From 81382e3f6d4eb0261bf513a16be58d8d0b7373f2 Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Fri, 15 Mar 2019 16:03:59 +0100 Subject: gnu: meson: Update to 0.50.0. * gnu/packages/build-tools.scm (meson): Update to 0.50.0. * gnu/packages/patches/at-spi2-core-meson-compat.patch, gnu/packages/patches/totem-meson-compat.patch: New files. * gnu/local.mk (dist_patch_DATA): Adjust accordingly. * gnu/packages/gnome.scm (totem)[source](patches): Add totem-meson.compat.patch. * gnu/packages/gtk.scm (at-spi2-core)[source](patches): New field. --- gnu/local.mk | 2 ++ 1 file changed, 2 insertions(+) (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index eb1b5d223d..1d73189b17 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -652,6 +652,7 @@ dist_patch_DATA = \ %D%/packages/patches/apr-skip-getservbyname-test.patch \ %D%/packages/patches/aria2-CVE-2019-3500.patch \ %D%/packages/patches/aspell-default-dict-dir.patch \ + %D%/packages/patches/at-spi2-core-meson-compat.patch \ %D%/packages/patches/ath9k-htc-firmware-binutils.patch \ %D%/packages/patches/ath9k-htc-firmware-gcc.patch \ %D%/packages/patches/ath9k-htc-firmware-objcopy.patch \ @@ -1287,6 +1288,7 @@ dist_patch_DATA = \ %D%/packages/patches/tk-find-library.patch \ %D%/packages/patches/ttf2eot-cstddef.patch \ %D%/packages/patches/ttfautohint-source-date-epoch.patch \ + %D%/packages/patches/totem-meson-compat.patch \ %D%/packages/patches/totem-meson-easy-codec.patch \ %D%/packages/patches/tuxpaint-stamps-path.patch \ %D%/packages/patches/twinkle-include-qregexpvalidator.patch \ -- cgit v1.2.3 From a3f2c295e7f8719dc47d5757b89188e0ed68faf2 Mon Sep 17 00:00:00 2001 From: ng0 Date: Thu, 14 Mar 2019 10:43:47 +0000 Subject: gnu: libextractor: Update to 1.9. * gnu/packages/gnunet (libextractor): Update to 1.9. [source]: Remove patches. * gnu/packages/patches/libextractor-CVE-2018-20430.patch gnu/packages/patches/libextractor-CVE-2018-20431.patch: Delete files. * gnu/local.mk (dist_patch_DATA): Remove them. Signed-off-by: Tobias Geerinckx-Rice --- gnu/local.mk | 2 - gnu/packages/gnunet.scm | 8 ++- .../patches/libextractor-CVE-2018-20430.patch | 60 ---------------------- .../patches/libextractor-CVE-2018-20431.patch | 53 ------------------- 4 files changed, 3 insertions(+), 120 deletions(-) delete mode 100644 gnu/packages/patches/libextractor-CVE-2018-20430.patch delete mode 100644 gnu/packages/patches/libextractor-CVE-2018-20431.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index af2bf87273..49537e19f8 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -968,8 +968,6 @@ dist_patch_DATA = \ %D%/packages/patches/libevent-2.1-skip-failing-test.patch \ %D%/packages/patches/libexif-CVE-2016-6328.patch \ %D%/packages/patches/libexif-CVE-2017-7544.patch \ - %D%/packages/patches/libextractor-CVE-2018-20430.patch \ - %D%/packages/patches/libextractor-CVE-2018-20431.patch \ %D%/packages/patches/libgcrypt-make-yat2m-reproducible.patch \ %D%/packages/patches/libgit2-mtime-0.patch \ %D%/packages/patches/libgit2-oom-test.patch \ diff --git a/gnu/packages/gnunet.scm b/gnu/packages/gnunet.scm index 93c905406f..19e99644dd 100644 --- a/gnu/packages/gnunet.scm +++ b/gnu/packages/gnunet.scm @@ -5,7 +5,7 @@ ;;; Copyright © 2015, 2017, 2019 Efraim Flashner ;;; Copyright © 2016 Ricardo Wurmus ;;; Copyright © 2016 Mark H Weaver -;;; Copyright © 2016, 2017, 2018 ng0 +;;; Copyright © 2016, 2017, 2018, 2019 ng0 ;;; Copyright © 2016, 2017, 2018 Tobias Geerinckx-Rice ;;; Copyright © 2018 Alex Vong ;;; @@ -68,16 +68,14 @@ (define-public libextractor (package (name "libextractor") - (version "1.8") + (version "1.9") (source (origin (method url-fetch) (uri (string-append "mirror://gnu/libextractor/libextractor-" version ".tar.gz")) - (patches (search-patches "libextractor-CVE-2018-20430.patch" - "libextractor-CVE-2018-20431.patch")) (sha256 (base32 - "1z1cb35griqzvshqdv5ck98dy0sgpsswn7fgiy7lbzi34sma8dg2")))) + "1zz2zvikvfibxnk1va3kgzs7djsmiqy7bmk8y01vbsf54ryjb3zh")))) (build-system gnu-build-system) ;; WARNING: Checks require /dev/shm to be in the build chroot, especially ;; not to be a symbolic link to /run/shm. diff --git a/gnu/packages/patches/libextractor-CVE-2018-20430.patch b/gnu/packages/patches/libextractor-CVE-2018-20430.patch deleted file mode 100644 index 570cd7c006..0000000000 --- a/gnu/packages/patches/libextractor-CVE-2018-20430.patch +++ /dev/null @@ -1,60 +0,0 @@ -Fix CVE-2018-20430: - -https://gnunet.org/bugs/view.php?id=5493 -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20430 -https://security-tracker.debian.org/tracker/CVE-2018-20430 - -Patch copied from upstream source repository: - -https://gnunet.org/git/libextractor.git/commit/?id=b405d707b36e0654900cba78e89f49779efea110 - -From b405d707b36e0654900cba78e89f49779efea110 Mon Sep 17 00:00:00 2001 -From: Christian Grothoff -Date: Thu, 20 Dec 2018 22:47:53 +0100 -Subject: [PATCH] fix #5493 (out of bounds read) - ---- - src/common/convert.c | 10 +++++----- - 1 file changed, 5 insertions(+), 5 deletions(-) - -diff --git a/src/common/convert.c b/src/common/convert.c -index c0edf21..2be2108 100644 ---- a/src/common/convert.c -+++ b/src/common/convert.c -@@ -36,8 +36,8 @@ - * string is returned. - */ - char * --EXTRACTOR_common_convert_to_utf8 (const char *input, -- size_t len, -+EXTRACTOR_common_convert_to_utf8 (const char *input, -+ size_t len, - const char *charset) - { - #if HAVE_ICONV -@@ -52,7 +52,7 @@ EXTRACTOR_common_convert_to_utf8 (const char *input, - i = input; - cd = iconv_open ("UTF-8", charset); - if (cd == (iconv_t) - 1) -- return strdup (i); -+ return strndup (i, len); - if (len > 1024 * 1024) - { - iconv_close (cd); -@@ -67,11 +67,11 @@ EXTRACTOR_common_convert_to_utf8 (const char *input, - } - itmp = tmp; - finSize = tmpSize; -- if (iconv (cd, (char **) &input, &len, &itmp, &finSize) == SIZE_MAX) -+ if (iconv (cd, (char **) &input, &len, &itmp, &finSize) == ((size_t) -1)) - { - iconv_close (cd); - free (tmp); -- return strdup (i); -+ return strndup (i, len); - } - ret = malloc (tmpSize - finSize + 1); - if (ret == NULL) --- -2.20.1 - diff --git a/gnu/packages/patches/libextractor-CVE-2018-20431.patch b/gnu/packages/patches/libextractor-CVE-2018-20431.patch deleted file mode 100644 index 855c5ba64b..0000000000 --- a/gnu/packages/patches/libextractor-CVE-2018-20431.patch +++ /dev/null @@ -1,53 +0,0 @@ -Fix CVE-2018-20431: - -https://gnunet.org/bugs/view.php?id=5494 -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20431 -https://security-tracker.debian.org/tracker/CVE-2018-20431 - -Patch copied from upstream source repository: - -https://gnunet.org/git/libextractor.git/commit/?id=489c4a540bb2c4744471441425b8932b97a153e7 - -To apply the patch to libextractor 1.8 release tarball, -hunk #1 which patches ChangeLog is removed. - -From 489c4a540bb2c4744471441425b8932b97a153e7 Mon Sep 17 00:00:00 2001 -From: Christian Grothoff -Date: Thu, 20 Dec 2018 23:02:28 +0100 -Subject: [PATCH] fix #5494 - ---- - ChangeLog | 3 ++- - src/plugins/ole2_extractor.c | 9 +++++++-- - 2 files changed, 9 insertions(+), 3 deletions(-) - -diff --git a/src/plugins/ole2_extractor.c b/src/plugins/ole2_extractor.c -index 53fa1b9..a48b726 100644 ---- a/src/plugins/ole2_extractor.c -+++ b/src/plugins/ole2_extractor.c -@@ -173,7 +173,7 @@ struct ProcContext - EXTRACTOR_MetaDataProcessor proc; - - /** -- * Closure for 'proc'. -+ * Closure for @e proc. - */ - void *proc_cls; - -@@ -213,7 +213,12 @@ process_metadata (gpointer key, - - if (G_VALUE_TYPE(gval) == G_TYPE_STRING) - { -- contents = strdup (g_value_get_string (gval)); -+ const char *gvals; -+ -+ gvals = g_value_get_string (gval); -+ if (NULL == gvals) -+ return; -+ contents = strdup (gvals); - } - else - { --- -2.20.1 - -- cgit v1.2.3 From 9081333bcd3ff0d6d7cc2f357f56cc2a39bfef50 Mon Sep 17 00:00:00 2001 From: Tobias Geerinckx-Rice Date: Mon, 18 Mar 2019 23:04:31 +0100 Subject: gnu: cracklib: Update to 2.9.7. * gnu/packages/password-utils.scm (cracklib): Update to 2.9.7. [source]: Remove patches. * gnu/packages/patches/cracklib-CVE-2016-6318.patch, gnu/packages/patches/cracklib-fix-buffer-overflow.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Remove them. --- gnu/local.mk | 2 - gnu/packages/password-utils.scm | 22 +++-- gnu/packages/patches/cracklib-CVE-2016-6318.patch | 95 ---------------------- .../patches/cracklib-fix-buffer-overflow.patch | 39 --------- 4 files changed, 10 insertions(+), 148 deletions(-) delete mode 100644 gnu/packages/patches/cracklib-CVE-2016-6318.patch delete mode 100644 gnu/packages/patches/cracklib-fix-buffer-overflow.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 49537e19f8..0a7e9bbc67 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -706,8 +706,6 @@ dist_patch_DATA = \ %D%/packages/patches/combinatorial-blas-io-fix.patch \ %D%/packages/patches/cpio-CVE-2016-2037.patch \ %D%/packages/patches/cpufrequtils-fix-aclocal.patch \ - %D%/packages/patches/cracklib-CVE-2016-6318.patch \ - %D%/packages/patches/cracklib-fix-buffer-overflow.patch \ %D%/packages/patches/crawl-upgrade-saves.patch \ %D%/packages/patches/crda-optional-gcrypt.patch \ %D%/packages/patches/clucene-contribs-lib.patch \ diff --git a/gnu/packages/password-utils.scm b/gnu/packages/password-utils.scm index 9fd5a6ff0d..ad89cee5a8 100644 --- a/gnu/packages/password-utils.scm +++ b/gnu/packages/password-utils.scm @@ -9,7 +9,7 @@ ;;; Copyright © 2016 Alex Griffin ;;; Copyright © 2017 Leo Famulari ;;; Copyright © 2017, 2018 Clément Lassieur -;;; Copyright © 2017, 2018 Tobias Geerinckx-Rice +;;; Copyright © 2017, 2018, 2019 Tobias Geerinckx-Rice ;;; Copyright © 2017 Jelle Licht ;;; Copyright © 2017 Eric Bavier ;;; Copyright © 2017 Nicolas Goaziou @@ -295,17 +295,15 @@ and vice versa.") (define-public cracklib (package (name "cracklib") - (version "2.9.6") - (source (origin - (method url-fetch) - (uri (string-append "https://github.com/cracklib/cracklib/" - "releases/download/" name "-" version "/" - name "-" version ".tar.gz")) - (patches (search-patches "cracklib-CVE-2016-6318.patch" - "cracklib-fix-buffer-overflow.patch")) - (sha256 - (base32 - "0hrkb0prf7n92w6rxgq0ilzkk6rkhpys2cfqkrbzswp27na7dkqp")))) + (version "2.9.7") + (source + (origin + (method url-fetch) + (uri (string-append "https://github.com/cracklib/cracklib/" + "releases/download/v" version "/" + "cracklib-" version ".tar.bz2")) + (sha256 + (base32 "1rimpjsdnmw8f5b7k558cic41p2qy2n2yrlqp5vh7mp4162hk0py")))) (build-system gnu-build-system) (synopsis "Password checking library") (home-page "https://github.com/cracklib/cracklib") diff --git a/gnu/packages/patches/cracklib-CVE-2016-6318.patch b/gnu/packages/patches/cracklib-CVE-2016-6318.patch deleted file mode 100644 index 4806ecaae9..0000000000 --- a/gnu/packages/patches/cracklib-CVE-2016-6318.patch +++ /dev/null @@ -1,95 +0,0 @@ -Fix CVE-2016-6318. - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6318 - -Patch copied from Red Hat: - -https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-6318 -https://bugzilla.redhat.com/attachment.cgi?id=1188599&action=diff - -It is not safe to pass words longer than STRINGSIZE further to cracklib -so the longbuffer cannot be longer than STRINGSIZE. -diff -up cracklib-2.9.0/lib/fascist.c.longgecos cracklib-2.9.0/lib/fascist.c ---- cracklib-2.9.0/lib/fascist.c.longgecos 2014-02-06 16:03:59.000000000 +0100 -+++ cracklib-2.9.0/lib/fascist.c 2016-08-08 12:05:40.279235815 +0200 -@@ -515,7 +515,7 @@ FascistGecosUser(char *password, const c - char gbuffer[STRINGSIZE]; - char tbuffer[STRINGSIZE]; - char *uwords[STRINGSIZE]; -- char longbuffer[STRINGSIZE * 2]; -+ char longbuffer[STRINGSIZE]; - - if (gecos == NULL) - gecos = ""; -@@ -596,38 +596,47 @@ FascistGecosUser(char *password, const c - { - for (i = 0; i < j; i++) - { -- strcpy(longbuffer, uwords[i]); -- strcat(longbuffer, uwords[j]); -- -- if (GTry(longbuffer, password)) -+ if (strlen(uwords[i]) + strlen(uwords[j]) < STRINGSIZE) - { -- return _("it is derived from your password entry"); -- } -- -- strcpy(longbuffer, uwords[j]); -- strcat(longbuffer, uwords[i]); -+ strcpy(longbuffer, uwords[i]); -+ strcat(longbuffer, uwords[j]); - -- if (GTry(longbuffer, password)) -- { -- return _("it's derived from your password entry"); -+ if (GTry(longbuffer, password)) -+ { -+ return _("it is derived from your password entry"); -+ } -+ -+ strcpy(longbuffer, uwords[j]); -+ strcat(longbuffer, uwords[i]); -+ -+ if (GTry(longbuffer, password)) -+ { -+ return _("it's derived from your password entry"); -+ } - } - -- longbuffer[0] = uwords[i][0]; -- longbuffer[1] = '\0'; -- strcat(longbuffer, uwords[j]); -- -- if (GTry(longbuffer, password)) -+ if (strlen(uwords[j]) < STRINGSIZE - 1) - { -- return _("it is derivable from your password entry"); -+ longbuffer[0] = uwords[i][0]; -+ longbuffer[1] = '\0'; -+ strcat(longbuffer, uwords[j]); -+ -+ if (GTry(longbuffer, password)) -+ { -+ return _("it is derivable from your password entry"); -+ } - } - -- longbuffer[0] = uwords[j][0]; -- longbuffer[1] = '\0'; -- strcat(longbuffer, uwords[i]); -- -- if (GTry(longbuffer, password)) -+ if (strlen(uwords[i]) < STRINGSIZE - 1) - { -- return _("it's derivable from your password entry"); -+ longbuffer[0] = uwords[j][0]; -+ longbuffer[1] = '\0'; -+ strcat(longbuffer, uwords[i]); -+ -+ if (GTry(longbuffer, password)) -+ { -+ return _("it's derivable from your password entry"); -+ } - } - } - } diff --git a/gnu/packages/patches/cracklib-fix-buffer-overflow.patch b/gnu/packages/patches/cracklib-fix-buffer-overflow.patch deleted file mode 100644 index b1c990f282..0000000000 --- a/gnu/packages/patches/cracklib-fix-buffer-overflow.patch +++ /dev/null @@ -1,39 +0,0 @@ -Fix buffer overflow processing long words in Mangle(). - -Patch adpated from upstream commit, omitting changes to 'NEWS': - -https://github.com/cracklib/cracklib/commit/33d7fa4585247cd2247a1ffa032ad245836c6edb - -From 33d7fa4585247cd2247a1ffa032ad245836c6edb Mon Sep 17 00:00:00 2001 -From: Jan Dittberner -Date: Thu, 25 Aug 2016 17:17:53 +0200 -Subject: [PATCH] Fix a buffer overflow processing long words - -A buffer overflow processing long words has been discovered. This commit -applies the patch from -https://build.opensuse.org/package/view_file/Base:System/cracklib/0004-overflow-processing-long-words.patch -by Howard Guo. - -See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=835386 and -http://www.openwall.com/lists/oss-security/2016/08/23/8 ---- - src/NEWS | 1 + - src/lib/rules.c | 5 ++--- - 2 files changed, 3 insertions(+), 3 deletions(-) - -diff --git a/src/lib/rules.c b/src/lib/rules.c -index d193cc0..3a2aa46 100644 ---- a/lib/rules.c -+++ b/lib/rules.c -@@ -434,9 +434,8 @@ Mangle(input, control) /* returns a pointer to a controlled Mangle */ - { - int limit; - register char *ptr; -- static char area[STRINGSIZE]; -- char area2[STRINGSIZE]; -- area[0] = '\0'; -+ static char area[STRINGSIZE * 2] = {0}; -+ char area2[STRINGSIZE * 2] = {0}; - strcpy(area, input); - - for (ptr = control; *ptr; ptr++) -- cgit v1.2.3 From 1d6589db81c7c390e04795805e684b01f5a0c45f Mon Sep 17 00:00:00 2001 From: Andreas Enge Date: Tue, 19 Mar 2019 10:44:15 +0100 Subject: gnu: Add python-flint. * gnu/packages/algebra.scm (python-flint): New variable. * gnu/packages/patches/python-flint-includes.patch: New file. * gnu/local.mk (dist_patch_DATA): Register the patch. --- gnu/local.mk | 1 + gnu/packages/algebra.scm | 34 ++++++ gnu/packages/patches/python-flint-includes.patch | 131 +++++++++++++++++++++++ 3 files changed, 166 insertions(+) create mode 100644 gnu/packages/patches/python-flint-includes.