[bug#30709] [PATCH 0/4] Add debootstrap

[bug#30709] [PATCH 0/4] Add debootstrap

[Efraim Flashner]

From time to time having a debian (or ubuntu) chroot is useful, so I
figured there was no reason to keep my patches for debootstrap in my
GUIX_PACKAGE_PATH, so here's the patches necessary to make it work.

debootstrap uses 'ar' from binutils to extract the .debs it downloads,
gnupg and the keyrings to verify the binaries, and perl for the actual
building. There's no perl to patch from the script, its from what is
actually downloaded.  With the propagated inputs, it should be possible
to run 'guix environment -C -N --ad-hoc debootstrap -- debootstrap ...'

Efraim Flashner (4):
  gnu: Add jetring.
  gnu: Add debian-archive-keyring.
  gnu: Add ubuntu-keyring.
  gnu: Add debootstrap.

 gnu/local.mk            |   1 +
 gnu/packages/debian.scm | 170 ++++++++++++++++++++++++++++++++++++++++++++++++
 gnu/packages/gnupg.scm  |  49 +++++++++++++-
 3 files changed, 219 insertions(+), 1 deletion(-)
 create mode 100644 gnu/packages/debian.scm

-- 
2.16.2

[bug#30709] [PATCH 1/4] gnu: Add jetring.

[Efraim Flashner]

* gnu/packages/gnupg.scm (jetring): New variable.
---
 gnu/packages/gnupg.scm | 49 ++++++++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 48 insertions(+), 1 deletion(-)

diff --git a/gnu/packages/gnupg.scm b/gnu/packages/gnupg.scm
index eeab5c5af..d6b41da2d 100644
--- a/gnu/packages/gnupg.scm
+++ b/gnu/packages/gnupg.scm
@@ -4,7 +4,7 @@
 ;;; Copyright © 2014 Eric Bavier <bavier@member.fsf.org>
 ;;; Copyright © 2014, 2015, 2016 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2015 Paul van der Walt <paul@denknerd.org>
-;;; Copyright © 2015, 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2015, 2016, 2017, 2018 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2015, 2016, 2017 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2016 Christopher Allan Webber <cwebber@dustycloud.org>
 ;;; Copyright © 2016, 2017 ng0 <ng0@infotropique.org>
@@ -929,3 +929,50 @@ keyring content.  Parcimonie is a daemon that fetches one key at a time using
 the Tor network, waits a bit, changes the Tor circuit being used, and starts
 over.")
     (license license:gpl1+)))
+
+(define-public jetring
+  (package
+    (name "jetring")
+    (version "0.25")
+    (source
+      (origin
+        (method url-fetch)
+        (uri (string-append "mirror://debian/pool/main/j/" name "/"
+                            name "_" version ".tar.xz"))
+        (sha256
+         (base32
+          "0shcnnw0h31b08vmnvf18ni33dg40w18wv9smb69vkklz3h4jhpw"))))
+    (build-system gnu-build-system)
+    (arguments
+     '(#:phases
+       (modify-phases %standard-phases
+         (delete 'configure) ; no configure script
+         (replace 'install
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let* ((out (assoc-ref outputs "out"))
+                    (man (string-append out "/share/man")))
+               (for-each (lambda (file)
+                           (install-file file (string-append out "/bin/")))
+                         '("jetring-accept" "jetring-apply" "jetring-build"
+                           "jetring-checksum" "jetring-diff" "jetring-explode"
+                           "jetring-gen" "jetring-review" "jetring-signindex"))
+               (for-each (lambda (file)
+                           (install-file file (string-append man "/man1/")))
+                         (find-files "." ".*\\.1$"))
+               (install-file "jetring.7" (string-append man "/man7/"))
+               #t))))
+       #:tests? #f)) ; no test phase
+    (native-inputs `(("gnupg" ,gnupg)))
+    (inputs `(("perl" ,perl)))
+    (home-page "https://joeyh.name/code/jetring/")
+    (synopsis "Gpg keyring maintenance using changesets")
+    (description
+     "Jetring is a collection of tools that allow for gpg keyrings to be
+maintained using changesets.  It was developed with the Debian keyring in mind,
+and aims to solve the problem that a gpg keyring is a binary blob that's hard
+for multiple people to collaboratively edit.
+With jetring, changesets can be submitted, reviewed to see exactly what they
+will do, applied, and used to build a keyring.  The origin of every change made
+to the keyring is available for auditing, and gpg signatures can be used to
+further secure things.")
+    (license license:gpl2+)))
-- 
2.16.2

[bug#30709] [PATCH 2/4] gnu: Add debian-archive-keyring.

