From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp10.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms9.migadu.com with LMTPS id iOyoGateJWT7TQEASxT56A (envelope-from ) for ; Thu, 30 Mar 2023 12:04:27 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp10.migadu.com with LMTPS id WLK5GKteJWRpuAAAG6o9tA (envelope-from ) for ; Thu, 30 Mar 2023 12:04:27 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 27EDCF0EB for ; Thu, 30 Mar 2023 12:04:26 +0200 (CEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1php8a-00036M-Pn; Thu, 30 Mar 2023 06:04:08 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1php8Y-00035u-Ss for guix-devel@gnu.org; Thu, 30 Mar 2023 06:04:06 -0400 Received: from hera.aquilenet.fr ([185.233.100.1]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1php8X-0007B5-11 for guix-devel@gnu.org; Thu, 30 Mar 2023 06:04:06 -0400 Received: from localhost (localhost [127.0.0.1]) by hera.aquilenet.fr (Postfix) with ESMTP id 1193AB2; Thu, 30 Mar 2023 12:04:02 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at hera.aquilenet.fr Received: from hera.aquilenet.fr ([127.0.0.1]) by localhost (hera.aquilenet.fr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jIlxXpTCrznA; Thu, 30 Mar 2023 12:04:00 +0200 (CEST) Received: from jurong (unknown [IPv6:2001:861:c4:f2f0::c64]) by hera.aquilenet.fr (Postfix) with ESMTPSA id ED3AD9D9; Thu, 30 Mar 2023 12:03:58 +0200 (CEST) Date: Thu, 30 Mar 2023 12:03:57 +0200 From: Andreas Enge To: Christopher Baines Cc: guix-devel Subject: Re: How to manage package replacements? Message-ID: References: <877cv1nl1k.fsf@cbaines.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <877cv1nl1k.fsf@cbaines.net> Received-SPF: pass client-ip=185.233.100.1; envelope-from=andreas@enge.fr; helo=hera.aquilenet.fr X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: guix-devel-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=none; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org"; dmarc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1680170667; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post; bh=FdMWWO/0Ptn9NppnbgM1OaD97T6NA8KTeqhcRw1Ms2g=; b=l+n0zHBHV1g5AM09ybbu+4Am/GrTZ8fznkTH2DqagaE0Xew5IPmlsRI3owGYOVeFe+fqiD HFsWownQJQIGnPJbzPkAX+FFe+v7iMk3OfM76zPyadprVOe/rHn78Ysw/U/PlW1bFUqvxq Xz2t7SZ2ozQz4MkJ4TAyyXKM4Ns1PPXVXchb+v44Qiwr0ZlnCnIUUzpn+/noUgKOxw8mUK v4jyphHn14+haK3ladH1qruWDpwBB/h0cB3/QrcU0yd96eQyFC92yU7r3PanGGPqkXiTcy /RQ7NNGTwmhkVqIto2ngt1ONn4ib+cZxoGkC38dPtEwe9lp2aOGQKsCuhxsEeQ== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1680170667; a=rsa-sha256; cv=none; b=uRjOEoj8hRROMLJFGt6mgVmxAtDTbI4F6rjKG0ssyfp9mGuqObpRKu6guAyxB76gVPf0hl get9WtBPbJnSm94WWQCA2vAL+w73PvLFz0EvclseQxHLqn1zRqPz3jrW/Wn1+Dr5VuXRp8 6NIoWSFRt0E+AKS8Mj0M68U0G9S/+5fi9Q6fxHpWQ+iMs8wa7JgpZKV/pULNRdaTtGvEUq JXupaXtkz0X0Umt+koXMnsB1Y/TEmlGiyioBHo5t0S5l7z5r4yaOZSk+hAmeYIiUf2oRRV BMqDs0C0A4ZgOgcN7LMY3eCW6tZ3e65VsxGmUSO9iiWzmP10g7aHiDzYBBgtvw== X-Migadu-Spam-Score: -1.52 X-Migadu-Scanner: scn1.migadu.com X-Migadu-Queue-Id: 27EDCF0EB Authentication-Results: aspmx1.migadu.com; dkim=none; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org"; dmarc=none X-Spam-Score: -1.52 X-TUID: LgrAPSLGfqZ8 Hello, Am Tue, Mar 28, 2023 at 12:51:30PM +0100 schrieb Christopher Baines: > Does anyone know what needs to be done in any/every case when replacing > a package? I have no idea, and if the lack of reply means that nobody else does, this is somewhat worrying ;-) For python-pillow, I get this: guix build: warning: ambiguous package specification `python-pillow' guix build: warning: choosing python-pillow@9.2.0 from gnu/packages/python-xyz.scm:7705:2 Maybe it would already be helpful to also print the other location(s) for the ambiguous package in the warning message? The rationale is explained here: https://guix.gnu.org/de/manual/devel/en/guix.html#Security-Updates Replacements work on the level of Scheme variables: Any package having python-pillow as input will be served with python-pillow/security-fixes instead, since we have this: (define-public python-pillow (package (name "python-pillow") (version "9.2.0") (replacement python-pillow/security-fixes) ... (define-public python-pillow/security-fixes (package-with-patches python-pillow (search-patches "python-pillow-CVE-2022-45199.patch"))) Here the two packages have the same name field, which confuses the command line interface. Hiding the first one looks like a solution, or giving them different names "python-pillow-insecure" for the first one and "python-pillow" for the second one, for instance, the important point being that the second one gets the usual name. Hm, the reference to the manual above mentions that the names must have the same length. So maybe use "python-pilXXX" for the first one? But then it gets recompiled, which is exactly what grafting tries to avoid. So hiding seems to be the only option. Caeterum censeo the solution to everythig is ungrafting :-) Andreas