HCoop / jackhill / guix / guix.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
gnu: icecat: Add fixes for CVE-2016-{2818,2819,2821,2824,2828,2831}.
[jackhill/guix/guix.git] / gnu / packages / gnuzilla.scm
1 ;;; GNU Guix --- Functional package management for GNU
2 ;;; Copyright © 2013, 2015 Andreas Enge <andreas@enge.fr>
3 ;;; Copyright © 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
4 ;;; Copyright © 2014, 2015, 2016 Mark H Weaver <mhw@netris.org>
5 ;;; Copyright © 2015 Sou Bunnbu <iyzsong@gmail.com>
6 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
7 ;;;
8 ;;; This file is part of GNU Guix.
9 ;;;
10 ;;; GNU Guix is free software; you can redistribute it and/or modify it
11 ;;; under the terms of the GNU General Public License as published by
12 ;;; the Free Software Foundation; either version 3 of the License, or (at
13 ;;; your option) any later version.
14 ;;;
15 ;;; GNU Guix is distributed in the hope that it will be useful, but
16 ;;; WITHOUT ANY WARRANTY; without even the implied warranty of
17 ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 ;;; GNU General Public License for more details.
19 ;;;
20 ;;; You should have received a copy of the GNU General Public License
21 ;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
22
23 (define-module (gnu packages gnuzilla)
24 #:use-module ((srfi srfi-1) #:hide (zip))
25 #:use-module (gnu packages)
26 #:use-module ((guix licenses) #:prefix license:)
27 #:use-module (guix packages)
28 #:use-module (guix download)
29 #:use-module (guix build-system gnu)
30 #:use-module (gnu packages databases)
31 #:use-module (gnu packages glib)
32 #:use-module (gnu packages gstreamer)
33 #:use-module (gnu packages gtk)
34 #:use-module (gnu packages gnome)
35 #:use-module (gnu packages libcanberra)
36 #:use-module (gnu packages cups)
37 #:use-module (gnu packages mit-krb5)
38 #:use-module (gnu packages linux)
39 #:use-module (gnu packages perl)
40 #:use-module (gnu packages pkg-config)
41 #:use-module (gnu packages compression)
42 #:use-module (gnu packages fontutils)
43 #:use-module (gnu packages libevent)
44 #:use-module (gnu packages libreoffice) ;for hunspell
45 #:use-module (gnu packages image)
46 #:use-module (gnu packages libffi)
47 #:use-module (gnu packages pulseaudio)
48 #:use-module (gnu packages python)
49 #:use-module (gnu packages xorg)
50 #:use-module (gnu packages gl)
51 #:use-module (gnu packages yasm)
52 #:use-module (gnu packages icu4c)
53 #:use-module (gnu packages video)
54 #:use-module (gnu packages xdisorg)
55 #:use-module (gnu packages zip))
56
57 (define-public mozjs
58 (package
59 (name "mozjs")
60 (version "17.0.0")
61 (source (origin
62 (method url-fetch)
63 (uri (string-append
64 "https://ftp.mozilla.org/pub/mozilla.org/js/"
65 name version ".tar.gz"))
66 (sha256
67 (base32
68 "1fig2wf4f10v43mqx67y68z6h77sy900d1w0pz9qarrqx57rc7ij"))
69 (modules '((guix build utils)))
70 (snippet
71 ;; Fix incompatibility with Perl 5.22+.
72 '(substitute* '("js/src/config/milestone.pl")
73 (("defined\\(@TEMPLATE_FILE)") "@TEMPLATE_FILE")))))
74 (build-system gnu-build-system)
75 (native-inputs
76 `(("perl" ,perl)
77 ("python" ,python-2)))
78 (arguments
79 `(#:phases
80 (alist-cons-before
81 'configure 'chdir
82 (lambda _
83 (chdir "js/src"))
84 (alist-replace
85 'configure
86 ;; configure fails if it is followed by SHELL and CONFIG_SHELL
87 (lambda* (#:key outputs #:allow-other-keys)
88 (let ((out (assoc-ref outputs "out")))
89 (setenv "SHELL" (which "sh"))
90 (setenv "CONFIG_SHELL" (which "sh"))
91 (zero? (system*
92 "./configure" (string-append "--prefix=" out)))))
93 %standard-phases))))
94 (home-page
95 "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/SpiderMonkey")
96 (synopsis "Mozilla javascript engine")
97 (description "SpiderMonkey is Mozilla's JavaScript engine written
98 in C/C++.")
