| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| fix-version-string | Set version from .tarball-version shipped in guix tarball, rather than potentially attempting to regenerate from git. =================================================================== |
Vagrant Cascadian <vagrant@debian.org> | not-needed | |||
| guix-services-from-usr-bin | Patch to run from binaries in /usr/bin. =================================================================== |
no | ||||
| skip-use-of-bootstrap-binary | Disable test as it uses bootstrap binaries downloaded from the network when not present, which violates Debian Policy. =================================================================== |
no | ||||
| tests-Add-common-functions-for-to-check-for-network-.patch | [PATCH] tests: Add common functions for to check for network reachability. * tests/common.sh: New file. * tests/guix-build-branch.sh, tests/guix-pack.sh, tests/guix-package-net.sh: Use skip_if_network_unreachable function from common.sh. * tests/guix-environment.sh: Use network_reachable function from common.sh. |
Vagrant Cascadian <vagrant@debian.org> | yes | upstream | 2020-11-10 | |
| tests-Disable-tests-using-bootstrap-binaries-when-ne.patch | [PATCH] tests: Disable tests using bootstrap binaries when network is unavailable. | Vagrant Cascadian <vagrant@debian.org> | no | 2020-11-11 | ||
| disable-gexp-script-module-path | Disable test that uses bootstrap-guile. =================================================================== |
no | ||||
| use-guix-daemon-from-usr-bin | On Debian systems guix-daemon is provided in /usr/bin, use that one. Also configure to use the _guixbuild group. =================================================================== |
no | ||||
| lsb-init-functions | https://lintian.debian.org/tags/init.d-script-does-not-source-init-functions.html =================================================================== |
no | ||||
| 0001-tests-challenge-Disable-tests-requiring-bootstrap-bi.patch | [PATCH 01/29] tests/challenge: Disable tests requiring bootstrap binaries if network is unavailable. | Vagrant Cascadian <vagrant@debian.org> | no | 2020-11-06 | ||
| 0002-tests-Only-run-tests-requiring-bootstrap-binaries-wh.patch | [PATCH 02/29] tests: Only run tests requiring bootstrap binaries when network is available. | Vagrant Cascadian <vagrant@debian.org> | no | 2020-11-06 | ||
| 0003-tests-Ensure-tests-that-require-bootstrap-guile-are-.patch | [PATCH 03/29] tests: Ensure tests that require %bootstrap-guile are only run when network is reachable. | Vagrant Cascadian <vagrant@debian.org> | no | 2020-11-06 | ||
| 0004-tests-Only-run-tests-using-bootstrap-binaries-when-n.patch | [PATCH 04/29] tests: Only run tests using bootstrap binaries when network is available. | Vagrant Cascadian <vagrant@debian.org> | no | 2020-11-06 | ||
| 0005-tests-Only-run-tests-using-bootstrap-binaries-when-n.patch | [PATCH 05/29] tests: Only run tests using bootstrap binaries when network is available. | Vagrant Cascadian <vagrant@debian.org> | no | 2020-11-06 | ||
| 0006-tests-channels.scm-Disable-latest-channel-instances-.patch | [PATCH 06/29] tests/channels.scm: Disable latest-channel-instances includes channel dependencies when network is unavailable. | Vagrant Cascadian <vagrant@debian.org> | no | 2020-11-06 | ||
| 0007-tests-syscalls.scm-Disable-scandir-properties-test-f.patch | [PATCH 07/29] tests/syscalls.scm: Disable scandir properties test failure. | Vagrant Cascadian <vagrant@debian.org> | no | 2020-11-06 | ||
| 0008-tests-derivations.scm-Disable-fixed-output-derivatio.patch | [PATCH 08/29] tests/derivations.scm: Disable fixed-output derivations tests when network is unavailable (???) | Vagrant Cascadian <vagrant@debian.org> | no | 2020-11-06 | ||
| 0009-tests-derivations.scm-Only-run-download-built-in-bui.patch | [PATCH 09/29] tests/derivations.scm: Only run download built-in builder when network is available. | Vagrant Cascadian <vagrant@debian.org> | no | 2020-11-06 | ||
| 0010-tests-challenge.scm-Disable-tests-that-may-require-n.patch | [PATCH 10/29] tests/challenge.scm: Disable tests that may require network for bootstrap binaries. | Vagrant Cascadian <vagrant@debian.org> | no | 2020-11-10 | ||
