sed fails to build on kernels with selinux

DoneSubmitted by Chris Marusich.
Details
2 participants
  • Chris Marusich
  • Ludovic Courtès
Owner
unassigned
Severity
normal
C
C
Chris Marusich wrote on 24 May 2020 10:14
(address . bug-guix@gnu.org)
87zh9xrbpj.fsf@gmail.com
Hi,

I noticed that sed fails to build on my Fedora machine, but it builds
successfully on Guix System. The error is:

Toggle snippet (7 lines)
ERROR: testsuite/inplace-selinux
================================

inplace-selinux.sh: set-up failure: CONFIG_HEADER not defined
ERROR testsuite/inplace-selinux.sh (exit status: 99)

It appears related to this issue:


"This error comes from 'init.cfg' in the 'require_selinux_' function.
It happens when the system supports SELinux (based on
/proc/filesystems), but during the './configure' step, somehow the
generated Makefile did not contain a 'CONFIG_HEADER = config.h'
statement (very strange)."

Indeed, /proc/filesystems within the Guix sandbox on my Fedora system
looks like this:

Toggle snippet (32 lines)
nodev sysfs
nodev tmpfs
nodev bdev
nodev proc
nodev cgroup
nodev cgroup2
nodev cpuset
nodev devtmpfs
nodev configfs
nodev debugfs
nodev tracefs
nodev securityfs
nodev sockfs
nodev bpf
nodev pipefs
nodev ramfs
nodev hugetlbfs
nodev devpts
ext3
ext2
ext4
nodev autofs
nodev mqueue
nodev selinuxfs
nodev pstore
fuseblk
nodev fuse
nodev fusectl
nodev rpc_pipefs
iso9660

However, on a vanilla Guix System (gnu/system/examples/vm-image.tmpl) it
looks like this:

Toggle snippet (27 lines)
nodev sysfs
nodev tmpfs
nodev bdev
nodev proc
nodev cgroup
nodev cgroup2
nodev cpuset
nodev devtmpfs
nodev debugfs
nodev tracefs
nodev securityfs
nodev sockfs
nodev bpf
nodev pipefs
nodev ramfs
nodev hugetlbfs
nodev devpts
ext3
ext2
ext4
vfat
nodev ecryptfs
nodev mqueue
nodev pstore
nodev 9p

Note that "selinuxfs" is present in the Fedora case, but missing in the
Guix System case. It seems very likely that this is causing the
failure. We probably need to modify something in the sed build logic to
make it succeed even when "selinuxfs" is present.

--
Chris
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEy/WXVcvn5+/vGD+x3UCaFdgiRp0FAl7KLPgACgkQ3UCaFdgi
Rp1YmBAAx9iVxAhJzz4Ud6ovVmAxneJggY6DS+8iux+VDat5MShMQur8IW5PMehP
GENR6htlzceNC11IcnQQEWcddd2wKJ8RrQ+b618KB+xHfNEgeXKfQvgHSS5R+s52
L44mExv0/dPetcaHdSTevXz+1eWtT83n8vd9bWY0tX9psfK1jwgwOvvwwHtRzzDQ
r0UZVYvKkfpS/CplA501MJtOZuK5Vh1mr0pyF9H6BXoKCumkvVbIMTJn0UvPdmK9
YIr3TAs1AM5EsfJWL83JjucomBcqEQsYtDfmJlHS/LDRhk63R1BCYO10//u1Tqfx
GMXlMLSasHqX8Q8EXtax2tAnnBxzP5jhmZLeoMbuBc/Dmr0FIqzH18ExvjzxecvT
r19H+rQ37+6PivdHhj6imym8Ps2JZ18NuCvcfJ+Pdj1oW6F3gs36saJG1uaylo3s
gWpdvqIwHsxpkk/gdZgM+1sQpuuje9oKvP7t6B1EGgpheRj7LXJoBftww7b8sGJp
LUyR1v6cXO31DSFRESWZO45dz5I/yBFkQbpEdj75BPiVfvcfjuWNKkwBxZ7I8lCZ
Mr8p3T2LM3y/iOkaKviAS8sKSmyiY3wWGt09ZyBaOrq+WzR6Hzim2+W9rIY/Y2bc
9XDk25siekX18CVbt/qaMbhg8qQfHfrtG6HMKGV8A37BfZzZcec=
=wyAB
-----END PGP SIGNATURE-----

C
C
Chris Marusich wrote on 30 May 2020 10:06
(address . 41498@debbugs.gnu.org)
87blm5yhgx.fsf@gmail.com
Chris Marusich <cmmarusich@gmail.com> writes:

Toggle quote (4 lines)
> It appears related to this issue:
>
> https://lists.gnu.org/archive/html/bug-sed/2019-06/msg00022.html

There is actually a bug report for this here:


I have submitted a patch upstream to fix the issue.

