summary refs log tree commit diff
diff options
context:
space:
mode:
authorEfraim Flashner <efraim@flashner.co.il>2017-03-23 14:53:33 +0200
committerEfraim Flashner <efraim@flashner.co.il>2017-03-23 14:53:33 +0200
commit0371b345e8bffb0770b1a02ddd1c248f90566e04 (patch)
treeddfd9cc4e32193945f4891c3f77e2b8271c4a5ae
parent8be563a5a39205d55fd39399e29a9272305b34c6 (diff)
parentc53af0016e283ef642ac43ccc2ee5d650f06a888 (diff)
downloadguix-0371b345e8bffb0770b1a02ddd1c248f90566e04.tar.gz
Merge remote-tracking branch 'origin/master' into core-updates
-rw-r--r--build-aux/test-driver.scm51
-rw-r--r--doc/guix.texi20
-rw-r--r--gnu/local.mk2
-rw-r--r--gnu/packages/autotools.scm4
-rw-r--r--gnu/packages/bioinformatics.scm4
-rw-r--r--gnu/packages/compression.scm16
-rw-r--r--gnu/packages/embedded.scm1
-rw-r--r--gnu/packages/guile.scm3
-rw-r--r--gnu/packages/haskell.scm22
-rw-r--r--gnu/packages/idris.scm5
-rw-r--r--gnu/packages/libffcall.scm1
-rw-r--r--gnu/packages/mail.scm4
-rw-r--r--gnu/packages/package-management.scm6
-rw-r--r--gnu/packages/patches/chicken-CVE-2016-6830+CVE-2016-6831.patch81
-rw-r--r--gnu/packages/patches/chicken-CVE-2017-6949.patch132
-rw-r--r--gnu/packages/perl-web.scm4
-rw-r--r--gnu/packages/python.scm36
-rw-r--r--gnu/packages/rust.scm20
-rw-r--r--gnu/packages/scheme.scm16
-rw-r--r--gnu/packages/video.scm4
-rw-r--r--guix/pk-crypto.scm8
-rw-r--r--guix/scripts/publish.scm137
-rw-r--r--tests/pack.scm1
-rw-r--r--tests/publish.scm35
-rw-r--r--tests/store.scm4
25 files changed, 394 insertions, 223 deletions
diff --git a/build-aux/test-driver.scm b/build-aux/test-driver.scm
index e9cc2cb24c..52af1e9be7 100644
--- a/build-aux/test-driver.scm
+++ b/build-aux/test-driver.scm
@@ -1,6 +1,6 @@
 ;;;; test-driver.scm - Guile test driver for Automake testsuite harness
 
-(define script-version "2016-04-03.12") ;UTC
+(define script-version "2017-03-22.13") ;UTC
 
 ;;; Copyright © 2015, 2016 Mathieu Lirzin <mthl@gnu.org>
 ;;;
@@ -59,7 +59,7 @@ The '--test-name', '--log-file' and '--trs-file' options are mandatory.\n"))
       (begin
         (format port "~A:~%" field)
         (pretty-print value port #:per-line-prefix "+ "))
-      (format port "~A: ~A~%" field value)))
+      (format port "~A: ~S~%" field value)))
 
 (define* (result->string symbol #:key colorize?)
   "Return SYMBOL as an upper case string.  Use colors when COLORIZE is #t."
@@ -85,10 +85,10 @@ current output port is supposed to be redirected to a '.log' file."
     ;; Procedure called at the start of an individual test case, before the
     ;; test expression (and expected value) are evaluated.
     (let ((result (cute assq-ref (test-result-alist runner) <>)))
-      (test-display "test-name" (result 'test-name))
-      (test-display "location"
-                    (string-append (result 'source-file) ":"
-                                   (number->string (result 'source-line))))
+      (format #t "test-name: ~A~%" (result 'test-name))
+      (format #t "location: ~A~%"
+              (string-append (result 'source-file) ":"
+                             (number->string (result 'source-line))))
       (test-display "source" (result 'source-form) #:pretty? #t)))
 
   (define (test-on-test-end-gnu runner)
@@ -99,10 +99,9 @@ current output port is supposed to be redirected to a '.log' file."
            (result  (cut assq-ref results <>)))
       (unless brief?
         ;; Display the result of each test case on the console.
-        (test-display
-         (result->string (test-result-kind runner) #:colorize? color?)
-         (string-append test-name " - " (test-runner-test-name runner))
-         out-port))
+        (format out-port "~A: ~A - ~A~%"
+                (result->string (test-result-kind runner) #:colorize? color?)
+                test-name (test-runner-test-name runner)))
       (when (result? 'expected-value)
         (test-display "expected-value" (result 'expected-value)))
       (when (result? 'expected-error)
@@ -111,12 +110,11 @@ current output port is supposed to be redirected to a '.log' file."
         (test-display "actual-value" (result 'actual-value)))
       (when (result? 'actual-error)
         (test-display "actual-error" (result 'actual-error) #:pretty? #t))
-      (test-display "result" (result->string (result 'result-kind)))
+      (format #t "result: ~a~%" (result->string (result 'result-kind)))
       (newline)
-      (test-display ":test-result"
-                    (string-append (result->string (test-result-kind runner))
-                                   " " (test-runner-test-name runner))
-                    trs-port)))
+      (format trs-port ":test-result: ~A ~A~%"
+              (result->string (test-result-kind runner))
+              (test-runner-test-name runner))))
 
   (define (test-on-group-end-gnu runner)
     ;; Procedure called by a 'test-end', including at the end of a test-group.
@@ -125,21 +123,18 @@ current output port is supposed to be redirected to a '.log' file."
           (skip (or (positive? (test-runner-skip-count runner))
                     (positive? (test-runner-xfail-count runner)))))
       ;; XXX: The global results need some refinements for XPASS.
-      (test-display ":global-test-result"
-                    (if fail "FAIL" (if skip "SKIP" "PASS"))
-                    trs-port)
-      (test-display ":recheck"
-                    (if fail "yes" "no")
-                    trs-port)
-      (test-display ":copy-in-global-log"
-                    (if (or fail skip) "yes" "no")
-                    trs-port)
+      (format trs-port ":global-test-result: ~A~%"
+              (if fail "FAIL" (if skip "SKIP" "PASS")))
+      (format trs-port ":recheck: ~A~%"
+              (if fail "yes" "no"))
+      (format trs-port ":copy-in-global-log: ~A~%"
+              (if (or fail skip) "yes" "no"))
       (when brief?
         ;; Display the global test group result on the console.
-        (test-display (result->string (if fail 'fail (if skip 'skip 'pass))
-                                      #:colorize? color?)
-                      test-name
-                      out-port))
+        (format out-port "~A: ~A~%"
+                (result->string (if fail 'fail (if skip 'skip 'pass))
+                                #:colorize? color?)
+                test-name))
       #f))
 
   (let ((runner (test-runner-null)))
diff --git a/doc/guix.texi b/doc/guix.texi
index efd4887bbe..683ef6c5cd 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -6523,6 +6523,26 @@ This allows the user's Guix to keep substitute information in cache for
 guarantee that the store items it provides will indeed remain available
 for as long as @var{ttl}.
 
