Ensure all files being built are dated no earlier than 1980 by copying in a
modified (@@ (guix build python-build-system) ensure-no-mtimes-pre-1980) which
is symlink-aware. This copy should be removed when the original procedure is
modified to avoid calling UTIME on symlinks.
* gnu/packages/virtualization.scm (criu)[arguments]: Add
'ensure-no-mtimes-pre-1980' phase.
[inputs]: Remove python.
[native-inputs]: Add python-toolchain.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Fixes: CVE-2023-28755 (ReDoS vulnerability in URI), and
CVE-2023-28756 (ReDoS vulnerability in Time).
* gnu/packages/ruby.scm (ruby-3.2): Update to 3.2.2.
Signed-off-by: Andreas Enge <andreas@enge.fr>
Fixes: CVE-2023-28755 (ReDoS vulnerability in URI), and
CVE-2023-28756 (ReDoS vulnerability in Time).
* gnu/packages/ruby.scm (ruby-3.1): Update to 3.1.4.
Signed-off-by: Andreas Enge <andreas@enge.fr>
Fixes: CVE-2023-28755 (ReDoS vulnerability in URI), and
CVE-2023-28756 (ReDoS vulnerability in Time).
* gnu/packages/ruby.scm (ruby-3.0): Update to 3.0.6.
Signed-off-by: Andreas Enge <andreas@enge.fr>
This change was more invasive than initially thought, and cannot be disabled
easily, as raised by a few people. Let's revert it for now. At least the
pre-push hook should be deployed automatically and catch any unsigned commits
attempted to be pushed to Savannah.
* etc/git/gitconfig [commit]: Remove section.
Adding linux-pam to inputs allows swaylock to run without setuid if
configured with a proper pam file.
* gnu/packages/wm.scm (swaylock)[inputs]: Add LINUX-APM.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
The old install phase didn't handle nested directories (which there are) and
the cmake files didn't seem to install the go files in a way that guile would
use so I just used the guile build system instead.
Also Studio works much better when it know where the libraries are.
* gnu/packages/engineering.scm (libfive)
[imported-modules]: Add (guix build guile-build-system).
[modules]: Add (guix build guile-build-system).
[configure-flags]: Remove.
[phases]: Remove phases 'fix-autocompilation and 'install-scm-files. Add
phase 'do-not-build-guile-bindings and add phase 'guile-build which uses the
guile build system. Add wrap-studio phase.
[inputs]: Add bash-minimal for the wrapper. Use qtbase instead of qtbase-5
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Previously, the '--key-server' option would be ignored in an invocation
like:
./pre-inst-env guix refresh python-scipy=1.8.1 -t pypi -u \
--key-server=pgp.mit.edu
* guix/upstream.scm (download-tarball): Add #:key-server parameter and
pass it to 'gnupg-verify*'.
(package-update/url-fetch, package-update/git-fetch)
(package-update): Likewise.
* guix/scripts/refresh.scm (update-package): Add #:key-server and pass
it down to 'package-update'.
(guix-refresh): Pass #:key-server to 'update-package'.
Passing '-DBUILD_COMPLEX=OFF' to lapack would eventually lead to a link
error.
Reported by Florian Pelz <pelzflorian@pelzflorian.de>.
* doc/guix.texi (Package Transformation Options): Change
'--with-configure-flag' example.
* etc/news.scm: Likewise.
Fixes up 9c161c1f0d, which renamed the accessor of <openssh-configuration> but
failed to adjust the single usage.
* gnu/services/ssh.scm (openssh-config-file): Rename
openssh-challenge-response-authentication? call to
openssh-configuration-challenge-response-authentication?.
This is a follow-up commit to the preceding commit, which exported all
<openssh-configuration> accessors.
* gnu/services/ssh.scm (<openssh-configuration>): Rename
openssh-challenge-response-authentication? to
openssh-configuration-challenge-response-authentication?. It's a mouthful,
but is at least consistent with the rest.
