;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2012-2024 Ludovic Courtès ;;; Copyright © 2014, 2019 Andreas Enge ;;; Copyright © 2012 Nikita Karetnikov ;;; Copyright © 2014, 2015, 2016, 2018 Mark H Weaver ;;; Copyright © 2014 Alex Kost ;;; Copyright © 2014, 2015 Manolis Fragkiskos Ragkousis ;;; Copyright © 2016, 2017, 2019-2023 Efraim Flashner ;;; Copyright © 2016, 2020, 2023, 2024 Janneke Nieuwenhuizen ;;; Copyright © 2016, 2018 Alex Vong ;;; Copyright © 2017 Rene Saavedra ;;; Copyright © 2017, 2020 Mathieu Othacehe ;;; Copyright © 2017, 2018, 2020, 2022 Marius Bakke ;;; Copyright © 2017 Eric Bavier ;;; Copyright © 2018 Tobias Geerinckx-Rice ;;; Copyright © 2018, 2019, 2022 Ricardo Wurmus ;;; C
aboutsummaryrefslogtreecommitdiff
path: root/etc/guix-daemon.cil.in
blob: c9f4e3186d7ada9e2cda20d746cc8c65e882ff44 (about) (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455

; -*- lisp -*-
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2018 Ricardo Wurmus <rekado@elephly.net>
;;; Copyright © 2020 Daniel Brooks <db48x@db48x.net>
;;; Copyright © 2020 Marius Bakke <marius@gnu.org>
;;;
;;; This file is part of GNU Guix.
;;;
;;; GNU Guix is free software; you can redistribute it and/or modify it
;;; under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 3 of the License, or (at
;;; your option) any later version.
;;;
;;; GNU Guix is distributed in the hope that it will be useful, but
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.

;; This is a specification for SELinux 2.7 written in the SELinux Common
;; Intermediate Language (CIL).  It refers to types that must be defined in
;; the system's base policy.

;; If you, like me, need advice about fixing an SELinux policy, I recommend
;; reading https://danwalsh.livejournal.com/55324.html

;; In particular, you can run semanage permissive -a guix_daemon.guix_daemon_t
;; to allow guix-daemon to do whatever it wants. SELinux will still check its
;; permissions, and when it doesn't have permission it will still send an
;; audit message to your system logs. This lets you know what permissions it
;; ought to have. Use ausearch --raw to find the permissions violations, then
;; pipe that to audit2allow to generate an updated policy. You'll still need
;; to translate that policy into CIL in order to update this file, but that's
;; fairly straight-forward. Annoying, but easy.

(block guix_daemon
  ;; Require existing types
  (typeattributeset cil_gen_require init_t)
  (typeattributeset cil_gen_require tmp_t)
  (typeattributeset cil_gen_require nscd_var_run_t)
  (typeattributeset cil_gen_require var_log_t)
  (typeattributeset cil_gen_require domain)

  ;; Declare own types
  (type guix_daemon_t)
  (roletype object_r guix_daemon_t)
  (type guix_daemon_conf_t)
  (roletype object_r guix_daemon_conf_t)
  (typeattributeset file_type guix_daemon_conf_t)
  (type guix_daemon_exec_t)
  (roletype object_r guix_daemon_exec_t)
  (typeattributeset file_type guix_daemon_exec_t)
  (type guix_daemon_socket_t)
  (roletype object_r guix_daemon_socket_t)
  (typeattributeset file_type guix_daemon_socket_t)
  (type guix_store_content_t)
  (roletype object_r guix_store_content_t)
  (typeattributeset file_type guix_store_content_t)
  (type guix_profiles_t)
  (roletype object_r guix_profiles_t)
  (typeattributeset file_type guix_profiles_t)

  ;; These types are domains, thereby allowing process rules
  (typeattributeset domain (guix_daemon_t guix_daemon_exec_t))

  (level low (s0))

  ;; When a process in init_t or guix_store_content_t spawns a
  ;; guix_daemon_exec_t process, let it run in the guix_daemon_t context
  (typetransition init_t guix_daemon_exec_t
                  process guix_daemon_t)
  (typetransition guix_store_content_t guix_daemon_exec_t
                  process guix_daemon_t)

  (roletype system_r guix_daemon_t)

  ;; allow init_t to read and execute guix files
  (allow init_t
         guix_profiles_t
         (lnk_file (read)))
  (allow init_t
         guix_daemon_exec_t
         (file (execute)))
  (allow init_t
         guix_daemon_t
         (process (transition)))
  (allow init_t
         guix_store_content_t
         (lnk_file (read)))
  (allow init_t
         guix_store_content_t
         (file (open read execute)))

  ;; guix-daemon needs to know the names of users
  (allow guix_daemon_t
         passwd_file_t
         (file (getattr open read)))

  ;; Permit communication with NSCD
  (allow guix_daemon_t
         nscd_var_run_t
         (file (map read)))
  (allow guix_daemon_t
         nscd_var_run_t
         (dir (search)))
  (allow guix_daemon_t
         nscd_var_run_t
         (sock_file (write)))
  (allow guix_daemon_t
         nscd_t
         (fd (use)))
  (allow guix_daemon_t
         nscd_t
         (unix_stream_socket (connectto)))
  (allow guix_daemon_t nscd_t
         (nscd (getgrp gethost getpwd getserv shmemgrp shmemhost shmempwd shmemserv)))

  ;; permit downloading packages via HTTP(s)
  (allow guix_daemon_t http_port_t
         (tcp_socket (name_connect)))
  (allow guix_daemon_t ftp_port_t
         (tcp_socket (name_connect)))
  (allow guix_daemon_t ephemeral_port_t
         (tcp_socket (name_connect)))

  ;; Permit logging and temp file access
  (allow guix_daemon_t
         tmp_t
         (lnk_file (create rename setattr unlink)))
  (allow guix_daemon_t
         tmp_t
         (file (link
                rename create execute execute_no_trans write
                unlink setattr map relabelto relabelfrom)))
  (allow guix_daemon_t
         tmp_t
         (fifo_file (open read write create getattr ioctl setattr unlink)))
  (allow guix_daemon_t
         tmp_t
         (dir (create rename
               rmdir relabelto relabelfrom reparent
               add_name remove_name
               open read write
               getattr setattr
               search)))
  (allow guix_daemon_t
         tmp_t
         (sock_file (create getattr setattr unlink write)))
  (allow guix_daemon_t
         var_log_t
         (file (create getattr open write)))
  (allow guix_daemon_t
         var_log_t
         (dir (getattr create write add_name)))
  (allow guix_daemon_t
         var_run_t
         (lnk_file (read)))
  (allow guix_daemon_t
         var_run_t
         (dir (search)))

