Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
---|---|---|---|---|---|---|
fix-version-string | Set version from .tarball-version shipped in guix tarball, rather than potentially attempting to regenerate from git. =================================================================== |
Vagrant Cascadian <vagrant@debian.org> | not-needed | |||
guix-services-from-usr-bin | Patch to run from binaries in /usr/bin. =================================================================== |
no | ||||
skip-use-of-bootstrap-binary | Disable test as it uses bootstrap binaries downloaded from the network when not present, which violates Debian Policy. diff -ur tests/build-utils.scm /run/schroot/mount/sid-dada96d4-fed0-4d5f-8734-d01af1e5695f/build/guix-qPiHB3/guix-1.1.0+66851.6799e6/tests/build-utils.scm |
no | ||||
0001-tests-challenge-Disable-tests-requiring-bootstrap-bi.patch | [PATCH 01/23] tests/challenge: Disable tests requiring bootstrap binaries if network is unavailable. | Vagrant Cascadian <vagrant@debian.org> | no | 2020-11-06 | ||
0002-tests-Only-run-tests-requiring-bootstrap-binaries-wh.patch | [PATCH 02/23] tests: Only run tests requiring bootstrap binaries when network is available. | Vagrant Cascadian <vagrant@debian.org> | no | 2020-11-06 | ||
0003-tests-Ensure-tests-that-require-bootstrap-guile-are-.patch | [PATCH 03/23] tests: Ensure tests that require %bootstrap-guile are only run when network is reachable. | Vagrant Cascadian <vagrant@debian.org> | no | 2020-11-06 | ||
0004-tests-Only-run-tests-using-bootstrap-binaries-when-n.patch | [PATCH 04/23] tests: Only run tests using bootstrap binaries when network is available. | Vagrant Cascadian <vagrant@debian.org> | no | 2020-11-06 | ||
0005-tests-Only-run-tests-using-bootstrap-binaries-when-n.patch | [PATCH 05/23] tests: Only run tests using bootstrap binaries when network is available. | Vagrant Cascadian <vagrant@debian.org> | no | 2020-11-06 | ||
0006-tests-channels.scm-Disable-latest-channel-instances-.patch | [PATCH 06/23] tests/channels.scm: Disable latest-channel-instances includes channel dependencies when network is unavailable. | Vagrant Cascadian <vagrant@debian.org> | no | 2020-11-06 | ||
0007-tests-syscalls.scm-Disable-scandir-properties-test-f.patch | [PATCH 07/23] tests/syscalls.scm: Disable scandir properties test failure. | Vagrant Cascadian <vagrant@debian.org> | no | 2020-11-06 | ||
0008-tests-derivations.scm-Disable-fixed-output-derivatio.patch | [PATCH 08/23] tests/derivations.scm: Disable fixed-output derivations tests when network is unavailable (???) | Vagrant Cascadian <vagrant@debian.org> | no | 2020-11-06 | ||
0009-tests-derivations.scm-Only-run-download-built-in-bui.patch | [PATCH 09/23] tests/derivations.scm: Only run download built-in builder when network is available. | Vagrant Cascadian <vagrant@debian.org> | no | 2020-11-06 | ||
0010-tests-challenge.scm-Disable-tests-that-may-require-n.patch | [PATCH 10/23] tests/challenge.scm: Disable tests that may require network for bootstrap binaries. | Vagrant Cascadian <vagrant@debian.org> | no | 2020-11-10 | ||
0011-tests-union.scm-Skip-tests-that-depend-on-bootstrap-.patch | [PATCH 11/23] tests/union.scm: Skip tests that depend on bootstrap binaries. | Vagrant Cascadian <vagrant@debian.org> | no | 2020-11-10 | ||
0012-tests-store.scm-Disable-tests-requiring-bootstrap-bi.patch | [PATCH 12/23] tests/store.scm: Disable tests requiring bootstrap binaries when network in unavailable. | Vagrant Cascadian <vagrant@debian.org> | no | 2020-11-10 | ||
0013-tests-store.scm-Disable-tests-requiring-bootstrap-gu.patch | [PATCH 13/23] tests/store.scm: Disable tests requiring bootstrap-guile when network is unavailable. | Vagrant Cascadian <vagrant@debian.org> | no | 2020-11-10 | ||
0014-tests-size.scm-Disable-tests-requiring-bootstrap-bin.patch | [PATCH 14/23] tests/size.scm: Disable tests requiring bootstrap binaries when network is unavailable. | Vagrant Cascadian <vagrant@debian.org> | no | 2020-11-10 | ||
