-*- mode: org; coding: utf-8; -*- #+TITLE: Hacking GNU Guix and Its Incredible Distro Copyright © 2012, 2013, 2014, 2016, 2017, 2019 Ludovic Courtès Copyright © 2015, 2017 Mathieu Lirzin Copyright © 2017 Leo Famulari Copyright © 2017 Arun Isaac Copying and distribution of this file, with or without modification, are permitted in any medium without royalty provided the copyright notice and this notice are preserved. * Contributing See the manual for useful hacking informations, either by running info -f doc/guix.info "Contributing" or by checking the [[http://www.gnu.org/software/guix/manual/guix.html#Contributing][web copy of the manual]]. * Commit Access For frequent contributors, having write access to the repository is convenient. When you deem it necessary, feel free to ask for it on the mailing list. When you get commit access, please make sure to follow the policy below (discussions of the policy can take place on guix-devel@gnu.org.) Non-trivial patches should always be posted to guix-patches@gnu.org (trivial patches include fixing typos, etc.). This mailing list fills the patch-tracking database at [[https://bugs.gnu.org/guix-patches]]; see "Contributing" in the manual for details. For patches that just add a new package, and a simple one, it’s OK to commit, if you’re confident (which means you successfully built it in a chroot setup, and have done a reasonable copyright and license auditing.) Likewise for package upgrades, except upgrades that trigger a lot of rebuilds (for example, upgrading GnuTLS or GLib.) We have a mailing list for commit notifications (guix-commits@gnu.org), so people can notice. Before pushing your changes, make sure to run ‘git pull --rebase’. All commits that are pushed to the central repository on Savannah must be signed with an OpenPGP key, and the public key should be uploaded to your user account on Savannah and to public key servers, such as ‘keys.openpgp.org’. To configure Git to automatically sign commits, run: git config commit.gpgsign true git config user.signingkey CABBA6EA1DC0FF33 You can prevent yourself from accidentally pushing unsigned commits to Savannah by using the pre-push Git hook called located at ‘etc/git/pre-push’: cp etc/git/pre-push .git/hooks/pre-push When pushing a commit on behalf of somebody else, please add a Signed-off-by line at the end of the commit log message (e.g. with ‘git am --signoff’). This improves tracking of who did what. For anything else, please post to guix-patches@gnu.org and leave time for a review, without committing anything. If you didn’t receive any reply after two weeks, and if you’re confident, it’s OK to commit. That last part is subject to being adjusted, allowing individuals to commit directly on non-controversial changes on parts they’re familiar with. * Using emacs-debbugs Bug reports and patches are tracked using debbugs. If you are on emacs, you can use emacs-debbugs. List all open bug reports on guix-patches with C-u M-x debbugs-gnu guix-patches n y pan>daemon: Address shortcoming in previous security fix for CVE-2024-27297....Ludovic Courtès 2024-03-11daemon: Protect against FD escape when building fixed-output derivations (CVE......Ludovic Courtès 2023-01-09daemon: Improve error message for wrong hash sizes....Ludovic Courtès 2022-12-18daemon: Make "opening file" error messages distinguishable....Ludovic Courtès