From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0 ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id +8beKWlYU2A5VAAA0tVLHw (envelope-from ) for ; Thu, 18 Mar 2021 13:40:57 +0000 Received: from aspmx1.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0 with LMTPS id QFonJWlYU2CdFwAA1q6Kng (envelope-from ) for ; Thu, 18 Mar 2021 13:40:57 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id D4BB218485 for ; Thu, 18 Mar 2021 14:40:56 +0100 (CET) Received: from localhost ([::1]:59150 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lMstT-00038J-V3 for larch@yhetil.org; Thu, 18 Mar 2021 09:40:55 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:45186) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lMsre-00020b-4c for bug-guix@gnu.org; Thu, 18 Mar 2021 09:39:02 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:33862) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1lMsrd-0008Vp-Re for bug-guix@gnu.org; Thu, 18 Mar 2021 09:39:01 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1lMsrd-0001sO-Ml for bug-guix@gnu.org; Thu, 18 Mar 2021 09:39:01 -0400 X-Loop: help-debbugs@gnu.org Subject: bug#47228: Check binary consistency after grafting with e.g. ldd Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Thu, 18 Mar 2021 13:39:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 47228 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: =?UTF-8?Q?L=C3=A9o?= Le Bouter Received: via spool by 47228-submit@debbugs.gnu.org id=B47228.16160747097146 (code B ref 47228); Thu, 18 Mar 2021 13:39:01 +0000 Received: (at 47228) by debbugs.gnu.org; 18 Mar 2021 13:38:29 +0000 Received: from localhost ([127.0.0.1]:45405 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lMsr6-0001rA-6c for submit@debbugs.gnu.org; Thu, 18 Mar 2021 09:38:29 -0400 Received: from eggs.gnu.org ([209.51.188.92]:52026) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lMsr4-0001qx-Kc for 47228@debbugs.gnu.org; Thu, 18 Mar 2021 09:38:27 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:55036) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lMsqy-00085v-RC; Thu, 18 Mar 2021 09:38:20 -0400 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=53186 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1lMsqw-00086f-Ei; Thu, 18 Mar 2021 09:38:19 -0400 From: Ludovic =?UTF-8?Q?Court=C3=A8s?= References: <22d6fde28a4646254061f56c342fb75d2a2846d9.camel@zaclys.net> Date: Thu, 18 Mar 2021 14:38:16 +0100 In-Reply-To: <22d6fde28a4646254061f56c342fb75d2a2846d9.camel@zaclys.net> ("=?UTF-8?Q?L=C3=A9o?= Le Bouter"'s message of "Thu, 18 Mar 2021 11:37:01 +0100") Message-ID: <878s6kpoon.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-guix@gnu.org List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: 47228@debbugs.gnu.org Errors-To: bug-guix-bounces+larch=yhetil.org@gnu.org Sender: "bug-Guix" X-Migadu-Flow: FLOW_IN ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1616074856; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post; bh=z/nr+HhuHFT4G0Ip75Ei8tkmbtmWidpPLmknlwirtbU=; b=TV/RKslabLsWrFSNlpsO0uS4wglTLS94OMW6Z0S9sPv+Zzg8t222k1gXOsusRd/eMSZ6ZF M6hz0JtmiYFf6b8aKQ+eVG5uY4sXtiebCCjaRMcZFKAmHjnbe9epwgMsMOT5b3g/7Rf1gg GDr8XWzizlmQ5fRcR6R+WERAQ/MAGQpBz4QEthv/c+RiyoW7172ZQaV4VVrRQ3F+BGr3IU 0qxh4wS6vBpgfGfkXvP+bzIK6ndxFc4fpJxbD9hoFagvuvnjk4vPCiIJxAAw33+D+hhQ/i AswX+pRTHFs+r0X4jK41tGft9NqOfPuDzSofNvbI3lDyQo0m60BfPfsc4dXRCA== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1616074856; a=rsa-sha256; cv=none; b=lbE1sAhAKA2MOA27i9e2LGChNfAhRQGdqap3a2QGw4W7kZcVgqfw63HPePhPvjbROTjsYa 1TFr+GdH0K+2i45LoONcXQJ+SBRTbM7lE/FRizByt1Gw1abMWk9/JywQ0/+vGhzli4uwta vgH/7MQ5iomNSU+7WOe4PCymAYSTAxU6K4hMmfsc04ybTL08xyxn7vBldNfJ4Z3pEIfnvg J97SH86OG96Vh6QvRYe+M4BKmxXvdTZy+2+J4b3WG16i8nZ6olhgPQ96ci5pUOy/W3M4ma TdG9xOWVUIU0MWfyXtv0xkg1WV9UzKD9qOg4fHi+PtT5YVr2NfDCQkAh4iMReA== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=none; spf=pass (aspmx1.migadu.com: domain of bug-guix-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=bug-guix-bounces@gnu.org X-Migadu-Spam-Score: -2.91 Authentication-Results: aspmx1.migadu.com; dkim=none; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of bug-guix-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=bug-guix-bounces@gnu.org X-Migadu-Queue-Id: D4BB218485 X-Spam-Score: -2.91 X-Migadu-Scanner: scn0.migadu.com X-TUID: 1NZFb2HNSX3j Hi, (Cc: Leo Famulari who has been taking care of many security issues in Guix over years.) L=C3=A9o Le Bouter skribis: > We had an issue after grafting ImageMagick fixed by < > https://git.savannah.gnu.org/cgit/guix.git/commit/?id=3D2e0ff59f0cd836b15= 6f1ef2e78791d864ce3cfcd >>. > > Basically Inkscape did not work because ImageMagick's soname had been > bumped (probably for forward compat?): > > /gnu/store/g75q5v1gqi4x08qcf1ydfl9xhp4slmxy-inkscape- > 1.0.2/bin/.inkscape-real: error while loading shared libraries: > libMagickCore-6.Q16.so.6: cannot open shared object file: No such file > or directory > > It seems technically possible to automatically check for this kind of > breakage, therefore I suggest we run ldd (might actually run code from > the binary) or objdump -x (pure static analysis), so after grafting we > could check that every binary can load all it's dependents declared in > the ELF headers successfully and report errors if not? > > What do you think? I don=E2=80=99t think all the testing that needs to be done when grafting c= an be automated. In particular, packagers who want to introduce a replacement for a library should use libabigail=E2=80=99s =E2=80=98abi-diff=E2=80=99 tool to = check that the package and its replacement are ABI-compatible. It=E2=80=99s also a good i= dea to make some quick manual tests. The .so file symlinks in look very scary to me. To me, it=E2=80=99s likely to hide the ABI incompatibility issue rather than =E2=80=9Cfix=E2=80=9D it. L=C3=A9o, please make sure to submit patches for review, as noted in . Such changes do not qualify as =E2=80=9Ctrivial=E2=80=9D and we should stri= ve to get more than one pair of eyeballs on it. Leo F. has always done that, even with years of experience, and I think it=E2=80=99s been fruitful, even when that meant delaying the patch by a co= uple of days. The good thing with being a =E2=80=9Crolling release=E2=80=9D distro is tha= t we can quickly roll out fixes; the bad thing is that we can just as quickly roll out bugs. :-) Thanks, Ludo=E2=80=99.