Browse Source

Merge remote-tracking branch master into core-updates

Mathieu Othacehe 2 years ago
No known key found for this signature in database GPG Key ID: 8354763531769CA6
302 changed files with 18073 additions and 7816 deletions
  1. +2
  2. +2
  3. +35
  4. +2
  5. +0
  6. +8
  7. +33
  8. +2
  9. +1219
  10. +333
  11. +201
  12. +51
  13. +2
  14. +28
  15. +422
  16. +1
  17. +1
  18. +32
  19. +1
  20. +10
  21. +7
  22. +3
  23. +22
  24. +4
  25. +121
  26. +12
  27. +18
  28. +16
  29. +11
  30. +93
  31. +116
  32. +4
  33. +50
  34. +85
  35. +38
  36. +12
  37. +7
  38. +78
  39. +62
  40. +6
  41. +16
  42. +31
  43. +16
  44. +11
  45. +7
  46. +1
  47. +2
  48. +64
  49. +199
  50. +1239
  51. +10
  52. +65
  53. +2
  54. +79
  55. +85
  56. +1
  57. +4
  58. +1
  59. +4
  60. +2
  61. +94
  62. +5
  63. +2
  64. +4
  65. +15
  66. +19
  67. +949
  68. +101
  69. +18
  70. +26
  71. +64
  72. +7
  73. +69
  74. +24
  75. +22
  76. +50
  77. +2
  78. +77
  79. +8
  80. +4
  81. +330
  82. +42
  83. +4
  84. +4
  85. +221
  86. +3
  87. +29
  88. +31
  89. +213
  90. +266
  91. +2
  92. +21
  93. +234
  94. +1
  95. +74
  96. +2
  97. +1
  98. +27
  99. +18
  100. +74

+ 2
- 1 View File

@ -278,6 +278,7 @@ MODULES = \
guix/scripts/container.scm \
guix/scripts/container/exec.scm \
guix/scripts/deploy.scm \
guix/scripts/time-machine.scm \
guix.scm \
@ -564,7 +565,7 @@ EXTRA_DIST += \
tests/test.drv \
tests/ \
tests/signing-key.sec \
tests/cve-sample.xml \
tests/cve-sample.json \
build-aux/config.rpath \
bootstrap \
doc/build.scm \

+ 2
- 1
README View File

@ -63,7 +63,8 @@ To do so:
- Re-run the 'configure' script passing it the option
'--localstatedir=/somewhere', where '/somewhere' is the 'localstatedir'
value of the currently installed Guix (failing to do that would lead the
new Guix to consider the store to be empty!).
new Guix to consider the store to be empty!). We recommend to use the
value '/var'.
- Run "make", "make check", and "make install".

+ 35
- 10
build-aux/run-system-tests.scm View File

@ -18,10 +18,15 @@
(define-module (run-system-tests)
#:use-module (gnu tests)
#:use-module (gnu packages package-management)
#:use-module ((gnu ci) #:select (channel-instance->package))
#:use-module (guix store)
#:use-module ((guix status) #:select (with-status-verbosity))
#:use-module (guix monads)
#:use-module (guix channels)
#:use-module (guix derivations)
#:use-module ((guix git-download) #:select (git-predicate))
#:use-module (guix utils)
#:use-module (guix ui)
#:use-module (srfi srfi-1)
#:use-module (srfi srfi-34)
@ -46,28 +51,48 @@
(lift1 reverse %store-monad))))
(define (run-system-tests . args)
(define tests
;; Honor the 'TESTS' environment variable so that one can select a subset
;; of tests to run in the usual way:
;; make check-system TESTS=installed-os
(define (tests-for-channel-instance instance)
"Return a list of tests for perform, using Guix from INSTANCE, a channel
;; Honor the 'TESTS' environment variable so that one can select a subset
;; of tests to run in the usual way:
;; make check-system TESTS=installed-os
(parameterize ((current-guix-package
(channel-instance->package instance)))
(match (getenv "TESTS")
((= string-tokenize (tests ...))
(filter (lambda (test)
(member (system-test-name test) tests))
(format (current-error-port) "Running ~a system tests...~%"
(length tests))
(define (run-system-tests . args)
(define source
(string-append (current-source-directory) "/.."))
(with-store store
(with-status-verbosity 2
(run-with-store store
(mlet* %store-monad ((drv (mapm %store-monad system-test-value tests))
;; Intern SOURCE so that 'build-from-source' in (guix channels) sees
;; "fresh" file names and thus doesn't find itself loading .go files
;; from ~/.cache/guile when it loads 'build-aux/build-self.scm'.
;; XXX: It would be best to not do it upfront because we may need it.
(mlet* %store-monad ((source (interned-file source "guix-source"
#:recursive? #t
(or (git-predicate source)
(const #t))))
(instance -> (checkout->channel-instance source))
(tests -> (tests-for-channel-instance instance))
(drv (mapm %store-monad system-test-value tests))
(out -> (map derivation->output-path drv)))
(format (current-error-port) "Running ~a system tests...~%"
(length tests))
(mbegin %store-monad
(show-what-to-build* drv)
(set-build-options* #:keep-going? #t #:keep-failed? #t

+ 2
- 4
build-aux/ View File

@ -50,10 +50,8 @@ then
# it or its parent directories. See <>.
NIX_STORE_DIR="`cd "@GUIX_TEST_ROOT@/store"; pwd -P`"
# Choose a PID-dependent name to allow for parallel builds. Note
# that the directory name must be chosen so that the socket's file
@ -97,8 +95,8 @@ then

+ 0
- 3 View File

@ -115,9 +115,6 @@ if test "x$guix_build_daemon" = "xyes"; then
dnl to do i686-linux builds on x86_64-linux machines.
dnl Check for <linux/fs.h> (for immutable file support).
dnl Determine the appropriate default list of substitute URLs (GnuTLS
dnl is required so we can default to 'https'.)

+ 8
- 4 View File

@ -280,9 +280,14 @@ dnl Documentation translation.
AM_MISSING_PROG([PO4A_TRANSLATE], [po4a-translate])
AM_MISSING_PROG([PO4A_UPDATEPO], [po4a-updatepo])
dnl Emacs (optional), for 'etc/indent-package.el'.
AC_PATH_PROG([EMACS], [emacs], [/usr/bin/emacs])
dnl Emacs (optional), for 'etc/indent-code.el'.
AC_PATH_PROG([EMACS], [emacs])
if test "x$EMACS" = x; then
AC_MSG_WARN([Please install GNU Emacs to use etc/indent-code.el.])
AC_CONFIG_FILES([etc/indent-code.el], [chmod +x etc/indent-code.el])
case "$storedir" in
@ -302,6 +307,5 @@ AC_CONFIG_FILES([Makefile
AC_CONFIG_FILES([test-env:build-aux/], [chmod +x test-env])
[chmod +x pre-inst-env])
AC_CONFIG_FILES([etc/indent-code.el], [chmod +x etc/indent-code.el])

