[PATCH] gnu: libgit2: Update to 1.5.1.

  • Done
  • quality assurance status badge
Details
4 participants
  • Maxim Cournoyer
  • Tobias Geerinckx-Rice
  • André Batista
  • zimoun
Owner
unassigned
Submitted by
André Batista
Severity
normal
A
A
André Batista wrote on 3 Feb 2023 04:11
(address . guix-patches@gnu.org)(name . André Batista)(address . nandre@riseup.net)
20230203031129.3529-1-nandre@riseup.net
* gnu/packages/version-control.scm (libgit2): Update to 1.5.1.
[source]: Remove snippet to comment out the "10 years ago" test, which
was removed on newer versions.
(libgit2-1.4): New variable. Update to 1.4.5.
(libgit2-1.3): Inherit from 'libgit2-1.4'. Update to 1.3.2.
(libgit2-1.1): Update to 1.1.1. Add back the snippet which comments out
the "10 years ago" test that remains on this older version.
* doc/guix.texi (Using a Custom Guix Channel): Add note and example
on how to exempt a local guix repository from git ownership checks.
---
doc/guix.texi | 20 ++++++++++++-
gnu/packages/version-control.scm | 50 +++++++++++++++++++++-----------
2 files changed, 52 insertions(+), 18 deletions(-)

Toggle diff (141 lines)
diff --git a/doc/guix.texi b/doc/guix.texi
index 2b1ad77ba5..636078e245 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -81,7 +81,7 @@ Copyright @copyright{} 2020, 2021 Brice Waegeneire@*
Copyright @copyright{} 2020 R Veera Kumar@*
Copyright @copyright{} 2020, 2021 Pierre Langlois@*
Copyright @copyright{} 2020 pinoaffe@*
-Copyright @copyright{} 2020 André Batista@*
+Copyright @copyright{} 2020,2023 André Batista@*
Copyright @copyright{} 2020, 2021 Alexandru-Sergiu Marton@*
Copyright @copyright{} 2020 raingloom@*
Copyright @copyright{} 2020 Daniel Brooks@*
@@ -5411,6 +5411,24 @@ From there on, @command{guix pull} will fetch code from the @code{super-hacks}
branch of the repository at @code{example.org}. The authentication concern is
addressed below (@pxref{Channel Authentication}).
+Note that you can specify a local directory on the @code{url} field above if
+the channel that you intend to use resides on a local file system. However, in
+this case @{guix} checks said directory for ownership before any further
+processing. This means that if the user is not the directory owner, but wants
+to use it as their default, they will then need to set it as a safe directory
+in their global git configuration file. Otherwise, @command{guix} will refuse
+to even read it. Supposing your system-wide local directory is at
+@code{/src/guix.git}, you would then create a git configuration file at
+@code{~/.gitconfig} with the following contents:
+
+@example
+[safe]
+ directory = /src/guix.git
+@end example
+
+@noindent
+This also applies to the root user.
+
@node Replicating Guix
@section Replicating Guix
diff --git a/gnu/packages/version-control.scm b/gnu/packages/version-control.scm
index 78a89cfd5b..2f1eb27b3c 100644
--- a/gnu/packages/version-control.scm
+++ b/gnu/packages/version-control.scm
@@ -799,7 +799,7 @@ (define-public git-cal
(define-public libgit2
(package
(name "libgit2")
- (version "1.4.3")
+ (version "1.5.1")
(source (origin
;; Since v1.1.1, release artifacts are no longer offered (see:
;; https://github.com/libgit2/libgit2/discussions/5932#discussioncomment-1682729).
@@ -810,18 +810,11 @@ (define-public libgit2
(file-name (git-file-name name version))
(sha256
(base32
- "02x1a4zrzpzjd0yxnsi8njh5hgihc1iy1v4r0fnl8m4ckcgp6x2s"))
+ "04ypzpicpgq1wh6anwcmjjyh2b854lvjhxq0hq2hbsx7kb14qc1b"))
(modules '((guix build utils)))
(snippet
'(begin
- (delete-file-recursively "deps")
-
- ;; The "refs:revparse::date" test is time-dependent: it
- ;; assumes "HEAD@{10 years ago}" matches a specific commit.
- ;; See <https://github.com/libgit2/libgit2/pull/6299>.
- (substitute* "tests/refs/revparse.c"
- (("test_object.*10 years ago.*" all)
- (string-append "// " all "\n")))))))
+ (delete-file-recursively "deps")))))
(build-system cmake-build-system)
(outputs '("out" "debug"))
(arguments
@@ -863,10 +856,10 @@ (define-public libgit2
;; GPLv2 with linking exception
(license license:gpl2)))
-(define-public libgit2-1.3
+(define-public libgit2-1.4
(package
(inherit libgit2)
- (version "1.3.0")
+ (version "1.4.5")
(source (origin
(inherit (package-source libgit2))
(method git-fetch)
@@ -876,7 +869,22 @@ (define-public libgit2-1.3
(file-name (git-file-name "libgit2" version))
(sha256
(base32
- "0vgpb2175a5dhqiy1iwywwppahgqhi340i8bsvafjpvkw284vazd"))))
+ "0q754ipc6skagszi93lcy6qr09ibavivm2q5i5fhpdblvlnv2p7x"))))))
+
+(define-public libgit2-1.3
+ (package
+ (inherit libgit2-1.4)
+ (version "1.3.2")
+ (source (origin
+ (inherit (package-source libgit2-1.4))
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/libgit2/libgit2")
+ (commit (string-append "v" version))))
+ (file-name (git-file-name "libgit2" version))
+ (sha256
+ (base32
+ "1dngga8jq419z6ps65wpmh2jihcf70k6r98pb1m1yiwj7qqh9792"))))
(arguments
(substitute-keyword-arguments (package-arguments libgit2)
((#:phases _ '%standard-phases)
@@ -892,17 +900,25 @@ (define-public libgit2-1.3
(define-public libgit2-1.1
(package
(inherit libgit2-1.3)
- (version "1.1.0")
+ (version "1.1.1")
(source (origin
(inherit (package-source libgit2-1.3))
(file-name #f) ;use the default name
(method url-fetch)
(uri (string-append "https://github.com/libgit2/libgit2/"
- "releases/download/v" version
- "/libgit2-" version ".tar.gz"))
+ "archive/refs/tags/v" version ".tar.gz"))
(sha256
(base32
- "1fjdglkh04qv3b4alg621pxa689i0wlf8m7nf2755zawjr2zhwxd"))
+ "085644zkjydjba9y162z4s020lfij3c191851ah13iv47wvjb98k"))
+ (snippet
+ '(begin
+ (delete-file-recursively "deps")
+ ;; The "refs:revparse::date" test is time-dependent: it
+ ;; assumes "HEAD@{10 years ago}" matches a specific commit.
+ ;; See <https://github.com/libgit2/libgit2/pull/6299>.
+ (substitute* "tests/refs/revparse.c"
+ (("test_object.*10 years ago.*" all)
+ (string-append "// " all "\n")))))
(patches (search-patches "libgit2-mtime-0.patch"))))))
(define-public git-crypt
--
2.39.1
A
A
André Batista wrote on 8 Feb 2023 16:43
Re: [PATCH v2] gnu: libgit2: Update to 1.5.1.
(address . 61246@debbugs.gnu.org)
Y+PDPjcc7seV4J0S@andel
There were both a missing space on the copyright and a missing texi
'command' tag on the previous patch to guix.texi. Please, apply this
one instead.
-----BEGIN PGP SIGNATURE-----

