diff options
66 files changed, 2558 insertions, 371 deletions
diff --git a/doc/guix.texi b/doc/guix.texi index bff0788b2f..e8b4d5e082 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -228,6 +228,7 @@ Services * Continuous Integration:: The Cuirass service. * Power management Services:: The TLP tool. * Audio Services:: The MPD. +* Virtualization Services:: Virtualization services. * Miscellaneous Services:: Other services. Defining Services @@ -7963,9 +7964,13 @@ in particular: @itemize @item -Make sure the @code{grub-configuration} form refers to the device you -want to install GRUB on. You also need to specify the @code{grub-efi} -package if you wish to use native UEFI boot. +Make sure the @code{grub-configuration} form refers to the target you +want to install GRUB on. It should mention @code{grub-bootloader} if +you are installing GRUB in the legacy way, or @code{grub-efi-bootloader} +for newer UEFI systems. For legacy systems, the @code{target} field +names a device, like @code{/dev/sda}; for UEFI systems it names a path +to a mounted EFI partition, like @code{/boot/efi}, and do make sure the +path is actually mounted. @item Be sure that your partition labels match the value of their respective @@ -9104,6 +9109,7 @@ declaration. * Continuous Integration:: The Cuirass service. * Power management Services:: The TLP tool. * Audio Services:: The MPD. +* Virtualization Services:: Virtualization services. * Miscellaneous Services:: Other services. @end menu @@ -11566,14 +11572,14 @@ This is a list of services that builds upon @var{%base-services} and adds or adjusts services for a typical ``desktop'' setup. In particular, it adds a graphical login manager (@pxref{X Window, -@code{slim-service}}), screen lockers, -a network management tool (@pxref{Networking -Services, @code{wicd-service}}), energy and color management services, -the @code{elogind} login and seat manager, the Polkit privilege service, -the GeoClue location service, an NTP client (@pxref{Networking -Services}), the Avahi daemon, and has the name service switch service -configured to be able to use @code{nss-mdns} (@pxref{Name Service -Switch, mDNS}). +@code{slim-service}}), screen lockers, a network management tool +(@pxref{Networking Services, @code{wicd-service}}), energy and color +management services, the @code{elogind} login and seat manager, the +Polkit privilege service, the GeoClue location service, the +AccountsService daemon that allows authorized users change system +passwords, an NTP client (@pxref{Networking Services}), the Avahi +daemon, and has the name service switch service configured to be able to +use @code{nss-mdns} (@pxref{Name Service Switch, mDNS}). @end defvr The @var{%desktop-services} variable can be used as the @code{services} @@ -11716,6 +11722,19 @@ their default values are: @end table @end deffn +@deffn {Scheme Procedure} accountsservice-service @ + [#:accountsservice @var{accountsservice}] +Return a service that runs AccountsService, a system service that can +list available accounts, change their passwords, and so on. +AccountsService integrates with PolicyKit to enable unprivileged users +to acquire the capability to modify their system configuration. +@uref{https://www.freedesktop.org/wiki/Software/AccountsService/, the +accountsservice web site} for more information. + +The @var{accountsservice} keyword argument is the @code{accountsservice} +package to expose as a service. +@end deffn + @deffn {Scheme Procedure} polkit-service @ [#:polkit @var{polkit}] Return a service that runs the @@ -14000,52 +14019,133 @@ Local accounts with lower values will silently fail to authenticate. The @code{(gnu services web)} module provides the nginx web server and also a fastcgi wrapper daemon. -@deffn {Scheme Procedure} nginx-service [#:nginx nginx] @ - [#:log-directory ``/var/log/nginx''] @ - [#:run-directory ``/var/run/nginx''] @ - [#:server-list '()] @ - [#:upstream-list '()] @ - [#:config-file @code{#f}] - -Return a service that runs @var{nginx}, the nginx web server. - -The nginx daemon loads its runtime configuration from @var{config-file}. -Log files are written to @var{log-directory} and temporary runtime data -files are written to @var{run-directory}. For proper operation, these -arguments should match what is in @var{config-file} to ensure that the -directories are created when the service is activated. - -As an alternative to using a @var{config-file}, @var{server-list} can be -used to specify the list of @dfn{server blocks} required on the host and -@var{upstream-list} can be used to specify a list of @dfn{upstream -blocks} to configure. For this to work, use the default value for -@var{config-file}. - -At startup, @command{nginx} has not yet read its configuration file, so it -uses a default file to log error messages. If it fails to load its -configuration file, that is where error messages are logged. After the -configuration file is loaded, the default error log file changes as per -configuration. In our case, startup error messages can be found in -@file{/var/run/nginx/logs/error.log}, and after configuration in -@file{/var/log/nginx/error.log}. The second location can be changed with the -@var{log-directory} configuration option. +@deffn {Scheme Variable} nginx-service-type +Service type for the @uref{https://nginx.org/,NGinx} web server. The +value for this service type is a @code{<nginx-configuration>} record. -@end deffn +A simple example configuration is given below. -@deffn {Scheme Variable} nginx-service-type -This is type for the nginx web server. +@example +(service nginx-service-type + (nginx-configuration + (server-list + (list (nginx-server-configuration + (server-name '("www.example.com")) + (root "/srv/http/www.example.com") + (https-port #f) + (ssl-certificate #f) + (ssl-certificate-key #f)))))) +@end example -This service can be extended to add server blocks in addition to the -default one, as in this example: +In addition to adding server blocks to the service configuration +directly, this service can be extended by other services to add server +blocks, as in this example: @example (simple-service 'my-extra-server nginx-service-type (list (nginx-server-configuration (https-port #f) + (ssl-certificate #f) + (ssl-certificate-key #f) (root "/srv/http/extra-website")))) @end example @end deffn +At startup, @command{nginx} has not yet read its configuration file, so +it uses a default file to log error messages. If it fails to load its +configuration file, that is where error messages are logged. After the +configuration file is loaded, the default error log file changes as per +configuration. In our case, startup error messages can be found in +@file{/var/run/nginx/logs/error.log}, and after configuration in +@file{/var/log/nginx/error.log}. The second location can be changed +with the @var{log-directory} configuration option. + +@deffn {Data Type} nginx-configuration +This data type represents the configuration for NGinx. Some +configuration can be done through this and the other provided record +types, or alternatively, a config file can be provided. + +@table @asis +@item @code{nginx} (default: @code{nginx}) +The nginx package to use. + +@item @code{log-directory} (default: @code{"/var/log/nginx"}) +The directory to which NGinx will write log files. + +@item @code{run-directory} (default: @code{"/var/run/nginx"}) +The directory in which NGinx will create a pid file, and write temporary +files. + +@item @code{server-list} (default: @code{'()}) +A list of @dfn{server blocks} to create in the generated configuration +file, the elements should be of type +@code{<nginx-server-configuration>}. + +The following example would setup NGinx to serve @code{www.example.com} +from the @code{/srv/http/www.example.com} directory, without using +HTTPS. +@example +(service nginx-service-type + (nginx-configuration + (server-list + (list (nginx-server-configuration + (server-name '("www.example.com")) + (root "/srv/http/www.example.com") + (https-port #f) + (ssl-certificate #f) + (ssl-certificate-key #f)))))) +@end example + +@item @code{upstream-list} (default: @code{'()}) +A list of @dfn{upstream blocks} to create in the generated configuration +file, the elements should be of type +@code{<nginx-upstream-configuration>}. + +Configuring upstreams through the @code{upstream-list} can be useful +when combined with @code{locations} in the +@code{<nginx-server-configuration>} records. The following example +creates a server configuration with one location configuration, that +will proxy requests to a upstream configuration, which will handle +requests with two servers. + +@example +(service + nginx-service-type + (nginx-configuration + (server-list + (list (nginx-server-configuration + (server-name '("www.example.com")) + (root "/srv/http/www.example.com") + (https-port #f) + (ssl-certificate #f) + (ssl-certificate-key #f) + (locations + (list + (nginx-location-configuration + (uri "/path1") + (body '("proxy_pass http://server-proxy;")))))))) + (upstream-list + (list (nginx-upstream-configuration + (name "server-proxy") + (servers (list "server1.example.com" + "server2.example.com"))))))) +@end example + +@item @code{config-file} (default: @code{#f}) +If the @var{config-file} is provided, this will be used, rather than +generating a configuration file from the provided @code{log-directory}, +@code{run-directory}, @code{server-list} and @code{upstream-list}. For +proper operation, these arguments should match what is in +@var{config-file} to ensure that the directories are created when the +service is activated. + +This can be useful if you have an existing configuration file, or it's +not possible to do what is required through the other parts of the +nginx-configuration record. + +@end table +@end deffn + @deftp {Data Type} nginx-server-configuration Data type representing the configuration of an nginx server block. This type has the following parameters: @@ -15757,6 +15857,713 @@ an absolute path can be specified here. @end table @end deftp +@node Virtualization Services +@subsubsection Virtualization services +The @code{(gnu services virtualization)} module provides services for +the libvirt and virtlog daemons. + +@subsubheading Libvirt daemon +@code{libvirtd} is the server side daemon component of the libvirt +virtualization management system. This daemon runs on host servers +and performs required management tasks for virtualized guests. + +@deffn {Scheme Variable} libvirt-service-type +This is the type of the @uref{https://libvirt.org, libvirt daemon}. +Its value must be a @code{libvirt-configuration}. + +@example +(service libvirt-service-type + (libvirt-configuration + (unix-sock-group "libvirt") + (tls-port "16555"))) +@end example +@end deffn + +@c Auto-generated with (generate-libvirt-documentation) +Available @code{libvirt-configuration} fields are: + +@deftypevr {@code{libvirt-configuration} parameter} package libvirt +Libvirt package. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} boolean listen-tls? +Flag listening for secure TLS connections on the public TCP/IP port. +must set @code{listen} for this to have any effect. + +It is necessary to setup a CA and issue server certificates before using +this capability. + +Defaults to @samp{#t}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} boolean listen-tcp? +Listen for unencrypted TCP connections on the public TCP/IP port. must +set @code{listen} for this to have any effect. + +Using the TCP socket requires SASL authentication by default. Only SASL +mechanisms which support data encryption are allowed. This is +DIGEST_MD5 and GSSAPI (Kerberos5) + +Defaults to @samp{#f}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} string tls-port +Port for accepting secure TLS connections This can be a port number, or +service name + +Defaults to @samp{"16514"}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} string tcp-port +Port for accepting insecure TCP connections This can be a port number, +or service name + +Defaults to @samp{"16509"}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} string listen-addr +IP address or hostname used for client connections. + +Defaults to @samp{"0.0.0.0"}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} boolean mdns-adv? +Flag toggling mDNS advertisement of the libvirt service. + +Alternatively can disable for all services on a host by stopping the +Avahi daemon. + +Defaults to @samp{#f}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} string mdns-name +Default mDNS advertisement name. This must be unique on the immediate +broadcast network. + +Defaults to @samp{"Virtualization Host <hostname>"}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} string unix-sock-group +UNIX domain socket group ownership. This can be used to allow a +'trusted' set of users access to management capabilities without +becoming root. + +Defaults to @samp{"root"}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} string unix-sock-ro-perms +UNIX socket permissions for the R/O socket. This is used for monitoring +VM status only. + +Defaults to @samp{"0777"}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} string unix-sock-rw-perms +UNIX socket permissions for the R/W socket. Default allows only root. +If PolicyKit is enabled on the socket, the default will change to allow +everyone (eg, 0777) + +Defaults to @samp{"0770"}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} string unix-sock-admin-perms +UNIX socket permissions for the admin socket. Default allows only owner +(root), do not change it unless you are sure to whom you are exposing +the access to. + +Defaults to @samp{"0777"}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} string unix-sock-dir +The directory in which sockets will be found/created. + +Defaults to @samp{"/var/run/libvirt"}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} string auth-unix-ro +Authentication scheme for UNIX read-only sockets. By default socket +permissions allow anyone to connect + +Defaults to @samp{"polkit"}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} string auth-unix-rw +Authentication scheme for UNIX read-write sockets. By default socket +permissions only allow root. If PolicyKit support was compiled into +libvirt, the default will be to use 'polkit' auth. + +Defaults to @samp{"polkit"}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} string auth-tcp +Authentication scheme for TCP sockets. If you don't enable SASL, then +all TCP traffic is cleartext. Don't do this outside of a dev/test +scenario. + +Defaults to @samp{"sasl"}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} string auth-tls +Authentication scheme for TLS sockets. TLS sockets already have +encryption provided by the TLS layer, and limited authentication is done +by certificates. + +It is possible to make use of any SASL authentication mechanism as well, +by using 'sasl' for this option + +Defaults to @samp{"none"}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} optional-list access-drivers +API access control scheme. + +By default an authenticated user is allowed access to all APIs. Access +drivers can place restrictions on this. + +Defaults to @samp{()}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} string key-file +Server key file path. If set to an empty string, then no private key is +loaded. + +Defaults to @samp{""}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} string cert-file +Server key file path. If set to an empty string, then no certificate is +loaded. + +Defaults to @samp{""}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} string ca-file +Server key file path. If set to an empty string, then no CA certificate +is loaded. + +Defaults to @samp{""}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} string crl-file +Certificate revocation list path. If set to an empty string, then no +CRL is loaded. + +Defaults to @samp{""}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} boolean tls-no-sanity-cert +Disable verification of our own server certificates. + +When libvirtd starts it performs some sanity checks against its own +certificates. + +Defaults to @samp{#f}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} boolean tls-no-verify-cert +Disable verification of client certificates. + +Client certificate verification is the primary authentication mechanism. +Any client which does not present a certificate signed by the CA will be +rejected. + +Defaults to @samp{#f}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} optional-list tls-allowed-dn-list +Whitelist of allowed x509 Distinguished Name. + +Defaults to @samp{()}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} optional-list sasl-allowed-usernames +Whitelist of allowed SASL usernames. The format for username depends on +the SASL authentication mechanism. + +Defaults to @samp{()}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} string tls-priority +Override the compile time default TLS priority string. The default is +usually "NORMAL" unless overridden at build time. Only set this is it +is desired for libvirt to deviate from the global default settings. + +Defaults to @samp{"NORMAL"}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} integer max-clients +Maximum number of concurrent client connections to allow over all +sockets combined. + +Defaults to @samp{5000}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} integer max-queued-clients +Maximum length of queue of connections waiting to be accepted by the +daemon. Note, that some protocols supporting retransmission may obey +this so that a later reattempt at connection succeeds. + +Defaults to @samp{1000}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} integer max-anonymous-clients +Maximum length of queue of accepted but not yet authenticated clients. +Set this to zero to turn this feature off + +Defaults to @samp{20}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} integer min-workers +Number of workers to start up initially. + +Defaults to @samp{5}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} integer max-workers +Maximum number of worker threads. + +If the number of active clients exceeds @code{min-workers}, then more +threads are spawned, up to max_workers limit. Typically you'd want +max_workers to equal maximum number of clients allowed. + +Defaults to @samp{20}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} integer prio-workers +Number of priority workers. If all workers from above pool are stuck, +some calls marked as high priority (notably domainDestroy) can be +executed in this pool. + +Defaults to @samp{5}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} integer max-requests +Total global limit on concurrent RPC calls. + +Defaults to @samp{20}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} integer max-client-requests +Limit on concurrent requests from a single client connection. To avoid +one client monopolizing the server this should be a small fraction of +the global max_requests and max_workers parameter. + +Defaults to @samp{5}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} integer admin-min-workers +Same as @code{min-workers} but for the admin interface. + +Defaults to @samp{1}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} integer admin-max-workers +Same as @code{max-workers} but for the admin interface. + +Defaults to @samp{5}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} integer admin-max-clients +Same as @code{max-clients} but for the admin interface. + +Defaults to @samp{5}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} integer admin-max-queued-clients +Same as @code{max-queued-clients} but for the admin interface. + +Defaults to @samp{5}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} integer admin-max-client-requests +Same as @code{max-client-requests} but for the admin interface. + +Defaults to @samp{5}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} integer log-level +Logging level. 