From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp12.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms0.migadu.com with LMTPS id cFnDMSrVG2JUFgEAgWs5BA (envelope-from ) for ; Sun, 27 Feb 2022 20:46:50 +0100 Received: from aspmx1.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp12.migadu.com with LMTPS id SE5ULirVG2JZ+gAAauVa8A (envelope-from ) for ; Sun, 27 Feb 2022 20:46:50 +0100 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 6662213C46 for ; Sun, 27 Feb 2022 20:46:49 +0100 (CET) Received: from localhost ([::1]:47664 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1nOPVH-00033Q-Oc for larch@yhetil.org; Sun, 27 Feb 2022 14:46:47 -0500 Received: from eggs.gnu.org ([209.51.188.92]:49516) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nOPUZ-00032Q-9n for bug-guix@gnu.org; Sun, 27 Feb 2022 14:46:04 -0500 Received: from debbugs.gnu.org ([209.51.188.43]:37112) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1nOPUY-0004qd-BR for bug-guix@gnu.org; Sun, 27 Feb 2022 14:46:02 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1nOPUY-0005dc-5i for bug-guix@gnu.org; Sun, 27 Feb 2022 14:46:02 -0500 X-Loop: help-debbugs@gnu.org Subject: bug#54111: guile bundles (a compiled version of) UnicodeData.txt and binaries Resent-From: Maxime Devos Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Sun, 27 Feb 2022 19:46:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 54111 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Ludovic =?UTF-8?Q?Court=C3=A8s?= Received: via spool by 54111-submit@debbugs.gnu.org id=B54111.164599116021664 (code B ref 54111); Sun, 27 Feb 2022 19:46:02 +0000 Received: (at 54111) by debbugs.gnu.org; 27 Feb 2022 19:46:00 +0000 Received: from localhost ([127.0.0.1]:59242 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nOPUW-0005dM-EU for submit@debbugs.gnu.org; Sun, 27 Feb 2022 14:46:00 -0500 Received: from albert.telenet-ops.be ([195.130.137.90]:46490) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nOPUT-0005dC-Ki for 54111@debbugs.gnu.org; Sun, 27 Feb 2022 14:45:58 -0500 Received: from [192.168.158.254] ([178.119.10.153]) by albert.telenet-ops.be with bizsmtp id 0Klv2700A3J72EA06Klwkv; Sun, 27 Feb 2022 20:45:56 +0100 Message-ID: From: Maxime Devos Date: Sun, 27 Feb 2022 20:45:50 +0100 In-Reply-To: <87h78kwh5c.fsf@gnu.org> References: <9953e99b32693fa2393fa9919973323207413063.camel@telenet.be> <87h78kwh5c.fsf@gnu.org> Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-RXLnN9mOmgNNzpghwrYe" User-Agent: Evolution 3.38.3-1 MIME-Version: 1.0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r22; t=1645991156; bh=PyCwTH988rMMnUJ2+Cx3srL+uwn2aEERG2y5SAmHdIw=; h=Subject:From:To:Cc:Date:In-Reply-To:References; b=XCVxUIoj1ZdFVntElfQI9Oe0NnvA/ZgqEzMoi3cb79U9LdDlO3SprjTr6x/G4k5EI J3+GizHUrsE6YVmv2WvbsdWPffCNwPEFXvSBhXjfATfP6EnrZhBwCrDrT8XHvYR3ep H3C+XdvE7xEflEaX2a6ws9W/GKi/fvKm5XZ7y+3lCKq7iFrfsXC2ZOZcSeZUfJ8Eu3 uaY006E6eCUfs1c4iK/HUd6s5riGscdG4alG2GJH35aj0b8pOj/2TJzvpVkBVunjCr j93biAGv8bT20VNqhrtNbU/2GiYIG3Niwb72TM5P9wpQq1KcHFf/Rckn0VNTY64QNZ V4QuvHRXk9/Aw== X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-guix@gnu.org List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: 54111@debbugs.gnu.org Errors-To: bug-guix-bounces+larch=yhetil.org@gnu.org Sender: "bug-Guix" X-Migadu-Flow: FLOW_IN X-Migadu-Country: US ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1645991209; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:resent-cc:resent-from:resent-sender: resent-message-id:in-reply-to:in-reply-to:references:references: list-id:list-help:list-unsubscribe:list-subscribe:list-post: dkim-signature; bh=PyCwTH988rMMnUJ2+Cx3srL+uwn2aEERG2y5SAmHdIw=; b=iBEPdO5d8yfXA43RW3pScW42vohK9r1p3JUwvHNMo1wfco20E5kesppx4dy5BFYG81TdiT xWvKO+qvjnsIhEg1J2eD0KFZcZhMN+GCc4BiUQR0MKRSM3a5ipuqDcaKvRQE71afsv9lHR biWqK/QbVpvPGM1+Dugb8NNLOaoi/UDolAS+vvD9c3iE+FYx8dg1OqSTcXbSaUXNhsa0MD E647FesVhuRsFoTye7bJkygzkvxRWW6xFDmINtp7l4Oo9HBHdwI4gv0TTko9772SQtTY/A 8taMGYPRTW6VhW/w1KhmDMfG7esZaafwpU+2u/1EVS86kcGKwJG1pe0YjCuBbA== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1645991209; a=rsa-sha256; cv=none; b=Dy4LreBVzH/1S31NSDmig+stcfp+/bVG5H7s+QNSWX569hv4SKV3bpo3RYO0d3lXZ5RG+u YCGIMQw5L8SVneTKcdWjzBUkexNAlYR8DAg6+SqWu/hIoDninVTdvuaZsSLBn6d7Dn60Ub VMWUEMY1KxuWflOxtH0HtB62MDW8DFcTJrC9CGI9wmowTnzSQUH9jLgKQtvLdGm6TdQYEZ WW1uLJeYlIjnuId5+T93yTZqoBXnHHOeUtonkfx7zujAS5K/uL+L0N0vJi2KKKuqofLmUy DwbiviHzrXUko/ZdCavOXFBzKA99VNkA3zyrwkdhbT4IANkvTrcUzlaM4VyPvA== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=telenet.be header.s=r22 header.b=XCVxUIoj; dmarc=fail reason="SPF not aligned (relaxed)" header.from=telenet.be (policy=none); spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: 2.30 Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=telenet.be header.s=r22 header.b=XCVxUIoj; dmarc=fail reason="SPF not aligned (relaxed)" header.from=telenet.be (policy=none); spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: 6662213C46 X-Spam-Score: 2.30 X-Migadu-Scanner: scn0.migadu.com X-TUID: dEjHKdGSKkjf --=-RXLnN9mOmgNNzpghwrYe Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Ludovic Court=C3=A8s schreef op zo 27-02-2022 om 14:52 [+0100]: > It would add a dependency on Perl, which is not great (I=E2=80=99m not su= re > whether it complicates bootstrapping since Perl is already present early > on, but it=E2=80=99s safer to avoid it.) >=20 > We could rewrite =E2=80=98unidata_to_charset.pl=E2=80=99 in Scheme, but t= hen Guile would > still need to provide a pre-compiled version of srfi-14.i.c for > bootstrapping purposes.=C2=A0 Or we could rewrite it in Awk, since Guile > already depends on Awk anyway. >=20 > Thoughts? The =E2=80=98blob=E2=80=99 seems relatively harmless to the compilation pro= cess, so when there are bootstrapping problems, I think we can leave it in. However, all this Unicode is important for some other things (e.g. some DNS and filesystem things). So it would be nice to validate that no attacker with access to the Guile repo stealthily introduced some wrong information in during an otherwise routine update of the Unicode information. Hence, the following proposal: * Make perl an optional dependency of Guile (upstream) and add an '--with-unicode-data=3D[...]' configure flag or something like that. If perl is detected by './configure' and '--with-unicode-data=3D...' is set, then let one of the makefiles run 'unidata_to_charset.pl' and compare the 'new' srfi-14.i.c against the old srfi-14.i.c. In case of a mismatch, bail out. When there's no perl or --with-unicode-data, then just use the bundled srfi-14.i.c. * Add 'perl' (or 'perl-boot0' because that perl is probably good enough?) to the native-inputs of guile. Actually, the second is already done in 'guile-final'. Optionally, this can be combined with rewriting it in Scheme or some other language. Greetings, Maxime. --=-RXLnN9mOmgNNzpghwrYe Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- iI0EABYKADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYhvU7hccbWF4aW1lZGV2 b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7pwAAQDFefThfyfeHsBzgpESmoMmRV99 y7Kt63HyUVHP2EQfQQD+NVgiSFclGHyLIKawfNivHP1yRbIXFi2gawmfZabyPQ4= =Tqj0 -----END PGP SIGNATURE----- --=-RXLnN9mOmgNNzpghwrYe--