;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2013 Cyril Roelandt ;;; Copyright © 2014 Raimon Grau ;;; Copyright © 2014 Mark H Weaver ;;; Copyright © 2014 Andreas Enge ;;; Copyright © 2016, 2017, 2020-2022 Efraim Flashner ;;; Copyright © 2016, 2019, 2024 Ricardo Wurmus ;;; Copyright © 2016 doncatnip ;;; Copyright © 2016, 2017, 2019 Clément Lassieur ;;; Copyright © 2016 José Miguel Sánchez García ;;; Copyright © 2018–2021 Tobias Geerinckx-Rice ;;; Copyright © 2018 Fis Trivial ;;; Copyright © 2020 Nicolas Goaziou ;;; Copyright © 2020 Simon South ;;; Copyright © 2020 Paul A. Patience ;;; Copyright © 2021 Vinícius dos Santos Oliveira ;;; Copyright © 2021 Greg Hogan ;;; Copyrigh
aboutsummaryrefslogtreecommitdiff
path: root/gnu/build/secret-service.scm
blob: 0226c6403298eea8d2424cf31c36ecaf6418dba4 (about) (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275

;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2020-2023 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2020 Jan (janneke) Nieuwenhuizen <janneke@gnu.org>
;;;
;;; This file is part of GNU Guix.
;;;
;;; GNU Guix is free software; you can redistribute it and/or modify it
;;; under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 3 of the License, or (at
;;; your option) any later version.
;;;
;;; GNU Guix is distributed in the hope that it will be useful, but
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.

(define-module (gnu build secret-service)
  #:use-module (guix build utils)

  #:use-module (srfi srfi-26)
  #:use-module (rnrs bytevectors)
  #:use-module (ice-9 binary-ports)
  #:use-module (ice-9 match)
  #:use-module (ice-9 rdelim)

  #:export (secret-service-receive-secrets
            secret-service-send-secrets))

;;; Commentary:
;;;
;;; Utility procedures for copying secrets into a VM.
;;;
;;; Code:

(define-syntax log
  (lambda (s)
    "Log the given message."
    (syntax-case s ()
      ((_ fmt args ...)
       (with-syntax ((fmt (string-append "secret service: "
                                         (syntax->datum #'fmt))))
         ;; Log to the current output port.  That way, when
         ;; 'secret-service-send-secrets' is called from shepherd, output goes
         ;; to syslog.
         #'(format (current-output-port) fmt args ...))))))

(define-syntax with-modules
  (syntax-rules ()
    "Dynamically load the given MODULEs at run time, making the chosen
bindings available within the lexical scope of BODY."
    ((_ ((module #:select (bindings ...)) rest ...) body ...)
     (let* ((iface (resolve-interface 'module))
            (bindings (module-ref iface 'bindings))
            ...)
       (with-modules (rest ...) body ...)))
    ((_ () body ...)
     (begin body ...))))

(define (wait-for-readable-fd port timeout)
  "Wait until PORT has data available for reading or TIMEOUT has expired.
Return #t in the former case and #f in the latter case."
  (match (resolve-module '(fibers) #f #:ensure #f) ;using Fibers?
    (#f
     (log "blocking on socket...~%")
     (match (select (list port) '() '() timeout)
       (((_) () ()) #t)
       ((() () ())  #f)))
    (fibers
     ;; We're running on the Shepherd 0.9+ with Fibers.  Arrange to make a
     ;; non-blocking wait so that other fibers can be scheduled in while we
     ;; wait for PORT.
     (with-modules (((fibers) #:select (spawn-fiber sleep))
                    ((fibers channels)
                     #:select (make-channel put-message get-message)))
       ;; Make PORT non-blocking.
       (let ((flags (fcntl port F_GETFL)))
         (fcntl port F_SETFL (logior O_NONBLOCK flags)))

       (let ((channel (make-channel)))
         (spawn-fiber
          (lambda ()
            (sleep timeout)                       ;suspends the fiber
            (put-message channel 'timeout)))
         (spawn-fiber
          (lambda ()
            (lookahead-u8 port)                   ;suspends the fiber
            (put-message channel 'readable)))
         (log "suspending fiber on socket...~%")
         (match (get-message channel)
           ('readable #t)
           ('timeout  #f)))))))

(define (socket-address->string address)
  "Return a human-readable representation of ADDRESS, an object as returned by
'make-socket-address'."
  (let ((family (sockaddr:fam address)))
    (cond ((= AF_INET family)
           (string-append (inet-ntop AF_INET (sockaddr:addr address))
                          ":" (number->string (sockaddr:port address))))
          ((= AF_INET6 family)
           (string-append "[" (inet-ntop AF_INET6 (sockaddr:addr address)) "]"
                          ":" (number->string (sockaddr:port address))))
          ((= AF_UNIX family)
           (sockaddr:path address))
          (else
           (object->string address)))))

(define* (secret-service-send-secrets address secret-root
                                      #:key (retry 60)
                                      (handshake-timeout 180))
  "Copy all files under SECRET-ROOT by connecting to secret-service listening
at ADDRESS, an address as returned by 'make-socket-address'.  If connection
fails, sleep 1s and retry RETRY times; once connected, wait for at most
HANDSHAKE-TIMEOUT seconds for handshake to complete.  Return #f on failure."
  (define (file->file+size+mode file-name)
    (let ((stat (stat file-name))
          (target (substring file-name (string-length secret-root))))
      (list target (stat:size stat) (stat:mode stat))))