99 (license license:mpl2.0))) ; and others for some files
100
101 (define-public mozjs-24
102 (package (inherit mozjs)
103 (name "mozjs")
104 (version "24.2.0")
105 (source (origin
106 (method url-fetch)
107 (uri (string-append
108 "https://ftp.mozilla.org/pub/mozilla.org/js/"
109 name "-" version ".tar.bz2"))
110 (sha256
111 (base32
112 "1n1phk8r3l8icqrrap4czplnylawa0ddc2cc4cgdz46x3lrkybz6"))
113 (modules '((guix build utils)))
114 (snippet
115 ;; Fix incompatibility with Perl 5.22+.
116 '(substitute* '("js/src/config/milestone.pl")
117 (("defined\\(@TEMPLATE_FILE)") "@TEMPLATE_FILE")))))
118 (arguments
119 '(#:phases
120 (modify-phases %standard-phases
121 (replace
122 'configure
123 (lambda* (#:key outputs #:allow-other-keys)
124 (let ((out (assoc-ref outputs "out")))
125 (chdir "js/src")
126 ;; configure fails if it is follwed by SHELL and CONFIG_SHELL
127 (setenv "SHELL" (which "sh"))
128 (setenv "CONFIG_SHELL" (which "sh"))
129 (zero? (system* "./configure"
130 (string-append "--prefix=" out)
131 "--with-system-nspr"
132 "--enable-system-ffi"
133 "--enable-threadsafe"))))))))
134 (native-inputs
135 `(("perl" ,perl)
136 ("pkg-config" ,pkg-config)
137 ("python" ,python-2)))
138 (propagated-inputs
139 `(("nspr" ,nspr))) ; in the Requires.private field of mozjs-24.pc
140 (inputs
141 `(("libffi" ,libffi)
142 ("zlib" ,zlib)))))
143
144 (define-public nspr
145 (package
146 (name "nspr")
147 (version "4.12")
148 (source (origin
149 (method url-fetch)
150 (uri (string-append
151 "https://ftp.mozilla.org/pub/mozilla.org/nspr/releases/v"
152 version "/src/nspr-" version ".tar.gz"))
153 (sha256
154 (base32
155 "1pk98bmc5xzbl62q5wf2d6mryf0v95z6rsmxz27nclwiaqg0mcg0"))))
156 (build-system gnu-build-system)
157 (native-inputs
158 `(("perl" ,perl)))
159 (arguments
160 `(#:tests? #f ; no check target
161 #:configure-flags (list "--enable-64bit"
162 (string-append "LDFLAGS=-Wl,-rpath="
163 (assoc-ref %outputs "out")
164 "/lib"))
165 #:phases (alist-cons-before
166 'configure 'chdir
167 (lambda _
168 (chdir "nspr"))
169 %standard-phases)))
170 (home-page
171 "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSPR")
172 (synopsis "Netscape API for system level and libc-like functions")
173 (description "Netscape Portable Runtime (NSPR) provides a
174 platform-neutral API for system level and libc-like functions. It is used
175 in the Mozilla clients.")
176 (license license:mpl2.0)))
177
178 (define-public nss
179 (package
180 (name "nss")
181 (version "3.23")
182 (source (origin
183 (method url-fetch)
184 (uri (let ((version-with-underscores
185 (string-join (string-split version #\.) "_")))
186 (string-append
187 "https://ftp.mozilla.org/pub/mozilla.org/security/nss/"
188 "releases/NSS_" version-with-underscores "_RTM/src/"
189 "nss-" version ".tar.gz")))
190 (sha256
191 (base32
192 "1kqidv91icq96m9m8zx50n7px08km2l88458rkgyjwcn3kiq7cwl"))
193 ;; Create nss.pc and nss-config.