[Efraim Flashner]

* gnu/packages/debian.scm (debian-archive-keyring): New variable.
* gnu/local.mk (GNU_SYSTEM_MODULES): Add it.
---
 gnu/local.mk            |  1 +
 gnu/packages/debian.scm | 62 +++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 63 insertions(+)
 create mode 100644 gnu/packages/debian.scm

diff --git a/gnu/local.mk b/gnu/local.mk
index d091a89b8..38a2afe91 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -120,6 +120,7 @@ GNU_SYSTEM_MODULES =				\
   %D%/packages/datastructures.scm		\
   %D%/packages/dav.scm				\
   %D%/packages/dc.scm				\
+  %D%/packages/debian.scm			\
   %D%/packages/debug.scm			\
   %D%/packages/dejagnu.scm			\
   %D%/packages/dico.scm				\
diff --git a/gnu/packages/debian.scm b/gnu/packages/debian.scm
new file mode 100644
index 000000000..70131ff45
--- /dev/null
+++ b/gnu/packages/debian.scm
@@ -0,0 +1,62 @@
+;;; Copyright © 2018 Efraim Flashner <efraim@flashner.co.il>
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu packages debian)
+  #:use-module ((guix licenses) #:prefix license:)
+  #:use-module (guix download)
+  #:use-module (guix packages)
+  #:use-module (guix build-system gnu)
+  #:use-module (gnu packages gnupg))
+
+(define-public debian-archive-keyring
+  (package
+    (name "debian-archive-keyring")
+    (version "2017.7")
+    (source
+      (origin
+        (method url-fetch)
+        (uri (string-append "mirror://debian/pool/main/d/" name "/"
+                            name "_" version ".tar.xz"))
+        (sha256
+         (base32
+          "1pdwgipfi0y4svhxlw8arhq792f1g3vlmw4raphizy7sa65vd4ca"))))
+    (build-system gnu-build-system)
+    (arguments
+     '(#:test-target "verify-results"
+       #:parallel-build? #f ; has race conditions
+       #:phases
+       (modify-phases %standard-phases
+         (delete 'configure) ; no configure script
+         (replace 'install
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let* ((out (assoc-ref outputs "out"))
+                    (apt (string-append out "/etc/apt/trusted.gpg.d/"))
+                    (key (string-append out "/share/keyrings/")))
+               (install-file "keyrings/debian-archive-keyring.gpg" key)
+               (install-file "keyrings/debian-archive-removed-keys.gpg" key)
+               (for-each (lambda (file)
+                           (install-file file apt))
+                         (find-files "trusted.gpg" "\\.gpg$")))
+             #t)))))
+    (native-inputs
+     `(("gnupg" ,gnupg)
+       ("jetring" ,jetring)))
+    (home-page "https://packages.qa.debian.org/d/debian-archive-keyring.html")
+    (synopsis "GnuPG archive keys of the Debian archive")
+    (description
+     "The Debian project digitally signs its Release files.  This package
+contains the archive keys used for that.")
+    (license (list license:public-domain ; the keys
+                   license:gpl2+)))) ; see debian/copyright
-- 
2.16.2

[bug#30709] [PATCH 3/4] gnu: Add ubuntu-keyring.

[Efraim Flashner]

* gnu/packages/debian.scm (ubuntu-keyring): New variable.
---
 gnu/packages/debian.scm | 43 +++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 43 insertions(+)

diff --git a/gnu/packages/debian.scm b/gnu/packages/debian.scm
index 70131ff45..5eda5e849 100644
--- a/gnu/packages/debian.scm
+++ b/gnu/packages/debian.scm
@@ -18,6 +18,9 @@
   #:use-module (guix download)
   #:use-module (guix packages)
   #:use-module (guix build-system gnu)
+  #:use-module (guix build-system trivial)
+  #:use-module (gnu packages base)
+  #:use-module (gnu packages compression)
   #:use-module (gnu packages gnupg))
 
 (define-public debian-archive-keyring
@@ -60,3 +63,43 @@
 contains the archive keys used for that.")
     (license (list license:public-domain ; the keys
                    license:gpl2+)))) ; see debian/copyright
+
+(define-public ubuntu-keyring
+  (package
+    (name "ubuntu-keyring")
+    (version "2018.02.28")
+    (source
+      (origin
+        (method url-fetch)
+        (uri (string-append "https://launchpad.net/ubuntu/+archive/primary/"
+                            "+files/" name "_" version ".tar.gz"))
+        (sha256
+         (base32
+          "1zj3012cz7rlx9pm39wnwa0lmi1h38n6bkgbz81vnmcsvqsc9a3a"))))
+    (build-system trivial-build-system)
+    (arguments
+     `(#:modules ((guix build utils))
+       #:builder (begin
+                   (use-modules (guix build utils))
+                   (let* ((out (assoc-ref %outputs "out"))
+                          (apt (string-append out "/etc/apt/trusted.gpg.d/"))
+                          (key (string-append out "/share/keyrings/")))
+                     (setenv "PATH" (string-append
+                                      (assoc-ref %build-inputs "gzip") "/bin:"
+                                      (assoc-ref %build-inputs "tar") "/bin"))
+                     (invoke "tar" "xvf" (assoc-ref %build-inputs "source"))
+                     (for-each (lambda (file)
+                                 (install-file file key)
+                                 (install-file file apt))
+                               (find-files "." "\\.gpg$")))
+                   #t)))
+    (native-inputs
+     `(("tar" ,tar)
+       ("gzip" ,gzip)))
+    (home-page "https://launchpad.net/ubuntu/+source/ubuntu-keyring")
+    (synopsis "GnuPG keys of the Ubuntu archive")
+    (description
+     "The Ubuntu project digitally signs its Release files.  This package
+contains the archive keys used for that.")
+    (license (list license:public-domain ; the keys
+                   license:gpl2+)))) ; see debian/copyright
-- 
2.16.2