+ 33
- 18
doc/build.scm View File

@ -51,6 +51,12 @@
(define info-manual
(@@ (guix self) info-manual))
(define %manual
;; The manual to build--i.e., the base name of a .texi file, such as "guix"
;; or "guix-cookbook".
(or (getenv "GUIX_MANUAL")
(define %languages
'("de" "en" "es" "fr" "ru" "zh_CN"))
@ -164,7 +170,9 @@ as well as images, OS examples, and translations."
(define %makeinfo-html-options
;; Options passed to 'makeinfo --html'.
"-c" "EXTRA_HEAD=<meta name=\"viewport\" \
content=\"width=device-width, initial-scale=1\" />"))
(define guile-lib/htmlprag-fixed
;; Guile-Lib with a hotfix for (htmlprag).
@ -359,7 +367,7 @@ its <pre class=\"lisp\"> blocks (as produced by 'makeinfo --html')."
(define* (html-manual source #:key (languages %languages)
(version "0.0")
(manual "guix")
(manual %manual)
(date 1)
(options %makeinfo-html-options))
"Return the HTML manuals built from SOURCE for all LANGUAGES, with the given
@ -386,6 +394,13 @@ makeinfo OPTIONS."
(chr chr))
(string-downcase language)))
(define (language->texi-file-name language)
(if (string=? language "en")
(string-append #$manual-source "/"
#$manual ".texi")
(string-append #$manual-source "/"
#$manual "." language ".texi")))
;; Install a UTF-8 locale so that 'makeinfo' is at ease.
(setenv "GUIX_LOCPATH"
#+(file-append glibc-utf8-locales "/lib/locale"))
@ -395,15 +410,12 @@ makeinfo OPTIONS."
(setvbuf (current-error-port) 'line)
(for-each (lambda (language)
(let ((opts `("--html"
"-c" ,(string-append "TOP_NODE_UP_URL=/manual/"
(let* ((texi (language->texi-file-name language))
(opts `("--html"
"-c" ,(string-append "TOP_NODE_UP_URL=/manual/"
,(if (string=? language "en")
(string-append #$manual-source "/"
#$manual ".texi")
(string-append #$manual-source "/"
#$manual "." language ".texi")))))
(format #t "building HTML manual for language '~a'...~%"
(mkdir-p (string-append #$output "/"
@ -433,7 +445,8 @@ makeinfo OPTIONS."
(symlink #$images
(string-append #$output "/" (normalize language)
(filter (compose file-exists? language->texi-file-name)
(let* ((name (string-append manual "-html-manual"))
(manual (computed-file name build)))
@ -442,7 +455,7 @@ makeinfo OPTIONS."
(define* (pdf-manual source #:key (languages %languages)
(version "0.0")
(manual "guix")
(manual %manual)
(date 1)
(options '()))
"Return the HTML manuals built from SOURCE for all LANGUAGES, with the given
@ -570,7 +583,10 @@ from SOURCE."
(define* (html-manual-indexes source
#:key (languages %languages)
(version "0.0")
(manual "guix")
(manual %manual)
(title (if (string=? "guix" manual)
"GNU Guix Reference Manual"
"GNU Guix Cookbook"))
(date 1))
(define build
(with-extensions (list guile-json-3)
@ -674,7 +690,7 @@ from SOURCE."
(define (language-index language)
(define title
(translate "GNU Guix Reference Manual" language))
(translate #$title language))
language title
@ -732,8 +748,7 @@ from SOURCE."
(define (top-level-index languages)
(define title
"GNU Guix Reference Manual")
(define title #$title)
"en" title
@ -741,7 +756,7 @@ from SOURCE."
(@ (class "page centered-block limit-width"))
(h2 ,title)
"The GNU Guix Reference Manual is available in the following
"This document is available in the following
,@(map (lambda (language)
@ -782,7 +797,7 @@ languages:\n"
#:key (languages %languages)
(version "0.0")
(date (time-second (current-time time-utc)))
(manual "guix"))
(manual %manual))
"Return the union of the HTML and PDF manuals, as well as the indexes."
(directory-union (string-append manual "-manual")
(map (lambda (proc)

+ 2
- 1
doc/contributing.texi View File

@ -94,7 +94,8 @@ more information.
Then, run @command{./configure} as usual. Make sure to pass
@code{--localstatedir=@var{directory}} where @var{directory} is the
@code{localstatedir} value used by your current installation (@pxref{The
Store}, for information about this).
Store}, for information about this). We recommend to use the value
Finally, you have to invoke @code{make check} to run tests
(@pxref{Running the Test Suite}). If anything

