packages: ‘package-field-location’ returns a <location> for atoms.

Fixes guix/guix#1975.

When using ‘read’, ‘package-field-location’ would not get source location for
atoms such as symbols, typically making it impossible to get the location of
the value of a field list (build-system gnu-build-system).  This fixes that.

* guix/packages.scm (field-value-location): New procedure.
(package-field-location): Use it instead of inline code.
* tests/packages.scm ("package-field-location"): Test the ‘build-system’
field.

Reported-by: Nicolas Graves <ngraves@ngraves.fr>
Change-Id: I98c694bb6f1999fa9ca80e145fa016640067af55

build: emacs-utils: Add emacs-makeinfo.

* guix/build/emacs-utils.scm (emacs-makeinfo): New variable.
* gnu/packages/emacs-xyz.scm (emacs-show-font, emacs-mct, emacs-corfu)
(emacs-cape, emacs-embark, emacs-orderless, emacs-consult, emacs-marginalia)
(emacs-logos, emacs-tmr, emacs-beframe, emacs-tempel, emacs-lin, emacs-pulsar)
(emacs-dired-preview, emacs-modus-themes, emacs-org-glossary, emacs-vertico)
(emacs-org-margin, emacs-osm)[#:phases]<makeinfo>: Use it.
Move before ‘install’ if it was previously after ‘install’.

build-system: emacs: Use new lisp-mnt primitives.

* guix/build/emacs-build-system.scm (ensure-package-description)
[%write-pkg-file-form]: Use ‘lm-summary’ and ‘lm-package-requires’.

Fixes: guix/guix#736 (Missing `*-pkg.el` files).

build-system: emacs: Error if package file could not be generated.

* guix/build/emacs-build-system.scm (ensure-package-description)
[%write-pkg-file-form]: Use ‘error’ for error reporting.

guix: lint: Add codespell hints.

This hides these lines from codespell so it doesn't try to fix the
spelling of these intentional typos.

* guix/lint.scm (check-description-style)[check-description-typo]: Add
codespell hints to ignore some lines.

Change-Id: I002d2ba6079a5dcf9165d3821eda579f6dfa2ecf
Signed-off-by: Efraim Flashner <efraim@flashner.co.il>

build-system: Introduce @* macro for lazy module resolution.

* guix/build-system.scm (@*): New macro for runtime module resolution.
* guix/build-system/agda.scm (default-agda): Use @* instead of
resolve-interface and module-ref.
* guix/build-system/android-ndk.scm (default-android-build,
default-android-googletest): Likewise.
* guix/build-system/ant.scm (default-jdk, default-ant, default-zip):
Likewise.
* guix/build-system/cargo.scm (default-rust): Likewise.
* guix/build-system/chicken.scm (default-chicken): Likewise.
* guix/build-system/composer.scm (default-php,
default-composer-classloader): Likewise.
* guix/build-system/dub.scm (default-ldc, default-dub,
default-pkg-config, default-ld-gold-wrapper): Likewise.
* guix/build-system/elm.scm (default-elm, default-elm-core,
default-elm-json): Likewise.
* guix/build-system/emacs.scm (default-emacs): Likewise.
* guix/build-system/glib-or-gtk.scm (default-glib): Likewise.
* guix/build-system/go.scm (default-go, default-gccgo, make-go-std):
Likewise.
* guix/build-system/haskell.scm (default-haskell): Likewise.
* guix/build-system/julia.scm (default-julia): Likewise.
* guix/build-system/linux-module.scm (default-linux): Likewise.
* guix/build-system/luanti.scm (default-optipng, default-luanti,
default-luanti-game, default-xvfb-run): Likewise. Remove otherwise
unused individual plugin accessor functions.
* guix/build-system/maven.scm (default-maven, default-jdk,
default-maven-plugins): Likewise. Remove otherwise unused individual
plugin accessor functions.
* guix/build-system/meson.scm (default-ninja, default-meson):
Likewise.
* guix/build-system/minify.scm (default-esbuild): Use @* instead of
resolve-interface and module-ref.
* guix/build-system/mix.scm (default-elixir-hex,
default-rebar3, default-elixir): Likewise.
* guix/build-system/node.scm (default-node): Likewise.
* guix/build-system/ocaml.scm (default-ocaml, default-findlib,
default-dune-build-system, default-ocaml4.07,
default-ocaml4.07-findlib ,default-ocaml4.07-dune, default-ocaml4.09,
default-ocaml4.09-findlib, default-ocaml4.09-dune, default-ocaml5.0,
default-ocaml5.0-findlib, default-ocaml5.0-dune): Likewise.
* guix/build-system/perl.scm (default-perl): Likewise.
* guix/build-system/pyproject.scm (default-python): Likewise.
* guix/build-system/qt.scm (default-qtbase): Likewise.
* guix/build-system/r.scm (default-r): Likewise.
* guix/build-system/rakudo.scm (default-rakudo, default-prove6,
default-zef): Likewise.
* guix/build-system/rebar.scm (default-rebar3, default-erlang):
Likewise.
* guix/build-system/renpy.scm (default-renpy): Likewise.
* guix/build-system/ruby.scm (default-ruby): Likewise.
* guix/build-system/scons.scm (default-scons): Likewise.
* guix/build-system/texlive.scm (default-texlive-bin,
texlive-latex-bin): Likewise.
* guix/build-system/tree-sitter.scm (default-guile-json,
default-node, default-tree-sitter, default-tree-sitter-cli): Likewise.
* guix/build-system/vim.scm (default-vim, default-neovim): Likewise.
* guix/build-system/zig.scm (default-zig): Likewise.

