From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp2.migadu.com ([2001:41d0:303:e16b::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms13.migadu.com with LMTPS id KPc1FBOlRWeU7AAAe85BDQ:P1 (envelope-from ) for ; Tue, 26 Nov 2024 10:38:11 +0000 Received: from aspmx1.migadu.com ([2001:41d0:303:e16b::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp2.migadu.com with LMTPS id KPc1FBOlRWeU7AAAe85BDQ (envelope-from ) for ; Tue, 26 Nov 2024 11:38:11 +0100 X-Envelope-To: larch@yhetil.org Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=debbugs.gnu.org header.s=debbugs-gnu-org header.b=XyqrS2pB; dkim=fail ("headers rsa verify failed") header.d=gnu.org header.s=fencepost-gnu-org header.b=LAwWxWgi; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" ARC-Seal: i=1; s=key1; d=yhetil.org; t=1732617491; a=rsa-sha256; cv=none; b=gjn5EnCD8e7wnfrnb1kkjOxETC3/XAyDsa8bbT3MHhTBQ5F963cV7faQAhV8PA2K+c4JDM AUt5b769YTuuMt3yAfaffWCNbtV5bo3/V6sL1pUEqc9ogLxr4hgCo/SmlO7JEdCmelQZTj +tW+5npp5+hsYWwIohsUdusNQy6Wn2KlA+Te8oz40RtHwbb05NyxggsWvZbZ8b0zVhRv1z sogXcNK8a/VFJ939e9/6Uqah/bTvouxvVjupZvJ3nZd1qDwSY14t092O+aWGfILTsndnRv oHkzsqjJSG1zInx37mfBPli0zYah9IQ6B6LYRfoVT6qGipou9bhzvUsmAG6xhQ== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=debbugs.gnu.org header.s=debbugs-gnu-org header.b=XyqrS2pB; dkim=fail ("headers rsa verify failed") header.d=gnu.org header.s=fencepost-gnu-org header.b=LAwWxWgi; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1732617491; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=yrwyfajQUwJrMTFkU5RfFAhrmVeKfBlbsu7ncWd18mg=; b=j4eQ6Q1D+c3OwVf5o7mcjCplXfF9VFUOZMtei4MsGD3JIzjtG6roEuAhTMhLJMfD44FtTk UwjpZBW4Bd/hp2shWGgBouyX485qKIoCwMA9mR1Ik04TkAfBIju03WUv0XHNewMwOuYcg8 rOC6VRMPx7jKqLRnCzJZG9kBG9hreX5cbF+gUj8ThXN/7XzvlqXGacjUmR9hQfNezbSEhE AfUQMWEFjOVeLS/Oy0N2HwQhE9A9CI/U9Ox5G3OEFFBFO72MDMrei0klPlwrezneWSlFfV YBxJUzayW+POJoCIJMVvicDm8iVlxToAeI5PeALSG/WvZceEfz5FC+YtqZfpbA== Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id D4E9C7CE6A for ; Tue, 26 Nov 2024 11:38:10 +0100 (CET) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1tFsxL-0005pJ-71; Tue, 26 Nov 2024 05:38:07 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tFsxJ-0005n8-Ei for guix-patches@gnu.org; Tue, 26 Nov 2024 05:38:05 -0500 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1tFsxJ-00013M-4m; Tue, 26 Nov 2024 05:38:05 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debbugs.gnu.org; s=debbugs-gnu-org; h=MIME-Version:References:In-Reply-To:Date:From:To:Subject; bh=yrwyfajQUwJrMTFkU5RfFAhrmVeKfBlbsu7ncWd18mg=; b=XyqrS2pB39b1qxTGclQHHC3fphleS+2qqRzbuCPrnw01ktBbUt+ujDwhHElCWITFsQ0BIHvRud0ASVzYG2CvmizX1fu/87cl/OTqfsLQ/o1dy27eb+b49jNm2wcgXr5FWOtfgdr/FKKQUyR6MCQt9FpmNTkk9CtuZJAPoAU62/nkbPZRkP5MXDQMnVIShB5bR25JLV13wLRxmnS82mZ+KWlWpzEuHlUZOfpwz79Vydeq1QJVunNhIO5nmNi3CVP6pWslGmQAhp0Kp+24/EX4ctmFkNIZ3Q0OBGBnQPS11HhJJZDiVrOrvxyZovrkJF3RvR0HDerw+U08umWmkBKIiQ==; Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1tFsxH-0002hq-Ew; Tue, 26 Nov 2024 05:38:03 -0500 X-Loop: help-debbugs@gnu.org Subject: [bug#74542] [PATCH 11/11] etc: Add upgrade manifest. Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix@cbaines.net, dev@jpoiret.xyz, ludo@gnu.org, othacehe@gnu.org, zimon.toutoune@gmail.com, me@tobias.gr, guix-patches@gnu.org Resent-Date: Tue, 26 Nov 2024 10:38:03 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 74542 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 74542@debbugs.gnu.org Cc: Ludovic =?UTF-8?Q?Court=C3=A8s?= , Christopher Baines , Josselin Poiret , Ludovic Court?s , Mathieu Othacehe , Simon Tournier , Tobias Geerinckx-Rice X-Debbugs-Original-Xcc: Christopher Baines , Josselin Poiret , Ludovic Court?s , Mathieu Othacehe , Simon Tournier , Tobias Geerinckx-Rice Received: via spool by 74542-submit@debbugs.gnu.org id=B74542.173261744610311 (code B ref 74542); Tue, 26 Nov 2024 10:38:03 +0000 Received: (at 74542) by debbugs.gnu.org; 26 Nov 2024 10:37:26 +0000 Received: from localhost ([127.0.0.1]:46268 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tFswf-0002gA-QL for submit@debbugs.gnu.org; Tue, 26 Nov 2024 05:37:26 -0500 Received: from eggs.gnu.org ([209.51.188.92]:60934) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tFswa-0002fT-Cj for 74542@debbugs.gnu.org; Tue, 26 Nov 2024 05:37:21 -0500 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tFsuO-0000T1-UX; Tue, 26 Nov 2024 05:35:04 