+@item --nar-path=@var{path}
+Use @var{path} as the prefix for the URLs of ``nar'' files
+(@pxref{Invoking guix archive, normalized archives}).
+
+By default, nars are served at a URL such as
+@code{/nar/gzip/@dots{}-coreutils-8.25}.  This option allows you to
+change the @code{/nar} part to @var{path}.
+
+@item --public-key=@var{file}
+@itemx --private-key=@var{file}
+Use the specific @var{file}s as the public/private key pair used to sign
+the store items being published.
+
+The files must correspond to the same key pair (the private key is used
+for signing and the public key is merely advertised in the signature
+metadata).  They must contain keys in the canonical s-expression format
+as produced by @command{guix archive --generate-key} (@pxref{Invoking
+guix archive}).  By default, @file{/etc/guix/signing-key.pub} and
+@file{/etc/guix/signing-key.sec} are used.
+
 @item --repl[=@var{port}]
 @itemx -r [@var{port}]
 Spawn a Guile REPL server (@pxref{REPL Servers,,, guile, GNU Guile
diff --git a/gnu/local.mk b/gnu/local.mk
index 4d85f15a06..f02967233f 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -506,7 +506,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/calibre-drop-unrar.patch			\
   %D%/packages/patches/calibre-no-updates-dialog.patch		\
   %D%/packages/patches/cdparanoia-fpic.patch			\
-  %D%/packages/patches/chicken-CVE-2016-6830+CVE-2016-6831.patch	\
+  %D%/packages/patches/chicken-CVE-2017-6949.patch		\
   %D%/packages/patches/chmlib-inttypes.patch			\
   %D%/packages/patches/clang-libc-search-path.patch		\
   %D%/packages/patches/clang-3.8-libc-search-path.patch		\
diff --git a/gnu/packages/autotools.scm b/gnu/packages/autotools.scm
index 442c87c1f1..e933973489 100644
--- a/gnu/packages/autotools.scm
+++ b/gnu/packages/autotools.scm
@@ -165,7 +165,7 @@ exec ~a --no-auto-compile \"$0\" \"$@\"
 (define-public autoconf-archive
   (package
     (name "autoconf-archive")
-    (version "2016.09.16")
+    (version "2017.03.21")
     (source
      (origin
       (method url-fetch)
@@ -173,7 +173,7 @@ exec ~a --no-auto-compile \"$0\" \"$@\"
                           version ".tar.xz"))
       (sha256
        (base32
-        "10mxz9hfnfz66m1l9s28sbyfb9a04akz92wkyv9blhpq6p9fzwp8"))))
+        "0rfpapadka2023qhy8294ca5awxpb8d4904js6kv7piby5ax8siq"))))
     (build-system gnu-build-system)
     (home-page "https://www.gnu.org/software/autoconf-archive")
     (synopsis "Collection of freely reusable Autoconf macros")
diff --git a/gnu/packages/bioinformatics.scm b/gnu/packages/bioinformatics.scm
index 97380fc032..232c7db838 100644
--- a/gnu/packages/bioinformatics.scm
+++ b/gnu/packages/bioinformatics.scm
@@ -5051,7 +5051,7 @@ application of SortMeRNA is filtering rRNA from metatranscriptomic data.")
 (define-public star
   (package
     (name "star")
-    (version "2.5.2b")
+    (version "2.5.3a")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/alexdobin/STAR/archive/"
@@ -5059,7 +5059,7 @@ application of SortMeRNA is filtering rRNA from metatranscriptomic data.")
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "1na6np880r1zaamiy00hy8bid5anpy0kgf63587v2yl080krk2zq"))
+                "013wirlz8lllgjyagl48l75n1isxyabqb3sj7qlsl0x1rmvqw99a"))
               (modules '((guix build utils)))
               (snippet
                '(begin
diff --git a/gnu/packages/compression.scm b/gnu/packages/compression.scm
index 576a70af75..6f5f584822 100644
--- a/gnu/packages/compression.scm
+++ b/gnu/packages/compression.scm
@@ -596,7 +596,7 @@ decompression of some loosely related file formats used by Microsoft.")
 (define-public perl-compress-raw-bzip2
   (package
     (name "perl-compress-raw-bzip2")
-    (version "2.068")
+    (version "2.074")
     (source
      (origin
        (method url-fetch)
@@ -604,7 +604,7 @@ decompression of some loosely related file formats used by Microsoft.")
                            "Compress-Raw-Bzip2-" version ".tar.gz"))
        (sha256
         (base32
-         "16hl58xppckldz05zdyid1l5gpaykzwvkq682h3rc3nilbhgjqqg"))))
+         "0b5jwqf15zr787acnx8sfyy2zavdd7gfkd98n1dgy8fs6r8yb8a4"))))
     (build-system perl-build-system)
     ;; TODO: Use our bzip2 package.
     (home-page "http://search.cpan.org/dist/Compress-Raw-Bzip2")
@@ -616,7 +616,7 @@ compression library.")
 (define-public perl-compress-raw-zlib
   (package
     (name "perl-compress-raw-zlib")
-    (version "2.068")
+    (version "2.074")
     (source
      (origin
        (method url-fetch)
@@ -624,7 +624,7 @@ compression library.")
                            "Compress-Raw-Zlib-" version ".tar.gz"))
        (sha256
         (base32
-         "06q7n87g26nn5gv4z2p31ca32f6zk124hqxc25rfgkjd3qi5798i"))))
+         "08bpx9v6i40n54rdcj6invlj294z20amrl8wvwf9b83aldwdwsd3"))))
     (build-system perl-build-system)
     (inputs
      `(("zlib" ,zlib)))
@@ -651,7 +651,7 @@ compression library.")
 (define-public perl-io-compress
   (package
     (name "perl-io-compress")
-    (version "2.068")
+    (version "2.074")
     (source
      (origin
        (method url-fetch)
@@ -659,11 +659,11 @@ compression library.")
                            "IO-Compress-" version ".tar.gz"))
        (sha256
         (base32
-         "0dy0apjp7j9dfkzfjspjd3z9gh26srx5vac72g59bkkz1jf8s1gs"))))
+         "1wlpy2026djfmq0bjync531yq6s695jf7bcnpvjphrasi776igdl"))))
     (build-system perl-build-system)
     (propagated-inputs
-     `(("perl-compress-raw-zlib" ,perl-compress-raw-zlib)     ; >=2.068
-       ("perl-compress-raw-bzip2" ,perl-compress-raw-bzip2))) ; >=2.068
+     `(("perl-compress-raw-zlib" ,perl-compress-raw-zlib)     ; >=2.074
+       ("perl-compress-raw-bzip2" ,perl-compress-raw-bzip2))) ; >=2.074
     (home-page "http://search.cpan.org/dist/IO-Compress")
     (synopsis "IO Interface to compressed files/buffers")
     (description "IO-Compress provides a Perl interface to allow reading and
diff --git a/gnu/packages/embedded.scm b/gnu/packages/embedded.scm
index 222278009d..0e86478bd3 100644
--- a/gnu/packages/embedded.scm
+++ b/gnu/packages/embedded.scm
@@ -732,6 +732,7 @@ simulator.")
                 (uri (git-reference
                        (url "https://github.com/puppeh/binutils-vc4.git")
                        (commit commit)))
+                (file-name (string-append name "-" version "-checkout"))
                 (sha256
                  (base32
                   "1kdrz6fki55lm15rwwamn74fnqpy0zlafsida2zymk76n3656c63"))))
diff --git a/gnu/packages/guile.scm b/gnu/packages/guile.scm
index b621d8274d..0e75e026b5 100644
--- a/gnu/packages/guile.scm
+++ b/gnu/packages/guile.scm
@@ -247,6 +247,9 @@ without requiring the source code to be rewritten.")
             (files '("lib/guile/2.2/site-ccache"
                      "share/guile/site/2.2")))))))
 