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 0a7e9bbc67..87bed6e827 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1176,6 +1176,7 @@ dist_patch_DATA = \ %D%/packages/patches/python2-larch-coverage-4.0a6-compatibility.patch \ %D%/packages/patches/python-configobj-setuptools.patch \ %D%/packages/patches/python-faker-fix-build-32bit.patch \ + %D%/packages/patches/python-flint-includes.patch \ %D%/packages/patches/python-mox3-python3.6-compat.patch \ %D%/packages/patches/python-testtools.patch \ %D%/packages/patches/python-paste-remove-timing-test.patch \ diff --git a/gnu/packages/algebra.scm b/gnu/packages/algebra.scm index 2849a565c3..e272cd990b 100644 --- a/gnu/packages/algebra.scm +++ b/gnu/packages/algebra.scm @@ -43,6 +43,7 @@ #:use-module (gnu packages multiprecision) #:use-module (gnu packages perl) #:use-module (gnu packages python) + #:use-module (gnu packages python-xyz) #:use-module (gnu packages readline) #:use-module (gnu packages shells) #:use-module (gnu packages tex) @@ -52,6 +53,7 @@ #:use-module (guix build-system ant) #:use-module (guix build-system gnu) #:use-module (guix build-system cmake) + #:use-module (guix build-system python) #:use-module (guix download) #:use-module (guix git-download) #:use-module ((guix licenses) #:prefix license:) @@ -421,6 +423,38 @@ real and complex numbers, with automatic, rigorous error control.") (license license:lgpl2.1+) (home-page "http://fredrikj.net/arb/"))) +(define-public python-flint + (package + (name "python-flint") + (version "0.3.0") + (source (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/fredrik-johansson/python-flint.git") + (commit version))) + (file-name (git-file-name name version)) + (sha256 + (base32 + "1v0anazbj1cfi68nl2j6dbd31kgkc1563xmr0zk5xk3xj78569pw")) + (patches (search-patches "python-flint-includes.patch")))) + (build-system python-build-system) + (native-inputs + `(("python-cython" ,python-cython))) + (propagated-inputs + `(("python-numpy" ,python-numpy))) + (inputs + `(("arb" ,arb) + ("flint" ,flint))) + (synopsis "Python module wrapping ARB and FLINT") + (description + "Python-flint is a Python extension module wrapping FLINT +(Fast Library for Number Theory) and Arb (arbitrary-precision ball +arithmetic). It supports integers, rationals, modular integers, +real and complex ball arithmetic, polynomials and matrices over all +these types and other mathematical functions.") + (license license:expat) + (home-page "http://fredrikj.net/python-flint/"))) + (define-public ntl (package (name "ntl") diff --git a/gnu/packages/patches/python-flint-includes.patch b/gnu/packages/patches/python-flint-includes.patch new file mode 100644 index 0000000000..c0cfe94a04 --- /dev/null +++ b/gnu/packages/patches/python-flint-includes.patch @@ -0,0 +1,131 @@ +The following patch, authored by Andreas Enge, looks for the flint include +files in the correct subdirectory. + +diff -u -r python-flint-old/src/flint.pxd python-flint-new/src/flint.pxd +--- python-flint-old/src/flint.pxd 2019-03-19 10:26:11.055748626 +0100 ++++ python-flint-new/src/flint.pxd 2019-03-19 10:35:23.269341203 +0100 +@@ -27,7 +27,7 @@ + + ctypedef long fmpz_struct + +-cdef extern from "flint.h": ++cdef extern from "flint/flint.h": + ctypedef void * flint_rand_t + void flint_randinit(flint_rand_t state) + void flint_randclear(flint_rand_t state) +@@ -35,7 +35,7 @@ + long flint_get_num_threads() + void flint_cleanup() + +-cdef extern from "nmod_vec.h": ++cdef extern from "flint/nmod_vec.h": + ctypedef struct nmod_t: + mp_limb_t n + mp_limb_t ninv +@@ -47,7 +47,7 @@ + mp_limb_t nmod_mul(mp_limb_t a, mp_limb_t b, nmod_t mod) + mp_limb_t nmod_div(mp_limb_t a, mp_limb_t b, nmod_t mod) + +-cdef extern from "nmod_poly.h": ++cdef extern from "flint/nmod_poly.h": + ctypedef struct nmod_poly_struct: + mp_ptr coeffs + long alloc +@@ -129,7 +129,7 @@ + void nmod_poly_factor_init(nmod_poly_factor_t fac) + void nmod_poly_factor_clear(nmod_poly_factor_t fac) + +-cdef extern from "nmod_mat.h": ++cdef extern from "flint/nmod_mat.h": + ctypedef struct nmod_mat_struct: + mp_limb_t * entries + long r +@@ -178,7 +178,7 @@ + long nmod_mat_rref(nmod_mat_t A) + long nmod_mat_nullspace(nmod_mat_t X, nmod_mat_t A) + +-cdef extern from "fmpz.h": ++cdef extern from "flint/fmpz.h": + ctypedef fmpz_struct fmpz_t[1] + int COEFF_IS_MPZ(fmpz_struct v) + void fmpz_init(fmpz_t op) +@@ -268,7 +268,7 @@ + void fmpz_rfac_uiui(fmpz_t r, ulong x, ulong n) + void fmpz_primorial(fmpz_t res, ulong n) + +-cdef extern from "fmpz_factor.h": ++cdef extern from "flint/fmpz_factor.h": + ctypedef struct fmpz_factor_struct: + int sign + fmpz_struct * p +@@ -280,7 +280,7 @@ + void fmpz_factor_clear(fmpz_factor_t factor) + void fmpz_factor(fmpz_factor_t factor, fmpz_t n) + +-cdef extern from "fmpz_poly.h": ++cdef extern from "flint/fmpz_poly.h": + ctypedef struct fmpz_poly_struct: + fmpz_struct * coeffs + long alloc +@@ -390,14 +390,14 @@ + void fmpz_poly_cos_minpoly(fmpz_poly_t, ulong) + void fmpz_poly_swinnerton_dyer(fmpz_poly_t, ulong) + +-cdef extern from "fmpz_poly_factor.h": ++cdef extern from "flint/fmpz_poly_factor.h": + void fmpz_poly_factor_init(fmpz_poly_factor_t fac) + void fmpz_poly_factor_clear(fmpz_poly_factor_t fac) + void fmpz_poly_factor_zassenhaus(fmpz_poly_factor_t fac, fmpz_poly_t G) + void fmpz_poly_factor(fmpz_poly_factor_t fac, fmpz_poly_t G) + void fmpz_poly_factor_squarefree(fmpz_poly_factor_t fac, fmpz_poly_t G) + +-cdef extern from "fmpz_mat.h": ++cdef extern from "flint/fmpz_mat.h": + ctypedef struct fmpz_mat_struct: + fmpz_struct * entries + long r +@@ -448,7 +448,7 @@ + void fmpz_mat_snf(fmpz_mat_t S, const fmpz_mat_t A) + int fmpz_mat_is_in_snf(const fmpz_mat_t A) + +-cdef extern from "fmpz_lll.h": ++cdef extern from "flint/fmpz_lll.h": + ctypedef struct fmpz_lll_struct: + double delta + double eta +@@ -461,7 +461,7 @@ + void fmpz_lll(fmpz_mat_t B, fmpz_mat_t U, const fmpz_lll_t fl) + + +-cdef extern from "fmpq.h": ++cdef extern from "flint/fmpq.h": + ctypedef struct fmpq_struct: + fmpz_struct num + fmpz_struct den +@@ -506,7 +506,7 @@ + void fmpq_next_signed_minimal(fmpq_t res, fmpq_t x) + void fmpq_harmonic_ui(fmpq_t res, ulong n) + +-cdef extern from "fmpq_poly.h": ++cdef extern from "flint/fmpq_poly.h": + ctypedef struct fmpq_poly_struct: + fmpz_struct * coeffs + fmpz_t den +@@ -620,7 +620,7 @@ + void fmpq_poly_compose_series(fmpq_poly_t res, fmpq_poly_t poly1, fmpq_poly_t poly2, long n) + void fmpq_poly_revert_series(fmpq_poly_t res, fmpq_poly_t poly1, long n) + +-cdef extern from "fmpq_mat.h": ++cdef extern from "flint/fmpq_mat.h": + ctypedef struct fmpq_mat_struct: + fmpq_struct * entries + long r +@@ -672,7 +672,7 @@ + long fmpq_mat_rref(fmpq_mat_t B, fmpq_mat_t A) + void fmpq_mat_transpose(fmpq_mat_t B, fmpq_mat_t A) + +-cdef extern from "arith.h": ++cdef extern from "flint/arith.h": + void arith_number_of_partitions(fmpz_t res, ulong n) + int arith_moebius_mu(fmpz_t n) + void arith_divisor_sigma(fmpz_t v, fmpz_t n, ulong k) -- cgit v1.2.3 From d17b1c0891c2e1b2b1bfc92a120e91c1f8909c39 Mon Sep 17 00:00:00 2001 From: Tobias Geerinckx-Rice Date: Wed, 20 Mar 2019 00:13:57 +0100 Subject: gnu: knot: Update to 2.8.0. * gnu/packages/dns.scm (knot): Update to 2.8.0. [source]: Add patch. * gnu/packages/patches/knot-include-system-lmdb-header.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. --- gnu/local.mk | 1 + gnu/packages/dns.scm | 6 ++-- .../patches/knot-include-system-lmdb-header.patch | 34 ++++++++++++++++++++++ 3 files changed, 39 insertions(+), 2 deletions(-) create mode 100644 gnu/packages/patches/knot-include-system-lmdb-header.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 87bed6e827..c32876cdcf 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -929,6 +929,7 @@ dist_patch_DATA = \ %D%/packages/patches/kio-search-smbd-on-PATH.patch \ %D%/packages/patches/kmod-module-directory.patch \ %D%/packages/patches/kmscon-runtime-keymap-switch.patch \ + %D%/packages/patches/knot-include-system-lmdb-header.patch \ %D%/packages/patches/kpackage-allow-external-paths.patch \ %D%/packages/patches/kobodeluxe-paths.patch \ %D%/packages/patches/kobodeluxe-enemies-pipe-decl.patch \ diff --git a/gnu/packages/dns.scm b/gnu/packages/dns.scm index f8b60e34c5..034fe6916a 100644 --- a/gnu/packages/dns.scm +++ b/gnu/packages/dns.scm @@ -569,14 +569,16 @@ Extensions} (DNSSEC).") (define-public knot (package (name "knot") - (version "2.7.6") + (version "2.8.0") (source (origin (method url-fetch) (uri (string-append "https://secure.nic.cz/files/knot-dns/" "knot-" version ".tar.xz")) (sha256 (base32 - "18lpyq3vgr2ainmfiy14x7hcf1zxza66bhkpr54jaz2gy1viijx1")) + "1vw7xx7bm440jwrpvdd04vrp6ccz2b11swcn9msvs62hf0kdjjj9")) + (patches + (search-patches "knot-include-system-lmdb-header.patch")) (modules '((guix build utils))) (snippet '(begin diff --git a/gnu/packages/patches/knot-include-system-lmdb-header.patch b/gnu/packages/patches/knot-include-system-lmdb-header.patch new file mode 100644 index 0000000000..5c5c0beabc --- /dev/null +++ b/gnu/packages/patches/knot-include-system-lmdb-header.patch @@ -0,0 +1,34 @@ +From: Tobias Geerinckx-Rice +Date: Wed, 20 Mar 2019 00:08:00 +0100 +Subject: [PATCH] gnu: knot: Include system . + +Copied verbatim from Knot master[0]. + +[0]: https://gitlab.labs.nic.cz/knot/knot-dns/commit/b557430cffbb1c6b30617a394b02acc514e7e536 + +From b557430cffbb1c6b30617a394b02acc514e7e536 Mon Sep 17 00:00:00 2001 +From: Daniel Salzman +Date: Wed, 6 Mar 2019 17:35:44 +0100 +Subject: [PATCH] journal: include proper header + +fixes #638 +--- + src/knot/journal/knot_lmdb.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/knot/journal/knot_lmdb.h b/src/knot/journal/knot_lmdb.h +index 35a88845c..b1d09cbb4 100644 +--- a/src/knot/journal/knot_lmdb.h ++++ b/src/knot/journal/knot_lmdb.h +@@ -16,7 +16,7 @@ + + #pragma once + +-#include "contrib/lmdb/lmdb.h" ++#include + + #include + #include +-- +2.18.1 + -- cgit v1.2.3 From c16423f143919916a5273761d7ed29bd49f14519 Mon Sep 17 00:00:00 2001 From: Ricardo Wurmus Date: Wed, 20 Mar 2019 19:43:07 +0100 Subject: services: Add nslcd-service-type. * gnu/services/authentication.scm (nslcd-service-type, nslcd-configuration, %nslcd-accounts): New variables. (uglify-field-name, value->string, serialize-field, serialize-list, ssl-option?, tls-reqcert-option?, deref-option?, comma-separated-list-of-strings?, serialize-ignore-users-option, log-option?, serialize-log-option, valid-map?, scope-option?, serialize-scope-option, map-entry?, list-of-map-entries?, filter-entry?, list-of-filter-entries?, serialize-filter-entry, serialize-list-of-filter-entries, serialize-map-entry, serialize-list-of-map-entries, nslcd-config-file, nslcd-etc-service, nslcd-shepherd-service, pam-ldap-pam-services, pam-ldap-pam-service, generate-nslcd-documentation): New procedures. * gnu/tests/ldap.scm: New file. * gnu/local.mk (GNU_SYSTEM_MODULES): Add it. * doc/guix.texi (LDAP Services): Document it. --- doc/guix.texi | 479 +++++++++++++++++++++++++++++++++++++ gnu/local.mk | 1 + gnu/services/authentication.scm | 511 +++++++++++++++++++++++++++++++++++++++- gnu/tests/ldap.scm | 160 +++++++++++++ 4 files changed, 1150 insertions(+), 1 deletion(-) create mode 100644 gnu/tests/ldap.scm (limited to 'gnu/local.mk') diff --git a/doc/guix.texi b/doc/guix.texi index bb344e1625..94d7a29bdf 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -11139,6 +11139,7 @@ declaration. * Telephony Services:: Telephony services. * Monitoring Services:: Monitoring services. * Kerberos Services:: Kerberos services. +* LDAP Services:: LDAP services. * Web Services:: Web servers. * Certificate Services:: TLS certificates via Let's Encrypt. * DNS Services:: DNS daemons. @@ -17685,6 +17686,484 @@ Local accounts with lower values will silently fail to authenticate. @end deftp +@node LDAP Services +@subsection LDAP Services +@cindex LDAP +@cindex nslcd, LDAP service + +The @code{(gnu services authentication)} module provides the +@code{nslcd-service-type}, which can be used to authenticate against an LDAP +server. In addition to configuring the service itself, you may want to add +@code{ldap} as a name service to the Name Service Switch. @xref{Name Service +Switch} for detailed information. + +Here is a simple operating system declaration with a default configuration of +the @code{nslcd-service-type} and a Name Service Switch configuration that +consults the @code{ldap} name service last: + +@example +(use-service-modules authentication) +(use-modules (gnu system nss)) +... +(operating-system + ... + (services + (cons* + (service nslcd-service-type) + (service dhcp-client-service-type) + %base-services)) + (name-service-switch + (let ((services (list (name-service (name "db")) + (name-service (name "files")) + (name-service (name "ldap"))))) + (name-service-switch + (inherit %mdns-host-lookup-nss) + (password services) + (shadow services) + (group