HCoop / jackhill / guix / guix.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
gnu: Use HTTPS for almost all gnu.org HOME-PAGEs.
[jackhill/guix/guix.git] / gnu / packages / bash.scm
1 ;;; GNU Guix --- Functional package management for GNU
2 ;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
3 ;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org>
4 ;;; Copyright © 2015 Leo Famulari <leo@famulari.name>
5 ;;;
6 ;;; This file is part of GNU Guix.
7 ;;;
8 ;;; GNU Guix is free software; you can redistribute it and/or modify it
9 ;;; under the terms of the GNU General Public License as published by
10 ;;; the Free Software Foundation; either version 3 of the License, or (at
11 ;;; your option) any later version.
12 ;;;
13 ;;; GNU Guix is distributed in the hope that it will be useful, but
14 ;;; WITHOUT ANY WARRANTY; without even the implied warranty of
15 ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 ;;; GNU General Public License for more details.
17 ;;;
18 ;;; You should have received a copy of the GNU General Public License
19 ;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
20
21 (define-module (gnu packages bash)
22 #:use-module (guix licenses)
23 #:use-module (gnu packages)
24 #:use-module (gnu packages bootstrap)
25 #:use-module (gnu packages ncurses)
26 #:use-module (gnu packages readline)
27 #:use-module (gnu packages bison)
28 #:use-module (gnu packages linux)
29 #:use-module (guix packages)
30 #:use-module (guix download)
31 #:use-module (guix utils)
32 #:use-module (guix gexp)
33 #:use-module (guix monads)
34 #:use-module (guix store)
35 #:use-module (guix build-system gnu)
36 #:autoload (guix gnupg) (gnupg-verify*)
37 #:autoload (guix hash) (port-sha256)
38 #:autoload (guix base32) (bytevector->nix-base32-string)
39 #:use-module (srfi srfi-1)
40 #:use-module (srfi srfi-26)
41 #:use-module (ice-9 format))
42
43 (define (patch-url seqno)
44 "Return the URL of Bash patch number SEQNO."
45 (format #f "mirror://gnu/bash/bash-4.4-patches/bash44-~3,'0d" seqno))
46
47 (define (bash-patch seqno sha256)
48 "Return the origin of Bash patch SEQNO, with expected hash SHA256"
49 (origin
50 (method url-fetch)
51 (uri (patch-url seqno))
52 (sha256 sha256)))
53
54 (define-syntax-rule (patch-series (seqno hash) ...)
55 (list (bash-patch seqno (base32 hash))
56 ...))
57
58 (define %patch-series-4.4
59 ;; This is the current patches series for 4.4, generated using
60 ;; 'download-patches' below.
61 (patch-series))
62
63 (define (download-patches store count)
64 "Download COUNT Bash patches into store. Return a list of
65 number/base32-hash tuples, directly usable in the 'patch-series' form."
66 (unfold (cut > <> count)
67 (lambda (number)
68 (let* ((patch (download-to-store store (patch-url number)))
69 (sig (download-to-store store
70 (string-append (patch-url number)
71 ".sig"))))
72 (unless (gnupg-verify* sig patch)
73 (error "failed to verify signature" patch))
74
75 (list number
76 (bytevector->nix-base32-string
77 (call-with-input-file patch port-sha256)))))
78 1+
79 1))
80
81 (define-public bash
82 (let* ((cppflags (string-join '("-DSYS_BASHRC='\"/etc/bashrc\"'"
83 "-DSYS_BASH_LOGOUT='\"/etc/bash_logout\"'"
84 "-DDEFAULT_PATH_VALUE='\"/no-such-path\"'"
85 "-DSTANDARD_UTILS_PATH='\"/no-such-path\"'"
86 "-DNON_INTERACTIVE_LOGIN_SHELLS"
87 "-DSSH_SOURCE_BASHRC")
88 " "))
89 (configure-flags
90 ``("--with-installed-readline"
91 ,,(string-append "CPPFLAGS=" cppflags)
92 ,(string-append
93 "LDFLAGS=-Wl,-rpath -Wl,"
94 (assoc-ref %build-inputs "readline")
95 "/lib"
96 " -Wl,-rpath -Wl,"
97 (assoc-ref %build-inputs "ncurses")
98 "/lib")))
99 (version "4.4"))
100 (package
101 (name "bash")
102 (replacement bash/fixed)
103 (source (origin
104 (method url-fetch)
105 (uri (string-append
106 "mirror://gnu/bash/bash-" version ".tar.gz"))
107 (sha256
108 (base32
109 "1jyz6snd63xjn6skk7za6psgidsd53k05cr3lksqybi0q6936syq"))
110 (patch-flags '("-p0"))
111 (patches %patch-series-4.4)))
112 (version (string-append version "."
113 (number->string (length %patch-series-4.4))))
114 (build-system gnu-build-system)
115
116 (outputs '("out"
117 "doc" ;1.7 MiB of HTML and extra files
118 "include")) ;headers used by extensions
119 (inputs `(("readline" ,readline)
120 ("ncurses" ,ncurses))) ;TODO: add texinfo
121 (arguments
122 `(;; When cross-compiling, `configure' incorrectly guesses that job
123 ;; control is missing.
