GNU bug report logs -
#30709
[PATCH 0/4] Add debootstrap
Previous Next
Reported by: Efraim Flashner <efraim <at> flashner.co.il>
Date: Mon, 5 Mar 2018 09:27:01 UTC
Severity: normal
Tags: patch
Done: Efraim Flashner <efraim <at> flashner.co.il>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 30709 in the body.
You can then email your comments to 30709 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
guix-patches <at> gnu.org:
bug#30709; Package
guix-patches.
(Mon, 05 Mar 2018 09:27:02 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Efraim Flashner <efraim <at> flashner.co.il>:
New bug report received and forwarded. Copy sent to
guix-patches <at> gnu.org.
(Mon, 05 Mar 2018 09:27:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
From time to time having a debian (or ubuntu) chroot is useful, so I
figured there was no reason to keep my patches for debootstrap in my
GUIX_PACKAGE_PATH, so here's the patches necessary to make it work.
debootstrap uses 'ar' from binutils to extract the .debs it downloads,
gnupg and the keyrings to verify the binaries, and perl for the actual
building. There's no perl to patch from the script, its from what is
actually downloaded. With the propagated inputs, it should be possible
to run 'guix environment -C -N --ad-hoc debootstrap -- debootstrap ...'
Efraim Flashner (4):
gnu: Add jetring.
gnu: Add debian-archive-keyring.
gnu: Add ubuntu-keyring.
gnu: Add debootstrap.
gnu/local.mk | 1 +
gnu/packages/debian.scm | 170 ++++++++++++++++++++++++++++++++++++++++++++++++
gnu/packages/gnupg.scm | 49 +++++++++++++-
3 files changed, 219 insertions(+), 1 deletion(-)
create mode 100644 gnu/packages/debian.scm
--
2.16.2
Information forwarded
to
guix-patches <at> gnu.org:
bug#30709; Package
guix-patches.
(Mon, 05 Mar 2018 09:30:02 GMT)
Full text and
rfc822 format available.
Message #8 received at 30709 <at> debbugs.gnu.org (full text, mbox):
* gnu/packages/gnupg.scm (jetring): New variable.
---
gnu/packages/gnupg.scm | 49 ++++++++++++++++++++++++++++++++++++++++++++++++-
1 file changed, 48 insertions(+), 1 deletion(-)
diff --git a/gnu/packages/gnupg.scm b/gnu/packages/gnupg.scm
index eeab5c5af..d6b41da2d 100644
--- a/gnu/packages/gnupg.scm
+++ b/gnu/packages/gnupg.scm
@@ -4,7 +4,7 @@
;;; Copyright © 2014 Eric Bavier <bavier <at> member.fsf.org>
;;; Copyright © 2014, 2015, 2016 Mark H Weaver <mhw <at> netris.org>
;;; Copyright © 2015 Paul van der Walt <paul <at> denknerd.org>
-;;; Copyright © 2015, 2016, 2017 Efraim Flashner <efraim <at> flashner.co.il>
+;;; Copyright © 2015, 2016, 2017, 2018 Efraim Flashner <efraim <at> flashner.co.il>
;;; Copyright © 2015, 2016, 2017 Ricardo Wurmus <rekado <at> elephly.net>
;;; Copyright © 2016 Christopher Allan Webber <cwebber <at> dustycloud.org>
;;; Copyright © 2016, 2017 ng0 <ng0 <at> infotropique.org>
@@ -929,3 +929,50 @@ keyring content. Parcimonie is a daemon that fetches one key at a time using
the Tor network, waits a bit, changes the Tor circuit being used, and starts
over.")
