-*- mode: org; coding: utf-8; -*- #+TITLE: What's left to do? #+STARTUP: content hidestars Copyright © 2012, 2013, 2014 Ludovic Courtès Copying and distribution of this file, with or without modification, are permitted in any medium without royalty provided the copyright notice and this notice are preserved. * MAYBE Add a substituter that uses the GNUnet DHT or [[http://libswift.org][libswift]] Would be neat if binaries could be pushed to and pulled from the GNUnet DHT or rather libswift (since DHTs aren’t suited for large payloads). Guix users would sign their binaries, and define which binaries they trust. Use UPnP and similar to traverse NAT, like ‘filegive’ does. * user interface ** add guile-ncurses interface * extend ** add ‘recommends’ field For instance, glibc, binutils, gcc, and ld-wrapper would recommend each other. ‘guix package -i’ could ask interactively (?), or allow users to follow all or none of the recommendations. ** add a ‘user-environment-hook’ This should specify builder code to be run when building a user environment with ‘guix-package’. For instance, Texinfo’s hook would create a new ‘dir’. ** extend ‘propagated-build-inputs’ with support for multiple outputs #+BEGIN_SRC scheme (outputs '("out" "include")) (propagated-build-inputs `(((("i1" ,p1 "o1") ("i2" ,p2)) => "include") ("i3" ,p3))) #+END_SRC * synchronize non-GNU package descriptions with the [[http://directory.fsf.org][FSD]] Meta-data for GNU packages, including descriptions and synopses, can be dumped from the FSD: http://directory.fsf.org/wiki?title=GNU/Export&action=purge . We could periodically synchronize with that. * add a guildhall build system The Guildhall is Guile’s packaging system. It should be easy to add a ‘guildhall-build-system’ that does the right thing based on guildhall recipes. * union Support sophisticated collision handling when building a union: honor per-package priorities, etc. * add GUIX_ALLOW_EXPENSIVE_TESTS Tests that need to download stuff or otherwise take a long time would only be run when that is defined. * guix build utils ** MAYBE Change ‘ld-wrapper’ to add RPATH for libs passed by file name ** MAYBE Add equivalent to chrpath that uses [[https://gitorious.org/guile-dlhacks/guile-dlhacks/][guile-dlhacks]] ** MAYBE Add a hash-rewriting thing for deep dependency replacement without rebuild See [[https://github.com/NixOS/nixpkgs/commit/d1662d715514e6ef9d3dc29f132f1b3d8e608a18][Shea Levy's `replace-dependency' in Nixpkgs]]. * distro ** port to GNU/Hurd, aka. ‘i686-gnu’ Problems include that current glibc releases do not build on GNU/Hurd. In addition, there haven’t been stable releases of GNU Mach, MiG, and Hurd, which would be a pre-condition. 71bb250ccc8'>tests: Move keys into ./tests/keys/ and add a third ed25519 key....The third key will be used in an upcoming commit. Rename public keys to .pub. * guix/tests/gnupg.scm (%ed25519-3-public-key-file): New variable. (%ed25519-3-secret-key-file): New variable. (%ed25519-2-public-key-file): Renamed from %ed25519bis-public-key-file. (%ed25519-2-secret-key-file): Renamed from %ed25519bis-secret-key-file. * tests/keys/ed25519-3.key: New file. * tests/keys/ed25519-3.sec: New file. Signed-off-by: Mathieu Othacehe <othacehe@gnu.org> Attila Lendvai 2020-09-15authenticate: Encode strings as ISO-8859-1....Fixes <https://bugs.gnu.org/43421>. * guix/scripts/authenticate.scm (read-command): Decode strings as ISO-8859-1, not UTF-8. (guix-authenticate)[send-reply]: Encode strings as ISO-8859-1, not UTF-8. * tests/guix-authenticate.sh: Add test. Ludovic Courtès 2020-09-14daemon: Spawn 'guix authenticate' once for all....Previously, we'd spawn 'guix authenticate' once for each item that has to be signed (when exporting) or authenticated (when importing). Now, we spawn it once for all and then follow a request/reply protocol. This reduces the wall-clock time of: guix archive --export -r $(guix build coreutils -d) from 30s to 2s. * guix/scripts/authenticate.scm (sign-with-key): Return the signature instead of displaying it. Raise a &formatted-message instead of calling 'leave'. (validate-signature): Likewise. (read-command): New procedure. (define-enumerate-type, reply-code): New macros. (guix-authenticate)[send-reply]: New procedure. Change to read commands from current-input-port. * nix/libstore/local-store.cc (runAuthenticationProgram): Remove. (authenticationAgent, readInteger, readAuthenticateReply): New functions. (signHash, verifySignature): Rewrite in terms of the agent. * tests/store.scm ("import not signed"): Remove 'pk' call. ("import signed by unauthorized key"): Check the error message of C. * tests/guix-authenticate.sh: Rewrite using the new protocol. fixlet Ludovic Courtès 2020-09-11daemon: Simplify interface with 'guix authenticate'....There's no reason at this point to mimic the calling convention of the 'openssl' command. * nix/libstore/local-store.cc (LocalStore::exportPath): Add only "sign" and HASH to ARGS. Remove 'tmpDir' and 'hashFile'. (LocalStore::importPath): Add only "verify" and SIGNATURE to * guix/scripts/authenticate.scm (guix-authenticate): Adjust accordingly; remove the OpenSSL-style clauses. (read-hash-data): Remove. (sign-with-key): Replace 'port' with 'sha256' and adjust accordingly. (validate-signature): Export SIGNATURE to be a canonical sexp. * tests/guix-authenticate.sh: Adjust tests accordingly. Ludovic Courtès