124 #:configure-flags ,(if (%current-target-system)
125 `(cons* "bash_cv_job_control_missing=no"
126 ,configure-flags)
127 configure-flags)
128
129 ;; Bash is reportedly not parallel-safe. See, for instance,
130 ;; <http://patches.openembedded.org/patch/32745/> and
131 ;; <http://git.buildroot.net/buildroot/commit/?h=79e2d802a>.
132 #:parallel-build? #f
133 #:parallel-tests? #f
134
135 ;; XXX: The tests have a lot of hard-coded paths, so disable them
136 ;; for now.
137 #:tests? #f
138
139 #:modules ((srfi srfi-26)
140 (guix build utils)
141 (guix build gnu-build-system))
142
143 #:phases
144 (modify-phases %standard-phases
145 (add-after 'install 'install-sh-symlink
146 (lambda* (#:key outputs #:allow-other-keys)
147 ;; Add a `sh' -> `bash' link.
148 (let ((out (assoc-ref outputs "out")))
149 (with-directory-excursion (string-append out "/bin")
150 (symlink "bash" "sh")))))
151
152 (add-after 'install 'move-development-files
153 (lambda* (#:key outputs #:allow-other-keys)
154 ;; Move 'Makefile.inc' and 'bash.pc' to "include" to avoid
155 ;; circular references among the outputs.
156 (let ((out (assoc-ref outputs "out"))
157 (include (assoc-ref outputs "include"))
158 (lib (cut string-append <> "/lib/bash")))
159 (mkdir-p (lib include))
160 (rename-file (string-append (lib out)
161 "/Makefile.inc")
162 (string-append (lib include)
163 "/Makefile.inc"))
164 (rename-file (string-append out "/lib/pkgconfig")
165 (string-append include
166 "/lib/pkgconfig"))
167 #t))))))
168
169 (native-search-paths
170 (list (search-path-specification ;new in 4.4
171 (variable "BASH_LOADABLES_PATH")
172 (files '("lib/bash")))))
173
174 (synopsis "The GNU Bourne-Again SHell")
175 (description
176 "Bash is the shell, or command-line interpreter, of the GNU system. It
177 is compatible with the Bourne Shell, but it also integrates useful features
178 from the Korn Shell and the C Shell and new improvements of its own. It
179 allows command-line editing, unlimited command history, shell functions and
180 aliases, and job control while still allowing most sh scripts to be run
181 without modification.")
182 (license gpl3+)
183 (home-page "https://www.gnu.org/software/bash/"))))
184
185 (define-public bash-minimal
186 ;; A stripped-down Bash for non-interactive use.
187 (package (inherit bash)
188 (name "bash-minimal")
189 (replacement #f) ;not vulnerable to CVE-2017-5932 since it lacks completion
190 (inputs '()) ; no readline, no curses
191
192 ;; No "include" output because there's no support for loadable modules.
193 (outputs (delete "include" (package-outputs bash)))
194
195 (arguments
196 (let ((args `(#:modules ((guix build gnu-build-system)
197 (guix build utils)
198 (srfi srfi-1)
199 (srfi srfi-26))
200 ,@(package-arguments bash))))
201 (substitute-keyword-arguments args
202 ((#:configure-flags flags)
203 `(list "--without-bash-malloc"
204 "--disable-readline"
205 "--disable-history"
206 "--disable-help-builtin"
207 "--disable-progcomp"
208 "--disable-net-redirections"
209 "--disable-nls"
210
211 ;; Pretend 'dlopen' is missing so we don't build loadable
212 ;; modules and related code.
213 "ac_cv_func_dlopen=no"
214
215 ,@(if (%current-target-system)
216 '("bash_cv_job_control_missing=no"
217 "bash_cv_getcwd_malloc=yes")
218 '())))
219 ((#:phases phases)
220 `(modify-phases ,phases
221 ;; No loadable modules.
222 (delete 'move-development-files))))))))
223
224 (define-public static-bash
225 ;; Statically-linked Bash that contains nothing but the 'bash' binary and
226 ;; 'sh' symlink, without any reference.
227 (let ((bash (static-package bash-minimal)))
228 (package
229 (inherit bash)
230 (name "bash-static")
231 (arguments
232 (substitute-keyword-arguments
233 `(#:allowed-references ("out") ,@(package-arguments bash))
234 ((#:phases phases)
235 `(modify-phases ,phases
236 (add-after 'strip 'remove-everything-but-the-binary
237 (lambda* (#:key outputs #:allow-other-keys)
238 (let* ((out (assoc-ref outputs "out"))
239 (bin (string-append out "/bin")))
240 (remove-store-references (string-append bin "/bash"))
241 (delete-file (string-append bin "/bashbug"))
242 (delete-file-recursively (string-append out "/share"))
243 #t))))))))))
244
245 (define* (url-fetch/reset-patch-level url hash-algo hash
246 #:optional name
247 #:key (system (%current-system)))
248 "Fetch the Bash patch from URL and reset its 'PATCHLEVEL' definition so it
249 can apply to a patch-level 0 Bash."
