aboutsummaryrefslogtreecommitdiff
path: root/gnu/packages/cobol.scm
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/cobol.scm')
0 files changed, 0 insertions, 0 deletions
generated by cgit
aid to debugging. * nix/libstore/build.cc (secureFilePerms): new function. (DerivationGoal::buildDone): use it. Change-Id: I9dce1e3d8813b31cabd87a0e3219bf9830d8be96 Signed-off-by: Ludovic Courtès <ludo@gnu.org> Reepca Russelstein 2024-03-12daemon: Address shortcoming in previous security fix for CVE-2024-27297....This is a followup to 8f4ffb3fae133bb21d7991e97c2f19a7108b1143. Commit 8f4ffb3fae133bb21d7991e97c2f19a7108b1143 fell short in two ways: (1) it didn’t have any effet for fixed-output derivations performed in a chroot, which is the case for all of them except those using “builtin:download” and “builtin:git-download”, and (2) it did not preserve ownership when copying, leading to “suspicious ownership or permission […] rejecting this build output” errors. * nix/libstore/build.cc (DerivationGoal::buildDone): Account for ‘chrootRootDir’ when copying ‘drv.outputs’. * nix/libutil/util.cc (copyFileRecursively): Add ‘fchown’ and ‘fchownat’ calls to preserve file ownership; this is necessary for chrooted fixed-output derivation builds. * nix/libutil/util.hh: Update comment. Change-Id: Ib59f040e98fed59d1af81d724b874b592cbef156 Ludovic Courtès 2024-03-11daemon: Protect against FD escape when building fixed-output derivations (CVE......This fixes a security issue (CVE-2024-27297) whereby a fixed-output derivation build process could open a writable file descriptor to its output, send it to some outside process for instance over an abstract AF_UNIX socket, which would then allow said process to modify the file in the store after it has been marked as “valid”. Vulnerability discovered by puck <https://github.com/puckipedia>. Nix security advisory: https://github.com/NixOS/nix/security/advisories/GHSA-2ffj-w4mj-pg37 Nix fix: https://github.com/NixOS/nix/commit/244f3eee0bbc7f11e9b383a15ed7368e2c4becc9 * nix/libutil/util.cc (readDirectory): Add variants that take a DIR* and a file descriptor. Rewrite the ‘Path’ variant accordingly. (copyFile, copyFileRecursively): New functions. * nix/libutil/util.hh (copyFileRecursively): New declaration. * nix/libstore/build.cc (DerivationGoal::buildDone): When ‘fixedOutput’ is true, call ‘copyFileRecursively’ followed by ‘rename’ on each output. Change-Id: I7952d41093eed26e123e38c14a4c1424be1ce1c4 Reported-by: Picnoir <picnoir@alternativebit.fr>, Théophane Hufschmitt <theophane.hufschmitt@tweag.io> Change-Id: Idb5f2757f35af86b032a9851cecb19b70227bd88 Ludovic Courtès 2024-01-05daemon: Change default ‘timeout’ and ‘max-silent-time’ values....Having a timeout seems generally preferable as it makes sure build slots are not kept busy for no good reason (few package builds, if any, are expected to exceed these values). * nix/libstore/globals.cc (Settings::Settings): Change ‘maxSilentTime’ and ‘buildTimeout’. * gnu/services/base.scm (<guix-configuration>)[max-silent-time] [timeout]: Change default values. * doc/guix.texi (Invoking guix-daemon, Base Services): Adjust accordingly. Change-Id: I25c50893f3f7fcca451b8f093d9d4d1a15fa58d8 Ludovic Courtès 2023-12-17daemon: Fix my own whitespace errors....This follows up on commit d993ed43b2bae8717437aa27d9d33fd223a6411f and was entirely predictable. The noise, sorry for it. Change-Id: I8ddb8cfe33db3864949f6589cc091616a90ebc5b Tobias Geerinckx-Rice 2023-12-10daemon: Sacrifice builders on OOM....* nix/libstore/build.cc (DerivationGoal::runChild): Maximise our OOM score adjustment. Change-Id: I418c763b499ca16e1ffe3c6033319112b9744f51 Tobias Geerinckx-Rice 2023-12-11daemon: Implement ‘substitute-urls’ RPC....* nix/libstore/worker-protocol.hh (PROTOCOL_VERSION): Bump. (WorkerOp): Add ‘wopSubstituteURLs’. * nix/nix-daemon/nix-daemon.cc (performOp): Implement it. * guix/store.scm (%protocol-version): Bump. (operation-id): Add ‘substitute-urls’. (substitute-urls): New procedure. * tests/store.scm ("substitute-urls, default") ("substitute-urls, client-specified URLs") ("substitute-urls, disabled"): New tests. Change-Id: I2c0119500c3a1eecfa5ebf32463ffb0f173161de Ludovic Courtès 2023-12-04daemon: Simplify “empty status” substitute error message....