  ;; Spawning processes, execute helpers
  (allow guix_daemon_t
         self
         (process (fork execmem setrlimit setpgid setsched)))
  (allow guix_daemon_t
         guix_daemon_exec_t
         (file (execute
                execute_no_trans read write open entrypoint map
                getattr link unlink)))

  ;; TODO: unknown
  (allow guix_daemon_t
         root_t
         (dir (mounton)))
  (allow guix_daemon_t
         fs_t
         (filesystem (getattr)))
  (allow guix_daemon_conf_t
         fs_t
         (filesystem (associate)))

  ;; Build isolation
  (allow guix_daemon_t
         guix_store_content_t
         (file (ioctl mounton)))
  (allow guix_store_content_t
         fs_t
         (filesystem (associate)))
  (allow guix_daemon_t
         guix_store_content_t
         (dir (read mounton)))
  (allow guix_daemon_t
         guix_daemon_t
         (capability (net_admin
                      fsetid fowner
                      chown setuid setgid
                      dac_override dac_read_search
                      sys_chroot
                      sys_admin)))
  (allow guix_daemon_t
         fs_t
         (filesystem (unmount)))
  (allow guix_daemon_t
         devpts_t
         (dir (search)))
  (allow guix_daemon_t
         devpts_t
         (filesystem (mount)))
  (allow guix_daemon_t
         devpts_t
         (chr_file (ioctl open read write setattr getattr)))
  (allow guix_daemon_t
         tmpfs_t
         (filesystem (getattr mount)))
  (allow guix_daemon_t
         tmpfs_t
         (file (create open read unlink write)))
  (allow guix_daemon_t
         tmpfs_t
         (dir (getattr add_name remove_name write)))
  (allow guix_daemon_t
         proc_t
         (file (getattr open read)))
  (allow guix_daemon_t
         proc_t
         (dir (read)))
  (allow guix_daemon_t
         proc_t
         (filesystem (associate mount)))
  (allow guix_daemon_t
         null_device_t
         (chr_file (getattr open read write)))
  (allow guix_daemon_t
         kvm_device_t
         (chr_file (getattr)))
  (allow guix_daemon_t
         zero_device_t
         (chr_file (getattr)))
  (allow guix_daemon_t
         urandom_device_t
         (chr_file (getattr)))
  (allow guix_daemon_t
         random_device_t
         (chr_file (getattr)))
  (allow guix_daemon_t
         devtty_t
         (chr_file (getattr)))

  ;; Access to store items
  (allow guix_daemon_t
         guix_store_content_t
         (dir (reparent
               create
               getattr setattr
               search rename
               add_name remove_name
               open write
               rmdir relabelfrom)))
  (allow guix_daemon_t
         guix_store_content_t
         (file (create
                lock
                setattr getattr
                execute execute_no_trans
                link unlink
                map
                rename
                append
                open read write relabelfrom)))
  (allow guix_daemon_t
         guix_store_content_t
         (lnk_file (create
                    getattr setattr
                    link unlink
                    read
                    rename)))
  (allow guix_daemon_t
         guix_store_content_t
         (fifo_file (create getattr open read unlink write)))
  (allow guix_daemon_t
         guix_store_content_t
         (sock_file (create getattr setattr unlink write)))

  ;; Access to configuration files and directories
  (allow guix_daemon_t
         guix_daemon_conf_t
         (dir (search create
               setattr getattr
               add_name remove_name
               open read write)))
  (allow guix_daemon_t
         guix_daemon_conf_t
         (file (create rename
                lock
                map
                getattr setattr
                unlink
                open read write)))
  (allow guix_daemon_t
         guix_daemon_conf_t
         (lnk_file (create getattr rename unlink read)))
  (allow guix_daemon_t net_conf_t
         (file (getattr open read)))
  (allow guix_daemon_t net_conf_t
         (lnk_file (read)))
  (allow guix_daemon_t NetworkManager_var_run_t
         (dir (search)))

  ;; Access to profiles
  (allow guix_daemon_t
         guix_profiles_t
         (dir (search getattr setattr read write open create add_name)))
  (allow guix_daemon_t
         guix_profiles_t
         (lnk_file (read getattr)))

  ;; Access to profile links in the home directory
  ;; TODO: allow access to profile links *anywhere* on the filesystem
  (allow guix_daemon_t
         user_home_t
         (lnk_file (read getattr)))
  (allow guix_daemon_t
         user_home_t
         (dir (search)))
  (allow guix_daemon_t
         cache_home_t
         (dir (search)))
  (allow guix_daemon_t
         cache_home_t
         (lnk_file (getattr read)))

  ;; self upgrades
  (allow guix_daemon_t
         self
         (dir (add_name write)))
  (allow guix_daemon_t
         self
         (netlink_route_socket (bind create getattr nlmsg_read read write getopt)))

  ;; Socket operations
  (allow guix_daemon_t
         guix_daemon_socket_t
         (sock_file (unlink write)))
  (allow guix_daemon_t
         init_t
         (fd (use)))
  (allow guix_daemon_t
         init_t
         (unix_stream_socket (write)))
  (allow guix_daemon_t
         guix_daemon_conf_t
         (unix_stream_socket (listen)))
  (allow guix_daemon_t
         guix_daemon_conf_t
         (sock_file (create unlink)))
  (allow guix_daemon_t
         self
         (unix_stream_socket (create
                              read write
                              connect bind accept
                              getopt setopt)))
  (allow guix_daemon_t
         self
         (tcp_socket (accept listen bind connect create setopt getopt getattr ioctl read write shutdown)))
  (allow guix_daemon_t
         unreserved_port_t
         (tcp_socket (name_bind name_connect accept listen)))
  (allow guix_daemon_t
         self
         (udp_socket (connect getattr bind getopt setopt read write)))
  (allow guix_daemon_t
         self
         (fifo_file (write read)))
  (allow guix_daemon_t
         self
         (udp_socket (ioctl create)))
  (allow guix_daemon_t
         self
         (unix_stream_socket (connectto)))
  (allow guix_daemon_t
         self
         (unix_dgram_socket (create bind connect sendto read write)))

