From: Mark H Weaver <mhw@netris.org>
To: "Ludovic Courtès" <ludo@gnu.org>
Cc: 27429@debbugs.gnu.org
Subject: bug#27429: Stack clash (CVE-2017-1000366 etc)
Date: Mon, 26 Jun 2017 07:19:12 -0400 [thread overview]
Message-ID: <878tkfm1xr.fsf@netris.org> (raw)
In-Reply-To: <87mv8v6t01.fsf@gnu.org> ("Ludovic \=\?utf-8\?Q\?Court\=C3\=A8s\=22'\?\= \=\?utf-8\?Q\?s\?\= message of "Mon, 26 Jun 2017 10:41:18 +0200")
Hi Ludovic,
ludo@gnu.org (Ludovic Courtès) writes:
> Mark H Weaver <mhw@netris.org> skribis:
>
>> I tried to copy the .drv files for the grafted 'glibc-final' and
>> 'glibc-final-with-bootstrap-bash' from my machine to Hydra, in order to
>> ask Hydra to build it, but both "guix copy" and "guix archive --export"
>> failed:
>>
>> mhw@jojen ~$ guix copy --to=hydra@hydra
>> /gnu/store/17gcwll4a2y3cjk8jf3fg2gr105m9f4i-glibc-2.25.drv
>> /gnu/store/78j5arbcgjfbj0m91fn6p5s71kz7w2yw-glibc-2.25.drv
>> sending 11 store items to 'localhost'...
>> guix copy: error: corrupt input while restoring archive from #<closed: file 231bbd0>
>> mhw@jojen ~$ guix archive --export
>> /gnu/store/17gcwll4a2y3cjk8jf3fg2gr105m9f4i-glibc-2.25.drv
>> /gnu/store/78j5arbcgjfbj0m91fn6p5s71kz7w2yw-glibc-2.25.drv >
>> GRAFTED-GLIBC-DRVS.nar
>> guix archive: error: corrupt input while restoring archive from #<closed: file 17e9d20>
>
> Apparently they got built at some point.
Yes, I ran "guix pull" for user mhw on Hydra, and then asked it to build
a grafted 'hello' for all three hydra-supported platforms. This
entailed building a grafted 'glibc-final' as well as 'perl' and 'expat'.
I then ran:
guix challenge --substitute-urls=https://hydra.gnu.org /gnu/store/...
to generate narinfo requests for the relevant outputs, on the theory
that this would cause guix-publish to build NARs. (Am I right?)
> As for the problems above: error reporting in ‘guix copy’ is suboptimal
> (help welcome!), and the ‘guix archive --export’ problem looks like a
> bug; could you report it?
Sure.
>> I'm concerned that i686 and armhf users are going to have a rude
>> awakening when they not only have to build two variants of glibc, but
>> also a bunch of the early bootstrap because the NARs are not available
>> on Hydra. It would be good if someone could take care of that.
>
> Doing:
>
> $ ./pre-inst-env guix build -e '(begin (use-modules (guix)) (package-replacement (@@ (gnu packages commencement) glibc-final)))' -s i686-linux --log-file --no-grafts
> https://mirror.hydra.gnu.org/log/ivvdx2m0p6gnmcxmz355z106ffqg9p25-glibc-2.25.drv
>
>
> I see that glibc fails to build on i686 (but I think you’ve just fixed
> it?):
Yes, I fixed the i686 problem in commit
ffc015bea26f24d862e7e877d907fbe1ab9a9967. FYI, this problem was
reported as a separate bug, which is now closed:
https://bugs.gnu.org/27489
Thanks,
Mark
next prev parent reply other threads:[~2017-06-26 11:20 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-06-19 22:25 bug#27429: Stack clash (CVE-2017-1000366 etc) Leo Famulari
2017-06-19 23:05 ` Leo Famulari
2017-06-20 0:42 ` Leo Famulari
2017-06-20 0:49 ` Leo Famulari
2017-06-20 7:18 ` Efraim Flashner
2017-06-20 13:16 ` Leo Famulari
2017-06-20 21:44 ` Mark H Weaver
2017-06-21 8:41 ` Efraim Flashner
2017-06-21 9:50 ` Efraim Flashner
2017-06-21 23:52 ` Leo Famulari
2017-06-22 0:03 ` Leo Famulari
2017-06-22 6:44 ` Mark H Weaver
2017-06-22 16:17 ` Leo Famulari
2017-06-22 18:34 ` Leo Famulari
2017-06-22 19:25 ` Leo Famulari
2017-06-29 10:58 ` Ludovic Courtès
2017-06-29 15:49 ` Mark H Weaver
2017-06-29 20:06 ` Ludovic Courtès
2017-06-29 21:03 ` bug#27429: core-updates and shishi [was Re: bug#27429: Stack clash (CVE-2017-1000366 etc)] Leo Famulari
2017-06-29 22:27 ` Ludovic Courtès
2017-06-30 6:47 ` Leo Famulari
2017-06-30 12:59 ` Ludovic Courtès
2017-06-23 17:20 ` bug#27429: Stack clash (CVE-2017-1000366 etc) Leo Famulari
2017-06-23 18:36 ` Mark H Weaver
2017-06-23 18:54 ` Leo Famulari
2017-06-23 20:03 ` Mark H Weaver
2017-06-24 7:11 ` Mark H Weaver
2017-06-26 8:41 ` Ludovic Courtès
2017-06-26 11:19 ` Mark H Weaver [this message]
2017-06-27 13:57 ` Ludovic Courtès
2017-06-28 21:55 ` Leo Famulari
2017-06-20 3:31 ` Mark H Weaver
2017-06-25 9:38 ` bug#27429: Stack clash (CVE-2017-1000366 etc); -fstack-check Danny Milosavljevic
2017-06-25 10:41 ` Marius Bakke
2017-06-25 13:19 ` Leo Famulari
2017-07-20 15:54 ` bug#27429: Stack clash (CVE-2017-1000366 etc) Ludovic Courtès
2017-07-20 19:13 ` Leo Famulari
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=878tkfm1xr.fsf@netris.org \
--to=mhw@netris.org \
--cc=27429@debbugs.gnu.org \
--cc=ludo@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.