summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--build-aux/hydra/gnu-system.scm11
-rw-r--r--doc/guix.texi85
-rw-r--r--gnu/bootloader/u-boot.scm6
-rw-r--r--gnu/local.mk3
-rw-r--r--gnu/packages/admin.scm10
-rw-r--r--gnu/packages/bioinformatics.scm24
-rw-r--r--gnu/packages/bootloaders.scm4
-rw-r--r--gnu/packages/busybox.scm4
-rw-r--r--gnu/packages/cdrom.scm12
-rw-r--r--gnu/packages/cinnamon.scm10
-rw-r--r--gnu/packages/cran.scm78
-rw-r--r--gnu/packages/cups.scm4
-rw-r--r--gnu/packages/electronics.scm4
-rw-r--r--gnu/packages/emacs.scm36
-rw-r--r--gnu/packages/enlightenment.scm8
-rw-r--r--gnu/packages/games.scm6
-rw-r--r--gnu/packages/gnome.scm6
-rw-r--r--gnu/packages/golang.scm4
-rw-r--r--gnu/packages/guile.scm27
-rw-r--r--gnu/packages/image-viewers.scm4
-rw-r--r--gnu/packages/image.scm17
-rw-r--r--gnu/packages/libreoffice.scm16
-rw-r--r--gnu/packages/linux.scm16
-rw-r--r--gnu/packages/lisp.scm114
-rw-r--r--gnu/packages/llvm.scm10
-rw-r--r--gnu/packages/mail.scm15
-rw-r--r--gnu/packages/maths.scm37
-rw-r--r--gnu/packages/mpd.scm20
-rw-r--r--gnu/packages/mtools.scm4
-rw-r--r--gnu/packages/nutrition.scm7
-rw-r--r--gnu/packages/ocaml.scm33
-rw-r--r--gnu/packages/patches/openssl-1.1-c-rehash-in.patch (renamed from gnu/packages/patches/openssl-1.1.0-c-rehash-in.patch)6
-rw-r--r--gnu/packages/patches/xf86-video-ast-remove-mibstore.patch90
-rw-r--r--gnu/packages/perl.scm24
-rw-r--r--gnu/packages/php.scm5
-rw-r--r--gnu/packages/python.scm111
-rw-r--r--gnu/packages/rails.scm14
-rw-r--r--gnu/packages/ruby.scm201
-rw-r--r--gnu/packages/rust.scm17
-rw-r--r--gnu/packages/scheme.scm19
-rw-r--r--gnu/packages/scsi.scm31
-rw-r--r--gnu/packages/security-token.scm10
-rw-r--r--gnu/packages/shells.scm24
-rw-r--r--gnu/packages/telephony.scm46
-rw-r--r--gnu/packages/time.scm4
-rw-r--r--gnu/packages/tls.scm34
-rw-r--r--gnu/packages/version-control.scm7
-rw-r--r--gnu/packages/video.scm14
-rw-r--r--gnu/packages/virtualization.scm4
-rw-r--r--gnu/packages/wine.scm10
-rw-r--r--gnu/packages/xdisorg.scm16
-rw-r--r--gnu/packages/xiph.scm4
-rw-r--r--gnu/packages/xorg.scm48
-rw-r--r--gnu/services/base.scm45
-rw-r--r--gnu/services/networking.scm56
-rw-r--r--gnu/system/install.scm6
-rw-r--r--gnu/tests/networking.scm129
-rw-r--r--guix/build/lisp-utils.scm63
-rw-r--r--guix/channels.scm16
-rw-r--r--guix/git-download.scm36
-rw-r--r--guix/git.scm3
-rw-r--r--guix/gnupg.scm58
-rw-r--r--guix/scripts/describe.scm6
-rw-r--r--guix/scripts/graph.scm12
-rw-r--r--guix/scripts/pull.scm35
-rw-r--r--guix/scripts/refresh.scm13
-rw-r--r--guix/store.scm3
-rw-r--r--tests/pack.scm7
68 files changed, 1302 insertions, 560 deletions
diff --git a/build-aux/hydra/gnu-system.scm b/build-aux/hydra/gnu-system.scm
index 7234e2d0e8..d6b0132807 100644
--- a/build-aux/hydra/gnu-system.scm
+++ b/build-aux/hydra/gnu-system.scm
@@ -330,12 +330,11 @@ valid."
        (set-current-module (make-user-module '((guix profiles) (gnu))))
        (primitive-load manifest))))
 
-  (parameterize ((%graft? #f))
-    (delete-duplicates!
-     (map manifest-entry-item
-          (append-map (compose manifest-entries
-                               load-manifest)
-                      manifests)))))
+  (delete-duplicates!
+   (map manifest-entry-item
+        (append-map (compose manifest-entries
+                             load-manifest)
+                    manifests))))
 
 
 ;;;
diff --git a/doc/guix.texi b/doc/guix.texi
index cccf166d03..b925485be5 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -7268,6 +7268,36 @@ The following options can be used to customize GnuPG operation:
 Use @var{command} as the GnuPG 2.x command.  @var{command} is searched
 for in @code{$PATH}.
 
+@item --keyring=@var{file}
+Use @var{file} as the keyring for upstream keys.  @var{file} must be in the
+@dfn{keybox format}.  Keybox files usually have a name ending in @file{.kbx}
+and the GNU@tie{}Privacy Guard (GPG) can manipulate these files
+(@pxref{kbxutil, @command{kbxutil},, gnupg, Using the GNU Privacy Guard}, for
+information on a tool to manipulate keybox files).
+
+When this option is omitted, @command{guix refresh} uses
+@file{~/.config/guix/upstream/trustedkeys.kbx} as the keyring for upstream
+signing keys.  OpenPGP signatures are checked against keys from this keyring;
+missing keys are downloaded to this keyring as well (see
+@option{--key-download} below.)
+
+You can export keys from your default GPG keyring into a keybox file using
+commands like this one:
+
+@example
+gpg --export rms@@gnu.org | kbxutil --import-openpgp >> mykeyring.kbx
+@end example
+
+Likewise, you can fetch keys to a specific keybox file like this:
+
+@example
+gpg --no-default-keyring --keyring mykeyring.kbx \
+  --recv-keys @value{OPENPGP-SIGNING-KEY-ID}
+@end example
+
+@ref{GPG Configuration Options, @option{--keyring},, gnupg, Using the GNU
+Privacy Guard}, for more information on GPG's @option{--keyring} option.
+
 @item --key-download=@var{policy}
 Handle missing OpenPGP keys according to @var{policy}, which may be one
 of:
@@ -7711,6 +7741,13 @@ This is useful to precisely refer to a package, as in this example:
 @example
 guix graph -e '(@@@@ (gnu packages commencement) gnu-make-final)'
 @end example
+
+@item --system=@var{system}
+@itemx -s @var{system}
+Display the graph for @var{system}---e.g., @code{i686-linux}.
+
+The package dependency graph is largely architecture-independent, but there
+are some architecture-dependent bits that this option allows you to visualize.
 @end table
 
 
@@ -11575,6 +11612,54 @@ Thus, it can be instantiated like this:
 @end lisp
 @end defvr
 
+@cindex iptables
+@defvr {Scheme Variable} iptables-service-type
+This is the service type to set up an iptables configuration. iptables is a
+packet filtering framework supported by the Linux kernel.  This service
+supports configuring iptables for both IPv4 and IPv6.  A simple example
+configuration rejecting all incoming connections except those to the ssh port
+22 is shown below.
+
+@lisp
+(service iptables-service-type
+         (iptables-configuration
+          (ipv4-rules (plain-file "iptables.rules" "*filter
+:INPUT ACCEPT
+:FORWARD ACCEPT
+:OUTPUT ACCEPT
+-A INPUT -p tcp --dport 22 -j ACCEPT
+-A INPUT -j REJECT --reject-with icmp-port-unreachable
+COMMIT
+"))
+          (ipv6-rules (plain-file "ip6tables.rules" "*filter
+:INPUT ACCEPT
+:FORWARD ACCEPT
+:OUTPUT ACCEPT
+-A INPUT -p tcp --dport 22 -j ACCEPT
+-A INPUT -j REJECT --reject-with icmp6-port-unreachable
+COMMIT
+"))))
+@end lisp
+@end defvr
+
+@deftp {Data Type} iptables-configuration
+The data type representing the configuration of iptables.
+
+@table @asis
+@item @code{iptables} (default: @code{iptables})
+The iptables package that provides @code{iptables-restore} and
+@code{ip6tables-restore}.
+@item @code{ipv4-rules} (default: @code{%iptables-accept-all-rules})
+The iptables rules to use.  It will be passed to @code{iptables-restore}.
+This may be any ``file-like'' object (@pxref{G-Expressions, file-like
+objects}).
+@item @code{ipv6-rules} (default: @code{%iptables-accept-all-rules})
+The ip6tables rules to use.  It will be passed to @code{ip6tables-restore}.
+This may be any ``file-like'' object (@pxref{G-Expressions, file-like
+objects}).
+@end table
+@end deftp
+
 @cindex NTP
 @cindex real time clock
 @deffn {Scheme Procedure} ntp-service [#:ntp @var{ntp}] @
diff --git a/gnu/bootloader/u-boot.scm b/gnu/bootloader/u-boot.scm
index 52b38dd1ab..0157fde3da 100644
--- a/gnu/bootloader/u-boot.scm
+++ b/gnu/bootloader/u-boot.scm
@@ -31,7 +31,7 @@
             u-boot-a20-olinuxino-lime-bootloader
             u-boot-a20-olinuxino-lime2-bootloader
             u-boot-a20-olinuxino-micro-bootloader
-            u-boot-banana-pi-m2-ultra-bootloader
+            u-boot-bananapi-m2-ultra-bootloader
             u-boot-beaglebone-black-bootloader
             u-boot-mx6cuboxi-bootloader
             u-boot-nintendo-nes-classic-edition-bootloader
@@ -148,10 +148,10 @@
    (inherit u-boot-allwinner-bootloader)
    (package u-boot-a20-olinuxino-micro)))
 
-(define u-boot-banana-pi-m2-ultra-bootloader
+(define u-boot-bananapi-m2-ultra-bootloader
   (bootloader
    (inherit u-boot-allwinner-bootloader)
-   (package u-boot-banana-pi-m2-ultra)))
+   (package u-boot-bananapi-m2-ultra)))
 
 (define u-boot-mx6cuboxi-bootloader
   (bootloader
diff --git a/gnu/local.mk b/gnu/local.mk
index 6a48782e4b..c10894cb5d 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1012,7 +1012,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/openocd-nrf52.patch			\
   %D%/packages/patches/opensmtpd-fix-crash.patch		\
   %D%/packages/patches/openssl-runpath.patch			\
-  %D%/packages/patches/openssl-1.1.0-c-rehash-in.patch		\
+  %D%/packages/patches/openssl-1.1-c-rehash-in.patch		\
   %D%/packages/patches/openssl-c-rehash-in.patch		\
   %D%/packages/patches/orpheus-cast-errors-and-includes.patch	\
   %D%/packages/patches/osip-CVE-2017-7853.patch			\
@@ -1231,7 +1231,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/xapian-revert-5489fb2f8.patch		\
   %D%/packages/patches/xboing-CVE-2004-0149.patch		\
   %D%/packages/patches/xf86-video-ark-remove-mibstore.patch	\
-  %D%/packages/patches/xf86-video-ast-remove-mibstore.patch	\
   %D%/packages/patches/xf86-video-geode-glibc-2.20.patch	\
   %D%/packages/patches/xf86-video-i128-remove-mibstore.patch	\
   %D%/packages/patches/xf86-video-mach64-glibc-2.20.patch	\
diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm
index 8807ab18b5..e7e34ab97f 100644
--- a/gnu/packages/admin.scm
+++ b/gnu/packages/admin.scm
@@ -963,7 +963,7 @@ system administrator.")
 (define-public sudo
   (package
     (name "sudo")
-    (version "1.8.25")
+    (version "1.8.25p1")
     (source (origin
               (method url-fetch)
               (uri
@@ -973,7 +973,7 @@ system administrator.")
                                     version ".tar.gz")))
               (sha256
                (base32
-                "0hfw6pcwjvv1vvnhb4n1p210306jm4npz99p9cfhbd33yrhhzkwx"))
+                "0nqri46d4dpycj96zin2f2wszmhm7q9mr68hhj9sp81pgmx9rjcx"))
               (modules '((guix build utils)))
               (snippet
                '(begin
@@ -1236,7 +1236,7 @@ network, which causes enabled computers to power on.")
 (define-public dmidecode
   (package
     (name "dmidecode")
-    (version "3.1")
+    (version "3.2")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -1244,7 +1244,7 @@ network, which causes enabled computers to power on.")
                     version ".tar.xz"))
               (sha256
                (base32
-                "1h0sg0lxa15nzf8s7884p6q7p6md9idm0c79wyqmk32l4ndwwrnp"))))
+                "1pcfhcgs2ifdjwp7amnsr3lq95pgxpr150bjhdinvl505px0cw07"))))
     (build-system gnu-build-system)
     (arguments
      '(#:phases (modify-phases %standard-phases (delete 'configure))
@@ -2779,6 +2779,8 @@ support forum.  It runs with the @code{/exec} command in most IRC clients.")
                #t))))))
     (inputs
      `(("eudev" ,eudev)))
+    (propagated-inputs
+     `(("python-six" ,python-six)))
     (native-inputs
      `(("python-docutils" ,python-docutils)
        ("python-hypothesis" ,python-hypothesis)
diff --git a/gnu/packages/bioinformatics.scm b/gnu/packages/bioinformatics.scm
index f6410c3ca4..67f24a6170 100644
--- a/gnu/packages/bioinformatics.scm
+++ b/gnu/packages/bioinformatics.scm
@@ -13699,3 +13699,27 @@ are highly customizable.  Currently, it is possible to plot: bigwig, bed (many
 options), bedgraph, links (represented as arcs), and Hi-C matrices.
 pyGenomeTracks can make plots with or without Hi-C data.")
     (license license:gpl3+)))
+
+(define-public python-hic2cool
+  (package
+    (name "python-hic2cool")
+    (version "0.4.2")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (pypi-uri "hic2cool" version))
+       (sha256
+        (base32
+         "0xy6mhfns2lzib1kcr6419jjp6pmh0qx8z8na55lmiwn0ds8q9cl"))))
+    (build-system python-build-system)
+    (arguments '(#:tests? #f)) ; no tests included
+    (propagated-inputs
+     `(("python-cooler" ,python-cooler)))
+    (home-page "https://github.com/4dn-dcic/hic2cool")
+    (synopsis "Converter for .hic and .cool files")
+    (description
+     "This package provides a converter between @code{.hic} files (from
+juicer) and single-resolution or multi-resolution @code{.cool} files (for
+cooler).  Both @code{hic} and @code{cool} files describe Hi-C contact
+matrices.")
+    (license license:expat)))
diff --git a/gnu/packages/bootloaders.scm b/gnu/packages/bootloaders.scm
index e99dc8455f..48cba1daee 100644
--- a/gnu/packages/bootloaders.scm
+++ b/gnu/packages/bootloaders.scm
@@ -382,7 +382,7 @@ tree binary files.  These are board description files used by Linux and BSD.")
        ("sdl" ,sdl)
        ("swig" ,swig)))
     (build-system  gnu-build-system)
-    (home-page "http://www.denx.de/wiki/U-Boot/")
+    (home-page "https://www.denx.de/wiki/U-Boot/")
     (synopsis "ARM bootloader")
     (description "U-Boot is a bootloader used mostly for ARM boards. It
 also initializes the boards (RAM etc).")
@@ -571,7 +571,7 @@ board-independent tools.")))
        `(("firmware" ,arm-trusted-firmware-pine64-plus)
          ,@(package-native-inputs base))))))
 
-(define-public u-boot-banana-pi-m2-ultra
+(define-public u-boot-bananapi-m2-ultra
   (make-u-boot-package "Bananapi_M2_Ultra" "arm-linux-gnueabihf"))
 