iQG5BAABCgAjFiEEXo3OJhMk/jL9rLM1Nj97Uq5OMvYFAmPjwzcFgwPCZwAACgkQ
Nj97Uq5OMvartwv+IIcm+3A63CcWUFEeP79llWjMyBZ05anjyB64b5WXG8kHL8sw
VnL/DBonpqQr4kguqXZFwleb/f3g4yo3eAwwrymmmo4pZCJBO6Bi88sCQln54qE3
1N02MUXyE9ct723PEuRodpQZC9aSSBQrdyk6edfwhxaiqLAdo/eiJ6RTHNUiwYDQ
acc3bMhXQOjKLEwaKoqjjv4+oD9M9nQtT8auSEJ7DNVD8/HgOeX1IQ5gdVPkYzHP
HW+U4uOk0COdqOUqNMePi2YV/XI+mJceqPgi+Ybs/ErIE1VbtQ6s/rRZoZSL+FW6
eYIts9Llwx21mf3x4KqMJ9eur5WcOyQlUAtMRyGLmQHx2otU8UsVMzoeAzVU1GC8
+OQ+rawRi5sb1+6je4Hww7GOi4XYsl0VxGKgtRG2k/ztqmCcp/n6nHgMMhhK2W4K
QKIwhzs54ViXAYJakIK4I/AwqpryKiu1ssX0wNV5LvBPtMY2UHVFGXpLBmhQzx9K
wT3O1BgnNh32+L3A
=ly5G
-----END PGP SIGNATURE-----


M
M
Maxim Cournoyer wrote on 9 Feb 2023 04:25
Re: bug#61246: [PATCH] gnu: libgit2: Update to 1.5.1.
(name . André Batista)(address . nandre@riseup.net)(address . 61246@debbugs.gnu.org)
877cwrjz9m.fsf_-_@gmail.com
Hello André,

André Batista <nandre@riseup.net> writes:

Toggle quote (22 lines)
> There were both a missing space on the copyright and a missing texi
> 'command' tag on the previous patch to guix.texi. Please, apply this
> one instead.
>
>
> From 97b1752180ac89f78fdbbbec7d6c4aaf0a18bdbf Mon Sep 17 00:00:00 2001
> From: =?UTF-8?q?Andr=C3=A9=20Batista?= <nandre@riseup.net>
> Date: Wed, 8 Feb 2023 12:28:25 -0300
> Subject: [PATCH] gnu: libgit2: Update to 1.5.1.
> To: guix-patches@gnu.org
> Cc: 61246@debbugs.gnu.org
>
> * gnu/packages/version-control.scm (libgit2): Update to 1.5.1.
> [source]: Remove snippet to comment out the "10 years ago" test, which
> was removed on newer versions.
> (libgit2-1.4): New variable. Update to 1.4.5.
> (libgit2-1.3): Inherit from 'libgit2-1.4'. Update to 1.3.2.
> (libgit2-1.1): Update to 1.1.1. Add back the snippet which comments out
> the "10 years ago" test that remains on this older version.
> * doc/guix.texi (Using a Custom Guix Channel): Add note and example
> on how to exempt a local guix repository from git ownership checks.

This loooks good, thanks!

Toggle quote (128 lines)
> doc/guix.texi | 20 ++++++++++++-
> gnu/packages/version-control.scm | 50 +++++++++++++++++++++-----------
> 2 files changed, 52 insertions(+), 18 deletions(-)
>
> diff --git a/doc/guix.texi b/doc/guix.texi
> index 2b1ad77ba5..5314488d7e 100644
> --- a/doc/guix.texi
> +++ b/doc/guix.texi
> @@ -81,7 +81,7 @@ Copyright @copyright{} 2020, 2021 Brice Waegeneire@*
> Copyright @copyright{} 2020 R Veera Kumar@*
> Copyright @copyright{} 2020, 2021 Pierre Langlois@*
> Copyright @copyright{} 2020 pinoaffe@*
> -Copyright @copyright{} 2020 André Batista@*
> +Copyright @copyright{} 2020, 2023 André Batista@*
> Copyright @copyright{} 2020, 2021 Alexandru-Sergiu Marton@*
> Copyright @copyright{} 2020 raingloom@*
> Copyright @copyright{} 2020 Daniel Brooks@*
> @@ -5411,6 +5411,24 @@ From there on, @command{guix pull} will fetch code from the @code{super-hacks}
> branch of the repository at @code{example.org}. The authentication concern is
> addressed below (@pxref{Channel Authentication}).
>
> +Note that you can specify a local directory on the @code{url} field above if
> +the channel that you intend to use resides on a local file system. However,
> +in this case @command{guix} checks said directory for ownership before any
> +further processing. This means that if the user is not the directory owner,
> +but wants to use it as their default, they will then need to set it as a safe
> +directory in their global git configuration file. Otherwise, @command{guix}
> +will refuse to even read it. Supposing your system-wide local directory is at
> +@code{/src/guix.git}, you would then create a git configuration file at
> +@code{~/.gitconfig} with the following contents:
> +
> +@example
> +[safe]
> + directory = /src/guix.git
> +@end example
> +
> +@noindent
> +This also applies to the root user.
> +
> @node Replicating Guix
> @section Replicating Guix
>
> diff --git a/gnu/packages/version-control.scm b/gnu/packages/version-control.scm
> index 78a89cfd5b..2f1eb27b3c 100644
> --- a/gnu/packages/version-control.scm
> +++ b/gnu/packages/version-control.scm
> @@ -799,7 +799,7 @@ (define-public git-cal
> (define-public libgit2
> (package
> (name "libgit2")
> - (version "1.4.3")
> + (version "1.5.1")
> (source (origin
> ;; Since v1.1.1, release artifacts are no longer offered (see:
> ;; https://github.com/libgit2/libgit2/discussions/5932#discussioncomment-1682729).
> @@ -810,18 +810,11 @@ (define-public libgit2
> (file-name (git-file-name name version))
> (sha256
> (base32
> - "02x1a4zrzpzjd0yxnsi8njh5hgihc1iy1v4r0fnl8m4ckcgp6x2s"))
> + "04ypzpicpgq1wh6anwcmjjyh2b854lvjhxq0hq2hbsx7kb14qc1b"))
> (modules '((guix build utils)))
> (snippet
> '(begin
> - (delete-file-recursively "deps")
> -
> - ;; The "refs:revparse::date" test is time-dependent: it
> - ;; assumes "HEAD@{10 years ago}" matches a specific commit.
> - ;; See <https://github.com/libgit2/libgit2/pull/6299>.
> - (substitute* "tests/refs/revparse.c"
> - (("test_object.*10 years ago.*" all)
> - (string-append "// " all "\n")))))))
> + (delete-file-recursively "deps")))))
> (build-system cmake-build-system)
> (outputs '("out" "debug"))
> (arguments
> @@ -863,10 +856,10 @@ (define-public libgit2
> ;; GPLv2 with linking exception
> (license license:gpl2)))
>
> -(define-public libgit2-1.3
> +(define-public libgit2-1.4
> (package
> (inherit libgit2)
> - (version "1.3.0")
> + (version "1.4.5")
> (source (origin
> (inherit (package-source libgit2))
> (method git-fetch)
> @@ -876,7 +869,22 @@ (define-public libgit2-1.3
> (file-name (git-file-name "libgit2" version))
> (sha256
> (base32
> - "0vgpb2175a5dhqiy1iwywwppahgqhi340i8bsvafjpvkw284vazd"))))
> + "0q754ipc6skagszi93lcy6qr09ibavivm2q5i5fhpdblvlnv2p7x"))))))
> +
> +(define-public libgit2-1.3
> + (package
> + (inherit libgit2-1.4)
> + (version "1.3.2")
> + (source (origin
> + (inherit (package-source libgit2-1.4))
> + (method git-fetch)
> + (uri (git-reference
> + (url "https://github.com/libgit2/libgit2")
> + (commit (string-append "v" version))))
> + (file-name (git-file-name "libgit2" version))
> + (sha256
> + (base32
> + "1dngga8jq419z6ps65wpmh2jihcf70k6r98pb1m1yiwj7qqh9792"))))
> (arguments
> (substitute-keyword-arguments (package-arguments libgit2)
> ((#:phases _ '%standard-phases)
> @@ -892,17 +900,25 @@ (define-public libgit2-1.3
> (define-public libgit2-1.1
> (package
> (inherit libgit2-1.3)
> - (version "1.1.0")
> + (version "1.1.1")
> (source (origin
> (inherit (package-source libgit2-1.3))
> (file-name #f) ;use the default name
> (method url-fetch)
> (uri (string-append "https://github.com/libgit2/libgit2/"
> - "releases/download/v" version
> - "/libgit2-" version ".tar.gz"))
> + "archive/refs/tags/v" version ".tar.gz"))

