From 6de284e832fe6056aec7e89823c0be0a46682c39 Mon Sep 17 00:00:00 2001 From: jgart Date: Fri, 19 Nov 2021 06:06:40 -0500 Subject: gnu: racket: Update to 8.3. * gnu/packages/racket.scm (racket-minimal, racket): Update to 8.3. * gnu/packages/racket.scm (racket-minimal)[source]: Remove racket-minimal-backport-1629887.patch from patches. * gnu/packages/patches/racket-minimal-backport-1629887.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Unregister it. Signed-off-by: Arun Isaac --- .../patches/racket-minimal-backport-1629887.patch | 28 ---------------------- 1 file changed, 28 deletions(-) delete mode 100644 gnu/packages/patches/racket-minimal-backport-1629887.patch (limited to 'gnu/packages/patches') diff --git a/gnu/packages/patches/racket-minimal-backport-1629887.patch b/gnu/packages/patches/racket-minimal-backport-1629887.patch deleted file mode 100644 index aa060ef5aa..0000000000 --- a/gnu/packages/patches/racket-minimal-backport-1629887.patch +++ /dev/null @@ -1,28 +0,0 @@ -From fb1a6ab205fd63a46669a463931af473e2ac0c87 Mon Sep 17 00:00:00 2001 -From: Matthew Flatt -Date: Sat, 21 Aug 2021 15:29:59 -0600 -Subject: [PATCH] setup/variant: recognize starter executables - -Related to #3969 - -(cherry picked from commit 1629887071fe3cc8fe8af0a7aa0d3912509cb058) ---- - racket/collects/setup/variant.rkt | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/racket/collects/setup/variant.rkt b/racket/collects/setup/variant.rkt -index 81da6f5701..b23131e481 100644 ---- a/racket/collects/setup/variant.rkt -+++ b/racket/collects/setup/variant.rkt -@@ -25,7 +25,7 @@ - (and (file-exists? f) - (with-input-from-file f - (lambda () -- (define m (regexp-match #rx#"bINARy tYPe:..(.)" -+ (define m (regexp-match #rx#"bINARy tYPe:e?..(.)" - (current-input-port))) - (cond - [(not m) '3m] --- -2.30.2 - -- cgit v1.2.3 From bf1e46e959884df4bb204807efd21bbf44c5f87e Mon Sep 17 00:00:00 2001 From: Pierre Langlois Date: Fri, 5 Nov 2021 20:38:45 +0000 Subject: gnu: u-boot: Fix rk3399 boot from emmc. * gnu/packages/bootloaders.scm (%u-boot-rk3399-enable-emmc-phy-patch): New variable. (u-boot)[origin]: Register it. * gnu/packages/patches/u-boot-rk3399-enable-emmc-phy.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. --- gnu/local.mk | 1 + gnu/packages/bootloaders.scm | 9 +++++++- .../patches/u-boot-rk3399-enable-emmc-phy.patch | 26 ++++++++++++++++++++++ 3 files changed, 35 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/u-boot-rk3399-enable-emmc-phy.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index b9fff951b2..efe153faf2 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1826,6 +1826,7 @@ dist_patch_DATA = \ %D%/packages/patches/u-boot-rockchip-inno-usb.patch \ %D%/packages/patches/u-boot-sifive-prevent-reloc-initrd-fdt.patch \ %D%/packages/patches/u-boot-riscv64-fix-extlinux.patch \ + %D%/packages/patches/u-boot-rk3399-enable-emmc-phy.patch \ %D%/packages/patches/ucx-tcp-iface-ioctl.patch \ %D%/packages/patches/ungoogled-chromium-extension-search-path.patch \ %D%/packages/patches/ungoogled-chromium-ffmpeg-compat.patch \ diff --git a/gnu/packages/bootloaders.scm b/gnu/packages/bootloaders.scm index 0108494f59..0232efa78c 100644 --- a/gnu/packages/bootloaders.scm +++ b/gnu/packages/bootloaders.scm @@ -504,6 +504,12 @@ tree binary files. These are board description files used by Linux and BSD.") ;; https://lists.denx.de/pipermail/u-boot/2021-October/462728.html (search-patch "u-boot-allow-disabling-openssl.patch")) +(define %u-boot-rk3399-enable-emmc-phy-patch + ;; Fix emmc boot on rockpro64 and pinebook-pro, this was a regression + ;; therefore should hopefully be fixed when updating u-boot. + ;; https://lists.denx.de/pipermail/u-boot/2021-November/466329.html + (search-patch "u-boot-rk3399-enable-emmc-phy.patch")) + (define u-boot (package (name "u-boot") @@ -512,7 +518,8 @@ tree binary files. These are board description files used by Linux and BSD.") (patches (list %u-boot-rockchip-inno-usb-patch %u-boot-allow-disabling-openssl-patch - %u-boot-sifive-prevent-relocating-initrd-fdt)) + %u-boot-sifive-prevent-relocating-initrd-fdt + %u-boot-rk3399-enable-emmc-phy-patch)) (method url-fetch) (uri (string-append "https://ftp.denx.de/pub/u-boot/" diff --git a/gnu/packages/patches/u-boot-rk3399-enable-emmc-phy.patch b/gnu/packages/patches/u-boot-rk3399-enable-emmc-phy.patch new file mode 100644 index 0000000000..f14a9ce104 --- /dev/null +++ b/gnu/packages/patches/u-boot-rk3399-enable-emmc-phy.patch @@ -0,0 +1,26 @@ +adapting commit ac804143cf ("mmc: rockchip_sdhci: add phy and clock +config for rk3399") to fix the issue "Not found emmc phy device". + +Signed-off-by: Yifeng Zhao +--- + + arch/arm/dts/rk3399-u-boot.dtsi | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/arch/arm/dts/rk3399-u-boot.dtsi b/arch/arm/dts/rk3399-u-boot.dtsi +index 73922c328a..716b9a433a 100644 +--- a/arch/arm/dts/rk3399-u-boot.dtsi ++++ b/arch/arm/dts/rk3399-u-boot.dtsi +@@ -88,6 +88,10 @@ + u-boot,dm-pre-reloc; + }; + ++&emmc_phy { ++ u-boot,dm-pre-reloc; ++}; ++ + &grf { + u-boot,dm-pre-reloc; + }; +-- +2.17.1 -- cgit v1.2.3 From 25cb5bad5e2475a49e20a2da888652e0bd322530 Mon Sep 17 00:00:00 2001 From: Attila Lendvai Date: Fri, 24 Sep 2021 13:05:05 +0200 Subject: gnu: python-trezor-agent: Fix key generation with trezor-gpg init * gnu/packages/finance.scm (trezor-agent): Add comment on why the undoing of the wrapping is done, and also delete the irrelevant sideffect of the now undone wrapping. (python-trezor-agent): Add a patch that changes the python code to handle the argv[0] changed by the wrapping. * gnu/packages/patches/trezor-agent-fix-argv0.patch: New file. * gnu/local.mk (dist_patch_DATA): Reference patch. Signed-off-by: Nicolas Goaziou --- gnu/local.mk | 1 + gnu/packages/finance.scm | 13 +++++++++-- .../patches/python-trezor-agent-fix-argv0.patch | 27 ++++++++++++++++++++++ 3 files changed, 39 insertions(+), 2 deletions(-) create mode 100644 gnu/packages/patches/python-trezor-agent-fix-argv0.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index efe153faf2..b1eb41d4fc 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1680,6 +1680,7 @@ dist_patch_DATA = \ %D%/packages/patches/python-pytorch-system-libraries.patch \ %D%/packages/patches/python-robotframework-source-date-epoch.patch \ %D%/packages/patches/python-seaborn-kde-test.patch \ + %D%/packages/patches/python-trezor-agent-fix-argv0.patch \ %D%/packages/patches/python2-subprocess32-disable-input-test.patch \ %D%/packages/patches/python-unittest2-python3-compat.patch \ %D%/packages/patches/python-unittest2-remove-argparse.patch \ diff --git a/gnu/packages/finance.scm b/gnu/packages/finance.scm index 00e3b7a5af..f4978a444b 100644 --- a/gnu/packages/finance.scm +++ b/gnu/packages/finance.scm @@ -844,7 +844,8 @@ the Monero GUI client.") (commit (string-append "v" version)))) (file-name (git-file-name name version)) (sha256 - (base32 "0q99vbfd3h85s8rnjipnmldixabqmmlk5w9karv6f0rhyi54f4zv")))) + (base32 "0q99vbfd3h85s8rnjipnmldixabqmmlk5w9karv6f0rhyi54f4zv")) + (patches (search-patches "python-trezor-agent-fix-argv0.patch")))) (build-system python-build-system) (arguments `(#:phases @@ -1091,7 +1092,15 @@ the KeepKey Hardware Wallet.") (add-after 'wrap 'fixup-agent-py (lambda* (#:key inputs outputs #:allow-other-keys) (let* ((out (assoc-ref outputs "out"))) - ;; overwrite the wrapper with the real thing. + ;; The wrap phase also wraps trezor_agent.py (besides the + ;; public facing executable called trezor-agent). We need to + ;; undo that wrapping. The reason this is needed is that the + ;; python easy install generates a toplevel script (?) that + ;; messes with argv[0] and then re-opens the python + ;; module. This fails when the wrapped file is actually a shell + ;; script, not a python file. + (delete-file (string-append out "/bin/.trezor_agent.py-real")) + ;; Overwrite the wrapped one with the real thing. (install-file "./trezor_agent.py" (string-append out "/bin")) #t)))))) diff --git a/gnu/packages/patches/python-trezor-agent-fix-argv0.patch b/gnu/packages/patches/python-trezor-agent-fix-argv0.patch new file mode 100644 index 0000000000..9462067cd5 --- /dev/null +++ b/gnu/packages/patches/python-trezor-agent-fix-argv0.patch @@ -0,0 +1,27 @@ +diff --git a/libagent/gpg/__init__.py b/libagent/gpg/__init__.py +index 3711bc8..67085de 100644 +--- a/libagent/gpg/__init__.py ++++ b/libagent/gpg/__init__.py +@@ -122,15 +122,19 @@ def run_init(device_type, args): + verify_gpg_version() + + # Prepare new GPG home directory for hardware-based identity +- device_name = os.path.basename(sys.argv[0]).rsplit('-', 1)[0] +- log.info('device name: %s', device_name) ++ exe_name = os.path.basename(sys.argv[0]) ++ # drop the Guix wrapper's dot prefix from the name ++ if exe_name[0] == '.' and exe_name.endswith('-real'): ++ exe_name = exe_name[1:-5:] ++ device_name = exe_name.rsplit('-', 1)[0] ++ log.info('exe name: %s, device name: %s', exe_name, device_name) + homedir = args.homedir + if not homedir: + homedir = os.path.expanduser('~/.gnupg/{}'.format(device_name)) + + log.info('GPG home directory: %s', homedir) + +- if os.path.exists(homedir): ++ if os.path.exists(homedir) and not args.subkey: + log.error('GPG home directory %s exists, ' + 'remove it manually if required', homedir) + sys.exit(1) -- cgit v1.2.3 From d95a982cdd898790d247f013440f08a448265e3f Mon Sep 17 00:00:00 2001 From: Julien Lepiller Date: Sun, 28 Nov 2021 16:42:56 +0100 Subject: gnu: coq: Update to 8.14.0. * gnu/packages/coq.scm (coq): Update to 8.14.0. (coq-bignums): Update to 8.14.0. (coq-equations): Update to 1.3. * gnu/packages/patches/coq-fix-envvars.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. --- gnu/local.mk | 1 + gnu/packages/coq.scm | 63 +++++++++---- gnu/packages/patches/coq-fix-envvars.patch | 139 +++++++++++++++++++++++++++++ 3 files changed, 187 insertions(+), 16 deletions(-) create mode 100644 gnu/packages/patches/coq-fix-envvars.