  ;; For some esoteric build jobs (i.e. running PostgreSQL, etc).
  (allow guix_daemon_t
         self
         (capability (kill)))
  (allow guix_daemon_t
         node_t
         (tcp_socket (node_bind)))
  (allow guix_daemon_t
         node_t
         (udp_socket (node_bind)))
  (allow guix_daemon_t
         port_t
         (tcp_socket (name_connect)))
  (allow guix_daemon_t
         tmpfs_t
         (file (map read write link getattr)))
  (allow guix_daemon_t
         usermodehelper_t
         (file (read)))
  (allow guix_daemon_t
         hugetlbfs_t
         (file (map read write)))
  (allow guix_daemon_t
         proc_net_t
         (file (read)))
  (allow guix_daemon_t
         postgresql_port_t
         (tcp_socket (name_connect name_bind)))
  (allow guix_daemon_t
         rtp_media_port_t
         (udp_socket (name_bind)))
  (allow guix_daemon_t
         vnc_port_t
         (tcp_socket (name_bind)))

  ;; I guess sometimes it needs random numbers
  (allow guix_daemon_t
         random_device_t
         (chr_file (read)))

  ;; guix system vm
  (allow guix_daemon_t
         kvm_device_t
         (chr_file (ioctl open read write)))
  (allow guix_daemon_t
         kernel_t
         (system (ipc_info)))