We do not use Github/Gitlab/etc. auto-generated tarballs has there is no
guarantee that they'll be bit-for-bit identical upon regeneration and
this led to broken checksums in the past. Could you please use the
tag/commit instead?

I noticed about this problem looking at the QA page here:
https://qa.guix.gnu.org/issue/61246. I'm not sure what are the other
problems reported, they look like false positives to me.

Did you rebuild the dependent packages, used that with Guix without
problems so far? The QA has yet to answer that question.

--
Thanks,
Maxim
Z
Z
zimoun wrote on 9 Feb 2023 13:30
Re: [bug#61246] [PATCH] gnu: libgit2: Update to 1.5.1.
(address . 61246@debbugs.gnu.org)
86y1p73tsy.fsf@gmail.com
Hi,

On Wed, 08 Feb 2023 at 22:25, Maxim Cournoyer <maxim.cournoyer@gmail.com> wrote:

Toggle quote (12 lines)
>> * gnu/packages/version-control.scm (libgit2): Update to 1.5.1.
>> [source]: Remove snippet to comment out the "10 years ago" test, which
>> was removed on newer versions.
>> (libgit2-1.4): New variable. Update to 1.4.5.
>> (libgit2-1.3): Inherit from 'libgit2-1.4'. Update to 1.3.2.
>> (libgit2-1.1): Update to 1.1.1. Add back the snippet which comments out
>> the "10 years ago" test that remains on this older version.
>> * doc/guix.texi (Using a Custom Guix Channel): Add note and example
>> on how to exempt a local guix repository from git ownership checks.
>
> This loooks good, thanks!

This patch series should be split into 3 atomic commits.

And the update of libgit2-1.1 from 1.1.0 to 1.1.1 is not necessary and
even this variable could be removed – what I am suggesting. :-)


Cheers,
simon
A
A
André Batista wrote on 10 Feb 2023 18:53
Re: bug#61246: [PATCH] gnu: libgit2: Update to 1.5.1.
(name . Maxim Cournoyer)(address . maxim.cournoyer@gmail.com)
Y+aEnKdsIjjycJ4h@andel
Hi Maxim and Zimoun!

qua 08 fev 2023 �s 22:25:41 (1675905941), maxim.cournoyer@gmail.com enviou:
Toggle quote (9 lines)
> Hello Andr�,
>
> (...)
>
> We do not use Github/Gitlab/etc. auto-generated tarballs has there is no
> guarantee that they'll be bit-for-bit identical upon regeneration and
> this led to broken checksums in the past. Could you please use the
> tag/commit instead?

Oh I did not know about that. I could use the git tag instead, but after
yours and zimoun's messages I've noticed that:

- I had only check dependencies using libgit2 without any @version numbers
and so I thought that there were fewer dependencies than there are in fact;

- no other package seems to be depending on libgit2-1.1, so it should be
remove instead of updated, as zimoun suggested;

- this patch should probably be on core-updates, not on master.

So I'm inclined to agree with zimoun and just remove libgit2-1.1, what do
you think? I'll work on another version of this patch and get back to
you.

Toggle quote (4 lines)
> I noticed about this problem looking at the QA page here:
> https://qa.guix.gnu.org/issue/61246. I'm not sure what are the other
> problems reported, they look like false positives to me.

I did not know about this QA service, thanks for pointing that out. I
couldn't figure out the other warnings as well, but I only had a quick
look at them.

Toggle quote (3 lines)
> Did you rebuild the dependent packages, used that with Guix without
> problems so far? The QA has yet to answer that question.

I did not rebuild all dependent packages yet, I've rebuild only my local
dependencies on two machines (i686 and x86_64).

Yesterday, however, I've bumped on a build error on libjami that could
be related to this patch, even though it does not seem to be so at a
first glance. The build error occurs at check phase with the following
error:

--- ./test/unitTest/test-suite.log ------------------------------------------

======================================================
Jami Daemon 13.7.0: test/unitTest/test-suite.log
======================================================

# TOTAL: 15
# PASS: 14
# SKIP: 0
# XFAIL: 0
# FAIL: 1
# XPASS: 0
# ERROR: 0

.. contents:: :depth: 2

FAIL: ut_scheduler
==================

.F


!!!FAILURES!!!
Test Results:
Run: 1 Failures: 1 Errors: 0


1) test: jami::test::SchedulerTest::schedulerTest (F) line: 74 scheduler.cpp
assertion failed
- Expression: cv.wait_for(lk, std::chrono::seconds(3), [&]{ return taskRun == N; })


FAIL ut_scheduler (exit status: 1)


error: in phase 'check': uncaught exception:
%exception #<&invoke-error program: "make" arguments: ("check" "-j" "2" "V=1") exit-status: 2 term-signal: #f stop-signal: #f>
phase `check' failed after 571.8 seconds
command "make" "check" "-j" "2" "V=1" failed with status 2

---

Thanks for helping me out!
S
S
Simon Tournier wrote on 8 Feb 2023 16:31
Re: [bug#61246] [PATCH] gnu: libgit2: Update to 1.5.1.
(name . André Batista)(address . nandre@riseup.net)
87a61ogomz.fsf@gmail.com
Hi,

On ven., 03 févr. 2023 at 00:11, André Batista <nandre@riseup.net> wrote:

Toggle quote (3 lines)
> (libgit2-1.1): Update to 1.1.1. Add back the snippet which comments
> out the "10 years ago" test that remains on this older version.

