Commit graph

49362 commits

Author SHA1 Message Date
Ludovic Courtès
5d800cb931
news: Add entry for security issue with /var/guix/profiles/per-user.
* etc/news.scm: Add entry for security issue in multi-user setups.
2019-10-16 23:05:17 +02:00
Ludovic Courtès
81c580c866
daemon: Make 'profiles/per-user' non-world-writable.
Fixes <https://bugs.gnu.org/37744>.
Reported at <https://www.openwall.com/lists/oss-security/2019/10/09/4>.

Based on Nix commit 5a303093dcae1e5ce9212616ef18f2ca51020b0d
by Eelco Dolstra <edolstra@gmail.com>.

* nix/libstore/local-store.cc (LocalStore::LocalStore): Set 'perUserDir'
to #o755 instead of #o1777.
(LocalStore::createUser): New function.
* nix/libstore/local-store.hh (LocalStore): Add it.
* nix/libstore/store-api.hh (StoreAPI): Add it.
* nix/nix-daemon/nix-daemon.cc (performOp): In 'wopSetOptions', add
condition to handle "user-name" property and honor it.
(processConnection): Add 'userId' parameter.  Call 'store->createUser'
when userId is not -1.
* guix/profiles.scm (ensure-profile-directory): Note that this is now
handled by the daemon.
* guix/store.scm (current-user-name): New procedure.
(set-build-options): Add #:user-name parameter and pass it to the daemon.
* tests/guix-daemon.sh: Test the creation of 'profiles/per-user' when
listening on a TCP socket.
* tests/store.scm ("profiles/per-user exists and is not writable")
("profiles/per-user/$USER exists"): New tests.
2019-10-16 22:53:40 +02:00
Ludovic Courtès
a1aaca314c
build: Remove references to 'NIX_LOCALSTATE_DIR'.
* build-aux/test-env.in: Remove references to 'NIX_LOCALSTATE_DIR'.
2019-10-16 22:53:40 +02:00
Ludovic Courtès
47e99e626b
daemon: Remove traces of 'NIX_ROOT_FINDER'.
This is a followup to 2e3e5d2198.

* build-aux/test-env.in: Remove mentions of 'NIX_ROOT_FINDER'.
* nix/libstore/gc.cc (LocalStore::collectGarbage): Adjust comment
accordingly.
2019-10-16 22:53:40 +02:00
Brian Leung
65ecf3a7af
gnu: emacs-yasnippet: Don't use unstable tarball.
* gnu/packages/emacs-xyz.scm (emacs-yasnippet)[source]: Use GIT-FETCH and
  GIT-FILE-NAME.
[source]: Enable tests.
2019-10-16 22:23:50 +02:00
Brian Leung
abca6cf85a
gnu: emacs-lpy: Update to 0.1.0-3.43b401f.
* gnu/packages/emacs-xyz.scm (emacs-lpy): Update to 0.1.0-3.43b401f.
2019-10-16 21:26:53 +02:00
Tobias Geerinckx-Rice
8fc3116eeb
gnu: bind: Update to 9.14.7 [fixes CVE-2019-6475 & CVE-2019-6476].
* gnu/packages/dns.scm (isc-bind): Update to 9.14.7.
2019-10-16 20:14:52 +02:00
Tobias Geerinckx-Rice
8361b9011a
gnu: perl-class-method-modifiers: Update to 2.13.
* gnu/packages/perl.scm (perl-class-method-modifiers): Update to 2.13.
[native-inputs]: Replace perl-test-requires with perl-test-needs.
2019-10-16 18:42:48 +02:00
Tobias Geerinckx-Rice
11a9b945cc
gnu: sudo: Update to 1.8.28p1.
* gnu/packages/admin.scm (sudo): Update to 1.8.28p1.
2019-10-16 17:24:49 +02:00
Ricardo Wurmus
b2dcfaf2d1
gnu: rkrlv2: Update to 0-2.7edcb4e.
* gnu/packages/music.scm (rkrlv2): Update to 0-2.7edcb4e.
2019-10-16 13:35:41 +02:00
Efraim Flashner
4a822462ef
Revert "gnu: aspell: Update to 0.60.8."
This reverts commit 4fcb6a3558.