(license license:gpl1+)))
+
+(define-public jetring
+ (package
+ (name "jetring")
+ (version "0.25")
+ (source
+ (origin
+ (method url-fetch)
+ (uri (string-append "mirror://debian/pool/main/j/" name "/"
+ name "_" version ".tar.xz"))
+ (sha256
+ (base32
+ "0shcnnw0h31b08vmnvf18ni33dg40w18wv9smb69vkklz3h4jhpw"))))
+ (build-system gnu-build-system)
+ (arguments
+ '(#:phases
+ (modify-phases %standard-phases
+ (delete 'configure) ; no configure script
+ (replace 'install
+ (lambda* (#:key outputs #:allow-other-keys)
+ (let* ((out (assoc-ref outputs "out"))
+ (man (string-append out "/share/man")))
+ (for-each (lambda (file)
+ (install-file file (string-append out "/bin/")))
+ '("jetring-accept" "jetring-apply" "jetring-build"
+ "jetring-checksum" "jetring-diff" "jetring-explode"
+ "jetring-gen" "jetring-review" "jetring-signindex"))
+ (for-each (lambda (file)
+ (install-file file (string-append man "/man1/")))
+ (find-files "." ".*\\.1$"))
+ (install-file "jetring.7" (string-append man "/man7/"))
+ #t))))
+ #:tests? #f)) ; no test phase
+ (native-inputs `(("gnupg" ,gnupg)))
+ (inputs `(("perl" ,perl)))
+ (home-page "https://joeyh.name/code/jetring/")
+ (synopsis "Gpg keyring maintenance using changesets")
+ (description
+ "Jetring is a collection of tools that allow for gpg keyrings to be
+maintained using changesets. It was developed with the Debian keyring in mind,
+and aims to solve the problem that a gpg keyring is a binary blob that's hard
+for multiple people to collaboratively edit.
+With jetring, changesets can be submitted, reviewed to see exactly what they
+will do, applied, and used to build a keyring. The origin of every change made
+to the keyring is available for auditing, and gpg signatures can be used to
+further secure things.")
+ (license license:gpl2+)))
--
2.16.2
Information forwarded
to
guix-patches <at> gnu.org:
bug#30709; Package
guix-patches.
(Mon, 05 Mar 2018 09:30:02 GMT)
Full text and
rfc822 format available.
Message #11 received at 30709 <at> debbugs.gnu.org (full text, mbox):
* gnu/packages/debian.scm (debian-archive-keyring): New variable.
* gnu/local.mk (GNU_SYSTEM_MODULES): Add it.
---
gnu/local.mk | 1 +
gnu/packages/debian.scm | 62 +++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 63 insertions(+)
create mode 100644 gnu/packages/debian.scm
diff --git a/gnu/local.mk b/gnu/local.mk
index d091a89b8..38a2afe91 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -120,6 +120,7 @@ GNU_SYSTEM_MODULES = \
%D%/packages/datastructures.scm \
%D%/packages/dav.scm \
%D%/packages/dc.scm \
+ %D%/packages/debian.scm \
%D%/packages/debug.scm \
%D%/packages/dejagnu.scm \
%D%/packages/dico.scm \
diff --git a/gnu/packages/debian.scm b/gnu/packages/debian.scm
new file mode 100644
index 000000000..70131ff45
--- /dev/null
+++ b/gnu/packages/debian.scm
@@ -0,0 +1,62 @@
+;;; Copyright © 2018 Efraim Flashner <efraim <at> flashner.co.il>
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu packages debian)
+ #:use-module ((guix licenses) #:prefix license:)
+ #:use-module (guix download)
+ #:use-module (guix packages)
+ #:use-module (guix build-system gnu)
+ #:use-module (gnu packages gnupg))
+
+(define-public debian-archive-keyring
+ (package
+ (name "debian-archive-keyring")
+ (version "2017.7")
+ (source
+ (origin
+ (method url-fetch)
+ (uri (string-append "mirror://debian/pool/main/d/" name "/"
+ name "_" version ".tar.xz"))
+ (sha256
+ (base32
+ "1pdwgipfi0y4svhxlw8arhq792f1g3vlmw4raphizy7sa65vd4ca"))))
+ (build-system gnu-build-system)
+ (arguments
+ '(#:test-target "verify-results"
+ #:parallel-build? #f ; has race conditions
+ #:phases
+ (modify-phases %standard-phases
+ (delete 'configure) ; no configure script
+ (replace 'install
+ (lambda* (#:key outputs #:allow-other-keys)
+ (let* ((out (assoc-ref outputs "out"))
+ (apt (string-append out "/etc/apt/trusted.gpg.d/"))
+ (key (string-append out "/share/keyrings/")))
+ (install-file "keyrings/debian-archive-keyring.gpg" key)
+ (install-file "keyrings/debian-archive-removed-keys.gpg" key)
+ (for-each (lambda (file)
+ (install-file file apt))
+ (find-files "trusted.gpg" "\\.gpg$")))
+ #t)))))
+ (native-inputs
+ `(("gnupg" ,gnupg)
+ ("jetring" ,jetring)))
+ (home-page "https://packages.qa.debian.org/d/debian-archive-keyring.html")
+ (synopsis "GnuPG archive keys of the Debian archive")
+ (description
+ "The Debian project digitally signs its Release files. This package
+contains the archive keys used for that.")