  (define (send-files sock)
    (let* ((files (if secret-root (find-files secret-root) '()))
           (files-sizes-modes (map file->file+size+mode files))
           (secrets `(secrets
                      (version 0)
                      (files ,files-sizes-modes))))
      (write secrets sock)
      (for-each (lambda (file)
                  (call-with-input-file file
                    (lambda (input)
                      (dump-port input sock))))
                files)))

  (log "sending secrets to ~a~%" (socket-address->string address))

  (let ((sock (socket AF_INET (logior SOCK_CLOEXEC SOCK_STREAM) 0))
        (sleep (if (resolve-module '(fibers) #f)
                   (module-ref (resolve-interface '(fibers)) 'sleep)
                   sleep)))
    ;; Connect to QEMU on the forwarded port.  The 'connect' call succeeds as
    ;; soon as QEMU is ready, even if there's no server listening on the
    ;; forward port inside the guest.
    (let loop ((retry retry))
      (catch 'system-error
        (cute connect sock address)
        (lambda (key . args)
          (when (zero? retry)
            (apply throw key args))
          (log "retrying connection [~a attempts left]~%"
               (- retry 1))
          (sleep 1)
          (loop (1- retry)))))

    (log "connected; waiting for handshake...~%")

    ;; Wait for "hello" message from the server.  This is the only way to know
    ;; that we're really connected to the server inside the guest.
    (if (wait-for-readable-fd sock handshake-timeout)
        (match (read sock)
          (('secret-service-server ('version version ...))
           (log "sending files from ~s...~%" secret-root)
           (send-files sock)
           (log "done sending files to ~a~%"
                (socket-address->string address))
           (close-port sock)
           secret-root)
          (x
           (log "invalid handshake ~s~%" x)
           (close-port sock)
           #f))
        (begin                                    ;timeout
         (log "timeout while sending files to ~a~%"
              (socket-address->string address))
         (close-port sock)
         #f))))

(define (delete-file* file)
  "Ensure FILE does not exist."
  (catch 'system-error
    (lambda ()
      (delete-file file))
    (lambda args
      (unless (= ENOENT (system-error-errno args))
        (apply throw args)))))

(define (secret-service-receive-secrets address)
  "Listen to ADDRESS, an address returned by 'make-socket-address', and wait
for a secret service client to send secrets.  Write them to the file system.
Return the list of files installed on success, and #f otherwise."

  (define (wait-for-client address)
    ;; Wait for a connection on ADDRESS.  Note: virtio-serial ports are safer
    ;; than TCP connections but they are (presumably) unsupported on GNU/Hurd.
    (let ((sock (socket AF_INET (logior SOCK_CLOEXEC SOCK_STREAM) 0)))
      (bind sock address)
      (listen sock 1)
      (log "waiting for secrets on ~a...~%"
           (socket-address->string address))

      (match (select (list sock) '() '() 60)
        (((_) () ())
         (match (accept sock)
           ((client . address)
            (log "client connection from ~a~%"
                 (inet-ntop (sockaddr:fam address)
                            (sockaddr:addr address)))

            ;; Send a "hello" message.  This allows the client running on the
            ;; host to know that it's now actually connected to server running
            ;; in the guest.
            (write '(secret-service-server (version 0)) client)
            (force-output client)
            (close-port sock)
            client)))
        ((() () ())
         (log "did not receive any secrets; time out~%")
         (close-port sock)
         #f))))

  ;; TODO: Remove when (@ (guix build utils) dump-port) has a 'size'
  ;; parameter.
  (define (dump in out size)
    ;; Copy SIZE bytes from IN to OUT.
    (define buf-size 65536)
    (define buf (make-bytevector buf-size))

    (let loop ((left size))
      (if (<= left 0)
          0
          (let ((read (get-bytevector-n! in buf 0 (min left buf-size))))
            (if (eof-object? read)
                left
                (begin
                  (put-bytevector out buf 0 read)
                  (loop (- left read))))))))

  (define (read-secrets port)
    ;; Read secret files from PORT and install them.
    (match (false-if-exception (read port))
      (('secrets ('version 0)
                 ('files ((files sizes modes) ...)))
       (for-each (lambda (file size mode)
                   (log "installing file '~a' (~a bytes)...~%"
                        file size)
                   (mkdir-p (dirname file))

                   ;; It could be that FILE already exists, for instance
                   ;; because it has been created by a service's activation
                   ;; snippet (e.g., SSH host keys).  Delete it.
                   (delete-file* file)

                   (call-with-output-file file
                     (lambda (output)
                       (dump port output size)
                       (chmod file mode))))
                 files sizes modes)
       (log "received ~a secret files~%" (length files))
       files)
      (_
       (log "invalid secrets received~%")
       #f)))

  (let* ((port   (wait-for-client address))
         (result (and=> port read-secrets)))
    (when port
      (close-port port))
    result))

;;; Local Variables:
;;; eval: (put 'with-modules 'scheme-indent-function 1)
;;; End:

;;; secret-service.scm ends here
generated by cgit
(string-append "LUA_PATH" env-suffix) (string-append (string-join (map lua-path (list #$output #$lua-ossl)) ";") ";;")) ;; Skip regression tests we expect to fail (with-directory-excursion "regress" (for-each (lambda (f) (rename-file f (string-append f ".skip"))) (append ;; Regression tests that require network ;; connectivity '("22-client-dtls.lua" "30-starttls-completion.lua" "62-noname.lua" "153-dns-resolvers.lua") ;; Regression tests that require LuaJIT '("44-resolvers-gc.lua" "51-join-defunct-thread.lua" ;; These both need the ffi module. "73-starttls-buffering.lua" "87-alpn-disappears.lua") ;; Regression tests that require Lua 5.3 (if (not (equal? lua-version "5.3")) '("152-thread-integer-passing.lua") '())))) (apply invoke "make" "check" make-flags))))))) (native-inputs (list m4)) (inputs (list lua openssl)) (propagated-inputs (list lua-ossl)) (home-page "https://25thandclement.com/~william/projects/cqueues.html") (synopsis "Event loop for Lua using continuation queues") (description "The cqueues extension module for Lua implements an event loop that operates through the yielding and resumption of coroutines. It is designed to be non-intrusive, composable, and embeddable within existing applications.") (license license:expat))) (define-public lua-cqueues (make-lua-cqueues "lua-cqueues" lua lua-ossl)) (define-public lua5.1-cqueues (make-lua-cqueues "lua5.1-cqueues" lua-5.1 lua5.1-ossl)) (define-public lua5.2-cqueues (make-lua-cqueues "lua5.2-cqueues" lua-5.2 lua5.2-ossl)) (define-public lua-penlight (package (name "lua-penlight") (version "1.7.0") (source (origin (method git-fetch) (uri (git-reference (url "https://github.com/Tieske/Penlight") (commit version))) (file-name (git-file-name name version)) (sha256 (base32 "0qc2d1riyr4b5a0gnsmdw2lz5pw65s4ac60hc34w3mmk9l6yg6nl")))) (build-system trivial-build-system) (inputs (list lua)) (propagated-inputs (list lua-filesystem)) (arguments `(#:modules ((guix build utils)) #:builder (begin (use-modules (guix build utils)) (let* ((source (assoc-ref %build-inputs "source")) (lua-version ,(version-major+minor (package-version lua))) (destination (string-append (assoc-ref %outputs "out") "/share/lua/" lua-version))) (mkdir-p destination) (with-directory-excursion source (copy-recursively "lua/" destination))) #t))) (home-page "http://tieske.github.io/Penlight/") (synopsis "Collection of general purpose libraries for the Lua language") (description "Penlight is a set of pure Lua libraries focusing on input data handling (such as reading configuration files), functional programming (such as map, reduce, placeholder expressions,etc), and OS path management. Much of the functionality is inspired by the Python standard libraries.") (license license:expat))) (define-public lua-ldoc (package (name "lua-ldoc") (version "1.4.6") (source (origin (method git-fetch) (uri (git-reference (url "https://github.com/stevedonovan/LDoc") (commit version))) (file-name (git-file-name name version)) (sha256 (base32 "1h0cf7bp4am54r0j8lhjs2l1c7q5vz74ba0jvw9qdbaqimls46g8")))) (build-system gnu-build-system) (inputs (list lua)) (propagated-inputs (list lua-penlight)) (arguments `(#:tests? #f ;tests must run after installation. #:phases (modify-phases %standard-phases (add-after 'unpack 'fix-installation-directory (lambda* (#:key outputs #:allow-other-keys) (let ((out (assoc-ref outputs "out")) (lua-version ,(version-major+minor (package-version lua)))) (substitute* "makefile" (("LUA=.*") "#\n") (("(LUA_PREFIX=).*" _ prefix) (string-append prefix out "\n")) (("(LUA_BINDIR=).*" _ prefix) (string-append prefix out "/bin\n")) (("(LUA_SHAREDIR=).*" _ prefix) (string-append prefix out "/share/lua/" lua-version "\n")))) #t)) (delete 'configure) (add-before 'install 'create-bin-directory (lambda* (#:key outputs #:allow-other-keys) (mkdir-p (string-append (assoc-ref outputs "out") "/bin")) #t))))) (home-page "https://stevedonovan.github.io/ldoc/") (synopsis "Lua documentation generator") (description "LDoc is a LuaDoc-compatible documentation generation system for Lua source code. It parses the declaration and documentation comments in a set of Lua source files and produces a set of XHTML pages describing the commented declarations and functions.") (license license:expat))) (define (make-lua-lgi name lua) (package (name name) (version "0.9.2") (source (origin (method git-fetch) (uri (git-reference (url "https://github.com/pavouk/lgi") (commit version))) (file-name (git-file-name name version)) (sha256 (base32 "03rbydnj411xpjvwsyvhwy4plm96481d7jax544mvk7apd8sd5jj")))) (build-system gnu-build-system) (arguments `(#:make-flags (list ,(string-append "CC=" (cc-for-target)) (string-append "PREFIX=" (assoc-ref %outputs "out"))) #:phases (modify-phases %standard-phases (delete 'configure) ; no configure script (add-before 'build 'set-env (lambda* (#:key inputs #:allow-other-keys) ;; We need to load cairo dynamically. (let* ((cairo (string-append (assoc-ref inputs "cairo") "/lib"))) (setenv "LD_LIBRARY_PATH" cairo) #t))) (add-before 