194 (patches (search-patches "nss-pkgconfig.patch"))))
195 (build-system gnu-build-system)
196 (outputs '("out" "bin"))
197 (arguments
198 '(#:parallel-build? #f ; failed
199 #:make-flags
200 (let* ((out (assoc-ref %outputs "out"))
201 (nspr (string-append (assoc-ref %build-inputs "nspr")))
202 (rpath (string-append "-Wl,-rpath=" out "/lib/nss")))
203 (list "-C" "nss" (string-append "PREFIX=" out)
204 "NSDISTMODE=copy"
205 "NSS_USE_SYSTEM_SQLITE=1"
206 (string-append "NSPR_INCLUDE_DIR=" nspr "/include/nspr")
207 ;; Add $out/lib/nss to RPATH.
208 (string-append "RPATH=" rpath)
209 (string-append "LDFLAGS=" rpath)))
210 #:modules ((guix build gnu-build-system)
211 (guix build utils)
212 (ice-9 ftw)
213 (ice-9 match)
214 (srfi srfi-26))
215 #:phases
216 (alist-replace
217 'configure
218 (lambda* (#:key system inputs #:allow-other-keys)
219 (setenv "CC" "gcc")
220 ;; Tells NSS to build for the 64-bit ABI if we are 64-bit system.
221 (when (string-prefix? "x86_64" system)
222 (setenv "USE_64" "1"))
223 #t)
224 (alist-replace
225 'check
226 (lambda _
227 ;; Use 127.0.0.1 instead of $HOST.$DOMSUF as HOSTADDR for testing.
228 ;; The later requires a working DNS or /etc/hosts.
229 (setenv "DOMSUF" "(none)")
230 (setenv "USE_IP" "TRUE")
231 (setenv "IP_ADDRESS" "127.0.0.1")
232 (zero? (system* "./nss/tests/all.sh")))
233 (alist-replace
234 'install
235 (lambda* (#:key outputs #:allow-other-keys)
236 (let* ((out (assoc-ref outputs "out"))
237 (bin (string-append (assoc-ref outputs "bin") "/bin"))
238 (inc (string-append out "/include/nss"))
239 (lib (string-append out "/lib/nss"))
240 (obj (match (scandir "dist" (cut string-suffix? "OBJ" <>))
241 ((obj) (string-append "dist/" obj)))))
242 ;; Install nss-config to $out/bin.
243 (install-file (string-append obj "/bin/nss-config")
244 (string-append out "/bin"))
245 (delete-file (string-append obj "/bin/nss-config"))
246 ;; Install nss.pc to $out/lib/pkgconfig.
247 (install-file (string-append obj "/lib/pkgconfig/nss.pc")
248 (string-append out "/lib/pkgconfig"))
249 (delete-file (string-append obj "/lib/pkgconfig/nss.pc"))
250 (rmdir (string-append obj "/lib/pkgconfig"))
251 ;; Install other files.
252 (copy-recursively "dist/public/nss" inc)
253 (copy-recursively (string-append obj "/bin") bin)
254 (copy-recursively (string-append obj "/lib") lib)
255
256 ;; FIXME: libgtest1.so is installed in the above step, and it's
257 ;; (unnecessarily) linked with several NSS libraries, but
258 ;; without the needed rpaths, causing the 'validate-runpath'
259 ;; phase to fail. Here we simply delete libgtest1.so, since it
260 ;; seems to be used only during the tests.
261 (delete-file (string-append lib "/libgtest1.so"))
262
263 #t))
264 %standard-phases)))))
265 (inputs
266 `(("sqlite" ,sqlite)
267 ("zlib" ,zlib)))
268 (propagated-inputs `(("nspr" ,nspr))) ; required by nss.pc.
269 (native-inputs `(("perl" ,perl)))
270
271 ;; The NSS test suite takes over 28 hours on Loongson 3A (MIPS), and
272 ;; possibly longer when another build is happening concurrently on the
273 ;; same machine.
274 (properties '((timeout . 144000))) ; 40 hours
275
276 (home-page
277 "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS")
278 (synopsis "Network Security Services")
279 (description
280 "Network Security Services (NSS) is a set of libraries designed to support
281 cross-platform development of security-enabled client and server applications.
282 Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7,
283 PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security
284 standards.")