+(define-public guile-next
+  (deprecated-package "guile-next" guile-2.2))
+
 (define (guile-variant-package-name prefix)
   (lambda (name)
     "Return NAME with PREFIX instead of \"guile-\", when applicable."
diff --git a/gnu/packages/haskell.scm b/gnu/packages/haskell.scm
index 2415881e8e..d48983a81a 100644
--- a/gnu/packages/haskell.scm
+++ b/gnu/packages/haskell.scm
@@ -9,6 +9,7 @@
 ;;; Copyright © 2015, 2016, 2017 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2016, 2017 David Craven <david@craven.ch>
 ;;; Copyright © 2017 Danny Milosavljevic <dannym@scratchpost.org>
+;;; Copyright © 2017 Peter Mikkelsen <petermikkelsen10@gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -562,6 +563,27 @@ package.")
 package.")
     (license license:bsd-3)))
 
+(define-public ghc-code-page
+  (package
+  (name "ghc-code-page")
+  (version "0.1.3")
+  (source
+   (origin
+     (method url-fetch)
+     (uri (string-append
+           "https://hackage.haskell.org/package/code-page/code-page-"
+           version ".tar.gz"))
+      (sha256
+       (base32
+        "1491frk4jx6dlhifky9dvcxbsbcfssrz979a5hp5zn061rh8cp76"))))
+  (build-system haskell-build-system)
+  (home-page "https://github.com/RyanGlScott/code-page")
+  (synopsis "Windows code page library for Haskell")
+  (description "A cross-platform library with functions for adjusting
+code pages on Windows.  On all other operating systems, the library does
+nothing.")
+  (license license:bsd-3)))
+
 (define-public ghc-haddock-library
   (package
     (name "ghc-haddock-library")
diff --git a/gnu/packages/idris.scm b/gnu/packages/idris.scm
index 02198a5a7d..2b7f4cc9dd 100644
--- a/gnu/packages/idris.scm
+++ b/gnu/packages/idris.scm
@@ -31,7 +31,7 @@
 (define-public idris
   (package
     (name "idris")
-    (version "0.99")
+    (version "0.99.1")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -39,7 +39,7 @@
                     "idris-" version "/idris-" version ".tar.gz"))
               (sha256
                (base32
-                "1sd4vy5rx0mp32xj99qijhknkgw4d2rxvz6wiy3pym6kaqmc497i"))))
+                "12kw452arnl5ldip2x749j5np3l40bv7asqdv9w0f60j45hii40r"))))
     (build-system haskell-build-system)
     (inputs
      `(("gmp" ,gmp)
@@ -53,6 +53,7 @@
        ("ghc-blaze-html" ,ghc-blaze-html)
        ("ghc-blaze-markup" ,ghc-blaze-markup)
        ("ghc-cheapskate" ,ghc-cheapskate)
+       ("ghc-code-page" ,ghc-code-page)
        ("ghc-fingertree" ,ghc-fingertree)
        ("ghc-fsnotify" ,ghc-fsnotify)
        ("ghc-ieee754" ,ghc-ieee754)
diff --git a/gnu/packages/libffcall.scm b/gnu/packages/libffcall.scm
index 5e12c6b160..6ff40c8a10 100644
--- a/gnu/packages/libffcall.scm
+++ b/gnu/packages/libffcall.scm
@@ -36,6 +36,7 @@
               ":pserver:anonymous@cvs.savannah.gnu.org:/sources/libffcall")
              (module "ffcall")
              (revision "2015-01-15")))
+       (file-name (string-append name "-" version "-checkout"))
        (sha256
         (base32
          "1lwdskc2w4rr98x9flr2726lmj4190l16r0izg7gqxy50801wwgd"))))
diff --git a/gnu/packages/mail.scm b/gnu/packages/mail.scm
index 369fb69d9b..53a8632947 100644
--- a/gnu/packages/mail.scm
+++ b/gnu/packages/mail.scm
@@ -1080,7 +1080,7 @@ facilities for checking incoming mail.")
 (define-public dovecot
   (package
     (name "dovecot")
-    (version "2.2.27")
+    (version "2.2.28")
     (source
      (origin
        (method url-fetch)
@@ -1088,7 +1088,7 @@ facilities for checking incoming mail.")
                            (version-major+minor version) "/"
                            name "-" version ".tar.gz"))
        (sha256 (base32
-                "1s8qvr6fa9d0n179kdwgpsi72zkvpbh9q57q8fr2fjysgjl94zw9"))))
+                "098zpkmkk93372qnv6drgbfg8hp5mynspzc1735qgar6wdcqya70"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("pkg-config" ,pkg-config)))
diff --git a/gnu/packages/package-management.scm b/gnu/packages/package-management.scm
index f675e22ad9..cabfc862ac 100644
--- a/gnu/packages/package-management.scm
+++ b/gnu/packages/package-management.scm
@@ -214,9 +214,9 @@ the Nix package manager.")
   ;;
   ;; Note: use a very short commit id; with a longer one, the limit on
   ;; hash-bang lines would be exceeded while running the tests.
-  (let ((commit "1162418ee88f155f6b14fd8926479c2176e40e76"))
+  (let ((commit "73a46451af333c77d2e79aa8764f51be8c34d1ae"))
     (package (inherit guix-0.12.0)
-      (version (string-append "0.12.0-5." (string-take commit 4)))
+      (version (string-append "0.12.0-6." (string-take commit 4)))
       (source (origin
                 (method git-fetch)
                 (uri (git-reference
@@ -226,7 +226,7 @@ the Nix package manager.")
                       (commit commit)))
                 (sha256
                  (base32
-                  "16pxqbywhayazdgg9l19frigncmyq20j5fvaq4zgvm0iidndhfja"))
+                  "1zfa6c1vf52rg7ba1nrz4hzgdwl16brc4iylcdnhl9mnkjg2fbr5"))
                 (file-name (string-append "guix-" version "-checkout"))))
       (arguments
        (substitute-keyword-arguments (package-arguments guix-0.12.0)
diff --git a/gnu/packages/patches/chicken-CVE-2016-6830+CVE-2016-6831.patch b/gnu/packages/patches/chicken-CVE-2016-6830+CVE-2016-6831.patch
deleted file mode 100644
index 59decde0e9..0000000000
--- a/gnu/packages/patches/chicken-CVE-2016-6830+CVE-2016-6831.patch
+++ /dev/null
@@ -1,81 +0,0 @@
-diff -ur a/irregex-core.scm b/irregex-core.scm
---- a/irregex-core.scm	2016-09-11 19:03:00.000000000 -0400
-+++ b/irregex-core.scm	2017-01-01 22:24:08.000000000 -0500
-@@ -30,6 +30,8 @@
- 
- ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
- ;;;; History
-+;; 0.9.6: 2016/12/05 - fixed exponential memory use of + in compilation
-+;;                     of backtracking matcher.
- ;; 0.9.5: 2016/09/10 - fixed a bug in irregex-fold handling of bow
- ;; 0.9.4: 2015/12/14 - performance improvement for {n,m} matches
- ;; 0.9.3: 2014/07/01 - R7RS library
-@@ -3170,16 +3172,7 @@
-               ((sre-empty? (sre-sequence (cdr sre)))
-                (error "invalid sre: empty *" sre))
-               (else
--               (letrec
--                   ((body
--                     (lp (sre-sequence (cdr sre))
--                         n
--                         flags
--                         (lambda (cnk init src str i end matches fail)
--                           (body cnk init src str i end matches
--                                 (lambda ()
--                                   (next cnk init src str i end matches fail)
--                                   ))))))
-+               (let ((body (rec (list '+ (sre-sequence (cdr sre))))))
-                  (lambda (cnk init src str i end matches fail)
-                    (body cnk init src str i end matches
-                          (lambda ()
-@@ -3204,10 +3197,21 @@
-                          (lambda ()
-                            (body cnk init src str i end matches fail))))))))
-             ((+)
--             (lp (sre-sequence (cdr sre))
--                 n
--                 flags
--                 (rec (list '* (sre-sequence (cdr sre))))))
-+             (cond
-+              ((sre-empty? (sre-sequence (cdr sre)))
-+               (error "invalid sre: empty +" sre))
-+              (else
-+               (letrec
-+                   ((body
-+                     (lp (sre-sequence (cdr sre))
-+                         n
-+                         flags
-+                         (lambda (cnk init src str i end matches fail)
-+                           (body cnk init src str i end matches
-+                                 (lambda ()
-+                                   (next cnk init src str i end matches fail)
-+                                   ))))))
-+                 body))))
-             ((=)
-              (rec `(** ,(cadr sre) ,(cadr sre) ,@(cddr sre))))
-             ((>=)
-diff -ur a/irregex-utils.scm b/irregex-utils.scm
---- a/irregex-utils.scm	2016-09-11 19:03:00.000000000 -0400
-+++ b/irregex-utils.scm	2017-01-01 22:25:25.000000000 -0500
-@@ -89,7 +89,7 @@
-         (case (car x)
-           ((: seq)
-            (cond
--            ((and (pair? (cddr x)) (pair? (cddr x)) (not (eq? x obj)))
-+            ((and (pair? (cdr x)) (pair? (cddr x)) (not (eq? x obj)))
-              (display "(?:" out) (for-each lp (cdr x)) (display ")" out))
