From mboxrd@z Thu Jan 1 00:00:00 1970 From: Mark H Weaver Subject: bug#27429: Stack clash (CVE-2017-1000366 etc) Date: Mon, 26 Jun 2017 07:19:12 -0400 Message-ID: <878tkfm1xr.fsf@netris.org> References: <20170619222550.GA29289@jasmine.lan> <20170620004920.GB31586@jasmine.lan> <20170620071857.GA2768@macbook42.flashner.co.il> <87shiumj05.fsf@netris.org> <20170621084134.GA2870@macbook42.flashner.co.il> <20170621095045.GB2870@macbook42.flashner.co.il> <20170623172038.GA6052@jasmine.lan> <87mv8yh7pi.fsf@netris.org> <20170623185448.GA14284@jasmine.lan> <87bmpeh3oz.fsf@netris.org> <87y3shkggy.fsf@netris.org> <87mv8v6t01.fsf@gnu.org> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:53421) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dPS3p-0005V8-T4 for bug-guix@gnu.org; Mon, 26 Jun 2017 07:20:11 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dPS3m-0007SS-Pk for bug-guix@gnu.org; Mon, 26 Jun 2017 07:20:05 -0400 Received: from debbugs.gnu.org ([208.118.235.43]:35414) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1dPS3m-0007RO-MI for bug-guix@gnu.org; Mon, 26 Jun 2017 07:20:02 -0400 Sender: "Debbugs-submit" Resent-Message-ID: In-Reply-To: <87mv8v6t01.fsf@gnu.org> ("Ludovic \=\?utf-8\?Q\?Court\=C3\=A8s\=22'\?\= \=\?utf-8\?Q\?s\?\= message of "Mon, 26 Jun 2017 10:41:18 +0200") List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org Sender: "bug-Guix" To: Ludovic =?UTF-8?Q?Court=C3=A8s?= Cc: 27429@debbugs.gnu.org Hi Ludovic, ludo@gnu.org (Ludovic Court=C3=A8s) writes: > Mark H Weaver skribis: > >> I tried to copy the .drv files for the grafted 'glibc-final' and >> 'glibc-final-with-bootstrap-bash' from my machine to Hydra, in order to >> ask Hydra to build it, but both "guix copy" and "guix archive --export" >> failed: >> >> mhw@jojen ~$ guix copy --to=3Dhydra@hydra >> /gnu/store/17gcwll4a2y3cjk8jf3fg2gr105m9f4i-glibc-2.25.drv >> /gnu/store/78j5arbcgjfbj0m91fn6p5s71kz7w2yw-glibc-2.25.drv >> sending 11 store items to 'localhost'... >> guix copy: error: corrupt input while restoring archive from # >> mhw@jojen ~$ guix archive --export >> /gnu/store/17gcwll4a2y3cjk8jf3fg2gr105m9f4i-glibc-2.25.drv >> /gnu/store/78j5arbcgjfbj0m91fn6p5s71kz7w2yw-glibc-2.25.drv > >> GRAFTED-GLIBC-DRVS.nar >> guix archive: error: corrupt input while restoring archive from # > > Apparently they got built at some point. Yes, I ran "guix pull" for user mhw on Hydra, and then asked it to build a grafted 'hello' for all three hydra-supported platforms. This entailed building a grafted 'glibc-final' as well as 'perl' and 'expat'. I then ran: guix challenge --substitute-urls=3Dhttps://hydra.gnu.org /gnu/store/... to generate narinfo requests for the relevant outputs, on the theory that this would cause guix-publish to build NARs. (Am I right?) > As for the problems above: error reporting in =E2=80=98guix copy=E2=80=99= is suboptimal > (help welcome!), and the =E2=80=98guix archive --export=E2=80=99 problem = looks like a > bug; could you report it? Sure. >> I'm concerned that i686 and armhf users are going to have a rude >> awakening when they not only have to build two variants of glibc, but >> also a bunch of the early bootstrap because the NARs are not available >> on Hydra. It would be good if someone could take care of that. > > Doing: > > $ ./pre-inst-env guix build -e '(begin (use-modules (guix)) (package-repl= acement (@@ (gnu packages commencement) glibc-final)))' -s i686-linux --log= -file --no-grafts > https://mirror.hydra.gnu.org/log/ivvdx2m0p6gnmcxmz355z106ffqg9p25-glibc-2= .25.drv > > > I see that glibc fails to build on i686 (but I think you=E2=80=99ve just = fixed > it?): Yes, I fixed the i686 problem in commit ffc015bea26f24d862e7e877d907fbe1ab9a9967. FYI, this problem was reported as a separate bug, which is now closed: https://bugs.gnu.org/27489 Thanks, Mark