From mboxrd@z Thu Jan 1 00:00:00 1970 From: Ben Woodcroft Subject: Re: [PATCH 2/3] gnu: Add python-pyxb. Date: Fri, 23 Sep 2016 11:28:43 +1000 Message-ID: <03badac9-3d2d-25ad-b0ed-3695d8a70bc7@uq.edu.au> References: <20160917101047.4597-1-mbakke@fastmail.com> <20160917101047.4597-3-mbakke@fastmail.com> <3bd16b58-b3d1-d47c-2433-c3a721681463@uq.edu.au> <39d81c47-a96d-1f1c-ad1d-a80e7b7f109d@uq.edu.au> <1a9d61d6-0ee2-1161-25b4-9ffd32396039@uq.edu.au> <87h999ymzk.fsf@ike.i-did-not-set--mail-host-address--so-tickle-me> <679cc096-9eed-152f-0a01-f4a1d85c422e@uq.edu.au> <87eg4cyni4.fsf@ike.i-did-not-set--mail-host-address--so-tickle-me> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:52893) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bnFIQ-00077T-Kv for guix-devel@gnu.org; Thu, 22 Sep 2016 21:29:00 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bnFIN-0006gV-Ec for guix-devel@gnu.org; Thu, 22 Sep 2016 21:28:58 -0400 Received: from mailhub1.soe.uq.edu.au ([130.102.132.208]:50019 helo=newmailhub.uq.edu.au) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bnFIM-0006aM-S3 for guix-devel@gnu.org; Thu, 22 Sep 2016 21:28:55 -0400 In-Reply-To: <87eg4cyni4.fsf@ike.i-did-not-set--mail-host-address--so-tickle-me> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Marius Bakke , "guix-devel@gnu.org" On 09/23/2016 01:15 AM, Marius Bakke wrote: > Ben Woodcroft writes: > >>> Subject: [PATCH 1/3] gnu: python-pysam: Update to 0.9.1.4. >> I'm not sure whether this is a product of the upgrade or not, but I >> notice this in the build log. I think it is harmless though, WDYT? >> >> starting phase `validate-runpath' >> validating RUNPATH of 10 binaries in >> "/gnu/store/bpiq3lm6b1kpf54i1vj2dl09ff293wic-python-pysam-0.9.1.4/lib"... >> /gnu/store/bpiq3lm6b1kpf54i1vj2dl09ff293wic-python-pysam-0.9.1.4/lib/python3.4/site-packages/pysam-0.9.1.4-py3.4-linux-x86_64.egg/pysam/libchtslib.cpython-34m.so: >> warning: RUNPATH contains bogus entries: ("pysam" "." >> "build/lib.linux-x86_64-3.4/pysam") > I don't see this in the previous version, so it is a regression. > However, it should be mostly harmless. Readelf reports (when compiled > with external htslib, see below): > > 0x000000000000001d (RUNPATH) Library runpath: [/gnu/store/m4gc2wx4q9if1vrhgclpspdil7rqsn21-python-3.4.3/lib:/gnu/store/ba22myqvxccwmmjwwq665rc43hanycxy-htslib-1.3.1/lib:build/lib.linux-x86_64-3.4/pysam:$ORIGIN:/gnu/store/m9vxvhdj691bq1f85lpflvnhcvrdilih-glibc-2.23/lib:/gnu/store/9nifwk709wajpyfwa0jzaa3p6mf10vxs-gcc-4.9.3-lib/lib:/gnu/store/xl19qrfzga52vrvp4ncccwjlnrjqwj95-ncurses-6.0/lib:/gnu/store/5992iq1v7arqa14ym3di58n4la0893nv-zlib-1.2.8/lib:/gnu/store/9nifwk709wajpyfwa0jzaa3p6mf10vxs-gcc-4.9.3-lib/lib/gcc/x86_64-unknown-linux-gnu/4.9.3/../../..] > > Compared to the runpath of the same file currently in Guix: > > 0x000000000000001d (RUNPATH) Library runpath: [/gnu/store/m4gc2wx4q9if1vrhgclpspdil7rqsn21-python-3.4.3/lib:/gnu/store/m9vxvhdj691bq1f85lpflvnhcvrdilih-glibc-2.23/lib:/gnu/store/9nifwk709wajpyfwa0jzaa3p6mf10vxs-gcc-4.9.3-lib/lib:/gnu/store/xl19qrfzga52vrvp4ncccwjlnrjqwj95-ncurses-6.0/lib:/gnu/store/5992iq1v7arqa14ym3di58n4la0893nv-zlib-1.2.8/lib:/gnu/store/9nifwk709wajpyfwa0jzaa3p6mf10vxs-gcc-4.9.3-lib/lib/gcc/x86_64-unknown-linux-gnu/4.9.3/../../..] > > If a folder named "$CWD/build/lib.linux-x86_64-3.4/pysam exists, it > could potentially allow for code injection, which is troubling. > > I opened an issue on their tracker, but don't think it's worth holding > the patch: https://github.com/pysam-developers/pysam/issues/347 Thanks, I agree. > >> Also, I notice that pysam bundles htslib, bcftools and samtools C code. >> Hopefully it should be straightforward enough to remove htslib as there >> are install instructions, I'm not sure about the other two. This >> shouldn't block the patch here, but would you mind taking a look? >> http://pysam.readthedocs.io/en/latest/installation.html#installation > I had a go at this, and also enabled tests since I was reading the build > system anyway. Samtools and bcftools does not seem possible to un-bundle > at this time, but htslib was straightforward. OK. I don't think it needs to be propagated though, right? Also, would you mind separating the change to modify-phases syntax and unbundling of htslib into two patches please? Other than that this whole series LGTM. Sorry, I keep asking one more thing.. ben