[bug#74542] [PATCH v2 00/16] Improved tooling for package updates

["Ludovic Courtès" <ludo@gnu.org>]

Hello!

This version aims to address comments by Simon and additional issues
I stumbled upon:

  • Short option for ‘--dependents’ is now ‘-P’ (instead of ‘-T’).

  • More package refresher metadata updates (GnuTLS, Git).

  • ‘generic-html’ updater correctly computes URLs for ‘curl’ and
    any other package that uses <base href="…"> in its release
    monitoring page.

  • ‘package-with-upstream-version’ can preserve patches.  This turns
    out to be a hard requirement if we want to make this useful.

    While ‘guix build openssl --with-latest=openssl’ dismisses patches,
    what we want here instead is to preserve patches, such that what’s
    being built is exactly the same as what we’d get with ‘guix
    refresh -u openssl’.

  • ‘package-with-upstream-version’ can disable authentication: it’s
    essentially required if we are to run this in a non-interactive
    way, given the fact that we cannot reliably fetch keys from OpenPGP
    key servers.

  • Manifest is now limited to a dozen security-critical packages (I
    left out leaf packages entirely; we can work on it separately
    later).

  • Manifest is more precise: it refers to the packages to update by
    their variable (rather than by package specs), which again makes
    sure we’re upgrading the exact variant we want to upgrade.

Thoughts?

I’d like to have the manifest built by CI soon so we can assess
its usefulness and tweak it as needed.

Ludo’.

Ludovic Courtès (16):
  transformations: Export ‘package-with-upstream-version’.
  gnu-maintenance: ‘import-html-release’ doesn’t abort upon HTTP 404.
  gnu-maintenance: Savannah/Xorg updaters no longer abort on network
    errors.
  guix build: Add ‘--development’ option.
  packages: Factorize ‘all-packages’.
  guix build: Add ‘--dependents’.
  import: gnome: Keep going upon HTTP errors.
  gnu-maintenance: ‘gnu-ftp’ updater excludes GnuPG-hosted packages.
  gnu: Update updater properties for GnuPG-related packages.
  gnu: gnutls: Change release monitoring URL.
  gnu: git-minimal: Add ‘upstream-name’ property.
  gnu-maintenance: ‘generic-html’ update honors <base href="…">.
  guix build: Validate that the file passed to ‘-m’ returns a manifest.
  transformations: ‘package-with-upstream-version’ can preserve patches.
  transformations: Add #:authenticate? to
    ‘package-with-upstream-version’.
  etc: Add upgrade manifest.

 Makefile.am                      |   1 +
 doc/contributing.texi            |   4 +-
 doc/guix.texi                    |  52 +++++++++
 etc/source-manifest.scm          |  13 +--
 etc/upgrade-manifest.scm         | 128 +++++++++++++++++++++
 gnu/packages.scm                 |  20 +++-
 gnu/packages/gnupg.scm           |  40 ++-----
 gnu/packages/tls.scm             |   6 +-
 gnu/packages/version-control.scm |   3 +-
 guix/download.scm                |   3 +-
 guix/gnu-maintenance.scm         |  90 +++++++++------
 guix/import/gnome.scm            |  13 ++-
 guix/scripts/build.scm           | 185 ++++++++++++++++++++++++-------
 guix/scripts/graph.scm           |  10 --
 guix/scripts/refresh.scm         |  10 --
 guix/scripts/weather.scm         |  15 ---
 guix/transformations.scm         |  43 ++++++-
 tests/guix-build.sh              |  11 ++
 tests/transformations.scm        |  31 +++++-
 19 files changed, 517 insertions(+), 161 deletions(-)
 create mode 100644 etc/upgrade-manifest.scm


base-commit: f8979b4bcc8772d02640f6f665b4195380d57df9
-- 
2.46.0