 (define-public u-boot-a20-olinuxino-lime
diff --git a/gnu/packages/busybox.scm b/gnu/packages/busybox.scm
index 480b777574..5f1613bb4c 100644
--- a/gnu/packages/busybox.scm
+++ b/gnu/packages/busybox.scm
@@ -31,7 +31,7 @@
 (define-public busybox
   (package
     (name "busybox")
-    (version "1.29.1")
+    (version "1.29.3")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -39,7 +39,7 @@
                     version ".tar.bz2"))
               (sha256
                (base32
-                "1hqlr5b3bsyb6avadz1z4za6pyl32r1krnpcpwwqilhnx8q0f9gw"))))
+                "1dzg45vgy2w1xcd3p6h8d76ykhabbvk1h0lf8yb24ikrwlv8cr4p"))))
     (build-system gnu-build-system)
     (arguments
      '(#:phases
diff --git a/gnu/packages/cdrom.scm b/gnu/packages/cdrom.scm
index 4b051e22d4..d8dc9ee6f9 100644
--- a/gnu/packages/cdrom.scm
+++ b/gnu/packages/cdrom.scm
@@ -152,14 +152,14 @@ libcdio.")
 (define-public xorriso
   (package
     (name "xorriso")
-    (version "1.4.8")
+    (version "1.5.0")
     (source (origin
              (method url-fetch)
              (uri (string-append "mirror://gnu/xorriso/xorriso-"
                                  version ".tar.gz"))
              (sha256
               (base32
-               "10c44yr3dpmwxa7rf23mwfsy1bahny3jpcg9ig0xjv090jg0d0pc"))))
+               "0aq6lvlwlkxz56l5sbvgycr6j5c82ch2bv6zrnc2345ibfpafgx9"))))
     (build-system gnu-build-system)
     (inputs
      `(("acl" ,acl)
@@ -727,14 +727,14 @@ laid out on the image.")
 (define-public libburn
   (package
     (name "libburn")
-    (version "1.4.8")
+    (version "1.5.0")
     (source (origin
              (method url-fetch)
              (uri (string-append "http://files.libburnia-project.org/releases/"
                                  "libburn-" version ".tar.gz"))
              (sha256
               (base32
-               "19lxnzn8bz70glrrrn2hs43gf5g7gfbcka9rcbckhv1pb7is509y"))))
+               "1gg2kgnqvaa2fwghai62prxz6slpak1f6bvgjh8m4dn16v114asq"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("pkg-config" ,pkg-config)))
@@ -749,14 +749,14 @@ DVD-RW, DVD-R, DVD-R/DL, BD-R, and BD-RE.")
 (define-public libisofs
   (package
     (name "libisofs")
-    (version "1.4.8")
+    (version "1.5.0")
     (source (origin
              (method url-fetch)
              (uri (string-append "http://files.libburnia-project.org/releases/"
                                  "libisofs-" version ".tar.gz"))
              (sha256
               (base32
-               "0scvqb72qq24wcg814p1iw1dknldl21hr1hxsc1wy9vc6vgyk7fw"))))
+               "001l3akf3wb6msl9man776w560iqyvsbwwzs7d7y7msx13irspys"))))
     (build-system gnu-build-system)
     (inputs
      `(("zlib" ,zlib)
diff --git a/gnu/packages/cinnamon.scm b/gnu/packages/cinnamon.scm
index 65aea47d5a..7cac863f92 100644
--- a/gnu/packages/cinnamon.scm
+++ b/gnu/packages/cinnamon.scm
@@ -1,5 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2017 Nils Gillmann <ng0@n0.is>
+;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -50,13 +51,10 @@
     (arguments
      `(#:phases
        (modify-phases %standard-phases
-         (add-after 'unpack 'autoconf
+         (add-before 'bootstrap 'skip-premature-configure
            (lambda _
-             (mkdir-p "m4")
-             (zero?
-              (and (system* "glib-gettextize" "--force" "--copy")
-                   (system* "intltoolize" "--force" "--copy" "--automake")
-                   (system* "autoreconf" "--verbose" "--force" "--install"))))))))
+             (setenv "NOCONFIGURE" "set")
+             #t)))))
     ;; TODO: package 'libgsystem'.
     (inputs
      `(("accountsservice" ,accountsservice)
diff --git a/gnu/packages/cran.scm b/gnu/packages/cran.scm
index f8177da013..5519b85d0b 100644
--- a/gnu/packages/cran.scm
+++ b/gnu/packages/cran.scm
@@ -5797,3 +5797,81 @@ sampling and basic manipulation of Brazilian lawsuits identification number.
 It also implements functions for text cleaning, such as accentuation
 removal.")
     (license license:expat)))
+
+(define-public r-abnormality
+  (package
+    (name "r-abnormality")
+    (version "0.1.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "abnormality" version))
+       (sha256
+        (base32 "1fzfskl9akl06nliy8hkv2a0pznpj8pwcypg3gj5r2nzvr3kan9v"))))
+    (build-system r-build-system)
+    (propagated-inputs
+     `(("r-mass" ,r-mass)
+       ("r-matrix" ,r-matrix)))
+    (home-page "https://cran.r-project.org/web/packages/abnormality/")
+    (synopsis "Measure a subject's abnormality with respect to a reference population")
+    (description
+     "This package contains functions to implement the methodology and
+considerations laid out by Marks et al. in the article \"Measuring abnormality
+in high dimensional spaces: applications in biomechanical gait analysis\".
+Using high-dimensional datasets to measure a subject's overall level of
+abnormality as compared to a reference population is often needed in outcomes
+research.")
+    (license license:expat)))
+
+(define-public r-abodoutlier
+  (package
+    (name "r-abodoutlier")
+    (version "0.1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "abodOutlier" version))
+       (sha256
+        (base32 "1pvhgxmh23br84r0fbmv7g53z2427birdja96a67vqgz18r3fdvj"))))
+    (properties `((upstream-name . "abodOutlier")))
+    (build-system r-build-system)
+    (propagated-inputs
+     `(("r-cluster" ,r-cluster)))
+    (home-page "https://cran.r-project.org/web/packages/abodOutlier/")
+    (synopsis "Angle-based outlier detection")
+    (description
+     "This package performs angle-based outlier detection on a given data
+frame.  It offers three methods to process data:
+@enumerate
+@item full but slow implementation using all the data that has cubic
+  complexity;
+@item a fully randomized method;
+@item a method using k-nearest neighbours.
+@end enumerate
+These algorithms are well suited for high dimensional data outlier
+detection.")
+    (license license:expat)))
+
+(define-public r-abps
+  (package
+    (name "r-abps")
+    (version "0.2")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "ABPS" version))
+       (sha256
+        (base32 "1k3f5i34f4w2khkszb4qhwwcpiy7gsfh82vjr6rypwg6rx5rjclq"))))
+    (properties `((upstream-name . "ABPS")))
+    (build-system r-build-system)
+    (propagated-inputs `(("r-kernlab" ,r-kernlab)))
+    (home-page "https://cran.r-project.org/web/packages/ABPS/")
+    (synopsis "Abnormal blood profile score to detect blood doping")
+    (description
+     "This package offers an implementation of the @dfn{Abnormal blood profile score} (ABPS).
+The ABPS is a part of the Athlete biological passport program of the World
+anti-doping agency, which combines several blood parameters into a single
+score in order to detect blood doping.  The package also contains functions to
+calculate other scores used in anti-doping programs, such as the ratio of
+hemoglobin to reticulocytes (OFF-score), as well as example data.")
+    (license license:gpl2+)))
diff --git a/gnu/packages/cups.scm b/gnu/packages/cups.scm
index b4034dfad8..a704915157 100644
--- a/gnu/packages/cups.scm
+++ b/gnu/packages/cups.scm
@@ -574,14 +574,14 @@ printer/driver specific, but spooler-independent PPD file.")
 (define-public foo2zjs
   (package
     (name "foo2zjs")
-    (version "20171202")
+    (version "20180910")
     (source (origin
               (method url-fetch)
               ;; XXX: This is an unversioned URL!
               (uri "http://foo2zjs.rkkda.com/foo2zjs.tar.gz")
               (sha256
                (base32
-                "10m1ksbzqsrsl4faqyl73ahfnj2hv1y3zrmr366zvjg7w3l6ag5n"))))
+                "1clddqy4y4vvws0lllv1v90dfiihihdc23bn93c544yb3fvmwmr6"))))
     (build-system gnu-build-system)
     (arguments
      '(#:phases (modify-phases %standard-phases
diff --git a/gnu/packages/electronics.scm b/gnu/packages/electronics.scm
index af3ebeb805..d13f220b84 100644
--- a/gnu/packages/electronics.scm
+++ b/gnu/packages/electronics.scm
@@ -60,7 +60,7 @@ to take care of the OS-specific details when writing software that uses serial p
 (define-public libsigrokdecode
   (package
     (name "libsigrokdecode")
-    (version "0.5.1")
+    (version "0.5.2")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -68,7 +68,7 @@ to take care of the OS-specific details when writing software that uses serial p
                     version ".tar.gz"))
               (sha256
                (base32
-                "07mmb6s62ncqqgsc6szilj2yxixf6gg99ggbzsjlbhp4b9aqnga9"))))
+                "1w434nl1syjkvwl08lji3r9sr60lbxp1nqys8hqwzv2lgiwrx3g0"))))
     (outputs '("out" "doc"))
     (arguments
      `(#:phases
diff --git a/gnu/packages/emacs.scm b/gnu/packages/emacs.scm
index 770ca3c496..9b3a90bd33 100644
--- a/gnu/packages/emacs.scm
+++ b/gnu/packages/emacs.scm
@@ -579,16 +579,16 @@ support for Git-SVN.")
 (define-public emacs-magit-popup
   (package
     (name "emacs-magit-popup")
-    (version "2.12.3")
+    (version "2.12.4")
     (source (origin
-              (method url-fetch)
-              (uri (string-append
-                    "https://github.com/magit/magit-popup/archive/v"
-                    version ".tar.gz"))
-              (file-name (string-append name "-" version ".tar.gz"))
+              (method git-fetch)
+              (uri (git-reference
+                    (url "https://github.com/magit/magit-popup.git")
+                    (commit (string-append "v" version))))
+              (file-name (git-file-name name version))
               (sha256
                (base32
-                "1kz6vj67awkwf9y2wj6m3l2him3znm08z6bkdvnmfr6rwd96dr39"))))
+                "08952nzn0cb6gxscqyiljk4fq2zxjvr3ism0lvgw0gs9hl5phiwx"))))
     (build-system emacs-build-system)
     (arguments
      `(#:phases
@@ -7182,6 +7182,28 @@ the actual transformations.")
 @end itemize\n")
       (license license:gpl3+))))
 
+(define-public emacs-dired-sidebar
+  (let ((commit "06bd0d40bab812c61a668129daf29ba359424454")
+        (revision "0"))
+    (package
+      (name "emacs-dired-sidebar")
+      (home-page "https://github.com/jojojames/dired-sidebar")
+      (version (git-version "0.0.1" revision commit))
+      (source (origin
+                (method git-fetch)
+                (uri (git-reference (url home-page) (commit commit)))
+                (sha256
+                 (base32
+                  "0lvwvq6sl80sha9fq5m4568sg534dhmifyjqw75bqddcbf3by84x"))))
+      (build-system emacs-build-system)
+      (propagated-inputs
+       `(("emacs-dired-subtree" ,emacs-dired-hacks)))
+      (synopsis "Sidebar for Emacs using Dired")
+      (description
+       "This package provides a sidebar for Emacs similar to @code{NeoTree}
+or @code{treemacs}, but leveraging @code{Dired} to do the job of display.")
+      (license license:gpl3+))))
+
 (define-public emacs-which-key
   (package
     (name "emacs-which-key")
diff --git a/gnu/packages/enlightenment.scm b/gnu/packages/enlightenment.scm
index 40a5ec1cf4..45dc1dbbeb 100644
--- a/gnu/packages/enlightenment.scm
+++ b/gnu/packages/enlightenment.scm
@@ -62,7 +62,7 @@
 (define-public efl
   (package
     (name "efl")
-    (version "1.21.0")
+    (version "1.21.1")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -70,7 +70,7 @@
                     version ".tar.xz"))
               (sha256
                (base32
-                "0jxfrcz2aq1synxzd6sh9nhxz7fg9qgz0idr8zj6gaiplmwbwrby"))))
+                "0a5907h896pvpix7a6idc2fspzy6d78xrzf84k8y9fyvnd14nxs4"))))
     (outputs '("out"       ; 49 MB
                "include")) ; 17 MB
     (build-system gnu-build-system)
@@ -251,7 +251,7 @@ Libraries with some extra bells and whistles.")
 (define-public enlightenment
   (package
     (name "enlightenment")
-    (version "0.22.3")
+    (version "0.22.4")
     (source (origin
               (method url-fetch)
               (uri
@@ -259,7 +259,7 @@ Libraries with some extra bells and whistles.")
                               name "/" name "-" version ".tar.xz"))
               (sha256
                (base32
-                "16zydv7z94aw3rywmb9gr8ya85k7b75h22wng95lfx1x0y1yb0ad"))
+                "0ygy891rrw5c7lhk539nhif77j88phvz2h0fhx172iaridy9kx2r"))
               (patches (search-patches "enlightenment-fix-setuid-path.patch"))))
     (build-system gnu-build-system)
     (arguments
diff --git a/gnu/packages/games.scm b/gnu/packages/games.scm
index 2015e3ce47..8be87f6f55 100644
--- a/gnu/packages/games.scm
+++ b/gnu/packages/games.scm
@@ -2694,7 +2694,7 @@ is attributed to Albert Einstein.")
 (define-public powwow
   (package
     (name "powwow")
-    (version "1.2.17")
+    (version "1.2.18")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -2703,11 +2703,11 @@ is attributed to Albert Einstein.")
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "1xmsg2y7qcvj67i9ilnih0mvfxcpni7fzrz343x9rdfnkkzf3pp8"))))
+                "1gf0jc1vfv05lxij51n3c1dqn3aiiy2kj1v6q14an3wm7yl7cllp"))))
     (inputs
      `(("ncurses" ,ncurses)))
     (build-system gnu-build-system)
-    (home-page "http://www.hoopajoo.net/projects/powwow.html")
+    (home-page "https://www.hoopajoo.net/projects/powwow.html")
     (synopsis "MUD and telnet client")
     (description
      "POWWOW is a client software which can be used for telnet as well as for
diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm
index 2b723e99ee..98ead71e34 100644
--- a/gnu/packages/gnome.scm
+++ b/gnu/packages/gnome.scm
@@ -4156,7 +4156,7 @@ work and the interface is well tested.")
        ("gtkspell3" ,gtkspell3)
        ("gsettings-desktop-schemas" ,gsettings-desktop-schemas)
        ("webkitgtk" ,webkitgtk)))
-    (home-page "https://github.com/gnumdk/eolie/")
+    (home-page "https://wiki.gnome.org/Apps/Eolie")
     (synopsis "Web browser for GNOME")
     (description
      "Eolie is a new web browser for GNOME.  It features Firefox sync support,
@@ -4438,7 +4438,7 @@ metadata in photo and video files of various formats.")
 (define-public shotwell
   (package
     (name "shotwell")
-    (version "0.28.0")
+    (version "0.28.4")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -4446,7 +4446,7 @@ metadata in photo and video files of various formats.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "1d797nmlz9gs6ri0h65b76s40ss6ma6h6405xqx03lhg5xni3kmg"))))
+                "03k7n2kmzqn11kf3733w7m6xjh2b5q9xr84za2hli11fjymzaxm9"))))
     (build-system glib-or-gtk-build-system)
     (propagated-inputs
      `(("dconf" ,dconf)))
diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm
index b4a088a051..fd4c362d36 100644
--- a/gnu/packages/golang.scm
+++ b/gnu/packages/golang.scm
@@ -389,7 +389,7 @@ in the style of communicating sequential processes (@dfn{CSP}).")
   (package
     (inherit go-1.9)
     (name "go")
-    (version "1.10.3")
+    (version "1.10.4")
     (source
      (origin
        (method url-fetch)
@@ -397,7 +397,7 @@ in the style of communicating sequential processes (@dfn{CSP}).")
                            name version ".src.tar.gz"))
        (sha256
         (base32
-         "1wjmw65nfkkzz084695gdgn13sbjcaafy2y5370d214pdk31qysn"))))
+         "10ap5pan71y2hdwzv4cg8wx4sy8fkcz5520rm1ldjg25xmjlkr3g"))))
     (arguments
      (substitute-keyword-arguments (package-arguments go-1.9)
        ((#:phases phases)
diff --git a/gnu/packages/guile.scm b/gnu/packages/guile.scm
index cd49921493..0333c25255 100644
--- a/gnu/packages/guile.scm
+++ b/gnu/packages/guile.scm
@@ -2175,4 +2175,31 @@ endpoint.  Additionally, it provides an interface to write SPARQL queries
 using S-expressions.")
    (license license:gpl3+)))
 
+(define-public guile-debbugs
+  (package
+    (name "guile-debbugs")
+    (version "0.0.2")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "mirror://gnu/guile-debbugs/guile-debbugs-"
+                                  version ".tar.gz"))
+              (sha256
+               (base32
+                "16l8910p57im6s3j93xhdaqvgfy6ms5n97177mrch3y961z5hy0i"))
+              (modules '((guix build utils)))
+              (snippet
+               '(substitute* "Makefile.in"
+                  (("^godir = (.*)/ccache" _ prefix)
+                   (string-append "godir = " prefix "/site-ccache"))))))
+    (build-system gnu-build-system)
+    (native-inputs
+     `(("guile" ,guile-2.2)
+       ("pkg-config" ,pkg-config)))
+    (home-page "https://savannah.gnu.org/projects/guile-debbugs/")
+    (synopsis "Guile interface to the Debbugs bug tracking service")
+    (description
+     "This package provides a Guile library to communicate with a Debbugs bug
+tracker's SOAP service, such as @url{https://bugs.gnu.org}.")
+    (license license:gpl3+)))
+
 ;;; guile.scm ends here
diff --git a/gnu/packages/image-viewers.scm b/gnu/packages/image-viewers.scm
index 87546045a6..512795ce89 100644
--- a/gnu/packages/image-viewers.scm
+++ b/gnu/packages/image-viewers.scm
@@ -60,7 +60,7 @@
 (define-public feh
   (package
     (name "feh")
-    (version "2.27.1")
+    (version "2.28")
     (home-page "https://feh.finalrewind.org/")
     (source (origin
               (method url-fetch)
@@ -68,7 +68,7 @@
                                   name "-" version ".tar.bz2"))
               (sha256
                (base32
-                "10zk76l491s22qrv86rax6cvpgwyl3qq0izl2pbk0k1z1kw3ihvf"))))
+                "1nfka7w6pzj2bbwx8vydr2wwm7z8mrbqiy1xrq97c1g5bxy2vlhk"))))
     (build-system gnu-build-system)
     (arguments
      '(#:phases (modify-phases %standard-phases (delete 'configure))
diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm
index 62fc26ab91..89c15a5fe8 100644
--- a/gnu/packages/image.scm
+++ b/gnu/packages/image.scm
@@ -267,8 +267,16 @@ files.  It can compress them as much as 40% losslessly.")
     "Libjpeg implements JPEG image encoding, decoding, and transcoding.
 JPEG is a standardized compression method for full-color and gray-scale
 images.
-The included programs provide conversion between the JPEG format and
-image files in PBMPLUS PPM/PGM, GIF, BMP, and Targa file formats.")
+It also includes programs that provide conversion between the JPEG format and
+image files in PBMPLUS PPM/PGM, GIF, BMP, and Targa file formats, as well as
+lossless JPEG manipulations such as rotation, scaling or cropping:
+@enumerate
+@item cjpeg
+@item djpeg
+@item jpegtran
+@item rdjpgcom
+@item wrjpgcom
+@end enumerate")
    (license license:ijg)
    (home-page "http://www.ijg.org/")))
 
@@ -1350,8 +1358,9 @@ medical image data, e.g. magnetic resonance image (MRI) and functional MRI
     (build-system gnu-build-system)
     (home-page "http://libiptcdata.sourceforge.net/")
     (synopsis "IPTC metadata manipulation library")
-    (description "Libiptcdata is a C library for manipulating the International
-Press Telecommunications Council (IPTC) metadata stored within multimedia files
+    (description
+     "Libiptcdata is a C library for manipulating the International Press
+Telecommunications Council (@dfn{IPTC}) metadata stored within multimedia files
 such as images.  This metadata can include captions and keywords, often used by
 popular photo management applications.  The library provides routines for
 parsing, viewing, modifying, and saving this metadata.")
diff --git a/gnu/packages/libreoffice.scm b/gnu/packages/libreoffice.scm
index 1dbedf34d0..18edfcd35a 100644
--- a/gnu/packages/libreoffice.scm
+++ b/gnu/packages/libreoffice.scm
@@ -654,19 +654,19 @@ text documents, vector drawings, presentations and spreadsheets.")
 (define-public libmwaw
   (package
     (name "libmwaw")
-    (version "0.3.12")
+    (version "0.3.14")
     (source
      (origin
       (method url-fetch)
       (uri (string-append "mirror://sourceforge/" name "/" name "/" name "-"
                           version "/" name "-" version ".tar.xz"))
       (sha256 (base32
-               "1ryi1v38lgy5kv84fzjqkawidrg30y4hlqrz1v262792wzkad4bn"))))
+               "1s9wyf8pyh3fbazq2d2b6fgi7s7bid60viw2xbdkmn2ywlfbza5c"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("doxygen" ,doxygen)
        ("pkg-config" ,pkg-config)))
-    (propagated-inputs ; in Requires field of .pkg
+    (propagated-inputs                  ; in Requires field of .pkg
      `(("librevenge" ,librevenge)))
     (inputs
      `(("boost" ,boost)
@@ -676,7 +676,7 @@ text documents, vector drawings, presentations and spreadsheets.")
     (description "Libmwaw contains some import filters for old Macintosh
 text documents (MacWrite, ClarisWorks, ... ) and for some graphics and
 spreadsheet documents.")
-    (license (list mpl2.0 lgpl2.1+)))) ; dual license
+    (license (list mpl2.0 lgpl2.1+))))  ; dual license
 
 (define-public libstaroffice
   (package
@@ -704,19 +704,19 @@ from the old StarOffice (.sdc, .sdw, ...).")
 (define-public libwps
   (package
     (name "libwps")
-    (version "0.4.9")
+    (version "0.4.10")
     (source
      (origin
       (method url-fetch)
       (uri (string-append "mirror://sourceforge/" name "/" name "/"
                           name "-" version "/" name "-" version ".tar.xz"))
       (sha256 (base32
-               "08j9nxnrzxsnq35d9l824ad8w8az42fivaxn8ajl85dv6g3v1ghk"))))
+               "1ji9zd4wxmas03g8jyx0ih0amrqfazm5874a2v9rd7va50sf088l"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("doxygen" ,doxygen)
        ("pkg-config" ,pkg-config)))
-    (propagated-inputs ; in Requires field of .pkg
+    (propagated-inputs                  ; in Requires field of .pkg
      `(("librevenge" ,librevenge)))
     (inputs
      `(("boost" ,boost)
@@ -725,7 +725,7 @@ from the old StarOffice (.sdc, .sdw, ...).")
     (synopsis "Import library for Microsoft Works text documents")
     (description "Libwps is a library for importing files in the Microsoft
 Works word processor file format.")
-    (license (list mpl2.0 lgpl2.1+)))) ; dual license
+    (license (list mpl2.0 lgpl2.1+))))  ; dual license
 
 (define-public libzmf
   (package
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index ffc68d9db5..179c35e7ea 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -399,8 +399,8 @@ It has been modified to remove all non-free binary blobs.")
 ;; supports qemu "virt" machine and possibly a large number of ARM boards.
 ;; See : https://wiki.debian.org/DebianKernel/ARMMP.
 
