From mboxrd@z Thu Jan 1 00:00:00 1970 From: ludo@gnu.org (Ludovic =?UTF-8?Q?Court=C3=A8s?=) Subject: bug#25775: Attempts to fix bootstrap Guile bug Date: Wed, 08 Mar 2017 00:02:39 +0100 Message-ID: <87efy8pu5s.fsf@gnu.org> References: <87ino4ylhi.fsf@pobox.com> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:57350) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1clO8H-0008Vn-8e for bug-guix@gnu.org; Tue, 07 Mar 2017 18:03:06 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1clO8E-0003DD-5R for bug-guix@gnu.org; Tue, 07 Mar 2017 18:03:05 -0500 Received: from debbugs.gnu.org ([208.118.235.43]:46972) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1clO8E-0003D9-2N for bug-guix@gnu.org; Tue, 07 Mar 2017 18:03:02 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1clO8D-0001ow-R5 for bug-guix@gnu.org; Tue, 07 Mar 2017 18:03:01 -0500 Sender: "Debbugs-submit" Resent-To: bug-guix@gnu.org Resent-Message-ID: In-Reply-To: <87ino4ylhi.fsf@pobox.com> (Andy Wingo's message of "Tue, 21 Feb 2017 09:52:09 +0100") List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org Sender: "bug-Guix" To: Andy Wingo Cc: 25775-done@debbugs.gnu.org --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hello, Thanks Andy & Ricardo for the detailed explanations! Andy Wingo skribis: > It seems that this bug is related to the introduction of > url-fetch/reset-patch-level. It takes a #:guile kwarg but defaults to > #f; if not given #:guile, that #f propagates through instead of a > package object. Nasty. To reproduce the problem reported here, one can: 1. Revert the =E2=80=9Cband-aid commit=E2=80=9D 9f05908fb1e3707cae593d94688748294717a546. 2. Change download.scm to force it to behave as when talking to an old daemon. This gives this: --=-=-= Content-Type: text/x-patch Content-Disposition: inline diff --git a/guix/download.scm b/guix/download.scm index 86f859881..811abe27b 100644 --- a/guix/download.scm +++ b/guix/download.scm @@ -418,10 +418,7 @@ GnuTLS itself and its dependencies. See ." ;; hash of the expected result. #:verify-certificate? #f))))) - (mlet %store-monad ((guile (package->derivation - (or guile - (@@ (gnu packages bootstrap) %bootstrap-guile)) - system))) + (mlet %store-monad ((guile (package->derivation guile system))) (gexp->derivation file-name builder #:guile-for-build guile #:system system @@ -472,7 +469,7 @@ in the store." (and uri (memq (uri-scheme uri) '(#f file)))) (interned-file (if uri (uri-path uri) url) (or name file-name)) - (mlet* %store-monad ((builtins (built-in-builders*)) + (mlet* %store-monad ((builtins -> '()) (download -> (if (member "download" builtins) built-in-download in-band-download))) --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Then run something like: guix gc -d /gnu/store/*-bash-4.4.tar.xz ./pre-inst-env guix build bash -S --no-substitutes ~~~~~~ To mirror what =E2=80=98url-fetch=E2=80=99 does, we should change the defau= lt value of #:guile here: --=-=-= Content-Type: text/x-patch Content-Disposition: inline diff --git a/gnu/packages/bash.scm b/gnu/packages/bash.scm index c3b94391e..b4d0b6777 100644 --- a/gnu/packages/bash.scm +++ b/gnu/packages/bash.scm @@ -243,7 +243,8 @@ without modification.") (define* (url-fetch/reset-patch-level url hash-algo hash #:optional name - #:key (system (%current-system)) guile) + #:key (system (%current-system)) + (guile (default-guile))) "Fetch the Bash patch from URL and reset its 'PATCHLEVEL' definition so it can apply to a patch-level 0 Bash." (mlet* %store-monad ((name -> (or name (basename url))) --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable However that leads to a stack overflow unless we patch =E2=80=98bootstrap-origin=E2=80=99 the way Andy suggests (which is not desi= rable IMO). So, instead, we can simply force the use of the bootstrap Guile for these derivations, which doesn=E2=80=99t make any difference functionally: --=-=-= Content-Type: text/x-patch Content-Disposition: inline --- a/gnu/packages/bash.scm +++ b/gnu/packages/bash.scm @@ -21,6 +21,7 @@ (define-module (gnu packages bash) #:use-module (guix licenses) #:use-module (gnu packages) + #:use-module (gnu packages bootstrap) #:use-module (gnu packages ncurses) #:use-module (gnu packages readline) #:use-module (gnu packages bison) @@ -243,14 +244,17 @@ without modification.") (define* (url-fetch/reset-patch-level url hash-algo hash #:optional name - #:key (system (%current-system)) guile) + #:key (system (%current-system))) "Fetch the Bash patch from URL and reset its 'PATCHLEVEL' definition so it can apply to a patch-level 0 Bash." + ;; Note: Forcefully use %BOOTSTRAP-GUILE here to work around bootstrapping + ;; issues when using a daemon that lacks the "download" built-in. See + ;; . (mlet* %store-monad ((name -> (or name (basename url))) (patch (url-fetch url hash-algo hash (string-append name ".orig") #:system system - #:guile guile))) + #:guile %bootstrap-guile))) (gexp->derivation name (with-imported-modules '((guix build utils)) #~(begin @@ -259,7 +263,6 @@ can apply to a patch-level 0 Bash." (substitute* #$output (("PATCHLEVEL [0-6]+") "PATCHLEVEL 0")))) - #:guile-for-build guile #:system system))) (define bash/fixed ;CVE-2017-5932 (RCE with completion) --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable And it does the job. Pushed as 6c5b56f9fa01b7fe9034bac47b20e08a2fdb2629. Let me know if there are still fishy things! Ludo=E2=80=99. --=-=-=--