From mboxrd@z Thu Jan 1 00:00:00 1970 From: Leo Famulari Subject: Re: Fetching patches as origins instead of copying them into the Guix Git repo Date: Fri, 1 Sep 2017 15:50:23 -0400 Message-ID: <20170901195023.GA4799@jasmine.lan> References: <87inh5uqpd.fsf@gmail.com> <87inh4lw7y.fsf@fastmail.com> <87y3q0ow9h.fsf@gmail.com> <87k21jjyzy.fsf@fastmail.com> <20170831213806.GA22308@jasmine.lan> <87shg7l812.fsf@fastmail.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="ZGiS0Q5IWpPtfppv" Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:50014) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dnrxY-000294-Ra for guix-devel@gnu.org; Fri, 01 Sep 2017 15:50:37 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dnrxU-0002b7-Ug for guix-devel@gnu.org; Fri, 01 Sep 2017 15:50:32 -0400 Received: from out1-smtp.messagingengine.com ([66.111.4.25]:49723) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1dnrxU-0002aC-O5 for guix-devel@gnu.org; Fri, 01 Sep 2017 15:50:28 -0400 Content-Disposition: inline In-Reply-To: <87shg7l812.fsf@fastmail.com> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Marius Bakke Cc: guix-devel@gnu.org --ZGiS0Q5IWpPtfppv Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Aug 31, 2017 at 11:52:25PM +0200, Marius Bakke wrote: > Leo Famulari writes: >=20 > > On Thu, Aug 31, 2017 at 09:52:49PM +0200, Marius Bakke wrote: > >> Side note: I think we should start adding patches as origins instead of > >> copying them wholesale, to try and keep the git repository slim. > > > > We should make a git-minimal package for things like this, or use > > guile-git / libgit2. Git itself is a very "heavy" package. >=20 > No, I mean adding patches like this: >=20 > (define %CVE-1970-0001.patch > (origin > (method url-fetch) > (uri "https://example.com/CVE-2017-0001.patch") > (sha256 > (base32 > "12c60iwxyc3rj6ih06a1g80vmkf8khvhm44xr9va4h21b74v8f5k")))) >=20 > (package > (... > (patches (list (search-patch "guix-specific-stuff.patch") > %CVE-1970-0001.patch))) >=20 > That only requires the built-in guix downloader. Ah, that's much better than what I was thinking. --ZGiS0Q5IWpPtfppv Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAlmpufoACgkQJkb6MLrK fwh9eQ/+N67Jif8+1D4EA4/Xp3tXYVQCfDOoCKPOWc8mV9/FMhHm3RdQdY7PbYFt ZdmriF/1yybzc8D1t7D4srz/+mo82xbvkOkAiAD6WBlaNVaIq+lhJmjpkG0lzkg5 dpg0OhgVveK2M4PLJxd+elTuPia0V/wp+kApdYILMdc6UGIOfbus8hQBK9kBcFhB DjwdV/jP4JR14xRg0/+rRUxa7CKj8ipV+eaGGGwPYh7n5LIPxHZ/j2aZtJDq3WeB 9QxW7+y4t78AG1iysVuq2pfscRuSN8xzYqTKMUqjTDQ7YL1nOsiolYOgSVkjOL20 vqca1gyp3/iRilnYq9vfa8uJXF21yuF1JC9fuzlx2a6W4VN9ZJqpmHT6Zs/F+yRZ bYnVxPlZCeSy/0mKjf+/w86Hl6NfCfevCK1Eg8HztoSVfUlzJ8bzXAK5VhV3tn5H J3yp1ZT/MMWbFeZE8x9syANn1+rwoP5s9P/bX9NOsz+Jnk+6tauryLSfCNf8GMXt 9NJAFKpiGOmd6O3yYVdfONELZOT2xaWXzUUq4PcA5+uBzQVZCDjAKGE59SjPckPi RayWyyffDRw4HLHhbrgCpwhqMkU7VQ81aZ6NisIUVkHqC7Pp5wfVBmaek2by+Pu0 kCz7mgSTAl3GHpGJHIWzwJbiRs1Hz3UHuoRGV5Dj7XX1pnnx43o= =9x6m -----END PGP SIGNATURE----- --ZGiS0Q5IWpPtfppv--