From 9574d42008143909b269836a0eadbdbac67a6293 Mon Sep 17 00:00:00 2001 From: Guillaume Le Vaillant Date: Mon, 21 Oct 2019 14:03:01 +0200 Subject: gnu: Add graph. * gnu/packages/lisp.scm (cl-graph, sbcl-graph): New variables. * gnu/packages/patches/sbcl-graph-asdf-definitions.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. --- gnu/local.mk | 1 + 1 file changed, 1 insertion(+) (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 4292e6f415..2568d75c1a 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1319,6 +1319,7 @@ dist_patch_DATA = \ %D%/packages/patches/rust-coresimd-doctest.patch \ %D%/packages/patches/rust-reproducible-builds.patch \ %D%/packages/patches/rxvt-unicode-escape-sequences.patch \ + %D%/packages/patches/sbcl-graph-asdf-definitions.patch \ %D%/packages/patches/scalapack-blacs-mpi-deprecations.patch \ %D%/packages/patches/scheme48-tests.patch \ %D%/packages/patches/scotch-build-parallelism.patch \ -- cgit v1.2.3 From af561664b8191e2a34570176422f4d500d5fd4fb Mon Sep 17 00:00:00 2001 From: Miguel Ángel Arruga Vivas Date: Mon, 21 Oct 2019 19:16:24 +0200 Subject: gnu: seahorse: Update to 3.30.1.1. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * gnu/packages/gnome.scm (seahorse)[version]: Update version number. [origin]: Update hash. Add patch needed for compilation with our version of libsecret (0.19.1). [inputs]: Add avahi dependency. [native-inputs]: Add vala dependency. Use gettext-minimal instead of intltool, as only xgettext is used. * gnu/packages/patches/seahorse-gkr-use-0-on-empty-flags.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. Signed-off-by: Ludovic Courtès --- gnu/local.mk | 1 + gnu/packages/gnome.scm | 21 +++++++++++--- .../seahorse-gkr-use-0-on-empty-flags.patch | 32 ++++++++++++++++++++++ 3 files changed, 50 insertions(+), 4 deletions(-) create mode 100644 gnu/packages/patches/seahorse-gkr-use-0-on-empty-flags.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 2568d75c1a..79d0e934d4 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1325,6 +1325,7 @@ dist_patch_DATA = \ %D%/packages/patches/scotch-build-parallelism.patch \ %D%/packages/patches/scotch-integer-declarations.patch \ %D%/packages/patches/sdl-libx11-1.6.patch \ + %D%/packages/patches/seahorse-gkr-use-0-on-empty-flags.patch \ %D%/packages/patches/seq24-rename-mutex.patch \ %D%/packages/patches/sharutils-CVE-2018-1000097.patch \ %D%/packages/patches/shishi-fix-libgcrypt-detection.patch \ diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm index 3a4494b2b5..6ce3b1cf37 100644 --- a/gnu/packages/gnome.scm +++ b/gnu/packages/gnome.scm @@ -2223,7 +2223,7 @@ engineering.") (define-public seahorse (package (name "seahorse") - (version "3.30") + (version "3.30.1.1") (source (origin (method url-fetch) @@ -2232,8 +2232,19 @@ engineering.") version ".tar.xz")) (sha256 (base32 - "1sbj1czlx1fakm72dwgbn0bwm12j838yaky4mkf6hf8j8afnxmzp")))) - (build-system glib-or-gtk-build-system) + "12x7xmwh62yl0ax90v8nkx3jqzviaz9hz2g56yml78wzww20gawy")) + (patches (search-patches + "seahorse-gkr-use-0-on-empty-flags.patch")))) + (build-system meson-build-system) + (arguments + '(#:phases + (modify-phases %standard-phases + (add-after 'unpack 'skip-gtk-update-icon-cache + ;; Don't create 'icon-theme.cache'. + (lambda _ + (substitute* "build-aux/meson_post_install.py" + (("gtk-update-icon-cache") "true")) + #t))))) (inputs `(("gtk+" ,gtk+) ("gcr" ,gcr) @@ -2241,13 +2252,15 @@ engineering.") ("gpgme" ,gpgme) ("openldap" ,openldap) ("openssh" ,openssh) + ("avahi" ,avahi) ("libsecret" ,libsecret) ("libsoup" ,libsoup))) (native-inputs - `(("intltool" ,intltool) + `(("gettext" ,gettext-minimal) ("glib:bin" ,glib "bin") ("itstool" ,itstool) ("pkg-config" ,pkg-config) + ("vala" ,vala) ("xmllint" ,libxml2))) (home-page "https://launchpad.net/gnome-themes-standard") (synopsis "Manage encryption keys and passwords in the GNOME keyring") diff --git a/gnu/packages/patches/seahorse-gkr-use-0-on-empty-flags.patch b/gnu/packages/patches/seahorse-gkr-use-0-on-empty-flags.patch new file mode 100644 index 0000000000..55866d2973 --- /dev/null +++ b/gnu/packages/patches/seahorse-gkr-use-0-on-empty-flags.patch @@ -0,0 +1,32 @@ +Patch from . + +From d9db29db567012b7c72e85e1be1fbf55fcc9b667 Mon Sep 17 00:00:00 2001 +From: Niels De Graef +Date: Sat, 11 May 2019 09:02:34 +0200 +Subject: [PATCH] gkr: Use 0 on empty flags + +A