Signed-off-by: Ludovic Courtès <ludo@gnu.org>

build-system: rakudo: Clarify private-keywords.

Some arguments used for lower but not for the builder were passed as
arguments to the builders.  Remove this ambiguity.

* guix/build-system/rakudo.scm (lower)[private-keywords]: Add keywords
  with-prove6? and with-zed?,...
  (rakudo-build): ... removed from here.

Signed-off-by: Ludovic Courtès <ludo@gnu.org>

build-system: android-ndk: Improve lower configurability.

* guix/build-system/android-ndk.scm (default-android-build,
default-android-googletest): Add and export variables.
  (lower): Add their respective keywords.

Signed-off-by: Ludovic Courtès <ludo@gnu.org>

build-system: tree-sitter: Improve lower configurability.

* guix/build-system/tree-sitter.scm (default-node,
default-tree-sitter, default-tree-sitter-cli): Add and export variables.
  (lower): Add their respective keywords.

Signed-off-by: Ludovic Courtès <ludo@gnu.org>

build-system: copy: Remove dead glibc code.

An unused glibc package made its way into the copy-build-system.
It's confusing, so remove it.

* guix/build-system/copy.scm (default-glibc): Remove variable.
  (lower): Remove glibc keyword.

Signed-off-by: Ludovic Courtès <ludo@gnu.org>

size: Improve error message.

Fixes guix/guix#2429

* guix/scripts/size.scm (file-size): Improve error message.

Change-Id: I0e0f6de1eded8a780d2edc07ce1fbc5c7ff73e25
Signed-off-by: Ludovic Courtès <ludo@gnu.org>

build-system/tree-sitter: Build with -std=c11.

* guix/build/tree-sitter-build-system.scm (install): Switch to
building with -std=c11.

Fixes: guix/guix#2215
Change-Id: I04f3ede07aeaaa9cf95272611d6346295f603b69
Signed-off-by: Danny Milosavljevic <dannym@friendly-machines.com>

tests: Reduce build timeout to 3 minutes for Scheme tests.

* guix/tests.scm (open-connection-for-tests): Reduce #:timeout to 3mn.
(call-with-external-store): Likewise.

Change-Id: I4375e070618a5f38a82a1d26f8424bf4abb607e6

perform-download: Use (ice-9 sandbox) for mirrors.

"guix perform-download" is used to implement the daemon's "download" and
"git-download" builtin builders.  Because these are builtins, it runs without
any additional isolation beyond merely running as a build user.  In such a
context, allowing arbitrary user-supplied code to be evaluated will easily
lead to the build user being taken over, which can then be used to corrupt
future builds, enable exploitation of certain vulnerabilities, and in the case
of the rootless daemon completely take over guix-daemon.

Use (ice-9 sandbox) to ensure that only safe bindings are available during the
evaluation of the content-addressed-mirrors file.

* guix/perform-download.scm (%safe-bindings, %sandbox-module): new variables.
  (syntax-noop): new syntax.
  (eval-content-addressed-mirrors, assert-store-file,
   call-with-input-file/no-symlinks): new procedures.
  (perform-download): use assert-store-file to ensure files are in the store
  before being read.  Use call-with-input-file/no-symlinks for opening
  untrusted files.  Use eval-content-addressed-mirrors to evaluate the
  content-addressed-mirrors file.