-             (else (for-each lp (cdr x)))))
-           ((submatch)
-diff -ur "a/manual-html/Unit irregex.html" "b/manual-html/Unit irregex.html"
---- "a/manual-html/Unit irregex.html"	2016-09-11 19:10:47.000000000 -0400
-+++ "b/manual-html/Unit irregex.html"	2017-01-01 22:26:05.000000000 -0500
-@@ -353,6 +353,6 @@
- <dd class="defsig"><p>Returns an optimized SRE matching any of the literal strings in the list, like Emacs' <tt>regexp-opt</tt>.  Note this optimization doesn't help when irregex is able to build a DFA.</p></dd>
- </dl>
- <h5 id="sec:sre-.3estring"><a href="#sec:sre-.3estring">sre-&gt;string</a></h5><dl class="defsig"><dt class="defsig" id="def:sre-.3estring"><span class="sig"><tt>(sre-&gt;string &lt;sre&gt;)</tt></span> <span class="type">procedure</span></dt>
--<dd class="defsig"><p>Convert an SRE to a POSIX-style regular expression string, if possible.</p></dd>
-+<dd class="defsig"><p>Convert an SRE to a PCRE-style regular expression string, if possible.</p></dd>
- </dl>
--<hr /><p>Previous: <a href="Unit%20extras.html">Unit extras</a></p><p>Next: <a href="Unit%20srfi-1.html">Unit srfi-1</a></p></div></div></body>
-\ No newline at end of file
-+<hr /><p>Previous: <a href="Unit%20extras.html">Unit extras</a></p><p>Next: <a href="Unit%20srfi-1.html">Unit srfi-1</a></p></div></div></body>
diff --git a/gnu/packages/patches/chicken-CVE-2017-6949.patch b/gnu/packages/patches/chicken-CVE-2017-6949.patch
new file mode 100644
index 0000000000..00552eec76
--- /dev/null
+++ b/gnu/packages/patches/chicken-CVE-2017-6949.patch
@@ -0,0 +1,132 @@
+From: LemonBoy <thatlemon@gmail.com>
+Date: Fri, 10 Mar 2017 16:29:47 +0100
+Subject: [PATCH] Add bound checking to all srfi-4 vector allocations.
+
+Do what C_allocate_vector already does and prevent the creation of a
+vector that's too big or too small.
+We should be very careful to avoid the latter case because the
+allocation size is directly fed into `malloc' as 'x + sizeof(C_header)'
+thus making possible to successfully allocate a vector smaller than the
+C_header structure and get C_block_header_init to write over
+uninitialized memory.
+
+To reduce code duplication, type checking is moved from each of the
+make-*vector procedures to the common "alloc" helper procedure.
+
+Signed-off-by: Peter Bex <peter@more-magic.net>
+Signed-off-by: Kooda <kooda@upyum.com>
+---
+ srfi-4.scm | 34 +++++++++++++++-------------------
+ 1 file changed, 15 insertions(+), 19 deletions(-)
+
+diff --git a/srfi-4.scm b/srfi-4.scm
+index 7f5412b..69f58ba 100644
+--- a/srfi-4.scm
++++ b/srfi-4.scm
+@@ -255,24 +255,28 @@ EOF
+ 
+ ;;; Basic constructors:
+ 
+-(let* ([ext-alloc
+-	(foreign-lambda* scheme-object ([int bytes])
+-	  "C_word *buf = (C_word *)C_malloc(bytes + sizeof(C_header));"
++(let* ((ext-alloc
++	(foreign-lambda* scheme-object ((size_t bytes))
++	  "C_word *buf;"
++	  "if (bytes > C_HEADER_SIZE_MASK) C_return(C_SCHEME_FALSE);"
++	  "buf = (C_word *)C_malloc(bytes + sizeof(C_header));"
+ 	  "if(buf == NULL) C_return(C_SCHEME_FALSE);"
+ 	  "C_block_header_init(buf, C_make_header(C_BYTEVECTOR_TYPE, bytes));"
+-	  "C_return(buf);") ]
+-       [ext-free
+-	(foreign-lambda* void ([scheme-object bv])
+-	  "C_free((void *)C_block_item(bv, 1));") ]
+-       [alloc
++	  "C_return(buf);") )
++       (ext-free
++	(foreign-lambda* void ((scheme-object bv))
++	  "C_free((void *)C_block_item(bv, 1));") )
++       (alloc
+ 	(lambda (loc len ext?)
++	  (##sys#check-exact len loc)
++	  (when (fx< len 0) (##sys#error loc "size is negative" len))
+ 	  (if ext?
+-	      (let ([bv (ext-alloc len)])
++	      (let ((bv (ext-alloc len)))
+ 		(or bv
+ 		    (##sys#error loc "not enough memory - cannot allocate external number vector" len)) )
+-	      (let ([bv (##sys#allocate-vector len #t #f #t)]) ; this could be made better...
++	      (let ((bv (##sys#allocate-vector len #t #f #t))) ; this could be made better...
+ 		(##core#inline "C_string_to_bytevector" bv)
+-		bv) ) ) ] )
++		bv) ) ) ) )
+ 
+   (set! release-number-vector
+     (lambda (v)
+@@ -282,7 +286,6 @@ EOF
+ 
+   (set! make-u8vector
+     (lambda (len #!optional (init #f)  (ext? #f) (fin? #t))
+-      (##sys#check-exact len 'make-u8vector)
+       (let ((v (##sys#make-structure 'u8vector (alloc 'make-u8vector len ext?))))
+ 	(when (and ext? fin?) (set-finalizer! v ext-free))
+ 	(if (not init)
+@@ -295,7 +298,6 @@ EOF
+ 
+   (set! make-s8vector
+     (lambda (len #!optional (init #f)  (ext? #f) (fin? #t))
+-      (##sys#check-exact len 'make-s8vector)
+       (let ((v (##sys#make-structure 's8vector (alloc 'make-s8vector len ext?))))
+ 	(when (and ext? fin?) (set-finalizer! v ext-free))
+ 	(if (not init)
+@@ -308,7 +310,6 @@ EOF
+ 
+   (set! make-u16vector
+     (lambda (len #!optional (init #f)  (ext? #f) (fin? #t))
+-      (##sys#check-exact len 'make-u16vector)
+       (let ((v (##sys#make-structure 'u16vector (alloc 'make-u16vector (##core#inline "C_fixnum_shift_left" len 1) ext?))))
+ 	(when (and ext? fin?) (set-finalizer! v ext-free))
+ 	(if (not init)
+@@ -321,7 +322,6 @@ EOF
+ 
+   (set! make-s16vector
+     (lambda (len #!optional (init #f)  (ext? #f) (fin? #t))
+-      (##sys#check-exact len 'make-s16vector)
+       (let ((v (##sys#make-structure 's16vector (alloc 'make-s16vector (##core#inline "C_fixnum_shift_left" len 1) ext?))))
+ 	(when (and ext? fin?) (set-finalizer! v ext-free))
+ 	(if (not init)
+@@ -334,7 +334,6 @@ EOF
+ 
+   (set! make-u32vector
+     (lambda (len #!optional (init #f)  (ext? #f) (fin? #t))
+-      (##sys#check-exact len 'make-u32vector)
+       (let ((v (##sys#make-structure 'u32vector (alloc 'make-u32vector (##core#inline "C_fixnum_shift_left" len 2) ext?))))
+ 	(when (and ext? fin?) (set-finalizer! v ext-free))
+ 	(if (not init)
+@@ -347,7 +346,6 @@ EOF
+ 
+   (set! make-s32vector
+     (lambda (len #!optional (init #f)  (ext? #f) (fin? #t))
+-      (##sys#check-exact len 'make-s32vector)
+       (let ((v (##sys#make-structure 's32vector (alloc 'make-s32vector (##core#inline "C_fixnum_shift_left" len 2) ext?))))
+ 	(when (and ext? fin?) (set-finalizer! v ext-free))
+ 	(if (not init)
+@@ -360,7 +358,6 @@ EOF
+ 
+   (set! make-f32vector
+     (lambda (len #!optional (init #f)  (ext? #f) (fin? #t))
+-      (##sys#check-exact len 'make-f32vector)
+       (let ((v (##sys#make-structure 'f32vector (alloc 'make-f32vector (##core#inline "C_fixnum_shift_left" len 2) ext?))))
+ 	(when (and ext? fin?) (set-finalizer! v ext-free))
+ 	(if (not init)
+@@ -375,7 +372,6 @@ EOF
+ 
+   (set! make-f64vector
+     (lambda (len #!optional (init #f)  (ext? #f) (fin? #t))
+-      (##sys#check-exact len 'make-f64vector)
+       (let ((v (##sys#make-structure
+ 		'f64vector
+ 		(alloc 'make-f64vector (##core#inline "C_fixnum_shift_left" len 3) ext?))))
+--
+2.1.4
+
diff --git a/gnu/packages/perl-web.scm b/gnu/packages/perl-web.scm
index 9c92a95dad..75637e6545 100644
--- a/gnu/packages/perl-web.scm
+++ b/gnu/packages/perl-web.scm
@@ -26,7 +26,7 @@
 (define-public perl-mojolicious
   (package
     (name "perl-mojolicious")
-    (version "7.10")
+    (version "7.29")
     (source
      (origin
        (method url-fetch)
@@ -34,7 +34,7 @@
                            version ".tar.gz"))
        (sha256
         (base32
-         "0811f3wajgf71y02dr2khqnaswjh582pcvhv93k101qpg61syihn"))))
+         "1kmyb9axqbklyvr3l4d6mxnb0r97s9hzn7jpzksgckklp1ic8sqh"))))
     (build-system perl-build-system)
     (home-page "http://mojolicious.org/")
     (synopsis "Real-time web framework")
diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm
index ea1d691c18..89aca2c540 100644
--- a/gnu/packages/python.scm
+++ b/gnu/packages/python.scm
@@ -1725,14 +1725,14 @@ standard library.")
 (define-public python-pafy
   (package
     (name "python-pafy")
-    (version "0.5.2")
+    (version "0.5.3.1")
     (source
      (origin
        (method url-fetch)
        (uri (pypi-uri "pafy" version))
        (sha256
         (base32
-         "1ckvrypyvb7jbqlgwdz0y337ajagjv7dgxyns326nqwypn1wpq0i"))))
+         "1a7dxi95m1043rxx1r5x3ngb66nwlq6aqcasyqqjzmmmjps4zrim"))))
     (build-system python-build-system)
     (arguments
      `(#:tests? #f)) ; Currently pafy can not find itself in the tests
@@ -4372,14 +4372,14 @@ both of which are installed automatically if you install this library.")
 (define-public python-sqlalchemy-utils
