diff --git a/etc/manifests/rosenthal-auto-update.scm b/etc/manifests/rosenthal-auto-update.scm new file mode 100644 index 0000000..277ac3e --- /dev/null +++ b/etc/manifests/rosenthal-auto-update.scm @@ -0,0 +1,52 @@ +;;; SPDX-FileCopyrightText: 2024-2025 Ludovic Courtès +;;; SPDX-FileCopyrightText: 2025 Hilton Chain +;;; +;;; SPDX-License-Identifier: GPL-3.0-or-later + +(use-modules (guix memoization) + (guix packages) + (guix profiles) + (guix store) + (guix transformations) + (rosenthal utils packages) + ((guix import github) #:select (%github-api)) + ((guix scripts build) #:select (dependents))) + +;; Bypass the GitHub updater: we'd need an API token or we would hit the rate +;; limit. +(%github-api "http://example.org") + +(define latest-version + (mlambdaq (package) + (package-with-upstream-version package + ;; Preserve patches and snippets to get + ;; exactly the same as what we'd have with + ;; 'guix refresh -u PACKAGE'. + #:preserve-patches? #t + + ;; XXX: Disable source code authentication: + ;; this requires a local keyring, populated + ;; from key servers, but key servers may be + ;; unreliable or may lack the upstream + ;; keys. Leave it up to packagers to + ;; actually authenticate code and make sure + ;; it matches what this manifest computed. + #:authenticate? #f))) + +(define updatable-packages + (filter (negate rosenthal-disable-updater?) + (all-rosenthal-packages))) + +(manifest + (with-store store + (let ((update-all (package-input-rewriting + (map (lambda (package) + `(,package . ,(latest-version package))) + updatable-packages) + #:recursive? #t))) + (map (lambda (package) + (manifest-entry + (inherit (package->manifest-entry + (update-all package))) + (name (string-append (package-name package) "-full-upgrade")))) + (dependents store updatable-packages 2))))) diff --git a/modules/rosenthal/packages/admin.scm b/modules/rosenthal/packages/admin.scm index 91d0d63..863db1a 100644 --- a/modules/rosenthal/packages/admin.scm +++ b/modules/rosenthal/packages/admin.scm @@ -62,7 +62,8 @@ the user to manage services with dependencies and parallel startup.") ((#:configure-flags configure-flags) #~(append #$configure-flags (list "-Dlibseat-logind=disabled"))))) - (propagated-inputs '())))) + (propagated-inputs '()) + (properties '((disable-updater? . #t)))))) (define-public pam-dumb-runtime-dir (package @@ -111,4 +112,5 @@ exists and is only writable by root.") ((#:configure-flags configure-flags) #~(append #$configure-flags (list "-Dlibseat-logind=disabled"))))) - (propagated-inputs '())))) + (propagated-inputs '()) + (properties '((disable-updater? . #t)))))) diff --git a/modules/rosenthal/packages/binaries.scm b/modules/rosenthal/packages/binaries.scm index 3ee7319..17df1c8 100644 --- a/modules/rosenthal/packages/binaries.scm +++ b/modules/rosenthal/packages/binaries.scm @@ -153,7 +153,8 @@ exec ~a -jar ~a $@~%" "Komga is a media server for your comics, mangas, BDs, magazines and eBooks.") (license license:expat) - (properties '((upstream-name . "komga"))))) + (properties '((upstream-name . "komga") + (disable-updater? . #t))))) (define-public navidrome-bin (package @@ -179,7 +180,8 @@ eBooks.") manage their music collections. It provides a web interface and is compatible with the Subsonic API.") (license license:expat) - (properties '((upstream-name . "navidrome"))))) + (properties '((upstream-name . "navidrome") + (disable-updater? . #t))))) (define-public shadow-tls-bin (package @@ -209,7 +211,8 @@ with the Subsonic API.") "Shadow TLS is a proxy to expose real tls handshake to the @acronym{MITM, monster-in-the-middle}.") (license license:expat) - (properties '((upstream-name . "shadow-tls"))))) + (properties '((upstream-name . "shadow-tls") + (disable-updater? . #t))))) (define-public sing-box-bin (deprecated-package "sing-box-bin" sing-box)) @@ -239,7 +242,8 @@ monster-in-the-middle}.") "This package provides @code{wakapi}, a WakaTime-compatible backend for coding statistics.") (license license:expat) - (properties '((upstream-name . "wakapi"))))) + (properties '((upstream-name . "wakapi") + (disable-updater? . #t))))) (define-public wakatime-cli-bin (package @@ -265,4 +269,5 @@ coding statistics.") "This package provides @command{wakatime-cli}, the command line interface to WakaTime, which is used by all WakaTime text editor plugins.") (license license:bsd-3) - (properties '((upstream-name . "wakatime-cli"))))) + (properties '((upstream-name . "wakatime-cli") + (disable-updater? . #t))))) diff --git a/modules/rosenthal/packages/web.scm b/modules/rosenthal/packages/web.scm index 7198c57..505bb30 100644 --- a/modules/rosenthal/packages/web.scm +++ b/modules/rosenthal/packages/web.scm @@ -97,7 +97,8 @@ website owners block unwanted AI crawlers from accessing their sites.") "Anubis checks incoming HTTP requests using one or more challenges in order to protect upstream resources from web crawlers.") (license license:expat) - (properties '((upstream-name . "anubis"))))) + (properties '((upstream-name . "anubis") + (disable-updater? . #t))))) (define-public caddy (package diff --git a/modules/rosenthal/packages/xorg.scm b/modules/rosenthal/packages/xorg.scm index 6c63759..2c7b28f 100644 --- a/modules/rosenthal/packages/xorg.scm +++ b/modules/rosenthal/packages/xorg.scm @@ -51,4 +51,6 @@ Wayland compositor implementing @code{xdg_wm_base} interface. This is particularly useful for compositors that (understandably) do not want to go through implementing support for rootless Xwayland themselves.") - (license license:mpl2.0))) + (license license:mpl2.0) + (properties + '((disable-updater? . #t)))))