From mboxrd@z Thu Jan 1 00:00:00 1970 From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=) Subject: Grafts Date: Mon, 13 Oct 2014 09:10:37 +0200 Message-ID: <87a950igwi.fsf@gnu.org> Mime-Version: 1.0 Content-Type: multipart/signed; boundary="==-=-="; micalg=pgp-sha1; protocol="application/pgp-signature" Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:49784) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XdZmA-0004hL-GH for guix-devel@gnu.org; Mon, 13 Oct 2014 03:10:43 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1XdZm5-0001Ly-Pj for guix-devel@gnu.org; Mon, 13 Oct 2014 03:10:38 -0400 Received: from hera.aquilenet.fr ([2a01:474::1]:56766) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XdZm5-0001Li-4E for guix-devel@gnu.org; Mon, 13 Oct 2014 03:10:33 -0400 Received: from localhost (localhost [127.0.0.1]) by hera.aquilenet.fr (Postfix) with ESMTP id D7CB33D80 for ; Mon, 13 Oct 2014 09:10:31 +0200 (CEST) Received: from hera.aquilenet.fr ([127.0.0.1]) by localhost (hera.aquilenet.fr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vibooayrcJck for ; Mon, 13 Oct 2014 09:10:31 +0200 (CEST) Received: from pluto (pluto.bordeaux.inria.fr [193.50.110.57]) by hera.aquilenet.fr (Postfix) with ESMTPSA id 935593C48 for ; Mon, 13 Oct 2014 09:10:31 +0200 (CEST) List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org To: Guix-devel --==-=-= Content-Type: multipart/mixed; boundary="=-=-=" --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hello, I pushed =E2=80=98wip-grafts=E2=80=99, a branch that implements =E2=80=9Cgr= afts.=E2=80=9D Normally security updates deep in the DAG, such as an update of Bash or libc, cause a rebuild of everything, which can some time, as we=E2=80=99ve = seen lately. The idea of grafts is to graft the fixed package on any packages users may want to install. So, suppose there=E2=80=99s a libc fix; when installi= ng IceCat, you=E2=80=99ll just be starting from the (pre-built) IceCat, and an additional derivation will patch the files in it to replace references to the old libc with references to the fixed libc (in practice this only works if the file name of the old and fixed libc have the same length.) =E2=80=98wip-grafts=E2=80=99 adds a =E2=80=98graft=E2=80=99 field to packag= e records. In the example above, we=E2=80=99d just add a =E2=80=98graft=E2=80=99 field to glibc, poin= ting to the fixed glibc, and the graft would just be automagically applied. The branch has an example of that with Bash: --=-=-= Content-Type: text/x-patch Content-Disposition: inline Content-Transfer-Encoding: quoted-printable =2D-- a/gnu/packages/bash.scm +++ b/gnu/packages/bash.scm @@ -185,7 +185,13 @@ allows command-line editing, unlimited command history= , shell functions and aliases, and job control while still allowing most sh scripts to be run without modification.") (license gpl3+) =2D (home-page "http://www.gnu.org/software/bash/")))) + (home-page "http://www.gnu.org/software/bash/") + (graft bash-fixed)))) + +(define bash-fixed ;FIXME: Use something re= al. + (package (inherit bash) + (version "4.3.42") + (graft #f))) =20 (define-public bash-light ;; A stripped-down Bash for non-interactive use. @@ -210,4 +216,5 @@ without modification.") =20 ,@(if (%current-target-system) '("bash_cv_job_control_missing=3Dno") =2D '())))))))) + '())))))) + (graft #f))) --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable The implementation looks for =E2=80=98graft=E2=80=99 fields in all the tran= sitive inputs of the package being built. Currently it works but needs more testing and documentation. There are also performance issues that need to be worked out. Comments welcome! The general idea was implemented by Shea Levy in Nixpkgs=C2=B9, and also suggested by Mark Weaver on IRC, who helped refine how things should work in Guix=E2=80=93thanks! Ludo=E2=80=99. =C2=B9 https://github.com/NixOS/nixpkgs/commit/d1662d715514e6ef9d3dc29f132f= 1b3d8e608a18 --=-=-=-- --==-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBAgAGBQJUO3rxAAoJEAkLEZk9muu1k+wP/2Dpg0GQg3O8qc13oJHaRFfG 4zkNuhKLsHE/i327nZcDY0NybcHcd7z9qJd6MseHwGx9aysKAsull1+Ye3ZtshWH rQUfOKE/sCh0M9BVTiPRYb6CKiCm4L6l0uegR3vsyg6B3ieVPtX1e+dCDOEPlBfe YX/++tjavDKj0vFMwjhSgrhL2qkFVteutTIDsolNGCoZH4FQZXFOdh8yyMsafBEV 5VYmBjXKQLpSdQfXr8+7RA6YPW8myHN+f9Vs6fNdkTQNI7xmGfwx2Yff/AnG4ywJ a50iY3eacRWeyewVe/EG5VuONBOLEOOl9yo915Q6t4blRl8qZlGXOR6ZOv2UtXhf PYPQrSb1GL5YkHppDow2nLLgRj+l6ksDLaxi6bl3CKZDXTylpeT+iJM1b6Uwxj0Z aym1oLB7BCrxolmt2Eq2bMexWQN0YfX4B+kGnKIM33JVDhzc94lYEGXR6lBQcGEb Ttu9Ujn5WgKC3qU8ESHIjqjpdWcHwfwJxRRDBNIz49JO9DccQPlPxSXqeZkTdnXN OXXu77BDCDfTgRnb2LdcrxZrqPcxZ7JafdjIDTtKVfo+U9saDzjU0oPXxa36H/M6 HE+yUQX8w1O2Gf1j93guaN0dx8LPFsxIn2B3oOsQSITPOiiSPjNerDmBwgFq331s UApS9T/zOqdNYxlGWpt1 =BxYT -----END PGP SIGNATURE----- --==-=-=--