Commit graph

26 commits

Author SHA1 Message Date
Ludovic Courtès
a3619079f9
Remove now unnecessary uses of (guix grafts).
These modules would use (guix grafts) just to access '%graft?' and
related bindings, which are now in (guix store).

* gnu/ci.scm,
guix/gexp.scm,
guix/lint.scm,
guix/scripts.scm,
guix/scripts/archive.scm,
guix/scripts/build.scm,
guix/scripts/challenge.scm,
guix/scripts/deploy.scm,
guix/scripts/environment.scm,
guix/scripts/home.scm,
guix/scripts/pack.scm,
guix/scripts/package.scm,
guix/scripts/pull.scm,
guix/scripts/size.scm,
guix/scripts/system.scm,
guix/scripts/weather.scm,
tests/builders.scm,
tests/channels.scm,
tests/cpan.scm,
tests/derivations.scm,
tests/gexp.scm,
tests/graph.scm,
tests/guix-daemon.sh,
tests/monads.scm,
tests/pack.scm,
tests/packages.scm,
tests/profiles.scm,
tests/system.scm: Remove #:use-module (guix grafts).
2022-10-22 01:46:55 +02:00
Ludovic Courtès
ca87601dd9
git-authenticate: Ensure the target is a descendant of the introductory commit.
Fixes a bug whereby authentication of a commit *not* descending from the
introductory commit could succeed, provided the commit verifies the
authorization invariant.

In the example below, A is a common ancestor of the introductory commit
I and of commit X.  Authentication of X would succeed, even though it is
not a descendant of I, as long as X is authorized according to the
'.guix-authorizations' in A:

   X   	 I
    \   /
      A

This is because, 'authenticate-repository' would not check whether X
descends from I, and the call (commit-difference X I) would return X.

In practice that only affects forks because it means that ancestors of
the introductory commit already contain a '.guix-authorizations' file.

* guix/git-authenticate.scm (authenticate-repository): Add call to
'commit-descendant?'.
* tests/channels.scm ("authenticate-channel, not a descendant of introductory commit"):
New test.
* tests/git-authenticate.scm ("authenticate-repository, target not a descendant of intro"):
New test.
* tests/guix-git-authenticate.sh: Expect earlier test to fail since
9549f0283a is not a descendant of
$intro_commit.  Add new test targeting an ancestor of the introductory
commit, and another test targeting the v1.2.0 commit.
* doc/guix.texi (Specifying Channel Authorizations): Add a sentence.
2022-02-14 11:23:08 +01:00
Attila Lendvai
9ebc9ca070
tests: Move keys into ./tests/keys/ and add a third ed25519 key.
The third key will be used in an upcoming commit.

Rename public keys to .pub.

* guix/tests/gnupg.scm (%ed25519-3-public-key-file): New variable.
(%ed25519-3-secret-key-file): New variable.
(%ed25519-2-public-key-file): Renamed from %ed25519bis-public-key-file.
(%ed25519-2-secret-key-file): Renamed from %ed25519bis-secret-key-file.
* tests/keys/ed25519-3.key: New file.
* tests/keys/ed25519-3.sec: New file.

Signed-off-by: Mathieu Othacehe <othacehe@gnu.org>
2021-12-22 10:53:19 +01:00
Ludovic Courtès
778c1fb4ea
channels: 'channel-news-entry-commit' correctly resolves annotated tags.
Previously, 'channel-news-entry-commit' would return the tag ID rather
than the commit ID when the news entry was referred to via an annotated
tag.

Reported by Xinglu Chen <public@yoctocell.xyz>.

* guix/channels.scm (resolve-channel-news-entry-tag): Check whether the
reference points to annotated tag; resolve it if it does.
* tests/channels.scm ("channel-news, annotated tag"): New test.
2021-09-18 19:37:45 +02:00
Ludovic Courtès
d3162b98a8
tests: Add missing copyright line.
* tests/channels.scm: Add copyright line for past changes.
2020-10-12 18:23:47 +02:00
Ludovic Courtès
6c46e477eb
channels: Address test failure.
Fixes <https://bugs.gnu.org/43940>.
Reported by Maxim Cournoyer <maxim.cournoyer@gmail.com>.

