Ludovic Courtès writes: > Hi, > > Marius Bakke skribis: > >> From a5b022a355a0babdc4809f39f94b6662ea7789d1 Mon Sep 17 00:00:00 2001 >> From: Marius Bakke >> Date: Sat, 25 Nov 2017 19:17:28 +0100 >> Subject: [PATCH] gnu: glibc: Update to 2.26-91-gaaa2eb83b8. >> >> * gnu/packages/base.scm (glibc/linux): Update to 2.26-91-gaaa2eb83b8. >> [source](uri): Download from alpha.gnu.org. >> [source](patches): Remove glibc-CVE-2017-15670-15671.patch. >> --- >> gnu/packages/base.scm | 17 ++++++++++++----- >> 1 file changed, 12 insertions(+), 5 deletions(-) >> >> diff --git a/gnu/packages/base.scm b/gnu/packages/base.scm >> index a6663c5cf..20d5fa72b 100644 >> --- a/gnu/packages/base.scm >> +++ b/gnu/packages/base.scm >> @@ -515,14 +515,22 @@ store.") >> (define-public glibc/linux >> (package >> (name "glibc") >> - (version "2.26") >> + ;; Glibc has stable branches that continuously pick fixes for each supported >> + ;; release. Unfortunately they do not do point-releases, so we are stuck >> + ;; with copying almost all patches, or use a snapshot of the release branch. >> + ;; >> + ;; This version number corresponds to the output of `git describe` and the >> + ;; archive can be generated by checking out the commit ID and run: >> + ;; git archive --prefix=$(git describe)/ HEAD | xz -9 > $(git describe).tar.xz >> + ;; See for details. >> + (version "2.26-91-gaaa2eb83b8") >> (source (origin >> (method url-fetch) >> - (uri (string-append "mirror://gnu/glibc/glibc-" >> - version ".tar.xz")) >> + (uri (string-append "https://alpha.gnu.org/gnu/guix/mirror/" >> + "glibc-" version ".tar.xz")) >> (sha256 >> (base32 >> - "1ggnj1hzjym7sn93rbwydcqd562q73lsb7g7kd199g6j9j9hlkp5")) >> + "0867nxcv3n48iq3b5f1hca7cyx8pzjva67rxyslf9l595xd934kx")) > > I’ve built the tarball locally with the command above but the hash I get is: > > 1zwz6d0x3ndd0hgqp17fx71miyjvn4dgkl1nzhaz3mbcqxzrprhk Gah. I used "xz --threads=0" initially and didn't expect it to change the outcome. I can reproduce the above hash by running the same command: $ git archive --prefix=$(git describe)/ HEAD | xz -9 > $(git describe)-nothreads.tar.xz $ guix hash glibc-2.26-91-gaaa2eb83b8-nothreads.tar.xz 1zwz6d0x3ndd0hgqp17fx71miyjvn4dgkl1nzhaz3mbcqxzrprhk Let's stick with the "nothreads" variant for compatibility.