4 errors, 3 warnings, 2 information, 1 debug. + +Defaults to @samp{3}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} string log-filters +Logging filters. + +A filter allows to select a different logging level for a given category +of logs The format for a filter is one of: + +@itemize @bullet +@item +x:name + +@item +x:+name + +@end itemize + +where @code{name} is a string which is matched against the category +given in the @code{VIR_LOG_INIT()} at the top of each libvirt source +file, e.g., "remote", "qemu", or "util.json" (the name in the filter can +be a substring of the full category name, in order to match multiple +similar categories), the optional "+" prefix tells libvirt to log stack +trace for each message matching name, and @code{x} is the minimal level +where matching messages should be logged: + +@itemize @bullet +@item +1: DEBUG + +@item +2: INFO + +@item +3: WARNING + +@item +4: ERROR + +@end itemize + +Multiple filters can be defined in a single filters statement, they just +need to be separated by spaces. + +Defaults to @samp{"3:remote 4:event"}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} string log-outputs +Logging outputs. + +An output is one of the places to save logging information The format +for an output can be: + +@table @code +@item x:stderr +output goes to stderr + +@item x:syslog:name +use syslog for the output and use the given name as the ident + +@item x:file:file_path +output to a file, with the given filepath + +@item x:journald +output to journald logging system + +@end table + +In all case the x prefix is the minimal level, acting as a filter + +@itemize @bullet +@item +1: DEBUG + +@item +2: INFO + +@item +3: WARNING + +@item +4: ERROR + +@end itemize + +Multiple outputs can be defined, they just need to be separated by +spaces. + +Defaults to @samp{"3:stderr"}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} integer audit-level +Allows usage of the auditing subsystem to be altered + +@itemize @bullet +@item +0: disable all auditing + +@item +1: enable auditing, only if enabled on host + +@item +2: enable auditing, and exit if disabled on host. + +@end itemize + +Defaults to @samp{1}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} boolean audit-logging +Send audit messages via libvirt logging infrastructure. + +Defaults to @samp{#f}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} optional-string host-uuid +Host UUID. UUID must not have all digits be the same. + +Defaults to @samp{""}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} string host-uuid-source +Source to read host UUID. + +@itemize @bullet +@item +@code{smbios}: fetch the UUID from @code{dmidecode -s system-uuid} + +@item +@code{machine-id}: fetch the UUID from @code{/etc/machine-id} + +@end itemize + +If @code{dmidecode} does not provide a valid UUID a temporary UUID will +be generated. + +Defaults to @samp{"smbios"}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} integer keepalive-interval +A keepalive message is sent to a client after @code{keepalive_interval} +seconds of inactivity to check if the client is still responding. If +set to -1, libvirtd will never send keepalive requests; however clients +can still send them and the daemon will send responses. + +Defaults to @samp{5}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} integer keepalive-count +Maximum number of keepalive messages that are allowed to be sent to the +client without getting any response before the connection is considered +broken. + +In other words, the connection is automatically closed approximately +after @code{keepalive_interval * (keepalive_count + 1)} seconds since +the last message received from the client. When @code{keepalive-count} +is set to 0, connections will be automatically closed after +@code{keepalive-interval} seconds of inactivity without sending any +keepalive messages. + +Defaults to @samp{5}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} integer admin-keepalive-interval +Same as above but for admin interface. + +Defaults to @samp{5}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} integer admin-keepalive-count +Same as above but for admin interface. + +Defaults to @samp{5}. + +@end deftypevr + +@deftypevr {@code{libvirt-configuration} parameter} integer ovs-timeout +Timeout for Open vSwitch calls. + +The @code{ovs-vsctl} utility is used for the configuration and its +timeout option is set by default to 5 seconds to avoid potential +infinite waits blocking libvirt. + +Defaults to @samp{5}. + +@end deftypevr + +@c %end of autogenerated docs + +@subsubheading Virtlog daemon +The virtlogd service is a server side daemon component of libvirt that is +used to manage logs from virtual machine consoles. + +This daemon is not used directly by libvirt client applications, rather it +is called on their behalf by @code{libvirtd}. By maintaining the logs in a +standalone daemon, the main @code{libvirtd} daemon can be restarted without +risk of losing logs. The @code{virtlogd} daemon has the ability to re-exec() +itself upon receiving @code{SIGUSR1}, to allow live upgrades without downtime. + +@deffn {Scheme Variable} virtlog-service-type +This is the type of the virtlog daemon. +Its value must be a @code{virtlog-configuration}. + +@example +(service virtlog-service-type + (virtlog-configuration + (max-clients 1000))) +@end example +@end deffn + +@deftypevr {@code{virtlog-configuration} parameter} integer log-level +Logging level. 4 errors, 3 warnings, 2 information, 1 debug. + +Defaults to @samp{3}. + +@end deftypevr + +@deftypevr {@code{virtlog-configuration} parameter} string log-filters +Logging filters. + +A filter allows to select a different logging level for a given category +of logs The format for a filter is one of: + +@itemize @bullet +@item +x:name + +@item +x:+name + +@end itemize + +where @code{name} is a string which is matched against the category +given in the @code{VIR_LOG_INIT()} at the top of each libvirt source +file, e.g., "remote", "qemu", or "util.json" (the name in the filter can +be a substring of the full category name, in order to match multiple +similar categories), the optional "+" prefix tells libvirt to log stack +trace for each message matching name, and @code{x} is the minimal level +where matching messages should be logged: + +@itemize @bullet +@item +1: DEBUG + +@item +2: INFO + +@item +3: WARNING + +@item +4: ERROR + +@end itemize + +Multiple filters can be defined in a single filters statement, they just +need to be separated by spaces. + +Defaults to @samp{"3:remote 4:event"}. + +@end deftypevr + +@deftypevr {@code{virtlog-configuration} parameter} string log-outputs +Logging outputs. + +An output is one of the places to save logging information The format +for an output can be: + +@table @code +@item x:stderr +output goes to stderr + +@item x:syslog:name +use syslog for the output and use the given name as the ident + +@item x:file:file_path +output to a file, with the given filepath + +@item x:journald +output to journald logging system + +@end table + +In all case the x prefix is the minimal level, acting as a filter + +@itemize @bullet +@item +1: DEBUG + +@item +2: INFO + +@item +3: WARNING + +@item +4: ERROR + +@end itemize + +Multiple outputs can be defined, they just need to be separated by +spaces. + +Defaults to @samp{"3:stderr"}. + +@end deftypevr + +@deftypevr {@code{virtlog-configuration} parameter} integer max-clients +Maximum number of concurrent client connections to allow over all +sockets combined. + +Defaults to @samp{1024}. + +@end deftypevr + +@deftypevr {@code{virtlog-configuration} parameter} integer max-size +Maximum file size before rolling over. + +Defaults to @samp{2MB} + +@end deftypevr + +@deftypevr {@code{virtlog-configuration} parameter} integer max-backups +Maximum number of backup files to keep. + +Defaults to @samp{3} + +@end deftypevr + + @node Miscellaneous Services @subsubsection Miscellaneous Services @@ -16402,11 +17209,15 @@ The bootloader to use, as a @code{bootloader} object. For now Available bootloaders are described in @code{(gnu bootloader @dots{})} modules. -@item @code{device} -This is a string denoting the boot device. It must be a device name -understood by the bootloader @command{installer} command, such as -@code{/dev/sda} or @code{(hd0)} (for GRUB, @pxref{Invoking grub-install,,, grub, -GNU GRUB Manual}). +@item @code{target} +This is a string denoting the target onto which to install the +bootloader. The exact interpretation depends on the bootloader in +question; for @code{grub-bootloader}, for example, it should be a device +name understood by the bootloader @command{installer} command, such as +@code{/dev/sda} or @code{(hd0)} (for GRUB, @pxref{Invoking +grub-install,,, grub, GNU GRUB Manual}). For +@code{grub-efi-bootloader}, it should be the path to a mounted EFI file +system. @item @code{menu-entries} (default: @code{()}) A possibly empty list of @code{menu-entry} objects (see below), denoting @@ -16658,7 +17469,7 @@ files, packages, and so on. It also creates other essential files needed for the system to operate correctly---e.g., the @file{/etc}, @file{/var}, and @file{/run} directories, and the @file{/bin/sh} file. -This command also installs bootloader on the device specified in +This command also installs bootloader on the target specified in @file{my-os-config}, unless the @option{--no-bootloader} option was passed. diff --git a/etc/completion/bash/guix b/etc/completion/bash/guix index 6a5f281c4f..6b84193dbe 100644 --- a/etc/completion/bash/guix +++ b/etc/completion/bash/guix @@ -158,6 +158,9 @@ _guix_complete () else _guix_complete_available_package "$word_at_point" fi + elif _guix_is_command "download" + then + _guix_complete_file elif _guix_is_command "system" then case $COMP_CWORD in diff --git a/gnu/bootloader.scm b/gnu/bootloader.scm index e080b04568..122e350874 100644 --- a/gnu/bootloader.scm +++ b/gnu/bootloader.scm @@ -43,7 +43,7 @@ bootloader-configuration bootloader-configuration? bootloader-configuration-bootloader - bootloader-configuration-device + bootloader-configuration-target bootloader-configuration-menu-entries bootloader-configuration-default-entry bootloader-configuration-timeout @@ -107,6 +107,8 @@ (bootloader bootloader-configuration-bootloader) ; <bootloader> (device bootloader-configuration-device ; string (default #f)) + (target %bootloader-configuration-target ; string + (default #f)) (menu-entries bootloader-configuration-menu-entries ; list of <boot-parameters> (default '())) (default-entry bootloader-configuration-default-entry ; integer @@ -126,6 +128,15 @@ (additional-configuration bootloader-configuration-additional-configuration ; record (default #f))) +(define (bootloader-configuration-target config) + (or (%bootloader-configuration-target config) + (let ((device (bootloader-configuration-device config))) + (when device + (issue-deprecation-warning + "The 'device' field of bootloader configurations is deprecated." + "Use 'target' instead.")) + device))) + ;;; ;;; Bootloaders. diff --git a/gnu/local.mk b/gnu/local.mk index 0c625469cf..e3daa3c99d 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -440,6 +440,7 @@ GNU_SYSTEM_MODULES = \ %D%/services/dns.scm \ %D%/services/kerberos.scm \ %D%/services/lirc.scm \ + %D%/services/virtualization.scm \ %D%/services/mail.scm \ %D%/services/mcron.scm \ %D%/services/messaging.scm \ @@ -493,6 +494,7 @@ GNU_SYSTEM_MODULES = \ %D%/tests/messaging.scm \ %D%/tests/networking.scm \ %D%/tests/ssh.scm \ + %D%/tests/virtualization.scm \ %D%/tests/web.scm # Modules that do not need to be compiled. @@ -881,6 +883,7 @@ dist_patch_DATA = \ %D%/packages/patches/ola-readdir-r.patch \ %D%/packages/patches/openscenegraph-ffmpeg3.patch \ %D%/packages/patches/openexr-missing-samples.patch \ + %D%/packages/patches/openjpeg-CVE-2017-12982.patch \ %D%/packages/patches/openldap-CVE-2017-9287.patch \ %D%/packages/patches/openocd-nrf52.patch \ %D%/packages/patches/openssl-runpath.patch \ @@ -979,6 +982,7 @@ dist_patch_DATA = \ %D%/packages/patches/qemu-CVE-2017-10911.patch \ %D%/packages/patches/qemu-CVE-2017-11334.patch \ %D%/packages/patches/qemu-CVE-2017-11434.patch \ + %D%/packages/patches/qemu-CVE-2017-12809.patch \ %D%/packages/patches/qt4-ldflags.patch \ %D%/packages/patches/qtscript-disable-tests.patch \ %D%/packages/patches/quagga-reproducible-build.patch \ diff --git a/gnu/packages/augeas.scm b/gnu/packages/augeas.scm index 9b320810ca..077105155c 100644 --- a/gnu/packages/augeas.scm +++ b/gnu/packages/augeas.scm @@ -1,5 +1,6 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2016, 2017 Ricardo Wurmus <rekado@elephly.net> +;;; Copyright © 2017 Efraim Flashner <efraim@flashner.co.il> ;;; ;;; This file is part of GNU Guix. ;;; @@ -30,14 +31,14 @@ (define-public augeas (package (name "augeas") - (version "1.8.0") + (version "1.8.1") (source (origin (method url-fetch) (uri (string-append "http://download.augeas.net/augeas-" version ".tar.gz")) (sha256 (base32 - "1iac5lwi1q10r343ii9v5p2fdplvh06yv9svsi8zz6cd2c2fjp2i")))) + "1yf93fqwav1zsl8dpyfkf0g11w05mmfckqy6qsjy5zkklnspbkv5")))) (build-system gnu-build-system) ;; Marked as "required" in augeas.pc (propagated-inputs diff --git a/gnu/packages/compression.scm b/gnu/packages/compression.scm index ebb4e407f1..0a97ba7e60 100644 --- a/gnu/packages/compression.scm +++ b/gnu/packages/compression.scm @@ -1281,7 +1281,7 @@ RAR archives.") (define-public zstd (package (name "zstd") - (version "1.3.0") + (version "1.3.1") (source (origin (method url-fetch) (uri (string-append "https://github.com/facebook/zstd/archive/v" @@ -1289,7 +1289,7 @@ RAR archives.") (file-name (string-append name "-" version ".tar.gz")) (sha256 (base32 - "0j5kf0phx4w4b5x7aqwc10lxi9ix7rxhxk0df37cpdrqni1sdnqg")) + "1imddqjhczira626nf3nqmjwj3wb37xcfcwgkjydv2k6fpfbjbri")) (modules '((guix build utils))) (snippet ;; Remove non-free source files. diff --git a/gnu/packages/datamash.scm b/gnu/packages/datamash.scm index 78ed868fa9..60c9ba795b 100644 --- a/gnu/packages/datamash.scm +++ b/gnu/packages/datamash.scm @@ -1,6 +1,6 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2014 Eric Bavier <bavier@member.fsf.org> -;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il> +;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il> ;;; ;;; This file is part of GNU Guix. ;;; @@ -28,7 +28,7 @@ (define-public datamash (package (name "datamash") - (version "1.1.1") + (version "1.2") (source (origin (method url-fetch) @@ -36,7 +36,7 @@ version ".tar.gz")) (sha256 (base32 - "06w0pc828qsabmrlh7bc2zwc823xzxy89paaf37f6bipsyrij222")))) + "15jrv3ly0vgvwwi2qjmhi39n7wrklwifdk961wwfaxyc5jr6zm78")))) (native-inputs `(("which" ,which) ;for tests ("perl" ,perl))) ;for help2man diff --git a/gnu/packages/emacs.scm b/gnu/packages/emacs.scm index 1728b5b92d..140a532050 100644 --- a/gnu/packages/emacs.scm +++ b/gnu/packages/emacs.scm @@ -3315,14 +3315,14 @@ of its name.") (define-public emacs-rainbow-mode (package (name "emacs-rainbow-mode") - (version "0.12") + (version "0.13") (source (origin (method url-fetch) (uri (string-append "http://elpa.gnu.org/packages/rainbow-mode-" version ".el")) (sha256 (base32 - "10a7qs7fvw4qi4vxj9n56j26gjk61bl79dgz4md1d26slb2j1c04")))) + "1d3aamx6qgqqpqijwsr02ggwrh67gfink1bir0692alfkm3zdddl")))) (build-system emacs-build-system) (home-page "http://elpa.gnu.org/packages/rainbow-mode.html") (synopsis "Colorize color names in buffers") diff --git a/gnu/packages/engineering.scm b/gnu/packages/engineering.scm index 650ac2b89c..008a96b244 100644 --- a/gnu/packages/engineering.scm +++ b/gnu/packages/engineering.scm @@ -5,6 +5,7 @@ ;;; Copyright © 2016 David Thompson <davet@gnu.org> ;;; Copyright © 2016, 2017 Ludovic Courtès <ludo@gnu.org> ;;; Copyright © 2016, 2017 Theodoros Foradis <theodoros.for@openmailbox.org> +;;; Copyright © 2017 Julien Lepiller <julien@lepiller.eu> ;;; ;;; This file is part of GNU Guix. ;;; @@ -22,6 +23,7 @@ ;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>. (define-module (gnu packages engineering) + #:use-module (srfi srfi-1) #:use-module (guix packages) #:use-module (guix download) #:use-module (guix gexp) @@ -32,7 +34,7 @@ #:use-module ((guix licenses) #:prefix license:) #:use-module (guix build-system cmake) #:use-module (guix build-system gnu) - #:use-module (guix build-system cmake) + #:use-module (guix build-system python) #:use-module (gnu packages) #:use-module (gnu packages algebra) #:use-module (gnu packages autotools) @@ -59,6 +61,7 @@ #:use-module (gnu packages linux) ;FIXME: for pcb #:use-module (gnu packages m4) #:use-module (gnu packages maths) + #:use-module (gnu packages multiprecision) #:use-module (gnu packages ncurses) #:use-module (gnu packages perl) #:use-module (gnu packages pkg-config) @@ -70,8 +73,7 @@ #:use-module (gnu packages tls) #:use-module (gnu packages tex) #:use-module (gnu packages wxwidgets) - #:use-module (gnu packages xorg) - #:use-module (srfi srfi-1)) + #:use-module (gnu packages xorg)) (define-public librecad (package @@ -1013,3 +1015,117 @@ specified in high-level description language into ready-to-compile C code for the API of spice simulators. Based on transformations specified in XML language, ADMS transforms Verilog-AMS code into other target languages.") (license license:gpl3))) + +(define-public capstone + (package + (name "capstone") + (version "3.0.5-rc2") + (source (origin + (method url-fetch) + (uri (string-append "https://github.com/aquynh/capstone/archive/" + version ".tar.gz")) + (file-name (string-append name "-" version ".tar.gz")) + (sha256 + (base32 + "1cqms9r2p43aiwp5spd84zaccp16ih03r7sjhrv16nddahj0jz2q")))) + (build-system gnu-build-system) + (arguments + `(#:tests? #f + #:make-flags (list (string-append "PREFIX=" %output) + "CC=gcc") + #:phases + (modify-phases %standard-phases + (delete 'configure) + ;; cstool's Makefile overrides LDFLAGS, so we cannot pass it as a make flag. + (add-before 'build 'fix-cstool-ldflags + (lambda* (#:key outputs #:allow-other-keys) + (substitute* "cstool/Makefile" + (("LDFLAGS =") + (string-append "LDFLAGS = -Wl,-rpath=" (assoc-ref outputs "out") + "/lib"))) + #t))))) + (home-page "http://www.capstone-engine.org") + (synopsis "Lightweight multi-platform, multi-architecture disassembly framework") + (description + "Capstone is a lightweight multi-platform, multi-architecture disassembly +framework. Capstone can disassemble machine code for many supported architectures +such as x86, x86_64, arm, arm64, mips, ppc, sparc, sysz and xcore. It provides +bindings for Python, Java, OCaml and more.") + (license license:bsd-3))) + +;; FIXME: This package has a timestamp embedded in +;; lib/python3.5/site-packages/capstone/__pycache__/__iti__.cpython-35.pyc +(define-public python-capstone + (package + (inherit capstone) + (name "python-capstone") + (propagated-inputs + `(("capstone" ,capstone))) + (build-system python-build-system) + (arguments + `(#:phases + (modify-phases %standard-phases + (add-after 'unpack 'chdir-and-fix-setup-py + (lambda _ + (chdir "bindings/python") + ;; Do not build the library again, because we already have it. + (substitute* "setup.py" ((".