Naive question: Why do we need libgit2-1.1?

From my understanding, it could be removed. Well, I propose to split
this patch into three patches.

1.
* doc/guix.texi (Using a Custom Guix Channel): Add note and example
on how to exempt a local guix repository from git ownership checks.

2.
* gnu/packages/version-control.scm (libgit2-1.1): Remove varibale.

3.
* gnu/packages/version-control.scm (libgit2): Update to 1.5.1.
[source]: Remove snippet to comment out the "10 years ago" test, which
was removed on newer versions.
(libgit2-1.4): New variable. Update to 1.4.5.
(libgit2-1.3): Inherit from 'libgit2-1.4'. Update to 1.3.2.

WDYT?

Cheers,
simon
A
A
André Batista wrote on 17 Feb 2023 20:05
[PATCH v3 0/3] gnu: libgit2: Update to 1.5.1.
(address . 61246@debbugs.gnu.org)(name . André Batista)(address . nandre@riseup.net)
20230217190537.1883-1-nandre@riseup.net
Summary:
gnu: libgit2-1.1: Remove it.
doc: Explain how to use local guix repositories.
gnu: libgit2: Update to 1.5.1.

doc/guix.texi | 21 +++++++++++++-
gnu/packages/version-control.scm | 50 ++++++++++++++------------------
2 files changed, 41 insertions(+), 30 deletions(-)

--
2.39.1
A
A
André Batista wrote on 17 Feb 2023 20:06
[PATCH v3 1/3] gnu: libgit2-1.1: Remove it.
(address . 61246@debbugs.gnu.org)(name . André Batista)(address . nandre@riseup.net)
20230217190607.1903-1-nandre@riseup.net
There are no remaining packages which depend on this older version.

* gnu/packages/version-control.scm (libgit2-1.1): Remove variable.
---
gnu/packages/version-control.scm | 16 ----------------
1 file changed, 16 deletions(-)

Toggle diff (29 lines)
diff --git a/gnu/packages/version-control.scm b/gnu/packages/version-control.scm
index 5de344e549..e72c560928 100644
--- a/gnu/packages/version-control.scm
+++ b/gnu/packages/version-control.scm
@@ -894,22 +894,6 @@ (define-public libgit2-1.3
;; Tests may be disabled if cross-compiling.
(format #t "Test suite not run.~%"))))))))))
-(define-public libgit2-1.1
- (package
- (inherit libgit2-1.3)
- (version "1.1.0")
- (source (origin
- (inherit (package-source libgit2-1.3))
- (file-name #f) ;use the default name
- (method url-fetch)
- (uri (string-append "https://github.com/libgit2/libgit2/"
- "releases/download/v" version
- "/libgit2-" version ".tar.gz"))
- (sha256
- (base32
- "1fjdglkh04qv3b4alg621pxa689i0wlf8m7nf2755zawjr2zhwxd"))
- (patches (search-patches "libgit2-mtime-0.patch"))))))
-
(define-public git-crypt
(package
(name "git-crypt")
--
2.39.1
A
A
André Batista wrote on 17 Feb 2023 20:06
[PATCH v3 2/3] doc: Explain how to use local guix repositories.
(address . 61246@debbugs.gnu.org)(name . André Batista)(address . nandre@riseup.net)
20230217190640.1914-1-nandre@riseup.net
* doc/guix.texi (Using a Custom Guix Channel): Add note and example
on how to exempt a local guix repository from git ownership checks.
---
doc/guix.texi | 21 ++++++++++++++++++++-
1 file changed, 20 insertions(+), 1 deletion(-)

Toggle diff (41 lines)
diff --git a/doc/guix.texi b/doc/guix.texi
index 44e2165a82..ae975287c7 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -81,7 +81,7 @@ Copyright @copyright{} 2020, 2021 Brice Waegeneire@*
Copyright @copyright{} 2020 R Veera Kumar@*
Copyright @copyright{} 2020, 2021, 2022 Pierre Langlois@*
Copyright @copyright{} 2020 pinoaffe@*
-Copyright @copyright{} 2020 André Batista@*
+Copyright @copyright{} 2020, 2023 André Batista@*
Copyright @copyright{} 2020, 2021 Alexandru-Sergiu Marton@*
Copyright @copyright{} 2020 raingloom@*
Copyright @copyright{} 2020 Daniel Brooks@*
@@ -5413,6 +5413,25 @@ From there on, @command{guix pull} will fetch code from the @code{super-hacks}
branch of the repository at @code{example.org}. The authentication concern is
addressed below (@pxref{Channel Authentication}).
+Note that you can specify a local directory on the @code{url} field above if
+the channel that you intend to use resides on a local file system. However,
+in this case @command{guix} checks said directory for ownership before any
+further processing. This means that if the user is not the directory owner,
+but wants to use it as their default, they will then need to set it as a safe
+directory in their global git configuration file. Otherwise, @command{guix}
+will refuse to even read it. Supposing your system-wide local directory is at
+@code{/src/guix.git}, you would then create a git configuration file at
+@code{~/.gitconfig} with the following contents:
+
+@example
+[safe]
+ directory = /src/guix.git
+@end example
+
+@noindent
+This also applies to the root user unless when called with @command{sudo} by
+the directory owner.
+
@node Replicating Guix
@section Replicating Guix
--
2.39.1
A
A
André Batista wrote on 17 Feb 2023 20:07
[PATCH v3 3/3] gnu: libgit2: Update to 1.5.1.
(address . 61246@debbugs.gnu.org)(name . André Batista)(address . nandre@riseup.net)
20230217190710.1927-1-nandre@riseup.net
Fixes CVE-2023-22742. Follows up on fixes to CVE-2022-24765.
Provides compatibility with git changes to address CVE-2022-29187.

