From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:470:142:3::10]:52601) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jMEpu-000767-S6 for guix-patches@gnu.org; Wed, 08 Apr 2020 13:50:03 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1jMEpt-00039I-RB for guix-patches@gnu.org; Wed, 08 Apr 2020 13:50:02 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:41348) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1jMEpt-000397-NS for guix-patches@gnu.org; Wed, 08 Apr 2020 13:50:01 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1jMEpt-0004bn-M4 for guix-patches@gnu.org; Wed, 08 Apr 2020 13:50:01 -0400 Subject: bug#40115: [PATCH] download: Use correct system and guile in 'url-fetch/tarbomb' and 'url-fetch/zipbomb'. Resent-To: guix-patches@gnu.org Resent-Message-ID: From: Ludovic =?UTF-8?Q?Court=C3=A8s?= References: <87d09927hw.fsf@GlaDOS.home> Date: Wed, 08 Apr 2020 19:49:05 +0200 In-Reply-To: <87d09927hw.fsf@GlaDOS.home> (Diego Nicola Barbato's message of "Wed, 18 Mar 2020 13:05:31 +0100") Message-ID: <87blo16f72.fsf@gnu.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org Sender: "Guix-patches" To: Diego Nicola Barbato Cc: 40115-done@debbugs.gnu.org Hi Diego, Diego Nicola Barbato skribis: >>>From 85594ce40c98ac5763b8295e2358567c6920188e Mon Sep 17 00:00:00 2001 > From: Diego Nicola Barbato > Date: Mon, 16 Mar 2020 18:43:20 +0100 > Subject: [PATCH] download: Use correct system and guile in 'url-fetch/tar= bomb' > and 'url-fetch/zipbomb'. > > Previously the result of `guix build -s $system $package' would depend on= the > system Guix was built for if $package or one of its dependencies used > 'url-fetch/tarbomb' or 'url-fetch/zipbomb' as the origin method of its > source (e.g. `guix build -s i686-linux ffmpeg' on i686-linux would build a > different derivation than on x86_64-linux). > > This patch fixes this by explicitly passing the correct system and guile = to > 'gexp->derivation'. > > * guix/download.scm (url-fetch/tarbomb): Pass #:system system and > #:guile-for-build guile to 'gexp->derivation', where guile is the deriv= ation > of guile for system. > (url-fetch/zipbomb): Likewise. Good catch, pushed as c1d81df93d4b67671fc4a8e0a80c0f02c5821663! >> builds a different derivation on i686-linux than on x86_64-linux. This >> doesn't just affect ffmpeg but a whole class of packages which use or >> depend on a package that uses 'url-fetch/tarbomb' or 'url-fetch/zipbomb' >> as the origin method of its source. That's around 334 packages, among >> them diffoscope, enlightenment, gnome, ungoogled-chromium, and wine. > > The number (348 for commit 151f3d4) and full list of affected packages > can be computed by loading the attached script [0] into `guix repl' and > running `(show-affected-packages)'. Terrible that ci. has been building useless substitutes for these packages and that users of non-x86_64 platforms were not getting substitutes. Thanks a lot for the patch and detailed analysis! Ludo=E2=80=99.