[bug#30709] [PATCH 4/4] gnu: Add debootstrap.

[Efraim Flashner]

* gnu/packages/debian.scm (debootstrap): New variable.
---
 gnu/packages/debian.scm | 67 ++++++++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 66 insertions(+), 1 deletion(-)

diff --git a/gnu/packages/debian.scm b/gnu/packages/debian.scm
index 5eda5e849..15dcd64e8 100644
--- a/gnu/packages/debian.scm
+++ b/gnu/packages/debian.scm
@@ -16,12 +16,15 @@
 (define-module (gnu packages debian)
   #:use-module ((guix licenses) #:prefix license:)
   #:use-module (guix download)
+  #:use-module (guix git-download)
   #:use-module (guix packages)
   #:use-module (guix build-system gnu)
   #:use-module (guix build-system trivial)
   #:use-module (gnu packages base)
   #:use-module (gnu packages compression)
-  #:use-module (gnu packages gnupg))
+  #:use-module (gnu packages gnupg)
+  #:use-module (gnu packages perl)
+  #:use-module (gnu packages wget))
 
 (define-public debian-archive-keyring
   (package
@@ -103,3 +106,65 @@ contains the archive keys used for that.")
 contains the archive keys used for that.")
     (license (list license:public-domain ; the keys
                    license:gpl2+)))) ; see debian/copyright
+
+(define-public debootstrap
+  (package
+    (name "debootstrap")
+    (version "1.0.93")
+    (source
+      (origin
+        (method git-fetch)
+        (uri (git-reference
+               (url "https://anonscm.debian.org/cgit/d-i/debootstrap.git")
+               (commit version)))
+        (file-name (git-file-name name version))
+        (sha256
+         (base32
+          "1jxq91602a152c56l2f8kzkiszp26cziqddcs4v695bcif72kfz6"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:phases
+       (modify-phases %standard-phases
+         (delete 'configure)
+         (delete 'build)
+         (add-after 'unpack 'patch-source
+           (lambda* (#:key inputs outputs #:allow-other-keys)
+             (let ((out    (assoc-ref outputs "out"))
+                   (debian (assoc-ref %build-inputs "debian"))
+                   (ubuntu (assoc-ref %build-inputs "ubuntu")))
+               (substitute* "scripts/sid"
+                 (("/usr") debian))
+               (substitute* "scripts/gutsy"
+                 (("/usr") ubuntu))
+               (substitute* "debootstrap"
+                 (("=/usr") (string-append "=" out))
+                 (("@VERSION@") ,version))
+               (substitute* "functions"
+                 (("wget ") (string-append (which "wget") " ")))
+               #t)))
+         (replace 'install
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let ((out (assoc-ref outputs "out")))
+               (copy-recursively "scripts"
+                                 (string-append out "/share/debootstrap/scripts"))
+               (install-file "functions" (string-append out "/share/debootstrap"))
+               (install-file "debootstrap" (string-append out "/sbin"))
+               (install-file "debootstrap.8" (string-append out "/share/man/man8"))
+               #t))))
+       #:tests? #f)) ; no tests
+    (inputs
+     `(("debian" ,debian-archive-keyring)
+       ("ubuntu" ,ubuntu-keyring)
+       ("wget" ,wget)))
+    ;; The following are required for debootstrap to work correctly
+    (propagated-inputs
+     `(("binutils" ,binutils)
+       ("gnupg" ,gnupg)
+       ("perl" ,perl)))
+    (home-page "https://anonscm.debian.org/cgit/d-i/debootstrap.git")
+    (synopsis "Bootstrap a basic Debian system")
+    (description "Debootstrap is used to create a Debian base system from
+scratch, without requiring the availability of @code{dpkg} or @code{apt}.
+It does this by downloading .deb files from a mirror site, and carefully
+unpacking them into a directory which can eventually be chrooted into.")
+    (license license:gpl2)))
-- 
2.16.2

[bug#30709] [PATCH 1/4] gnu: Add jetring.