Change-Id: I8ed27a95d84dbcc7d72d0d75f172d113f8be6c79
Signed-off-by: Ludovic Courtès <ludo@gnu.org>

download: Handle content-addressed-mirrors returning #f.

* guix/build/download.scm (url-fetch): don't pass the return value from a
  content-addressed-mirror procedure to 'string->uri' if it is #f.

Change-Id: Ic4f94f86fcfebe6f2e60cb3c4330ce57886ab647
Signed-off-by: Ludovic Courtès <ludo@gnu.org>

perform-download: Ensure reading never evaluates code.

Since this is used to implement the "download" and "git-download" builtins,
which are run outside of any chroot, this is trusted code with respect to the
user-supplied strings it reads.

* guix/scripts/perform-download.scm (read/safe): new procedure.
  (perform-download, perform-git-download): use it.
  (guix-perform-download): explicitly set 'read-eval?' to #f and
  'read-hash-procedures' to '().  #f is the default value of 'read-eval?' on
  startup, but set it anyway to be certain.

Change-Id: I93cb8e32607a6f9a559a26c1cbd6b88212ead884
Signed-off-by: Ludovic Courtès <ludo@gnu.org>

cve: Upgrade to JSON 2.0 feeds.

Fixes guix/guix#2213.  The 1.1-formatted-data is no longer available
from NIST.

* guix/cve.scm (string->date*, <cve-item>,
reference-data->cve-configuration, cpe-match->cve-configuration,
configuration-data->cve-configurations, json->cve-items,
yearly-feed-uri, cve-item->vulnerability): Upgrade to JSON 2.0 feeds
schema.
(<cve>): Remove uneeded record.
* tests/cve-sample.json: Update them. Remove CVE-2019-0005 (no value
added, lots of lines).
* tests/cve.scm (%expected-vulnerabilities): Upgrade accordingly.
(json->cve-items, vulnerabilities->lookup-proc tests): Update accordingly.

Signed-off-by: Ludovic Courtès <ludo@gnu.org>

gnu: mercurial: Add package and rename former to mercurial/pinned.

Mercurial currently has CVEs. IMHO, it's unsafe to carry them around
in a profile.  However, updating mercurial potential leads to a lot of
rebuilds and I don't want to tackle this right now.

As for other packages, the way forward is to add a variant of the
package only used for hg-fetch, here mercurial/pinned.

* gnu/packages/version-control.scm
(mercurial-check-phase): Add helper variable.
(mercurial): Update to 7.1.
[arguments]: Use gexps.
<#:phases>: Refresh them. Add phase 'add-install-to-pythonpath for
running tests. Run tests after install. Add phase 'configure-check.
<#:imported-modules, #:modules>: Add them for
'add-install-for-pythonpath.k
[native-inputs]: Remove python-nose. Add python-setuptools-next,
python-setuptools-scm-next.
(mercurial/pinned): Inherit from mercurial, but build the exact same
derivation as the previous mercurial variable.

* guix/hg-download.scm (hg-package): Use mercurial/pinned.

Signed-off-by: Ludovic Courtès <ludo@gnu.org>

gnu: subversion: Add package and rename former to subversion/pinned.

Subversion currently has CVEs. IMHO, it's unsafe to carry them around
in a profile. However, updating subversion potential leads to a lot of
rebuilds and I don't want to tackle this right now.

As for other packages, the way forward is to add a variant of the
package only used for svn-fetch, here subversion/pinned.

* gnu/packages/version-control.scm (subversion): Update to 1.14.5.
(subversion/pinned): Inherit from subversion, but build the exact same
derivation as the previous subversion variable.

* guix/svn-download.scm (subversion-package): Use subversion/pinned.

Signed-off-by: Ludovic Courtès <ludo@gnu.org>

git-authenticate: Print a clear error message for malformed keys.

Fixes guix/guix#1141.

* guix/git-authenticate.scm (load-keyring-from-blob): Change ‘oid’ to
‘entry’ and adjust accordingly.  Raise a ‘&formatted-message’ error when
‘read-radix-64’ returns #f or EOF.
(load-keyring-from-reference): Adjust accordingly.

Change-Id: Ib88c94dac543caf6b1e0855242ba50063c944765