Flags-type variable without any flag set can be replaced with 0, so +this is a safe thing to do. It also prevents us from having to deal with +the accidental API break in libsecret (see +https://gitlab.gnome.org/GNOME/libsecret/merge_requests/19) +--- + gkr/gkr-keyring-add.vala | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/gkr/gkr-keyring-add.vala b/gkr/gkr-keyring-add.vala +index 4e92a520..f60c9a22 100644 +--- a/gkr/gkr-keyring-add.vala ++++ b/gkr/gkr-keyring-add.vala +@@ -41,8 +41,7 @@ public class Seahorse.Gkr.KeyringAdd : Gtk.Dialog { + + var cancellable = Dialog.begin_request(this); + var service = Backend.instance().service; +- Secret.Collection.create.begin(service, this.name_entry.text, null, +- Secret.CollectionCreateFlags.COLLECTION_CREATE_NONE, ++ Secret.Collection.create.begin(service, this.name_entry.text, null, 0, + cancellable, (obj, res) => { + /* Clear the operation without cancelling it since it is complete */ + Dialog.complete_request(this, false); +-- +2.23.0 + -- cgit v1.2.3 From 12712817ae97eb6305deeaad68ce17c9fa212917 Mon Sep 17 00:00:00 2001 From: "Jakob L. Kreuze" Date: Sat, 28 Sep 2019 16:47:21 -0400 Subject: machine: Implement 'digital-ocean-environment-type'. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * gnu/machine/digital-ocean.scm: New file. * gnu/local.mk (GNU_SYSTEM_MODULES): Add it. * doc/guix.texi (Invoking guix deploy): Add documentation for 'digital-ocean-configuration'. Signed-off-by: Ludovic Courtès --- doc/guix.texi | 24 ++- gnu/local.mk | 1 + gnu/machine/digital-ocean.scm | 422 ++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 444 insertions(+), 3 deletions(-) create mode 100644 gnu/machine/digital-ocean.scm (limited to 'gnu/local.mk') diff --git a/doc/guix.texi b/doc/guix.texi index b550b1c34a..f24dc6b26b 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -26004,12 +26004,10 @@ The object of the operating system configuration to deploy. @item @code{environment} An @code{environment-type} describing how the machine should be provisioned. -At the moment, the only supported value is -@code{managed-host-environment-type}. @item @code{configuration} (default: @code{#f}) An object describing the configuration for the machine's @code{environment}. -If the @code{environment} has a default configuration, @code{#f} maybe used. +If the @code{environment} has a default configuration, @code{#f} may be used. If @code{#f} is used for an environment with no default configuration, however, an error will be thrown. @end table @@ -26037,6 +26035,26 @@ remote host. @end table @end deftp +@deftp {Data Type} digital-ocean-configuration +This is the data type describing the Droplet that should be created for a +machine with an @code{environment} of @code{digital-ocean-environment-type}. + +@table @asis +@item @code{ssh-key} +The path to the SSH private key to use to authenticate with the remote +host. In the future, this field may not exist. +@item @code{tags} +A list of string ``tags'' that uniquely identify the machine. Must be given +such that no two machines in the deployment have the same set of tags. +@item @code{region} +A Digital Ocean region slug, such as @code{"nyc3"}. +@item @code{size} +A Digital Ocean size slug, such as @code{"s-1vcpu-1gb"} +@item @code{enable-ipv6} +Whether or not the droplet should be created with IPv6 networking. +@end table +@end deftp + @node Running Guix in a VM @section Running Guix in a Virtual Machine diff --git a/gnu/local.mk b/gnu/local.mk index 79d0e934d4..9b9a215913 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -580,6 +580,7 @@ GNU_SYSTEM_MODULES = \ %D%/system/vm.scm \ \ %D%/machine.scm \ + %D%/machine/digital-ocean.scm \ %D%/machine/ssh.scm \ \ %D%/build/accounts.scm \ diff --git a/gnu/machine/digital-ocean.scm b/gnu/machine/digital-ocean.scm new file mode 100644 index 0000000000..5ad7c4d4a3 --- /dev/null +++ b/gnu/machine/digital-ocean.scm @@ -0,0 +1,422 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2019 Jakob L. Kreuze +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +(define-module (gnu machine digital-ocean) + #:use-module (gnu machine ssh) + #:use-module (gnu machine) + #:use-module (gnu services) + #:use-module (gnu services networking) + #:use-module (gnu system) + #:use-module (gnu system pam) + #:use-module (guix base32) + #:use-module (guix derivations) + #:use-module (guix