Conflicting grafts are dismissed

DoneSubmitted by Ludovic Courtès.
Details
2 participants
  • Leo Famulari
  • Ludovic Courtès
Owner
unassigned
Severity
serious
L
L
Ludovic Courtès wrote on 12 Sep 2016 14:56
Re: GnuTLS security update
(name . Leo Famulari)(address . leo@famulari.name)
87zindtgya.fsf@gnu.org
Leo Famulari <leo@famulari.name> skribis:
Toggle quote (24 lines)> $ ./pre-inst-env guix build gnutls > /gnu/store/4x9r7rkinycxr7xda5a92knm8ikila6p-gnutls-3.5.2-debug> /gnu/store/n93gb4n301rz46k9cm0d12hb26gq5lg5-gnutls-3.5.2-doc> /gnu/store/di3yhn5hy4hzshpazkc6dkb4r67dbhks-gnutls-3.5.2>> $ guix build gnutls # This Guix is from `guix pull`, not my Git repo.> /gnu/store/7dy8xca0y8vz94af242cqnq9ddk2nwxn-gnutls-3.5.2-debug> /gnu/store/q27cnlfkf8kc6gjl0cdw5nvq45lfllvx-gnutls-3.5.2-doc> /gnu/store/yrl3c1mxqwcpppyh0sjlwn3sj2w5qj54-gnutls-3.5.2>> $ guix gc --references $(./pre-inst-env guix build msmtp) > /gnu/store/9nifwk709wajpyfwa0jzaa3p6mf10vxs-gcc-4.9.3-lib> /gnu/store/l1s4cw9g58hmcpd2qgbckfl228143qzx-glib-2.48.0> /gnu/store/m9vxvhdj691bq1f85lpflvnhcvrdilih-glibc-2.23> /gnu/store/nwzi32dmlrvqkfy5fplrh9ndnivxv851-libsecret-0.18.5> /gnu/store/ppd0q1mwl6rz51y5bmmwz3x89hc561cw-msmtp-1.6.5> /gnu/store/r60cjgawd6dqz3gfdmw4ihkvbcp27f3a-gsasl-1.8.0> /gnu/store/ykzwykkvr2c80rw4l1qh3mvfdkl7jibi-bash-4.3.42> /gnu/store/yrl3c1mxqwcpppyh0sjlwn3sj2w5qj54-gnutls-3.5.2>> The problem is that the msmtp package I have built using this patch does> not refer to the grafted gnutls. I got the same result after building a> fresh Git clone of Guix.
Indeed, there’s a bug. :-/
With your patch, I get:
Toggle snippet (32 lines)$ git describev0.11.0-970-g8d4169a$ guix gc --references $(./pre-inst-env guix build msmtp)|grep gnutls/gnu/store/yrl3c1mxqwcpppyh0sjlwn3sj2w5qj54-gnutls-3.5.2$ ./pre-inst-env guix build gnutls/gnu/store/4x9r7rkinycxr7xda5a92knm8ikila6p-gnutls-3.5.2-debug/gnu/store/n93gb4n301rz46k9cm0d12hb26gq5lg5-gnutls-3.5.2-doc/gnu/store/di3yhn5hy4hzshpazkc6dkb4r67dbhks-gnutls-3.5.2$ ./pre-inst-env guix build gnutls --no-grafts/gnu/store/23vx0mdw6q96pakyps2cjjvcjng1mxqx-gnutls-3.5.2-debug/gnu/store/p0zrk9424l0aljzsqyqx5zgh86x9glmi-gnutls-3.5.2-doc/gnu/store/1qv5i6rfxjc4d0rg7z6r9dapmf85kzmy-gnutls-3.5.2$ /gnu/store/yrl3c1mxqwcpppyh0sjlwn3sj2w5qj54-gnutls-3.5.2/bin/gnutls-cli --versiongnutls-cli 3.5.2Copyright (C) 2000-2016 Free Software Foundation, and others, all rights reserved.This is free software. It is licensed for use, modification andredistribution under the terms of the GNU General Public License,version 3 or later <http://gnu.org/licenses/gpl.html>

Please send bug reports to: <bugs@gnutls.org>$ /gnu/store/di3yhn5hy4hzshpazkc6dkb4r67dbhks-gnutls-3.5.2/bin/gnutls-cli --versiongnutls-cli 3.5.4Copyright (C) 2000-2016 Free Software Foundation, and others, all rights reserved.This is free software. It is licensed for use, modification andredistribution under the terms of the GNU General Public License,version 3 or later <http://gnu.org/licenses/gpl.html>