* gnu/packages/version-control.scm (libgit2): Update to 1.5.1.
[source]: Remove snippet to comment out the "10 years ago" test, which
was removed on newer versions.
(libgit2-1.4): New variable. Update to 1.4.5.
(libgit2-1.3): Inherit from 'libgit2-1.4'. Update to 1.3.2.
---
gnu/packages/version-control.scm | 34 ++++++++++++++++++++------------
1 file changed, 21 insertions(+), 13 deletions(-)

Toggle diff (73 lines)
diff --git a/gnu/packages/version-control.scm b/gnu/packages/version-control.scm
index e72c560928..49dc96d454 100644
--- a/gnu/packages/version-control.scm
+++ b/gnu/packages/version-control.scm
@@ -804,7 +804,7 @@ (define-public git-cal
(define-public libgit2
(package
(name "libgit2")
- (version "1.4.3")
+ (version "1.5.1")
(source (origin
;; Since v1.1.1, release artifacts are no longer offered (see:
;; https://github.com/libgit2/libgit2/discussions/5932#discussioncomment-1682729).
@@ -815,18 +815,11 @@ (define-public libgit2
(file-name (git-file-name name version))
(sha256
(base32
- "02x1a4zrzpzjd0yxnsi8njh5hgihc1iy1v4r0fnl8m4ckcgp6x2s"))
+ "04ypzpicpgq1wh6anwcmjjyh2b854lvjhxq0hq2hbsx7kb14qc1b"))
(modules '((guix build utils)))
(snippet
'(begin
- (delete-file-recursively "deps")
-
- ;; The "refs:revparse::date" test is time-dependent: it
- ;; assumes "HEAD@{10 years ago}" matches a specific commit.
- ;; See <https://github.com/libgit2/libgit2/pull/6299>.
- (substitute* "tests/refs/revparse.c"
- (("test_object.*10 years ago.*" all)
- (string-append "// " all "\n")))))))
+ (delete-file-recursively "deps")))))
(build-system cmake-build-system)
(outputs '("out" "debug"))
(arguments
@@ -868,10 +861,10 @@ (define-public libgit2
;; GPLv2 with linking exception
(license license:gpl2)))
-(define-public libgit2-1.3
+(define-public libgit2-1.4
(package
(inherit libgit2)
- (version "1.3.0")
+ (version "1.4.5")
(source (origin
(inherit (package-source libgit2))
(method git-fetch)
@@ -881,7 +874,22 @@ (define-public libgit2-1.3
(file-name (git-file-name "libgit2" version))
(sha256
(base32
- "0vgpb2175a5dhqiy1iwywwppahgqhi340i8bsvafjpvkw284vazd"))))
+ "0q754ipc6skagszi93lcy6qr09ibavivm2q5i5fhpdblvlnv2p7x"))))))
+
+(define-public libgit2-1.3
+ (package
+ (inherit libgit2-1.4)
+ (version "1.3.2")
+ (source (origin
+ (inherit (package-source libgit2-1.4))
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/libgit2/libgit2")
+ (commit (string-append "v" version))))
+ (file-name (git-file-name "libgit2" version))
+ (sha256
+ (base32
+ "1dngga8jq419z6ps65wpmh2jihcf70k6r98pb1m1yiwj7qqh9792"))))
(arguments
(substitute-keyword-arguments (package-arguments libgit2)
((#:phases _ '%standard-phases)
--
2.39.1
A
A
André Batista wrote on 17 Feb 2023 20:15
Re: bug#61246: [PATCH] gnu: libgit2: Update to 1.5.1.
(name . Maxim Cournoyer)(address . maxim.cournoyer@gmail.com)
Y+/SZMxg/+pFpzJO@andel
Hi!

sex 10 fev 2023 �s 14:54:40 (1676051680), nandre@riseup.net enviou:
Toggle quote (11 lines)
> (...)
>
> I did not rebuild all dependent packages yet, I've rebuild only my local
> dependencies on two machines (i686 and x86_64).
>
> Yesterday, however, I've bumped on a build error on libjami that could
> be related to this patch, even though it does not seem to be so at a
> first glance. The build error occurs at check phase with the following
> error:
> (...)

Forget about this, I've built it on yet another machine without
issues, so this problem is indeed unrelated.

Is there a no-brainer way to try building all dependent packages?

TIA
A
A
André Batista wrote on 17 Feb 2023 20:23
(name . Maxim Cournoyer)(address . maxim.cournoyer@gmail.com)
Y+/UQx2iBouSgsxI@andel
sex 17 fev 2023 �s 16:17:15 (1676661435), nandre@riseup.net enviou:
Toggle quote (3 lines)
> (...)
> Is there a no-brainer way to try building all dependent packages?

Sigh, please disregard the above question...
M
M
Maxim Cournoyer wrote on 17 Feb 2023 20:46
(name . André Batista)(address . nandre@riseup.net)
87v8k0qdlf.fsf@gmail.com
Hi,

André Batista <nandre@riseup.net> writes:

Toggle quote (19 lines)
> Hi!
>
> sex 10 fev 2023 às 14:54:40 (1676051680), nandre@riseup.net enviou:
>> (...)
>>
>> I did not rebuild all dependent packages yet, I've rebuild only my local
>> dependencies on two machines (i686 and x86_64).
>>
>> Yesterday, however, I've bumped on a build error on libjami that could
>> be related to this patch, even though it does not seem to be so at a
>> first glance. The build error occurs at check phase with the following
>> error:
>> (...)
>
> Forget about this, I've built it on yet another machine without
> issues, so this problem is indeed unrelated.
>
> Is there a no-brainer way to try building all dependent packages?

Sadly not from the CLI, I used a bunch of shell script helpers to do so:

--
Thanks,
Maxim
M
M
Maxim Cournoyer wrote on 17 Feb 2023 20:58
Re: [bug#61246] [PATCH v3 2/3] doc: Explain how to use local guix repositories.
(name . André Batista)(address . nandre@riseup.net)(address . 61246@debbugs.gnu.org)
87r0uoqd2j.fsf@gmail.com
Hello,

André Batista <nandre@riseup.net> writes:

Toggle quote (38 lines)
> * doc/guix.texi (Using a Custom Guix Channel): Add note and example
> on how to exempt a local guix repository from git ownership checks.
> ---
> doc/guix.texi | 21 ++++++++++++++++++++-
> 1 file changed, 20 insertions(+), 1 deletion(-)
>
> diff --git a/doc/guix.texi b/doc/guix.texi
> index 44e2165a82..ae975287c7 100644
> --- a/doc/guix.texi
> +++ b/doc/guix.texi
> @@ -81,7 +81,7 @@ Copyright @copyright{} 2020, 2021 Brice Waegeneire@*
> Copyright @copyright{} 2020 R Veera Kumar@*
> Copyright @copyright{} 2020, 2021, 2022 Pierre Langlois@*
> Copyright @copyright{} 2020 pinoaffe@*
> -Copyright @copyright{} 2020 André Batista@*
> +Copyright @copyright{} 2020, 2023 André Batista@*
> Copyright @copyright{} 2020, 2021 Alexandru-Sergiu Marton@*
> Copyright @copyright{} 2020 raingloom@*
> Copyright @copyright{} 2020 Daniel Brooks@*
> @@ -5413,6 +5413,25 @@ From there on, @command{guix pull} will fetch code from the @code{super-hacks}
> branch of the repository at @code{example.org}. The authentication concern is
> addressed below (@pxref{Channel Authentication}).
>
> +Note that you can specify a local directory on the @code{url} field above if
> +the channel that you intend to use resides on a local file system. However,
> +in this case @command{guix} checks said directory for ownership before any
> +further processing. This means that if the user is not the directory owner,
> +but wants to use it as their default, they will then need to set it as a safe
> +directory in their global git configuration file. Otherwise, @command{guix}
> +will refuse to even read it. Supposing your system-wide local directory is at
> +@code{/src/guix.git}, you would then create a git configuration file at
> +@code{~/.gitconfig} with the following contents:
> +
> +@example
> +[safe]
> + directory = /src/guix.git
> +@end example

Perhaps you meant to use @command{git} in the above instead of
@command{guix}, since it's specific to Git (and the configure snippet is
for Git) ?