i18n) + #:use-module (guix import json) + #:use-module (guix monads) + #:use-module (guix records) + #:use-module (guix ssh) + #:use-module (guix store) + #:use-module (ice-9 iconv) + #:use-module (json) + #:use-module (rnrs bytevectors) + #:use-module (srfi srfi-1) + #:use-module (srfi srfi-2) + #:use-module (srfi srfi-34) + #:use-module (srfi srfi-35) + #:use-module (ssh key) + #:use-module (ssh sftp) + #:use-module (ssh shell) + #:use-module (web client) + #:use-module (web request) + #:use-module (web response) + #:use-module (web uri) + #:export (digital-ocean-configuration + digital-ocean-configuration? + + digital-ocean-configuration-ssh-key + digital-ocean-configuration-tags + digital-ocean-configuration-region + digital-ocean-configuration-size + digital-ocean-configuration-enable-ipv6 + + digital-ocean-environment-type)) + +;;; Commentary: +;;; +;;; This module implements a high-level interface for provisioning "droplets" +;;; from the Digital Ocean virtual private server (VPS) service. +;;; +;;; Code: + +(define %api-base "https://api.digitalocean.com") + +(define %digital-ocean-token + (make-parameter (getenv "GUIX_DIGITAL_OCEAN_TOKEN"))) + +(define* (post-endpoint endpoint body) + "Encode BODY as JSON and send it to the Digital Ocean API endpoint +ENDPOINT. This procedure is quite a bit more specialized than 'http-post', as +it takes care to set headers such as 'Content-Type', 'Content-Length', and +'Authorization' appropriately." + (let* ((uri (string->uri (string-append %api-base endpoint))) + (body (string->bytevector (scm->json-string body) "UTF-8")) + (headers `((User-Agent . "Guix Deploy") + (Accept . "application/json") + (Content-Type . "application/json") + (Authorization . ,(format #f "Bearer ~a" + (%digital-ocean-token))) + (Content-Length . ,(number->string + (bytevector-length body))))) + (port (open-socket-for-uri uri)) + (request (build-request uri + #:method 'POST + #:version '(1 . 1) + #:headers headers + #:port port)) + (request (write-request request port))) + (write-request-body request body) + (force-output (request-port request)) + (let* ((response (read-response port)) + (body (read-response-body response))) + (unless (= 2 (floor/ (response-code response) 100)) + (raise + (condition (&message + (message (format + #f + (G_ "~a: HTTP post failed: ~a (~s)") + (uri->string uri) + (response-code response) + (response-reason-phrase response))))))) + (close-port port) + (bytevector->string body "UTF-8")))) + +(define (fetch-endpoint endpoint) + "Return the contents of the Digital Ocean API endpoint ENDPOINT as an +alist. This procedure is quite a bit more specialized than 'json-fetch', as it +takes care to set headers such as 'Accept' and 'Authorization' appropriately." + (define headers + `((user-agent . "Guix Deploy") + (Accept . "application/json") + (Authorization . ,(format #f "Bearer ~a" (%digital-ocean-token))))) + (json-fetch (string-append %api-base endpoint) #:headers headers)) + + +;;; +;;; Parameters for droplet creation. +;;; + +(define-record-type* digital-ocean-configuration + make-digital-ocean-configuration + digital-ocean-configuration? + this-digital-ocean-configuration + (ssh-key digital-ocean-configuration-ssh-key) ; string + (tags digital-ocean-configuration-tags) ; list of strings + (region digital-ocean-configuration-region) ; string + (size digital-ocean-configuration-size) ; string + (enable-ipv6 digital-ocean-configuration-enable-ipv6)) ; boolean + +(define (read-key-fingerprint file-name) + "Read the private key at FILE-NAME and return the key's fingerprint as a hex +string." + (let* ((privkey (private-key-from-file file-name)) + (pubkey (private-key->public-key privkey)) + (hash (get-public-key-hash pubkey 'md5))) + (bytevector->hex-string hash))) + +(define (machine-droplet machine) + "Return an alist describing the droplet allocated to MACHINE." + (let ((tags (digital-ocean-configuration-tags + (machine-configuration machine)))) + (find (lambda (droplet) + (equal? (assoc-ref droplet "tags") (list->vector tags))) + (vector->list + (assoc-ref (fetch-endpoint "/v2/droplets") "droplets"))))) + +(define (machine-public-ipv4-network machine) + "Return the public IPv4 network interface of the droplet allocated to +MACHINE as an alist. The expected fields are 'ip_address', 'netmask', and +'gateway'." + (and-let* ((droplet (machine-droplet