| 0011-tests-union.scm-Skip-tests-that-depend-on-bootstrap-.patch | [PATCH 11/29] tests/union.scm: Skip tests that depend on bootstrap binaries. | Vagrant Cascadian <vagrant@debian.org> | no | 2020-11-10 | ||
| 0012-tests-store.scm-Disable-tests-requiring-bootstrap-bi.patch | [PATCH 12/29] tests/store.scm: Disable tests requiring bootstrap binaries when network in unavailable. | Vagrant Cascadian <vagrant@debian.org> | no | 2020-11-10 | ||
| 0013-tests-store.scm-Disable-tests-requiring-bootstrap-gu.patch | [PATCH 13/29] tests/store.scm: Disable tests requiring bootstrap-guile when network is unavailable. | Vagrant Cascadian <vagrant@debian.org> | no | 2020-11-10 | ||
| 0014-tests-size.scm-Disable-tests-requiring-bootstrap-bin.patch | [PATCH 14/29] tests/size.scm: Disable tests requiring bootstrap binaries when network is unavailable. | Vagrant Cascadian <vagrant@debian.org> | no | 2020-11-10 | ||
| 0015-tests-processes.scm-Disable-test-using-bootstrap-gui.patch | [PATCH 15/29] tests/processes.scm: Disable test using bootstrap-guile when network is unavailable. | Vagrant Cascadian <vagrant@debian.org> | no | 2020-11-10 | ||
| 0016-tests-derivations.scm-Disable-tests-requiring-bootst.patch | [PATCH 16/29] tests/derivations.scm: Disable tests requiring bootstrap binaries when network is unavailable. | Vagrant Cascadian <vagrant@debian.org> | no | 2020-11-10 | ||
| 0017-tests-gexp.scm-Disable-tests-using-bootstrap-binarie.patch | [PATCH 17/29] tests/gexp.scm: Disable tests using bootstrap binaries when network is unavailable. | Vagrant Cascadian <vagrant@debian.org> | no | 2020-11-10 | ||
| 0018-tests-grafts.scm-Disable-tests-that-require-bootstra.patch | [PATCH 18/29] tests/grafts.scm: Disable tests that require bootstrap binaries when network is unavailable. | Vagrant Cascadian <vagrant@debian.org> | no | 2020-11-10 | ||
| 0019-tests-graph.scm-Disable-test-needing-further-investi.patch | [PATCH 19/29] tests/graph.scm: Disable test needing further investigation. | Vagrant Cascadian <vagrant@debian.org> | no | 2020-11-10 | ||
| 0020-tests-packages.scm-Disable-tests-using-bootstrap-bin.patch | [PATCH 20/29] tests/packages.scm: Disable tests using bootstrap binaries when network is unavailable. | Vagrant Cascadian <vagrant@debian.org> | no | 2020-11-10 | ||
| 0021-tests-profiles.scm-Disable-tests-using-bootstrap-bin.patch | [PATCH 21/29] tests/profiles.scm: Disable tests using bootstrap binaries when networking is unavailable. | Vagrant Cascadian <vagrant@debian.org> | no | 2020-11-10 | ||
| 0022-tests-publish.scm-Disable-test-requiring-bootstrap-b.patch | [PATCH 22/29] tests/publish.scm: Disable test requiring bootstrap binaries when networking is unavailable. | Vagrant Cascadian <vagrant@debian.org> | no | 2020-11-10 | ||
| 0023-tests-publish.scm-Disable-test-needing-further-inves.patch | [PATCH 23/29] tests/publish.scm: Disable test needing further investigation. | Vagrant Cascadian <vagrant@debian.org> | no | 2020-11-10 | ||
| 0024-tests-derivations.scm-Disable-tests-that-need-bootst.patch | [PATCH 24/29] tests/derivations.scm: Disable tests that need bootstrap binaries. | Vagrant Cascadian <vagrant@debian.org> | no | 2020-11-10 | ||
| 0025-tests-containers.scm-Disable-container-tests.patch | [PATCH 25/29] tests/containers.scm: Disable container tests. | Vagrant Cascadian <vagrant@debian.org> | no | 2021-01-20 | ||
| 0026-tests-guix-environment-container.sh-Disable-containe.patch | [PATCH 26/29] tests/guix-environment-container.sh: Disable container tests. | Vagrant Cascadian <vagrant@debian.org> | no | 2021-01-20 | ||
| 0027-tests-syscalls.scm-Disable-tests-requiring-user-name.patch | [PATCH 27/29] tests/syscalls.scm: Disable tests requiring user namespaces. | Vagrant Cascadian <vagrant@debian.org> | no | 2021-01-20 | ||
| 0030-Disable-gexp-derivation-allowed-references-test-when.patch | [PATCH 30/32] Disable "gexp->derivation #:allowed-references" test when network is unavailable. | Vagrant Cascadian <vagrant@debian.org> | no | 2021-04-25 | ||
| 0031-Disable-substitue-deduplication-test-when-network-is.patch | [PATCH 31/32] Disable "substitue, deduplication" test when network is unavailable. | Vagrant Cascadian <vagrant@debian.org> | no | 2021-04-25 | ||
| guix-daemon-openrc-fixes | Fix path to guix-daemon and use the _guixbuild group. =================================================================== |
no | ||||