* build_libraries.*") "")) + ;; This substitution tells python-capstone where to find the + ;; library. + (substitute* "capstone/__init__.py" + (("pkg_resources.resource_filename.*") + (string-append "'" (assoc-ref %build-inputs "capstone") "/lib',\n"))) + #t))))))) + +(define-public python2-capstone + (package-with-python2 python-capstone)) + +(define-public radare2 + (package + (name "radare2") + (version "1.6.0") + (source (origin + (method url-fetch) + (uri (string-append "http://radare.mikelloc.com/get/" version "/" + name "-" version ".tar.gz")) + (sha256 + (base32 + "16ggsk40zz6hyvclvqj1r4bh4hb78jf0d6ppry1jk4r0j30wm7cm")) + (modules '((guix build utils))) + (snippet + '(begin + (substitute* "libr/asm/p/Makefile" + (("LDFLAGS\\+=") "LDFLAGS+=-Wl,-rpath=$(LIBDIR) ")) + (substitute* "libr/parse/p/Makefile" + (("LDFLAGS\\+=") "LDFLAGS+=-Wl,-rpath=$(LIBDIR) ")) + (substitute* "libr/bin/p/Makefile" + (("LDFLAGS\\+=") "LDFLAGS+=-Wl,-rpath=$(LIBDIR) ")))))) + (build-system gnu-build-system) + (arguments + '(#:tests? #f; tests require git and network access + #:phases + (modify-phases %standard-phases + (add-before 'configure 'mklibdir + (lambda* (#:key inputs #:allow-other-keys) + (mkdir-p (string-append (assoc-ref %outputs "out") "/lib")) + #t))) + #:configure-flags + (list "--with-sysmagic" "--with-syszip" "--with-openssl" + "--without-nonpic" "--with-rpath" "--with-syscapstone") + #:make-flags + (list "CC=gcc"))) + (inputs + `(("openssl" ,openssl) + ("zip" ,zip) + ("gmp" ,gmp) + ("capstone" ,capstone))) + (native-inputs + `(("pkg-config" ,pkg-config))) + (home-page "https://radare.org/") + (synopsis "Portable reversing framework") + (description + "Radare project started as a forensics tool, a scriptable commandline +hexadecimal editor able to open disk files, but later support for analyzing +binaries, disassembling code, debugging programs, attaching to remote gdb +servers, ...") + (license license:lgpl3))) diff --git a/gnu/packages/enlightenment.scm b/gnu/packages/enlightenment.scm index da1a1cf43d..8c25f38aae 100644 --- a/gnu/packages/enlightenment.scm +++ b/gnu/packages/enlightenment.scm @@ -165,7 +165,7 @@ removable devices or support for multimedia.") (define-public terminology (package (name "terminology") - (version "1.0.0") + (version "1.1.0") (source (origin (method url-fetch) (uri @@ -173,7 +173,23 @@ removable devices or support for multimedia.") "terminology/terminology-" version ".tar.xz")) (sha256 (base32 - "1x4j2q4qqj10ckbka0zaq2r2zm66ff1x791kp8slv1ff7fw45vdz")))) + "13rl1k22yf8qrpzdm5nh6ij641fibadr2ww1r7rnz7mbhzj3d4gb")) + (modules '((guix build utils))) + ;; Remove the bundled fonts. + ;; TODO: Remove bundled lz4. + (snippet + '(begin + (delete-file-recursively "data/fonts") + (substitute* '("data/Makefile.in" "data/Makefile.am") + (("fonts") "")) + (substitute* "configure" + (("data/fonts/Makefile") "") + (("\\\"data/fonts/Makefile") "# \"data/fonts/Makefile")) + (substitute* '("data/themes/Makefile.in" + "data/themes/Makefile.am" + "data/themes/nyanology/Makefile.in" + "data/themes/nyanology/Makefile.am") + (("-fd \\$\\(top_srcdir\\)/data/fonts") "")))))) (build-system gnu-build-system) (arguments '(#:phases @@ -182,7 +198,8 @@ removable devices or support for multimedia.") ;; FATAL: Cannot create run dir '/homeless-shelter/.run' - errno=2 (lambda _ (setenv "HOME" "/tmp") #t))))) (native-inputs - `(("pkg-config" ,pkg-config))) + `(("gettext" ,gettext-minimal) + ("pkg-config" ,pkg-config))) (inputs `(("efl" ,efl))) (home-page "https://www.enlightenment.org/about-terminology") diff --git a/gnu/packages/fonts.scm b/gnu/packages/fonts.scm index a83be8522c..69ef743cba 100644 --- a/gnu/packages/fonts.scm +++ b/gnu/packages/fonts.scm @@ -49,7 +49,6 @@ #:use-module (gnu packages base) #:use-module (gnu packages compression) #:use-module (gnu packages fontutils) - #:use-module (gnu packages golang) #:use-module (gnu packages perl) #:use-module (gnu packages pkg-config) #:use-module (gnu packages python) @@ -987,7 +986,7 @@ programming. Iosevka is completely generated from its source code.") Holmes type foundry, released under the same license as the Go programming language. It includes a set of proportional, sans-serif fonts, and a set of monospace, slab-serif fonts.") - (license (package-license go-1.4))))) + (license license:bsd-3)))) (define-public font-google-material-design-icons (package @@ -1014,45 +1013,6 @@ have been optimized for beautiful display on all common platforms and display resolutions.") (license license:asl2.0))) -(define-public font-mathjax - (package - (name "font-mathjax") - (version "2.7.1") - (source - (origin - (method url-fetch) - (uri (string-append - "https://github.com/mathjax/MathJax/archive/" - version ".tar.gz")) - (file-name (string-append name "-" version ".tar.gz")) - (sha256 - (base32 - "0sbib5lk0jrvbq6s72ag6ss3wjlz5wnk07ddxij1kp96yg3c1d1b")))) - (build-system trivial-build-system) - (arguments - `(#:modules ((guix build utils)) - #:builder - (begin - (use-modules (guix build utils) - (ice-9 match)) - (set-path-environment-variable - "PATH" '("bin") (map (match-lambda - ((_ . input) - input)) - %build-inputs)) - (let ((install-directory (string-append %output "/share/fonts/mathjax"))) - (mkdir-p install-directory) - (zero? (system* "tar" "-C" install-directory "-xvf" - (assoc-ref %build-inputs "source") - "MathJax-2.7.1/fonts" "--strip" "2")))))) - (native-inputs - `(("gzip" ,gzip) - ("tar" ,tar))) - (home-page "https://www.mathjax.org/") - (synopsis "Fonts for MathJax") - (description "This package contains the fonts required for MathJax.") - (license license:asl2.0))) - (define-public font-open-dyslexic (package (name "font-open-dyslexic") diff --git a/gnu/packages/freedesktop.scm b/gnu/packages/freedesktop.scm index 9dbb8c0869..29f98a2356 100644 --- a/gnu/packages/freedesktop.scm +++ b/gnu/packages/freedesktop.scm @@ -1,7 +1,7 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2015 Andreas Enge <andreas@enge.fr> ;;; Copyright © 2015 Sou Bunnbu <iyzsong@gmail.com> -;;; Copyright © 2015 Andy Wingo <wingo@pobox.com> +;;; Copyright © 2015, 2017 Andy Wingo <wingo@pobox.com> ;;; Copyright © 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org> ;;; Copyright © 2015 Ricardo Wurmus <rekado@elephly.net> ;;; Copyright © 2015 David Hashe <david.hashe@dhashe.com> @@ -645,10 +645,17 @@ message bus.") (modify-phases %standard-phases (add-before 'configure 'pre-configure - (lambda _ - ;; Don't try to create /var/lib/AccoutsService. + (lambda* (#:key inputs #:allow-other-keys) + ;; Don't try to create /var/lib/AccountsService. (substitute* "src/Makefile.in" (("\\$\\(MKDIR_P\\).*/lib/AccountsService.*") "true")) + (let ((shadow (assoc-ref inputs "shadow"))) + (substitute* '("src/user.c" "src/daemon.c") + (("/usr/sbin/usermod") (string-append shadow "/sbin/usermod")) + (("/usr/sbin/useradd") (string-append shadow "/sbin/useradd")) + (("/usr/sbin/userdel") (string-append shadow "/sbin/userdel")) + (("/usr/bin/passwd") (string-append shadow "/bin/passwd")) + (("/usr/bin/chage") (string-append shadow "/bin/chage")))) #t))))) (native-inputs `(("glib:bin" ,glib "bin") ; for gdbus-codegen, etc. @@ -656,7 +663,8 @@ message bus.") ("intltool" ,intltool) ("pkg-config" ,pkg-config))) (inputs - `(("polkit" ,polkit))) + `(("shadow" ,shadow) + ("polkit" ,polkit))) (home-page "http://www.freedesktop.org/wiki/Software/AccountsService/") (synopsis "D-Bus interface for user account query and manipulation") (description @@ -1000,3 +1008,47 @@ desktop-file-install: installs a desktop file to the applications directory, update-desktop-database: updates the database containing a cache of MIME types handled by desktop files.") (license license:gpl2+))) + +(define-public xdg-user-dirs + (package + (name "xdg-user-dirs") + (version "0.16") + (source (origin + (method url-fetch) + (uri (string-append "http://user-dirs.freedesktop.org/releases/" + name "-" version ".tar.gz")) + (sha256 + (base32 "1rp3c94hxjlfsryvwajklynfnrcvxplhwnjqc7395l89i0nb83vp")))) + (build-system gnu-build-system) + (native-inputs + `(("gettext" ,gettext-minimal) + ("docbook-xsl" ,docbook-xsl) + ("docbook-xml" ,docbook-xml-4.3) + ("xsltproc" ,libxslt))) + (arguments + `(#:phases + (modify-phases %standard-phases + (add-before 'build 'locate-catalog-files + (lambda* (#:key inputs #:allow-other-keys) + (let ((xmldoc (string-append (assoc-ref inputs "docbook-xml") + "/xml/dtd/docbook")) + (xsldoc (string-append (assoc-ref inputs "docbook-xsl") + "/xml/xsl/docbook-xsl-" + ,(package-version docbook-xsl)))) + (for-each (lambda (file) + (substitute* file + (("http://.*/docbookx\\.dtd") + (string-append xmldoc "/docbookx.dtd")))) + (find-files "man" "\\.xml$")) + (substitute* "man/Makefile" + (("http://.*/docbook\\.xsl") + (string-append xsldoc "/manpages/docbook.xsl"))) + #t)))))) + (home-page "https://www.freedesktop.org/wiki/Software/xdg-user-dirs/") + (synopsis "Tool to help manage \"well known\" user directories") + (description "xdg-user-dirs is a tool to help manage \"well known\" user +directories, such as the desktop folder or the music folder. It also handles +localization (i.e. translation) of the file names. Designed to be +automatically run when a user logs in, xdg-user-dirs can also be run +manually by a user.") + (license license:gpl2))) diff --git a/gnu/packages/games.scm b/gnu/packages/games.scm index 7932e841c4..9e7b579907 100644 --- a/gnu/packages/games.scm +++ b/gnu/packages/games.scm @@ -1343,15 +1343,15 @@ either by Infocom or created using the Inform compiler.") (define-public retroarch (package (name "retroarch") - (version "1.6.3") + (version "1.6.7") (source (origin (method url-fetch) - (uri (string-append "https://github.com/libretro/RetroArch/archive/" + (uri (string-append "https://github.com/libretro/RetroArch/archive/v" version ".tar.gz")) (file-name (string-append name "-" version ".tar.gz")) (sha256 - (base32 "0a0w2sjizjs20376h7j1gfi0qccr8mhkl1cm6hi0c17hy1493l6d")))) + (base32 "13vp5skf95a4fla3dwdk2v48dgnmrvimvp9fgpr1vppb7wfjhbr1")))) (build-system gnu-build-system) (arguments '(#:tests? #f ; no tests @@ -2870,7 +2870,7 @@ Red Eclipse provides fast paced and accessible gameplay.") (define-public higan (package (name "higan") - (version "103") + (version "104") (source (origin (method url-fetch) @@ -2879,7 +2879,7 @@ Red Eclipse provides fast paced and accessible gameplay.") version)) (file-name (string-append name "-" version ".tar.gz")) (sha256 - (base32 "013r0lcm0qw8zwavz977mqk2clg80gngkjijr3n0q8snpc1727r7")) + (base32 "18by01ir2mvdi9hq571in1hk18gw2bd0ynq4avfs1qj0qra35fqb")) (patches (search-patches "higan-remove-march-native-flag.patch")))) (build-system gnu-build-system) (native-inputs diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm index 8f7d0a3dad..4d12ab4d59 100644 --- a/gnu/packages/gnome.scm +++ b/gnu/packages/gnome.scm @@ -59,6 +59,7 @@ #:use-module (gnu packages avahi) #:use-module (gnu packages base) #:use-module (gnu packages bison) + #:use-module (gnu packages build-tools) #:use-module (gnu packages calendar) #:use-module (gnu packages check) #:use-module (gnu packages cmake) @@ -99,6 +100,7 @@ #:use-module (gnu packages imagemagick) #:use-module (gnu packages music) #:use-module (gnu packages networking) + #:use-module (gnu packages ninja) #:use-module (gnu packages password-utils) #:use-module (gnu packages pcre) #:use-module (gnu packages perl) @@ -5152,10 +5154,20 @@ libxml2.") (sha256 (base32 "1s2xzrwcjhfb4ra8jrxqfycs1jpv97id0f6idb2h6vjkspxbjy23")))) - (build-system gnu-build-system) + (build-system glib-or-gtk-build-system) (arguments '(#:configure-flags - '("--without-plymouth") + `("--without-plymouth" + "--disable-systemd-journal" + "--localstatedir=/var" + ,(string-append "--with-default-path=" + (string-join '("/run/setuid-programs" + "/run/current-system/profile/bin" + "/run/current-system/profile/sbin") + ":")) + ;; Put GDM in bindir so that glib-or-gtk-build-system wraps the + ;; XDG_DATA_DIRS so that it finds its schemas. + "--sbindir" ,(string-append (assoc-ref %outputs "out") "/bin")) #:phases (modify-phases %standard-phases (add-before @@ -5173,9 +5185,54 @@ libxml2.") "libgdm/gdm-user-switching.c") (("#include <systemd/sd-login\\.h>") "#include <elogind/sd-login.h>")) - ;; Avoid checking SYSTEMD using pkg-config. - (setenv "SYSTEMD_CFLAGS" " ") - (setenv "SYSTEMD_LIBS" "-lelogind") + ;; Check for elogind. + (substitute* '("configure") + (("libsystemd") + "libelogind")) + ;; Look for system-installed sessions in + ;; /run/current-system/profile/share. + (substitute* '("libgdm/gdm-sessions.c" + "daemon/gdm-session.c" + "daemon/gdm-display.c" + "daemon/gdm-launch-environment.c") + (("DATADIR \"/x") + "\"/run/current-system/profile/share/x") + (("DATADIR \"/wayland") + "\"/run/current-system/profile/share/wayland") + (("DATADIR \"/gnome") + "\"/run/current-system/profile/share/gnome")) + (substitute* '("daemon/gdm-session.c") + (("set_up_session_environment \\(self\\);") + (string-append + "set_up_session_environment (self);\n" + ;; Propagate GDM_X_SERVER environment variable (which is set + ;; by the GDM service, as it's a function of what X modules + ;; the user decides to have available) down to worker + ;; processes. + "gdm_session_set_environment_variable (self, \"GDM_X_SERVER\",\n" + " g_getenv (\"GDM_X_SERVER\"));\n" + ;; FIXME: Really glib should be declaring XDG_CONFIG_DIRS as a + ;; variable, but it doesn't do that right now. Anyway + ;; /run/current-system/profile/share/gnome-session/sessions/gnome.desktop + ;; requires that a number of .desktop files be present, and + ;; these special .desktop files are in $XDG_CONFIG_DIRS (which + ;; defaults to /etc/xdg if it's not set). Here we need to + ;; provide a value such that the GNOME session's requirements + ;; are met (provided GNOME is installed of course). + "gdm_session_set_environment_variable (self, \"XDG_CONFIG_DIRS\",\n" + " \"/run/current-system/profile/etc/xdg\");\n" + ))) + ;; Look for custom GDM conf in /run/current-system. + (substitute* '("common/gdm-settings-backend.c") + (("GDM_CUSTOM_CONF") + "/run/current-system/etc/gdm/custom.conf")) + ;; Use service-supplied path to X. + (substitute* '("daemon/gdm-server.c") + (("\\(X_SERVER X_SERVER_ARG_FORMAT") + "(\"%s\" X_SERVER_ARG_FORMAT, g_getenv (\"GDM_X_SERVER\")")) + (substitute* '("daemon/gdm-x-session.c") + (("X_SERVER") + "g_getenv (\"GDM_X_SERVER\")")) #t))))) (native-inputs `(("dconf" ,dconf) @@ -5799,6 +5856,7 @@ associations for GNOME.") ("pulseaudio" ,pulseaudio) ("shared-mime-info" ,shared-mime-info) ("totem" ,totem) + ("xdg-user-dirs" ,xdg-user-dirs) ("yelp" ,yelp) ("zenity" ,zenity))) (synopsis "The GNU desktop environment") @@ -6517,7 +6575,7 @@ that support the Assistive Technology Service Provider Interface (AT-SPI).") (define-public gspell (package (name "gspell") - (version "1.4.1") + (version "1.4.2") (source (origin (method url-fetch) (uri (string-append "mirror://gnome/sources/" name "/" @@ -6525,7 +6583,7 @@ that support the Assistive Technology Service Provider Interface (AT-SPI).") name "-" version ".tar.xz")) (sha256 (base32 - "1ghh1xdzf04mfgb13zqpj88krpa44xv2vbyhm6k017kzrpz8hbs4")) + "1683vyyfq3q0ph665jj6id8hnlyid4qxzmqiwpv97gmz8zksg6x5")) (patches (search-patches "gspell-dash-test.patch")))) (build-system glib-or-gtk-build-system) (arguments @@ -6620,7 +6678,7 @@ views can be printed as PDF or PostScript files, or exported to HTML.") (define-public lollypop (package (name "lollypop") - (version "0.9.240") + (version "0.9.244") (source (origin (method url-fetch) @@ -6629,31 +6687,48 @@ views can be printed as PDF or PostScript files, or exported to HTML.") name "-" version ".tar.xz")) (sha256 (base32 - "0n1ycmg6dgz1pajs80fwlcbxw3rx1hff1xw6ja67zngm85ydbjvq")))) + "0y9nmwrplz4mlvc2badfbyjj97ksn6qqis3rgm8lvp5llsk1583w")))) + ;; TODO: Use meson-build-system (build-system glib-or-gtk-build-system) (arguments `(#:imported-modules ((guix build python-build-system) ,@%glib-or-gtk-build-system-modules) - #:phases (modify-phases %standard-phases - (add-after 'install 'wrap-program - (lambda* (#:key outputs #:allow-other-keys) - (let ((out (assoc-ref outputs "out")) - (gi-typelib-path (getenv "GI_TYPELIB_PATH"))) - (wrap-program (string-append out "/bin/lollypop") - `("GI_TYPELIB_PATH" ":" prefix (,gi-typelib-path)))) - #t)) - (add-after 'install 'wrap - (@@ (guix build python-build-system) wrap))))) + #:tests? #f ; no test suite + #:phases + (modify-phases %standard-phases + (delete 'configure) + (replace 'build + (lambda* (#:key inputs outputs #:allow-other-keys) + (let ((out (assoc-ref outputs "out"))) + ;; remove post-install script, we update the caches later + (substitute* "meson.build" + (("meson.add_install_script\\('meson_post_install.py'\\)") "")) + (zero? + (system* "meson" "builddir" (string-append "--prefix=" out)))))) + (replace 'install + (lambda _ (zero? (system* "ninja" "-C" "builddir" "install")))) + (add-after 'install 'wrap-program + (lambda* (#:key outputs #:allow-other-keys) + (let ((out (assoc-ref outputs "out")) + (gi-typelib-path (getenv "GI_TYPELIB_PATH"))) + (wrap-program (string-append out "/bin/lollypop") + `("GI_TYPELIB_PATH" ":" prefix (,gi-typelib-path)))) + #t)) + (add-after 'install 'wrap + (@@ (guix build python-build-system) wrap))))) (native-inputs `(("intltool" ,intltool) ("itstool" ,itstool) + ("ninja" ,ninja) ("pkg-config" ,pkg-config))) (inputs `(("gobject-introspection" ,gobject-introspection) + ("gst-plugins-base" ,gst-plugins-base) ("gtk+" ,gtk+) ("libnotify" ,libnotify) ("libsecret" ,libsecret) ("libsoup" ,libsoup) + ("meson" ,meson) ("python" ,python) ("python-beautifulsoup4" ,python-beautifulsoup4) ("python-gst" ,python-gst) @@ -6665,7 +6740,6 @@ views can be printed as PDF or PostScript files, or exported to HTML.") (propagated-inputs `(;; gst-plugins-base is required to start Lollypop, ;; the others are required to play streaming. - ("gst-plugins-base" ,gst-plugins-base) ("gst-plugins-good" ,gst-plugins-good) ("gst-plugins-ugly" ,gst-plugins-ugly))) (home-page "https://gnumdk.github.io/lollypop-web") diff --git a/gnu/packages/gnunet.scm b/gnu/packages/gnunet.scm index 7ff1a3f6f8..f3fe637b13 100644 --- a/gnu/packages/gnunet.scm +++ b/gnu/packages/gnunet.scm @@ -186,14 +186,14 @@ and support for SSL3 and TLS.") (define-public gnurl (package (name "gnurl") - (version "7.55.1") + (version "7.55.1-3") (source (origin (method url-fetch) (uri (string-append "https://gnunet.org/sites/default/files/" name "-" version ".tar.bz2")) (sha256 (base32 - "118vb2mc5ivsbrkqzg40w56raf5jdnx00cfmkh735w0mjfy6wccv")))) + "1p2qdh44hgsxjlzh4d3n51xr66cg2z517vpr818flvcrmpq2vxpq")))) (build-system gnu-build-system) (outputs '("out" "doc")) ; 1.5 MiB of man3 pages diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm index e2d1abbbbf..9f3ccc8f69 100644 --- a/gnu/packages/golang.scm +++ b/gnu/packages/golang.scm @@ -200,11 +200,11 @@ garbage collection, various safety features and in the style of communicating sequential processes (CSP) concurrent programming features added.") (license license:bsd-3))) -(define-public go-1.8 +(define-public go-1.9 (package (inherit go-1.4) (name "go") - (version "1.8.3") + (version "1.9") (source (origin (method url-fetch) @@ -212,7 +212,7 @@ sequential processes (CSP) concurrent programming features added.") name version ".src.tar.gz")) (sha256 (base32 - "19lzv4lqixj3v2gjaff0fdbbmgsq5r8lrfd61z2zvp778wjflpaz")))) + "14z9azh8pk5cwyl2qdk893j68lk0cca7a9b8k2hpn5pd52825ax4")))) (arguments (substitute-keyword-arguments (package-arguments go-1.4) ((#:phases phases) @@ -243,7 +243,7 @@ sequential processes (CSP) concurrent programming features added.") ;; Add libgcc to runpath (substitute* "cmd/link/internal/ld/lib.go" (("!rpath.set") "true")) - (substitute* "cmd/go/build.go" + (substitute* "cmd/go/internal/work/build.go" (("cgoldflags := \\[\\]string\\{\\}") (string-append "cgoldflags := []string{" "\"-rpath=" gcclib "\"" @@ -374,4 +374,4 @@ sequential processes (CSP) concurrent programming features added.") `(("go" ,go-1.4) ,@(package-native-inputs go-1.4))))) -(define-public go go-1.8) +(define-public go go-1.9) diff --git a/gnu/packages/gstreamer.scm b/gnu/packages/gstreamer.scm index 97fd52e160..6e43dc9918 100644 --- a/gnu/packages/gstreamer.scm +++ b/gnu/packages/gstreamer.scm @@ -334,8 +334,7 @@ developers consider to have good quality code and correct functionality.") ;("qtx11extras" ,qtx11extras) ("soundtouch" ,soundtouch) ("x265" ,x265) - ;("wayland" ,wayland) ; needs gtk+ built with wayland support - )) + ("wayland" ,wayland))) (home-page "https://gstreamer.freedesktop.org/") (synopsis "Plugins for the GStreamer multimedia library") (description diff --git a/gnu/packages/guile-wm.scm b/gnu/packages/guile-wm.scm index a114fd441d..4a484b9de4 100644 --- a/gnu/packages/guile-wm.scm +++ b/gnu/packages/guile-wm.scm @@ -1,6 +1,7 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2013, 2014 Ludovic Courtès <ludo@gnu.org> ;;; Copyright © 2016 Alex ter Weele <alex.ter.weele@gmail.com> +;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net> ;;; ;;; This file is part of GNU Guix. ;;; @@ -33,7 +34,8 @@ (version "1.3") (source (origin (method url-fetch) - (uri (string-append "http://www.markwitmer.com/dist/guile-xcb-" + (uri (string-append "http://web.archive.org/web/20150803094848/" + "http://www.markwitmer.com/dist/guile-xcb-" version ".tar.gz")) (sha256 (base32 @@ -68,7 +70,8 @@ dependencies.") (synopsis "X11 window manager toolkit in Scheme") (source (origin (method url-fetch) - (uri (string-append "http://www.markwitmer.com/dist/guile-wm-" + (uri (string-append "http://web.archive.org/web/20161005084324/" + "http://www.markwitmer.com/dist/guile-wm-" version ".tar.gz")) (sha256 (base32 diff --git a/gnu/packages/image-viewers.scm b/gnu/packages/image-viewers.scm index c2f0a24344..f82d4baf24 100644 --- a/gnu/packages/image-viewers.scm +++ b/gnu/packages/image-viewers.scm @@ -54,7 +54,7 @@ (define-public feh (package (name "feh") - (version "2.19.2") + (version "2.19.3") (home-page "https://feh.finalrewind.org/") (source (origin (method url-fetch) @@ -62,7 +62,7 @@ name "-" version ".tar.bz2")) (sha256 (base32 - "0v2nwc6sk4vs855a1ncz9vxpzxvs1d5wcjz87rfbypxx7nap2al2")))) + "1l3yvv0l0ggwlfyhk84p2g9mrqvzqrg1fgalf88kzppvb9jppjay")))) (build-system gnu-build-system) (arguments '(#:phases (alist-delete 'configure %standard-phases) diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm index 7be1b195f1..94c683aa9e 100644 --- a/gnu/packages/image.scm +++ b/gnu/packages/image.scm @@ -519,7 +519,8 @@ work.") (file-name (string-append name "-" version ".tar.gz")) (sha256 (base32 - "0yvfghxwfm3dcqr9krkw63pcd76hzkknc3fh7bh11s8qlvjvrpbg")))) + "0yvfghxwfm3dcqr9krkw63pcd76hzkknc3fh7bh11s8qlvjvrpbg")) + (patches (search-patches "openjpeg-CVE-2017-12982.patch")))) (build-system cmake-build-system) (arguments ;; Trying to run `$ make check' results in a no rule fault. @@ -1127,7 +1128,8 @@ PNG, and performs PNG integrity checks and corrections.") (native-inputs `(("nasm" ,nasm))) (arguments - '(#:test-target "test")) + '(#:test-target "test" + #:configure-flags (list "--with-build-date=1970-01-01"))) (home-page "http://www.libjpeg-turbo.org/") (synopsis "SIMD-accelerated JPEG image handling library") (description "libjpeg-turbo is a JPEG image codec that accelerates baseline diff --git a/gnu/packages/imagemagick.scm b/gnu/packages/imagemagick.scm index 3bd705fa2f..4056d486fb 100644 --- a/gnu/packages/imagemagick.scm +++ b/gnu/packages/imagemagick.scm @@ -45,14 +45,14 @@ ;; The 7 release series has an incompatible API, while the 6 series is still ;; maintained. Don't update to 7 until we've made sure that the ImageMagick ;; users are ready for the 7-series API. - (version "6.9.9-7") + (version "6.9.9-9") (source (origin (method url-fetch) (uri (string-append "mirror://imagemagick/ImageMagick-" version ".tar.xz")) (sha256 (base32 - "1lwsz9b8clygdppgawv2hsry4aykgmawjlwhg3fj70rndv4a8rw4")))) + "0p7jz55zry5r1lv34ymx536fqymvy3iwzwy0kvj53mlmsaad7vjr")))) (build-system gnu-build-system) (arguments `(#:configure-flags '("--with-frozenpaths" "--without-gcc-arch") diff --git a/gnu/packages/javascript.scm b/gnu/packages/javascript.scm index 12f12bf8f1..85017453ff 100644 --- a/gnu/packages/javascript.scm +++ b/gnu/packages/javascript.scm @@ -22,7 +22,6 @@ #:use-module (gnu packages) #:use-module (gnu packages base) #:use-module (gnu packages compression) - #:use-module (gnu packages fonts) #:use-module (gnu packages lisp) #:use-module (guix packages) #:use-module (guix download) @@ -30,6 +29,45 @@ #:use-module (guix build-system trivial) #:use-module (guix build-system minify)) +(define-public font-mathjax + (package + (name "font-mathjax") + (version "2.7.1") + (source + (origin + (method url-fetch) + (uri (string-append + "https://github.com/mathjax/MathJax/archive/" + version ".tar.gz")) + (file-name (string-append name "-" version ".tar.gz")) + (sha256 + (base32 + "0sbib5lk0jrvbq6s72ag6ss3wjlz5wnk07ddxij1kp96yg3c1d1b")))) + (build-system trivial-build-system) + (arguments + `(#:modules ((guix build utils)) + #:builder + (begin + (use-modules (guix build utils) + (ice-9 match)) + (set-path-environment-variable + "PATH" '("bin") (map (match-lambda + ((_ . input) + input)) + %build-inputs)) + (let ((install-directory (string-append %output "/share/fonts/mathjax"))) + (mkdir-p install-directory) + (zero? (system* "tar" "-C" install-directory "-xvf" + (assoc-ref %build-inputs "source") + "MathJax-2.7.1/fonts" "--strip" "2")))))) + (native-inputs + `(("gzip" ,gzip) + ("tar" ,tar))) + (home-page "https://www.mathjax.org/") + (synopsis "Fonts for MathJax") + (description "This package contains the fonts required for MathJax.") + (license license:asl2.0))) + (define-public js-mathjax (package (inherit font-mathjax) diff --git a/gnu/packages/kde.scm b/gnu/packages/kde.scm index a65a61f96b..2e46a3c924 100644 --- a/gnu/packages/kde.scm +++ b/gnu/packages/kde.scm @@ -300,9 +300,14 @@ used in KDE development tools Kompare and KDevelop.") ;; KF5AuthConfig.cmake.in contains this already. (substitute* "processcore/CMakeLists.txt" (("KAUTH_HELPER_INSTALL_DIR") "KDE_INSTALL_LIBEXECDIR")))) + (add-before 'check 'check-setup + (lambda _ + ;; make Qt render "offscreen", required for tests + (setenv "QT_QPA_PLATFORM" "offscreen"))) (replace 'check - (lambda _ ;other tests require a display and therefore fail - (zero? (system* "ctest" "-R" "chronotest"))))))) + (lambda _ + ;; TODO: Fix this failing test-case + (zero? (system* "ctest" "-E" "processtest"))))))) (home-page "https://www.kde.org/info/plasma-5.10.4.php") (synopsis "Network enabled task and system monitoring") (description "KSysGuard can obtain information on system load and diff --git a/gnu/packages/libreoffice.scm b/gnu/packages/libreoffice.scm index 16a8d257d0..cca222b1f8 100644 --- a/gnu/packages/libreoffice.scm +++ b/gnu/packages/libreoffice.scm @@ -837,6 +837,7 @@ and to return information on pronunciations, meanings and synonyms.") ("libetonyek" ,libetonyek) ("libexttextcat" ,libexttextcat) ("libfreehand" ,libfreehand) + ("liblangtag" ,liblangtag) ("libmspub" ,libmspub) ("libmwaw" ,libmwaw) ("libodfgen" ,libodfgen) @@ -919,15 +920,16 @@ and to return information on pronunciations, meanings and synonyms.") (substitute* (string-append out src) (("Exec=libreoffice[0-9]+\\.[0-9]+ ") (string-append "Exec=" out "/bin/libreoffice ")) - (("Icon=libreoffice[0-9]+\\.[0-9]+") - "Icon=libreoffice") + (("Icon=libreoffice.*") + (string-append "Icon=" app "\n")) (("LibreOffice [0-9]+\\.[0-9]+") "LibreOffice")) - (symlink-output src dst) - (install-file (string-append + (symlink-output src dst))) + (define (install-appdata app) + (install-file (string-append "sysui/desktop/appstream-appdata/" "libreoffice-" app ".appdata.xml") - (string-append out "/share/appdata")))) + (string-append out "/share/appdata"))) (symlink-output "/lib/libreoffice/program/soffice" "/bin/soffice") (symlink-output "/lib/libreoffice/program/soffice" @@ -940,16 +942,18 @@ and to return information on pronunciations, meanings and synonyms.") "workdir/CustomTarget/sysui/share/libreoffice/openoffice.org.xml" "/share/mime/packages/libreoffice.xml") (for-each install-desktop-file + '("base" "calc" "draw" "impress" "writer" + "math" "startcenter")) + (for-each install-appdata '("base" "calc" "draw" "impress" "writer")) - (mkdir-p (string-append out "/share/icons")) + (mkdir-p (string-append out "/share/icons/hicolor")) (copy-recursively "sysui/desktop/icons/hicolor" - (string-append out "/share/icons/"))) + (string-append out "/share/icons/hicolor"))) #t))) #:configure-flags (list "--enable-release-build" "--enable-verbose" - "--without-parallelism" ; otherwise the build fails "--disable-fetch-external" ; disable downloads "--with-system-libs" ; enable all --with-system-* flags (string-append "--with-boost-libdir=" @@ -969,8 +973,7 @@ and to return information on pronunciations, meanings and synonyms.") "--disable-firebird-sdbc" ; embedded firebird "--disable-gltf" "--without-doxygen" - "--disable-gtk3" - "--disable-liblangtag"))) + "--disable-gtk3"))) (home-page "https://www.libreoffice.org/") (synopsis "Office suite") (description "LibreOffice is a comprehensive office suite. It contains diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index e271ef6b11..d454b08029 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -367,8 +367,8 @@ It has been modified to remove all non-free binary blobs.") (define %intel-compatible-systems '("x86_64-linux" "i686-linux")) -(define %linux-libre-version "4.12.8") -(define %linux-libre-hash "1p4ah15qs94id2yj6lhp6abdycvgp7lvn3ccsfs7f6n34hdij0cm") +(define %linux-libre-version "4.12.9") +(define %linux-libre-hash "1wpsqhaab91l1wdbsxq8pdwrdx3a603zr5zjxbzdsx99pr6iypra") (define-public linux-libre (make-linux-libre %linux-libre-version @@ -377,14 +377,14 @@ It has been modified to remove all non-free binary blobs.") #:configuration-file kernel-config)) (define-public linux-libre-4.9 - (make-linux-libre "4.9.44" - "0a92bsb5d0pyhyn5ypc8ashwxixhivdadvikcpv31376j842fmj2" + (make-linux-libre "4.9.45" + "0qdwn2m3iynbjyszkq4hlx891s1b83p9nr1v7vdb20fs4n2cbl9s" %intel-compatible-systems #:configuration-file kernel-config)) (define-public linux-libre-4.4 - (make-linux-libre "4.4.83" - "1fv3j0w0v82aa9s9n4a4qyrxc5bpq2ag9riawlabx57a380x1n62" + (make-linux-libre "4.4.84" + "00lp3471mvwpq5062cynaakjn7bjpylmg1d1wwmhh6fdknd2h1kz" %intel-compatible-systems #:configuration-file kernel-config)) @@ -3222,6 +3222,42 @@ repair and easy administration.") from the btrfs-progs package. It is meant to be used in initrds.") (license (package-license btrfs-progs)))) +(define-public f2fs-tools + (package + (name "f2fs-tools") + (version "1.8.0") + (source (origin + (method url-fetch) + (uri (string-append + "https://git.kernel.org/cgit/linux/kernel/git/jaegeuk" + "/f2fs-tools.git/snapshot/" name "-" version ".tar.gz")) + (sha256 + (base32 + "1bir9ladb58ijlcvrjrq1fb1xv5ys50zdjaq0yzliib0apsyrnyl")))) + (build-system gnu-build-system) + (arguments + `(#:phases + (modify-phases %standard-phases + (add-after 'unpack 'bootstrap + (lambda _ + (zero? (system* "autoreconf" "-vif"))))))) + (native-inputs + `(("autoconf" ,autoconf) + ("automake" ,automake) + ("libtool" ,libtool) + ("pkg-config" ,pkg-config))) + (inputs + `(("libuuid" ,util-linux))) + (home-page "https://f2fs.wiki.kernel.org/") + (synopsis "Userland tools for f2fs") + (description + "F2FS, the Flash-Friendly File System, is a modern file system +designed to be fast and durable on flash devices such as solid-state +disks and SD cards. This package provides the userland utilities.") + ;; The formatting utility, libf2fs and include/f2fs_fs.h is dual + ;; GPL2/LGPL2.1, everything else is GPL2 only. See 'COPYING'. + (license (list license:gpl2 license:lgpl2.1)))) + (define-public freefall (package (name "freefall") diff --git a/gnu/packages/mail.scm b/gnu/packages/mail.scm index cc76a93ed0..3b0f12b764 100644 --- a/gnu/packages/mail.scm +++ b/gnu/packages/mail.scm @@ -1090,7 +1090,7 @@ facilities for checking incoming mail.") (define-public dovecot (package (name "dovecot") - (version "2.2.31") + (version "2.2.32") (source (origin (method url-fetch) @@ -1098,7 +1098,7 @@ facilities for checking incoming mail.") (version-major+minor version) "/" name "-" version ".tar.gz")) (sha256 (base32 - "18bnwgn6hshbmr79g21sngkrmydji6bzb948a3b2i0bl0w4y8jq3")))) + "0bmwyvi1crmrca2knvknsf517x53w7gxrclwyrvrhddgw98j22qn")))) (build-system gnu-build-system) (native-inputs `(("pkg-config" ,pkg-config))) diff --git a/gnu/packages/maths.scm b/gnu/packages/maths.scm index 537157fca6..c3c2191a94 100644 --- a/gnu/packages/maths.scm +++ b/gnu/packages/maths.scm @@ -3179,26 +3179,38 @@ as equations, scalars, vectors, and matrices.") (sha256 (base32 "032a5lvji2liwmc25jv52bdrhimqflvqbpg77ccaq1jykhiivbmf")))) - (build-system gnu-build-system) + (build-system cmake-build-system) (arguments - `(#:test-target "test" + `(#:configure-flags + (list "-DBUILD_PYTHON_BINDINGS=true" + "-DINSTALL_PYTHON_BINDINGS=true" + (string-append "-DCMAKE_INSTALL_PYTHON_PKG_DIR=" + %output + "/lib/python2.7/site-packages") + (string-append "-DCMAKE_INSTALL_LIBDIR=" + %output + "/lib")) + #:phases (modify-phases %standard-phases - (replace 'configure - (lambda* (#:key inputs outputs #:allow-other-keys) + (add-before 'configure 'bootstrap + (lambda _ (zero? - (system* "python" "scripts/mk_make.py" - (string-append "--prefix=" - (assoc-ref outputs "out")))))) - (add-after 'configure 'change-dir + (system* "python" "contrib/cmake/bootstrap.py" "create")))) + (add-before 'check 'make-test-z3 (lambda _ - (chdir "build") - #t))))) + ;; Build the test suite executable. + (zero? (system* "make" "test-z3" "-j" + (number->string (parallel-job-count)))))) + (replace 'check + (lambda _ + ;; Run all the tests that don't require arguments. + (zero? (system* "./test-z3" "/a"))))))) (native-inputs `(("python" ,python-2))) (synopsis "Theorem prover") (description "Z3 is a theorem prover and @dfn{satisfiability modulo -theories} (SMT) solver. It provides a C/C++ API.") +theories} (SMT) solver. It provides a C/C++ API, as well as Python bindings.") (home-page "https://github.com/Z3Prover/z3") (license license:expat))) diff --git a/gnu/packages/mp3.scm b/gnu/packages/mp3.scm index 73e767faec..9330179f96 100644 --- a/gnu/packages/mp3.scm +++ b/gnu/packages/mp3.scm @@ -3,6 +3,7 @@ ;;; Copyright © 2014, 2015, 2017 Ludovic Courtès <ludo@gnu.org> ;;; Copyright © 2015 Mark H Weaver <mhw@netris.org> ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il> +;;; Copyright © 2017 Thomas Danckaert <post@thomasdanckaert.be> ;;; ;;; This file is part of GNU Guix. ;;; @@ -114,8 +115,12 @@ versions of ID3v2.") (sha256 (base32 "0yfhqwk0w8q2hyv1jib1008jvzmwlpsxvc8qjllhna6p1hycqj97")) + (modules '((guix build utils))) + ;; Don't use bundled zlib + (snippet '(delete-file-recursively "zlib")) (patches (search-patches "id3lib-CVE-2007-4460.patch")))) (build-system gnu-build-system) + (inputs `(("zlib" ,zlib))) (arguments `(#:phases (alist-cons-before diff --git a/gnu/packages/mpi.scm b/gnu/packages/mpi.scm index d6423aa6fc..93157e2692 100644 --- a/gnu/packages/mpi.scm +++ b/gnu/packages/mpi.scm @@ -122,7 +122,6 @@ bind processes, and much more.") (base32 "142s1vny9gllkq336yafxayjgcirj2jv0ddabj879jgya7hyr2d0")))) (build-system gnu-build-system) - (outputs '("out" "static")) (inputs `(("hwloc" ,hwloc "lib") ("gfortran" ,gfortran) @@ -133,20 +132,33 @@ bind processes, and much more.") `(("pkg-config" ,pkg-config) ("perl" ,perl))) (arguments - `(#:configure-flags `("--enable-static" + `(#:configure-flags `("--enable-builtin-atomics" - "--enable-mpi-thread-multiple" - "--enable-builtin-atomics" - - "--enable-mpi-ext=all" - "--with-devel-headers" + "--enable-mpi-ext=affinity" ;cr doesn't work "--enable-memchecker" "--with-sge" + + ;; VampirTrace is obsoleted by scorep and disabling + ;; it reduces the closure size considerably. + "--disable-vt" + ,(string-append "--with-valgrind=" (assoc-ref %build-inputs "valgrind")) ,(string-append "--with-hwloc=" (assoc-ref %build-inputs "hwloc"))) #:phases (modify-phases %standard-phases + (add-before 'build 'remove-absolute + ;; Remove compiler absolute file names (OPAL_FC_ABSOLUTE + ;; etc.) to reduce the closure size. See + ;; <https://lists.gnu.org/archive/html/guix-devel/2017-07/msg00388.html> + ;; and + ;; <https://www.mail-archive.com/users@lists.open-mpi.org//msg31397.html>. + (lambda _ + (substitute* '("orte/tools/orte-info/param.c" + "oshmem/tools/oshmem_info/param.c" + "ompi/tools/ompi_info/param.c") + (("_ABSOLUTE") "")) + #t)) (add-before 'build 'scrub-timestamps ;reproducibility (lambda _ (substitute* '("ompi/tools/ompi_info/param.c" @@ -158,20 +170,6 @@ bind processes, and much more.") (lambda* (#:key outputs #:allow-other-keys) (let ((out (assoc-ref outputs "out"))) (for-each delete-file (find-files out "config.log")) - #t))) - (add-after 'install 'move-static-libraries - (lambda* (#:key outputs #:allow-other-keys) - ;; Move 19 MiB of static libraries to 'static'. - (let* ((out (assoc-ref outputs "out")) - (static (assoc-ref outputs "static")) - (lib (string-append out "/lib")) - (slib (string-append static "/lib"))) - (mkdir-p slib) - (for-each (lambda (file) - (rename-file - file - (string-append slib "/" (basename file)))) - (find-files lib "\\.a$")) #t)))))) (home-page "http://www.open-mpi.org") (synopsis "MPI-3 implementation") @@ -184,3 +182,17 @@ best MPI library available. Open MPI offers advantages for system and software vendors, application developers and computer science researchers.") ;; See file://LICENSE (license bsd-2))) + +(define-public openmpi-thread-multiple + (package + (inherit openmpi) + (name "openmpi-thread-multiple") + (arguments + (substitute-keyword-arguments (package-arguments openmpi) + ((#:configure-flags flags) + `(cons "--enable-mpi-thread-multiple" ,flags)))) + (description " This version of Open@tie{}MPI has an implementation of +@code{MPI_Init_thread} that provides @code{MPI_THREAD_MULTIPLE}. This won't +work correctly with all transports (such as @code{openib}), and the +performance is generally worse than the vanilla @code{openmpi} package, which +only provides @code{MPI_THREAD_FUNNELED}."))) diff --git a/gnu/packages/music.scm b/gnu/packages/music.scm index 29ab50fc4c..56e6d26493 100644 --- a/gnu/packages/music.scm +++ b/gnu/packages/music.scm @@ -1699,7 +1699,7 @@ backends, including ALSA, OSS, Network and FluidSynth.") (define-public zynaddsubfx (package (name "zynaddsubfx") - (version "3.0.1") + (version "3.0.2") (source (origin (method url-fetch) (uri (string-append @@ -1707,7 +1707,7 @@ backends, including ALSA, OSS, Network and FluidSynth.") version "/zynaddsubfx-" version ".tar.bz2")) (sha256 (base32 - "1qijvlbv41lnqaqbp6gh1i42xzf1syviyxz8wr39xbz55cw7y0d8")))) + "09mr23lqc51r7gskry5b7hk84pghdpgn1s4vnrzvx7xpa21gvplm")))) (build-system cmake-build-system) (arguments `(#:phases @@ -1745,7 +1745,7 @@ capabilities, custom envelopes, effects, etc.") (define-public yoshimi (package (name "yoshimi") - (version "1.5.1.1") + (version "1.5.3") (source (origin (method url-fetch) (uri (string-append "mirror://sourceforge/yoshimi/" @@ -1753,7 +1753,7 @@ capabilities, custom envelopes, effects, etc.") "/yoshimi-" version ".tar.bz2")) (sha256 (base32 - "1gjanmbn08x11iz4bjlkx3m66x0yk401ddkz8fqkj7y3p5ih1kna")))) + "0sns35pyw2f74xrv1fxiyf9g9415kvh2rrbdjd60hsiv584nlari")))) (build-system cmake-build-system) (arguments `(#:tests? #f ; there are no tests @@ -2180,13 +2180,13 @@ detailed track info including timbre, pitch, rhythm and loudness information. (define-public python-pylast (package (name "python-pylast") - (version "1.6.0") + (version "1.9.0") (source (origin (method url-fetch) (uri (pypi-uri "pylast" version)) (sha256 (base32 - "0bml11gfkxqd3i2jxkn5k2xllc4rvxjcyhs8an05gcyy1zp2bwvb")))) + "190c6sicc80v21wbbwbq771nqmxw4r6aqmxs22ndj177rc2l275f")))) (build-system python-build-system) (arguments '(#:tests? #f)) ; FIXME: Requires unpackaged python-flaky. diff --git a/gnu/packages/networking.scm b/gnu/packages/networking.scm index c329c463f3..b786b63c20 100644 --- a/gnu/packages/networking.scm +++ b/gnu/packages/networking.scm @@ -444,7 +444,7 @@ and up to 1 Mbit/s downstream.") (define-public whois (package (name "whois") - (version "5.2.17") + (version "5.2.18") (source (origin (method url-fetch) @@ -452,7 +452,7 @@ and up to 1 Mbit/s downstream.") name "_" version ".tar.xz")) (sha256 (base32 - "0r4np8gaxhy9c0v795dc4dhxms9zak31vd378sb1h7jpixkqax95")))) + "1mcpgj18n1xppvlhjqzpj05yr5z48bym9bd88k10fwgkmwk0spf3")))) (build-system gnu-build-system) ;; TODO: unbundle mkpasswd binary + its po files. (arguments @@ -705,7 +705,7 @@ allows for heavy scripting.") (define-public perl-net-dns (package (name "perl-net-dns") - (version "1.06") + (version "1.12") (source (origin (method url-fetch) @@ -715,7 +715,7 @@ allows for heavy scripting.") ".tar.gz")) (sha256 (base32 - "07m5331132h9xkh1i6jv9d80f571yva27iqa31aq4sm31iw7nn53")))) + "1zy16idzc96n20fm9976qapz89n3f44xpylhs5cvfgyyg7z03zr5")))) (build-system perl-build-system) (inputs `(("perl-digest-hmac" ,perl-digest-hmac))) diff --git a/gnu/packages/parallel.scm b/gnu/packages/parallel.scm index 179fa7ed32..db04a5704e 100644 --- a/gnu/packages/parallel.scm +++ b/gnu/packages/parallel.scm @@ -45,7 +45,7 @@ (define-public parallel (package (name "parallel") - (version "20170722") + (version "20170822") (source (origin (method url-fetch) @@ -53,7 +53,7 @@ version ".tar.bz2")) (sha256 (base32 - "117g50bx1kcbrqix0f1539z5rzhvgsni2wddjv939wcxkrdb1idx")))) + "0j4i0dfbk1i37mcdl7l5ynsldp8biqnbm32sm0cl26by0nivyjc9")))) (build-system gnu-build-system) (arguments `(#:phases diff --git a/gnu/packages/patches/openjpeg-CVE-2017-12982.patch b/gnu/packages/patches/openjpeg-CVE-2017-12982.patch new file mode 100644 index 0000000000..3929a73570 --- /dev/null +++ b/gnu/packages/patches/openjpeg-CVE-2017-12982.patch @@ -0,0 +1,28 @@ +http://openwall.com/lists/oss-security/2017/08/21/1 +https://github.com/uclouvain/openjpeg/commit/baf0c1ad4572daa89caa3b12985bdd93530f0dd7.patch + +From baf0c1ad4572daa89caa3b12985bdd93530f0dd7 Mon Sep 17 00:00:00 2001 +From: Even Rouault <even.rouault@spatialys.com> +Date: Mon, 14 Aug 2017 17:26:58 +0200 +Subject: [PATCH] bmp_read_info_header(): reject bmp files with biBitCount == 0 + (#983) + +--- + src/bin/jp2/convertbmp.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/src/bin/jp2/convertbmp.c b/src/bin/jp2/convertbmp.c +index b49e7a080..2715fdf24 100644 +--- a/src/bin/jp2/convertbmp.c ++++ b/src/bin/jp2/convertbmp.c +@@ -392,6 +392,10 @@ static OPJ_BOOL bmp_read_info_header(FILE* IN, OPJ_BITMAPINFOHEADER* header) + + header->biBitCount = (OPJ_UINT16)getc(IN); + header->biBitCount |= (OPJ_UINT16)((OPJ_UINT32)getc(IN) << 8); ++ if (header->biBitCount == 0) { ++ fprintf(stderr, "Error, invalid biBitCount %d\n", 0); ++ return OPJ_FALSE; ++ } + + if (header->biSize >= 40U) { + header->biCompression = (OPJ_UINT32)getc(IN); diff --git a/gnu/packages/patches/qemu-CVE-2017-12809.patch b/gnu/packages/patches/qemu-CVE-2017-12809.patch new file mode 100644 index 0000000000..e40a14b4e0 --- /dev/null +++ b/gnu/packages/patches/qemu-CVE-2017-12809.patch @@ -0,0 +1,38 @@ +http://openwall.com/lists/oss-security/2017/08/21/2 +https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg01850.html + +The block backend changed in a way that flushing empty CDROM drives now +crashes. Amend IDE to avoid doing so until the root problem can be +addressed for 2.11. + +Original patch by John Snow <address@hidden>. + +Reported-by: Kieron Shorrock <address@hidden> +Signed-off-by: Stefan Hajnoczi <address@hidden> +--- + hw/ide/core.c | 10 +++++++++- + 1 file changed, 9 insertions(+), 1 deletion(-) + +diff --git a/hw/ide/core.c b/hw/ide/core.c +index 0b48b64d3a..bea39536b0 100644 +--- a/hw/ide/core.c ++++ b/hw/ide/core.c +@@ -1063,7 +1063,15 @@ static void ide_flush_cache(IDEState *s) + s->status |= BUSY_STAT; + ide_set_retry(s); + block_acct_start(blk_get_stats(s->blk), &s->acct, 0, BLOCK_ACCT_FLUSH); +- s->pio_aiocb = blk_aio_flush(s->blk, ide_flush_cb, s); ++ ++ if (blk_bs(s->blk)) { ++ s->pio_aiocb = blk_aio_flush(s->blk, ide_flush_cb, s); ++ } else { ++ /* XXX blk_aio_flush() crashes when blk_bs(blk) is NULL, remove this ++ * temporary workaround when blk_aio_*() functions handle NULL blk_bs. ++ */ ++ ide_flush_cb(s, 0); ++ } + } + + static void ide_cfata_metadata_inquiry(IDEState *s) +-- +2.13.3 diff --git a/gnu/packages/photo.scm b/gnu/packages/photo.scm index 7cfbe2ffbe..2378acd975 100644 --- a/gnu/packages/photo.scm +++ b/gnu/packages/photo.scm @@ -65,16 +65,16 @@ (define-public libraw (package (name "libraw") - (version "0.17.2") + (version "0.18.2") (source (origin (method url-fetch) - (uri (string-append "http://www.libraw.org/data/LibRaw-" + (uri (string-append "https://www.libraw.org/data/LibRaw-" version ".tar.gz")) (sha256 (base32 - "0p6imxpsfn82i0i9w27fnzq6q6gwzvb9f7sygqqakv36fqnc9c4j")))) + "1imby9x88pjx4ad1frdi3bfb8dw90ccyj5pb6w3i6i0iijrnndnf")))) (build-system gnu-build-system) - (home-page "http://www.libraw.org") + (home-page "https://www.libraw.org") (synopsis "Raw image decoder") (description "LibRaw is a library for reading RAW files obtained from digital photo diff --git a/gnu/packages/pv.scm b/gnu/packages/pv.scm index 59a0853a0e..db6c3dd669 100644 --- a/gnu/packages/pv.scm +++ b/gnu/packages/pv.scm @@ -25,7 +25,7 @@ (define-public pv (package (name "pv") - (version "1.6.0") + (version "1.6.6") (source (origin (method url-fetch) @@ -33,7 +33,7 @@ version ".tar.bz2")) (sha256 (base32 - "13gg6r84pkvznpd1l11qw1jw9yna40gkgpni256khyx21m785khf")))) + "1wbk14xh9rfypiwyy68ssl8dliyji30ly70qki1y2xx3ywszk3k0")))) (build-system gnu-build-system) (home-page "https://www.ivarch.com/programs/pv.shtml") (synopsis "Pipeline progress indicator") diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm index 102b69cae6..6fe83b2a8b 100644 --- a/gnu/packages/python.scm +++ b/gnu/packages/python.scm @@ -806,14 +806,14 @@ NetCDF files can also be read and modified. Python-HDF4 is a fork of (define-public python-h5py (package (name "python-h5py") - (version "2.6.0") + (version "2.7.0") (source (origin (method url-fetch) (uri (pypi-uri "h5py" version)) (sha256 (base32 - "0df46dg7i7xfking9lp221bfm8dbl974yvlrbi1w7r6m61ac7bxj")))) + "0433sdv6xc9p7v1xs1gvbxp7p152ywi3nplgjb258q9fvw9469br")))) (build-system python-build-system) (arguments `(#:tests? #f ; no test target @@ -855,14 +855,14 @@ concepts.") (define-public python-netcdf4 (package (name "python-netcdf4") - (version "1.2.7") + (version "1.2.9") (source (origin (method url-fetch) (uri (pypi-uri "netCDF4" version)) (sha256 (base32 - "1fllizmnpw0zkzzm4j9pgamarlzfn3kmv9zrm0w65q1y31h9ni0c")))) + "1h6jq338amlbk0ilzvjyl7cck80i0bah9a5spn9in71vy2qxm7i5")))) (build-system python-build-system) (native-inputs `(("python-cython" ,python-cython))) @@ -3477,7 +3477,7 @@ and is very extensible.") (define-public python-scikit-learn (package (name "python-scikit-learn") - (version "0.18.1") + (version "0.19.0") (source (origin (method url-fetch) @@ -3487,7 +3487,7 @@ and is very extensible.") (file-name (string-append name "-" version ".tar.gz")) (sha256 (base32 - "1hwswckdmd27f7k1jvwdc0m4mqrgxl2s245yq1scq34v124bjqgq")))) + "0g7q4ri75mj93wpa9bp83a3jmrf3dm5va9h7k4zkbcxr6bgqka15")))) (build-system python-build-system) (arguments `(#:phases @@ -5230,6 +5230,53 @@ cluster without needing to write any wrapper code yourself.") (define-public python2-gridmap (package-with-python2 python-gridmap)) +(define-public python-honcho + (package + (name "python-honcho") + (version "1.0.1") + (source + (origin + (method url-fetch) + (uri (string-append + "https://github.com/nickstenning/honcho/archive/v" + version ".tar.gz")) + (file-name (string-append name "-" version ".tar.gz")) + (sha256 + (base32 "0zizn61n5z5hq421hkypk9pw8s6fpxw30f4hsg7k4ivwzy3gjw9j")))) + (build-system python-build-system) + (native-inputs + `(("python-pytest" ,python-pytest-3.0) + ("python-mock" ,python-mock) + ("python-tox" ,python-tox) + ("which" ,which))) ;for tests + (propagated-inputs + `(("python-jinja2" ,python-jinja2))) + (arguments + `(#:phases + (modify-phases %standard-phases + (delete 'check) + (add-after 'install 'check + (lambda* (#:key outputs inputs #:allow-other-keys) + ;; fix honcho path in testsuite + (substitute* "tests/conftest.py" + (("'honcho'") (string-append "'" (assoc-ref outputs "out") + "/bin/honcho" "'"))) + ;; It's easier to run tests after install. + ;; Make installed package available for running the tests + (add-installed-pythonpath inputs outputs) + (zero? (system* "py.test" "-v"))))))) + (home-page "https://github.com/nickstenning/honcho") + (synopsis "Manage Procfile-based applications") + (description + "A Procfile is a file which describes how to run an application +consisting of serveral processes. honcho starts all listed processes. +The output of all running processes is collected by honcho and +displayed.") + (license license:expat))) + +(define-public python2-honcho + (package-with-python2 python-honcho)) + (define-public python-pexpect (package (name "python-pexpect") @@ -13932,7 +13979,7 @@ parse many formal languages.") (define-public python2-cliapp (package (name "python2-cliapp") - (version "1.20160724") + (version "1.20170823") (source (origin (method url-fetch) @@ -13941,7 +13988,7 @@ parse many formal languages.") version ".tar.gz")) (sha256 (base32 - "025cyi75vxyghbm4hav8dz4fzwksshddavy9g9fwr440awcvw74f")))) + "1i9gik0xrj6jmi95s5w988jl1y265baz5xm5pbqdyvsh8h9ln6yq")))) (build-system python-build-system) (arguments `(#:python ,python-2)) @@ -13958,7 +14005,7 @@ iterating over input files.") (define-public python2-ttystatus (package (name "python2-ttystatus") - (version "0.32") + (version "0.35") (source (origin (method url-fetch) @@ -13967,7 +14014,7 @@ iterating over input files.") version ".tar.gz")) (sha256 (base32 - "0b5g889jj23r2w1hi300cdldx6jvspanp0ybf5n1qvdvl150aamf")))) + "0vivqbw7ddhsq1zj3g9cvvv4f0phl0pis2smsnwcr2szz2fk3hl6")))) (build-system python-build-system) (arguments `(#:python ,python-2)) @@ -15566,14 +15613,14 @@ address is valid and really exists.") (define-public python-marshmallow (package (name "python-marshmallow") - (version "3.0.0b2") + (version "3.0.0b3") (source (origin (method url-fetch) (uri (pypi-uri "marshmallow" version)) (sha256 (base32 - "11bnpvfdbczr74177p295zbkdrax2cahvbj5bqhhlprgz2xxi5d9")))) + "07mcrij1yvk85lvgx44wwr9pc80xryghvlgayb057g1cazcypysd")))) (build-system python-build-system) (propagated-inputs `(("python-dateutil" ,python-dateutil) diff --git a/gnu/packages/serialization.scm b/gnu/packages/serialization.scm index 3994191bd2..8032e3181d 100644 --- a/gnu/packages/serialization.scm +++ b/gnu/packages/serialization.scm @@ -249,6 +249,8 @@ that implements both the msgpack and msgpack-rpc specifications.") (base32 "1vk6pjh0f5k6jwk2sszb9z5169whmiha9ainbdpa1arxlkq7v3b6")))) (build-system cmake-build-system) + (arguments + '(#:configure-flags '("-DBUILD_SHARED_LIBS=ON"))) (inputs `(("boost" ,boost))) (native-inputs diff --git a/gnu/packages/skarnet.scm b/gnu/packages/skarnet.scm index 37e09d8642..5a46b0db64 100644 --- a/gnu/packages/skarnet.scm +++ b/gnu/packages/skarnet.scm @@ -1,6 +1,7 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2015 Claes Wallin <claes.wallin@greatsinodevelopment.com> ;;; Copyright © 2016 Eric Le Bihan <eric.le.bihan.dev@free.fr> +;;; Copyright © 2017 Z. Ren <zren@dlut.edu.cn> ;;; ;;; This file is part of GNU Guix. ;;; @@ -39,7 +40,16 @@ (build-system gnu-build-system) (arguments '(#:configure-flags '("--enable-force-devr") ; do not analyze /dev/random - #:tests? #f)) ; no tests exist + #:tests? #f ; no tests exist + #:phases (modify-phases %standard-phases + (add-after 'unpack 'reproducible + (lambda _ + ;; Sort source files deterministically so that the *.a + ;; and *.so files are reproducible. + (substitute* "Makefile" + (("\\$\\(ALL_SRCS:%.c=%.o\\)") + "$(sort $(ALL_SRCS:%.c=%.o))")) + #t))))) (home-page "http://skarnet.org/software/skalibs/") (synopsis "Platform abstraction libraries for skarnet.org software") (description diff --git a/gnu/packages/statistics.scm b/gnu/packages/statistics.scm index 685042240a..ad3032e2ec 100644 --- a/gnu/packages/statistics.scm +++ b/gnu/packages/statistics.scm @@ -126,11 +126,12 @@ be output in text, PostScript, PDF or HTML.") "PKG_BUILT_STAMP=1970-01-01") #:phases (modify-phases %standard-phases - ;; FIXME: see bug #28157. - (add-before 'configure 'patch-which + (add-before 'configure 'do-not-compress-serialized-files (lambda* (#:key inputs #:allow-other-keys) - (substitute* "src/library/base/R/unix/system.unix.R" - (("@WHICH@") "which")) + ;; This ensures that Guix can detect embedded store references; + ;; see bug #28157 for details. + (substitute* "src/library/base/makebasedb.R" + (("compress = TRUE") "compress = FALSE")) #t)) (add-before 'configure 'patch-uname (lambda* (#:key inputs #:allow-other-keys) @@ -250,10 +251,8 @@ be output in text, PostScript, PDF or HTML.") ("libxt" ,libxt) ("pcre" ,pcre) ("readline" ,readline) + ("which" ,which) ("zlib" ,zlib))) - ;; FIXME: By default Sys.which embeds a reference to "which", but this - ;; reference is not detected by Guix (see bug #28157). - (propagated-inputs `(("which" ,which))) (native-search-paths (list (search-path-specification (variable "R_LIBS_SITE") @@ -269,6 +268,18 @@ publication-quality data plots. A large amount of 3rd-party packages are available, greatly increasing its breadth and scope.") (license license:gpl3+))) +(define-public rmath-standalone + (package (inherit r-minimal) + (name "rmath-standalone") + (arguments + '(#:phases + (modify-phases %standard-phases + (add-after 'configure 'chdir + (lambda _ (chdir "src/nmath/standalone/") #t))))) + (synopsis "Standalone R math library") + (description + "This package provides the R math library as an independent package."))) + (define-public r-boot (package (name "r-boot") diff --git a/gnu/packages/valgrind.scm b/gnu/packages/valgrind.scm index 5f2bef16df..611a9a0558 100644 --- a/gnu/packages/valgrind.scm +++ b/gnu/packages/valgrind.scm @@ -41,6 +41,8 @@ "18bnrw9b1d55wi1wnl68n25achsp9w48n51n1xw4fwjjnaal7jk7")) (patches (search-patches "valgrind-enable-arm.patch")))) (build-system