From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <guix-patches-bounces+larch=yhetil.org@gnu.org>
Received: from mp11.migadu.com ([2001:41d0:2:bcc0::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by ms5.migadu.com with LMTPS
	id qYfwGxIj/mM6xwAAbAwnHQ
	(envelope-from <guix-patches-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Tue, 28 Feb 2023 16:51:46 +0100
Received: from aspmx1.migadu.com ([2001:41d0:2:bcc0::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by mp11.migadu.com with LMTPS
	id KCJtGxIj/mMPWwEA9RJhRA
	(envelope-from <guix-patches-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Tue, 28 Feb 2023 16:51:46 +0100
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by aspmx1.migadu.com (Postfix) with ESMTPS id 2FBAEC547
	for <larch@yhetil.org>; Tue, 28 Feb 2023 16:51:46 +0100 (CET)
Authentication-Results: aspmx1.migadu.com;
	dkim=none;
	spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org";
	dmarc=none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org;
	s=key1; t=1677599506;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:resent-cc:resent-from:resent-sender:
	 resent-message-id:in-reply-to:in-reply-to:references:references:
	 list-id:list-help:list-unsubscribe:list-subscribe:list-post;
	bh=7oHPZDk0isfkUcOPTbnqUNuNS1Mx+6WEhtmHOw+u900=;
	b=H+ZNbJYN3LfIszGMq1dGRYi90JnNZ0FVVB+onc3oeg83OaUG4riGVpJomqyQJWYXjG1w8e
	+C/yUvMWTA43Xv/G42hJMSwgqYwhdKUov4zLova5xmuDFDDOveuFLbxgwbytI9YDSDgYL5
	XLBWtZUCFMXBk+1Xf9XNB4+eHzWWB1XqurtdLeAyXaOV6ykOHEfVxVjJyDUPP1UzgK82bP
	0eeG4H+j+DwAW0WhqIIpFNGc/zn9ff3u236JzASS6zElGY6CMrnsdIZDFrwd17ZOGHNhDg
	qsqv3m9BW5fmk2gM5HhbziwriW7yXfHt7HXw1+faqpzsvaxyIMlN/AbG6+Vtcw==
ARC-Authentication-Results: i=1;
	aspmx1.migadu.com;
	dkim=none;
	spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org";
	dmarc=none
ARC-Seal: i=1; s=key1; d=yhetil.org; t=1677599506; a=rsa-sha256; cv=none;
	b=pn+I2iUuiISBC91mAH/JuuGS4hTC8axMbhIhr0XzB0n/8jjDTgL/Ght7apzs/W1mda8eSp
	P6EZehIglRBnyQBUJVju7KZ0M/poizB/QKL67twDQxRTYa5Gg4SpkE3aWUpjfTpPs2kId5
	q6MxykUUdIP+C7m4U7sCP1CisthI0BCDEHOOAgzZRugsc0ezOJjtuI51iqIIkyJ7UcTA7k
	0lxGO80xc/3aZOeLzrlDSx//9LRV2nJS+XbFn23fy1nmNtH12R/CFTQkaRXcgfvhaulnBt
	HBKF7HGnSF7DFs00ChrZKs7cQqcUcGkuoTwM+I8iG/2GlHG1Y+G+o5q4Lmh0rw==
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <guix-patches-bounces@gnu.org>)
	id 1pX2Fs-0001YY-Qz; Tue, 28 Feb 2023 10:51:04 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1pX2Fq-0001Y7-IG
 for guix-patches@gnu.org; Tue, 28 Feb 2023 10:51:03 -0500
Received: from debbugs.gnu.org ([209.51.188.43])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1pX2Fq-0005Tc-8R
 for guix-patches@gnu.org; Tue, 28 Feb 2023 10:51:02 -0500
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1pX2Fp-0003ys-JR
 for guix-patches@gnu.org; Tue, 28 Feb 2023 10:51:01 -0500
X-Loop: help-debbugs@gnu.org
Subject: [bug#61363] [PATCH 2/2] self: Apply grafts to the outputs of the guix
 derivation.
Resent-From: Christopher Baines <mail@cbaines.net>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Tue, 28 Feb 2023 15:51:01 +0000
Resent-Message-ID: <handler.61363.B61363.167759945515288@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 61363
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
Cc: 61363@debbugs.gnu.org
Received: via spool by 61363-submit@debbugs.gnu.org id=B61363.167759945515288
 (code B ref 61363); Tue, 28 Feb 2023 15:51:01 +0000
Received: (at 61363) by debbugs.gnu.org; 28 Feb 2023 15:50:55 +0000
Received: from localhost ([127.0.0.1]:51806 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1pX2Fi-0003yW-JD
 for submit@debbugs.gnu.org; Tue, 28 Feb 2023 10:50:54 -0500
Received: from mira.cbaines.net ([212.71.252.8]:42294)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <mail@cbaines.net>) id 1pX2Fg-0003yN-05
 for 61363@debbugs.gnu.org; Tue, 28 Feb 2023 10:50:52 -0500
Received: from localhost (unknown [IPv6:2a02:8010:68c1:0:54d1:d5d4:280e:f699])
 by mira.cbaines.net (Postfix) with ESMTPSA id 743DF16BBA;
 Tue, 28 Feb 2023 15:50:51 +0000 (GMT)
Received: from felis (localhost [127.0.0.1])
 by localhost (OpenSMTPD) with ESMTP id 3b7f82bd;
 Tue, 28 Feb 2023 15:50:51 +0000 (UTC)
References: <20230208075403.11788-1-mail@cbaines.net>
 <20230208075403.11788-2-mail@cbaines.net> <87sfey9i1t.fsf@gnu.org>
 <878rgpeo28.fsf@cbaines.net>
User-agent: mu4e 1.8.13; emacs 28.2
From: Christopher Baines <mail@cbaines.net>
Date: Tue, 28 Feb 2023 15:47:11 +0000
In-reply-to: <878rgpeo28.fsf@cbaines.net>
Message-ID: <871qm9aiw7.fsf@cbaines.net>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
 micalg=pgp-sha512; protocol="application/pgp-signature"
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: guix-patches@gnu.org
List-Id: <guix-patches.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guix-patches>
List-Post: <mailto:guix-patches@gnu.org>
X-Migadu-Spam-Score: -5.29
X-Spam-Score: -5.29
X-Migadu-Scanner: scn0.migadu.com
X-Migadu-Queue-Id: 2FBAEC547
List-Help: <mailto:guix-patches-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=subscribe>
Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org
Sender: guix-patches-bounces+larch=yhetil.org@gnu.org
X-Migadu-Country: US
X-Migadu-Flow: FLOW_IN
X-TUID: dWkNMVoKsLYm