* nix/libstore/build.cc (SubstitutionGoal::finished): Don’t show what the empty status looks like. Change-Id: Ie898432aeb047aff3d59024de6ed6d18f68903c4 Ludovic Courtès 2023-09-26daemon: Add “git-download” built-in builder....The new builder makes it possible to break cycles that occurs when the fixed-output derivation for the source of a dependency of ‘git’ would itself depend on ‘git’. * guix/scripts/perform-download.scm (perform-git-download): New procedure. (perform-download): Move fixed-output derivation check to… (guix-perform-download): … here. Invoke ‘perform-download’ or ‘perform-git-download’ depending on what ‘derivation-builder’ returns. * nix/libstore/builtins.cc (builtins): Add “git-download”. * tests/derivations.scm ("built-in-builders"): Update. ("'git-download' built-in builder") ("'git-download' built-in builder, invalid hash") ("'git-download' built-in builder, invalid commit") ("'git-download' built-in builder, not found"): New tests. Ludovic Courtès 2023-09-09daemon: Fix build with GCC 13....The sqlite.hh file uses fixed-width integer types from stdint.h. As such, it needs to include <cstdint>. Without this include, the file doesn't compile successfully with GCC13. See: https://gcc.gnu.org/gcc-13/porting_to.html#header-dep-changes * nix/libstore/sqlite.hh: include <cstdint> Signed-off-by: Sören Tempel <soeren@soeren-tempel.net> Signed-off-by: Ludovic Courtès <ludo@gnu.org> Sören Tempel 2022-12-18daemon: Make "opening file" error messages distinguishable....* nix/libstore/build.cc (DerivationGoal::openLogFile): Customize "opening file" error message. * nix/libutil/hash.cc (hashFile): Likewise. * nix/libutil/util.cc (readFile, writeFile): Likewise. Ludovic Courtès 2022-10-17Revert "nix: Guard against removing temporary roots of living processes."...This reverts commit bb0beaecdee1a2315a1269b1746d238c8ab0e699. This change broke a number of tests that assumed the previous behavior. Ludovic Courtès 2022-10-07nix: Guard against removing temporary roots of living processes....Fixes <https://issues.guix.gnu.org/25018>. * nix/libstore/gc.cc (readTempRoots): Add a check to guard against removing the temporary roots of a living process. Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com> Ludovic Courtès 2022-09-11daemon: Remove unused function findOutput....* nix/libstore/misc.cc (findOutput): Remove it. * nix/libstore/misc.hh (findOutput): Likewise. Signed-off-by: Mathieu Othacehe <othacehe@gnu.org> Maxime Devos 2022-09-11daemon: Remove unused function exportPaths....* nix/libstore/store-api.cc (exportPaths): Remove it. * nix/libstore/store-api.hh (exportPaths): Likewise. Signed-off-by: Mathieu Othacehe <othacehe@gnu.org> Maxime Devos 2022-09-11daemon: Remove unused function openStore....* nix/libstore/store-api.cc (openStore): Remove it. * nix/libstore/store-api.hh (openStore): Likewise. Signed-off-by: Mathieu Othacehe <othacehe@gnu.org> Maxime Devos 2022-06-05daemon: Quote consistently within a string....* nix/libstore/build.cc (DerivationGoal::registerOutput): ‘’ → `'. Tobias Geerinckx-Rice 2022-05-29daemon: Clarify ‘--check’ error when outputs are missing....Drop the confusing ‘invalid’ jargon and display a hint like we do for ‘--fallback’. * nix/libstore/build.cc (DerivationGoal::outputsSubstituted): Rewrite error message. Tobias Geerinckx-Rice 2022-05-18daemon: runChild() is forbidden to talk during environment set up...DerivationGoal::startBuilder() is waiting for an empty line as a check that the environment set up is fine. Fixes <https://issues.guix.gnu.org/55324>. * nix/libstore/build.cc (DerivationGoal::runChild): Remove 'debug' statement corresponding to bind mounts. Signed-off-by: Ludovic Courtès <ludo@gnu.org> yarl-baudig@mailoo.org -register' instead of 'register-path'. (copy-closure): Remove redundant call to 'references*'. Call 'call-with-database' and pass the database to 'copy-item'. Ludovic Courtès 2020-11-17Merge remote-tracking branch 'origin/version-1.2.0' into master...Conflicts: gnu/packages/bioinformatics.scm The python-pysam package fixed in master was kept instead of the update done in the version-1.2.0 branch. Maxim Cournoyer 2020-11-16.dir-locals.el: Add upstream report link....Follow up from 1d6e7732b163c9e945c9e5b32c726fe3b5f09c3a. * .dir-locals.el: Modify comment to point at the report to bug-gnu-emacs. Miguel Ángel Arruga Vivas 2020-11-16.dir-locals.el: Use setq-local on guix-directory....