* bug#27120: GraphicsMagick bundles libtiff, libpng, zlib, libxml2, and more
@ 2017-05-28 20:23 Leo Famulari
2017-05-28 21:26 ` Leo Famulari
2017-05-28 22:03 ` bug#27120: [PATCH] gnu: graphicsmagick: Remove bundled libraries from source checkout Leo Famulari
0 siblings, 2 replies; 4+ messages in thread
From: Leo Famulari @ 2017-05-28 20:23 UTC (permalink / raw)
To: 27120
[-- Attachment #1: Type: text/plain, Size: 267 bytes --]
GraphicsMagick bundles a large number of 3rd party libraries.
We should unbundle and remove the ones that we can. For the rest, we
should try patching their vulnerabilities and leaving code comments
explaining the situation in the GraphicsMagick package definition.
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* bug#27120: GraphicsMagick bundles libtiff, libpng, zlib, libxml2, and more
2017-05-28 20:23 bug#27120: GraphicsMagick bundles libtiff, libpng, zlib, libxml2, and more Leo Famulari
@ 2017-05-28 21:26 ` Leo Famulari
2017-05-28 22:03 ` bug#27120: [PATCH] gnu: graphicsmagick: Remove bundled libraries from source checkout Leo Famulari
1 sibling, 0 replies; 4+ messages in thread
From: Leo Famulari @ 2017-05-28 21:26 UTC (permalink / raw)
To: 27120
[-- Attachment #1: Type: text/plain, Size: 666 bytes --]
On Sun, May 28, 2017 at 04:23:21PM -0400, Leo Famulari wrote:
> GraphicsMagick bundles a large number of 3rd party libraries.
>
> We should unbundle and remove the ones that we can. For the rest, we
> should try patching their vulnerabilities and leaving code comments
> explaining the situation in the GraphicsMagick package definition.
The GraphicsMagick release tarball doesn't include these bundled
libraries. They are only in the Mercurial checkout.
We did not have to adjust our package very much when switching from the
release tarballs to the Mercurial checkout, so they are probably not
used, and it should not be too hard to unbundle them.
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* bug#27120: [PATCH] gnu: graphicsmagick: Remove bundled libraries from source checkout.
2017-05-28 20:23 bug#27120: GraphicsMagick bundles libtiff, libpng, zlib, libxml2, and more Leo Famulari
2017-05-28 21:26 ` Leo Famulari
@ 2017-05-28 22:03 ` Leo Famulari
2017-05-30 15:08 ` Ludovic Courtès
1 sibling, 1 reply; 4+ messages in thread
From: Leo Famulari @ 2017-05-28 22:03 UTC (permalink / raw)
To: 27120
Fixes <https://bugs.gnu.org/27120>.
* gnu/packages/imagemagick.scm (graphicsmagick)[source]: Add a snippet
to delete bundled libraries.
[version]: Bump the package revision counter to 3.
---
gnu/packages/imagemagick.scm | 17 +++++++++++++++--
1 file changed, 15 insertions(+), 2 deletions(-)
diff --git a/gnu/packages/imagemagick.scm b/gnu/packages/imagemagick.scm
index bde3ebe40..3f7d95c2e 100644
--- a/gnu/packages/imagemagick.scm
+++ b/gnu/packages/imagemagick.scm
@@ -163,7 +163,7 @@ script.")
(define-public graphicsmagick
(let ((changeset "6156b4c2992d855ece6079653b3b93c3229fc4b8") ; fix CVE-2017-6335
- (revision "2"))
+ (revision "3"))
(package
(name "graphicsmagick")
(version (string-append "1.3.25-" revision "."
@@ -180,7 +180,20 @@ script.")
;; "/GraphicsMagick-" version ".tar.xz"))
(sha256
(base32
- "08yfsn8mrqkwpax43vv1crfr55rcf004wwpzsinr5c6m0asqr08b"))))
+ "08yfsn8mrqkwpax43vv1crfr55rcf004wwpzsinr5c6m0asqr08b"))
+ (modules '((guix build utils)))
+ (snippet
+ '(begin
+ ;; Remove bundled software. This reduces the size of the
+ ;; build source checkout from 177 MiB to 49 MiB. This should
+ ;; not be necessary when using the GraphicsMagick release
+ ;; tarball, because these files are not distributed there.
+ (for-each delete-file-recursively '("bzlib" "dcraw" "hp2xx"
+ "jbig" "jp2" "jpeg"
+ "lcms" "libxml" "png"
+ "ralcgm" "tiff" "ttf"
+ "webp" "wmf" "xlib"
+ "zlib"))))))
(build-system gnu-build-system)
(arguments
`(#:configure-flags
--
2.13.0
^ permalink raw reply related [flat|nested] 4+ messages in thread
* bug#27120: [PATCH] gnu: graphicsmagick: Remove bundled libraries from source checkout.
2017-05-28 22:03 ` bug#27120: [PATCH] gnu: graphicsmagick: Remove bundled libraries from source checkout Leo Famulari
@ 2017-05-30 15:08 ` Ludovic Courtès
0 siblings, 0 replies; 4+ messages in thread
From: Ludovic Courtès @ 2017-05-30 15:08 UTC (permalink / raw)
To: Leo Famulari; +Cc: 27120
Leo Famulari <leo@famulari.name> skribis:
> Fixes <https://bugs.gnu.org/27120>.
>
> * gnu/packages/imagemagick.scm (graphicsmagick)[source]: Add a snippet
> to delete bundled libraries.
> [version]: Bump the package revision counter to 3.
That was fast!
> + (snippet
> + '(begin
> + ;; Remove bundled software. This reduces the size of the
> + ;; build source checkout from 177 MiB to 49 MiB. This should
> + ;; not be necessary when using the GraphicsMagick release
> + ;; tarball, because these files are not distributed there.
> + (for-each delete-file-recursively '("bzlib" "dcraw" "hp2xx"
> + "jbig" "jp2" "jpeg"
> + "lcms" "libxml" "png"
> + "ralcgm" "tiff" "ttf"
> + "webp" "wmf" "xlib"
> + "zlib"))))))
You can even remove ‘begin’.
LGTM, thank you!
Ludo’.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2017-05-30 15:09 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-05-28 20:23 bug#27120: GraphicsMagick bundles libtiff, libpng, zlib, libxml2, and more Leo Famulari
2017-05-28 21:26 ` Leo Famulari
2017-05-28 22:03 ` bug#27120: [PATCH] gnu: graphicsmagick: Remove bundled libraries from source checkout Leo Famulari
2017-05-30 15:08 ` Ludovic Courtès
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.