machine)) + (networks (assoc-ref droplet "networks")) + (network (find (lambda (network) + (string= "public" (assoc-ref network "type"))) + (vector->list (assoc-ref networks "v4"))))) + network)) + + +;;; +;;; Remote evaluation. +;;; + +(define (digital-ocean-remote-eval target exp) + "Internal implementation of 'machine-remote-eval' for MACHINE instances with +an environment type of 'digital-ocean-environment-type'." + (let* ((network (machine-public-ipv4-network target)) + (address (assoc-ref network "ip_address")) + (ssh-key (digital-ocean-configuration-ssh-key + (machine-configuration target))) + (delegate (machine + (inherit target) + (environment managed-host-environment-type) + (configuration + (machine-ssh-configuration + (host-name address) + (identity ssh-key) + (system "x86_64-linux")))))) + (machine-remote-eval delegate exp))) + + +;;; +;;; System deployment. +;;; + +;; The following script was adapted from the guide available at +;; . +(define (guix-infect network) + "Given NETWORK, an alist describing the Droplet's public IPv4 network +interface, return a Bash script that will install the Guix system." + (format #f "#!/bin/bash + +apt-get update +apt-get install xz-utils -y +wget https://ftp.gnu.org/gnu/guix/guix-binary-1.0.1.x86_64-linux.tar.xz +cd /tmp +tar --warning=no-timestamp -xf ~~/guix-binary-1.0.1.x86_64-linux.tar.xz +mv var/guix /var/ && mv gnu / +mkdir -p ~~root/.config/guix +ln -sf /var/guix/profiles/per-user/root/current-guix ~~root/.config/guix/current +export GUIX_PROFILE=\"`echo ~~root`/.config/guix/current\" ; +source $GUIX_PROFILE/etc/profile +groupadd --system guixbuild +for i in `seq -w 1 10`; do + useradd -g guixbuild -G guixbuild \ + -d /var/empty -s `which nologin` \ + -c \"Guix build user $i\" --system \ + guixbuilder$i; +done; +cp ~~root/.config/guix/current/lib/systemd/system/guix-daemon.service /etc/systemd/system/ +systemctl start guix-daemon && systemctl enable guix-daemon +mkdir -p /usr/local/bin +cd /usr/local/bin +ln -s /var/guix/profiles/per-user/root/current-guix/bin/guix +mkdir -p /usr/local/share/info +cd /usr/local/share/info +for i in /var/guix/profiles/per-user/root/current-guix/share/info/*; do + ln -s $i; +done +guix archive --authorize < ~~root/.config/guix/current/share/guix/ci.guix.gnu.org.pub +# guix pull +guix package -i glibc-utf8-locales +export GUIX_LOCPATH=\"$HOME/.guix-profile/lib/locale\" +guix package -i openssl +cat > /etc/bootstrap-config.scm << EOF +(use-modules (gnu)) +(use-service-modules networking ssh) + +(operating-system + (host-name \"gnu-bootstrap\") + (timezone \"Etc/UTC\") + (bootloader (bootloader-configuration + (bootloader grub-bootloader) + (target \"/dev/vda\") + (terminal-outputs '(console)))) + (file-systems (cons (file-system + (mount-point \"/\") + (device \"/dev/vda1\") + (type \"ext4\")) + %base-file-systems)) + (services + (append (list (static-networking-service \"eth0\" \"~a\" + #:netmask \"~a\" + #:gateway \"~a\" + #:name-servers '(\"84.200.69.80\" \"84.200.70.40\")) + (simple-service 'guile-load-path-in-global-env + session-environment-service-type + \\`((\"GUILE_LOAD_PATH\" + . \"/run/current-system/profile/share/guile/site/2.2\") + (\"GUILE_LOAD_COMPILED_PATH\" + . ,(string-append \"/run/current-system/profile/lib/guile/2.2/site-ccache:\" + \"/run/current-system/profile/share/guile/site/2.2\")))) + (service openssh-service-type + (openssh-configuration + (log-level 'debug) + (permit-root-login 'without-password)))) + %base-services))) +EOF +# guix pull +guix system build /etc/bootstrap-config.scm +guix system reconfigure /etc/bootstrap-config.scm +mv /etc /old-etc +mkdir /etc +cp -r /old-etc/{passwd,group,shadow,gshadow,mtab,guix,bootstrap-config.scm} /etc/ +guix system reconfigure /etc/bootstrap-config.scm" + (assoc-ref network "ip_address") + (assoc-ref network "netmask") + (assoc-ref network "gateway"))) + +(define (machine-wait-until-available machine) + "Block until the initial Debian image has been installed on the droplet +named DROPLET-NAME." + (and-let* ((droplet (machine-droplet machine)) + (droplet-id (assoc-ref droplet "id")) + (endpoint (format #f "/v2/droplets/~a/actions" droplet-id))) + (let loop () + (let ((actions (assoc-ref (fetch-endpoint endpoint) "actions"))) + (unless (every (lambda (action) + (string= "completed" (assoc-ref action "status"))) + (vector->list actions)) + (sleep 