;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2014 David Thompson <davet@gnu.org>
;;; Copyright © 2016 David Craven <david@craven.ch>
;;;
;;; This file is part of GNU Guix.
;;;
;;; GNU Guix is free software; you can redistribute it and/or modify it
;;; under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 3 of the License, or (at
;;; your option) any later version.
;;;
;;; GNU Guix is distributed in the hope that it will be useful, but
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.

(define-module (test-crate)
  #:use-module (guix import crate)
  #:use-module (guix base32)
  #:use-module (guix build-system cargo)
  #:use-module (gcrypt hash)
  #:use-module (guix tests)
  #:use-module (ice-9 iconv)
  #:use-module (ice-9 match)
  #:use-module (srfi srfi-64))

(define test-crate
  "{
  \"crate\": {
    \"max_version\": \"1.0.0\",
    \"name\": \"foo\",
    \"license\": \"MIT/Apache-2.0\",
    \"description\": \"summary\",
    \"homepage\": \"http://example.com\",
    \"repository\": \"http://example.com\",
  }
}")

(define test-dependencies
  "{
  \"dependencies\": [
     {
       \"crate_id\": \"bar\",
       \"kind\": \"normal\",
     }
  ]
}")

(define test-source-hash
  "")

(test-begin "crate")

(test-equal "guix-package->crate-name"
  "rustc-serialize"
  (guix-package->crate-name
   (dummy-package
    "rust-rustc-serialize"
    (source (dummy-origin
     (uri (crate-uri "rustc-serialize" "1.0")))))))

(test-assert "crate->guix-package"
  ;; Replace network resources with sample data.
  (mock ((guix http-client) http-fetch
         (lambda (url . rest)
           (match url
             ("https://crates.io/api/v1/crates/foo"
              (open-input-string test-crate))
             ("https://crates.io/api/v1/crates/foo/1.0.0/download"
              (set! test-source-hash
                (bytevector->nix-base32-string
                 (sha256 (string->bytevector "empty file\n" "utf-8"))))
              (open-input-string "empty file\n"))
             ("https://crates.io/api/v1/crates/foo/1.0.0/dependencies"
              (open-input-string test-dependencies))
             (_ (error "Unexpected URL: " url)))))
    (match (crate->guix-package "foo")
      (('package
         ('name "rust-foo")
         ('version "1.0.0")
         ('source ('origin
                    ('method 'url-fetch)
                    ('uri ('crate-uri "foo" 'version))
                    ('file-name ('string-append 'name "-" 'version ".tar.gz"))
                    ('sha256
                     ('base32
                      (? string? hash)))))
         ('build-system 'cargo-build-system)
         ('arguments
          ('quasiquote
           (('#:cargo-inputs (("rust-bar" ('unquote rust-bar)))))))
         ('home-page "http://example.com")
         ('synopsis "summary")
         ('description "summary")
         ('license ('list 'license:expat 'license:asl2.0)))
       (string=? test-source-hash hash))
      (x
       (pk 'fail x #f)))))

(test-end "crate")
onicalization to move successful build outputs to the store.

Change-Id: Ia995136f3f965eaf7b0e1d92af964b816f3fb276
Signed-off-by: Ludovic Courtès &lt;ludo@gnu.org&gt;
</span></span></td><td>Reepca Russelstein</td></tr>
<tr><td><span title='2024-10-21 00:09:10 +0200'>2024-10-21</span></td><td><a href='/guix/commit/nix?id=558224140dab669cabdaebabff18504a066c48d4'>daemon: Sanitize failed build outputs prior to exposing them.</a><span class='msg-avail'>...<span class='msg-tooltip'>The only thing keeping a rogue builder and a local user from collaborating to
usurp control over the builder's user during the build is the fact that
whatever files the builder may produce are not accessible to any other users
yet.  If we're going to make them accessible, we should probably do some
sanity checking to ensure that sort of collaborating can't happen.

Currently this isn't happening when failed build outputs are moved from the
chroot as an aid to debugging.

* nix/libstore/build.cc (secureFilePerms): new function.
  (DerivationGoal::buildDone): use it.

Change-Id: I9dce1e3d8813b31cabd87a0e3219bf9830d8be96
Signed-off-by: Ludovic Courtès &lt;ludo@gnu.org&gt;
</span></span></td><td>Reepca Russelstein</td></tr>
<tr><td><span title='2024-06-26 22:59:55 +0200'>2024-06-26</span></td><td><a href='/guix/commit/nix?id=d11b96eb5493231a5a35045505ff8ae8aa746b8e'>etc: Add explicit ‘--substitute-urls’ in guix-daemon service files.</a><span class='msg-avail'>...<span class='msg-tooltip'>Having substitute URLs explicitly listed in the service startup file
makes it clearer what should be modified to permanently change the list
of substitute URLs.

* config-daemon.ac: Rename ‘guix_substitute_urls’ to
‘GUIX_SUBSTITUTE_URLS’ and substitute it.
* nix/local.mk (etc/guix-%.service, etc/init.d/guix-daemon)
(etc/guix-%.conf): Substitute it.
* etc/guix-daemon.conf.in, etc/guix-daemon.service.in,
etc/init.d/guix-daemon.in: Add an explicit ‘--substitute-urls’ option.

Change-Id: Ie491b7fab5c42e54dca582801c03805a85de2bf9
</span></span></td><td>Ludovic Courtès</td></tr>