The "channel-instances->manifest" test would fail since
1d4ab335b2: 'quiet-guile' would be passed #f
as GUILE, and thus 'package-version' would fail with wrong-type-arg.

* guix/channels.scm (whole-package-for-legacy): Pass #:guile to
'whole-package'.
* tests/channels.scm ("channel-instances->manifest"): Remove 'test-expect-fail'.
2020-10-12 11:28:56 +02:00
Maxim Cournoyer
875c01f82d
tests: Mark the channel-instances->manifest as expected to fail.
Allow the Guix package to be updated while awaiting resolution for
<https://issues.guix.gnu.org/43940>.

* tests/channels.scm (channel-instances->manifest): Mark test as expected to
fail.
2020-10-12 00:30:14 -04:00
Ludovic Courtès
d51bfe242f
Use 'formatted-message' instead of '&message' where appropriate.
* gnu.scm (%try-use-modules): Use 'formatted-message' instead of
'&message'.
* gnu/machine/digital-ocean.scm (maybe-raise-unsupported-configuration-error):
Likewise.
* gnu/machine/ssh.scm (machine-check-file-system-availability): Likewise.
(machine-check-building-for-appropriate-system): Likewise.
(deploy-managed-host): Likewise.
(maybe-raise-unsupported-configuration-error): Likewise.
* gnu/packages.scm (search-patch): Likewise.
* gnu/services.scm (%service-with-default-value): Likewise.
(files->etc-directory): Likewise.
(fold-services): Likewise.
* gnu/system.scm (locale-name->definition*): Likewise.
* gnu/system/mapped-devices.scm (check-device-initrd-modules): Likewise.
(check-luks-device): Likewise.
* guix/channels.scm (latest-channel-instance): Likewise.
* guix/cve.scm (json->cve-items): Likewise.
* guix/git-authenticate.scm (commit-signing-key): Likewise.
(commit-authorized-keys): Likewise.
(authenticate-commit): Likewise.
(verify-introductory-commit): Likewise.
* guix/remote.scm (remote-pipe-for-gexp): Likewise.
* guix/scripts/graph.scm (assert-package): Likewise.
* guix/scripts/offload.scm (private-key-from-file*): Likewise.
* guix/ssh.scm (authenticate-server*): Likewise.
(open-ssh-session): Likewise.
(remote-inferior): Likewise.
* guix/ui.scm (matching-generations): Likewise.
* guix/upstream.scm (package-update): Likewise.
* tests/channels.scm ("latest-channel-instances, missing introduction for 'guix'"):
Catch 'formatted-message?'.
("authenticate-channel, wrong first commit signer"): Likewise.
* tests/lint.scm ("patches: not found"): Adjust message string.
* tests/packages.scm ("patch not found yields a run-time error"): Catch
'formatted-message?'.
* guix/lint.scm (check-patch-file-names): Handle 'formatted-message?'.
(check-derivation): Ditto.
2020-07-25 19:11:37 +02:00
Ludovic Courtès
a5e2fc7376
utils: Move <location> and '&error-location' to (guix diagnostics).
* guix/utils.scm (<location>, source-properties->location)
(location->source-properties, &error-location): Move to...
* guix/diagnostics.scm: ... here.
* gnu.scm: Adjust imports accordingly.
* gnu/machine.scm: Likewise.
* gnu/system.scm: Likewise.
* gnu/tests.scm: Likewise.
* guix/inferior.scm: Likewise.
* tests/channels.scm: Likewise.
* tests/packages.scm: Likewise.
2020-07-25 19:11:36 +02:00
Ludovic Courtès
d774c7b121
channels: Dependencies listed in '.guix-channel' can have an introduction.
Suggested by Ricardo Wurmus and Simon Tournier.

