From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0.migadu.com ([2001:41d0:303:e224::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms1.migadu.com with LMTPS id GDaWFqcGGWYVAAAAqHPOHw:P1 (envelope-from ) for ; Fri, 12 Apr 2024 12:02:15 +0200 Received: from aspmx1.migadu.com ([2001:41d0:303:e224::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0.migadu.com with LMTPS id GDaWFqcGGWYVAAAAqHPOHw (envelope-from ) for ; Fri, 12 Apr 2024 12:02:15 +0200 X-Envelope-To: larch@yhetil.org Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gnu.org header.s=fencepost-gnu-org header.b=MlizuLos; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org"; dmarc=pass (policy=none) header.from=gnu.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1712916135; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:list-id:list-help: list-unsubscribe:list-subscribe:list-post:dkim-signature; bh=wKoIiFhKzzqwldiPEG+NQ0gzgMrioWP0sLeN6o1yCW4=; b=FPN1LjUZG1EwPRH2wnPhldM7COTOhRWNv3q9l1BxwT2UWzHtfWLGRFuNIEXsoGRrmS2bnY MKLzD3u/PRDAZvk4T1ELT0b4p3Pgm+Sx0Fnqx4ecRkB4VHRLoNR1OtjKUAzrfRpL0WtpRT fKnlUqN7UvPGiUqKpgurWNoHXzPaJBXP0NAzOHkCTGfHiz5/dHgK/qSqkagGwTvV8xA8Su RmxVv6S6S8wgNnv2zgTWDQDjtADGuRP/DMVu8u5j4fEET9y0eHx7cJjOlfnGR/ZfjYKTJG 7wQHPqPj597cpLs0DViZQt8l5wz8gHSpcx+2R6ILtzxv3dDy/gcFsLNLI7Mvlg== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1712916135; a=rsa-sha256; cv=none; b=UHw3FN1g5CjrGdsjWyE+6JO79uOyQZyrSPVUu8JoaDdfiPs4nbnuUbfn0hrOUoOEqQNV7z ReYjfT1YhKweTgWirwW6JLprMusZOI9zi5WGObeq+3nWroeUsOj5zgiq6K//9hgHooN+XO qxTlXUlPWibd+8W+SNe4NOWcvIiFxDo5NhL/uYq4Bphq3Y/6YQPXN2C5zwzuJh+Azq5LfV eMTGx7PLuRstEby2ZxZneomaHoXzGtNICY+B4v6a4Ta1RilYmqhXa9kx4shT2W/u5TMij/ NvSfbCzVDxy0gT6mpLXTW1S8A6vDmCKoF+D3Fca9mqc/Up6vLuZdR/BB21lGtQ== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gnu.org header.s=fencepost-gnu-org header.b=MlizuLos; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org"; dmarc=pass (policy=none) header.from=gnu.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 186C012F6A for ; Fri, 12 Apr 2024 12:02:15 +0200 (CEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rvDjP-00035i-Ev; Fri, 12 Apr 2024 06:02:03 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rvDjO-00035G-15 for guix-patches@gnu.org; Fri, 12 Apr 2024 06:02:02 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rvDjN-0001De-CL; Fri, 12 Apr 2024 06:02:01 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1rvDjR-0001PO-4M; Fri, 12 Apr 2024 06:02:05 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#70350] [PATCH] pack: =?UTF-8?Q?=E2=80=98-R=E2=80=99?= (once) does not include fakechroot fallback. Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix@cbaines.net, dev@jpoiret.xyz, ludo@gnu.org, othacehe@gnu.org, rekado@elephly.net, zimon.toutoune@gmail.com, me@tobias.gr, guix-patches@gnu.org Resent-Date: Fri, 12 Apr 2024 10:02:04 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 70350 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 70350@debbugs.gnu.org Cc: Ludovic =?UTF-8?Q?Court=C3=A8s?= , romain.garbage@inria.fr, Christopher Baines , Josselin Poiret , Ludovic =?UTF-8?Q?Court=C3=A8s?