-(define %linux-libre-version "4.18.7")
-(define %linux-libre-hash "1gn3ip2blczfr5hl20x6c93z8v7h528kl423pzkcn22hin6717wd")
+(define %linux-libre-version "4.18.8")
+(define %linux-libre-hash "163awpba1yd0x33xzj5dczimk4y96xc28syc4w2ad0qafgapng8l")
 
 (define %linux-libre-4.18-patches
   (list %boot-logo-patch
@@ -430,8 +430,8 @@ It has been modified to remove all non-free binary blobs.")
                     #:patches %linux-libre-4.18-patches
                     #:configuration-file kernel-config))
 
-(define %linux-libre-4.14-version "4.14.69")
-(define %linux-libre-4.14-hash "08pw5hywlx3rsavj74qa17fm9hmhaw2rb1d3ahaqmd1zzsddb3qf")
+(define %linux-libre-4.14-version "4.14.70")
+(define %linux-libre-4.14-hash "138v51m6k57wnvlf9c22dad0w819mfb8f95i6w99mlg69qpwdvag")
 
 (define-public linux-libre-4.14
   (make-linux-libre %linux-libre-4.14-version
@@ -440,14 +440,14 @@ It has been modified to remove all non-free binary blobs.")
                     #:configuration-file kernel-config))
 
 (define-public linux-libre-4.9
-  (make-linux-libre "4.9.126"
-                    "0qa9zxa7isn20b9sbjcyrqfynd00phddv3yindp5dmvsng1kwxj8"
+  (make-linux-libre "4.9.127"
+                    "0q7h5gnl3ikic0pvwrxp78pz56yvijhz6s84gb92xywi1v3dd8mh"
                     %intel-compatible-systems
                     #:configuration-file kernel-config))
 
 (define-public linux-libre-4.4
-  (make-linux-libre "4.4.155"
-                    "1gcnwrgv0xghr550lcl6dmxdl59drzbi02mwp78g8vjql6ihdfys"
+  (make-linux-libre "4.4.156"
+                    "13j4jb4hifh3fah2ysy2425fakwqqdh2z23lf4i0frxa1xl974h2"
                     %intel-compatible-systems
                     #:configuration-file kernel-config))
 
diff --git a/gnu/packages/lisp.scm b/gnu/packages/lisp.scm
index 720ac070cc..82ba6eedf0 100644
--- a/gnu/packages/lisp.scm
+++ b/gnu/packages/lisp.scm
@@ -8,6 +8,7 @@
 ;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2017, 2018 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2018 Benjamin Slade <slade@jnanam.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -62,6 +63,7 @@
   #:use-module (gnu packages pkg-config)
   #:use-module (gnu packages version-control)
   #:use-module (gnu packages xorg)
+  #:use-module (gnu packages perl)
   #:use-module (ice-9 match)
   #:use-module (srfi srfi-1))
 
@@ -1009,8 +1011,8 @@ productive, customizable lisp based systems.")
 ;; we expose the union of these as `sbcl-slynk'.  The following variable
 ;; describes the base module.
 (define sbcl-slynk-boot0
-  (let ((revision "1")
-        (commit "5706cd45d484a4f25795abe8e643509d31968aa2"))
+  (let ((revision "2")
+        (commit "cbf84c36c4eca8b032e3fd16177a7bc02df3ec4c"))
     (package
       (name "sbcl-slynk-boot0")
       (version (string-append "1.0.0-beta-" revision "." (string-take commit 7)))
@@ -1022,7 +1024,7 @@ productive, customizable lisp based systems.")
            (url "https://github.com/joaotavora/sly.git")
            (commit commit)))
          (sha256
-          (base32 "0h4gg3sndl2bf6jdnx9nrf14p9hhi43hagrl0f4v4l11hczl8w81"))
+          (base32 "13dyhsravn591p7g6is01mp2ynzjnnj7pwgi57r6xqmd4611y9vh"))
          (file-name (string-append "slynk-" version "-checkout"))
          (modules '((guix build utils)
                     (ice-9 ftw)))
@@ -1033,14 +1035,19 @@ productive, customizable lisp based systems.")
              (substitute* "slynk/slynk.asd"
                (("\\.\\./contrib")
                 "contrib")
-               (("\\(defsystem :slynk-util")
-                "(defsystem :slynk-util :depends-on (:slynk)"))
+               (("\\(defsystem :slynk/util")
+                "(defsystem :slynk/util :depends-on (:slynk)")
+               ((":depends-on \\(:slynk :slynk/util\\)")
+                ":depends-on (:slynk :slynk-util)"))
              (substitute* "contrib/slynk-trace-dialog.lisp"
                (("\\(slynk::reset-inspector\\)") ; Causes problems on load
                 "nil"))
              (substitute* "contrib/slynk-profiler.lisp"
                (("slynk:to-line")
                 "slynk-pprint-to-line"))
+             (substitute* "contrib/slynk-fancy-inspector.lisp"
+               (("slynk/util") "slynk-util")
+               ((":compile-toplevel :load-toplevel") ""))
              (rename-file "contrib" "slynk/contrib")
              ;; Move slynk's contents into the base directory for easier
              ;; access
@@ -1080,15 +1087,20 @@ multiple inspectors with independent history.")
     (arguments
      (substitute-keyword-arguments (package-arguments sbcl-slynk-boot0)
        ((#:asd-file _ "") "slynk.asd")
-       ((#:asd-system-name _ #f) #f)))))
+       ((#:asd-system-name _ #f) "slynk/arglists")))))
 
 (define ecl-slynk-arglists
   (sbcl-package->ecl-package sbcl-slynk-arglists))
 
 (define sbcl-slynk-util
   (package
-    (inherit sbcl-slynk-arglists)
-    (name "sbcl-slynk-util")))
+    (inherit sbcl-slynk-boot0)
+    (name "sbcl-slynk-util")
+    (inputs `(("slynk" ,sbcl-slynk-boot0)))
+    (arguments
+     (substitute-keyword-arguments (package-arguments sbcl-slynk-boot0)
+       ((#:asd-file _ "") "slynk.asd")
+       ((#:asd-system-name _ #f) "slynk/util")))))
 
 (define ecl-slynk-util
   (sbcl-package->ecl-package sbcl-slynk-util))
@@ -1098,7 +1110,10 @@ multiple inspectors with independent history.")
     (inherit sbcl-slynk-arglists)
     (name "sbcl-slynk-fancy-inspector")
     (inputs `(("slynk-util" ,sbcl-slynk-util)
-              ,@(package-inputs sbcl-slynk-arglists)))))
+              ,@(package-inputs sbcl-slynk-arglists)))
+    (arguments
+     (substitute-keyword-arguments (package-arguments sbcl-slynk-arglists)
+       ((#:asd-system-name _ #f) "slynk/fancy-inspector")))))
 
 (define ecl-slynk-fancy-inspector
   (sbcl-package->ecl-package sbcl-slynk-fancy-inspector))
@@ -1106,15 +1121,21 @@ multiple inspectors with independent history.")
 (define sbcl-slynk-package-fu
   (package
     (inherit sbcl-slynk-arglists)
-    (name "sbcl-slynk-package-fu")))
+    (name "sbcl-slynk-package-fu")
+    (arguments
+     (substitute-keyword-arguments (package-arguments sbcl-slynk-arglists)
+       ((#:asd-system-name _ #f) "slynk/package-fu")))))
 
 (define ecl-slynk-package-fu
   (sbcl-package->ecl-package sbcl-slynk-package-fu))
 
 (define sbcl-slynk-mrepl
   (package
-    (inherit sbcl-slynk-arglists)
-    (name "sbcl-slynk-mrepl")))
+    (inherit sbcl-slynk-fancy-inspector)
+    (name "sbcl-slynk-mrepl")
+    (arguments
+     (substitute-keyword-arguments (package-arguments sbcl-slynk-arglists)
+       ((#:asd-system-name _ #f) "slynk/mrepl")))))
 
 (define ecl-slynk-mrepl
   (sbcl-package->ecl-package sbcl-slynk-mrepl))
@@ -1122,7 +1143,10 @@ multiple inspectors with independent history.")
 (define sbcl-slynk-trace-dialog
   (package
     (inherit sbcl-slynk-arglists)
-    (name "sbcl-slynk-trace-dialog")))
+    (name "sbcl-slynk-trace-dialog")
+    (arguments
+     (substitute-keyword-arguments (package-arguments sbcl-slynk-arglists)
+       ((#:asd-system-name _ #f) "slynk/trace-dialog")))))
 
 (define ecl-slynk-trace-dialog
   (sbcl-package->ecl-package sbcl-slynk-trace-dialog))
@@ -1130,7 +1154,10 @@ multiple inspectors with independent history.")
 (define sbcl-slynk-profiler
   (package
     (inherit sbcl-slynk-arglists)
-    (name "sbcl-slynk-profiler")))
+    (name "sbcl-slynk-profiler")
+    (arguments
+     (substitute-keyword-arguments (package-arguments sbcl-slynk-arglists)
+       ((#:asd-system-name _ #f) "slynk/profiler")))))
 
 (define ecl-slynk-profiler
   (sbcl-package->ecl-package sbcl-slynk-profiler))
@@ -1138,7 +1165,10 @@ multiple inspectors with independent history.")
 (define sbcl-slynk-stickers
   (package
     (inherit sbcl-slynk-arglists)
-    (name "sbcl-slynk-stickers")))
+    (name "sbcl-slynk-stickers")
+    (arguments
+     (substitute-keyword-arguments (package-arguments sbcl-slynk-arglists)
+       ((#:asd-system-name _ #f) "slynk/stickers")))))
 
 (define ecl-slynk-stickers
   (sbcl-package->ecl-package sbcl-slynk-stickers))
@@ -1146,7 +1176,10 @@ multiple inspectors with independent history.")
 (define sbcl-slynk-indentation
   (package
     (inherit sbcl-slynk-arglists)
-    (name "sbcl-slynk-indentation")))
+    (name "sbcl-slynk-indentation")
+    (arguments
+     (substitute-keyword-arguments (package-arguments sbcl-slynk-arglists)
+       ((#:asd-system-name _ #f) "slynk/indentation")))))
 
 (define ecl-slynk-indentation
   (sbcl-package->ecl-package sbcl-slynk-indentation))
@@ -1154,7 +1187,10 @@ multiple inspectors with independent history.")
 (define sbcl-slynk-retro
   (package
     (inherit sbcl-slynk-arglists)
-    (name "sbcl-slynk-retro")))
+    (name "sbcl-slynk-retro")
+    (arguments
+     (substitute-keyword-arguments (package-arguments sbcl-slynk-arglists)
+       ((#:asd-system-name _ #f) "slynk/retro")))))
 
 (define ecl-slynk-retro
   (sbcl-package->ecl-package sbcl-slynk-retro))
@@ -1442,3 +1478,47 @@ compressor.  It works on data produced by @code{parse-js} to generate a
      `(("sbcl" ,sbcl)
        ("sbcl-cl-uglify-js" ,sbcl-cl-uglify-js)))
     (synopsis "JavaScript compressor")))
+
+(define-public confusion-mdl
+  (let* ((commit "12a055581fc262225272df43287dae48281900f5"))
+    (package
+      (name "confusion-mdl")
+      (version "0.2")
+      (source (origin
+                (method git-fetch)
+                (uri (git-reference
+                      (url (string-append "https://gitlab.com/emacsomancer/" name))
+                      (commit commit)))
+                (sha256
+                 (base32
+                  "1zi8kflzvwqg97ha1sa5xjisbjs5z1mvbpa772vfxiv5ksnpxp0d"))
+                (file-name (git-file-name name version))))
+      (build-system gnu-build-system)
+      (arguments
+       `(#:tests? #f                    ; there are no tests
+         #:phases
+         (modify-phases %standard-phases
+           (delete 'configure)
+           (replace 'build
+             (lambda* (#:key (make-flags '()) #:allow-other-keys)
+               (apply invoke "make" "CC=gcc" make-flags)))
+           (replace 'install
+             (lambda* (#:key outputs #:allow-other-keys)
+               (let* ((out (assoc-ref outputs "out"))
+                      (bin (string-append out "/bin")))
+                 (install-file "mdli" bin)
+                 #t))))))
+      (native-inputs
+       `(("perl" ,perl)))
+      (inputs
+       `(("libgc" ,libgc)))
+      (synopsis "Interpreter for the MIT Design Language (MDL)")
+      (description "MDL (the MIT Design Language) is a descendant of Lisp.  It
+was originally developed in 1971 on the PDP-10 computer under the Incompatible
+Timesharing System (ITS) to provide high level language support for the
+Dynamic Modeling Group at MIT's Project MAC.  Infocom built the original
+PDP-10 Zork in MDL and their later ZIL (Zork Implementation Language) was
+based on a subset of MDL.  Confusion is a MDL interpreter that works just well
+enough to play the original mainframe Zork all the way through.")
+      (home-page "http://www.russotto.net/git/mrussotto/confusion/src/master/src/README")
+      (license license:gpl3+))))
diff --git a/gnu/packages/llvm.scm b/gnu/packages/llvm.scm
index cd710bcb79..d0791d00cc 100644
--- a/gnu/packages/llvm.scm
+++ b/gnu/packages/llvm.scm
@@ -417,15 +417,7 @@ code analysis tools.")
                                              "twine_cfg_undefined_behavior.patch"))
                          (sha256
                           (base32
-                           "07h71n2m1mn9zcfgw04zglffknplb233zqbcd6pckq0wygkrxflp")))
-                       (origin
-                         (method url-fetch)
-                         (uri (string-append "https://raw.githubusercontent.com/numba/"
-                                             "llvmlite/v" version "/conda-recipes/"
-                                             "0001-Transforms-Add-missing-header-for-InstructionCombini.patch"))
-                         (sha256
-                          (base32
-                           "1pp0z9696l6j4dwz7ypjrm4vvkj0d3mlf1g8zmiyk08akw5lz0cb")))))))))))
+                           "07h71n2m1mn9zcfgw04zglffknplb233zqbcd6pckq0wygkrxflp")))))))))))
     (home-page "http://llvmlite.pydata.org")
     (synopsis "Wrapper around basic LLVM functionality")
     (description
diff --git a/gnu/packages/mail.scm b/gnu/packages/mail.scm
index 024e75aaa1..5435f89c42 100644
--- a/gnu/packages/mail.scm
+++ b/gnu/packages/mail.scm
@@ -947,14 +947,15 @@ useful features.")
 (define-public libetpan
   (package
     (name "libetpan")
-    (version "1.8")
+    (version "1.9.1")
     (source (origin
-             (method url-fetch)
-             (uri (string-append "https://github.com/dinhviethoa/" name
-                   "/archive/" version ".tar.gz"))
-             (file-name (string-append name "-" version ".tar.gz"))
+             (method git-fetch)
+             (uri (git-reference
+                   (url  "https://github.com/dinhviethoa/libetpan.git")
+                   (commit version)))
+             (file-name (git-file-name name version))
              (sha256
-               (base32 "1sxnaglp5hb0z78sgnfzva4x8m4flqhicvm1dz0krkxdmfsafrsf"))))
+               (base32 "1628lb1qvxixl64ifvjjr839hmirpx532klhv2mr7m6gmn7nlci5"))))
     (build-system gnu-build-system)
     (native-inputs `(("autoconf" ,autoconf-wrapper)
                      ("automake" ,automake)
@@ -978,7 +979,7 @@ useful features.")
               (invoke "sh" "autogen.sh"))))
         #:configure-flags
         '("--disable-static" "--disable-db")))
-    (home-page "http://www.etpan.org/libetpan.html")
+    (home-page "https://www.etpan.org/libetpan.html")
     (synopsis "Portable middleware for email access")
     (description
      "The purpose of this mail library is to provide a portable, efficient
diff --git a/gnu/packages/maths.scm b/gnu/packages/maths.scm
index 59622dc01c..b00d1aa8f1 100644
--- a/gnu/packages/maths.scm
+++ b/gnu/packages/maths.scm
@@ -27,6 +27,7 @@
 ;;; Copyright © 2018 Nadya Voronova <voronovank@gmail.com>
 ;;; Copyright © 2018 Adam Massmann <massmannak@gmail.com>
 ;;; Copyright © 2018 Marius Bakke <mbakke@fastmail.com>
+;;; Copyright © 2018 Eric Brown <brown@fastmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -459,16 +460,15 @@ computing convex hulls.")
 (define-public arpack-ng
   (package
     (name "arpack-ng")
-    (version "3.6.2")
+    (version "3.6.3")
     (home-page "https://github.com/opencollab/arpack-ng")
-    (source
-     (origin
-       (method url-fetch)
-       (uri (string-append home-page "/archive/" version ".tar.gz"))
-       (file-name (string-append name "-" version ".tar.gz"))
-       (sha256
-        (base32
-         "16jrvdl0gh78rrfnvrcxwys4slwfh6qmwwjhfc9d6vwrvq184g37"))))
+    (source (origin
+              (method git-fetch)
+              (uri (git-reference (url home-page) (commit version)))
+              (file-name (git-file-name name version))
+              (sha256
+               (base32
+                "1wljl96yqxc9v8r49c37lscwkdp58kaacfb9p6s6nvpm31haax4y"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("autoconf" ,autoconf)
@@ -2084,7 +2084,8 @@ porting.")
            (lambda _
              (substitute* "spec/parser_spec.rb"
                (("\\\\\"")
-                "\"")))))))
+                "\""))
+             #t)))))
     (native-inputs
      `(("bundler" ,bundler)
        ("ruby-rspec" ,ruby-rspec)))
@@ -2873,6 +2874,18 @@ parts of it.")
      "OpenBLAS is a BLAS library forked from the GotoBLAS2-1.13 BSD version.")
     (license license:bsd-3)))
 
+(define-public openblas-ilp64
+  (package (inherit openblas)
+    (name "openblas-ilp64")
+    (supported-systems '("x86_64-linux" "aarch64-linux" "mips64el-linux"))
+    (arguments
+     (substitute-keyword-arguments (package-arguments openblas)
+       ((#:make-flags flags '())
+        `(append (list "INTERFACE64=1" "LIBNAMESUFFIX=ilp64")
+                 ,flags))))
+    (synopsis "Optimized BLAS library based on GotoBLAS (ILP64 version)")
+    (license license:bsd-3)))
+
 (define* (make-blis implementation #:optional substitutable?)
   "Return a BLIS package with the given IMPLEMENTATION (see config/ in the
 source tree for a list of implementations.)
@@ -3217,7 +3230,7 @@ Failure to do so will result in a library with poor performance.")
 (define-public glm
   (package
     (name "glm")
-    (version "0.9.9.1")
+    (version "0.9.9.2")
     (source
      (origin
        (method url-fetch)
@@ -3225,7 +3238,7 @@ Failure to do so will result in a library with poor performance.")
                            version  "/glm-" version ".zip"))
        (sha256
         (base32
-         "042a23hmxfs429czkmlg5ixf28aikzfbw18780prj2gcd4flgw8h"))))
+         "1m2gws1d7l6h4mdn0ap74pfnm3vva3kk8rybdqd5x4lksd1mk6r0"))))
     (build-system cmake-build-system)
     (native-inputs
      `(("unzip" ,unzip)))
diff --git a/gnu/packages/mpd.scm b/gnu/packages/mpd.scm
index 5c82bf9ba1..c024152dda 100644
--- a/gnu/packages/mpd.scm
+++ b/gnu/packages/mpd.scm
@@ -33,6 +33,7 @@
   #:use-module (guix build-system python)
   #:use-module (gnu packages avahi)
   #:use-module (gnu packages boost)
+  #:use-module (gnu packages gcc)
   #:use-module (gnu packages gettext)
   #:use-module (gnu packages gnome)
   #:use-module (gnu packages gtk)
@@ -185,7 +186,7 @@ player daemon.")
 (define-public ncmpc
   (package
     (name "ncmpc")
-    (version "0.29")
+    (version "0.30")
     (source (origin
               (method url-fetch)
               (uri
@@ -194,12 +195,23 @@ player daemon.")
                               "/ncmpc-" version ".tar.xz"))
               (sha256
                (base32
-                "04jzv1hfdvgbn391523jb2h3yhq9a40pjrg41sl3wf3jf6vajs7g"))))
+                "18qj3cgqczgfk334x0ywxwa1ckrk9fbjyp34n4zzcxwaifshrzp3"))))
     (build-system meson-build-system)
     (arguments
      `(#:configure-flags
-       (list "-Dcurses=ncurses")))
-    (inputs `(("glib" ,glib)
+       (list "-Dcurses=ncurses")
+       #:phases
+       (modify-phases %standard-phases
+         (add-before 'configure 'expand-C++-include-path
+           ;; Make <gcc>/include/c++/ext/string_conversions.h find <stdlib.h>.
+           (lambda* (#:key inputs #:allow-other-keys)
+             (let* ((path "CPLUS_INCLUDE_PATH")
+                    (gcc  (assoc-ref inputs "gcc"))
+                    (c++  (string-append gcc "/include/c++")))
+               (setenv path (string-append c++ ":" (getenv path)))
+               #t))))))
+    (inputs `(("gcc", gcc-8)            ; for its C++14 support
+              ("glib" ,glib)
               ("libmpdclient" ,libmpdclient)
               ("ncurses" ,ncurses)))
     (native-inputs `(("gettext" ,gettext-minimal) ; for xgettext
diff --git a/gnu/packages/mtools.scm b/gnu/packages/mtools.scm
index 3bfc4e76cf..f49a035b41 100644
--- a/gnu/packages/mtools.scm
+++ b/gnu/packages/mtools.scm
@@ -49,7 +49,7 @@ FAT-specific file attributes.")
 (define-public exfat-utils
   (package
     (name "exfat-utils")
-    (version "1.2.8")
+    (version "1.3.0")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -57,7 +57,7 @@ FAT-specific file attributes.")
                     version "/" name "-" version ".tar.gz"))
               (sha256
                (base32
-                "09yf41mgwp8wg0psq347d5razllilx1sd4ij9173nri47p9465jw"))))
+                "0da8f8mm1sbwqp7prh78qk33xm0b8kk2d5is7mh2szlhgdxd1syz"))))
     (build-system gnu-build-system)
     (home-page "https://github.com/relan/exfat")
     (synopsis "Utilities to manipulate exFAT file systems")
diff --git a/gnu/packages/nutrition.scm b/gnu/packages/nutrition.scm
index 0e03253cf1..9397630afd 100644
--- a/gnu/packages/nutrition.scm
+++ b/gnu/packages/nutrition.scm
@@ -1,6 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2014 Eric Bavier <bavier@member.fsf.org>
 ;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
+;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -62,9 +63,9 @@
        (modify-phases %standard-phases
          (replace 'install
            (lambda* (#:key make-flags #:allow-other-keys)
-             (zero? (system* "python" "setup.py" "install" "--prefix"
-                             (assoc-ref %outputs "out"))))))))
-    (home-page "http://thinkle.github.io/gourmet/")
+             (invoke "python" "setup.py" "install" "--prefix"
+                     (assoc-ref %outputs "out")))))))
+    (home-page "https://thinkle.github.io/gourmet/")
     (synopsis "Recipe organizer")
     (description
      "Gourmet Recipe Manager is a recipe organizer that allows you to collect,
diff --git a/gnu/packages/ocaml.scm b/gnu/packages/ocaml.scm
index f21c2b2610..7859696406 100644
--- a/gnu/packages/ocaml.scm
+++ b/gnu/packages/ocaml.scm
@@ -457,7 +457,7 @@ written in Objective Caml.")
 (define-public coq
   (package
     (name "coq")
-    (version "8.8.0")
+    (version "8.8.1")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/coq/coq/archive/V"
@@ -465,7 +465,7 @@ written in Objective Caml.")
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "0g96k2x6lbddlmkmdaczvcpb2gwqi1ydbq9bv4gf9q38kv9w3xya"))))
+                "13cyvbg8cgqkg9wz0ax7jq03srj9k0lyvny97fcka4ai1zrzwln8"))))
     (native-search-paths
      (list (search-path-specification
             (variable "COQPATH")
@@ -486,16 +486,16 @@ written in Objective Caml.")
              (let* ((out (assoc-ref outputs "out"))
                     (mandir (string-append out "/share/man"))
                     (browser "icecat -remote \"OpenURL(%s,new-tab)\""))
-               (zero? (system* "./configure"
-                               "-prefix" out
-                               "-mandir" mandir
-                               "-browser" browser
-                               "-coqide" "opt")))))
+               (invoke "./configure"
+                       "-prefix" out
+                       "-mandir" mandir
+                       "-browser" browser
+                       "-coqide" "opt"))))
          (replace 'build
            (lambda _
-             (zero? (system* "make" "-j" (number->string
-                                          (parallel-job-count))
-                             "world"))))
+             (invoke "make"
+                     "-j" (number->string (parallel-job-count))
+                     "world")))
          (delete 'check)
          (add-after 'install 'check
            (lambda _
@@ -505,7 +505,7 @@ written in Objective Caml.")
                (delete-file-recursively "coq-makefile/timing")
                ;; This one fails because we didn't build coqtop.byte.
                (delete-file-recursively "coq-makefile/findlib-package")
-               (zero? (system* "make"))))))))
+               (invoke "make")))))))
     (home-page "https://coq.inria.fr")
     (synopsis "Proof assistant for higher-order logic")
     (description
@@ -924,21 +924,20 @@ compilers that can directly deal with packages.")
 (define-public ocaml-ounit
   (package
     (name "ocaml-ounit")
-    (version "2.0.0")
+    (version "2.0.8")
     (source (origin
               (method url-fetch)
-              (uri (ocaml-forge-uri "ounit" version 1258))
+              (uri (ocaml-forge-uri "ounit" version 1749))
               (sha256
                (base32
-                "118xsadrx84pif9vaq13hv4yh22w9kmr0ypvhrs0viir1jr0ajjd"))))
+                "03ifp9hjcxg4m5j190iy373jcn4039d3vy10kmd8p4lfciwzwc1f"))))
     (build-system ocaml-build-system)
     (native-inputs
-     `(("libxml2" ,libxml2))) ; for xmllint
+     `(("libxml2" ,libxml2)))           ; for xmllint
     (arguments
      `(#:phases
        (modify-phases %standard-phases
-         ;; Tests are done during build.
-         (delete 'check))))
+         (delete 'check))))             ; tests are run during build
     (home-page "http://ounit.forge.ocamlcore.org")
     (synopsis "Unit testing framework for OCaml")
     (description "Unit testing framework for OCaml.  It is similar to JUnit and
diff --git a/gnu/packages/patches/openssl-1.1.0-c-rehash-in.patch b/gnu/packages/patches/openssl-1.1-c-rehash-in.patch
index e3a982b7a8..c96493b584 100644
--- a/gnu/packages/patches/openssl-1.1.0-c-rehash-in.patch
+++ b/gnu/packages/patches/openssl-1.1-c-rehash-in.patch
@@ -6,14 +6,14 @@ to create symbolic links to certificates, for instance in the 'nss-certs'
 package.
 
