aboutsummaryrefslogtreecommitdiff
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2024-2025 Ludovic Courtès <ludo@gnu.org>
;;;
;;; This file is part of GNU Guix.
;;;
;;; GNU Guix is free software; you can redistribute it and/or modify it
;;; under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 3 of the License, or (at
;;; your option) any later version.
;;;
;;; GNU Guix is distributed in the hope that it will be useful, but
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.

;; This manifest computes upgrades of key packages using updaters from (guix
;; upstream) and supporting code for the 'with-latest' transformation.

(use-modules (guix memoization)
             (guix monads)
             (guix graph)
             (guix packages)
             (guix profiles)
             (guix store)
             (guix transformations)
             (guix upstream)
             ((guix scripts build) #:select (dependents))
             ((guix scripts graph) #:select (%bag-node-type))
             ((guix import github) #:select (%github-api))
             (guix build-system gnu)
             (guix build-system cmake)
             ((gnu packages)
              #:select (all-packages specification->package))

             (gnu packages backup)
             (gnu packages crypto)
             (gnu packages curl)
             (gnu packages freedesktop)
             (gnu packages gnupg)
             (gnu packages nettle)
             (gnu packages ssh)
             (gnu packages tls)
             (gnu packages web)
             (gnu packages xorg)

             (ice-9 match)
             (srfi srfi-1))

;; Bypass the GitHub updater: we'd need an API token or we would hit the rate
;; limit.
(%github-api "http://example.org")

(define security-packages
  (list xorg-server
        elogind

        openssl
        gnutls
        curl
        curl-ssh

        ;; Web.
        nghttp2
        nginx

        libarchive
        libssh

        ;; Since there are several libgit2 versions, pick the latest one and
        ;; compute the upgrade against that one.
        (specification->package "libgit2")

        ;; GnuPG.
        libassuan
        libgpg-error
        libgcrypt
        libksba
        npth
        gnupg
        gpgme
        pinentry

        ;; Other crypto libraries.
        nettle
        libsodium))

(define latest-version
  (mlambdaq (package)
    (package-with-upstream-version package
                                   ;; Preserve patches and snippets to get
                                   ;; exactly the same as what we'd have with
                                   ;; 'guix refresh -u PACKAGE'.
                                   #:preserve-patches? #t

                                   ;; XXX: Disable source code authentication:
                                   ;; this requires a local keyring, populated
                                   ;; from key servers, but key servers may be
                                   ;; unreliable or may lack the upstream
                                   ;; keys.  Leave it up to packagers to
                                   ;; actually authenticate code and make sure
                                   ;; it matches what this manifest computed.
                                   #:authenticate? #f)))

(define individual-security-upgrades
  ;; Upgrades of individual packages with their direct dependents built
  ;; against that upgrade.
  (manifest
   (with-store store
     (append-map (lambda (package)
                   (let* ((name (package-name package))
                          (newest (latest-version package))
                          (update (package-input-rewriting
                                   `((,package . ,newest)))))
                     (map (lambda (package)
                            (manifest-entry
                              (inherit (package->manifest-entry
                                        (update package)))
                              (name (string-append (package-name package)
                                                   "-with-latest-" name))))
                          (dependents store (list package) 1))))
                 security-packages))))

(define joint-security-upgrades
  ;; All of SECURITY-PACKAGES updated at once, together with their dependents.
  (manifest
   (with-store store
     (let ((update-all (package-input-rewriting
                        (map (lambda (package)
                               `(,package . ,(latest-version package)))
                             security-packages)
                        #:recursive? #t)))
       (map (lambda (package)
              (manifest-entry
                (inherit (package->manifest-entry
                          (update-all package)))
                (name (string-append (package-name package) "-full-upgrade"))))
            (dependents store security-packages 2))))))

;; Install a UTF-8 locale so that file names in Git checkouts are interpreted
;; as UTF-8 (the libgit2 source tree contains non-ASCII file names, for
;; instance).  XXX: This works around the fact that 'cuirass register' and
;; thus 'cuirass evaluate' may not be running with a UTF-8 locale.
(unless (string-suffix? ".UTF-8" (setlocale LC_ALL))
  (or (false-if-exception (setlocale LC_ALL "C.UTF-8"))
      (false-if-exception (setlocale LC_ALL "en_US.UTF-8"))
      (format (current-error-port) "warning: failed to install UTF-8 locale~%")))

