From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp12.migadu.com ([2001:41d0:2:c151::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms9.migadu.com with LMTPS id QECEMvuzPWTucgEASxT56A (envelope-from ) for ; Mon, 17 Apr 2023 23:02:51 +0200 Received: from aspmx2.migadu.com ([2001:41d0:2:c151::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp12.migadu.com with LMTPS id mD2JMvuzPWTFMgAAauVa8A (envelope-from ) for ; Mon, 17 Apr 2023 23:02:51 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx2.migadu.com (Postfix) with ESMTPS id 85D2C2A727 for ; Mon, 17 Apr 2023 23:02:51 +0200 (CEST) Authentication-Results: aspmx2.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx2.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1681765371; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type:resent-cc:resent-from:resent-sender: resent-message-id:in-reply-to:in-reply-to:references:references: list-id:list-help:list-unsubscribe:list-subscribe:list-post; bh=d/WiObvUqm/hgO9kBkH+ko3myxPZVXaD2PcSFbgh4cY=; b=ZKKgTRaCEDN5XKbxqPMYfnvMgmDaOFZlp1gwMTWqNuogMuWXIltLMZJ9Z4+NDiMEJbXe4X AdnEHvu0G1AuCcm9KSnVWQ51xj6BRIeVeeSCnGTufqvSvV7UP8GTd8QxAx23J3HvVyc/8v vmWitxCVi9VtJixO7viJ2MrEc/m71/Mlrrkevo538C+xXMXHYloLhONT2kVWCA+xo1vxDE Ugm/wHIMn8nep0p7t0aBSlV00Xr13OyiT9svmaOGoHOhSV2lnE+iwM34Pu0Ub8aQKC0AiO oZjyzDzgkrje8Gq+73LiqfI6ylbI2iNZaNTHZ8L0upJGNGkYemq8r3qVBYzVow== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1681765371; a=rsa-sha256; cv=none; b=sWb3HBGCIc5L9SrnKwgHszRYIZEOTJItjU/efrPv3+5gf8LLdSU3WztN/cUAr0VIN7TyZI TKENWIhXfAozaVVA3DOm6ysOVkRlahXmcJ+Xm4xIMMEZevk8f3Lyfd9HW5nNCHqt+fD2Bw D2yEi+xJ125tJTQ4i1GsHBZaQ5BnfSmVKAQgNKhTzOIzqjKtV0j6gDCUvZVeWar1mvmCZ8 6hvQc1htueaxEkIQw8bU0gZ2zLq0hPOyKG3pWWueThtR7H4AScuyEScUyX420x22o9B3G7 iF5/iPtin0QYfoqe1U3Cfg35a6o8UGYEHGtd938qV/+WbgHXuoH4R0QBtDHPYg== ARC-Authentication-Results: i=1; aspmx2.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx2.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1poQSa-0000vt-70; Mon, 17 Apr 2023 11:08:04 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1poQSY-0000vl-Pu for guix-patches@gnu.org; Mon, 17 Apr 2023 11:08:02 -0400 Received: from debbugs.gnu.org ([209.51.188.43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1poQSY-0000Hl-Hy for guix-patches@gnu.org; Mon, 17 Apr 2023 11:08:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1poQSY-0000h1-0F for guix-patches@gnu.org; Mon, 17 Apr 2023 11:08:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#61363] [PATCH 2/2] self: Apply grafts to the outputs of the guix derivation. Resent-From: Christopher Baines Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Mon, 17 Apr 2023 15:08:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 61363 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 61363@debbugs.gnu.org Received: via spool by 61363-submit@debbugs.gnu.org id=B61363.16817440552627 (code B ref 61363); Mon, 17 Apr 2023 15:08:01 +0000 Received: (at 61363) by debbugs.gnu.org; 17 Apr 2023 15:07:35 +0000 Received: from localhost ([127.0.0.1]:55784 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1poQS7-0000gI-1O for submit@debbugs.gnu.org; Mon, 17 Apr 2023 11:07:35 -0400 Received: from mira.cbaines.net ([212.71.252.8]:42480) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1poQS5-0000gA-72 for 61363@debbugs.gnu.org; Mon, 17 Apr 2023 11:07:33 -0400 Received: from localhost (unknown [IPv6:2a02:8010:68c1:0:54d1:d5d4:280e:f699]) by mira.cbaines.net (Postfix) with ESMTPSA id 2CFFC17923 for <61363@debbugs.gnu.org>; Mon, 17 Apr 2023 16:07:32 +0100 (BST) Received: from felis (localhost [127.0.0.1]) by localhost (OpenSMTPD) with ESMTP id bf600664 for <61363@debbugs.gnu.org>; Mon, 17 Apr 2023 15:07:31 +0000 (UTC) References: <20230208075403.11788-1-mail@cbaines.net> <20230208075403.11788-2-mail@cbaines.net> <87sfey9i1t.fsf@gnu.org> <878rgpeo28.fsf@cbaines.net> <871qm9aiw7.fsf@cbaines.net> User-agent: mu4e 1.8.13; emacs 28.2 From: Christopher Baines Date: Mon, 17 Apr 2023 16:06:16 +0100 In-reply-to: <871qm9aiw7.fsf@cbaines.net> Message-ID: <87bkjmfsy5.fsf@cbaines.net> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: guix-patches-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US X-Migadu-Spam-Score: -5.61 X-Spam-Score: -5.61 X-Migadu-Queue-Id: 85D2C2A727 X-Migadu-Scanner: scn0.migadu.com X-TUID: DGEApEE6K2kT --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Christopher Baines writes: > [[PGP Signed Part:Undecided]] > > Christopher Baines writes: > >> Ludovic Court=C3=A8s writes: >> >>> 2. More importantly, manually listing packages that might require >>> grafting looks like a slippery slope (=E2=80=9Coops! we=E2=80=99re= not getting the >>> GnuTLS graft for that CVE, too bad=E2=80=9D). >>> >>> I designed and implemented several variants to try and delay grafting. >>> One of them consisted in carrying graft information in gexps: >>> >>> https://git.savannah.gnu.org/cgit/guix.git/log?h=3Dwip-gexp-grafts >>> >>> It=E2=80=99s kinda similar to what you=E2=80=99re proposing in that gra= ft information is >>> carried as far as possible. The main difference is that it=E2=80=99s a= utomated. >> >> That's interesting, I think that making grafting not specific to >> packages, and something where the replacement is handled at a lower >> level (e.g. gexps) would be an alternative way to handle this. >> >> Given that this approach works though, maybe the explicit-grafting >> functionality could just sit and be used inside of (guix self). Given >> that module is very explicit about what packages are used, it should be >> possible to arrange the code so it's very hard to miss a package out, >> which should address your concern about manually listing packages (maybe >> specification->package can be tweaked so that it's possible to get all >> the packages, and that can be the list considered for grafting). >> >> I don't know of any other places where this approach would be useful, so >> while it would be nice to have a more general grafting mechanism >> eventually, I'd also like to be able to make these changes to channel >> instance grafts sooner rather than later. > > I've sent a v2 series which changes along the above lines. The explicit > grafting stuff just sits in (guix self), and (guix self) more > rigeriously uses it's own definition of specification->package, which > should provide some protection against missing packages out. Obviously > it's not quite as rigerous as moving the grafting functionality in to > gexps, but hopefully it's rigerous enough for now. This has stalled a bit, but it would be good to try and get things merged. I've gone ahead and pushed the first two patches in the series I last sent, these just make minor changes to prepare for the functional change here. I've also resent that patch as as v3. --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQKlBAEBCgCPFiEEPonu50WOcg2XVOCyXiijOwuE9XcFAmQ9YLJfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDNF ODlFRUU3NDU4RTcyMEQ5NzU0RTBCMjVFMjhBMzNCMEI4NEY1NzcRHG1haWxAY2Jh aW5lcy5uZXQACgkQXiijOwuE9Xcl8BAAm4rgvPrHIUH95Ip/HYbEafd0LmxShmR2 Wo7T1NXRkriwnp7S4PZ7xMALF8ztK5ggzZBvWrHdRo52GiEWen9nxyj7a6/PMZ5y IdWgjqJGLn4KNXo5E4FPEJ2ahgLtXwWcfF97sI8n4JSrrRB3B7cGO/0++P2I6ZsB kOd1/cKQTKvn+I35umZijhGUNbgewv0T5m5Cj0CW9wQPUyYSj1LKsp0SmMbz36Uk kVWtRE1rHbjqqMDqckbsqt8T2C4hagzkZXoRlKLvT2PJoQg8pjdoRMiEdzmz7WOU BNUVN8ATuLUTQaYqu349YeYrcmJWBgLNnw6FKaFhbqrhy3TfUcuZ6a8KavyF6riN 4LXpfFZOz05J9l+VExd6d+jWzfn8YX5Hnvj1WNOOuNbZngLstpM2prMXbJr3Lfv7 pdrpOULYcE8sBIAQfUMH7Gs9Ca7ktyW/GSsaq2wdYdNKkT3uWqIkpnuae+u3tAZL sOlRQ5qAsgc78AAcjscWxuhbvDjQ/ghtbLT4coIJ3S9Yk48bWkNzrZ6pTXZd8Fen cHlY2pzQgObFbBamZdsV+xLFlMOHbt87IXP/WqwsGLKKCjQ8P4I7FPvuegZy2l5j LNNmHsJKck4++Mr5HNH626jUKdgo0H9d5JjaF2mBahFlFUHj266SBuzVwnSsgtWI YzNQZs7oCI0= =1IL7 -----END PGP SIGNATURE----- --=-=-=--