--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable


Christopher Baines <mail@cbaines.net> writes:

> Ludovic Court=C3=A8s <ludo@gnu.org> writes:
>
>>   2. More importantly, manually listing packages that might require
>>      grafting looks like a slippery slope (=E2=80=9Coops! we=E2=80=99re =
not getting the
>>      GnuTLS graft for that CVE, too bad=E2=80=9D).
>>
>> I designed and implemented several variants to try and delay grafting.
>> One of them consisted in carrying graft information in gexps:
>>
>>   https://git.savannah.gnu.org/cgit/guix.git/log?h=3Dwip-gexp-grafts
>>
>> It=E2=80=99s kinda similar to what you=E2=80=99re proposing in that graf=
t information is
>> carried as far as possible.  The main difference is that it=E2=80=99s au=
tomated.
>
> That's interesting, I think that making grafting not specific to
> packages, and something where the replacement is handled at a lower
> level (e.g. gexps) would be an alternative way to handle this.
>
> Given that this approach works though, maybe the explicit-grafting
> functionality could just sit and be used inside of (guix self). Given
> that module is very explicit about what packages are used, it should be
> possible to arrange the code so it's very hard to miss a package out,
> which should address your concern about manually listing packages (maybe
> specification->package can be tweaked so that it's possible to get all
> the packages, and that can be the list considered for grafting).
>
> I don't know of any other places where this approach would be useful, so
> while it would be nice to have a more general grafting mechanism
> eventually, I'd also like to be able to make these changes to channel
> instance grafts sooner rather than later.

I've sent a v2 series which changes along the above lines. The explicit
grafting stuff just sits in (guix self), and (guix self) more
rigeriously uses it's own definition of specification->package, which
should provide some protection against missing packages out. Obviously
it's not quite as rigerous as moving the grafting functionality in to
gexps, but hopefully it's rigerous enough for now.

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQKlBAEBCgCPFiEEPonu50WOcg2XVOCyXiijOwuE9XcFAmP+IthfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDNF
ODlFRUU3NDU4RTcyMEQ5NzU0RTBCMjVFMjhBMzNCMEI4NEY1NzcRHG1haWxAY2Jh
aW5lcy5uZXQACgkQXiijOwuE9Xf2iw/8DZikf+lixwrP883zXiQT2XSlzldmnxnT
Hv0mZyZl1pPIo78jVTcgumLasEsPa9CL7pVKjwvMYSmGLIhtdsAnV0heII2G15ch
GVigOj2u74rexLjjbP1FabA244qDLFN+3BZAtwl9beqC+1B5FwLZzoHWPE/CW2/Z
WluT3F2gBr/GX+61ksRHETzm+OHnwMCawHEOkhcmTtF9yQiSW2K0NkOvI8k1n5v7
rsQIbJ5BQdzZvbwKl5Q2oQd6y7nyliZctOl+rFjZ9a9rkrTNT4LdWC+5bPhsai8m
uV8d+G0fOPgfaUvomvsxRqo9Xhi92KSFaoBwdgxMzoByuBF0U6k2QUQEyS1CwZVO
j8jTGb+qnDfRlGbitdqjERGf4Yx4XAFfpuXYqBUJJLqG9dnES5JyOT7WLhrsVdFx
wAI35UkCoopEirexXJ8gdmKFWKo3YEeRFXKme8qP+8wvFZ0jv4p7quEwBibE+8Tw
JHh7my12WxJ/YURo4DoM6h2U25kq5QUtzHVyTSdrYFIeM1kCcy0c2DllWG7nUYzW
23Kz4veoXfY7hyfuU4Bi+VWFdVxlDcZS06wItO4VUbibJ3PPcOZ7yt1cA2DLLMDs
zJgxebMvTusv/l2QLXvRJTv9/Y1h66Brs8sE4N4UQOb7Fmtom07N+u5C+MtXzcq7
re6XFrk5shU=
=afSK
-----END PGP SIGNATURE-----
--=-=-=--