--
Chris
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEy/WXVcvn5+/vGD+x3UCaFdgiRp0FAl7SFA4ACgkQ3UCaFdgi
Rp0OehAA2aoDfOLeQvvhiq8IJKDmv4KYox3B4pW6Mf6XXyjMmcH3FPWeYJzeryR7
7ktq9nGStP5Xd4qy7gVhYWDUT5B8tHV4ovv+VUhUKUqOLEcw8c/2qHKNtNvT/7Si
veJe3Qml4wfgr1NG31Bjy0KAb4N+8uGRo8jxUI0G8g+3GiyeV5pqi5dnYshg104Z
aquZbwOcLQYiwA0GAcFqKagcpQC54saeJCoRLQIEMhNEAT6CDy7JAQ+LuvnSUMuf
J7Y/4Ejg1/lWVSduUbIg2xv2VWvMXyyOgmg0aaokyemtRv2K4MwY5HR+pWs6w/Fo
63LA3+iiJ4nYtxPvBMzzz6Hs0Grlke9K25jeLAhfyTcNUiom2fWKMBhS9b3wOX0W
yf9ScRJIO4CgTdFeV7MBl/k0VDQ392SPeesmxRvgwFkLarA6pDO4qfsDeVqP5w39
X38Jj1lPRWbV5L9T1hRnwELZLcmVH/AfUx4pkyUPV9s/lc8WBzHLXaYh0V1ePjDY
yFl8nZLJN1lx6z8+SKd3FKDetUp3pVfAH6qDyHcd61jOG/aMBhl7IYExN1kHIt01
NSLC8ZZJY1DH4pbPLuWoJTaHcDw3O2BTSgZEaSj8BJYV9K43tZ+vIPJDFpx6E0r2
YBp7kvRSEYXXW3+tYGlKu6ch19599SuF9sZcB18axmofClsEYFU=
=gC7j
-----END PGP SIGNATURE-----

C
C
Chris Marusich wrote on 10 Jun 2020 09:14
(address . 41498@debbugs.gnu.org)
87ftb3crzy.fsf@gmail.com
Chris Marusich <cmmarusich@gmail.com> writes:

Toggle quote (6 lines)
> There is actually a bug report for this here:
>
> https://debbugs.gnu.org/cgi/bugreport.cgi?bug=36150
>
> I have submitted a patch upstream to fix the issue.

Upstream hasn't replied yet, but it's only been a week and a few days.
In the meantime, here are some patches to pull the fix into Guix. While
I was here, I also taught "guix lint" to correctly check the file name
of patches when they come from an origin record. I'll commit the sed
change to core-updates, and the lint change to master, in the next
couple days if nobody has any other comments.

--
Chris
From 5686aa71488b7ba060b94f8e0c3a857016c0fa9c Mon Sep 17 00:00:00 2001
From: Chris Marusich <cmmarusich@gmail.com>
Date: Tue, 9 Jun 2020 23:35:56 -0700
Subject: [PATCH 1/2] gnu: sed: Make it build on SELinux-enabled kernels.


* gnu/packages/base.scm (sed)[origin][patches]: New field. This adds a
patch that was submitted upstream which fixes an issue that prevents sed
from building on SELinux-enabled kernels.
---
gnu/packages/base.scm | 17 ++++++++++++++++-
1 file changed, 16 insertions(+), 1 deletion(-)

