summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--HACKING11
-rw-r--r--Makefile.am12
-rw-r--r--doc/guix.texi731
-rw-r--r--gnu/local.mk4
-rw-r--r--gnu/packages/audacity.scm4
-rw-r--r--gnu/packages/ccache.scm6
-rw-r--r--gnu/packages/dns.scm4
-rw-r--r--gnu/packages/emacs.scm79
-rw-r--r--gnu/packages/game-development.scm45
-rw-r--r--gnu/packages/gnome.scm8
-rw-r--r--gnu/packages/guile.scm2
-rw-r--r--gnu/packages/haskell.scm61
-rw-r--r--gnu/packages/linux.scm19
-rw-r--r--gnu/packages/mail.scm4
-rw-r--r--gnu/packages/maths.scm4
-rw-r--r--gnu/packages/music.scm6
-rw-r--r--gnu/packages/patches/libgit2-use-after-free.patch24
-rw-r--r--gnu/packages/perl.scm165
-rw-r--r--gnu/packages/python.scm15
-rw-r--r--gnu/packages/rust.scm7
-rw-r--r--gnu/packages/samba.scm19
-rw-r--r--gnu/packages/ssh.scm29
-rw-r--r--gnu/packages/version-control.scm20
-rw-r--r--gnu/packages/video.scm4
-rw-r--r--gnu/packages/web.scm4
-rw-r--r--gnu/packages/webkit.scm8
-rw-r--r--gnu/packages/xdisorg.scm6
-rw-r--r--gnu/services/base.scm16
-rw-r--r--gnu/services/configuration.scm29
-rw-r--r--gnu/services/messaging.scm23
-rw-r--r--gnu/services/networking.scm89
-rw-r--r--gnu/services/pm.scm404
-rw-r--r--gnu/services/vpn.scm3
-rw-r--r--gnu/system/grub.scm6
-rw-r--r--gnu/tests/networking.scm149
-rw-r--r--guix/build/union.scm17
-rw-r--r--guix/profiles.scm61
-rw-r--r--guix/scripts/lint.scm22
-rw-r--r--guix/ui.scm17
-rw-r--r--tests/lint.scm8
-rw-r--r--tests/union.scm22
41 files changed, 1915 insertions, 252 deletions
diff --git a/HACKING b/HACKING
index 46a7249616..20cc9ea6ea 100644
--- a/HACKING
+++ b/HACKING
@@ -46,9 +46,14 @@ configure Git to automatically sign commits, run:
   git config commit.gpgsign true
   git config user.signingkey CABBA6EA1DC0FF33
 
-You can prevent yourself from accidentally pushing unsigned commits to Savannah
-by using the pre-push Git hook called 'pre-push'. It's located at
-'etc/git/pre-push'.
+You can prevent yourself from accidentally pushing unsigned commits to
+Savannah by using the pre-push Git hook called located at ‘etc/git/pre-push’:
+
+  cp etc/git/pre-push .git/hooks/pre-push
+
+When pushing a commit on behalf of somebody else, please add a Signed-off-by
+line at the end of the commit log message (e.g. with ‘git am --signoff’).
+This improves tracking of who did what.
 
 For anything else, please post to guix-patches@gnu.org and leave time for a
 review, without committing anything.  If you didn’t receive any reply
diff --git a/Makefile.am b/Makefile.am
index 91b5f64e4c..c713d9a3f6 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -129,7 +129,6 @@ MODULES =					\
   guix/import/cabal.scm				\
   guix/import/cran.scm				\
   guix/import/hackage.scm			\
-  guix/import/stackage.scm			\
   guix/import/elpa.scm   			\
   guix/scripts.scm				\
   guix/scripts/download.scm			\
@@ -168,15 +167,16 @@ if HAVE_GUILE_JSON
 
 MODULES +=					\
   guix/docker.scm	   			\
+  guix/import/cpan.scm				\
+  guix/import/crate.scm				\
+  guix/import/gem.scm				\
   guix/import/github.scm   			\
   guix/import/json.scm				\
-  guix/import/crate.scm				\
-  guix/scripts/import/crate.scm			\
   guix/import/pypi.scm				\
-  guix/scripts/import/pypi.scm			\
-  guix/import/cpan.scm				\
+  guix/import/stackage.scm			\
+  guix/scripts/import/crate.scm			\
   guix/scripts/import/gem.scm			\
-  guix/import/gem.scm
+  guix/scripts/import/pypi.scm
 
 endif
 
diff --git a/doc/guix.texi b/doc/guix.texi
index 683ef6c5cd..2bf1e1e037 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -33,7 +33,8 @@ Copyright @copyright{} 2016 Alex ter Weele@*
 Copyright @copyright{} 2017 Clément Lassieur@*
 Copyright @copyright{} 2017 Mathieu Othacehe@*
 Copyright @copyright{} 2017 Federico Beffa@*
-Copyright @copyright{} 2017 Carlo Zancanaro
+Copyright @copyright{} 2017 Carlo Zancanaro@*
+Copyright @copyright{} 2017 Thomas Danckaert
 
 Permission is granted to copy, distribute and/or modify this document
 under the terms of the GNU Free Documentation License, Version 1.3 or
@@ -216,6 +217,7 @@ Services
 * VPN Services::                VPN daemons.
 * Network File System::         NFS related services.
 * Continuous Integration::      The Cuirass service.
+* Power management Services::   The TLP tool.
 * Miscellaneous Services::      Other services.
 
 Defining Services
@@ -6551,9 +6553,9 @@ primarily for debugging a running @command{guix publish} server.
 @end table
 
 Enabling @command{guix publish} on a GuixSD system is a one-liner: just
-add a call to @code{guix-publish-service} in the @code{services} field
-of the @code{operating-system} declaration (@pxref{guix-publish-service,
-@code{guix-publish-service}}).
+instantiate a @code{guix-publish-service-type} service in the @code{services} field
+of the @code{operating-system} declaration (@pxref{guix-publish-service-type,
+@code{guix-publish-service-type}}).
 
 If you are instead running Guix on a ``foreign distro'', follow these
 instructions:”
@@ -8456,6 +8458,7 @@ declaration.
 * VPN Services::                VPN daemons.
 * Network File System::         NFS related services.
 * Continuous Integration::      The Cuirass service.
+* Power management Services::   The TLP tool.
 * Miscellaneous Services::      Other services.
 @end menu
 
@@ -9012,17 +9015,43 @@ uses the @code{ps2} protocol, which works for both USB and PS/2 mice.
 This service is not part of @var{%base-services}.
 @end deffn
 
-@anchor{guix-publish-service}
-@deffn {Scheme Procedure} guix-publish-service [#:guix @var{guix}] @
-           [#:port 80] [#:host "localhost"]
-Return a service that runs @command{guix publish} listening on @var{host}
-and @var{port} (@pxref{Invoking guix publish}).
+@anchor{guix-publish-service-type}
+@deffn {Scheme Variable} guix-publish-service-type @var{config}
+This is the service type for @command{guix publish} (@pxref{Invoking
+guix publish}).  @var{config} must be a @code{guix-configuration}
+object, as described below.
 
 This assumes that @file{/etc/guix} already contains a signing key pair as
 created by @command{guix archive --generate-key} (@pxref{Invoking guix
 archive}).  If that is not the case, the service will fail to start.
 @end deffn
 
+@deftp {Data Type} guix-publish-configuration
+Data type representing the configuration of the @code{guix publish}
+service.
+
+@table @asis
+@item @code{guix} (default: @code{guix})
+The Guix package to use.
+
+@item @code{port} (default: @code{80})
+The TCP port to listen for connections.
+
+@item @code{host} (default: @code{"localhost"})
+The host (and thus, network interface) to listen to.  Use
+@code{"0.0.0.0"} to listen on all the network interfaces.
+
+@item @code{compression-level} (default: @code{3})
+The gzip compression level at which substitutes are compressed.  Use
+@code{0} to disable compression altogether, and @code{9} to get the best
+compression ratio at the expense of increased CPU usage.
+
+@item @code{nar-path} (default: @code{"nar"})
+The URL path at which ``nars'' can be fetched.  @xref{Invoking guix
+publish, @code{--nar-path}}, for details.
+@end table
+@end deftp
+
 @anchor{rngd-service}
 @deffn {Scheme Procedure} rngd-service [#:rng-tools @var{rng-tools}] @
             [#:device "/dev/hwrng"]
@@ -9377,6 +9406,99 @@ make an initial adjustment of more than 1,000 seconds.
 List of host names used as the default NTP servers.
 @end defvr
 
+@cindex inetd
+@deffn {Scheme variable} inetd-service-type
+This service runs the @command{inetd} (@pxref{inetd invocation,,,
+inetutils, GNU Inetutils}) daemon.  @command{inetd} listens for
+connections on internet sockets, and lazily starts the specified server
+program when a connection is made on one of these sockets.
+
+The value of this service is an @code{inetd-configuration} object.  The
+following example configures the @command{inetd} daemon to provide the
+built-in @command{echo} service, as well as an smtp service which
+forwards smtp traffic over ssh to a server @code{smtp-server} behind a
+gateway @code{hostname}:
+
+@example
+(service
+ inetd-service-type
+ (inetd-configuration
+  (entries (list
+            (inetd-entry
+             (name "echo")
+             (socket-type 'stream)
+             (protocol "tcp")
+             (wait? #f)
+             (user "root"))
+            (inetd-entry
+             (node "127.0.0.1")
+             (name "smtp")
+             (socket-type 'stream)
+             (protocol "tcp")
+             (wait? #f)
+             (user "root")
+             (program (file-append openssh "/bin/ssh"))
+             (arguments
+              '("ssh" "-qT" "-i" "/path/to/ssh_key"
+                "-W" "smtp-server:25" "user@@hostname")))))
+@end example
+
+See below for more details about @code{inetd-configuration}.
+@end deffn
+
+@deftp {Data Type} inetd-configuration
+Data type representing the configuration of @command{inetd}.
+
+@table @asis
+@item @code{program} (default: @code{(file-append inetutils "/libexec/inetd")})
+The @command{inetd} executable to use.
+
+@item @code{entries} (default: @code{'()})
+A list of @command{inetd} service entries.  Each entry should be created
+by the @code{inetd-entry} constructor.
+@end table
+@end deftp
+
+@deftp {Data Type} inetd-entry
+Data type representing an entry in the @command{inetd} configuration.
+Each entry corresponds to a socket where @command{inetd} will listen for
+requests.
+
+@table @asis
+@item @code{node} (default: @code{#f})
+Optional string, a comma-separated list of local addresses
+@command{inetd} should use when listening for this service.
+@xref{Configuration file,,, inetutils, GNU Inetutils} for a complete
+description of all options.
+@item @code{name}
+A string, the name must correspond to an entry in @code{/etc/services}.
+@item @code{socket-type}
+One of @code{'stream}, @code{'dgram}, @code{'raw}, @code{'rdm} or
+@code{'seqpacket}.
+@item @code{protocol}
+A string, must correspond to an entry in @code{/etc/protocols}.
+@item @code{wait?} (default: @code{#t})
+Whether @command{inetd} should wait for the server to exit before
+listening to new service requests.
+@item @code{user}
+A string containing the user (and, optionally, group) name of the user
+as whom the server should run.  The group name can be specified in a
+suffix, separated by a colon or period, i.e. @code{"user"},
+@code{"user:group"} or @code{"user.group"}.
+@item @code{program} (default: @code{"internal"})
+The server program which will serve the requests, or @code{"internal"}
+if @command{inetd} should use a built-in service.
+@item @code{arguments} (default: @code{'()})
+A list strings or file-like objects, which are the server program's
+arguments, starting with the zeroth argument, i.e. the name of the
+program itself.  For @command{inetd}'s internal services, this entry
+must be @code{'()} or @code{'("internal")}.
+@end table
+
+@xref{Configuration file,,, inetutils, GNU Inetutils} for a more
+detailed discussion of each configuration field.
+@end deftp
+
 @cindex Tor
 @deffn {Scheme Procedure} tor-service [@var{config-file}] [#:tor @var{tor}]
 Return a service to run the @uref{https://torproject.org, Tor} anonymous
@@ -13090,19 +13212,19 @@ Both can be run simultaneously.
 
 Available @code{openvpn-client-configuration} fields are:
 
-@deftypevr @code{openvpn-client-configuration} parameter package openvpn
+@deftypevr {@code{openvpn-client-configuration} parameter} package openvpn
 The OpenVPN package.
 
 @end deftypevr
 
-@deftypevr @code{openvpn-client-configuration} parameter string pid-file
+@deftypevr {@code{openvpn-client-configuration} parameter} string pid-file
 The OpenVPN pid file.
 
 Defaults to @samp{"/var/run/openvpn/openvpn.pid"}.
 
 @end deftypevr
 
-@deftypevr @code{openvpn-client-configuration} parameter proto proto
+@deftypevr {@code{openvpn-client-configuration} parameter} proto proto
 The protocol (UDP or TCP) used to open a channel between clients and
 servers.
 
@@ -13110,21 +13232,21 @@ Defaults to @samp{udp}.
 
 @end deftypevr
 
-@deftypevr @code{openvpn-client-configuration} parameter dev dev
+@deftypevr {@code{openvpn-client-configuration} parameter} dev dev
 The device type used to represent the VPN connection.
 
 Defaults to @samp{tun}.
 
 @end deftypevr
 
-@deftypevr @code{openvpn-client-configuration} parameter string ca
+@deftypevr {@code{openvpn-client-configuration} parameter} string ca
 The certificate authority to check connections against.
 
 Defaults to @samp{"/etc/openvpn/ca.crt"}.
 
 @end deftypevr
 
-@deftypevr @code{openvpn-client-configuration} parameter string cert
+@deftypevr {@code{openvpn-client-configuration} parameter} string cert
 The certificate of the machine the daemon is running on.  It should be
 signed by the authority given in @code{ca}.
 
@@ -13132,7 +13254,7 @@ Defaults to @samp{"/etc/openvpn/client.crt"}.
 
 @end deftypevr
 
-@deftypevr @code{openvpn-client-configuration} parameter string key
+@deftypevr {@code{openvpn-client-configuration} parameter} string key
 The key of the machine the daemon is running on.  It must be the key whose
 certificate is @code{cert}.
 
@@ -13140,21 +13262,21 @@ Defaults to @samp{"/etc/openvpn/client.key"}.
 
 @end deftypevr
 
-@deftypevr @code{openvpn-client-configuration} parameter boolean comp-lzo?
+@deftypevr {@code{openvpn-client-configuration} parameter} boolean comp-lzo?
 Whether to use the lzo compression algorithm.
 
 Defaults to @samp{#t}.
 
 @end deftypevr
 
-@deftypevr @code{openvpn-client-configuration} parameter boolean persist-key?
+@deftypevr {@code{openvpn-client-configuration} parameter} boolean persist-key?
 Don't re-read key files across SIGUSR1 or --ping-restart.
 
 Defaults to @samp{#t}.
 
 @end deftypevr
 
-@deftypevr @code{openvpn-client-configuration} parameter boolean persist-tun?
+@deftypevr {@code{openvpn-client-configuration} parameter} boolean persist-tun?
 Don't close and reopen TUN/TAP device or run up/down scripts across
 SIGUSR1 or --ping-restart restarts.
 
@@ -13162,14 +13284,14 @@ Defaults to @samp{#t}.
 
 @end deftypevr
 
-@deftypevr @code{openvpn-client-configuration} parameter number verbosity
+@deftypevr {@code{openvpn-client-configuration} parameter} number verbosity
 Verbosity level.
 
 Defaults to @samp{3}.
 
 @end deftypevr
 
-@deftypevr @code{openvpn-client-configuration} parameter tls-auth-client tls-auth
+@deftypevr {@code{openvpn-client-configuration} parameter} tls-auth-client tls-auth
 Add an additional layer of HMAC authentication on top of the TLS control
 channel to protect against DoS attacks.
 
@@ -13177,42 +13299,42 @@ Defaults to @samp{#f}.
 
 @end deftypevr
 
-@deftypevr @code{openvpn-client-configuration} parameter key-usage verify-key-usage?
+@deftypevr {@code{openvpn-client-configuration} parameter} key-usage verify-key-usage?
 Whether to check the server certificate has server usage extension.
 
 Defaults to @samp{#t}.
 
 @end deftypevr
 
-@deftypevr @code{openvpn-client-configuration} parameter bind bind?
+@deftypevr {@code{openvpn-client-configuration} parameter} bind bind?
 Bind to a specific local port number.
 
 Defaults to @samp{#f}.
 
 @end deftypevr
 
-@deftypevr @code{openvpn-client-configuration} parameter resolv-retry resolv-retry?
+@deftypevr {@code{openvpn-client-configuration} parameter} resolv-retry resolv-retry?
 Retry resolving server address.
 
 Defaults to @samp{#t}.
 
 @end deftypevr
 
-@deftypevr @code{openvpn-client-configuration} parameter openvpn-remote-list remote
+@deftypevr {@code{openvpn-client-configuration} parameter} openvpn-remote-list remote
 A list of remote servers to connect to.
 
 Defaults to @samp{()}.
 
 Available @code{openvpn-remote-configuration} fields are:
 
-@deftypevr @code{openvpn-remote-configuration} parameter string name
+@deftypevr {@code{openvpn-remote-configuration} parameter} string name
 Server name.
 
 Defaults to @samp{"my-server"}.
 
 @end deftypevr
 
-@deftypevr @code{openvpn-remote-configuration} parameter number port
+@deftypevr {@code{openvpn-remote-configuration} parameter} number port
 Port number the server listens to.
 
 Defaults to @samp{1194}.
@@ -13226,19 +13348,19 @@ Defaults to @samp{1194}.
 
 Available @code{openvpn-server-configuration} fields are:
 
-@deftypevr @code{openvpn-server-configuration} parameter package openvpn
+@deftypevr {@code{openvpn-server-configuration} parameter} package openvpn
 The OpenVPN package.
 
