From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp12.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms0.migadu.com with LMTPS id GFNrC6RE2GGGeQAAgWs5BA (envelope-from ) for ; Fri, 07 Jan 2022 14:48:20 +0100 Received: from aspmx1.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp12.migadu.com with LMTPS id SOk5CKRE2GE4QwEAauVa8A (envelope-from ) for ; Fri, 07 Jan 2022 14:48:20 +0100 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id B1DB930F81 for ; Fri, 7 Jan 2022 14:48:19 +0100 (CET) Received: from localhost ([::1]:43500 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1n5pbO-00084X-H4 for larch@yhetil.org; Fri, 07 Jan 2022 08:48:18 -0500 Received: from eggs.gnu.org ([209.51.188.92]:51524) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1n5pb9-00083x-2h for guix-patches@gnu.org; Fri, 07 Jan 2022 08:48:03 -0500 Received: from debbugs.gnu.org ([209.51.188.43]:50453) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1n5pb7-0005Sk-Nn for guix-patches@gnu.org; Fri, 07 Jan 2022 08:48:01 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1n5pb7-0005CO-Lv for guix-patches@gnu.org; Fri, 07 Jan 2022 08:48:01 -0500 X-Loop: help-debbugs@gnu.org Subject: [bug#53063] [PATCH wip-harden-installer 00/14] General improvements to the installer Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Fri, 07 Jan 2022 13:48:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 53063 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Josselin Poiret Cc: 53063@debbugs.gnu.org Received: via spool by 53063-submit@debbugs.gnu.org id=B53063.164156326119827 (code B ref 53063); Fri, 07 Jan 2022 13:48:01 +0000 Received: (at 53063) by debbugs.gnu.org; 7 Jan 2022 13:47:41 +0000 Received: from localhost ([127.0.0.1]:43348 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1n5pam-00059g-Uz for submit@debbugs.gnu.org; Fri, 07 Jan 2022 08:47:41 -0500 Received: from hera.aquilenet.fr ([185.233.100.1]:37958) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1n5paj-000597-Qu for 53063@debbugs.gnu.org; Fri, 07 Jan 2022 08:47:38 -0500 Received: from localhost (localhost [127.0.0.1]) by hera.aquilenet.fr (Postfix) with ESMTP id 2ADAC212; Fri, 7 Jan 2022 14:47:31 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at aquilenet.fr Received: from hera.aquilenet.fr ([127.0.0.1]) by localhost (hera.aquilenet.fr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Bq0raxhkhep9; Fri, 7 Jan 2022 14:47:30 +0100 (CET) Received: from ribbon (unknown [IPv6:2001:660:6102:320:e120:2c8f:8909:cdfe]) by hera.aquilenet.fr (Postfix) with ESMTPSA id 151BF63; Fri, 7 Jan 2022 14:47:30 +0100 (CET) From: Ludovic =?UTF-8?Q?Court=C3=A8s?= References: Date: Fri, 07 Jan 2022 14:47:28 +0100 In-Reply-To: (Josselin Poiret's message of "Thu, 6 Jan 2022 23:48:03 +0100") Message-ID: <87v8yvac9b.fsf_-_@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spamd-Bar: / X-Rspamd-Server: hera X-Rspamd-Queue-Id: 2ADAC212 X-Spamd-Result: default: False [-0.10 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; RCPT_COUNT_TWO(0.00)[2]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[]; MID_RHS_MATCH_FROM(0.00)[] X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: "Guix-patches" X-Migadu-Flow: FLOW_IN X-Migadu-Country: US ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1641563300; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post; bh=WwUViZgGbZIH5moFi48PnXBM2nQ79rIWlDXrLjpn6y0=; b=uOYUMnngTIpNmD79ffWtt1eMApJmxqDSIvsgwUu/kPJiO0a5SL+ycvpmCS589h72WzLfvu G4o0Wzryeh3vig44ajqW1ax2QXIvQOKvoorpOqtUWEWiq65p8/e2dV4H0VgdL2DoRaneFc kEaG4leG3nJ5ULOTRi1DER3vFFw/5n+N7Xj6oKQZ/hlRT0TlR+H9hCWeLpbumYgMUdOukN 1elEn4hnPSCYY2Q6O7Ixr2L95Z434EVFkLii67+wwTuVzztUECw/CsYFB5EcCeuvRus9Ca 48YxU4Z66UPBpaczMoeSr9Li7MaZJRNMuqLPe0KH4DsE3wta9pdnY95o4JXZVw== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1641563300; a=rsa-sha256; cv=none; b=uWFfOKvvE8kkhfKs/WmSCFAZY9LcgY1GuccK3eRB23uFoQANl9sXE5U5weZuUGX7461Rt/ blm2GFBJaSxeGS12ajc3SRdCbW+Zr+A5D/7jaKKAZMcSKVES8/ikdkV0V5nnXbc7Asrwgv Az+A06VnC4X9C7sGBGp+bDdCT7ij858QZ//8aH+M2pM0oHydOtGxIcx1uCzXabBToKADkZ PkF7WElZmhXoxX9wEOfSVEQC16VqOVdkgEOa8sHfqUQ7mGhUJcHyDxyeFpAF5VatkVPxWH vNFK0p+loKyOFe2iF048nXovTh5iZ6V3DmYjJvMeLfFjK4ndE9QlvZ2JVFhxVg== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=none; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: -4.40 Authentication-Results: aspmx1.migadu.com; dkim=none; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: B1DB930F81 X-Spam-Score: -4.40 X-Migadu-Scanner: scn0.migadu.com X-TUID: jm1oen+R2vIG Hello Josselin, Josselin Poiret skribis: > +(define* (run-external-command-with-handler handler command) > + "Run command specified by the list COMMAND in a child with output ha= ndler > +HANDLER. HANDLER is a procedure taking an input port, to which the comm= and > +will write its standard output and error. Returns the integer status va= lue of > +the child process as returned by waitpid." > + (match-let (((input . output) (pipe))) > + (match (primitive-fork) > + (0 ;; We're in the child > + (close-port input) > + (reset-fds > + (open-fdes "/dev/null" O_WRONLY) > + ;; Avoid port GC'ing closing the fd by increasing its revealed c= ount. > + (port->fdes output) > + (fileno output)) > + (with-exception-handler > + (lambda (exn) > + ((@@ (ice-9 exceptions) format-exception) (current-error-po= rt) > + exn) > + (primitive-_exit 1)) > + (lambda () > + (apply execlp (car command) command) > + (primitive-_exit 1)))) > + (pid > + (close-port output) > + (handler input) > + (close-port input) > + (cdr (waitpid pid)))))) In general, I recommend using (ice-9 popen) instead of raw =E2=80=98primitive-fork=E2=80=99. It provides primitives that do fork+exec= at once, which avoids shenanigans with the finalization threads such as what you work around in patch #6. I haven=E2=80=99t looked in detail, but could the =E2=80=98pipeline=E2=80= =99 procedure from (ice-9 popen) be of any help? If you really really do need to fiddle with finalization, I=E2=80=99d recom= mend exporting =E2=80=98without-automatic-finalization=E2=80=99 from (guix build= syscalls) and using it, so that the hack is factorized. HTH, Ludo=E2=80=99.