Toggle diff (37 lines)
diff --git a/gnu/packages/base.scm b/gnu/packages/base.scm
index 279fe9e3d8..f075ee8f74 100644
--- a/gnu/packages/base.scm
+++ b/gnu/packages/base.scm
@@ -15,6 +15,7 @@
 ;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2018, 2019 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2020 Vitaliy Shatrov <D0dyBo0D0dyBo0@protonmail.com>
+;;; Copyright © 2020 Chris Marusich <cmmarusich@gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -141,7 +142,21 @@ including, for example, recursive directory searching.")
                                 ".tar.gz"))
             (sha256
              (base32
-              "0alqagh0nliymz23kfjg6g9w3cr086k0sfni56gi8fhzqwa3xksk"))))
+              "0alqagh0nliymz23kfjg6g9w3cr086k0sfni56gi8fhzqwa3xksk"))
+            ;; Remove this patch once upstream releases a fixed version.
+            (patches
+             (list
+              (origin
+                (method url-fetch)
+                (uri (string-append
+                      "https://debbugs.gnu.org/cgi/bugreport.cgi?"
+                      "att=1;msg=16;bug=36150;filename=0001-tests-"
+                      "Export-CONFIG_HEADER-to-test-scripts.patch"))
+                (file-name
+                 "sed-Export-CONFIG_HEADER-to-test-scripts.patch")
+                (sha256
+                 (base32
+                  "0q78qzc0mv4bmsf7wnqj9fjbrwb71xz18v07h0jz2cwnbbj1nwm9")))))))
    (build-system gnu-build-system)
    (synopsis "Stream editor")
    (native-inputs
-- 
2.26.2
From 770051777637f2026bcc56a57d30272e082099e6 Mon Sep 17 00:00:00 2001
From: Chris Marusich <cmmarusich@gmail.com>
Date: Wed, 10 Jun 2020 00:01:50 -0700
Subject: [PATCH 2/2] guix: lint: Support origins in check-patch-file-names.

* guix/lint.scm (check-patch-file-names)[starts-with-package-name?]: New
procedure, extracted from the existing logic. Using it, add a clause to
the match-lambda to handle origin records.
---
guix/lint.scm | 13 +++++++++----
1 file changed, 9 insertions(+), 4 deletions(-)

Toggle diff (36 lines)
diff --git a/guix/lint.scm b/guix/lint.scm
index 6271894360..627016fae0 100644
--- a/guix/lint.scm
+++ b/guix/lint.scm
@@ -9,6 +9,7 @@
 ;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2017, 2018, 2020 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2018, 2019 Arun Isaac <arunisaac@systemreboot.net>
+;;; Copyright © 2020 Chris Marusich <cmmarusich@gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -669,13 +670,17 @@ patch could not be found."
       (or (and=> (package-source package) origin-patches)
           '()))
 
+    (define (starts-with-package-name? file-name)
+      (and=> (string-contains file-name (package-name package))
+             zero?))
+
     (append
      (if (every (match-lambda        ;patch starts with package name?
                   ((? string? patch)
-                   (and=> (string-contains (basename patch)
-                                           (package-name package))
-                          zero?))
-                  (_  #f))     ;must be an <origin> or something like that.
+                   (starts-with-package-name? (basename patch)))
+                  ((? origin? patch)
+                   (starts-with-package-name? (origin-file-name patch)))
+                  (_  #f))     ;must be some other file-like object
                 patches)
          '()
          (list
-- 
2.26.2
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEy/WXVcvn5+/vGD+x3UCaFdgiRp0FAl7giEEACgkQ3UCaFdgi
Rp0ZQA//bp3QljJb8BY/lunAIKZ8jw2xGObr6VPoej70ErGqNz6wgoxqrDiq7Cuj
54zEKWIep7KsYJtPAyYR6Da50+cT9BlpWityWOqWbkCxGo7anEl7LAXpgkhivNO+
C3hktjC+RzaWfMiAVYremP9INcgkPE9y/SkiZ1V9XgfLTxLbV5xuRKEOR0GQnM/P
gCNzTa81qqTDtQIBLFtC3kN7Rx/1C0m7ycleg1Rx+EW8YB9VfbPjVwXfPR3QZdjv
d3hT6bMuqmoCGWjVqpZ1heqmQIdkIj3g236Fks9+tu/X+WD6Q5N+aD5g5JPT8jSq
KeIpCIcAeEHOeklbnP5EC3sheStWTQsJGr7qB+YfNI9ggDMnMkuXHMpv/TC9lmX4
9X/3S1ydwodHWHE5HiJcSEbTu1yXSsRLzb+fj0b6zIvPP3Ob7ZX0lXEW2q5LPUMp
g0xyytXU5RWwksLKjwnCe8GbszoDLhLW5qy/LsS1aOnSMcKH0+A2M2EKm2c3002D
nN9pNxQ2ZIcmk/0hlBIAHzr9pb1W48hbTbl9SGmnY2MTurhR8hDkl7oU0lkJfYbL
mC25OVYf1wxVIQbsb/MGGAKpafKJtSr94vfnJfRWyGUVl3TkVjZ1Ct5hUH5F1n1E
/wxHRcYtPZFLScJ0RPXkmmV2eNxhgSmkZ71VdRAyWLXLlXkRidE=
=1Du0
-----END PGP SIGNATURE-----