 @end deftypevr
 
-@deftypevr @code{openvpn-server-configuration} parameter string pid-file
+@deftypevr {@code{openvpn-server-configuration} parameter} string pid-file
 The OpenVPN pid file.
 
 Defaults to @samp{"/var/run/openvpn/openvpn.pid"}.
 
 @end deftypevr
 
-@deftypevr @code{openvpn-server-configuration} parameter proto proto
+@deftypevr {@code{openvpn-server-configuration} parameter} proto proto
 The protocol (UDP or TCP) used to open a channel between clients and
 servers.
 
@@ -13246,21 +13368,21 @@ Defaults to @samp{udp}.
 
 @end deftypevr
 
-@deftypevr @code{openvpn-server-configuration} parameter dev dev
+@deftypevr {@code{openvpn-server-configuration} parameter} dev dev
 The device type used to represent the VPN connection.
 
 Defaults to @samp{tun}.
 
 @end deftypevr
 
-@deftypevr @code{openvpn-server-configuration} parameter string ca
+@deftypevr {@code{openvpn-server-configuration} parameter} string ca
 The certificate authority to check connections against.
 
 Defaults to @samp{"/etc/openvpn/ca.crt"}.
 
 @end deftypevr
 
-@deftypevr @code{openvpn-server-configuration} parameter string cert
+@deftypevr {@code{openvpn-server-configuration} parameter} string cert
 The certificate of the machine the daemon is running on.  It should be
 signed by the authority given in @code{ca}.
 
@@ -13268,7 +13390,7 @@ Defaults to @samp{"/etc/openvpn/client.crt"}.
 
 @end deftypevr
 
-@deftypevr @code{openvpn-server-configuration} parameter string key
+@deftypevr {@code{openvpn-server-configuration} parameter} string key
 The key of the machine the daemon is running on.  It must be the key whose
 certificate is @code{cert}.
 
@@ -13276,21 +13398,21 @@ Defaults to @samp{"/etc/openvpn/client.key"}.
 
 @end deftypevr
 
-@deftypevr @code{openvpn-server-configuration} parameter boolean comp-lzo?
+@deftypevr {@code{openvpn-server-configuration} parameter} boolean comp-lzo?
 Whether to use the lzo compression algorithm.
 
 Defaults to @samp{#t}.
 
 @end deftypevr
 
-@deftypevr @code{openvpn-server-configuration} parameter boolean persist-key?
+@deftypevr {@code{openvpn-server-configuration} parameter} boolean persist-key?
 Don't re-read key files across SIGUSR1 or --ping-restart.
 
 Defaults to @samp{#t}.
 
 @end deftypevr
 
-@deftypevr @code{openvpn-server-configuration} parameter boolean persist-tun?
+@deftypevr {@code{openvpn-server-configuration} parameter} boolean persist-tun?
 Don't close and reopen TUN/TAP device or run up/down scripts across
 SIGUSR1 or --ping-restart restarts.
 
@@ -13298,14 +13420,14 @@ Defaults to @samp{#t}.
 
 @end deftypevr
 
-@deftypevr @code{openvpn-server-configuration} parameter number verbosity
+@deftypevr {@code{openvpn-server-configuration} parameter} number verbosity
 Verbosity level.
 
 Defaults to @samp{3}.
 
 @end deftypevr
 
-@deftypevr @code{openvpn-server-configuration} parameter tls-auth-server tls-auth
+@deftypevr {@code{openvpn-server-configuration} parameter} tls-auth-server tls-auth
 Add an additional layer of HMAC authentication on top of the TLS control
 channel to protect against DoS attacks.
 
@@ -13313,56 +13435,56 @@ Defaults to @samp{#f}.
 
 @end deftypevr
 
-@deftypevr @code{openvpn-server-configuration} parameter number port
+@deftypevr {@code{openvpn-server-configuration} parameter} number port
 Specifies the port number on which the server listens.
 
 Defaults to @samp{1194}.
 
 @end deftypevr
 
-@deftypevr @code{openvpn-server-configuration} parameter ip-mask server
+@deftypevr {@code{openvpn-server-configuration} parameter} ip-mask server
 An ip and mask specifying the subnet inside the virtual network.
 
 Defaults to @samp{"10.8.0.0 255.255.255.0"}.
 
 @end deftypevr
 
-@deftypevr @code{openvpn-server-configuration} parameter cidr6 server-ipv6
+@deftypevr {@code{openvpn-server-configuration} parameter} cidr6 server-ipv6
 A CIDR notation specifying the IPv6 subnet inside the virtual network.
 
 Defaults to @samp{#f}.
 
 @end deftypevr
 
-@deftypevr @code{openvpn-server-configuration} parameter string dh
+@deftypevr {@code{openvpn-server-configuration} parameter} string dh
 The Diffie-Hellman parameters file.
 
 Defaults to @samp{"/etc/openvpn/dh2048.pem"}.
 
 @end deftypevr
 
-@deftypevr @code{openvpn-server-configuration} parameter string ifconfig-pool-persist
+@deftypevr {@code{openvpn-server-configuration} parameter} string ifconfig-pool-persist
 The file that records client IPs.
 
 Defaults to @samp{"/etc/openvpn/ipp.txt"}.
 
 @end deftypevr
 
-@deftypevr @code{openvpn-server-configuration} parameter gateway redirect-gateway?
+@deftypevr {@code{openvpn-server-configuration} parameter} gateway redirect-gateway?
 When true, the server will act as a gateway for its clients.
 
 Defaults to @samp{#f}.
 
 @end deftypevr
 
-@deftypevr @code{openvpn-server-configuration} parameter boolean client-to-client?
+@deftypevr {@code{openvpn-server-configuration} parameter} boolean client-to-client?
 When true, clients are alowed to talk to each other inside the VPN.
 
 Defaults to @samp{#f}.
 
 @end deftypevr
 
-@deftypevr @code{openvpn-server-configuration} parameter keepalive keepalive
+@deftypevr {@code{openvpn-server-configuration} parameter} keepalive keepalive
 Causes ping-like messages to be sent back and forth over the link so
 that each side knows when the other side has gone down.  @code{keepalive}
 requires a pair.  The first element is the period of the ping sending,
@@ -13371,14 +13493,14 @@ down.
 
 @end deftypevr
 
-@deftypevr @code{openvpn-server-configuration} parameter number max-clients
+@deftypevr {@code{openvpn-server-configuration} parameter} number max-clients
 The maximum number of clients.
 
 Defaults to @samp{100}.
 
 @end deftypevr
 
-@deftypevr @code{openvpn-server-configuration} parameter string status
+@deftypevr {@code{openvpn-server-configuration} parameter} string status
 The status file.  This file shows a small report on current connection.
 It is trunkated and rewritten every minute.
 
@@ -13386,28 +13508,28 @@ Defaults to @samp{"/var/run/openvpn/status"}.
 
 @end deftypevr
 
-@deftypevr @code{openvpn-server-configuration} parameter openvpn-ccd-list client-config-dir
+@deftypevr {@code{openvpn-server-configuration} parameter} openvpn-ccd-list client-config-dir
 The list of configuration for some clients.
 
 Defaults to @samp{()}.
 
 Available @code{openvpn-ccd-configuration} fields are:
 
-@deftypevr @code{openvpn-ccd-configuration} parameter string name
+@deftypevr {@code{openvpn-ccd-configuration} parameter} string name
 Client name.
 
 Defaults to @samp{"client"}.
 
 @end deftypevr
 
-@deftypevr @code{openvpn-ccd-configuration} parameter ip-mask iroute
+@deftypevr {@code{openvpn-ccd-configuration} parameter} ip-mask iroute
 Client own network
 
 Defaults to @samp{#f}.
 
 @end deftypevr
 
-@deftypevr @code{openvpn-ccd-configuration} parameter ip-mask ifconfig-push
+@deftypevr {@code{openvpn-ccd-configuration} parameter} ip-mask ifconfig-push
 Client VPN IP.
 
 Defaults to @samp{#f}.
@@ -13687,6 +13809,509 @@ The Cuirass package to use.
 @end table
 @end deftp
 
+@node Power management Services
+@subsubsection Power management Services
+
+@cindex power management with TLP
+The @code{(gnu services pm)} module provides a Guix service definition
+for the Linux power management tool TLP.
+
+TLP enables various powersaving modes in userspace and kernel.
+Contrary to @code{upower-service}, it is not a passive,
+monitoring tool, as it will apply custom settings each time a new power
+source is detected.  More information can be found at
+@uref{http://linrunner.de/en/tlp/tlp.html, TLP home page}.
+
+@deffn {Scheme Variable} tlp-service-type
+The service type for the TLP tool.  Its value should be a valid
+TLP configuration (see below).  For example:
+@example
+(service tlp-service-type (tlp-configuration))
+@end example
+@end deffn
+
+By default TLP does not need much configuration but most TLP parameters
+can be tweaked using @code{tlp-configuration}.
+
+Each parameter definition is preceded by its type; for example,
+@samp{boolean foo} indicates that the @code{foo} parameter
+should be specified as a boolean.  Types starting with
+@code{maybe-} denote parameters that won't show up in TLP config file
+when their value is @code{'disabled}.
+
+@c The following documentation was initially generated by
+@c (generate-tlp-documentation) in (gnu services pm).  Manually maintained
+@c documentation is better, so we shouldn't hesitate to edit below as
+@c needed.  However if the change you want to make to this documentation
+@c can be done in an automated way, it's probably easier to change
+@c (generate-documentation) than to make it below and have to deal with
+@c the churn as TLP updates.
+
+Available @code{tlp-configuration} fields are:
+
+@deftypevr {@code{tlp-configuration} parameter} package tlp
+The TLP package.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} boolean tlp-enable?
+Set to true if you wish to enable TLP.
+
+Defaults to @samp{#t}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} string tlp-default-mode
+Default mode when no power supply can be detected.  Alternatives are AC
+and BAT.
+
+Defaults to @samp{"AC"}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} non-negative-integer disk-idle-secs-on-ac
+Number of seconds Linux kernel has to wait after the disk goes idle,
+before syncing on AC.
+
+Defaults to @samp{0}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} non-negative-integer disk-idle-secs-on-bat
+Same as @code{disk-idle-ac} but on BAT mode.
+
+Defaults to @samp{2}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} non-negative-integer max-lost-work-secs-on-ac
+Dirty pages flushing periodicity, expressed in seconds.
+
+Defaults to @samp{15}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} non-negative-integer max-lost-work-secs-on-bat
+Same as @code{max-lost-work-secs-on-ac} but on BAT mode.
+
+Defaults to @samp{60}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} maybe-space-separated-string-list cpu-scaling-governor-on-ac
+CPU frequency scaling governor on AC mode.  With intel_pstate driver,
+alternatives are powersave and performance.  With acpi-cpufreq driver,
+alternatives are ondemand, powersave, performance and conservative.
+
+Defaults to @samp{disabled}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} maybe-space-separated-string-list cpu-scaling-governor-on-bat
+Same as @code{cpu-scaling-governor-on-ac} but on BAT mode.
+
+Defaults to @samp{disabled}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} maybe-non-negative-integer cpu-scaling-min-freq-on-ac
+Set the min available frequency for the scaling governor on AC.
+
+Defaults to @samp{disabled}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} maybe-non-negative-integer cpu-scaling-max-freq-on-ac
+Set the max available frequency for the scaling governor on AC.
+
+Defaults to @samp{disabled}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} maybe-non-negative-integer cpu-scaling-min-freq-on-bat
+Set the min available frequency for the scaling governor on BAT.
+
+Defaults to @samp{disabled}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} maybe-non-negative-integer cpu-scaling-max-freq-on-bat
+Set the max available frequency for the scaling governor on BAT.
+
+Defaults to @samp{disabled}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} maybe-non-negative-integer cpu-min-perf-on-ac
+Limit the min P-state to control the power dissipation of the CPU, in AC
+mode.  Values are stated as a percentage of the available performance.
+
+Defaults to @samp{disabled}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} maybe-non-negative-integer cpu-max-perf-on-ac
+Limit the max P-state to control the power dissipation of the CPU, in AC
+mode.  Values are stated as a percentage of the available performance.
+
+Defaults to @samp{disabled}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} maybe-non-negative-integer cpu-min-perf-on-bat
+Same as @code{cpu-min-perf-on-ac} on BAT mode.
+
+Defaults to @samp{disabled}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} maybe-non-negative-integer cpu-max-perf-on-bat
+Same as @code{cpu-max-perf-on-ac} on BAT mode.
+
+Defaults to @samp{disabled}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} maybe-boolean cpu-boost-on-ac?
+Enable CPU turbo boost feature on AC mode.
+
+Defaults to @samp{disabled}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} maybe-boolean cpu-boost-on-bat?
+Same as @code{cpu-boost-on-ac?} on BAT mode.
+
+Defaults to @samp{disabled}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} boolean sched-powersave-on-ac?
+Allow Linux kernel to minimize the number of CPU cores/hyper-threads
+used under light load conditions.
+
+Defaults to @samp{#f}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} boolean sched-powersave-on-bat?
+Same as @code{sched-powersave-on-ac?} but on BAT mode.
+
+Defaults to @samp{#t}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} boolean nmi-watchdog?
+Enable Linux kernel NMI watchdog.
+
+Defaults to @samp{#f}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} maybe-string phc-controls
+For Linux kernels with PHC patch applied, change CPU voltages.  An
+example value would be @samp{"F:V F:V F:V F:V"}.
+
+Defaults to @samp{disabled}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} string energy-perf-policy-on-ac
+Set CPU performance versus energy saving policy on AC.  Alternatives are
+performance, normal, powersave.
+
+Defaults to @samp{"performance"}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} string energy-perf-policy-on-bat
+Same as @code{energy-perf-policy-ac} but on BAT mode.
+
+Defaults to @samp{"powersave"}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} space-separated-string-list disks-devices
+Hard disk devices.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} space-separated-string-list disk-apm-level-on-ac
+Hard disk advanced power management level.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} space-separated-string-list disk-apm-level-on-bat
+Same as @code{disk-apm-bat} but on BAT mode.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} maybe-space-separated-string-list disk-spindown-timeout-on-ac
+Hard disk spin down timeout.  One value has to be specified for each
+declared hard disk.
+
+Defaults to @samp{disabled}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} maybe-space-separated-string-list disk-spindown-timeout-on-bat
+Same as @code{disk-spindown-timeout-on-ac} but on BAT mode.
+
+Defaults to @samp{disabled}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} maybe-space-separated-string-list disk-iosched
+Select IO scheduler for disk devices.  One value has to be specified for
+each declared hard disk.  Example alternatives are cfq, deadline and
+noop.
+
+Defaults to @samp{disabled}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} string sata-linkpwr-on-ac
+SATA aggressive link power management (ALPM) level.  Alternatives are
+min_power, medium_power, max_performance.
+
+Defaults to @samp{"max_performance"}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} string sata-linkpwr-on-bat
+Same as @code{sata-linkpwr-ac} but on BAT mode.
+
+Defaults to @samp{"min_power"}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} maybe-string sata-linkpwr-blacklist
+Exclude specified SATA host devices for link power management.
+
+Defaults to @samp{disabled}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} maybe-on-off-boolean ahci-runtime-pm-on-ac?
+Enable Runtime Power Management for AHCI controller and disks on AC
+mode.
+
+Defaults to @samp{disabled}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} maybe-on-off-boolean ahci-runtime-pm-on-bat?
+Same as @code{ahci-runtime-pm-on-ac} on BAT mode.
+
+Defaults to @samp{disabled}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} non-negative-integer ahci-runtime-pm-timeout
+Seconds of inactivity before disk is suspended.
+
+Defaults to @samp{15}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} string pcie-aspm-on-ac
+PCI Express Active State Power Management level.  Alternatives are
+default, performance, powersave.
+
+Defaults to @samp{"performance"}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} string pcie-aspm-on-bat
+Same as @code{pcie-aspm-ac} but on BAT mode.
+
+Defaults to @samp{"powersave"}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} string radeon-power-profile-on-ac
+Radeon graphics clock speed level.  Alternatives are low, mid, high,
+auto, default.
+
+Defaults to @samp{"high"}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} string radeon-power-profile-on-bat
+Same as @code{radeon-power-ac} but on BAT mode.
+
+Defaults to @samp{"low"}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} string radeon-dpm-state-on-ac
+Radeon dynamic power management method (DPM).  Alternatives are battery,
+performance.
+
+Defaults to @samp{"performance"}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} string radeon-dpm-state-on-bat
+Same as @code{radeon-dpm-state-ac} but on BAT mode.
+
+Defaults to @samp{"battery"}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} string radeon-dpm-perf-level-on-ac
+Radeon DPM performance level.  Alternatives are auto, low, high.
+
+Defaults to @samp{"auto"}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} string radeon-dpm-perf-level-on-bat
+Same as @code{radeon-dpm-perf-ac} but on BAT mode.
+
+Defaults to @samp{"auto"}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} on-off-boolean wifi-pwr-on-ac?
+Wifi power saving mode.
+
+Defaults to @samp{#f}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} on-off-boolean wifi-pwr-on-bat?
+Same as @code{wifi-power-ac?} but on BAT mode.
+
+Defaults to @samp{#t}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} y-n-boolean wol-disable?
+Disable wake on LAN.
+
+Defaults to @samp{#t}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} non-negative-integer sound-power-save-on-ac
+Timeout duration in seconds before activating audio power saving on
+Intel HDA and AC97 devices.  A value of 0 disables power saving.
+
+Defaults to @samp{0}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} non-negative-integer sound-power-save-on-bat
+Same as @code{sound-powersave-ac} but on BAT mode.
+
+Defaults to @samp{1}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} y-n-boolean sound-power-save-controller?
+Disable controller in powersaving mode on Intel HDA devices.
+
+Defaults to @samp{#t}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} boolean bay-poweroff-on-bat?
+Enable optical drive in UltraBay/MediaBay on BAT mode.  Drive can be
+powered on again by releasing (and reinserting) the eject lever or by
+pressing the disc eject button on newer models.
+
+Defaults to @samp{#f}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} string bay-device
+Name of the optical drive device to power off.
+
+Defaults to @samp{"sr0"}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} string runtime-pm-on-ac
+Runtime Power Management for PCI(e) bus devices.  Alternatives are on
+and auto.
+
+Defaults to @samp{"on"}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} string runtime-pm-on-bat
+Same as @code{runtime-pm-ac} but on BAT mode.
+
+Defaults to @samp{"auto"}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} boolean runtime-pm-all?
+Runtime Power Management for all PCI(e) bus devices, except blacklisted
+ones.
+
+Defaults to @samp{#t}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} maybe-space-separated-string-list runtime-pm-blacklist
+Exclude specified PCI(e) devices adresses from Runtime Power Management.
+
+Defaults to @samp{disabled}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} space-separated-string-list runtime-pm-driver-blacklist
+Exclude PCI(e) devices assigned to the specified drivers from Runtime
+Power Management.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} boolean usb-autosuspend?
+Enable USB autosuspend feature.
+
+Defaults to @samp{#t}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} maybe-string usb-blacklist
+Exclude specified devices from USB autosuspend.
+
+Defaults to @samp{disabled}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} boolean usb-blacklist-wwan?
+Exclude WWAN devices from USB autosuspend.
+
+Defaults to @samp{#t}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} maybe-string usb-whitelist
+Include specified devices into USB autosuspend, even if they are already
+excluded by the driver or via @code{usb-blacklist-wwan?}.
+
+Defaults to @samp{disabled}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} maybe-boolean usb-autosuspend-disable-on-shutdown?
+Enable USB autosuspend before shutdown.
+
+Defaults to @samp{disabled}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} boolean restore-device-state-on-startup?
+Restore radio device state (bluetooth, wifi, wwan) from previous
+shutdown on system startup.
+
+Defaults to @samp{#f}.
+
+@end deftypevr
+
 @node Miscellaneous Services
 @subsubsection Miscellaneous Services
 