5) + (loop)))))) + +(define (wait-for-ssh address ssh-key) + "Block until the an SSH session can be made as 'root' with SSH-KEY at ADDRESS." + (let loop () + (catch #t + (lambda () + (open-ssh-session address #:user "root" #:identity ssh-key)) + (lambda args + (sleep 5) + (loop))))) + +(define (add-static-networking target network) + "Return an based on TARGET with a static networking +configuration for the public IPv4 network described by the alist NETWORK." + (operating-system + (inherit (machine-operating-system target)) + (services (cons* (static-networking-service "eth0" + (assoc-ref network "ip_address") + #:netmask (assoc-ref network "netmask") + #:gateway (assoc-ref network "gateway") + #:name-servers '("84.200.69.80" "84.200.70.40")) + (simple-service 'guile-load-path-in-global-env + session-environment-service-type + `(("GUILE_LOAD_PATH" + . "/run/current-system/profile/share/guile/site/2.2") + ("GUILE_LOAD_COMPILED_PATH" + . ,(string-append "/run/current-system/profile/lib/guile/2.2/site-ccache:" + "/run/current-system/profile/share/guile/site/2.2")))) + (operating-system-user-services + (machine-operating-system target)))))) + +(define (deploy-digital-ocean target) + "Internal implementation of 'deploy-machine' for 'machine' instances with an +environment type of 'digital-ocean-environment-type'." + (maybe-raise-missing-api-key-error) + (maybe-raise-unsupported-configuration-error target) + (let* ((config (machine-configuration target)) + (name (machine-display-name target)) + (region (digital-ocean-configuration-region config)) + (size (digital-ocean-configuration-size config)) + (ssh-key (digital-ocean-configuration-ssh-key config)) + (fingerprint (read-key-fingerprint ssh-key)) + (enable-ipv6 (digital-ocean-configuration-enable-ipv6 config)) + (tags (digital-ocean-configuration-tags config)) + (request-body `(("name" . ,name) + ("region" . ,region) + ("size" . ,size) + ("image" . "debian-9-x64") + ("ssh_keys" . ,(vector fingerprint)) + ("backups" . #f) + ("ipv6" . ,enable-ipv6) + ("user_data" . #nil) + ("private_networking" . #nil) + ("volumes" . #nil) + ("tags" . ,(list->vector tags)))) + (response (post-endpoint "/v2/droplets" request-body))) + (machine-wait-until-available target) + (let* ((network (machine-public-ipv4-network target)) + (address (assoc-ref network "ip_address"))) + (wait-for-ssh address ssh-key) + (let* ((ssh-session (open-ssh-session address #:user "root" #:identity ssh-key)) + (sftp-session (make-sftp-session ssh-session))) + (call-with-remote-output-file sftp-session "/tmp/guix-infect.sh" + (lambda (port) + (display (guix-infect network) port))) + (rexec ssh-session "/bin/bash /tmp/guix-infect.sh") + ;; Session will close upon rebooting, which will raise 'guile-ssh-error. + (catch 'guile-ssh-error + (lambda () (rexec ssh-session "reboot")) + (lambda args #t))) + (wait-for-ssh address ssh-key) + (let ((delegate (machine + (operating-system (add-static-networking target network)) + (environment managed-host-environment-type) + (configuration + (machine-ssh-configuration + (host-name address) + (identity ssh-key) + (system "x86_64-linux")))))) + (deploy-machine delegate))))) + + +;;; +;;; Roll-back. +;;; + +(define (roll-back-digital-ocean target) + "Internal implementation of 'roll-back-machine' for MACHINE instances with an +environment type of 'digital-ocean-environment-type'." + (let* ((network (machine-public-ipv4-network target)) + (address (assoc-ref network "ip_address")) + (ssh-key (digital-ocean-configuration-ssh-key + (machine-configuration target))) + (delegate (machine + (inherit target) + (environment managed-host-environment-type) + (configuration + (machine-ssh-configuration + (host-name address) + (identity ssh-key) + (system "x86_64-linux")))))) + (roll-back-machine delegate))) + + +;;; +;;; Environment type. +;;; + +(define digital-ocean-environment-type + (environment-type + (machine-remote-eval digital-ocean-remote-eval) + (deploy-machine deploy-digital-ocean) + (roll-back-machine roll-back-digital-ocean) + (name 'digital-ocean-environment-type) + (description "Provisioning of \"droplets\": virtual machines + provided by the Digital Ocean virtual private server (VPS) service."))) + + +(define (maybe-raise-missing-api-key-error) + (unless (%digital-ocean-token) + (raise (condition + (&message + (message (G_ "No Digital Ocean access token was