285 (license license:mpl2.0)))
286
287 (define-public icecat
288 (package
289 (name "icecat")
290 (version "38.8.0-gnu1")
291 (source
292 (origin
293 (method url-fetch)
294 (uri (string-append "mirror://gnu/gnuzilla/"
295 (first (string-split version #\-)) "/"
296 name "-" version ".tar.bz2"))
297 (sha256
298 (base32
299 "0v4k47ziqsyfksv9sn4v1xvk4q414rc883hb1qzld63grj2nxxwp"))
300 (patches (search-patches
301 "icecat-avoid-bundled-includes.patch"
302 "icecat-CVE-2016-2818-pt1.patch"
303 "icecat-CVE-2016-2818-pt2.patch"
304 "icecat-CVE-2016-2818-pt3.patch"
305 "icecat-CVE-2016-2818-pt4.patch"
306 "icecat-CVE-2016-2818-pt5.patch"
307 "icecat-CVE-2016-2818-pt6.patch"
308 "icecat-CVE-2016-2818-pt7.patch"
309 "icecat-CVE-2016-2818-pt8.patch"
310 "icecat-CVE-2016-2818-pt9.patch"
311 "icecat-CVE-2016-2819.patch"
312 "icecat-CVE-2016-2821.patch"
313 "icecat-CVE-2016-2824.patch"
314 "icecat-CVE-2016-2828.patch"
315 "icecat-CVE-2016-2831.patch"))
316 (modules '((guix build utils)))
317 (snippet
318 '(begin
319 ;; Remove bundled libraries that we don't use, since they may
320 ;; contain unpatched security flaws, they waste disk space and
321 ;; network bandwidth, and may cause confusion.
322 (for-each delete-file-recursively
323 '(;; FIXME: Removing the bundled icu breaks configure.
324 ;; * The bundled icu headers are used in some places.
325 ;; * The version number is taken from the bundled copy.
326 ;;"intl/icu"
327 ;;
328 ;; FIXME: A script from the bundled nspr is used.
329 ;;"nsprpub"
330 ;;
331 ;; TODO: Use system media libraries. Waiting for:
332 ;; <https://bugzilla.mozilla.org/show_bug.cgi?id=517422>
333 ;; * libogg
334 ;; * libtheora
335 ;; * libvorbis
336 ;; * libtremor (not yet in guix)
337 ;; * libopus
338 ;; * speex
339 ;; * soundtouch (not yet in guix)
340 ;;
341 ;; TODO: Use system harfbuzz. Waiting for:
342 ;; <https://bugzilla.mozilla.org/show_bug.cgi?id=847568>
343 ;;
344 ;; TODO: Use system graphite2.
345 ;;
346 "modules/freetype2"
347 "modules/zlib"
348 "modules/libbz2"
349 "ipc/chromium/src/third_party/libevent"
350 "media/libvpx"
351 "security/nss"
352 "gfx/cairo"
353 "js/src/ctypes/libffi"
354 "db/sqlite3"))
355 #t))))
356 (build-system gnu-build-system)
357 (inputs
358 `(("alsa-lib" ,alsa-lib)
359 ("bzip2" ,bzip2)
360 ("cairo" ,cairo)
361 ("cups" ,cups)
362 ("dbus-glib" ,dbus-glib)
363 ("gdk-pixbuf" ,gdk-pixbuf)
364 ("glib" ,glib)
365 ("gstreamer" ,gstreamer)
366 ("gst-plugins-base" ,gst-plugins-base)
367 ("gtk+" ,gtk+-2)
368 ("pango" ,pango)
369 ("freetype" ,freetype)
370 ("hunspell" ,hunspell)
371 ("libcanberra" ,libcanberra)
372 ("libgnome" ,libgnome)
373 ("libxft" ,libxft)
374 ("libevent" ,libevent)
375 ("libxinerama" ,libxinerama)
376 ("libxscrnsaver" ,libxscrnsaver)
377 ("libxcomposite" ,libxcomposite)
378 ("libxt" ,libxt)
379 ("libffi" ,libffi)
380 ("libvpx" ,libvpx)
381 ("icu4c" ,icu4c)
382 ("pixman" ,pixman)
383 ("pulseaudio" ,pulseaudio)
384 ("mesa" ,mesa)
385 ("mit-krb5" ,mit-krb5)
386 ("nspr" ,nspr)
387 ("nss" ,nss)
388 ("sqlite" ,sqlite)
389 ("startup-notification" ,startup-notification)
390 ("unzip" ,unzip)
391 ("yasm" ,yasm)
392 ("zip" ,zip)
393 ("zlib" ,zlib)))
394 (native-inputs
395 `(("perl" ,perl)
396 ("python" ,python-2) ; Python 3 not supported
397 ("python2-pysqlite" ,python2-pysqlite)
398 ("pkg-config" ,pkg-config)))
399 (arguments
400 `(#:tests? #f ; no check target
401 #:out-of-source? #t ; must be built outside of the source directory
402
403
404 ;; XXX: There are RUNPATH issues such as
405 ;; $prefix/lib/icecat-31.6.0/plugin-container NEEDing libmozalloc.so,
406 ;; which is not in its RUNPATH, but they appear to be harmless in
407 ;; practice somehow. See <http://hydra.gnu.org/build/378133>.
