From: Diego Nicola Barbato <dnbarbato@posteo.de>
To: 40115@debbugs.gnu.org
Subject: [bug#40115] [PATCH] download: Use correct system and guile in 'url-fetch/tarbomb' and 'url-fetch/zipbomb'.
Date: Wed, 18 Mar 2020 13:05:31 +0100 [thread overview]
Message-ID: <87d09927hw.fsf@GlaDOS.home> (raw)
[-- Attachment #1: Type: text/plain, Size: 803 bytes --]
Hi Guix,
The attached patch fixes a bug where e.g.
guix build -s i686-linux ffmpeg
builds a different derivation on i686-linux than on x86_64-linux. This
doesn't just affect ffmpeg but a whole class of packages which use or
depend on a package that uses 'url-fetch/tarbomb' or 'url-fetch/zipbomb'
as the origin method of its source. That's around 334 packages, among
them diffoscope, enlightenment, gnome, ungoogled-chromium, and wine.
The problem is fixed by explicitly passing the correct #:system and
#:guile-for-build to 'gexp->derivation' (as is done in other origin
methods such as 'git-fetch' or 'hg-fetch').
This shouldn't trigger any rebuils as it only affects the behaviour of
`guix build -s $system $package' if $system differs from the system type
of Guix itself.
Regards,
Diego
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: 0001-download-Use-correct-system-and-guile-in-url-fetch-t.patch --]
[-- Type: text/x-patch, Size: 3237 bytes --]
From 85594ce40c98ac5763b8295e2358567c6920188e Mon Sep 17 00:00:00 2001
From: Diego Nicola Barbato <dnbarbato@posteo.de>
Date: Mon, 16 Mar 2020 18:43:20 +0100
Subject: [PATCH] download: Use correct system and guile in 'url-fetch/tarbomb'
and 'url-fetch/zipbomb'.
Previously the result of `guix build -s $system $package' would depend on the
system Guix was built for if $package or one of its dependencies used
'url-fetch/tarbomb' or 'url-fetch/zipbomb' as the origin method of its
source (e.g. `guix build -s i686-linux ffmpeg' on i686-linux would build a
different derivation than on x86_64-linux).
This patch fixes this by explicitly passing the correct system and guile to
'gexp->derivation'.
* guix/download.scm (url-fetch/tarbomb): Pass #:system system and
#:guile-for-build guile to 'gexp->derivation', where guile is the derivation
of guile for system.
(url-fetch/zipbomb): Likewise.
---
guix/download.scm | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/guix/download.scm b/guix/download.scm
index 91a2b4ce5f..c3dc5a208c 100644
--- a/guix/download.scm
+++ b/guix/download.scm
@@ -531,7 +531,8 @@ own. This helper makes it easier to deal with \"tar bombs\"."
(string-append "tarbomb-"
(or name file-name))
#:system system
- #:guile guile)))
+ #:guile guile))
+ (guile (package->derivation guile system)))
;; Take the tar bomb, and simply unpack it as a directory.
;; Use ungrafted tar/gzip so that the resulting tarball doesn't depend on
;; whether grafts are enabled.
@@ -544,6 +545,8 @@ own. This helper makes it easier to deal with \"tar bombs\"."
(chdir #$output)
(invoke (string-append #$tar "/bin/tar")
"xf" #$drv)))
+ #:system system
+ #:guile-for-build guile
#:graft? #f
#:local-build? #t)))
@@ -566,7 +569,8 @@ own. This helper makes it easier to deal with \"zip bombs\"."
(string-append "zipbomb-"
(or name file-name))
#:system system
- #:guile guile)))
+ #:guile guile))
+ (guile (package->derivation guile system)))
;; Take the zip bomb, and simply unpack it as a directory.
;; Use ungrafted unzip so that the resulting tarball doesn't depend on
;; whether grafts are enabled.
@@ -578,6 +582,8 @@ own. This helper makes it easier to deal with \"zip bombs\"."
(chdir #$output)
(invoke (string-append #$unzip "/bin/unzip")
#$drv)))
+ #:system system
+ #:guile-for-build guile
#:graft? #f
#:local-build? #t)))
--
2.25.1
next reply other threads:[~2020-03-18 12:06 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-03-18 12:05 Diego Nicola Barbato [this message]
2020-03-30 20:11 ` [bug#40115] [PATCH] download: Use correct system and guile in 'url-fetch/tarbomb' and 'url-fetch/zipbomb' Diego Nicola Barbato
2020-04-08 17:49 ` bug#40115: " Ludovic Courtès
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87d09927hw.fsf@GlaDOS.home \
--to=dnbarbato@posteo.de \
--cc=40115@debbugs.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.