'build 'set-lua-version (lambda _ ;; Lua version and therefore install directories are hardcoded. (substitute* "./lgi/Makefile" (("LUA_VERSION=5.1") (format #f "LUA_VERSION=~a" ,(version-major+minor (package-version lua))))) #t)) (add-before 'check 'skip-test-gtk (lambda _ ;; FIXME: Skip GTK tests: ;; gtk3 - can't get it to run with the xorg-server config below ;; and some non-gtk tests will also fail ;; gtk2 - lots of functions aren't implemented ;; We choose gtk2 as the lesser evil and simply skip the test. ;; Currently, awesome is the only package that uses lua-lgi but ;; it doesn't need or interact with GTK using lua-lgi. (substitute* "./tests/test.lua" (("'gtk.lua',") "-- 'gtk.lua',")) #t)) (add-before 'check 'start-xserver-instance (lambda* (#:key inputs #:allow-other-keys) ;; There must be a running X server during tests. (system (format #f "~a/bin/Xvfb :1 &" (assoc-ref inputs "xorg-server"))) (setenv "DISPLAY" ":1") #t))))) (native-inputs (list dbus ;tests use 'dbus-run-session' pkg-config)) (inputs `(("cairo" ,cairo) ("glib" ,glib) ("gobject-introspection" ,gobject-introspection) ("gtk" ,gtk+-2) ("libffi" ,libffi) ("lua" ,lua) ("pango" ,pango) ("xorg-server" ,xorg-server))) (home-page "https://github.com/pavouk/lgi/") (synopsis "Lua bridge to GObject based libraries") (description "LGI is gobject-introspection based dynamic Lua binding to GObject based libraries. It allows using GObject-based libraries directly from Lua. Notable examples are GTK+, GStreamer and Webkit.") (license license:expat))) (define-public lua-lgi (make-lua-lgi "lua-lgi" lua)) (define-public lua5.1-lgi (make-lua-lgi "lua5.1-lgi" lua-5.1)) (define-public lua5.2-lgi (make-lua-lgi "lua5.2-lgi" lua-5.2)) (define (make-lua-lpeg name lua) (package (name name) (version "1.0.2") (source (origin (method url-fetch) (uri (string-append "http://www.inf.puc-rio.br/~roberto/lpeg/lpeg-" version ".tar.gz")) (sha256 (base32 "1zjzl7acvcdavmcg5l7wi12jd4rh95q9pl5aiww7hv0v0mv6bmj8")))) (build-system gnu-build-system) (arguments `(#:phases (modify-phases %standard-phases (delete 'configure) ;; `make install` isn't available, so we have to do it manually (replace 'install (lambda* (#:key outputs #:allow-other-keys) (let ((out (assoc-ref outputs "out")) (lua-version ,(version-major+minor (package-version lua)))) (install-file "lpeg.so" (string-append out "/lib/lua/" lua-version)) (install-file "re.lua" (string-append out "/share/lua/" lua-version)) #t)))) #:test-target "test")) (inputs (list lua)) (synopsis "Pattern-matching library for Lua") (description "LPeg is a pattern-matching library for Lua, based on Parsing Expression Grammars (PEGs).") (home-page "https://www.inf.puc-rio.br/~roberto/lpeg") (license license:expat))) (define-public lua-lpeg (make-lua-lpeg "lua-lpeg" lua)) (define-public lua5.1-lpeg (make-lua-lpeg "lua5.1-lpeg" lua-5.1)) (define-public lua5.2-lpeg (make-lua-lpeg "lua5.2-lpeg" lua-5.2)) (define (make-lua-luv name lua) (package (name name) (version "1.43.0-0") (source (origin ;; The release tarball includes the sources of libuv but does ;; not include the pkg-config files. (method git-fetch) (uri (git-reference (url "https://github.com/luvit/luv") (commit version))) (file-name (git-file-name name version)) (sha256 (base32 "1yzi4bm845vl84wyv2qw4z1n1v285lgwm681swmp84brfy2s7czp")))) (build-system cmake-build-system) (arguments (list #:tests? #f ; there are none #:configure-flags #~'("-DWITH_LUA_ENGINE=Lua" "-DWITH_SHARED_LIBUV=On" "-DBUILD_MODULE=Off" "-DBUILD_SHARED_LIBS=On" "-DLUA_BUILD_TYPE=System") #:phases #~(modify-phases %standard-phases (add-after 'unpack 'copy-lua-compat (lambda* _ (copy-recursively #+(this-package-native-input "lua-compat") "lua-compat") (setenv "CPATH" (string-append (getcwd) "/lua-compat/c-api:" (or (getenv "CPATH") ""))) #t))))) (inputs (list lua libuv-for-luv)) (native-inputs `(("lua-compat" ,(origin (method git-fetch) (uri (git-reference (url "https://github.com/keplerproject/lua-compat-5.3") (commit "v0.10"))) (file-name "lua-compat-5.3-checkout") (sha256 (base32 "1caxn228gx48g6kymp9w7kczgxcg0v0cd5ixsx8viybzkd60dcn4")))))) (home-page "https://github.com/luvit/luv/") (synopsis "Libuv bindings for Lua") (description "This library makes libuv available to Lua scripts.") (license license:asl2.0))) (define-public lua-luv (make-lua-luv "lua-luv" lua)) (define-public lua5.1-luv (make-lua-luv "lua5.1-luv" lua-5.1)) (define-public lua5.2-luv (make-lua-luv "lua5.2-luv" lua-5.2)) ;; Lua 5.3 is not supported. (define (make-lua-bitop name lua) (package (name name) (version "1.0.2") (source (origin (method url-fetch) (uri (string-append "http://bitop.luajit.org/download/" "LuaBitOp-" version ".tar.gz")) (sha256 (base32 "16fffbrgfcw40kskh2bn9q7m3gajffwd2f35rafynlnd7llwj1qj")))) (build-system gnu-build-system) (arguments `(#:test-target "test" #:make-flags (list "INSTALL=install -pD" (string-append "INSTALLPATH=printf " (assoc-ref %outputs "out") "/lib/lua/" ,(version-major+minor (package-version lua)) "/bit/bit.so")) #:phases (modify-phases %standard-phases (delete 