| tests-disable-guix-shell-test | =================================================================== | no | ||||
| more-disabled-tests | =================================================================== | no | ||||
| use-c-utf8-locale | Use the C.UTF-8 locale for guix-daemon and guix-publish. https://bugs.debian.org/1012536 =================================================================== |
no | ||||
| tests-skip-guix-home-no-localstatedir | =================================================================== | no | ||||
| tests-disable-trivial-with-allowed-references | diff --git a/tests/packages.scm b/tests/packages.scm index 3506f94f91..3bc5ccb286 100644 |
no | ||||
| tests-disable-lower-object-computed-file | diff --git a/tests/gexp.scm b/tests/gexp.scm index ad8e1d57b8..9a2e144377 100644 |
no | ||||
| tests-disable-guix-hash-git | guix hash -S git requires disarchive, which is not yet available in Debian. diff --git a/tests/guix-hash.sh b/tests/guix-hash.sh index 8b03c7985d..bbde6b5c88 100644 |
no | ||||
| tests-disable-pypi-guix-package-no-wheel | =================================================================== | no | ||||
| tests-gexp.scm-references-file-Skip-test-depending-o.patch | [PATCH] tests/gexp.scm: references-file: Skip test depending on bootstrap binaries when network is not reachable. | Vagrant Cascadian <vagrant@reproducible-builds.org> | no | 2022-10-23 | ||
| tests-build-utils.scm-Disable-wrap-script-tests-if-n.patch | [PATCH 1/3] tests/build-utils.scm: Disable wrap-script tests if network unavailable. May require bootstrap binaries. |
Vagrant Cascadian <vagrant@debian.org> | no | 2022-10-26 | ||
| tests-guix-shell-export-manifest.sh-Disable-test-req.patch | [PATCH 2/3] tests/guix-shell-export-manifest.sh: Disable test, requires bootstrap binaries. | Vagrant Cascadian <vagrant@debian.org> | no | 2022-10-26 | ||
| tests-profiles.scm-Disable-profile-derivation-format.patch | [PATCH 3/3] tests/profiles.scm: Disable "profile-derivation format version 3" and "deduplication of repeated entries", requires bootstrap binaries. |
Vagrant Cascadian <vagrant@debian.org> | no | 2022-10-26 | ||
| security/0001-daemon-Protect-against-FD-escape-when-building-fixed.patch | [PATCH 01/36] daemon: Protect against FD escape when building fixed-output derivations (CVE-2024-27297). This fixes a security issue (CVE-2024-27297) whereby a fixed-output derivation build process could open a writable file descriptor to its output, send it to some outside process for instance over an abstract AF_UNIX socket, which would then allow said process to modify the file in the store after it has been marked as “valid”. Vulnerability discovered by puck <https://github.com/puckipedia>. Nix security advisory: https://github.com/NixOS/nix/security/advisories/GHSA-2ffj-w4mj-pg37 Nix fix: https://github.com/NixOS/nix/commit/244f3eee0bbc7f11e9b383a15ed7368e2c4becc9 * nix/libutil/util.cc (readDirectory): Add variants that take a DIR* and a file descriptor. Rewrite the ‘Path’ variant accordingly. (copyFile, copyFileRecursively): New functions. * nix/libutil/util.hh (copyFileRecursively): New declaration. * nix/libstore/build.cc (DerivationGoal::buildDone): When ‘fixedOutput’ is true, call ‘copyFileRecursively’ followed by ‘rename’ on each output. |
=?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@gnu.org> | no | 2024-03-11 | ||
| security/0032-daemon-Address-shortcoming-in-previous-security-fix-.patch | [PATCH 32/36] daemon: Address shortcoming in previous security fix for CVE-2024-27297. This is a followup to 8f4ffb3fae133bb21d7991e97c2f19a7108b1143. Commit 8f4ffb3fae133bb21d7991e97c2f19a7108b1143 fell short in two performed in a chroot, which is the case for all of them except those using “builtin:download” and “builtin:git-download”, and (2) it did not preserve ownership when copying, leading to “suspicious ownership or permission […] rejecting this build output” errors. * nix/libstore/build.cc (DerivationGoal::buildDone): Account for ‘chrootRootDir’ when copying ‘drv.outputs’. * nix/libutil/util.cc (copyFileRecursively): Add ‘fchown’ and ‘fchownat’ calls to preserve file ownership; this is necessary for chrooted fixed-output derivation builds. * nix/libutil/util.hh: Update comment. |
=?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@gnu.org> | no | 2024-03-12 |