(concatenate-manifests
 (list individual-security-upgrades joint-security-upgrades))
generated by cgit
ervices/configuration.scm?id=5305ed20027a32ff1221cac6a131849852e807ba'>services: Factorize configuration abstraction....* gnu/services/mail.scm and gnu/services/cups.scm (&configuration-error) (configuration-error, configuration-field-error) (configuration-missing-field, configuration-field, serialize-configuration) (validate-configuration, define-configuration, uglify-field-name) (serialize-field, serialize-package, serialize-string) (serialize-space-separated-string-list, space-separated-string-list?) (serialize-file-name, file-name?, serialize-field-name) (generate-documentation): Move duplicate code... * gnu/services/configuration.scm: ...to this new file. * gnu/local.mk (GNU_SYSTEM_MODULES): Add configuration.scm. Signed-off-by: Ludovic Courtès <ludo@gnu.org> Julien Lepiller an>Ludovic Courtès 2018-05-28file-systems: Remove 'title' field and add <file-system-label>....The 'title' field was easily overlooked and was an endless source of confusion. Now, the value of the 'device' field is self-contained. * gnu/system/file-systems.scm (<file-system>): Change constructor name to '%file-system'. [title]: Remove. (<file-system-label>): New record type with printer. (report-deprecation, device-expression) (process-file-system-declaration, file-system): New macros. (file-system-title): New procedure. (file-system->spec, spec->file-system): Adjust to handle <file-system-label>. * gnu/system.scm (bootable-kernel-arguments): Add case for 'file-system-label?'. (read-boot-parameters): Likewise. (mapped-device-user): Avoid 'file-system-title'. (fs->boot-device): Remove. (operating-system-boot-parameters): Use 'file-system-device' instead of 'fs->boot-device'. (device->sexp): Add case for 'file-system-label?'. * gnu/bootloader/grub.scm (grub-root-search): Add case for 'file-system-label?'. * gnu/system/examples/bare-bones.tmpl, gnu/system/examples/beaglebone-black.tmpl, gnu/system/examples/lightweight-desktop.tmpl, gnu/system/examples/vm-image.tmpl: Remove uses of 'title'. * gnu/system/vm.scm (virtualized-operating-system): Remove uses of 'file-system-title'. * guix/scripts/system.scm (check-file-system-availability): Likewise, and adjust fix-it hint. (check-initrd-modules)[file-system-/dev]: Likewise. * gnu/build/file-systems.scm (canonicalize-device-spec): Remove 'title' parameter. [canonical-title]: Remove. Match on SPEC's type rather than on CANONICAL-TITLE. (mount-file-system): Adjust caller. * gnu/build/linux-boot.scm (boot-system): Interpret ROOT here. * gnu/services/base.scm (file-system->fstab-entry): Remove use of 'file-system-title'. * doc/guix.texi (File Systems): Remove documentation of the 'title' field. Rewrite documentation of 'device' and document 'file-system-label'. Ludovic Courtès 2018-02-18gnu: Pass "--target=i386-pc" when installing GRUB for legacy BIOS....* gnu/bootloader/grub.scm (install-grub): Add "--target=i386-pc" to the list of arguments to "grub-install". Fixes <https://debbugs.gnu.org/cgi/bugreport.cgi?bug=30311>. Ricardo Wurmus 2017-09-11system: Introduce a disjoint UUID type....Conceptually a UUID is just a bytevector. However, there's software out there such as GRUB that relies on the string representation of different UUID types (e.g., the string representation of DCE UUIDs differs from that of ISO-9660 UUIDs, even if they are actually bytevectors of the same length). This new <uuid> record type allows us to preserve information about the type of UUID so we can eventually convert it to a string using the right representation. * gnu/system/uuid.scm (<uuid>): New record type. (bytevector->uuid): New procedure. (uuid): Return calls to 'make-uuid'. (uuid->string): Rewrite using 'match-lambda*' to accept a single 'uuid?' argument. * gnu/bootloader/grub.scm (grub-root-search): Check for 'uuid?' instead of 'bytevector?'. * gnu/system.scm (bootable-kernel-arguments): Check whether ROOT-DEVICE is 'uuid?'