Typically, we don't change the version when creating replacementpackages that apply a patch. We only change the version when thereplacement package actually updates to a new version. Thanks for taking care of this!
Re: bug#48915: [PATCH] gnu: polkit: Graft a replacement for CVE-2021-3560.
(name . Leo Famulari)(address . firstname.lastname@example.org)(address . email@example.com)
Leo Famulari <firstname.lastname@example.org> skribis:
Toggle quote (13 lines)> On Tue, Jun 08, 2021 at 10:45:12AM +0200, Ludovic Courtès wrote:>> +(define-public polkit/fixed>> + (package>> + (inherit polkit)>> + (version "0.11A") ;0.116 + patch>> + (source (origin>> + (inherit (package-source polkit))>> + (patches (search-patches "polkit-CVE-2021-3560.patch"))))))>> Typically, we don't change the version when creating replacement> packages that apply a patch. We only change the version when the> replacement package actually updates to a new version.
Pushed as 9178566954cc7f34d2d991d31df4565adad93508! As discussed on IRC, I ended up making ‘polkit/fixed’ private, with theversion string unchanged (inherited from ‘polkit’). We wondered whether Cuirass would build ‘polkit/fixed’ if it’s private.Turns out it does, but this comment in (gnu ci) is still valid:
Toggle snippet (13 lines)(define (all-packages) "Return the list of packages to build." (define (adjust package result) (cond ((package-replacement package) ;; XXX: If PACKAGE and its replacement have the same name/version, ;; then both Cuirass jobs will have the same name, which ;; effectively means that the second one will be ignored. Thus, ;; return the replacement first. (cons* (package-replacement package) ;build both package result))