Re: Writing recipe for Crypto++, and getting build errors

[ludo@gnu.org (Ludovic Courtès)]

[-- Attachment #1: Type: text/plain, Size: 887 bytes --]

Hello!

Adonay Felipe Nogueira <adfeno@openmailbox.org> skribis:

> Archive:  /gnu/store/52v106n4y88myk2c8nykymfidq6080ws-cryptopp-5.6.4.zip
>   inflating: 3way.cpp                
>   inflating: 3way.h                  

[...]

>    ?: 0 [chdir "3way.cpp"]
>
> ERROR: In procedure chdir:
> ERROR: In procedure chdir: Not a directory

The problem here is that this .zip file is a “tar bomb”, meaning that it
unpacks everything in the current directory, which the apply-snippet
logic isn’t prepared to deal with.

The way we’ve addressed it in the past is by using the
‘url-fetch/tarbomb’ procedure defined in (guix download).  That method
is currently limited to tarballs, so we’d need a variant that deals with
zip files (see patch below).

If ‘url-fetch/zipbomb’ from the patch below works for you, I’ll apply
it.

Thanks!

Ludo’.


[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: Type: text/x-patch, Size: 1778 bytes --]

diff --git a/guix/download.scm b/guix/download.scm
index 649e96b..7f82ff2 100644
--- a/guix/download.scm
+++ b/guix/download.scm
@@ -35,6 +35,7 @@
   #:export (%mirrors
             url-fetch
             url-fetch/tarbomb
+            url-fetch/zipbomb
             download-to-store))
 
 ;;; Commentary:
@@ -427,6 +428,28 @@ own.  This helper makes it easier to deal with \"tar bombs\"."
                                           "xf" #$drv)))
                       #:local-build? #t)))
 
+(define* (url-fetch/zipbomb url hash-algo hash
+                            #:optional name
+                            #:key (system (%current-system))
+                            (guile (default-guile)))
+  "Similar to 'url-fetch' but unpack the zip file at URL in a directory of its
+own.  This helper makes it easier to deal with \"zip bombs\"."
+  (define unzip
+    (module-ref (resolve-interface '(gnu packages zip)) 'unzip))
+
+  (mlet %store-monad ((drv (url-fetch url hash-algo hash
+                                      (string-append "tarbomb-" name)
+                                      #:system system
+                                      #:guile guile)))
+    ;; Take the zip bomb, and simply unpack it as a directory.
+    (gexp->derivation name
+                      #~(begin
+                          (mkdir #$output)
+                          (chdir #$output)
+                          (zero? (system* (string-append #$unzip "/bin/unzip")
+                                          #$drv)))
+                      #:local-build? #t)))
+
 (define* (download-to-store store url #:optional (name (basename url))
                             #:key (log (current-error-port)) recursive?)
   "Download from URL to STORE, either under NAME or URL's basename if