provided. This \ +may be fixed by setting the environment variable GUIX_DIGITAL_OCAEN_TOKEN to \ +one procured from https://cloud.digitalocean.com/account/api/tokens."))))))) + +(define (maybe-raise-unsupported-configuration-error machine) + "Raise an error if MACHINE's configuration is not an instance of +." + (let ((config (machine-configuration machine)) + (environment (environment-type-name (machine-environment machine)))) + (unless (and config (digital-ocean-configuration? config)) + (raise (condition + (&message + (message (format #f (G_ "unsupported machine configuration '~a' +for environment of type '~a'") + config + environment)))))))) -- cgit v1.2.3 From e99fbcad344367d8b6acee13f1f6dfbbcb8a1377 Mon Sep 17 00:00:00 2001 From: Efraim Flashner Date: Wed, 23 Oct 2019 09:39:28 +0300 Subject: gnu: Add rust-ansi-term-0.11. * gnu/packages/rust-cbindgen.scm (rust-ansi-term-0.11): New file, new hidden variable. * gnu/local.mk (GNU_SYSTEM_MODULES): Register it. --- gnu/local.mk | 1 + gnu/packages/rust-cbindgen.scm | 44 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 45 insertions(+) create mode 100644 gnu/packages/rust-cbindgen.scm (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 9b9a215913..d563ecc99e 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -425,6 +425,7 @@ GNU_SYSTEM_MODULES = \ %D%/packages/ruby.scm \ %D%/packages/rush.scm \ %D%/packages/rust.scm \ + %D%/packages/rust-cbindgen.scm \ %D%/packages/samba.scm \ %D%/packages/sagemath.scm \ %D%/packages/sawfish.scm \ diff --git a/gnu/packages/rust-cbindgen.scm b/gnu/packages/rust-cbindgen.scm new file mode 100644 index 0000000000..aab4a81f5c --- /dev/null +++ b/gnu/packages/rust-cbindgen.scm @@ -0,0 +1,44 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2019 Efraim Flashner +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +(define-module (gnu packages rust-cbindgen) + #:use-module ((guix licenses) #:prefix license:) + #:use-module (guix packages) + #:use-module (guix download) + #:use-module (guix build-system cargo)) + +(define rust-ansi-term-0.11 + (package + (name "rust-ansi-term") + (version "0.11.0") + (source + (origin + (method url-fetch) + (uri (crate-uri "ansi_term" version)) + (file-name (string-append name "-" version ".crate")) + (sha256 + (base32 + "16wpvrghvd0353584i1idnsgm0r3vchg8fyrm0x8ayv1rgvbljgf")))) + (build-system cargo-build-system) + (home-page "https://github.com/ogham/rust-ansi-term") + (synopsis "Library for ANSI terminal colours and styles") + (description + "This is a library for controlling colours and formatting, such as red bold +text or blue underlined text, on ANSI terminals.") + (properties '((hidden? . #t))) + (license license:expat))) -- cgit v1.2.3 From 77e0cebcadc8b96613832e1554e326d48e20f72f Mon Sep 17 00:00:00 2001 From: Hartmut Goebel Date: Mon, 30 Sep 2019 21:09:49 +0200 Subject: gnu: Add weasyprint. Now includs the patch file missed in 73f0ed8dbfde97341716fd8b156907e4ef800873. * gnu/packages/pdf.scm (weasyprint): New variable. * gnu/packages/patches/weasyprint-library-paths.patch: New file. * gnu/local.mk: Add it. --- gnu/local.mk | 1 + .../patches/weasyprint-library-paths.patch | 38 ++++++++++ gnu/packages/pdf.scm | 81 ++++++++++++++++++++++ 3 files changed, 120 insertions(+) create mode 100644 gnu/packages/patches/weasyprint-library-paths.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index d563ecc99e..a8138a945c 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1420,6 +1420,7 @@ dist_patch_DATA = \ %D%/packages/patches/wavpack-CVE-2018-6767.patch \ %D%/packages/patches/wavpack-CVE-2018-7253.patch \ %D%/packages/patches/wavpack-CVE-2018-7254.patch \ + %D%/packages/patches/weasyprint-library-paths.patch \ %D%/packages/patches/wicd-bitrate-none-fix.patch \ %D%/packages/patches/wicd-get-selected-profile-fix.patch \ %D%/packages/patches/wicd-urwid-1.3.patch \ diff --git a/gnu/packages/patches/weasyprint-library-paths.patch b/gnu/packages/patches/weasyprint-library-paths.patch new file mode 100644 index 0000000000..eabbdbdcd6 --- /dev/null +++ b/gnu/packages/patches/weasyprint-library-paths.patch @@ -0,0 +1,38 @@ +diff --git a/weasyprint/fonts.py b/weasyprint/fonts.py +index 377716c1..2016e01c 100644 +--- a/weasyprint/fonts.py ++++ b/weasyprint/fonts.py +@@ -48,11 +48,8 @@ else: + # with OSError: dlopen() failed to load a library: cairo / cairo-2 + # So let's hope we