[Marius Bakke]

[-- Attachment #1: Type: text/plain, Size: 2192 bytes --]

Efraim Flashner <efraim@flashner.co.il> writes:

> * gnu/packages/gnupg.scm (jetring): New variable.

[...]

> +    (build-system gnu-build-system)
> +    (arguments
> +     '(#:phases
> +       (modify-phases %standard-phases
> +         (delete 'configure) ; no configure script
> +         (replace 'install
> +           (lambda* (#:key outputs #:allow-other-keys)
> +             (let* ((out (assoc-ref outputs "out"))
> +                    (man (string-append out "/share/man")))
> +               (for-each (lambda (file)
> +                           (install-file file (string-append out "/bin/")))
> +                         '("jetring-accept" "jetring-apply" "jetring-build"
> +                           "jetring-checksum" "jetring-diff" "jetring-explode"
> +                           "jetring-gen" "jetring-review" "jetring-signindex"))
> +               (for-each (lambda (file)
> +                           (install-file file (string-append man "/man1/")))
> +                         (find-files "." ".*\\.1$"))
> +               (install-file "jetring.7" (string-append man "/man7/"))
> +               #t))))
> +       #:tests? #f)) ; no test phase
> +    (native-inputs `(("gnupg" ,gnupg)))

What is GnuPG used for here?  I would assume it was a "normal" input.

> +    (inputs `(("perl" ,perl)))
> +    (home-page "https://joeyh.name/code/jetring/")
> +    (synopsis "Gpg keyring maintenance using changesets")

s/Gpg/GnuPG/

> +    (description
> +     "Jetring is a collection of tools that allow for gpg keyrings to be
> +maintained using changesets.  It was developed with the Debian keyring in mind,
> +and aims to solve the problem that a gpg keyring is a binary blob that's hard
> +for multiple people to collaboratively edit.

\n

> +With jetring, changesets can be submitted, reviewed to see exactly what they
> +will do, applied, and used to build a keyring.  The origin of every change made
> +to the keyring is available for auditing, and gpg signatures can be used to
> +further secure things.")

s/to further secure things/for integrity guarantees/ (IMO)

It would be good with an explanation of what a changeset is or how it
works, but LGTM either way.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 487 bytes --]

[bug#30709] [PATCH 2/4] gnu: Add debian-archive-keyring.

[Marius Bakke]

[-- Attachment #1: Type: text/plain, Size: 171 bytes --]

Efraim Flashner <efraim@flashner.co.il> writes:

> * gnu/packages/debian.scm (debian-archive-keyring): New variable.
> * gnu/local.mk (GNU_SYSTEM_MODULES): Add it.

LGTM.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 487 bytes --]

[bug#30709] [PATCH 3/4] gnu: Add ubuntu-keyring.

[Marius Bakke]

[-- Attachment #1: Type: text/plain, Size: 1229 bytes --]

Efraim Flashner <efraim@flashner.co.il> writes:

> * gnu/packages/debian.scm (ubuntu-keyring): New variable.

[...]

> +    (build-system trivial-build-system)
> +    (arguments
> +     `(#:modules ((guix build utils))
> +       #:builder (begin
> +                   (use-modules (guix build utils))
> +                   (let* ((out (assoc-ref %outputs "out"))
> +                          (apt (string-append out "/etc/apt/trusted.gpg.d/"))
> +                          (key (string-append out "/share/keyrings/")))
> +                     (setenv "PATH" (string-append
> +                                      (assoc-ref %build-inputs "gzip") "/bin:"
> +                                      (assoc-ref %build-inputs "tar") "/bin"))
> +                     (invoke "tar" "xvf" (assoc-ref %build-inputs "source"))
> +                     (for-each (lambda (file)
> +                                 (install-file file key)
> +                                 (install-file file apt))
> +                               (find-files "." "\\.gpg$")))
> +                   #t)))

Why is having the same files in out/share/keyrings and
out/etc/apt/trusted.gpg.d necessary?

(this was perhaps the case with the Debian keyring too?)

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 487 bytes --]

[bug#30709] [PATCH 4/4] gnu: Add debootstrap.

[Marius Bakke]

[-- Attachment #1.1: Type: text/plain, Size: 3938 bytes --]

Efraim Flashner <efraim@flashner.co.il> writes:

> * gnu/packages/debian.scm (debootstrap): New variable.

Thanks for packaging this!  I've worked on this too, and actually
packaged 'dpkg' separately.  Yet somehow I did not need to package the
keyrings (I guess it is necessary to work offline?).

Some comments inline, and my dpkg and debootstrap patches attached for
comparison.  Feel free to take inspiration from both.