+ (license (list license:public-domain ; the keys
+ license:gpl2+)))) ; see debian/copyright
--
2.16.2
Information forwarded
to
guix-patches <at> gnu.org:
bug#30709; Package
guix-patches.
(Mon, 05 Mar 2018 09:30:03 GMT)
Full text and
rfc822 format available.
Message #14 received at 30709 <at> debbugs.gnu.org (full text, mbox):
* gnu/packages/debian.scm (ubuntu-keyring): New variable.
---
gnu/packages/debian.scm | 43 +++++++++++++++++++++++++++++++++++++++++++
1 file changed, 43 insertions(+)
diff --git a/gnu/packages/debian.scm b/gnu/packages/debian.scm
index 70131ff45..5eda5e849 100644
--- a/gnu/packages/debian.scm
+++ b/gnu/packages/debian.scm
@@ -18,6 +18,9 @@
#:use-module (guix download)
#:use-module (guix packages)
#:use-module (guix build-system gnu)
+ #:use-module (guix build-system trivial)
+ #:use-module (gnu packages base)
+ #:use-module (gnu packages compression)
#:use-module (gnu packages gnupg))
(define-public debian-archive-keyring
@@ -60,3 +63,43 @@
contains the archive keys used for that.")
(license (list license:public-domain ; the keys
license:gpl2+)))) ; see debian/copyright
+
+(define-public ubuntu-keyring
+ (package
+ (name "ubuntu-keyring")
+ (version "2018.02.28")
+ (source
+ (origin
+ (method url-fetch)
+ (uri (string-append "https://launchpad.net/ubuntu/+archive/primary/"
+ "+files/" name "_" version ".tar.gz"))
+ (sha256
+ (base32
+ "1zj3012cz7rlx9pm39wnwa0lmi1h38n6bkgbz81vnmcsvqsc9a3a"))))
+ (build-system trivial-build-system)
+ (arguments
+ `(#:modules ((guix build utils))
+ #:builder (begin
+ (use-modules (guix build utils))
+ (let* ((out (assoc-ref %outputs "out"))
+ (apt (string-append out "/etc/apt/trusted.gpg.d/"))
+ (key (string-append out "/share/keyrings/")))
+ (setenv "PATH" (string-append
+ (assoc-ref %build-inputs "gzip") "/bin:"
+ (assoc-ref %build-inputs "tar") "/bin"))
+ (invoke "tar" "xvf" (assoc-ref %build-inputs "source"))
+ (for-each (lambda (file)
+ (install-file file key)
+ (install-file file apt))
+ (find-files "." "\\.gpg$")))
+ #t)))
+ (native-inputs
+ `(("tar" ,tar)
+ ("gzip" ,gzip)))
+ (home-page "https://launchpad.net/ubuntu/+source/ubuntu-keyring")
+ (synopsis "GnuPG keys of the Ubuntu archive")
+ (description
+ "The Ubuntu project digitally signs its Release files. This package
+contains the archive keys used for that.")
+ (license (list license:public-domain ; the keys
+ license:gpl2+)))) ; see debian/copyright
--
2.16.2
Information forwarded
to
guix-patches <at> gnu.org:
bug#30709; Package
guix-patches.
(Mon, 05 Mar 2018 09:30:04 GMT)
Full text and
rfc822 format available.
Message #17 received at 30709 <at> debbugs.gnu.org (full text, mbox):
* gnu/packages/debian.scm (debootstrap): New variable.