C
C
Chris Marusich wrote on 12 Jun 2020 07:43
(address . 41498-close@debbugs.gnu.org)(name . Timothy Sample)(address . samplet@ngyro.com)
87eeqkltyo.fsf@gmail.com
Hi,

With the attached patch, sed builds on my Fedora machine. Yay! There
was a small mistake in my prior email to this bug report, so you can
ignore that patch.

Chris Marusich <cmmarusich@gmail.com> writes:

Toggle quote (38 lines)
> diff --git a/gnu/packages/base.scm b/gnu/packages/base.scm
> index 279fe9e3d8..f075ee8f74 100644
> --- a/gnu/packages/base.scm
> +++ b/gnu/packages/base.scm
> @@ -15,6 +15,7 @@
> ;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
> ;;; Copyright © 2018, 2019 Ricardo Wurmus <rekado@elephly.net>
> ;;; Copyright © 2020 Vitaliy Shatrov <D0dyBo0D0dyBo0@protonmail.com>
> +;;; Copyright © 2020 Chris Marusich <cmmarusich@gmail.com>
> ;;;
> ;;; This file is part of GNU Guix.
> ;;;
> @@ -141,7 +142,21 @@ including, for example, recursive directory searching.")
> ".tar.gz"))
> (sha256
> (base32
> - "0alqagh0nliymz23kfjg6g9w3cr086k0sfni56gi8fhzqwa3xksk"))))
> + "0alqagh0nliymz23kfjg6g9w3cr086k0sfni56gi8fhzqwa3xksk"))
> + ;; Remove this patch once upstream releases a fixed version.
> + (patches
> + (list
> + (origin
> + (method url-fetch)
> + (uri (string-append
> + "https://debbugs.gnu.org/cgi/bugreport.cgi?"
> + "att=1;msg=16;bug=36150;filename=0001-tests-"
> + "Export-CONFIG_HEADER-to-test-scripts.patch"))
> + (file-name
> + "sed-Export-CONFIG_HEADER-to-test-scripts.patch")
> + (sha256
> + (base32
> + "0q78qzc0mv4bmsf7wnqj9fjbrwb71xz18v07h0jz2cwnbbj1nwm9")))))))
> (build-system gnu-build-system)
> (synopsis "Stream editor")
> (native-inputs
> --
> 2.26.2

Even though this patch is appropriate for the sed maintainers, it is not
appropriate for use in Guix's sed package definition. This is because
the patch changes testsuite/local.mk, which is used only when creating
the release distribution of sed (via an include directive in
Makefile.am), and Guix builds sed from a release distribution tarball.
As a result, even if Guix modifies the file, it does not have the
desired effect, and the test still fails for the same reason as before.
One way to work around this is to modify the Makefile.in, which is
generated by Automake and included in the release distribution.

I have gone ahead and committed the sed patch to core-updates in
a48a3f0640d76cb5e5945557c9aae6dabce39d93. I have committed the guix
lint improvement to master in 21887021b9acf60157b1b0a39c16f2ec6498021b.
I am closing this bug report.

--
Chris
From 24edab1ef4ecedd2d9971a96a516d800d6933201 Mon Sep 17 00:00:00 2001
From: Chris Marusich <cmmarusich@gmail.com>
Date: Tue, 9 Jun 2020 23:35:56 -0700
Subject: [PATCH] gnu: sed: Make it build on SELinux-enabled kernels.