  ;; Label file system
  (filecon "@guix_sysconfdir@/guix(/.*)?"
           any (system_u object_r guix_daemon_conf_t (low low)))
  (filecon "@guix_localstatedir@/guix(/.*)?"
           any (system_u object_r guix_daemon_conf_t (low low)))
  (filecon "@guix_localstatedir@/guix/profiles(/.*)?"
           any (system_u object_r guix_profiles_t (low low)))
  (filecon "/gnu"
           dir (unconfined_u object_r guix_store_content_t (low low)))
  (filecon "@storedir@(/.+)?"
           any (unconfined_u object_r guix_store_content_t (low low)))
  (filecon "@storedir@/[^/]+/.+"
           any (unconfined_u object_r guix_store_content_t (low low)))
  (filecon "@prefix@/bin/guix-daemon"
           file (system_u object_r guix_daemon_exec_t (low low)))
  (filecon "@storedir@/.+-(guix-.+|profile)/bin/guix-daemon"
           file (system_u object_r guix_daemon_exec_t (low low)))
  (filecon "@storedir@/[a-z0-9]+-guix-daemon"
           file (system_u object_r guix_daemon_exec_t (low low)))
  (filecon "@guix_localstatedir@/guix/daemon-socket/socket"
           any (system_u object_r guix_daemon_socket_t (low low))))
generated by cgit
s) #~(cons* "--enable-gold=default" (delete "LDFLAGS=-static-libgcc" #$flags))) ((#:phases phases '%standard-phases) #~(modify-phases #$phases (add-after 'patch-source-shebangs 'patch-more-shebangs (lambda _ (substitute* "gold/Makefile.in" (("/bin/sh") (which "sh"))))) ;; Multiple failing tests on some architectures in the gold testsuite. #$@(if (or (target-arm?) (target-ppc32?)) #~((add-after 'unpack 'skip-gold-testsuite (lambda _ (substitute* "gold/Makefile.in" ((" testsuite") " "))))) #~()))))) (native-inputs (modify-inputs (package-native-inputs binutils) (append bc))))) (define* (make-ld-wrapper name #:key (target (const #f)) binutils (linker "ld") (guile (canonical-package guile-3.0)) (bash (canonical-package bash)) (guile-for-build guile)) "Return a package called NAME that contains a wrapper for the 'ld' program of BINUTILS, which adds '-rpath' flags to the actual 'ld' command line. The wrapper uses GUILE and BASH. TARGET must be a one-argument procedure that, given a system type, returns a cross-compilation target triplet or #f. When the result is not #f, make a wrapper for the cross-linker for that target, called 'TARGET-ld'. To use a different linker than the default \"ld\", such as \"ld.gold\" the linker name can be provided via the LINKER argument." ;; Note: #:system->target-triplet is a procedure so that the evaluation of ;; its result can be delayed until the 'arguments' field is evaluated, thus ;; in a context where '%current-system' is accurate. (package (name name) (version "0") (source #f) (build-system trivial-build-system) (inputs `(("binutils" ,binutils) ("guile" ,guile) ("bash" ,bash) ("wrapper" ,(search-path %load-path "gnu/packages/ld-wrapper.in")))) (arguments (let ((target (target (%current-system)))) `(#:guile ,guile-for-build #:modules ((guix build utils)) #:builder (begin (use-modules (guix build utils) (system base compile)) (let* ((out (assoc-ref %outputs "out")) (bin (string-append out "/bin")) (ld ,(if target `(string-append bin "/" ,target "-" ,linker) `(string-append bin "/" ,linker))) (go (string-append ld ".go"))) (setvbuf (current-output-port) (cond-expand (guile-2.0 _IOLBF) (else 'line))) (format #t "building ~s/bin/ld wrapper in ~s~%" (assoc-ref %build-inputs "binutils") out) (mkdir-p bin) (copy-file (assoc-ref %build-inputs "wrapper") ld) (substitute* ld (("@SELF@") ld) (("@GUILE@") (string-append (assoc-ref %build-inputs "guile") "/bin/guile")) (("@BASH@") (string-append (assoc-ref %build-inputs "bash") "/bin/bash")) (("@LD@") (string-append (assoc-ref %build-inputs "binutils") ,(if target (string-append "/bin/" target "-" linker) (string-append "/bin/" linker))))) (chmod ld #o555) (compile-file ld #:output-file go)))))) (synopsis "The linker wrapper") (description "The linker wrapper (or @code{ld-wrapper}) wraps the linker to add any missing @code{-rpath} flags, and to detect any misuse of libraries outside of the store.") (home-page "https://www.gnu.org/software/guix//") (license gpl3+))) (define-public glibc ;; This is the GNU C Library, used on GNU/Linux and GNU/Hurd. Prior to ;; version 2.28, GNU/Hurd used a different glibc branch. (package (name "glibc") (version "2.39") (source (origin (method url-fetch) (uri (string-append "mirror://gnu/glibc/glibc-" version ".tar.xz")) (sha256 (base32 "09nrwb0ksbah9k35jchd28xxp2hidilqdgz7b8v5f30pz1yd8yzp")) (patches (search-patches "glibc-2.39-git-updates.patch" "glibc-ldd-powerpc.patch" "glibc-2.38-ldd-x86_64.patch" "glibc-dl-cache.patch" "glibc-2.37-versioned-locpath.patch" ;; "glibc-allow-kernel-2.6.32.patch" "glibc-reinstate-prlimit64-fallback.patch" "glibc-supported-locales.patch" "glibc-2.37-hurd-clock_t_centiseconds.patch" "glibc-2.37-hurd-local-clock_gettime_MONOTONIC.patch" "glibc-hurd-mach-print.patch" "glibc-hurd-gettyent.patch" "glibc-hurd-getauxval.patch")))) (properties `((lint-hidden-cve . ("CVE-2024-33601" "CVE-2024-33602" "CVE-2024-33600" "CVE-2024-33599")))) (build-system gnu-build-system) ;; Glibc's refers to , for instance, so glibc ;; users should automatically pull Linux headers as well. On GNU/Hurd, ;; libc provides , which includes a bunch of Hurd and Mach headers, ;; so both should be propagated. (propagated-inputs (if (target-hurd?) `(("hurd-core-headers" ,hurd-core-headers)) `(("kernel-headers" ,linux-libre-headers)))) (outputs '("out" "debug" "static")) ;9 MiB of .a files (arguments `(#:out-of-source? #t ;; The libraries have an empty RUNPATH, but some, such as the versioned ;; libraries (libdl-2.24.so, etc.) have ld.so marked as NEEDED. Since ;; these libraries are always going to be found anyway, just skip ;; RUNPATH checks. #:validate-runpath? #f #:modules ((ice-9 ftw) (srfi srfi-1) (srfi srfi-26) (guix build utils) (guix build gnu-build-system)) ;; Strip binaries but preserve the symbol table needed by Valgrind: ;; . #:strip-flags '("--strip-debug") #:configure-flags (list "--sysconfdir=/etc" ;; Installing a locale archive with all the locales is to ;; expensive (~100 MiB), so we rely on users to install the ;; locales they really want. ;; ;; Set the default locale path. In practice, $LOCPATH may be ;; defined to point whatever locales users want. However, setuid ;; binaries don't honor $LOCPATH, so they'll instead look into ;; $libc_cv_complocaledir; we choose /run/current-system/locale/X.Y, ;; with the idea that it is going to be populated by the sysadmin. ;; The "X.Y" sub-directory is because locale data formats are ;; incompatible across libc versions; see ;; . ;; ;; `--localedir' is not honored, so work around it. ;; See . (string-append "libc_cv_complocaledir=/run/current-system/locale/" ,(version-major+minor version)) (string-append "--with-headers=" (assoc-ref ,(if (%current-target-system) '%build-target-inputs '%build-inputs) "kernel-headers") "/include") ;; This is the default for most architectures as of GNU libc 2.26, ;; but we specify it explicitly for clarity and consistency. See ;; "kernel-features.h" in the GNU libc for details. "--enable-kernel=3.2.0" ;; Use our Bash instead of /bin/sh. (string-append "BASH_SHELL=" (assoc-ref %build-inputs "bash") "/bin/bash") ;; On GNU/Hurd we get discarded-qualifiers warnings for ;; 'device_write_inband' among other things. Ignore them. ,@(if (target-hurd?) `("--disable-werror") '())) #:tests? #f ; XXX #:phases (modify-phases %standard-phases (add-before 'configure 'pre-configure (lambda* (#:key inputs native-inputs outputs #:allow-other-keys) (let* ((out (assoc-ref outputs "out")) (bin (string-append out "/bin")) ;; FIXME: Normally we would look it up only in INPUTS ;; but cross-base uses it as a native input. (bash (or (assoc-ref inputs "static-bash") (assoc-ref native-inputs "static-bash")))) ;; Install the rpc data base file under `$out/etc/rpc'. (substitute* "inet/Makefile" (("^\\$\\(inst_sysconfdir\\)/rpc(.*)$" _ suffix) (string-append out "/etc/rpc" suffix "\n")) (("^install-others =.*$") (string-append "install-others = " out "/etc/rpc\n"))) (substitute* "Makeconfig" ;; According to ;; , ;; linking against libgcc_s is not needed with GCC ;; 4.7.1. ((" -lgcc_s") "")) ;; Tell the ld.so cache code where the store is. (substitute* "elf/dl-cache.c" (("@STORE_DIRECTORY@") (string-append "\"" (%store-directory) "\""))) ;; Have `system' use that Bash. (substitute* "sysdeps/posix/system.c" (("#define[[:blank:]]+SHELL_PATH.*$") (format #f "#define SHELL_PATH \"~a/bin/bash\"\n" bash))) ;; Same for `popen'. (substitute* "libio/iopopen.c" (("/bin/sh") (string-append bash "/bin/sh"))) ;; Same for the shell used by the 'exec' functions for ;; scripts that lack a shebang. (substitute* (find-files "." "^paths\\.h$") (("#define[[:blank:]]+_PATH_BSHELL[[:blank:]].*$") (string-append "#define _PATH_BSHELL \"" bash "/bin/sh\"\n"))) ;; Make sure we don't retain a reference to the ;; bootstrap Perl. (substitute* "malloc/mtrace.pl" (("^#!.*") ;; The shebang can be omitted, because there's the ;; "bilingual" eval/exec magic at the top of the file. "") (("exec @PERL@") "exec perl"))))) (add-after 'install 'move-static-libs (lambda* (#:key outputs #:allow-other-keys) ;; Move static libraries to the "static" output. ;; Note: As of GNU libc 2.34, the contents of some ".a" ;; files have been moved into "libc.so", and *both* empty ;; ".so" and ".a" files have been introduced to avoid ;; breaking existing executables and existing builds ;; respectively. The intent of the seemingly redundant ;; empty ".a" files is to avoid newly-compiled executables ;; from having dependencies on the empty shared libraries, ;; and as such, it is useful to have these ".a" files in ;; OUT in addition to STATIC. (define (empty-static-library? file) ;; Return true if FILE is an 'ar' archive with nothing ;; beyond the header. (let ((file (string-append (assoc-ref outputs "out") "/lib/" file))) (and (ar-file? file) (= (stat:size (stat file)) 8)))) (define (static-library? file) ;; Return true if FILE is a static library. The ;; "_nonshared.a" files are referred to by libc.so, ;; libpthread.so, etc., which are in fact linker ;; scripts. (and (string-suffix? ".a" file) (not (string-contains file "_nonshared")) (not (empty-static-library? file)))) (define (linker-script? file) ;; Guess whether FILE, a ".a" file, is actually a ;; linker script. (and (not (ar-file? file)) (not (elf-file? file)))) (let* ((out (assoc-ref outputs "out")) (lib (string-append out "/lib")) (files (scandir lib static-library?)) (empty (scandir lib empty-static-library?)) (static (assoc-ref outputs "static")) (slib (string-append static "/lib"))) (mkdir-p slib) (for-each (lambda (base) (rename-file (string-append lib "/" base) (string-append slib "/" base))) files) (for-each (lambda (base) (copy-file (string-append lib "/" base) (string-append slib "/" base))) empty) ;; Usually libm.a is a linker script so we need to ;; change the file names in there to refer to STATIC ;; instead of OUT. (for-each (lambda (ld-script) (substitute* ld-script ((out) static))) (filter linker-script? (map (cut string-append slib "/" <>) files)))))) (add-after 'install 'install-utf8-c-locale (lambda* (#:key outputs #:allow-other-keys) ;; Install the C.UTF-8 locale so there's always a UTF-8 ;; locale around. (let* ((out (assoc-ref outputs "out")) (bin (string-append out "/bin")) (locale (string-append out "/lib/locale/" ,(package-version this-package)))) (mkdir-p locale) ;; FIXME: When cross-compiling, attempt to use ;; 'localedef' from the same libc version. (invoke ,(if (%current-target-system) "true" '(string-append bin "/localedef")) "--no-archive" "--prefix" locale "-i" "C" "-f" "UTF-8" (string-append locale "/C.UTF-8"))))) ,@(if (target-hurd?) '((add-after 'install 'augment-libc.so (lambda* (#:key outputs #:allow-other-keys) (let ((out (assoc-ref outputs "out"))) (substitute* (string-append out "/lib/libc.so") (("/[^ ]+/lib/libc.so.0.3") (string-append out "/lib/libc.so.0.3" " libmachuser.so libhurduser.so")))))) (add-after 'install 'create-machine-symlink (lambda* (#:key outputs #:allow-other-keys) (let* ((out (assoc-ref outputs "out")) (cpu "i386") (machine (string-append out "/include/mach/machine"))) (unless (file-exists? machine) (symlink cpu machine)))))) '())))) (inputs `(("static-bash" ,static-bash))) ;; To build the manual, we need Texinfo and Perl. Gettext is needed to ;; install the message catalogs, with 'msgfmt'. (native-inputs `(("texinfo" ,texinfo) ("perl" ,perl) ("bison" ,bison) ("gettext" ,gettext-minimal) ("python" ,python-minimal) ,@(if (target-hurd?) `(("mig" ,mig) ("perl" ,perl)) '()))) (native-search-paths ;; Search path for packages that provide locale data. This is useful ;; primarily in build environments. Use 'GUIX_LOCPATH' rather than ;; 'LOCPATH' to avoid interference with the host system's libc on foreign ;; distros. (list (search-path-specification (variable "GUIX_LOCPATH") (files '("lib/locale"))) $TZDIR)) (synopsis "The GNU C Library") (description "Any Unix-like operating system needs a C library: the library which defines the \"system calls\" and other basic facilities such as open, malloc, printf, exit... The GNU C library is used as the C library in the GNU system and most systems with the Linux kernel.") (license lgpl2.0+) (home-page "https://www.gnu.org/software/libc/"))) ;; Define a variation of glibc which uses the default /etc/ld.so.cache, useful ;; in FHS containers. (define-public glibc-for-fhs (hidden-package (package/inherit glibc (name "glibc-for-fhs") (source (origin (inherit (package-source glibc)) ;; Remove Guix's patch to read ld.so.cache from /gnu/store ;; directories, re-enabling the default /etc/ld.so.cache ;; behavior. (patches (delete (search-patch "glibc-dl-cache.patch") (origin-patches (package-source glibc))))))))) ;; Below are old libc versions, which we use mostly to build locale data in ;; the old format (which the new libc cannot cope with.) (define-public glibc-2.35 (package (inherit glibc) (version "2.35") (source (origin (method url-fetch) (uri (string-append "mirror://gnu/glibc/glibc-" version ".tar.xz")) (sha256 (base32 "0bpm1kfi09dxl4c6aanc5c9951fmf6ckkzay60cx7k37dcpp68si")) (patches (search-patches "glibc-2.35-CVE-2023-4911.patch" "glibc-ldd-powerpc.patch" "glibc-ldd-x86_64.patch" "glibc-dl-cache.patch" "glibc-versioned-locpath.patch" "glibc-allow-kernel-2.6.32.patch" "glibc-reinstate-prlimit64-fallback.patch" "glibc-supported-locales.patch" "glibc-cross-objdump.patch" "glibc-cross-objcopy.patch" ;must come 2nd "glibc-hurd-clock_t_centiseconds.patch" "glibc-hurd-clock_gettime_monotonic.patch" "glibc-hurd-mach-print.patch" "glibc-hurd-gettyent.patch")))) (arguments (substitute-keyword-arguments (package-arguments glibc) ((#:configure-flags flags #~'()) #~(cons* "--enable-crypt" ;; We do not want to use the C++ compiler, because its ;; libstdc++ is linked against a newer glibc, and so relies ;; on those newer symbols. Pretend it doesn't link (the test ;; doesn't actually check that the compiler works with new ;; libstdc++ and older glibc). "libc_cv_cxx_link_ok=no" #$flags)) ((#:phases phases) ;; The C.UTF-8 fails to build in glibc 2.35: ;; . ;; It is missing altogether in versions earlier than 2.35. `(modify-phases ,phases (delete 'install-utf8-c-locale))))))) (define-public glibc-2.33 (package (inherit glibc-2.35) (name "glibc") (version "2.33") (source (origin (method url-fetch) (uri (string-append "mirror://gnu/glibc/glibc-" version ".tar.xz")) (sha256 (base32 "1zvp0qdfbdyqrzydz18d9zg3n5ygy8ps7cmny1bvsp8h1q05c99f")) (patches (cons (search-patch "glibc-2.33-riscv64-miscompilation.patch") ;; Remove patches that are irrelevant or do not apply to ;; this version. (remove (lambda (patch) (member (basename patch) '("glibc-2.35-CVE-2023-4911.patch" "glibc-hurd-clock_gettime_monotonic.patch"))) (origin-patches (package-source glibc-2.35))))))))) (define-public glibc-2.32 (package (inherit glibc-2.35) (version "2.32") (source (origin (inherit (package-source glibc)) (uri (string-append "mirror://gnu/glibc/glibc-" version ".tar.xz")) (sha256 (base32 "0di848ibffrnwq7g2dvgqrnn4xqhj3h96csn69q4da51ymafl9qn")) (patches (search-patches "glibc-skip-c++.patch" "glibc-ldd-powerpc.patch" "glibc-ldd-x86_64.patch" "glibc-dl-cache.patch" "glibc-hidden-visibility-ldconfig.patch" "glibc-versioned-locpath.patch" "glibc-allow-kernel-2.6.32.patch" "glibc-reinstate-prlimit64-fallback.patch" "glibc-supported-locales.patch" "glibc-hurd-clock_t_centiseconds.patch" "glibc-2.31-hurd-clock_gettime_monotonic.patch" "glibc-hurd-signal-sa-siginfo.patch" "glibc-hurd-mach-print.patch" "glibc-hurd-gettyent.patch")) #; (patches (search-patches "glibc-ldd-x86_64.patch" "glibc-hidden-visibility-ldconfig.patch" "glibc-versioned-locpath.patch" "glibc-allow-kernel-2.6.32.patch" "glibc-reinstate-prlimit64-fallback.patch" "glibc-supported-locales.patch" "glibc-hurd-clock_t_centiseconds.patch" "glibc-hurd-clock_gettime_monotonic.patch" "glibc-hurd-signal-sa-siginfo.patch")))) (arguments (substitute-keyword-arguments (package-arguments glibc) ((#:make-flags flags '()) ;; Arrange so that /etc/rpc & co. go to $out/etc. `(list (string-append "sysconfdir=" (assoc-ref %outputs "out") "/etc"))) ((#:phases phases) `(modify-phases ,phases (add-before 'configure 'set-etc-rpc-installation-directory (lambda* (#:key outputs #:allow-other-keys) ;; Install the rpc data base file under `$out/etc/rpc'. (let ((out (assoc-ref outputs "out"))) (substitute* "sunrpc/Makefile" (("^\\$\\(inst_sysconfdir\\)/rpc(.*)$" _ suffix) (string-append out "/etc/rpc" suffix "\n")) (("^install-others =.*$") (string-append "install-others = " out "/etc/rpc\n")))))))))))) (define-public glibc-2.31 (package (inherit glibc-2.35) (version "2.31") (source (origin (inherit (package-source glibc)) (uri (string-append "mirror://gnu/glibc/glibc-" version ".tar.xz")) (sha256 (base32 "05zxkyz9bv3j9h0xyid1rhvh3klhsmrpkf3bcs6frvlgyr2gwilj")) (patches (search-patches "glibc-skip-c++.patch" "glibc-ldd-powerpc.patch" "glibc-ldd-x86_64.patch" "glibc-dl-cache.patch" "glibc-hidden-visibility-ldconfig.patch" "glibc-versioned-locpath.patch" "glibc-allow-kernel-2.6.32.patch" "glibc-reinstate-prlimit64-fallback.patch" "glibc-supported-locales.patch" "glibc-hurd-clock_t_centiseconds.patch" "glibc-2.31-hurd-clock_gettime_monotonic.patch" "glibc-hurd-signal-sa-siginfo.patch" "glibc-hurd-mach-print.patch" "glibc-hurd-gettyent.patch")))) (arguments (substitute-keyword-arguments (package-arguments glibc) ((#:phases phases) `(modify-phases ,phases (add-before 'configure 'set-etc-rpc-installation-directory (lambda* (#:key outputs #:allow-other-keys) ;; Install the rpc data base file under `$out/etc/rpc'. (let ((out (assoc-ref outputs "out"))) (substitute* "sunrpc/Makefile" (("^\\$\\(inst_sysconfdir\\)/rpc(.*)$" _ suffix) (string-append out "/etc/rpc" suffix "\n")) (("^install-others =.*$") (string-append "install-others = " out "/etc/rpc\n")))))))))))) (define-public glibc-2.30 (package (inherit glibc-2.31) (version "2.30") (native-inputs ;; This fails with a build error in libc-tls.c when using GCC 10. Use an ;; older compiler. (modify-inputs (package-native-inputs glibc) (prepend gcc-8))) (source (origin (inherit (package-source glibc)) (uri (string-append "mirror://gnu/glibc/glibc-" version ".tar.xz")) (sha256 (base32 "1bxqpg91d02qnaz837a5kamm0f43pr1il4r9pknygywsar713i72")) (patches (search-patches "glibc-skip-c++.patch" "glibc-ldd-x86_64.patch" "glibc-CVE-2019-19126.patch" "glibc-hidden-visibility-ldconfig.patch" "glibc-versioned-locpath.patch" "glibc-allow-kernel-2.6.32.patch" "glibc-reinstate-prlimit64-fallback.patch" "glibc-2.29-supported-locales.patch")))))) (define-public glibc-2.29 (package (inherit glibc-2.30) (version "2.29") (source (origin (inherit (package-source glibc)) (uri (string-append "mirror://gnu/glibc/glibc-" version ".tar.xz")) (sha256 (base32 "0jzh58728flfh939a8k9pi1zdyalfzlxmwra7k0rzji5gvavivpk")) (patches (search-patches "glibc-skip-c++.patch" "glibc-ldd-x86_64.patch" "glibc-CVE-2019-7309.patch" "glibc-CVE-2019-9169.patch" "glibc-2.29-git-updates.patch" "glibc-hidden-visibility-ldconfig.patch" "glibc-versioned-locpath.patch" "glibc-allow-kernel-2.6.32.patch" "glibc-reinstate-prlimit64-fallback.patch" "glibc-2.29-supported-locales.patch")))))) (define-public (make-gcc-libc base-gcc libc) "Return a GCC that targets LIBC." (package (inherit base-gcc) (name (string-append (package-name base-gcc) "-" (package-name libc) "-" (package-version libc))) (arguments (ensure-keyword-arguments (package-arguments base-gcc) '(#:implicit-inputs? #f))) (native-inputs `(,@(package-native-inputs base-gcc) ,@(append (fold alist-delete (%final-inputs) '("libc" "libc:static"))) ("libc" ,libc) ("libc:static" ,libc "static"))))) (define-public (make-glibc-locales glibc) (package (inherit glibc) (name "glibc-locales") (source (origin (inherit (package-source glibc)) ;; The patch for glibc 2.28 and earlier replaces the same ;; content, but the context in the patch is different ;; enough to fail to merge. (patches (cons (search-patch (if (version>=? (package-version glibc) "2.29") "glibc-locales.patch" "glibc-locales-2.28.patch")) (origin-patches (package-source glibc)))))) (synopsis "All the locales supported by the GNU C Library") (description "This package provides all the locales supported by the GNU C Library, more than 400 in total. To use them set the @code{LOCPATH} environment variable to the @code{share/locale} sub-directory of this package.") (outputs '("out")) ;110+ MiB (native-search-paths '()) (arguments (let ((args `(#:tests? #f #:strip-binaries? #f ,@(package-arguments glibc)))) (substitute-keyword-arguments args ((#:modules modules '((guix build utils) (guix build gnu-build-system))) `((srfi srfi-11) (gnu build locale) ,@modules)) ((#:imported-modules modules '()) `((gnu build locale) ,@%default-gnu-imported-modules)) ((#:phases phases) #~(modify-phases #$phases (replace 'build (lambda _ (invoke "make" "localedata/install-locales" "-j" (number->string (parallel-job-count))))) (add-after 'build 'symlink-normalized-codesets (lambda* (#:key outputs #:allow-other-keys) ;; The above phase does not install locales with names using ;; the "normalized codeset." Thus, create symlinks like: ;; en_US.utf8 -> en_US.UTF-8 (define (locale-directory? file stat) (and (file-is-directory? file) (string-index (basename file) #\_) (string-rindex (basename file) #\.))) (let* ((locales (find-files #$output locale-directory? #:directories? #t))) (for-each (lambda (directory) (let*-values (((base) (basename directory)) ((name codeset) (locale->name+codeset base)) ((normalized) (normalize-codeset codeset))) (unless (string=? codeset normalized) (symlink base (string-append (dirname directory) "/" name "." normalized))))) locales)))) (delete 'install) (delete 'install-utf8-c-locale) (delete 'move-static-libs))) ((#:configure-flags flags) #~(append #$flags ;; Use $(libdir)/locale/X.Y as is the case by default. (list (string-append "libc_cv_complocaledir=" #$output "/lib/locale/" #$(version-major+minor (package-version glibc))))))))) (properties `((upstream-name . "glibc"))))) (define %default-utf8-locales ;; These are the locales commonly used for tests---e.g., in Guile's i18n ;; tests. '("C" "de_DE" "el_GR" "en_US" "fr_FR" "tr_TR")) (define*-public (make-glibc-utf8-locales glibc #:key (locales %default-utf8-locales) (name "glibc-utf8-locales")) (define default-locales? (equal? locales %default-utf8-locales)) (package (name name) (version (package-version glibc)) (source #f) (build-system trivial-build-system) (arguments (list #:modules '((guix build utils)) #:builder #~(begin (use-modules (guix build utils)) (let* ((libc (dirname (search-input-file %build-inputs "/bin/localedef"))) (gzip (dirname (search-input-file %build-inputs "/bin/gzip"))) (out #$output) (localedir (string-append out "/lib/locale/" #$(version-major+minor (package-version this-package))))) ;; 'localedef' needs 'gzip'. (setenv "PATH" (string-append libc ":" gzip "")) (mkdir-p localedir) (for-each (lambda (locale) (define file ;; Use the "normalized codeset" by ;; default--e.g., "en_US.utf8". (string-append localedir "/" locale ".utf8")) (invoke "localedef" "--no-archive" "--prefix" localedir "-i" locale "-f" "UTF-8" file) ;; For backward compatibility with Guix ;; <= 0.8.3, add "xx_YY.UTF-8". (symlink (string-append locale ".utf8") (string-append localedir "/" locale ".UTF-8"))) ;; The C.UTF-8 locale was introduced in 2.35 but it ;; fails to build there: ;; . '#$(if (version>? (package-version this-package) "2.35") locales (delete "C" locales))))))) (native-inputs (list glibc gzip)) (synopsis (if default-locales? (P_ "Small sample of UTF-8 locales") (P_ "Customized sample of UTF-8 locales"))) (description (if default-locales? (P_ "This package provides a small sample of UTF-8 locales mostly useful in test environments.") (format #f (P_ "This package provides the following UTF-8 locales: @itemize ~{@item ~a~%~} @end itemize~%") locales))) (home-page (package-home-page glibc)) (license (package-license glibc)))) (define-public glibc-locales (make-glibc-locales glibc)) (define-public glibc-utf8-locales (hidden-package (make-glibc-utf8-locales glibc))) ;; Packages provided to ease use of binaries linked against the previous libc. (define-public glibc-locales-2.35 (package (inherit (make-glibc-locales glibc-2.35)) (name "glibc-locales-2.35"))) (define-public glibc-locales-2.33 (package (inherit (make-glibc-locales glibc-2.33)) (name "glibc-locales-2.33"))) (define-public glibc-locales-2.32 (package (inherit (make-glibc-locales glibc-2.32)) (name "glibc-locales-2.32"))) (define-public glibc-locales-2.31 (package (inherit (make-glibc-locales glibc-2.31)) (name "glibc-locales-2.31"))) (define-public glibc-locales-2.30 (package (inherit (make-glibc-locales glibc-2.30)) (name "glibc-locales-2.30"))) (define-public glibc-locales-2.29 (package (inherit (make-glibc-locales glibc-2.29)) (name "glibc-locales-2.29"))) (define-public glibc-utf8-locales-2.29 (package (inherit (make-glibc-utf8-locales glibc-2.29)) (name "glibc-utf8-locales-2.29"))) (define-public which (package (name "which") (version "2.21") (source (origin (method url-fetch) (uri (string-append "mirror://gnu/which/which-" version ".tar.gz")) (sha256 (base32 "1bgafvy3ypbhhfznwjv1lxmd6mci3x1byilnnkc7gcr486wlb8pl")))) (build-system gnu-build-system) (home-page "https://gnu.org/software/which/") (synopsis "Find full path of shell commands") (description "The which program finds the location of executables in PATH, with a variety of options. It is an alternative to the shell \"type\" built-in command.") (license gpl3+))) ; some files are under GPLv2+ (define-public glibc/hurd glibc) (define-public glibc/hurd-headers (package/inherit glibc/hurd (name "glibc-hurd-headers") (outputs '("out")) (propagated-inputs (list gnumach-headers hurd-headers)) (native-inputs (modify-inputs (package-native-inputs glibc/hurd) (prepend (if (%current-target-system) (let* ((cross-base (resolve-interface '(gnu packages cross-base))) (cross-mig (module-ref cross-base 'cross-mig))) (cross-mig (%current-target-system))) mig)))) (arguments (substitute-keyword-arguments (package-arguments glibc/hurd) ;; We just pass the flags really needed to build the headers. ((#:configure-flags flags) `(list "--enable-add-ons")) ((#:phases _) '(modify-phases %standard-phases (replace 'install (lambda* (#:key outputs #:allow-other-keys) (invoke "make" "install-headers") ;; Make an empty stubs.h to work around not being able to ;; produce a valid stubs.h and causing the