Please send bug reports to: <bugs@gnutls.org>
msmtp uses a GnuTLS that is different from from both other GnuTLS.
I think the bug has to do with the fact that GnuTLS has a replacementand at the same time needs to be grafted (the libidn and libgcryptgrafts apply to GnuTLS).
In the meantime, I suggest that you apply the patch anyway.
Ludo’.
L
L
Leo Famulari wrote on 12 Sep 2016 18:34
(name . Ludovic Courtès)(address . ludo@gnu.org)
20160912163421.GA32764@jasmine
On Mon, Sep 12, 2016 at 02:56:13PM +0200, Ludovic Courtès wrote:
Toggle quote (2 lines)> msmtp uses a GnuTLS that is different from from both other GnuTLS.
The GnuTLS being used [0] corresponds to the GnuTLS on the master branchfrom before I pushed this graft.
Toggle quote (6 lines)> I think the bug has to do with the fact that GnuTLS has a replacement> and at the same time needs to be grafted (the libidn and libgcrypt> grafts apply to GnuTLS).> > In the meantime, I suggest that you apply the patch anyway.
Okay, done as 974e2b297104d2de01632df1a56069b383e645f4
[0]yrl3c1mxqwcpppyh0sjlwn3sj2w5qj54-gnutls-3.5.2
-----BEGIN PGP SIGNATURE-----Version: GnuPG v2
iQIcBAEBCAAGBQJX1tkNAAoJECZG+jC6yn8ImFkQAL8o/tVpJefHFIi9T7JrCaUJnJp6ZQztAHBaRCBl6yDkU7vnkBBCsdZzjf4KCyT1mijUrKsfUEtKhiITnmD/AwRYLLa7Bku84/P4AUMljc6E9lhD651Kz2n9X6YPfgKJI4wBkUbRnnrYaSgDGwPbxeJpAM1DmRvjV7mWxeGc2LpxZ65tc4sEXXHm/qpGTa+4Yhn9821xp7aJ9ojV0JddU2j74uX5MnYHINYmAhbFDR53Dvv+FTC01vIxRWjRQrf3QwP//O0BurY/mSZP/CQ+msjd51uQxlDUMxpyNqLEGqK+AZxcjAuokBLyZr3Gjr/Xylv4su/YYtyKrulZ/acIYLjphpAJsOYTwPzol+gt1TJOHH6V+xJf3UNLIy7xFpMA3jEo/C7WloC1yIblcgxC/byNVwQIVAGyq2TWrCFeg0PNLNNALrUIgcrt9OTVhHe0FRg5R7uobkR2wGArhy1Ngo+dIII/jFFYmRlGXbtuQ1NPjSQwoYHHGTMLi5oHv0TcHLJPCAI3PAKc1hkKuGTzm+0tZ2rpM+duwghCd/5Tg6BRSKwgQAMqufr+AVAtz5k1DQwuMv+OhNFvlob0xOXayNl1MSrfVeledOnCME3QnMbbGHRG0IUKF+jqS3ykFanLiuN4FhF9dOxCkGDCyF2nIiUqdyAg9Tp48eRAxAcX6V1x=2JDf-----END PGP SIGNATURE-----

