~ruther/guix-local: desktop-services

3eb30a1c — Andreas Enge 8 months ago

gnu: mit-krb5: Update to 1.21.

* gnu/packages/kerberos.scm (mit-krb5): Update to 1.21.
[native-inputs]: Remove tcl.

Change-Id: Iffd99adce260306d7671bd2dd029e373e911ae4a

449b44a3 — fanquake 9 months ago

gnu: datefudge: Update to 1.27.

* gnu/packages/time.scm (datefudge): Update to 1.27.

Signed-off-by: Andreas Enge <andreas@enge.fr>

1b1fb469 — Antoine Côté 9 months ago

gnu: dav1d: Update to 1.5.1.

* gnu/packages/video.scm (dav1d): Update to 1.5.1.

Change-Id: I2a2cbf458a867f3e0c98328e567d2f4b194abe14
Signed-off-by: Andreas Enge <andreas@enge.fr>

3e457349 — Jake Forster 9 months ago

gnu: mariadb: Fix paths in installed scripts.

Fixes: guix/guix#1391.

* gnu/packages/databases.scm (mariadb)[arguments]<#:phases>{post-install}:
Prevent double prefix in bindir.

Change-Id: I304995fed0cbec19c159a2e34b965815fec853a1
Signed-off-by: Andreas Enge <andreas@enge.fr>

3269a309 — John Kehayias 9 months ago

gnu: linux: Add modconfig option to customize-linux.

* gnu/packages/linux.scm (customize-linux): New keyword argument modconfig.
[arguments]{phases}: Use it in configure phase to run make localmodconfig.

Change-Id: I5fbfb9617b41155eaa59197c2a7fe79c5c63c72d

ecfbeb3e — Zheng Junjie 8 months ago

gnu: Add radicle.

* gnu/packages/rust-apps.scm (radicle): New variable.
* gnu/packages/rust-crates.scm (lookup-cargo-inputs): Add radicle.

Change-Id: I2512928406ceab65ea3f14e64591c4614323408a
Signed-off-by: Hilton Chain <hako@ultrarare.space>
Modified-by: Hilton Chain <hako@ultrarare.space>

db43751e — Hilton Chain 8 months ago

gnu: niri: Install completions.

* gnu/packages/wm.scm (niri) [arguments] <#:phases>: Install completions.
[native-inputs]: Add self when cross-compiling.

Change-Id: If9a6725ee13c87b5a76b959c3d6fe9804e884415

6412cbf0 — Hilton Chain 8 months ago

gnu: xwayland-satellite: Update to 0.7.

* gnu/packages/xorg.scm (xwayland-satellite): Update to 0.7.
* gnu/packages/rust-crates.scm (lookup-cargo-inputs) [xwayland-satellite]:
Update entry.

Change-Id: Ia39cc1808375f55f1ba0c3c4553198e4d096780f

51e5af28 — Hilton Chain 8 months ago

gnu: niri: Update to 25.08.

* gnu/packages/wm.scm (niri): Update to 25.08.
[arguments] <#:phases>: Disable parallel testing.
* gnu/packages/rust-sources.scm (rust-pipewire-0.8.0.93138d0)
(rust-smithay-0.7.0.20d2dac): New variables.
* gnu/packages/rust-crates.scm (lookup-cargo-inputs) [niri]: Update entry.
[rust-pipewire-0.8.0.93138d0, rust-smithay-0.7.0.20d2dac]: New entries.

Change-Id: I0ca02f2a8aa360cbdbe94f569e37ac175ead8d1e

dd2ec4ec — Danny Milosavljevic 8 months ago

gnu: qemu: Enable execlog disassembly.

* gnu/packages/virtualization.scm (qemu)[inputs]: Add capstone.
[arguments]<#:phases>[install-plugins]: Install contrib.

Closes: #2081
Change-Id: I47365707e58a7b61e0d7195e48f819f0a1551f84

db6361bc — Ludovic Courtès 8 months ago

news: Add entry for the ‘content-addressed-mirrors’ security fix.

* etc/news.scm: Add entry.

Change-Id: Ia96a6f80d6ec557e222f2b5ee17e7c79c0eb3cbf

1618ca7a — Ludovic Courtès 8 months ago

gnu: guix: Update to 9202921 [security].

Fixes guix/guix#2419.

* gnu/packages/package-management.scm (guix): Update to 9202921.

Change-Id: I7476c4e90be61a9607731731534d988eba168104

9202921e — Reepca Russelstein 9 months ago

perform-download: Use (ice-9 sandbox) for mirrors.

"guix perform-download" is used to implement the daemon's "download" and
"git-download" builtin builders.  Because these are builtins, it runs without
any additional isolation beyond merely running as a build user.  In such a
context, allowing arbitrary user-supplied code to be evaluated will easily
lead to the build user being taken over, which can then be used to corrupt
future builds, enable exploitation of certain vulnerabilities, and in the case
of the rootless daemon completely take over guix-daemon.