* .dir-locals.el: Use setq-local on guix-directory. While a problem with using setq hasn't been identified, this seems like good hygiene. Christopher Lemmer Webber 2020-11-16.dir-locals.el: Prevent errors if .dir-locals.el isn't found....While this repo should presumably always have a .dir-locals.el by the nature of this file itself, it seems that this behavior "leaks". See added comment for more details on the fix to this strange bug, which is likely an upstream emacs or vc-mode issue. Thanks to Miguel Ángel Arruga Vivas and Maxim Cournoyer for helping investigate this problem. * .dir-locals.el: Don't error out if .dir-locals.el isn't found. Christopher Lemmer Webber 2020-11-12maint: update-guix-package: Optionally add sources to store....Following discussions in <https://issues.guix.gnu.org/43893>, keeping a copy of the updated package source is desirable when generating a release. * build-aux/update-guix-package.scm (version-controlled?): Remove variable. (call-with-temporary-git-worktree): Renamed from 'with-temporary-git-worktree'. Update doc. Do not change directory implicitly. Define as a procedure, not a syntax. (keep-source-in-store): New procedure. (main): Adjust to use with call-with-temporary-git-worktree. Add the sources to the store when GUIX_ALLOW_ME_TO_USE_PRIVATE_COMMIT is set. Exit gracefully when FIND-ORIGIN-REMOTE returns #f. (%savannah-guix-git-repo-push-url-regexp): Adjust match for a potential colon separator. * Makefile.am (GUIX_ALLOW_ME_TO_USE_PRIVATE_COMMIT): Adjust. * .dir-locals.el (scheme-mode): Remove entry for with-temporary-git-worktree. * doc/contributing.texi (Updating the Guix Package): Update doc. Co-authored-by: Ludovic Courtès <ludo@gnu.org> Maxim Cournoyer 2020-11-01.dir-locals.el: Require cl-lib at runtime....* .dir-locals.el (nil)<Geiser>: Load cl-lib when needed. Miguel Ángel Arruga Vivas 2020-10-31.dir-locals.el: Automatically set the GEISER-GUILE-LOAD-PATH variable....Thanks to Miguel Ángel Arruga Vivas and Pierre Neidhardt for their suggestions and improvements. * .dir-locals.el: Set the GUIX-DIRECTORY and GEISER-GUILE-LOAD-PATH Emacs variables based on the location of the .dir-locals file. Maxim Cournoyer 2020-10-19maint: update-guix-package: Prevent accidentally breaking guix pull....Fixes <https://issues.guix.gnu.org/43893>. This changes the 'update-guix-package' tool so that it: 1. Always uses a clean checkout to compute the hash of the updated 'guix' package. 2. Ensures the commit used in the updated 'guix' package definition has already been pushed upstream. * build-aux/update-guix-package.scm (%savannah-guix-git-repo-push-url): New variable. (with-input-pipe-to-string, with-temporary-git-worktree): New syntaxes. (find-origin-remote, git-add-worktree): New procedures. (commit-already-pushed?): New predicate. (main): Check the commit used has already been pushed upstream and compute the hash from a clean checkout. * doc/contributing.texi (Updating the Guix Package): Document it. * .dir-locals.el (scheme-mode): Fix indentation of with-temporary-git-worktree. Maxim Cournoyer 2020-09-14deduplication: pass store directory to replace-with-link....This causes with-writable-file to take into consideration the actual store being used, as passed to 'deduplicate', rather than whatever (%store-directory) may return. * guix/store/deduplication.scm (replace-with-link): new keyword argument 'store'. Pass to with-writable-file. (with-writable-file, call-with-writable-file): new store argument. (deduplicate): pass store to replace-with-link. Signed-off-by: Ludovic Courtès <ludo@gnu.org> Caleb Ristvedt 2020-09-14.dir-locals.el: fix call-with-{retrying-}transaction indenting....* .dir-locals.el (call-with-transaction, call-with-retrying-transaction): change scheme-indent-function property from 2 to 1. Signed-off-by: Ludovic Courtès <ludo@gnu.org> Caleb Ristvedt 2020-08-26.dir-locals.el: Add indentation rule for 'package/inherit'....* .dir-locals.el (scheme-mode): Add 'package/inherit'. Ludovic Courtès 2020-06-25deduplication: Use 'dynamic-wind' when changing permissions of the parent....Suggested by Caleb Ristvedt <caleb.ristvedt@cune.org>. * guix/store/deduplication.scm (call-with-writable-file): New procedure. (with-writable-file): New macro. (replace-with-link): Use it. Ludovic Courtès