problem.  
> 
> [...]
> 
> > From 945ad44acf489b7f3a398d4ab739ec2b48477502 Mon Sep 17 00:00:00
> > 2001 From: Andy Patterson 
> > Date: Sat, 12 Nov 2016 22:10:01 -0500
> > Subject: [PATCH] tests: Don't check file-systems in container tests.
> >
> > * tests/containers.scm ("call-with-container, mnt namespace"): Don't
> > check file-system in 'call-with-container' call.
> > * tests/containers.scm
> > ("call-with-container, mnt namespace, wrong bindmount"): Likewise.
> > ---
> >  tests/containers.scm | 6 --
> >  1 file changed, 4 insertions(+), 2 deletions(-)
> >
> > diff --git a/tests/containers.scm b/tests/containers.scm
> > index ccd122a..745b56b 100644
> > --- a/tests/containers.scm
> > +++ b/tests/containers.scm
> > @@ -84,7 +84,8 @@
> > (call-with-container (list (file-system
> >  (device "none")
> >  (mount-point "/testing")
> > -(type "tmpfs")))
> > +(type "tmpfs")
> > +(check? #f)))  
> 
> Do you know exactly how/why it was hanging?  I imagine
> ‘mount-file-system’ would try to invoke fsck.tmpfs, which doesn’t
> exist, thus we get a REPL, which hangs forever.
> 

I did get a REPL (in the log file), so you're probably right.

> I guess the real question is why I didn’t experience it, hmm…
> 

Not sure, but I first noticed the problem when guix-devel was building
during a system reconfigure. That might be easier to reproduce.

> Thanks,
> Ludo’.

Thanks.

--
Andy

Re: [PATCH] build-system/perl: Add wrap phase.

[Leo Famulari]

On Sun, Nov 13, 2016 at 04:11:07PM +0100, Hartmut Goebel wrote:
> Am 13.11.2016 um 13:23 schrieb Ludovic Courtès:
> > We should probably factorize this in (guix build utils) eventually and
> > have both python-build-system and perl-build-system use it.  Like:
> 
> Since we are preparing the new python build system, now would be a good
> time for doing so :-)

Swerve of subject: Hartmut, can you merge the master branch into
wip-python-build-system, delete wip-python-build-system on Savannah and
push the newly updated branch as python-build-system?

Perhaps it's also okay to just rebase on top of the new master. Wip-*
branches indicate that history can be broken, in my opinion.

It's up to you.

Re: [Patch 0/10] Add Ring

[Lukas Gradl]

Mike Gerwitz  writes:

> On Wed, Nov 09, 2016 at 12:07:10 -0600, Lukas Gradl wrote:
>> If anyone would like to work on this patch series, please feel free to
>> claim it as your own. I hope my work will be of some use.  If nobody
>> picks it up, I will be very happy to come back to it, but that will most
>> likely not happen within the next two months.
>
> With that in mind, as part of the evaluation, the Ring team agreed to
> create a build system that conforms to GNU standards.  They're likely to
> wrap their CMake system, but hopefully this change will make it easier
> to package in the future.
>
> I don't know the timeline, though.

There were some issues with the build system and the organization of the
source code that I initially struggled with.  I think this is very good
news.

Thank you!


signature.asc
Description: PGP signature

Re: [PATCH] build-system/perl: Add wrap phase.

[Hartmut Goebel]

Am 13.11.2016 um 21:05 schrieb Leo Famulari:
> Swerve of subject: Hartmut, can you merge the master branch into
> wip-python-build-system, delete wip-python-build-system on Savannah and
> push the newly updated branch as python-build-system?
>
> Perhaps it's also okay to just rebase on top of the new master. Wip-*
> branches indicate that history can be broken, in my opinion.
>
> It's up to you.

I'll rebase on top of master later this week.

-- 
Regards
Hartmut Goebel

| Hartmut Goebel  | h.goe...@crazy-compilers.com   |
| www.crazy-compilers.com | compilers which you thought are impossible |

Re: [PATCH 1/1] gnu: readline-6.2: Fix CVE-2014-2524.

[Leo Famulari]

On Sun, Nov 13, 2016 at 01:12:31PM +0100, Ludovic Courtès wrote:
> Leo Famulari  skribis:
> 
> > * gnu/packages/patches/readline-6.2-CVE-2014-2524.patch: New file.
> > * gnu/local.mk (dist_patch_DATA): Add it.
> > * gnu/packages/readline.scm (readline-6.2): Use it.
> 
> LGTM, thank you!

Okay, pushed!

Please review: documentation for python build system

[Hartmut Goebel]

Hi,

we are about to merge the wip-python-build-system. I'd like to add some
commentary there explaining how the different install methods of Python
behave. This could save someone else the effort of anaylsing and testing
this again is some questions about the Python build system arise.