 diff --git a/tools/c_rehash.in b/tools/c_rehash.in
-index 2fef627..9d40eae 100644
+index 421fd89208..93aca4e168 100644
 --- a/tools/c_rehash.in
 +++ b/tools/c_rehash.in
 @@ -1,4 +1,6 @@
--#!{- $config{hashbangperl} -}
+-#!{- $config{HASHBANGPERL} -}
 +eval '(exit $?0)' && eval 'exec perl -wS "$0" ${1+"$@"}'
 +  & eval 'exec perl -wS "$0" $argv:q'
 +    if 0;
  
  # {- join("\n# ", @autowarntext) -}
- # Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ # Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/gnu/packages/patches/xf86-video-ast-remove-mibstore.patch b/gnu/packages/patches/xf86-video-ast-remove-mibstore.patch
deleted file mode 100644
index 58a44ae260..0000000000
--- a/gnu/packages/patches/xf86-video-ast-remove-mibstore.patch
+++ /dev/null
@@ -1,90 +0,0 @@
-Removes references to mibstore.h and miInitializeBackingStore, which
-have been removed from xorg-server.  Zack Rusin <zackr@vmware.com>
-wrote: "It was a noop for at least 5 years and it has been removed."
-See: http://patches.openembedded.org/patch/46133/
-
-diff -ru xf86-video-ast-0.93.10.orig/src/ast_2dtool.c xf86-video-ast-0.93.10/src/ast_2dtool.c
---- xf86-video-ast-0.93.10.orig/src/ast_2dtool.c	2012-03-23 21:40:56.000000000 -0400
-+++ xf86-video-ast-0.93.10/src/ast_2dtool.c	2014-12-19 02:42:32.422383728 -0500
-@@ -27,7 +27,6 @@
- #include "xf86_OSproc.h"
- #include "xf86cmap.h"
- #include "compiler.h"
--#include "mibstore.h"
- #include "vgaHW.h"
- #include "mipointer.h"
- #include "micmap.h"
-diff -ru xf86-video-ast-0.93.10.orig/src/ast_accel.c xf86-video-ast-0.93.10/src/ast_accel.c
---- xf86-video-ast-0.93.10.orig/src/ast_accel.c	2012-03-23 21:40:56.000000000 -0400
-+++ xf86-video-ast-0.93.10/src/ast_accel.c	2014-12-19 02:41:55.534200809 -0500
-@@ -27,7 +27,6 @@
- #include "xf86_OSproc.h"
- #include "xf86cmap.h"
- #include "compiler.h"
--#include "mibstore.h"
- #include "vgaHW.h"
- #include "mipointer.h"
- #include "micmap.h"
-diff -ru xf86-video-ast-0.93.10.orig/src/ast_cursor.c xf86-video-ast-0.93.10/src/ast_cursor.c
---- xf86-video-ast-0.93.10.orig/src/ast_cursor.c	2012-03-23 21:40:56.000000000 -0400
-+++ xf86-video-ast-0.93.10/src/ast_cursor.c	2014-12-19 02:42:37.258407708 -0500
-@@ -27,7 +27,6 @@
- #include "xf86_OSproc.h"
- #include "xf86cmap.h"
- #include "compiler.h"
--#include "mibstore.h"
- #include "vgaHW.h"
- #include "mipointer.h"
- #include "micmap.h"
-diff -ru xf86-video-ast-0.93.10.orig/src/ast_driver.c xf86-video-ast-0.93.10/src/ast_driver.c
---- xf86-video-ast-0.93.10.orig/src/ast_driver.c	2012-03-23 21:40:56.000000000 -0400
-+++ xf86-video-ast-0.93.10/src/ast_driver.c	2014-12-19 02:42:50.710474414 -0500
-@@ -31,7 +31,6 @@
- #endif
- #include "xf86cmap.h"
- #include "compiler.h"
--#include "mibstore.h"
- #include "vgaHW.h"
- #include "mipointer.h"
- #include "micmap.h"
-@@ -865,7 +864,6 @@
-    }
- #endif /* end of Accel_2D */
-      
--   miInitializeBackingStore(pScreen);
-    xf86SetBackingStore(pScreen);
-    xf86SetSilkenMouse(pScreen);
- 
-diff -ru xf86-video-ast-0.93.10.orig/src/ast_mode.c xf86-video-ast-0.93.10/src/ast_mode.c
---- xf86-video-ast-0.93.10.orig/src/ast_mode.c	2012-03-23 21:40:56.000000000 -0400
-+++ xf86-video-ast-0.93.10/src/ast_mode.c	2014-12-19 02:42:24.894346398 -0500
-@@ -27,7 +27,6 @@
- #include "xf86_OSproc.h"
- #include "xf86cmap.h"
- #include "compiler.h"
--#include "mibstore.h"
- #include "vgaHW.h"
- #include "mipointer.h"
- #include "micmap.h"
-diff -ru xf86-video-ast-0.93.10.orig/src/ast_tool.c xf86-video-ast-0.93.10/src/ast_tool.c
---- xf86-video-ast-0.93.10.orig/src/ast_tool.c	2012-03-23 21:40:56.000000000 -0400
-+++ xf86-video-ast-0.93.10/src/ast_tool.c	2014-12-19 02:42:03.930242443 -0500
-@@ -27,7 +27,6 @@
- #include "xf86_OSproc.h"
- #include "xf86cmap.h"
- #include "compiler.h"
--#include "mibstore.h"
- #include "vgaHW.h"
- #include "mipointer.h"
- #include "micmap.h"
-diff -ru xf86-video-ast-0.93.10.orig/src/ast_vgatool.c xf86-video-ast-0.93.10/src/ast_vgatool.c
---- xf86-video-ast-0.93.10.orig/src/ast_vgatool.c	2012-03-23 21:40:56.000000000 -0400
-+++ xf86-video-ast-0.93.10/src/ast_vgatool.c	2014-12-19 02:42:18.406314226 -0500
-@@ -27,7 +27,6 @@
- #include "xf86_OSproc.h"
- #include "xf86cmap.h"
- #include "compiler.h"
--#include "mibstore.h"
- #include "vgaHW.h"
- #include "mipointer.h"
- #include "micmap.h"
diff --git a/gnu/packages/perl.scm b/gnu/packages/perl.scm
index 7d21fa7c6a..ac71eaf07b 100644
--- a/gnu/packages/perl.scm
+++ b/gnu/packages/perl.scm
@@ -2588,6 +2588,30 @@ the appropriate objects.")
 particular command is available.")
     (license (package-license perl))))
 
+(define-public perl-devel-checklib
+  (package
+    (name "perl-devel-checklib")
+    (version "1.13")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "mirror://cpan/authors/id/M/MA/MATTN/Devel-CheckLib-"
+             version ".tar.gz"))
+       (sha256
+        (base32 "1a19qkwxwz3wqb16cdabymfbf9kiydiifw90nd5srpq5hy8gvb94"))))
+    (build-system perl-build-system)
+    (native-inputs
+     `(("perl-io-captureoutput" ,perl-io-captureoutput)
+       ("perl-mock-config" ,perl-mock-config)))
+    (home-page "https://metacpan.org/release/Devel-CheckLib")
+    (synopsis "Check that a library is available")
+    (description
+     "@code{Devel::CheckLib} is a Perl module that checks whether a particular
+C library and its headers are available.  You can also check for the presence of
+particular functions in a library, or even that those functions return
+particular results.")
+    (license perl-license)))
+
 (define-public perl-devel-checkcompiler
   (package
   (name "perl-devel-checkcompiler")
diff --git a/gnu/packages/php.scm b/gnu/packages/php.scm
index 0efbec8057..466b26c238 100644
--- a/gnu/packages/php.scm
+++ b/gnu/packages/php.scm
@@ -53,7 +53,7 @@
 (define-public php
   (package
     (name "php")
-    (version "7.2.8")
+    (version "7.2.10")
     (home-page "https://secure.php.net/")
     (source (origin
               (method url-fetch)
@@ -61,7 +61,7 @@
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "03zv1y8ygzsir60617hinpji3f4irk79zbp3ar1b8zcapq40gfjk"))
+                "1w0432i5wjga9z8x3rhc72h2ij1jd2aimg5xmhc0hg4f7951bhh1"))
               (modules '((guix build utils)))
               (snippet
                '(with-directory-excursion "ext"
@@ -227,6 +227,7 @@
                          ;; but with different error messages.
                          ;; Expects "illegal character", instead gets "unknown error (84)".
                          "ext/iconv/tests/bug52211.phpt"
+                         "ext/iconv/tests/bug60494.phpt"
                          ;; Expects "wrong charset", gets unknown error (22).
                          "ext/iconv/tests/iconv_mime_decode_variation3.phpt"
                          "ext/iconv/tests/iconv_strlen_error2.phpt"
diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm
index 96a0e81a2c..e4926ce309 100644
--- a/gnu/packages/python.scm
+++ b/gnu/packages/python.scm
@@ -4907,6 +4907,57 @@ toolkit.  Use it to build trees of widgets.")
 (define-public python2-urwidtrees
   (package-with-python2 python-urwidtrees))
 
+(define-public python-ua-parser
+  (package
+    (name "python-ua-parser")
+    (version "0.8.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (pypi-uri "ua-parser" version))
+       (sha256
+        (base32
+         "1jwdf58rhchjzzrad405pviv0iq24xa2xmmmdgcm2c8s6b4wzfwp"))))
+    (build-system python-build-system)
+    (arguments
+     `(#:tests? #f))                    ;no test suite in release
+    (native-inputs
+     `(("python-pyyaml" ,python-pyyaml)))
+    (home-page "https://github.com/ua-parser/uap-python")
+    (synopsis "User agent parser")
+    (description
+     "@code{ua-parser} is a Python port of Browserscope's user agent parser.")
+    (license license:asl2.0)))
+
+(define-public python2-ua-parser
+  (package-with-python2 python-ua-parser))
+
+(define-public python-user-agents
+  (package
+    (name "python-user-agents")
+    (version "1.1.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (pypi-uri "user-agents" version))
+       (sha256
+        (base32
+         "0fc00cd3j8dahq1zzn8pkgfgd7lq37bp2scmdma2n1c049vicgb4"))))
+    (build-system python-build-system)
+    (arguments
+     `(#:tests? #f))                  ;missing devices.json test file in release
+    (propagated-inputs
+     `(("python-ua-parser" ,python-ua-parser)))
+    (home-page "https://github.com/selwin/python-user-agents")
+    (synopsis "User Agent strings parsing library")
+  (description
+   "A library to identify devices (phones, tablets) and their capabilities by
+parsing (browser/HTTP) user agent strings.")
+  (license license:expat)))
+
+(define-public python2-user-agents
+  (package-with-python2 python-user-agents))
+
 (define-public python-dbus
   (package
     (name "python-dbus")
@@ -5118,13 +5169,13 @@ Python.")
 (define-public snakemake
   (package
     (name "snakemake")
-    (version "5.2.2")
+    (version "5.2.4")
     (source
      (origin
        (method url-fetch)
        (uri (pypi-uri "snakemake" version))
        (sha256
-        (base32 "18x36n78ph5v1fxk54gvdbc3d8nfncha78phifg3lqaa9gifgzxd"))))
+        (base32 "0gj0xxgiq3mp9qyyrbfzldiaq1giliqw0in64nqiz7vx49myqj7z"))))
     (build-system python-build-system)
     (arguments
      ;; TODO: Package missing test dependencies.
@@ -5142,7 +5193,8 @@ Python.")
                                "/bin/snakemake")))
              #t)))))
     (propagated-inputs
-     `(("python-wrapt" ,python-wrapt)
+     `(("python-gitpython" ,python-gitpython)
+       ("python-wrapt" ,python-wrapt)
        ("python-requests" ,python-requests)
        ("python-appdirs" ,python-appdirs)
        ("python-configargparse" ,python-configargparse)
@@ -10762,6 +10814,37 @@ cases.")
 (define-public python2-ddt
   (package-with-python2 python-ddt))
 
+(define-public python-pycountry
+  (package
+    (name "python-pycountry")
+    (version "18.5.26")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (pypi-uri "pycountry" version))
+       (sha256
+        (base32
+         "15q9j047s3yc9cfcxq1ch8b71f81na44cr6dydd5gxk0ki9a4akz"))))
+    (build-system python-build-system)
+    (home-page "https://bitbucket.org/flyingcircus/pycountry")
+    (synopsis "ISO databases for languages, countries, currencies, etc.")
+    (description
+     "@code{pycountry} provides the ISO databases for the standards:
+@enumerate
+@item 639-3 (Languages)
+@item 3166 (Countries)
+@item 3166-3 (Deleted Countries)
+@item 3166-2 (Subdivisions of countries)
+@item 4217 (Currencies)
+@item 15924 (Scripts)
+@end enumerate
+It includes a copy from Debian’s pkg-isocodes and makes the data accessible
+through a Python API.")
+    (license license:lgpl2.1+)))
+
+(define-public python2-pycountry
+  (package-with-python2 python-pycountry))
+
 (define-public python-pycosat
   (package
     (name "python-pycosat")
@@ -11455,17 +11538,15 @@ perform the operations required for synchronizing plain text.")
 (define-public python-dirsync
   (package
     (name "python-dirsync")
-    (version "2.2.2")
+    (version "2.2.3")
     (source
       (origin
         (method url-fetch)
-        (uri (pypi-uri "dirsync" version ".zip"))
+        (uri (pypi-uri "dirsync" version))
         (sha256
          (base32
-          "1hcdvmkwd5512zbxpin0k7bx5bkgzy3swjx7d0kj1y45af6r75v2"))))
+          "1r40fkanksagcszf1ag85mdr8w7rgc7196n6s1qlsk2abw6i7v0z"))))
     (build-system python-build-system)
-    (native-inputs
-     `(("unzip" ,unzip)))
     (propagated-inputs
      `(("six" ,python-six)))
     (home-page "https://bitbucket.org/tkhyn/dirsync")
@@ -13716,16 +13797,16 @@ under Python 2.7.")
 (define-public pybind11
   (package
     (name "pybind11")
-    (version "2.2.3")
+    (version "2.2.4")
     (source (origin
-              (method url-fetch)
-              (uri (string-append
-                    "https://github.com/pybind/pybind11/archive/v"
-                    version ".tar.gz"))
+              (method git-fetch)
+              (uri (git-reference
+                    (url "https://github.com/pybind/pybind11.git")
+                    (commit (string-append "v" version))))
               (sha256
                (base32
-                "1sj0x4fwsbnwdai5sxpw1l1vh8m5hpbkfk3zanxcbcgs39jpnfrs"))
-              (file-name (string-append name "-" version ".tar.gz"))))
+                "0pa79ymcasv8br5ifbx7878id5py2jpjac3i20cqxr6gs9l6ivlv"))
+              (file-name (git-file-name name version))))
     (build-system cmake-build-system)
     (native-inputs
      `(("python" ,python)
diff --git a/gnu/packages/rails.scm b/gnu/packages/rails.scm
index 7f171eaa6e..5348d914cf 100644
--- a/gnu/packages/rails.scm
+++ b/gnu/packages/rails.scm
@@ -1,5 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2016 Matthew Jordan <matthewjordandevops@yandex.com>
+;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -80,14 +81,11 @@ migration.")
        (modify-phases %standard-phases
          (replace 'check
            (lambda _
-             (and
-              (zero? (system* "rake" "compile"))
-              (zero?
-               (system*
-                "ruby" "-Ilib" "-e"
-                (string-append
-                 "require 'debug_inspector'; RubyVM::DebugInspector."
-                 "open{|dc| p dc.backtrace_locations}")))))))))
+             (invoke "rake" "compile")
+             (invoke "ruby" "-Ilib" "-e"
+                     (string-append
+                      "require 'debug_inspector'; RubyVM::DebugInspector."
+                      "open{|dc| p dc.backtrace_locations}")))))))
     (synopsis "Ruby wrapper for the MRI 2.0 debug_inspector API")
     (description
      "This package provides a Ruby wrapper for the MRI 2.0 debug_inspector
diff --git a/gnu/packages/ruby.scm b/gnu/packages/ruby.scm
index 616b86934d..3673bf2346 100644
--- a/gnu/packages/ruby.scm
+++ b/gnu/packages/ruby.scm
@@ -1114,7 +1114,7 @@ and inspect the environment.")
             #t))
          (replace 'check
           (lambda _
-            (zero? (system* "ruby" "-Ilib" "test/test.rb")))))))
+            (invoke "ruby" "-Ilib" "test/test.rb"))))))
     (synopsis "Library to perform operations with sequence permutations")
     (description "This package provides a Ruby library to perform different
 operations with permutations of sequences, such as strings and arrays.")
@@ -1618,7 +1618,7 @@ objects.")
      `(#:phases
        (modify-phases %standard-phases
          (replace 'check
-          (lambda _ (zero? (system* "rspec" "spec/")))))))
+          (lambda _ (invoke "rspec" "spec/"))))))
     (native-inputs
      `(("bundler" ,bundler)
        ("ruby-rspec" ,ruby-rspec)))
@@ -2028,7 +2028,7 @@ is to be run.")
          (modify-phases %standard-phases
            (replace 'check
              (lambda _
-               (zero? (system* "script/test")))))))
+               (invoke "script/test"))))))
       (native-inputs
        `(("bundler" ,bundler)
          ("ruby-turn" ,ruby-turn)))
@@ -2289,23 +2289,66 @@ net/http library.")
 (define-public ruby-multi-json
   (package
     (name "ruby-multi-json")
-    (version "1.12.2")
+    (version "1.13.1")
     (source
      (origin
        (method url-fetch)
-       (uri (rubygems-uri "multi_json" version))
+       ;; Tests are not distributed at rubygems.org so download from GitHub
+       ;; instead.
+       (uri (string-append "https://github.com/intridea/multi_json/archive/v"
+                           version ".tar.gz"))
+       (file-name (string-append name "-" version ".tar.gz"))
        (sha256
         (base32
-         "1raim9ddjh672m32psaa9niw67ywzjbxbdb8iijx3wv9k5b0pk2x"))))
+         "1s64xqvrnrxmb59v6b2kchnisawg5ai9ky1w60dy6z6ws9la1xv4"))))
     (build-system ruby-build-system)
     (arguments
-     '(#:tests? #f)) ;; No testsuite included in the gem.
+     `(#:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'remove-signing-key-reference
+           (lambda _
+             (substitute* "multi_json.gemspec"
+               ((".*spec.signing_key.*") ""))
+             #t)))))
+    (native-inputs
+     `(("bundler" ,bundler)
+       ("ruby-rspec" ,ruby-rspec)
+       ("ruby-yard" ,ruby-yard)
+       ("ruby-json-pure" ,ruby-json-pure)
+       ("ruby-oj" ,ruby-oj)
+       ("ruby-yajl-ruby" ,ruby-yajl-ruby)))
     (synopsis "Common interface to multiple JSON libraries for Ruby")
     (description
      "This package provides a common interface to multiple JSON libraries,
 including Oj, Yajl, the JSON gem (with C-extensions), the pure-Ruby JSON gem,
 NSJSONSerialization, gson.rb, JrJackson, and OkJson.")
-    (home-page "http://github.com/intridea/multi_json")
+    (home-page "https://github.com/intridea/multi_json")
+    (license license:expat)))
+
+(define-public ruby-multi-test
+  (package
+    (name "ruby-multi-test")
+    (version "0.1.2")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (rubygems-uri "multi_test" version))
+       (sha256
+        (base32
+         "1sx356q81plr67hg16jfwz9hcqvnk03bd9n75pmdw8pfxjfy1yxd"))))
+    (build-system ruby-build-system)
+    (arguments
+     '(;; Tests require different sets of specific gem versions to be available,
+       ;; and there is no gemfile that specifies the newest versions of
+       ;; dependencies to be tested.
+       #:tests? #f))
+    (synopsis
+     "Interface to testing libraries loaded into a running Ruby process")
+    (description
+     "@code{multi_test} provides a uniform interface onto whatever testing
+libraries that have been loaded into a running Ruby process to help control
+rogue test/unit/autorun requires.")
+    (home-page "https://github.com/cucumber/multi_test")
     (license license:expat)))
 