408 #:validate-runpath? #f
409
410 #:configure-flags '("--enable-default-toolkit=cairo-gtk2"
411 "--enable-pango"
412 "--enable-gio"
413 "--enable-svg"
414 "--enable-canvas"
415 "--enable-mathml"
416 "--enable-startup-notification"
417 "--enable-pulseaudio"
418 "--enable-gstreamer=1.0"
419
420 "--disable-gnomevfs"
421 "--disable-gconf"
422 "--disable-gnomeui"
423
424 ;; Building with debugging symbols takes ~5GiB, so
425 ;; disable it.
426 "--disable-debug"
427 "--disable-debug-symbols"
428
429 ;; Avoid bundled libraries.
430 "--with-system-zlib"
431 "--with-system-bz2"
432 "--with-system-libevent"
433 "--with-system-libvpx"
434 "--with-system-icu"
435 "--with-system-nspr"
436 "--with-system-nss"
437 "--enable-system-pixman"
438 "--enable-system-cairo"
439 "--enable-system-ffi"
440 "--enable-system-hunspell"
441 "--enable-system-sqlite"
442
443 ;; Fails with "--with-system-png won't work because
444 ;; the system's libpng doesn't have APNG support".
445 ;; According to
446 ;; http://sourceforge.net/projects/libpng-apng/ ,
447 ;; "the Animated Portable Network Graphics (APNG)
448 ;; is an unofficial extension of the Portable
449 ;; Network Graphics (PNG) format";
450 ;; we probably do not wish to support it.
451 ;; "--with-system-png"
452
453 ;; Fails with "libjpeg-turbo JCS_EXTENSIONS
454 ;; required".
455 ;; According to
456 ;; http://sourceforge.net/projects/libjpeg-turbo/ ,
457 ;; "libjpeg-turbo is a derivative of libjpeg that
458 ;; uses MMX, SSE, SSE2, and NEON SIMD instructions
459 ;; to accelerate baseline JPEG compression/
460 ;; decompression", so we had better not use it
461 ;; "--with-system-jpeg"
462 )
463
464 #:modules ((ice-9 ftw)
465 (ice-9 rdelim)
466 (ice-9 match)
467 ,@%gnu-build-system-modules)
468 #:phases
469 (modify-phases %standard-phases
470 (add-after
471 'unpack 'ensure-no-mtimes-pre-1980
472 (lambda _
473 ;; Without this, the 'source/test/addons/packed.xpi' and
474 ;; 'source/test/addons/simple-prefs.xpi' targets fail while trying
475 ;; to create zip archives.
476 (let ((early-1980 315619200)) ; 1980-01-02 UTC
477 (ftw "." (lambda (file stat flag)
478 (unless (<= early-1980 (stat:mtime stat))
479 (utime file early-1980 early-1980))
480 #t))
481 #t)))
482 (add-after
483 'unpack 'remove-h264parse-from-blacklist
484 (lambda _
485 ;; Remove h264parse from gstreamer format helper blacklist. It
486 ;; was put there to work around a bug in a pre-1.0 version of
487 ;; gstreamer. See:
488 ;; https://www.mozilla.org/en-US/security/advisories/mfsa2015-47/
489 (substitute* "dom/media/gstreamer/GStreamerFormatHelper.cpp"
490 (("^ \"h264parse\",\n") ""))
491 #t))
492 (add-after
493 'unpack 'arrange-to-link-libxul-with-libraries-it-might-dlopen
494 (lambda _
495 ;; libxul.so dynamically opens libraries, so here we explicitly
496 ;; link them into libxul.so instead.