services) + (netgroup services) + (gshadow services))))) +@end example + +@c %start of generated documentation for nslcd-configuration + +Available @code{nslcd-configuration} fields are: + +@deftypevr {@code{nslcd-configuration} parameter} package nss-pam-ldapd +The @code{nss-pam-ldapd} package to use. + +@end deftypevr + +@deftypevr {@code{nslcd-configuration} parameter} maybe-number threads +The number of threads to start that can handle requests and perform LDAP +queries. Each thread opens a separate connection to the LDAP server. +The default is to start 5 threads. + +Defaults to @samp{disabled}. + +@end deftypevr + +@deftypevr {@code{nslcd-configuration} parameter} string uid +This specifies the user id with which the daemon should be run. + +Defaults to @samp{"nslcd"}. + +@end deftypevr + +@deftypevr {@code{nslcd-configuration} parameter} string gid +This specifies the group id with which the daemon should be run. + +Defaults to @samp{"nslcd"}. + +@end deftypevr + +@deftypevr {@code{nslcd-configuration} parameter} log-option log +This option controls the way logging is done via a list containing +SCHEME and LEVEL. The SCHEME argument may either be the symbols "none" +or "syslog", or an absolute file name. The LEVEL argument is optional +and specifies the log level. The log level may be one of the following +symbols: "crit", "error", "warning", "notice", "info" or "debug". All +messages with the specified log level or higher are logged. + +Defaults to @samp{("/var/log/nslcd" info)}. + +@end deftypevr + +@deftypevr {@code{nslcd-configuration} parameter} list uri +The list of LDAP server URIs. Normally, only the first server will be +used with the following servers as fall-back. + +Defaults to @samp{("ldap://localhost:389/")}. + +@end deftypevr + +@deftypevr {@code{nslcd-configuration} parameter} maybe-string ldap-version +The version of the LDAP protocol to use. The default is to use the +maximum version supported by the LDAP library. + +Defaults to @samp{disabled}. + +@end deftypevr + +@deftypevr {@code{nslcd-configuration} parameter} maybe-string binddn +Specifies the distinguished name with which to bind to the directory +server for lookups. The default is to bind anonymously. + +Defaults to @samp{disabled}. + +@end deftypevr + +@deftypevr {@code{nslcd-configuration} parameter} maybe-string bindpw +Specifies the credentials with which to bind. This option is only +applicable when used with binddn. + +Defaults to @samp{disabled}. + +@end deftypevr + +@deftypevr {@code{nslcd-configuration} parameter} maybe-string rootpwmoddn +Specifies the distinguished name to use when the root user tries to +modify a user's password using the PAM module. + +Defaults to @samp{disabled}. + +@end deftypevr + +@deftypevr {@code{nslcd-configuration} parameter} maybe-string rootpwmodpw +Specifies the credentials with which to bind if the root user tries to +change a user's password. This option is only applicable when used with +rootpwmoddn + +Defaults to @samp{disabled}. + +@end deftypevr + +@deftypevr {@code{nslcd-configuration} parameter} maybe-string sasl-mech +Specifies the SASL mechanism to be used when performing SASL +authentication. + +Defaults to @samp{disabled}. + +@end deftypevr + +@deftypevr {@code{nslcd-configuration} parameter} maybe-string sasl-realm +Specifies the SASL realm to be used when performing SASL authentication. + +Defaults to @samp{disabled}. + +@end deftypevr + +@deftypevr {@code{nslcd-configuration} parameter} maybe-string sasl-authcid +Specifies the authentication identity to be used when performing SASL +authentication. + +Defaults to @samp{disabled}. + +@end deftypevr + +@deftypevr {@code{nslcd-configuration} parameter} maybe-string sasl-authzid +Specifies the authorization identity to be used when performing SASL +authentication. + +Defaults to @samp{disabled}. + +@end deftypevr + +@deftypevr {@code{nslcd-configuration} parameter} maybe-boolean sasl-canonicalize? +Determines whether the LDAP server host name should be canonicalised. If +this is enabled the LDAP library will do a reverse host name lookup. By +default, it is left up to the LDAP library whether this check is +performed or not. + +Defaults to @samp{disabled}. + +@end deftypevr + +@deftypevr {@code{nslcd-configuration} parameter} maybe-string krb5-ccname +Set the name for the GSS-API Kerberos credentials cache. + +Defaults to @samp{disabled}. + +@end deftypevr + +@deftypevr {@code{nslcd-configuration} parameter} string base +The directory search base. + +Defaults to @samp{"dc=example,dc=com"}. + +@end deftypevr + +@deftypevr {@code{nslcd-configuration} parameter} scope-option scope +Specifies the search scope (subtree, onelevel, base or children). The +default scope is subtree; base scope is almost never useful for name +service lookups; children scope is not supported on all servers. + +Defaults to @samp{(subtree)}. + +@end deftypevr + +@deftypevr {@code{nslcd-configuration} parameter} maybe-deref-option deref +Specifies the policy for dereferencing aliases. The default policy is +to never dereference aliases. + +Defaults to @samp{disabled}. + +@end deftypevr + +@deftypevr {@code{nslcd-configuration} parameter} maybe-boolean referrals +Specifies whether automatic referral chasing should be enabled. The +default behaviour is to chase referrals. + +Defaults to @samp{disabled}. + +@end deftypevr + +@deftypevr {@code{nslcd-configuration} parameter} list-of-map-entries maps +This option allows for custom attributes to be looked up instead of the +default RFC 2307 attributes. It is a list of maps, each consisting of +the name of a map, the RFC 2307 attribute to match and the query +expression for the attribute as it is available in the directory. + +Defaults to @samp{()}. + +@end deftypevr + +@deftypevr {@code{nslcd-configuration} parameter} list-of-filter-entries filters +A list of filters consisting of the name of a map to which the filter +applies and an LDAP search filter expression. + +Defaults to @samp{()}. + +@end deftypevr + +@deftypevr {@code{nslcd-configuration} parameter} maybe-number bind-timelimit +Specifies the time limit in seconds to use when connecting to the +directory server. The default value is 10 seconds. + +Defaults to @samp{disabled}. + +@end deftypevr + +@deftypevr {@code{nslcd-configuration} parameter} maybe-number timelimit +Specifies the time limit (in seconds) to wait for a response from the +LDAP server. A value of zero, which is the default, is to wait +indefinitely for searches to be completed. + +Defaults to @samp{disabled}. + +@end deftypevr + +@deftypevr {@code{nslcd-configuration} parameter} maybe-number idle-timelimit +Specifies the period if inactivity (in seconds) after which the con‐ +nection to the LDAP server will be closed. The default is not to time +out connections. + +Defaults to @samp{disabled}. + +@end deftypevr + +@deftypevr {@code{nslcd-configuration} parameter} maybe-number reconnect-sleeptime +Specifies the number of seconds to sleep when connecting to all LDAP +servers fails. By default one second is waited between the first +failure and the first retry. + +Defaults to @samp{disabled}. + +@end deftypevr + +@deftypevr {@code{nslcd-configuration} parameter} maybe-number reconnect-retrytime +Specifies the time after which the LDAP server is considered to be +permanently unavailable. Once this time is reached retries will be done +only once per this time period. The default value is 10 seconds. + +Defaults to @samp{disabled}. + +@end deftypevr + +@deftypevr {@code{nslcd-configuration} parameter} maybe-ssl-option ssl +Specifies whether to use SSL/TLS or not (the default is not to). If +'start-tls is specified then StartTLS is used rather than raw LDAP over +SSL. + +Defaults to @samp{disabled}. + +@end deftypevr + +@deftypevr {@code{nslcd-configuration} parameter} maybe-tls-reqcert-option tls-reqcert +Specifies what checks to perform on a server-supplied certificate. The +meaning of the values is described in the ldap.conf(5) manual page. + +Defaults to @samp{disabled}. + +@end deftypevr + +@deftypevr {@code{nslcd-configuration} parameter} maybe-string tls-cacertdir +Specifies the directory containing X.509 certificates for peer authen‐ +tication. This parameter is ignored when using GnuTLS. + +Defaults to @samp{disabled}. + +@end deftypevr + +@deftypevr {@code{nslcd-configuration} parameter} maybe-string tls-cacertfile +Specifies the path to the X.509 certificate for peer authentication. + +Defaults to @samp{disabled}. + +@end deftypevr + +@deftypevr {@code{nslcd-configuration} parameter} maybe-string tls-randfile +Specifies the path to an entropy source. This parameter is ignored when +using GnuTLS. + +Defaults to @samp{disabled}. + +@end deftypevr + +@deftypevr {@code{nslcd-configuration} parameter} maybe-string tls-ciphers +Specifies the ciphers to use for TLS as a string. + +Defaults to @samp{disabled}. + +@end deftypevr + +@deftypevr {@code{nslcd-configuration} parameter} maybe-string tls-cert +Specifies the path to the file containing the local certificate for +client TLS authentication. + +Defaults to @samp{disabled}. + +@end deftypevr + +@deftypevr {@code{nslcd-configuration} parameter} maybe-string tls-key +Specifies the path to the file containing the private key for client TLS +authentication. + +Defaults to @samp{disabled}. + +@end deftypevr + +@deftypevr {@code{nslcd-configuration} parameter} maybe-number pagesize +Set this to a number greater than 0 to request paged results from the +LDAP server in accordance with RFC2696. The default (0) is to not +request paged results. + +Defaults to @samp{disabled}. + +@end deftypevr + +@deftypevr {@code{nslcd-configuration} parameter} maybe-ignore-users-option nss-initgroups-ignoreusers +This option prevents group membership lookups through LDAP for the +specified users. Alternatively, the value 'all-local may be used. With +that value nslcd builds a full list of non-LDAP users on startup. + +Defaults to @samp{disabled}. + +@end deftypevr + +@deftypevr {@code{nslcd-configuration} parameter} maybe-number nss-min-uid +This option ensures that LDAP users with a numeric user id lower than +the specified value are ignored. + +Defaults to @samp{disabled}. + +@end deftypevr + +@deftypevr {@code{nslcd-configuration} parameter} maybe-number nss-uid-offset +This option specifies an offset that is added to all LDAP numeric user +ids. This can be used to avoid user id collisions with local users. + +Defaults to @samp{disabled}. + +@end deftypevr + +@deftypevr {@code{nslcd-configuration} parameter} maybe-number nss-gid-offset +This option specifies an offset that is added to all LDAP numeric group +ids. This can be used to avoid user id collisions with local groups. + +Defaults to @samp{disabled}. + +@end deftypevr + +@deftypevr {@code{nslcd-configuration} parameter} maybe-boolean nss-nested-groups +If this option is set, the member attribute of a group may point to +another group. Members of nested groups are also returned in the higher +level group and parent groups are returned when finding groups for a +specific user. The default is not to perform extra searches for nested +groups. + +Defaults to @samp{disabled}. + +@end deftypevr + +@deftypevr {@code{nslcd-configuration} parameter} maybe-boolean nss-getgrent-skipmembers +If this option is set, the group member list is not retrieved when +looking up groups. Lookups for finding which groups a user belongs to +will remain functional so the user will likely still get the correct +groups assigned on login. + +Defaults to @samp{disabled}. + +@end deftypevr + +@deftypevr {@code{nslcd-configuration} parameter} maybe-boolean nss-disable-enumeration +If this option is set, functions which cause all user/group entries to +be loaded from the directory will not succeed in doing so. This can +dramatically reduce LDAP server load in situations where there are a +great number of users and/or groups. This option is not recommended for +most configurations. + +Defaults to @samp{disabled}. + +@end deftypevr + +@deftypevr {@code{nslcd-configuration} parameter} maybe-string validnames +This option can be used to specify how user and group names are verified +within the system. This pattern is used to check all user and group +names that are requested and returned from LDAP. + +Defaults to @samp{disabled}. + +@end deftypevr + +@deftypevr {@code{nslcd-configuration} parameter} maybe-boolean ignorecase +This specifies whether or not to perform searches using case-insensitive +matching. Enabling this could open up the system to authorization +bypass vulnerabilities and introduce nscd cache poisoning +vulnerabilities which allow denial of service. + +Defaults to @samp{disabled}. + +@end deftypevr + +@deftypevr {@code{nslcd-configuration} parameter} maybe-boolean pam-authc-ppolicy +This option specifies whether password policy controls are requested and +handled from the LDAP server when performing user authentication. + +Defaults to @samp{disabled}. + +@end deftypevr + +@deftypevr {@code{nslcd-configuration} parameter} maybe-string pam-authc-search +By default nslcd performs an LDAP search with the user's credentials +after BIND (authentication) to ensure that the BIND operation was +successful. The default search is a simple check to see if the user's +DN exists. A search filter can be specified that will be used instead. +It should return at least one entry. + +Defaults to @samp{disabled}. + +@end deftypevr + +@deftypevr {@code{nslcd-configuration} parameter} maybe-string pam-authz-search +This option allows flexible fine tuning of the authorisation check that +should be performed. The search filter specified is executed and if any +entries match, access is granted, otherwise access is denied. + +Defaults to @samp{disabled}. + +@end deftypevr + +@deftypevr {@code{nslcd-configuration} parameter} maybe-string pam-password-prohibit-message +If this option is set password modification using pam_ldap will be +denied and the specified message will be presented to the user instead. +The message can be used to direct the user to an alternative means of +changing their password. + +Defaults to @samp{disabled}. + +@end deftypevr + +@deftypevr {@code{nslcd-configuration} parameter} list