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index b1eb41d4fc..a5c0486c94 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -951,6 +951,7 @@ dist_patch_DATA = \ %D%/packages/patches/collectd-5.11.0-noinstallvar.patch \ %D%/packages/patches/combinatorial-blas-awpm.patch \ %D%/packages/patches/combinatorial-blas-io-fix.patch \ + %D%/packages/patches/coq-fix-envvars.patch \ %D%/packages/patches/coreutils-ls.patch \ %D%/packages/patches/cpuinfo-system-libraries.patch \ %D%/packages/patches/crawl-upgrade-saves.patch \ diff --git a/gnu/packages/coq.scm b/gnu/packages/coq.scm index 8d967241f5..cf0c67f214 100644 --- a/gnu/packages/coq.scm +++ b/gnu/packages/coq.scm @@ -49,10 +49,10 @@ #:use-module (guix utils) #:use-module ((srfi srfi-1) #:hide (zip))) -(define-public coq +(define-public coq-core (package - (name "coq") - (version "8.13.2") + (name "coq-core") + (version "8.14.0") (source (origin (method git-fetch) @@ -62,25 +62,31 @@ (file-name (git-file-name name version)) (sha256 (base32 - "15r0cm3p9dlsxbg0lf05njjp1xi1y74vxvq6drxjykax67x95l8a")))) + "0iachapmdwvwwlvkrb2yxhqqrgzs70zyr1c9v1jdb1awx3bp68hf")) + (patches (search-patches "coq-fix-envvars.patch")))) (native-search-paths (list (search-path-specification (variable "COQPATH") - (files (list "lib/coq/user-contrib"))) + (files (list "lib/ocaml/site-lib/coq/user-contrib" + "lib/coq/user-contrib"))) (search-path-specification - (variable "COQLIB") - (files (list "lib/ocaml/site-lib/coq")) + (variable "COQLIBPATH") + (files (list "lib/ocaml/site-lib/coq"))) + (search-path-specification + (variable "COQCORELIB") + (files (list "lib/ocaml/site-lib/coq-core")) (separator #f)))) (build-system dune-build-system) (inputs `(("gmp" ,gmp) ("ocaml-zarith" ,ocaml-zarith))) (native-inputs - `(("which" ,which))) + `(("ocaml-ounit2" ,ocaml-ounit2) + ("which" ,which))) (arguments - `(#:package "coq" - #:test-target "test-suite")) - (properties '((upstream-name . "coq"))) ; for inherited packages + `(#:package "coq-core" + #:test-target ".")) + (properties '((upstream-name . "coq"))) ; also for inherited packages (home-page "https://coq.inria.fr") (synopsis "Proof assistant for higher-order logic") (description @@ -91,6 +97,31 @@ It is developed using Objective Caml and Camlp5.") ;; Some of the documentation is distributed under opl1.0+. (license (list license:lgpl2.1 license:opl1.0+)))) +(define-public coq-stdlib + (package + (inherit coq-core) + (name "coq-stdlib") + (arguments + `(#:package "coq-stdlib" + #:test-target ".")) + (inputs + `(("coq-core" ,coq-core) + ("gmp" ,gmp) + ("ocaml-zarith" ,ocaml-zarith))) + (native-inputs '()))) + +(define-public coq + (package + (inherit coq-core) + (name "coq") + (arguments + `(#:package "coq" + #:test-target ".")) + (propagated-inputs + `(("coq-core" ,coq-core) + ("coq-stdlib" ,coq-stdlib))) + (native-inputs '()))) + (define-public coq-ide-server (package (inherit coq) @@ -410,7 +441,7 @@ theorems between the two libraries.") (define-public coq-bignums (package (name "coq-bignums") - (version "8.13.0") + (version "8.14.0") (source (origin (method git-fetch) (uri (git-reference @@ -419,7 +450,7 @@ theorems between the two libraries.") (file-name (git-file-name name version)) (sha256 (base32 - "1n66i7hd9222b2ks606mak7m4f0dgy02xgygjskmmav6h7g2sx7y")))) + "0jsgdvj0ddhkls32krprp34r64y1rb5mwxl34fgaxk2k4664yq06")))) (build-system gnu-build-system) (native-inputs `(("ocaml" ,ocaml) @@ -537,16 +568,16 @@ uses Ltac to synthesize the substitution operation.") (define-public coq-equations (package (name "coq-equations") - (version "1.2.4") + (version "1.3") (source (origin (method git-fetch) (uri (git-reference (url "https://github.com/mattam82/Coq-Equations") - (commit (string-append "v" version "-8.13")))) + (commit (string-append "v" version "-8.14")))) (file-name (git-file-name name version)) (sha256 (base32 - "0i014lshsdflzw6h0qxra9d2f0q82vffxv2f29awbb9ad0p4rq4q")))) + "19bj9nncd1r9g4273h5qx35gs3i4bw5z9bhjni24b413hyj55hkv")))) (build-system gnu-build-system) (native-inputs `(("ocaml" ,ocaml) diff --git a/gnu/packages/patches/coq-fix-envvars.patch b/gnu/packages/patches/coq-fix-envvars.patch new file mode 100644 index 0000000000..deecf5ce74 --- /dev/null +++ b/gnu/packages/patches/coq-fix-envvars.patch @@ -0,0 +1,139 @@ +From ebe09fcac72b21d17c4e8fe6edc1b6076a4ae97c Mon Sep 17 00:00:00 2001 +From: Julien Lepiller +Date: Sun, 21 Nov 2021 00:38:03 +0100 +Subject: [PATCH] Fix environment variable usage. + +--- + checker/checker.ml | 2 ++ + lib/envars.ml | 26 ++++++++++++++++---------- + sysinit/coqargs.ml | 3 ++- + sysinit/coqloadpath.ml | 3 ++- + sysinit/coqloadpath.mli | 2 +- + tools/coqdep.ml | 2 +- + 6 files changed, 24 insertions(+), 14 deletions(-) + +diff --git a/checker/checker.ml b/checker/checker.ml +index f55ed9e8d6..3b797729ed 100644 +--- a/checker/checker.ml ++++ b/checker/checker.ml +@@ -104,6 +104,7 @@ let set_include d p = + (* Initializes the LoadPath *) + let init_load_path () = + let coqlib = Envars.coqlib () in ++ let coqcorelib = Envars.coqcorelib () in + let user_contrib = coqlib/"user-contrib" in + let xdg_dirs = Envars.xdg_dirs in + let coqpath = Envars.coqpath in +@@ -111,6 +112,7 @@ let init_load_path () = + CPath.choose_existing + [ CPath.make [ coqlib ; "plugins" ] + ; CPath.make [ coqlib ; ".."; "coq-core"; "plugins" ] ++ ; CPath.make [ coqcorelib ; "plugins" ] + ] |> function + | None -> + CErrors.user_err (Pp.str "Cannot find plugins directory") +diff --git a/lib/envars.ml b/lib/envars.ml +index 750bd60e71..c7affbd437 100644 +--- a/lib/envars.ml ++++ b/lib/envars.ml +@@ -127,15 +127,21 @@ let check_file_else ~dir ~file oth = + let guess_coqlib fail = + getenv_else "COQLIB" (fun () -> + let prelude = "theories/Init/Prelude.vo" in +- check_file_else ~dir:Coq_config.coqlibsuffix ~file:prelude +- (fun () -> +- if Sys.file_exists (Coq_config.coqlib / prelude) +- then Coq_config.coqlib +- else +- fail "cannot guess a path for Coq libraries; please use -coqlib option \ +- or ensure you have installed the package containing Coq's stdlib (coq-stdlib in OPAM) \ +- If you intend to use Coq without a standard library, the -boot -noinit options must be used.") +- ) ++ let coqlibpath = getenv_else "COQLIBPATH" (fun () -> Coq_config.coqlibsuffix) in ++ let paths = path_to_list coqlibpath in ++ let valid_paths = ++ List.filter ++ (fun dir -> (check_file_else ~dir:dir ~file:prelude (fun () -> "")) <> "") ++ paths in ++ match valid_paths with ++ | [] -> ++ if Sys.file_exists (Coq_config.coqlib / prelude) ++ then Coq_config.coqlib ++ else ++ fail "cannot guess a path for Coq libraries; please use -coqlib option \ ++ or ensure you have installed the package containing Coq's stdlib (coq-stdlib in OPAM) \ ++ If you intend to use Coq without a standard library, the -boot -noinit options must be used." ++ | p::_ -> p) + + let coqlib_ref : string option ref = ref None + let set_user_coqlib path = coqlib_ref := Some path +@@ -208,7 +214,7 @@ let xdg_dirs ~warn = + let print_config ?(prefix_var_name="") f coq_src_subdirs = + let open Printf in + fprintf f "%sCOQLIB=%s/\n" prefix_var_name (coqlib ()); +- fprintf f "%sCOQCORELIB=%s/\n" prefix_var_name (coqlib () / "../coq-core/"); ++ fprintf f "%sCOQCORELIB=%s/\n" prefix_var_name (coqcorelib ()); + fprintf f "%sDOCDIR=%s/\n" prefix_var_name (docdir ()); + fprintf f "%sOCAMLFIND=%s\n" prefix_var_name (ocamlfind ()); + fprintf f "%sCAMLFLAGS=%s\n" prefix_var_name Coq_config.caml_flags; +diff --git a/sysinit/coqargs.ml b/sysinit/coqargs.ml +index 00f70a5fea..8325623a63 100644 +--- a/sysinit/coqargs.ml ++++ b/sysinit/coqargs.ml +@@ -453,7 +453,8 @@ let build_load_path opts = + if opts.pre.boot then [],[] + else + let coqlib = Envars.coqlib () in +- Coqloadpath.init_load_path ~coqlib in ++ let coqcorelib = Envars.coqcorelib () in ++ Coqloadpath.init_load_path ~coqlib ~coqcorelib in + ml_path @ opts.pre.ml_includes , + vo_path @ opts.pre.vo_includes + +diff --git a/sysinit/coqloadpath.ml b/sysinit/coqloadpath.ml +index 95ae5da3de..a58cfe6928 100644 +--- a/sysinit/coqloadpath.ml ++++ b/sysinit/coqloadpath.ml +@@ -35,7 +35,7 @@ let build_userlib_path ~unix_path = + else [], [] + + (* LoadPath for Coq user libraries *) +-let init_load_path ~coqlib = ++let init_load_path ~coqlib ~coqcorelib = + + let open Loadpath in + let user_contrib = coqlib/"user-contrib" in +@@ -50,6 +50,7 @@ let init_load_path ~coqlib = + CPath.choose_existing + [ CPath.make [ coqlib ; "plugins" ] + ; CPath.make [ coqlib ; ".."; "coq-core"; "plugins" ] ++ ; CPath.make [ coqcorelib ; "plugins" ] + ] |> function + | None -> + CErrors.user_err (Pp.str "Cannot find plugins directory") +diff --git a/sysinit/coqloadpath.mli b/sysinit/coqloadpath.mli +index d853e9ea54..43c6dfa134 100644 +--- a/sysinit/coqloadpath.mli ++++ b/sysinit/coqloadpath.mli +@@ -12,5 +12,5 @@ + includes (in-order) Coq's standard library, Coq's [user-contrib] + folder, and directories specified in [COQPATH] and [XDG_DIRS] *) + val init_load_path +- : coqlib:CUnix.physical_path ++ : coqlib:CUnix.physical_path -> coqcorelib:CUnix.physical_path + -> CUnix.physical_path list * Loadpath.vo_path list +diff --git a/tools/coqdep.ml b/tools/coqdep.ml +index c1c87993e1..6c78e10866 100644 +--- a/tools/coqdep.ml ++++ b/tools/coqdep.ml +@@ -33,7 +33,7 @@ let coqdep () = + let coqlib = Envars.coqlib () in + let coq_plugins_dir = Filename.concat (Envars.coqcorelib ()) "plugins" in + if not (Sys.file_exists coq_plugins_dir) then +- CErrors.user_err Pp.(str "coqdep: cannot find plugins directory for coqlib: " ++ str coqlib ++ fnl ()); ++ CErrors.user_err Pp.(str "coqdep: cannot find plugins directory " ++ str coq_plugins_dir ++ str " for coqlib: " ++ str coqlib ++ fnl ()); + CD.add_rec_dir_import CD.add_coqlib_known (coqlib//"theories") ["Coq"]; + CD.add_rec_dir_import CD.add_coqlib_known (coq_plugins_dir) ["Coq"]; + let user = coqlib//"user-contrib" in +-- +2.33.1 -- cgit v1.2.3 From ce6ea46d409c0ef56f18c02a862ea48504392489 Mon Sep 17 00:00:00 2001 From: Giacomo Leidi Date: Sat, 20 Nov 2021 00:41:25 +0100 Subject: gnu: Add dynaconf. * gnu/packages/python-xyz.scm (dynaconf): New variable. * gnu/packages/patches/dynaconf-Unvendor-dependencies.patch: New file. * local.mk (dist_patch_DATA): Register it. Signed-off-by: Efraim Flashner --- gnu/local.mk | 1 + gnu/packages/patches/dynaconf-unvendor-deps.patch | 179 ++++++++++++++++++++++ gnu/packages/python-xyz.scm | 74 ++++++++- 3 files changed, 253 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/dynaconf-unvendor-deps.