---
gnu/packages/debian.scm | 67 ++++++++++++++++++++++++++++++++++++++++++++++++-
1 file changed, 66 insertions(+), 1 deletion(-)
diff --git a/gnu/packages/debian.scm b/gnu/packages/debian.scm
index 5eda5e849..15dcd64e8 100644
--- a/gnu/packages/debian.scm
+++ b/gnu/packages/debian.scm
@@ -16,12 +16,15 @@
(define-module (gnu packages debian)
#:use-module ((guix licenses) #:prefix license:)
#:use-module (guix download)
+ #:use-module (guix git-download)
#:use-module (guix packages)
#:use-module (guix build-system gnu)
#:use-module (guix build-system trivial)
#:use-module (gnu packages base)
#:use-module (gnu packages compression)
- #:use-module (gnu packages gnupg))
+ #:use-module (gnu packages gnupg)
+ #:use-module (gnu packages perl)
+ #:use-module (gnu packages wget))
(define-public debian-archive-keyring
(package
@@ -103,3 +106,65 @@ contains the archive keys used for that.")
contains the archive keys used for that.")
(license (list license:public-domain ; the keys
license:gpl2+)))) ; see debian/copyright
+
+(define-public debootstrap
+ (package
+ (name "debootstrap")
+ (version "1.0.93")
+ (source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://anonscm.debian.org/cgit/d-i/debootstrap.git")
+ (commit version)))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32
+ "1jxq91602a152c56l2f8kzkiszp26cziqddcs4v695bcif72kfz6"))))
+ (build-system gnu-build-system)
+ (arguments
+ `(#:phases
+ (modify-phases %standard-phases
+ (delete 'configure)
+ (delete 'build)
+ (add-after 'unpack 'patch-source
+ (lambda* (#:key inputs outputs #:allow-other-keys)
+ (let ((out (assoc-ref outputs "out"))
+ (debian (assoc-ref %build-inputs "debian"))
+ (ubuntu (assoc-ref %build-inputs "ubuntu")))
+ (substitute* "scripts/sid"
+ (("/usr") debian))
+ (substitute* "scripts/gutsy"
+ (("/usr") ubuntu))
+ (substitute* "debootstrap"
+ (("=/usr") (string-append "=" out))
+ (("@VERSION@") ,version))
+ (substitute* "functions"
+ (("wget ") (string-append (which "wget") " ")))
+ #t)))
+ (replace 'install
+ (lambda* (#:key outputs #:allow-other-keys)
+ (let ((out (assoc-ref outputs "out")))
+ (copy-recursively "scripts"
+ (string-append out "/share/debootstrap/scripts"))
+ (install-file "functions" (string-append out "/share/debootstrap"))
+ (install-file "debootstrap" (string-append out "/sbin"))
+ (install-file "debootstrap.8" (string-append out "/share/man/man8"))
+ #t))))
+ #:tests? #f)) ; no tests
+ (inputs
+ `(("debian" ,debian-archive-keyring)
+ ("ubuntu" ,ubuntu-keyring)
+ ("wget" ,wget)))
+ ;; The following are required for debootstrap to work correctly
+ (propagated-inputs
+ `(("binutils" ,binutils)
+ ("gnupg" ,gnupg)
+ ("perl" ,perl)))
+ (home-page "https://anonscm.debian.org/cgit/d-i/debootstrap.git")
+ (synopsis "Bootstrap a basic Debian system")
+ (description "Debootstrap is used to create a Debian base system from
+scratch, without requiring the availability of @code{dpkg} or @code{apt}.
+It does this by downloading .deb files from a mirror site, and carefully
+unpacking them into a directory which can eventually be chrooted into.")
+ (license license:gpl2)))
--
2.16.2
Information forwarded
to
guix-patches <at> gnu.org:
bug#30709; Package
guix-patches.
(Sat, 10 Mar 2018 09:30:02 GMT)
Full text and
rfc822 format available.
Message #20 received at 30709 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Efraim Flashner <efraim <at> flashner.co.il> writes:
> * gnu/packages/gnupg.scm (jetring): New variable.
[...]