 (define-public ruby-arel
@@ -2560,7 +2603,7 @@ invocation, and source and documentation browsing.")
             #t))
          (replace 'build
           (lambda _
-            (zero? (system* "gem" "build" "guard.gemspec")))))))
+            (invoke "gem" "build" "guard.gemspec"))))))
     (propagated-inputs
      `(("ruby-formatador" ,ruby-formatador)
        ("ruby-listen" ,ruby-listen)
@@ -2675,7 +2718,7 @@ IANA Time Zone database packaged as Ruby modules for use with @code{TZInfo}.")
          ;; list of files.
          (replace 'build
           (lambda _
-            (zero? (system* "gem" "build" "rb-inotify.gemspec")))))))
+            (invoke "gem" "build" "rb-inotify.gemspec"))))))
     (propagated-inputs
      `(("ruby-ffi" ,ruby-ffi)))
     (native-inputs
@@ -2768,7 +2811,7 @@ documentation for Ruby code.")
             ;; causes an error.
             (substitute* "tins.gemspec"
               (("\"lib/spruz\", ") ""))
-            (zero? (system* "gem" "build" "tins.gemspec")))))))
+            (invoke "gem" "build" "tins.gemspec"))))))
     (synopsis "Assorted tools for Ruby")
     (description "Tins is a Ruby library providing assorted tools.")
     (home-page "https://github.com/flori/tins")
@@ -2793,7 +2836,7 @@ documentation for Ruby code.")
        (modify-phases %standard-phases
          (replace 'build
           (lambda _
-            (zero? (system* "gem" "build" "gem_hadar.gemspec")))))))
+            (invoke "gem" "build" "gem_hadar.gemspec"))))))
     (propagated-inputs
      `(("git" ,git)
        ("ruby-tins" ,ruby-tins)
@@ -2870,7 +2913,7 @@ Ruby's large and slower test/unit.")
        (modify-phases %standard-phases
          (replace 'build
           (lambda _
-            (zero? (system* "gem" "build" "term-ansicolor.gemspec")))))))
+            (invoke "gem" "build" "term-ansicolor.gemspec"))))))
     (propagated-inputs
      `(("ruby-tins" ,ruby-tins)))
     (native-inputs
@@ -2978,7 +3021,7 @@ a native C extension.")
            (lambda _
              ;; Regenerate gemspec so loosened dependency constraints are
              ;; propagated.
-             (zero? (system* "rake" "gemspec")))))))
+             (invoke "rake" "gemspec"))))))
     (native-inputs
      `(("bundler" ,bundler)
        ("ragel" ,ragel)
@@ -3062,8 +3105,8 @@ you about the changes.")
        (modify-phases %standard-phases
          (replace 'check
            (lambda _
-             ;; There is no tests, instead attempt to load the library.
-             (zero? (system* "ruby" "-Ilib" "-r" "active_support")))))))
+             ;; There are no tests, instead attempt to load the library.
+             (invoke "ruby" "-Ilib" "-r" "active_support"))))))
     (propagated-inputs
      `(("ruby-concurrent" ,ruby-concurrent)
        ("ruby-i18n" ,ruby-i18n)
@@ -3193,6 +3236,43 @@ unacceptable HTML and/or CSS from a string.")
     (home-page "https://github.com/rgrove/sanitize/")
     (license license:expat)))
 
+(define-public ruby-oj
+  (package
+    (name "ruby-oj")
+    (version "3.6.7")
+    (source
+     (origin
+       (method url-fetch)
+       ;; Version on rubygems.org does not contain Rakefile, so download from
+       ;; GitHub instead.
+       (uri (string-append "https://github.com/ohler55/oj/archive/v"
+                           version ".tar.gz"))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32
+         "1x28ga72jxlnmsd8g8c0fw81vlh54r0qgagw2lxsd3x3la091g2h"))))
+    (build-system ruby-build-system)
+    (arguments
+     '(#:test-target "test_all"
+       #:phases
+       (modify-phases %standard-phases
+         (add-before 'check 'disable-bundler
+           (lambda _
+             (substitute* "Rakefile"
+               (("Bundler\\.with_clean_env") "1.times")
+               (("bundle exec ") "")))))))
+    (native-inputs
+     `(("bundler" ,bundler)
+       ("ruby-rspec" ,ruby-rspec)
+       ("ruby-rake-compiler" ,ruby-rake-compiler)))
+    (synopsis "JSON parser for Ruby optimized for speed")
+    (description
+     "Oj is a JSON parser and generator for Ruby, where the encoding and
+decoding of JSON is implemented as a C extension to Ruby.")
+    (home-page "http://www.ohler.com/oj")
+    (license (list license:expat     ; Ruby code
+                   license:bsd-3)))) ; extension code
+
 (define-public ruby-ox
   (package
     (name "ruby-ox")
@@ -3236,7 +3316,7 @@ alternative to Marshal for Object serialization. ")
          ;; existing gemspec.
          (replace 'build
           (lambda _
-            (zero? (system* "gem" "build" "redcloth.gemspec")))))))
+            (invoke "gem" "build" "redcloth.gemspec"))))))
     (native-inputs
      `(("bundler" ,bundler)
        ("ruby-diff-lcs" ,ruby-diff-lcs)
@@ -3314,9 +3394,9 @@ other things and it comes with a command line interface.")
            ;; There is no Rakefile and minitest can only run one file at once,
            ;; so we have to iterate over all test files.
            (lambda _
-             (and (map (lambda (file)
-                         (zero? (system* "ruby" "-Itest" file)))
-                       (find-files "./test" "test_.*\\.rb"))))))))
+             (map (lambda (file)
+                    (invoke "ruby" "-Itest" file))
+                  (find-files "./test" "test_.*\\.rb")))))))
     (native-inputs
      `(("ruby-minitest" ,ruby-minitest)))
     (synopsis "Library to read and update netrc files")
@@ -3341,7 +3421,7 @@ including comments and whitespace.")
      `(#:phases
        (modify-phases %standard-phases
          (add-after 'build 'build-ext
-           (lambda _ (zero? (system* "rake" "compile:unf_ext")))))))
+           (lambda _ (invoke "rake" "compile:unf_ext"))))))
     (native-inputs
      `(("bundler" ,bundler)
        ("ruby-rake-compiler" ,ruby-rake-compiler)
@@ -3658,6 +3738,42 @@ features such as filtering and fine grained logging.")
     (home-page "https://github.com/pjotrp/bioruby-logger-plugin")
     (license license:expat)))
 
+(define-public ruby-yajl-ruby
+  (package
+    (name "ruby-yajl-ruby")
+    (version "1.4.1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (rubygems-uri "yajl-ruby" version))
+       (sha256
+        (base32
+         "16v0w5749qjp13xhjgr2gcsvjv6mf35br7iqwycix1n2h7kfcckf"))))
+    (build-system ruby-build-system)
+    (arguments
+     '(#:test-target "spec"
+       #:phases
+       (modify-phases %standard-phases
+         (add-before 'check 'patch-test-to-update-load-path
+           (lambda _
+             (substitute* "spec/parsing/large_number_spec.rb"
+               (("require \"yajl\"")
+                "$LOAD_PATH << 'lib'; require 'yajl'"))
+             #t)))))
+     (native-inputs
+      `(("ruby-rake-compiler" ,ruby-rake-compiler)
+        ("ruby-rspec" ,ruby-rspec)))
+     (synopsis "Streaming JSON parsing and encoding library for Ruby")
+     (description
+      "Ruby C bindings to the Yajl JSON stream-based parser library.  The API
+is compatible with the JSON gem, so yajl-ruby can act as a drop in
+replacement.
+
+A modified copy of yajl is used, and included in the package.")
+     (home-page "https://github.com/brianmario/yajl-ruby")
+     (license (list license:expat     ; Ruby code, yajl_ext.c and yajl_ext.h
+                    license:bsd-3)))) ; Included, modified copy of yajl
+
 (define-public ruby-yard
   (package
     (name "ruby-yard")
@@ -3681,7 +3797,7 @@ features such as filtering and fine grained logging.")
              ;; $HOME needs to be set to somewhere writeable for tests to run
              (setenv "HOME" "/tmp")
              ;; Run tests without using 'rake' to avoid dependencies.
-             (zero? (system* "rspec")))))))
+             (invoke "rspec"))))))
     (native-inputs
      `(("ruby-rspec" ,ruby-rspec)
        ("ruby-rack" ,ruby-rack)))
@@ -3868,7 +3984,7 @@ name and provides query methods such as @{RubyEngine.mri?}.")
          ;; without issue.
          (replace 'check
            (lambda _
-             (zero? (system* "ruby" "-Ilib" "bin/turn" "-h")))))))
+             (invoke "ruby" "-Ilib" "bin/turn" "-h"))))))
     (propagated-inputs
      `(("ruby-ansi" ,ruby-ansi)
        ("ruby-minitest" ,ruby-minitest-4)))
@@ -4008,7 +4124,7 @@ neither too verbose nor too minimal.")
              #t))
          (add-before 'check 'add-gemtest-file
            ;; This file exists in the repository but is not distributed.
-           (lambda _ (zero? (system* "touch" ".gemtest")))))))
+           (lambda _ (invoke "touch" ".gemtest"))))))
     (inputs
      `(("sqlite" ,sqlite)))
     (native-inputs
@@ -4042,7 +4158,7 @@ engine.")
            (lambda _
              ;; Do not run tests to avoid circular dependence with rails.
              ;; Instead just import the library to test.
-             (zero? (system* "ruby" "-Ilib" "-r" "shoulda-context")))))))
+             (invoke "ruby" "-Ilib" "-r" "shoulda-context"))))))
     (synopsis "Test::Unit context framework extracted from Shoulda")
     (description
      "@code{shoulda-context} is the context framework extracted from Shoulda.
@@ -4071,7 +4187,7 @@ names.")
            (lambda _
              ;; Do not run tests to avoid circular dependence with rails.  Instead
              ;; just import the library to test.
-             (zero? (system* "ruby" "-Ilib" "-r" "shoulda-matchers")))))))
+             (invoke "ruby" "-Ilib" "-r" "shoulda-matchers"))))))
     (propagated-inputs
      `(("ruby-activesupport" ,ruby-activesupport)))
     (synopsis "Collection of testing matchers extracted from Shoulda")
@@ -4111,7 +4227,7 @@ more complex, and error-prone.")
          (replace 'check
            ;; Don't run tests to avoid circular dependence with rails.  Instead
            ;; just import the library to test.
-           (lambda _ (zero? (system* "ruby" "-Ilib" "-r" "shoulda")))))))
+           (lambda _ (invoke "ruby" "-Ilib" "-r" "shoulda"))))))
     (propagated-inputs
      `(("ruby-shoulda-context" ,ruby-shoulda-context)
        ("ruby-shoulda-matchers" ,ruby-shoulda-matchers-2)))
@@ -4264,10 +4380,9 @@ It has built-in support for the legacy @code{cookies.txt} and
          (replace 'check
            (lambda* (#:key tests? #:allow-other-keys)
              (if tests?
-                 (zero?
-                  (system* "ruby"
-                           "-Ilib"
-                           "test/runner.rb"))
+                 (invoke "ruby"
+                         "-Ilib"
+                         "test/runner.rb")
                  #t))))))
     (native-inputs
      `(("ruby-rack" ,ruby-rack)))
@@ -4306,7 +4421,7 @@ requests either using arguments or with an interactive prompt.")
          ;; be require'd.
          (replace 'check
            (lambda _
-             (zero? (system* "ruby" "-Ilib" "-r" "ansi"))))
+             (invoke "ruby" "-Ilib" "-r" "ansi")))
          (add-before 'validate-runpath 'replace-broken-symlink
            (lambda* (#:key outputs #:allow-other-keys)
              (let* ((out (assoc-ref outputs "out"))
@@ -4377,7 +4492,7 @@ subprocess.")
            ;; Run test without calling 'rake' so that jeweler is
            ;; not required as an input.
            (lambda _
-             (zero? (system* "rspec" "spec/bio-commandeer_spec.rb")))))))
+             (invoke "rspec" "spec/bio-commandeer_spec.rb"))))))
     (propagated-inputs
      `(("ruby-bio-logger" ,ruby-bio-logger)
        ("ruby-systemu" ,ruby-systemu)))
@@ -4414,7 +4529,7 @@ detail to ease debugging.")
        (modify-phases %standard-phases
          (replace 'check
            (lambda _
-             (zero? (system* "ruby" "-Ilib" "-r" "rubytest")))))))
+             (invoke "ruby" "-Ilib" "-r" "rubytest"))))))
     (propagated-inputs
      `(("ruby-ansi" ,ruby-ansi)))
     (synopsis "Universal test harness for Ruby")
@@ -4444,7 +4559,7 @@ single pass.")
        (modify-phases %standard-phases
          (replace 'check
            (lambda _
-             (zero? (system* "ruby" "-Ilib" "-r" "brass")))))))
+             (invoke "ruby" "-Ilib" "-r" "brass"))))))
     (synopsis "Basic foundational assertions framework")
     (description
      "BRASS (Bare-Metal Ruby Assertion System Standard) is a basic
@@ -4472,7 +4587,7 @@ make use of.")
        (modify-phases %standard-phases
          (replace 'check
            (lambda _
-             (zero? (system* "ruby" "-Ilib" "bin/qed" "--copyright")))))))
+             (invoke "ruby" "-Ilib" "bin/qed" "--copyright"))))))
     (propagated-inputs
      `(("ruby-ansi" ,ruby-ansi)
        ("ruby-brass" ,ruby-brass)))
@@ -4506,7 +4621,7 @@ requirement specifications systems like Cucumber.")
      `(#:phases
        (modify-phases %standard-phases
          (replace 'check
-           (lambda _ (zero? (system* "qed"))))
+           (lambda _ (invoke "qed")))
          (add-before 'validate-runpath 'replace-broken-symlink
            (lambda* (#:key outputs #:allow-other-keys)
              (let* ((out (assoc-ref outputs "out"))
@@ -4544,7 +4659,7 @@ for reuse by other test frameworks.")
     (arguments
      `(#:phases
        (modify-phases %standard-phases
-         (replace 'check (lambda _ (zero? (system* "qed")))))))
+         (replace 'check (lambda _ (invoke "qed"))))))
     (propagated-inputs
      `(("ruby-ae" ,ruby-ae)
        ("ruby-ansi" ,ruby-ansi)
@@ -4600,8 +4715,8 @@ Rubytest-based test frameworks.  It provides the @code{rubytest} executable.")
        (modify-phases %standard-phases
          (replace 'check
            (lambda _
-             (and (zero? (system* "qed"))
-                  (zero? (system* "rubytest" "-Ilib" "-Itest" "test/"))))))))
+             (invoke "qed")
+             (invoke "rubytest" "-Ilib" "-Itest" "test/"))))))
     (native-inputs
      `(("ruby-rubytest-cli" ,ruby-rubytest-cli)
        ("ruby-qed" ,ruby-qed)
@@ -4635,7 +4750,7 @@ specific use case.")
        (modify-phases %standard-phases
          (replace 'check
            (lambda _
-             (zero? (system* "rspec" "spec/rc4_spec.rb")))))))
+             (invoke "rspec" "spec/rc4_spec.rb"))))))
     (native-inputs
      `(("ruby-rspec" ,ruby-rspec-2)))
     (synopsis "Implementation of the RC4 algorithm")
@@ -4889,7 +5004,7 @@ call.")
          (add-before 'check 'rake-compile
            ;; Fix the test error described at
            ;; https://github.com/ruby-concurrency/concurrent-ruby/pull/408
-           (lambda _ (zero? (system* "rake" "compile"))))
+           (lambda _ (invoke "rake" "compile")))
          (add-before 'check 'remove-timecop-dependency
            ;; Remove timecop-dependent tests as having timecop as a depedency
            ;; causes circular depedencies.
@@ -5757,7 +5872,7 @@ hashes more powerful.")
     (synopsis "Heredoc indentation cleaner")
     (description "This gem removes common margin from indented strings, such
 as the ones produced by indented heredocs.  In other words, it strips out
-leading whitespace chars at the beggining of each line, but only as much as
+leading whitespace chars at the beginning of each line, but only as much as
 the line with the smallest margin.
 