+ 1219
- 42
File diff suppressed because it is too large
View File

+ 333
- 27
doc/guix.texi View File

@ -66,6 +66,8 @@ Copyright @copyright{} 2019 Josh Holland@*
Copyright @copyright{} 2019 Diego Nicola Barbato@*
Copyright @copyright{} 2019 Ivan Petkov@*
Copyright @copyright{} 2019 Jakob L. Kreuze@*
Copyright @copyright{} 2019 Kyle Andrews@*
Copyright @copyright{} 2019 Alex Griffin@*
Permission is granted to copy, distribute and/or modify this document
under the terms of the GNU Free Documentation License, Version 1.3 or
@ -196,6 +198,7 @@ Package Management
* Invoking guix gc:: Running the garbage collector.
* Invoking guix pull:: Fetching the latest Guix and distribution.
* Channels:: Customizing the package collection.
* Invoking guix time-machine:: Running an older revision of Guix.
* Inferiors:: Interacting with another revision of Guix.
* Invoking guix describe:: Display information about your Guix revision.
* Invoking guix archive:: Exporting and importing store files.
@ -791,8 +794,9 @@ When configuring Guix on a system that already has a Guix installation,
be sure to specify the same state directory as the existing installation
using the @code{--localstatedir} option of the @command{configure}
script (@pxref{Directory Variables, @code{localstatedir},, standards,
GNU Coding Standards}). The @command{configure} script protects against
unintended misconfiguration of @var{localstatedir} so you do not
GNU Coding Standards}). Usually, this @var{localstatedir} option is
set to the value @file{/var}. The @command{configure} script protects
against unintended misconfiguration of @var{localstatedir} so you do not
inadvertently corrupt your store (@pxref{The Store}).
@node Running the Test Suite
@ -2110,7 +2114,7 @@ ifconfig -a
@dots{} or, using the GNU/Linux-specific @command{ip} command:
ip a
ip address
@end example
@ -2128,6 +2132,13 @@ To configure a wired network run the following command, substituting
ifconfig @var{interface} up
@end example
@dots{} or, using the GNU/Linux-specific @command{ip} command:
ip link set @var{interface} up
@end example
@item Wireless connection
@cindex wireless
@cindex WiFi
@ -2540,6 +2551,7 @@ guix install emacs-guix
* Invoking guix gc:: Running the garbage collector.
* Invoking guix pull:: Fetching the latest Guix and distribution.
* Channels:: Customizing the package collection.
* Invoking guix time-machine:: Running an older revision of Guix.
* Inferiors:: Interacting with another revision of Guix.
* Invoking guix describe:: Display information about your Guix revision.
* Invoking guix archive:: Exporting and importing store files.
@ -3666,6 +3678,21 @@ descriptions, and deploys it. Source code is downloaded from a
@uref{, Git} repository, by default the official
GNU@tie{}Guix repository, though this can be customized.
Specifically, @command{guix pull} downloads code from the @dfn{channels}
(@pxref{Channels}) specified by one of the followings, in this order:
the @option{--channels} option;
the user's @file{~/.config/guix/channels.scm} file;
the system-wide @file{/etc/guix/channels.scm} file;
the built-in default channels specified in the @code{%default-channels}
@end enumerate
On completion, @command{guix package} will use packages and package
versions from this just-retrieved copy of Guix. Not only that, but all
the Guix commands and Scheme modules will also be taken from that latest
@ -3763,7 +3790,8 @@ configuration in the @file{~/.config/guix/channels.scm} file or using the
@item --channels=@var{file}
@itemx -C @var{file}
Read the list of channels from @var{file} instead of
@file{~/.config/guix/channels.scm}. @var{file} must contain Scheme code that
@file{~/.config/guix/channels.scm} or @file{/etc/guix/channels.scm}.
@var{file} must contain Scheme code that
evaluates to a list of channel objects. @xref{Channels}, for more
@ -4126,7 +4154,10 @@ say, on another machine, by providing a channel specification in
@end lisp
The @command{guix describe --format=channels} command can even generate this
list of channels directly (@pxref{Invoking guix describe}).
list of channels directly (@pxref{Invoking guix describe}). The resulting
file can be used with the -C options of @command{guix pull}
(@pxref{Invoking guix pull}) or @command{guix time-machine}
(@pxref{Invoking guix time-machine}).
At this point the two machines run the @emph{exact same Guix}, with access to
the @emph{exact same packages}. The output of @command{guix build gimp} on
@ -4140,6 +4171,61 @@ artifacts with very fine grain, and to reproduce software environments at
will---some sort of ``meta reproducibility'' capabilities, if you will.
@xref{Inferiors}, for another way to take advantage of these super powers.
@node Invoking guix time-machine
@section Invoking @command{guix time-machine}
@cindex @command{guix time-machine}
@cindex pinning, channels
@cindex replicating Guix
@cindex reproducibility, of Guix
The @command{guix time-machine} command provides access to other
revisions of Guix, for example to install older versions of packages,
or to reproduce a computation in an identical environment. The revision
of Guix to be used is defined by a commit or by a channel
description file created by @command{guix describe}
(@pxref{Invoking guix describe}).
The general syntax is:
guix time-machine @var{options}@dots{} -- @var{command} @var {arg}@dots{}
@end example
where @var{command} and @var{arg}@dots{} are passed unmodified to the
@command{guix} command if the specified revision. The @var{options} that define
this revision are the same as for @command{guix pull} (@pxref{Invoking guix pull}):
@table @code
@item --url=@var{url}
@itemx --commit=@var{commit}
@itemx --branch=@var{branch}
Use the @code{guix} channel from the specified @var{url}, at the
given @var{commit} (a valid Git commit ID represented as a hexadecimal
string), or @var{branch}.
@item --channels=@var{file}
@itemx -C @var{file}
Read the list of channels from @var{file}. @var{file} must contain
Scheme code that evaluates to a list of channel objects.
@xref{Channels} for more information.
@end table
As for @command{guix pull}, the absence of any options means that the
the latest commit on the master branch will be used. The command
guix time-machine -- build hello
@end example
will thus build the package @code{hello} as defined in the master branch,
which is in general a newer revison of Guix than you have installed.
Time travel works in both directions!
Note that @command{guix time-machine} can trigger builds of channels and
their dependencies, and these are controlled by the standard build
options (@pxref{Common Build Options}).
@node Inferiors
@section Inferiors
@ -5662,9 +5748,6 @@ The URL to the home-page of the package, as a string.
The list of systems supported by the package, as strings of the form
@code{architecture-kernel}, for example @code{"x86_64-linux"}.
@item @code{maintainers} (default: @code{'()})
The list of maintainers of the package, as @code{maintainer} objects.
@item @code{location} (default: source location of the @code{package} form)
The source location of the package. It is useful to override this when
inheriting from another package, in which case this field is not
@ -8297,6 +8380,11 @@ The returned source tarball is the result of applying any patches and
code snippets specified in the package @code{origin} (@pxref{Defining
Note that @command{guix build -S} compiles the sources only of the
specified packages. They do not include the sources of statically
linked dependencies and by themselves are insufficient for reproducing
the packages.
@item --sources
Fetch and return the source of @var{package-or-derivation} and all their
dependencies, recursively. This is a handy way to obtain a local copy
@ -9487,7 +9575,7 @@ that limit has been reset.
@cindex CVE, Common Vulnerabilities and Exposures
Report known vulnerabilities found in the Common Vulnerabilities and
Exposures (CVE) databases of the current and past year
@uref{, published by the US
@uref{, published by the US
To view information about a particular vulnerability, visit pages such as:
@ -9504,7 +9592,7 @@ where @code{CVE-YYYY-ABCD} is the CVE identifier---e.g.,
Package developers can specify in package recipes the
@uref{,Common Platform Enumeration (CPE)}
@uref{,Common Platform Enumeration (CPE)}
name and version of the package when they differ from the name or version
that Guix uses, as in this example:
@ -9886,7 +9974,18 @@ The package dependency graph is largely architecture-independent, but there
are some architecture-dependent bits that this option allows you to visualize.
@end table
On top of that, @command{guix graph} supports all the usual package
transformation options (@pxref{Package Transformation Options}). This
makes it easy to view the effect of a graph-rewriting transformation
such as @option{--with-input}. For example, the command below outputs
the graph of @code{git} once @code{openssl} has been replaced by
@code{libressl} everywhere in the graph:
guix graph git --with-input=openssl=libressl
@end example
So many possibilities, so much fun!
@node Invoking guix publish
@section Invoking @command{guix publish}
@ -10094,7 +10193,7 @@ of the @code{operating-system} declaration (@pxref{guix-publish-service-type,
If you are instead running Guix on a ``foreign distro'', follow these
@ -10550,7 +10649,6 @@ ClientPID: 19419
ClientCommand: cuirass --cache-directory /var/cache/cuirass @dots{}
@end example
@node System Configuration
@chapter System Configuration
@ -13940,6 +14038,52 @@ Package object of the Open vSwitch.
@end table
@end deftp
@defvr {Scheme Variable} pagekite-service-type
This is the service type for the @uref{, PageKite} service,
a tunneling solution for making localhost servers publicly visible, even from
behind NAT or restrictive firewalls. The value for this service type is a
@code{pagekite-configuration} record.