gnu-build-system) + (outputs '("doc" ;16 MB + "out")) (arguments '(#:phases (modify-phases %standard-phases @@ -53,6 +55,13 @@ (("obj:/lib") "obj:*/lib") (("obj:/usr/X11R6/lib") "obj:*/lib") (("obj:/usr/lib") "obj:*/lib")) + #t))) + (add-after 'install 'install-doc + (lambda* (#:key outputs #:allow-other-keys) + (let ((orig (format #f "~a/share/doc" (assoc-ref outputs "out"))) + (dest (format #f "~a/share" (assoc-ref outputs "doc")))) + (mkdir-p dest) + (rename-file orig dest) #t)))))) (inputs `(;; GDB is needed to provide a sane default for `--db-command'. ("gdb" ,gdb))) diff --git a/gnu/packages/video.scm b/gnu/packages/video.scm index 2057307a30..4ce2a8f401 100644 --- a/gnu/packages/video.scm +++ b/gnu/packages/video.scm @@ -1121,7 +1121,7 @@ access to mpv's powerful playback capabilities.") (define-public youtube-dl (package (name "youtube-dl") - (version "2017.08.18") + (version "2017.08.23") (source (origin (method url-fetch) (uri (string-append "https://yt-dl.org/downloads/" @@ -1129,7 +1129,7 @@ access to mpv's powerful playback capabilities.") version ".tar.gz")) (sha256 (base32 - "1mn3wi31k62c6drpplzp2irygjhiwprj5k7w4m0g8m4bgfdjgx57")))) + "1vq0r37ynnj2hx0ssh3hycg4wzhwch5pphq76swfz76r1klnrich")))) (build-system python-build-system) (arguments ;; The problem here is that the directory for the man page and completion diff --git a/gnu/packages/virtualization.scm b/gnu/packages/virtualization.scm index ab364cd1fb..d06c55bd57 100644 --- a/gnu/packages/virtualization.scm +++ b/gnu/packages/virtualization.scm @@ -87,7 +87,8 @@ "qemu-CVE-2017-10806.patch" "qemu-CVE-2017-10911.patch" "qemu-CVE-2017-11334.patch" - "qemu-CVE-2017-11434.patch")) + "qemu-CVE-2017-11434.patch" + "qemu-CVE-2017-12809.patch")) (sha256 (base32 "08mhfs0ndbkyqgw7fjaa9vjxf4dinrly656f6hjzvmaz7hzc677h")))) @@ -361,7 +362,16 @@ manage system or application containers.") (lambda _ (zero? (system* "make" "install" "sysconfdir=/tmp/etc" - "localstatedir=/tmp/var"))))))) + "localstatedir=/tmp/var")))) + (add-after 'install 'wrap-libvirtd + (lambda* (#:key inputs outputs #:allow-other-keys) + (let ((out (assoc-ref outputs "out"))) + (wrap-program (string-append out "/sbin/libvirtd") + `("PATH" = (,(string-append (assoc-ref inputs "iproute") + "/sbin") + ,(string-append (assoc-ref inputs "qemu") + "/bin")))) + #t)))))) (inputs `(("libxml2" ,libxml2) ("gnutls" ,gnutls) diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm index ccba7ce7e6..64d6874001 100644 --- a/gnu/packages/web.scm +++ b/gnu/packages/web.scm @@ -73,6 +73,7 @@ #:use-module (gnu packages gnuzilla) #:use-module (gnu packages gperf) #:use-module (gnu packages gtk) + #:use-module (gnu packages java) #:use-module (gnu packages javascript) #:use-module (gnu packages image) #:use-module (gnu packages libidn) @@ -306,6 +307,42 @@ such as high performance, preforking, signal support, superdaemon awareness, and UNIX socket support.") (license l:perl-license))) +(define-public icedtea-web + (package + (name "icedtea-web") + (version "1.6.2") + (source (origin + (method url-fetch) + (uri (string-append + "http://icedtea.wildebeest.org/download/source/" + name "-" version ".tar.gz")) + (sha256 + (base32 + "004kwrngyxxlrlzby4vzxjr0xcyngcdc9dfgnvi61ffnjr006ryf")))) + (build-system gnu-build-system) + (arguments + `(#:configure-flags + (list "--disable-plugin" ;NPAPI plugins are obsolete nowadays. + (string-append "BIN_BASH=" (assoc-ref %build-inputs "bash") + "/bin/bash") + (string-append "--with-jdk-home=" (assoc-ref %build-inputs "jdk"))))) + (outputs '("out" "doc")) + (native-inputs + `(("pkg-config" ,pkg-config) + ("zip" ,zip))) + (inputs + `(("gtk+" ,gtk+) + ("jdk" ,icedtea "jdk"))) + (home-page "http://icedtea.classpath.org/wiki/IcedTea-Web") + (synopsis "Java Web Start") + (description + "IcedTea-Web is an implementation of the @dfn{Java Network Launching +Protocol}, also known as Java Web Start. This package provides tools and +libraries for working with JNLP applets.") + ;; The program is mainly GPL2+, with some individual files under LGPL2.1+ + ;; or dual licenses. + (license l:gpl2+))) + (define-public jansson (package (name "jansson") @@ -4763,7 +4800,7 @@ command-line arguments or read from stdin.") (define-public python-internetarchive (package (name "python-internetarchive") - (version "1.6.0") + (version "1.7.1") (source (origin (method url-fetch) @@ -4772,7 +4809,7 @@ command-line arguments or read from stdin.") (file-name (string-append name "-" version ".tar.gz")) (sha256 (base32 - "00v1489rv1ydcihwbdl7sqpcpmm98b9kqqlfggr32k0ndmv7ivas")))) + "1lj4r0y67mwjns2gcjvw0y7m5x0vqir2iv7s4q2y93492azli1qh")))) (build-system python-build-system) (arguments `(#:tests? #f ; 11 tests of 105 fail to mock "requests". diff --git a/gnu/packages/xdisorg.scm b/gnu/packages/xdisorg.scm index 565e6e8927..edb70a37a8 100644 --- a/gnu/packages/xdisorg.scm +++ b/gnu/packages/xdisorg.scm @@ -451,7 +451,7 @@ of the screen selected by mouse.") (define-public slop (package (name "slop") - (version "7.3.48") + (version "7.3.49") (source (origin (method url-fetch) (uri (string-append @@ -460,7 +460,7 @@ of the screen selected by mouse.") (file-name (string-append name "-" version ".tar.gz")) (sha256 (base32 - "14igmf6a6vwx75gjnj10497n04klc35dvq87id8g9jn9rd3m6n25")))) + "0gxi174vi13ldjaf776s2jcdyy379lnwwml29nk1bkzj5d5gpghm")))) (build-system cmake-build-system) (arguments '(#:tests? #f)) ; no "check" target @@ -484,7 +484,7 @@ selection's dimensions to stdout.") (define-public maim (package (name "maim") - (version "5.4.66") + (version "5.4.68") (source (origin (method url-fetch) (uri (string-append @@ -493,7 +493,7 @@ selection's dimensions to stdout.") (file-name (string-append name "-" version ".tar.gz")) (sha256 (base32 - "077aww1fab3ihzxdybxpdh0h3d7fbgpvsm9q92byfb2ig32viyfa")))) + "0f54s7csrxjd5r9anqqa92diwmzdplpws3llmbr6g3c0l6bp8815")))) (build-system cmake-build-system) (arguments '(#:tests? #f)) ; no "check" target diff --git a/gnu/packages/xorg.scm b/gnu/packages/xorg.scm index 1c458831da..2ae87a60b7 100644 --- a/gnu/packages/xorg.scm +++ b/gnu/packages/xorg.scm @@ -5876,7 +5876,7 @@ basic eye-candy effects.") (define-public xpra (package (name "xpra") - (version "2.0.3") + (version "2.1.1") (source (origin (method url-fetch) @@ -5884,7 +5884,7 @@ basic eye-candy effects.") version ".tar.xz")) (sha256 (base32 - "1f2mkbgjslfivh5xq5xbab1cn6jjyc1d104f692f3s0dnhq7dafa")))) + "0fgdddhafxnpjlw5nhfyfyimxp43hdn4yhp1vbsjrz3ypfsfhxq7")))) (build-system python-build-system) (inputs `(("ffmpeg", ffmpeg) ("flac", flac) diff --git a/gnu/services/base.scm b/gnu/services/base.scm index e28e0d7ac5..54bd9ca2fb 100644 --- a/gnu/services/base.scm +++ b/gnu/services/base.scm @@ -1220,6 +1220,9 @@ Service Switch}, for an example." # Don't log private authentication messages! *.info;mail.none;authpriv.none /var/log/messages + # Like /var/log/messages, but also including \"debug\"-level logs. + *.debug;mail.none;authpriv.none /var/log/debug + # Same, in a different place. *.info;mail.none;authpriv.none /dev/tty12 diff --git a/gnu/services/desktop.scm b/gnu/services/desktop.scm index 50a561bf51..0509bd8a44 100644 --- a/gnu/services/desktop.scm +++ b/gnu/services/desktop.scm @@ -73,6 +73,9 @@ elogind-service elogind-service-type + accountsservice-service-type + accountsservice-service + gnome-desktop-configuration gnome-desktop-configuration? gnome-desktop-service @@ -705,6 +708,33 @@ when they log out." ;;; +;;; AccountsService service. +;;; + +(define %accountsservice-activation + #~(begin + (use-modules (guix build utils)) + (mkdir-p "/var/lib/AccountsService"))) + +(define accountsservice-service-type + (service-type (name 'accountsservice) + (extensions + (list (service-extension activation-service-type + (const %accountsservice-activation)) + (service-extension dbus-root-service-type list) + (service-extension polkit-service-type list))))) + +(define* (accountsservice-service #:key (accountsservice accountsservice)) + "Return a service that runs AccountsService, a system service that +can list available accounts, change their passwords, and so on. +AccountsService integrates with PolicyKit to enable unprivileged users to +acquire the capability to modify their system configuration. +@uref{https://www.freedesktop.org/wiki/Software/AccountsService/, the +accountsservice web site} for more information." + (service accountsservice-service-type accountsservice)) + + +;;; ;;; GNOME desktop service. ;;; @@ -783,6 +813,7 @@ with the administrator's password." (wicd-service) (udisks-service) (upower-service) + (accountsservice-service) (colord-service) (geoclue-service) (polkit-service) diff --git a/gnu/services/herd.scm b/gnu/services/herd.scm index e16d51b9d0..5c894af6fd 100644 --- a/gnu/services/herd.scm +++ b/gnu/services/herd.scm @@ -1,5 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2016 Ludovic Courtès <ludo@gnu.org> +;;; Copyright © 2016, 2017 Ludovic Courtès <ludo@gnu.org> ;;; Copyright © 2017 Mathieu Othacehe <m.othacehe@gmail.com> ;;; ;;; This file is part of GNU Guix. @@ -136,7 +136,8 @@ does not denote an error." (define* (invoke-action service action arguments cont) "Invoke ACTION on SERVICE with ARGUMENTS. On success, call CONT with the -result. Otherwise return #f." +list of results (one result per instance with the name SERVICE). Otherwise +return #f." (with-shepherd sock (write `(shepherd-command (version 0) (action ,action) @@ -186,30 +187,34 @@ of pairs." "Return the list of currently defined Shepherd services, represented as <live-service> objects. Return #f if the list of services could not be obtained." - (with-shepherd-action 'root ('status) services - (match services - ((('service ('version 0 _ ...) _ ...) ...) - (map (lambda (service) - (alist-let* service (provides requires running) - (live-service provides requires running))) - services)) - (x - #f)))) + (with-shepherd-action 'root ('status) results + ;; We get a list of results, one for each service with the name 'root'. + ;; In practice there's only one such service though. + (match results + ((services _ ...) + (match services + ((('service ('version 0 _ ...) _ ...) ...) + (map (lambda (service) + (alist-let* service (provides requires running) + (live-service provides requires running))) + services)) + (x + #f)))))) (define (unload-service service) "Unload SERVICE, a symbol name; return #t on success." (with-shepherd-action 'root ('unload (symbol->string service)) result - result)) + (first result))) (define (%load-file file) "Load FILE in the Shepherd." (with-shepherd-action 'root ('load file) result - result)) + (first result))) (define (eval-there exp) "Eval EXP in the Shepherd." (with-shepherd-action 'root ('eval (object->string exp)) result - result)) + (first result))) (define (load-services files) "Load and register the services from FILES, where FILES contain code that diff --git a/gnu/services/virtualization.scm b/gnu/services/virtualization.scm new file mode 100644 index 0000000000..845cdb07ba --- /dev/null +++ b/gnu/services/virtualization.scm @@ -0,0 +1,492 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2017 Ryan Moe <ryan.moe@gmail.com> +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>. + +(define-module (gnu services virtualization) + #:use-module (gnu services) + #:use-module (gnu services configuration) + #:use-module (gnu services base) + #:use-module (gnu services dbus) + #:use-module (gnu services shepherd) + #:use-module (gnu system shadow) + #:use-module (gnu packages admin) + #:use-module (gnu packages virtualization) + #:use-module (guix records) + #:use-module (guix gexp) + #:use-module (guix packages) + #:use-module (ice-9 match) + + #:export (libvirt-configuration + libvirt-service-type + virtlog-service-type)) + +(define (uglify-field-name field-name) + (let ((str (symbol->string field-name))) + (string-join + (string-split (string-delete #\? str) #\-) + "_"))) + +(define (quote-val val) + (string-append "\"" val "\"")) + +(define (serialize-field field-name val) + (format #t "~a = ~a\n" (uglify-field-name field-name) val)) + +(define (serialize-string field-name val) + (serialize-field field-name (quote-val val))) + +(define (serialize-boolean field-name val) + (serialize-field field-name (if val 1 0))) + +(define (serialize-integer field-name val) + (serialize-field field-name val)) + +(define (build-opt-list val) + (string-append + "[" + (string-join (map quote-val val) ",") + "]")) + +(define optional-list? list?) +(define optional-string? string?) + +(define (serialize-list field-name val) + (serialize-field field-name (build-opt-list val))) + +(define (serialize-optional-list field-name val) + (if (null? val) + (format #t "# ~a = []\n" (uglify-field-name field-name)) + (serialize-list field-name val))) + +(define (serialize-optional-string field-name val) + (if (string-null? val) + (format #t "# ~a = \"\"\n" (uglify-field-name field-name)) + (serialize-string field-name val))) + +(define-configuration libvirt-configuration + (libvirt + (package libvirt) + "Libvirt package.") + (listen-tls? + (boolean #t) + "Flag listening for secure TLS connections on the public TCP/IP port. +must set @code{listen} for this to have any effect. + +It is necessary to setup a CA and issue server certificates before +using this capability.") + (listen-tcp? + (boolean #f) + "Listen for unencrypted TCP connections on the public TCP/IP port. +must set @code{listen} for this to have any effect. + +Using the TCP socket requires SASL authentication by default. Only +SASL mechanisms which support data encryption are allowed. This is +DIGEST_MD5 and GSSAPI (Kerberos5)") + (tls-port + (string "16514") + "Port for accepting secure TLS connections This can be a port number, +or service name") + (tcp-port + (string "16509") + "Port for accepting insecure TCP connections This can be a port number, +or service name") + (listen-addr + (string "0.0.0.0") + "IP address or hostname used for client connections.") + (mdns-adv? + (boolean #f) + "Flag toggling mDNS advertisement of the libvirt service. + +Alternatively can disable for all services on a host by +stopping the Avahi daemon.") + (mdns-name + (string (string-append "Virtualization Host " (gethostname))) + "Default mDNS advertisement name. This must be unique on the +immediate broadcast network.") + (unix-sock-group + (string "root") + "UNIX domain socket group ownership. This can be used to +allow a 'trusted' set of users access to management capabilities +without becoming root.") + (unix-sock-ro-perms + (string "0777") + "UNIX socket permissions for the R/O socket. This is used +for monitoring VM status only.") + (unix-sock-rw-perms + (string "0770") + "UNIX socket permissions for the R/W socket. Default allows +only root. If PolicyKit is enabled on the socket, the default +will change to allow everyone (eg, 0777)") + (unix-sock-admin-perms + (string "0777") + "UNIX socket permissions for the admin socket. Default allows +only owner (root), do not change it unless you are sure to whom +you are exposing the access to.") + (unix-sock-dir + (string "/var/run/libvirt") + "The directory in which sockets will be found/created.") + (auth-unix-ro + (string "polkit") + "Authentication scheme for UNIX read-only sockets. By default +socket permissions allow anyone to connect") + (auth-unix-rw + (string "polkit") + "Authentication scheme for UNIX read-write sockets. By default +socket permissions only allow root. If PolicyKit support was compiled +into libvirt, the default will be to use 'polkit' auth.") + (auth-tcp + (string "sasl") + "Authentication scheme for TCP sockets. If you don't enable SASL, +then all TCP traffic is cleartext. Don't do this outside of a dev/test +scenario.") + (auth-tls + (string "none") + "Authentication scheme for TLS sockets. TLS sockets already have +encryption provided by the TLS layer, and limited authentication is +done by certificates. + +It is possible to make use of any SASL authentication mechanism as +well, by using 'sasl' for this option") + (access-drivers + (optional-list '()) + "API access control scheme. + +By default an authenticated user is allowed access to all APIs. Access +drivers can place restrictions on this.") + (key-file + (string "") + "Server key file path. If set to an empty string, then no private key +is loaded.") + (cert-file + (string "") + "Server key file path. If set to an empty string, then no certificate +is loaded.") + (ca-file + (string "") + "Server key file path. If set to an empty string, then no CA certificate +is loaded.") + (crl-file + (string "") + "Certificate revocation list path. If set to an empty string, then no +CRL is loaded.") + (tls-no-sanity-cert + (boolean #f) + "Disable verification of our own server certificates. + +When libvirtd starts it performs some sanity checks against its own +certificates.") + (tls-no-verify-cert + (boolean #f) + "Disable verification of client certificates. + +Client certificate verification is the primary authentication mechanism. +Any client which does not present a certificate signed by the CA +will be rejected.") + (tls-allowed-dn-list + (optional-list '()) + "Whitelist of allowed x509 Distinguished Name.") + (sasl-allowed-usernames + (optional-list '()) + "Whitelist of allowed SASL usernames. The format for username +depends on the SASL authentication mechanism.") + (tls-priority + (string "NORMAL") + "Override the compile time default TLS priority string. The +default is usually \"NORMAL\" unless overridden at build time. +Only set this is it is desired for libvirt to deviate from +the global default settings.") + (max-clients + (integer 5000) + "Maximum number of concurrent client connections to allow +over all sockets combined.") + (max-queued-clients + (integer 1000) + "Maximum length of queue of connections waiting to be +accepted by the daemon. Note, that some protocols supporting +retransmission may obey this so that a later reattempt at +connection succeeds.") + (max-anonymous-clients + (integer 20) + "Maximum length of queue of accepted but not yet authenticated +clients. Set this to zero to turn this feature off") + (min-workers + (integer 5) + "Number of workers to start up initially.") + (max-workers + (integer 20) + "Maximum number of worker threads. + +If the number of active clients exceeds @code{min-workers}, +then more threads are spawned, up to max_workers limit. +Typically you'd want max_workers to equal maximum number +of clients allowed.") + (prio-workers + (integer 5) + "Number of priority workers. If all workers from above +pool are stuck, some calls marked as high priority +(notably domainDestroy) can be executed in this pool.") + (max-requests + (integer 20) + "Total global limit on concurrent RPC calls.") + (max-client-requests + (integer 5) + "Limit on concurrent requests from a single client +connection. To avoid one client monopolizing the server +this should be a small fraction of the global max_requests +and max_workers parameter.") + (admin-min-workers + (integer 1) + "Same as @code{min-workers} but for the admin interface.") + (admin-max-workers + (integer 5) + "Same as @code{max-workers} but for the admin interface.") + (admin-max-clients + (integer 5) + "Same as @code{max-clients} but for the admin interface.") + (admin-max-queued-clients + (integer 5) + "Same as @code{max-queued-clients} but for the admin interface.") + (admin-max-client-requests + (integer 5) + "Same as @code{max-client-requests} but for the admin interface.") + (log-level + (integer 3) + "Logging level. 