find the same file as cairo already did ;) + # Same applies to pangocairo requiring pangoft2 +- fontconfig = dlopen(ffi, 'fontconfig', 'libfontconfig', +- 'libfontconfig-1.dll', +- 'libfontconfig.so.1', 'libfontconfig-1.dylib') +- pangoft2 = dlopen(ffi, 'pangoft2-1.0', 'libpangoft2-1.0-0', +- 'libpangoft2-1.0.so', 'libpangoft2-1.0.dylib') ++ fontconfig = dlopen(ffi, '@fontconfig@') ++ pangoft2 = dlopen(ffi, '@pangoft2@') + + ffi.cdef(''' + // FontConfig +diff --git a/weasyprint/text.py b/weasyprint/text.py +index 035074e9..08e40395 100644 +--- a/weasyprint/text.py ++++ b/weasyprint/text.py +@@ -243,12 +243,9 @@ def dlopen(ffi, *names): + return ffi.dlopen(names[0]) # pragma: no cover + + +-gobject = dlopen(ffi, 'gobject-2.0', 'libgobject-2.0-0', 'libgobject-2.0.so', +- 'libgobject-2.0.dylib') +-pango = dlopen(ffi, 'pango-1.0', 'libpango-1.0-0', 'libpango-1.0.so', +- 'libpango-1.0.dylib') +-pangocairo = dlopen(ffi, 'pangocairo-1.0', 'libpangocairo-1.0-0', +- 'libpangocairo-1.0.so', 'libpangocairo-1.0.dylib') ++gobject = dlopen(ffi, '@gobject@') ++pango = dlopen(ffi, '@pango@') ++pangocairo = dlopen(ffi, '@pangocairo@') + + gobject.g_type_init() + diff --git a/gnu/packages/pdf.scm b/gnu/packages/pdf.scm index 7118afce4d..0fd385d5d6 100644 --- a/gnu/packages/pdf.scm +++ b/gnu/packages/pdf.scm @@ -16,6 +16,7 @@ ;;; Copyright © 2017, 2018, 2019 Tobias Geerinckx-Rice ;;; Copyright © 2019 Alex Griffin ;;; Copyright © 2019 Ben Sturmfels +;;; Copyright © 2019 Hartmut Goebel ;;; ;;; This file is part of GNU Guix. ;;; @@ -66,6 +67,7 @@ #:use-module (gnu packages imagemagick) #:use-module (gnu packages javascript) #:use-module (gnu packages lesstif) + #:use-module (gnu packages libffi) #:use-module (gnu packages linux) #:use-module (gnu packages lua) #:use-module (gnu packages pcre) @@ -73,6 +75,8 @@ #:use-module (gnu packages photo) #:use-module (gnu packages pkg-config) #:use-module (gnu packages python) + #:use-module (gnu packages python-check) + #:use-module (gnu packages python-web) #:use-module (gnu packages python-xyz) #:use-module (gnu packages qt) #:use-module (gnu packages sdl) @@ -1200,3 +1204,80 @@ manipulating PDF documents from the command line. It supports @item displaying the mapping between logical and physical page numbers @end itemize") (license license:bsd-3))) + +(define-public weasyprint + (package + (name "weasyprint") + (version "50") + (source + (origin + (method url-fetch) + (uri (pypi-uri "WeasyPrint" version)) + (sha256 + (base32 "0invs96zvmcr6wh5klj52jrcnr9qg150v9wpmbhcsf3vv1d1hbcw")) + (patches (search-patches "weasyprint-library-paths.patch")))) + (build-system python-build-system) + (arguments + `(#:phases + (modify-phases %standard-phases + (add-after 'unpack 'patch-library-paths + (lambda* (#:key inputs #:allow-other-keys) + (let ((fontconfig (assoc-ref inputs "fontconfig")) + (glib (assoc-ref inputs "glib")) + (pango (assoc-ref inputs "pango")) + (pangoft2 (assoc-ref inputs "pangoft2"))) + (substitute* "weasyprint/fonts.py" + (("@fontconfig@") + (string-append fontconfig "/lib/libfontconfig.so")) + (("@pangoft2@") + (string-append pango "/lib/libpangoft2-1.0.so"))) + (substitute* "weasyprint/text.py" + (("@gobject@") + (string-append glib "/lib/libgobject-2.0.so")) + (("@pango@") + (string-append pango "/lib/libpango-1.0.so")) + (("@pangocairo@") + (string-append pango "/lib/libpangocairo-1.0.so")))))) + (add-after 'unpack 'remove-pytest-options + (lambda _ + (substitute* "setup.cfg" + ;; flake8 and isort syntax checks fail, which is not our + ;; business + (("addopts = --flake8 --isort") "")))) + (replace 'check + (lambda _ + ;; run pytest, excluding one failing test + (invoke "pytest" "-k" "not test_flex_column_wrap_reverse")))))) + (inputs + `(("fontconfig" ,fontconfig) + ("glib" ,glib) + ("pango" ,pango))) + (propagated-inputs + `(("gdk-pixbuf" ,gdk-pixbuf) + ("python-cairocffi" ,python-cairocffi) + ("python-cairosvg" ,python-cairosvg) + ("python-cffi" ,python-cffi) + ("python-cssselect2" ,python-cssselect2) + ("python-html5lib" ,python-html5lib) + ("python-pyphen" ,python-pyphen) + ("python-tinycss2" ,python-tinycss2))) + (native-inputs + `(("python-pytest-cov" ,python-pytest-cov) + ("python-pytest-runner" ,python-pytest-runner))) + (home-page "https://weasyprint.org/") + (synopsis "Document factory for creating PDF files from HTML") + (description "WeasyPrint helps