* guix/channels.scm (sexp->channel-introduction): New procedure.
(read-channel-metadata): Use it.
(profile-channels)[sexp->channel-introduction]: Remove.
* tests/channels.scm ("latest-channel-instances, authenticate dependency"):
New test.
* doc/guix.texi (Channels)[Declaring Channel Dependencies]: Augment example.
2020-07-01 23:34:51 +02:00
Ludovic Courtès
884df77640
channels: Properly diagnose test failure.
This fixes a style issue similar to that of
a18d02def9.

* tests/channels.scm ("authenticate-channel, .guix-authorizations"):
Change to 'test-equal' so that test failures are properly diagnosed.
2020-07-01 23:34:51 +02:00
Ludovic Courtès
8b7d982e6a
channels: Make channel introductions public.
* guix/channels.scm (<channel-introduction>): Rename constructor to
'%make-channel-introduction'.
(make-channel-introduction): New procedure.
* tests/channels.scm ("authenticate-channel, wrong first commit signer")
("authenticate-channel, .guix-authorizations"): Use
'make-channel-introduction' without '@@' and without third argument.
* doc/guix.texi (Channels)[Channel Authentication, Specifying Channel
Authorizations]: New subsections.
2020-07-01 23:34:51 +02:00
Ludovic Courtès
ead5c46147
channels: Error out when the 'guix' channel lacks an introduction.
* guix/channels.scm (latest-channel-instance): Raise an error instead of
warning when 'guix is unauthenticated.
* tests/channels.scm ("latest-channel-instances, missing introduction for 'guix'"):
New test.
2020-06-28 23:26:53 +02:00
Ludovic Courtès
a18d02def9
channels: Fix test for introductory commit signer.
Until now the test would always succeed because it would return
'failed, which has truth value.  The exercise
'verify-introductory-commit', we need to add a second commit beyond the
introductory commit, which is what we do here.

* tests/channels.scm ("authenticate-channel, wrong first commit
signer"): Add a second commit and authenticate up to that one.  Change
'message?' to 'message-condition?'.
2020-06-25 01:20:31 +02:00
Ludovic Courtès
5bafc70d1e
channels: Make 'validate-pull' call right after clone/pull.
This should come before patching, authentication, etc.

* guix/channels.scm (latest-channel-instance): Add #:validate-pull
parameter and honor it.  Return a single value: the instance.
(ensure-forward-channel-update): Change 'instance' parameter to 'commit'
and adjust accordingly.
(latest-channel-instances): Adjust to 'latest-channel-instance' changes.
* guix/scripts/pull.scm (warn-about-backward-updates): Change 'instance'
parameter to 'commit' and adjust accordingly.
* tests/channels.scm ("latest-channel-instances #:validate-pull"):
Likewise.
2020-06-16 16:10:47 +02:00
Ludovic Courtès
43badf261f
channels: 'latest-channel-instance' authenticates Git checkouts.
Fixes <https://bugs.gnu.org/22883>.