> + (build-system gnu-build-system)
> + (arguments
> + '(#:phases
> + (modify-phases %standard-phases
> + (delete 'configure) ; no configure script
> + (replace 'install
> + (lambda* (#:key outputs #:allow-other-keys)
> + (let* ((out (assoc-ref outputs "out"))
> + (man (string-append out "/share/man")))
> + (for-each (lambda (file)
> + (install-file file (string-append out "/bin/")))
> + '("jetring-accept" "jetring-apply" "jetring-build"
> + "jetring-checksum" "jetring-diff" "jetring-explode"
> + "jetring-gen" "jetring-review" "jetring-signindex"))
> + (for-each (lambda (file)
> + (install-file file (string-append man "/man1/")))
> + (find-files "." ".*\\.1$"))
> + (install-file "jetring.7" (string-append man "/man7/"))
> + #t))))
> + #:tests? #f)) ; no test phase
> + (native-inputs `(("gnupg" ,gnupg)))
What is GnuPG used for here? I would assume it was a "normal" input.
> + (inputs `(("perl" ,perl)))
> + (home-page "https://joeyh.name/code/jetring/")
> + (synopsis "Gpg keyring maintenance using changesets")
s/Gpg/GnuPG/
> + (description
> + "Jetring is a collection of tools that allow for gpg keyrings to be
> +maintained using changesets. It was developed with the Debian keyring in mind,
> +and aims to solve the problem that a gpg keyring is a binary blob that's hard
> +for multiple people to collaboratively edit.
\n
> +With jetring, changesets can be submitted, reviewed to see exactly what they
> +will do, applied, and used to build a keyring. The origin of every change made
> +to the keyring is available for auditing, and gpg signatures can be used to
> +further secure things.")
s/to further secure things/for integrity guarantees/ (IMO)
It would be good with an explanation of what a changeset is or how it
works, but LGTM either way.
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to
guix-patches <at> gnu.org:
bug#30709; Package
guix-patches.
(Sat, 10 Mar 2018 09:31:02 GMT)
Full text and
rfc822 format available.
Message #23 received at 30709 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Efraim Flashner <efraim <at> flashner.co.il> writes:
> * gnu/packages/debian.scm (debian-archive-keyring): New variable.
> * gnu/local.mk (GNU_SYSTEM_MODULES): Add it.
LGTM.
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to
guix-patches <at> gnu.org:
bug#30709; Package
guix-patches.
(Sat, 10 Mar 2018 09:34:01 GMT)
Full text and
rfc822 format available.
Message #26 received at 30709 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Efraim Flashner <efraim <at> flashner.co.il> writes:
> * gnu/packages/debian.scm (ubuntu-keyring): New variable.
[...]
> + (build-system trivial-build-system)
> + (arguments
> + `(#:modules ((guix build utils))
> + #:builder (begin
> + (use-modules (guix build utils))
> + (let* ((out (assoc-ref %outputs "out"))
> + (apt (string-append out "/etc/apt/trusted.gpg.d/"))
> + (key (string-append out "/share/keyrings/")))
> + (setenv "PATH" (string-append
> + (assoc-ref %build-inputs "gzip") "/bin:"
> + (assoc-ref %build-inputs "tar") "/bin"))
> + (invoke "tar" "xvf" (assoc-ref %build-inputs "source"))
> + (for-each (lambda (file)
> + (install-file file key)
> + (install-file file apt))
> + (find-files "." "\\.gpg$")))
> + #t)))
Why is having the same files in out/share/keyrings and
out/etc/apt/trusted.gpg.d necessary?
(this was perhaps the case with the Debian keyring too?)
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to
guix-patches <at> gnu.org:
bug#30709; Package
guix-patches.
(Sat, 10 Mar 2018 09:49:02 GMT)
Full text and
rfc822 format available.
Message #29 received at 30709 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Efraim Flashner <efraim <at> flashner.co.il> writes:
> * gnu/packages/debian.scm (debootstrap): New variable.
Thanks for packaging this! I've worked on this too, and actually
packaged 'dpkg' separately. Yet somehow I did not need to package the
keyrings (I guess it is necessary to work offline?).
Some comments inline, and my dpkg and debootstrap patches attached for
comparison. Feel free to take inspiration from both.