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index a5c0486c94..d3949f36a4 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -995,6 +995,7 @@ dist_patch_DATA = \ %D%/packages/patches/dstat-skip-devices-without-io.patch \ %D%/packages/patches/dune-istl-2.7-fix-non-mpi-tests.patch \ %D%/packages/patches/dvd+rw-tools-add-include.patch \ + %D%/packages/patches/dynaconf-unvendor-deps.patch \ %D%/packages/patches/ecl-16-format-directive-limit.patch \ %D%/packages/patches/ecl-16-ignore-stderr-write-error.patch \ %D%/packages/patches/ecl-16-libffi.patch \ diff --git a/gnu/packages/patches/dynaconf-unvendor-deps.patch b/gnu/packages/patches/dynaconf-unvendor-deps.patch new file mode 100644 index 0000000000..550e311363 --- /dev/null +++ b/gnu/packages/patches/dynaconf-unvendor-deps.patch @@ -0,0 +1,179 @@ +From 3f7b48195500cbbbbecd3cac2f5308c64004479b Mon Sep 17 00:00:00 2001 +From: Giacomo Leidi +Date: Sun, 29 Aug 2021 23:39:27 +0200 +Subject: [PATCH] Use system site dependencies. + +Box was not unvendored because it appears to be heavily patched. +--- + dynaconf/cli.py | 4 ++-- + dynaconf/default_settings.py | 2 +- + dynaconf/loaders/env_loader.py | 2 +- + dynaconf/loaders/toml_loader.py | 2 +- + dynaconf/loaders/yaml_loader.py | 2 +- + dynaconf/utils/parse_conf.py | 2 +- + dynaconf/vendor/box/converters.py | 4 ++-- + dynaconf/vendor/box/from_file.py | 4 ++-- + dynaconf/vendor_src/box/converters.py | 4 ++-- + dynaconf/vendor_src/box/from_file.py | 4 ++-- + tests/test_cli.py | 2 +- + 11 files changed, 16 insertions(+), 16 deletions(-) + +diff --git a/dynaconf/cli.py b/dynaconf/cli.py +index 5bb8316..1341a95 100644 +--- a/dynaconf/cli.py ++++ b/dynaconf/cli.py +@@ -20,8 +20,8 @@ from dynaconf.utils.functional import empty + from dynaconf.utils.parse_conf import parse_conf_data + from dynaconf.validator import ValidationError + from dynaconf.validator import Validator +-from dynaconf.vendor import click +-from dynaconf.vendor import toml ++import click ++import toml + + + CWD = Path.cwd() +diff --git a/dynaconf/default_settings.py b/dynaconf/default_settings.py +index 66601b0..9605fc5 100644 +--- a/dynaconf/default_settings.py ++++ b/dynaconf/default_settings.py +@@ -8,7 +8,7 @@ from dynaconf.utils import upperfy + from dynaconf.utils import warn_deprecations + from dynaconf.utils.files import find_file + from dynaconf.utils.parse_conf import parse_conf_data +-from dynaconf.vendor.dotenv import load_dotenv ++from dotenv import load_dotenv + + + def try_renamed(key, value, older_key, current_key): +diff --git a/dynaconf/loaders/env_loader.py b/dynaconf/loaders/env_loader.py +index e7b13bd..b034c8a 100644 +--- a/dynaconf/loaders/env_loader.py ++++ b/dynaconf/loaders/env_loader.py +@@ -2,7 +2,7 @@ from os import environ + + from dynaconf.utils import upperfy + from dynaconf.utils.parse_conf import parse_conf_data +-from dynaconf.vendor.dotenv import cli as dotenv_cli ++from dotenv import cli as dotenv_cli + + + IDENTIFIER = "env" +diff --git a/dynaconf/loaders/toml_loader.py b/dynaconf/loaders/toml_loader.py +index 07b973f..d81d675 100644 +--- a/dynaconf/loaders/toml_loader.py ++++ b/dynaconf/loaders/toml_loader.py +@@ -5,7 +5,7 @@ from dynaconf import default_settings + from dynaconf.constants import TOML_EXTENSIONS + from dynaconf.loaders.base import BaseLoader + from dynaconf.utils import object_merge +-from dynaconf.vendor import toml ++import toml + + + def load(obj, env=None, silent=True, key=None, filename=None): +diff --git a/dynaconf/loaders/yaml_loader.py b/dynaconf/loaders/yaml_loader.py +index 33c6532..3ef419a 100644 +--- a/dynaconf/loaders/yaml_loader.py ++++ b/dynaconf/loaders/yaml_loader.py +@@ -7,7 +7,7 @@ from dynaconf.constants import YAML_EXTENSIONS + from dynaconf.loaders.base import BaseLoader + from dynaconf.utils import object_merge + from dynaconf.utils.parse_conf import try_to_encode +-from dynaconf.vendor.ruamel import yaml ++from ruamel import yaml + + # Add support for Dynaconf Lazy values to YAML dumper + yaml.SafeDumper.yaml_representers[ +diff --git a/dynaconf/utils/parse_conf.py b/dynaconf/utils/parse_conf.py +index c42b07a..01ccdae 100644 +--- a/dynaconf/utils/parse_conf.py ++++ b/dynaconf/utils/parse_conf.py +@@ -9,7 +9,7 @@ from dynaconf.utils import isnamedtupleinstance + from dynaconf.utils import multi_replace + from dynaconf.utils import recursively_evaluate_lazy_format + from dynaconf.utils.boxing import DynaBox +-from dynaconf.vendor import toml ++import toml + + try: + from jinja2 import Environment +diff --git a/dynaconf/vendor/box/converters.py b/dynaconf/vendor/box/converters.py +index 93cdcfb..e34c7dc 100644 +--- a/dynaconf/vendor/box/converters.py ++++ b/dynaconf/vendor/box/converters.py +@@ -7,9 +7,9 @@ _B='utf-8' + _A=None + import csv,json,sys,warnings + from pathlib import Path +-import dynaconf.vendor.ruamel.yaml as yaml ++import ruamel.yaml as yaml + from dynaconf.vendor.box.exceptions import BoxError,BoxWarning +-from dynaconf.vendor import toml ++import toml + BOX_PARAMETERS='default_box','default_box_attr','conversion_box','frozen_box','camel_killer_box','box_safe_prefix','box_duplicates','ordered_box','default_box_none_transform','box_dots','modify_tuples_box','box_intact_types','box_recast' + def _exists(filename,create=_E): + A=filename;B=Path(A) +diff --git a/dynaconf/vendor/box/from_file.py b/dynaconf/vendor/box/from_file.py +index daa1137..d75940b 100644 +--- a/dynaconf/vendor/box/from_file.py ++++ b/dynaconf/vendor/box/from_file.py +@@ -1,8 +1,8 @@ + from json import JSONDecodeError + from pathlib import Path + from typing import Union +-from dynaconf.vendor.toml import TomlDecodeError +-from dynaconf.vendor.ruamel.yaml import YAMLError ++from toml import TomlDecodeError ++from ruamel.yaml import YAMLError + from .exceptions import BoxError + from .box import Box + from .box_list import BoxList +diff --git a/dynaconf/vendor_src/box/converters.py b/dynaconf/vendor_src/box/converters.py +index c9a2293..ae42bf6 100644 +--- a/dynaconf/vendor_src/box/converters.py ++++ b/dynaconf/vendor_src/box/converters.py +@@ -9,9 +9,9 @@ import sys + import warnings + from pathlib import Path + +-import dynaconf.vendor.ruamel.yaml as yaml ++import ruamel.yaml as yaml + from dynaconf.vendor.box.exceptions import BoxError, BoxWarning +-from dynaconf.vendor import toml ++import toml + + + BOX_PARAMETERS = ('default_box', 'default_box_attr', 'conversion_box', +diff --git a/dynaconf/vendor_src/box/from_file.py b/dynaconf/vendor_src/box/from_file.py +index 2e2a6ad..3f76819 100644 +--- a/dynaconf/vendor_src/box/from_file.py ++++ b/dynaconf/vendor_src/box/from_file.py +@@ -3,8 +3,8 @@ + from json import JSONDecodeError + from pathlib import Path + from typing import Union +-from dynaconf.vendor.toml import TomlDecodeError +-from dynaconf.vendor.ruamel.yaml import YAMLError ++from toml import TomlDecodeError ++from ruamel.yaml import YAMLError + + + from .exceptions import BoxError +diff --git a/tests/test_cli.py b/tests/test_cli.py +index 6693701..df44409 100644 +--- a/tests/test_cli.py ++++ b/tests/test_cli.py +@@ -11,7 +11,7 @@ from dynaconf.cli import main + from dynaconf.cli import read_file_in_root_directory + from dynaconf.cli import WRITERS + from dynaconf.utils.files import read_file +-from dynaconf.vendor.click.testing import CliRunner ++from click.testing import CliRunner + + + runner = CliRunner() + +base-commit: ebf7b17cffd5e08b212948bd8036d580718d5bf8 +-- +2.32.0 diff --git a/gnu/packages/python-xyz.scm b/gnu/packages/python-xyz.scm index 319313bab0..fa6a1e333c 100644 --- a/gnu/packages/python-xyz.scm +++ b/gnu/packages/python-xyz.scm @@ -63,7 +63,7 @@ ;;; Copyright © 2019, 2020 Alex Griffin ;;; Copyright © 2019, 2020, 2021 Pierre Langlois ;;; Copyright © 2019 Jacob MacDonald -;;; Copyright © 2019, 2020 Giacomo Leidi +;;; Copyright © 2019, 2020, 2021 Giacomo Leidi ;;; Copyright © 2019 Wiktor Żelazny ;;; Copyright © 2019, 2020, 2021 Tanguy Le Carrour ;;; Copyright © 2019, 2021 Mădălin Ionel Patrașcu @@ -142,6 +142,7 @@ #:use-module (gnu packages crypto) #:use-module (gnu packages databases) #:use-module (gnu packages dbm) + #:use-module (gnu packages django) #:use-module (gnu packages djvu) #:use-module (gnu packages docker) #:use-module (gnu packages enchant) @@ -28178,6 +28179,77 @@ It is used to parse text files formatted in @acronym{SGML,Standard Generalized Mark-up Language}.") (license license:bsd-3))) +(define-public dynaconf + (package + (name "dynaconf") + (version "3.1.7") + (source + (origin + (method git-fetch) + (uri + (git-reference + (url "https://github.com/rochacbruno/dynaconf") + (commit version))) + (file-name (git-file-name name version)) + (sha256 + (base32 + "0pjyjsdzairpn5vq8nzddhxwxmr18grn272nj31wcy2ipwdl3c3h")) + (patches (search-patches "dynaconf-unvendor-deps.patch")) + (modules '((guix build utils))) + (snippet '(begin + ;; Remove vendored dependencies + (let ((unvendor '("click" "dotenv" "ruamel" "toml"))) + (with-directory-excursion "dynaconf/vendor" + (for-each delete-file-recursively unvendor)) + (with-directory-excursion "dynaconf/vendor_src" + (for-each delete-file-recursively unvendor))))))) + (build-system python-build-system) + (arguments + `(#:phases + (modify-phases %standard-phases + (replace 'check + (lambda* (#:key tests? outputs #:allow-other-keys) + (when tests? + (setenv "PATH" + (string-append (assoc-ref outputs "out") "/bin:" + (getenv "PATH"))) + ;; These tests depend on hvac and a live Vault process. + (delete-file "tests/test_vault.py") + (invoke "make" "test_only"))))))) + (propagated-inputs + `(("python-click" ,python-click) + ("python-configobj" ,python-configobj) + ("python-dotenv" ,python-dotenv-0.13.0) + ("python-ruamel.yaml" ,python-ruamel.yaml) + ("python-toml" ,python-toml))) + (native-inputs + `(("python-django" ,python-django) + ("python-flask" ,python-flask) + ("python-pytest" ,python-pytest-6) + ("python-pytest-cov" ,python-pytest-cov) + ("python-pytest-mock" ,python-pytest-mock))) + (home-page "https://www.dynaconf.com/") + (synopsis "The dynamic configurator for your Python project") + (description + "This package provides @code{dynaconf} the dynamic configurator manager for +your Python project. It provides features such as: + +@itemize +@item Inspired by the @url{https://12factor.net/config, 12-factor application guide}; +@item Settings management (default values, validation, parsing, templating); +@item Protection of sensitive information (passwords/tokens); +@item Multiple file formats @code{toml|yaml|json|ini|py} and also customizable +loaders; +@item Full support for environment variables to override existing settings +(dotenv support included); +@item Optional layered system for multiple environments @code{[default, +development, testing, production]}; +@item Built-in support for Hashicorp Vault and Redis as settings and secrets storage; +@item Built-in extensions for Django and Flask web frameworks; +@item CLI for common operations such as @code{init, list, write, validate, export}. +@end itemize") + (license license:expat))) + (define-public python-iwlib (package (name "python-iwlib") -- cgit v1.2.3 From f3b2af2147949e0f091ad16589baa7b34d850079 Mon Sep 17 00:00:00 2001 From: raingloom Date: Tue, 2 Nov 2021 06:51:10 +0000 Subject: gnu: yggdrasil: Update to 0.4.0. * gnu/packages/patches/yggdrasil-extra-config.patch: Update patch. * gnu/packages/networking.scm (yggdrasil): Update to 0.4.0. [arguments]: Also install genkeys. [propagated-inputs]: Remove go-github-com-cheggaaa-pb; add go-golang-org-x-sys, go-github-com-mattn-go-runewidth, go-github-com-mattn-go-isatty, go-github-com-fatih-color, go-github-com-cheggaaa-pb-v3, go-github-com-vividcortex-ewma, and go-github-com-arceliar-ironwood. Signed-off-by: Ricardo Wurmus --- gnu/packages/networking.scm | 55 ++++++++++++++++------- gnu/packages/patches/yggdrasil-extra-config.patch | 53 ++++++++++++---------- 2 files changed, 69 insertions(+), 39 deletions(-) (limited to 'gnu/packages/patches') diff --git a/gnu/packages/networking.scm b/gnu/packages/networking.scm index 814ff59c46..d79eeb3b13 100644 --- a/gnu/packages/networking.scm +++ b/gnu/packages/networking.scm @@ -4067,7 +4067,7 @@ network.") (define-public yggdrasil (package (name "yggdrasil") - (version "0.3.16") + (version "0.4.0") (source (origin (method git-fetch) @@ -4078,7 +4078,7 @@ network.") (recursive? #t))) (file-name (git-file-name name version)) (sha256 - (base32 "0vyd7a333hwn6j1lv1g9sicw74a4qk982bsi3cfdhjlv6hsjwmil")) + (base32 "0mmqw6w5a6ph49xd1yzb7i70xg466k9pi5sdvplhb66x68wipixh")) (patches (search-patches "yggdrasil-extra-config.patch")))) (build-system go-build-system) (arguments @@ -4095,7 +4095,7 @@ network.") "go" "build" "-v" "-ldflags=-s -w" (string-append "github.com/yggdrasil-network/yggdrasil-go/cmd/" c))) - (list "yggdrasil" "yggdrasilctl")) + (list "yggdrasil" "yggdrasilctl" "genkeys")) #t)) (replace 'install (lambda* (#:key outputs #:allow-other-keys) @@ -4106,7 +4106,7 @@ network.") (for-each (lambda (f) (install-file f bin)) - (list "yggdrasil" "yggdrasilctl")) + (list "yggdrasil" "yggdrasilctl" "genkeys")) (mkdir-p doc) (copy-recursively (string-append @@ -4116,20 +4116,43 @@ network.") #t))))) ;; https://github.com/kardianos/minwinsvc is windows only (propagated-inputs - `(("go-github-com-arceliar-phony" ,go-github-com-arceliar-phony) - ("go-github-com-cheggaaa-pb" ,go-github-com-cheggaaa-pb) - ("go-github-com-gologme-log" ,go-github-com-gologme-log) - ("go-github-com-hashicorp-go-syslog" ,go-github-com-hashicorp-go-syslog) - ("go-github-com-hjson-hjson-go" ,go-github-com-hjson-hjson-go) - ("go-github-com-kardianos-minwinsvc" ,go-github-com-kardianos-minwinsvc) + `(;;("go-golang-zx2c4-com-wireguard-windows" + ;; ,go-golang-zx2c4-com-wireguard-windows) + ("go-golang-zx2c4-com-wireguard" + ,go-golang-zx2c4-com-wireguard) + ("go-golang-org-x-text" ,go-golang-org-x-text) + ("go-golang-org-x-sys" ,go-golang-org-x-sys) + ("go-golang-org-x-net" ,go-golang-org-x-net) + ("go-golang-org-x-crypto" + ,go-golang-org-x-crypto) + ("go-netns" + ,go-netns) + ("go-netlink" + ,go-netlink) ("go-github-com-mitchellh-mapstructure" ,go-github-com-mitchellh-mapstructure) - ("go-golang-org-x-crypto" ,go-golang-org-x-crypto) - ("go-golang-org-x-net" ,go-golang-org-x-net) - ("go-golang-org-x-text" ,go-golang-org-x-text) - ("go-golang-zx2c4-com-wireguard" ,go-golang-zx2c4-com-wireguard) - ("go-netlink" ,go-netlink) - ("go-netns" ,go-netns))) + ("go-github-com-mattn-go-runewidth" + ,go-github-com-mattn-go-runewidth) + ("go-github-com-mattn-go-isatty" + ,go-github-com-mattn-go-isatty) + ("go-github-com-kardianos-minwinsvc" + ,go-github-com-kardianos-minwinsvc) + ("go-github-com-hjson-hjson-go" + ,go-github-com-hjson-hjson-go) + ("go-github-com-hashicorp-go-syslog" + ,go-github-com-hashicorp-go-syslog) + ("go-github-com-gologme-log" + ,go-github-com-gologme-log) + ("go-github-com-fatih-color" + ,go-github-com-fatih-color) + ("go-github-com-cheggaaa-pb-v3" + ,go-github-com-cheggaaa-pb-v3) + ("go-github-com-vividcortex-ewma" + ,go-github-com-vividcortex-ewma) + ("go-github-com-arceliar-phony" + ,go-github-com-arceliar-phony) + ("go-github-com-arceliar-ironwood" + ,go-github-com-arceliar-ironwood))) (home-page "https://yggdrasil-network.github.io/blog.html") (synopsis "Experiment in scalable routing as an encrypted IPv6 overlay network") diff --git a/gnu/packages/patches/yggdrasil-extra-config.patch b/gnu/packages/patches/yggdrasil-extra-config.patch index c21ca29a84..46fd3f15fc 100644 --- a/gnu/packages/patches/yggdrasil-extra-config.patch +++ b/gnu/packages/patches/yggdrasil-extra-config.patch @@ -3,25 +3,25 @@ index 813e950..08d35cc 100644 --- a/cmd/yggdrasil/main.go +++ b/cmd/yggdrasil/main.go @@ -40,11 +40,12 @@ type node struct { - admin module.Module // admin.AdminSocket + admin *admin.AdminSocket } --func readConfig(useconf *bool, useconffile *string, normaliseconf *bool) *config.NodeConfig { -+func readConfig(useconf *bool, useconffile *string, extraconffile *string, normaliseconf *bool) *config.NodeConfig { +-func readConfig(log *log.Logger, useconf bool, useconffile string, normaliseconf bool) *config.NodeConfig { ++func readConfig(log *log.Logger, useconf bool, useconffile string, extraconffile string, normaliseconf bool) *config.NodeConfig { // Use a configuration file. If -useconf, the configuration will be read // from stdin. If -useconffile, the configuration will be read from the // filesystem. var conf []byte + var extraconf []byte var err error - if *useconffile != "" { + if useconffile != "" { // Read the file from the filesystem @@ -56,6 +57,21 @@ func readConfig(useconf *bool, useconffile *string, normaliseconf *bool) *config if err != nil { panic(err) } -+ if *extraconffile != "" { -+ extraconf, err = ioutil.ReadFile(*extraconffile); ++ if extraconffile != "" { ++ extraconf, err = ioutil.ReadFile(extraconffile); + } + if err != nil { + panic(err) @@ -30,7 +30,7 @@ index 813e950..08d35cc 100644 + // then parse the configuration we loaded above on top of it. The effect + // of this is that any configuration item that is missing from the provided + // configuration will use a sane default. -+ cfg := config.GenerateConfig() ++ cfg := defaults.GenerateConfig() + var confs [2][]byte + confs[0]=conf + confs[1]=extraconf @@ -38,7 +38,7 @@ index 813e950..08d35cc 100644 // If there's a byte order mark - which Windows 10 is now incredibly fond of // throwing everywhere when it's converting things into UTF-16 for the hell // of it - remove it and decode back down into UTF-8. This is necessary -@@ -69,11 +85,6 @@ func readConfig(useconf *bool, useconffile *string, normaliseconf *bool) *config +@@ -69,11 +85,6 @@ func readConfig(log *log.Logger, useconf bool, useconffile string, normaliseconf bool) *config panic(err) } } @@ -46,11 +46,11 @@ index 813e950..08d35cc 100644 - // then parse the configuration we loaded above on top of it. The effect - // of this is that any configuration item that is missing from the provided - // configuration will use a sane default. -- cfg := config.GenerateConfig() +- cfg := defaults.GenerateConfig() var dat map[string]interface{} if err := hjson.Unmarshal(conf, &dat); err != nil { panic(err) -@@ -112,6 +123,7 @@ func readConfig(useconf *bool, useconffile *string, normaliseconf *bool) *config +@@ -112,6 +123,7 @@ func readConfig(log *log.Logger, useconf *bool, useconffile *string, normaliseconf *bool) *config if err = mapstructure.Decode(dat, &cfg); err != nil { panic(err) } @@ -58,6 +58,14 @@ index 813e950..08d35cc 100644 return cfg } +@@ -185,6 +197,7 @@ func main() { + genconf bool + useconf bool + useconffile string ++ extraconffile string + normaliseconf bool + confjson bool + autoconf bool @@ -164,6 +176,7 @@ func main() { genconf := flag.Bool("genconf", false, "print a new config to stdout") useconf := flag.Bool("useconf", false, "read HJSON/JSON config from stdin") @@ -66,21 +74,20 @@ index 813e950..08d35cc 100644 normaliseconf := flag.Bool("normaliseconf", false, "use in combination with either -useconf or -useconffile, outputs your configuration normalised") confjson := flag.Bool("json", false, "print configuration from -genconf or -normaliseconf as JSON instead of HJSON") autoconf := flag.Bool("autoconf", false, "automatic mode (dynamic IP, peer with IPv6 neighbors)") +@@ -212,6 +225,7 @@ func main() { + genconf: *genconf, + useconf: *useconf, + useconffile: *useconffile, ++ extraconffile: *extraconffile, + normaliseconf: *normaliseconf, + confjson: *confjson, + autoconf: *autoconf, @@ -187,7 +200,7 @@ func main() { - cfg = config.GenerateConfig() - case *useconffile != "" || *useconf: + cfg = defaults.GenerateConfig() + case args.useconffile != "" || args.useconf: // Read the configuration from either stdin or from the filesystem -- cfg = readConfig(useconf, useconffile, normaliseconf) -+ cfg = readConfig(useconf, useconffile, extraconffile, normaliseconf) +- cfg = readConfig(logger, args.useconf, args.useconffile, args.normaliseconf) ++ cfg = readConfig(logger, args.useconf, args.useconffile, args.extraconffile, args.normaliseconf) // If the -normaliseconf option was specified then remarshal the above // configuration and print it back to stdout. This lets the user update // their configuration file with newly mapped names (like above) or to -@@ -332,7 +345,7 @@ func main() { - goto exit - case _ = <-r: - if *useconffile != "" { -- cfg = readConfig(useconf, useconffile, normaliseconf) -+ cfg = readConfig(useconf, useconffile, extraconffile, normaliseconf) - logger.Infoln("Reloading configuration from", *useconffile) - n.core.UpdateConfig(cfg) - n.tuntap.UpdateConfig(cfg) -- cgit v1.2.3 From d9956e938343c7637647ad10b977fdb0f3b8b138 Mon Sep 17 00:00:00 2001 From: raingloom Date: Wed, 3 Nov 2021 21:40:37 +0100 Subject: gnu: yggdrasil: Update to 0.4.1. * gnu/packages/networking.scm (yggdrasil): Update to 0.4.1. * gnu/packages/patches/yggdrasil-extra-config.patch: Update for new version. Signed-off-by: Ricardo Wurmus --- gnu/packages/networking.scm | 4 +- gnu/packages/patches/yggdrasil-extra-config.patch | 47 +++++++++++++++-------- 2 files changed, 33 insertions(+), 18 deletions(-) (limited to 'gnu/packages/patches') diff --git a/gnu/packages/networking.scm b/gnu/packages/networking.scm index d79eeb3b13..cebcd3a738 100644 --- a/gnu/packages/networking.scm +++ b/gnu/packages/networking.scm @@ -4067,7 +4067,7 @@ network.") (define-public yggdrasil (package (name "yggdrasil") - (version "0.4.0") + (version "0.4.1") (source (origin (method git-fetch) @@ -4078,7 +4078,7 @@ network.") (recursive? #t))) (file-name (git-file-name name version)) (sha256 - (base32 "0mmqw6w5a6ph49xd1yzb7i70xg466k9pi5sdvplhb66x68wipixh")) + (base32 "1ajhn0z58ap9jldip7mqj78drmgg4645zfsxsy004cfkm60fasnx")) (patches (search-patches "yggdrasil-extra-config.patch")))) (build-system go-build-system) (arguments diff --git a/gnu/packages/patches/yggdrasil-extra-config.patch b/gnu/packages/patches/yggdrasil-extra-config.patch index 46fd3f15fc..bd4bea7b9f 100644 --- a/gnu/packages/patches/yggdrasil-extra-config.patch +++ b/gnu/packages/patches/yggdrasil-extra-config.patch @@ -1,8 +1,20 @@ +From 779f980451d20079b34812f7006f2d7230738ad0 Mon Sep 17 00:00:00 2001 +From: csepp +Date: Wed, 3 Nov 2021 21:14:54 +0100 +Subject: [PATCH] add extra config file option to yggdrasil command + +This is useful in Guix and Nix, because one config file can come +from the world-readable store and another can be placed directly +into /etc with much stricter permissions. +--- + cmd/yggdrasil/main.go | 29 ++++++++++++++++++++++------- + 1 file changed, 22 insertions(+), 7 deletions(-) + diff --git a/cmd/yggdrasil/main.go b/cmd/yggdrasil/main.go -index 813e950..08d35cc 100644 +index 58b8230..b9df98a 100644 --- a/cmd/yggdrasil/main.go +++ b/cmd/yggdrasil/main.go -@@ -40,11 +40,12 @@ type node struct { +@@ -43,11 +43,12 @@ type node struct { admin *admin.AdminSocket } @@ -16,7 +28,7 @@ index 813e950..08d35cc 100644 var err error if useconffile != "" { // Read the file from the filesystem -@@ -56,6 +57,21 @@ func readConfig(useconf *bool, useconffile *string, normaliseconf *bool) *config +@@ -59,6 +60,21 @@ func readConfig(log *log.Logger, useconf bool, useconffile string, normaliseconf if err != nil { panic(err) } @@ -38,7 +50,7 @@ index 813e950..08d35cc 100644 // If there's a byte order mark - which Windows 10 is now incredibly fond of // throwing everywhere when it's converting things into UTF-16 for the hell // of it - remove it and decode back down into UTF-8. This is necessary -@@ -69,11 +85,6 @@ func readConfig(log *log.Logger, useconf bool, useconffile string, normaliseconf bool) *config +@@ -72,11 +88,6 @@ func readConfig(log *log.Logger, useconf bool, useconffile string, normaliseconf panic(err) } } @@ -50,7 +62,7 @@ index 813e950..08d35cc 100644 var dat map[string]interface{} if err := hjson.Unmarshal(conf, &dat); err != nil { panic(err) -@@ -112,6 +123,7 @@ func readConfig(log *log.Logger, useconf *bool, useconffile *string, normaliseconf *bool) *config +@@ -136,6 +147,7 @@ func readConfig(log *log.Logger, useconf bool, useconffile string, normaliseconf if err = mapstructure.Decode(dat, &cfg); err != nil { panic(err) } @@ -58,15 +70,15 @@ index 813e950..08d35cc 100644 return cfg } -@@ -185,6 +197,7 @@ func main() { - genconf bool - useconf bool +@@ -192,6 +204,7 @@ type yggArgs struct { + getaddr bool + getsnet bool useconffile string -+ extraconffile string - normaliseconf bool - confjson bool - autoconf bool -@@ -164,6 +176,7 @@ func main() { ++ extraconffile string + logto string + loglevel string + } +@@ -200,6 +213,7 @@ func getArgs() yggArgs { genconf := flag.Bool("genconf", false, "print a new config to stdout") useconf := flag.Bool("useconf", false, "read HJSON/JSON config from stdin") useconffile := flag.String("useconffile", "", "read HJSON/JSON config from specified file path") @@ -74,15 +86,15 @@ index 813e950..08d35cc 100644 normaliseconf := flag.Bool("normaliseconf", false, "use in combination with either -useconf or -useconffile, outputs your configuration normalised") confjson := flag.Bool("json", false, "print configuration from -genconf or -normaliseconf as JSON instead of HJSON") autoconf := flag.Bool("autoconf", false, "automatic mode (dynamic IP, peer with IPv6 neighbors)") -@@ -212,6 +225,7 @@ func main() { +@@ -213,6 +227,7 @@ func getArgs() yggArgs { genconf: *genconf, useconf: *useconf, useconffile: *useconffile, -+ extraconffile: *extraconffile, ++ extraconffile: *extraconffile, normaliseconf: *normaliseconf, confjson: *confjson, autoconf: *autoconf, -@@ -187,7 +200,7 @@ func main() { +@@ -265,7 +280,7 @@ func run(args yggArgs, ctx context.Context, done chan struct{}) { cfg = defaults.GenerateConfig() case args.useconffile != "" || args.useconf: // Read the configuration from either stdin or from the filesystem @@ -91,3 +103,6 @@ index 813e950..08d35cc 100644 // If the -normaliseconf option was specified then remarshal the above // configuration and print it back to stdout. This lets the user update // their configuration file with newly mapped names (like above) or to +-- +2.33.1 + -- cgit v1.2.3 From c7c4f8088195a8e6650904de4e16d71b98776a76 Mon Sep 17 00:00:00 2001 From: Attila Lendvai Date: Wed, 1 Dec 2021 18:05:26 +0100 Subject: gnu: Update Trezor support. * gnu/packages/patches/python-trezor-agent-fix-argv0.patch: Remove file. * gnu/local.mk (dist_patch_DATA): Apply previous removal. * gnu/packages/finance.scm (python-trezor-agent): Update to 0.14.4. [source]: Remove now useless patch. (python-mnemonic): Update to 0.20. (python-trezor): Update to 0.12.4 (trezor-agent): Update to 0.11.0-1. [source]: Add file-name field. [arguments]: Remove trailing #T in phases. Signed-off-by: Nicolas Goaziou --- gnu/local.mk | 1 - gnu/packages/finance.scm | 29 +++++++++++----------- .../patches/python-trezor-agent-fix-argv0.patch | 27 -------------------- 3 files changed, 14 insertions(+), 43 deletions(-) delete mode 100644 gnu/packages/patches/python-trezor-agent-fix-argv0.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index d3949f36a4..7219f3ad72 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1682,7 +1682,6 @@ dist_patch_DATA = \ %D%/packages/patches/python-pytorch-system-libraries.patch \ %D%/packages/patches/python-robotframework-source-date-epoch.patch \ %D%/packages/patches/python-seaborn-kde-test.patch \ - %D%/packages/patches/python-trezor-agent-fix-argv0.patch \ %D%/packages/patches/python2-subprocess32-disable-input-test.patch \ %D%/packages/patches/python-unittest2-python3-compat.patch \ %D%/packages/patches/python-unittest2-remove-argparse.patch \ diff --git a/gnu/packages/finance.scm b/gnu/packages/finance.scm index 60ed9fc4e3..268f7ab3a5 100644 --- a/gnu/packages/finance.scm +++ b/gnu/packages/finance.scm @@ -837,7 +837,7 @@ the Monero GUI client.") ;; the toplevel app called trezor-agent. (package (name "python-trezor-agent") - (version "0.14.2") + (version "0.14.4") (source (origin (method git-fetch) @@ -846,8 +846,7 @@ the Monero GUI client.") (commit (string-append "v" version)))) (file-name (git-file-name name version)) (sha256 - (base32 "0nl44ldfw9s2v3p7g5bldfw3ds2hz9r28j42bpnp8bj0v5na3ivk")) - (patches (search-patches "python-trezor-agent-fix-argv0.patch")))) + (base32 "1ksv494xpga27ifrjyn1bkqaya5h769lqb9rx1ng0n4kvmnrqr3l")))) (build-system python-build-system) (arguments `(#:phases @@ -918,13 +917,13 @@ settings.") (define-public python-mnemonic (package (name "python-mnemonic") - (version "0.19") + (version "0.20") (source (origin (method url-fetch) (uri (pypi-uri "mnemonic" version)) (sha256 - (base32 "0cd9prmdj8wzdmc7lxbf9lz0xrlkvak5ignag406mmfbn81fndsf")))) + (base32 "1xi5qvj2rvi5almf9c89rl7hz1z4ms04d53pg818i4vpkmivavvw")))) (build-system python-build-system) (propagated-inputs `(("python-pbkdf2" ,python-pbkdf2))) @@ -992,7 +991,7 @@ Nano dongle.") (define-public python-trezor (package (name "python-trezor") - (version "0.12.3") + (version "0.12.4") (source (origin (method git-fetch) @@ -1001,7 +1000,7 @@ Nano dongle.") (commit (string-append "python/v" version)))) (file-name (git-file-name name version)) (sha256 - (base32 "0wdm1y5zli6w09zbpjqc6rbcs1b4hjq007mbh7xdr17prbnqprac")) + (base32 "1k0zk94jnkhr4iyngjfhfvff5mibx265q81v8jhvhd3m4clzgc45")) (modules '((guix build utils) (srfi srfi-26) @@ -1102,18 +1101,19 @@ the KeepKey Hardware Wallet.") (define-public trezor-agent (package (name "trezor-agent") - (version "0.11.0") + (version "0.11.0-1") (source (origin (method git-fetch) (uri (git-reference (url "https://github.com/romanz/trezor-agent") - ;; The version mismatch is not a mistake. Multiple python + ;; The version mismatch is not a mistake. Multiple Python ;; apps/packages are in the same git repo, and they have - ;; different versions. The git tag seems to track libagent, - ;; i.e. python-trezor-agent in the Guix namespace. - ;; See e.g. ./agents/trezor/setup.py - (commit "v0.14.2"))) + ;; different versions. The git tag seems to track libagent, + ;; i.e. python-trezor-agent in the Guix namespace. See + ;; e.g. ./agents/trezor/setup.py. + (commit "v0.14.4"))) + (file-name (git-file-name name version)) (sha256 (base32 "0nl44ldfw9s2v3p7g5bldfw3ds2hz9r28j42bpnp8bj0v5na3ivk")) (modules @@ -1151,8 +1151,7 @@ the KeepKey Hardware Wallet.") (delete-file (string-append out "/bin/.trezor_agent.py-real")) ;; Overwrite the wrapped one with the real thing. (install-file "./trezor_agent.py" - (string-append out "/bin")) - #t)))))) + (string-append out "/bin")))))))) (build-system python-build-system) (inputs `(("python-trezor" ,python-trezor) diff --git a/gnu/packages/patches/python-trezor-agent-fix-argv0.patch b/gnu/packages/patches/python-trezor-agent-fix-argv0.patch deleted file mode 100644 index 9462067cd5..0000000000 --- a/gnu/packages/patches/python-trezor-agent-fix-argv0.patch +++ /dev/null @@ -1,27 +0,0 @@ -diff --git a/libagent/gpg/__init__.py b/libagent/gpg/__init__.py -index 3711bc8..67085de 100644 ---- a/libagent/gpg/__init__.py -+++ b/libagent/gpg/__init__.py -@@ -122,15 +122,19 @@ def run_init(device_type, args): - verify_gpg_version() - - # Prepare new GPG home directory for hardware-based identity -- device_name = os.path.basename(sys.argv[0]).rsplit('-', 1)[0] -- log.info('device name: %s', device_name) -+ exe_name = os.path.basename(sys.argv[0]) -+ # drop the Guix wrapper's dot prefix from the name -+ if exe_name[0] == '.' and exe_name.endswith('-real'): -+ exe_name = exe_name[1:-5:] -+ device_name = exe_name.rsplit('-', 1)[0] -+ log.info('exe name: %s, device name: %s', exe_name, device_name) - homedir = args.homedir - if not homedir: - homedir = os.path.expanduser('~/.gnupg/{}'.format(device_name)) - - log.info('GPG home directory: %s', homedir) - -- if os.path.exists(homedir): -+ if os.path.exists(homedir) and not args.subkey: - log.error('GPG home directory %s exists, ' - 'remove it manually if required', homedir) - sys.exit(1) -- cgit v1.2.3 From 080a5de2eeb5e0da83ae9fd94488508d5227c4e3 Mon Sep 17 00:00:00 2001 From: Mark H Weaver Date: Thu, 2 Dec 2021 20:23:43 -0500 Subject: gnu: nss: Fix CVE-2021-43527 via graft. * gnu/packages/patches/nss-CVE-2021-43527.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/nss.scm (nss/fixed): New variable (nss)[replacement]: New field. --- gnu/local.mk | 1 + gnu/packages/nss.scm | 6 +- gnu/packages/patches/nss-CVE-2021-43527.patch | 354 ++++++++++++++++++++++++++ 3 files changed, 360 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/nss-CVE-2021-43527.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index 7219f3ad72..a1526ba89c 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1520,6 +1520,7 @@ dist_patch_DATA = \ %D%/packages/patches/nnpack-system-libraries.patch \ %D%/packages/patches/nsis-env-passthru.patch \ %D%/packages/patches/nsis-source-date-epoch.patch \ + %D%/packages/patches/nss-CVE-2021-43527.patch \ %D%/packages/patches/nss-increase-test-timeout.patch \ %D%/packages/patches/nss-3.56-pkgconfig.patch \ %D%/packages/patches/nvi-assume-preserve-path.patch \ diff --git a/gnu/packages/nss.scm b/gnu/packages/nss.scm index 25203deb31..e41d016db4 100644 --- a/gnu/packages/nss.scm +++ b/gnu/packages/nss.scm @@ -1,6 +1,6 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2013, 2014, 2015, 2016, 2017, 2018, 2019 Ludovic Courtès -;;; Copyright © 2014, 2015, 2016, 2017, 2018, 2019 Mark H Weaver +;;; Copyright © 2014, 2015, 2016, 2017, 2018, 2019, 2021 Mark H Weaver ;;; Copyright © 2016, 2017, 2018, 2019 Efraim Flashner ;;; Copyright © 2017, 2018 Tobias Geerinckx-Rice ;;; Copyright © 2020 Marius Bakke @@ -87,6 +87,7 @@ in the Mozilla clients.") (package (name "nss") (version "3.59") + (replacement nss/fixed) (source (origin (method url-fetch) (uri (let ((version-with-underscores @@ -196,3 +197,6 @@ applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security standards.") (license license:mpl2.0))) + +(define nss/fixed + (package-with-extra-patches nss (search-patches "nss-CVE-2021-43527.patch"))) diff --git a/gnu/packages/patches/nss-CVE-2021-43527.patch b/gnu/packages/patches/nss-CVE-2021-43527.patch new file mode 100644 index 0000000000..b619438f37 --- /dev/null +++ b/gnu/packages/patches/nss-CVE-2021-43527.patch @@ -0,0 +1,354 @@ +Fixes CVE-2021-43527. +Copied from , +but with the file names adjusted to allow easy use within GNU Guix. + +# HG changeset patch +# User Dennis Jackson +# Date 1637577642 0 +# Node ID dea71cbef9e03636f37c6cb120f8deccce6e17dd +# Parent da3d22d708c9cc0a32cff339658aeb627575e371 +Bug 1737470 - Ensure DER encoded signatures are within size limits. r=jschanck,mt,bbeurdouche,rrelyea + +Differential Revision: https://phabricator.services.mozilla.com/D129514 + +--- a/nss/lib/cryptohi/secvfy.c ++++ b/nss/lib/cryptohi/secvfy.c +@@ -159,58 +159,89 @@ verifyPKCS1DigestInfo(const VFYContext * + SECItem pkcs1DigestInfo; + pkcs1DigestInfo.data = cx->pkcs1RSADigestInfo; + pkcs1DigestInfo.len = cx->pkcs1RSADigestInfoLen; + return _SGN_VerifyPKCS1DigestInfo( + cx->hashAlg, digest, &pkcs1DigestInfo, + PR_FALSE /*XXX: unsafeAllowMissingParameters*/); + } + ++static unsigned int ++checkedSignatureLen(const SECKEYPublicKey *pubk) ++{ ++ unsigned int sigLen = SECKEY_SignatureLen(pubk); ++ if (sigLen == 0) { ++ /* Error set by SECKEY_SignatureLen */ ++ return sigLen; ++ } ++ unsigned int maxSigLen; ++ switch (pubk->keyType) { ++ case rsaKey: ++ case rsaPssKey: ++ maxSigLen = (RSA_MAX_MODULUS_BITS + 7) / 8; ++ break; ++ case dsaKey: ++ maxSigLen = DSA_MAX_SIGNATURE_LEN; ++ break; ++ case ecKey: ++ maxSigLen = 2 * MAX_ECKEY_LEN; ++ break; ++ default: ++ PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG); ++ return 0; ++ } ++ if (sigLen > maxSigLen) { ++ PORT_SetError(SEC_ERROR_INVALID_KEY); ++ return 0; ++ } ++ return sigLen; ++} ++ + /* + * decode the ECDSA or DSA signature from it's DER wrapping. + * The unwrapped/raw signature is placed in the buffer pointed + * to by dsig and has enough room for len bytes. + */ + static SECStatus + decodeECorDSASignature(SECOidTag algid, const SECItem *sig, unsigned char *dsig, + unsigned int len) + { + SECItem *dsasig = NULL; /* also used for ECDSA */ +- SECStatus rv = SECSuccess; + +- if ((algid != SEC_OID_ANSIX9_DSA_SIGNATURE) && +- (algid != SEC_OID_ANSIX962_EC_PUBLIC_KEY)) { +- if (sig->len != len) { +- PORT_SetError(SEC_ERROR_BAD_DER); +- return SECFailure; ++ /* Safety: Ensure algId is as expected and that signature size is within maxmimums */ ++ if (algid == SEC_OID_ANSIX9_DSA_SIGNATURE) { ++ if (len > DSA_MAX_SIGNATURE_LEN) { ++ goto loser; + } +- +- PORT_Memcpy(dsig, sig->data, sig->len); +- return SECSuccess; ++ } else if (algid == SEC_OID_ANSIX962_EC_PUBLIC_KEY) { ++ if (len > MAX_ECKEY_LEN * 2) { ++ goto loser; ++ } ++ } else { ++ goto loser; + } + +- if (algid == SEC_OID_ANSIX962_EC_PUBLIC_KEY) { +- if (len > MAX_ECKEY_LEN * 2) { +- PORT_SetError(SEC_ERROR_BAD_DER); +- return SECFailure; +- } ++ /* Decode and pad to length */ ++ dsasig = DSAU_DecodeDerSigToLen((SECItem *)sig, len); ++ if (dsasig == NULL) { ++ goto loser; + } +- dsasig = DSAU_DecodeDerSigToLen((SECItem *)sig, len); +- +- if ((dsasig == NULL) || (dsasig->len != len)) { +- rv = SECFailure; +- } else { +- PORT_Memcpy(dsig, dsasig->data, dsasig->len); ++ if (dsasig->len != len) { ++ SECITEM_FreeItem(dsasig, PR_TRUE); ++ goto loser; + } + +- if (dsasig != NULL) +- SECITEM_FreeItem(dsasig, PR_TRUE); +- if (rv == SECFailure) +- PORT_SetError(SEC_ERROR_BAD_DER); +- return rv; ++ PORT_Memcpy(dsig, dsasig->data, len); ++ SECITEM_FreeItem(dsasig, PR_TRUE); ++ ++ return SECSuccess; ++ ++loser: ++ PORT_SetError(SEC_ERROR_BAD_DER); ++ return SECFailure; + } + + const SEC_ASN1Template hashParameterTemplate[] = + { + { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SECItem) }, + { SEC_ASN1_OBJECT_ID, 0 }, + { SEC_ASN1_SKIP_REST }, + { 0 } +@@ -276,17 +307,17 @@ sec_GetEncAlgFromSigAlg(SECOidTag sigAlg + * + * Returns: SECSuccess if the algorithm was acceptable, SECFailure if the + * algorithm was not found or was not a signing algorithm. + */ + SECStatus + sec_DecodeSigAlg(const SECKEYPublicKey *key, SECOidTag sigAlg, + const SECItem *param, SECOidTag *encalgp, SECOidTag *hashalg) + { +- int len; ++ unsigned int len; + PLArenaPool *arena; + SECStatus rv; + SECItem oid; + SECOidTag encalg; + + PR_ASSERT(hashalg != NULL); + PR_ASSERT(encalgp != NULL); + +@@ -461,58 +492,62 @@ vfy_CreateContext(const SECKEYPublicKey + cx->wincx = wincx; + cx->hasSignature = (sig != NULL); + cx->encAlg = encAlg; + cx->hashAlg = hashAlg; + cx->key = SECKEY_CopyPublicKey(key); + cx->pkcs1RSADigestInfo = NULL; + rv = SECSuccess; + if (sig) { +- switch (type) { +- case rsaKey: +- rv = recoverPKCS1DigestInfo(hashAlg, &cx->hashAlg, +- &cx->pkcs1RSADigestInfo, +- &cx->pkcs1RSADigestInfoLen, +- cx->key, +- sig, wincx); +- break; +- case rsaPssKey: +- sigLen = SECKEY_SignatureLen(key); +- if (sigLen == 0) { +- /* error set by SECKEY_SignatureLen */ +- rv = SECFailure; ++ rv = SECFailure; ++ if (type == rsaKey) { ++ rv = recoverPKCS1DigestInfo(hashAlg, &cx->hashAlg, ++ &cx->pkcs1RSADigestInfo, ++ &cx->pkcs1RSADigestInfoLen, ++ cx->key, ++ sig, wincx); ++ } else { ++ sigLen = checkedSignatureLen(key); ++ /* Check signature length is within limits */ ++ if (sigLen == 0) { ++ /* error set by checkedSignatureLen */ ++ rv = SECFailure; ++ goto loser; ++ } ++ if (sigLen > sizeof(cx->u)) { ++ PORT_SetError(SEC_ERROR_BAD_SIGNATURE); ++ rv = SECFailure; ++ goto loser; ++ } ++ switch (type) { ++ case rsaPssKey: ++ if (sig->len != sigLen) { ++ PORT_SetError(SEC_ERROR_BAD_SIGNATURE); ++ rv = SECFailure; ++ goto loser; ++ } ++ PORT_Memcpy(cx->u.buffer, sig->data, sigLen); ++ rv = SECSuccess; + break; +- } +- if (sig->len != sigLen) { +- PORT_SetError(SEC_ERROR_BAD_SIGNATURE); ++ case ecKey: ++ case dsaKey: ++ /* decodeECorDSASignature will check sigLen == sig->len after padding */ ++ rv = decodeECorDSASignature(encAlg, sig, cx->u.buffer, sigLen); ++ break; ++ default: ++ /* Unreachable */ + rv = SECFailure; +- break; +- } +- PORT_Memcpy(cx->u.buffer, sig->data, sigLen); +- break; +- case dsaKey: +- case ecKey: +- sigLen = SECKEY_SignatureLen(key); +- if (sigLen == 0) { +- /* error set by SECKEY_SignatureLen */ +- rv = SECFailure; +- break; +- } +- rv = decodeECorDSASignature(encAlg, sig, cx->u.buffer, sigLen); +- break; +- default: +- rv = SECFailure; +- PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG); +- break; ++ goto loser; ++ } ++ } ++ if (rv != SECSuccess) { ++ goto loser; + } + } + +- if (rv) +- goto loser; +- + /* check hash alg again, RSA may have changed it.