> +(define-public debootstrap
> +  (package
> +    (name "debootstrap")
> +    (version "1.0.93")
> +    (source
> +      (origin
> +        (method git-fetch)
> +        (uri (git-reference
> +               (url "https://anonscm.debian.org/cgit/d-i/debootstrap.git")
> +               (commit version)))
> +        (file-name (git-file-name name version))

Why use the git downloader here?

> +        (sha256
> +         (base32
> +          "1jxq91602a152c56l2f8kzkiszp26cziqddcs4v695bcif72kfz6"))))
> +    (build-system gnu-build-system)
> +    (arguments
> +     `(#:phases
> +       (modify-phases %standard-phases
> +         (delete 'configure)
> +         (delete 'build)
> +         (add-after 'unpack 'patch-source
> +           (lambda* (#:key inputs outputs #:allow-other-keys)
> +             (let ((out    (assoc-ref outputs "out"))
> +                   (debian (assoc-ref %build-inputs "debian"))
> +                   (ubuntu (assoc-ref %build-inputs "ubuntu")))

Use (assoc-ref inputs "debian") instead of accessing the global
%build-inputs.  I'd also call them "debian-keyring" and "ubuntu-keyring"
to make it clearer what's going on down below.

> +               (substitute* "scripts/sid"
> +                 (("/usr") debian))
> +               (substitute* "scripts/gutsy"
> +                 (("/usr") ubuntu))
> +               (substitute* "debootstrap"
> +                 (("=/usr") (string-append "=" out))
> +                 (("@VERSION@") ,version))

If you don't delete the build phase, @VERSION@ should be automatically
expanded to the correct value, methinks.

> +               (substitute* "functions"
> +                 (("wget ") (string-append (which "wget") " ")))
> +               #t)))
> +         (replace 'install
> +           (lambda* (#:key outputs #:allow-other-keys)
> +             (let ((out (assoc-ref outputs "out")))
> +               (copy-recursively "scripts"
> +                                 (string-append out "/share/debootstrap/scripts"))
> +               (install-file "functions" (string-append out "/share/debootstrap"))
> +               (install-file "debootstrap" (string-append out "/sbin"))
> +               (install-file "debootstrap.8" (string-append out "/share/man/man8"))
> +               #t))))

Similarly, passing DESTDIR in #:make-flags should make this unnecessary.

> +       #:tests? #f)) ; no tests
> +    (inputs
> +     `(("debian" ,debian-archive-keyring)
> +       ("ubuntu" ,ubuntu-keyring)
> +       ("wget" ,wget)))
> +    ;; The following are required for debootstrap to work correctly
> +    (propagated-inputs
> +     `(("binutils" ,binutils)
> +       ("gnupg" ,gnupg)
> +       ("perl" ,perl)))
> +    (home-page "https://anonscm.debian.org/cgit/d-i/debootstrap.git")
> +    (synopsis "Bootstrap a basic Debian system")
> +    (description "Debootstrap is used to create a Debian base system from
> +scratch, without requiring the availability of @code{dpkg} or @code{apt}.
> +It does this by downloading .deb files from a mirror site, and carefully
> +unpacking them into a directory which can eventually be chrooted into.")
> +    (license license:gpl2)))

I have not tried this debootstrap, but when testing the attached patch,
I found that debootstrap would fail on the first attempt, but simply
trying again made everything work.  Did you experience this?  Note that
I did not propagate binutils, perhaps that was the problem.

Or the confusion between Guix dpkg and the debootstrapped dpkg.

Behold...


[-- Attachment #1.2: 0001-gnu-Add-dpkg.patch --]
[-- Type: text/x-patch, Size: 2159 bytes --]

From 62795e10a95f393ab3a65d649ef3a30ccd8fece2 Mon Sep 17 00:00:00 2001
From: Marius Bakke <mbakke@fastmail.com>
Date: Fri, 5 Jan 2018 15:58:45 +0100
Subject: [PATCH] gnu: Add dpkg.

* gnu/packages/package-management.scm (dpkg): New public variable.
---
 gnu/packages/package-management.scm | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/gnu/packages/package-management.scm b/gnu/packages/package-management.scm
index 7eba74e96..451af238c 100644
--- a/gnu/packages/package-management.scm
+++ b/gnu/packages/package-management.scm
@@ -5,6 +5,7 @@
 ;;; Copyright © 2017 Oleg Pykhalov <go.wigust@gmail.com>
 ;;; Copyright © 2017 Roel Janssen <roel@gnu.org>
 ;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2018 Marius Bakke <mbakke@fastmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -46,6 +47,7 @@
   #:use-module (gnu packages gettext)
   #:use-module (gnu packages lisp)
   #:use-module (gnu packages texinfo)
+  #:use-module (gnu packages ncurses)
   #:use-module (gnu packages nettle)
   #:use-module (gnu packages perl)
   #:use-module (gnu packages perl-check)
@@ -349,6 +351,28 @@ out) and returning a package that uses that as its 'source'."
 ;;; Other tools.
 ;;;
 
