From mboxrd@z Thu Jan  1 00:00:00 1970
From: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Subject: bug#28659: v0.13: guix pull fails;
	libgit2-0.26.0 and 0.25.1 content hashes fail
Date: Wed, 04 Oct 2017 00:22:34 -0400
Message-ID: <874lrfee45.fsf@gmail.com>
References: <877ewf18d4.fsf@gnu.org> <87wp4e8yk5.fsf@gnu.org>
	<20171001204237.GA11804@jasmine.lan> <87vajxoavx.fsf@gnu.org>
	<20171002181929.GA10773@jasmine.lan> <87infx2mmt.fsf@gmail.com>
	<20171003142449.GB23431@jasmine.lan>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="=-=-="
Return-path: <bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:52525)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1dzbD8-0000xo-Bp
	for bug-guix@gnu.org; Wed, 04 Oct 2017 00:23:07 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1dzbD4-000112-AG
	for bug-guix@gnu.org; Wed, 04 Oct 2017 00:23:06 -0400
Received: from debbugs.gnu.org ([208.118.235.43]:38511)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
	id 1dzbD4-00010k-5h
	for bug-guix@gnu.org; Wed, 04 Oct 2017 00:23:02 -0400
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1dzbD3-0005F7-TU
	for bug-guix@gnu.org; Wed, 04 Oct 2017 00:23:01 -0400
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-Message-ID: <handler.28659.B28659.150709096520111@debbugs.gnu.org>
In-Reply-To: <20171003142449.GB23431@jasmine.lan> (Leo Famulari's message of
	"Tue, 3 Oct 2017 10:24:49 -0400")
List-Id: Bug reports for GNU Guix <bug-guix.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-guix>,
	<mailto:bug-guix-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/bug-guix/>
List-Post: <mailto:bug-guix@gnu.org>
List-Help: <mailto:bug-guix-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-guix>,
	<mailto:bug-guix-request@gnu.org?subject=subscribe>
Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org
Sender: "bug-Guix" <bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org>
To: Leo Famulari <leo@famulari.name>
Cc: 28659@debbugs.gnu.org

--=-=-=
Content-Type: text/plain

Leo Famulari <leo@famulari.name> writes:

> On Mon, Oct 02, 2017 at 06:47:06PM -0400, Maxim Cournoyer wrote:
>> Leo Famulari <leo@famulari.name> writes:
>> > I wonder, are there really that many affected packages?
>> 
>> There's a list here:
>> https://github.com/Homebrew/homebrew-core/issues/18044, compiled by one
>> of the homebrew project's maintainers.
>
> I meant, how many Guix packages use the auto-generated GitHub snapshots?
>
> I believe the tell-tale sign is that the download link will have the
> link text 'Source code', as for this release:
>
> https://github.com/libgit2/libgit2/releases/tag/v0.26.0

The following script:

--=-=-=
Content-Type: text/plain
Content-Disposition: inline
Content-Description: find-affected-github-packages.scm

;;; A script to find packages possibly affected by GitHub
;;; infrastructure update that caused minor changes in the
;;; automatically generated tarballs.

(use-modules (ice-9 match)
	     (gnu packages)
	     (guix download)
	     (guix packages))

(define (problematic-uri? uri)

  (define (contains-github-archive? uri)
    (string-match "github.com/.*/archive/" uri))

  ;; URI can be a string or a list of string.
  (match uri
    ((uri1 uri2 ...)			;match list of strings
     (filter contains-github-archive? uri))
    (uri1				;match string
     (contains-github-archive? uri1))))

(define (problematic-github-package? package)
  (let ((source (package-source package)))
    (and (origin? source)
	 (eq? (origin-method source) url-fetch)
	 (problematic-uri? (origin-uri source)))))

(define (problematic-github-packages)
  "List of all the potentially problematic GitHub packages."
  (fold-packages (lambda (p r)
		   (if (problematic-github-package? p)
		       (cons p r)
		       r))
		 '()))
(define (main)
  "Find and print the names of the potentially problematic GitHub packages."
  (let ((packages (problematic-github-packages)))
    (format #t "Number of potentially problematic GitHub packages:~a~%"
	    (length packages))
    (for-each (lambda (p)
		(format #t "~a~%" (package-name p)))
	      packages)))

;;; Run the program.
(main)

--=-=-=
Content-Type: text/plain


outputs that there could be up to 1011 affected packages.

The scripts checks for a url-fetch uri of the form
"github.com/.*/archive/", which seems to be the one used for the
dynamically generated archives.

Here are the first 10 lines of the output:
--8<---------------cut here---------------start------------->8---
Number of potentially problematic GitHub packages:1011
fdupes
cbatticon
sedsed
cpulimit
autojump
sudo
thermald
progress
dstat
[...]
--8<---------------cut here---------------end--------------->8---

I've checked the first few with for example:
--8<---------------cut here---------------start------------->8---
guix build --source --no-substitutes sedsed
--8<---------------cut here---------------end--------------->8---

and they were OK though.

Maxim

--=-=-=--