* gnu/packages/base.scm (sed)[origin][snippet]: New field. This adds a
snippet, equivalent to the patch submitted upstream, which fixes an
issue that prevents sed from building on SELinux-enabled kernels.
---
gnu/packages/base.scm | 15 ++++++++++++++-
1 file changed, 14 insertions(+), 1 deletion(-)

Toggle diff (35 lines)
diff --git a/gnu/packages/base.scm b/gnu/packages/base.scm
index 279fe9e3d8..2c7b4e6882 100644
--- a/gnu/packages/base.scm
+++ b/gnu/packages/base.scm
@@ -15,6 +15,7 @@
 ;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2018, 2019 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2020 Vitaliy Shatrov <D0dyBo0D0dyBo0@protonmail.com>
+;;; Copyright © 2020 Chris Marusich <cmmarusich@gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -141,7 +142,19 @@ including, for example, recursive directory searching.")
                                 ".tar.gz"))
             (sha256
              (base32
-              "0alqagh0nliymz23kfjg6g9w3cr086k0sfni56gi8fhzqwa3xksk"))))
+              "0alqagh0nliymz23kfjg6g9w3cr086k0sfni56gi8fhzqwa3xksk"))
+            ;; Remove this snippet once upstream releases a fixed version.
+            ;; This snippet changes Makefile.in, even though the upstream
+            ;; patch changes testsuite/local.mk, since we build sed from a
+            ;; release tarball.  See: https://bugs.gnu.org/36150
+            (snippet
+             '(begin
+                (substitute* "Makefile.in"
+                  (("^  abs_srcdir='\\$\\(abs_srcdir\\)'.*" previous-line)
+                   (string-append
+                    previous-line
+                    "  CONFIG_HEADER='$(CONFIG_HEADER)'\t\t\\\n")))))
+            (modules '((guix build utils)))))
    (build-system gnu-build-system)
    (synopsis "Stream editor")
    (native-inputs
-- 
2.26.2
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEy/WXVcvn5+/vGD+x3UCaFdgiRp0FAl7jFg8ACgkQ3UCaFdgi
Rp2fpg//ZxUC4SukDteuQJO98TqoYVoI6y8SoOV0y2Wkukwy2aCExZOMHGouJfJ2
hwap65JT0GGpZs/tWx4gHmhwTHi0reQlPEoTyIvtNhyTCB2gyml1KIa2vwkSozsv
7WJ+HxjQoPqfhtuLQvHlWBmdOo1VNGFvSGTXebyGNsIVSCnPQe471/4pID40LySv
lECIKaZ8Qqcd++sVhJrTwFO2pVVH3gb9FgtV8J5FI3CSIVgpoYXdfqG9odwfIbMW
NTZez5fp3DSCcKsoigu2vbAZVADUoWa1AAslAqAq4woRPmn3hiIAiCpHpeRAJafU
0kT+7dlX3x2eUkABYrKawXxj1oUfmCDc/Sq3Kup7Q1tZgU/GuVccMuC3xkhSEAMq
9zU6PK0/Eh/ZbCL8w8FmGNJeTSLBkGgwDBizbWsKmxtS0c3N/HpVnHRhd98xhuw5
K4bpKsvmnvxxmptUPWDAzNZnzsP1GC0Y015vS5asDZfKfMASa1L2roTls9e85yfW
VJIKWkr4Vhv856/cg9iPffeed0RyVhFVziS4RUL4UlNN0EYfjqmc6OgRzHsY2vQJ
KTBTCl63VEPBwga/53ZrT7H4bg8pkigRy8RqDh+34NRJhoPiF3n3qvnb/+DX4UrW
h8YV+0OaVBk0zE9M3GK5y3GQPErs1opQEV1UPvQLopxnEjH0Bv0=
=7hop
-----END PGP SIGNATURE-----

L
L
Ludovic Courtès wrote on 13 Jun 2020 22:13
(address . 41498@debbugs.gnu.org)(address . cmmarusich@gmail.com)
87eeqiyb9k.fsf@gnu.org
Hi,

Chris Marusich <cmmarusich@gmail.com> skribis:

Toggle quote (11 lines)
> From 24edab1ef4ecedd2d9971a96a516d800d6933201 Mon Sep 17 00:00:00 2001
> From: Chris Marusich <cmmarusich@gmail.com>
> Date: Tue, 9 Jun 2020 23:35:56 -0700
> Subject: [PATCH] gnu: sed: Make it build on SELinux-enabled kernels.
>
> Fixes: <https://bugs.gnu.org/41498>.
>
> * gnu/packages/base.scm (sed)[origin][snippet]: New field. This adds a
> snippet, equivalent to the patch submitted upstream, which fixes an
> issue that prevents sed from building on SELinux-enabled kernels.

LGTM, you can push to ‘core-updates’.

Thank you!

Ludo’.
?
Your comment

This issue is archived.

To comment on this conversation send email to 41498@debbugs.gnu.org