web developers to create PDF documents. It +turns simple HTML pages into gorgeous statistical reports, invoices, tickets, +etc. + +From a technical point of view, WeasyPrint is a visual rendering engine for +HTML and CSS that can export to PDF and PNG. It aims to support web standards +for printing. + +It is based on various libraries but not on a full rendering engine like +WebKit or Gecko. The CSS layout engine is written in Python, designed for +pagination, and meant to be easy to hack on. Weasyprint can also be used as a +python library. + +Keywords: html2pdf, htmltopdf") + (license license:bsd-3))) -- cgit v1.2.3 From 3f4ea9a62b5fa68d57724b2f83c35a191e33b7c8 Mon Sep 17 00:00:00 2001 From: Tobias Geerinckx-Rice Date: Wed, 23 Oct 2019 19:43:02 +0200 Subject: gnu: avahi: Fix CVE-2018-1000845 and duplicate CVE-2017-6519. * gnu/packages/avahi.scm (avahi/fixed): New variable. (avahi)[replacement]: Use it. * gnu/packages/patches/avahi-CVE-2018-1000845.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. --- gnu/local.mk | 1 + gnu/packages/avahi.scm | 11 ++++++ gnu/packages/patches/avahi-CVE-2018-1000845.patch | 42 +++++++++++++++++++++++ 3 files changed, 54 insertions(+) create mode 100644 gnu/packages/patches/avahi-CVE-2018-1000845.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index a8138a945c..50bcab514a 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -706,6 +706,7 @@ dist_patch_DATA = \ %D%/packages/patches/ath9k-htc-firmware-objcopy.patch \ %D%/packages/patches/audacity-build-with-system-portaudio.patch \ %D%/packages/patches/automake-skip-amhello-tests.patch \ + %D%/packages/patches/avahi-CVE-2018-1000845.patch \ %D%/packages/patches/avahi-localstatedir.patch \ %D%/packages/patches/avogadro-boost148.patch \ %D%/packages/patches/avogadro-eigen3-update.patch \ diff --git a/gnu/packages/avahi.scm b/gnu/packages/avahi.scm index e71ffc2982..408be8ed57 100644 --- a/gnu/packages/avahi.scm +++ b/gnu/packages/avahi.scm @@ -35,6 +35,7 @@ (package (name "avahi") (version "0.7") + (replacement avahi/fixed) (home-page "http://avahi.org") (source (origin (method url-fetch) @@ -74,6 +75,16 @@ network. It is an implementation of the mDNS (for \"Multicast DNS\") and DNS-SD (for \"DNS-Based Service Discovery\") protocols.") (license lgpl2.1+))) +(define avahi/fixed + (package/inherit avahi + (source (origin + (inherit (package-source avahi)) + (patches + (append (search-patches "avahi-CVE-2018-1000845.patch") + (origin-patches (package-source avahi)))))) + ;; Hide a duplicate of the CVE fixed above. + (properties `((lint-hidden-cve . ("CVE-2017-6519")))))) + (define-public nss-mdns (package (name "nss-mdns") diff --git a/gnu/packages/patches/avahi-CVE-2018-1000845.patch b/gnu/packages/patches/avahi-CVE-2018-1000845.patch new file mode 100644 index 0000000000..e5b13e0bee --- /dev/null +++ b/gnu/packages/patches/avahi-CVE-2018-1000845.patch @@ -0,0 +1,42 @@ +From e111def44a7df4624a4aa3f85fe98054bffb6b4f Mon Sep 17 00:00:00 2001 +From: Trent Lloyd +Date: Sat, 22 Dec 2018 09:06:07 +0800 +Subject: [PATCH] Drop legacy unicast queries from address not on local link + +When handling legacy unicast queries, ensure that the source IP is +inside a subnet on the local link, otherwise drop the packet. + +Fixes #145 +Fixes #203 +CVE-2017-6519 +CVE-2018-100084 +--- + avahi-core/server.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/avahi-core/server.c b/avahi-core/server.c +index a2cb19a8..a2580e38 100644 +--- a/avahi-core/server.c ++++ b/avahi-core/server.c +@@ -930,6 +930,7 @@ static void dispatch_packet(AvahiServer *s, AvahiDnsPacket *p, const AvahiAddres + + if (avahi_dns_packet_is_query(p)) { + int legacy_unicast = 0; ++ char t[AVAHI_ADDRESS_STR_MAX]; + + /* For queries EDNS0 might allow ARCOUNT != 0. We ignore the + * AR section completely here, so far. Until the day we add +@@ -947,6 +948,13 @@ static void dispatch_packet(AvahiServer *s, AvahiDnsPacket *p, const AvahiAddres + legacy_unicast = 1; + } + ++ if (!is_mdns_mcast_address(dst_address) && ++ !avahi_interface_address_on_link(i, src_address)) { ++ ++ avahi_log_debug("Received non-local unicast query from host %s on interface '%s.%i'.", avahi_address_snprint(t, sizeof(t), src_address), i->hardware->name, i->protocol); ++ return; ++ } ++ + if (legacy_unicast) + reflect_legacy_unicast_query_packet(s, p, i, src_address, port); + -- cgit v1.2.3