* guix/channels.scm (<channel>)[introduction]: New field.
(<channel-introduction>): New record type.
(%guix-channel-introduction): New variable.
(%default-channels): Use it.
(<channel-metadata>)[keyring-reference]: New field.
(%default-keyring-reference): New variable.
(read-channel-metadata, read-channel-metadata-from-source): Initialize
the 'keyring-reference' field.
(commit-short-id, verify-introductory-commit)
(authenticate-channel): New procedures.
(latest-channel-instance): Call 'authenticate-channel' when CHANNEL has
an introduction.
* tests/channels.scm (gpg+git-available?, commit-id-string): New
procedures.
("authenticate-channel, wrong first commit signer"):
("authenticate-channel, .guix-authorizations"): New tests.
* doc/guix.texi (Invoking guix pull): Mention authentication.
2020-06-16 16:10:47 +02:00
Ludovic Courtès
872898f768
channels: 'latest-channel-instances' guards against non-forward updates.
* guix/channels.scm (latest-channel-instance): Add #:starting-commit and
pass it to 'update-cached-checkout'.  Return the commit relation as a
second value.
(ensure-forward-channel-update): New procedure.
(latest-channel-instances): Add #:current-channels and #:validate-pull.
[current-commit]: New procedure.
Pass #:starting-commit to 'latest-channel-instance'.  When the returned
relation is true, call VALIDATE-PULL.
(latest-channel-derivation): Add #:current-channels and #:validate-pull.
Pass them to 'latest-channel-instances*'.
* tests/channels.scm ("latest-channel-instances #:validate-pull"): New
test.
2020-05-25 00:00:28 +02:00
Ludovic Courtès
8d1d56578a
git: 'update-cached-checkout' returns the commit relation.
* guix/git.scm (update-cached-checkout): Add #:starting-commit
parameter.  Call 'commit-relation' when #:starting-commit is true.
Always return the relation or #f as the third value.
(latest-repository-commit): Adjust accordingly.
* guix/import/opam.scm (get-opam-repository): Likewise.
* tests/channels.scm ("latest-channel-instances includes channel dependencies")
("latest-channel-instances excludes duplicate channel dependencies"):
Update mock of 'update-cached-checkout' accordingly.
2020-05-25 00:00:28 +02:00
Ludovic Courtès
053b10c3ef
channels: Add mechanism to patch checkouts of the 'guix channel.
* guix/channels.scm (<patch>): New record type.
(apply-patches): New procedure.
(latest-channel-instance)[dot-git?]: New procedure.
Use 'update-cached-checkout' and 'add-to-store' instead of
'latest-repository-commit'.  Call 'apply-patches' when CHANNEL is the
'guix channel.
(%patches): New variable.
* guix/git.scm (url+commit->name): Make public.
* tests/channels.scm ("latest-channel-instances includes channel dependencies")
("latest-channel-instances excludes duplicate channel dependencies"):
Mock 'update-cached-checkout' instead of 'latest-repository-commit'.
Wrap body in 'with-store' and pass the store to 'latest-channel-instances'.
2020-05-07 10:06:15 +02:00
Ludovic Courtès
9719e8d37a
channels: Allow news entries to refer to a tag.
Suggested by Ricardo Wurmus <rekado@elephly.net>.

* guix/channels.scm (<channel-news-entry>)[tag]: New field.
(sexp->channel-news-entry): Accept either 'commit' or 'tag' in 'entry'
forms.
(resolve-channel-news-entry-tag): New procedure.
(channel-news-for-commit): Move 'with-repository' form one level
higher.  Call 'resolve-channel-news-entry-tag' on all the news entries.
* guix/tests/git.scm (populate-git-repository): Add clause for 'tag'.
* tests/channels.scm ("channel-news, one entry"): Create a tag and add
an entry with a tag.  Check that the tag is resolved and also visible in
the <channel-news-entry> record.
* doc/guix.texi (Channels): Mention tags in news entries.
2019-09-23 10:38:44 +02:00
Ludovic Courtès
8ba7fd3cd6
channels: Add support for a news file.
* guix/channels.scm (<channel-metadata>)[news-file]: New field.
(read-channel-metadata): Set the 'news-file' field.
(read-channel-metadata-from-source): Likewise.
(<channel-news>, <channel-news-entry>): New record types.
(sexp->channel-news-entry, read-channel-news)
(channel-news-for-commit): New procedures.
* guix/tests/git.scm (populate-git-repository): For 'add', allow
CONTENTS to be a procedure.
* tests/channels.scm ("channel-news, no news")
("channel-news, one entry"): New tests.
* doc/guix.texi (Channels): Document it.
2019-09-23 10:38:44 +02:00
Ludovic Courtès
ce5d9ec875
channels: Always provide a <channel-metadata> record.
This simplifies the code since one no longer needs to think about
whether '.guix-channel' was present.