diff --git a/gnu/local.mk b/gnu/local.mk
index 02758dd7e1..f69946ba14 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -12,6 +12,7 @@
 # Copyright © 2016, 2017 Alex Vong <alexvong1995@gmail.com>
 # Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
 # Copyright © 2017 Clément Lassieur <clement@lassieur.org>
+# Copyright © 2017 Mathieu Othacehe <m.othacehe@gmail.com>
 #
 # This file is part of GNU Guix.
 #
@@ -424,6 +425,7 @@ GNU_SYSTEM_MODULES =				\
   %D%/services/nfs.scm			\
   %D%/services/shepherd.scm			\
   %D%/services/herd.scm				\
+  %D%/services/pm.scm				\
   %D%/services/sddm.scm				\
   %D%/services/spice.scm				\
   %D%/services/ssh.scm				\
@@ -464,6 +466,7 @@ GNU_SYSTEM_MODULES =				\
   %D%/tests/install.scm				\
   %D%/tests/mail.scm				\
   %D%/tests/messaging.scm			\
+  %D%/tests/networking.scm			\
   %D%/tests/ssh.scm				\
   %D%/tests/web.scm
 
@@ -685,6 +688,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/libevent-2.1-dns-tests.patch		\
   %D%/packages/patches/libevent-2.1-skip-failing-test.patch	\
   %D%/packages/patches/libextractor-ffmpeg-3.patch		\
+  %D%/packages/patches/libgit2-use-after-free.patch		\
   %D%/packages/patches/libjxr-fix-function-signature.patch	\
   %D%/packages/patches/libjxr-fix-typos.patch			\
   %D%/packages/patches/liboop-mips64-deplibs-fix.patch		\
diff --git a/gnu/packages/audacity.scm b/gnu/packages/audacity.scm
index c448d0c1f2..a70d0e3a69 100644
--- a/gnu/packages/audacity.scm
+++ b/gnu/packages/audacity.scm
@@ -52,8 +52,8 @@
     (inputs
      ;; TODO: Add portSMF and libwidgetextra once they're packaged.  In-tree
      ;; versions shipping with Audacity are used for now.
-     `(("wxwidgets" ,wxwidgets)
-       ("gtk" ,gtk+)
+     `(("wxwidgets" ,wxwidgets-gtk2)
+       ("gtk" ,gtk+-2)
        ("alsa-lib" ,alsa-lib)
        ("jack" ,jack-1)
        ("expat" ,expat)
diff --git a/gnu/packages/ccache.scm b/gnu/packages/ccache.scm
index 181fba2fd0..590fdb0ea1 100644
--- a/gnu/packages/ccache.scm
+++ b/gnu/packages/ccache.scm
@@ -1,6 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2014, 2015, 2016 Eric Bavier <bavier@member.fsf.org>
-;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -29,7 +29,7 @@
 (define-public ccache
   (package
     (name "ccache")
-    (version "3.3.3")
+    (version "3.3.4")
     (source
      (origin
       (method url-fetch)
@@ -37,7 +37,7 @@
                           version ".tar.xz"))
       (sha256
        (base32
-        "1v04ky2mhvx8gnqfbs9x2vvf4i9mzph4fwdg72s9xyhwv92sf0iv"))))
+        "0ks0vk408mdppfbk8v38p46fqx3p30r9a9cwiia43373i7rmpw94"))))
     (build-system gnu-build-system)
     (native-inputs `(("perl" ,perl)     ;for test.sh
                      ("which" ,(@ (gnu packages base) which))))
diff --git a/gnu/packages/dns.scm b/gnu/packages/dns.scm
index ec89abc670..57ac297a05 100644
--- a/gnu/packages/dns.scm
+++ b/gnu/packages/dns.scm
@@ -318,14 +318,14 @@ Extensions} (DNSSEC).")
 (define-public knot
   (package
     (name "knot")
-    (version "2.4.1")
+    (version "2.4.2")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://secure.nic.cz/files/knot-dns/"
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "0k3hkc6vqj8yd479zdn80ki5f0vnjhrm4fka7kfj9z7mkgwxsr60"))
+                "0licfnjl0mq9lzdn6frzdasrj65253xc9n33dhvxcjqr3z7pznip"))
               (modules '((guix build utils)))
               (snippet
                '(begin
diff --git a/gnu/packages/emacs.scm b/gnu/packages/emacs.scm
index b84faaff07..4fe2ffa4db 100644
--- a/gnu/packages/emacs.scm
+++ b/gnu/packages/emacs.scm
@@ -20,6 +20,7 @@
 ;;; Copyright © 2017 Christopher Baines <mail@cbaines.net>
 ;;; Copyright © 2017 Mathieu Othacehe <m.othacehe@gmail.com>
 ;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org>
+;;; Copyright © 2017 Vasile Dumitrascu <va511e@yahoo.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -1080,6 +1081,26 @@ like.  It can be linked with various Emacs mail clients (Message and Mail
 mode, Rmail, Gnus, MH-E, and VM).  BBDB is fully customizable.")
     (license license:gpl3+)))
 
+(define-public emacs-aggressive-indent
+  (package
+    (name "emacs-aggressive-indent")
+    (version "1.8.3")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://elpa.gnu.org/packages/"
+                                  "aggressive-indent-" version ".el"))
+              (sha256
+               (base32
+                "0jnzccl50x0wapprgwxinp99pwwa6j43q6msn4gv437j7swy8wnj"))))
+    (build-system emacs-build-system)
+    (home-page "https://elpa.gnu.org/packages/aggressive-indent.html")
+    (synopsis "Minor mode to aggressively keep your code always indented")
+    (description
+     "@code{aggressive-indent-mode} is a minor mode that keeps your code
+always indented.  It reindents after every change, making it more reliable
+than @code{electric-indent-mode}.")
+    (license license:gpl2+)))
+
 (define-public emacs-ag
   (package
     (name "emacs-ag")
@@ -1396,6 +1417,25 @@ code written in the D programming language.  This mode is currently known to
 work with Emacs 24 and 25.")
     (license license:gpl2+)))
 
+(define-public emacs-keyfreq
+  (package
+    (name "emacs-keyfreq")
+    (version "20160516.716")
+    (source
+      (origin
+        (method url-fetch)
+        (uri (string-append "http://melpa.org/packages/keyfreq-"
+               version ".el"))
+        (sha256
+          (base32
+            "008hd7d06qskc3mx0bbdgpgy2pwxr8185fzlyqf9qjg49y74p6g8"))))
+    (build-system emacs-build-system)
+    (home-page "https://github.com/dacap/keyfreq")
+    (synopsis "Track Emacs command frequencies")
+    (description "@code{emacs-keyfeq} tracks and shows how many times you used
+a command.")
+    (license license:gpl3+)))
+
 (define-public emacs-undo-tree
   (package
     (name "emacs-undo-tree")
@@ -1443,6 +1483,25 @@ allows easily move between them.")
 strings.")
     (license license:gpl3+)))
 
+(define-public emacs-symon
+  (package
+    (name "emacs-symon")
+    (version "20170224.33")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "http://melpa.org/packages/symon-"
+                           version ".el"))
+       (sha256
+        (base32
+         "109jd7yjhdrrf5jqpqyv543nb28g7065z58bji9pvxanzi4zl2iz"))))
+    (build-system emacs-build-system)
+    (home-page "http://hins11.yu-yake.com/")
+    (synopsis "Tiny graphical system monitor")
+    (description
+     "Tiny graphical system monitor for the Emacs minibuffer when idle.")
+    (license license:gpl2+)))
+
 (define-public emacs-sx
   (package
     (name "emacs-sx")
@@ -3364,6 +3423,26 @@ go to the second most recent edit, etc.  Negative argument, @kbd{C-u -}, is
 used for reverse direction.")
     (license license:gpl2+)))
 
+(define-public emacs-monroe
+  (package
+    (name "emacs-monroe")
+    (version "20170220.540")
+    (source
+      (origin
+        (method url-fetch)
+        (uri (string-append "http://melpa.org/packages/monroe-"
+                            version ".el"))
+        (sha256
+          (base32
+            "06p0qdhg4arwij1qpiiiwsd0m1bbl1qwd20ij2bmhryrvrcpswq3"))))
+    (build-system emacs-build-system)
+    (home-page "http://www.github.com/sanel/monroe")
+    (synopsis "Clojure nREPL client for Emacs")
+    (description
+      "Monroe is a nREPL client for Emacs, focused on simplicity and easy
+distribution, primarily targeting Clojure users")
+    (license license:gpl3+)))
+
 (define-public emacs-writegood-mode
   (package
     (name "emacs-writegood-mode")
diff --git a/gnu/packages/game-development.scm b/gnu/packages/game-development.scm
index 29f0555886..b4fce3f3b9 100644
--- a/gnu/packages/game-development.scm
+++ b/gnu/packages/game-development.scm
@@ -3,7 +3,7 @@
 ;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2015 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2015 Alex Kost <alezost@gmail.com>
-;;; Copyright © 2015, 2016 David Thompson <davet@gnu.org>
+;;; Copyright © 2015, 2016, 2017 David Thompson <davet@gnu.org>
 ;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016, 2017 Kei Kebreau <kei@openmailbox.org>
 ;;; Copyright © 2016 Ricardo Wurmus <rekado@elephly.net>
@@ -674,3 +674,46 @@ to create fully featured games and multimedia programs in the python language.")
 
 (define-public python2-pygame
   (package-with-python2 python-pygame))
+
+(define-public grafx2
+  (package
+    (name "grafx2")
+    (version "2.4")
+    (source (origin
+              (method url-fetch)
+              ;; XXX: There is no URL that contains the version. :(
+              (uri "http://pulkomandy.tk/projects/GrafX2/downloads/21")
+              (sha256
+               (base32
+                "0svsy6rqmdj11b400c242i2ixihyz0hds0dgicqz6g6dcgmcl62q"))))
+    (build-system gnu-build-system)
+    (arguments
+     '(#:phases
+       (modify-phases %standard-phases
+         (delete 'configure) ; no configure script
+         (add-before 'build 'change-to-src-directory
+           (lambda _
+             (chdir "src")
+             #t)))
+       #:make-flags
+       ;; SDL header files are referenced without the preceeding "SDL/".
+       (list (string-append "CFLAGS=-I"
+                            (assoc-ref %build-inputs "sdl-union")
+                            "/include/SDL")
+             (string-append "prefix="
+                            (assoc-ref %outputs "out")))
+       #:tests? #f)) ; no check target
+    (native-inputs
+     `(("pkg-config" ,pkg-config)))
+    (inputs
+     `(("libpng" ,libpng)
+       ("lua" ,lua-5.1)
+       ("sdl-union" ,(sdl-union (list sdl sdl-image sdl-ttf)))))
+    (synopsis "Bitmap paint program")
+    (description "GrafX2 is a bitmap paint program inspired by the Amiga
+programs Deluxe Paint and Brilliance.  Specializing in 256-color drawing, it
+includes a very large number of tools and effects that make it particularly
+suitable for pixel art, game graphics, and generally any detailed graphics
+painted with a mouse.")
+    (home-page "http://pulkomandy.tk/projects/GrafX2")
+    (license license:gpl2))) ; GPLv2 only
diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm
index 60e1c7a330..cd001f5210 100644
--- a/gnu/packages/gnome.scm
+++ b/gnu/packages/gnome.scm
@@ -2528,7 +2528,7 @@ output devices.")
 (define-public geoclue
   (package
     (name "geoclue")
-    (version "2.4.4")
+    (version "2.4.6")
     (source
      (origin
        (method url-fetch)
@@ -2537,7 +2537,7 @@ output devices.")
                            name "-" version ".tar.xz"))
        (sha256
         (base32
-         "0p1ibjf5vzjsahw5xif2si3lj6a00sxhll008jk7w1hj1jfznhww"))
+         "1dnknrwln159dj7pdprnfa4zjprgslabxngmn11jyjwvbi2zfzf5"))
        (patches (search-patches "geoclue-config.patch"))))
     (build-system glib-or-gtk-build-system)
     (arguments
@@ -3711,7 +3711,7 @@ work and the interface is well tested.")
 (define-public epiphany
   (package
     (name "epiphany")
-    (version "3.22.6")
+    (version "3.22.7")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -3719,7 +3719,7 @@ work and the interface is well tested.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "1hpwjwiviwh9dgc9cwq0gmr5jy40rvigjcq0cbg2nw2hqiyshzny"))))
+                "1167x5s0kawkqngjnzml0a11ib18raxqc4p11kacivj4jv0pwnx1"))))
     (build-system glib-or-gtk-build-system)
     (arguments
      ;; FIXME: tests run under Xvfb, but fail with:
diff --git a/gnu/packages/guile.scm b/gnu/packages/guile.scm
index 0e75e026b5..3918e17b3d 100644
--- a/gnu/packages/guile.scm
+++ b/gnu/packages/guile.scm
@@ -1025,7 +1025,7 @@ Guile's foreign function interface.")
     (arguments
      `(#:modules ((ice-9 match) (ice-9 ftw)
                   ,@%gnu-build-system-modules)
-
+       #:tests? #f ; test suite is non-deterministic :(
        #:phases (modify-phases %standard-phases
                   (add-after 'install 'wrap-haunt
                     (lambda* (#:key outputs #:allow-other-keys)
diff --git a/gnu/packages/haskell.scm b/gnu/packages/haskell.scm
index d48983a81a..7d49cada3a 100644
--- a/gnu/packages/haskell.scm
+++ b/gnu/packages/haskell.scm
@@ -8234,4 +8234,65 @@ handler built in.")
 handled safely, this is what you're left with.")
     (license license:isc)))
 
+(define-public ghc-json
+  (package
+    (name "ghc-json")
+    (version "0.9.1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://hackage.haskell.org/package/json/"
+                           "json-" version ".tar.gz"))
+       (sha256
+        (base32
+         "18l5027vc68hnnxrxlnyl59vkkg95a92m1zzms0dqiby2r6pxdcn"))))
+    (build-system haskell-build-system)
+    (inputs
+     `(("ghc-syb" ,ghc-syb)
+       ("ghc-mtl" ,ghc-mtl)
+       ("ghc-text" ,ghc-text)
+       ("ghc-parsec" ,ghc-parsec)))
+    (home-page "http://hackage.haskell.org/package/json")
+    (synopsis "Serializes Haskell data to and from JSON")
+    (description "This package provides a parser and pretty printer for
+converting between Haskell values and JSON.
+JSON (JavaScript Object Notation) is a lightweight data-interchange format.")
+    (license license:bsd-3)))
+
+(define-public shellcheck
+  (package
+    (name "shellcheck")
+    (version "0.4.5")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://github.com/koalaman/shellcheck/archive/"
+                           "v" version ".tar.gz"))
+       (sha256
+        (base32
+         "14r84fcn28rin339avlvca5g0kz832f01x8dpmwb5ql8mbc4rlxr"))
+       (file-name (string-append name "-" version ".tar.gz"))))
+    (build-system haskell-build-system)
+    (inputs
+     `(("ghc-quickcheck" ,ghc-quickcheck)
+       ("ghc-json" ,ghc-json)
+       ("ghc-mtl" ,ghc-mtl)
+       ("ghc-parsec" ,ghc-parsec)
+       ("ghc-regex-tdfa" ,ghc-regex-tdfa)))
+    (home-page "https://github.com/koalaman/shellcheck")
+    (synopsis "Static analysis for shell scripts")
+    (description "@code{shellcheck} provides static analysis for
+@command{bash} and @command{sh} shell scripts.
+It gives warnings and suggestions in order to:
+
+@enumerate
+@item Point out and clarify typical beginner's syntax issues that cause
+a shell to give cryptic error messages.
+@item Point out and clarify typical intermediate level semantic problems
+that cause a shell to behave strangely and counter-intuitively.
+@item Point out subtle caveats, corner cases and pitfalls that may cause an
+advanced user's otherwise working script to fail under future circumstances.
+@end enumerate")
+    (license license:gpl3+)))
+
 ;;; haskell.scm ends here
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index ea7be23d74..87483f7dbf 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -348,8 +348,8 @@ It has been modified to remove all non-free binary blobs.")
 