L
L
Ludovic Courtès wrote on 12 Sep 2016 22:57
retitle
(address . request@debbugs.gnu.org)
87zincygxv.fsf@gnu.org
retitle 24418 Conflicting grafts are dismissedthanks
L
L
Ludovic Courtès wrote on 12 Sep 2016 22:57
control message for bug #24418
(address . control@debbugs.gnu.org)
87y42wygxe.fsf@gnu.org
severity 24418 serious
L
L
Ludovic Courtès wrote on 14 Oct 2016 09:57
Grafted item refers to a mixture of grafted and ungrafted outputs of the same derivation
(address . 24418@debbugs.gnu.org)(name . Mark H Weaver)(address . mhw@netris.org)
87shrzcqhx.fsf@gnu.org
Mark reported on IRC that gnome-session, as of v0.11.0-1639-g34f9582,refers to the grafted “out” of glib, but at the same time refers to the*ungrafted* “bin” output of glib:
Toggle snippet (15 lines)$ ./pre-inst-env guix build gnome-session/gnu/store/rchskrbc42yjlb85lq8zigpvynwc2zz7-gnome-session-3.20.2$ guix gc -R /gnu/store/rchskrbc42yjlb85lq8zigpvynwc2zz7-gnome-session-3.20.2|grep glib-2/gnu/store/l1s4cw9g58hmcpd2qgbckfl228143qzx-glib-2.48.0/gnu/store/c4rjjznraqnw7wk7zwr8ndmq7bdmj51q-glib-2.48.0-bin$ ./pre-inst-env guix build glib/gnu/store/ya5d1r6bvph3m5nisjywrnkvffpdrjfn-glib-2.48.0-bin/gnu/store/jav2d6c39k3amv4k1670845li7284a6q-glib-2.48.0-doc/gnu/store/77f9q6kvgrrwhqbzxzc10bwdwq6kd690-glib-2.48.0$ ./pre-inst-env guix build glib --no-grafts/gnu/store/c4rjjznraqnw7wk7zwr8ndmq7bdmj51q-glib-2.48.0-bin/gnu/store/ib12bfrx83aawhabpp0rijgmm61gi0wg-glib-2.48.0-doc/gnu/store/l1s4cw9g58hmcpd2qgbckfl228143qzx-glib-2.48.0
Ludo’.
L
L
Ludovic Courtès wrote on 14 Oct 2016 23:37
Re: bug#24418: GnuTLS security update
(name . Leo Famulari)(address . leo@famulari.name)
87insuvchr.fsf@gnu.org
Hello!
ludo@gnu.org (Ludovic Courtès) skribis:
Toggle quote (28 lines)> $ git describe> v0.11.0-970-g8d4169a> $ guix gc --references $(./pre-inst-env guix build msmtp)|grep gnutls> /gnu/store/yrl3c1mxqwcpppyh0sjlwn3sj2w5qj54-gnutls-3.5.2> $ ./pre-inst-env guix build gnutls> /gnu/store/4x9r7rkinycxr7xda5a92knm8ikila6p-gnutls-3.5.2-debug> /gnu/store/n93gb4n301rz46k9cm0d12hb26gq5lg5-gnutls-3.5.2-doc> /gnu/store/di3yhn5hy4hzshpazkc6dkb4r67dbhks-gnutls-3.5.2> $ ./pre-inst-env guix build gnutls --no-grafts> /gnu/store/23vx0mdw6q96pakyps2cjjvcjng1mxqx-gnutls-3.5.2-debug> /gnu/store/p0zrk9424l0aljzsqyqx5zgh86x9glmi-gnutls-3.5.2-doc> /gnu/store/1qv5i6rfxjc4d0rg7z6r9dapmf85kzmy-gnutls-3.5.2> $ /gnu/store/yrl3c1mxqwcpppyh0sjlwn3sj2w5qj54-gnutls-3.5.2/bin/gnutls-cli --version> gnutls-cli 3.5.2> Copyright (C) 2000-2016 Free Software Foundation, and others, all rights reserved.> This is free software. It is licensed for use, modification and> redistribution under the terms of the GNU General Public License,> version 3 or later <http://gnu.org/licenses/gpl.html>>>> Please send bug reports to: <bugs@gnutls.org>> $ /gnu/store/di3yhn5hy4hzshpazkc6dkb4r67dbhks-gnutls-3.5.2/bin/gnutls-cli --version> gnutls-cli 3.5.4> Copyright (C) 2000-2016 Free Software Foundation, and others, all rights reserved.> This is free software. It is licensed for use, modification and> redistribution under the terms of the GNU General Public License,> version 3 or later <http://gnu.org/licenses/gpl.html>
AFAICS this is fixed by these two patches:
b013c33 * grafts: 'graft-derivation' does now introduce grafts that shadow other grafts.d0025d0 * packages: 'package-grafts' applies grafts on replacement.
Please let know if you notice anything wrong.
For debugging purposes, I found it easier to have the attached patchapplied, so that replacements are easily distinguishable from theoriginal packages. You might want to use it too. :-)
(I didn’t apply it to master because it would lead to merge conflicts incore-updates, but feel free to apply it if that seems OK to you.)
Thanks,Ludo’.
modified gnu/packages/gnupg.scm@@ -138,15 +138,14 @@ generation.") (define libgcrypt-1.5.6 (package (inherit libgcrypt-1.5)- (source- (let ((version "1.5.6"))- (origin- (method url-fetch)- (uri (string-append "mirror://gnupg/libgcrypt/libgcrypt-"- version ".tar.bz2"))- (sha256- (base32- "0ydy7bgra5jbq9mxl5x031nif3m6y3balc6ndw2ngj11wnsjc61h")))))))+ (version "1.5.6")+ (source (origin+ (method url-fetch)+ (uri (string-append "mirror://gnupg/libgcrypt/libgcrypt-"+ version ".tar.bz2"))+ (sha256+ (base32+ "0ydy7bgra5jbq9mxl5x031nif3m6y3balc6ndw2ngj11wnsjc61h")))))) (define-public libassuan (packagemodified gnu/packages/tls.scm@@ -215,16 +215,15 @@ required structures.") (define gnutls-3.5.4 (package (inherit gnutls)- (source- (let ((version "3.5.4"))- (origin- (method url-fetch)- (uri (string-append "mirror://gnupg/gnutls/v"- (version-major+minor version)- "/gnutls-" version ".tar.xz"))- (sha256- (base32- "1sx8p7v452s9m854r2c5pvcd1k15a3caiv5h35fhrxz0691h2f2f")))))))+ (version "3.5.4")+ (source (origin+ (method url-fetch)+ (uri (string-append "mirror://gnupg/gnutls/v"+ (version-major+minor version)+ "/gnutls-" version ".tar.xz"))+ (sha256+ (base32+ "1sx8p7v452s9m854r2c5pvcd1k15a3caiv5h35fhrxz0691h2f2f")))))) (define-public openssl
L
L
Ludovic Courtès wrote on 1 Nov 2016 22:22
control message for bug #24418
(address . control@debbugs.gnu.org)
87ins6nbee.fsf@gnu.org
tags 24418 fixedclose 24418
?
Your comment

This issue is archived.

To comment on this conversation send email to 24418@debbugs.gnu.org