Unpack fails with no error message when using a .zip source

  • Done
  • quality assurance status badge
Details
3 participants
  • Adonay Felipe Nogueira
  • nee
  • zimoun
Owner
unassigned
Submitted by
nee
Severity
normal
N
N
nee wrote on 25 Sep 2017 22:10
(address . bug-guix@gnu.org)
2c2ccbd7-bb47-5292-74d9-e4c7fdc2c990@cock.li
Hello,

right now unpacking .zip sources only works when unzip is added as
native input. That's all right, but there is no error message, just:

starting phase `unpack'
phase `unpack' failed after 0.0 seconds

It should say something like:

starting phase `unpack'
Archive with .zip suffix failed to unpack. Please add unzip as
native-input to the package, e.g. (native-inputs `(("unzip" ,unzip)))
phase `unpack' failed after 0.0 seconds

I tested this in the cmake-build-system
A
A
Adonay Felipe Nogueira wrote on 4 Oct 2017 20:17
(address . bug-guix@gnu.org)
87wp4abwwm.fsf@hyperbola.info
Does the .zip file have a a single directory on the root?

If not, then we can call it a zipbomb/tarbomb. These bombs are bad
because they can replace things without notice, and can be very
difficult to track what was added. Last time I checked Guix expects only
a single directory in the root of the file --- this might have changed,
but I didn't test it since one year ago.

nee <nee@cock.li> writes:

Toggle quote (17 lines)
> Hello,
>
> right now unpacking .zip sources only works when unzip is added as
> native input. That's all right, but there is no error message, just:
>
> starting phase `unpack'
> phase `unpack' failed after 0.0 seconds
>
> It should say something like:
>
> starting phase `unpack'
> Archive with .zip suffix failed to unpack. Please add unzip as
> native-input to the package, e.g. (native-inputs `(("unzip" ,unzip)))
> phase `unpack' failed after 0.0 seconds
>
> I tested this in the cmake-build-system

--
- Palestrante e consultor sobre /software/ livre (não confundir com
gratis).
- "WhatsApp"? Ele não é livre. Por favor, use o GNU Ring ou o Tox.
- Arquivos comuns aceitos (apenas sem DRM): Corel Draw, Microsoft
Office, MP3, MP4, WMA, WMV.
- Arquivos comuns aceitos e enviados: CSV, GNU Dia, GNU Emacs Org, GNU
GIMP, Inkscape SVG, JPG, LibreOffice (padrão ODF), OGG, OPUS, PDF
(apenas sem DRM), PNG, TXT, WEBM.
N
N
nee wrote on 9 Oct 2017 23:00
Re: bug#28602: [PATCH] guix: gnu-build-system: warn about missing unzip input unzip
(address . 28602@debbugs.gnu.org)
7075db45-09ad-f2d7-1bd4-27f2c9755a42@cock.li
Hello here is a patch to fix this bug. It changes the gnu-build-system,
so the hashes of almost all packages will also change. I guess
core-updates is the right branch for this.
From 089b9741a734f0682a671df6c0c36dfefcbd407c Mon Sep 17 00:00:00 2001
From: nee <nee.git@cock.li>
Date: Mon, 9 Oct 2017 22:49:12 +0200
Subject: [PATCH] guix: gnu-build-system: warn about missing unzip input during
unpack.

---
guix/build/gnu-build-system.scm | 17 ++++++++++++++++-
1 file changed, 16 insertions(+), 1 deletion(-)

Toggle diff (37 lines)
diff --git a/guix/build/gnu-build-system.scm b/guix/build/gnu-build-system.scm
index e37b75140..c16d15964 100644
--- a/guix/build/gnu-build-system.scm
+++ b/guix/build/gnu-build-system.scm
@@ -67,6 +67,21 @@ See https://reproducible-builds.org/specs/source-date-epoch/."
#f
dir))
+(define (unzip filepath)
+ "Unzip archive file.
+Warn the user when unzip fails and the executable is not present."
+ (define exit-code (system* "unzip" filepath))
+ (define program-not-found-code 32512)
+ (cond ((zero? exit-code) #t)
+ ((eqv? exit-code program-not-found-code)
+ (format (current-error-port)
+ "warning: Archive with .zip suffix failed to unpack.
+Please add unzip as native-input to the package,
+e.g. (native-inputs `((\"unzip\" ,unzip)))")
+ (newline (current-error-port))
+ #f)
+ (else #f)))
+
(define* (set-paths #:key target inputs native-inputs
(search-paths '()) (native-search-paths '())
#:allow-other-keys)
@@ -154,7 +169,7 @@ working directory."
#:keep-mtime? #t)
#t)
(and (if (string-suffix? ".zip" source)
- (zero? (system* "unzip" source))
+ (unzip source)
(zero? (system* "tar" "xvf" source)))
(chdir (first-subdirectory ".")))))
--
2.14.1
N
N
nee wrote on 9 Oct 2017 23:05
Re: bug#28602: Unpack fails with no error message when using a .zip source
(name . Adonay Felipe Nogueira)(address . adfeno@hyperbola.info)(address . 28602@debbugs.gnu.org)
1771470d-8b9a-a516-7da2-6532432955a4@cock.li
Am 04.10.2017 um 20:17 schrieb Adonay Felipe Nogueira:
Toggle quote (8 lines)
> Does the .zip file have a a single directory on the root?
>
> If not, then we can call it a zipbomb/tarbomb. These bombs are bad
> because they can replace things without notice, and can be very
> difficult to track what was added. Last time I checked Guix expects only
> a single directory in the root of the file --- this might have changed,
> but I didn't test it since one year ago.