pam-services +List of pam service names for which LDAP authentication should suffice. + +Defaults to @samp{()}. + +@end deftypevr + +@c %end of generated documentation for nslcd-configuration + + @node Web Services @subsection Web Services diff --git a/gnu/local.mk b/gnu/local.mk index c32876cdcf..a5a2f11538 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -569,6 +569,7 @@ GNU_SYSTEM_MODULES = \ %D%/tests/monitoring.scm \ %D%/tests/nfs.scm \ %D%/tests/install.scm \ + %D%/tests/ldap.scm \ %D%/tests/mail.scm \ %D%/tests/messaging.scm \ %D%/tests/networking.scm \ diff --git a/gnu/services/authentication.scm b/gnu/services/authentication.scm index 1a2629d475..ab54aaf698 100644 --- a/gnu/services/authentication.scm +++ b/gnu/services/authentication.scm @@ -1,5 +1,6 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2018 Danny Milosavljevic +;;; Copyright © 2018, 2019 Ricardo Wurmus ;;; ;;; This file is part of GNU Guix. ;;; @@ -18,13 +19,28 @@ (define-module (gnu services authentication) #:use-module (gnu services) + #:use-module (gnu services base) + #:use-module (gnu services configuration) #:use-module (gnu services dbus) + #:use-module (gnu services shepherd) + #:use-module (gnu system pam) + #:use-module (gnu system shadow) + #:use-module (gnu packages admin) #:use-module (gnu packages freedesktop) + #:use-module (gnu packages openldap) #:use-module (guix gexp) #:use-module (guix records) + #:use-module (guix packages) + #:use-module (ice-9 match) + #:use-module (srfi srfi-1) + #:use-module (srfi srfi-26) #:export (fprintd-configuration fprintd-configuration? - fprintd-service-type)) + fprintd-service-type + + nslcd-configuration + nslcd-configuration? + nslcd-service-type)) (define-record-type* fprintd-configuration make-fprintd-configuration @@ -39,3 +55,496 @@ list))) (description "Run fprintd, a fingerprint management daemon."))) + + +;;; +;;; NSS Pam LDAP service (nslcd) +;;; + +(define (uglify-field-name name) + (match name + ('filters "filter") + ('maps "map") + (_ (string-map (match-lambda + (#\- #\_) + (chr chr)) + (symbol->string name))))) + +(define (value->string val) + (cond + ((boolean? val) + (if val "on" "off")) + ((number? val) + (number->string val)) + ((symbol? val) + (string-map (match-lambda + (#\- #\_) + (chr chr)) + (symbol->string val))) + (else val))) + +(define (serialize-field field-name val) + (if (eq? field-name 'pam-services) + #t + (format #t "~a ~a\n" + (uglify-field-name field-name) + (value->string val)))) + +(define serialize-string serialize-field) +(define serialize-boolean serialize-field) +(define serialize-number serialize-field) +(define (serialize-list field-name val) + (map (cut serialize-field field-name <>) val)) +(define-maybe string) +(define-maybe boolean) +(define-maybe number) + +(define (ssl-option? val) + (or (boolean? val) + (eq? val 'start-tls))) +(define serialize-ssl-option serialize-field) +(define-maybe ssl-option) + +(define (tls-reqcert-option? val) + (member val '(never allow try demand hard))) +(define serialize-tls-reqcert-option serialize-field) +(define-maybe tls-reqcert-option) + +(define (deref-option? val) + (member val '(never searching finding always))) +(define serialize-deref-option serialize-field) +(define-maybe deref-option) + +(define (comma-separated-list-of-strings? val) + (and (list? val) + (every string? val))) +(define (ignore-users-option? val) + (or (comma-separated-list-of-strings? val) + (eq? 'all-local val))) +(define (serialize-ignore-users-option field-name val) + (serialize-field field-name (if (eq? 'all-local val) + val + (string-join val ",")))) +(define-maybe ignore-users-option) + +(define (log-option? val) + (let ((valid-scheme? (lambda (scheme) + (or (string? scheme) + (member scheme '(none syslog)))))) + (match val + ((scheme level) + (and (valid-scheme? scheme) + (member level '(crit error warning notice info debug)))) + ((scheme) + (valid-scheme? scheme))))) +(define (serialize-log-option field-name val) + (serialize-field field-name + (string-join (map (cut format #f "~a" <>) val)))) + +(define (valid-map? val) + "Is VAL a supported map name?" + (member val + '(alias aliases ether ethers group host hosts netgroup network networks + passwd protocol protocols rpc service services shadow))) + +(define (scope-option? val) + (let ((valid-scopes '(subtree onelevel base children))) + (match val + ((map-name scope) + (and (valid-map? map-name) + (member scope valid-scopes))) + ((scope) + (member scope valid-scopes))))) +(define (serialize-scope-option field-name val) + (serialize-field field-name + (string-join (map (cut format #f "~a" <>) val)))) + +(define (map-entry? val) + (match val + (((? valid-map? map-name) + (? string? attribute) + (? string? new-attribute)) #t) + (_ #f))) + +(define (list-of-map-entries? val) + (and (list? val) + (every map-entry? val))) + +(define (filter-entry? val) + (match val + (((? valid-map? map-name) + (? string? filter-expression)) #t) + (_ #f))) + +(define (list-of-filter-entries? val) + (and (list? val) + (every filter-entry? val))) + +(define (serialize-filter-entry field-name val) + (serialize-field 'filter + (match val + (((? valid-map? map-name) + (? string? filter-expression)) + (string-append (symbol->string map-name) + " " filter-expression))))) + +(define (serialize-list-of-filter-entries field-name val) + (for-each (cut serialize-filter-entry field-name <>) val)) + +(define (serialize-map-entry field-name val) + (serialize-field 'map + (match val + (((? valid-map? map-name) + (? string? attribute) + (? string? new-attribute)) + (string-append (symbol->string map-name) + " " attribute + " " new-attribute))))) + +(define (serialize-list-of-map-entries field-name val) + (for-each (cut serialize-map-entry field-name <>) val)) + + +(define-configuration nslcd-configuration + (nss-pam-ldapd + (package nss-pam-ldapd) + "The NSS-PAM-LDAPD package to use.") + + ;; Runtime options + (threads + (maybe-number 'disabled) + "The number of threads to start that can handle requests and perform LDAP +queries. Each thread opens a separate connection to the LDAP server. The +default is to start 5 threads.") + (uid + (string "nslcd") + "This specifies the user id with which the daemon should be run.") + (gid + (string "nslcd") + "This specifies the group id with which the daemon should be run.") + (log + (log-option '("/var/log/nslcd" info)) + "This option controls the way logging is done via a list containing SCHEME +and LEVEL. The SCHEME argument may either be the symbols \"none\" or +\"syslog\", or an absolute file name. The LEVEL argument is optional and +specifies the log level. The log level may be one of the following symbols: +\"crit\", \"error\", \"warning\", \"notice\", \"info\" or \"debug\". All +messages with the specified log level or higher are logged.") + + ;; LDAP connection settings + (uri + (list '("ldap://localhost:389/")) + "The list of LDAP server URIs. Normally, only the first server will be +used with the following servers as fall-back.") + (ldap-version + (maybe-string 'disabled) + "The version of the LDAP protocol to use. The default is to use the +maximum version supported by the LDAP library.") + (binddn + (maybe-string 'disabled) + "Specifies the distinguished name with which to bind to the directory +server for lookups. The default is to bind anonymously.") + (bindpw + (maybe-string 'disabled) + "Specifies the credentials with which to bind. This option is only +applicable when used with binddn.") + (rootpwmoddn + (maybe-string 'disabled) + "Specifies the distinguished name to use when the root user tries to modify +a user's password using the PAM module.") + (rootpwmodpw + (maybe-string 'disabled) + "Specifies the credentials with which to bind if the root user tries to +change a user's password. This option is only applicable when used with +rootpwmoddn") + + ;; SASL authentication options + (sasl-mech + (maybe-string 'disabled) + "Specifies the SASL mechanism to be used when performing SASL +authentication.") + (sasl-realm + (maybe-string 'disabled) + "Specifies the SASL realm to be used when performing SASL authentication.") + (sasl-authcid + (maybe-string 'disabled) + "Specifies the authentication identity to be used when performing SASL +authentication.") + (sasl-authzid + (maybe-string 'disabled) + "Specifies the authorization identity to be used when performing SASL +authentication.") + (sasl-canonicalize? + (maybe-boolean 'disabled) + "Determines whether the LDAP server host name should be canonicalised. If +this is enabled the LDAP library will do a reverse host name lookup. By +default, it is left up to the LDAP library whether this check is performed or +not.") + + ;; Kerberos authentication options + (krb5-ccname + (maybe-string 'disabled) + "Set the name for the GSS-API Kerberos credentials cache.") + + ;; Search / mapping options + (base + (string "dc=example,dc=com") + "The directory search base.") + (scope + (scope-option '(subtree)) + "Specifies the search scope (subtree, onelevel, base or children). The +default scope is subtree; base scope is almost never useful for name service +lookups; children scope is not supported on all servers.") + (deref + (maybe-deref-option 'disabled) + "Specifies the policy for dereferencing aliases. The default policy is to +never dereference aliases.") + (referrals + (maybe-boolean 'disabled) + "Specifies whether automatic referral chasing should be enabled. The +default behaviour is to chase referrals.") + (maps + (list-of-map-entries '()) + "This option allows for custom attributes to be looked up instead of the +default RFC 2307 attributes. It is a list of maps, each consisting of the +name of a map, the RFC 2307 attribute to match and the query expression for +the attribute as it is available in the directory.") + (filters + (list-of-filter-entries '()) + "A list of filters consisting of the name of a map to which the filter +applies and an LDAP search filter expression.") + + ;; Timing / reconnect options + (bind-timelimit + (maybe-number 'disabled) + "Specifies the time limit in seconds to use when connecting to the +directory server. The default value is 10 seconds.") + (timelimit + (maybe-number 'disabled) + "Specifies the time limit (in seconds) to wait for a response from the LDAP +server. A value of zero, which is the default, is to wait indefinitely for +searches to be completed.") + (idle-timelimit + (maybe-number 'disabled) + "Specifies the period if inactivity (in seconds) after which the con‐ +nection to the LDAP server will be closed. The default is not to time out +connections.") + (reconnect-sleeptime + (maybe-number 'disabled) + "Specifies the number of seconds to sleep when connecting to all LDAP +servers fails. By default one second is waited between the first failure and +the first retry.") + (reconnect-retrytime + (maybe-number 'disabled) + "Specifies the time after which the LDAP server is considered to be +permanently unavailable. Once this time is reached retries will be done only +once per this time period. The default value is 10 seconds.") + + ;; TLS options + (ssl + (maybe-ssl-option 'disabled) + "Specifies whether to use SSL/TLS or not (the default is not to). If +'start-tls is specified then StartTLS is used rather than raw LDAP over SSL.") + (tls-reqcert + (maybe-tls-reqcert-option 'disabled) + "Specifies what checks to perform on a server-supplied certificate. +The meaning of the values is described in the ldap.conf(5) manual page.") + (tls-cacertdir + (maybe-string 'disabled) + "Specifies the directory containing X.509 certificates for peer authen‐ +tication. This parameter is ignored when using GnuTLS.") + (tls-cacertfile + (maybe-string 'disabled) + "Specifies the path to the X.509 certificate for peer authentication.") + (tls-randfile + (maybe-string 'disabled) + "Specifies the path to an entropy source. This parameter is ignored when +using GnuTLS.") + (tls-ciphers + (maybe-string 'disabled) + "Specifies the ciphers to use for TLS as a string.") + (tls-cert + (maybe-string 'disabled) + "Specifies the path to the file containing the local certificate for client +TLS authentication.") + (tls-key + (maybe-string 'disabled) + "Specifies the path to the file containing the private key for client TLS +authentication.") + + ;; Other options + (pagesize + (maybe-number 'disabled) + "Set this to a number greater than 0 to request paged results from the LDAP +server in accordance with RFC2696. The default (0) is to not request paged +results.") + (nss-initgroups-ignoreusers + (maybe-ignore-users-option 'disabled) + "This option prevents group membership lookups through LDAP for the +specified users. Alternatively, the value 'all-local may be used. With that +value nslcd builds a full list of non-LDAP users on startup.") + (nss-min-uid + (maybe-number 'disabled) + "This option ensures that LDAP users with a numeric user id lower than the +specified value are ignored.") + (nss-uid-offset + (maybe-number 'disabled) + "This option specifies an offset that is added to all LDAP numeric user +ids. This can be used to avoid user id collisions with local users.") + (nss-gid-offset + (maybe-number 'disabled) + "This option specifies an offset that is added to all LDAP numeric group +ids. This can be used to avoid user id collisions with local groups.") + (nss-nested-groups + (maybe-boolean 'disabled) + "If this option is set, the member attribute of a group may point to +another group. Members of nested groups are also returned in the higher level +group and parent groups are returned when finding groups for a specific user. +The default is not to perform extra searches for nested groups.") + (nss-getgrent-skipmembers + (maybe-boolean 'disabled) + "If this option is set, the group member list is not retrieved when looking +up groups. Lookups for finding which groups a user belongs to will remain +functional so the user will likely still get the correct groups assigned on +login.") + (nss-disable-enumeration + (maybe-boolean 'disabled) + "If this option is set, functions which cause all user/group entries to be +loaded from the directory will not succeed in doing so. This can dramatically +reduce LDAP server load