 It is acknowledged that many strings defined by heredocs are just code and
diff --git a/gnu/packages/rust.scm b/gnu/packages/rust.scm
index b053bdce62..74de6f3ae1 100644
--- a/gnu/packages/rust.scm
+++ b/gnu/packages/rust.scm
@@ -200,7 +200,7 @@ in turn be used to build the final Rust.")
          ("rustc"
           ,(rust-source "1.19.0" "0l8c14qsf42rmkqy92ahij4vf356dbyspxcips1aswpvad81y8qm"))))
       (arguments
-       `(#:tests? #f
+       `(#:test-target "local_tests"
          #:make-flags (list (string-append "LLVM_CONFIG="
                                            (assoc-ref %build-inputs "llvm")
                                            "/bin/llvm-config"))
@@ -250,6 +250,7 @@ in turn be used to build the final Rust.")
                       (gcc (assoc-ref inputs "gcc")))
                  ;; These files are not reproducible.
                  (for-each delete-file (find-files "output" "\\.txt$"))
+                 (delete-file-recursively "output/local_tests")
                  (mkdir-p lib)
                  (copy-recursively "output" lib/rust)
                  (mkdir-p bin)
@@ -410,6 +411,8 @@ test = { path = \"../libtest\" }
                                    "output/rustc-build/rustc"
                                    "-C" (string-append "linker="
                                                        (getenv "CC"))
+                                   ;; Required for libterm.
+                                   "-Z" "force-unstable-if-unmarked"
                                    "-L" "output/target-libs"
                                    (string-append "src/" name "/lib.rs")
                                    "-o"
@@ -429,7 +432,13 @@ test = { path = \"../libtest\" }
                            ("libpanic_unwind")
                            ;; Uses "cc" to link.
                            ("libstd" "-l" "dl" "-l" "rt" "-l" "pthread")
-                           ("libarena")))
+                           ("libarena")
+
+                           ;; Test dependencies:
+
+                           ("libgetopts")
+                           ("libterm")
+                           ("libtest")))
                #t)))
          ;; This phase is overridden by newer versions.
          (replace 'check
@@ -790,8 +799,8 @@ jemalloc = \"" jemalloc "/lib/libjemalloc_pic.a" "\"
 
 (define-public rust
   (let ((base-rust
-         (rust-bootstrapped-package rust-1.26 "1.27.0"
-                                    "089d7rhw55zpvnw71dj8vil6qrylvl4xjr4m8bywjj83d4zq1f9c"
+         (rust-bootstrapped-package rust-1.26 "1.27.2"
+                                    "0pg1s37bhx9zqbynxyydq5j6q7kij9vxkcv8maz0m25prm88r0cs"
                                     #:patches
                                     '("rust-coresimd-doctest.patch"
                                       "rust-bootstrap-stage0-test.patch"
diff --git a/gnu/packages/scheme.scm b/gnu/packages/scheme.scm
index 2e46a8453f..9654fe36f5 100644
--- a/gnu/packages/scheme.scm
+++ b/gnu/packages/scheme.scm
@@ -532,7 +532,7 @@ of libraries.")
 (define-public gambit-c
   (package
     (name "gambit-c")
-    (version "4.8.9")
+    (version "4.9.0")
     (source
      (origin
        (method url-fetch)
@@ -542,25 +542,14 @@ of libraries.")
              (string-map (lambda (c) (if (char=? c #\.) #\_ c)) version)
              ".tgz"))
        (sha256
-        (base32 "16sg1s8myzxqpimj5ry6lfza0qfs157zj28bvmxwwgy89jd9m5v7"))))
+        (base32 "19862w9ij0g5xrkskl4g89xbs17gp9cc6cfcdca6dlfkb3lk6xhp"))))
     (build-system gnu-build-system)
     (arguments
      '(#:configure-flags
        ;; According to the ./configure script, this makes the build slower and
        ;; use >= 1 GB memory, but makes Gambit much faster.
-       '("--enable-single-host")
-       #:phases
-       (modify-phases %standard-phases
-         (add-before 'check 'fix-tests
-           (lambda _
-             (substitute* '("tests/makefile")
-               ;; '-:' is how run-time options are set.  'tl' sets some terminal
-               ;; option, which makes it fail in our build environment.  It
-               ;; recommends using 'd-' as a solution, which sets the REPL
-               ;; interaction channel to stdin/stdout.
-               (("gsi -:tl") "gsi -:d-,tl"))
-             #t)))))
-    (home-page "http://www.iro.umontreal.ca/~gambit/")
+       '("--enable-single-host")))
+    (home-page "http://gambitscheme.org")
     (synopsis "Efficient Scheme interpreter and compiler")
     (description
      "Gambit consists of two main programs: gsi, the Gambit Scheme
diff --git a/gnu/packages/scsi.scm b/gnu/packages/scsi.scm
index 2bb863cad9..f8c5d5ef60 100644
--- a/gnu/packages/scsi.scm
+++ b/gnu/packages/scsi.scm
@@ -27,28 +27,37 @@
 (define-public sg3-utils
   (package
     (name "sg3-utils")
-    (version "1.43")
+    (version "1.44")
     (source (origin
               (method url-fetch)
               (uri (string-append "http://sg.danny.cz/sg/p/sg3_utils-"
                                   version ".tar.xz"))
               (sha256
                (base32
-                "04l58wvncqk6lfh4lashsl3ccsa1114hkd6vwi1h1cbmq2fw9c8v"))))
+                "01avlgrbxlij8spish4i69ji1m49biz4mbayzzc2qx0hcl8ar56a"))))
     (build-system gnu-build-system)
     (home-page "http://sg.danny.cz/sg/sg3_utils.html")
     (synopsis "SCSI device utilities")
     (description
      "sg3-utils is a collection of utilities for devices that use the Small
-Computer System Interface (SCSI) command set.  It includes utilities to read
-data from, write data to, control, modify, and query the state of SCSI
-devices.  For example, this package provides command-line tools to copy data
-based on @code{dd} syntax and semantics (called @code{sg_dd}, @code{sgp_dd}
-and @code{sgm_dd}), check INQUIRY data and VPD pages (@code{sg_inq}), check
-mode and log pages (@code{sginfo}, @code{sg_modes} and @code{sg_logs}), spin
-up and down disks (@code{sg_start}), do self tests (@code{sg_senddiag}), parse
-sense data (@code{sg_decode_sense}), and perform various other functions.  In
-addition, this package includes a library, called libsgutils, which can be
+Computer System Interface (@dfn{SCSI}) command set.  It includes utilities to
+read data from, write data to, control, modify, and query the state of SCSI
+devices.
+
+For example, this package provides command-line tools to:
+@itemize
+@item copy data based on @code{dd} syntax and semantics (called @command{sg_dd},
+@command{sgp_dd}, and @command{sgm_dd})
+@item check @code{INQUIRY} data and @code{VPD pages} (@command{sg_inq})
+@item check mode and log pages (@command{sginfo}, @command{sg_modes}, and
+@command{sg_logs})
+@item spin up and down disks (@command{sg_start})
+@item do self-tests (@code{sg_senddiag})
+@item parse sense data (@code{sg_decode_sense})
+@item and perform various other functions.
+@end itemize
+
+In addition, this package includes a library, called libsgutils, which can be
 used in C and C++ programs to interact with SCSI devices.")
     ;; See README: "All utilities and libraries have either a "2 clause" BSD
     ;;   license or are "GPL-2ed". [...] That BSD license was updated from the
diff --git a/gnu/packages/security-token.scm b/gnu/packages/security-token.scm
index 4b748b6644..4495069c0d 100644
--- a/gnu/packages/security-token.scm
+++ b/gnu/packages/security-token.scm
@@ -56,7 +56,7 @@
 (define-public ccid
   (package
     (name "ccid")
-    (version "1.4.29")
+    (version "1.4.30")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -64,7 +64,7 @@
                     name "-" version ".tar.bz2"))
               (sha256
                (base32
-                "0kdqmbma6sclsrbxy9w85h7cs0v11if4nc2r9v09613k8pl2lhx5"))))
+                "0z7zafdg75fr1adlv2x0zz34s07gljcjg2lsz76s1048w1xhh5xc"))))
     (build-system gnu-build-system)
     (arguments
      `(#:configure-flags (list (string-append "--enable-usbdropdir=" %output
@@ -77,7 +77,7 @@
                (("/bin/echo") (which "echo")))
              #t)))))
     (native-inputs
-     `(("pcsc-lite" ,pcsc-lite) ; only required for headers
+     `(("pcsc-lite" ,pcsc-lite)         ; only required for headers
        ("perl" ,perl)
        ("pkg-config" ,pkg-config)))
     (inputs
@@ -220,7 +220,7 @@ website for more information about Yubico and the YubiKey.")
 (define-public opensc
   (package
     (name "opensc")
-    (version "0.18.0")
+    (version "0.19.0")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -228,7 +228,7 @@ website for more information about Yubico and the YubiKey.")
                     version "/opensc-" version ".tar.gz"))
               (sha256
                (base32
-                "0mrpik6ifzh27ws7h0viv8nwgcdj3fp5whaldmj0zhfi1l1zzh4v"))))
+                "09jqzl18z5qfrf4vf2nvbpdm3mphpgfkl3ww1clkaxh2z56hwnic"))))
     (build-system gnu-build-system)
     (arguments
      `(#:phases
diff --git a/gnu/packages/shells.scm b/gnu/packages/shells.scm
index c0f1c479ef..8362d00f60 100644
--- a/gnu/packages/shells.scm
+++ b/gnu/packages/shells.scm
@@ -155,23 +155,18 @@ and syntax highlighting.")
               (method git-fetch)
               (uri (git-reference
                     (url "https://github.com/rakitzis/rc.git")
-                    ;; commit name 'release: rc-1.7.4'
-                    (commit "c884da53a7c885d46ace2b92de78946855b18e92")))
+                    (commit (string-append "v" version))))
               (sha256
                (base32
-                "00mgzvrrh9w96xa85g4gjbsvq02f08k4jwjcdnxq7kyh5xgiw95l"))
-              (file-name (string-append name "-" version "-checkout"))))
+                "0vj1h4pcg13vxsiydmmk87dr2sra9h4gwx0c4q6fjsiw4in78rrd"))
+              (file-name (git-file-name name version))))
     (build-system gnu-build-system)
     (arguments
      `(#:configure-flags
        '("--with-edit=gnu")
        #:phases
        (modify-phases %standard-phases
-         (add-after
-          'unpack 'autoreconf
-          (lambda _ (zero? (system* "autoreconf" "-vfi"))))
-         (add-before
-          'autoreconf 'patch-trip.rc
+         (add-before 'bootstrap 'patch-trip.rc
           (lambda _
             (substitute* "trip.rc"
               (("/bin/pwd") (which "pwd"))
@@ -292,7 +287,7 @@ history mechanism, job control and a C-like syntax.")
 (define-public zsh
   (package
     (name "zsh")
-    (version "5.6.1")
+    (version "5.6.2")
     (source (origin
               (method url-fetch)
               (uri (list (string-append
@@ -303,7 +298,7 @@ history mechanism, job control and a C-like syntax.")
                            ".tar.xz")))
               (sha256
                (base32
-                "1s5kzfbfvixibb1sbzmmlrrx898zqwi5cfmnnq4bhcbx64zparlm"))))
+                "17iffliqcj4hv91g0bd2sxsyfcz51mfyh97sp2iyrs2p0mndc2x5"))))
     (build-system gnu-build-system)
     (arguments `(#:configure-flags '("--with-tcsetpgrp" "--enable-pcre")
                  #:phases
@@ -422,7 +417,7 @@ use of experts and novices alike.")
                #t))
            (add-after 'unpack 'autoreconf
              (lambda _
-               (zero? (system* "autoreconf")))))))
+               (invoke "autoreconf"))))))
       (inputs
        `(("scheme48" ,scheme48)
          ("scheme48-rx" ,scheme48-rx)))
@@ -628,7 +623,7 @@ interactive POSIX shell targeted at resource-constrained systems.")
          (replace 'build
            (lambda _
              (setenv "CC" "gcc")
-             (zero? (system* (which "sh") "Build.sh"))))
+             (invoke (which "sh") "Build.sh")))
          (replace 'install
            (lambda* (#:key outputs #:allow-other-keys)
              (let* ((out (assoc-ref outputs "out"))
@@ -637,7 +632,8 @@ interactive POSIX shell targeted at resource-constrained systems.")
                (install-file "mksh" bin)
                (with-directory-excursion bin
                  (symlink "mksh" "ksh"))
-               (install-file "mksh.1" man)))))))
+               (install-file "mksh.1" man)
+               #t))))))
     (home-page "https://www.mirbsd.org/mksh.htm")
     (synopsis "Korn Shell from MirBSD")
     (description "mksh is an actively developed free implementation of the
diff --git a/gnu/packages/telephony.scm b/gnu/packages/telephony.scm
index 2055034117..05916cde5c 100644
--- a/gnu/packages/telephony.scm
+++ b/gnu/packages/telephony.scm
@@ -7,7 +7,7 @@
 ;;; Copyright © 2016 Francesco Frassinelli <fraph24@gmail.com>
 ;;; Copyright © 2016, 2017 Nils Gillmann <ng0@n0.is>
 ;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net>
-;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2017, 2018 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2018 Jovany Leandro G.C <bit4bit@riseup.net>
 ;;;
 ;;; This file is part of GNU Guix.
@@ -314,7 +314,7 @@ protocol (RFC 3550).")
        `(#:phases (modify-phases %standard-phases
                     (add-after 'unpack 'autoconf
                       (lambda _
-                        (zero? (system* "autoreconf" "-vfi")))))))
+                        (invoke "autoreconf" "-vfi"))))))
       (home-page "https://gitlab.savoirfairelinux.com/sflphone/libiax2")
       (synopsis "Inter-Asterisk-Protocol library")
       (description "LibIAX2 implements the Inter-Asterisk-Protocol for relaying
@@ -393,27 +393,27 @@ address of one of the participants.")
        (modify-phases %standard-phases
          (replace 'configure
            (lambda* (#:key outputs #:allow-other-keys)
-             (zero? (system* "qmake" "main.pro" "-recursive"
-                             (string-append "CONFIG+="
-                                            (string-join
-                                             (list "no-update"
-                                                   "no-ice"
-                                                   "no-embed-qt-translations"
-                                                   "no-bundled-speex"
-                                                   "pch"
-                                                   "no-bundled-opus"
-                                                   "no-celt"
-                                                   "no-alsa"
-                                                   "no-oss"
-                                                   "no-portaudio"
-                                                   "speechd"
-                                                   "no-g15"
-                                                   "no-bonjour"
-                                                   "release")))
-                             (string-append "DEFINES+="
-                                            "PLUGIN_PATH="
-                                            (assoc-ref outputs "out")
-                                            "/lib/mumble")))))
+             (invoke "qmake" "main.pro" "-recursive"
+                     (string-append "CONFIG+="
+                                    (string-join
+                                     (list "no-update"
+                                           "no-ice"
+                                           "no-embed-qt-translations"
+                                           "no-bundled-speex"
+                                           "pch"
+                                           "no-bundled-opus"
+                                           "no-celt"
+                                           "no-alsa"
+                                           "no-oss"
+                                           "no-portaudio"
+                                           "speechd"
+                                           "no-g15"
+                                           "no-bonjour"
+                                           "release")))
+                     (string-append "DEFINES+="
+                                    "PLUGIN_PATH="
+                                    (assoc-ref outputs "out")
+                                    "/lib/mumble"))))
          (add-before 'configure 'fix-libspeechd-include
            (lambda _
              (substitute* "src/mumble/TextToSpeech_unix.cpp"
diff --git a/gnu/packages/time.scm b/gnu/packages/time.scm
index e9bb6969e3..895cf6ac3b 100644
--- a/gnu/packages/time.scm
+++ b/gnu/packages/time.scm
@@ -243,14 +243,14 @@ ISO 8601 dates, time and duration.")
 (define-public python-iso8601
   (package
     (name "python-iso8601")
-    (version "0.1.11")
+    (version "0.1.12")
     (source
      (origin
        (method url-fetch)
        (uri (pypi-uri "iso8601" version))
        (sha256
         (base32
-         "0c7gh3lsdjds262h0v1sqc66l7hqgfwbakn96qrhdbl0i3vm5yz8"))))
+         "10nyvvnrhw2w3p09v1ica4lgj6f4g9j3kkfx17qmraiq3w7b5i29"))))
     (build-system python-build-system)
     (native-inputs
      `(("python-pytest" ,python-pytest)))
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index d4e403b64c..4d6e88bf3d 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -394,7 +394,7 @@ required structures.")
   (package
     (inherit openssl)
     (name "openssl")
-    (version "1.1.0i")
+    (version "1.1.1")
     (source (origin
              (method url-fetch)
              (uri (list (string-append "https://www.openssl.org/source/openssl-"
@@ -404,13 +404,13 @@ required structures.")
                         (string-append "ftp://ftp.openssl.org/source/old/"
                                        (string-trim-right version char-set:letter)
                                        "/" name "-" version ".tar.gz")))
-              (patches (search-patches "openssl-1.1.0-c-rehash-in.patch"))
+              (patches (search-patches "openssl-1.1-c-rehash-in.patch"))
               (sha256
                (base32
-                "16fgaf113p6s5ixw227sycvihh3zx6f6rf0hvjjhxk68m12cigzb"))))
+                "0gbab2fjgms1kx5xjvqx8bxhr98k4r8l2fa8vw7kvh491xd8fdi8"))))
     (outputs '("out"
-               "doc"        ; 1.3MiB of man3 pages
-               "static"))   ; 5.5MiB of .a files
+               "doc"        ; 6.7 MiB of man3 pages and full HTML documentation
+               "static"))   ; 6.4 MiB of .a files
     (arguments
      (substitute-keyword-arguments (package-arguments openssl)
        ((#:phases phases)
@@ -423,6 +423,11 @@ required structures.")
              (lambda* (#:key outputs #:allow-other-keys)
                (let* ((out (assoc-ref outputs "out"))
                       (lib (string-append out "/lib")))
+                 ;; It's not a shebang so patch-source-shebangs misses it.
+                 (substitute* "config"
+                   (("/usr/bin/env")
+                    (string-append (assoc-ref %build-inputs "coreutils")
+                                   "/bin/env")))
                  (invoke "./config"
                          "shared"       ;build shared libraries
                          "--libdir=lib"
@@ -444,6 +449,21 @@ required structures.")
                                '("-mfpu=vfpv3")
                                '())))))
 
