While 'url-fetch*' in (guix download) special-cases these URIs, 'git-fetch'
does not. Consequently, the recent changes to (guix scripts perform-download)
that disallow these URIs cause tests that use builtin:git-download to fail.
* guix/tests/git.scm (serve-git-repository, call-with-served-git-repository):
new procedures.
(with-served-git-repository, with-served-temporary-git-repository): new
syntax.
* .dir-locals.el (scheme-mode): add indentation information for
'with-served-git-repository'.
* tests/builders.scm ("git-fetch, file URI"): use git:// URI with
'with-served-temporary-git-repository'.
* tests/derivations.scm ("'git-download' build-in builder, invalid hash",
"'git-download' built-in builder, invalid commit", "'git-download' built-in
builder, not found"): same.
("'git-download' built-in builder"): same, and use a nonce in the repo
contents so that success isn't cached.
Change-Id: Id3e1233bb74d5987faf89c4341e1d37f09c77c80
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
In the case of the rootless daemon, perform-download runs as the daemon user.
There are files - such as /etc/guix/signing-key.sec - that guix-daemon can
read but that it is essential that ordinary users cannot.
Currently url-fetch can't access raw filenames, and it doesn't include a case
for "file://" urls. 'git-fetch-with-fallback' can fetch from "file://" urls,
but it requires that the specified url is a valid git repository.
To be on the safe side, and to insulate against any changes to what url-fetch
and git support, explicitly disallow raw filenames and "file://" urls.
* guix/scripts/perform-download.scm (assert-non-local-urls): new procedure.
(perform-download, perform-git-download): use it.
Change-Id: Ibf2a91e696246eccb89c2423fcbcabb2131d3be5
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Git's option parsing is more flexible than its command synopses would lead one
to believe: they can apparently be passed even after positional arguments.
Some of these options can be quite nasty if an attacker is able to choose
them.
Additionally, some commands offer no way of disambiguating the meaning of an
argument. For example, "git checkout" has no way of specifying that an
argument should be unconditionally treated as a commit specifier instead of,
say, an option or a filespec.
* guix/build/git.scm (git-fetch): pass "--" to every git invocation that
includes non-constant strings. Explicitly reject commits that start with
"-".
Change-Id: I3b1707ff8f8544925d1549472f0bda7954249f89
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
* gnu/packages/luanti.scm (luanti-voxelibre): Update to 0.90.1.
[synopsis]: Do not start with article.
[description]: Use double spaces between sentences.
Change-Id: I135a8e0eb9e1af44d5a9feeba6827579be968baa
* gnu/packages/python-web.scm (python-fastapi-pagination)[arguments]
<test-flags>: Skip some tests requiring network access and provide
"--asyncio-mode=auto".
Change-Id: I788b0656cba44729984a6c1f8dcbd8a276967b7a
* gnu/packages/django.scm (python-django-allauth): Update to 65.7.0,
the first version that officially supports Django 5.2.
[native-inputs]: Add python-pytest-asyncio.
Change-Id: I088abf44da232ade8e7ac5ba8ac3dd9098dd2628
Signed-off-by: Sharlatan Hellseher <sharlatanus@gmail.com>
* gnu/services/base.scm (run-with-writable-store): Make it a no-op when
the store is already writable (useful for testing).
Change-Id: If598638e9d3eeac242c265cba77f27e4a15f8d9b
* gnu/packages/bioinformatics.scm (python-intervaltree): Move from here ...
* gnu/packages/python-xyz.scm: ... to here.
Change-Id: I49d3e4959f2aff99fc3faf42b3f5dae60622ef47
* gnu/packages/cybersecurity.scm (ropgadget): Update to 7.6.
[build-system]: Switch to pyproject-build-system.
[arguments] <tests?>: No test data in PyPI archive.
<phases>: Use custom 'check.
[native-inputs]: Add python-setuptools.
Change-Id: Iaa2cb856c35df4e263f1b72d048b705325f4c411
The Mozilla archive is no longer actively mirroring the source for this package.
* gnu/packages/xiph.scm (opus): Update to 1.5.2.
[source]: Update origin URI.
Change-Id: Iaea105fec92593ce8c62e7874e8362921fef779b
Signed-off-by: Gabriel Wicki <gabriel@erlikon.ch>
* gnu/packages/potassco.scm (python-plingo): Fix build.
[arguments] <#tests?>: Set to #f as there are no tests.
[native-inputs]: Remove python-wheel.
Change-Id: I0ca048796397489ed04a7c697f52e7658eaba9cb
Reviewed-by: Liliana Marie Prikler <liliana.prikler@gmail.com>
Signed-off-by: Sharlatan Hellseher <sharlatanus@gmail.com>
* gnu/packages/maths.scm (kissat)[#:phases] <patch-source>: Don't
include current date in build-header.
Change-Id: Iae8dde38de8badb2f5975f69b2221faebd043371
Reviewed-by: Nicolas Goaziou <mail@nicolasgoaziou.fr>
Signed-off-by: Sharlatan Hellseher <sharlatanus@gmail.com>