 (define %intel-compatible-systems '("x86_64-linux" "i686-linux"))
 
-(define %linux-libre-version "4.10.4")
-(define %linux-libre-hash "0cmz4y8pb3sdag32bsrn7vg1i8v9rymfspg85ipkbamm53c7v54g")
+(define %linux-libre-version "4.10.5")
+(define %linux-libre-hash "0qxanna5a82vyh5yb3mv8vvx5i9kdzmq2p6q7xp1fy88x9gj11xb")
 
 (define-public linux-libre
   (make-linux-libre %linux-libre-version
@@ -358,14 +358,14 @@ It has been modified to remove all non-free binary blobs.")
                     #:configuration-file kernel-config))
 
 (define-public linux-libre-4.9
-  (make-linux-libre "4.9.16"
-                    "0n7y7h7ps4l1pr9d0m75hkw41jnfyw301r343dsaznwc0lpq3ch7"
+  (make-linux-libre "4.9.17"
+                    "1543b159s6v5z9l2bskw9rd6v8d98da8sppd34lz7nin6nk00cpk"
                     %intel-compatible-systems
                     #:configuration-file kernel-config))
 
 (define-public linux-libre-4.4
-  (make-linux-libre "4.4.55"
-                    "1m4h3wi4j573hny1yfi9qwkiicx2bx3gwy52zpr8bhxpyqz0d2dl"
+  (make-linux-libre "4.4.56"
+                    "16fa4rf6vdyakvjis2ahvzdw87znsqgxd84458y86z2szwbaym7n"
                     %intel-compatible-systems
                     #:configuration-file kernel-config))
 
@@ -2054,6 +2054,7 @@ country-specific regulations for the wireless spectrum.")
                            "https://github.com/groeck/lm-sensors/archive/V"
                            (string-join (string-split version #\.) "-")
                            ".tar.gz")))
+              (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
                 "0knb09s9lvx0wzfsaizx3xq58q6kllqf7nkbwvir0wkgn31c2d73"))
@@ -3155,14 +3156,14 @@ the default @code{nsswitch} and the experimental @code{umich_ldap}.")
 (define-public mcelog
   (package
     (name "mcelog")
-    (version "148")
+    (version "149")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://git.kernel.org/cgit/utils/cpu/mce/"
                                   "mcelog.git/snapshot/v" version ".tar.gz"))
               (sha256
                (base32
-                "1d5g09ndfsnl56vyhb5xw0zxspnh0f937biw3agqhdfbvw40j9jr"))
+                "08hd8bl9rgss990icb69srarrfwcg8k7py979ak753j92ybbkhdm"))
               (file-name (string-append name "-" version ".tar.gz"))
               (modules '((guix build utils)))
               (snippet
@@ -3489,7 +3490,7 @@ Light is the successor of lightscript.")
                (setenv "TLP_BIN" (string-append out "/bin"))
                (setenv "TLP_TLIB" (string-append out "/share/tlp-pm"))
                (setenv "TLP_ULIB" (string-append out "/lib/udev"))
-               (setenv "TLP_CONF" (string-append out "/etc/tlp"))
+               (setenv "TLP_CONF" "/etc/tlp")
                (setenv "TLP_SHCPL"
                        (string-append out "/share/bash-completion/completions"))
                (setenv "TLP_MAN" (string-append out "/share/man")))))
diff --git a/gnu/packages/mail.scm b/gnu/packages/mail.scm
index 53a8632947..4ac42f80c8 100644
--- a/gnu/packages/mail.scm
+++ b/gnu/packages/mail.scm
@@ -892,7 +892,7 @@ compresses it.")
 (define-public claws-mail
   (package
     (name "claws-mail")
-    (version "3.14.1")
+    (version "3.15.0")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -900,7 +900,7 @@ compresses it.")
                     ".tar.xz"))
               (sha256
                (base32
-                "0df34gj4r5cbb92834hph19gnh7ih9rgmmw47rliyg8b9z01v6mp"))))
+                "0bnwd3l04y6j1nw3h861rdy6k6lyjzsi51j04d33vbpq8c6jskaf"))))
     (build-system gnu-build-system)
     (native-inputs `(("pkg-config" ,pkg-config)))
     (inputs `(("bogofilter" ,bogofilter)
diff --git a/gnu/packages/maths.scm b/gnu/packages/maths.scm
index ec8316b5f5..8fad8f0aef 100644
--- a/gnu/packages/maths.scm
+++ b/gnu/packages/maths.scm
@@ -70,6 +70,7 @@
   #:use-module (gnu packages less)
   #:use-module (gnu packages lisp)
   #:use-module (gnu packages logging)
+  #:use-module (gnu packages lua)
   #:use-module (gnu packages gnome)
   #:use-module (gnu packages guile)
   #:use-module (gnu packages xorg)
@@ -495,7 +496,8 @@ singular value problems.")
     (inputs `(("readline" ,readline)
               ("cairo" ,cairo)
               ("pango" ,pango)
-              ("gd" ,gd)))
+              ("gd" ,gd)
+              ("lua" ,lua)))
     (native-inputs `(("pkg-config" ,pkg-config)
                      ("texlive" ,texlive-minimal)))
     (home-page "http://www.gnuplot.info")
diff --git a/gnu/packages/music.scm b/gnu/packages/music.scm
index 416a3304ff..198c6f1fed 100644
--- a/gnu/packages/music.scm
+++ b/gnu/packages/music.scm
@@ -3,7 +3,7 @@
 ;;; Copyright © 2015, 2016, 2017 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2015 Paul van der Walt <paul@denknerd.org>
 ;;; Copyright © 2016 Al McElrath <hello@yrns.org>
-;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 Leo Famulari <leo@famulari.name>
 ;;; Copyright © 2016 Kei Kebreau <kei@openmailbox.org>
 ;;; Copyright © 2016 John J. Foerch <jjfoerch@earthlink.net>
@@ -236,14 +236,14 @@ many input formats and provides a customisable Vi-style user interface.")
 (define-public denemo
   (package
     (name "denemo")
-    (version "2.0.14")
+    (version "2.1")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnu/denemo/denemo-"
                                   version ".tar.gz"))
               (sha256
                (base32
-                "1a7g38695g7jjypx25qp0dx0asrh72xwdj0mdhmb9pfyzlppq0wh"))))
+                "0hggf8c4xcrjcxd5m00r788r7jg7g8ff54w2idfaqpj5j2ix3299"))))
     (build-system gnu-build-system)
     (arguments
      `(#:phases
diff --git a/gnu/packages/patches/libgit2-use-after-free.patch b/gnu/packages/patches/libgit2-use-after-free.patch
new file mode 100644
index 0000000000..580af8781a
--- /dev/null
+++ b/gnu/packages/patches/libgit2-use-after-free.patch
@@ -0,0 +1,24 @@
+This patch is taken from <https://github.com/libgit2/libgit2/pull/4122>;
+we need it to fix the use-after-free error in 'git_commit_extract_signature'
+reported at <https://github.com/libgit2/libgit2/issues/4118>.
+
+From ade0d9c658fdfc68d8046935f6908f033fe7a529 Mon Sep 17 00:00:00 2001
+From: Patrick Steinhardt <ps@pks.im>
+Date: Mon, 13 Feb 2017 13:46:17 +0100
+Subject: [PATCH 3/3] commit: avoid possible use-after-free
+
+diff --git a/src/commit.c b/src/commit.c
+index 89a4db1..05b70a9 100644
+--- a/src/commit.c
++++ b/src/commit.c
+@@ -766,8 +766,9 @@ int git_commit_extract_signature(git_buf *signature, git_buf *signed_data, git_r
+ 		if (git_buf_oom(signature))
+ 			goto oom;
+ 
++		error = git_buf_puts(signed_data, eol+1);
+ 		git_odb_object_free(obj);
+-		return git_buf_puts(signed_data, eol+1);
++		return error;
+ 	}
+ 
+ 	giterr_set(GITERR_OBJECT, "this commit is not signed");
diff --git a/gnu/packages/perl.scm b/gnu/packages/perl.scm
index 086e1fae03..3470121883 100644
--- a/gnu/packages/perl.scm
+++ b/gnu/packages/perl.scm
@@ -380,7 +380,7 @@ parent.")
 (define-public perl-b-hooks-endofscope
   (package
     (name "perl-b-hooks-endofscope")
-    (version "0.13")
+    (version "0.21")
     (source
      (origin
        (method url-fetch)
@@ -388,7 +388,7 @@ parent.")
                            "B-Hooks-EndOfScope-" version ".tar.gz"))
        (sha256
         (base32
-         "1f5d0lbkwf23dfjn60g6fynmjhy5rxdyxcpdfb07srm73qpg2zpi"))))
+         "0b70vbpabsy9ia366k330cz1zbdyb1pwhb0l7j28pmpih045iwwh"))))
     (build-system perl-build-system)
     (propagated-inputs
      `(("perl-module-runtime" ,perl-module-runtime)
@@ -603,7 +603,7 @@ algorithm to keep the most used entries in the cache.")
 (define-public perl-capture-tiny
   (package
     (name "perl-capture-tiny")
-    (version "0.28")
+    (version "0.46")
     (source
      (origin
        (method url-fetch)
@@ -612,7 +612,7 @@ algorithm to keep the most used entries in the cache.")
              version ".tar.gz"))
        (sha256
         (base32
-         "117gmwipql1y5xnw9jil3lhdsrf2wsm9wjdzqj66x971n3fwm573"))))
+         "05bhlx6d4nzamhkkh0pkckg7wlvaq6mazf7q1fbb5wpp1j1nlyjx"))))
     (build-system perl-build-system)
     (home-page "http://search.cpan.org/dist/Capture-Tiny")
     (synopsis "Capture STDOUT and STDERR from Perl, XS or external programs")
@@ -973,7 +973,7 @@ loaded class.")
 (define-public perl-class-load
   (package
     (name "perl-class-load")
-    (version "0.22")
+    (version "0.23")
     (source
      (origin
        (method url-fetch)
@@ -981,7 +981,7 @@ loaded class.")
                            "Class-Load-" version ".tar.gz"))
        (sha256
         (base32
-         "049i285yj8hwgzj7nncjbs2bhxvpdk88wmx1d0nh0rdmh5hdnlmy"))))
+         "13xjfh4fadq4pkq7fcj42b26544jl7gqdg2y3imnra9fwxwsbg7j"))))
     (build-system perl-build-system)
     (native-inputs
      `(("perl-module-build-tiny" ,perl-module-build-tiny)
@@ -1154,14 +1154,14 @@ arrays for their internal representation.")
 (define-public perl-clone
   (package
     (name "perl-clone")
-    (version "0.37")
+    (version "0.38")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://cpan/authors/id/G/GA/GARU/"
                                   "Clone-" version ".tar.gz"))
               (sha256
                (base32
-                "17fdhxpzrq2nwim3zkcrz4m9gjixp0i886yz54ysrshxy3k53wnr"))))
+                "1s5xrv9zlckqqzyhxi0l9lwj9m6na2bz5hqxrkva2v7gnx5m7c4z"))))
     (build-system perl-build-system)
     (synopsis "Recursively copy Perl datatypes")
     (description
@@ -1175,7 +1175,7 @@ objects.")
 (define-public perl-common-sense
   (package
     (name "perl-common-sense")
-    (version "3.73")
+    (version "3.74")
     (source
      (origin
        (method url-fetch)
@@ -1183,7 +1183,7 @@ objects.")
                            "common-sense-" version ".tar.gz"))
        (sha256
         (base32
-         "047xwgpn5611zrhk4c8vk9pzcbk1q7n3q0lfiwhhq7k4fbjca441"))))
+         "1wxv2s0hbjkrnssvxvsds0k213awg5pgdlrpkr6xkpnimc17s7vp"))))
     (build-system perl-build-system)
     (home-page "http://search.cpan.org/dist/common-sense")
     (synopsis "Sane defaults for Perl programs")
@@ -1307,7 +1307,7 @@ the caller.")
 (define-public perl-cpan-meta-check
   (package
     (name "perl-cpan-meta-check")
-    (version "0.009")
+    (version "0.011")
     (source
      (origin
        (method url-fetch)
@@ -1315,7 +1315,7 @@ the caller.")
                            "CPAN-Meta-Check-" version ".tar.gz"))
        (sha256
         (base32
-         "0qbk5dwvhd78qgq5x6nim2n0l78pylvlklpbrm56w9yss6pl6bgb"))))
+         "0nxi0xhhd3dwhgri3l8z8gpz2ibvhm5k7jjls8xmnlh0v84p04kh"))))
     (build-system perl-build-system)
     (native-inputs `(("perl-test-deep" ,perl-test-deep)))
     (propagated-inputs `(("perl-cpan-meta" ,perl-cpan-meta)))
@@ -2285,7 +2285,7 @@ variable in a subroutines scope to one of your choosing.")
 (define-public perl-devel-overloadinfo
   (package
     (name "perl-devel-overloadinfo")
-    (version "0.002")
+    (version "0.004")
     (source
      (origin
        (method url-fetch)
@@ -2293,8 +2293,10 @@ variable in a subroutines scope to one of your choosing.")
                            "Devel-OverloadInfo-" version ".tar.gz"))
        (sha256
         (base32
-         "14gzjlsqhypqp0szqj6152qfn69snzydgk1yk6bji5zimzv86qyy"))))
+         "0zckjhzdqa6smpp98y15mqafsyzwjxwrvk10snzhn2sb0r889s43"))))
     (build-system perl-build-system)
+    (native-inputs
+     `(("perl-test-fatal" ,perl-test-fatal)))
     (propagated-inputs
      `(("perl-package-stash" ,perl-package-stash)
        ("perl-sub-identify" ,perl-sub-identify)
@@ -2309,7 +2311,7 @@ hierarchy the overloads are declared and where the code implementing it is.")
 (define-public perl-devel-partialdump
   (package
     (name "perl-devel-partialdump")
-    (version "0.17")
+    (version "0.18")
     (source
      (origin
        (method url-fetch)
@@ -2317,7 +2319,7 @@ hierarchy the overloads are declared and where the code implementing it is.")
                            "Devel-PartialDump-" version ".tar.gz"))
        (sha256
         (base32
-         "0nr3qa68x4yp219kd17j1ks9c95qc9agfvz7ddnpn8p78f3kgwfn"))))
+         "0i1khiyi4h4h8vfwn7xip5c53z2hb2rk6407f3csvrdsiibvy53q"))))
     (build-system perl-build-system)
     (native-inputs
      `(("perl-module-build-tiny" ,perl-module-build-tiny)
@@ -3002,6 +3004,34 @@ of arbitrary depth and to delete an entire directory subtree from the
 file system.")
     (license (package-license perl))))
 