Hello, this is a different problem. Tarbombs are still a problem, but
unrelated to this.

The gnu-build-system does not have unzip by default. If a package's
source comes in a zip the package must have unzip as native-input. If it
isn't the (system* "unzip" source) call in the unpack function will fail
because there is no unzip executable.

Happy hacking!
N
N
nee wrote on 26 Nov 2017 19:27
Re: bug#28602: [PATCH] guix: gnu-build-system: warn about missing unzip input unzip
(address . control@debbugs.gnu.org)
414ddf3f-f38d-f794-1b5e-613b71e371a0@cock.li
tags 28602 + patch
Z
Z
zimoun wrote on 5 Jul 2021 13:46
Re: bug#28602: Unpack fails with no error message when using a .zip source
(name . nee)(address . nee@cock.li)(address . 28602@debbugs.gnu.org)
877di52dbh.fsf_-_@gmail.com
Hi,

Thanks for the patch and sorry for the delay.

On Mon, 09 Oct 2017 at 23:00, nee <nee@cock.li> wrote:
Toggle quote (37 lines)
> Hello here is a patch to fix this bug. It changes the gnu-build-system,
> so the hashes of almost all packages will also change. I guess
> core-updates is the right branch for this.
>
>>From 089b9741a734f0682a671df6c0c36dfefcbd407c Mon Sep 17 00:00:00 2001
> From: nee <nee.git@cock.li>
> Date: Mon, 9 Oct 2017 22:49:12 +0200
> Subject: [PATCH] guix: gnu-build-system: warn about missing unzip input during
> unpack.
>
> ---
> guix/build/gnu-build-system.scm | 17 ++++++++++++++++-
> 1 file changed, 16 insertions(+), 1 deletion(-)
>
> diff --git a/guix/build/gnu-build-system.scm b/guix/build/gnu-build-system.scm
> index e37b75140..c16d15964 100644
> --- a/guix/build/gnu-build-system.scm
> +++ b/guix/build/gnu-build-system.scm
> @@ -67,6 +67,21 @@ See https://reproducible-builds.org/specs/source-date-epoch/."
> #f
> dir))
>
> +(define (unzip filepath)
> + "Unzip archive file.
> +Warn the user when unzip fails and the executable is not present."
> + (define exit-code (system* "unzip" filepath))
> + (define program-not-found-code 32512)
> + (cond ((zero? exit-code) #t)
> + ((eqv? exit-code program-not-found-code)
> + (format (current-error-port)
> + "warning: Archive with .zip suffix failed to unpack.
> +Please add unzip as native-input to the package,
> +e.g. (native-inputs `((\"unzip\" ,unzip)))")
> + (newline (current-error-port))
> + #f)
> + (else #f)))

Give a look at 'invoke' from (guix build utils).

Toggle quote (12 lines)
> (define* (set-paths #:key target inputs native-inputs
> (search-paths '()) (native-search-paths '())
> #:allow-other-keys)
> @@ -154,7 +169,7 @@ working directory."
> #:keep-mtime? #t)
> #t)
> (and (if (string-suffix? ".zip" source)
> - (zero? (system* "unzip" source))
> + (unzip source)
> (zero? (system* "tar" "xvf" source)))
> (chdir (first-subdirectory ".")))))

After 9a87649c863e1ff8b073b356875eb05eecedbcf7, this part uses 'invoke'.
Instead of your 'unzip', the exception raised by 'invoke' should be
catched and then should trigger the hint message. WDYT?

