From debbugs-submit-bounces@debbugs.gnu.org Thu Jun 11 12:46:20 2020 Received: (at 41796) by debbugs.gnu.org; 11 Jun 2020 16:46:20 +0000 Received: from localhost ([127.0.0.1]:37911 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jjQLL-0001dT-T1 for submit@debbugs.gnu.org; Thu, 11 Jun 2020 12:46:20 -0400 Received: from eggs.gnu.org ([209.51.188.92]:41684) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jjQLK-0001dF-1g for 41796@debbugs.gnu.org; Thu, 11 Jun 2020 12:46:18 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:37594) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jjQLE-0003RI-23; Thu, 11 Jun 2020 12:46:12 -0400 Received: from [2a01:e0a:1d:7270:6a6c:dc17:fc02:cfda] (port=60412 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1jjQLD-0003pe-Bb; Thu, 11 Jun 2020 12:46:11 -0400 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Jakub =?utf-8?B?S8SFZHppb8WCa2E=?= Subject: Re: bug#41796: Grafts don't handle outputs other than out References: <20200610223220.hi36uznx57jol2h5@gravity> Date: Thu, 11 Jun 2020 18:46:09 +0200 In-Reply-To: <20200610223220.hi36uznx57jol2h5@gravity> ("Jakub \=\?utf-8\?B\?S8SFZHppb8WCa2EiJ3M\=\?\= message of "Thu, 11 Jun 2020 00:32:20 +0200") Message-ID: <87bllpblf2.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 41796 Cc: 41796@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hi! I=E2=80=99m trying to estimate the impact of this bug. As of a50628bbe0fa4ba3835e311098e4fdf7a1d8a29e, there seems to be only one package whose replacement could end up not being grafted (here I=E2=80=99m omitting outputs that, if left ungrafted, won=E2=80=99t affect security): --8<---------------cut here---------------start------------->8--- scheme@(guile-user)> (fold-packages (lambda (p result) (if (and (package-replacement p) (> (length (fold delete (package-outputs p) '("debug" "doc" "st= atic"))) 1)) (cons p result) result)) '()) $11 =3D (#) --8<---------------cut here---------------end--------------->8--- This is because of the =E2=80=9Cbin=E2=80=9D output of =E2=80=98nss=E2=80= =99. From a quick grep, there 3 packages depending on nss:bin: 389-ds-base, libcacard, and xmlsec-nss. 389-ds-base is affected: it keeps a reference to the ungrafted =E2=80=9Cbin= =E2=80=9D: --8<---------------cut here---------------start------------->8--- $ guix gc --references $(guix build 389-ds-base --no-grafts) |grep nss- /gnu/store/gfpgqvwrixhf3sf1bnzsfxzvld0nd8b7-nss-3.50 /gnu/store/vvsa5q0g790wi97zadj5qklqpiw1fqc1-nss-3.50-bin $ guix gc --references $(guix build 389-ds-base) |grep nss- /gnu/store/588jh89ng8f7ks4wsay6mdm4dxapk2d6-nss-3.50 /gnu/store/vvsa5q0g790wi97zadj5qklqpiw1fqc1-nss-3.50-bin --8<---------------cut here---------------end--------------->8--- The other two are fine: --8<---------------cut here---------------start------------->8--- $ guix gc --references $(guix build libcacard --no-grafts) |grep nss- /gnu/store/gfpgqvwrixhf3sf1bnzsfxzvld0nd8b7-nss-3.50 $ guix gc --references $(guix build libcacard) |grep nss- /gnu/store/588jh89ng8f7ks4wsay6mdm4dxapk2d6-nss-3.50 $ guix gc --references $(guix build xmlsec-nss --no-grafts) |grep nss- /gnu/store/fwb0adczsx3nqsdnj92xnv85n93qa17n-xmlsec-nss-1.2.30 /gnu/store/gfpgqvwrixhf3sf1bnzsfxzvld0nd8b7-nss-3.50 $ guix gc --references $(guix build xmlsec-nss ) |grep nss- /gnu/store/2gzk5rfg86zyxk8d9z6b7x0xkwar95cj-xmlsec-nss-1.2.30 /gnu/store/588jh89ng8f7ks4wsay6mdm4dxapk2d6-nss-3.50 --8<---------------cut here---------------end--------------->8--- Ludo=E2=80=99.