--
Thanks,
Maxim
M
M
Maxim Cournoyer wrote on 17 Feb 2023 21:45
(name . André Batista)(address . nandre@riseup.net)(address . 61246@debbugs.gnu.org)
87edqoqavx.fsf@gmail.com
Hi André,

André Batista <nandre@riseup.net> writes:

Toggle quote (6 lines)
> * doc/guix.texi (Using a Custom Guix Channel): Add note and example
> on how to exempt a local guix repository from git ownership checks.
> ---
> doc/guix.texi | 21 ++++++++++++++++++++-
> 1 file changed, 20 insertions(+), 1 deletion(-)

I've pushed the first two patches, leaving this one until you get back
to me about my previous comment.

--
Thanks,
Maxim
A
A
André Batista wrote on 18 Feb 2023 00:24
(name . Maxim Cournoyer)(address . maxim.cournoyer@gmail.com)(address . 61246@debbugs.gnu.org)
Y/AMvehuwgoM6dcl@andel
Hi,

sex 17 fev 2023 �s 14:58:12 (1676656692), maxim.cournoyer@gmail.com enviou:
Toggle quote (22 lines)
> Hello,
>
> Andr� Batista <nandre@riseup.net> writes:
> > +Note that you can specify a local directory on the @code{url} field above if
> > +the channel that you intend to use resides on a local file system. However,
> > +in this case @command{guix} checks said directory for ownership before any
> > +further processing. This means that if the user is not the directory owner,
> > +but wants to use it as their default, they will then need to set it as a safe
> > +directory in their global git configuration file. Otherwise, @command{guix}
> > +will refuse to even read it. Supposing your system-wide local directory is at
> > +@code{/src/guix.git}, you would then create a git configuration file at
> > +@code{~/.gitconfig} with the following contents:
> > +
> > +@example
> > +[safe]
> > + directory = /src/guix.git
> > +@end example
>
> Perhaps you meant to use @command{git} in the above instead of
> @command{guix}, since it's specific to Git (and the configure snippet is
> for Git) ?

Not really. It's guix itself and its subcommands which will fail in
this scenario, not git, even though it's because guix is using git
configuration through libgit2. To me it would be misleading to use
@command{git} there. I could come up with a more detailed
description, however, I don't think this would be the place to be
diving on a detailed discussion of guix internals. I'm up to
suggestions though if you think this patch would make people wonder
if it is a typo.

WDYT?
A
A
André Batista wrote on 18 Feb 2023 00:31
(name . Maxim Cournoyer)(address . maxim.cournoyer@gmail.com)(address . 61246@debbugs.gnu.org)
Y/AOa/Gpv59ri7hh@andel
sex 17 fev 2023 �s 15:45:22 (1676659522), maxim.cournoyer@gmail.com enviou:
Toggle quote (5 lines)
> Hi Andr�,
> (...)
> I've pushed the first two patches, leaving this one until you get back
> to me about my previous comment.

I was building the dependents and just found out that python-pygit2
requires libgit2-1.4.
A
A
André Batista wrote on 18 Feb 2023 00:33
Re: bug#61246: [PATCH] gnu: libgit2: Update to 1.5.1.
(name . Maxim Cournoyer)(address . maxim.cournoyer@gmail.com)
Y/AO1h2jwHYsues1@andel
sex 17 fev 2023 �s 14:46:52 (1676656012), maxim.cournoyer@gmail.com enviou:
Toggle quote (9 lines)
> Hi,
>
> Andr� Batista <nandre@riseup.net> writes:
>
> > Is there a no-brainer way to try building all dependent packages?
>
> Sadly not from the CLI, I used a bunch of shell script helpers to do so:
> https://notabug.org/apteryx/guix-api-examples/src/master/command-line-hacks.sh

thanks!
M
M
Maxim Cournoyer wrote on 18 Feb 2023 18:35
Re: [bug#61246] [PATCH v3 2/3] doc: Explain how to use local guix repositories.
(name . André Batista)(address . nandre@riseup.net)(address . 61246@debbugs.gnu.org)
87fsb2q3kr.fsf@gmail.com
Hi André,

André Batista <nandre@riseup.net> writes:

Toggle quote (34 lines)
> Hi,
>
> sex 17 fev 2023 às 14:58:12 (1676656692), maxim.cournoyer@gmail.com enviou:
>> Hello,
>>
>> André Batista <nandre@riseup.net> writes:
>> > +Note that you can specify a local directory on the @code{url} field above if
>> > +the channel that you intend to use resides on a local file system. However,
>> > +in this case @command{guix} checks said directory for ownership before any
>> > +further processing. This means that if the user is not the directory owner,
>> > +but wants to use it as their default, they will then need to set it as a safe
>> > +directory in their global git configuration file. Otherwise, @command{guix}
>> > +will refuse to even read it. Supposing your system-wide local directory is at
>> > +@code{/src/guix.git}, you would then create a git configuration file at
>> > +@code{~/.gitconfig} with the following contents:
>> > +
>> > +@example
>> > +[safe]
>> > + directory = /src/guix.git
>> > +@end example
>>
>> Perhaps you meant to use @command{git} in the above instead of
>> @command{guix}, since it's specific to Git (and the configure snippet is
>> for Git) ?
>
> Not really. It's guix itself and its subcommands which will fail in
> this scenario, not git, even though it's because guix is using git
> configuration through libgit2. To me it would be misleading to use
> @command{git} there. I could come up with a more detailed
> description, however, I don't think this would be the place to be
> diving on a detailed discussion of guix internals. I'm up to
> suggestions though if you think this patch would make people wonder
> if it is a typo.

I understand. How about a very subtle nudge at the fact that Guix uses
git (via libgit2) under the hood? Something like the following, where
I've used a footnote (untested):

Toggle snippet (13 lines)
Note that you can specify a local directory on the @code{url} field
above if the channel that you intend to use resides on a local file
system. However, in this case @command{guix}@footnote{More accurately,
@command{git}, which Guix utilizes via the @code{libgit2} library.}
checks said directory for ownership before any further processing. This
means that if the user is not the directory owner, but wants to use it
as their default, they will then need to set it as a safe directory in
their global git configuration file. Otherwise, @command{guix} will
refuse to even read it. Supposing your system-wide local directory is
at @code{/src/guix.git}, you would then create a git configuration file
at @code{~/.gitconfig} with the following contents:

--
Thanks,
Maxim
M
M
Maxim Cournoyer wrote on 18 Feb 2023 18:43
(name . André Batista)(address . nandre@riseup.net)(address . 61246@debbugs.gnu.org)
87bklqq37m.fsf@gmail.com
Hello,

André Batista <nandre@riseup.net> writes:

Toggle quote (9 lines)
> sex 17 fev 2023 às 15:45:22 (1676659522), maxim.cournoyer@gmail.com enviou:
>> Hi André,
>> (...)
>> I've pushed the first two patches, leaving this one until you get back
>> to me about my previous comment.
>
> I was building the dependents and just found out that python-pygit2
> requires libgit2-1.4.