4 errors, 3 warnings, 2 information, 1 debug.") + (log-filters + (string "3:remote 4:event") + "Logging filters. + +A filter allows to select a different logging level for a given category +of logs +The format for a filter is one of: +@itemize +@item x:name + +@item x:+name +@end itemize + +where @code{name} is a string which is matched against the category +given in the @code{VIR_LOG_INIT()} at the top of each libvirt source +file, e.g., \"remote\", \"qemu\", or \"util.json\" (the name in the +filter can be a substring of the full category name, in order +to match multiple similar categories), the optional \"+\" prefix +tells libvirt to log stack trace for each message matching +name, and @code{x} is the minimal level where matching messages should +be logged: + +@itemize +@item 1: DEBUG +@item 2: INFO +@item 3: WARNING +@item 4: ERROR +@end itemize + +Multiple filters can be defined in a single filters statement, they just +need to be separated by spaces.") + (log-outputs + (string "3:stderr") + "Logging outputs. + +An output is one of the places to save logging information +The format for an output can be: + +@table @code +@item x:stderr +output goes to stderr + +@item x:syslog:name +use syslog for the output and use the given name as the ident + +@item x:file:file_path +output to a file, with the given filepath + +@item x:journald +output to journald logging system +@end table + +In all case the x prefix is the minimal level, acting as a filter + +@itemize +@item 1: DEBUG +@item 2: INFO +@item 3: WARNING +@item 4: ERROR +@end itemize + +Multiple outputs can be defined, they just need to be separated by spaces.") + (audit-level + (integer 1) + "Allows usage of the auditing subsystem to be altered + +@itemize +@item 0: disable all auditing +@item 1: enable auditing, only if enabled on host +@item 2: enable auditing, and exit if disabled on host. +@end itemize +") + (audit-logging + (boolean #f) + "Send audit messages via libvirt logging infrastructure.") + (host-uuid + (optional-string "") + "Host UUID. UUID must not have all digits be the same.") + (host-uuid-source + (string "smbios") + "Source to read host UUID. + +@itemize + +@item @code{smbios}: fetch the UUID from @code{dmidecode -s system-uuid} + +@item @code{machine-id}: fetch the UUID from @code{/etc/machine-id} + +@end itemize + +If @code{dmidecode} does not provide a valid UUID a temporary UUID +will be generated.") + (keepalive-interval + (integer 5) + "A keepalive message is sent to a client after +@code{keepalive_interval} seconds of inactivity to check if +the client is still responding. If set to -1, libvirtd will +never send keepalive requests; however clients can still send +them and the daemon will send responses.") + (keepalive-count + (integer 5) + "Maximum number of keepalive messages that are allowed to be sent +to the client without getting any response before the connection is +considered broken. + +In other words, the connection is automatically +closed approximately after +@code{keepalive_interval * (keepalive_count + 1)} seconds since the last +message received from the client. When @code{keepalive-count} is +set to 0, connections will be automatically closed after +@code{keepalive-interval} seconds of inactivity without sending any +keepalive messages.") + (admin-keepalive-interval + (integer 5) + "Same as above but for admin interface.") + (admin-keepalive-count + (integer 5) + "Same as above but for admin interface.") + (ovs-timeout + (integer 5) + "Timeout for Open vSwitch calls. + +The @code{ovs-vsctl} utility is used for the configuration and +its timeout option is set by default to 5 seconds to avoid +potential infinite waits blocking libvirt.")) + +(define* (libvirt-conf-file config) + "Return a libvirtd config file." + (plain-file "libvirtd.conf" + (with-output-to-string + (lambda () + (serialize-configuration config libvirt-configuration-fields))))) + +(define %libvirt-accounts + (list (user-group (name "libvirt") (system? #t)))) + +(define (%libvirt-activation config) + (let ((sock-dir (libvirt-configuration-unix-sock-dir config))) + #~(begin + (use-modules (guix build utils)) + (mkdir-p #$sock-dir)))) + + +(define (libvirt-shepherd-service config) + (let* ((config-file (libvirt-conf-file config)) + (libvirt (libvirt-configuration-libvirt config))) + (list (shepherd-service + (documentation "Run the libvirt daemon.") + (provision '(libvirtd)) + (start #~(make-forkexec-constructor + (list (string-append #$libvirt "/sbin/libvirtd") + "-f" #$config-file))) + (stop #~(make-kill-destructor)))))) + +(define libvirt-service-type + (service-type (name 'libvirt) + (extensions + (list + (service-extension polkit-service-type + (compose list libvirt-configuration-libvirt)) + (service-extension profile-service-type + (compose list + libvirt-configuration-libvirt)) + (service-extension activation-service-type + %libvirt-activation) + (service-extension shepherd-root-service-type + libvirt-shepherd-service) + (service-extension account-service-type + (const %libvirt-accounts)))) + (default-value (libvirt-configuration)))) + + +(define-record-type* <virtlog-configuration> + virtlog-configuration make-virtlog-configuration + virtlog-configuration? + (libvirt virtlog-configuration-libvirt + (default libvirt)) + (log-level virtlog-configuration-log-level + (default 3)) + (log-filters virtlog-configuration-log-filters + (default "3:remote 4:event")) + (log-outputs virtlog-configuration-log-outputs + (default "3:syslog:virtlogd")) + (max-clients virtlog-configuration-max-clients + (default 1024)) + (max-size virtlog-configuration-max-size + (default 2097152)) ;; 2MB + (max-backups virtlog-configuration-max-backups + (default 3))) + +(define* (virtlogd-conf-file config) + "Return a virtlogd config file." + (plain-file "virtlogd.conf" + (string-append + "log_level = " (number->string (virtlog-configuration-log-level config)) "\n" + "log_filters = \"" (virtlog-configuration-log-filters config) "\"\n" + "log_outputs = \"" (virtlog-configuration-log-outputs config) "\"\n" + "max_clients = " (number->string (virtlog-configuration-max-clients config)) "\n" + "max_size = " (number->string (virtlog-configuration-max-size config)) "\n" + "max_backups = " (number->string (virtlog-configuration-max-backups config)) "\n"))) + +(define (virtlogd-shepherd-service config) + (let* ((config-file (virtlogd-conf-file config)) + (libvirt (virtlog-configuration-libvirt config))) + (list (shepherd-service + (documentation "Run the virtlog daemon.") + (provision '(virtlogd)) + (start #~(make-forkexec-constructor + (list (string-append #$libvirt "/sbin/virtlogd") + "-f" #$config-file))) + (stop #~(make-kill-destructor)))))) + +(define virtlog-service-type + (service-type (name 'virtlogd) + (extensions + (list + (service-extension shepherd-root-service-type + virtlogd-shepherd-service))) + (default-value (virtlog-configuration)))) + +(define (generate-libvirt-documentation) + (generate-documentation + `((libvirt-configuration ,libvirt-configuration-fields)) + 'libvirt-configuration)) diff --git a/gnu/services/web.scm b/gnu/services/web.scm index cc7adeb5e4..18278502e4 100644 --- a/gnu/services/web.scm +++ b/gnu/services/web.scm @@ -30,16 +30,47 @@ #:use-module (guix gexp) #:use-module (srfi srfi-1) #:use-module (ice-9 match) - #:export (nginx-configuration + #:export (<nginx-configuration> + nginx-configuration nginx-configuration? + nginx-configuartion-nginx + nginx-configuration-log-directory + nginx-configuration-run-directory + nginx-configuration-server-blocks + nginx-configuration-upstream-blocks + nginx-configuration-file + + <nginx-server-configuration> nginx-server-configuration nginx-server-configuration? + nginx-server-configuration-http-port + nginx-server-configuartion-https-port + nginx-server-configuration-server-name + nginx-server-configuration-root + nginx-server-configuration-locations + nginx-server-configuration-index + nginx-server-configuration-ssl-certificate + nginx-server-configuration-ssl-certificate-key + nginx-server-configuration-server-tokens? + + <nginx-upstream-configuration> nginx-upstream-configuration nginx-upstream-configuration? + nginx-upstream-configuration-name + nginx-upstream-configuration-servers + + <nginx-location-configuration> nginx-location-configuration nginx-location-configuration? + nginx-location-configuration-uri + nginx-location-configuration-body + + <nginx-named-location-configuration> nginx-named-location-configuration nginx-named-location-configuration? + nginx-named-location-configuration-name + nginx-named-location-configuration-body + nginx-service nginx-service-type @@ -293,26 +324,9 @@ of index files." (inherit config) (server-blocks (append (nginx-configuration-server-blocks config) - servers))))))) - -(define* (nginx-service #:key (nginx nginx) - (log-directory "/var/log/nginx") - (run-directory "/var/run/nginx") - (server-list '()) - (upstream-list '()) - (config-file #f)) - "Return a service that runs NGINX, the nginx web server. - -The nginx daemon loads its runtime configuration from CONFIG-FILE, stores log -files in LOG-DIRECTORY, and stores temporary runtime files in RUN-DIRECTORY." - (service nginx-service-type - (nginx-configuration - (nginx nginx) - (log-directory log-directory) - (run-directory run-directory) - (server-blocks server-list) - (upstream-blocks upstream-list) - (file config-file)))) + servers))))) + (default-value + (nginx-configuration)))) (define-record-type* <fcgiwrap-configuration> fcgiwrap-configuration make-fcgiwrap-configuration diff --git a/gnu/services/xorg.scm b/gnu/services/xorg.scm index 5bae8c18e1..5a8ee6cd40 100644 --- a/gnu/services/xorg.scm +++ b/gnu/services/xorg.scm @@ -1,4 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2017 Andy Wingo <wingo@igalia.com> ;;; Copyright © 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org> ;;; Copyright © 2015 Sou Bunnbu <iyzsong@gmail.com> ;;; @@ -22,14 +23,17 @@ #:use-module (gnu services) #:use-module (gnu services shepherd) #:use-module (gnu system pam) + #:use-module (gnu services dbus) #:use-module ((gnu packages base) #:select (canonical-package)) #:use-module (gnu packages guile) #:use-module (gnu packages xorg) #:use-module (gnu packages gl) #:use-module (gnu packages display-managers) #:use-module (gnu packages gnustep) + #:use-module (gnu packages gnome) #:use-module (gnu packages admin) #:use-module (gnu packages bash) + #:use-module (gnu system shadow) #:use-module (guix gexp) #:use-module (guix store) #:use-module (guix packages) @@ -41,6 +45,7 @@ #:use-module (ice-9 match) #:export (xorg-configuration-file %default-xorg-modules + xorg-wrapper xorg-start-command xinitrc @@ -53,7 +58,11 @@ screen-locker screen-locker? screen-locker-service-type - screen-locker-service)) + screen-locker-service + + gdm-configuration + gdm-service-type + gdm-service)) ;;; Commentary: ;;; @@ -184,36 +193,51 @@ in @var{modules}." files) #t)))) -(define* (xorg-start-command #:key - (guile (canonical-package guile-2.0)) - (configuration-file (xorg-configuration-file)) - (modules %default-xorg-modules) - (xorg-server xorg-server)) +(define* (xorg-wrapper #:key + (guile (canonical-package guile-2.0)) + (configuration-file (xorg-configuration-file)) + (modules %default-xorg-modules) + (xorg-server xorg-server)) "Return a derivation that builds a @var{guile} script to start the X server from @var{xorg-server}. @var{configuration-file} is the server configuration file or a derivation that builds it; when omitted, the result of -@code{xorg-configuration-file} is used. - -Usually the X server is started by a login manager." +@code{xorg-configuration-file} is used. The resulting script should be used +in place of @code{/usr/bin/X}." (define exp ;; Write a small wrapper around the X server. #~(begin (setenv "XORG_DRI_DRIVER_PATH" (string-append #$mesa "/lib/dri")) (setenv "XKB_BINDIR" (string-append #$xkbcomp "/bin")) - (apply execl (string-append #$xorg-server "/bin/X") - (string-append #$xorg-server "/bin/X") ;argv[0] - "-logverbose" "-verbose" - "-xkbdir" (string-append #$xkeyboard-config "/share/X11/xkb") - "-config" #$configuration-file - "-configdir" #$(xorg-configuration-directory modules) - "-nolisten" "tcp" "-terminate" + (let ((X (string-append #$xorg-server "/bin/X"))) + (apply execl X X + "-xkbdir" (string-append #$xkeyboard-config "/share/X11/xkb") + "-config" #$configuration-file + "-configdir" #$(xorg-configuration-directory modules) + (cdr (command-line)))))) + + (program-file "X-wrapper" exp)) - ;; Note: SLiM and other display managers add the - ;; '-auth' flag by themselves. - (cdr (command-line))))) +(define* (xorg-start-command #:key + (guile (canonical-package guile-2.0)) + (configuration-file (xorg-configuration-file)) + (modules %default-xorg-modules) + (xorg-server xorg-server)) + "Return a derivation that builds a @code{startx} script in which a number of +X modules are available. See @code{xorg-wrapper} for more details on the +arguments. The result should be used in place of @code{startx}." + (define X + (xorg-wrapper #:guile guile + #:configuration-file configuration-file + #:modules modules + #:xorg-server xorg-server)) + (define exp + ;; Write a small wrapper around the X server. + #~(apply execl #$X #$X ;; Second #$X is for argv[0]. + "-logverbose" "-verbose" "-nolisten" "tcp" "-terminate" + (cdr (command-line)))) - (program-file "start-xorg" exp)) + (program-file "startx" exp)) (define* (xinitrc #:key (guile (canonical-package guile-2.0)) @@ -459,4 +483,142 @@ makes the good ol' XlockMore usable." (file-append package "/bin/" program) allow-empty-passwords?))) +(define %gdm-accounts + (list (user-group (name "gdm") (system? #t)) + (user-account + (name "gdm") + (group "gdm") + (system? #t) + (comment "GNOME Display Manager user") + (home-directory "/var/lib/gdm") + (shell (file-append shadow "/sbin/nologin"))))) + +(define-record-type* <gdm-configuration> + gdm-configuration make-gdm-configuration + gdm-configuration? + (gdm gdm-configuration-gdm (default gdm)) + (allow-empty-passwords? gdm-configuration-allow-empty-passwords? (default #t)) + (allow-root? gdm-configuration-allow-root? (default #t)) + (auto-login? gdm-configuration-auto-login? (default #f)) + (default-user gdm-configuration-default-user (default #f)) + (x-server gdm-configuration-x-server)) + +(define (gdm-etc-service config) + (define gdm-configuration-file + (mixed-text-file "gdm-custom.conf" + "[daemon]\n" + "#User=gdm\n" + "#Group=gdm\n" + (if (gdm-configuration-auto-login? config) + (string-append + "AutomaticLoginEnable=true\n" + "AutomaticLogin=" + (or (gdm-configuration-default-user config) + (error "missing default user for auto-login")) + "\n") + (string-append + "AutomaticLoginEnable=false\n" + "#AutomaticLogin=\n")) + "#TimedLoginEnable=false\n" + "#TimedLogin=\n" + "#TimedLoginDelay=0\n" + "#InitialSetupEnable=true\n" + ;; Enable me once X is working. + "WaylandEnable=false\n" + "\n" + "[debug]\n" + "Enable=true\n" + "\n" + "[security]\n" + "#DisallowTCP=true\n" + "#AllowRemoteAutoLogin=false\n")) + `(("gdm" ,(file-union + "gdm" + `(("custom.conf" ,gdm-configuration-file)))))) + +(define (gdm-pam-service config) + "Return a PAM service for @command{gdm}." + (list + (pam-service + (inherit (unix-pam-service "gdm-autologin")) + (auth (list (pam-entry + (control "[success=ok default=1]") + (module (file-append (gdm-configuration-gdm config) + "/lib/security/pam_gdm.so"))) + (pam-entry + (control "sufficient") + (module "pam_permit.so"))))) + (pam-service + (inherit (unix-pam-service "gdm-launch-environment")) + (auth (list (pam-entry + (control "required") + (module "pam_permit.so"))))) + (unix-pam-service + "gdm-password" + #:allow-empty-passwords? (gdm-configuration-allow-empty-passwords? config) + #:allow-root? (gdm-configuration-allow-root? config)))) + +(define (gdm-shepherd-service config) + (list (shepherd-service + (documentation "Xorg display server (GDM)") + (provision '(xorg-server)) + (requirement '(dbus-system user-processes host-name udev)) + ;; While this service isn't working properly, turn off auto-start. + (auto-start? #f) + (start #~(lambda () + (fork+exec-command + (list #$(file-append (gdm-configuration-gdm config) + "/bin/gdm")) + #:environment-variables + (list (string-append + "GDM_X_SERVER=" + #$(gdm-configuration-x-server config)))))) + (stop #~(make-kill-destructor)) + (respawn? #t)))) + +(define gdm-service-type + (service-type (name 'gdm) + (extensions + (list (service-extension shepherd-root-service-type + gdm-shepherd-service) + (service-extension account-service-type + (const %gdm-accounts)) + (service-extension pam-root-service-type + gdm-pam-service) + (service-extension etc-service-type + gdm-etc-service) + (service-extension dbus-root-service-type + (compose list gdm-configuration-gdm)))))) + +;; This service isn't working yet; it gets as far as starting to run the +;; greeter from gnome-shell but doesn't get any further. It is here because +;; it doesn't hurt anyone and perhaps it inspires someone to fix it :) +(define* (gdm-service #:key (gdm gdm) + (allow-empty-passwords? #t) + (x-server (xorg-wrapper))) + "Return a service that spawns the GDM graphical login manager, which in turn +starts the X display server with @var{X}, a command as returned by +@code{xorg-wrapper}. + +@cindex X session + +GDM automatically looks for session types described by the @file{.desktop} +files in @file{/run/current-system/profile/share/xsessions} and allows users +to choose a session from the log-in screen using @kbd{F1}. Packages such as +@var{xfce}, @var{sawfish}, and @var{ratpoison} provide @file{.desktop} files; +adding them to the system-wide set of packages automatically makes them +available at the log-in screen. + +In addition, @file{~/.xsession} files are honored. When available, +@file{~/.xsession} must be an executable that starts a window manager +and/or other X clients. + +When @var{allow-empty-passwords?