Here's an example exposing the local HTTP and SSH daemons:
(service pagekite-service-type
(kites '("http:@@kitename:localhost:80:@@kitesecret"
(extra-file "/etc/pagekite.rc")))
@end lisp
@end defvr
@deftp {Data Type} pagekite-configuration
Data type representing the configuration of PageKite.
@table @asis
@item @code{package} (default: @var{pagekite})
Package object of PageKite.
@item @code{kitename} (default: @code{#f})
PageKite name for authenticating to the frontend server.
@item @code{kitesecret} (default: @code{#f})
Shared secret for authenticating to the frontend server. You should probably
put this inside @code{extra-file} instead.
@item @code{frontend} (default: @code{#f})
Connect to the named PageKite frontend server instead of the
@uref{,,} service.
@item @code{kites} (default: @code{'("http:@@kitename:localhost:80:@@kitesecret")})
List of service kites to use. Exposes HTTP on port 80 by default. The format
is @code{proto:kitename:host:port:secret}.
@item @code{extra-file} (default: @code{#f})
Extra configuration file to read, which you are expected to create manually.
Use this to add additional options and manage shared secrets out-of-band.
@end table
@end deftp
@node X Window
@subsection X Window
@ -13991,6 +14135,9 @@ When @code{auto-login?} is false, GDM presents a log-in screen.
When @code{auto-login?} is true, GDM logs in directly as
@item @code{debug?} (default: @code{#f})
When true, GDM writes debug messages to its log.
@item @code{gnome-shell-assets} (default: ...)
List of GNOME Shell assets needed by GDM: icon theme, fonts, etc.
@ -14196,16 +14343,43 @@ Relogin after logout.
@cindex login manager
@cindex X11 login
@deffn {Scheme Procedure} sddm-service config
Return a service that spawns the SDDM graphical login manager for config of
type @code{<sddm-configuration>}.
@defvr {Scheme Variable} sddm-service-type
This is the type of the service to run the
@uref{,SSDM display manager}. Its value
must be a @code{sddm-configuration} record (see below).
(sddm-service (sddm-configuration
(auto-login-user "Alice")
(auto-login-session "xfce.desktop")))
@end example
@end deffn
Here's an example use:
(service sddm-service-type
(auto-login-user "alice")
(auto-login-session "xfce.desktop")))
@end lisp
@end defvr
@deftp {Data Type} sddm-configuration
This data type represents the configuration of the SDDM login manager.
The available fields are:
@table @asis
@item @code{sddm} (default: @code{sddm})
The SDDM package to use.
@item @code{display-server} (default: @code{"x11"})
This must be either @code{"x11"} or @code{"wayland"}.
@c FIXME: Add more fields.
@item @code{auto-login-user} (default: @code{""})
If non-empty, this is the user account under which to log in
@item @code{auto-login-session} (default: @code{""})
If non-empty, this is the @file{.desktop} file name to use as the
auto-login session.
@end table
@end deftp
@cindex Xorg, configuration
@deftp {Data Type} xorg-configuration
@ -15487,8 +15661,9 @@ notifications and ways to mount/unmount disks. Programs that talk to UDisks
include the @command{udisksctl} command, part of UDisks, and GNOME Disks.
@end deffn
@deffn {Scheme Procedure} colord-service [#:colord @var{colord}]
Return a service that runs @command{colord}, a system service with a D-Bus
@deffn {Scheme Variable} colord-service-type
This is the type of the service that runs @command{colord}, a system
service with a D-Bus
interface to manage the color profiles of input and output devices such as
screens and scanners. It is notably used by the GNOME Color Manager graphical
tool. See @uref{, the colord web
@ -17417,7 +17592,7 @@ Defaults to @samp{#f}.
@deftypevr {@code{getmail-options-configuration} parameter} non-negative-integer delete-after
Getmail will delete messages this number of days after seeing them, if
they have not been delivered. This means messages will be left on the
they have been delivered. This means messages will be left on the
server this number of days after delivering them. A value of @samp{0}
disabled this feature.
@ -19702,6 +19877,17 @@ use the size of the processors cache line.
@item @code{server-names-hash-bucket-max-size} (default: @code{#f})
Maximum bucket size for the server names hash tables.
@item @code{modules} (default: @code{'()})
List of nginx dynamic modules to load. This should be a list of file
names of loadable modules, as in this example:
(file-append nginx-accept-language-module "\
@end lisp
@item @code{extra-content} (default: @code{""})
Extra content for the @code{http} block. Should be string or a string
valued G-expression.
@ -21006,6 +21192,44 @@ The list of knot-zone-configuration used by this configuration.
@end table
@end deftp
@subsubheading Knot Resolver Service
@deffn {Scheme Variable} knot-resolver-service-type
This this the type of the knot resolver service, whose value should be
an @code{knot-resolver-configuration} object as in this example:
(service knot-resolver-service-type
(kresd-config-file (plain-file "kresd.conf" "
net.listen('', 5353)
user('knot-resolver', 'knot-resolver')
modules = @{ 'hints > iterate', 'stats', 'predict' @}
cache.size = 100 * MB
@end lisp
For more information, refer its @url{, manual}.
@end deffn
@deftp {Data Type} knot-resolver-configuration
Data type representing the configuration of knot-resolver.
@table @asis
@item @code{package} (default: @var{knot-resolver})
Package object of the knot DNS resolver.
@item @code{kresd-config-file} (default: %kresd.conf)
File-like object of the kresd configuration file to use, by default it
will listen on @code{} and @code{::1}.
@item @code{garbage-collection-interval} (default: 1000)
Number of milliseconds for @code{kres-cache-gc} to periodically trim the cache.
@end table
@end deftp
@subsubheading Dnsmasq Service
@deffn {Scheme Variable} dnsmasq-service-type
@ -22351,9 +22575,69 @@ The port to run mpd on.
The address that mpd will bind to. To use a Unix domain socket,
an absolute path can be specified here.
@item @code{outputs} (default: @code{"(list (mpd-output))"})
The audio outputs that MPD can use. By default this is a single output using pulseaudio.
@end table
@end deftp
@deftp {Data Type} mpd-output
Data type representing an @command{mpd} audio output.
@table @asis
@item @code{name} (default: @code{"MPD"})
The name of the audio output.
@item @code{type} (default: @code{"pulse"})
The type of audio output.
@item @code{enabled?} (default: @code{#t})
Specifies whether this audio output is enabled when MPD is started. By
default, all audio outputs are enabled. This is just the default
setting when there is no state file; with a state file, the previous
state is restored.
@item @code{tags?} (default: @code{#t})
If set to @code{#f}, then MPD will not send tags to this output. This
is only useful for output plugins that can receive tags, for example the
@code{httpd} output plugin.
@item @code{always-on?} (default: @code{#f})
If set to @code{#t}, then MPD attempts to keep this audio output always
open. This may be useful for streaming servers, when you don’t want to
disconnect all listeners even when playback is accidentally stopped.
@item @code{mixer-type}
This field accepts a symbol that specifies which mixer should be used
for this audio output: the @code{hardware} mixer, the @code{software}
mixer, the @code{null} mixer (allows setting the volume, but with no
effect; this can be used as a trick to implement an external mixer
External Mixer) or no mixer (@code{none}).
@item @code{extra-options} (default: @code{'()"})
An association list of option symbols to string values to be appended to
the audio output configuration.
@end table
@end deftp
The following example shows a configuration of @code{mpd} that provides
an HTTP audio streaming output.
(service mpd-service-type
(list (mpd-output
(name "streaming")
(type "httpd")
(mixer-type 'null)
`((encoder . "vorbis")
(port . "8080"))))))))
@end lisp
@node Virtualization Services
@subsection Virtualization services
@ -24549,6 +24833,10 @@ The type of device to connect to. Run @command{inputattach --help}, from the
@item @code{device} (default: @code{"/dev/ttyS0"})
The device file to connect to the device.
@item @code{baud-rate} (default: @code{#f})
Baud rate to use for the serial connection.
Should be a number or @code{#f}.
@item @code{log-file} (default: @code{#f})
If true, this must be the name of a file to log messages to.
@end table
@ -25976,12 +26264,10 @@ The object of the operating system configuration to deploy.
@item @code{environment}
An @code{environment-type} describing how the machine should be provisioned.
At the moment, the only supported value is
@item @code{configuration} (default: @code{#f})
An object describing the configuration for the machine's @code{environment}.
If the @code{environment} has a default configuration, @code{#f} maybe used.
If the @code{environment} has a default configuration, @code{#f} may be used.
If @code{#f} is used for an environment with no default configuration,
however, an error will be thrown.
@end table
@ -26009,6 +26295,26 @@ remote host.
@end table
@end deftp
@deftp {Data Type} digital-ocean-configuration
This is the data type describing the Droplet that should be created for a
machine with an @code{environment} of @code{digital-ocean-environment-type}.
@table @asis
@item @code{ssh-key}
The path to the SSH private key to use to authenticate with the remote
host. In the future, this field may not exist.
@item @code{tags}
A list of string ``tags'' that uniquely identify the machine. Must be given
such that no two machines in the deployment have the same set of tags.
@item @code{region}
A Digital Ocean region slug, such as @code{"nyc3"}.
@item @code{size}
A Digital Ocean size slug, such as @code{"s-1vcpu-1gb"}
@item @code{enable-ipv6?}
Whether or not the droplet should be created with IPv6 networking.
@end table
@end deftp
@node Running Guix in a VM
@section Running Guix in a Virtual Machine