+(define-public perl-file-pushd
+  (package
+    (name "perl-file-pushd")
+    (version "1.014")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append
+             "mirror://cpan/authors/id/D/DA/DAGOLDEN/File-pushd-"
+             version
+             ".tar.gz"))
+       (sha256
+        (base32
+         "02rlqvyy7gly3dsqwaa81aisyy9c791b8xvwzczcbgmcwgzkgaxm"))))
+    (build-system perl-build-system)
+    (home-page
+     "http://search.cpan.org/dist/File-pushd")
+    (synopsis
+     "Change directory temporarily for a limited scope")
+    (description "@code{File::pushd} does a temporary @code{chdir} that is
+easily and automatically reverted, similar to @code{pushd} in some Unix
+command shells.  It works by creating an object that caches the original
+working directory.  When the object is destroyed, the destructor calls
+@code{chdir} to revert to the original working directory.  By storing the
+object in a lexical variable with a limited scope, this happens automatically
+at the end of the scope.")
+    (license asl2.0)))
+
 (define-public perl-file-list
   (package
     (name "perl-file-list")
@@ -4316,7 +4346,7 @@ handling of Perl modules, which are normally handled at compile time.")
 (define-public perl-module-runtime-conflicts
   (package
     (name "perl-module-runtime-conflicts")
-    (version "0.001")
+    (version "0.003")
     (source
      (origin
        (method url-fetch)
@@ -4324,7 +4354,7 @@ handling of Perl modules, which are normally handled at compile time.")
                            "Module-Runtime-Conflicts-" version ".tar.gz"))
        (sha256
         (base32
-         "0pz23ch78lbpn4kdbm04icgsmbr7jvmxwq1p5m4x2pap8qwd0wqg"))))
+         "0x9qfg4pq70v1rl9dfk775fmca7ia308m24vfy8zww4c0dsxqz3h"))))
     (build-system perl-build-system)
     (native-inputs
      `(("perl-module-build" ,perl-module-build)))
@@ -4416,14 +4446,14 @@ Moose and is optimised for rapid startup.")
 (define-public perl-moose
   (package
     (name "perl-moose")
-    (version "2.1403")
+    (version "2.2004")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://cpan/authors/id/E/ET/ETHER/"
                                   "Moose-" version ".tar.gz"))
               (sha256
                (base32
-                "16iaazikbnq2jjjac84jrdpfzm4qwqg1nbfgs11jlwn84q4jp1n3"))))
+                "1c6jx2lnrh2mi9wlj2c0sirj6345xmbpr34ax8d85mcginzq3j74"))))
     (build-system perl-build-system)
     (native-inputs
      `(("perl-cpan-meta-check" ,perl-cpan-meta-check)
@@ -5227,7 +5257,7 @@ instance, not by name.")
 (define-public perl-package-deprecationmanager
   (package
     (name "perl-package-deprecationmanager")
-    (version "0.13")
+    (version "0.17")
     (source
      (origin
        (method url-fetch)
@@ -5235,7 +5265,7 @@ instance, not by name.")
                            "Package-DeprecationManager-" version ".tar.gz"))
        (sha256
         (base32
-         "0fkvq3xxwc3l5hg64dr9sj3l12dl59i44cg407qx9sd6r51j3qfi"))))
+         "0jv8svfh1c1q4vxlkf8vjfbdq3n2sj3nx5llv1qrhp1b93d3lx0x"))))
     (build-system perl-build-system)
     (native-inputs
      `(("perl-test-fatal" ,perl-test-fatal)
@@ -5375,7 +5405,7 @@ checking parameters easier.")
 (define-public perl-params-validate
   (package
     (name "perl-params-validate")
-    (version "1.17")
+    (version "1.26")
     (source
      (origin
        (method url-fetch)
@@ -5383,7 +5413,7 @@ checking parameters easier.")
                            "Params-Validate-" version ".tar.gz"))
        (sha256
         (base32
-         "1wh23i9kkma6493c0q1kvy6wmahd6spg6xm3xbp2ar1iy1xhks5l"))))
+         "1vbj78qd46ip09i06dsbb62jfwpzp4bg7yi617v98nvim77w66l2"))))
     (build-system perl-build-system)
     (native-inputs
      `(("perl-module-build" ,perl-module-build)
@@ -5997,7 +6027,7 @@ can see them.")
 (define-public perl-sub-name
   (package
     (name "perl-sub-name")
-    (version "0.12")
+    (version "0.21")
     (source
      (origin
        (method url-fetch)
@@ -6005,7 +6035,7 @@ can see them.")
                            "Sub-Name-" version ".tar.gz"))
        (sha256
         (base32
-         "1sdlc8pv7vyyc48gzh70hbwzn0hzwl3zbcy2dkmfw8vjzgya5i06"))))
+         "05viq8scqk29g964fsfvls2rhvlb8myz3jblwh5c2ivhw3gfjcmx"))))
     (build-system perl-build-system)
     (native-inputs
      `(("perl-devel-checkbin" ,perl-devel-checkbin)))
@@ -6390,7 +6420,7 @@ using @code{Test::Class}.")
 (define-public perl-test-cleannamespaces
   (package
     (name "perl-test-cleannamespaces")
-    (version "0.16")
+    (version "0.22")
     (source
      (origin
        (method url-fetch)
@@ -6398,13 +6428,15 @@ using @code{Test::Class}.")
                            "Test-CleanNamespaces-" version ".tar.gz"))
        (sha256
         (base32
-         "1ynrds515gcq954z34zm03rgcx0dskiaz7qj0k7k5gmrjj1kfycp"))))
+         "1jma95agqqy7iwdcl6jbg1waqz7mjqng4l046lpknhfxjhcj4al6"))))
     (build-system perl-build-system)
     (native-inputs
-     `(("perl-test-requires" ,perl-test-requires)
+     `(("perl-file-pushd" ,perl-file-pushd)
+       ("perl-test-requires" ,perl-test-requires)
        ("perl-test-deep" ,perl-test-deep)
        ("perl-test-warnings" ,perl-test-warnings)
-       ("perl-test-tester" ,perl-test-tester)))
+       ("perl-test-tester" ,perl-test-tester)
+       ("perl-test-needs" ,perl-test-needs)))
     (propagated-inputs
      `(("perl-namespace-clean" ,perl-namespace-clean)
        ("perl-package-stash" ,perl-package-stash)
@@ -6496,7 +6528,7 @@ files, as well as to verify that there are no missing or unknown files.")
 (define-public perl-test-exception
   (package
     (name "perl-test-exception")
-    (version "0.36")
+    (version "0.43")
     (source
      (origin
        (method url-fetch)
@@ -6504,7 +6536,7 @@ files, as well as to verify that there are no missing or unknown files.")
                            "Test-Exception-" version ".tar.gz"))
        (sha256
         (base32
-         "1zpwimspbq11wjrli481qk17aabzxab15cnnryflx45nzn3za2xk"))))
+         "0cxm7s4bg0xpxa6l6996a6iq3brr4j7p4hssnkc6dxv4fzq16sqm"))))
     (build-system perl-build-system)
     (native-inputs
      `(("perl-module-build" ,perl-module-build)))
@@ -6733,6 +6765,34 @@ functions, along with automatically turning on strict and warning and gives a
 bit more fine-grained control over test suites.")
     (license (package-license perl))))
 
+(define-public perl-test-needs
+  (package
+    (name "perl-test-needs")
+    (version "0.002005")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append
+             "mirror://cpan/authors/id/H/HA/HAARG/Test-Needs-"
+             version
+             ".tar.gz"))
+       (sha256
+        (base32
+         "16gkgpmr9hvkz382iaqd3500269lk2d44fqaw3dsrvc66nc36kss"))))
+    (build-system perl-build-system)
+    (home-page
+     "http://search.cpan.org/dist/Test-Needs")
+    (synopsis
+     "Skip tests when modules not available")
+    (description "@code{Test::Needs} allows you to skip test scripts if
+modules are not available.  The requested modules will be loaded, and
+optionally have their versions checked.  If the module is missing, the test
+script will be skipped.  Modules that are found but fail to compile will exit
+with an error rather than skip.
+
+If used in a subtest, the remainder of the subtest will be skipped.")
+    (license (package-license perl))))
+
 (define-public perl-test-nowarnings
   (package
     (name "perl-test-nowarnings")
@@ -6913,14 +6973,14 @@ makes fork(2) safe to use in test cases.")
 (define-public perl-test-simple
   (package
     (name "perl-test-simple")
-    (version "1.302062")
+    (version "1.302078")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://cpan/authors/id/E/EX/EXODIST/"
                                   "Test-Simple-" version ".tar.gz"))
               (sha256
                (base32
-                "1sjny65iwnin35lvc203pb07gyx9wrp3gmn6lfrjsbmi986hcab7"))))
+                "05acl24kmz3dgr2nayy162yaf0kz92h1j5vkiavyv6mdh2lz6ixb"))))
     (build-system perl-build-system)
     (synopsis "Basic utilities for writing tests")
     (description
@@ -7021,7 +7081,7 @@ warning based code.")
 (define-public perl-test-warnings
   (package
     (name "perl-test-warnings")
-    (version "0.020")
+    (version "0.026")
     (source
      (origin
        (method url-fetch)
@@ -7029,7 +7089,7 @@ warning based code.")
                            "Test-Warnings-" version ".tar.gz"))
        (sha256
         (base32
-         "1x262kybrdnbiiw53m1axp4zyh4lsfb9mm2shmpm8lwf7sp30isi"))))
+         "024srkwjckp15dxkni9lb1hc8bg4xwc52zz0iich8rv1nnqnhaxf"))))
     (build-system perl-build-system)
     (home-page "http://search.cpan.org/dist/Test-Warnings")
     (synopsis "Test for warnings and the lack of them")
@@ -7478,7 +7538,7 @@ rounded or exact terms.")
 (define-public perl-time-duration-parse
   (package
     (name "perl-time-duration-parse")
-    (version "0.11")
+    (version "0.13")
     (source
      (origin
        (method url-fetch)
@@ -7486,7 +7546,7 @@ rounded or exact terms.")
                            "Time-Duration-Parse-" version ".tar.gz"))
        (sha256
         (base32
-         "1yk4cqkldwzkfy9y9ngqrj7p7sbsrsfa26mrm8f70z5n5m8q31x0"))))
+         "0affdzhsiy7dr6dzj2p6m9lynmjh53k31bprfsfa21pz8551hjj1"))))
     (build-system perl-build-system)
     (native-inputs
      `(("perl-time-duration" ,perl-time-duration)))
@@ -7624,7 +7684,7 @@ Tree::Simple::Visitor::* objects.")
          "068vdbpacfawc3lkfs0b82xxl27h3l0gj14iada3vlwk8rps9yv0"))))
     (build-system perl-build-system)
     (home-page "http://search.cpan.org/dist/Try-Tiny")
-    (synopsis "Minimal try/catch with proper preservation of $@")
+    (synopsis "Minimal try/catch with proper preservation of $@@")
     (description "This module provides bare bones try/catch/finally statements
 that are designed to minimize common mistakes with eval blocks, and nothing
 else.")
@@ -7781,7 +7841,7 @@ UNIVERSAL::isa as a function.")
 (define-public perl-variable-magic
   (package
     (name "perl-variable-magic")
-    (version "0.55")
+    (version "0.61")
     (source
      (origin
        (method url-fetch)
@@ -7789,7 +7849,7 @@ UNIVERSAL::isa as a function.")
                            "Variable-Magic-" version ".tar.gz"))
        (sha256
         (base32
-         "0xzh2vy45ph80bp09j5fcjy8ydgn8yaxsa0fj831q6p1spvyniwg"))))
+         "1mx6z36c3wk61x6lag6kyws5g1cba68cw20vrb92wan7ahpfkbxq"))))
     (build-system perl-build-system)
     (home-page "http://search.cpan.org/dist/Variable-Magic")
     (synopsis "Associate user-defined magic to variables from Perl")
@@ -7854,7 +7914,7 @@ neither visible nor modifiable from Perl space).")
 (define-public perl-yaml
   (package
     (name "perl-yaml")
-    (version "1.14")
+    (version "1.23")
     (source
      (origin
        (method url-fetch)
@@ -7862,7 +7922,7 @@ neither visible nor modifiable from Perl space).")
                            "YAML-" version ".tar.gz"))
        (sha256
         (base32
-         "0sswbkyisgny7ksw34n7zdaxrhsbbn7dgjb9gjybpzhcnml476kc"))))
+         "0kf8mllrgnrmlvjijxc6srjj1y9i8rik5jpjvm8jh4yx70h9gn1a"))))
     (build-system perl-build-system)
     (native-inputs
      `(("perl-test-yaml" ,perl-test-yaml)))
@@ -7953,7 +8013,7 @@ methods for interrogating that data.")
 (define-public perl-cpan-meta-requirements
   (package
     (name "perl-cpan-meta-requirements")
-    (version "2.131")
+    (version "2.140")
     (source
      (origin
        (method url-fetch)
@@ -7961,7 +8021,7 @@ methods for interrogating that data.")
                            "CPAN-Meta-Requirements-" version ".tar.gz"))
        (sha256
         (base32
-         "12p5s7w3cwcrbpcrxzanvpr0syswhwlqzbaki6m044c45jix2fss"))))
+         "1a8zflgaayycmn3zvd3n64yypa4jyl1va0h51wpr5w46irg69608"))))
     (build-system perl-build-system)
     (home-page "http://search.cpan.org/dist/CPAN-Meta-Requirements")
     (synopsis "Set of version requirements for a CPAN dist")
@@ -7975,7 +8035,7 @@ representation.")
 (define-public perl-cpan-meta-yaml
   (package
     (name "perl-cpan-meta-yaml")
-    (version "0.012")
+    (version "0.018")
     (source
      (origin
        (method url-fetch)
@@ -7983,7 +8043,7 @@ representation.")
                            "CPAN-Meta-YAML-" version ".tar.gz"))
        (sha256
         (base32
-         "0a0d62w8d81kkas4j1h48znk0f0vrpibl31gvz9r8hm77dbqqwkw"))))
+         "150jh9l7baddl2587m23qs2l0pb395qsx9bhsgdsnn6y9k4zgjik"))))
     (build-system perl-build-system)
     (arguments
      `(#:tests? #f))                    ;Tests require Test::More >= 0.99
@@ -8023,15 +8083,16 @@ system---most of the @code{Module::Build} code is pure-Perl.")
 (define-public perl-parse-cpan-meta
   (package
     (name "perl-parse-cpan-meta")
-    (version "1.4414")
+    (version "2.150010")
     (source
      (origin
        (method url-fetch)
+       ;; This module is now known as CPAN::Meta on CPAN.
        (uri (string-append "mirror://cpan/authors/id/D/DA/DAGOLDEN/"
-                           "Parse-CPAN-Meta-" version ".tar.gz"))
+                           "CPAN-Meta-" version ".tar.gz"))
        (sha256
         (base32
-         "06ya2rg599qanqb1fxiyrd489mvmdgzbw4ph23hwjwpv9lahhxnd"))))
+         "1mm3dfw3ffyzb2ikpqn9l6zyqrxijb4vyywmbx2l21ryqwp0zy74"))))
     (build-system perl-build-system)
     (propagated-inputs
      `(("perl-cpan-meta-yaml" ,perl-cpan-meta-yaml)))
@@ -8044,7 +8105,7 @@ files, using JSON::PP and/or CPAN::Meta::YAML.")
 (define-public perl-scalar-list-utils
   (package
     (name "perl-scalar-list-utils")
-    (version "1.41")
+    (version "1.47")
     (source
      (origin
        (method url-fetch)
@@ -8052,7 +8113,7 @@ files, using JSON::PP and/or CPAN::Meta::YAML.")
                            "Scalar-List-Utils-" version ".tar.gz"))
        (sha256
         (base32
-         "04l1q4hps9n8b1hk9kpgpc1cryim7pl9sfdyb7fz5nq4gmz307j7"))))
+         "1qgg6zxqwziva5j1k5gjks4xmhmgklm551ni3zb74sd9f9rk90y4"))))
     (build-system perl-build-system)
     (home-page "http://search.cpan.org/dist/Scalar-List-Utils")
     (synopsis "Common Scalar and List utility subroutines")
diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm
index 89aca2c540..c26e29d359 100644
--- a/gnu/packages/python.scm
+++ b/gnu/packages/python.scm
@@ -14,7 +14,7 @@
 ;;; Copyright © 2015, 2016, 2017 Leo Famulari <leo@famulari.name>
 ;;; Copyright © 2015 Ben Woodcroft <donttrustben@gmail.com>
 ;;; Copyright © 2015, 2016 Erik Edrosa <erik.edrosa@gmail.com>
-;;; Copyright © 2015, 2016 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2015, 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2015 Kyle Meyer <kyle@kyleam.com>
 ;;; Copyright © 2015, 2016 Chris Marusich <cmmarusich@gmail.com>
 ;;; Copyright © 2016 Danny Milosavljevic <dannym+a@scratchpost.org>
@@ -1342,15 +1342,13 @@ Python 3.3+.")
   ;; spaces in indentation" with Python 3.
   (package
     (name "python2-dogtail")
-    (version "0.8.2")
+    (version "0.9.9")
     (source (origin
              (method url-fetch)
-             (uri (string-append
-                   "https://fedorahosted.org/released/dogtail/dogtail-"
-                   version ".tar.gz"))
+             (uri (pypi-uri "dogtail" version))
              (sha256
               (base32
-               "1yc4cg7ip87z15gyd4wy2vzbywrjc52a3m8r8gqy2b50d65llcg1"))))
+               "0p5wfssvzr9w0bvhllzbbd8fnp4cca2qxcpcsc33dchrmh5n552x"))))
     (build-system python-build-system)
     (arguments `(#:python ,python-2
                  #:tests? #f))                    ; invalid command "test"
@@ -6746,10 +6744,7 @@ provided that can be used to do various manipulations with LilyPond files.")
     (source
       (origin
         (method url-fetch)
-        (uri (string-append
-               "https://pypi.python.org/packages/source/a/appdirs/appdirs-"
-               version
-               ".tar.gz"))
+        (uri (pypi-uri "appdirs" version))
         (sha256
           (base32
             "14id6wxi12lgyw0mg3bcfnf888ad07jz9yj46gfzhn186z8rcn4y"))))
diff --git a/gnu/packages/rust.scm b/gnu/packages/rust.scm
index af4d322a73..9a56b1ffed 100644
--- a/gnu/packages/rust.scm
+++ b/gnu/packages/rust.scm
@@ -224,12 +224,9 @@ rustc-bootstrap and cargo-bootstrap packages.")
        (modify-phases %standard-phases
          (add-after 'unpack 'patch-configure
            (lambda _
-             ;; Detect target CPU correctly.
              (substitute* "configure"
-               (("/usr/bin/env") (which "env")))
-             ;; Avoid curl as a build dependency.
-             (substitute* "configure"
-               (("probe_need CFG_CURL curl") ""))
+               (("/usr/bin/env") (which "env")) ; Detect target CPU correctly.
+               (("probe_need CFG_CURL curl") "")) ; Avoid curl as a build dependency.
              #t))
          (add-after 'unpack 'set-env
            (lambda _
diff --git a/gnu/packages/samba.scm b/gnu/packages/samba.scm
index b2309f4b51..3b2a6868d8 100644
--- a/gnu/packages/samba.scm
+++ b/gnu/packages/samba.scm
@@ -1,7 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2013, 2015 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
-;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 Adonay "adfeno" Felipe Nogueira <https://libreplanet.org/wiki/User:Adfeno> <adfeno@openmailbox.org>
 ;;;
 ;;; This file is part of GNU Guix.
@@ -99,14 +99,14 @@ anywhere.")
 (define-public samba
   (package
     (name "samba")
-    (version "4.5.3")
+    (version "4.5.7")
     (source (origin
              (method url-fetch)
              (uri (string-append "https://download.samba.org/pub/samba/stable/"
                                  "samba-" version ".tar.gz"))
              (sha256
               (base32
-               "1jif95684swssqwp9v3i2r08cn3r2iddf6ly68db4wmvl5ac8vgh"))))
+               "004lzl059bc2wvkmivxiy96y87l4ajjw16qvkqcdhf86z2dg0w5c"))))
     (build-system gnu-build-system)
     (arguments
      '(#:phases
@@ -122,16 +122,17 @@ anywhere.")
                        ;; XXX: heimdal not packaged.
                        "--bundled-libraries=com_err"
                        (string-append "--prefix=" out)
-		       "--sysconfdir=/etc"
+                       "--sysconfdir=/etc"
                        ;; Install public and private libraries into
                        ;; a single directory to avoid RPATH issues.
                        (string-append "--libdir=" libdir)
                        (string-append "--with-privatelibdir=" libdir))))))
-	 (add-before 'install 'disable-etc-samba-directory-creation
+         (add-before 'install 'disable-etc-samba-directory-creation
            (lambda _
              (substitute* "dynconfig/wscript"
                (("bld\\.INSTALL_DIRS\\(\"\",[[:blank:]]{1,}\"\\$\\{CONFIGDIR\\}[[:blank:]]{1,}")
-                "bld.INSTALL_DIRS(\"\", \"")))))
+                "bld.INSTALL_DIRS(\"\", \""))
+             #t)))
        ;; XXX: The test infrastructure attempts to set password with
        ;; smbpasswd, which fails with "smbpasswd -L can only be used by root."
        ;; So disable tests until there's a workaround.
@@ -170,14 +171,14 @@ Desktops into Active Directory environments using the winbind daemon.")
 (define-public talloc
   (package
     (name "talloc")
-    (version "2.1.8")
+    (version "2.1.9")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://www.samba.org/ftp/talloc/talloc-"
                                   version ".tar.gz"))
               (sha256
                (base32
-                "0c3ihyb0jd8mhvi7gg2mr5w1zl2habx6jlkbyxzyckad2q8lkl92"))))
+                "0qhhf4ib9k65sri2ky115iya6j7dgg0dsdi1r03j4cm3i35x9aph"))))
     (build-system gnu-build-system)
     (arguments
      '(#:phases
@@ -197,7 +198,7 @@ Desktops into Active Directory environments using the winbind daemon.")
                                (string-append "--prefix=" out)))))))))
     (inputs
      `(("python" ,python-2)))
-    (home-page "http://talloc.samba.org")
+    (home-page "https://talloc.samba.org")
     (synopsis "Hierarchical, reference counted memory pool system")
     (description
      "Talloc is a hierarchical, reference counted memory pool system with
diff --git a/gnu/packages/ssh.scm b/gnu/packages/ssh.scm
index 5501dd722c..9c18a7ab39 100644
--- a/gnu/packages/ssh.scm
+++ b/gnu/packages/ssh.scm
@@ -6,6 +6,7 @@
 ;;; Copyright © 2016 Leo Famulari <leo@famulari.name>
 ;;; Copyright © 2016 Nicolas Goaziou <mail@nicolasgoaziou.fr>
 ;;; Copyright © 2016 Christopher Allan Webber <cwebber@dustycloud.org>
+;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -271,8 +272,11 @@ libssh library.")
     (source
      (origin
        (method url-fetch)
-       (uri (string-append "http://www.agroman.net/corkscrew/corkscrew-"
-                           version ".tar.gz"))
+       ;; The agroman.net domain name expired on 2017-03-23, and the original
+       ;; "http://www.agroman.net/corkscrew/corkscrew-2.0.tar.gz" now returns
+       ;; bogus HTML.  Perhaps it will yet return.  Until then, use a mirror.
+       (uri (string-append "https://downloads.openwrt.org/sources/"
+                           "corkscrew-" version ".tar.gz"))
        (sha256 (base32
                 "1gmhas4va6gd70i2x2mpxpwpgww6413mji29mg282jms3jscn3qd"))))
     (build-system gnu-build-system)
@@ -295,26 +299,31 @@ libssh library.")
                (setenv "CONFIG_SHELL" bash)
                (zero? (apply system* bash
                              (string-append "." "/configure")
-                             flags))))))))
+                             flags)))))
+         (add-after 'install 'install-documentation
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let* ((out (assoc-ref outputs "out"))
+                    (doc (string-append out "/share/doc/corkscrew")))
+               (install-file "README" doc)
+               #t))))))
     (home-page "http://www.agroman.net/corkscrew")
-    (synopsis "Tunneling SSH through HTTP proxies")
+    (synopsis "SSH tunneling through HTTP(S) proxies")
     (description
-     "Corkscrew allows creating TCP tunnels through HTTP proxies.  WARNING:
-At the moment only plain text authentication is supported, should you require
-to use it with your HTTP proxy.  Digest based authentication may be supported
-in future and NTLM based authentication is most likey never be supported.")
+     "Corkscrew tunnels SSH connections through most HTTP and HTTPS proxies.
+Proxy authentication is only supported through the plain-text HTTP basic
+authentication scheme.")
     (license license:gpl2+)))
 
