Ben Woodcroft writes: >> Subject: [PATCH 1/3] gnu: python-pysam: Update to 0.9.1.4. > I'm not sure whether this is a product of the upgrade or not, but I > notice this in the build log. I think it is harmless though, WDYT? > > starting phase `validate-runpath' > validating RUNPATH of 10 binaries in > "/gnu/store/bpiq3lm6b1kpf54i1vj2dl09ff293wic-python-pysam-0.9.1.4/lib"... > /gnu/store/bpiq3lm6b1kpf54i1vj2dl09ff293wic-python-pysam-0.9.1.4/lib/python3.4/site-packages/pysam-0.9.1.4-py3.4-linux-x86_64.egg/pysam/libchtslib.cpython-34m.so: > warning: RUNPATH contains bogus entries: ("pysam" "." > "build/lib.linux-x86_64-3.4/pysam") I don't see this in the previous version, so it is a regression. However, it should be mostly harmless. Readelf reports (when compiled with external htslib, see below): 0x000000000000001d (RUNPATH) Library runpath: [/gnu/store/m4gc2wx4q9if1vrhgclpspdil7rqsn21-python-3.4.3/lib:/gnu/store/ba22myqvxccwmmjwwq665rc43hanycxy-htslib-1.3.1/lib:build/lib.linux-x86_64-3.4/pysam:$ORIGIN:/gnu/store/m9vxvhdj691bq1f85lpflvnhcvrdilih-glibc-2.23/lib:/gnu/store/9nifwk709wajpyfwa0jzaa3p6mf10vxs-gcc-4.9.3-lib/lib:/gnu/store/xl19qrfzga52vrvp4ncccwjlnrjqwj95-ncurses-6.0/lib:/gnu/store/5992iq1v7arqa14ym3di58n4la0893nv-zlib-1.2.8/lib:/gnu/store/9nifwk709wajpyfwa0jzaa3p6mf10vxs-gcc-4.9.3-lib/lib/gcc/x86_64-unknown-linux-gnu/4.9.3/../../..] Compared to the runpath of the same file currently in Guix: 0x000000000000001d (RUNPATH) Library runpath: [/gnu/store/m4gc2wx4q9if1vrhgclpspdil7rqsn21-python-3.4.3/lib:/gnu/store/m9vxvhdj691bq1f85lpflvnhcvrdilih-glibc-2.23/lib:/gnu/store/9nifwk709wajpyfwa0jzaa3p6mf10vxs-gcc-4.9.3-lib/lib:/gnu/store/xl19qrfzga52vrvp4ncccwjlnrjqwj95-ncurses-6.0/lib:/gnu/store/5992iq1v7arqa14ym3di58n4la0893nv-zlib-1.2.8/lib:/gnu/store/9nifwk709wajpyfwa0jzaa3p6mf10vxs-gcc-4.9.3-lib/lib/gcc/x86_64-unknown-linux-gnu/4.9.3/../../..] If a folder named "$CWD/build/lib.linux-x86_64-3.4/pysam exists, it could potentially allow for code injection, which is troubling. I opened an issue on their tracker, but don't think it's worth holding the patch: https://github.com/pysam-developers/pysam/issues/347 > > Also, I notice that pysam bundles htslib, bcftools and samtools C code. > Hopefully it should be straightforward enough to remove htslib as there > are install instructions, I'm not sure about the other two. This > shouldn't block the patch here, but would you mind taking a look? > http://pysam.readthedocs.io/en/latest/installation.html#installation I had a go at this, and also enabled tests since I was reading the build system anyway. Samtools and bcftools does not seem possible to un-bundle at this time, but htslib was straightforward. Enabling tests required packaging bcftools as well. I've attached the full patch series below. The first three commits are unchanged. Thanks!