+(define-public dpkg
+  (package
+    (name "dpkg")
+    (version "1.19.0.4")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "mirror://debian/pool/main/d/dpkg/dpkg_"
+                                  version ".tar.xz"))
+              (sha256
+               (base32 "02lrwrkl2g1jwj71088rwswx07a1zq1jkq7193lbvy8jj2qnp9lq"))))
+    (build-system gnu-build-system)
+    (inputs
+     `(("ncurses" ,ncurses)
+       ("perl" ,perl)))
+    (home-page "https://wiki.debian.org/Teams/Dpkg")
+    (synopsis "Debian package manager")
+    (description
+     "@command{dpkg} is a low-level package management tool, primarily developed
+for use in Debian.  It can install, remove and show information about @file{.deb}
+packages.")
+    (license gpl2+)))
+
 (define-public nix
   (package
     (name "nix")
-- 
2.16.2


[-- Attachment #1.3: 0002-gnu-Add-debootstrap.patch --]
[-- Type: text/x-patch, Size: 4889 bytes --]

From 7e4ec4b1e8ad602c797d192dc6c5f573664c50d4 Mon Sep 17 00:00:00 2001
From: Marius Bakke <mbakke@fastmail.com>
Date: Fri, 5 Jan 2018 16:45:19 +0100
Subject: [PATCH] gnu: Add debootstrap.

* gnu/packages/debootstrap.scm: New file.
* gnu/local.mk (GNU_SYSTEM_MODULES): Register it.
---
 gnu/local.mk                 |  1 +
 gnu/packages/debootstrap.scm | 81 ++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 82 insertions(+)
 create mode 100644 gnu/packages/debootstrap.scm

diff --git a/gnu/local.mk b/gnu/local.mk
index fb4babfdb..cf4e23117 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -119,6 +119,7 @@ GNU_SYSTEM_MODULES =				\
   %D%/packages/dav.scm				\
   %D%/packages/dc.scm				\
   %D%/packages/debug.scm			\
+  %D%/packages/debootstrap.scm			\
   %D%/packages/dejagnu.scm			\
   %D%/packages/dico.scm				\
   %D%/packages/dictionaries.scm			\
diff --git a/gnu/packages/debootstrap.scm b/gnu/packages/debootstrap.scm
new file mode 100644
index 000000000..e2a19ba2b
--- /dev/null
+++ b/gnu/packages/debootstrap.scm
@@ -0,0 +1,81 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2018 Marius Bakke <mbakke@fastmail.com>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu packages debootstrap)
+  #:use-module (guix packages)
+  #:use-module (guix download)
+  #:use-module ((guix licenses) #:prefix license:)
+  #:use-module (guix build-system gnu)
+  #:use-module (gnu packages package-management)
+  #:use-module (gnu packages perl)
+  #:use-module (gnu packages wget)
+  #:use-module (gnu packages))
+
+(define-public debootstrap
+  (package
+    (name "debootstrap")
+    (version "1.0.93")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "mirror://debian/pool/main/d/debootstrap/"
+                                  "debootstrap_" version ".tar.gz"))
+              (sha256
+               (base32
+                "1nyp9fwb7xrk1vin81dmgx2g9rb52yg4gwz4rcx97gamw4mlvbfd"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:make-flags (list (string-append "DESTDIR=" (assoc-ref %outputs "out")))
+       #:tests? #f                    ;no tests
+       #:phases (modify-phases %standard-phases
+                  (add-after 'unpack 'fix-Makefile
+                    (lambda _
+                      (substitute* "Makefile"
+                        (("/usr") "")
+                        (("-o root -g root") "")
+                        (("chown root.*") "\n"))
+                      #t))
+                  (add-after 'fix-Makefile 'patch-paths
+                    (lambda* (#:key inputs outputs #:allow-other-keys)
+                      (let ((out (assoc-ref outputs "out"))
+                            (dpkg (assoc-ref inputs "dpkg"))
+                            (wget (assoc-ref inputs "wget")))
+                      (substitute* "debootstrap"
+                        (("/usr/share/debootstrap")
+                         (string-append out "/share/debootstrap"))
+                        (("/usr/bin/dpkg") (string-append dpkg "/bin/dpkg")))
+                      (substitute* "functions"
+                        (("wget ") (string-append wget "/bin/wget ")))
+                      #t)))
+                  (delete 'configure))))
+    (inputs
+     `(("wget" ,wget)))
+    ;; The bootstrapping scripts contain many references to these packages, some
+    ;; of which referring to the target system.  For simplicity just propagate them
+    ;; instead of adding absolute references.
+    (propagated-inputs
+     `(("dpkg" ,dpkg)
+       ("perl" ,perl)))
+    (home-page "https://wiki.debian.org/Debootstrap")
+    (synopsis "Bootstrap a Debian or Ubuntu system")
+    (description
+     "@command{debootstrap} is a tool which will install a Debian base system
+into a subdirectory of another, already installed system.  It does not require
+an installation CD, just access to a Debian repository.  It can also be used to
+create a rootfs for a machine of a different architecture, which is known as
+\"cross-debootstrapping\".")
+    (license license:gpl2+)))
-- 
2.16.2


[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 487 bytes --]

[bug#30709] [PATCH 1/4] gnu: Add jetring.

