From mboxrd@z Thu Jan 1 00:00:00 1970 From: Ben Woodcroft Subject: Re: [PATCH] tar bombs and muscle Date: Sun, 17 Jan 2016 11:51:55 +1000 Message-ID: <569AF3BB.7080305@uq.edu.au> References: <569AEE9B.6070709@uq.edu.au> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="------------030002000703090701010405" Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:58240) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aKcVn-0000Vd-Jq for guix-devel@gnu.org; Sat, 16 Jan 2016 20:52:12 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1aKcVi-0005ad-BO for guix-devel@gnu.org; Sat, 16 Jan 2016 20:52:11 -0500 Received: from mailhub1.soe.uq.edu.au ([130.102.132.208]:55137 helo=newmailhub.uq.edu.au) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aKcVh-0005aJ-Ni for guix-devel@gnu.org; Sat, 16 Jan 2016 20:52:06 -0500 Received: from smtp1.soe.uq.edu.au (smtp1.soe.uq.edu.au [10.138.113.40]) by newmailhub.uq.edu.au (8.14.5/8.14.5) with ESMTP id u0H1q2Wq027888 for ; Sun, 17 Jan 2016 11:52:03 +1000 Received: from [192.168.1.105] (static.customers.nuskope.com.au [103.25.181.216] (may be forged)) (authenticated bits=0) by smtp1.soe.uq.edu.au (8.14.5/8.14.5) with ESMTP id u0H1q1sn033461 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT) for ; Sun, 17 Jan 2016 11:52:02 +1000 In-Reply-To: <569AEE9B.6070709@uq.edu.au> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org To: "guix-devel@gnu.org" This is a multi-part message in MIME format. --------------030002000703090701010405 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit On 17/01/16 11:30, Ben Woodcroft wrote: > Hi, > > There is a somewhat popular bioinformatics program muscle whose > download tgz is a tar bomb. The bomb moniker seems especially > appropriate here, since it made the gnu-build-system error out, and > patching gnu-build-system requires a lot of rebuilding. In the > attached patches Oops, I wasn't coming off master, so those packages are not apply-able. Attached is better. --------------030002000703090701010405 Content-Type: text/x-patch; name="0001-build-Accept-source-archives-that-do-not-contain-a-d.patch" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename*0="0001-build-Accept-source-archives-that-do-not-contain-a-d.pa"; filename*1="tch" >From 530d81289ef5cab7010209fe0604a82b73459e4c Mon Sep 17 00:00:00 2001 From: Ben Woodcroft Date: Sat, 16 Jan 2016 22:02:22 +1000 Subject: [PATCH 1/2] build: Accept source archives that do not contain a directory. * guix/build/gnu-build-system.scm (unpack): Do not attempt to change directory after extracting archive if the archive does not contain any directories. --- guix/build/gnu-build-system.scm | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/guix/build/gnu-build-system.scm b/guix/build/gnu-build-system.scm index ff7646b..f1a84ef 100644 --- a/guix/build/gnu-build-system.scm +++ b/guix/build/gnu-build-system.scm @@ -142,7 +142,10 @@ working directory." (and (if (string-suffix? ".zip" source) (zero? (system* "unzip" source)) (zero? (system* "tar" "xvf" source))) - (chdir (first-subdirectory "."))))) + (let ((subdirectory (first-subdirectory "."))) + (if subdirectory + (chdir (first-subdirectory ".")) + #t))))) ;; See . (define* (patch-usr-bin-file #:key native-inputs inputs -- 2.6.3 --------------030002000703090701010405 Content-Type: text/x-patch; name="0002-gnu-Add-muscle.patch" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="0002-gnu-Add-muscle.patch" >From 567ddebd4f9a8d9e0b5681dae1ec639987c69064 Mon Sep 17 00:00:00 2001 From: Ben Woodcroft Date: Sat, 16 Jan 2016 22:12:23 +1000 Subject: [PATCH 2/2] gnu: Add muscle. * gnu/packages/bioinformatics.scm (muscle): New variable. --- gnu/packages/bioinformatics.scm | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/gnu/packages/bioinformatics.scm b/gnu/packages/bioinformatics.scm index 314d0ad..f9d8068 100644 --- a/gnu/packages/bioinformatics.scm +++ b/gnu/packages/bioinformatics.scm @@ -2070,6 +2070,37 @@ RNA-Seq, the MISO model uses Bayesian inference to compute the probability that a read originated from a particular isoform.") (license license:gpl2))) +(define-public muscle + (package + (name "muscle") + (version "3.8.1551") + (source (origin + (method url-fetch) + (uri (string-append + "http://www.drive5.com/muscle/muscle_src_" + version ".tar.gz")) + (sha256 + (base32 + "0bj8kj7sdizy3987zx6w7axihk40fk8rn76mpbqqjcnd64i5a367")))) + (build-system gnu-build-system) + (arguments + `(#:make-flags (list "LDLIBS = -lm") + #:tests? #f ; no tests + #:phases + (modify-phases %standard-phases + (delete 'configure) + (replace 'install + (lambda* (#:key outputs #:allow-other-keys) + (let* ((out (assoc-ref outputs "out")) + (bin (string-append out "/bin"))) + (install-file "muscle" bin))))))) + (home-page "http://www.drive5.com/muscle") + (synopsis "Multiple sequence alignment program") + (description + "MUSCLE aims to be a fast and accurate multiple sequence +alignment program for nucleotide and protein sequences.") + (license license:public-domain))) + (define-public orfm (package (name "orfm") -- 2.6.3 --------------030002000703090701010405--