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To: From; bh=yrwyfajQUwJrMTFkU5RfFAhrmVeKfBlbsu7ncWd18mg=; b=LAwWxWginKDqJiGf/Z1x cqZChG+xLhIFWcDgPxi7/kpiR8CSXnL+ayBcykUlvbdaHMJaRcDNZ1Ja0v15sIeECMIkd5CyM3PZC XczeVxQTgC4smlbLDwyZvqWNvNk+Zx/JXZvMlbeGfGvpn+BsBl9tNnremu+PRtfID2OIkUsIFwVsg BEdvLvXlMPdH3CU6qEKxYm5z9SX6jrX943HElZVE/tKXj1mUWQhdNQgtWfQJon5tS8KoXO8/I7nsk W1HwTmdHKQwd8B3wXQ+bdhHe1a2ECDDSQGjvQmwTMJUZaI0odKHI6alao5bqj8a4XkYCg80GBAwTK pShqp4dPyWesIA==; From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Date: Tue, 26 Nov 2024 11:33:50 +0100 Message-ID: X-Mailer: git-send-email 2.46.0 In-Reply-To: References: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: guix-patches-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US X-Migadu-Queue-Id: D4E9C7CE6A X-Migadu-Scanner: mx13.migadu.com X-Migadu-Spam-Score: -1.99 X-Spam-Score: -1.99 X-TUID: qgA/W7ZOBgSY * guix/scripts/build.scm (dependents): Export. * etc/upgrade-manifest.scm: New file. * Makefile.am (EXTRA_DIST): Add it. Change-Id: I1b2a2ebd09e559c68da9f25772bf33caacb4c031 --- Makefile.am | 1 + etc/upgrade-manifest.scm | 98 ++++++++++++++++++++++++++++++++++++++++ guix/scripts/build.scm | 2 + 3 files changed, 101 insertions(+) create mode 100644 etc/upgrade-manifest.scm diff --git a/Makefile.am b/Makefile.am index e94ba87797..0cff32c607 100644 --- a/Makefile.am +++ b/Makefile.am @@ -743,6 +743,7 @@ EXTRA_DIST += \ etc/source-manifest.scm \ etc/system-tests.scm \ etc/time-travel-manifest.scm \ + etc/upgrade-manifest.scm \ scripts/guix.in \ tests/cve-sample.json \ tests/keys/civodul.pub \ diff --git a/etc/upgrade-manifest.scm b/etc/upgrade-manifest.scm new file mode 100644 index 0000000000..6dd605ef03 --- /dev/null +++ b/etc/upgrade-manifest.scm @@ -0,0 +1,98 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2024 Ludovic Courtès +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +;; This manifest computes upgrades of key packages using the 'with-latest' +;; package transformation. + +(use-modules (guix monads) + (guix graph) + (guix packages) + (guix profiles) + (guix store) + (guix transformations) + ((guix scripts build) #:select (dependents)) + ((guix scripts graph) #:select (%bag-node-type)) + ((guix import github) #:select (%github-api)) + (guix build-system gnu) + (guix build-system cmake) + ((gnu packages) #:select (all-packages)) + (ice-9 match) + (srfi srfi-1)) + +;; Bypass the GitHub updater: we'd need an API token or we would hit the rate +;; limit. +(%github-api "http://example.org") + +(define (leaf-packages) + (with-store store + (run-with-store store + (mlet %store-monad ((edges (node-back-edges %bag-node-type (all-packages)))) + (return (filter (lambda (package) + (null? (edges package))) + (all-packages))))))) + +(define security-packages + '("git" "git-minimal" + "xorg-server" + "elogind" + "openssl" + "gnutls" + "libarchive" + "libgit2" + "libssh" + + ;; GnuPG. + "libassuan" + "libgpg-error" + "libgcrypt" + "libksba" + "npth" + "gnupg" + "gpgme" + "pinentry")) + +(define security-upgrades + ;; Upgrades of individual packages with their dependents built against that + ;; upgrade. + (manifest + (with-store store + (append-map (match-lambda + ((package . output) + (let* ((name (package-name package)) + (latest (options->transformation + `((with-latest . ,name))))) + (map (lambda (package) + (manifest-entry + (inherit (package->manifest-entry + (latest (pk 'latest package)))) + (name (string-append (package-name package) + "-with-latest-" name)))) + (dependents store (list package) 2))))) + (specifications->packages security-packages))))) + +(define leaf-package-updates + ;; Select a subset (~22%) of all the leaf packages, typically small C/C++ + ;; packages not part of a bigger "collection" or repo (CRAN, PyPI, etc.). + (manifest + (filter-map (lambda (package) + (and (memq (package-build-system package) + (list gnu-build-system cmake-build-system)) + (package-with-upstream-version (pk 'up package)))) + (leaf-packages)))) + +(concatenate-manifest (list leaf-package-updates security-upgrades)) diff --git a/guix/scripts/build.scm b/guix/scripts/build.scm index 1b0b006ad5..ddebcaf743 100644 --- a/guix/scripts/build.scm +++ b/guix/scripts/build.scm @@ -63,6 +63,8 @@ (define-module (guix scripts build) show-cross-build-options-help show-native-build-options-help + dependents + guix-build register-root register-root*)) -- 2.46.0