aspell causes about 1400 packages to be rebuilt.
2019-10-16 09:31:54 +03:00
Efraim Flashner
9eb6d7125b
gnu: aspell-dict-pt-pt: Upgrade to 20190329-1-0.
* gnu/packages/aspell.scm (aspell-dict-pt-pt): Upgrade to 20190329-1-0.
2019-10-16 09:26:59 +03:00
Efraim Flashner
947141fdef
gnu: aspell-dict-pt-br: Upgrade to 20131030-12-0.
* gnu/packages/aspell.scm (aspell-dict-pt-br): Upgrade to 20131030-12-0.
2019-10-16 09:25:58 +03:00
Efraim Flashner
9d0abf0f2e
gnu: aspell-dict-en: Upgrade to 2019.10.06-0.
* gnu/packages/aspell.scm (aspell-dict-en): Upgrade to 2019.10.06-0.
2019-10-16 09:23:37 +03:00
Efraim Flashner
4dfc73692b
gnu: aspell-dict-de: Update to 20161207-7-0.
* gnu/packages/aspell.scm (aspell-dict-de): Update to 20161207-7-0.
2019-10-16 09:22:23 +03:00
Efraim Flashner
4fcb6a3558
gnu: aspell: Update to 0.60.8.
* gnu/packages/aspell.scm (aspell): Update to 0.60.8.
[source]: Remove patch.
* gnu/packages/patches/aspell-gcc-compat.patch: Remove file.
* gnu/local.mk (dist_patch_DATA): Remove it.
2019-10-16 09:19:50 +03:00
Tobias Geerinckx-Rice
1ee0ac3f0d
gnu: man-pages: Update to 5.03.
* gnu/packages/man.scm (man-pages): Update to 5.03.
2019-10-16 05:41:02 +02:00
Tobias Geerinckx-Rice
655ffa6ab3
gnu: perl-class-c3-adopt-next: Update to 0.14.
* gnu/packages/perl.scm (perl-class-c3-adopt-next): Update to 0.14.
[native-inputs]: Add perl-module-build and perl-module-build-tiny.
2019-10-16 05:41:01 +02:00
Tobias Geerinckx-Rice
9ffbc2456b
gnu: perl-file-find-object-rule: Update to 0.0311.
* gnu/packages/perl.scm (perl-file-find-object-rule): Update to 0.0311.
2019-10-16 05:41:01 +02:00
Tobias Geerinckx-Rice
6f2697f748
gnu: perl-datetime-format-flexible: Make test input native.
* gnu/packages/perl.scm (perl-datetime-format-flexible)
[native-inputs]: Move perl-test-mocktime here…
[propagated-inputs]: …from here.
2019-10-16 05:41:01 +02:00
Tobias Geerinckx-Rice
f2eacb3b33
gnu: perl-datetime-format-flexible: Fix typo in synopsis.
* gnu/packages/perl.scm (perl-datetime-format-flexible)[synopsis]: Fix typo.
2019-10-16 05:41:01 +02:00
Tobias Geerinckx-Rice
ae3f309033
gnu: perl-datetime-format-flexible: Update to 0.32.
* gnu/packages/perl.scm (perl-datetime-format-flexible): Update to 0.32.
[native-inputs]: Add perl-test-exception and perl-test-nowarnings.
2019-10-16 05:41:01 +02:00
Tobias Geerinckx-Rice
803b973668
gnu: perl-net-dns: Update to 1.21.
* gnu/packages/networking.scm (perl-net-dns): Update to 1.21.
2019-10-16 05:41:00 +02:00
Tobias Geerinckx-Rice
c1abd9d7e7
gnu: perl-yaml: Update to 1.29.
* gnu/packages/perl.scm (perl-yaml): Update to 1.29.
2019-10-16 05:41:00 +02:00
Tobias Geerinckx-Rice
0910bf508f
gnu: perl-yaml-libyaml: Update to 0.80.
* gnu/packages/perl.scm (perl-yaml-libyaml): Update to 0.80.
2019-10-16 05:41:00 +02:00
Tobias Geerinckx-Rice
dedb10b24b
gnu: perl-test-runvalgrind: Update to 0.2.1.
* gnu/packages/perl-check.scm (perl-test-runvalgrind): Update to 0.2.1.
2019-10-16 05:41:00 +02:00
Tobias Geerinckx-Rice
8524b1b8b4
gnu: perl-gtk2: Update to 1.24993.
* gnu/packages/gtk.scm (perl-gtk2): Update to 1.24993.
2019-10-16 05:41:00 +02:00
Tobias Geerinckx-Rice
ee70f49b77
gnu: kakoune: Update to 2019.07.01.
* gnu/packages/text-editors.scm (kakoune): Update to 2019.07.01.
2019-10-16 05:40:59 +02:00
Tobias Geerinckx-Rice
79bc917685
gnu: python-pylibmc: Update to 1.6.1.
* gnu/packages/databases.scm (python-pylibmc): Update to 1.6.1.
2019-10-16 05:40:59 +02:00
Tobias Geerinckx-Rice
5051ef95b8
gnu: python-tornado-http-auth: Update to 1.1.1.
* gnu/packages/python-web.scm (python-tornado-http-auth): Update to 1.1.1.
2019-10-16 05:40:59 +02:00
Eric Bavier
3268fba3d2
gnu: onionshare: Update to 2.2.
* gnu/packages/tor.scm (onionshare): Update to 2.2.
[inputs]: Add python-flask-httpauth.
[arguments]: Adjust 'fix-install-path' to new file name.
[description]: Improve wording and clarity.
[license]: Add expat license for bundled jquery.
2019-10-15 22:35:25 -05:00
Brian Leung
808dd2d0ab
gnu: python-language-server: Update to 0.29.1.
* gnu/packages/python-xyz.scm (python-language-server): Update to 0.29.1.
[inputs]: Add python-flake8
2019-10-15 15:06:58 -07:00
Efraim Flashner
11af54466c
gnu: econnman: Build with python.
* gnu/packages/connman.scm (econnman)[inputs]: Remove python-2,
python2-dbus, python2-efl. Add python-wrapper, python-dbus, python-efl.
2019-10-15 23:48:11 +03:00
Efraim Flashner
4eb639ccf9
gnu: connman: Update build inputs.
* gnu/packages/connman.scm (connman)[arguments]: Don't enable pptp, it
isn't available.
[native-inputs]: Remove python-2, add python-wrapper.
[inputs]: Remove polkit, add xl2tpd.
2019-10-15 23:48:11 +03:00
Efraim Flashner
1f3700a43c
gnu: xl2tpd: Update to 1.3.15.
* gnu/packages/vpn.scm (xl2tpd): Update to 1.3.15.
2019-10-15 23:48:10 +03:00
Efraim Flashner
0309e004e9
gnu: xl2tpd: Fix install directory.
* gnu/packages/vpn.scm (xl2tpd)[arguments]: Unset DESTDIR, set PREFIX.
2019-10-15 23:48:10 +03:00
Arun Isaac
131e967699
gnu: ansible: Update to 2.8.5.
* gnu/packages/admin.scm (ansible): Update to 2.8.5.
2019-10-16 01:31:35 +05:30
Arun Isaac
ba8551ec79
gnu: ansible: Work around issues with Guix wrapper scripts.
* gnu/packages/admin.scm (ansible)[arguments]: Remove fix-symlinks phase. Add
replace-symlinks phase.
2019-10-16 01:31:19 +05:30
Efraim Flashner
50bfb70b73
gnu: pwsafe: Move googletest to native-inputs.
* gnu/packages/password-utils.scm (pwsafe)[inputs]: Move googletest ...
[native-inputs]: ... to here.
2019-10-15 22:30:49 +03:00
Tim Gesthuizen
747aa6c46b
gnu: pwsafe: Update to 3.5.0
* gnu/packages/password-utils.scm (pwsafe): Update to 3.5.0.
[source]: Use git-file-name.