*/ + if (HASH_GetHashTypeByOidTag(cx->hashAlg) == HASH_AlgNULL) { + /* error set by HASH_GetHashTypeByOidTag */ + goto loser; + } + /* check the policy on the hash algorithm. Do this after + * the rsa decode because some uses of this function get hash implicitly + * from the RSA signature itself. */ +@@ -645,21 +680,26 @@ VFY_EndWithSignature(VFYContext *cx, SEC + if (cx->hashcx == NULL) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; + } + (*cx->hashobj->end)(cx->hashcx, final, &part, sizeof(final)); + switch (cx->key->keyType) { + case ecKey: + case dsaKey: +- dsasig.data = cx->u.buffer; +- dsasig.len = SECKEY_SignatureLen(cx->key); ++ dsasig.len = checkedSignatureLen(cx->key); + if (dsasig.len == 0) { + return SECFailure; + } ++ if (dsasig.len > sizeof(cx->u)) { ++ PORT_SetError(SEC_ERROR_BAD_SIGNATURE); ++ return SECFailure; ++ } ++ dsasig.data = cx->u.buffer; ++ + if (sig) { + rv = decodeECorDSASignature(cx->encAlg, sig, dsasig.data, + dsasig.len); + if (rv != SECSuccess) { + PORT_SetError(SEC_ERROR_BAD_SIGNATURE); + return SECFailure; + } + } +@@ -681,18 +721,23 @@ VFY_EndWithSignature(VFYContext *cx, SEC + cx->params, + &mech); + PORT_DestroyCheapArena(&tmpArena); + if (rv != SECSuccess) { + return SECFailure; + } + + rsasig.data = cx->u.buffer; +- rsasig.len = SECKEY_SignatureLen(cx->key); ++ rsasig.len = checkedSignatureLen(cx->key); + if (rsasig.len == 0) { ++ /* Error set by checkedSignatureLen */ ++ return SECFailure; ++ } ++ if (rsasig.len > sizeof(cx->u)) { ++ PORT_SetError(SEC_ERROR_BAD_SIGNATURE); + return SECFailure; + } + if (sig) { + if (sig->len != rsasig.len) { + PORT_SetError(SEC_ERROR_BAD_SIGNATURE); + return SECFailure; + } + PORT_Memcpy(rsasig.data, sig->data, rsasig.len); +@@ -744,37 +789,42 @@ VFY_End(VFYContext *cx) + static SECStatus + vfy_VerifyDigest(const SECItem *digest, const SECKEYPublicKey *key, + const SECItem *sig, SECOidTag encAlg, SECOidTag hashAlg, + void *wincx) + { + SECStatus rv; + VFYContext *cx; + SECItem dsasig; /* also used for ECDSA */ +- + rv = SECFailure; + + cx = vfy_CreateContext(key, sig, encAlg, hashAlg, NULL, wincx); + if (cx != NULL) { + switch (key->keyType) { + case rsaKey: + rv = verifyPKCS1DigestInfo(cx, digest); ++ /* Error (if any) set by verifyPKCS1DigestInfo */ + break; +- case dsaKey: + case ecKey: ++ case dsaKey: + dsasig.data = cx->u.buffer; +- dsasig.len = SECKEY_SignatureLen(cx->key); ++ dsasig.len = checkedSignatureLen(cx->key); + if (dsasig.len == 0) { ++ /* Error set by checkedSignatureLen */ ++ rv = SECFailure; + break; + } +- if (PK11_Verify(cx->key, &dsasig, (SECItem *)digest, cx->wincx) != +- SECSuccess) { ++ if (dsasig.len > sizeof(cx->u)) { + PORT_SetError(SEC_ERROR_BAD_SIGNATURE); +- } else { +- rv = SECSuccess; ++ rv = SECFailure; ++ break; ++ } ++ rv = PK11_Verify(cx->key, &dsasig, (SECItem *)digest, cx->wincx); ++ if (rv != SECSuccess) { ++ PORT_SetError(SEC_ERROR_BAD_SIGNATURE); + } + break; + default: + break; + } + VFY_DestroyContext(cx, PR_TRUE); + } + return rv; + -- cgit v1.2.3 From d49e7a592f2f12cd1f9e07edfeebe0a2771f491e Mon Sep 17 00:00:00 2001 From: Mark H Weaver Date: Thu, 2 Dec 2021 20:14:32 -0500 Subject: gnu: icecat: Fix CVE-2021-43527. * gnu/packages/patches/icecat-CVE-2021-43527.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/gnuzilla.scm (icecat-source): Apply it. --- gnu/local.mk | 1 + gnu/packages/gnuzilla.scm | 1 + gnu/packages/patches/icecat-CVE-2021-43527.patch | 354 +++++++++++++++++++++++ 3 files changed, 356 insertions(+) create mode 100644 gnu/packages/patches/icecat-CVE-2021-43527.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index a1526ba89c..c0e0c956f6 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1263,6 +1263,7 @@ dist_patch_DATA = \ %D%/packages/patches/icecat-78-makeicecat.patch \ %D%/packages/patches/icecat-makeicecat.patch \ %D%/packages/patches/icecat-avoid-bundled-libraries.patch \ + %D%/packages/patches/icecat-CVE-2021-43527.patch \ %D%/packages/patches/icecat-use-older-reveal-hidden-html.patch \ %D%/packages/patches/icecat-use-system-graphite2+harfbuzz.patch \ %D%/packages/patches/icecat-use-system-media-libs.patch \ diff --git a/gnu/packages/gnuzilla.scm b/gnu/packages/gnuzilla.scm index 65920c3c9c..36b8a35efe 100644 --- a/gnu/packages/gnuzilla.scm +++ b/gnu/packages/gnuzilla.scm @@ -750,6 +750,7 @@ in C/C++.") (origin (method computed-origin-method) (file-name (string-append "icecat-" %icecat-version ".tar.xz")) + (patches (search-patches "icecat-CVE-2021-43527.patch")) (sha256 #f) (uri (delay diff --git a/gnu/packages/patches/icecat-CVE-2021-43527.patch b/gnu/packages/patches/icecat-CVE-2021-43527.patch new file mode 100644 index 0000000000..66706ea5e0 --- /dev/null +++ b/gnu/packages/patches/icecat-CVE-2021-43527.patch @@ -0,0 +1,354 @@ +Fixes CVE-2021-43527. +Copied from , +but with the file names adjusted to allow easy use within GNU Guix. + +# HG changeset patch +# User Dennis Jackson +# Date 1637577642 0 +# Node ID dea71cbef9e03636f37c6cb120f8deccce6e17dd +# Parent da3d22d708c9cc0a32cff339658aeb627575e371 +Bug 1737470 - Ensure DER encoded signatures are within size limits. r=jschanck,mt,bbeurdouche,rrelyea + +Differential Revision: https://phabricator.services.mozilla.com/D129514 + +--- a/security/nss/lib/cryptohi/secvfy.c ++++ b/security/nss/lib/cryptohi/secvfy.c +@@ -159,58 +159,89 @@ verifyPKCS1DigestInfo(const VFYContext * + SECItem pkcs1DigestInfo; + pkcs1DigestInfo.data = cx->pkcs1RSADigestInfo; + pkcs1DigestInfo.len = cx->pkcs1RSADigestInfoLen; + return _SGN_VerifyPKCS1DigestInfo( + cx->hashAlg, digest, &pkcs1DigestInfo, + PR_FALSE /*XXX: unsafeAllowMissingParameters*/); + } + ++static unsigned int ++checkedSignatureLen(const SECKEYPublicKey *pubk) ++{ ++ unsigned int sigLen = SECKEY_SignatureLen(pubk); ++ if (sigLen == 0) { ++ /* Error set by SECKEY_SignatureLen */ ++ return sigLen; ++ } ++ unsigned int maxSigLen; ++ switch (pubk->keyType) { ++ case rsaKey: ++ case rsaPssKey: ++ maxSigLen = (RSA_MAX_MODULUS_BITS + 7) / 8; ++ break; ++ case dsaKey: ++ maxSigLen = DSA_MAX_SIGNATURE_LEN; ++ break; ++ case ecKey: ++ maxSigLen = 2 * MAX_ECKEY_LEN; ++ break; ++ default: ++ PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG); ++ return 0; ++ } ++ if (sigLen > maxSigLen) { ++ PORT_SetError(SEC_ERROR_INVALID_KEY); ++ return 0; ++ } ++ return sigLen; ++} ++ + /* + * decode the ECDSA or DSA signature from it's DER wrapping. + * The unwrapped/raw signature is placed in the buffer pointed + * to by dsig and has enough room for len bytes. + */ + static SECStatus + decodeECorDSASignature(SECOidTag algid, const SECItem *sig, unsigned char *dsig, + unsigned int len) + { + SECItem *dsasig = NULL; /* also used for ECDSA */ +- SECStatus rv = SECSuccess; + +- if ((algid != SEC_OID_ANSIX9_DSA_SIGNATURE) && +- (algid != SEC_OID_ANSIX962_EC_PUBLIC_KEY)) { +- if (sig->len != len) { +- PORT_SetError(SEC_ERROR_BAD_DER); +- return SECFailure; ++ /* Safety: Ensure algId is as expected and that signature size is within maxmimums */ ++ if (algid == SEC_OID_ANSIX9_DSA_SIGNATURE) { ++ if (len > DSA_MAX_SIGNATURE_LEN) { ++ goto loser; + } +- +- PORT_Memcpy(dsig, sig->data, sig->len); +- return SECSuccess; ++ } else if (algid == SEC_OID_ANSIX962_EC_PUBLIC_KEY) { ++ if (len > MAX_ECKEY_LEN * 2) { ++ goto loser; ++ } ++ } else { ++ goto loser; + } + +- if (algid == SEC_OID_ANSIX962_EC_PUBLIC_KEY) { +- if (len > MAX_ECKEY_LEN * 2) { +- PORT_SetError(SEC_ERROR_BAD_DER); +- return SECFailure; +- } ++ /* Decode and pad to length */ ++ dsasig = DSAU_DecodeDerSigToLen((SECItem *)sig, len); ++ if (dsasig == NULL) { ++ goto loser; + } +- dsasig = DSAU_DecodeDerSigToLen((SECItem *)sig, len); +- +- if ((dsasig == NULL) || (dsasig->len != len)) { +- rv = SECFailure; +- } else { +- PORT_Memcpy(dsig, dsasig->data, dsasig->len); ++ if (dsasig->len != len) { ++ SECITEM_FreeItem(dsasig, PR_TRUE); ++ goto loser; + } + +- if (dsasig != NULL) +- SECITEM_FreeItem(dsasig, PR_TRUE); +- if (rv == SECFailure) +- PORT_SetError(SEC_ERROR_BAD_DER); +- return rv; ++ PORT_Memcpy(dsig, dsasig->data, len); ++ SECITEM_FreeItem(dsasig, PR_TRUE); ++ ++ return SECSuccess; ++ ++loser: ++ PORT_SetError(SEC_ERROR_BAD_DER); ++ return SECFailure; + } + + const SEC_ASN1Template hashParameterTemplate[] = + { + { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SECItem) }, + { SEC_ASN1_OBJECT_ID, 0 }, + { SEC_ASN1_SKIP_REST }, + { 0 } +@@ -276,17 +307,17 @@ sec_GetEncAlgFromSigAlg(SECOidTag sigAlg + * + * Returns: SECSuccess if the algorithm was acceptable, SECFailure if the + * algorithm was not found or was not a signing algorithm. + */ + SECStatus + sec_DecodeSigAlg(const SECKEYPublicKey *key, SECOidTag sigAlg, + const SECItem *param, SECOidTag *encalgp, SECOidTag *hashalg) + { +- int len; ++ unsigned int len; + PLArenaPool *arena; + SECStatus rv; + SECItem oid; + SECOidTag encalg; + + PR_ASSERT(hashalg != NULL); + PR_ASSERT(encalgp != NULL); + +@@ -461,58 +492,62 @@ vfy_CreateContext(const SECKEYPublicKey + cx->wincx = wincx; + cx->hasSignature = (sig != NULL); + cx->encAlg = encAlg; + cx->hashAlg = hashAlg; + cx->key = SECKEY_CopyPublicKey(key); + cx->pkcs1RSADigestInfo = NULL; + rv = SECSuccess; + if (sig) { +- switch (type) { +- case rsaKey: +- rv = recoverPKCS1DigestInfo(hashAlg, &cx->hashAlg, +- &cx->pkcs1RSADigestInfo, +- &cx->pkcs1RSADigestInfoLen, +- cx->key, +- sig, wincx); +- break; +- case rsaPssKey: +- sigLen = SECKEY_SignatureLen(key); +- if (sigLen == 0) { +- /* error set by SECKEY_SignatureLen */ +- rv = SECFailure; ++ rv = SECFailure; ++ if (type == rsaKey) { ++ rv = recoverPKCS1DigestInfo(hashAlg, &cx->hashAlg, ++ &cx->pkcs1RSADigestInfo, ++ &cx->pkcs1RSADigestInfoLen, ++ cx->key, ++ sig, wincx); ++ } else { ++ sigLen = checkedSignatureLen(key); ++ /* Check signature length is within limits */ ++ if (sigLen == 0) { ++ /* error set by checkedSignatureLen */ ++ rv = SECFailure; ++ goto loser; ++ } ++ if (sigLen > sizeof(cx->u)) { ++ PORT_SetError(SEC_ERROR_BAD_SIGNATURE); ++ rv = SECFailure; ++ goto loser; ++ } ++ switch (type) { ++ case rsaPssKey: ++ if (sig->len != sigLen) { ++ PORT_SetError(SEC_ERROR_BAD_SIGNATURE); ++ rv = SECFailure; ++ goto loser; ++ } ++ PORT_Memcpy(cx->u.buffer, sig->data, sigLen); ++ rv = SECSuccess; + break; +- } +- if (sig->len != sigLen) { +- PORT_SetError(SEC_ERROR_BAD_SIGNATURE); ++ case ecKey: ++ case dsaKey: ++ /* decodeECorDSASignature will check sigLen == sig->len after padding */ ++ rv = decodeECorDSASignature(encAlg, sig, cx->u.buffer, sigLen); ++ break; ++ default: ++ /* Unreachable */ + rv = SECFailure; +- break; +- } +- PORT_Memcpy(cx->u.buffer, sig->data, sigLen); +- break; +- case dsaKey: +- case ecKey: +- sigLen = SECKEY_SignatureLen(key); +- if (sigLen == 0) { +- /* error set by SECKEY_SignatureLen */ +- rv = SECFailure; +- break; +- } +- rv = decodeECorDSASignature(encAlg, sig, cx->u.buffer, sigLen); +- break; +- default: +- rv = SECFailure; +- PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG); +- break; ++ goto loser; ++ } ++ } ++ if (rv != SECSuccess) { ++ goto loser; + } + } + +- if (rv) +- goto loser; +- + /* check hash alg again, RSA may have changed it.