> +(define-public debootstrap
> + (package
> + (name "debootstrap")
> + (version "1.0.93")
> + (source
> + (origin
> + (method git-fetch)
> + (uri (git-reference
> + (url "https://anonscm.debian.org/cgit/d-i/debootstrap.git")
> + (commit version)))
> + (file-name (git-file-name name version))
Why use the git downloader here?
> + (sha256
> + (base32
> + "1jxq91602a152c56l2f8kzkiszp26cziqddcs4v695bcif72kfz6"))))
> + (build-system gnu-build-system)
> + (arguments
> + `(#:phases
> + (modify-phases %standard-phases
> + (delete 'configure)
> + (delete 'build)
> + (add-after 'unpack 'patch-source
> + (lambda* (#:key inputs outputs #:allow-other-keys)
> + (let ((out (assoc-ref outputs "out"))
> + (debian (assoc-ref %build-inputs "debian"))
> + (ubuntu (assoc-ref %build-inputs "ubuntu")))
Use (assoc-ref inputs "debian") instead of accessing the global
%build-inputs. I'd also call them "debian-keyring" and "ubuntu-keyring"
to make it clearer what's going on down below.
> + (substitute* "scripts/sid"
> + (("/usr") debian))
> + (substitute* "scripts/gutsy"
> + (("/usr") ubuntu))
> + (substitute* "debootstrap"
> + (("=/usr") (string-append "=" out))
> + (("@VERSION@") ,version))
If you don't delete the build phase, @VERSION@ should be automatically
expanded to the correct value, methinks.
> + (substitute* "functions"
> + (("wget ") (string-append (which "wget") " ")))
> + #t)))
> + (replace 'install
> + (lambda* (#:key outputs #:allow-other-keys)
> + (let ((out (assoc-ref outputs "out")))
> + (copy-recursively "scripts"
> + (string-append out "/share/debootstrap/scripts"))
> + (install-file "functions" (string-append out "/share/debootstrap"))
> + (install-file "debootstrap" (string-append out "/sbin"))
> + (install-file "debootstrap.8" (string-append out "/share/man/man8"))
> + #t))))
Similarly, passing DESTDIR in #:make-flags should make this unnecessary.
> + #:tests? #f)) ; no tests
> + (inputs
> + `(("debian" ,debian-archive-keyring)
> + ("ubuntu" ,ubuntu-keyring)
> + ("wget" ,wget)))
> + ;; The following are required for debootstrap to work correctly
> + (propagated-inputs
> + `(("binutils" ,binutils)
> + ("gnupg" ,gnupg)
> + ("perl" ,perl)))
> + (home-page "https://anonscm.debian.org/cgit/d-i/debootstrap.git")
> + (synopsis "Bootstrap a basic Debian system")
> + (description "Debootstrap is used to create a Debian base system from
> +scratch, without requiring the availability of @code{dpkg} or @code{apt}.
> +It does this by downloading .deb files from a mirror site, and carefully
> +unpacking them into a directory which can eventually be chrooted into.")
> + (license license:gpl2)))
I have not tried this debootstrap, but when testing the attached patch,
I found that debootstrap would fail on the first attempt, but simply
trying again made everything work. Did you experience this? Note that
I did not propagate binutils, perhaps that was the problem.
Or the confusion between Guix dpkg and the debootstrapped dpkg.
Behold...
[0001-gnu-Add-dpkg.patch (text/x-patch, attachment)]
[0002-gnu-Add-debootstrap.patch (text/x-patch, attachment)]
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to
guix-patches <at> gnu.org:
bug#30709; Package
guix-patches.
(Sun, 11 Mar 2018 10:12:01 GMT)
Full text and
rfc822 format available.
Message #32 received at 30709 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
On Sat, Mar 10, 2018 at 10:29:14AM +0100, Marius Bakke wrote:
> Efraim Flashner <efraim <at> flashner.co.il> writes:
>
> > * gnu/packages/gnupg.scm (jetring): New variable.
>
> [...]