0015-tests-processes.scm-Disable-test-using-bootstrap-gui.patch | [PATCH 15/23] tests/processes.scm: Disable test using bootstrap-guile when network is unavailable. | Vagrant Cascadian <vagrant@debian.org> | no | 2020-11-10 | ||
0016-tests-derivations.scm-Disable-tests-requiring-bootst.patch | [PATCH 16/23] tests/derivations.scm: Disable tests requiring bootstrap binaries when network is unavailable. | Vagrant Cascadian <vagrant@debian.org> | no | 2020-11-10 | ||
0017-tests-gexp.scm-Disable-tests-using-bootstrap-binarie.patch | [PATCH 17/23] tests/gexp.scm: Disable tests using bootstrap binaries when network is unavailable. | Vagrant Cascadian <vagrant@debian.org> | no | 2020-11-10 | ||
0018-tests-grafts.scm-Disable-tests-that-require-bootstra.patch | [PATCH 18/23] tests/grafts.scm: Disable tests that require bootstrap binaries when network is unavailable. | Vagrant Cascadian <vagrant@debian.org> | no | 2020-11-10 | ||
0019-tests-graph.scm-Disable-test-needing-further-investi.patch | [PATCH 19/23] tests/graph.scm: Disable test needing further investigation. | Vagrant Cascadian <vagrant@debian.org> | no | 2020-11-10 | ||
0020-tests-packages.scm-Disable-tests-using-bootstrap-bin.patch | [PATCH 20/23] tests/packages.scm: Disable tests using bootstrap binaries when network is unavailable. | Vagrant Cascadian <vagrant@debian.org> | no | 2020-11-10 | ||
0021-tests-profiles.scm-Disable-tests-using-bootstrap-bin.patch | [PATCH 21/23] tests/profiles.scm: Disable tests using bootstrap binaries when networking is unavailable. | Vagrant Cascadian <vagrant@debian.org> | no | 2020-11-10 | ||
0022-tests-publish.scm-Disable-test-requiring-bootstrap-b.patch | [PATCH 22/23] tests/publish.scm: Disable test requiring bootstrap binaries when networking is unavailable. | Vagrant Cascadian <vagrant@debian.org> | no | 2020-11-10 | ||
0023-tests-publish.scm-Disable-test-needing-further-inves.patch | [PATCH 23/23] tests/publish.scm: Disable test needing further investigation. | Vagrant Cascadian <vagrant@debian.org> | no | 2020-11-10 | ||
0024-tests-derivations.scm-Disable-tests-with-unknown-cau.patch | [PATCH 24/24] tests/derivations.scm: Disable tests with unknown causes. | Vagrant Cascadian <vagrant@debian.org> | no | 2020-11-10 | ||
tests-Add-common-functions-for-to-check-for-network-.patch | [PATCH] tests: Add common functions for to check for network reachability. * tests/common.sh: New file. * tests/guix-build-branch.sh, tests/guix-pack.sh, tests/guix-package-net.sh: Use skip_if_network_unreachable function from common.sh. * tests/guix-environment.sh: Use network_reachable function from common.sh. |
Vagrant Cascadian <vagrant@debian.org> | yes | upstream | 2020-11-10 | |
tests-Disable-tests-using-bootstrap-binaries-when-ne.patch | [PATCH] tests: Disable tests using bootstrap binaries when network is unavailable. | Vagrant Cascadian <vagrant@debian.org> | no | 2020-11-11 | ||
disable-tests-that-fail-with-tilde-in-build-path | Tests fail when the build path contains a "~" =================================================================== |
yes | upstream | |||
disable-gexp-script-module-path | Disable test that uses bootstrap-guile. =================================================================== |
no | ||||
use-guix-daemon-from-usr-bin | On Debian systems guix-daemon is provided in /usr/bin, use that one. Also configure to use the _guixbuild group. =================================================================== |
no | ||||
lsb-init-functions | https://lintian.debian.org/tags/init.d-script-does-not-source-init-functions.html =================================================================== |
no | ||||
do-not-embed-build-path-in-gnu-ci | Do not embed build path https://issues.guix.gnu.org/44835 diff --git a/gnu/ci.scm b/gnu/ci.scm index 5548d9560e..0bacfbe025 100644 |
no | ||||
0025-tests-containers.scm-Disable-container-tests.patch | [PATCH 25/29] tests/containers.scm: Disable container tests. | Vagrant Cascadian <vagrant@debian.org> | no | 2021-01-20 | ||