I've opted to update it to 1.11.1 instead; commit "gnu: python-pygit2:
Update to 1.11.1." will land to master shortly.

--
Thanks,
Maxim
T
T
Tobias Geerinckx-Rice wrote on 18 Feb 2023 19:04
Re: [bug#61246] [PATCH] gnu: libgit2: Update to 1.5.1.
(address . 61246@debbugs.gnu.org)
87lekux2te.fsf@nckx
Hi Maxim, André,

I belatedly second Zimoun here:

Toggle quote (2 lines)
> This patch series should be split into 3 atomic commits.

Maxim Cournoyer ???
Toggle quote (4 lines)
> Sadly not from the CLI, I used a bunch of shell script helpers
> to do so:
> https://notabug.org/apteryx/guix-api-examples/src/master/command-line-hacks.sh

Just FYI, it seems like this didn't catch Julia, which (sigh)
fails its test suite when the libgit2 version number doesn't match
its hard-coded expectation. No biggie, but might help you debug
your scripts.

Kind regards,

T G-R
-----BEGIN PGP SIGNATURE-----

iIMEARYKACsWIQT12iAyS4c9C3o4dnINsP+IT1VteQUCY/EUfQ0cbWVAdG9iaWFz
LmdyAAoJEA2w/4hPVW15BA0BAL3Ukxaa/gwXcDh8W5KSP66gVbB80C6xRDtIpU9d
1FKUAP9N3IOxZx6EJHy4rU5MfTxwXaTTuQ36a5NwIN+tVDLEAQ==
=j2k3
-----END PGP SIGNATURE-----

T
T
Tobias Geerinckx-Rice wrote on 18 Feb 2023 19:13
(address . 61246@debbugs.gnu.org)
87h6vix2jm.fsf@nckx
Tobias Geerinckx-Rice ???
Toggle quote (4 lines)
> I belatedly second Zimoun here:
>
>> This patch series should be split into 3 atomic commits.

Or maybe I misinterpreted the intention.

When debugging this, I would have liked to find separate commits
for each version, or a more generic title (without the misleading
‘to 1.5.1’).

Kind regards,

T G-R
-----BEGIN PGP SIGNATURE-----

iIMEARYKACsWIQT12iAyS4c9C3o4dnINsP+IT1VteQUCY/EV3Q0cbWVAdG9iaWFz
LmdyAAoJEA2w/4hPVW15g7YBAMAEXsEZNiT3AJptniguUtnJz8/D8C/McNltFhJm
q10vAP0R4LuDdyPG5mcdBB1KFY5u3cFIsCqWKawecEmcP5WQCg==
=Wx8n
-----END PGP SIGNATURE-----

M
M
Maxim Cournoyer wrote on 18 Feb 2023 21:45
(name . Tobias Geerinckx-Rice)(address . me@tobias.gr)
87r0umog7v.fsf@gmail.com
Hi Tobias!

Tobias Geerinckx-Rice <me@tobias.gr> writes:

Toggle quote (11 lines)
> Tobias Geerinckx-Rice ???
>> I belatedly second Zimoun here:
>>
>>> This patch series should be split into 3 atomic commits.
>
> Or maybe I misinterpreted the intention.
>
> When debugging this, I would have liked to find separate commits for
> each version, or a more generic title (without the misleading ‘to
> 1.5.1’).

Apologies for the breakage, and thank you for the prompt fix! I wish I
had the QA's badge of approval, but after waiting more than a week I had
no expectation of when it'd show up.

--
Thanks,
Maxim
S
S
Simon Tournier wrote on 20 Feb 2023 11:05
(address . 61246@debbugs.gnu.org)
87y1os4poo.fsf@gmail.com
Hi,

On sam., 18 févr. 2023 at 19:13, Tobias Geerinckx-Rice via Guix-patches via <guix-patches@gnu.org> wrote:
Toggle quote (11 lines)
> Tobias Geerinckx-Rice ???
>> I belatedly second Zimoun here:
>>
>>> This patch series should be split into 3 atomic commits.
>
> Or maybe I misinterpreted the intention.
>
> When debugging this, I would have liked to find separate commits a
> for each version, or a more generic title (without the misleading
> ‘to 1.5.1’).

The intention was: « When debugging this, I would have liked to find
separate commits a for each version, or a more generic title (without
the misleading ‘to 1.5.1’). » :-)

Just to point that as member of the Julia team, I know by experience
that the dependency relationship between Julia and the Git ecosystem can
be tedious to find. Hence my proposal to split – it helps to prevent
breakage or help to debug it.

Thanks Tobias for the quick fix!


Cheers,
simon
S
S
Simon Tournier wrote on 20 Feb 2023 11:08
87sff04pk4.fsf@gmail.com
Hi,

On sam., 18 févr. 2023 at 15:45, Maxim Cournoyer <maxim.cournoyer@gmail.com> wrote:

Toggle quote (4 lines)
> Apologies for the breakage, and thank you for the prompt fix! I wish I
> had the QA's badge of approval, but after waiting more than a week I had
> no expectation of when it'd show up.

I agree that it is hard to know if something related to QA is going
wrong or if it is something related to the patch. I had the issue in
[1,2].



Cheers,
simon
A
A
André Batista wrote on 22 Feb 2023 19:10
Re: [bug#61246] [PATCH v3 2/3] doc: Explain how to use local guix repositories.
(name . Maxim Cournoyer)(address . maxim.cournoyer@gmail.com)(address . 61246@debbugs.gnu.org)
Y/Zan4oZ1rs96PN6@andel
Hi Maxim,

s�b 18 fev 2023 �s 12:35:32 (1676734532), maxim.cournoyer@gmail.com enviou:
Toggle quote (15 lines)
>
> --8<---------------cut here---------------start------------->8---
> Note that you can specify a local directory on the @code{url} field
> above if the channel that you intend to use resides on a local file
> system. However, in this case @command{guix}@footnote{More accurately,
> @command{git}, which Guix utilizes via the @code{libgit2} library.}
> checks said directory for ownership before any further processing. This
> means that if the user is not the directory owner, but wants to use it
> as their default, they will then need to set it as a safe directory in
> their global git configuration file. Otherwise, @command{guix} will
> refuse to even read it. Supposing your system-wide local directory is
> at @code{/src/guix.git}, you would then create a git configuration file
> at @code{~/.gitconfig} with the following contents:
> --8<---------------cut here---------------end--------------->8---

I don't think it's more accurate to say it's @command{git}.

Looking at the manual, on section 7.4 "Channel Authentication", it says:

---

The @command{guix pull} and @command{guix time-machine} commands
@dfn{authenticate} the code retrieved from channels: they make sure each
commit that is fetched is signed by an authorized developer. The goal
is to protect from unauthorized modifications to the channel that would
lead users to run malicious code.