Use (ice-9 sandbox) to ensure that only safe bindings are available during the
evaluation of the content-addressed-mirrors file.

* guix/perform-download.scm (%safe-bindings, %sandbox-module): new variables.
  (syntax-noop): new syntax.
  (eval-content-addressed-mirrors, assert-store-file,
   call-with-input-file/no-symlinks): new procedures.
  (perform-download): use assert-store-file to ensure files are in the store
  before being read.  Use call-with-input-file/no-symlinks for opening
  untrusted files.  Use eval-content-addressed-mirrors to evaluate the
  content-addressed-mirrors file.

Change-Id: I8ed27a95d84dbcc7d72d0d75f172d113f8be6c79
Signed-off-by: Ludovic Courtès <ludo@gnu.org>

f607aaaa — Reepca Russelstein 9 months ago

download: Handle content-addressed-mirrors returning #f.

* guix/build/download.scm (url-fetch): don't pass the return value from a
  content-addressed-mirror procedure to 'string->uri' if it is #f.

Change-Id: Ic4f94f86fcfebe6f2e60cb3c4330ce57886ab647
Signed-off-by: Ludovic Courtès <ludo@gnu.org>

2a333541 — Reepca Russelstein 9 months ago

perform-download: Ensure reading never evaluates code.

Since this is used to implement the "download" and "git-download" builtins,
which are run outside of any chroot, this is trusted code with respect to the
user-supplied strings it reads.

* guix/scripts/perform-download.scm (read/safe): new procedure.
  (perform-download, perform-git-download): use it.
  (guix-perform-download): explicitly set 'read-eval?' to #f and
  'read-hash-procedures' to '().  #f is the default value of 'read-eval?' on
  startup, but set it anyway to be certain.

Change-Id: I93cb8e32607a6f9a559a26c1cbd6b88212ead884
Signed-off-by: Ludovic Courtès <ludo@gnu.org>

43bb79fc — Omar Bassam 8 months ago

gnu: sbcl-clss: Update to 0.3.1-3.cd5f603

* gnu/packages/lisp-xyz.scm (sbcl-clss): Update to 0.3.1-3.cd5f603

Change-Id: I479a79b1a1d3ac45ef31d9c02cc187fa072bf219
Signed-off-by: Omar Bassam <omar.bassam88@gmail.com>
Signed-off-by: jgart <jgart@dismail.de>

f73a492a — Artyom V. Poptsov 8 months ago

gnu: lr: Update to 2.0.

* gnu/packages/admin.scm (lr): Update to 2.0.
[arguments]: Use GEXPs.

Change-Id: I3264ccc86aa699a1e77c0388b48c801c5a4392ac

acc331fa — Maxim Cournoyer 8 months ago

gnu: ghc-hsopenssl: Update to 0.11.7.9.

* gnu/packages/haskell-crypto.scm (ghc-hsopenssl): Update to 0.11.7.9.
[#:configure-flags]: New argument.

Change-Id: I2719bdef7e6bbd76fe4c079d663917839a787e81

0260cf87 — Maxim Cournoyer 8 months ago

gnu: qemu: Update to 10.1.0.

* gnu/packages/virtualization.scm (qemu): Update to 10.1.0.
[source] <patches>: Remove qemu-disable-bios-tables-test and
qemu-glibc-2.41.patch patches; add qemu-fix-test-virtio-version.patch.
* gnu/packages/patches/qemu-disable-bios-tables-test.patch: Rebase.
* gnu/packages/patches/qemu-disable-migration-test.patch: Delete file.
* gnu/packages/patches/qemu-glibc-2.41.patch: Likewise.
* gnu/packages/patches/qemu-fix-test-virtio-version.patch: New file.
* gnu/local.mk (dist_patch_DATA): Update accordingly.

Change-Id: I0203137a144f89dcc502d1bcb2fa6f717b7223ff

d431f462 — Nicolas Graves 8 months ago

cve: Upgrade to JSON 2.0 feeds.

Fixes guix/guix#2213.  The 1.1-formatted-data is no longer available
from NIST.

* guix/cve.scm (string->date*, <cve-item>,
reference-data->cve-configuration, cpe-match->cve-configuration,
configuration-data->cve-configurations, json->cve-items,
yearly-feed-uri, cve-item->vulnerability): Upgrade to JSON 2.0 feeds
schema.
(<cve>): Remove uneeded record.
* tests/cve-sample.json: Update them. Remove CVE-2019-0005 (no value
added, lots of lines).
* tests/cve.scm (%expected-vulnerabilities): Upgrade accordingly.
(json->cve-items, vulnerabilities->lookup-proc tests): Update accordingly.

Signed-off-by: Ludovic Courtès <ludo@gnu.org>