   (package
     (name "python-sqlalchemy-utils")
-    (version "0.32.11")
+    (version "0.32.13")
     (source
       (origin
         (method url-fetch)
         (uri (pypi-uri "SQLAlchemy-Utils" version))
         (sha256
          (base32
-          "1wghyvk73cmq3iqyg3fczw128fv2pan2v76m0xg1bw05h8fhvnk3"))))
+          "0vsib7gidjamzsz6w4s5pdhxzxsrkghjnm4sqwk94igjrl3i5ixj"))))
     (build-system python-build-system)
     (arguments
      '(#:tests? #f)) ; FIXME: Many tests require a running database server.
@@ -4796,7 +4796,7 @@ etc.  The core of this module is a decorator factory.")
 (define-public python-drmaa
   (package
     (name "python-drmaa")
-    (version "0.7.6")
+    (version "0.7.7")
     (source
      (origin
        (method url-fetch)
@@ -4804,7 +4804,7 @@ etc.  The core of this module is a decorator factory.")
              "https://pypi.python.org/packages/source/d/drmaa/drmaa-"
              version ".tar.gz"))
        (sha256
-        (base32 "0bzl9f9g34dlhwf09i3fdv7dqqzf2iq0w7d6c2bafx1nlap8qfbh"))))
+        (base32 "0xzqriqyvk5b8hszbavsyxd29wm3sxirm8zvvdm73rs2iq7w4hkx"))))
     (build-system python-build-system)
     ;; The test suite requires libdrmaa which is provided by the cluster
     ;; environment.  At runtime the environment variable DRMAA_LIBRARY_PATH
@@ -5666,14 +5666,14 @@ libxml2 and libxslt.")
 (define-public python-beautifulsoup4
   (package
     (name "python-beautifulsoup4")
-    (version "4.5.1")
+    (version "4.5.3")
     (source
      (origin
        (method url-fetch)
        (uri (pypi-uri "beautifulsoup4" version))
        (sha256
         (base32
-         "1qgmhw65ncsgccjhslgkkszif47q6gvxwqv4mim17agxd81p951w"))))
+         "0glaw1vyxnbp03fni7h5496n6iib0n5iim4gax1n0ngscs9s075j"))))
     (build-system python-build-system)
     (arguments
      `(#:phases
@@ -6742,7 +6742,7 @@ provided that can be used to do various manipulations with LilyPond files.")
 (define-public python-appdirs
   (package
     (name "python-appdirs")
-    (version "1.4.0")
+    (version "1.4.3")
     (source
       (origin
         (method url-fetch)
@@ -6752,7 +6752,7 @@ provided that can be used to do various manipulations with LilyPond files.")
                ".tar.gz"))
         (sha256
           (base32
-            "1iddva7v3fq0aqzsahkazxr7vpw28mqcrsy818z4wyiqnkplbhlg"))))
+            "14id6wxi12lgyw0mg3bcfnf888ad07jz9yj46gfzhn186z8rcn4y"))))
     (build-system python-build-system)
     (home-page "http://github.com/ActiveState/appdirs")
     (synopsis
@@ -7126,13 +7126,13 @@ implementations of ASN.1-based codecs and protocols.")
 (define-public python-ipaddress
   (package
     (name "python-ipaddress")
-    (version "1.0.16")
+    (version "1.0.18")
     (source (origin
               (method url-fetch)
               (uri (pypi-uri "ipaddress" version))
               (sha256
                (base32
-                "1c3imabdrw8nfksgjjflzg7h4ynjckqacb188rf541m74arq4cas"))))
+                "1q8klj9d84cmxgz66073x1j35cplr3r77vx1znhxiwl5w74391ax"))))
     (build-system python-build-system)
     (home-page "https://github.com/phihag/ipaddress")
     (synopsis "IP address manipulation library")
@@ -8994,14 +8994,14 @@ Python at your fingertips, in Lisp form.")
 (define-public python-rauth
   (package
     (name "python-rauth")
-    (version "0.7.2")
+    (version "0.7.3")
     (source
       (origin
         (method url-fetch)
         (uri (pypi-uri "rauth" version))
         (sha256
          (base32
-          "00pq7zw429hhza9c0qzxiqp77m653jv09z92nralnmzwdf6pzicf"))))
+          "02kv8w8l98ky223avyq7vw7x1f2ya9chrm59r77ylq45qb0xnk2j"))))
     (build-system python-build-system)
     (arguments
      `(#:test-target "check"))
@@ -9090,14 +9090,14 @@ otherwise matches 3.2’s API.")
 (define-public python2-futures
   (package
     (name "python2-futures")
-    (version "3.0.3")
+    (version "3.0.5")
     (source
       (origin
         (method url-fetch)
         (uri (pypi-uri "futures" version))
         (sha256
          (base32
-          "1vcb34dqhzkhbq1957vdjszhhm5y3j9ba88dgwhqx2zynhmk9qig"))))
+          "1pw1z4329xvlabdpwqa6b7v2fxf7hl64m4cgr22ckbym8m8m4hh5"))))
     (build-system python-build-system)
     (arguments `(#:python ,python-2))
     (home-page "https://github.com/agronholm/pythonfutures")
@@ -12294,13 +12294,13 @@ failures.")
 (define-public python-natsort
   (package
     (name "python-natsort")
-    (version "5.0.1")
+    (version "5.0.2")
     (source (origin
               (method url-fetch)
               (uri (pypi-uri "natsort" version))
               (sha256
                (base32
-                "1abld5p4a6n5zjnyw5mi2pv37gqalcybv2brjr2y6l9l2p8v9mja"))))
+                "0bh6j0l8iapjnsgg3bs6q075cnzjl6zw1vlgqyv3qrygm2cxypkn"))))
     (build-system python-build-system)
     (arguments
      `(#:phases
diff --git a/gnu/packages/rust.scm b/gnu/packages/rust.scm
index 2dedef8373..af4d322a73 100644
--- a/gnu/packages/rust.scm
+++ b/gnu/packages/rust.scm
@@ -229,18 +229,21 @@ rustc-bootstrap and cargo-bootstrap packages.")
                (("/usr/bin/env") (which "env")))
              ;; Avoid curl as a build dependency.
              (substitute* "configure"
-               (("probe_need CFG_CURL curl") ""))))
+               (("probe_need CFG_CURL curl") ""))
+             #t))
          (add-after 'unpack 'set-env
            (lambda _
              (setenv "SHELL" (which "sh"))
-             (setenv "CONFIG_SHELL" (which "sh"))))
+             (setenv "CONFIG_SHELL" (which "sh"))
+             #t))
          (add-after 'unpack 'patch-tests
            (lambda* (#:key inputs #:allow-other-keys)
-             (substitute* "src/tools/tidy/src/main.rs"
-               (("^.*cargo.*::check.*$") ""))
-             (substitute* "src/libstd/process.rs"
-               (("\"/bin/sh\"") (string-append "\"" (assoc-ref inputs "bash") "/bin/sh\"")))
-             #t))
+             (let ((bash (assoc-ref inputs "bash")))
+               (substitute* "src/tools/tidy/src/main.rs"
+                 (("^.*cargo.*::check.*$") ""))
+               (substitute* "src/libstd/process.rs"
+                 (("\"/bin/sh\"") (string-append "\"" bash "/bin/sh\"")))
+               #t)))
          (replace 'configure
            (lambda* (#:key inputs outputs #:allow-other-keys)
              (let* ((out (assoc-ref outputs "out"))
@@ -275,7 +278,8 @@ rustc-bootstrap and cargo-bootstrap packages.")
                ;; Let gcc find ld and libc startup files.
                (wrap-program (string-append out "/bin/rustc")
                  `("PATH" ":" prefix (,(string-append ld-wrapper "/bin")))
-                 `("LIBRARY_PATH" ":" suffix (,(string-append libc "/lib"))))))))))
+                 `("LIBRARY_PATH" ":" suffix (,(string-append libc "/lib"))))
+               #t))))))
     ;; rustc invokes gcc, so we need to set its search paths accordingly.
     (native-search-paths (package-native-search-paths gcc))
     (synopsis "Compiler for the Rust progamming language")
diff --git a/gnu/packages/scheme.scm b/gnu/packages/scheme.scm
index e1dba9bed7..fec872f5f9 100644
--- a/gnu/packages/scheme.scm
+++ b/gnu/packages/scheme.scm
@@ -325,18 +325,16 @@ mashups, office (web agendas, mail clients, ...), etc.")
 (define-public chicken
   (package
     (name "chicken")
-    (version "4.11.1")
+    (version "4.12.0")
     (source (origin
               (method url-fetch)
-              (uri (string-append "http://code.call-cc.org/releases/"
+              (uri (string-append "https://code.call-cc.org/releases/"
                                   version "/chicken-" version ".tar.gz"))
-              (uri (string-append "http://code.call-cc.org/dev-snapshots/"
-                                  "2016/09/12/chicken-" version ".tar.gz"))
               (sha256
                (base32
-                "1rwymbbmnwdyhdzilv9w75an989xw9kjf3x52iqdng3nphpflcga"))
+                "12b9gaa9lqh39lj1v4wm48f6z8ww3jdkvc5bh9gqqvn6kd2wwnk0"))
               (patches
-               (search-patches "chicken-CVE-2016-6830+CVE-2016-6831.patch"))))
+               (search-patches "chicken-CVE-2017-6949.patch"))))
     (build-system gnu-build-system)
     (arguments
      `(#:modules ((guix build gnu-build-system)
@@ -359,12 +357,6 @@ mashups, office (web agendas, mail clients, ...), etc.")
 