>
> > + (build-system gnu-build-system)
> > + (arguments
> > + '(#:phases
> > + (modify-phases %standard-phases
> > + (delete 'configure) ; no configure script
> > + (replace 'install
> > + (lambda* (#:key outputs #:allow-other-keys)
> > + (let* ((out (assoc-ref outputs "out"))
> > + (man (string-append out "/share/man")))
> > + (for-each (lambda (file)
> > + (install-file file (string-append out "/bin/")))
> > + '("jetring-accept" "jetring-apply" "jetring-build"
> > + "jetring-checksum" "jetring-diff" "jetring-explode"
> > + "jetring-gen" "jetring-review" "jetring-signindex"))
> > + (for-each (lambda (file)
> > + (install-file file (string-append man "/man1/")))
> > + (find-files "." ".*\\.1$"))
> > + (install-file "jetring.7" (string-append man "/man7/"))
> > + #t))))
> > + #:tests? #f)) ; no test phase
> > + (native-inputs `(("gnupg" ,gnupg)))
>
> What is GnuPG used for here? I would assume it was a "normal" input.
>
It's used in jetring-build, and assumably in other scripts. It would
probably be best to wrap jetring with gnupg.
> > + (inputs `(("perl" ,perl)))
> > + (home-page "https://joeyh.name/code/jetring/")
> > + (synopsis "Gpg keyring maintenance using changesets")
>
> s/Gpg/GnuPG/
>
> > + (description
> > + "Jetring is a collection of tools that allow for gpg keyrings to be
> > +maintained using changesets. It was developed with the Debian keyring in mind,
> > +and aims to solve the problem that a gpg keyring is a binary blob that's hard
> > +for multiple people to collaboratively edit.
>
> \n
>
> > +With jetring, changesets can be submitted, reviewed to see exactly what they
> > +will do, applied, and used to build a keyring. The origin of every change made
> > +to the keyring is available for auditing, and gpg signatures can be used to
> > +further secure things.")
>
> s/to further secure things/for integrity guarantees/ (IMO)
>
> It would be good with an explanation of what a changeset is or how it
> works, but LGTM either way.
--
Efraim Flashner <efraim <at> flashner.co.il> אפרים פלשנר
GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to
guix-patches <at> gnu.org:
bug#30709; Package
guix-patches.
(Mon, 12 Mar 2018 18:43:02 GMT)
Full text and
rfc822 format available.
Message #35 received at 30709 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
On Sat, Mar 10, 2018 at 10:33:21AM +0100, Marius Bakke wrote:
> Efraim Flashner <efraim <at> flashner.co.il> writes:
>
> > * gnu/packages/debian.scm (ubuntu-keyring): New variable.
>
> [...]
>
> > + (build-system trivial-build-system)
> > + (arguments
> > + `(#:modules ((guix build utils))
> > + #:builder (begin
> > + (use-modules (guix build utils))
> > + (let* ((out (assoc-ref %outputs "out"))
> > + (apt (string-append out "/etc/apt/trusted.gpg.d/"))
> > + (key (string-append out "/share/keyrings/")))
> > + (setenv "PATH" (string-append
> > + (assoc-ref %build-inputs "gzip") "/bin:"
> > + (assoc-ref %build-inputs "tar") "/bin"))
> > + (invoke "tar" "xvf" (assoc-ref %build-inputs "source"))
> > + (for-each (lambda (file)
> > + (install-file file key)
> > + (install-file file apt))
> > + (find-files "." "\\.gpg$")))
> > + #t)))
>
> Why is having the same files in out/share/keyrings and
> out/etc/apt/trusted.gpg.d necessary?
>
> (this was perhaps the case with the Debian keyring too?)
This wasn't actually the case for the Debian keyring, I was more careful
about installing the keyring files to the correct directories. I've gone
ahead and fixed the Ubuntu ones.