+           (delete 'move-man3-pages)
+           (add-after 'install 'move-extra-documentation
+             (lambda* (#:key outputs #:allow-other-keys)
+               ;; Move man3 pages and full HTML documentation to "doc".
+               (let* ((out    (assoc-ref outputs "out"))
+                      (man3   (string-append out "/share/man/man3"))
+                      (html (string-append out "/share/doc/openssl"))
+                      (doc    (assoc-ref outputs "doc"))
+                      (man-target (string-append doc "/share/man/man3"))
+                      (html-target (string-append doc "/share/doc/openssl")))
+                 (copy-recursively man3 man-target)
+                 (delete-file-recursively man3)
+                 (copy-recursively html html-target)
+                 (delete-file-recursively html)
+                 #t)))
            ;; XXX: Duplicate this phase to make sure 'version' evaluates
            ;; in the current scope and not the inherited one.
            (replace 'remove-miscellany
@@ -806,7 +826,7 @@ then ported to the GNU / Linux environment.")
 (define-public mbedtls-apache
   (package
     (name "mbedtls-apache")
-    (version "2.7.5")
+    (version "2.7.6")
     (source
      (origin
        (method url-fetch)
@@ -816,7 +836,7 @@ then ported to the GNU / Linux environment.")
                            version "-apache.tgz"))
        (sha256
         (base32
-         "0h4vks2z68bkwzg093mn0a7aqsva8rxr4m971n4bkasa17cjlc51"))))
+         "0fl2nrxvlgx9ja7yy3kd1zadpr98fxbvn3f6fl2mj87gryhkfqlk"))))
     (build-system cmake-build-system)
     (arguments
      `(#:configure-flags
diff --git a/gnu/packages/version-control.scm b/gnu/packages/version-control.scm
index 3774961786..58c870df5a 100644
--- a/gnu/packages/version-control.scm
+++ b/gnu/packages/version-control.scm
@@ -309,6 +309,13 @@ as well as the classic centralized workflow.")
             (let* ((netrc (assoc-ref outputs "credential-netrc")))
               (install-file "contrib/credential/netrc/git-credential-netrc"
                             (string-append netrc "/bin"))
+              ;; Previously, Git.pm was automatically found by netrc.
+              ;; Perl 5.26 changed how it locates modules so that @INC no
+              ;; longer includes the current working directory (the Perl
+              ;; community calls this "dotless @INC").
+              (wrap-program (string-append netrc "/bin/git-credential-netrc")
+                `("PERL5LIB" ":" prefix
+                  (,(string-append (assoc-ref outputs "out") "/share/perl5"))))
               #t)))
         (add-after 'install 'split
           (lambda* (#:key inputs outputs #:allow-other-keys)
diff --git a/gnu/packages/video.scm b/gnu/packages/video.scm
index aa2b4467fc..4882f0476a 100644
--- a/gnu/packages/video.scm
+++ b/gnu/packages/video.scm
@@ -1427,16 +1427,16 @@ audio, images) from the Web.  It can use either mpv or vlc for playback.")
 (define-public youtube-viewer
   (package
     (name "youtube-viewer")
-    (version "3.3.4")
+    (version "3.4.1")
     (source (origin
-              (method url-fetch)
-              (uri (string-append
-                    "https://github.com/trizen/youtube-viewer/archive/"
-                    version ".tar.gz"))
-              (file-name (string-append name "-" version ".tar.gz"))
+              (method git-fetch)
+              (uri (git-reference
+                    (url "https://github.com/trizen/youtube-viewer.git")
+                    (commit version)))
+              (file-name (git-file-name name version))
               (sha256
                (base32
-                "1dqaxkz5svv0lmxds6lppcpzhkq6gar2raw9gx6imrd7yz02fpgn"))))
+                "0axgb95lx81psgrb2a5rfdd8gl4mhsrzf41jas6l58d1xkaj54ri"))))
     (build-system perl-build-system)
     (native-inputs
      `(("perl-module-build" ,perl-module-build)))
diff --git a/gnu/packages/virtualization.scm b/gnu/packages/virtualization.scm
index 7427465f57..e3b9925059 100644
--- a/gnu/packages/virtualization.scm
+++ b/gnu/packages/virtualization.scm
@@ -873,7 +873,7 @@ Open Container Initiative specification.")
 (define-public umoci
   (package
     (name "umoci")
-    (version "0.4.0")
+    (version "0.4.2")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -882,7 +882,7 @@ Open Container Initiative specification.")
               (file-name (string-append "umoci-" version ".tar.xz"))
               (sha256
                (base32
-                "0hg7hs4dagj2fgymm4b4s68k1v2k2093s3jg0d94j0ixhfmyg9nd"))))
+                "1rq5jxcss9cmy05x9b2kh9ld57ribi8hgnx2w67jpmf343b83m4q"))))
     (build-system go-build-system)
     (arguments
      '(#:import-path "github.com/openSUSE/umoci"
diff --git a/gnu/packages/wine.scm b/gnu/packages/wine.scm
index b818a3ccb5..782776606d 100644
--- a/gnu/packages/wine.scm
+++ b/gnu/packages/wine.scm
@@ -71,7 +71,7 @@
 (define-public wine
   (package
     (name "wine")
-    (version "3.0.2")
+    (version "3.0.3")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://dl.winehq.org/wine/source/"
@@ -79,7 +79,7 @@
                                   "/wine-" version ".tar.xz"))
               (sha256
                (base32
-                "1zv3nk31s758ghp4795ym3w8l5868c2dllmjx9245qh9ahvp3mya"))))
+                "18add8wqqz7y1aj8x0dcba7pqj9jkbhngwjv4yjmar3gxacmjr7b"))))
     (build-system gnu-build-system)
     (native-inputs `(("pkg-config" ,pkg-config)
                      ("gettext" ,gettext-minimal)
@@ -225,7 +225,7 @@ integrate Windows applications into your desktop.")
 (define-public wine-staging-patchset-data
   (package
    (name "wine-staging-patchset-data")
-   (version "3.15")
+   (version "3.16")
    (source
     (origin
       (method git-fetch)
@@ -235,7 +235,7 @@ integrate Windows applications into your desktop.")
       (file-name (git-file-name name version))
       (sha256
        (base32
-        "1rgbx4qnxaarkq5n8nvj57q0rhxcqbwm5897ws962fgxh6zymg9n"))))
+        "0c1bs9qpxlvld6jkwjri2v8jaixxn1r5b0m9r5hnkfrnpl7z7cfv"))))
    (build-system trivial-build-system)
    (native-inputs
     `(("bash" ,bash)
@@ -281,7 +281,7 @@ integrate Windows applications into your desktop.")
               (file-name (string-append name "-" version ".tar.xz"))
               (sha256
                (base32
-                "07mmd8r70ciqrxzdg2m2mg34kcnb43dk9nw1ljm8jbcznsawv8ic"))))
+                "0g55l41apiwgblfk9ihzd96003gd32w5ng79f96hmiwhyzwbqhxd"))))
     (inputs `(("autoconf" ,autoconf) ; for autoreconf
               ("gtk+" ,gtk+)
               ("libva" ,libva)
diff --git a/gnu/packages/xdisorg.scm b/gnu/packages/xdisorg.scm
index 2e64ce35ad..d886d3e69b 100644
--- a/gnu/packages/xdisorg.scm
+++ b/gnu/packages/xdisorg.scm
@@ -476,9 +476,8 @@ move windows, switch between desktops, etc.).")
              (let* ((out (assoc-ref outputs "out"))
                     (doc (string-append out "/share/doc/scrot")))
                (mkdir-p doc)
-               (zero?
-                (system* "make" "install"
-                         (string-append "docsdir=" doc)))))))))
+               (invoke "make" "install"
+                        (string-append "docsdir=" doc))))))))
     (inputs
      `(("libx11" ,libx11)
        ("giblib" ,giblib)))
@@ -585,10 +584,9 @@ include cursor in the resulting image.")
                     (man1 (string-append out "/share/man/man1")))
                (mkdir-p bin)
                (mkdir-p man1)
-               (zero?
-                 (system* "make" "install" "install.man"
-                          (string-append "BINDIR=" bin)
-                          (string-append "MANDIR=" man1)))))))))
+               (invoke "make" "install" "install.man"
+                       (string-append "BINDIR=" bin)
+                       (string-append "MANDIR=" man1))))))))
     (inputs `(("libx11" ,libx11)))
     (home-page "http://ftp.x.org/contrib/utilities/")
     (synopsis "Hide idle mouse cursor")
@@ -1344,7 +1342,7 @@ invert colors on a specific display/screen.")
                  #:phases (modify-phases %standard-phases
                            (add-before 'configure 'autoreconf
                              (lambda _
-                               (zero? (system* "autoreconf" "-vfi")))))))
+                               (invoke "autoreconf" "-vfi"))))))
    (native-inputs `(("autoconf" ,autoconf)
                     ("automake" ,automake)
                     ("pkg-config" ,pkg-config)
@@ -1403,7 +1401,7 @@ or playing a PCM encoded WAVE file.")
                #t)))
          (add-after 'install 'install/man
            (lambda _
-             (zero? (system* "make" "install.man")))))))
+             (invoke "make" "install.man"))))))
     (home-page "http://ibiblio.org/pub/Linux/X11/screensavers/")
     (synopsis "Program launcher for idle X sessions")
     (description "Xautolock monitors input devices under the X Window
diff --git a/gnu/packages/xiph.scm b/gnu/packages/xiph.scm
index a9f4a2ab87..7ecfa580ec 100644
--- a/gnu/packages/xiph.scm
+++ b/gnu/packages/xiph.scm
@@ -387,7 +387,7 @@ decoding .opus files.")
 (define opusfile
   (package
     (name "opusfile")
-    (version "0.10")
+    (version "0.11")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -395,7 +395,7 @@ decoding .opus files.")
                     ".tar.gz"))
               (sha256
                (base32
-                "0bs1376sd131qdh7198jp64vv5d17az5wyy4y7srrvw7p8k3bq28"))))
+                "1gq3aszzl5glgbajw5p1f5a1kdyf23w5vjdmwwrk246syin9pkkl"))))
     (build-system gnu-build-system)
     (propagated-inputs
      `(("opus" ,opus)))
diff --git a/gnu/packages/xorg.scm b/gnu/packages/xorg.scm
index aa24811695..cee87756af 100644
--- a/gnu/packages/xorg.scm
+++ b/gnu/packages/xorg.scm
@@ -2645,33 +2645,27 @@ as USB mice.")
      "xf86-video-ark is an Ark Logic video driver for the Xorg X server.")
     (license license:x11)))
 
-;; This driver depends on XAA which has been removed from xorg-server.
-;;
-;; (define-public xf86-video-ast
-;;   (package
-;;     (name "xf86-video-ast")
-;;     (version "0.93.10")
-;;     (source
-;;       (origin
-;;         (method url-fetch)
-;;         (uri (string-append
-;;                "mirror://xorg/individual/driver/xf86-video-ast-"
-;;                version
-;;                ".tar.bz2"))
-;;         (sha256
-;;           (base32
-;;            "1q64z8qqa0ix3cymqiwk1s3sphd1fvvz30lvyxhgkgciygz6dm69"))
-;;         (patches (search-patches "xf86-video-ast-remove-mibstore.patch"))))
-;;     (build-system gnu-build-system)
-;;     (inputs `(("xorg-server" ,xorg-server)))
-;;     (native-inputs `(("pkg-config" ,pkg-config)))
-;;     (home-page "https://www.x.org/wiki/")
-;;     (synopsis "ASpeed Technologies video driver for X server")
-;;     (description
-;;      "xf86-video-ast is an ASpeed Technologies video driver for the Xorg
-;; X server.")
-;;     (license license:x11)))
-
+(define-public xf86-video-ast
+  (package
+    (name "xf86-video-ast")
+    (version "1.1.5")
+    (home-page "https://cgit.freedesktop.org/xorg/driver/xf86-video-ast/")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append
+                    "mirror://xorg/individual/driver/xf86-video-ast-"
+                    version ".tar.bz2"))
+              (sha256
+               (base32
+                "1pm2cy81ma7ldsw0yfk28b33h9z2hcj5rccrxhfxfgvxsiavrnqy"))))
+    (build-system gnu-build-system)
+    (inputs `(("xorg-server" ,xorg-server)))
+    (native-inputs `(("pkg-config" ,pkg-config)))
+    (synopsis "ASpeed Technologies video driver for X server")
+    (description
+     "xf86-video-ast is an ASpeed Technologies video driver for the Xorg
+X server.")
+    (license license:x11)))
 
 (define-public xf86-video-ati
   (package
diff --git a/gnu/services/base.scm b/gnu/services/base.scm
index 921914ccdf..5ba2c6b86d 100644
--- a/gnu/services/base.scm
+++ b/gnu/services/base.scm
@@ -1846,16 +1846,9 @@ item of @var{packages}."
 
          (documentation "Populate the /dev directory, dynamically.")
          (start #~(lambda ()
-                    (define find
-                      (@ (srfi srfi-1) find))
-
                     (define udevd
-                      ;; Choose the right 'udevd'.
-                      (find file-exists?
-                            (map (lambda (suffix)
-                                   (string-append #$udev suffix))
-                                 '("/libexec/udev/udevd" ;udev
-                                   "/sbin/udevd"))))     ;eudev
+                      ;; 'udevd' from eudev.
+                      #$(file-append udev "/sbin/udevd"))
 
                     (define (wait-for-udevd)
                       ;; Wait until someone's listening on udevd's control
@@ -1891,24 +1884,20 @@ item of @var{packages}."
                       (make-static-device-nodes directory)
                       (umask old-umask))
 
-                    (let ((pid (primitive-fork)))
-                      (case pid
-                        ((0)
-                         (exec-command (list udevd)))
-                        (else
-                         ;; Wait until udevd is up and running.  This
-                         ;; appears to be needed so that the events
-                         ;; triggered below are actually handled.
-                         (wait-for-udevd)
-
-                         ;; Trigger device node creation.
-                         (system* #$(file-append udev "/bin/udevadm")
-                                  "trigger" "--action=add")
-
-                         ;; Wait for things to settle down.
-                         (system* #$(file-append udev "/bin/udevadm")
-                                  "settle")
-                         pid)))))
+                    (let ((pid (fork+exec-command (list udevd))))
+                      ;; Wait until udevd is up and running.  This appears to
+                      ;; be needed so that the events triggered below are
+                      ;; actually handled.
+                      (wait-for-udevd)
+
+                      ;; Trigger device node creation.
+                      (system* #$(file-append udev "/bin/udevadm")
+                               "trigger" "--action=add")
+
+                      ;; Wait for things to settle down.
+                      (system* #$(file-append udev "/bin/udevadm")
+                               "settle")
+                      pid)))
          (stop #~(make-kill-destructor))
 
          ;; When halting the system, 'udev' is actually killed by
@@ -2133,7 +2122,7 @@ This service is not part of @var{%base-services}."
                                              AF_INET INADDR_ANY 0)))
                     (set-network-interface-flags sock #$interface 0)
                     (close-port sock)
-:                    #f)))
+                    #f)))
         (respawn? #f))))))
 
 (define (static-networking-etc-files interfaces)
diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm
index b6b5ee3fec..bd1d5a2706 100644
--- a/gnu/services/networking.scm
+++ b/gnu/services/networking.scm
@@ -8,6 +8,7 @@
 ;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
 ;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2018 Chris Marusich <cmmarusich@gmail.com>
+;;; Copyright © 2018 Arun Isaac <arunisaac@systemreboot.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -103,7 +104,14 @@
             wpa-supplicant-service-type
 
             openvswitch-service-type
-            openvswitch-configuration))
+            openvswitch-configuration
+
+            iptables-configuration
+            iptables-configuration?
+            iptables-configuration-iptables
+            iptables-configuration-ipv4-rules
+            iptables-configuration-ipv6-rules
+            iptables-service-type))
 
 ;;; Commentary:
 ;;;
@@ -1108,4 +1116,50 @@ networking."))))
 switch designed to enable massive network automation through programmatic
 extension.")))
 
+;;;
+;;; iptables
+;;;
+
+(define %iptables-accept-all-rules
+  (plain-file "iptables-accept-all.rules"
+              "*filter
+:INPUT ACCEPT
+:FORWARD ACCEPT
+:OUTPUT ACCEPT
+COMMIT
+"))
+
+(define-record-type* <iptables-configuration>
+  iptables-configuration make-iptables-configuration iptables-configuration?
+  (iptables iptables-configuration-iptables
+            (default iptables))
+  (ipv4-rules iptables-configuration-ipv4-rules
+              (default %iptables-accept-all-rules))
+  (ipv6-rules iptables-configuration-ipv6-rules
+              (default %iptables-accept-all-rules)))
+
+(define iptables-shepherd-service
+  (match-lambda
+    (($ <iptables-configuration> iptables ipv4-rules ipv6-rules)
+     (let ((iptables-restore (file-append iptables "/sbin/iptables-restore"))
+           (ip6tables-restore (file-append iptables "/sbin/ip6tables-restore")))
+       (shepherd-service
+        (documentation "Packet filtering framework")
+        (provision '(iptables))
+        (start #~(lambda _
+                   (invoke #$iptables-restore #$ipv4-rules)
+                   (invoke #$ip6tables-restore #$ipv6-rules)))
+        (stop #~(lambda _
+                  (invoke #$iptables-restore #$%iptables-accept-all-rules)
+                  (invoke #$ip6tables-restore #$%iptables-accept-all-rules))))))))
+
+(define iptables-service-type
+  (service-type
+   (name 'iptables)
+   (description
+    "Run @command{iptables-restore}, setting up the specified rules.")
+   (extensions
+    (list (service-extension shepherd-root-service-type
+                             (compose list iptables-shepherd-service))))))
+
 ;;; networking.scm ends here
diff --git a/gnu/system/install.scm b/gnu/system/install.scm
index 95661dc973..a648ddf95e 100644
--- a/gnu/system/install.scm
+++ b/gnu/system/install.scm
@@ -47,7 +47,7 @@
             a20-olinuxino-lime-installation-os
             a20-olinuxino-lime2-emmc-installation-os
             a20-olinuxino-micro-installation-os
-            banana-pi-m2-ultra-installation-os
+            bananapi-m2-ultra-installation-os
             beaglebone-black-installation-os
             mx6cuboxi-installation-os
             nintendo-nes-classic-edition-installation-os
@@ -448,8 +448,8 @@ The bootloader BOOTLOADER is installed to BOOTLOADER-TARGET."
                             "/dev/mmcblk0" ; SD card storage
                             "ttyS0"))
 
-(define banana-pi-m2-ultra-installation-os
-  (embedded-installation-os u-boot-banana-pi-m2-ultra-bootloader
+(define bananapi-m2-ultra-installation-os
+  (embedded-installation-os u-boot-bananapi-m2-ultra-bootloader
                             "/dev/mmcblk1" ; eMMC storage
                             "ttyS0"))
 
diff --git a/gnu/tests/networking.scm b/gnu/tests/networking.scm
index 381c5caf14..ceba7f7d5d 100644
--- a/gnu/tests/networking.scm
+++ b/gnu/tests/networking.scm
@@ -2,6 +2,7 @@
 ;;; Copyright © 2017 Thomas Danckaert <post@thomasdanckaert.be>
 ;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
 ;;; Copyright © 2018 Chris Marusich <cmmarusich@gmail.com>
+;;; Copyright © 2018 Arun Isaac <arunisaac@systemreboot.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -29,9 +30,11 @@
   #:use-module (guix store)
   #:use-module (guix monads)
   #:use-module (gnu packages bash)
+  #:use-module (gnu packages linux)
   #:use-module (gnu packages networking)
   #:use-module (gnu services shepherd)
-  #:export (%test-inetd %test-openvswitch %test-dhcpd %test-tor))
+  #:use-module (ice-9 match)
+  #:export (%test-inetd %test-openvswitch %test-dhcpd %test-tor %test-iptables))
 
 (define %inetd-os
   ;; Operating system with 2 inetd services.
@@ -434,3 +437,127 @@ subnet 192.168.1.0 netmask 255.255.255.0 {
    (name "tor")
    (description "Test a running Tor daemon configuration.")
    (value (run-tor-test))))
+
+(define* (run-iptables-test)
+  "Run tests of 'iptables-service-type'."
+  (define iptables-rules
+    "*filter
+:INPUT ACCEPT
+:FORWARD ACCEPT
+:OUTPUT ACCEPT
+-A INPUT -p tcp -m tcp --dport 7 -j REJECT --reject-with icmp-port-unreachable
+COMMIT
+")
+
+  (define ip6tables-rules
+    "*filter
+:INPUT ACCEPT
+:FORWARD ACCEPT
+:OUTPUT ACCEPT
+-A INPUT -p tcp -m tcp --dport 7 -j REJECT --reject-with icmp6-port-unreachable
+COMMIT
+")
+
+  (define inetd-echo-port 7)
+
+  (define os
+    (marionette-operating-system
+     (simple-operating-system
+      (dhcp-client-service)
+      (service inetd-service-type
+               (inetd-configuration
+                (entries (list
+                          (inetd-entry
+                           (name "echo")
+                           (socket-type 'stream)
+                           (protocol "tcp")
+                           (wait? #f)
+                           (user "root"))))))
+      (service iptables-service-type
+               (iptables-configuration
+                (ipv4-rules (plain-file "iptables.rules" iptables-rules))
+                (ipv6-rules (plain-file "ip6tables.rules" ip6tables-rules)))))
+     #:imported-modules '((gnu services herd))
+     #:requirements '(inetd iptables)))
+
+  (define test
+    (with-imported-modules '((gnu build marionette))
+      #~(begin
+          (use-modules (srfi srfi-64)
+                       (gnu build marionette))
+          (define marionette
+            (make-marionette (list #$(virtual-machine os))))
+
+          (define (dump-iptables iptables-save marionette)
+            (marionette-eval
+             `(begin
+                (use-modules (ice-9 popen)
+                             (ice-9 rdelim)
+                             (ice-9 regex))
+                (call-with-output-string
+                  (lambda (out)
+                    (call-with-port
+                     (open-pipe* OPEN_READ ,iptables-save)
+                     (lambda (in)
+                       (let loop ((line (read-line in)))
+                         ;; iptables-save does not output rules in the exact
+                         ;; same format we loaded using iptables-restore. It
+                         ;; adds comments, packet counters, etc. We remove
+                         ;; these additions.
+                         (unless (eof-object? line)
+                           (cond
+                            ;; Remove comments
+                            ((string-match "^#" line) #t)
+                            ;; Remove packet counters
+                            ((string-match "^:([A-Z]*) ([A-Z]*) .*" line)
+                             => (lambda (match-record)
+                                  (format out ":~a ~a~%"
+                                          (match:substring match-record 1)
+                                          (match:substring match-record 2))))
+                            ;; Pass other lines without modification
+                            (else (display line out)
+                                  (newline out)))
+                           (loop (read-line in)))))))))
+             marionette))
+
+          (mkdir #$output)
+          (chdir #$output)
+
+          (test-begin "iptables")
+
+          (test-equal "iptables-save dumps the same rules that were loaded"
+            (dump-iptables #$(file-append iptables "/sbin/iptables-save")
+                           marionette)
+            #$iptables-rules)
+
+          (test-equal "ip6tables-save dumps the same rules that were loaded"
+            (dump-iptables #$(file-append iptables "/sbin/ip6tables-save")
+                           marionette)
+            #$ip6tables-rules)
+
+          (test-error "iptables firewall blocks access to inetd echo service"
+                      'misc-error
+                      (wait-for-tcp-port inetd-echo-port marionette #:timeout 5))
+
+          ;; TODO: This test freezes up at the login prompt without any
+          ;; relevant messages on the console. Perhaps it is waiting for some
+          ;; timeout. Find and fix this issue.
+          ;; (test-assert "inetd echo service is accessible after iptables firewall is stopped"
+          ;;   (begin
+          ;;     (marionette-eval
+          ;;      '(begin
+          ;;         (use-modules (gnu services herd))
+          ;;         (stop-service 'iptables))
+          ;;      marionette)
+          ;;     (wait-for-tcp-port inetd-echo-port marionette #:timeout 5)))
+
+          (test-end)
+          (exit (= (test-runner-fail-count (test-runner-current)) 0)))))
+
+  (gexp->derivation "iptables" test))
+
+(define %test-iptables
+  (system-test
+   (name "iptables")
+   (description "Test a running iptables daemon.")
+   (value (run-iptables-test))))
diff --git a/guix/build/lisp-utils.scm b/guix/build/lisp-utils.scm
index 21cb620d59..6470cfec97 100644
--- a/guix/build/lisp-utils.scm
+++ b/guix/build/lisp-utils.scm
@@ -81,6 +81,20 @@
   "Replace invalid characters in STR with a hyphen."
   (string-join (string-tokenize str valid-char-set) "-"))
 
+(define (normalize-dependency dependency)
+  "Normalize the name of DEPENDENCY.  Handles dependency definitions of the
+dependency-def form described by
+<https://common-lisp.net/project/asdf/asdf.html#The-defsystem-grammar>."
+  (match dependency
+    ((':version name rest ...)
+     `(:version ,(normalize-string name) ,@rest))
+    ((':feature feature-specification dependency-specification)
+     `(:feature
+       ,feature-specification
+       ,(normalize-dependency dependency-specification)))
+    ((? string? name) (normalize-string name))
+    (require-specification require-specification)))
+
 (define (inputs->asd-file-map inputs)
   "Produce a hash table of the form (system . asd-file), where system is the
 name of an ASD system, and asd-file is the full path to its definition."
@@ -105,9 +119,9 @@ name of an ASD system, and asd-file is the full path to its definition."
 