. (read-boot-parameters): Use 'bytevector->uuid' when the store device is a bytevector. (read-boot-parameters-file): Check for 'uuid?' instead of 'bytevector?'. (device->sexp): New procedure. (operating-system-boot-parameters-file): Use it for 'root-device' and 'store'. (operating-system-bootcfg): Remove conditional in definition of 'root-device'. * gnu/system/file-systems.scm (file-system->spec): Check for 'uuid?' on DEVICE and take its bytevector. * gnu/system/mapped-devices.scm (open-luks-device): Likewise. * gnu/system/vm.scm (iso9660-image): Call 'uuid-bytevector' for the #:volume-uuid argument. Ludovic Courtès 2017-08-20gnu: grub-efi-bootloader: Specialize grub-install invocation....* gnu/bootloader/grub.scm (install-grub-efi): Fix grub-install invocation for EFI systems. * gnu/system/examples/bare-bones.tmpl: Use the newer "bootloader-configuration" syntax. * gnu/system/examples/desktop.tmpl: Use bootloader-configuration sytax. Also, use the same label for the LUKS-mapped device and the root partition. Remove unneeded "title" field for the file-system based on LUKS; as noted in the manual, the "title" field is ignored for mapped devices. * gnu/system/examples/lightweight-desktop.tmpl: Use bootloader-configuration, and use grub-efi-bootloader. Andy Wingo 2017-08-03vm: Use grub-hybrid's grub-mkrescue....* gnu/system/vm.scm (system-disk-image): Use grub-hybrid's grub-mkrescue. * gnu/bootlader/grub.scm (grub-mkrescue-bootloader): New variable. Danny Milosavljevic 2017-07-28bootloader: Use <menu-entry> for the bootloader side....* gnu/bootloader.scm (menu-entry-device-mount-point): New variable. Export it. (<menu-entry>: New field "device". * gnu/bootloader/grub.scm (grub-confgiuration-file): Handle <menu-entry> entries. * gnu/bootloader/extlinux.scm (extlinux-configuration-file): Handle <menu-entry> entries. * gnu/system.scm (menu->entry->boot-parameters): Delete variable. (boot-parameters->menu-entry): New variable. Export it. (operating-system-bootcfg): Make OLD-ENTRIES a list of <menu-entry>. * guix/script/system.scm (reinstall-bootloader): Fix bootcfg usage. (perform-action): Fix bootcfg usage. Danny Milosavljevic 2017-07-02gnu: Switch guile-cairo and dependents to Guile 2.2 again....Fixes <https://bugs.gnu.org/27551>. Reported by Leo Famulari <leo@famulari.name>. This reinstates the following commits: e3ddb1e83 * gnu: guile-cairo: Switch to Guile 2.2. ae5c6ef39 * gnu: guile-gnome: Update to 2.16.5. 0fd8013fc * gnu: guile-rsvg: Update to commit 05c6a2fd. 66b9183c4 * gnu: guile-lib: Switch to Guile 2.2. and adds the following changes: * gnu/bootloader/grub.scm (svg->png): Add 'package->derivation' call for GUILE-2.2. Pass #:guile-for-build to 'gexp->derivation'. * gnu/build/svg.scm (svg->png): Add 'em' and 'ex' to the 'let-values' form to account for all the values returned by 'rsvg-handle-get-dimensions', which Guile 2.2 does not truncate. Ludovic Courtès 2017-06-08bootloader: Use menu-entry to define custom bootloader entries....* gnu/bootloader.scm (<menu-entry>): New variable. Export associated getters, This record is extracted from grub module. * gnu/bootloader/extlinux.scm (extlinux-configuration-file): Use menu-entry->boot-parameters to convert menu-entry records to boot-parameters. * gnu/bootloader/grub.scm (<menu-entry>): Remove. (boot-parameters->menu-entry): Remove. (grub-configuration-file): Use boot-parameters to create configuration entries. * gnu/system.scm (menu-entry->boot-parameters): New exported procedure. Mathieu Othacehe 2017-05-16bootloader: Add extlinux support....* gnu/bootloader.scm: New file. * gnu/bootloader/extlinux.scm: New file. * gnu/bootloader/grub.scm: New file. * gnu/local.mk: Build new files. * gnu/system.scm: Adapt to new bootloader api. * gnu/scripts/system.scm: Adapt to new bootloader api. * gnu.scm: Remove (gnu system grub) and replace by (gnu bootloader) and (gnu bootloader grub) modules. * gnu/system/grub.scm: Moved content to gnu/bootloader/grub.scm. * gnu/system/vm: Replace (gnu system grub) module by (gnu bootloader). * gnu/tests.scm: Ditto. * gnu/tests/nfs.scm: Ditto. Mathieu Othacehe