$ apt-file show debian-archive-keyring
debian-archive-keyring: /etc/apt/trusted.gpg.d/debian-archive-jessie-automatic.gpg
debian-archive-keyring: /etc/apt/trusted.gpg.d/debian-archive-jessie-security-automatic.gpg
debian-archive-keyring: /etc/apt/trusted.gpg.d/debian-archive-jessie-stable.gpg
debian-archive-keyring: /etc/apt/trusted.gpg.d/debian-archive-squeeze-automatic.gpg
debian-archive-keyring: /etc/apt/trusted.gpg.d/debian-archive-squeeze-stable.gpg
debian-archive-keyring: /etc/apt/trusted.gpg.d/debian-archive-wheezy-automatic.gpg
debian-archive-keyring: /etc/apt/trusted.gpg.d/debian-archive-wheezy-stable.gpg
debian-archive-keyring: /usr/share/doc/debian-archive-keyring/README
debian-archive-keyring: /usr/share/doc/debian-archive-keyring/changelog.gz
debian-archive-keyring: /usr/share/doc/debian-archive-keyring/copyright
debian-archive-keyring: /usr/share/keyrings/debian-archive-keyring.gpg
debian-archive-keyring: /usr/share/keyrings/debian-archive-removed-keys.gpg
$ tree /gnu/store/af8qx6kva04fzxm13sbjb998h1sqbrrz-debian-archive-keyring-2017.7/
/gnu/store/af8qx6kva04fzxm13sbjb998h1sqbrrz-debian-archive-keyring-2017.7/
|-- etc
| `-- apt
| `-- trusted.gpg.d
| |-- debian-archive-jessie-automatic.gpg
| |-- debian-archive-jessie-security-automatic.gpg
| |-- debian-archive-jessie-stable.gpg
| |-- debian-archive-stretch-automatic.gpg
| |-- debian-archive-stretch-security-automatic.gpg
| |-- debian-archive-stretch-stable.gpg
| |-- debian-archive-wheezy-automatic.gpg
| `-- debian-archive-wheezy-stable.gpg
`-- share
`-- keyrings
|-- debian-archive-keyring.gpg
`-- debian-archive-removed-keys.gpg
$ apt-file show ubuntu-keyring
ubuntu-keyring: /usr/share/doc/ubuntu-keyring/README.gz
ubuntu-keyring: /usr/share/doc/ubuntu-keyring/changelog.gz
ubuntu-keyring: /usr/share/doc/ubuntu-keyring/copyright
ubuntu-keyring: /usr/share/keyrings/ubuntu-archive-keyring.gpg
ubuntu-keyring: /usr/share/keyrings/ubuntu-archive-removed-keys.gpg
ubuntu-keyring: /usr/share/keyrings/ubuntu-master-keyring.gpg
$ tree /gnu/store/iayj7kvhd7y6dl50gf6i63calgirj6ry-ubuntu-keyring-2018.02.28/
/gnu/store/iayj7kvhd7y6dl50gf6i63calgirj6ry-ubuntu-keyring-2018.02.28/
|-- etc
| `-- apt
| `-- trusted.gpg.d
| |-- ubuntu-cloud-keyring.gpg
| |-- ubuntu-cloud-removed-keys.gpg
| |-- ubuntu-cloudimage-keyring.gpg
| |-- ubuntu-cloudimage-removed-keys.gpg
| |-- ubuntu-dbgsym-keyring.gpg
| |-- ubuntu-dbgsym-removed-keys.gpg
| |-- ubuntu-keyring-2012-archive.gpg
| |-- ubuntu-keyring-2012-cdimage.gpg
| |-- ubuntu-keyring-2012-cloud-archive.gpg
| `-- ubuntu-keyring-2016-dbgsym.gpg
`-- share
`-- keyrings
|-- ubuntu-archive-keyring.gpg
|-- ubuntu-archive-removed-keys.gpg
`-- ubuntu-master-keyring.gpg
--
Efraim Flashner <efraim <at> flashner.co.il> אפרים פלשנר
GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted
[signature.asc (application/pgp-signature, inline)]
Reply sent
to
Efraim Flashner <efraim <at> flashner.co.il>:
You have taken responsibility.
(Thu, 22 Mar 2018 12:46:01 GMT)
Full text and
rfc822 format available.
Notification sent
to
Efraim Flashner <efraim <at> flashner.co.il>:
bug acknowledged by developer.
(Thu, 22 Mar 2018 12:46:01 GMT)
Full text and
rfc822 format available.
Message #40 received at 30709-done <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Pushed, closing this bug
--
Efraim Flashner <efraim <at> flashner.co.il> אפרים פלשנר
GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted
[signature.asc (application/pgp-signature, inline)]
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org.
(Fri, 20 Apr 2018 11:24:04 GMT)
Full text and
rfc822 format available.
This bug report was last modified 7 years and 121 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.