 (define-public mosh
   (package
     (name "mosh")
-    (version "1.2.6")
+    (version "1.3.0")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://mosh.org/mosh-" version ".tar.gz"))
               (sha256
                (base32
-                "118fhpm754wpklf1blnlq5xbvrxqml6rdfs3b07wg666zkxvg0ky"))))
+                "0xikz40q873g9ihvz3x6bwkcb9hb8kcnp5wpcmb72pg5c7s143ij"))))
     (build-system gnu-build-system)
     (arguments
      '(#:phases
diff --git a/gnu/packages/version-control.scm b/gnu/packages/version-control.scm
index 9136ea30a9..a024d51202 100644
--- a/gnu/packages/version-control.scm
+++ b/gnu/packages/version-control.scm
@@ -112,14 +112,14 @@ as well as the classic centralized workflow.")
 (define-public git
   (package
    (name "git")
-   (version "2.12.1")
+   (version "2.12.2")
    (source (origin
             (method url-fetch)
             (uri (string-append "mirror://kernel.org/software/scm/git/git-"
                                 version ".tar.xz"))
             (sha256
              (base32
-              "18mdlg4ws78s4asfrn6licm9v6qw4wp9m0kdjq0y2r5pci1nf4fv"))))
+              "0jlccxx7l4c76h830y8lhrxr4kqksrxqlnmj3xb8sqbfa0irw6nj"))))
    (build-system gnu-build-system)
    (native-inputs
     `(("native-perl" ,perl)
@@ -132,7 +132,7 @@ as well as the classic centralized workflow.")
                 version ".tar.xz"))
           (sha256
            (base32
-            "1km0sbrqgni0q88abh4zb1m7xa9ld3d4qi36095b11a3vr6w7xgv"))))))
+            "0n4mgw5mbrr1hm0y7xgwixf9p6gy61m6qm67ldagpxxhwq2dmlby"))))))
    (inputs
     `(("curl" ,curl)
       ("expat" ,expat)
@@ -343,13 +343,25 @@ everything from small to very large projects with speed and efficiency.")
                (("/bin/cp") (which "cp"))
                (("/bin/rm") (which "rm")))
              #t))
+         (add-after 'unpack 'apply-patch
+           (lambda* (#:key inputs #:allow-other-keys)
+             ;; XXX: For some reason adding the patch in 'patches', which
+             ;; leads to a new tarball with all timestamps reset and ordering
+             ;; by name (slightly different file order compared to the
+             ;; original tarball) leads to an obscure Python error while
+             ;; running 'generate.py':
+             ;;   'Module' object has no attribute 'callbacks'
+             ;; Thus, apply the patch here, which minimizes disruption.
+             (let ((patch (assoc-ref inputs "patch")))
+               (zero? (system* "patch" "-p1" "--force" "--input" patch)))))
          ;; Run checks more verbosely.
          (replace 'check
            (lambda _ (zero? (system* "./libgit2_clar" "-v" "-Q")))))))
     (inputs
      `(("libssh2" ,libssh2)
        ("libcurl" ,curl)
-       ("python" ,python-wrapper)))
+       ("python" ,python-wrapper)
+       ("patch" ,(search-patch "libgit2-use-after-free.patch"))))
     (native-inputs
      `(("pkg-config" ,pkg-config)))
     (propagated-inputs
diff --git a/gnu/packages/video.scm b/gnu/packages/video.scm
index 00117067ed..b29f6cc9f4 100644
--- a/gnu/packages/video.scm
+++ b/gnu/packages/video.scm
@@ -984,7 +984,7 @@ access to mpv's powerful playback capabilities.")
 (define-public youtube-dl
   (package
     (name "youtube-dl")
-    (version "2017.03.22")
+    (version "2017.03.26")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://yt-dl.org/downloads/"
@@ -992,7 +992,7 @@ access to mpv's powerful playback capabilities.")
                                   version ".tar.gz"))
               (sha256
                (base32
-                "1zz97g23diggcnqg2hjq9grijskly8ag727f1i509hl7z0lxkh69"))))
+                "00ysv18p4rqg7sswbpjpmmvaih6nm135bpllqdlj4ns8kjqmh59j"))))
     (build-system python-build-system)
     (arguments
      ;; The problem here is that the directory for the man page and completion
diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm
index c081345e03..499c3e4c8a 100644
--- a/gnu/packages/web.scm
+++ b/gnu/packages/web.scm
@@ -130,14 +130,14 @@ and its related documentation.")
 (define-public nginx
   (package
     (name "nginx")
-    (version "1.11.10")
+    (version "1.11.11")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://nginx.org/download/nginx-"
                                   version ".tar.gz"))
               (sha256
                (base32
-                "0gak6pcsn1m8fsz0g95z4b72nn12ivy35vlxrmagfcvnn2mkr2vp"))))
+                "0qkj4xqv2f986dwqwlkidmr6jpxhv3ds67pxd1pd4a4f4j0c8yjs"))))
     (build-system gnu-build-system)
     (inputs `(("pcre" ,pcre)
               ("openssl" ,openssl)
diff --git a/gnu/packages/webkit.scm b/gnu/packages/webkit.scm
index a9824cafc3..b90bd4d449 100644
--- a/gnu/packages/webkit.scm
+++ b/gnu/packages/webkit.scm
@@ -35,6 +35,7 @@
   #:use-module (gnu packages gl)
   #:use-module (gnu packages glib)
   #:use-module (gnu packages gnome)
+  #:use-module (gnu packages gnupg)
   #:use-module (gnu packages gperf)
   #:use-module (gnu packages gstreamer)
   #:use-module (gnu packages gtk)
@@ -45,7 +46,6 @@
   #:use-module (gnu packages pkg-config)
   #:use-module (gnu packages python)
   #:use-module (gnu packages ruby)
-  #:use-module (gnu packages tls)
   #:use-module (gnu packages video)
   #:use-module (gnu packages xml)
   #:use-module (gnu packages xorg))
@@ -53,14 +53,14 @@
 (define-public webkitgtk
   (package
     (name "webkitgtk")
-    (version "2.14.5")
+    (version "2.16.0")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://www.webkitgtk.org/releases/"
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "17rnjs7yl198bkghzcc2cgh30sb5i03irb6wag3xchwv7b1z3a1w"))))
+                "1p3w23n5bq30xg4qg0i9lmrk13vgck2l4wh8gmzwxwqfj7c738sy"))))
     (build-system cmake-build-system)
     (arguments
      '(#:tests? #f ; no tests
@@ -102,12 +102,12 @@
      `(("at-spi2-core" ,at-spi2-core)
        ("enchant" ,enchant)
        ("geoclue" ,geoclue)
-       ("gnutls" ,gnutls)
        ("gst-plugins-base" ,gst-plugins-base)
        ("gtk+-2" ,gtk+-2)
        ("harfbuzz" ,harfbuzz)
        ("hyphen" ,hyphen)
        ("icu4c" ,icu4c)
+       ("libgcrypt" ,libgcrypt)
        ("libjpeg" ,libjpeg)
        ("libnotify" ,libnotify)
        ("libpng" ,libpng)
diff --git a/gnu/packages/xdisorg.scm b/gnu/packages/xdisorg.scm
index 783bce0d56..7c8c616f89 100644
--- a/gnu/packages/xdisorg.scm
+++ b/gnu/packages/xdisorg.scm
@@ -472,7 +472,7 @@ selection's dimensions to stdout.")
 (define-public maim
   (package
     (name "maim")
-    (version "4.4.61")
+    (version "4.4.62")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -481,7 +481,7 @@ selection's dimensions to stdout.")
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "14jksv05xyydbpb9v8k3jgq7sl72bh356iapymg02vwg519i1d5k"))))
+                "08lnbsl9ialqik1ris6piz1g0fgq4r3767ycr4nziphw3kz89vr1"))))
     (build-system cmake-build-system)
     (arguments
      '(#:tests? #f))            ; no "check" target
@@ -723,7 +723,7 @@ compact configuration syntax.")
                  (lambda _
                    (format #t
                            "[Desktop Entry]~@
-                           Name=rxvt-unicode~@
+                           Name=rxvt-unicode (client)~@
                            Comment=Rxvt clone with XFT and unicode support~@
                            Exec=~a/bin/urxvtc~@
                            TryExec=~@*~a/bin/urxvtc~@
diff --git a/gnu/services/base.scm b/gnu/services/base.scm
index 77efef15eb..95a1ba2a6c 100644
--- a/gnu/services/base.scm
+++ b/gnu/services/base.scm
@@ -124,6 +124,11 @@
             guix-service-type
             guix-publish-configuration
             guix-publish-configuration?
+            guix-publish-configuration-guix
+            guix-publish-configuration-port
+            guix-publish-configuration-host
+            guix-publish-configuration-compression-level
+            guix-publish-configuration-nar-path
             guix-publish-service
             guix-publish-service-type
 
@@ -1435,11 +1440,15 @@ failed to register hydra.gnu.org public key: ~a~%" status))))))))
   (port    guix-publish-configuration-port        ;number
            (default 80))
   (host    guix-publish-configuration-host        ;string
-           (default "localhost")))
+           (default "localhost"))
+  (compression-level guix-publish-compression-level ;integer
+                     (default 3))
+  (nar-path    guix-publish-nar-path              ;string
+               (default "nar")))
 
 (define guix-publish-shepherd-service
   (match-lambda
-    (($ <guix-publish-configuration> guix port host)
+    (($ <guix-publish-configuration> guix port host compression nar-path)
      (list (shepherd-service
             (provision '(guix-publish))
             (requirement '(guix-daemon))
@@ -1447,6 +1456,8 @@ failed to register hydra.gnu.org public key: ~a~%" status))))))))
                       (list #$(file-append guix "/bin/guix")
                             "publish" "-u" "guix-publish"
                             "-p" #$(number->string port)
+                            "-C" #$(number->string compression)
+                            (string-append "--nar-path=" #$nar-path)
                             (string-append "--listen=" #$host))))
             (stop #~(make-kill-destructor)))))))
 
@@ -1475,6 +1486,7 @@ and @var{port} (@pxref{Invoking guix publish}).
 This assumes that @file{/etc/guix} already contains a signing key pair as
 created by @command{guix archive --generate-key} (@pxref{Invoking guix
 archive}).  If that is not the case, the service will fail to start."
+  ;; Deprecated.
   (service guix-publish-service-type
            (guix-publish-configuration (guix guix) (port port) (host host))))
 
diff --git a/gnu/services/configuration.scm b/gnu/services/configuration.scm
index 2ad3a637a4..0a2219e743 100644
--- a/gnu/services/configuration.scm
+++ b/gnu/services/configuration.scm
@@ -1,5 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2015 Andy Wingo <wingo@igalia.com>
+;;; Copyright © 2017 Mathieu Othacehe <m.othacehe@gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -36,6 +37,7 @@
             configuration-field-default-value-thunk
             configuration-field-documentation
             serialize-configuration
+            define-maybe
             define-configuration
             validate-configuration
             generate-documentation
@@ -85,16 +87,27 @@
                    (configuration-field-name field) val))))
             fields))
 
+(define-syntax-rule (id ctx parts ...)
+  "Assemble PARTS into a raw (unhygienic)  identifier."
+  (datum->syntax ctx (symbol-append (syntax->datum parts) ...)))
+
+(define-syntax define-maybe
+  (lambda (x)
+    (syntax-case x ()
+      ((_ stem)
+       (with-syntax
+           ((stem?                (id #'stem #'stem #'?))
+            (maybe-stem?          (id #'stem #'maybe- #'stem #'?))
+            (serialize-stem       (id #'stem #'serialize- #'stem))
+            (serialize-maybe-stem (id #'stem #'serialize-maybe- #'stem)))
+         #'(begin
+             (define (maybe-stem? val)
+               (or (eq? val 'disabled) (stem? val)))
+             (define (serialize-maybe-stem field-name val)
+               (when (stem? val) (serialize-stem field-name val)))))))))
+
 (define-syntax define-configuration
   (lambda (stx)
-    (define (id ctx part . parts)
-      (let ((part (syntax->datum part)))
-        (datum->syntax
-         ctx
-         (match parts
-           (() part)
-           (parts (symbol-append part
-                                 (syntax->datum (apply id ctx parts))))))))
     (syntax-case stx ()
       ((_ stem (field (field-type def) doc) ...)
        (with-syntax (((field-getter ...)
diff --git a/gnu/services/messaging.scm b/gnu/services/messaging.scm
index 34723dc11c..715d6181f5 100644
--- a/gnu/services/messaging.scm
+++ b/gnu/services/messaging.scm
@@ -1,5 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org>
+;;; Copyright © 2017 Mathieu Othacehe <m.othacehe@gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -49,27 +50,11 @@
 ;;;
 ;;; Code:
 
-(define-syntax-rule (id ctx parts ...)
-  "Assemble PARTS into a raw (unhygienic) identifier."
-  (datum->syntax ctx (symbol-append (syntax->datum parts) ...)))
-
-(define-syntax define-maybe
-  (lambda (x)
-    (syntax-case x ()
-      ((_ stem)
-       (with-syntax
-           ((stem?                (id #'stem #'stem #'?))
-            (maybe-stem?          (id #'stem #'maybe- #'stem #'?))
-            (serialize-stem       (id #'stem #'serialize- #'stem))
-            (serialize-maybe-stem (id #'stem #'serialize-maybe- #'stem)))
-         #'(begin
-             (define (maybe-stem? val)
-               (or (eq? val 'disabled) (stem? val)))
-             (define (serialize-maybe-stem field-name val)
-               (when (stem? val) (serialize-stem field-name val)))))))))
-
 (define-syntax define-all-configurations
   (lambda (stx)
+    (define-syntax-rule (id ctx parts ...)
+      "Assemble PARTS into a raw (unhygienic) identifier."
+      (datum->syntax ctx (symbol-append (syntax->datum parts) ...)))
     (define (make-pred arg)
       (lambda (field target)
         (and (memq (syntax->datum target) `(common ,arg)) field)))
diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm
index 9b8e5b36b1..85fc0b843a 100644
--- a/gnu/services/networking.scm
+++ b/gnu/services/networking.scm
@@ -4,6 +4,7 @@
 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 John Darrington <jmd@gnu.org>
 ;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org>
+;;; Copyright © 2017 Thomas Danckaert <post@thomasdanckaert.be>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -61,6 +62,10 @@
             ntp-service
             ntp-service-type
 
+            inetd-configuration
+            inetd-entry
+            inetd-service-type
+
             tor-configuration
             tor-configuration?
             tor-hidden-service
@@ -432,6 +437,90 @@ make an initial adjustment of more than 1,000 seconds."
 