+ 201
- 1
etc/news.scm View File

@ -9,9 +9,184 @@
(version 0)
(entry (commit "f675f8dec73d02e319e607559ed2316c299ae8c7")
(title (en "New command @command{guix time-machine}")
(de "Neuer Befehl @command{guix time-machine}")
(fr "Nouvelle commande @command{guix time-machine}"))
(body (en "The new command @command{guix time-machine} facilitates
access to older or newer revisions of Guix than the one that is installed.
It can be used to install different versions of packages, and to
re-create computational environments exactly as used in the past.")
(de "Der neue Befehl @command{guix time-machine} vereinfacht
den Zugriff auf ältere oder neuere Guix-Versionen als die installierte.
Er kann zur Installation bestimmer Paketversionen verwendet werden, aber
auch zur Wiederherstellung von Entwicklungsumgebungen, wie sie in der
Vergagngenheit verwendet wurden.")
(fr "La nouvelle commande @command{guix time-machine}
facilite l'accès à des versions antérieures ou postérieures par rapport
à la version installée. Elle sert à installer des versions spécifiques
de paquets, ainsi à la restauration d'environnements dans un état
(entry (commit "3e962e59d849e4300e447d94487684102d9d412e")
(title (en "@command{guix graph} now supports package
(de "@command{guix graph} unterstützt nun Paketumwandlungen"))
(en "The @command{guix graph} command now supports the common package
transformation options (see @command{info \"(guix) Package Transformation
Options\"}). This is useful in particular to see the effect of the
@option{--with-input} dependency graph rewriting option.")
(de "Der Befehl @command{guix graph} unterstützt nun die mit anderen
Befehlen gemeinsamen Umwandlungsoptionen (siehe @command{info \"(
Paketumwandlungsoptionen\"}). Sie helfen insbesondere dabei, die Wirkung der
Befehlszeilenoption @option{--with-input} zum Umschreiben des
Abhängigkeitsgraphen zu sehen.")
(es "La orden @command{guix graph} ahora implementa las opciones
comunes de transformación de paquetes (véase @command{info \"(
Opciones de transformación de paquetes\"}). Esto es particularmente
útil para comprobar el efecto de la opción de reescritura del grafo
de dependencias @option{--with-input}.")))
(entry (commit "49af34cfac89d384c46269bfd9388b2c73b1220a")
(title (en "@command{guix pull} now honors
(de "@command{guix pull} berücksichtigt nun
(es "Ahora @command{guix pull} tiene en cuenta
(fr "@command{guix pull} lit maintenant
(en "The @command{guix pull} command will now read the
@file{/etc/guix/channels.scm} file if it exists and if the per-user
@file{~/.config/guix/channels.scm} is not present. This allows administrators
of multi-user systems to define site-wide defaults.")
(de "Der Befehl @command{guix pull} liest nun die Datei
@file{/etc/guix/channels.scm}, wenn sie existiert und es für den jeweiligen
Benutzer keine @file{~/.config/guix/channels.scm} gibt. Dadurch können
Administratoren von Mehrbenutzersystemen systemweite Voreinstellungen
(es "Ahora la orden @command{guix pull} lee el fichero
@file{/etc/guix/channels.scm} si existe y el fichero personalizable
@file{~/.config/guix/channels.scm} no está presente. Esto permite a quienes
administran sistemas con múltiples usuarias definir valores predeterminados
en el sistema.")
(fr "La commande @command{guix pull} lira maintenant le fichier
@file{/etc/guix/channels.scm} s'il existe et si le fichier
@file{~/.config/guix/channels.scm} par utilisateur·rice n'est pas présent.
Cela permet aux personnes administrant des systèmes multi-utilisateurs de
définir les canaux par défaut.")))
(entry (commit "81c580c8664bfeeb767e2c47ea343004e88223c7")
(title (en "Insecure @file{/var/guix/profiles/per-user} permissions (CVE-2019-18192)")
(de "Sicherheitslücke in @file{/var/guix/profiles/per-user}-Berechtigungen (CVE-2019-18192)")
(es "Vulnerabilidad en los permisos de @file{/var/guix/profiles/per-user} (CVE-2019-18192)")
(fr "Permissions laxistes pour @file{/var/guix/profiles/per-user} (CVE-2019-18192)")
(nl "Onveilige @file{/var/guix/profiles/per-user}-rechten (CVE-2019-18192)"))
(en "The default user profile, @file{~/.guix-profile}, points to
@file{/var/guix/profiles/per-user/$USER}. Until now,
@file{/var/guix/profiles/per-user} was world-writable, allowing the
@command{guix} command to create the @code{$USER} sub-directory.
On a multi-user system, this allowed a malicious user to create and populate
that @code{$USER} sub-directory for another user that had not yet logged in.
Since @code{/var/@dots{}/$USER} is in @code{$PATH}, the target user could end
up running attacker-provided code. See
@uref{} for more information.
This is now fixed by letting @command{guix-daemon} create these directories on
behalf of users and removing the world-writable permissions on
@code{per-user}. On multi-user systems, we recommend updating the daemon now.
To do that, run @code{sudo guix pull} if you're on a foreign distro, or run
@code{guix pull && sudo guix system reconfigure @dots{}} on Guix System. In
both cases, make sure to restart the service afterwards, with @code{herd} or
(de "Das voreingestellte Benutzerprofil, @file{~/.guix-profile},
verweist auf @file{/var/guix/profiles/per-user/$USER}. Bisher hatte jeder
Benutzer Schreibzugriff auf @file{/var/guix/profiles/per-user}, wodurch der
@command{guix}-Befehl berechtigt war, das Unterverzeichnis @code{$USER}
Wenn mehrere Benutzer dasselbe System benutzen, kann ein böswilliger Benutzer
so das Unterverzeichnis @code{$USER} und Dateien darin für einen anderen
Benutzer anlegen, wenn sich dieser noch nie angemeldet hat. Weil
@code{/var//$USER} auch in @code{$PATH} aufgeführt ist, kann der betroffene
Nutzer dazu gebracht werden, vom Angreifer vorgegebenen Code auszuführen.
Siehe @uref{} für weitere
Der Fehler wurde nun behoben, indem @command{guix-daemon} diese Verzeichnisse
jetzt selbst anlegt statt das dem jeweiligen Benutzerkonto zu überlassen. Der
Schreibzugriff auf @code{per-user} wird den Benutzern entzogen. Für Systeme
mit mehreren Benutzern empfehlen wir, den Daemon jetzt zu aktualisieren. Auf
einer Fremddistribution führen Sie dazu @code{sudo guix pull} aus; auf einem
Guix-System führen Sie @code{guix pull && sudo guix system reconfigure }
aus. Achten Sie in beiden Fällen darauf, den Dienst mit @code{herd} oder
@code{systemctl} neuzustarten.")
(es "El perfil predeterminado de la usuaria, @file{~/.guix-profile},
apunta a @file{/var/guix/profiles/per-user/$USUARIA}. Hasta ahora cualquiera
podía escribir en @file{/var/guix/profiles/per-user}, lo cual permitía
a la orden @command{guix} crear el subdirectorio @code{$USUARIA}.
En un sistema con múltiples usuarias, esto permitiría a cualquiera con
intención de causar daño crear ese subdirectorio @code{$USUARIA} con el nombre
de alguien que no hubiese ingresado en el sistema. Puesto que ese
subdirectorio @code{/var/@dots{}/$USUARIA} se encuentra en la ruta de binarios