*/ + if (HASH_GetHashTypeByOidTag(cx->hashAlg) == HASH_AlgNULL) { + /* error set by HASH_GetHashTypeByOidTag */ + goto loser; + } + /* check the policy on the hash algorithm. Do this after + * the rsa decode because some uses of this function get hash implicitly + * from the RSA signature itself. */ +@@ -645,21 +680,26 @@ VFY_EndWithSignature(VFYContext *cx, SEC + if (cx->hashcx == NULL) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; + } + (*cx->hashobj->end)(cx->hashcx, final, &part, sizeof(final)); + switch (cx->key->keyType) { + case ecKey: + case dsaKey: +- dsasig.data = cx->u.buffer; +- dsasig.len = SECKEY_SignatureLen(cx->key); ++ dsasig.len = checkedSignatureLen(cx->key); + if (dsasig.len == 0) { + return SECFailure; + } ++ if (dsasig.len > sizeof(cx->u)) { ++ PORT_SetError(SEC_ERROR_BAD_SIGNATURE); ++ return SECFailure; ++ } ++ dsasig.data = cx->u.buffer; ++ + if (sig) { + rv = decodeECorDSASignature(cx->encAlg, sig, dsasig.data, + dsasig.len); + if (rv != SECSuccess) { + PORT_SetError(SEC_ERROR_BAD_SIGNATURE); + return SECFailure; + } + } +@@ -681,18 +721,23 @@ VFY_EndWithSignature(VFYContext *cx, SEC + cx->params, + &mech); + PORT_DestroyCheapArena(&tmpArena); + if (rv != SECSuccess) { + return SECFailure; + } + + rsasig.data = cx->u.buffer; +- rsasig.len = SECKEY_SignatureLen(cx->key); ++ rsasig.len = checkedSignatureLen(cx->key); + if (rsasig.len == 0) { ++ /* Error set by checkedSignatureLen */ ++ return SECFailure; ++ } ++ if (rsasig.len > sizeof(cx->u)) { ++ PORT_SetError(SEC_ERROR_BAD_SIGNATURE); + return SECFailure; + } + if (sig) { + if (sig->len != rsasig.len) { + PORT_SetError(SEC_ERROR_BAD_SIGNATURE); + return SECFailure; + } + PORT_Memcpy(rsasig.data, sig->data, rsasig.len); +@@ -744,37 +789,42 @@ VFY_End(VFYContext *cx) + static SECStatus + vfy_VerifyDigest(const SECItem *digest, const SECKEYPublicKey *key, + const SECItem *sig, SECOidTag encAlg, SECOidTag hashAlg, + void *wincx) + { + SECStatus rv; + VFYContext *cx; + SECItem dsasig; /* also used for ECDSA */ +- + rv = SECFailure; + + cx = vfy_CreateContext(key, sig, encAlg, hashAlg, NULL, wincx); + if (cx != NULL) { + switch (key->keyType) { + case rsaKey: + rv = verifyPKCS1DigestInfo(cx, digest); ++ /* Error (if any) set by verifyPKCS1DigestInfo */ + break; +- case dsaKey: + case ecKey: ++ case dsaKey: + dsasig.data = cx->u.buffer; +- dsasig.len = SECKEY_SignatureLen(cx->key); ++ dsasig.len = checkedSignatureLen(cx->key); + if (dsasig.len == 0) { ++ /* Error set by checkedSignatureLen */ ++ rv = SECFailure; + break; + } +- if (PK11_Verify(cx->key, &dsasig, (SECItem *)digest, cx->wincx) != +- SECSuccess) { ++ if (dsasig.len > sizeof(cx->u)) { + PORT_SetError(SEC_ERROR_BAD_SIGNATURE); +- } else { +- rv = SECSuccess; ++ rv = SECFailure; ++ break; ++ } ++ rv = PK11_Verify(cx->key, &dsasig, (SECItem *)digest, cx->wincx); ++ if (rv != SECSuccess) { ++ PORT_SetError(SEC_ERROR_BAD_SIGNATURE); + } + break; + default: + break; + } + VFY_DestroyContext(cx, PR_TRUE); + } + return rv; + -- cgit v1.2.3 From 3e9dc2754e55bd5e1c5e71be36d018f50eb9bf84 Mon Sep 17 00:00:00 2001 From: Mark H Weaver Date: Fri, 3 Dec 2021 04:43:15 -0500 Subject: gnu: icecat: Remove vestigial icecat-78-makeicecat.patch. This is a followup to commit a63231003e7bbeafb0110b077788e47e78685f20. * gnu/packages/patches/icecat-78-makeicecat.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Remove it. --- gnu/local.mk | 1 - gnu/packages/patches/icecat-78-makeicecat.patch | 110 ------------------------ 2 files changed, 111 deletions(-) delete mode 100644 gnu/packages/patches/icecat-78-makeicecat.patch (limited to 'gnu/packages/patches') diff --git a/gnu/local.mk b/gnu/local.mk index c0e0c956f6..e61e825ba3 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1260,7 +1260,6 @@ dist_patch_DATA = \ %D%/packages/patches/hurd-cross.patch \ %D%/packages/patches/hurd-xattr.patch \ %D%/packages/patches/hydra-disable-darcs-test.patch \ - %D%/packages/patches/icecat-78-makeicecat.patch \ %D%/packages/patches/icecat-makeicecat.patch \ %D%/packages/patches/icecat-avoid-bundled-libraries.patch \ %D%/packages/patches/icecat-CVE-2021-43527.patch \ diff --git a/gnu/packages/patches/icecat-78-makeicecat.patch b/gnu/packages/patches/icecat-78-makeicecat.patch deleted file mode 100644 index edd1ced257..0000000000 --- a/gnu/packages/patches/icecat-78-makeicecat.patch +++ /dev/null @@ -1,110 +0,0 @@ -Make some of the changes needed to the 'makeicecat' script, to allow it to run -in a snippet without network access. After this patch is applied, some -additional changes will be made using 'substitute*'. - -diff --git a/makeicecat b/makeicecat -index 8be2362..48716f2 100755 ---- a/makeicecat -+++ b/makeicecat -@@ -31,55 +31,55 @@ SOURCEDIR=icecat-$FFVERSION - - DATA="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"/data - --mkdir -p output --cd output -+# mkdir -p output -+# cd output - - ############################################################################### - # Retrieve FF source code - ############################################################################### - --rm mozilla-esr${FFMAJOR} $SOURCEDIR -rf -- --wget -N https://ftp.mozilla.org/pub/mozilla.org/firefox/releases/${FFVERSION}esr/source/firefox-${FFVERSION}esr.source.tar.xz --wget -N https://ftp.mozilla.org/pub/mozilla.org/firefox/releases/${FFVERSION}esr/source/firefox-${FFVERSION}esr.source.tar.xz.asc --gpg --recv-keys --keyserver keyserver.ubuntu.com 14F26682D0916CDD81E37B6D61B7B526D98F0353 --gpg --verify firefox-${FFVERSION}esr.source.tar.xz.asc --echo -n 1aa041db28cd742e93d663a9da8defd33040b38d8b9470350538473251621643 firefox-${FFVERSION}esr.source.tar.xz |sha256sum -c - -- --echo Extracting Firefox tarball --tar -xf firefox-${FFVERSION}esr.source.tar.xz -- --mv firefox-${FFVERSION} $SOURCEDIR -+# rm mozilla-esr${FFMAJOR} $SOURCEDIR -rf -+# -+# wget -N https://ftp.mozilla.org/pub/mozilla.org/firefox/releases/${FFVERSION}esr/source/firefox-${FFVERSION}esr.source.tar.xz -+# wget -N https://ftp.mozilla.org/pub/mozilla.org/firefox/releases/${FFVERSION}esr/source/firefox-${FFVERSION}esr.source.tar.xz.asc -+# gpg --recv-keys --keyserver keyserver.ubuntu.com 14F26682D0916CDD81E37B6D61B7B526D98F0353 -+# gpg --verify firefox-${FFVERSION}esr.source.tar.xz.asc -+# echo -n 1aa041db28cd742e93d663a9da8defd33040b38d8b9470350538473251621643 firefox-${FFVERSION}esr.source.tar.xz |sha256sum -c - -+# -+# echo Extracting Firefox tarball -+# tar -xf firefox-${FFVERSION}esr.source.tar.xz -+# -+# mv firefox-${FFVERSION} $SOURCEDIR - - ############################################################################### - # Retrieve l10n - ############################################################################### - --mkdir l10n --cd l10n --while read line;do -- line=$(echo $line |cut -d' ' -f1) -- #[ $line = "es-ES" ] || continue # To speed up testing -- [ $line = "en-US" ] && continue -- hg clone https://hg.mozilla.org/l10n-central/$line -- mkdir -p $line/browser/chrome/browser/preferences -- touch $line/browser/chrome/browser/preferences/advanced-scripts.dtd -- rm -rf $line/.hg* --done < ../$SOURCEDIR/browser/locales/shipped-locales --cd .. -- --mv l10n $SOURCEDIR -- --hg clone https://hg.mozilla.org/l10n/compare-locales/ --cd compare-locales/ --hg checkout RELEASE_8_0_0 --cd .. --rm compare-locales/.hg* compare-locales/.git* -rf --mv compare-locales $SOURCEDIR/l10n -+# mkdir l10n -+# cd l10n -+# while read line;do -+# line=$(echo $line |cut -d' ' -f1) -+# #[ $line = "es-ES" ] || continue # To speed up testing -+# [ $line = "en-US" ] && continue -+# hg clone https://hg.mozilla.org/l10n-central/$line -+# mkdir -p $line/browser/chrome/browser/preferences -+# touch $line/browser/chrome/browser/preferences/advanced-scripts.dtd -+# rm -rf $line/.hg* -+# done < ../$SOURCEDIR/browser/locales/shipped-locales -+# cd .. -+# -+# mv l10n $SOURCEDIR -+# -+# hg clone https://hg.mozilla.org/l10n/compare-locales/ -+# cd compare-locales/ -+# hg checkout RELEASE_8_0_0 -+# cd .. -+# rm compare-locales/.hg* compare-locales/.git* -rf -+# mv compare-locales $SOURCEDIR/l10n - - ####################################################### - --cd $SOURCEDIR -+# cd $SOURCEDIR - - shopt -s nullglob - for patch in $DATA/patches/*.patch; do -@@ -598,6 +598,6 @@ sed 's/777/755/;' -i toolkit/crashreporter/google-breakpad/Makefile.in - # Fix CVE-2012-3386 - /bin/sed 's/chmod a+w/chmod u+w/' -i ./js/src/ctypes/libffi/Makefile.in ./toolkit/crashreporter/google-breakpad/Makefile.in ./toolkit/crashreporter/google-breakpad/src/third_party/glog/Makefile.in || true - --cd .. --echo Packaging tarball --tar cfj icecat-$ICECATVERSION.tar.bz2 $SOURCEDIR -+# cd .. -+# echo Packaging tarball -+# tar cfj icecat-$ICECATVERSION.tar.bz2 $SOURCEDIR -- cgit v1.2.3