;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2014 John Darrington ;;; Copyright © 2016 Jan Nieuwenhuizen ;;; ;;; This file is part of GNU Guix. ;;; ;;; GNU Guix is free software; you can redistribute it and/or modify it ;;; under the terms of the GNU General Public License as published by ;;; the Free Software Foundation; either version 3 of the License, or (at ;;; your option) any later version. ;;; ;;; GNU Guix is distributed in the hope that it will be useful, but ;;; WITHOUT ANY WARRANTY; without even the implied warranty of ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ;;; GNU General Public License for more details. ;;; ;;; You should have received a copy of the GNU General Public License ;;; along with GNU Guix. If not, see . (define-module (gnu packages gnu-doc) #:use-module (gnu packages base) #:use-module (gnu packages compression) #:use-module (gnu packages texinfo) #:use-module (guix build-system gnu) #:use-module (guix build-system trivial) #:use-module (guix cvs-download) #:use-module (guix download) #:use-module (guix licenses) #:use-module (guix packages)) (define-public miscfiles (package (name "miscfiles") (version "1.5") (source (origin (method url-fetch) (uri (string-append "mirror://gnu/" name "/" name "-" version ".tar.gz")) (sha256 (base32 "005588vfrwx8ghsdv9p7zczj9lbc9a3r4m5aphcaqv8gif4siaka")))) (build-system gnu-build-system) (home-page "https://www.gnu.org/software/miscfiles/") (synopsis "Data files for airport codes, zip codes, a dictionary, and more") (description "GNU Miscfiles is a collection of common data files. They include, for example, country abbreviations, names and capital cities; currency abbreviations and names; a Best Current Practices index; a map of the ASCII character set; a list of three-letter airport codes; and an English word list.") (license gpl2+))) (define-public gnu-standards (package (name "gnu-standards") (version "2020-11-25") (source (origin (method cvs-fetch) (uri (cvs-reference (root-directory ":pserver:anonymous@cvs.savannah.gnu.org:/sources/gnustandards") (module "gnustandards") (revision version))) (sha256 (base32 "1xlwmgcnvp81ipgfir4ckpgl922mbckvxy1x758r0lksq5vrpglj")) (file-name (string-append name "-" version "-checkout")))) (build-system trivial-build-system) (native-inputs `(("gzip" ,gzip) ("source" ,source) ("texinfo" ,texinfo))) (arguments `(#:modules ((guix build utils)) #:builder (begin (use-modules (guix build utils)) (let ((gzip (assoc-ref %build-inputs "gzip")) (source (assoc-ref %build-inputs "source")) (texinfo (assoc-ref %build-inputs "texinfo")) (info-dir (string-append %output "/share/info"))) (setenv "PATH" (string-append gzip "/bin" ":" texinfo "/bin")) (mkdir-p info-dir) (invoke "makeinfo" "--output" info-dir (string-append source "/maintain.texi")) (invoke "makeinfo" "--output" info-dir (string-append source "/standards.texi")) (invoke "gzip" (string-append info-dir "/maintain.info")) (invoke "gzip" (string-append info-dir "/standards.info")))))) (home-page "https://www.gnu.org/prep/standards/") (synopsis "GNU coding standards and maintainer information") (description "The GNU Coding Standards were written by Richard Stallman and other GNU Project volunteers. Their purpose is to make the GNU system clean, consistent, and easy to install. The information for maintainers of GNU software has guidelines and advice for someone who is the maintainer of a GNU program on behalf of the GNU Project.") (license fdl1.3+))) tion builds. * nix/libutil/util.hh: Update comment. Change-Id: Ib59f040e98fed59d1af81d724b874b592cbef156 Ludovic Courtès 2024-03-11daemon: Protect against FD escape when building fixed-output derivations (CVE......This fixes a security issue (CVE-2024-27297) whereby a fixed-output derivation build process could open a writable file descriptor to its output, send it to some outside process for instance over an abstract AF_UNIX socket, which would then allow said process to modify the file in the store after it has been marked as “valid”. Vulnerability discovered by puck <https://github.com/puckipedia>. Nix security advisory: https://github.com/NixOS/nix/security/advisories/GHSA-2ffj-w4mj-pg37 Nix fix: https://github.com/NixOS/nix/commit/244f3eee0bbc7f11e9b383a15ed7368e2c4becc9 * nix/libutil/util.cc (readDirectory): Add variants that take a DIR* and a file descriptor. Rewrite the ‘Path’ variant accordingly. (copyFile, copyFileRecursively): New functions. * nix/libutil/util.hh (copyFileRecursively): New declaration. * nix/libstore/build.cc (DerivationGoal::buildDone): When ‘fixedOutput’ is true, call ‘copyFileRecursively’ followed by ‘rename’ on each output. Change-Id: I7952d41093eed26e123e38c14a4c1424be1ce1c4 Reported-by: Picnoir <picnoir@alternativebit.fr>, Théophane Hufschmitt <theophane.hufschmitt@tweag.io> Change-Id: Idb5f2757f35af86b032a9851cecb19b70227bd88 Ludovic Courtès 2023-01-09daemon: Improve error message for wrong hash sizes....* nix/libutil/hash.cc (parseHash): Show the hash algorithm name and expected size in the error message. * tests/derivations.scm ("fixed-output derivation, invalid hash size"): New test. Ludovic Courtès 2022-12-18daemon: Make "opening file" error messages distinguishable....* nix/libstore/build.cc (DerivationGoal::openLogFile): Customize "opening file" error message. * nix/libutil/hash.cc (hashFile): Likewise. * nix/libutil/util.cc (readFile, writeFile): Likewise. Ludovic Courtès