        ;; Parallel builds are not supported, as noted in README.
        #:parallel-build? #f))
-    ;; One of the tests ("testing direct invocation can detect calls of too
-    ;; many arguments...") times out when building with a more recent GCC.
-    ;; The problem was reported here:
-    ;; https://lists.gnu.org/archive/html/chicken-hackers/2015-04/msg00059.html
-    (native-inputs
-     `(("gcc" ,gcc-4.8)))
     (home-page "http://www.call-cc.org/")
     (synopsis "R5RS Scheme implementation that compiles native code via C")
     (description
diff --git a/gnu/packages/video.scm b/gnu/packages/video.scm
index cf54bbf9a4..00117067ed 100644
--- a/gnu/packages/video.scm
+++ b/gnu/packages/video.scm
@@ -984,7 +984,7 @@ access to mpv's powerful playback capabilities.")
 (define-public youtube-dl
   (package
     (name "youtube-dl")
-    (version "2017.03.16")
+    (version "2017.03.22")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://yt-dl.org/downloads/"
@@ -992,7 +992,7 @@ access to mpv's powerful playback capabilities.")
                                   version ".tar.gz"))
               (sha256
                (base32
-                "14nlgl0kh4mwl7sx58vd7nxr5iklxi00612lmydy91ngm6ykrpsm"))))
+                "1zz97g23diggcnqg2hjq9grijskly8ag727f1i509hl7z0lxkh69"))))
     (build-system python-build-system)
     (arguments
      ;; The problem here is that the directory for the man page and completion
diff --git a/guix/pk-crypto.scm b/guix/pk-crypto.scm
index 7017006a71..55ba7b1bb8 100644
--- a/guix/pk-crypto.scm
+++ b/guix/pk-crypto.scm
@@ -23,11 +23,13 @@
   #:use-module (system foreign)
   #:use-module (rnrs bytevectors)
   #:use-module (ice-9 match)
+  #:use-module (ice-9 rdelim)
   #:export (canonical-sexp?
             error-source
             error-string
             string->canonical-sexp
             canonical-sexp->string
+            read-file-sexp
             number->canonical-sexp
             canonical-sexp-car
             canonical-sexp-cdr
@@ -143,6 +145,12 @@ thrown along with 'gcry-error'."
               (loop (* len 2))
               (pointer->string buf size "ISO-8859-1")))))))
 