in situations where there are a great number of users +and/or groups. This option is not recommended for most configurations.") + (validnames + (maybe-string 'disabled) + "This option can be used to specify how user and group names are verified +within the system. This pattern is used to check all user and group names +that are requested and returned from LDAP.") + (ignorecase + (maybe-boolean 'disabled) + "This specifies whether or not to perform searches using case-insensitive +matching. Enabling this could open up the system to authorization bypass +vulnerabilities and introduce nscd cache poisoning vulnerabilities which allow +denial of service.") + (pam-authc-ppolicy + (maybe-boolean 'disabled) + "This option specifies whether password policy controls are requested and +handled from the LDAP server when performing user authentication.") + (pam-authc-search + (maybe-string 'disabled) + "By default nslcd performs an LDAP search with the user's credentials after +BIND (authentication) to ensure that the BIND operation was successful. The +default search is a simple check to see if the user's DN exists. A search +filter can be specified that will be used instead. It should return at least +one entry.") + (pam-authz-search + (maybe-string 'disabled) + "This option allows flexible fine tuning of the authorisation check that +should be performed. The search filter specified is executed and if any +entries match, access is granted, otherwise access is denied.") + (pam-password-prohibit-message + (maybe-string 'disabled) + "If this option is set password modification using pam_ldap will be denied +and the specified message will be presented to the user instead. The message +can be used to direct the user to an alternative means of changing their +password.") + + ;; Options for extension of pam-root-service-type. + (pam-services + (list '()) + "List of pam service names for which LDAP authentication should suffice.")) + +(define %nslcd-accounts + (list (user-group + (name "nslcd") + (system? #t)) + (user-account + (name "nslcd") + (group "nslcd") + (comment "NSLCD service account") + (home-directory "/var/empty") + (shell (file-append shadow "/sbin/nologin")) + (system? #t)))) + +(define (nslcd-config-file config) + "Return an NSLCD configuration file." + (plain-file "nslcd.conf" + (with-output-to-string + (lambda () + (serialize-configuration config nslcd-configuration-fields) + ;; The file must end with a newline character. + (format #t "\n"))))) + +;; XXX: The file should only be readable by root if it contains a "bindpw" +;; declaration. Unfortunately, this etc-service-type extension does not +;; support setting file modes, so we do this in the activation service. +(define (nslcd-etc-service config) + `(("nslcd.conf" ,(nslcd-config-file config)))) + +(define (nslcd-shepherd-service config) + (list (shepherd-service + (documentation "Run the nslcd service for resolving names from LDAP.") + (provision '(nslcd)) + (requirement '(networking user-processes)) + (start #~(make-forkexec-constructor + (list (string-append #$(nslcd-configuration-nss-pam-ldapd config) + "/sbin/nslcd") + "--nofork") + #:pid-file "/var/run/nslcd/nslcd.pid" + #:environment-variables + (list (string-append "LD_LIBRARY_PATH=" + #$(nslcd-configuration-nss-pam-ldapd config) + "/lib")))) + (stop #~(make-kill-destructor))))) + +(define (pam-ldap-pam-service config) + "Return a PAM service for LDAP authentication." + (define pam-ldap-module + #~(string-append #$(nslcd-configuration-nss-pam-ldapd config) + "/lib/security/pam_ldap.so")) + (lambda (pam) + (if (member (pam-service-name pam) + (nslcd-configuration-pam-services config)) + (let ((sufficient + (pam-entry + (control "sufficient") + (module pam-ldap-module)))) + (pam-service + (inherit pam) + (auth (cons sufficient (pam-service-auth pam))) + (session (cons sufficient (pam-service-session pam))) + (account (cons sufficient (pam-service-account pam))))) + pam))) + +(define (pam-ldap-pam-services config) + (list (pam-ldap-pam-service config))) + +(define nslcd-service-type + (service-type + (name 'nslcd) + (description "Run the NSLCD service for looking up names from LDAP.") + (extensions + (list (service-extension account-service-type + (const %nslcd-accounts)) + (service-extension etc-service-type + nslcd-etc-service) + (service-extension activation-service-type + (const #~(begin + (use-modules (guix build utils)) + (let ((rundir "/var/run/nslcd") + (user (getpwnam "nslcd"))) + (mkdir-p rundir) + (chown rundir (passwd:uid user) (passwd:gid user)) + (chmod rundir #o755) + (when (file-exists? "/etc/nslcd.conf") + (chmod "/etc/nslcd.conf" #o400)))))) + (service-extension pam-root-service-type + pam-ldap-pam-services) + (service-extension nscd-service-type + (const (list nss-pam-ldapd))) + (service-extension shepherd-root-service-type + nslcd-shepherd-service))) + (default-value (nslcd-configuration)))) + +(define (generate-nslcd-documentation) + (generate-documentation + `((nslcd-configuration ,nslcd-configuration-fields)) + 'nslcd-configuration)) diff --git a/gnu/tests/ldap.scm b/gnu/tests/ldap.scm new file mode 100644 index 0000000000..2d4f15fb3c --- /dev/null +++ b/gnu/tests/ldap.scm @@ -0,0 +1,160 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2019 Ricardo Wurmus +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +(define-module (gnu tests ldap) + #:use-module (gnu tests) + #:use-module (gnu system) + #:use-module (gnu system nss) + #:use-module (gnu system vm) + #:use-module (gnu services) + #:use-module (gnu services authentication) + #:use-module (gnu services networking) + #:use-module (gnu packages base) + #:use-module (gnu packages openldap) + #:use-module (guix gexp) + #:use-module (guix store) + #:export (%test-ldap)) + +(define %ldap-os + (let ((simple + (simple-operating-system + (service dhcp-client-service-type) + (service nslcd-service-type)))) + (operating-system + (inherit simple) + (name-service-switch + (let ((services (list (name-service (name "db")) + (name-service (name "files")) + (name-service (name "ldap"))))) + (name-service-switch + (inherit %mdns-host-lookup-nss) + (password services) + (shadow services) + (group services) + (netgroup services) + (gshadow services))))))) + +(define (run-ldap-test) + "Run tests in %LDAP-OS." + (define os + (marionette-operating-system + %ldap-os + #:imported-modules '((gnu services herd) + (guix combinators)))) + + (define vm + (virtual-machine os)) + + (define test + (with-imported-modules '((gnu build marionette)) + #~(begin + (use-modules (srfi srfi-11) (srfi srfi-64) + (gnu build marionette)) + + (define marionette + (make-marionette (list #$vm))) + + (mkdir #$output) + (chdir #$output) + + (test-begin "ldap") + + ;; Set up LDAP directory server + (test-assert "LDAP server instance running" + (marionette-eval + '(begin + (with-output-to-file "instance.inf" + (lambda () + (display "[general] +config_version = 2 + +\n[slapd] +root_password = SECRET +user = root +group = root + +\n[backend-userroot] +sample_entries = yes +suffix = dc=example,dc=com"))) + (and + ;; Create instance + (zero? (system* #$(file-append 389-ds-base "/sbin/dscreate") + "-v" "from-file" "instance.inf")) + ;; Start instance + (zero? (system* #$(file-append 389-ds-base "/sbin/dsctl") + "localhost" "start")) + ;; Create user account + (zero? (system* #$(file-append 389-ds-base "/sbin/dsidm") + "-b" "dc=example,dc=com" + "localhost" "user" "create" + "--uid" "eva" "--cn" "Eva Lu Ator" + "--displayName" "Eva Lu Ator" + "--uidNumber" "1234" "--gidNumber" "2345" + "--homeDirectory" "/home/eva")))) + marionette)) + + (test-assert "Manager can bind to LDAP server instance" + (marionette-eval + '(zero? (system* #$(file-append openldap "/bin/ldapwhoami") + "-H" "ldap://localhost" "-D" + "cn=Directory Manager" "-w" "SECRET")) + marionette)) + + ;; Wait for nslcd to be up and running. + (test-assert "nslcd service running" + (marionette-eval + '(begin + (use-modules (gnu services herd)) + (match (start-service 'nslcd) + (#f #f) + (('service response-parts ...) + (match (assq-ref response-parts 'running) + ((pid) (number? pid)))))) + marionette)) + + (test-assert "nslcd produces a log file" + (marionette-eval + '(file-exists? "/var/log/nslcd") + marionette)) + + (test-assert "Can query LDAP user accounts" + (marionette-eval + '(begin + ;; TODO: This shouldn't be necessary, but unfortunately it + ;; really is needed to discover LDAP accounts with "id". + (setenv "LD_LIBRARY_PATH" + #$(file-append nss-pam-ldapd "/lib")) + (zero? (system* #$(file-append coreutils "/bin/id") "eva"))) + marionette)) + + (test-assert "Can become LDAP user" + (marionette-eval + '(zero? (system* "/run/setuid-programs/su" "eva" "-c" + #$(file-append coreutils "/bin/true"))) + marionette)) + + (test-end) + (exit (= (test-runner-fail-count (test-runner-current)) 0))))) + + (gexp->derivation "ldap-test" test)) + +(define %test-ldap + (system-test + (name "ldap") + (description "Run an LDAP directory server and authenticate against it.") + (value (run-ldap-test)))) -- cgit v1.2.3 From 8b672b2c48164c78731ae142ae4761d91666bdec Mon Sep 17 00:00:00 2001 From: Mark H Weaver Date: Mon, 18 Mar 2019 21:39:12 -0400 Subject: gnu: blender: Restore version 2.79b for systems without OpenGL 3. Fixes . * gnu/packages/graphics.scm (blender-2.79): New variable. (blender)[description]: Remove obsolete claim that the stable release no longer works in Guix. * gnu/packages/patches/blender-2.79-newer-ffmpeg.patch, gnu/packages/patches/blender-2.79-python-3.7-fix.patch: New files. * gnu/local.mk (dist_patch_DATA): Add them. --- gnu/local.mk | 2 + gnu/packages/graphics.scm | 93 +++++++++++++++++++++- .../patches/blender-2.79-newer-ffmpeg.patch | 80 +++++++++++++++++++ .../patches/blender-2.79-python-3.7-fix.patch | 43 ++++++++++ 4 files changed, 216 insertions(+), 2 deletions(-) create mode 100644 gnu/packages/patches/blender-2.79-newer-ffmpeg.patch create mode 100644 gnu/packages/patches/blender-2.79-python-3.7-fix.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index a5a2f11538..c9c7378f02 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -672,6 +672,8 @@ dist_patch_DATA = \ %D%/packages/patches/beignet-correct-file-names.patch \ %D%/packages/patches/biber-fix-encoding-write.patch \ %D%/packages/patches/binutils-loongson-workaround.patch \ + %D%/packages/patches/blender-2.79-newer-ffmpeg.patch \ + %D%/packages/patches/blender-2.79-python-3.7-fix.patch \ %D%/packages/patches/boost-fix-icu-build.patch \ %D%/packages/patches/byobu-writable-status.patch \ %D%/packages/patches/calibre-no-updates-dialog.patch \ diff --git a/gnu/packages/graphics.scm b/gnu/packages/graphics.scm index bf4cc89b08..11158bdfd1 100644 --- a/gnu/packages/graphics.scm +++ b/gnu/packages/graphics.scm @@ -11,6 +11,7 @@ ;;; Copyright © 2018 Mathieu Othacehe ;;; Copyright © 2018 Alex Kost ;;; Copyright © 2018 Kei Kebreau +;;; Copyright © 2019 Mark H Weaver ;;; ;;; This file is part of GNU Guix. ;;; @@ -165,10 +166,98 @@ the 3D pipeline—modeling, rigging, animation, simulation, rendering, compositing and motion tracking, even video editing and game creation. The application can be customized via its API for Python scripting. -WARNING: This package offers a beta build of Blender, because the stable release -no longer works in Guix. See @uref{https://issues.guix.info/issue/33882}.") +WARNING: This is a beta build of Blender.") (license license:gpl2+)))) +(define-public blender-2.79 + (package + (name "blender") + (version "2.79b") + (source (origin + (method url-fetch) + (uri (string-append "https://download.blender.org/source/" + "blender-" version ".tar.gz")) + (sha256 + (base32 + "1g4kcdqmf67srzhi3hkdnr4z1ph4h9sza1pahz38mrj998q4r52c")) + (patches (search-patches "blender-2.79-newer-ffmpeg.patch" + "blender-2.79-python-3.7-fix.patch")))) + (build-system cmake-build-system) + (arguments + (let ((python-version (version-major+minor (package-version python)))) + `(;; Test files are very large and not included in the release tarball. + #:tests? #f + #:configure-flags + (list "-DWITH_CODEC_FFMPEG=ON" + "-DWITH_CODEC_SNDFILE=ON" + "-DWITH_CYCLES=ON" + "-DWITH_DOC_MANPAGE=ON" + "-DWITH_FFTW3=ON" + "-DWITH_GAMEENGINE=ON" + "-DWITH_IMAGE_OPENJPEG=ON" + "-DWITH_INPUT_NDOF=ON" + "-DWITH_INSTALL_PORTABLE=OFF" + "-DWITH_JACK=ON" + "-DWITH_MOD_OCEANSIM=ON" + "-DWITH_PLAYER=ON" + "-DWITH_PYTHON_INSTALL=OFF" + "-DWITH_PYTHON_INSTALL=OFF" + "-DWITH_SYSTEM_OPENJPEG=ON" + (string-append "-DPYTHON_LIBRARY=python" ,python-version "m") + (string-append "-DPYTHON_LIBPATH=" (assoc-ref %build-inputs "python") + "/lib") + (string-append "-DPYTHON_INCLUDE_DIR=" (assoc-ref %build-inputs "python") + "/include/python" ,python-version "m") + (string-append "-DPYTHON_VERSION=" ,python-version)) + #:phases + (modify-phases %standard-phases + (add-after 'unpack 'fix-broken-import + (lambda _ + (substitute* "release/scripts/addons/io_scene_fbx/json2fbx.py" + (("import encode_bin") "from . import encode_bin")) + #t)) + (add-after 'set-paths 'add-ilmbase-include-path + (lambda* (#:key inputs #:allow-other-keys) + ;; OpenEXR propagates ilmbase, but its include files do not appear + ;; in the CPATH, so we need to add "$ilmbase/include/OpenEXR/" to + ;; the CPATH to satisfy the dependency on "half.h". + (setenv "CPATH" + (string-append (assoc-ref inputs "ilmbase") + "/include/OpenEXR" + ":" (or (getenv "CPATH") ""))) + #t)))))) + (inputs + `(("boost" ,boost) + ("jemalloc" ,jemalloc) + ("libx11" ,libx11) + ("openimageio" ,openimageio) + ("openexr" ,openexr) + ("ilmbase" ,ilmbase) + ("openjpeg" ,openjpeg-1) + ("libjpeg" ,libjpeg) + ("libpng" ,libpng) + ("libtiff" ,libtiff) + ("ffmpeg" ,ffmpeg) + ("fftw" ,fftw) + ("jack" ,jack-1) + ("libsndfile" ,libsndfile) + ("freetype" ,freetype) + ("glew" ,glew) + ("openal" ,openal) + ("python" ,python) + ("zlib" ,zlib))) + (home-page "https://blender.org/") + (synopsis "3D graphics creation suite") + (description + "Blender is a 3D graphics creation suite. It supports the entirety of +the 3D pipeline—modeling, rigging, animation, simulation, rendering, +compositing and motion tracking, even video editing and game creation. The +application can be customized via its API for Python