[bug#53119] [PATCH] gnu: reuse: Update to 0.14.0.

[bug#53119] [PATCH] gnu: reuse: Update to 0.14.0.

[Felix Gruber]

* gnu/packages/license.scm (reuse): Update to 0.14.0.
---
 gnu/packages/license.scm | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/gnu/packages/license.scm b/gnu/packages/license.scm
index 79ad3df4c8..cc6b03b412 100644
--- a/gnu/packages/license.scm
+++ b/gnu/packages/license.scm
@@ -3,6 +3,7 @@
 ;;; Copyright © 2018–2021 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2020, 2021 Michael Rohleder <mike@rohleder.de>
 ;;; Copyright © 2021 Tanguy Le Carrour <tanguy@bioneland.org>
+;;; Copyright © 2022 Felix Gruber <felgru@posteo.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -167,13 +168,13 @@ belonging to various licenses.")
 (define-public reuse
   (package
     (name "reuse")
-    (version "0.13.0")
+    (version "0.14.0")
     (source
      (origin
        (method url-fetch)
        (uri (pypi-uri "reuse" version))
        (sha256
-        (base32 "00gqpw124lz6kf3gi6m2i1bnxp3k5n3id0bgqff0bj08jga7pj49"))))
+        (base32 "1q84qv982y67inqb67iy3r6z7339593w7zdaaxswjqxfrd1by7bp"))))
     (build-system python-build-system)
     (native-inputs
      (list python-pytest python-setuptools-scm))
-- 
2.30.2

[bug#53119] [PATCH] gnu: reuse: Update to 0.14.0.

[Maxime Devos]

[-- Attachment #1: Type: text/plain, Size: 1115 bytes --]

User: guix
Usertags: reviewed looks-good

(I'm experimenting with usertags)

Hi,

I verified the following:

 * [x] it builds reproducibly on my machine (a x86_64) (using --
rounds=2)

   $ guix hash --serializer=nar /gnu/store/ygjym1j7w9ds6siw11jy0c9dn8rkpmgf-reuse-0.14.0 
   > 1lpx92qs5k625wdc15akbdfapsl5yb1gqbgcq19skc2jgq6yqhz6

   If you have x86_64, please check if you have the same result!

 * [x] When I do "./pre-inst-env guix refresh -u reuse", I end up with
       the same version and base32 as in your patch, so no ‘Tricking peer
       review’-style issue seems to have happened .

       Ignoring uid and file name prefix differences, the tarball from pypi
       and https://github.com/fsfe/reuse-tool/archive/refs/tags/v0.14.0.tar.gz
       are the same (using diffoscope), so no pypi compromise appears to have
       happened.

 * [x] The diff between the old and new version (using diffoscope) seems reasonable,
       no malware appears to have crept in.

 * [x] no dependents (using guix refresh -l), so no world-rebuild issues.

Seems ok to apply to me!

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 260 bytes --]

[bug#53119] [PATCH] gnu: reuse: Update to 0.14.0.

[Maxime Devos]

[-- Attachment #1: Type: text/plain, Size: 1115 bytes --]

User: guix
Usertags: reviewed looks-good

(I'm experimenting with usertags)

Hi,

I verified the following:

 * [x] it builds reproducibly on my machine (a x86_64) (using --
rounds=2)

   $ guix hash --serializer=nar /gnu/store/ygjym1j7w9ds6siw11jy0c9dn8rkpmgf-reuse-0.14.0 
   > 1lpx92qs5k625wdc15akbdfapsl5yb1gqbgcq19skc2jgq6yqhz6

   If you have x86_64, please check if you have the same result!

 * [x] When I do "./pre-inst-env guix refresh -u reuse", I end up with
       the same version and base32 as in your patch, so no ‘Tricking peer
       review’-style issue seems to have happened .

       Ignoring uid and file name prefix differences, the tarball from pypi
       and https://github.com/fsfe/reuse-tool/archive/refs/tags/v0.14.0.tar.gz
       are the same (using diffoscope), so no pypi compromise appears to have
       happened.

 * [x] The diff between the old and new version (using diffoscope) seems reasonable,
       no malware appears to have crept in.

 * [x] no dependents (using guix refresh -l), so no world-rebuild issues.

Seems ok to apply to me!

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 260 bytes --]

[bug#53119] [PATCH] gnu: reuse: Update to 0.14.0.

[Felix Gruber]

Hi Maxime,

On 1/9/22 00:19, Maxime Devos wrote:
>   * [x] it builds reproducibly on my machine (a x86_64) (using --
> rounds=2)
> 
>     $ guix hash --serializer=nar /gnu/store/ygjym1j7w9ds6siw11jy0c9dn8rkpmgf-reuse-0.14.0
>     > 1lpx92qs5k625wdc15akbdfapsl5yb1gqbgcq19skc2jgq6yqhz6
> 
>     If you have x86_64, please check if you have the same result!

I confirm that I get the same hash
1lpx92qs5k625wdc15akbdfapsl5yb1gqbgcq19skc2jgq6yqhz6
when I run your guix hash command.

bug#53119: [PATCH] gnu: reuse: Update to 0.14.0.

[Nicolas Goaziou]

Hello

Felix Gruber <felgru@posteo.net> writes:

> Hi Maxime,
>
> On 1/9/22 00:19, Maxime Devos wrote:
>>   * [x] it builds reproducibly on my machine (a x86_64) (using --
>> rounds=2)
>>     $ guix hash --serializer=nar
>> /gnu/store/ygjym1j7w9ds6siw11jy0c9dn8rkpmgf-reuse-0.14.0
>>     > 1lpx92qs5k625wdc15akbdfapsl5yb1gqbgcq19skc2jgq6yqhz6
>>     If you have x86_64, please check if you have the same result!
>
> I confirm that I get the same hash
> 1lpx92qs5k625wdc15akbdfapsl5yb1gqbgcq19skc2jgq6yqhz6
> when I run your guix hash command.

Applied. Thank you for the patch, and thanks to Maxime for the thorough
review.

Regards,
-- 
Nicolas Goaziou