[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Fetching patches as origins instead of copying them into the Guix Gi
|
From: |
Alex Vong |
|
Subject: |
Re: Fetching patches as origins instead of copying them into the Guix Git repo |
|
Date: |
Sun, 03 Sep 2017 01:09:32 +0800 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/25.2 (gnu/linux) |
Marius Bakke <address@hidden> writes:
> Leo Famulari <address@hidden> writes:
>
>> On Thu, Aug 31, 2017 at 09:52:49PM +0200, Marius Bakke wrote:
>>> Side note: I think we should start adding patches as origins instead of
>>> copying them wholesale, to try and keep the git repository slim.
>>
>> We should make a git-minimal package for things like this, or use
>> guile-git / libgit2. Git itself is a very "heavy" package.
>
> No, I mean adding patches like this:
>
> (define %CVE-1970-0001.patch
> (origin
> (method url-fetch)
> (uri "https://example.com/CVE-2017-0001.patch";)
> (sha256
> (base32
> "12c60iwxyc3rj6ih06a1g80vmkf8khvhm44xr9va4h21b74v8f5k"))))
>
> (package
> (...
> (patches (list (search-patch "guix-specific-stuff.patch")
> %CVE-1970-0001.patch)))
>
> That only requires the built-in guix downloader.
Are you suggesting we should download the patch directly from upstream
or security advisory if they provide it and fall back to copying if they
don't?
signature.asc
Description: PGP signature
- Re: Fetching patches as origins instead of copying them into the Guix Git repo,
Alex Vong <=