All the best,
simon
Z
Z
zimoun wrote on 26 Nov 2021 02:49
bug#28602: [core-updates] Unpack fails with no error message when using a .zip source
(name . nee)(address . nee@cock.li)(address . 28602@debbugs.gnu.org)
86fsrjr8j3.fsf_-_@gmail.com
Hi,

This patch [1] had been submitted in 2017 and fallen in the cracks. The
code below requires improvement and I am not convinced by the feature.
Therefore closing?



On Mon, 05 Jul 2021 at 13:46, zimoun <zimon.toutoune@gmail.com> wrote:
Toggle quote (57 lines)
> On Mon, 09 Oct 2017 at 23:00, nee <nee@cock.li> wrote:

>> Hello here is a patch to fix this bug. It changes the gnu-build-system,
>> so the hashes of almost all packages will also change. I guess
>> core-updates is the right branch for this.
>>
>>>>From 089b9741a734f0682a671df6c0c36dfefcbd407c Mon Sep 17 00:00:00 2001
>> From: nee <nee.git@cock.li>
>> Date: Mon, 9 Oct 2017 22:49:12 +0200
>> Subject: [PATCH] guix: gnu-build-system: warn about missing unzip input during
>> unpack.
>>
>> ---
>> guix/build/gnu-build-system.scm | 17 ++++++++++++++++-
>> 1 file changed, 16 insertions(+), 1 deletion(-)
>>
>> diff --git a/guix/build/gnu-build-system.scm b/guix/build/gnu-build-system.scm
>> index e37b75140..c16d15964 100644
>> --- a/guix/build/gnu-build-system.scm
>> +++ b/guix/build/gnu-build-system.scm
>> @@ -67,6 +67,21 @@ See https://reproducible-builds.org/specs/source-date-epoch/."
>> #f
>> dir))
>>
>> +(define (unzip filepath)
>> + "Unzip archive file.
>> +Warn the user when unzip fails and the executable is not present."
>> + (define exit-code (system* "unzip" filepath))
>> + (define program-not-found-code 32512)
>> + (cond ((zero? exit-code) #t)
>> + ((eqv? exit-code program-not-found-code)
>> + (format (current-error-port)
>> + "warning: Archive with .zip suffix failed to unpack.
>> +Please add unzip as native-input to the package,
>> +e.g. (native-inputs `((\"unzip\" ,unzip)))")
>> + (newline (current-error-port))
>> + #f)
>> + (else #f)))
>
> Give a look at 'invoke' from (guix build utils).
>
>> (define* (set-paths #:key target inputs native-inputs
>> (search-paths '()) (native-search-paths '())
>> #:allow-other-keys)
>> @@ -154,7 +169,7 @@ working directory."
>> #:keep-mtime? #t)
>> #t)
>> (and (if (string-suffix? ".zip" source)
>> - (zero? (system* "unzip" source))
>> + (unzip source)
>> (zero? (system* "tar" "xvf" source)))
>> (chdir (first-subdirectory ".")))))
>
> After 9a87649c863e1ff8b073b356875eb05eecedbcf7, this part uses 'invoke'.
> Instead of your 'unzip', the exception raised by 'invoke' should be
> catched and then should trigger the hint message. WDYT?

Cheers,
simon
Z
Z
zimoun wrote on 4 Jan 2022 23:55
Re: bug#28602: Unpack fails with no error message when using a .zip source
(name . nee)(address . nee@cock.li)(address . 28602@debbugs.gnu.org)
86zgobaz6b.fsf_-_@gmail.com
Hi,

On Fri, 26 Nov 2021 at 02:49, zimoun <zimon.toutoune@gmail.com> wrote:

Toggle quote (6 lines)
> This patch [1] had been submitted in 2017 and fallen in the cracks. The
> code below requires improvement and I am not convinced by the feature.
> Therefore closing?
>
> <http://issues.guix.gnu.org/issue/28602

If no answer before the next release [1], I will close it.



Cheers,
simon
Z
Z
zimoun wrote on 23 Mar 2022 11:37
(name . nee)(address . nee@cock.li)(address . 28602-done@debbugs.gnu.org)
86tubp0xav.fsf@gmail.com
Hi,

On Tue, 04 Jan 2022 at 23:55, zimoun <zimon.toutoune@gmail.com> wrote:
Toggle quote (10 lines)
> On Fri, 26 Nov 2021 at 02:49, zimoun <zimon.toutoune@gmail.com> wrote:
>
>> This patch [1] had been submitted in 2017 and fallen in the cracks. The
>> code below requires improvement and I am not convinced by the feature.
>> Therefore closing?
>>
>> <http://issues.guix.gnu.org/issue/28602
>
> If no answer before the next release [1], I will close it.

Well, 11 weeks later without an answer, I am closing.

Cheers,
simon
Closed
?