497 ;;
498 ;; TODO: It might be preferable to patch in absolute file names in
499 ;; calls to dlopen or PR_LoadLibrary, but that didn't seem to
500 ;; work. More investigation is needed.
501 (substitute* "toolkit/library/moz.build"
502 (("^# This needs to be last")
503 "OS_LIBS += [
504 'GL', 'gnome-2', 'canberra', 'Xss', 'cups', 'gssapi_krb5',
505 'gstreamer-1.0', 'gstapp-1.0', 'gstvideo-1.0' ]\n\n"))
506 #t))
507 (replace
508 'configure
509 ;; configure does not work followed by both "SHELL=..." and
510 ;; "CONFIG_SHELL=..."; set environment variables instead
511 (lambda* (#:key outputs configure-flags #:allow-other-keys)
512 (let* ((out (assoc-ref outputs "out"))
513 (bash (which "bash"))
514 (abs-srcdir (getcwd))
515 (srcdir (string-append "../" (basename abs-srcdir)))
516 (flags `(,(string-append "--prefix=" out)
517 ,(string-append "--with-l10n-base="
518 abs-srcdir "/l10n")
519 ,@configure-flags)))
520 (setenv "SHELL" bash)
521 (setenv "CONFIG_SHELL" bash)
522 (mkdir "../build")
523 (chdir "../build")
524 (format #t "build directory: ~s~%" (getcwd))
525 (format #t "configure flags: ~s~%" flags)
526 (zero? (apply system* bash
527 (string-append srcdir "/configure")
528 flags)))))
529 (add-before 'configure 'install-desktop-entry
530 (lambda* (#:key outputs #:allow-other-keys)
531 ;; Install the '.desktop' file.
532 (define (swallow-%%-directives input output)
533 ;; Interpret '%%ifdef' directives found in the '.desktop' file.
534 (let loop ((state 'top))
535 (match (read-line input 'concat)
536 ((? eof-object?)
537 #t)
538 ((? string? line)
539 (cond ((string-prefix? "%%ifdef" line)
540 (loop 'ifdef))
541 ((string-prefix? "%%else" line)
542 (loop 'else))
543 ((string-prefix? "%%endif" line)
544 (loop 'top))
545 (else
546 (case state
547 ((top else)
548 (display line output)
549 (loop state))
550 (else
551 (loop state)))))))))
552
553 (let* ((out (assoc-ref outputs "out"))
554 (applications (string-append out "/share/applications")))
555 (call-with-input-file "debian/icecat.desktop.in"
556 (lambda (input)
557 (call-with-output-file "debian/icecat.desktop"
558 (lambda (output)
559 (swallow-%%-directives input output)))))
560
561 (substitute* "debian/icecat.desktop"
562 (("@MOZ_DISPLAY_NAME@")
563 "GNU IceCat")
564 (("^Exec=@MOZ_APP_NAME@")
565 (string-append "Exec=" out "/bin/icecat"))
566 (("@MOZ_APP_NAME@")
567 "icecat"))
568 (install-file "debian/icecat.desktop" applications)
569 #t))))))
570 (home-page "http://www.gnu.org/software/gnuzilla/")
571 (synopsis "Entirely free browser derived from Mozilla Firefox")
572 (description
573 "IceCat is the GNU version of the Firefox browser. It is entirely free
574 software, which does not recommend non-free plugins and addons. It also
575 features built-in privacy-protecting features.")
576 (license license:mpl2.0) ;and others, see toolkit/content/license.html
577 (properties
578 `((ftp-directory . "/gnu/gnuzilla")
579 (cpe-name . "firefox_esr")
580 (cpe-version . ,(string-drop-right version
581 (string-length "-gnu1")))))))
jackhill's copy of GNU Guix: https://guix.gnu.org/