I ask you to review the text below. Since we want to merge soon, I'd ask
you to review soon. Thanks.


In Python there are different ways to install packages: distutils,
setuptools,
easy_install and pip.  All of these are sharing the file setup.py,
introduced
with distutils in Python 2.0.  setup.py can be considered as a kind of
Makefile accepting targets (or commands) like "build" and "install".  As of
autumn 2016 the recommended way to install Python packages is using pip.

For both distutils and setuptools running "python setup.py install" is
the way
to install Python packages.  With distutils the "install" command basically
copies all packages into /lib/pythonX.Y/site-packages.

Some time later "setuptools" have been established to enhance distutils.  To
use setuptools, the developer imports setuptools in setup.py.  When
importing
setuptools, the original "install" command gets overwritten by setuptools'
"install" command.

easy_install and pip are both command-line tools capable to search and
download the package source from PyPI (the Python Package Index).  Both of
them import setuptools and execute the "setup.py" file under their control.
Thus the "setup.py" behaves as if the developer had imported setuptools
within
setup.py - even is still using only distutils.

Setuptools' "install" command (to be more precise: the "easy_install"
command
which is called by "install") will put the path of the currently installed
version of each package and it's dependencies (as declared in setup.py) into
an "easy-install.pth" file.  In guix each packages gets it's own
"site-packages" directory and thus an "easy-install.pth" of it's own.  To
avoid conflicts this file gets renamed to .pth in phase
rename-pth-file.  To ensure the .pth-file will be process, easy_install also
creates a basic "site.py" in each "site-packages" directory. The file is the
same for all packages, thus there is no need to rename it.

The .pth-files contain the file-system paths (pointing to the store) of all
dependencies.  So the dependency is hidden in the .pth file but is not
visible
in the file-system.  Now if packages A and B both required packages P,
but in
different versions, guix will not detect this when installing both A and
B to
a profile. (For details and example see
https://lists.gnu.org/archive/html/guix-devel/2016-10/msg01233.html.)

Now pip behaves a bit different: it always executes "setup.py" with the
option
"--single-version-externally-managed" set.  This makes setuptools' "install"
command to *not* run "easy_install" but the original "install" command and
thus no .pth-file (and no site.py) will be created. The "site-packages"
directory only contains the package and the related .egg-info directory.

This is exactly what we need for guix and this is what we mimic in the
install phase below.

As a draw back, the magic of the .pth file of linking to the other required
packages is gone and these packages have now to be declared as
"propagated-inputs".

Note: Importing setuptools also adds two sub-commands:
"install_egg_info" and
"install_scripts".  These sub-commands are executed even if
"--single-version-externally-managed" is set, thus the .egg-info
directory and
the scripts defined in entry-points will always be created.

Note: Even if the "easy-install.pth" is not longer created, we kept this
phase.  There still may be packages creating an "easy-install.pth" manually
for some good reason.



-- 
Regards
Hartmut Goebel

| Hartmut Goebel  | h.goe...@crazy-compilers.com   |
| www.crazy-compilers.com | compilers which you thought are impossible |

[PATCH] gnu: mpv: Use lua@5.2.

[Andy Patterson]

Hi,

This patch re-enables lua support in mpv. After reading
waftools/checks/custom.py in the distribution, I came to the conclusion
that lua > 5.2 isn't supported, so I think this is the right approach.

Thanks,

--
Andy

From fc3b127ea206749cf91eb956e57083f9169f29fb Mon Sep 17 00:00:00 2001
From: Andy Patterson 
Date: Sun, 13 Nov 2016 21:53:57 -0500
Subject: [PATCH] gnu: mpv: Use lua@5.2.

* gnu/packages/video.scm (mpv)[inputs]: Use lua-5.2.
---
 gnu/packages/video.scm | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/gnu/packages/video.scm b/gnu/packages/video.scm
index 2e336dd..4329d20 100644
--- a/gnu/packages/video.scm
+++ b/gnu/packages/video.scm
@@ -866,7 +866,9 @@ SVCD, DVD, 3ivx, DivX 3/4/5, WMV and H.264 movies.")
("libxrandr" ,libxrandr)
("libxscrnsaver" ,libxscrnsaver)
("libxv" ,libxv)
-   ("lua" ,lua)
+   ;; XXX: lua > 5.2 is not currently supported; see
+   ;; waftools/checks/custom.py
+   ("lua" ,lua-5.2)
("mesa" ,mesa)
("mpg123" ,mpg123)
("pulseaudio" ,pulseaudio)
-- 
2.10.2