Hi,

I looked a bit in the source code, and it seems to be missing
some error checking.  E.g., in libcpuid/cpuid_main.c:,
it is not verified that 'malloc' succeeded.

        list->names = (char**) malloc(sizeof(char*) * n);
        [...]
        list->names[n] = (char*) malloc (i - last)
        [....]
        list->names[n][i - last - 1 = '\0']

It doesn't seem exploitable here, but I would recommend something
like 'xmalloc' instead to avoid (anti-)learning by bad examples.

Also, in the package definition, you are using cmake-build-system.
This works, but the README doesn't mention CMake anywhere and instead
mentions the autotools (autoconf etc.) and has configure.ac, so I would
use gnu-build-system instead.

Zhu Zihao schreef op za 15-01-2022 om 13:47 [+0800]:
> +      (arguments
> +       (list
> +        #:configure-flags #~(list "-DLIBCPUID_TESTS=ON")
> +        #:phases
> +        #~(modify-phases %standard-phases
> +            (add-after 'unpack 'absolutize
> +              (lambda* (#:key inputs #:allow-other-keys)
> +                ;; Linux specific
> +                (when #$(target-linux?)
> +                  (substitute* "libcpuid/rdmsr.c"
> +                    (("modprobe") (which "modprobe")))))))))

This use of 'which' doesn't work when cross-compiling because it looks
in $PATH (which contains (possibly implicit) native-inputs) and not
'inputs' -- 'inputs' and 'native-inputs' are merged together when
compiling natively so this doesn't cause errors when compiling natively
but it doesn't work when cross-compiling -- try
"./pre-inst-env guix build libcpuid --target=aarch64-linux-gnu".

I would use 'search-input-file' instead:

        ;; using (when #$(target-linux? ...) ...) instead
        ;; of 'guard' would also work
        #~(modify-phases %standard-phases
            (add-after 'unpack 'absolutize
              (lambda* (#:key inputs #:allow-other-keys)
                ;; modprobe doesn't exist on the Hurd 
                (guard (c ((search-error? c) (values)))
                  (substitute* "libcpuid/rdmsr.c"
                    (("modprobe")
                     (search-input-file inputs "bin/modprobe")))))))))


> + confused with the @code{cpuid} command line utility from package
> + @code{cpuid}.")

A definite article is missing before 'package'.

> +      (native-inputs (list python-3))   ;required by tests

I would keep the original comment

      ;; a python from the 3. series is required by tests

here, because it is important that it comes from the 3. series
-- the shebang uses "/usr/bin/env python3", not "python3".  This
comment would be helpful when updating python to the 4. series
(these versions don't exist yet but presumably they eventually will),
as it would make it clear that we cannot simply replace 'python-3' with
'python-4'.

Greetings,
Maxime.