} is true, allow logins with an empty +password." + (service gdm-service-type + (gdm-configuration + (gdm gdm) + (allow-empty-passwords? allow-empty-passwords?) + (x-server x-server)))) + ;;; xorg.scm ends here diff --git a/gnu/system/examples/bare-bones.tmpl b/gnu/system/examples/bare-bones.tmpl index a10ee6e7fe..459d241885 100644 --- a/gnu/system/examples/bare-bones.tmpl +++ b/gnu/system/examples/bare-bones.tmpl @@ -14,7 +14,7 @@ ;; the label of the target root file system. (bootloader (bootloader-configuration (bootloader grub-bootloader) - (device "/dev/sdX"))) + (target "/dev/sdX"))) (file-systems (cons (file-system (device "my-root") (title 'label) diff --git a/gnu/system/examples/desktop.tmpl b/gnu/system/examples/desktop.tmpl index 3cfbd9add6..2131d1f18f 100644 --- a/gnu/system/examples/desktop.tmpl +++ b/gnu/system/examples/desktop.tmpl @@ -15,7 +15,7 @@ ;; is the label of the target root file system. (bootloader (bootloader-configuration (bootloader grub-bootloader) - (device "/dev/sdX"))) + (target "/dev/sdX"))) ;; Specify a mapped device for the encrypted root partition. ;; The UUID is that returned by 'cryptsetup luksUUID'. diff --git a/gnu/system/examples/lightweight-desktop.tmpl b/gnu/system/examples/lightweight-desktop.tmpl index 127ceb4dc5..fb7cfebf6d 100644 --- a/gnu/system/examples/lightweight-desktop.tmpl +++ b/gnu/system/examples/lightweight-desktop.tmpl @@ -15,7 +15,7 @@ ;; Partition mounted on /boot/efi. (bootloader (bootloader-configuration (bootloader grub-efi-bootloader) - (device "/boot/efi"))) + (target "/boot/efi"))) ;; Assume the target root file system is labelled "my-root". (file-systems (cons* (file-system diff --git a/gnu/system/examples/vm-image.tmpl b/gnu/system/examples/vm-image.tmpl index 57ac71c535..056b439c5f 100644 --- a/gnu/system/examples/vm-image.tmpl +++ b/gnu/system/examples/vm-image.tmpl @@ -26,7 +26,7 @@ partprobe, and then 2) resizing the filesystem with resize2fs.\n")) ;; Assuming /dev/sdX is the target hard disk, and "my-root" is ;; the label of the target root file system. - (bootloader (grub-configuration (device "/dev/sda") + (bootloader (grub-configuration (target "/dev/sda") (terminal-outputs '(console)))) (file-systems (cons (file-system (device "my-root") diff --git a/gnu/system/install.scm b/gnu/system/install.scm index 6837385daf..7f6ffe9582 100644 --- a/gnu/system/install.scm +++ b/gnu/system/install.scm @@ -299,8 +299,7 @@ Use Alt-F2 for documentation. (host-name "gnu") (timezone "Europe/Paris") (locale "en_US.utf8") - (bootloader (grub-configuration - (device "/dev/sda"))) + (bootloader (grub-configuration (target "/dev/sda"))) (file-systems ;; Note: the disk image build code overrides this root file system with ;; the appropriate one. diff --git a/gnu/tests.scm b/gnu/tests.scm index 2886a982f4..97b9cc5107 100644 --- a/gnu/tests.scm +++ b/gnu/tests.scm @@ -206,7 +206,7 @@ the system under test." (timezone "Europe/Berlin") (locale "en_US.UTF-8") - (bootloader (grub-configuration (device "/dev/sdX"))) + (bootloader (grub-configuration (target "/dev/sdX"))) (file-systems (cons (file-system (device "my-root") (title 'label) diff --git a/gnu/tests/install.scm b/gnu/tests/install.scm index 22e4181ab1..866bf885ce 100644 --- a/gnu/tests/install.scm +++ b/gnu/tests/install.scm @@ -59,7 +59,7 @@ (timezone "Europe/Paris") (locale "en_US.UTF-8") - (bootloader (grub-configuration (device "/dev/vdb"))) + (bootloader (grub-configuration (target "/dev/vdb"))) (kernel-arguments '("console=ttyS0")) (file-systems (cons (file-system (device "my-root") @@ -98,7 +98,7 @@ (bootloader (bootloader-configuration (bootloader extlinux-bootloader-gpt) - (device "/dev/vdb"))) + (target "/dev/vdb"))) (kernel-arguments '("console=ttyS0")) (file-systems (cons (file-system (device "my-root") @@ -326,7 +326,7 @@ per %test-installed-os, this test is expensive in terms of CPU and storage.") (timezone "Europe/Paris") (locale "en_US.utf8") - (bootloader (grub-configuration (device "/dev/vdb"))) + (bootloader (grub-configuration (target "/dev/vdb"))) (kernel-arguments '("console=ttyS0")) (file-systems (cons* (file-system (device "my-root") @@ -384,7 +384,7 @@ partition. In particular, home directories must be correctly created (see (timezone "Europe/Paris") (locale "en_US.UTF-8") - (bootloader (grub-configuration (device "/dev/vdb"))) + (bootloader (grub-configuration (target "/dev/vdb"))) (kernel-arguments '("console=ttyS0")) (file-systems (cons* (file-system (device "root-fs") @@ -460,7 +460,7 @@ where /gnu lives on a separate partition.") (timezone "Europe/Paris") (locale "en_US.utf8") - (bootloader (grub-configuration (device "/dev/vdb"))) + (bootloader (grub-configuration (target "/dev/vdb"))) (kernel-arguments '("console=ttyS0")) (initrd (lambda (file-systems . rest) ;; Add a kernel module for RAID-0 (aka. "stripe"). @@ -543,7 +543,7 @@ by 'mdadm'.") (timezone "Europe/Paris") (locale "en_US.UTF-8") - (bootloader (grub-configuration (device "/dev/vdb"))) + (bootloader (grub-configuration (target "/dev/vdb"))) ;; Note: Do not pass "console=ttyS0" so we can use our passphrase prompt ;; detection logic in 'enter-luks-passphrase'. @@ -670,7 +670,7 @@ build (current-guix) and then store a couple of full system images.") (timezone "Europe/Paris") (locale "en_US.UTF-8") - (bootloader (grub-configuration (device "/dev/vdb"))) + (bootloader (grub-configuration (target "/dev/vdb"))) (kernel-arguments '("console=ttyS0")) (file-systems (cons (file-system (device "my-root") diff --git a/gnu/tests/nfs.scm b/gnu/tests/nfs.scm index 2e666b2c08..889f578d01 100644 --- a/gnu/tests/nfs.scm +++ b/gnu/tests/nfs.scm @@ -41,7 +41,7 @@ (timezone "Europe/Berlin") (locale "en_US.UTF-8") - (bootloader (grub-configuration (device "/dev/sdX"))) + (bootloader (grub-configuration (target "/dev/sdX"))) (file-systems %base-file-systems) (users %base-user-accounts) (packages (cons* diff --git a/gnu/tests/virtualization.scm b/gnu/tests/virtualization.scm new file mode 100644 index 0000000000..c2939355b2 --- /dev/null +++ b/gnu/tests/virtualization.scm @@ -0,0 +1,95 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2017 Christopher Baines <mail@cbaines.net> +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>. + +(define-module (gnu tests virtualization) + #:use-module (gnu tests) + #:use-module (gnu system) + #:use-module (gnu system file-systems) + #:use-module (gnu system vm) + #:use-module (gnu services) + #:use-module (gnu services dbus) + #:use-module (gnu services networking) + #:use-module (gnu services virtualization) + #:use-module (gnu packages virtualization) + #:use-module (guix gexp) + #:use-module (guix store) + #:export (%test-libvirt)) + +(define %libvirt-os + (simple-operating-system + (dhcp-client-service) + (dbus-service) + (polkit-service) + (service libvirt-service-type))) + +(define (run-libvirt-test) + "Run tests in %LIBVIRT-OS." + (define os + (marionette-operating-system + %libvirt-os + #:imported-modules '((gnu services herd) + (guix combinators)))) + + (define vm + (virtual-machine + (operating-system os) + (port-forwardings '()))) + + (define test + (with-imported-modules '((gnu build marionette)) + #~(begin + (use-modules (srfi srfi-11) (srfi srfi-64) + (gnu build marionette)) + + (define marionette + (make-marionette (list #$vm))) + + (mkdir #$output) + (chdir #$output) + + (test-begin "libvirt") + + (test-assert "service running" + (marionette-eval + '(begin + (use-modules (gnu services herd)) + (match (start-service 'libvirtd) + (#f #f) + (('service response-parts ...) + (match (assq-ref response-parts 'running) + ((pid) (number? pid)))))) + marionette)) + + (test-eq "fetch version" + 0 + (marionette-eval + `(begin + (system* ,(string-append #$libvirt "/bin/virsh") + "-c" "qemu:///system" "version")) + marionette)) + + (test-end) + (exit (= (test-runner-fail-count (test-runner-current)) 0))))) + + (gexp->derivation "libvirt-test" test)) + +(define %test-libvirt + (system-test + (name "libvirt") + (description "Connect to the running LIBVIRT service.") + (value (run-libvirt-test)))) diff --git a/guix/build/graft.scm b/guix/build/graft.scm index 16df169ec7..3dce486adf 100644 --- a/guix/build/graft.scm +++ b/guix/build/graft.scm @@ -164,15 +164,19 @@ bytevectors to the same value." ;; not to unget bytes that have already been written, because ;; that would cause them to be written again from the next ;; buffer. In practice, this case occurs when a replacement is - ;; made near the end of the buffer. - (let* ((unwritten (- end written)) - (unget-size (if (= end request-size) - (min hash-length unwritten) - 0)) - (write-size (- unwritten unget-size))) - (put-bytevector output buffer written write-size) - (unget-bytevector input buffer (+ written write-size) - unget-size) + ;; made near or beyond the end of the buffer. When REPLACEMENT + ;; went beyond END, we consume the extra bytes from INPUT. + (begin + (if (> written end) + (get-bytevector-n! input buffer 0 (- written end)) + (let* ((unwritten (- end written)) + (unget-size (if (= end request-size) + (min hash-length unwritten) + 0)) + (write-size (- unwritten unget-size))) + (put-bytevector output buffer written write-size) + (unget-bytevector input buffer (+ written write-size) + unget-size))) (loop))))))))) (define (rename-matching-files directory mapping) diff --git a/guix/graph.scm b/guix/graph.scm index 5b650f5448..d7fd5f3e4b 100644 --- a/guix/graph.scm +++ b/guix/graph.scm @@ -1,7 +1,6 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2015, 2016 Ludovic Courtès <ludo@gnu.org> ;;; Copyright © 2016 Ricardo Wurmus <rekado@elephly.net> -;;; Copyright © 2017 Roel Janssen <roel@gnu.org> ;;; ;;; This file is part of GNU Guix. ;;; @@ -23,7 +22,6 @@ #:use-module (guix monads) #:use-module (guix records) #:use-module (guix sets) - #:use-module (guix packages) #:use-module (rnrs io ports) #:use-module (srfi srfi-1) #:use-module (srfi srfi-9) @@ -172,9 +170,9 @@ typically returned by 'node-edges' or 'node-back-edges'." name)) (define (emit-epilogue port) (display "\n}\n" port)) -(define (emit-node id node port) +(define (emit-node id label port) (format port " \"~a\" [label = \"~a\", shape = box, fontname = Helvetica];~%" - id (package-full-name node))) + id label)) (define (emit-edge id1 id2 port) (format port " \"~a\" -> \"~a\" [color = ~a];~%" id1 id2 (pop-color id1))) @@ -215,11 +213,11 @@ var nodes = {}, (format port "</script><script type=\"text/javascript\" src=\"~a\"></script></body></html>" (search-path %load-path "graph.js"))) -(define (emit-d3js-node id node port) +(define (emit-d3js-node id label port) (format port "\ nodes[\"~a\"] = {\"id\": \"~a\", \"label\": \"~a\", \"index\": nodeArray.length}; nodeArray.push(nodes[\"~a\"]);~%" - id id (package-full-name node) id)) + id id label id)) (define (emit-d3js-edge id1 id2 port) (format port "links.push({\"source\": \"~a\", \"target\": \"~a\"});~%" @@ -243,9 +241,9 @@ nodeArray.push(nodes[\"~a\"]);~%" (define (emit-cypher-epilogue port) (format port "")) -(define (emit-cypher-node id node port) +(define (emit-cypher-node id label port) (format port "MERGE (p:Package { id: ~s }) SET p.name = ~s;~%" - id (package-name node))) + id label )) (define (emit-cypher-edge id1 id2 port) (format port "MERGE (a:Package { id: ~s });~%" id1) @@ -298,7 +296,7 @@ true, draw reverse arrows." (ids (mapm %store-monad node-identifier dependencies))) - (emit-node id head port) + (emit-node id (node-label head) port) (for-each (lambda (dependency dependency-id) (if reverse-edges? (emit-edge dependency-id id port) diff --git a/guix/scripts/system.scm b/guix/scripts/system.scm index 5a2811e75b..8793c40925 100644 --- a/guix/scripts/system.scm +++ b/guix/scripts/system.scm @@ -150,7 +150,7 @@ TARGET, and register them." (define* (install-bootloader installer-drv #:key bootcfg bootcfg-file - device target) + target) "Call INSTALLER-DRV with error handling, in %STORE-MONAD." (with-monad %store-monad (let* ((gc-root (string-append target %gc-roots-directory @@ -169,7 +169,7 @@ TARGET, and register them." (when install (save-load-path-excursion (primitive-load install))))) (delete-file temp-gc-root) - (leave (G_ "failed to install bootloader on device ~a '~a'~%") install device)) + (leave (G_ "failed to install bootloader ~a~%") install)) ;; Register bootloader config file as a GC root so that its dependencies ;; (background image, font, etc.) are not reclaimed. @@ -179,13 +179,12 @@ TARGET, and register them." (define* (install os-drv target #:key (log-port (current-output-port)) bootloader-installer install-bootloader? - bootcfg bootcfg-file - device) + bootcfg bootcfg-file) "Copy the closure of BOOTCFG, which includes the output of OS-DRV, to directory TARGET. TARGET must be an absolute directory name since that's what 'guix-register' expects. -When INSTALL-BOOTLOADER? is true, install bootloader on DEVICE, using BOOTCFG." +When INSTALL-BOOTLOADER? is true, install bootloader using BOOTCFG." (define (maybe-copy to-copy) (with-monad %store-monad (if (string=? target "/") @@ -227,7 +226,6 @@ the ownership of '~a' may be incorrect!~%") (install-bootloader bootloader-installer #:bootcfg bootcfg #:bootcfg-file bootcfg-file - #:device device #:target target))))) @@ -457,12 +455,11 @@ STORE is an open connection to the store." (mbegin %store-monad (show-what-to-build* drvs) (built-derivations drvs) - ;; Only install bootloader configuration file. Thus, no installer - ;; nor device is provided here. + ;; Only install bootloader configuration file. Thus, no installer is + ;; provided here. (install-bootloader #f #:bootcfg bootcfg #:bootcfg-file bootcfg-file - #:device #f #:target target)))))) @@ -615,17 +612,16 @@ and TARGET arguments." (define* (perform-action action os #:key install-bootloader? dry-run? derivations-only? - use-substitutes? device target + use-substitutes? bootloader-target target image-size file-system-type full-boot? (mappings '()) (gc-root #f)) "Perform ACTION for OS. INSTALL-BOOTLOADER? specifies whether to install -bootloader; DEVICE is the target devices for bootloader; TARGET is the target -root directory; IMAGE-SIZE is the size of the image to be built, for the -'vm-image' and 'disk-image' actions. -The root filesystem is created as a FILE-SYSTEM-TYPE filesystem. -FULL-BOOT? is used for the 'vm' action; -it determines whether to boot directly to the kernel or to the bootloader. +bootloader; BOOTLOADER-TAGET is the target for the bootloader; TARGET is the +target root directory; IMAGE-SIZE is the size of the image to be built, for +the 'vm-image' and 'disk-image' actions. The root filesystem is created as a +FILE-SYSTEM-TYPE filesystem. FULL-BOOT? is used for the 'vm' action; it +determines whether to boot directly to the kernel or to the bootloader. When DERIVATIONS-ONLY? is true, print the derivation file name(s) without building anything. @@ -665,7 +661,7 @@ output when building a system derivation, such as a disk image." (target (or target "/"))) (bootloader-installer-derivation installer bootloader-package - device target))) + bootloader-target target))) ;; For 'init' and 'reconfigure', always build BOOTCFG, even if ;; --no-bootloader is passed, because we then use it as a GC root. @@ -697,7 +693,6 @@ output when building a system derivation, such as a disk image." (install-bootloader bootloader-installer #:bootcfg bootcfg #:bootcfg-file bootcfg-file - #:device device #:target "/")))) ((init) (newline) @@ -707,8 +702,7 @@ output when building a system derivation, such as a disk image." #:install-bootloader? install-bootloader? #:bootcfg bootcfg #:bootcfg-file bootcfg-file - #:bootloader-installer bootloader-installer - #:device device)) + #:bootloader-installer bootloader-installer)) (else ;; All we had to do was to build SYS and maybe register an ;; indirect GC root. @@ -900,8 +894,9 @@ resulting from command-line parsing." (target (match args ((first second) second) (_ #f))) - (device (and bootloader? - (bootloader-configuration-device + (bootloader-target + (and bootloader? + (bootloader-configuration-target (operating-system-bootloader os))))) (with-store store @@ -934,7 +929,8 @@ resulting from command-line parsing." (_ #f)) opts) #:install-bootloader? bootloader? - #:target target #:device device + #:target target + #:bootloader-target bootloader-target #:gc-root (assoc-ref opts 'gc-root))))) #:system system)))) diff --git a/tests/grafts.scm b/tests/grafts.scm index 08f05c0f75..abb074d628 100644 --- a/tests/grafts.scm +++ b/tests/grafts.scm @@ -28,7 +28,9 @@ #:use-module (gnu packages bootstrap) #:use-module (srfi srfi-1) #:use-module (srfi srfi-64) - #:use-module (rnrs io ports)) + #:use-module (rnrs bytevectors) + #:use-module (rnrs io ports) + #:use-module (ice-9 vlist)) (define %store (open-connection-for-tests)) @@ -442,4 +444,34 @@ (and (file-exists? (string-append out "/p2/replacement")) (file-exists? (string-append out "/p2/p1/replacement"))))))) +(define buffer-size + ;; Must be equal to REQUEST-SIZE in 'replace-store-references'. + (expt 2 20)) + +(test-equal "replace-store-references, <http://bugs.gnu.org/28212>" + (string-append (make-string (- buffer-size 47) #\a) + "/gnu/store/" (make-string 32 #\8) + "-SoMeTHiNG" + (list->string (map integer->char (iota 77 33)))) + + ;; Create input data where the right-hand-size of the dash ("-something" + ;; here) goes beyond the end of the internal buffer of + ;; 'replace-store-references'. + (let* ((content (string-append (make-string (- buffer-size 47) #\a) + "/gnu/store/" (make-string 32 #\7) + "-something" + (list->string + (map integer->char (iota 77 33))))) + (replacement (alist->vhash + `((,(make-string 32 #\7) + . ,(string->utf8 (string-append + (make-string 32 #\8) + "-SoMeTHiNG"))))))) + (call-with-output-string + (lambda (output) + ((@@ (guix build graft) replace-store-references) + (open-input-string content) output + replacement + "/gnu/store"))))) + (test-end) diff --git a/tests/system.scm b/tests/system.scm index ca34409be9..a661544a5f 100644 --- a/tests/system.scm +++ b/tests/system.scm @@ -36,7 +36,7 @@ (host-name "komputilo") (timezone "Europe/Berlin") (locale "en_US.utf8") - (bootloader (grub-configuration (device "/dev/sdX"))) + (bootloader (grub-configuration (target "/dev/sdX"))) (file-systems (cons %root-fs %base-file-systems)) (users %base-user-accounts))) @@ -51,7 +51,7 @@ (host-name "komputilo") (timezone "Europe/Berlin") (locale "en_US.utf8") - (bootloader (grub-configuration (device "/dev/sdX"))) + (bootloader (grub-configuration (target "/dev/sdX"))) (mapped-devices (list %luks-device)) (file-systems (cons (file-system (inherit %root-fs) |