0026-tests-guix-environment-container.sh-Disable-containe.patch | [PATCH 26/29] tests/guix-environment-container.sh: Disable container tests. | Vagrant Cascadian <vagrant@debian.org> | no | 2021-01-20 | ||
0027-tests-syscalls.scm-Disable-tests-requiring-user-name.patch | [PATCH 27/29] tests/syscalls.scm: Disable tests requiring user namespaces. | Vagrant Cascadian <vagrant@debian.org> | no | 2021-01-20 | ||
0028-tests-lint.scm-Disable-several-lint-tests-that-fail-.patch | [PATCH 28/29] tests/lint.scm: Disable several lint tests that fail with guile-2.2. | Vagrant Cascadian <vagrant@debian.org> | no | 2021-01-20 | ||
0029-tests-swh.scm-Disable-tests-the-fail-with-guile-2.2.patch | [PATCH 29/29] tests/swh.scm: Disable tests the fail with guile-2.2. | Vagrant Cascadian <vagrant@debian.org> | no | 2021-01-20 | ||
security/daemon-Prevent-privilege-escalation-with-keep-failed.patch | [PATCH] daemon: Prevent privilege escalation with '--keep-failed' [security]. Fixes <https://bugs.gnu.org/47229>. Reported by Nathan Nye of WhiteBeam Security. * nix/libstore/build.cc (DerivationGoal::startBuilder): When 'useChroot' is true, add "/top" to 'tmpDir'. (DerivationGoal::deleteTmpDir): Adjust accordingly. When 'settings.keepFailed' is true, chown in two steps: first the "/top" sub-directory, and then rename "/top" to its parent. |
=?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@gnu.org> | no | 2021-03-18 | ||
tests-Ensure-test-OpenPGP-keys-never-expire.patch | [PATCH] tests: Ensure test OpenPGP keys never expire. All these keys had expiration dates. 'tests/keys/ed25519.pub' expired on 2022-04-24. Fixes <https://issues.guix.gnu.org/55506>. * tests/keys/ed25519.pub, tests/keys/ed25519-2.pub, tests/keys/ed25519-3.pub: Remove expiration date. |
=?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@gnu.org> | no | 2022-05-18 | ||
security/0001-daemon-Protect-against-FD-escape-when-building-fixed.patch | [PATCH 01/36] daemon: Protect against FD escape when building fixed-output derivations (CVE-2024-27297). This fixes a security issue (CVE-2024-27297) whereby a fixed-output derivation build process could open a writable file descriptor to its output, send it to some outside process for instance over an abstract AF_UNIX socket, which would then allow said process to modify the file in the store after it has been marked as “valid”. Vulnerability discovered by puck <https://github.com/puckipedia>. Nix security advisory: https://github.com/NixOS/nix/security/advisories/GHSA-2ffj-w4mj-pg37 Nix fix: https://github.com/NixOS/nix/commit/244f3eee0bbc7f11e9b383a15ed7368e2c4becc9 * nix/libutil/util.cc (readDirectory): Add variants that take a DIR* and a file descriptor. Rewrite the ‘Path’ variant accordingly. (copyFile, copyFileRecursively): New functions. * nix/libutil/util.hh (copyFileRecursively): New declaration. * nix/libstore/build.cc (DerivationGoal::buildDone): When ‘fixedOutput’ is true, call ‘copyFileRecursively’ followed by ‘rename’ on each output. |
=?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@gnu.org> | no | 2024-03-11 | ||
security/0032-daemon-Address-shortcoming-in-previous-security-fix-.patch | [PATCH 32/36] daemon: Address shortcoming in previous security fix for CVE-2024-27297. This is a followup to 8f4ffb3fae133bb21d7991e97c2f19a7108b1143. Commit 8f4ffb3fae133bb21d7991e97c2f19a7108b1143 fell short in two performed in a chroot, which is the case for all of them except those using “builtin:download” and “builtin:git-download”, and (2) it did not preserve ownership when copying, leading to “suspicious ownership or permission […] rejecting this build output” errors. * nix/libstore/build.cc (DerivationGoal::buildDone): Account for ‘chrootRootDir’ when copying ‘drv.outputs’. * nix/libutil/util.cc (copyFileRecursively): Add ‘fchown’ and ‘fchownat’ calls to preserve file ownership; this is necessary for chrooted fixed-output derivation builds. * nix/libutil/util.hh: Update comment. |
=?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@gnu.org> | no | 2024-03-12 |