= , Mathieu Othacehe , Ricardo Wurmus , Simon Tournier , Tobias Geerinckx-Rice X-Debbugs-Original-To: guix-patches@gnu.org X-Debbugs-Original-Xcc: Christopher Baines , Josselin Poiret , Ludovic =?UTF-8?Q?Court=C3=A8s?= , Mathieu Othacehe , Ricardo Wurmus , Simon Tournier , Tobias Geerinckx-Rice Received: via spool by submit@debbugs.gnu.org id=B.17129161095254 (code B ref -1); Fri, 12 Apr 2024 10:02:04 +0000 Received: (at submit) by debbugs.gnu.org; 12 Apr 2024 10:01:49 +0000 Received: from localhost ([127.0.0.1]:57917 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rvDj9-0001MW-Mn for submit@debbugs.gnu.org; Fri, 12 Apr 2024 06:01:49 -0400 Received: from lists.gnu.org ([2001:470:142::17]:49802) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rvDj3-0001KX-D0 for submit@debbugs.gnu.org; Fri, 12 Apr 2024 06:01:46 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rvDin-0002iu-MP for guix-patches@gnu.org; Fri, 12 Apr 2024 06:01:25 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rvDim-000190-Ep; Fri, 12 Apr 2024 06:01:24 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:Date:Subject:To:From:in-reply-to: references; bh=wKoIiFhKzzqwldiPEG+NQ0gzgMrioWP0sLeN6o1yCW4=; b=MlizuLosbeH9p3 mpjmYvNa08H6BDD3ubtq1KUrG5PnfdhiOVNgQzzc0PiXZMwD4QSxNawVbSn1EdSc0O6mNmkaS9dLY 4IAphg8OfkwGLWj7KP0P4meuLk9D/GqogWWFUEsPCzOytFPOUL+hWGQm3ALbMkRo+KeQe8A2t9v+e JQAOEk718Nd/JF3mNbZEj1LgU6RgcTH+tUXIN5K+NDMTubSySywD/2F8nB+BYptPQ/y5sAethVLJ8 M0npzHQE2dL+xqKm+0YszLQt3XlwR9WEzXhDie/509kfmnHTLraDGNRrReLK0C5aWNyZTK64UV+S6 NXPxIFGlDtMQc+6umB2Q==; From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Date: Fri, 12 Apr 2024 12:01:17 +0200 Message-ID: X-Mailer: git-send-email 2.41.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: guix-patches-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US X-Migadu-Spam-Score: -4.58 X-Spam-Score: -4.58 X-Migadu-Queue-Id: 186C012F6A X-Migadu-Scanner: mx12.migadu.com X-TUID: OlbfH49k+Zm6 From: Ludovic Courtès Previously, ‘guix pack -R’ would build a wrapper containing both the “userns” and “fakechroot” engines, instead of providing nothing but the “userns” engine as the manual says. This patch fixes it. * guix/scripts/pack.scm (wrapped-package): Add #:fakechroot? [build]: When FAKECHROOT? is false, ‘elf-loader-compile-flags’ always returns '(). Change-Id: Ic75cc8c36bf0a3881f299b274d78bd9fc2d4e2bb --- guix/scripts/pack.scm | 78 ++++++++++++++++++++++--------------------- 1 file changed, 40 insertions(+), 38 deletions(-) Hello! I stumbled upon the bug whereby ‘guix pack -RR’, just like (guix build gremlins), loads entire ELF files in memory just to parse them, which can OOM if said files are large enough: https://issues.guix.gnu.org/59365#4 I thought passing a single ‘-R’ would allow me to work around the problem, since the fakechroot engine was not supposed to be compiled in this case, but it turns out it was. This patch makes ‘guix pack’ conform with the doc: with a single ‘-R’, only the “userns” engine gets compiled. Thoughts? Ludo’. diff --git a/guix/scripts/pack.scm b/guix/scripts/pack.scm index 3e45c34895..fe4df042d7 100644 --- a/guix/scripts/pack.scm +++ b/guix/scripts/pack.scm @@ -1,5 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2015, 2017-2023 Ludovic Courtès +;;; Copyright © 2015, 2017-2024 Ludovic Courtès ;;; Copyright © 2017, 2018 Ricardo Wurmus ;;; Copyright © 2018 Konrad Hinsen ;;; Copyright © 2018 Chris Marusich @@ -1066,10 +1066,11 @@ (define* (wrapped-package package #:optional (output* "out") (compiler (c-compiler)) - #:key proot?) + #:key proot? (fakechroot? proot?)) "Return the OUTPUT of PACKAGE with its binaries wrapped such that they are relocatable. When PROOT? is true, include PRoot in the result and use it as a -last resort for relocation." +last resort for relocation. When FAKECHROOT? is true, include +libfakechroot.so and related ld.so machinery as a fallback." (define runner (local-file (search-auxiliary-file "run-in-namespace.c"))) @@ -1161,43 +1162,44 @@ (define* (wrapped-package package (define (elf-loader-compile-flags program) ;; Return the cpp flags defining macros for the ld.so/fakechroot ;; wrapper of PROGRAM. + #$(if fakechroot? + ;; TODO: Handle scripts by wrapping their interpreter. + #~(if (elf-file? program) + (let* ((bv (call-with-input-file program + get-bytevector-all)) + (elf (parse-elf bv)) + (interp (elf-interpreter elf)) + (gconv (and interp + (string-append (dirname interp) + "/gconv")))) + (if interp + (list (string-append "-DPROGRAM_INTERPRETER=\"" + interp "\"") + (string-append "-DFAKECHROOT_LIBRARY=\"" + #$(fakechroot-library) "\"") - ;; TODO: Handle scripts by wrapping their interpreter. - (if (elf-file? program) - (let* ((bv (call-with-input-file program - get-bytevector-all)) - (elf (parse-elf bv)) - (interp (elf-interpreter elf)) - (gconv (and interp - (string-append (dirname interp) - "/gconv")))) - (if interp - (list (string-append "-DPROGRAM_INTERPRETER=\"" - interp "\"") - (string-append "-DFAKECHROOT_LIBRARY=\"" - #$(fakechroot-library) "\"") + (string-append "-DLOADER_AUDIT_MODULE=\"" + #$(audit-module) "\"") - (string-append "-DLOADER_AUDIT_MODULE=\"" - #$(audit-module) "\"") - - ;; XXX: Normally (runpath #$(audit-module)) is - ;; enough. However, to work around - ;; - ;; (glibc <= 2.32), pass the whole search path of - ;; PROGRAM, which presumably is a superset of that - ;; of the audit module. - (string-append "-DLOADER_AUDIT_RUNPATH={ " - (string-join - (map object->string - (runpath program)) - ", " 'suffix) - "NULL }") - (if gconv - (string-append "-DGCONV_DIRECTORY=\"" - gconv "\"") - "-UGCONV_DIRECTORY")) - '())) - '())) + ;; XXX: Normally (runpath #$(audit-module)) is + ;; enough. However, to work around + ;; + ;; (glibc <= 2.32), pass the whole search path of + ;; PROGRAM, which presumably is a superset of that + ;; of the audit module. + (string-append "-DLOADER_AUDIT_RUNPATH={ " + (string-join + (map object->string + (runpath program)) + ", " 'suffix) + "NULL }") + (if gconv + (string-append "-DGCONV_DIRECTORY=\"" + gconv "\"") + "-UGCONV_DIRECTORY")) + '())) + '()) + #~'())) (define (build-wrapper program) ;; Build a user-namespace wrapper for PROGRAM. base-commit: 4e7337536ba41e888a601c92fada8a4adca9d2c6 -- 2.41.0