 (define (lisp-eval-program program)
   "Evaluate PROGRAM with a given LISP implementation."
-  (unless (zero? (apply system*
-                        (lisp-invocation program)))
-    (error "lisp-eval-program failed!" (%lisp) program)))
+  (define invocation (lisp-invocation program))
+  (format #t "Invoking ~a: ~{~s ~}~%" (%lisp-type) invocation)
+  (apply invoke invocation))
 
 (define (spread-statements program argument-name)
   "Return a list with the statements from PROGRAM spread between
@@ -138,8 +152,7 @@ with PROGRAM."
 first."
   (lisp-eval-program
    `((require :asdf)
-     (let ((*package* (find-package :asdf)))
-       (load ,asd-file))
+     (asdf:load-asd (truename ,asd-file) :name ,(normalize-string system))
      (asdf:operate 'asdf:compile-bundle-op ,system))))
 
 (define (system-dependencies system asd-file)
@@ -148,8 +161,7 @@ asdf:system-depends-on.  First load the system's ASD-FILE."
   (define deps-file ".deps.sexp")
   (define program
     `((require :asdf)
-      (let ((*package* (find-package :asdf)))
-        (load ,asd-file))
+      (asdf:load-asd (truename ,asd-file) :name ,(normalize-string system))
       (with-open-file
        (stream ,deps-file :direction :output)
        (format stream
@@ -189,19 +201,18 @@ asdf:system-depends-on.  First load the system's ASD-FILE."
 Also load TEST-ASD-FILE if necessary."
   (lisp-eval-program
    `((require :asdf)
-     (let ((*package* (find-package :asdf)))
-       (load ,asd-file)
-       ,@(if test-asd-file
-             `((load ,test-asd-file))
-             ;; Try some likely files.
-             (map (lambda (file)
-                    `(when (uiop:file-exists-p ,file)
-                       (load ,file)))
-                  (list
-                   (string-append system "-tests.asd")
-                   (string-append system "-test.asd")
-                   "tests.asd"
-                   "test.asd"))))
+     (asdf:load-asd (truename ,asd-file) :name ,(normalize-string system))
+     ,@(if test-asd-file
+           `((asdf:load-asd (truename ,test-asd-file)))
+           ;; Try some likely files.
+           (map (lambda (file)
+                  `(when (uiop:file-exists-p ,file)
+                     (asdf:load-asd (truename ,file))))
+                (list
+                 (string-append system "-tests.asd")
+                 (string-append system "-test.asd")
+                 "tests.asd"
+                 "test.asd")))
      (asdf:test-system ,system))))
 
 (define (string->lisp-keyword . strings)
@@ -273,16 +284,24 @@ system to find its dependencies, as described by GENERATE-DEPENDENCY-LINKS."
            (system-dependencies system system-asd-file)))
       (if (eq? 'NIL deps)
           '()
-          (map normalize-string deps))))
+          (map normalize-dependency deps))))
 
   (define lisp-input-map
     (inputs->asd-file-map inputs))
 
+  (define dependency-name
+    (match-lambda
+      ((':version name _ ...) name)
+      ((':feature _ dependency-specification)
+       (dependency-name dependency-specification))
+      ((? string? name) name)
+      (_ #f)))
+
   (define registry
     (filter-map hash-get-handle
                 (make-list (length dependencies)
                            lisp-input-map)
-                dependencies))
+                (map dependency-name dependencies)))
 
   (call-with-output-file asd-file
     (lambda (port)
diff --git a/guix/channels.scm b/guix/channels.scm
index cf833db8b9..2e7bffae9f 100644
--- a/guix/channels.scm
+++ b/guix/channels.scm
@@ -207,10 +207,16 @@ INSTANCES."
             (guix-channel? (channel-instance-channel instance)))
           instances))
 
-  ;; Guile-Gcrypt is a dependency of CORE-INSTANCE.
-  (define guile-gcrypt
-    (module-ref (resolve-interface '(gnu packages gnupg))
-                'guile-gcrypt))
+  (define dependencies
+    ;; Dependencies of CORE-INSTANCE.
+    ;; FIXME: It would be best not to hard-wire this information here and
+    ;; instead query it to CORE-INSTANCE.
+    (list (module-ref (resolve-interface '(gnu packages gnupg))
+                      'guile-gcrypt)
+          (module-ref (resolve-interface '(gnu packages guile))
+                      'guile-git)
+          (module-ref (resolve-interface '(gnu packages guile))
+                      'guile-bytestructures)))
 
   (mlet %store-monad ((core (build-channel-instance core-instance)))
     (mapm %store-monad
@@ -218,7 +224,7 @@ INSTANCES."
             (if (eq? instance core-instance)
                 (return core)
                 (build-channel-instance instance
-                                        (list core guile-gcrypt))))
+                                        (cons core dependencies))))
           instances)))
 
 (define (whole-package-for-legacy name modules)
diff --git a/guix/git-download.scm b/guix/git-download.scm
index e6e0ec2ac5..24cf11be5e 100644
--- a/guix/git-download.scm
+++ b/guix/git-download.scm
@@ -179,24 +179,28 @@ are relative to DIRECTORY, which is not necessarily the root of the checkout."
 
 (define (git-predicate directory)
   "Return a predicate that returns true if a file is part of the Git checkout
-living at DIRECTORY.  Upon Git failure, return #f instead of a predicate.
+living at DIRECTORY.  If DIRECTORY does not lie within a Git checkout, and
+upon Git errors, return #f instead of a predicate.
 
 The returned predicate takes two arguments FILE and STAT where FILE is an
 absolute file name and STAT is the result of 'lstat'."
-  (let* ((files  (git-file-list directory))
-         (inodes (fold (lambda (file result)
-                         (let ((stat
-                                (lstat (string-append directory "/"
-                                                      file))))
-                           (vhash-consv (stat:ino stat) (stat:dev stat)
-                                        result)))
-                       vlist-null
-                       files)))
-    (lambda (file stat)
-      ;; Comparing file names is always tricky business so we rely on inode
-      ;; numbers instead.
-      (match (vhash-assv (stat:ino stat) inodes)
-        ((_ . dev) (= dev (stat:dev stat)))
-        (#f        #f)))))
+  (catch 'git-error
+    (lambda ()
+      (let* ((files  (git-file-list directory))
+             (inodes (fold (lambda (file result)
+                             (let ((stat
+                                    (lstat (string-append directory "/"
+                                                          file))))
+                               (vhash-consv (stat:ino stat) (stat:dev stat)
+                                            result)))
+                           vlist-null
+                           files)))
+        (lambda (file stat)
+          ;; Comparing file names is always tricky business so we rely on inode
+          ;; numbers instead.
+          (match (vhash-assv (stat:ino stat) inodes)
+            ((_ . dev) (= dev (stat:dev stat)))
+            (#f        #f)))))
+    (const #f)))
 
 ;;; git-download.scm ends here
diff --git a/guix/git.scm b/guix/git.scm
index 3d0eb93d9b..d007916662 100644
--- a/guix/git.scm
+++ b/guix/git.scm
@@ -36,7 +36,8 @@
             latest-repository-commit))
 
 (define %repository-cache-directory
-  (make-parameter "/var/cache/guix/checkouts"))
+  (make-parameter (string-append (cache-directory #:ensure? #f)
+                                 "/checkouts")))
 
 (define-syntax-rule (with-libgit2 thunk ...)
   (begin
diff --git a/guix/gnupg.scm b/guix/gnupg.scm
index ac0ed5ab2d..b30ce461b4 100644
--- a/guix/gnupg.scm
+++ b/guix/gnupg.scm
@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2010, 2011, 2013, 2014, 2016 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2010, 2011, 2013, 2014, 2016, 2018 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2013 Nikita Karetnikov <nikita@karetnikov.org>
 ;;;
 ;;; This file is part of GNU Guix.
@@ -24,9 +24,12 @@
   #:use-module (ice-9 rdelim)
   #:use-module (ice-9 i18n)
   #:use-module (srfi srfi-1)
-  #:use-module (guix ui)
+  #:use-module (guix i18n)
+  #:use-module ((guix utils) #:select (config-directory))
+  #:use-module ((guix build utils) #:select (mkdir-p))
   #:export (%gpg-command
             %openpgp-key-server
+            current-keyring
             gnupg-verify
             gnupg-verify*
             gnupg-status-good-signature?
@@ -42,13 +45,25 @@
   ;; The GnuPG 2.x command-line program name.
   (make-parameter (or (getenv "GUIX_GPG_COMMAND") "gpg")))
 
+(define %gpgv-command
+  ;; The 'gpgv' program.
+  (make-parameter (or (getenv "GUIX_GPGV_COMMAND") "gpgv")))
+
+(define current-keyring
+  ;; The default keyring of "trusted keys".
+  (make-parameter (string-append (config-directory #:ensure? #f)
+                                 "/gpg/trustedkeys.kbx")))
+
 (define %openpgp-key-server
   ;; The default key server.  Note that keys.gnupg.net appears to be
   ;; unreliable.
   (make-parameter "pgp.mit.edu"))
 
-(define (gnupg-verify sig file)
-  "Verify signature SIG for FILE.  Return a status s-exp if GnuPG failed."
+(define* (gnupg-verify sig file
+                       #:optional (keyring (current-keyring)))
+  "Verify signature SIG for FILE against the keys in KEYRING.  All the keys in
+KEYRING as assumed to be \"trusted\", whether or not they expired or were
+revoked.  Return a status s-exp if GnuPG failed."
 
   (define (status-line->sexp line)
     ;; See file `doc/DETAILS' in GnuPG.
@@ -117,8 +132,8 @@
           (loop (read-line input)
                 (cons (status-line->sexp line) result)))))
 
-  (let* ((pipe   (open-pipe* OPEN_READ (%gpg-command) "--status-fd=1"
-                             "--verify" sig file))
+  (let* ((pipe   (open-pipe* OPEN_READ (%gpgv-command) "--status-fd=1"
+                             "--keyring" keyring sig file))
          (status (parse-status pipe)))
     ;; Ignore PIPE's exit status since STATUS above should contain all the
     ;; info we need.
@@ -145,12 +160,21 @@ missing key."
            (_ #f)))
        status))
 
-(define (gnupg-receive-keys key-id server)
-  (system* (%gpg-command) "--keyserver" server "--recv-keys" key-id))
+(define* (gnupg-receive-keys key-id server
+                             #:optional (keyring (current-keyring)))
+  (unless (file-exists? keyring)
+    (mkdir-p (dirname keyring))
+    (call-with-output-file keyring (const #t)))   ;create an empty keybox
+
+  (system* (%gpg-command) "--keyserver" server
+           "--no-default-keyring" "--keyring" keyring
+           "--recv-keys" key-id))
 
 (define* (gnupg-verify* sig file
-                        #:key (key-download 'interactive)
-                              (server (%openpgp-key-server)))
+                        #:key
+                        (key-download 'interactive)
+                        (server (%openpgp-key-server))
+                        (keyring (current-keyring)))
   "Like `gnupg-verify', but try downloading the public key if it's missing.
 Return #t if the signature was good, #f otherwise.  KEY-DOWNLOAD specifies a
 download policy for missing OpenPGP keys; allowed values: 'always', 'never',
@@ -161,15 +185,17 @@ and 'interactive' (default)."
           (define (download-and-try-again)
             ;; Download the missing key and try again.
             (begin
-              (gnupg-receive-keys missing server)
-              (gnupg-status-good-signature? (gnupg-verify sig file))))
+              (gnupg-receive-keys missing server keyring)
+              (gnupg-status-good-signature? (gnupg-verify sig file
+                                                          keyring))))
 
           (define (receive?)
             (let ((answer
-                   (begin (format #t (G_ "~a~a~%")
-                                  "Would you like to download this key "
-                                  "and add it to your keyring?")
-                          (read-line))))
+                   (begin
+                     (format #t (G_ "Would you like to add this key \
+to keyring '~a'?~%")
+                             keyring)
+                     (read-line))))
               (string-match (locale-yes-regexp) answer)))
 
           (and missing
diff --git a/guix/scripts/describe.scm b/guix/scripts/describe.scm
index fdff07d0e3..c1a20fe26c 100644
--- a/guix/scripts/describe.scm
+++ b/guix/scripts/describe.scm
@@ -134,8 +134,10 @@ in the format specified by FMT."
                     ;; Show most recently installed packages last.
                     (reverse
                      (manifest-entries
-                      (profile-manifest (generation-file-name profile
-                                                              number)))))))))
+                      (profile-manifest
+                       (if (zero? number)
+                           profile
+                           (generation-file-name profile number))))))))))
   (display-package-search-path fmt))
 
 
diff --git a/guix/scripts/graph.scm b/guix/scripts/graph.scm
index 346ca4ea88..145a574dba 100644
--- a/guix/scripts/graph.scm
+++ b/guix/scripts/graph.scm
@@ -439,6 +439,10 @@ package modules, while attempting to retain user package modules."
         (option '(#\e "expression") #t #f
                 (lambda (opt name arg result)
                   (alist-cons 'expression arg result)))
+        (option '(#\s "system") #t #f
+                (lambda (opt name arg result)
+                  (alist-cons 'system arg
+                              (alist-delete 'system result eq?))))
         (option '(#\h "help") #f #f
                 (lambda args
                   (show-help)
@@ -462,6 +466,8 @@ Emit a representation of the dependency graph of PACKAGE...\n"))
       --list-types       list the available graph types"))
   (display (G_ "
   -e, --expression=EXPR  consider the package EXPR evaluates to"))
+  (display (G_ "
+  -s, --system=SYSTEM    consider the graph for SYSTEM--e.g., \"i686-linux\""))
   (newline)
   (display (G_ "
   -h, --help             display this help and exit"))
@@ -472,7 +478,8 @@ Emit a representation of the dependency graph of PACKAGE...\n"))
 
 (define %default-options
   `((node-type . ,%package-node-type)
-    (backend   . ,%graphviz-backend)))
+    (backend   . ,%graphviz-backend)
+    (system    . ,(%current-system))))
 
 
 ;;;
@@ -508,7 +515,8 @@ Emit a representation of the dependency graph of PACKAGE...\n"))
               (export-graph (concatenate nodes)
                             (current-output-port)
                             #:node-type type
-                            #:backend backend)))))))
+                            #:backend backend))
+            #:system (assq-ref opts 'system))))))
   #t)
 
 ;;; graph.scm ends here
diff --git a/guix/scripts/pull.scm b/guix/scripts/pull.scm
index 976e054a84..10e1a99e54 100644
--- a/guix/scripts/pull.scm
+++ b/guix/scripts/pull.scm
@@ -176,17 +176,18 @@ Download and deploy the latest version of Guix.\n"))
          (certs (string-append (derivation->output-path drv)
                                "/etc/ssl/certs")))
     (build-derivations store (list drv))
-
-    ;; In the past Guile-Git would not provide this procedure.
-    (if (module-defined? (resolve-interface '(git))
-                         'set-tls-certificate-locations!)
-        (set-tls-certificate-locations! certs)
-        (begin
-          ;; In this case we end up using whichever certificates OpenSSL
-          ;; chooses to use: $SSL_CERT_FILE, $SSL_CERT_DIR, or /etc/ssl/certs.
-          (warning (G_ "cannot enforce use of the Let's Encrypt \
-certificates~%"))
-          (warning (G_ "please upgrade Guile-Git~%"))))))
+    (set-tls-certificate-locations! certs)))
+
+(define (honor-x509-certificates store)
+  "Use the right X.509 certificates for Git checkouts over HTTPS."
+  (let ((file      (getenv "SSL_CERT_FILE"))
+        (directory (or (getenv "SSL_CERT_DIR") "/etc/ssl/certs")))
+    (if (or (and file (file-exists? file))
+            (and=> (stat directory #f)
+                   (lambda (st)
+                     (> (stat:nlink st) 2))))
+        (set-tls-certificate-locations! directory file)
+        (honor-lets-encrypt-certificates! store))))
 
 (define (report-git-error error)
   "Report the given Guile-Git error."
@@ -233,7 +234,9 @@ way and displaying details about the channel's source code."
             ;; Show most recently installed packages last.
             (reverse
              (manifest-entries
-              (profile-manifest (generation-file-name profile number))))))
+              (profile-manifest (if (zero? number)
+                                    profile
+                                    (generation-file-name profile number)))))))
 
 (define (indented-string str indent)
   "Return STR with each newline preceded by IDENT spaces."
@@ -431,13 +434,7 @@ Use '~/.config/guix/channels.scm' instead."))
                 (parameterize ((%graft? (assoc-ref opts 'graft?))
                                (%repository-cache-directory cache))
                   (set-build-options-from-command-line store opts)
-
-                  ;; When certificates are already installed, use them.
-                  ;; Otherwise, use the Let's Encrypt certificates, which we
-                  ;; know Savannah uses.
-                  (let ((certs (or (getenv "SSL_CERT_DIR") "/etc/ssl/certs")))
-                    (unless (file-exists? certs)
-                      (honor-lets-encrypt-certificates! store)))
+                  (honor-x509-certificates store)
 
                   (let ((instances (latest-channel-instances store channels)))
                     (format (current-error-port)
diff --git a/guix/scripts/refresh.scm b/guix/scripts/refresh.scm
index bcc23bd39c..58fc64db1f 100644
--- a/guix/scripts/refresh.scm
+++ b/guix/scripts/refresh.scm
@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2013, 2014, 2015, 2016, 2017, 2018 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2013 Nikita Karetnikov <nikita@karetnikov.org>
 ;;; Copyright © 2014 Eric Bavier <bavier@member.fsf.org>
 ;;; Copyright © 2015 Alex Kost <alezost@gmail.com>
@@ -89,6 +89,9 @@
                 (lambda (opt name arg result)
                   (alist-cons 'list-dependent? #t result)))
 
+        (option '("keyring") #t #f
+                (lambda (opt name arg result)
+                  (alist-cons 'keyring arg result)))
         (option '("key-server") #t #f
                 (lambda (opt name arg result)
                   (alist-cons 'key-server arg result)))
@@ -139,6 +142,8 @@ specified with `--select'.\n"))
                          be rebuilt as a result of upgrading PACKAGE..."))
   (newline)
   (display (G_ "
+      --keyring=FILE     use FILE as the keyring of upstream OpenPGP keys"))
+  (display (G_ "
       --key-server=HOST  use HOST as the OpenPGP key server"))
   (display (G_ "
       --gpg=COMMAND      use COMMAND as the GnuPG 2.x command"))
@@ -437,7 +442,11 @@ update would trigger a complete rebuild."
                                 (%openpgp-key-server)))
                            (%gpg-command
                             (or (assoc-ref opts 'gpg-command)
-                                (%gpg-command))))
+                                (%gpg-command)))
+                           (current-keyring
+                            (or (assoc-ref opts 'keyring)
+                                (string-append (config-directory)
+                                               "/upstream/trustedkeys.kbx"))))
               (for-each
                (cut update-package store <> updaters
                     #:key-download key-download
diff --git a/guix/store.scm b/guix/store.scm
index af7f6980cf..f88cdefe87 100644
--- a/guix/store.scm
+++ b/guix/store.scm
@@ -770,6 +770,7 @@ bytevector) as its internal buffer, and a thunk to flush this output port."
 
   (define (flush)
     (put-bytevector port buffer 0 total)
+    (force-output port)
     (set! total 0))
 
   (define (write bv offset count)
@@ -927,6 +928,7 @@ path."
              (write-int (if recursive? 1 0) port)
              (write-string hash-algo port)
              (write-file file-name port #:select? select?)
+             (write-buffered-output server)
              (let loop ((done? (process-stderr server)))
                (or done? (loop (process-stderr server))))
              (read-store-path port)))))
@@ -1042,6 +1044,7 @@ an arbitrary directory layout in the store without creating a derivation."
                            #:file-port file-port
                            #:symlink-target symlink-target
                            #:directory-entries directory-entries)
+          (write-buffered-output server)
           (let loop ((done? (process-stderr server)))
             (or done? (loop (process-stderr server))))
           (let ((result (read-store-path port)))
diff --git a/tests/pack.scm b/tests/pack.scm
index d4596f863a..c57c6848ff 100644
--- a/tests/pack.scm
+++ b/tests/pack.scm
@@ -51,7 +51,12 @@
 
 (test-begin "pack")
 
-(unless (network-reachable?) (test-skip 1))
+;; FIXME: The following test would rebuild the world (and likely fail) as a
+;; consequence of commit c45477d2a1a651485feede20fe0f3d15aec48b39 (and related
+;; changes) that made guile-sqlite3 a dependency of the derivation.
+;; See <https://bugs.gnu.org/32184>.
+(test-skip 1)
+
 (test-assertm "self-contained-tarball"
   (mlet* %store-monad
       ((profile (profile-derivation (packages->manifest