build to fail. See ;; . (let ((out (assoc-ref outputs "out"))) (close-port (open-output-file (string-append out "/include/gnu/stubs.h")))))) (delete 'build))))) ; nothing to build (supported-systems %hurd-systems))) (define-public glibc-utf8-locales/hurd ;; Locales for the libc version used on GNU/Hurd. (hidden-package (make-glibc-utf8-locales glibc/hurd))) (define* (libc-for-target #:optional (target (or (%current-target-system) (%current-system)))) (match target ((? target-hurd?) glibc/hurd) (_ glibc))) (define-public glibc-locales/hurd ;; Locales again; hide them because their 'supported-systems' field suggests ;; they're Hurd-only, making them non-installable on GNU/Linux. (hidden-package (make-glibc-locales glibc/hurd))) (define* (libc-locales-for-target #:optional (target (or (%current-target-system) (%current-system)))) (if (target-hurd? target) glibc-locales/hurd glibc-locales)) (define* (libc-utf8-locales-for-target #:optional (target (or (%current-target-system) (%current-system)))) "Return the glibc UTF-8 locale package for TARGET." ;; Note: To avoid circular dependencies (such as: texinfo -> ;; glibc-utf8-locales -> glibc -> texinfo), refer to ;; 'glibc-utf8-locales-final' via 'canonical-package'. (canonical-package (if (target-hurd? target) glibc-utf8-locales/hurd glibc-utf8-locales))) (define-public tzdata (package (name "tzdata") ;; This package should be kept in sync with python-pytz and python-tzdata ;; in (gnu packages time). (version "2023d") (source (origin (method url-fetch) (uri (string-append "https://data.iana.org/time-zones/releases/tzdata" version ".tar.gz")) (sha256 (base32 "1wq858ip55ijnlrffnnadq7vw0x93ywxghgfxh68r2qa1fbj3jnv")))) (build-system gnu-build-system) (arguments (list #:tests? #f ;; This consists purely of (architecture-independent) data, so ;; ‘cross-compilation’ is pointless here! (The binaries zic, ;; dump, and tzselect are deleted in the post-install phase.) #:target #f #:make-flags #~(let ((out #$output) (tmp (getenv "TMPDIR"))) (list (string-append "TOPDIR=" out) (string-append "TZDIR=" out "/share/zoneinfo") (string-append "TZDEFAULT=" out "/share/zoneinfo/localtime") ;; Likewise for the C library routines. (string-append "LIBDIR=" tmp "/lib") (string-append "MANDIR=" tmp "/man") ;; XXX: tzdata 2020b changed the on-disk format ;; of the time zone files from 'fat' to 'slim'. ;; Many packages (particularly evolution-data-server) ;; can not yet handle the latter, so we stick with ;; 'fat' for now. #$@(if (version>=? (package-version this-package) "2020b") '("CPPFLAGS=-DZIC_BLOAT_DEFAULT='\"fat\"'") '()) "AWK=awk" "CC=gcc")) #:modules '((guix build utils) (guix build gnu-build-system) (srfi srfi-1)) #:phases #~(modify-phases %standard-phases (replace 'unpack (lambda* (#:key source inputs #:allow-other-keys) (invoke "tar" "xvf" source) (invoke "tar" "xvf" #$(match (package-inputs this-package) (((_ tzcode)) tzcode))))) (add-after 'install 'post-install (lambda* (#:key outputs #:allow-other-keys) ;; Move data in the right place. (let ((out (assoc-ref outputs "out"))) ;; Discard zic, dump, and tzselect, already ;; provided by glibc. (delete-file-recursively (string-append out "/usr")) (symlink (string-append out "/share/zoneinfo") (string-append out "/share/zoneinfo/posix")) (delete-file-recursively (string-append out "/share/zoneinfo-posix")) (copy-recursively (string-append out "/share/zoneinfo-leaps") (string-append out "/share/zoneinfo/right")) (delete-file-recursively (string-append out "/share/zoneinfo-leaps"))))) (delete 'configure)))) (inputs (list (origin (method url-fetch) (uri (string-append "https://data.iana.org/time-zones/releases/tzcode" version ".tar.gz")) (sha256 (base32 "07hn7hn2klw4dfyr673ril2nrk18198hbfv25gljsvc833hzk9g9"))))) (home-page "https://www.iana.org/time-zones") (synopsis "Database of current and historical time zones") (description "The Time Zone Database (often called tz or zoneinfo) contains code and data that represent the history of local time for many representative locations around the globe. It is updated periodically to reflect changes made by political bodies to time zone boundaries, UTC offsets, and daylight-saving rules.") (license public-domain))) ;;; A "fixed" version of tzdata, which is used in the test suites of glib and R ;;; and a few other places. We can update this whenever we are able to rebuild ;;; thousands of packages (for example, in a core-updates rebuild). This package ;;; will typically be obsolete and should never be referred to by a built ;;; package. ;;; ;;; Please make this a hidden-package if it is different from the primary tzdata ;;; package. (define-public tzdata-for-tests tzdata) (define-public libiconv (package (name "libiconv") (version "1.15") (source (origin (method url-fetch) (uri (string-append "mirror://gnu/libiconv/libiconv-" version ".tar.gz")) (sha256 (base32 "0y1ij745r4p48mxq84rax40p10ln7fc7m243p8k8sia519i3dxfc")) (modules '((guix build utils))) (snippet ;; Work around "declared gets" error on glibc systems (fixed by ;; Gnulib commit 66712c23388e93e5c518ebc8515140fa0c807348.) '(substitute* "srclib/stdio.in.h" (("^#undef gets") "") (("^_GL_WARN_ON_USE \\(gets.*") ""))))) (build-system gnu-build-system) (synopsis "Character set conversion library") (description "libiconv provides an implementation of the iconv function for systems that lack it. iconv is used to convert between character encodings in a program. It supports a wide variety of different encodings.") (home-page "https://www.gnu.org/software/libiconv/") (license lgpl3+))) (define* (libiconv-if-needed #:optional (target (%current-target-system))) "Return either a libiconv package specification to include in a dependency list for platforms that have an incomplete libc, or the empty list. If a package needs iconv ,@(libiconv-if-needed) should be added." ;; POSIX C libraries provide iconv. Platforms with an incomplete libc ;; without iconv, such as MinGW, must return the then clause. (if (target-mingw? target) (list libiconv) '())) ;;; Beware: canonical-package should not be used at the top level, to avoid ;;; eagerly resolving (gnu packages commencement), which would introduce ;;; circular module dependencies. (define (canonical-package package) ;; Avoid circular dependency by lazily resolving 'commencement'. (let* ((iface (resolve-interface '(gnu packages commencement))) (proc (module-ref iface 'canonical-package))) (proc package))) ;;; Beware: %final-inputs should not be used at the top level, to avoid ;;; eagerly resolving (gnu packages commencement), which would introduce ;;; circular module dependencies. (define* (%final-inputs #:optional (system (%current-system))) "Return the list of \"final inputs\"." ;; Avoid circular dependency by lazily resolving 'commencement'. (let ((iface (resolve-interface '(gnu packages commencement)))) ((module-ref iface '%final-inputs) system))) ;;; base.scm ends here