As a user, you must provide a @dfn{channel introduction} in your
channels file so that Guix knows how to authenticate its first commit.
A channel specification, including its introduction, looks something
along these lines:

---

Then it goes on to describe how to insert a openpgp fingerprint, a
commit hash, but it does not say it's @command{git}, nor
@command{gnupg}, and it has no word to say about gcrypt library,
libgit2 or guile and IMO it's good as is.

Anyway, would it satisfy your concerns if I were to send another patch
version with the following contents?

Toggle snippet (14 lines)
Note that you can specify a local directory on the @code{url} field
above if the channel that you intend to use resides on a local file
system. However, in this case Guix checks said directory for ownership
before any further processing and it will, by default, abort execution
if the configured directory is neither owned by the calling user nor
has it been configured as a safe directory in the user's global
@command{git} configuration file at @code{~/.gitconfig}, which Guix
honors@footnote{If you know your @command{git}, this security measure
mimicks what it does.}. Supposing your system-wide local channel is
at @code{/src/guix.git}, you would then declare it a safe directory by
adding the following configuration directives to your @command{git}
global configuration file:

Cheers,
A
A
André Batista wrote on 22 Feb 2023 19:17
Re: [bug#61246] [PATCH] gnu: libgit2: Update to 1.5.1.
(name . Tobias Geerinckx-Rice)(address . me@tobias.gr)
Y/ZcVQjuxDFfgFTU@andel
Hi Tobias!

sáb 18 fev 2023 às 19:13:53 (1676758433), me@tobias.gr enviou:
Toggle quote (4 lines)
>
> When debugging this, I would have liked to find separate commits for each
> version, or a more generic title (without the misleading ‘to 1.5.1’).

Ack! I'll keep that in mind and try to alleviate the burden instead of
aggravating it.

Regards,
A
A
André Batista wrote on 23 Feb 2023 13:43
Re: [bug#61246] [PATCH v3 2/3] doc: Explain how to use local guix repositories.
(name . Maxim Cournoyer)(address . maxim.cournoyer@gmail.com)(address . 61246@debbugs.gnu.org)
Y/dfZl37hEHPMNNU@andel
Hi Maxim,

s�b 18 fev 2023 �s 12:35:32 (1676734532), maxim.cournoyer@gmail.com enviou:
Toggle quote (14 lines)
> (...)
> >> Perhaps you meant to use @command{git} in the above instead of
> >> @command{guix}, since it's specific to Git (and the configure snippet is
> >> for Git) ?
> >
> > Not really. It's guix itself and its subcommands which will fail in
> > this scenario, not git, even though it's because guix is using git
> > configuration through libgit2. To me it would be misleading to use
> > @command{git} there. I could come up with a more detailed
> > description, however, I don't think this would be the place to be
> > diving on a detailed discussion of guix internals. I'm up to
> > suggestions though if you think this patch would make people wonder
> > if it is a typo.

Just to be sure we are on the same page on this: have you followed on
#55399? AKA Guix has a choice to make here since we could just as
well decide to diverge from git and disable owner validation checks
entirely in Guix. On the one side, users wouldn't need to bother with
git configuration and the manual could do without this patch. On the
other, would this divergence have any security implications? As far
as I can see it doesn't, but I may not be seeing far enough and we
would be hard coding and burying this decision in Guix.

Also we wouldn't be exempting one chosen directory of these checks,
but disabling it altogether in Guix.

WDYT?
M
M
Maxim Cournoyer wrote on 23 Feb 2023 22:59
(name . André Batista)(address . nandre@riseup.net)(address . 61246-done@debbugs.gnu.org)
87h6vchwl2.fsf@gmail.com
Hi André,

André Batista <nandre@riseup.net> writes:

Toggle quote (20 lines)
> Hi Maxim,
>
> sáb 18 fev 2023 às 12:35:32 (1676734532), maxim.cournoyer@gmail.com enviou:
>>
>> --8<---------------cut here---------------start------------->8---
>> Note that you can specify a local directory on the @code{url} field
>> above if the channel that you intend to use resides on a local file
>> system. However, in this case @command{guix}@footnote{More accurately,
>> @command{git}, which Guix utilizes via the @code{libgit2} library.}
>> checks said directory for ownership before any further processing. This
>> means that if the user is not the directory owner, but wants to use it
>> as their default, they will then need to set it as a safe directory in
>> their global git configuration file. Otherwise, @command{guix} will
>> refuse to even read it. Supposing your system-wide local directory is
>> at @code{/src/guix.git}, you would then create a git configuration file
>> at @code{~/.gitconfig} with the following contents:
>> --8<---------------cut here---------------end--------------->8---
>
> I don't think it's more accurate to say it's @command{git}.

Then we could mention just @code{libgit2} in the footnote. It is an
implementation detail, but one perhaps worth mentioning in this context
(otherwise a user could wonder "what does ~/.gitconfig have to do with
Guix?").

My point was that Guix alone couldn't care less about ~/.gitconfig, so
it seems confusing to me to mention it in relation to Guix. It's really
a libgit2/git-specific thing, so should be mentioned somewhere, in my
opinion.

But now that you've pointed at our current style elsewhere, I guess your
original version is fine. The good part about it is that by avoiding to
mention implementation details such as libgit2, it makes it less likely
that text will go stale as Guix evolves.

I've now applied the original, untouched.

--
Thanks,
Maxim
Closed
M
M
Maxim Cournoyer wrote on 23 Feb 2023 23:38
(name . André Batista)(address . nandre@riseup.net)(address . 61246@debbugs.gnu.org)
87y1oogg7e.fsf@gmail.com
Hi,

André Batista <nandre@riseup.net> writes:

Toggle quote (29 lines)
> Hi Maxim,
>
> sáb 18 fev 2023 às 12:35:32 (1676734532), maxim.cournoyer@gmail.com enviou:
>> (...)
>> >> Perhaps you meant to use @command{git} in the above instead of
>> >> @command{guix}, since it's specific to Git (and the configure snippet is
>> >> for Git) ?
>> >
>> > Not really. It's guix itself and its subcommands which will fail in
>> > this scenario, not git, even though it's because guix is using git
>> > configuration through libgit2. To me it would be misleading to use
>> > @command{git} there. I could come up with a more detailed
>> > description, however, I don't think this would be the place to be
>> > diving on a detailed discussion of guix internals. I'm up to
>> > suggestions though if you think this patch would make people wonder
>> > if it is a typo.
>
> Just to be sure we are on the same page on this: have you followed on
> #55399? AKA Guix has a choice to make here since we could just as
> well decide to diverge from git and disable owner validation checks
> entirely in Guix. On the one side, users wouldn't need to bother with
> git configuration and the manual could do without this patch. On the
> other, would this divergence have any security implications? As far
> as I can see it doesn't, but I may not be seeing far enough and we
> would be hard coding and burying this decision in Guix.
>
> Also we wouldn't be exempting one chosen directory of these checks,
> but disabling it altogether in Guix.

I'm not sure of the security implications this new git switch tries
addressing, so I'd have to read about it more before I can commit on
what's right to do. In the meantime, we have a recent libgit2 and users
have instructions about dealing with its new security "features", so it
still seems a plus to me.

--
Thanks,
Maxim
?