 
 ;;;
+;;; Inetd.
+;;;
+
+(define-record-type* <inetd-configuration> inetd-configuration
+  make-inetd-configuration
+  inetd-configuration?
+  (program           inetd-configuration-program   ;file-like
+                     (default (file-append inetutils "/libexec/inetd")))
+  (entries           inetd-configuration-entries   ;list of <inetd-entry>
+                     (default '())))
+
+(define-record-type* <inetd-entry> inetd-entry make-inetd-entry
+  inetd-entry?
+  (node              inetd-entry-node         ;string or #f
+                     (default #f))
+  (name              inetd-entry-name)        ;string, from /etc/services
+
+  (socket-type       inetd-entry-socket-type) ;stream | dgram | raw |
+                                              ;rdm | seqpacket
+  (protocol          inetd-entry-protocol)    ;string, from /etc/protocols
+
+  (wait?             inetd-entry-wait?        ;Boolean
+                     (default #t))
+  (user              inetd-entry-user)        ;string
+
+  (program           inetd-entry-program      ;string or file-like object
+                     (default "internal"))
+  (arguments         inetd-entry-arguments    ;list of strings or file-like objects
+                     (default '())))
+
+(define (inetd-config-file entries)
+  (apply mixed-text-file "inetd.conf"
+         (map
+          (lambda (entry)
+            (let* ((node (inetd-entry-node entry))
+                   (name (inetd-entry-name entry))
+                   (socket
+                    (if node (string-append node ":" name) name))
+                   (type
+                    (match (inetd-entry-socket-type entry)
+                      ((or 'stream 'dgram 'raw 'rdm 'seqpacket)
+                       (symbol->string (inetd-entry-socket-type entry)))))
+                   (protocol (inetd-entry-protocol entry))
+                   (wait (if (inetd-entry-wait? entry) "wait" "nowait"))
+                   (user (inetd-entry-user entry))
+                   (program (inetd-entry-program entry))
+                   (args (inetd-entry-arguments entry)))
+              #~(string-append
+                 (string-join
+                  (list #$@(list socket type protocol wait user program) #$@args)
+                  " ") "\n")))
+          entries)))
+
+(define inetd-shepherd-service
+  (match-lambda
+    (($ <inetd-configuration> program ()) '()) ; empty list of entries -> do nothing
+    (($ <inetd-configuration> program entries)
+     (list
+      (shepherd-service
+       (documentation "Run inetd.")
+       (provision '(inetd))
+       (requirement '(user-processes networking syslogd))
+       (start #~(make-forkexec-constructor
+                 (list #$program #$(inetd-config-file entries))
+                 #:pid-file "/var/run/inetd.pid"))
+       (stop #~(make-kill-destructor)))))))
+
+(define-public inetd-service-type
+  (service-type
+   (name 'inetd)
+   (extensions
+    (list (service-extension shepherd-root-service-type
+                             inetd-shepherd-service)))
+
+   ;; The service can be extended with additional lists of entries.
+   (compose concatenate)
+   (extend (lambda (config entries)
+             (inetd-configuration
+              (inherit config)
+              (entries (append (inetd-configuration-entries config)
+                               entries)))))))
+
+
+;;;
 ;;; Tor.
 ;;;
 
diff --git a/gnu/services/pm.scm b/gnu/services/pm.scm
new file mode 100644
index 0000000000..ec35e5701a
--- /dev/null
+++ b/gnu/services/pm.scm
@@ -0,0 +1,404 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2017 Mathieu Othacehe <m.othacehe@gmail.com>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software: you can redistribute it and/or modify
+;;; it under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation, either version 3 of the License, or
+;;; (at your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful,
+;;; but WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu services pm)
+  #:use-module (guix gexp)
+  #:use-module (guix packages)
+  #:use-module (guix records)
+  #:use-module (gnu packages linux)
+  #:use-module (gnu services)
+  #:use-module (gnu services base)
+  #:use-module (gnu services configuration)
+  #:use-module (gnu services shepherd)
+  #:use-module (gnu system shadow)
+  #:export (tlp-service-type
+            tlp-configuration))
+
+(define (uglify-field-name field-name)
+  (let ((str (symbol->string field-name)))
+    (string-join (string-split
+                  (string-upcase
+                   (if (string-suffix? "?" str)
+                       (substring str 0 (1- (string-length str)))
+                       str))
+                  #\-)
+                 "_")))
+
+(define (serialize-field field-name val)
+  (format #t "~a=~a\n" (uglify-field-name field-name) val))
+
+(define (serialize-boolean field-name val)
+  (serialize-field field-name (if val "1" "0")))
+(define-maybe boolean)
+
+(define (serialize-string field-name val)
+  (serialize-field field-name val))
+(define-maybe string)
+
+(define (space-separated-string-list? val)
+  (and (list? val)
+       (and-map (lambda (x)
+                  (and (string? x) (not (string-index x #\space))))
+                val)))
+(define (serialize-space-separated-string-list field-name val)
+  (serialize-field field-name
+                   (format #f "~s"
+                           (string-join val " "))))
+(define-maybe space-separated-string-list)
+
+(define (non-negative-integer? val)
+  (and (exact-integer? val) (not (negative? val))))
+(define (serialize-non-negative-integer field-name val)
+  (serialize-field field-name val))
+(define-maybe non-negative-integer)
+
+(define (on-off-boolean? val)
+  (boolean? val))
+(define (serialize-on-off-boolean field-name val)
+  (serialize-field field-name (if val "on" "off")))
+(define-maybe on-off-boolean)
+
+(define (y-n-boolean? val)
+  (boolean? val))
+(define (serialize-y-n-boolean field-name val)
+  (serialize-field field-name (if val "Y" "N")))
+
+(define-configuration tlp-configuration
+  (tlp
+   (package tlp)
+   "The TLP package.")
+
+  (tlp-enable?
+   (boolean #t)
+   "Set to true if you wish to enable TLP.")
+
+  (tlp-default-mode
+   (string "AC")
+   "Default mode when no power supply can be detected.  Alternatives are
+AC and BAT.")
+
+  (disk-idle-secs-on-ac
+   (non-negative-integer 0)
+   "Number of seconds Linux kernel has to wait after the disk goes idle,
+before syncing on AC.")
+
+  (disk-idle-secs-on-bat
+   (non-negative-integer 2)
+   "Same as @code{disk-idle-ac} but on BAT mode.")
+
+  (max-lost-work-secs-on-ac
+   (non-negative-integer 15)
+   "Dirty pages flushing periodicity, expressed in seconds.")
+
+  (max-lost-work-secs-on-bat
+   (non-negative-integer 60)
+   "Same as @code{max-lost-work-secs-on-ac} but on BAT mode.")
+
+  (cpu-scaling-governor-on-ac
+   (maybe-space-separated-string-list 'disabled)
+   "CPU frequency scaling governor on AC mode.  With intel_pstate
+driver, alternatives are powersave and performance.  With acpi-cpufreq driver,
+alternatives are ondemand, powersave, performance and conservative.")
+
+  (cpu-scaling-governor-on-bat
+   (maybe-space-separated-string-list 'disabled)
+   "Same as @code{cpu-scaling-governor-on-ac} but on BAT mode.")
+
+  (cpu-scaling-min-freq-on-ac
+   (maybe-non-negative-integer 'disabled)
+   "Set the min available frequency for the scaling governor on AC.")
+
+  (cpu-scaling-max-freq-on-ac
+   (maybe-non-negative-integer 'disabled)
+   "Set the max available frequency for the scaling governor on AC.")
+
+  (cpu-scaling-min-freq-on-bat
+   (maybe-non-negative-integer 'disabled)
+   "Set the min available frequency for the scaling governor on BAT.")
+
+  (cpu-scaling-max-freq-on-bat
+   (maybe-non-negative-integer 'disabled)
+   "Set the max available frequency for the scaling governor on BAT.")
+
+  (cpu-min-perf-on-ac
+   (maybe-non-negative-integer 'disabled)
+   "Limit the min P-state to control the power dissipation of the CPU,
+in AC mode.  Values are stated as a percentage of the available performance.")
+
+  (cpu-max-perf-on-ac
+   (maybe-non-negative-integer 'disabled)
+   "Limit the max P-state to control the power dissipation of the CPU,
+in AC mode.  Values are stated as a percentage of the available performance.")
+
+  (cpu-min-perf-on-bat
+   (maybe-non-negative-integer 'disabled)
+   "Same as @code{cpu-min-perf-on-ac} on BAT mode.")
+
+  (cpu-max-perf-on-bat
+   (maybe-non-negative-integer 'disabled)
+   "Same as @code{cpu-max-perf-on-ac} on BAT mode.")
+
+  (cpu-boost-on-ac?
+   (maybe-boolean 'disabled)
+   "Enable CPU turbo boost feature on AC mode.")
+
+  (cpu-boost-on-bat?
+   (maybe-boolean 'disabled)
+   "Same as @code{cpu-boost-on-ac?} on BAT mode.")
+
+  (sched-powersave-on-ac?
+   (boolean #f)
+   "Allow Linux kernel to minimize the number of CPU cores/hyper-threads
+used under light load conditions.")
+
+  (sched-powersave-on-bat?
+   (boolean #t)
+   "Same as @code{sched-powersave-on-ac?} but on BAT mode.")
+
+  (nmi-watchdog?
+   (boolean #f)
+   "Enable Linux kernel NMI watchdog.")
+
+  (phc-controls
+   (maybe-string 'disabled)
+   "For Linux kernels with PHC patch applied, change CPU voltages.
+An example value would be @samp{\"F:V F:V F:V F:V\"}.")
+
+  (energy-perf-policy-on-ac
+   (string "performance")
+   "Set CPU performance versus energy saving policy on AC.  Alternatives are
+performance, normal, powersave.")
+
+  (energy-perf-policy-on-bat
+   (string "powersave")
+   "Same as @code{energy-perf-policy-ac} but on BAT mode.")
+
+  (disks-devices
+   (space-separated-string-list '("sda"))
+   "Hard disk devices.")
+
+  (disk-apm-level-on-ac
+   (space-separated-string-list '("254" "254"))
+   "Hard disk advanced power management level.")
+
+  (disk-apm-level-on-bat
+   (space-separated-string-list '("128" "128"))
+   "Same as @code{disk-apm-bat} but on BAT mode.")
+
+  (disk-spindown-timeout-on-ac
+   (maybe-space-separated-string-list 'disabled)
+   "Hard disk spin down timeout.  One value has to be specified for
+each declared hard disk.")
+
+  (disk-spindown-timeout-on-bat
+   (maybe-space-separated-string-list 'disabled)
+   "Same as @code{disk-spindown-timeout-on-ac} but on BAT mode.")
+
+  (disk-iosched
+   (maybe-space-separated-string-list 'disabled)
+   "Select IO scheduler for disk devices.  One value has to be specified
+for each declared hard disk.  Example alternatives are cfq, deadline and noop.")
+
+  (sata-linkpwr-on-ac
+   (string "max_performance")
+   "SATA aggressive link power management (ALPM) level.  Alternatives are
+min_power, medium_power, max_performance.")
+
+  (sata-linkpwr-on-bat
+   (string "min_power")
+   "Same as @code{sata-linkpwr-ac} but on BAT mode.")
+
+  (sata-linkpwr-blacklist
+   (maybe-string 'disabled)
+   "Exclude specified SATA host devices for link power management.")
+
+  (ahci-runtime-pm-on-ac?
+   (maybe-on-off-boolean 'disabled)
+   "Enable Runtime Power Management for AHCI controller and disks
+on AC mode.")
+
+  (ahci-runtime-pm-on-bat?
+   (maybe-on-off-boolean 'disabled)
+   "Same as @code{ahci-runtime-pm-on-ac} on BAT mode.")
+
+  (ahci-runtime-pm-timeout
+   (non-negative-integer 15)
+   "Seconds of inactivity before disk is suspended.")
+
+  (pcie-aspm-on-ac
+   (string "performance")
+   "PCI Express Active State Power Management level.  Alternatives are
+default, performance, powersave.")
+
+  (pcie-aspm-on-bat
+   (string "powersave")
+   "Same as @code{pcie-aspm-ac} but on BAT mode.")
+
+  (radeon-power-profile-on-ac
+   (string "high")
+   "Radeon graphics clock speed level.  Alternatives are
+low, mid, high, auto, default.")
+
+  (radeon-power-profile-on-bat
+   (string "low")
+   "Same as @code{radeon-power-ac} but on BAT mode.")
+
+  (radeon-dpm-state-on-ac
+   (string "performance")
+   "Radeon dynamic power management method (DPM).  Alternatives are
+battery, performance.")
+
+  (radeon-dpm-state-on-bat
+   (string "battery")
+   "Same as @code{radeon-dpm-state-ac} but on BAT mode.")
+
+  (radeon-dpm-perf-level-on-ac
+   (string "auto")
+   "Radeon DPM performance level.  Alternatives are
+auto, low, high.")
+
+  (radeon-dpm-perf-level-on-bat
+   (string "auto")
+   "Same as @code{radeon-dpm-perf-ac} but on BAT mode.")
+
+  (wifi-pwr-on-ac?
+   (on-off-boolean #f)
+   "Wifi power saving mode.")
+
+  (wifi-pwr-on-bat?
+   (on-off-boolean #t)
+   "Same as @code{wifi-power-ac?} but on BAT mode.")
+
+  (wol-disable?
+   (y-n-boolean #t)
+   "Disable wake on LAN.")
+
+  (sound-power-save-on-ac
+   (non-negative-integer 0)
+   "Timeout duration in seconds before activating audio power saving
+ on Intel HDA and AC97 devices.  A value of 0 disables power saving.")
+
+  (sound-power-save-on-bat
+   (non-negative-integer 1)
+   "Same as @code{sound-powersave-ac} but on BAT mode.")
+
+  (sound-power-save-controller?
+   (y-n-boolean #t)
+   "Disable controller in powersaving mode on Intel HDA devices.")
+
+  (bay-poweroff-on-bat?
+   (boolean #f)
+   "Enable optical drive in UltraBay/MediaBay on BAT mode.
+Drive can be powered on again by releasing (and reinserting) the eject lever
+or by pressing the disc eject button on newer models.")
+
+  (bay-device
+   (string "sr0")
+   "Name of the optical drive device to power off.")
+
+  (runtime-pm-on-ac
+   (string "on")
+   "Runtime Power Management for PCI(e) bus devices.  Alternatives are
+on and auto.")
+
+  (runtime-pm-on-bat
+   (string "auto")
+   "Same as @code{runtime-pm-ac} but on BAT mode.")
+
+  (runtime-pm-all?
+   (boolean #t)
+   "Runtime Power Management for all PCI(e) bus devices, except
+blacklisted ones.")
+
+  (runtime-pm-blacklist
+   (maybe-space-separated-string-list 'disabled)
+   "Exclude specified PCI(e) devices adresses from Runtime Power Management.")
+
+  (runtime-pm-driver-blacklist
+   (space-separated-string-list '("radeon" "nouveau"))
+   "Exclude PCI(e) devices assigned to the specified drivers from
+Runtime Power Management.")
+
+  (usb-autosuspend?
+   (boolean #t)
+   "Enable USB autosuspend feature.")
+
+  (usb-blacklist
+   (maybe-string 'disabled)
+   "Exclude specified devices from USB autosuspend.")
+
+  (usb-blacklist-wwan?
+   (boolean #t)
+   "Exclude WWAN devices from USB autosuspend.")
+
+  (usb-whitelist
+   (maybe-string 'disabled)
+   "Include specified devices into USB autosuspend, even if they are
+already excluded by the driver or via @code{usb-blacklist-wwan?}.")
+
+  (usb-autosuspend-disable-on-shutdown?
+   (maybe-boolean 'disabled)
+   "Enable USB autosuspend before shutdown.")
+
+  (restore-device-state-on-startup?
+   (boolean #f)
+   "Restore radio device state (bluetooth, wifi, wwan) from previous
+shutdown on system startup."))
+
+
+(define (tlp-shepherd-service config)
+  (let* ((tlp-bin (file-append
+                   (tlp-configuration-tlp config) "/bin/tlp"))
+         (tlp-action (lambda args
+                       #~(lambda _
+                           (zero? (system* #$tlp-bin #$@args))))))
+    (list (shepherd-service
+           (documentation "Run TLP script.")
+           (provision '(tlp))
+           (requirement '(user-processes))
+           (start (tlp-action "init" "start"))
+           (stop  (tlp-action "init" "stop"))))))
+
+(define (tlp-activation config)
+  (let* ((config-str (with-output-to-string
+                       (lambda ()
+                         (serialize-configuration
+                          config
+                          tlp-configuration-fields))))
+         (config-file (plain-file "tlp" config-str)))
+    (with-imported-modules '((guix build utils))
+      #~(begin
+          (use-modules (guix build utils))
+          (copy-file #$config-file "/etc/tlp")))))
+
+(define tlp-service-type
+  (service-type
+   (name 'tlp)
+   (extensions
+    (list
+     (service-extension shepherd-root-service-type
+                        tlp-shepherd-service)
+     (service-extension udev-service-type
+                        (compose list tlp-configuration-tlp))
+     (service-extension activation-service-type
+                        tlp-activation)))))
+
+(define (generate-tlp-documentation)
+  (generate-documentation
+   `((tlp-configuration ,tlp-configuration-fields))
+   'tlp-configuration))
diff --git a/gnu/services/vpn.scm b/gnu/services/vpn.scm
index 844a11b3d3..e1a04a9858 100644
--- a/gnu/services/vpn.scm
+++ b/gnu/services/vpn.scm
@@ -1,6 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2017 Julien Lepiller <julien@lepiller.eu>
 ;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org>
+;;; Copyright © 2017 Mathieu Othacehe <m.othacehe@gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -279,7 +280,7 @@ by the authority given in @code{ca}.")
 