+(define (read-file-sexp file)
+  "Return the canonical sexp read from FILE."
+  (call-with-input-file file
+    (compose string->canonical-sexp
+             read-string)))
+
 (define canonical-sexp-car
   (let* ((ptr  (libgcrypt-func "gcry_sexp_car"))
          (proc (pointer->procedure '* ptr '(*))))
diff --git a/guix/scripts/publish.scm b/guix/scripts/publish.scm
index 33a7b3bd42..d8ac72f4ef 100644
--- a/guix/scripts/publish.scm
+++ b/guix/scripts/publish.scm
@@ -1,6 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2015 David Thompson <davet@gnu.org>
-;;; Copyright © 2015, 2016 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -52,7 +52,10 @@
   #:use-module (guix scripts)
   #:use-module ((guix utils) #:select (compressed-file?))
   #:use-module ((guix build utils) #:select (dump-port))
-  #:export (guix-publish))
+  #:export (%public-key
+            %private-key
+
+            guix-publish))
 
 (define (show-help)
   (format #t (_ "Usage: guix publish [OPTION]...
@@ -69,6 +72,12 @@ Publish ~a over HTTP.\n") %store-directory)
   (display (_ "
       --ttl=TTL          announce narinfos can be cached for TTL seconds"))
   (display (_ "
+      --nar-path=PATH    use PATH as the prefix for nar URLs"))
+  (display (_ "
+      --public-key=FILE  use FILE as the public key for signatures"))
+  (display (_ "
+      --private-key=FILE use FILE as the private key for signatures"))
+  (display (_ "
   -r, --repl[=PORT]      spawn REPL server on PORT"))
   (newline)
   (display (_ "
@@ -145,6 +154,15 @@ compression disabled~%"))
                       (leave (_ "~a: invalid duration~%") arg))
                     (alist-cons 'narinfo-ttl (time-second duration)
                                 result))))
+        (option '("nar-path") #t #f
+                (lambda (opt name arg result)
+                  (alist-cons 'nar-path arg result)))
+        (option '("public-key") #t #f
+                (lambda (opt name arg result)
+                  (alist-cons 'public-key-file arg result)))
+        (option '("private-key" "secret-key") #t #f
+                (lambda (opt name arg result)
+                  (alist-cons 'private-key-file arg result)))
         (option '(#\r "repl") #f #t
                 (lambda (opt name arg result)
                   ;; If port unspecified, use default Guile REPL port.
@@ -154,6 +172,12 @@ compression disabled~%"))
 (define %default-options
   `((port . 8080)
 
+    ;; By default, serve nars under "/nar".
+    (nar-path . "nar")
+
+    (public-key-file . ,%public-key-file)
+    (private-key-file . ,%private-key-file)
+
     ;; Default to fast & low compression.
     (compression . ,(if (zlib-available?)
                         %default-gzip-compression
@@ -162,18 +186,11 @@ compression disabled~%"))
     (address . ,(make-socket-address AF_INET INADDR_ANY 0))
     (repl . #f)))
 
-(define (lazy-read-file-sexp file)
-  "Return a promise to read the canonical sexp from FILE."
-  (delay
-    (call-with-input-file file
-      (compose string->canonical-sexp
-               read-string))))
-
+;; The key pair used to sign narinfos.
 (define %private-key
-  (lazy-read-file-sexp %private-key-file))
-
+  (make-parameter #f))
 (define %public-key
-  (lazy-read-file-sexp %public-key-file))
+  (make-parameter #f))
 
 (define %nix-cache-info
   `(("StoreDir" . ,%store-directory)
@@ -186,25 +203,26 @@ compression disabled~%"))
 
 (define (signed-string s)
   "Sign the hash of the string S with the daemon's key."
-  (let* ((public-key (force %public-key))
+  (let* ((public-key (%public-key))
          (hash (bytevector->hash-data (sha256 (string->utf8 s))
                                       #:key-type (key-type public-key))))
-    (signature-sexp hash (force %private-key) public-key)))
+    (signature-sexp hash (%private-key) public-key)))
 
 (define base64-encode-string
   (compose base64-encode string->utf8))
 
 (define* (narinfo-string store store-path key
-                         #:key (compression %no-compression))
+                         #:key (compression %no-compression)
+                         (nar-path "nar"))
   "Generate a narinfo key/value string for STORE-PATH; an exception is raised
 if STORE-PATH is invalid.  Produce a URL that corresponds to COMPRESSION.  The
-narinfo is signed with KEY."
+narinfo is signed with KEY.  NAR-PATH specifies the prefix for nar URLs."
   (let* ((path-info  (query-path-info store store-path))
          (compression (if (compressed-file? store-path)
                           %no-compression
                           compression))
          (url        (encode-and-join-uri-path
-                      `("nar"
+                      `(,@(split-and-decode-uri-path nar-path)
                         ,@(match compression
                             (($ <compression> 'none)
                              '())
@@ -266,11 +284,12 @@ References: ~a~%"
                       %nix-cache-info))))
 
 (define* (render-narinfo store request hash
-                         #:key ttl (compression %no-compression))
+                         #:key ttl (compression %no-compression)
+                         (nar-path "nar"))
   "Render metadata for the store path corresponding to HASH.  If TTL is true,
 advertise it as the maximum validity period (in seconds) via the
 'Cache-Control' header.  This allows 'guix substitute' to cache it for an
-appropriate duration."
+appropriate duration.  NAR-PATH specifies the prefix for nar URLs."
   (let ((store-path (hash-part->path store hash)))
     (if (string-null? store-path)
         (not-found request)
@@ -279,7 +298,8 @@ appropriate duration."
                         `((cache-control (max-age . ,ttl)))
                         '()))
                 (cut display
-                  (narinfo-string store store-path (force %private-key)
+                  (narinfo-string store store-path (%private-key)
+                                  #:nar-path nar-path
                                   #:compression compression)
                   <>)))))
 
@@ -469,7 +489,12 @@ blocking."
 (define* (make-request-handler store
                                #:key
                                narinfo-ttl
+                               (nar-path "nar")
                                (compression %no-compression))
+  (define nar-path?
+    (let ((expected (split-and-decode-uri-path nar-path)))
+      (cut equal? expected <>)))
+
   (lambda (request body)
     (format #t "~a ~a~%"
             (request-method request)
@@ -485,19 +510,23 @@ blocking."
            ;; NARINFO-TTL.
            (render-narinfo store request hash
                            #:ttl narinfo-ttl
+                           #:nar-path nar-path
                            #:compression compression))
+          ;; /nar/file/NAME/sha256/HASH
+          (("file" name "sha256" hash)
+           (guard (c ((invalid-base32-character? c)
+                      (not-found request)))
+             (let ((hash (nix-base32-string->bytevector hash)))
+               (render-content-addressed-file store request
+                                              name 'sha256 hash))))
 
           ;; Use different URLs depending on the compression type.  This
           ;; guarantees that /nar URLs remain valid even when 'guix publish'
           ;; is restarted with different compression parameters.
 
