On Fri, Nov 09, 2018 at 12:11:34AM +0100, Björn Höfling wrote: > On Thu, 08 Nov 2018 09:50:23 +0100 > ludo@gnu.org (Ludovic Courtès) wrote: > > > Hello, > > > > Danny Milosavljevic skribis: > > > > > I think it would be good to have guix check for closed-source > > > binaries after unpacking, automatically (including jar files with > > > class files in them). > > > > Oh right, jars are certainly quite common, more than .so files. > > > > >> > No idea if it's worth the trouble/performance hit/false-positive > > >> > rate, of course. That's for the ner^Wgods to decide. > > >> > > >> Yeah I wonder if it would be fruitful. > > > > > > Marking known-good binaries (whitelisting) is still better than > > > hoping we notice some closed-source binary (blacklisting). > > > > > > It would be a conspicious reminder of what we still have to do - as > > > opposed to the situation now where it's mostly in someone's head > > > (if at all). > > > > Yeah, that makes sense. > > > > What about adding such a phase in %standard-phases in > > core-updates-next? I guess it could check for files that match > > ‘elf-file?’ or ‘ar-file?’ and for *.jar. WDYT? > > > > We must make add a keyword parameter in ‘gnu-build-system’ to make it > > easy to disable it and/or to skip specific files. > > That is definitively a good idea. > > One of my review-tasks is this: > > [] Binaries included? If yes, created a snipped? > find . -name "*.rar" -or -name "*.pdf" -or -name "*.bin" -or -name "*.pdf" -or -name "*.dsy" -or -name "*.jar" -or -name "*.exe" also "*.so" or "*.a" I assume. For python we'd want to grep the source files for "Generated by Cython" > > Should this be a phase of the build system? Or just a linter, that was > my first idea? I'd go with a phase > > If it is a build-system-phase, it should probably go to core-updates > and beforehand someone must rebuild the world. I'm sure at least for > Java there are some JARs remaining and I had the plan to fold-packages > through them, but that had low priority. > > Björn -- Efraim Flashner אפרים פלשנר GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351 Confidentiality cannot be guaranteed on emails sent or received unencrypted