250 ;; Note: Forcefully use %BOOTSTRAP-GUILE here to work around bootstrapping
251 ;; issues when using a daemon that lacks the "download" built-in. See
252 ;; <https://bugs.gnu.org/25775>.
253 (mlet* %store-monad ((name -> (or name (basename url)))
254 (patch (url-fetch url hash-algo hash
255 (string-append name ".orig")
256 #:system system
257 #:guile %bootstrap-guile)))
258 (gexp->derivation name
259 (with-imported-modules '((guix build utils))
260 #~(begin
261 (use-modules (guix build utils))
262 (copy-file #$patch #$output)
263 (substitute* #$output
264 (("PATCHLEVEL [0-6]+")
265 "PATCHLEVEL 0"))))
266 #:system system)))
267
268 (define bash/fixed ;CVE-2017-5932 (RCE with completion)
269 (package
270 (inherit bash)
271 (version "4.4.A") ;4.4.0 + patch #7
272 (replacement #f)
273 (source
274 (origin
275 (inherit (package-source bash))
276 (patches (cons (origin
277 (method url-fetch/reset-patch-level)
278 (uri (patch-url 7))
279 (sha256
280 (base32
281 "1bzdsnqaf05gdbqpsixhan8vygjxpcxlz1dd8d9f5jdznw3wq76y")))
282 (origin-patches (package-source bash))))))))
283
284 (define-public bash-completion
285 (package
286 (name "bash-completion")
287 (version "2.5")
288 (source (origin
289 (method url-fetch)
290 (uri (string-append
291 "https://github.com/scop/" name "/releases/download/"
292 version "/" name "-" version ".tar.xz"))
293 (sha256
294 (base32
295 "1kwmii1z1ljx5i4z702ynsr8jgrq64bj9w9hl3n2aa2kcl659fdh"))
296 (patches
297 (search-patches "bash-completion-directories.patch"))))
298 (build-system gnu-build-system)
299 (native-inputs `(("util-linux" ,util-linux)))
300 (arguments
301 `(#:phases (modify-phases %standard-phases
302 (add-after
303 'install 'remove-redundant-completions
304 (lambda* (#:key inputs outputs #:allow-other-keys)
305 ;; Util-linux comes with a bunch of completion files for
306 ;; its own commands which are more sophisticated and
307 ;; up-to-date than those of bash-completion. Remove those
308 ;; from bash-completion.
309 (let* ((out (assoc-ref outputs "out"))
310 (util-linux (assoc-ref inputs "util-linux"))
311 (completions (string-append out
312 "/share/bash-completion"
313 "/completions"))
314 (already (find-files
315 (string-append
316 util-linux
317 "/etc/bash_completion.d"))))
318 (with-directory-excursion completions
319 (for-each (lambda (file)
320 (when (file-exists? file)
321 (delete-file file)))
322 (map basename already)))
323 #t))))))
324 (synopsis "Bash completions for common commands")
325 (description
326 "This package provides extensions that allow Bash to provide adapted
327 completion for many common commands.")
328 (home-page "https://github.com/scop/bash-completion")
329 (license gpl2+)))
330
331 (define-public bash-tap
332 (package
333 (name "bash-tap")
334 (version "1.0.2")
335 (source (origin
336 (method url-fetch)
337 (uri (string-append "https://github.com/illusori/bash-tap/"
338 "archive/" version ".tar.gz"))
339 (file-name (string-append name "-" version ".tar.gz"))
340 (sha256
341 (base32
342 "0qs1qi38bl3ns4mpagcawv618dsk2q1lgrbddgvs0wl3ia12cyz5"))))
343 ;; There is no compilation process to use this package, however, the bash
344 ;; scripts installed by this package start with "#!/bin/bash". To fix
345 ;; these lines, we use the patch-shebangs of the GNU build system. The
346 ;; project does not use a Makefile.
347 (build-system gnu-build-system)
348 (arguments
349 `(#:tests? #f ; There is no test suite.
350 #:phases
351 (modify-phases %standard-phases
352 ;; Because there are no configure scripts or Makefile, we can
353 ;; remove these phases.
354 (delete 'configure)
355 (delete 'build)
356 ;; The installation involves manually copying the files to a location.
357 ;; To make them easily accessible by setting PATH, we add the scripts
358 ;; to the "bin" folder.
359 (replace 'install
360 (lambda* (#:key outputs #:allow-other-keys)
361 (let ((bin (string-append (assoc-ref outputs "out") "/bin")))
362 (install-file "bash-tap" bin)
363 (install-file "bash-tap-bootstrap" bin)
364 (install-file "bash-tap-mock" bin)))))))
365 (home-page "http://www.illusori.co.uk/projects/bash-tap/")
366 (synopsis "Bash port of a Test::More/Test::Builder-style TAP-compliant
367 test library")
368 (description "Bash TAP is a TAP-compliant Test::More-style testing library
369 for Bash shell scripts and functions. Along with the Test::More-style testing
370 helpers it provides helper functions for mocking commands and in-process output
371 capturing.")
372 (license expat)))
jackhill's copy of GNU Guix: https://guix.gnu.org/