predeterminada @code{$PATH}, el objetivo del ataque podría ejecutar código
proporcionado por la parte atacante. Véase
@uref{} para obtener más información.
Se ha solucionando delegando en @command{guix-daemon} la creación de esos
directorios y eliminando los permisos de escritura para todo el mundo en
@code{per-user}. En sistemas con múltiples usuarias recomendamos actualizar
cuanto antes el daemon. Para hacerlo ejecute @code{sudo guix pull} si se
encuentra en una distribución distinta, o ejecute @code{guix pull && sudo guix system reconfigure @dots{}} en el sistema Guix. En ambos casos, asegurese de
reiniciar el servicio tras ello, con @code{herd} o @code{systemctl}.")
(fr "Le profil utilisateur par défaut, @file{~/.guix-profile},
pointe vers @file{/var/guix/profiles/per-user/$USER}. Jusqu
maintenant, @file{/var/guix/profiles/per-user} était disponible en
écriture pour tout le monde, ce qui permettait à la commande
@command{guix} de créér le sous-répertoire @code{$USER}.
Sur un système multi-utilisateur, cela permet à un utilisateur
malveillant de créer et de remplir le sous-répertoire @code{USER} pour
n'importe quel utilisateur qui ne s'est jamais connecté. Comme
@code{/var/@dots{}/$USER} fait partie de @code{$PATH}, l'utilisateur
ciblé pouvait exécuter des programmes fournis par l'attaquant. Voir
@uref{} pour plus de détails.
Cela est maintenant corrigé en laissant à @command{guix-daemon} le soin
de créer ces répertoire pour le compte des utilisateurs et en
supprimant les permissions en écriture pour tout le monde sur
@code{per-user}. Nous te recommandons de mettre à jour le démon
immédiatement. Pour cela, lance @code{sudo guix pull} si tu es sur
une distro externe ou @code{guix pull && sudo guix system reconfigure
@dots{}} sur le système Guix. Dans tous les cas, assure-toi ensuite de
redémarrer le service avec @code{herd} ou @code{systemctl}.")
(nl "Het standaard gebruikersprofiel, @file{~/.guix-profile}, verwijst
naar @file{/var/guix/profiles/per-user/$USER}. Tot op heden kon om het even wie
in @file{/var/guix/profiles/per-user} schrijven, wat het @command{guix}-commando
toestond de @code{$USER} submap aan te maken.
Op systemen met meerdere gebruikers kon hierdoor een kwaadaardige gebruiker een
@code{$USER} submap met inhoud aanmaken voor een andere gebruiker die nog niet
was ingelogd. Omdat @code{/var/@dots{}/$USER} zich in @code{$PATH} bevindt,
kon het doelwit zo code uitvoeren die door de aanvaller zelf werd aangeleverd.
Zie @uref{} voor meer informatie.
Dit probleem is nu verholpen: schrijven door iedereen in @code{per-user} is niet
meer toegestaan en @command{guix-daemon} maakt zelf submappen aan namens de
gebruiker. Op systemen met meerdere gebruikers raden we aan om
@code{guix-daemon} nu bij te werken. Op Guix System kan dit met
@code{guix pull && sudo guix system reconfigure @dots{}}, op andere distributies
met @code{sudo guix pull}. Herstart vervolgens in beide gevallen
@code{guix-daemon} met @code{herd} of @code{systemctl}.")))
(entry (commit "5f3f70391809f8791c55c05bd1646bc58508fa2c")
(title (en "GNU C Library upgraded")
(de "GNU-C-Bibliothek aktualisiert")
(es "Actualización de la biblioteca C de GNU")
(fr "Mise à jour de la bibliothèque C de GNU")
(nl "GNU C-bibliotheek bijgewerkt"))
@ -38,6 +213,18 @@ guix install glibc-locales glibc-locales-2.28
Auf Guix System genügt es, das @code{locale-libcs}-Feld Ihrer
@code{operating-system}-Form anzupassen. Führen Sie @code{info \"(
Locales\"} aus, um weitere Informationen dazu zu erhalten.")
(es "Se ha actualizado la biblioteca de C de GNU (glibc) a la versión
2.29. Para ejecutar programas instalados previamente que se encuentren
enlazados con glibc 2.28, es necesario que instale los datos de localización
de la versión 2.28 junto a los datos de localización de la versión 2.29:
guix install glibc-locales glibc-locales-2.28
@end example
En el sistema Guix, puede ajustar el campo @code{locale-libcs} de su
declaración @code{operating-system}. Ejecute @code{info \"(
Localizaciones\"} para obtener más información.")
(fr "La bibliothèque C de GNU (glibc) a été mise à jour en version
2.29. Pour pouvoir lancer tes programmes déjà installés et liés à glibc 2.28,
tu dois installer les données pour la version 2.28 en plus des données de
@ -61,10 +248,11 @@ guix install glibc-locales glibc-locales-2.28
Op Guix System kunt u het @code{locale-libcs}-veld van uw
@code{operating-system}-vorm aanpassen. Voer @code{info \"(guix) Locales\"}
uit voor verdere uitleg." )))
uit voor verdere uitleg.")))
(entry (commit "cdd3bcf03883d129581a79e6d6611b2afd3b277b")
(title (en "New reduced binary seed bootstrap")
(de "Neues Bootstrapping mit kleinerem Seed")
(es "Nueva reducción de la semilla binaria para el lanzamiento inicial")
(fr "Nouvel ensemble de binaires de bootstrap réduit")
(nl "Nieuwe bootstrap met verkleinde binaire kiem"))
@ -85,6 +273,12 @@ binaires à partir desquels les paquets sont construits pèse maintenant environ
130 Mio, soit la moitié par rapport à l'ensemble précédent. Tu peux lancer
@code{info \"(guix) Bootstrapping\"} pour plus de détails, ou regarder la
présentation sur @uref{}.")
(es "El grafo de paquetes en x86_64 y i686 ahora tiene su raíz en un
@dfn{conjunto reducido de semillas binarias}. El conjunto inicial de binarios
desde el que se construyen los paquetes ahora tiene un tamaño aproximado de
130_MiB , la mitad de su tamaño anterior. Ejecute @code{info \"(
Lanzamiento inicial\"} para aprender más, o puede ver la charla en inglés
(nl "Het netwerk van pakketten voor x86_64 en i686 is nu geworteld in
een @dfn{verkleinde verzameling van binaire kiemen}. Die beginverzameling
van binaire bestanden waaruit pakketten gebouwd worden is nu zo'n 130 MiB
@ -95,6 +289,7 @@ Bootstrapping\"} uit voor meer details, of bekijk de presentatie op
(entry (commit "dcc90d15581189dbc30e201db2b807273d6484f0")
(title (en "New channel news mechanism")
(de "Neuer Mechanismus, um Neuigkeiten über Kanäle anzuzeigen.")
(es "Nuevo mecanismo de noticias de los canales")
(fr "Nouveau mécanisme d'information sur les canaux")
(nl "Nieuw mechanisme voor nieuwsberichten per kanaal"))
@ -108,6 +303,11 @@ Mechanismus können Kanalautoren Ihren Nutzern @dfn{Einträge zu
Neuigkeiten} mitteilen, die diese sich mit @command{guix pull --news}
anzeigen lassen können. Führen Sie @command{info \"( Aufruf
von guix pull\"} aus, um weitere Informationen zu erhalten.")
(es "Está leyendo este mensaje a través del mecanismo de noticias del
canal, ¡enhorabuena! Este mecanismo permite a las autoras de canales
proporcionar @dfn{entradas de noticias} que las usuarias pueden ver con
@command{guix pull --news}. Ejecute @command{info \"( Invocación de
guix pull\"} para obtener más información.")
(fr "Ce message t'arrive à travers le nouveau mécanisme d'information
des canaux, bravo ! Ce mécanisme permet aux auteur·rice·s de canaux de
fournir des informations qu'on peut visualiser avec @command{guix pull