* guix/channels.scm (read-channel-metadata): Always pass a string as the
first argument to 'channel-metadata'.
(read-channel-metadata-from-source): Always return a <channel-metadata>
record.
(channel-instance-dependencies): Remove now unneeded 'match'.
(standard-module-derivation): Assume DIRECTORY is never #f and contains
a leading slash.
* tests/channels.scm (channel-metadata-directory)
(channel-metadata-dependencies): New procedures.
("channel-instance-metadata returns #f if .guix-channel does not
exist"): Remove.
("channel-instance-metadata returns default if .guix-channel does not
exist"): New test.
(make-instance): Use 'write' instead of 'display' when creating
'.guix-channel'.
(instance--no-deps): Remove dependencies.
(instance--sub-directory): New variable.
("channel-instance-metadata and default dependencies")
("channel-instance-metadata and directory"): New tests.
("latest-channel-instances excludes duplicate channel dependencies"):
Expect 'channel-commit' to return a string and adjust accordingly.
2019-07-19 11:53:47 +02:00
Ludovic Courtès
45b903323e
channels: Strictly check the version of '.guix-channel'.
Until now the 'version' field in '.guix-channel' could be omitted, or it
could be any value.

* guix/channels.scm (read-channel-metadata): Rename to...
(channel-instance-metadata): ... this.
(channel-instance-dependencies): Adjust accordingly.
(read-channel-metadata): New procedure.  Use 'match'
to require a 'version' field.  Provide proper error handling when the
channel sexp is malformed or when given an unsupported version number.
(read-channel-metadata-from-source): Use 'catch' and
'system-error-errno' instead of 'file-exists?'.
* tests/channels.scm (instance--unsupported-version): New variable.
(read-channel-metadata): Rename to...
(channel-instance-metadata): ... this.  Rename tests accordingly.
("channel-instance-metadata rejects unsupported version"): New test.
2019-07-19 11:53:47 +02:00
Ludovic Courtès
1fafc383b1
inferior: 'gexp->derivation-in-inferior' honors EXP's load path.
Previously the imported modules and extensions of EXP would be missing
from the load path of 'guix repl'.

* guix/inferior.scm (gexp->derivation-in-inferior)[script]: New
variable.
[trampoline]: Write (primitive-load #$script) to PIPE.  Add #$output.
* tests/channels.scm ("channel-instances->manifest")[depends?]: Check
for requisites rather than direct references.
Adjust callers accordingly.
2019-01-20 17:57:14 +01:00
Ludovic Courtès
ed75bdf35c
channels: Don't pull from the same channel more than once.
Previous 'channel-instance->manifest' would call
'latest-channel-derivation', which could trigger another round of
'latest-repository-commit' for no good reason.

* guix/channels.scm (resolve-dependencies): New procedure.
(channel-instance-derivations)[edges]: New variable.
[instance->derivation]: New procedure.
* tests/channels.scm (make-instance): Use 'checkout->channel-instance'
instead of 'channel-instance'.
("channel-instances->manifest"): New test.
2019-01-20 17:57:14 +01:00
Ricardo Wurmus
af12790bdd
guix: Add support for channel dependencies.
* guix/channels.scm (<channel-metadata>): New record.
(read-channel-metadata, channel-instance-dependencies): New procedures.
(latest-channel-instances): Include channel dependencies; add optional
argument PREVIOUS-CHANNELS.
(channel-instance-derivations): Build derivation for additional channels and
add it as dependency to the channel instance derivation.
* doc/guix.texi (Channels): Add subsection "Declaring Channel Dependencies".
* tests/channels.scm: New file.
* Makefile.am (SCM_TESTS): Add it.
2018-12-09 13:55:22 +01:00