Signed-off-by: Efraim Flashner <efraim@flashner.co.il>
2019-10-15 22:01:23 +03:00
Efraim Flashner
40cad6b956
gnu: wm.scm: Sort module imports.
* gnu/packages/wm.scm: Sort module imports.
2019-10-15 21:57:36 +03:00
Efraim Flashner
005c2ccf2b
gnu: polybar: Add jsoncpp.
* gnu/packages/wm.scm (polybar)[inputs]: Add jsoncpp.
2019-10-15 21:51:07 +03:00
Efraim Flashner
44b7352073
gnu: polybar: Update source uri.
* gnu/packages/wm.scm (polybar)[source]: Update source uri. Remove
file-name.
2019-10-15 21:37:29 +03:00
tanguy@bioneland.org
d5329de9ac
gnu: polybar: Update to 3.4.0.
* gnu/packages/wm.scm (polybar): Update to 3.4.0.

Signed-off-by: Efraim Flashner <efraim@flashner.co.il>
2019-10-15 21:19:51 +03:00
Christopher Baines
ef0c265438
inferior: Set the error port when using older Guix versions.
This makes the behaviour more consistent.

* guix/inferior.scm (inferior-pipe): Wrap the second open-pipe* call with
with-error-to-port, to match the first call to open-pipe*.
2019-10-15 19:01:50 +01:00
Christopher Baines
f0428c18f8
inferior: Allow controlling the inferior error port.
Previously, stderr for the inferior process would always be sent to /dev/null
because the current-output-port when the process is launched is a void
port. This change means that it's possible to pass in a different port to use.

* guix/inferior.scm (inferior-pipe): Take the error-port as an argument.
(open-inferior): Add new error-port keyword argument, with a default
of (%make-void-port "w").
2019-10-15 19:01:47 +01:00
Marius Bakke
1007640a63
gnu: ruby-concurrent: Update to 1.1.5.
* gnu/packages/patches/ruby-concurrent-ignore-broken-test.patch,
gnu/packages/patches/ruby-concurrent-test-arm.patch: Delete files.
* gnu/local.mk (dist_patch_DATA): Adjust accordingly.
* gnu/packages/ruby.scm (ruby-concurrent): Update to 1.1.5.
[source](patches): Remove.
[arguments]: Set #:test-target to "ci".  Remove obsolete phases.  Remove
dependencies on 'rake_compiler_dock' and concurrent_ruby.jar.
2019-10-15 17:19:27 +02:00
Marius Bakke
8fcba3be28
gnu: ruby-concurrent: Do not use unstable source tarball.
* gnu/packages/ruby.scm (ruby-concurrent)[source]: Switch to GIT-FETCH.
2019-10-15 17:19:27 +02:00
Tobias Geerinckx-Rice
7d87eede5d
gnu: network-manager-openvpn: Update to 1.8.10.
* gnu/packages/gnome.scm (network-manager-openvpn): Update to 1.8.10.
2019-10-15 17:16:48 +02:00
Tobias Geerinckx-Rice
3df63444f3
gnu: network-manager-applet: Don't use NAME in source URI.
* gnu/packages/gnome.scm (network-manager-applet)[source]: Hard-code NAME.
2019-10-15 17:16:48 +02:00