+ 51
- 0
gnu/bootloader/u-boot.scm View File

@ -28,12 +28,15 @@
(define install-u-boot
@ -90,6 +93,33 @@
(write-file-on-device u-boot (stat:size (stat u-boot))
device (* 512 512)))))
(define install-firefly-rk3399-u-boot
#~(lambda (bootloader device mount-point)
(let ((idb (string-append bootloader "/libexec/idbloader.img"))
(u-boot (string-append bootloader "/libexec/u-boot.itb")))
(write-file-on-device idb (stat:size (stat idb))
device (* 64 512))
(write-file-on-device u-boot (stat:size (stat u-boot))
device (* 16384 512)))))
(define install-rock64-rk3328-u-boot
#~(lambda (bootloader device mount-point)
(let ((idb (string-append bootloader "/libexec/idbloader.img"))
(u-boot (string-append bootloader "/libexec/u-boot.itb")))
(write-file-on-device idb (stat:size (stat idb))
device (* 64 512))
(write-file-on-device u-boot (stat:size (stat u-boot))
device (* 16384 512)))))
(define install-rockpro64-rk3399-u-boot
#~(lambda (bootloader device mount-point)
(let ((idb (string-append bootloader "/libexec/idbloader.img"))
(u-boot (string-append bootloader "/libexec/u-boot.itb")))
(write-file-on-device idb (stat:size (stat idb))
device (* 64 512))
(write-file-on-device u-boot (stat:size (stat u-boot))
device (* 16384 512)))))
@ -149,6 +179,13 @@
(inherit u-boot-allwinner-bootloader)
(package u-boot-bananapi-m2-ultra)))
(define u-boot-firefly-rk3399-bootloader
;; SD and eMMC use the same format
(inherit u-boot-bootloader)
(package u-boot-firefly-rk3399)
(installer install-firefly-rk3399-u-boot)))
(define u-boot-mx6cuboxi-bootloader
(inherit u-boot-imx-bootloader)
@ -179,3 +216,17 @@
(inherit u-boot-bootloader)
(package u-boot-puma-rk3399)
(installer install-puma-rk3399-u-boot)))
(define u-boot-rock64-rk3328-bootloader
;; SD and eMMC use the same format
(inherit u-boot-bootloader)
(package u-boot-rock64-rk3328)
(installer install-rock64-rk3328-u-boot)))
(define u-boot-rockpro64-rk3399-bootloader
;; SD and eMMC use the same format
(inherit u-boot-bootloader)
(package u-boot-rockpro64-rk3399)
(installer install-rockpro64-rk3399-u-boot)))

+ 2
- 1
gnu/ci.scm View File

@ -54,7 +54,8 @@
#:use-module (srfi srfi-1)
#:use-module (srfi srfi-26)
#:use-module (ice-9 match)
#:export (hydra-jobs))
#:export (channel-instance->package
;;; Commentary:

+ 28
- 9
gnu/ View File

@ -22,6 +22,7 @@
# Copyright © 2018 Maxim Cournoyer <>
# Copyright © 2019 Guillaume Le Vaillant <>
# Copyright © 2019 John Soo <>
# Copyright © 2019 Jonathan Brielmaier <>
# This file is part of GNU Guix.
@ -212,6 +213,7 @@ GNU_SYSTEM_MODULES = \
%D%/packages/gl.scm \
%D%/packages/glib.scm \
%D%/packages/gnome.scm \
%D%/packages/gnome-xyz.scm \
%D%/packages/gnu-doc.scm \
%D%/packages/gnucash.scm \
%D%/packages/gnunet.scm \
@ -425,6 +427,7 @@ GNU_SYSTEM_MODULES = \
%D%/packages/ruby.scm \
%D%/packages/rush.scm \
%D%/packages/rust.scm \
%D%/packages/rust-cbindgen.scm \
%D%/packages/samba.scm \
%D%/packages/sagemath.scm \
%D%/packages/sawfish.scm \
@ -580,6 +583,7 @@ GNU_SYSTEM_MODULES = \
%D%/system/vm.scm \
%D%/machine.scm \
%D%/machine/digital-ocean.scm \
%D%/machine/ssh.scm \
%D%/build/accounts.scm \
@ -694,12 +698,16 @@ dist_patch_DATA = \
%D%/packages/patches/antlr3-3_1-fix-java8-compilation.patch \
%D%/packages/patches/antlr3-3_3-fix-java8-compilation.patch \
%D%/packages/patches/apr-skip-getservbyname-test.patch \
%D%/packages/patches/arm-trusted-firmware-disable-hdcp.patch \
%D%/packages/patches/arm-trusted-firmware-optional-bin-generation.patch \
%D%/packages/patches/arm-trusted-firmware-rockchip-disable-binary.patch \
%D%/packages/patches/aspell-default-dict-dir.patch \
%D%/packages/patches/ath9k-htc-firmware-binutils.patch \
%D%/packages/patches/ath9k-htc-firmware-gcc.patch \
%D%/packages/patches/ath9k-htc-firmware-objcopy.patch \
%D%/packages/patches/audacity-build-with-system-portaudio.patch \
%D%/packages/patches/automake-skip-amhello-tests.patch \
%D%/packages/patches/avahi-CVE-2018-1000845.patch \
%D%/packages/patches/avahi-localstatedir.patch \
%D%/packages/patches/avogadro-boost148.patch \
%D%/packages/patches/avogadro-eigen3-update.patch \
@ -755,7 +763,6 @@ dist_patch_DATA = \
%D%/packages/patches/coda-use-system-libs.patch \
%D%/packages/patches/combinatorial-blas-awpm.patch \
%D%/packages/patches/combinatorial-blas-io-fix.patch \
%D%/packages/patches/cpio-CVE-2016-2037.patch \
%D%/packages/patches/cpufrequtils-fix-aclocal.patch \
%D%/packages/patches/crawl-upgrade-saves.patch \
%D%/packages/patches/crda-optional-gcrypt.patch \
@ -778,6 +785,7 @@ dist_patch_DATA = \
%D%/packages/patches/docbook-xsl-nonrecursive-string-subst.patch \
%D%/packages/patches/doc++-include-directives.patch \
%D%/packages/patches/doc++-segfault-fix.patch \
%D%/packages/patches/docker-adjust-tests-for-changes-in-go.patch \
%D%/packages/patches/docker-engine-test-noinstall.patch \
%D%/packages/patches/docker-fix-tests.patch \
%D%/packages/patches/docker-use-fewer-modprobes.patch \
@ -797,6 +805,7 @@ dist_patch_DATA = \
%D%/packages/patches/emacs-fix-scheme-indent-function.patch \
%D%/packages/patches/emacs-json-reformat-fix-tests.patch \
%D%/packages/patches/emacs-highlight-stages-add-gexp.patch \
%D%/packages/patches/emacs-magit-log-format-author-margin.patch \
%D%/packages/patches/emacs-scheme-complete-scheme-r5rs-info.patch \
%D%/packages/patches/emacs-source-date-epoch.patch \
%D%/packages/patches/emacs-undohist-ignored.patch \
@ -973,6 +982,7 @@ dist_patch_DATA = \
%D%/packages/patches/hurd-fix-eth-multiplexer-dependency.patch \
%D%/packages/patches/hplip-remove-imageprocessor.patch \
%D%/packages/patches/hydra-disable-darcs-test.patch \
%D%/packages/patches/icecat-gnuzilla-fixes.patch \
%D%/packages/patches/icecat-makeicecat.patch \
%D%/packages/patches/icecat-avoid-bundled-libraries.patch \
%D%/packages/patches/icecat-use-system-graphite2+harfbuzz.patch \
@ -995,11 +1005,13 @@ dist_patch_DATA = \
%D%/packages/patches/java-jeromq-fix-tests.patch \
%D%/packages/patches/java-powermock-fix-java-files.patch \
%D%/packages/patches/java-simple-xml-fix-tests.patch \
%D%/packages/patches/java-svg-salamander-Fix-non-det.patch \
%D%/packages/patches/java-xerces-bootclasspath.patch \
%D%/packages/patches/java-xerces-build_dont_unzip.patch \
%D%/packages/patches/java-xerces-xjavac_taskdef.patch \
%D%/packages/patches/jbig2dec-ignore-testtest.patch \
%D%/packages/patches/kdbusaddons-kinit-file-name.patch \
%D%/packages/patches/libvirt-create-machine-cgroup.patch \
%D%/packages/patches/libziparchive-add-includes.patch \
%D%/packages/patches/localed-xorg-keyboard.patch \
%D%/packages/patches/kiki-level-selection-crash.patch \
@ -1018,6 +1030,7 @@ dist_patch_DATA = \
%D%/packages/patches/kobodeluxe-manpage-minus-not-hyphen.patch \
%D%/packages/patches/kobodeluxe-midicon-segmentation-fault.patch \
%D%/packages/patches/kobodeluxe-graphics-window-signed-char.patch \
%D%/packages/patches/kodi-increase-test-timeout.patch \
%D%/packages/patches/kodi-set-libcurl-ssl-parameters.patch \
%D%/packages/patches/kodi-skip-test-449.patch \
%D%/packages/patches/laby-make-install.patch \
@ -1057,9 +1070,10 @@ dist_patch_DATA = \
%D%/packages/patches/libmad-md_size.patch \
%D%/packages/patches/libmad-mips-newgcc.patch \
%D%/packages/patches/libmp4v2-c++11.patch \
%D%/packages/patches/libmpeg2-arm-private-symbols.patch \
%D%/packages/patches/libmpeg2-global-symbol-test.patch \
%D%/packages/patches/libmygpo-qt-fix-qt-5.11.patch \
%D%/packages/patches/libmygpo-qt-missing-qt5-modules.patch \
%D%/packages/patches/libreoffice-boost.patch \
%D%/packages/patches/libreoffice-icu.patch \
%D%/packages/patches/libreoffice-glm.patch \
%D%/packages/patches/libsndfile-armhf-type-checks.patch \
@ -1137,6 +1151,9 @@ dist_patch_DATA = \
%D%/packages/patches/mtools-mformat-uninitialized.patch \
%D%/packages/patches/mumble-1.2.19-abs.patch \
%D%/packages/patches/mumps-build-parallelism.patch \
%D%/packages/patches/mumps-shared-libseq.patch \
%D%/packages/patches/mumps-shared-mumps.patch \
%D%/packages/patches/mumps-shared-pord.patch \
%D%/packages/patches/mupen64plus-ui-console-notice.patch \
%D%/packages/patches/mupen64plus-video-z64-glew-correct-path.patch \
%D%/packages/patches/mutt-store-references.patch \
@ -1179,6 +1196,7 @@ dist_patch_DATA = \
%D%/packages/patches/opencv-rgbd-aarch64-test-fix.patch \
%D%/packages/patches/openfoam-4.1-cleanup.patch \
%D%/packages/patches/openjdk-10-idlj-reproducibility.patch \
%D%/packages/patches/openmpi-psm2-priority.patch \
%D%/packages/patches/openocd-nrf52.patch \
%D%/packages/patches/opensmtpd-fix-crash.patch \
%D%/packages/patches/openssl-runpath.patch \
@ -1193,8 +1211,6 @@ dist_patch_DATA = \
%D%/packages/patches/p7zip-CVE-2016-9296.patch \
%D%/packages/patches/p7zip-CVE-2017-17969.patch \
%D%/packages/patches/p7zip-remove-unused-code.patch \
%D%/packages/patches/patchelf-page-size.patch \
%D%/packages/patches/patchelf-rework-for-arm.patch \
%D%/packages/patches/patchutils-test-perms.patch \
%D%/packages/patches/patch-hurd-path-max.patch \
%D%/packages/patches/pcre2-fix-jit_match-crash.patch \
@ -1262,6 +1278,7 @@ dist_patch_DATA = \
%D%/packages/patches/python-configobj-setuptools.patch \
%D%/packages/patches/python-faker-fix-build-32bit.patch \
%D%/packages/patches/python-keras-integration-test.patch \
%D%/packages/patches/python-pep8-stdlib-tokenize-compat.patch \
%D%/packages/patches/python-pyfakefs-remove-bad-test.patch \
%D%/packages/patches/python-flint-includes.patch \
%D%/packages/patches/python-libxml2-utf8.patch \
@ -1304,8 +1321,6 @@ dist_patch_DATA = \
%D%/packages/patches/rtags-separate-rct.patch \
%D%/packages/patches/racket-store-checksum-override.patch \
%D%/packages/patches/ruby-rubygems-276-for-ruby24.patch \
%D%/packages/patches/ruby-concurrent-ignore-broken-test.patch \
%D%/packages/patches/ruby-concurrent-test-arm.patch \
%D%/packages/patches/ruby-rack-ignore-failing-test.patch \
%D%/packages/patches/ruby-safe-yaml-add-require-time.patch \
@ -1316,11 +1331,13 @@ dist_patch_DATA = \
%D%/packages/patches/rust-coresimd-doctest.patch \
%D%/packages/patches/rust-reproducible-builds.patch \
%D%/packages/patches/rxvt-unicode-escape-sequences.patch \
%D%/packages/patches/sbcl-graph-asdf-definitions.patch \
%D%/packages/patches/scalapack-blacs-mpi-deprecations.patch \
%D%/packages/patches/scheme48-tests.patch \
%D%/packages/patches/scotch-build-parallelism.patch \
%D%/packages/patches/scotch-integer-declarations.patch \
%D%/packages/patches/sdl-libx11-1.6.patch \
%D%/packages/patches/seahorse-gkr-use-0-on-empty-flags.patch \
%D%/packages/patches/seq24-rename-mutex.patch \
%D%/packages/patches/sharutils-CVE-2018-1000097.patch \
%D%/packages/patches/shishi-fix-libgcrypt-detection.patch \
@ -1374,11 +1391,13 @@ dist_patch_DATA = \
%D%/packages/patches/tk-find-library.patch \
%D%/packages/patches/ttf2eot-cstddef.patch \
%D%/packages/patches/ttfautohint-source-date-epoch.patch \
%D%/packages/patches/tomb-fix-errors-on-open.patch \
%D%/packages/patches/totem-meson-compat.patch \
%D%/packages/patches/totem-meson-easy-codec.patch \
%D%/packages/patches/tuxpaint-stamps-path.patch \
%D%/packages/patches/txr-shell.patch \
%D%/packages/patches/u-boot-fix-mkimage-header-verification.patch \
%D%/packages/patches/udiskie-no-appindicator.patch \
%D%/packages/patches/unzip-CVE-2014-8139.patch \
%D%/packages/patches/unzip-CVE-2014-8140.patch \