'configure)))) (inputs (list lua)) (home-page "https://bitop.luajit.org/index.html") (synopsis "Bitwise operations on numbers for Lua") (description "Lua BitOp is a C extension module for Lua which adds bitwise operations on numbers.") (license license:expat))) (define-public lua5.2-bitop (make-lua-bitop "lua5.2-bitop" lua-5.2)) (define-public lua5.1-bitop (make-lua-bitop "lua5.1-bitop" lua-5.1)) (define-public lutok (package (name "lutok") (version "0.4") (source (origin (method git-fetch) (uri (git-reference (url "https://github.com/freebsd/lutok") (commit (string-append name "-" version)))) (file-name (git-file-name name version)) (sha256 (base32 "0a2vc2wy5hasw69h1mz768ywx6c4ccl9jzzd4ixddwba3z3ha03b")))) (build-system gnu-build-system) ;; Disable the test suite to avoid a circular dependency on kyua. (arguments (list #:tests? #f)) (native-inputs (list autoconf automake libtool pkg-config)) (inputs (list atf)) (propagated-inputs (list lua-5.2)) ;included in c_gate.hpp (home-page "https://github.com/freebsd/lutok") (synopsis "Lightweight C++ API for Lua") (description "Lutok is a lightweight C++ API library for Lua. Lutok provides thin C++ wrappers around the Lua C API to ease the interaction between C++ and Lua. These wrappers make intensive use of @acronym{RAII, Resource Acquisition is Initialization} to prevent resource leakage, expose C++-friendly data types, report errors by means of exceptions and ensure that the Lua stack is always left untouched in the face of errors. The library also provides a small subset of miscellaneous utility functions built on top of the wrappers. Lutok focuses on providing a clean and safe C++ interface; the drawback is that it is not suitable for performance-critical environments. In order to implement error-safe C++ wrappers on top of a Lua C binary library, Lutok adds several layers or abstraction and error checking that go against the original spirit of the Lua C API and thus degrade performance.") (license license:bsd-3))) (define-public selene (package (name "selene") (version "2017.08.25") (source (origin (method git-fetch) (uri (git-reference (url "https://github.com/jeremyong/Selene") ;; The release is quite old. (commit "ffe1ade2568d4cff5894552be8f43e63e379a4c9"))) (file-name "Selene") (sha256 (base32 "1axrgv3rxxdsaf807lwvklfzicn6x6gpf35narllrnz9lg6hn508")))) (build-system cmake-build-system) (arguments `(#:configure-flags ;; lua pc file in CMakeLists.txt is lua5.3.pc '("-DLUA_PC_CFG=lua;lua-5.3;lua-5.1") #:test-target "all" #:phases ;; This is a header only library (modify-phases %standard-phases (delete 'build) (replace 'install (lambda* (#:key inputs outputs #:allow-other-keys) (let* ((output (assoc-ref outputs "out")) (source (assoc-ref inputs "source")) (includedir (string-append output "/include"))) (copy-recursively (string-append source "/include") includedir)) #t)) ;; The path of test files are hard coded. (replace 'check (lambda* (#:key inputs outputs #:allow-other-keys) (let* ((output (assoc-ref outputs "out")) (source (assoc-ref inputs "source")) (builddir (getcwd)) (testdir (string-append builddir "/test"))) (copy-recursively (string-append source "/test") testdir) (invoke "make") (mkdir-p "runner") (copy-file "./test_runner" "./runner/test_runner") (chdir "./runner") (invoke "./test_runner"))))))) (native-inputs (list lua pkg-config)) (home-page "https://github.com/jeremyong/Selene") (synopsis "Lua C++11 bindings") (description "Selene is a simple C++11 header-only library enabling seamless interoperability between C++ and Lua programming language.") (license license:zlib))) (define-public lua-resty-core (package (name "lua-resty-core") (version "0.1.18") (source (origin (method git-fetch) (uri (git-reference (url "https://github.com/openresty/lua-resty-core") (commit (string-append "v" version)))) (file-name (git-file-name name version)) (sha256 (base32 "1c58hykwpg5zqbyhrcb703pzwbkih409v3bh2gady6z2kj9q32dw")))) (build-system trivial-build-system) (arguments `(#:modules ((guix build utils)) #:builder (begin (use-modules (guix build utils)) (let* ((luajit-major+minor ,(version-major+minor (package-version lua))) (package-lua-resty (lambda (input output) (mkdir-p (string-append output "/lib/lua")) (copy-recursively (string-append input "/lib/resty") (string-append output "/lib/lua/resty")) (copy-recursively (string-append input "/lib/ngx") (string-append output "/lib/ngx")) (symlink (string-append output "/lib/lua/resty") (string-append output "/lib/resty"))))) (package-lua-resty (assoc-ref %build-inputs "source") (assoc-ref %outputs "out"))) #t))) (home-page "https://github.com/openresty/lua-resty-core") (synopsis "Lua API for NGINX") (description "This package provides a FFI-based Lua API for @code{ngx_http_lua_module} or @code{ngx_stream_lua_module}.") (license license:bsd-2))) (define-public lua-resty-lrucache (package (name "lua-resty-lrucache") (version "0.10") (source (origin (method git-fetch) (uri (git-reference (url "https://github.com/openresty/lua-resty-lrucache") (commit (string-append "v" version)))) (file-name (git-file-name name version)) (sha256 (base32 "1bsc54v1rvxmkwg7a2c01p192lvw5g576f589is8fy1m1c6v4ap8")))) (build-system trivial-build-system) (arguments `(#:modules ((guix build utils)) #:builder (begin (use-modules (guix build utils)) (let* ((luajit-major+minor ,(version-major+minor (package-version lua))) (package-lua-resty (lambda (input output) (mkdir-p (string-append output "/lib/lua/" luajit-major+minor)) (copy-recursively (string-append input "/lib/resty") (string-append output "/lib/lua/" luajit-major+minor "/resty")) (symlink (string-append output "/lib/lua/" luajit-major+minor "/resty") (string-append output "/lib/resty"))))) (package-lua-resty (assoc-ref %build-inputs "source") (assoc-ref %outputs "out"))) #t))) (home-page "https://github.com/openresty/lua-resty-lrucache") (synopsis "Lua LRU cache based on the LuaJIT FFI") (description "This package provides Lua LRU cache based on the LuaJIT FFI.") (license license:bsd-2))) (define-public lua-resty-signal (package (name "lua-resty-signal") (version "0.02") (source (origin (method git-fetch) (uri (git-reference (url "https://github.com/openresty/lua-resty-signal") (commit (string-append "v" version)))) (file-name (git-file-name name version)) (sha256 (base32 "13y1pqn45y49mhqwywasfdsid46d0c33yi6mrnracbnmvyxz1cif")))) (build-system gnu-build-system) (arguments `(#:tests? #f ;TODO: Run the test suite. #:make-flags (list ,(string-append "CC=" (cc-for-target)) (string-append "PREFIX=" %output)) #:phases (modify-phases %standard-phases (delete 'configure) (add-after 'install 'install-lua (lambda* (#:key inputs outputs #:allow-other-keys) (use-modules (guix build utils)) (let* ((luajit-major+minor ,(version-major+minor (package-version lua))) (package-lua-resty (lambda (input output) (mkdir-p (string-append output "/lib/lua/" luajit-major+minor)) (copy-recursively (string-append input "/lib/resty") (string-append output "/lib/lua/" luajit-major+minor "/resty")) (symlink (string-append output "/lib/lua/" luajit-major+minor "/resty") (string-append output "/lib/resty"))))) (package-lua-resty (assoc-ref inputs "source") (assoc-ref outputs "out"))) #t))))) (home-page "https://github.com/openresty/lua-resty-signal") (synopsis "Lua library for killing or sending signals to Linux processes") (description "This package provides Lua library for killing or sending signals to Linux processes.") (license license:bsd-3))) (define-public lua-tablepool (package (name "lua-tablepool") (version "0.01") (source (origin (method git-fetch) (uri (git-reference (url "https://github.com/openresty/lua-tablepool") (commit (string-append "v" version)))) (file-name (git-file-name name version)) (sha256 (base32 "03yjj3w6znvj6843prg84m0lkrn49l901f9hj9bgy3cj9s0awl6y")))) (build-system trivial-build-system) (arguments `(#:modules ((guix build utils)) #:builder (begin (use-modules (guix build utils)) (let* ((luajit-major+minor ,(version-major+minor (package-version lua))) (package-lua-resty (lambda (input output) (mkdir-p (string-append output "/lib/lua/" luajit-major+minor)) (copy-recursively (string-append input "/lib") (string-append output "/lib"))))) (package-lua-resty (assoc-ref %build-inputs "source") (assoc-ref %outputs "out"))) #t))) (home-page "https://github.com/openresty/lua-tablepool") (synopsis "Lua table recycling pools for LuaJIT") (description "This package provides Lua table recycling pools for LuaJIT.") (license license:bsd-2))) (define-public lua-resty-shell (package (name "lua-resty-shell") (version "0.03") (source (origin (method git-fetch) (uri (git-reference (url "https://github.com/openresty/lua-resty-shell") (commit (string-append "v" version)))) (file-name (git-file-name name version)) (sha256 (base32 "1s6g04ip4hr97r2pd8ry3alq063604s9a3l0hn9nsidh81ps4dp7")))) (build-system trivial-build-system) (arguments `(#:modules ((guix build utils)) #:builder (begin (use-modules (guix build utils)) (let* ((luajit-major+minor ,(version-major+minor (package-version lua))) (package-lua-resty (lambda (input output) (mkdir-p (string-append output "/lib/lua/" luajit-major+minor)) (copy-recursively (string-append input "/lib/resty") (string-append output "/lib/lua/" luajit-major+minor "/resty")) (symlink (string-append output "/lib/lua/" luajit-major+minor "/resty") (string-append output "/lib/resty"))))) (package-lua-resty (assoc-ref %build-inputs "source") (assoc-ref %outputs "out"))) #t))) (home-page "https://github.com/openresty/lua-resty-shell") (synopsis "Lua module for nonblocking system shell command executions") (description "This package provides Lua module for nonblocking system shell command executions.") (license license:bsd-3))) (define-public (make-luarocks name lua) (package (name name) (version "3.9.2") (home-page "https://luarocks.org/") (source (origin (method url-fetch) (uri (string-append "https://luarocks.org/releases/luarocks-" version ".tar.gz")) (sha256 (base32 "1nsfp7cwqcxa8vmkcqkgi5wc0iax0j3gbdfd183kw81cq3nf99mw")))) (build-system gnu-build-system) (arguments `(#:tests? #f ;upstream has no tests #:phases (modify-phases %standard-phases (add-before 'build 'patch-bin-sh (lambda* (#:key inputs #:allow-other-keys) (substitute* '("GNUmakefile" "src/luarocks/fs/unix.lua" "src/luarocks/core/sysdetect.lua") (("/bin/sh") (search-input-file inputs "/bin/sh"))))) (replace 'configure (lambda* (#:key outputs #:allow-other-keys) (let ((out (assoc-ref outputs "out"))) (invoke "./configure" (string-append "--prefix=" out))))) (add-after 'install 'patch-unzip (lambda* (#:key inputs outputs #:allow-other-keys) (substitute* (string-append (assoc-ref outputs "out") "/etc/luarocks/config-" ,(substring (package-version lua) 0 3) ".lua") ;e.g. "5.2" (("variables = \\{") (string-append "variables = {\n" " AR = \"" (search-input-file inputs "/bin/ar") "\";\n" " BUNZIP2 = \"" (search-input-file inputs "/bin/bunzip2") "\";\n" " CC = \"" (search-input-file inputs "/bin/gcc") "\";\n" " CHMOD = \"" (search-input-file inputs "/bin/chmod") "\";\n" " CP = \"" (search-input-file inputs "/bin/cp") "\";\n" " CURL = \"" (search-input-file inputs "/bin/curl") "\";\n" " FIND = \"" (search-input-file inputs "/bin/find") "\";\n" " GIT = \"" (search-input-file inputs "/bin/git") "\";\n" " GPG = \"" (search-input-file inputs "/bin/gpg") "\";\n" " GUNZIP = \"" (search-input-file inputs "/bin/gunzip") "\";\n" " HG = \"" (search-input-file inputs "/bin/hg") "\";\n" " LD = \"" (search-input-file inputs "/bin/ld") "\";\n" " LS = \"" (search-input-file inputs "/bin/ls") "\";\n" " MAKE = \"" (search-input-file inputs "/bin/make") "\";\n" " MD5SUM = \"" (search-input-file inputs "/bin/md5sum") "\";\n" " MKDIR = \"" (search-input-file inputs "/bin/mkdir") "\";\n" " MKTEMP = \"" (search-input-file inputs "/bin/mktemp") "\";\n" " OPENSSL = \"" (search-input-file inputs "/bin/openssl") "\";\n" " PWD = \"" (search-input-file inputs "/bin/pwd") "\";\n" " RANLIB = \"" (search-input-file inputs "/bin/ranlib") "\";\n" " RM = \"" (search-input-file inputs "/bin/rm") "\";\n" " RMDIR = \"" (search-input-file inputs "/bin/rmdir") "\";\n" " RSYNC = \"" (search-input-file inputs "/bin/rsync") "\";\n" " SCP = \"" (search-input-file inputs "/bin/scp") "\";\n" " TAR = \"" (search-input-file inputs "/bin/tar") "\";\n" " TEST = \"" (search-input-file inputs "/bin/test") "\";\n" " TOUCH = \"" (search-input-file inputs "/bin/touch") "\";\n" " UNZIP = \"" (search-input-file inputs "/bin/unzip") " -n\";\n" " WGET = \"" (search-input-file inputs "/bin/wget") "\";\n" " ZIP = \"" (search-input-file inputs "/bin/zip") "\";")))))))) (inputs (list lua bash-minimal ;; Executables required by luarocks. binutils bzip2 coreutils curl findutils gcc git gnupg gzip gnu-make mercurial openssh openssl rsync tar unzip wget zip)) (native-inputs (list unzip)) (synopsis "Package manager for Lua modules") (description "LuaRocks is the package manager for the Lua programming language. It allows you to install Lua modules as self-contained packages called @url{https://luarocks.org/en/Types_of_rocks, @emph{rocks}}, which also contain version @url{https://luarocks.org/en/Dependencies, dependency} information. This information can be used both during installation, so that when one rock is requested all rocks it depends on are installed as well, and also optionally at run time, so that when a module is required, the correct version is loaded. LuaRocks supports both local and @url{http://luarocks.org/en/Rocks_repositories, remote} repositories, and multiple local rocks trees.") (license license:expat))) (define-public lua5.2-luarocks (make-luarocks "lua5.2-luarocks" lua-5.2)) (define-public luarocks (make-luarocks "luarocks" lua)) (define-public emilua (package (name "emilua") (version "0.4.3") (source (origin (method git-fetch) (uri (git-reference (url "https://gitlab.com/emilua/emilua.git") (commit (string-append "v" version)))) (file-name (git-file-name name version)) (sha256 (base32 "1dwag2pyqc0g86rris4w4fzafmz9a6kiqd47vdq7hl3a1lyi74mx")))) (build-system meson-build-system) (arguments (list #:phases #~(modify-phases %standard-phases (add-after 'unpack 'patch (lambda* (#:key inputs #:allow-other-keys) (substitute* "src/emilua_gperf.awk" (("/usr/bin/env") (which "env"))) (substitute* "src/system.cpp" (("P_PIDFD") "P_PID")) (copy-recursively (assoc-ref inputs "emilua-http") "emilua-http") (copy-recursively (assoc-ref inputs "trial-protocol") "trial-protocol") (with-directory-excursion "subprojects" (symlink "../emilua-http" "emilua-http") (copy-file "packagefiles/emilua-http/meson.build" "emilua-http/meson.build") (symlink "../trial-protocol" "trial-protocol") (copy-file "packagefiles/trial.protocol/meson.build" "trial-protocol/meson.build"))))) #:configure-flags #~(list "-Denable_http=true" "-Denable_file_io=true" "-Denable_io_uring=true" ;; TODO: Linux namespaces are disabled for now due to conflict ;; with some packages in guix. "-Denable_linux_namespaces=false" "-Denable_manpages=false" "-Dversion_suffix=-guix1"))) (native-inputs (list luajit-lua52-openresty re2c gperf xxd pkg-config)) (inputs `(("emilua-http" ,(origin (method git-fetch) (uri (git-reference (url "https://github.com/BoostGSoC14/boost.http") (commit "93ae527c89ffc517862e1f5f54c8a257278f1195"))) (sha256 (base32 "0jm7fw0cjd3s9zkkvyh6mcj6z32hcy7l9bszv74l92qk15ivvp9h")))) ("trial-protocol" ,(origin (method git-fetch) (uri (git-reference (url "https://github.com/breese/trial.protocol") (commit "79149f604a49b8dfec57857ca28aaf508069b669"))) (sha256 (base32 "0k42i5b4v3zz5x0r3dssiymgmn2x8zg4fzdksya9aggxgigippsx")))) ("boost" ,boost) ("boost-static" ,boost-static) ("fmt" ,fmt-8) ("gcc" ,gcc-12) ("luajit-lua52-openresty" ,luajit-lua52-openresty) ("ncurses" ,ncurses) ("serd" ,serd) ("sord" ,sord) ("libcap" ,libcap) ("liburing" ,liburing) ("openssl" ,openssl))) (native-search-paths (list (search-path-specification (variable "EMILUA_PATH") (files (list (string-append "lib/emilua-" (version-major+minor version))))))) (home-page "https://gitlab.com/emilua/emilua") (synopsis "Lua execution engine") (description "Emilua is a LuaJIT-based Lua execution engine that supports async IO, fibers and actor-inspired threading. The experimental builtin HTTP module is enabled.") (license license:boost1.0))) (define-public fennel (package (name "fennel") (version "1.5.0") (source (origin (method git-fetch) (uri (git-reference (url "https://git.sr.ht/~technomancy/fennel") (commit version))) (file-name (git-file-name name version)) (sha256 (base32 "0d25v7swq3msxsdzv91wwxy89y3qgw4bvzq1px89qsjzbbd7ccg2")))) (build-system gnu-build-system) (arguments (list #:make-flags #~(list (string-append "PREFIX=" (assoc-ref %outputs "out"))) #:tests? #t ;even on cross-build #:test-target "test" #:phases #~(modify-phases %standard-phases (delete 'configure) (add-after 'build 'patch-fennel (lambda* (#:key inputs #:allow-other-keys) (substitute* "fennel" (("/usr/bin/env .*lua") (search-input-file inputs "/bin/lua"))))) (delete 'check) (add-after 'install 'check (assoc-ref %standard-phases 'check))))) (inputs (list lua)) (home-page "https://fennel-lang.org/") (synopsis "Lisp that compiles to Lua") (description "Fennel is a programming language that brings together the speed, simplicity, and reach of Lua with the flexibility of a Lisp syntax and macro system.") (license license:expat))) (define-public antifennel (package (version "0.2.0") (name "antifennel") (source (origin (method git-fetch) (uri (git-reference (url "https://git.sr.ht/~technomancy/antifennel") (commit version))) (sha256 (base32 "1hd9h17q31b3gg88c657zq4han4air2ag55rrakbmcpy6n8acsqc")) (file-name (git-file-name name version)))) (build-system gnu-build-system) (inputs (list luajit)) (arguments (list #:phases #~(modify-phases %standard-phases (delete 'configure) ;; Tests pass after the fix introduced by the commit ;; ecd2169fcad1fa6616fdf6e6a8569f5b866601e5 (delete 'check) (replace 'install (lambda _ (install-file "antifennel" (string-append #$output "/bin"))))))) (home-page "https://git.sr.ht/~technomancy/antifennel") (synopsis "Turn Lua code into Fennel code") (description "This package provides a way to turn Lua code into Fennel code. This compiler does the opposite of what the Fennel compiler does.") (license license:expat))) (define-public fnlfmt (package (name "fnlfmt") (version "0.3.0") (source (origin (method git-fetch) (uri (git-reference (url "https://git.sr.ht/~technomancy/fnlfmt") (commit version))) (file-name (git-file-name name version)) (sha256 (base32 "06gzw7f20yw4192kymr4karxw3ia3apjnjqpm6vxph87c67d1fa3")) (modules '((guix build utils))) (snippet #~(begin ;; Use input fennel instead of bundled fennel. (delete-file "fennel") (delete-file "fennel.lua") (substitute* "Makefile" (("./fennel") "fennel")))))) (build-system gnu-build-system) (arguments `(#:modules ((guix build gnu-build-system) (guix build utils) (ice-9 match)) #:test-target "test" #:phases (modify-phases %standard-phases (delete 'configure) (add-before 'build 'patch-makefile (lambda* (#:key native-inputs inputs #:allow-other-keys) (substitute* "Makefile" ;; Patch lua shebang that gets inserted to fnlfmt. (("/usr/bin/env lua") (search-input-file (or native-inputs inputs) "/bin/lua"))))) (replace 'install ;; There is no install target; manually install the output file. (lambda* (#:key outputs #:allow-other-keys) (let* ((out (assoc-ref outputs "out")) (bin (string-append out "/bin"))) (for-each (lambda (file) (install-file file bin)) (find-files "." "fnlfmt"))))) (add-after 'install 'wrap (lambda* (#:key inputs native-inputs outputs #:allow-other-keys) (let* ((all-inputs (or native-inputs inputs)) (fnlfmt (assoc-ref outputs "out")) (lua-version ,(version-major+minor (package-version lua))) (fennel (assoc-ref all-inputs "fennel"))) (wrap-program (string-append fnlfmt "/bin/fnlfmt") `("LUA_PATH" ";" suffix (,(format #f "~a/share/lua/~a/?.lua" fennel lua-version)))) #t)))))) (inputs (list bash-minimal)) (native-inputs (list lua fennel)) (home-page "https://git.sr.ht/~technomancy/fnlfmt") (synopsis "Automatic formatting of Fennel code") (description "Fnlfmt is a tool for automatically formatting Fennel code in a consistent way, following established lisp conventions.") (license license:lgpl3+)))