[Efraim Flashner]

[-- Attachment #1: Type: text/plain, Size: 2751 bytes --]

On Sat, Mar 10, 2018 at 10:29:14AM +0100, Marius Bakke wrote:
> Efraim Flashner <efraim@flashner.co.il> writes:
> 
> > * gnu/packages/gnupg.scm (jetring): New variable.
> 
> [...]
> 
> > +    (build-system gnu-build-system)
> > +    (arguments
> > +     '(#:phases
> > +       (modify-phases %standard-phases
> > +         (delete 'configure) ; no configure script
> > +         (replace 'install
> > +           (lambda* (#:key outputs #:allow-other-keys)
> > +             (let* ((out (assoc-ref outputs "out"))
> > +                    (man (string-append out "/share/man")))
> > +               (for-each (lambda (file)
> > +                           (install-file file (string-append out "/bin/")))
> > +                         '("jetring-accept" "jetring-apply" "jetring-build"
> > +                           "jetring-checksum" "jetring-diff" "jetring-explode"
> > +                           "jetring-gen" "jetring-review" "jetring-signindex"))
> > +               (for-each (lambda (file)
> > +                           (install-file file (string-append man "/man1/")))
> > +                         (find-files "." ".*\\.1$"))
> > +               (install-file "jetring.7" (string-append man "/man7/"))
> > +               #t))))
> > +       #:tests? #f)) ; no test phase
> > +    (native-inputs `(("gnupg" ,gnupg)))
> 
> What is GnuPG used for here?  I would assume it was a "normal" input.
> 

It's used in jetring-build, and assumably in other scripts. It would
probably be best to wrap jetring with gnupg.

> > +    (inputs `(("perl" ,perl)))
> > +    (home-page "https://joeyh.name/code/jetring/")
> > +    (synopsis "Gpg keyring maintenance using changesets")
> 
> s/Gpg/GnuPG/
> 
> > +    (description
> > +     "Jetring is a collection of tools that allow for gpg keyrings to be
> > +maintained using changesets.  It was developed with the Debian keyring in mind,
> > +and aims to solve the problem that a gpg keyring is a binary blob that's hard
> > +for multiple people to collaboratively edit.
> 
> \n
> 
> > +With jetring, changesets can be submitted, reviewed to see exactly what they
> > +will do, applied, and used to build a keyring.  The origin of every change made
> > +to the keyring is available for auditing, and gpg signatures can be used to
> > +further secure things.")
> 
> s/to further secure things/for integrity guarantees/ (IMO)
> 
> It would be good with an explanation of what a changeset is or how it
> works, but LGTM either way.



-- 
Efraim Flashner   <efraim@flashner.co.il>   אפרים פלשנר
GPG key = A28B F40C 3E55 1372 662D  14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

[bug#30709] [PATCH 3/4] gnu: Add ubuntu-keyring.

[Efraim Flashner]

[-- Attachment #1: Type: text/plain, Size: 4772 bytes --]

On Sat, Mar 10, 2018 at 10:33:21AM +0100, Marius Bakke wrote:
> Efraim Flashner <efraim@flashner.co.il> writes:
> 
> > * gnu/packages/debian.scm (ubuntu-keyring): New variable.
> 
> [...]
> 
> > +    (build-system trivial-build-system)
> > +    (arguments
> > +     `(#:modules ((guix build utils))
> > +       #:builder (begin
> > +                   (use-modules (guix build utils))
> > +                   (let* ((out (assoc-ref %outputs "out"))
> > +                          (apt (string-append out "/etc/apt/trusted.gpg.d/"))
> > +                          (key (string-append out "/share/keyrings/")))
> > +                     (setenv "PATH" (string-append
> > +                                      (assoc-ref %build-inputs "gzip") "/bin:"
> > +                                      (assoc-ref %build-inputs "tar") "/bin"))
> > +                     (invoke "tar" "xvf" (assoc-ref %build-inputs "source"))
> > +                     (for-each (lambda (file)
> > +                                 (install-file file key)
> > +                                 (install-file file apt))
> > +                               (find-files "." "\\.gpg$")))
> > +                   #t)))
> 
> Why is having the same files in out/share/keyrings and
> out/etc/apt/trusted.gpg.d necessary?
> 
> (this was perhaps the case with the Debian keyring too?)