-          ;; /nar/<store-item>
-          (("nar" store-item)
-           (render-nar store request store-item
-                       #:compression %no-compression))
           ;; /nar/gzip/<store-item>
-          (("nar" "gzip" store-item)
-           (if (zlib-available?)
+          ((components ... "gzip" store-item)
+           (if (and (nar-path? components) (zlib-available?))
                (render-nar store request store-item
                            #:compression
                            (match compression
@@ -507,19 +536,21 @@ blocking."
                               %default-gzip-compression)))
                (not-found request)))
 
-          ;; /nar/file/NAME/sha256/HASH
-          (("file" name "sha256" hash)
-           (guard (c ((invalid-base32-character? c)
-                      (not-found request)))
-             (let ((hash (nix-base32-string->bytevector hash)))
-               (render-content-addressed-file store request
-                                              name 'sha256 hash))))
-          (_ (not-found request)))
+          ;; /nar/<store-item>
+          ((components ... store-item)
+           (if (nar-path? components)
+               (render-nar store request store-item
+                           #:compression %no-compression)
+               (not-found request)))
+
+          (x (not-found request)))
         (not-found request))))
 
 (define* (run-publish-server socket store
-                             #:key (compression %no-compression) narinfo-ttl)
+                             #:key (compression %no-compression)
+                             (nar-path "nar") narinfo-ttl)
   (run-server (make-request-handler store
+                                    #:nar-path nar-path
                                     #:narinfo-ttl narinfo-ttl
                                     #:compression compression)
               concurrent-http-server
@@ -566,11 +597,13 @@ blocking."
                                            (sockaddr:addr addr)
                                            port)))
            (socket  (open-server-socket address))
-           (repl-port (assoc-ref opts 'repl)))
-      ;; Read the key right away so that (1) we fail early on if we can't
-      ;; access them, and (2) we can then drop privileges.
-      (force %private-key)
-      (force %public-key)
+           (nar-path  (assoc-ref opts 'nar-path))
+           (repl-port (assoc-ref opts 'repl))
+
+           ;; Read the key right away so that (1) we fail early on if we can't
+           ;; access them, and (2) we can then drop privileges.
+           (public-key  (read-file-sexp (assoc-ref opts 'public-key-file)))
+           (private-key (read-file-sexp (assoc-ref opts 'private-key-file))))
 
       (when user
         ;; Now that we've read the key material and opened the socket, we can
@@ -580,13 +613,17 @@ blocking."
       (when (zero? (getuid))
         (warning (_ "server running as root; \
 consider using the '--user' option!~%")))
-      (format #t (_ "publishing ~a on ~a, port ~d~%")
-              %store-directory
-              (inet-ntop (sockaddr:fam address) (sockaddr:addr address))
-              (sockaddr:port address))
-      (when repl-port
-        (repl:spawn-server (repl:make-tcp-server-socket #:port repl-port)))
-      (with-store store
-        (run-publish-server socket store
-                            #:compression compression
-                            #:narinfo-ttl ttl)))))
+
+      (parameterize ((%public-key public-key)
+                     (%private-key private-key))
+        (format #t (_ "publishing ~a on ~a, port ~d~%")
+                %store-directory
+                (inet-ntop (sockaddr:fam address) (sockaddr:addr address))
+                (sockaddr:port address))
+        (when repl-port
+          (repl:spawn-server (repl:make-tcp-server-socket #:port repl-port)))
+        (with-store store
+          (run-publish-server socket store
+                              #:nar-path nar-path
+                              #:compression compression
+                              #:narinfo-ttl ttl))))))
diff --git a/tests/pack.scm b/tests/pack.scm
index eb643c3229..3bce715075 100644
--- a/tests/pack.scm
+++ b/tests/pack.scm
@@ -50,6 +50,7 @@
 
 (test-begin "pack")
 
+(unless (network-reachable?) (test-skip 1))
 (test-assertm "self-contained-tarball"
   (mlet* %store-monad
       ((profile (profile-derivation (packages->manifest
diff --git a/tests/publish.scm b/tests/publish.scm
index 0fd3b50ecb..ea0f4a3477 100644
--- a/tests/publish.scm
+++ b/tests/publish.scm
@@ -33,6 +33,7 @@
   #:use-module ((guix records) #:select (recutils->alist))
   #:use-module ((guix serialization) #:select (restore-file))
   #:use-module (guix pk-crypto)
+  #:use-module ((guix pki) #:select (%public-key-file %private-key-file))
   #:use-module (guix zlib)
   #:use-module (web uri)
   #:use-module (web client)
@@ -100,6 +101,10 @@
 ;; Wait until the two servers are ready.
 (wait-until-ready 6789)
 
+;; Initialize the public/private key SRFI-39 parameters.
+(%public-key (read-file-sexp %public-key-file))
+(%private-key (read-file-sexp %private-key-file))
+
 
 (test-begin "publish")
 
@@ -227,6 +232,36 @@ References: ~%"
     (list (assoc-ref info "Compression")
           (dirname (assoc-ref info "URL")))))
 
+(test-equal "custom nar path"
+  ;; Serve nars at /foo/bar/chbouib instead of /nar.
+  (list `(("StorePath" . ,%item)
+          ("URL" . ,(string-append "foo/bar/chbouib/" (basename %item)))
+          ("Compression" . "none"))
+        200
+        404)
+  (let ((thread (with-separate-output-ports
+                 (call-with-new-thread
+                  (lambda ()
+                    (guix-publish "--port=6798" "-C0"
+                                  "--nar-path=///foo/bar//chbouib/"))))))
+    (wait-until-ready 6798)
+    (let* ((base    "http://localhost:6798/")
+           (part    (store-path-hash-part %item))
+           (url     (string-append base part ".narinfo"))
+           (nar-url (string-append base "foo/bar/chbouib/"
+                                   (basename %item)))
+           (body    (http-get-port url)))
+      (list (filter (lambda (item)
+                      (match item
+                        (("Compression" . _) #t)
+                        (("StorePath" . _)  #t)
+                        (("URL" . _) #t)
+                        (_ #f)))
+                    (recutils->alist body))
+            (response-code (http-get nar-url))
+            (response-code
+             (http-get (string-append base "nar/" (basename %item))))))))
+
 (test-equal "/nar/ with properly encoded '+' sign"
   "Congrats!"
   (let ((item (add-text-to-store %store "fake-gtk+" "Congrats!")))
diff --git a/tests/store.scm b/tests/store.scm
index c0ebe7b941..45150d36ca 100644
--- a/tests/store.scm
+++ b/tests/store.scm
@@ -384,8 +384,8 @@
             (guard (c ((nix-protocol-error? c) #t))
               (build-derivations %store (list d))))))))
    (cond-expand
-     (guile-2.0 "garbage: ?lambda: λ")
-     (else      "garbage: �lambda: λ"))))
+     (guile-2.2 "garbage: �lambda: λ")
+     (else      "garbage: ?lambda: λ"))))
 
 (test-assert "log-file, derivation"
   (let* ((b (add-text-to-store %store "build" "echo $foo > $out" '()))