scripting. + +NOTE: This older version of Blender is the last release that does not require +OpenGL 3. It is retained for use with older computers.") + (license license:gpl2+))) + (define-public assimp (package (name "assimp") diff --git a/gnu/packages/patches/blender-2.79-newer-ffmpeg.patch b/gnu/packages/patches/blender-2.79-newer-ffmpeg.patch new file mode 100644 index 0000000000..363489bc70 --- /dev/null +++ b/gnu/packages/patches/blender-2.79-newer-ffmpeg.patch @@ -0,0 +1,80 @@ +https://sources.debian.org/data/main/b/blender/2.79.b+dfsg0-4/debian/patches/0008-fix_building_with_latest_versions_of_FFmpeg.patch + +From: Bastien Montagne +Date: Tue, 8 May 2018 16:00:52 +0200 +Subject: fix_building_with_latest_versions_of_FFmpeg + +Some years-old deprecated stuff has now been removed. + +Correct solution is probably to use valid defines etc. in own code, but +this is more FFMEPG maintainer task (since it also may change how old +FFMPEG we do support...). +--- + intern/ffmpeg/ffmpeg_compat.h | 39 ++++++++++++++++++++++++++ + source/blender/blenkernel/intern/writeffmpeg.c | 3 +- + 2 files changed, 41 insertions(+), 1 deletion(-) + +diff --git a/intern/ffmpeg/ffmpeg_compat.h b/intern/ffmpeg/ffmpeg_compat.h +index 9c06c8a..f7f437c 100644 +--- a/intern/ffmpeg/ffmpeg_compat.h ++++ b/intern/ffmpeg/ffmpeg_compat.h +@@ -109,6 +109,45 @@ int av_sample_fmt_is_planar(enum AVSampleFormat sample_fmt) + + #endif + ++/* XXX TODO Probably fix to correct modern flags in code? Not sure how old FFMPEG we want to support though, ++ * so for now this will do. */ ++ ++#ifndef FF_MIN_BUFFER_SIZE ++# ifdef AV_INPUT_BUFFER_MIN_SIZE ++# define FF_MIN_BUFFER_SIZE AV_INPUT_BUFFER_MIN_SIZE ++# endif ++#endif ++ ++#ifndef FF_INPUT_BUFFER_PADDING_SIZE ++# ifdef AV_INPUT_BUFFER_PADDING_SIZE ++# define FF_INPUT_BUFFER_PADDING_SIZE AV_INPUT_BUFFER_PADDING_SIZE ++# endif ++#endif ++ ++#ifndef CODEC_FLAG_GLOBAL_HEADER ++# ifdef AV_CODEC_FLAG_GLOBAL_HEADER ++# define CODEC_FLAG_GLOBAL_HEADER AV_CODEC_FLAG_GLOBAL_HEADER ++# endif ++#endif ++ ++#ifndef CODEC_FLAG_GLOBAL_HEADER ++# ifdef AV_CODEC_FLAG_GLOBAL_HEADER ++# define CODEC_FLAG_GLOBAL_HEADER AV_CODEC_FLAG_GLOBAL_HEADER ++# endif ++#endif ++ ++#ifndef CODEC_FLAG_INTERLACED_DCT ++# ifdef AV_CODEC_FLAG_INTERLACED_DCT ++# define CODEC_FLAG_INTERLACED_DCT AV_CODEC_FLAG_INTERLACED_DCT ++# endif ++#endif ++ ++#ifndef CODEC_FLAG_INTERLACED_ME ++# ifdef AV_CODEC_FLAG_INTERLACED_ME ++# define CODEC_FLAG_INTERLACED_ME AV_CODEC_FLAG_INTERLACED_ME ++# endif ++#endif ++ + /* FFmpeg upstream 1.0 is the first who added AV_ prefix. */ + #if LIBAVCODEC_VERSION_INT < AV_VERSION_INT(54, 59, 100) + # define AV_CODEC_ID_NONE CODEC_ID_NONE +diff --git a/source/blender/blenkernel/intern/writeffmpeg.c b/source/blender/blenkernel/intern/writeffmpeg.c +index a19e414..04d508a 100644 +--- a/source/blender/blenkernel/intern/writeffmpeg.c ++++ b/source/blender/blenkernel/intern/writeffmpeg.c +@@ -605,7 +605,8 @@ static AVStream *alloc_video_stream(FFMpegContext *context, RenderData *rd, int + c->rc_buffer_aggressivity = 1.0; + #endif + +- c->me_method = ME_EPZS; ++ /* Deprecated and not doing anything since July 2015, deleted in recent ffmpeg */ ++ //c->me_method = ME_EPZS; + + codec = avcodec_find_encoder(c->codec_id); + if (!codec) diff --git a/gnu/packages/patches/blender-2.79-python-3.7-fix.patch b/gnu/packages/patches/blender-2.79-python-3.7-fix.patch new file mode 100644 index 0000000000..fd1d8ba437 --- /dev/null +++ b/gnu/packages/patches/blender-2.79-python-3.7-fix.patch @@ -0,0 +1,43 @@ +Copied from https://git.blender.org/gitweb/gitweb.cgi/blender.git/patch/1db47a2ccd1e68994bf8140eba6cc2a26a2bc91f +Fixes . + +From 1db47a2ccd1e68994bf8140eba6cc2a26a2bc91f Mon Sep 17 00:00:00 2001 +From: Campbell Barton +Date: Thu, 12 Jul 2018 08:28:06 +0200 +Subject: [PATCH] Fix PyRNA class registration w/ Python 3.7 + +In Python3.7 this now raises an error. +--- + source/blender/python/intern/bpy_rna.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/source/blender/python/intern/bpy_rna.c b/source/blender/python/intern/bpy_rna.c +index 9052b6f580a..80b0aa7a51b 100644 +--- a/source/blender/python/intern/bpy_rna.c ++++ b/source/blender/python/intern/bpy_rna.c +@@ -7577,10 +7577,12 @@ static int bpy_class_validate_recursive(PointerRNA *dummyptr, StructRNA *srna, v + if (!(flag & PROP_REGISTER)) + continue; + ++ /* TODO(campbell): Use Python3.7x _PyObject_LookupAttr(), also in the macro below. */ + identifier = RNA_property_identifier(prop); + item = PyObject_GetAttrString(py_class, identifier); + + if (item == NULL) { ++ PyErr_Clear(); + /* Sneaky workaround to use the class name as the bl_idname */ + + #define BPY_REPLACEMENT_STRING(rna_attr, py_attr) \ +@@ -7596,6 +7598,9 @@ static int bpy_class_validate_recursive(PointerRNA *dummyptr, StructRNA *srna, v + } \ + Py_DECREF(item); \ + } \ ++ else { \ ++ PyErr_Clear(); \ ++ } \ + } /* intentionally allow else here */ + + if (false) {} /* needed for macro */ +-- +2.20.1 + -- cgit v1.2.3 From c11f86ff164b750151645caae9cdecca3570d876 Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Mon, 18 Mar 2019 13:49:44 +0100 Subject: gnu: libgit2: Update to 0.28.1. * gnu/packages/patches/libgit2-oom-test.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Remove it. * gnu/packages/version-control.scm (libgit2): Update to 0.28.1. [source](patches): Remove 'libgit2-oom-test.patch'. --- gnu/local.mk | 1 - gnu/packages/patches/libgit2-oom-test.patch | 62 ----------------------------- gnu/packages/version-control.scm | 7 ++-- 3 files changed, 3 insertions(+), 67 deletions(-) delete mode 100644 gnu/packages/patches/libgit2-oom-test.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index c9c7378f02..c0b7478635 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -972,7 +972,6 @@ dist_patch_DATA = \ %D%/packages/patches/libexif-CVE-2017-7544.patch \ %D%/packages/patches/libgcrypt-make-yat2m-reproducible.patch \ %D%/packages/patches/libgit2-mtime-0.patch \ - %D%/packages/patches/libgit2-oom-test.patch \ %D%/packages/patches/libgdata-fix-tests.patch \ %D%/packages/patches/libgdata-glib-duplicate-tests.patch \ %D%/packages/patches/libgnome-encoding.patch \ diff --git a/gnu/packages/patches/libgit2-oom-test.patch b/gnu/packages/patches/libgit2-oom-test.patch deleted file mode 100644 index 9667d1c0da..0000000000 --- a/gnu/packages/patches/libgit2-oom-test.patch +++ /dev/null @@ -1,62 +0,0 @@ -Fix a test failure on 32-bit platforms as reported -at . - -From 415a8ae9c9b6ac18f0524b6af8e58408b426457d Mon Sep 17 00:00:00 2001 -From: Edward Thomson -Date: Thu, 13 Sep 2018 13:27:07 +0100 -Subject: [PATCH] tests: don't run buf::oom on 32-bit systems - -On a 32-bit Linux systems, the value large enough to make malloc -guarantee a failure is also large enough that valgrind considers it -"fishy". Skip this test on those systems entirely. ---- - tests/buf/oom.c | 14 +++++++++----- - 1 file changed, 9 insertions(+), 5 deletions(-) - -diff --git a/tests/buf/oom.c b/tests/buf/oom.c -index 2741a8ddf2..ec3bad9979 100644 ---- a/tests/buf/oom.c -+++ b/tests/buf/oom.c -@@ -11,12 +11,8 @@ - */ - #if defined(GIT_ARCH_64) && defined(__linux__) - # define TOOBIG 0x0fffffffffffffff --#elif defined(__linux__) --# define TOOBIG 0x0fffffff - #elif defined(GIT_ARCH_64) - # define TOOBIG 0xffffffffffffff00 --#else --# define TOOBIG 0xffffff00 - #endif - - /** -@@ -25,13 +21,18 @@ - * will fail. And because the git_buf_grow() wrapper always - * sets mark_oom, the code in git_buf_try_grow() will free - * the internal buffer and set it to git_buf__oom. -- * -+ * - * We initialized the internal buffer to (the static variable) - * git_buf__initbuf. The purpose of this test is to make sure - * that we don't try to free the static buffer. -+ * -+ * Skip this test entirely on 32-bit platforms; a buffer large enough -+ * to guarantee malloc failures is so large that valgrind considers -+ * it likely to be an error. - */ - void test_buf_oom__grow(void) - { -+#ifdef GIT_ARCH_64 - git_buf buf = GIT_BUF_INIT; - - git_buf_clear(&buf); -@@ -40,6 +41,9 @@ void test_buf_oom__grow(void) - cl_assert(git_buf_oom(&buf)); - - git_buf_free(&buf); -+#else -+ cl_skip(); -+#endif - } - - void test_buf_oom__grow_by(void) diff --git a/gnu/packages/version-control.scm b/gnu/packages/version-control.scm index d750863f30..385ebeadc9 100644 --- a/gnu/packages/version-control.scm +++ b/gnu/packages/version-control.scm @@ -526,7 +526,7 @@ everything from small to very large projects with speed and efficiency.") (define-public libgit2 (package (name "libgit2") - (version "0.27.7") + (version "0.28.1") (source (origin (method url-fetch) (uri (string-append "https://github.com/libgit2/libgit2/" @@ -534,9 +534,8 @@ everything from small to very large projects with speed and efficiency.") (file-name (string-append name "-" version ".tar.gz")) (sha256 (base32 - "0c95pbv7hwclwmn51nqnh1lb0cajpcdb24pbdzcir6vmhfj3am0s")) - (patches (search-patches "libgit2-mtime-0.patch" - "libgit2-oom-test.patch")) + "0swk2dyq5a4p1jn5wvbcsrxckhh808vifxz5y8w663avg541188c")) + (patches (search-patches "libgit2-mtime-0.patch")) ;; Remove bundled software. (snippet '(begin -- cgit v1.2.3 From 2f87048dbe14097b9fe19ec470e2628cfca7fdbf Mon Sep 17 00:00:00 2001 From: Robert Smith Date: Mon, 18 Mar 2019 15:05:18 +0100 Subject: gnu: elixir: Update to 1.8.1. * gnu/packages/elixir.scm (elixir): Update to 1.8.1. [source](patches): New field. [home-page]: Use HTTPS. * gnu/packages/patches/elixir-path-length.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. Signed-off-by: Marius Bakke --- gnu/local.mk | 1 + gnu/packages/elixir.scm | 7 ++++--- gnu/packages/patches/elixir-path-length.patch | 15 +++++++++++++++ 3 files changed, 20 insertions(+), 3 deletions(-) create mode 100644 gnu/packages/patches/elixir-path-length.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index c0b7478635..b3c54a752a 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -732,6 +732,7 @@ dist_patch_DATA = \ %D%/packages/patches/dvd+rw-tools-add-include.patch \ %D%/packages/patches/efl-mesa-compat.patch \ %D%/packages/patches/elfutils-tests-ptrace.patch \ + %D%/packages/patches/elixir-path-length.patch \ %D%/packages/patches/einstein-build.patch \ %D%/packages/patches/emacs-exec-path.patch \ %D%/packages/patches/emacs-fix-scheme-indent-function.patch \ diff --git a/gnu/packages/elixir.scm b/gnu/packages/elixir.scm index 29c7ee966f..9763c7a22b 100644 --- a/gnu/packages/elixir.scm +++ b/gnu/packages/elixir.scm @@ -33,7 +33,7 @@ (define-public elixir (package (name "elixir") - (version "1.6.6") + (version "1.8.1") (source (origin (method url-fetch) (uri (string-append "https://github.com/elixir-lang/elixir" @@ -41,7 +41,8 @@ (file-name (string-append name "-" version ".tar.gz")) (sha256 (base32 - "0c9qz5hasa59a9x1iwpcqpqj6wdbzpijfxqfmzimwj5z8q37nl3l")))) + "08lq5p82pnicd49gsj6r2zsbg35wrk6098nrrjb28fcrm5p6736y")) + (patches (search-patches "elixir-path-length.patch")))) (build-system gnu-build-system) (arguments `(#:test-target "test" @@ -84,7 +85,7 @@ (inputs `(("erlang" ,erlang) ("git" ,git))) - (home-page "http://elixir-lang.org/") + (home-page "https://elixir-lang.org/") (synopsis "Elixir programming language") (description "Elixir is a dynamic, functional language used to build scalable and maintainable applications. Elixir leverages the Erlang VM, known diff --git a/gnu/packages/patches/elixir-path-length.patch b/gnu/packages/patches/elixir-path-length.patch new file mode 100644 index 0000000000..aa8bf38829 --- /dev/null +++ b/gnu/packages/patches/elixir-path-length.patch @@ -0,0 +1,15 @@ +In the package definition the call to the command 'git' is substituted with +the full path to the git executable. This change causes the mix formatting tool +to complain that the line is too long. This workaround reformats the file +after the substitution is made. + +--- a/Makefile ++++ b/Makefile +@@ -213,6 +213,7 @@ + TEST_ERLS = $(addprefix $(TEST_EBIN)/, $(addsuffix .beam, $(basename $(notdir $(wildcard $(TEST_ERL)/*.erl))))) + + test_formatted: compile ++ bin/elixir bin/mix format lib/mix/lib/mix/scm/git.ex + bin/elixir bin/mix format --check-formatted + + test_erlang: compile $(TEST_ERLS) -- cgit v1.2.3 From 03fb5ff6ae01a680c786d9ee148839543c519411 Mon Sep 17 00:00:00 2001 From: Danny Milosavljevic Date: Thu, 21 Mar 2019 23:29:10 +0100 Subject: gnu: libgit2: Avoid Python. * gnu/packages/patches/libgit2-avoid-python.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/version-control.scm (libgit2)[source]: Use it. [inputs]: Remove python. [native-inputs]: Add guile-2.2. --- gnu/local.mk | 1 + gnu/packages/patches/libgit2-avoid-python.patch | 304 ++++++++++++++++++++++++ gnu/packages/version-control.scm | 10 +- 3 files changed, 311 insertions(+), 4 deletions(-) create mode 100644 gnu/packages/patches/libgit2-avoid-python.