This wasn't actually the case for the Debian keyring, I was more careful
about installing the keyring files to the correct directories. I've gone
ahead and fixed the Ubuntu ones.

$ apt-file show debian-archive-keyring
debian-archive-keyring: /etc/apt/trusted.gpg.d/debian-archive-jessie-automatic.gpg
debian-archive-keyring: /etc/apt/trusted.gpg.d/debian-archive-jessie-security-automatic.gpg
debian-archive-keyring: /etc/apt/trusted.gpg.d/debian-archive-jessie-stable.gpg
debian-archive-keyring: /etc/apt/trusted.gpg.d/debian-archive-squeeze-automatic.gpg
debian-archive-keyring: /etc/apt/trusted.gpg.d/debian-archive-squeeze-stable.gpg
debian-archive-keyring: /etc/apt/trusted.gpg.d/debian-archive-wheezy-automatic.gpg
debian-archive-keyring: /etc/apt/trusted.gpg.d/debian-archive-wheezy-stable.gpg
debian-archive-keyring: /usr/share/doc/debian-archive-keyring/README
debian-archive-keyring: /usr/share/doc/debian-archive-keyring/changelog.gz
debian-archive-keyring: /usr/share/doc/debian-archive-keyring/copyright
debian-archive-keyring: /usr/share/keyrings/debian-archive-keyring.gpg
debian-archive-keyring: /usr/share/keyrings/debian-archive-removed-keys.gpg

$ tree /gnu/store/af8qx6kva04fzxm13sbjb998h1sqbrrz-debian-archive-keyring-2017.7/
/gnu/store/af8qx6kva04fzxm13sbjb998h1sqbrrz-debian-archive-keyring-2017.7/
|-- etc
|   `-- apt
|       `-- trusted.gpg.d
|           |-- debian-archive-jessie-automatic.gpg
|           |-- debian-archive-jessie-security-automatic.gpg
|           |-- debian-archive-jessie-stable.gpg
|           |-- debian-archive-stretch-automatic.gpg
|           |-- debian-archive-stretch-security-automatic.gpg
|           |-- debian-archive-stretch-stable.gpg
|           |-- debian-archive-wheezy-automatic.gpg
|           `-- debian-archive-wheezy-stable.gpg
`-- share
    `-- keyrings
        |-- debian-archive-keyring.gpg
        `-- debian-archive-removed-keys.gpg

$ apt-file show ubuntu-keyring
ubuntu-keyring: /usr/share/doc/ubuntu-keyring/README.gz
ubuntu-keyring: /usr/share/doc/ubuntu-keyring/changelog.gz
ubuntu-keyring: /usr/share/doc/ubuntu-keyring/copyright
ubuntu-keyring: /usr/share/keyrings/ubuntu-archive-keyring.gpg
ubuntu-keyring: /usr/share/keyrings/ubuntu-archive-removed-keys.gpg
ubuntu-keyring: /usr/share/keyrings/ubuntu-master-keyring.gpg

$ tree /gnu/store/iayj7kvhd7y6dl50gf6i63calgirj6ry-ubuntu-keyring-2018.02.28/
/gnu/store/iayj7kvhd7y6dl50gf6i63calgirj6ry-ubuntu-keyring-2018.02.28/
|-- etc
|   `-- apt
|       `-- trusted.gpg.d
|           |-- ubuntu-cloud-keyring.gpg
|           |-- ubuntu-cloud-removed-keys.gpg
|           |-- ubuntu-cloudimage-keyring.gpg
|           |-- ubuntu-cloudimage-removed-keys.gpg
|           |-- ubuntu-dbgsym-keyring.gpg
|           |-- ubuntu-dbgsym-removed-keys.gpg
|           |-- ubuntu-keyring-2012-archive.gpg
|           |-- ubuntu-keyring-2012-cdimage.gpg
|           |-- ubuntu-keyring-2012-cloud-archive.gpg
|           `-- ubuntu-keyring-2016-dbgsym.gpg
`-- share
    `-- keyrings
        |-- ubuntu-archive-keyring.gpg
        |-- ubuntu-archive-removed-keys.gpg
        `-- ubuntu-master-keyring.gpg

-- 
Efraim Flashner   <efraim@flashner.co.il>   אפרים פלשנר
GPG key = A28B F40C 3E55 1372 662D  14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

bug#30709: patch pushed

[Efraim Flashner]

[-- Attachment #1: Type: text/plain, Size: 239 bytes --]

Pushed, closing this bug

-- 
Efraim Flashner   <efraim@flashner.co.il>   אפרים פלשנר
GPG key = A28B F40C 3E55 1372 662D  14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]