    (key
     (string "/etc/openvpn/client.key")
-    "The key of the machine the daemon is running on. It must be the whose
+    "The key of the machine the daemon is running on. It must be the key whose
 certificate is @code{cert}.")
 
    (comp-lzo?
diff --git a/gnu/system/grub.scm b/gnu/system/grub.scm
index 1f2cd08ff0..4f9bde6a62 100644
--- a/gnu/system/grub.scm
+++ b/gnu/system/grub.scm
@@ -183,8 +183,6 @@ system string---e.g., \"x86_64-linux\"."
     (if (string-match "^(x86_64|i[3-6]86)-" system)
         "
   # Leave 'gfxmode' to 'auto'.
-  insmod vbe
-  insmod vga
   insmod video_bochs
   insmod video_cirrus
   insmod gfxterm
@@ -195,6 +193,10 @@ system string---e.g., \"x86_64-linux\"."
     # which isn't convenient.
     insmod efi_gop
     insmod efi_uga
+  else
+    # These are specific to non-EFI Intel machines.
+    insmod vbe
+    insmod vga
   fi
 
   terminal_output gfxterm
diff --git a/gnu/tests/networking.scm b/gnu/tests/networking.scm
new file mode 100644
index 0000000000..53c80a4ac1
--- /dev/null
+++ b/gnu/tests/networking.scm
@@ -0,0 +1,149 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2017 Thomas Danckaert <post@thomasdanckaert.be>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu tests networking)
+  #:use-module (gnu tests)
+  #:use-module (gnu system)
+  #:use-module (gnu system grub)
+  #:use-module (gnu system file-systems)
+  #:use-module (gnu system shadow)
+  #:use-module (gnu system vm)
+  #:use-module (gnu services)
+  #:use-module (gnu services base)
+  #:use-module (gnu services networking)
+  #:use-module (guix gexp)
+  #:use-module (guix store)
+  #:use-module (guix monads)
+  #:use-module (gnu packages bash)
+  #:export (%test-inetd))
+
+(define %inetd-os
+  ;; Operating system with 2 inetd services.
+  (operating-system
+    (host-name "komputilo")
+    (timezone "Europe/Brussels")
+    (locale "en_US.utf8")
+
+    (bootloader (grub-configuration (device "/dev/sdX")))
+    (file-systems %base-file-systems)
+    (firmware '())
+    (users %base-user-accounts)
+    (services (cons* (dhcp-client-service)
+                     (service inetd-service-type
+                              (inetd-configuration
+                               (entries (list
+                                         (inetd-entry
+                                          (name "echo")
+                                          (socket-type 'stream)
+                                          (protocol "tcp")
+                                          (wait? #f)
+                                          (user "root"))
+                                         (inetd-entry
+                                          (name "dict")
+                                          (socket-type 'stream)
+                                          (protocol "tcp")
+                                          (wait? #f)
+                                          (user "root")
+                                          (program (file-append bash
+                                                                "/bin/bash"))
+                                          (arguments
+                                           (list "bash" (plain-file "my-dict.sh" "\
+while read line
+do
+    if [[ $line =~ ^DEFINE\\ (.*)$ ]]
+    then
+        case ${BASH_REMATCH[1]} in
+            Guix)
+                echo GNU Guix is a package management tool for the GNU system.
+                ;;
+            G-expression)
+                echo Like an S-expression but with a G.
+                ;;
+            *)
+                echo NO DEFINITION FOUND
+                ;;
+        esac
+    else
+        echo ERROR
+    fi
+done" ))))))))
+                     %base-services))))
+
+(define* (run-inetd-test)
+  "Run tests in %INETD-OS, where the inetd service provides an echo service on
+port 7, and a dict service on port 2628."
+  (mlet* %store-monad ((os -> (marionette-operating-system %inetd-os))
+                       (command (system-qemu-image/shared-store-script
+                                 os #:graphic? #f)))
+    (define test
+      (with-imported-modules '((gnu build marionette))
+        #~(begin
+            (use-modules (ice-9 rdelim)
+                         (srfi srfi-64)
+                         (gnu build marionette))
+            (define marionette
+              ;; Forward guest ports 7 and 2628 to host ports 8007 and 8628.
+              (make-marionette (list #$command "-net"
+                                     (string-append
+                                      "user"
+                                      ",hostfwd=tcp::8007-:7"
+                                      ",hostfwd=tcp::8628-:2628"))))
+
+            (mkdir #$output)
+            (chdir #$output)
+
+            (test-begin "inetd")
+
+            ;; Make sure the PID file is created.
+            (test-assert "PID file"
+              (marionette-eval
+               '(file-exists? "/var/run/inetd.pid")
+              marionette))
+
+            ;; Test the echo service.
+            (test-equal "echo response"
+              "Hello, Guix!"
+              (let ((echo (socket PF_INET SOCK_STREAM 0))
+                    (addr (make-socket-address AF_INET INADDR_LOOPBACK 8007)))
+                (connect echo addr)
+                (display "Hello, Guix!\n" echo)
+                (let ((response (read-line echo)))
+                  (close echo)
+                  response)))
+
+            ;; Test the dict service
+            (test-equal "dict response"
+              "GNU Guix is a package management tool for the GNU system."
+              (let ((dict (socket PF_INET SOCK_STREAM 0))
+                    (addr (make-socket-address AF_INET INADDR_LOOPBACK 8628)))
+                (connect dict addr)
+                (display "DEFINE Guix\n" dict)
+                (let ((response (read-line dict)))
+                  (close dict)
+                  response)))
+
+            (test-end)
+            (exit (= (test-runner-fail-count (test-runner-current)) 0)))))
+
+    (gexp->derivation "inetd-test" test)))
+
+(define %test-inetd
+  (system-test
+   (name "inetd")
+   (description "Connect to a host with an INETD server.")
+   (value (run-inetd-test))))
diff --git a/guix/build/union.scm b/guix/build/union.scm
index 6640b56523..a2ea72e1f5 100644
--- a/guix/build/union.scm
+++ b/guix/build/union.scm
@@ -1,6 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2012, 2013, 2014, 2016 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2014 Mark H Weaver <mhw@netris.org>
+;;; Copyright © 2017 Huang Ying <huang.ying.caritas@gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -73,9 +74,12 @@ identical, #f otherwise."
                                   (loop)))))))))))))
 
 (define* (union-build output inputs
-                      #:key (log-port (current-error-port)))
-  "Build in the OUTPUT directory a symlink tree that is the union of all
-the INPUTS."
+                      #:key (log-port (current-error-port))
+                      (create-all-directories? #f))
+  "Build in the OUTPUT directory a symlink tree that is the union of all the
+INPUTS.  As a special case, if CREATE-ALL-DIRECTORIES?, creates the
+subdirectories in the output directory to make sure the caller can modify them
+later."
 
   (define (symlink* input output)
     (format log-port "`~a' ~~> `~a'~%" input output)
@@ -104,8 +108,11 @@ the INPUTS."
   (define (union output inputs)
     (match inputs
       ((input)
-       ;; There's only one input, so just make a link.
-       (symlink* input output))
+       ;; There's only one input, so just make a link unless
+       ;; create-all-directories?.
+       (if (and create-all-directories? (file-is-directory? input))
+           (union-of-directories output inputs)
+           (symlink* input output)))
       (_
        (call-with-values (lambda () (partition file-is-directory? inputs))
          (match-lambda*
diff --git a/guix/profiles.scm b/guix/profiles.scm
index a62a076f64..795c9447fe 100644
--- a/guix/profiles.scm
+++ b/guix/profiles.scm
@@ -6,6 +6,7 @@
 ;;; Copyright © 2015 Sou Bunnbu <iyzsong@gmail.com>
 ;;; Copyright © 2016 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2016 Chris Marusich <cmmarusich@gmail.com>
+;;; Copyright © 2017 Huang Ying <huang.ying.caritas@gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -877,9 +878,12 @@ entries.  It's used to query the MIME type of a given file."
                           #:substitutable? #f)
         (return #f))))
 
+;; Several font packages may install font files into same directory, so
+;; fonts.dir and fonts.scale file should be generated here, instead of in
+;; packages.
 (define (fonts-dir-file manifest)
   "Return a derivation that builds the @file{fonts.dir} and @file{fonts.scale}
-files for the truetype fonts of the @var{manifest} entries."
+files for the fonts of the @var{manifest} entries."
   (define mkfontscale
     (module-ref (resolve-interface '(gnu packages xorg)) 'mkfontscale))
 
@@ -891,29 +895,54 @@ files for the truetype fonts of the @var{manifest} entries."
         (use-modules (srfi srfi-26)
                      (guix build utils)
                      (guix build union))
-        (let ((ttf-dirs (filter file-exists?
-                                (map (cut string-append <>
-                                          "/share/fonts/truetype")
-                                     '#$(manifest-inputs manifest)))))
+        (let ((fonts-dirs (filter file-exists?
+                                  (map (cut string-append <>
+                                            "/share/fonts")
+                                       '#$(manifest-inputs manifest)))))
           (mkdir #$output)
-          (if (null? ttf-dirs)
+          (if (null? fonts-dirs)
               (exit #t)
-              (let* ((fonts-dir   (string-append #$output "/share/fonts"))
-                     (ttf-dir     (string-append fonts-dir "/truetype"))
+              (let* ((share-dir   (string-append #$output "/share"))
+                     (fonts-dir   (string-append share-dir "/fonts"))
                      (mkfontscale (string-append #+mkfontscale
                                                  "/bin/mkfontscale"))
                      (mkfontdir   (string-append #+mkfontdir
-                                                 "/bin/mkfontdir")))
-                (mkdir-p fonts-dir)
-                (union-build ttf-dir ttf-dirs
-                             #:log-port (%make-void-port "w"))
-                (with-directory-excursion ttf-dir
-                  (exit (and (zero? (system* mkfontscale))
-                             (zero? (system* mkfontdir))))))))))
+                                                 "/bin/mkfontdir"))
+                     (empty-file? (lambda (filename)
+                                    (call-with-ascii-input-file filename
+                                      (lambda (p)
+                                        (eqv? #\0 (read-char p))))))
+                     (fonts-dir-file "fonts.dir")
+                     (fonts-scale-file "fonts.scale"))
+                (mkdir-p share-dir)
+                ;; Create all sub-directories, because we may create fonts.dir
+                ;; and fonts.scale files in the sub-directories.
+                (union-build fonts-dir fonts-dirs
+                             #:log-port (%make-void-port "w")
+                             #:create-all-directories? #t)
+                (let ((directories (find-files fonts-dir
+                                               (lambda (file stat)
+                                                 (eq? 'directory (stat:type stat)))
+                                               #:directories? #t)))
+                  (for-each (lambda (dir)
+                              (with-directory-excursion dir
+                                (when (file-exists? fonts-scale-file)
+                                  (delete-file fonts-scale-file))
+                                (when (file-exists? fonts-dir-file)
+                                  (delete-file fonts-dir-file))
+                                (unless (and (zero? (system* mkfontscale))
+                                             (zero? (system* mkfontdir)))
+                                  (exit #f))
+                                (when (empty-file? fonts-scale-file)
+                                  (delete-file fonts-scale-file))
+                                (when (empty-file? fonts-dir-file)
+                                  (delete-file fonts-dir-file))))
+                            directories)))))))
 
   (gexp->derivation "fonts-dir" build
                     #:modules '((guix build utils)
-                                (guix build union))
+                                (guix build union)
+                                (srfi srfi-26))
                     #:local-build? #t
                     #:substitutable? #f))
 
diff --git a/guix/scripts/lint.scm b/guix/scripts/lint.scm
index 66c82f0409..811f167067 100644
--- a/guix/scripts/lint.scm
+++ b/guix/scripts/lint.scm
@@ -5,6 +5,7 @@
 ;;; Copyright © 2015, 2016 Mathieu Lirzin <mthl@gnu.org>
 ;;; Copyright © 2016 Danny Milosavljevic <dannym+a@scratchpost.org>
 ;;; Copyright © 2016 Hartmut Goebel <h.goebel@crazy-compilers.com>
+;;; Copyright © 2017 Alex Kost <alezost@gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -347,10 +348,25 @@ the synopsis")
                     (_ "synopsis should not start with the package name")
                     'synopsis)))
 
+  (define (check-texinfo-markup synopsis)
+    "Check that SYNOPSIS can be parsed as a Texinfo fragment.  If the
+markup is valid return a plain-text version of SYNOPSIS, otherwise #f."
+    (catch #t
+      (lambda () (texi->plain-text synopsis))
+      (lambda (keys . args)
+        (emit-warning package
+                      (_ "Texinfo markup in synopsis is invalid")
+                      'synopsis)
+        #f)))
+
   (define checks
-    (list check-not-empty check-proper-start check-final-period
-          check-start-article check-start-with-package-name
-          check-synopsis-length))
+    (list check-not-empty
+          check-proper-start
+          check-final-period
+          check-start-article
+          check-start-with-package-name
+          check-synopsis-length
+          check-texinfo-markup))
 
   (match (package-synopsis package)
     ((? string? synopsis)
diff --git a/guix/ui.scm b/guix/ui.scm
index 3a0a6501d1..345bf490b2 100644
--- a/guix/ui.scm
+++ b/guix/ui.scm
@@ -4,7 +4,7 @@
 ;;; Copyright © 2013 Nikita Karetnikov <nikita@karetnikov.org>
 ;;; Copyright © 2014 Cyril Roelandt <tipecaml@gmail.com>
 ;;; Copyright © 2014 Cyrill Schenkel <cyrill.schenkel@gmail.com>
-;;; Copyright © 2014, 2015 Alex Kost <alezost@gmail.com>
+;;; Copyright © 2014, 2015, 2017 Alex Kost <alezost@gmail.com>
 ;;; Copyright © 2015 David Thompson <davet@gnu.org>
 ;;; Copyright © 2015, 2016 Mathieu Lirzin <mthl@gnu.org>
 ;;; Copyright © 2016 Roel Janssen <roel@gnu.org>
@@ -81,6 +81,7 @@
             fill-paragraph
             texi->plain-text
             package-description-string
+            package-synopsis-string
             string->recutils
             package->recutils
             package-specification->name+version+output
@@ -848,10 +849,18 @@ converted to a space; sequences of more than one line break are preserved."
   (with-fluids ((%default-port-encoding "UTF-8"))
     (stexi->plain-text (texi-fragment->stexi str))))
 
+(define (package-field-string package field-accessor)
+  "Return a plain-text representation of PACKAGE field."
+  (and=> (field-accessor package)
+         (compose texi->plain-text P_)))
+
 (define (package-description-string package)
   "Return a plain-text representation of PACKAGE description field."
-  (and=> (package-description package)
-         (compose texi->plain-text P_)))
+  (package-field-string package package-description))
+
+(define (package-synopsis-string package)
+  "Return a plain-text representation of PACKAGE synopsis field."
+  (package-field-string package package-synopsis))
 
 (define (string->recutils str)
   "Return a version of STR where newlines have been replaced by newlines
@@ -914,7 +923,7 @@ WIDTH columns."
           (string-map (match-lambda
                        (#\newline #\space)
                        (chr       chr))
-                      (or (and=> (package-synopsis p) P_)
+                      (or (and=> (package-synopsis-string p) P_)
                           "")))
   (format port "~a~2%"
           (string->recutils
diff --git a/tests/lint.scm b/tests/lint.scm
index 3a9b89fe95..7610a91fd3 100644
--- a/tests/lint.scm
+++ b/tests/lint.scm
@@ -4,6 +4,7 @@
 ;;; Copyright © 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2015, 2016 Mathieu Lirzin <mthl@gnu.org>
 ;;; Copyright © 2016 Hartmut Goebel <h.goebel@crazy-compilers.com>
+;;; Copyright © 2017 Alex Kost <alezost@gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -167,6 +168,13 @@
                         (check-synopsis-style pkg)))
                     "synopsis should not be empty")))
 
+(test-assert "synopsis: valid Texinfo markup"
+  (->bool
+   (string-contains
+    (with-warnings
+      (check-synopsis-style (dummy-package "x" (synopsis "Bad $@ texinfo"))))
+    "Texinfo markup in synopsis is invalid")))
+
 (test-assert "synopsis: does not start with an upper-case letter"
   (->bool
    (string-contains (with-warnings
diff --git a/tests/union.scm b/tests/union.scm
index cccf397181..b63edc757b 100644
--- a/tests/union.scm
+++ b/tests/union.scm
@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2012, 2013, 2014, 2015 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2012, 2013, 2014, 2015, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -124,4 +124,24 @@
                 ;; new 'bin' sub-directory in the profile.
                 (eq? 'directory (stat:type (lstat "bin"))))))))
 
+(test-assert "union-build #:create-all-directories? #t"
+  (let* ((build  `(begin
+                    (use-modules (guix build union))
+                    (union-build (assoc-ref %outputs "out")
+                                 (map cdr %build-inputs)
+                                 #:create-all-directories? #t)))
+         (input  (package-derivation %store %bootstrap-guile))
+         (drv    (build-expression->derivation %store "union-test-all-dirs"
+                                               build
+                                               #:modules '((guix build union))
+                                               #:inputs `(("g" ,input)))))
+    (and (build-derivations %store (list drv))
+         (with-directory-excursion (derivation->output-path drv)
+           ;; Even though there's only one input to the union,
+           ;; #:create-all-directories? #t must have created bin/ rather than
+           ;; making it a symlink to Guile's bin/.
+           (and (file-exists? "bin/guile")
+                (file-is-directory? "bin")
+                (eq? 'symlink (stat:type (lstat "bin/guile"))))))))
+
 (test-end)