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index b3c54a752a..d85679b2a8 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -972,6 +972,7 @@ dist_patch_DATA = \ %D%/packages/patches/libexif-CVE-2016-6328.patch \ %D%/packages/patches/libexif-CVE-2017-7544.patch \ %D%/packages/patches/libgcrypt-make-yat2m-reproducible.patch \ + %D%/packages/patches/libgit2-avoid-python.patch \ %D%/packages/patches/libgit2-mtime-0.patch \ %D%/packages/patches/libgdata-fix-tests.patch \ %D%/packages/patches/libgdata-glib-duplicate-tests.patch \ diff --git a/gnu/packages/patches/libgit2-avoid-python.patch b/gnu/packages/patches/libgit2-avoid-python.patch new file mode 100644 index 0000000000..c850974404 --- /dev/null +++ b/gnu/packages/patches/libgit2-avoid-python.patch @@ -0,0 +1,304 @@ +diff -ruN orig/libgit2-0.27.7/tests/CMakeLists.txt libgit2-0.27.7/tests/CMakeLists.txt +--- orig/libgit2-0.27.7/tests/CMakeLists.txt 1970-01-01 01:00:00.000000000 +0100 ++++ libgit2-0.27.7/tests/CMakeLists.txt 2019-03-04 11:13:06.640118979 +0100 +@@ -1,10 +1,3 @@ +-FIND_PACKAGE(PythonInterp) +- +-IF(NOT PYTHONINTERP_FOUND) +- MESSAGE(FATAL_ERROR "Could not find a python interpeter, which is needed to build the tests. " +- "Make sure python is available, or pass -DBUILD_CLAR=OFF to skip building the tests") +-ENDIF() +- + SET(CLAR_FIXTURES "${CMAKE_CURRENT_SOURCE_DIR}/resources/") + SET(CLAR_PATH "${CMAKE_CURRENT_SOURCE_DIR}") + ADD_DEFINITIONS(-DCLAR_FIXTURE_PATH=\"${CLAR_FIXTURES}\") +@@ -21,7 +14,7 @@ + + ADD_CUSTOM_COMMAND( + OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/clar.suite +- COMMAND ${PYTHON_EXECUTABLE} generate.py -o "${CMAKE_CURRENT_BINARY_DIR}" -f -xonline -xstress -xperf . ++ COMMAND guile generate.scm -o "${CMAKE_CURRENT_BINARY_DIR}" -f -x online -x stress -x perf . + DEPENDS ${SRC_TEST} + WORKING_DIRECTORY ${CLAR_PATH} + ) +diff -ruN orig/libgit2-0.27.7/tests/generate.scm libgit2-0.27.7/tests/generate.scm +--- orig/libgit2-0.27.7/tests/generate.scm 1970-01-01 01:00:00.000000000 +0100 ++++ libgit2-0.27.7/tests/generate.scm 2019-03-04 12:18:00.688040975 +0100 +@@ -0,0 +1,277 @@ ++;; -*- geiser-scheme-implementation: guile -*- ++ ++;;; Implementation: Danny Milosavljevic ++;;; Based on: Implementation in Python by Vicent Marti. ++;;; License: ISC, like the original generate.py in clar. ++ ++(use-modules (ice-9 ftw)) ++(use-modules (ice-9 regex)) ++(use-modules (ice-9 getopt-long)) ++(use-modules (ice-9 rdelim)) ++(use-modules (ice-9 match)) ++(use-modules (ice-9 textual-ports)) ++(use-modules (srfi srfi-1)) ++ ++(define (render-callback cb) ++ (if cb ++ (string-append " { \"" (assoc-ref cb "short-name") "\", &" ++ (assoc-ref cb "symbol") " }") ++ " { NULL, NULL }")) ++ ++(define (replace needle replacement haystack) ++ "Replace all occurences of NEEDLE in HAYSTACK by REPLACEMENT. ++NEEDLE is a regular expression." ++ (regexp-substitute/global #f needle haystack 'pre replacement 'post)) ++ ++(define (skip-comments* text) ++ (call-with-input-string ++ text ++ (lambda (port) ++ (let loop ((result '()) ++ (section #f)) ++ (define (consume-char) ++ (cons (read-char port) result)) ++ (define (skip-char) ++ (read-char port) ++ result) ++ (match section ++ (#f ++ (match (peek-char port) ++ (#\/ (loop (consume-char) 'almost-in-block-comment)) ++ (#\" (loop (consume-char) 'in-string-literal)) ++ (#\' (loop (consume-char) 'in-character-literal)) ++ ((? eof-object?) result) ++ (_ (loop (consume-char) section)))) ++ ('almost-in-block-comment ++ (match (peek-char port) ++ (#\* (loop (consume-char) 'in-block-comment)) ++ (#\/ (loop (consume-char) 'in-line-comment)) ++ ((? eof-object?) result) ++ (_ (loop (consume-char) #f)))) ++ ('in-line-comment ++ (match (peek-char port) ++ (#\newline (loop (consume-char) #f)) ++ ((? eof-object?) result) ++ (_ (loop (skip-char) section)))) ++ ('in-block-comment ++ (match (peek-char port) ++ (#\* (loop (skip-char) 'almost-out-of-block-comment)) ++ ((? eof-object?) result) ++ (_ (loop (skip-char) section)))) ++ ('almost-out-of-block-comment ++ (match (peek-char port) ++ (#\/ (loop (cons (read-char port) (cons #\* result)) #f)) ++ (#\* (loop (skip-char) 'almost-out-of-block-comment)) ++ ((? eof-object?) result) ++ (_ (loop (skip-char) 'in-block-comment)))) ++ ('in-string-literal ++ (match (peek-char port) ++ (#\\ (loop (consume-char) 'in-string-literal-escape)) ++ (#\" (loop (consume-char) #f)) ++ ((? eof-object?) result) ++ (_ (loop (consume-char) section)))) ++ ('in-string-literal-escape ++ (match (peek-char port) ++ ((? eof-object?) result) ++ (_ (loop (consume-char) 'in-string-literal)))) ++ ('in-character-literal ++ (match (peek-char port) ++ (#\\ (loop (consume-char) 'in-character-literal-escape)) ++ (#\' (loop (consume-char) #f)) ++ ((? eof-object?) result) ++ (_ (loop (consume-char) section)))) ++ ('in-character-literal-escape ++ (match (peek-char port) ++ ((? eof-object?) result) ++ (_ (loop (consume-char) 'in-character-literal))))))))) ++ ++(define (skip-comments text) ++ (list->string (reverse (skip-comments* text)))) ++ ++(define (maybe-only items) ++ (match items ++ ((a) a) ++ (_ #f))) ++ ++(define (Module name path excludes) ++ (let* ((clean-name (replace "_" "::" name)) ++ (enabled (not (any (lambda (exclude) ++ (string-prefix? exclude clean-name)) ++ excludes)))) ++ (define (parse contents) ++ (define (cons-match match prev) ++ (cons ++ `(("declaration" . ,(match:substring match 1)) ++ ("symbol" . ,(match:substring match 2)) ++ ("short-name" . ,(match:substring match 3))) ++ prev)) ++ (let* ((contents (skip-comments contents)) ++ (entries (fold-matches (make-regexp ++ (string-append "^(void\\s+(test_" ++ name ++ "__(\\w+))\\s*\\(\\s*void\\s*\\))\\s*\\{") ++ regexp/newline) ++ contents ++ '() ++ cons-match)) ++ (entries (reverse entries)) ++ (callbacks (filter (lambda (entry) ++ (match (assoc-ref entry "short-name") ++ ("initialize" #f) ++ ("cleanup" #f) ++ (_ #t))) ++ entries))) ++ (if (> (length callbacks) 0) ++ `(("name" . ,name) ++ ("enabled" . ,(if enabled "1" "0")) ++ ("clean-name" . ,clean-name) ++ ("initialize" . ,(maybe-only (filter-map (lambda (entry) ++ (match (assoc-ref entry "short-name") ++ ("initialize" entry) ++ (_ #f))) ++ entries))) ++ ("cleanup" . ,(maybe-only (filter-map (lambda (entry) ++ (match (assoc-ref entry "short-name") ++ ("cleanup" entry) ++ (_ #f))) ++ entries))) ++ ("callbacks" . ,callbacks)) ++ #f))) ++ ++ (define (refresh path) ++ (and (file-exists? path) ++ (parse (call-with-input-file path get-string-all)))) ++ (refresh path))) ++ ++(define (generate-TestSuite path output excludes) ++ (define (load) ++ (define enter? (const #t)) ++ (define (leaf file stat result) ++ (let* ((module-root (string-drop (dirname file) ++ (string-length path))) ++ (module-root (filter-map (match-lambda ++ ("" #f) ++ (a a)) ++ (string-split module-root #\/)))) ++ (define (make-module path) ++ (let* ((name (string-join (append module-root (list (string-drop-right (basename path) (string-length ".c")))) "_")) ++ (name (replace "-" "_" name))) ++ (Module name path excludes))) ++ (if (string-suffix? ".c" file) ++ (let ((module (make-module file))) ++ (if module ++ (cons module result) ++ result)) ++ result))) ++ (define (down dir stat result) ++ result) ++ (define (up file state result) ++ result) ++ (define skip (const #f)) ++ (file-system-fold enter? leaf down up skip error '() path)) ++ ++ (define (CallbacksTemplate module) ++ (string-append "static const struct clar_func _clar_cb_" ++ (assoc-ref module "name") "[] = {\n" ++ (string-join (map render-callback ++ (assoc-ref module "callbacks")) ++ ",\n") ++ "\n};\n")) ++ ++ (define (DeclarationTemplate module) ++ (string-append (string-join (map (lambda (cb) ++ (string-append "extern " ++ (assoc-ref cb "declaration") ++ ";")) ++ (assoc-ref module "callbacks")) ++ "\n") ++ "\n" ++ (if (assoc-ref module "initialize") ++ (string-append "extern " (assoc-ref (assoc-ref module "initialize") "declaration") ";\n") ++ "") ++ (if (assoc-ref module "cleanup") ++ (string-append "extern " (assoc-ref (assoc-ref module "cleanup") "declaration") ";\n") ++ ""))) ++ ++ (define (InfoTemplate module) ++ (string-append " ++ { ++ \"" (assoc-ref module "clean-name") "\", ++ " (render-callback (assoc-ref module "initialize")) ", ++ " (render-callback (assoc-ref module "cleanup")) ", ++ _clar_cb_" (assoc-ref module "name") ", " ++ (number->string (length (assoc-ref module "callbacks"))) ++ ", " (assoc-ref module "enabled") " ++ }")) ++ ++ (define (Write data) ++ (define (name< module-a module-b) ++ (stringstring (suite-count))) ++ (callback-count-str (number->string (callback-count)))) ++ (display-x "static const size_t _clar_suite_count = ") ++ (display-x suite-count-str) ++ (display-x ";\n") ++ ++ (display-x "static const size_t _clar_callback_count = ") ++ (display-x callback-count-str) ++ (display-x ";\n") ++ ++ (display (string-append "Written `clar.suite` (" ++ callback-count-str ++ " tests in " ++ suite-count-str ++ " suites)")) ++ (newline)) ++ #t) ++ ++ (call-with-output-file (string-append output "/clar.suite") Write)) ++ ++;;; main ++ ++(define (main) ++ (define option-spec ++ '((force (single-char #\f) (value #f)) ++ (exclude (single-char #\x) (value #t)) ++ (output (single-char #\o) (value #t)) ++ (help (single-char #\h) (value #f)))) ++ ++ (define options (getopt-long (command-line) option-spec #:stop-at-first-non-option #t)) ++ (define args (reverse (option-ref options '() '()))) ++ (when (> (length args) 1) ++ (display "More than one path given\n") ++ (exit 1)) ++ ++ (if (< (length args) 1) ++ (set! args '("."))) ++ ++ (let* ((path (car args)) ++ (output (option-ref options 'output path)) ++ (excluded (filter-map (match-lambda ++ (('exclude . value) value) ++ (_ #f)) ++ options))) ++ (generate-TestSuite path output excluded))) ++ ++(main) diff --git a/gnu/packages/version-control.scm b/gnu/packages/version-control.scm index 385ebeadc9..9a6f96ce14 100644 --- a/gnu/packages/version-control.scm +++ b/gnu/packages/version-control.scm @@ -68,6 +68,7 @@ #:use-module (gnu packages gettext) #:use-module (gnu packages gl) #:use-module (gnu packages groff) + #:use-module (gnu packages guile) #:use-module (gnu packages haskell) #:use-module (gnu packages haskell-check) #:use-module (gnu packages haskell-crypto) @@ -535,7 +536,8 @@ everything from small to very large projects with speed and efficiency.") (sha256 (base32 "0swk2dyq5a4p1jn5wvbcsrxckhh808vifxz5y8w663avg541188c")) - (patches (search-patches "libgit2-mtime-0.patch")) + (patches (search-patches "libgit2-avoid-python.patch" + "libgit2-mtime-0.patch")) ;; Remove bundled software. (snippet '(begin @@ -561,10 +563,10 @@ everything from small to very large projects with speed and efficiency.") (lambda _ (invoke "./libgit2_clar" "-v" "-Q")))))) (inputs `(("libssh2" ,libssh2) - ("http-parser" ,http-parser) - ("python" ,python-wrapper))) + ("http-parser" ,http-parser))) (native-inputs - `(("pkg-config" ,pkg-config))) + `(("guile" ,guile-2.2) + ("pkg-config" ,pkg-config))) (propagated-inputs ;; These two libraries are in 'Requires.private' in libgit2.pc. `(("openssl" ,openssl) -- cgit v1.2.3 From e190d12eae25fff8ab818a94c8fd5302bdc797dd Mon Sep 17 00:00:00 2001 From: Tobias Geerinckx-Rice Date: Sat, 23 Mar 2019 16:02:35 +0100 Subject: gnu: dropbear: Update to 2019.77. * gnu/packages/ssh.scm (dropbear): Update to 2019.77. [source]: Remove patch. * gnu/packages/patches/dropbear-CVE-2018-15599.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Remove it. --- gnu/local.mk | 1 - gnu/packages/patches/dropbear-CVE-2018-15599.patch | 240 --------------------- gnu/packages/ssh.scm | 21 +- 3 files changed, 10 insertions(+), 252 deletions(-) delete mode 100644 gnu/packages/patches/dropbear-CVE-2018-15599.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index d85679b2a8..594755f693 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -728,7 +728,6 @@ dist_patch_DATA = \ %D%/packages/patches/docker-fix-tests.patch \ %D%/packages/patches/dovecot-trees-support-dovecot-2.3.patch \ %D%/packages/patches/doxygen-test.patch \ - %D%/packages/patches/dropbear-CVE-2018-15599.patch \ %D%/packages/patches/dvd+rw-tools-add-include.patch \ %D%/packages/patches/efl-mesa-compat.patch \ %D%/packages/patches/elfutils-tests-ptrace.patch \ diff --git a/gnu/packages/patches/dropbear-CVE-2018-15599.patch b/gnu/packages/patches/dropbear-CVE-2018-15599.patch deleted file mode 100644 index a474552cd2..0000000000 --- a/gnu/packages/patches/dropbear-CVE-2018-15599.patch +++ /dev/null @@ -1,240 +0,0 @@ -Fix CVE-2018-15599: - -http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2018q3/002108.html -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15599 - -Patch copied from upstream source repository: - -https://github.com/mkj/dropbear/commit/52adbb34c32d3e2e1bcdb941e20a6f81138b8248 - -From 52adbb34c32d3e2e1bcdb941e20a6f81138b8248 Mon Sep 17 00:00:00 2001 -From: Matt Johnston -Date: Thu, 23 Aug 2018 23:43:12 +0800 -Subject: [PATCH] Wait to fail invalid usernames - ---- - auth.h | 6 +++--- - svr-auth.c | 19 +++++-------------- - svr-authpam.c | 26 ++++++++++++++++++++++---- - svr-authpasswd.c | 27 ++++++++++++++------------- - svr-authpubkey.c | 11 ++++++++++- - 5 files changed, 54 insertions(+), 35 deletions(-) - -diff --git a/auth.h b/auth.h -index da498f5b..98f54683 100644 ---- a/auth.h -+++ b/auth.h -@@ -37,9 +37,9 @@ void recv_msg_userauth_request(void); - void send_msg_userauth_failure(int partial, int incrfail); - void send_msg_userauth_success(void); - void send_msg_userauth_banner(const buffer *msg); --void svr_auth_password(void); --void svr_auth_pubkey(void); --void svr_auth_pam(void); -+void svr_auth_password(int valid_user); -+void svr_auth_pubkey(int valid_user); -+void svr_auth_pam(int valid_user); - - #if DROPBEAR_SVR_PUBKEY_OPTIONS_BUILT - int svr_pubkey_allows_agentfwd(void); -diff --git a/svr-auth.c b/svr-auth.c -index c19c0901..edde86bc 100644 ---- a/svr-auth.c -+++ b/svr-auth.c -@@ -149,10 +149,8 @@ void recv_msg_userauth_request() { - if (methodlen == AUTH_METHOD_PASSWORD_LEN && - strncmp(methodname, AUTH_METHOD_PASSWORD, - AUTH_METHOD_PASSWORD_LEN) == 0) { -- if (valid_user) { -- svr_auth_password(); -- goto out; -- } -+ svr_auth_password(valid_user); -+ goto out; - } - } - #endif -@@ -164,10 +162,8 @@ void recv_msg_userauth_request() { - if (methodlen == AUTH_METHOD_PASSWORD_LEN && - strncmp(methodname, AUTH_METHOD_PASSWORD, - AUTH_METHOD_PASSWORD_LEN) == 0) { -- if (valid_user) { -- svr_auth_pam(); -- goto out; -- } -+ svr_auth_pam(valid_user); -+ goto out; - } - } - #endif -@@ -177,12 +173,7 @@ void recv_msg_userauth_request() { - if (methodlen == AUTH_METHOD_PUBKEY_LEN && - strncmp(methodname, AUTH_METHOD_PUBKEY, - AUTH_METHOD_PUBKEY_LEN) == 0) { -- if (valid_user) { -- svr_auth_pubkey(); -- } else { -- /* pubkey has no failure delay */ -- send_msg_userauth_failure(0, 0); -- } -+ svr_auth_pubkey(valid_user); - goto out; - } - #endif -diff --git a/svr-authpam.c b/svr-authpam.c -index 05e4f3e5..d201bc96 100644 ---- a/svr-authpam.c -+++ b/svr-authpam.c -@@ -178,13 +178,14 @@ pamConvFunc(int num_msg, - * Keyboard interactive would be a lot nicer, but since PAM is synchronous, it - * gets very messy trying to send the interactive challenges, and read the - * interactive responses, over the network. */ --void svr_auth_pam() { -+void svr_auth_pam(int valid_user) { - - struct UserDataS userData = {NULL, NULL}; - struct pam_conv pamConv = { - pamConvFunc, - &userData /* submitted to pamvConvFunc as appdata_ptr */ - }; -+ const char* printable_user = NULL; - - pam_handle_t* pamHandlep = NULL; - -@@ -204,12 +205,23 @@ void svr_auth_pam() { - - password = buf_getstring(ses.payload, &passwordlen); - -+ /* We run the PAM conversation regardless of whether the username is valid -+ in case the conversation function has an inherent delay. -+ Use ses.authstate.username rather than ses.authstate.pw_name. -+ After PAM succeeds we then check the valid_user flag too */ -+ - /* used to pass data to the PAM conversation function - don't bother with - * strdup() etc since these are touched only by our own conversation - * function (above) which takes care of it */ -- userData.user = ses.authstate.pw_name; -+ userData.user = ses.authstate.username; - userData.passwd = password; - -+ if (ses.authstate.pw_name) { -+ printable_user = ses.authstate.pw_name; -+ } else { -+ printable_user = ""; -+ } -+ - /* Init pam */ - if ((rc = pam_start("sshd", NULL, &pamConv, &pamHandlep)) != PAM_SUCCESS) { - dropbear_log(LOG_WARNING, "pam_start() failed, rc=%d, %s", -@@ -242,7 +254,7 @@ void svr_auth_pam() { - rc, pam_strerror(pamHandlep, rc)); - dropbear_log(LOG_WARNING, - "Bad PAM password attempt for '%s' from %s", -- ses.authstate.pw_name, -+ printable_user, - svr_ses.addrstring); - send_msg_userauth_failure(0, 1); - goto cleanup; -@@ -253,12 +265,18 @@ void svr_auth_pam() { - rc, pam_strerror(pamHandlep, rc)); - dropbear_log(LOG_WARNING, - "Bad PAM password attempt for '%s' from %s", -- ses.authstate.pw_name, -+ printable_user, - svr_ses.addrstring); - send_msg_userauth_failure(0, 1); - goto cleanup; - } - -+ if (!valid_user) { -+ /* PAM auth succeeded but the username isn't allowed in for another reason -+ (checkusername() failed) */ -+ send_msg_userauth_failure(0, 1); -+ } -+ - /* successful authentication */ - dropbear_log(LOG_NOTICE, "PAM password auth succeeded for '%s' from %s", - ses.authstate.pw_name, -diff --git a/svr-authpasswd.c b/svr-authpasswd.c -index bdee2aa1..69c7d8af 100644 ---- a/svr-authpasswd.c -+++ b/svr-authpasswd.c -@@ -48,22 +48,14 @@ static int constant_time_strcmp(const char* a, const char* b) { - - /* Process a password auth request, sending success or failure messages as - * appropriate */ --void svr_auth_password() { -+void svr_auth_password(int valid_user) { - - char * passwdcrypt = NULL; /* the crypt from /etc/passwd or /etc/shadow */ - char * testcrypt = NULL; /* crypt generated from the user's password sent */ -- char * password; -+ char * password = NULL; - unsigned int passwordlen; -- - unsigned int changepw; - -- passwdcrypt = ses.authstate.pw_passwd; -- --#ifdef DEBUG_HACKCRYPT -- /* debugging crypt for non-root testing with shadows */ -- passwdcrypt = DEBUG_HACKCRYPT; --#endif -- - /* check if client wants to change password */ - changepw = buf_getbool(ses.payload); - if (changepw) { -@@ -73,12 +65,21 @@ void svr_auth_password() { - } - - password = buf_getstring(ses.payload, &passwordlen); -- -- /* the first bytes of passwdcrypt are the salt */ -- testcrypt = crypt(password, passwdcrypt); -+ if (valid_user) { -+ /* the first bytes of passwdcrypt are the salt */ -+ passwdcrypt = ses.authstate.pw_passwd; -+ testcrypt = crypt(password, passwdcrypt); -+ } - m_burn(password, passwordlen); - m_free(password); - -+ /* After we have got the payload contents we can exit if the username -+ is invalid. Invalid users have already been logged. */ -+ if (!valid_user) { -+ send_msg_userauth_failure(0, 1); -+ return; -+ } -+ - if (testcrypt == NULL) { - /* crypt() with an invalid salt like "!!" */ - dropbear_log(LOG_WARNING, "User account '%s' is locked", -diff --git a/svr-authpubkey.c b/svr-authpubkey.c -index aa6087c9..ff481c87 100644 ---- a/svr-authpubkey.c -+++ b/svr-authpubkey.c -@@ -79,7 +79,7 @@ static int checkfileperm(char * filename); - - /* process a pubkey auth request, sending success or failure message as - * appropriate */ --void svr_auth_pubkey() { -+void svr_auth_pubkey(int valid_user) { - - unsigned char testkey; /* whether we're just checking if a key is usable */ - char* algo = NULL; /* pubkey algo */ -@@ -102,6 +102,15 @@ void svr_auth_pubkey() { - keybloblen = buf_getint(ses.payload); - keyblob = buf_getptr(ses.payload, keybloblen); - -+ if (!valid_user) { -+ /* Return failure once we have read the contents of the packet -+ required to validate a public key. -+ Avoids blind user enumeration though it isn't possible to prevent -+ testing for user existence if the public key is known */ -+ send_msg_userauth_failure(0, 0); -+ goto out; -+ } -+ - /* check if the key is valid */ - if (checkpubkey(algo, algolen, keyblob, keybloblen) == DROPBEAR_FAILURE) { - send_msg_userauth_failure(0, 0); diff --git a/gnu/packages/ssh.scm b/gnu/packages/ssh.scm index f5e069ff05..bd26149872 100644 --- a/gnu/packages/ssh.scm +++ b/gnu/packages/ssh.scm @@ -451,18 +451,17 @@ TCP, not the SSH protocol.") (define-public dropbear (package (name "dropbear") - (version "2018.76") - (source (origin - (method url-fetch) - (uri (string-append - "https://matt.ucc.asn.au/dropbear/releases/" - "dropbear-" version ".tar.bz2")) - (patches (search-patches "dropbear-CVE-2018-15599.patch")) - (sha256 - (base32 - "0rgavbzw7jrs5wslxm0dnwx2m409yzxd9hazd92r7kx8xikr3yzj")))) + (version "2019.77") + (source + (origin + (method url-fetch) + (uri (string-append + "https://matt.ucc.asn.au/dropbear/releases/" + "dropbear-" version ".tar.bz2")) + (sha256 + (base32 "13a55fcy2mx2pvsfj6dh9107k4wnbd9ybdyi3w3ivgikwvmph7yr")))) (build-system gnu-build-system) - (arguments `(#:tests? #f)) ; there is no "make check" or anything similar + (arguments `(#:tests? #f)) ; there is no "make check" or anything similar ;; TODO: Investigate unbundling libtommath and libtomcrypt or at least ;; cherry-picking important bug fixes from them. See ;; for more information. -- cgit v1.2.3 From a9f847adc3f9e996a83bc1a572e9221d4d128def Mon Sep 17 00:00:00 2001 From: Pierre Langlois Date: Thu, 21 Mar 2019 00:22:00 +0000 Subject: gnu: libmygpo-qt: Move to new 'gpodder.scm' file. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * gnu/packages/music.scm (libmygpo-qt): Move to 'gpodder.scm'. * gnu/packages/gpodder.scm: New file. * gnu/local.mk (GNU_SYSTEM_MODULES): Add it. Signed-off-by: Ludovic Courtès --- gnu/local.mk | 1 + gnu/packages/gpodder.scm | 56 ++++++++++++++++++++++++++++++++++++++++++++++++ gnu/packages/music.scm | 31 +-------------------------- 3 files changed, 58 insertions(+), 30 deletions(-) create mode 100644 gnu/packages/gpodder.scm (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 594755f693..3f07629f4f 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -212,6 +212,7 @@ GNU_SYSTEM_MODULES = \ %D%/packages/gobby.scm \ %D%/packages/golang.scm \ %D%/packages/gperf.scm \ + %D%/packages/gpodder.scm \ %D%/packages/gprolog.scm \ %D%/packages/gps.scm \ %D%/packages/graph.scm \ diff --git a/gnu/packages/gpodder.scm b/gnu/packages/gpodder.scm new file mode 100644 index 0000000000..c0150402c4 --- /dev/null +++ b/gnu/packages/gpodder.scm @@ -0,0 +1,56 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2019 Pierre Langlois +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +(define-module (gnu packages gpodder) + #:use-module (guix download) + #:use-module (guix packages) + #:use-module ((guix licenses) #:prefix license:) + #:use-module (guix build-system cmake) + #:use-module (gnu packages) + #:use-module (gnu packages pkg-config) + #:use-module (gnu packages qt)) + +(define-public libmygpo-qt + (package + (name "libmygpo-qt") + (version "1.1.0") + (source (origin + (method url-fetch) + (uri (string-append "http://stefan.derkits.at/files/" + "libmygpo-qt/libmygpo-qt." version ".tar.gz")) + (sha256 + (base32 + "1kg18qrq2rsswgzhl65r3mlyx7kpqg4wwnbp4yiv6svvmadmlxl2")) + (patches (search-patches "libmygpo-qt-fix-qt-5.11.patch" + "libmygpo-qt-missing-qt5-modules.patch")))) + (build-system cmake-build-system) + (native-inputs + `(("pkg-config" ,pkg-config))) + (inputs + `(("qt" ,qtbase))) + (arguments + `(#:configure-flags '("-DMYGPO_BUILD_TESTS=ON") + ;; TODO: Enable tests when https://github.com/gpodder/gpodder/issues/446 + ;; is fixed. + #:tests? #f)) + (home-page "http://wiki.gpodder.org/wiki/Libmygpo-qt") + (synopsis "Qt/C++ library wrapping the gpodder web service") + (description "@code{libmygpo-qt} is a Qt/C++ library wrapping the +@url{https://gpodder.net} APIs. It allows applications to discover, manage +and track podcasts.") + (license license:lgpl2.1+))) diff --git a/gnu/packages/music.scm b/gnu/packages/music.scm index b93bcacfcd..5a2358f19a 100644 --- a/gnu/packages/music.scm +++ b/gnu/packages/music.scm @@ -88,6 +88,7 @@ #:use-module (gnu packages gl) #:use-module (gnu packages glib) #:use-module (gnu packages gnome) + #:use-module (gnu packages gpodder) #:use-module (gnu packages graphics) #:use-module (gnu packages gstreamer) #:use-module (gnu packages gtk) @@ -4009,36 +4010,6 @@ OSC connections.") the electronic or dubstep genre.") (license license:gpl3+))) -(define-public libmygpo-qt - (package - (name "libmygpo-qt") - (version "1.1.0") - (source (origin - (method url-fetch) - (uri (string-append "http://stefan.derkits.at/files/" - "libmygpo-qt/libmygpo-qt." version ".tar.gz")) - (sha256 - (base32 - "1kg18qrq2rsswgzhl65r3mlyx7kpqg4wwnbp4yiv6svvmadmlxl2")) - (patches (search-patches "libmygpo-qt-fix-qt-5.11.patch" - "libmygpo-qt-missing-qt5-modules.patch")))) - (build-system cmake-build-system) - (native-inputs - `(("pkg-config" ,pkg-config))) - (inputs - `(("qt" ,qtbase))) - (arguments - `(#:configure-flags '("-DMYGPO_BUILD_TESTS=ON") - ;; TODO: Enable tests when https://github.com/gpodder/gpodder/issues/446 - ;; is fixed. - #:tests? #f)) - (home-page "http://wiki.gpodder.org/wiki/Libmygpo-qt") - (synopsis "Qt/C++ library wrapping the gpodder web service") - (description "@code{libmygpo-qt} is a Qt/C++ library wrapping the -@url{https://gpodder.net} APIs. It allows applications to discover, manage -and track podcasts.") - (license license:lgpl2.1+))) - (define-public sonivox-eas (package (name "sonivox-eas") -- cgit v1.2.3 From abc12b0d6ee61c6399993c8f0a7ed92841eb466a Mon Sep 17 00:00:00 2001 From: Efraim Flashner Date: Sun, 24 Feb 2019 20:15:49 +0200 Subject: gnu: Add moarvm. * gnu/packages/perl6.scm (moarvm): New variable. --- gnu/local.mk | 3 +- gnu/packages/perl6.scm | 96 ++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 98 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/perl6.scm (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 3f07629f4f..f957b8af62 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -10,7 +10,7 @@ # Copyright © 2016, 2017, 2018, 2019 Ricardo Wurmus # Copyright © 2016 Ben Woodcroft # Copyright © 2016, 2017, 2018, 2019 Alex Vong -# Copyright © 2016, 2017 Efraim Flashner +# Copyright © 2016, 2017, 2018, 2019 Efraim Flashner # Copyright © 2016, 2017 Jan Nieuwenhuizen # Copyright © 2017, 2018, 2019 Tobias Geerinckx-Rice # Copyright © 2017, 2018 Clément Lassieur @@ -365,6 +365,7 @@ GNU_SYSTEM_MODULES = \ %D%/packages/perl-check.scm \ %D%/packages/perl-compression.scm \ %D%/packages/perl-web.scm \ + %D%/packages/perl6.scm \ %D%/packages/photo.scm \ %D%/packages/phabricator.scm \ %D%/packages/php.scm \ diff --git a/gnu/packages/perl6.scm b/gnu/packages/perl6.scm new file mode 100644 index 0000000000..6a5fa32ecc --- /dev/null +++ b/gnu/packages/perl6.scm @@ -0,0 +1,96 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2019 Efraim Flashner +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +(define-module (gnu packages perl6) + #:use-module ((guix licenses) #:prefix license:) + #:use-module (guix download) + #:use-module (guix packages) + #:use-module (guix build-system perl) + #:use-module (gnu packages bdw-gc) + #:use-module (gnu packages libevent) + #:use-module (gnu packages libffi) + #:use-module (gnu packages multiprecision) + #:use-module (gnu packages pkg-config)) + +(define-public moarvm + (package + (name "moarvm") + (version "2019.03") + (source + (origin + (method url-fetch) + (uri (string-append "https://moarvm.org/releases/MoarVM-" + version ".tar.gz")) + (sha256 + (base32 + "017w1zvr6yl0cgjfc1b3ddlc6vjw9q8p7alw1vvsckw95190xc14")) + (modules '((guix build utils))) + (snippet + '(begin + ;(delete-file-recursively "3rdparty/dynasm") ; JIT + (delete-file-recursively "3rdparty/dyncall") + (delete-file-recursively "3rdparty/freebsd") + (delete-file-recursively "3rdparty/libatomicops") + (delete-file-recursively "3rdparty/libuv") + (delete-file-recursively "3rdparty/libtommath") + (delete-file-recursively "3rdparty/msinttypes") + #t)))) + (build-system perl-build-system) + (arguments + '(#:phases + (modify-phases %standard-phases + (replace 'configure + (lambda* (#:key inputs outputs #:allow-other-keys) + (let ((out (assoc-ref outputs "out")) + (pkg-config (assoc-ref inputs "pkg-config"))) + (setenv "LDFLAGS" (string-append "-Wl,-rpath=" out "/lib")) + (invoke "perl" "Configure.pl" + "--prefix" out + "--pkgconfig" (string-append pkg-config "/bin/pkg-config") + "--has-libtommath" + "--has-libatomic_ops" + "--has-libffi" + "--has-libuv"))))))) + (home-page "https://moarvm.org/") + ;; These should be inputs but moar.h can't find them when building rakudo + (propagated-inputs + `(("libatomic-ops" ,libatomic-ops) + ("libtommath" ,libtommath-1.0) + ("libuv" ,libuv))) + (inputs + `(("libffi" ,libffi))) + (native-inputs + `(("pkg-config" ,pkg-config))) + (synopsis "VM for NQP And Rakudo Perl 6") + (description + "Short for \"Metamodel On A Runtime\", MoarVM is a modern virtual machine +built for the Rakudo Perl 6 compiler and the NQP Compiler Toolchain. Highlights +include: + +@itemize +@item Great Unicode support, with strings represented at grapheme level +@item Dynamic analysis of running code to identify hot functions and loops, and +perform a range of optimizations, including type specialization and inlining +@item Support for threads, a range of concurrency control constructs, and +asynchronous sockets, timers, processes, and more +@item Generational, parallel, garbage collection +@item Support for numerous language features, including first class functions, +exceptions, continuations, runtime loading of code, big integers and interfacing +with native libraries. +@end itemize") + (license license:artistic2.0))) -- cgit v1.2.3