The package transformation 'with-commit' does not work in user-friendly way

  • Done
  • quality assurance status badge
Details
5 participants
  • jgart
  • Jacob Hrbek
  • Ludovic Courtès
  • Christopher Baines
  • Tobias Geerinckx-Rice
Owner
unassigned
Submitted by
Jacob Hrbek
Severity
normal
J
J
Jacob Hrbek wrote on 18 Nov 2022 16:56
(name . bug-guix@gnu.org)(address . bug-guix@gnu.org)
OP_Bb6PtI_47UHaghjNvtVMyRj6IF4ZRkQvirs86qVAzkDUbj_MiXV5qPvavPGEzZ342QHW8sa5GCAhFNe0U1-KBNzauN1OePJP9AV1dhmU=@rixotstudio.cz
kreyren@dreamon /home/kreyren$ guix install --with-commit=flatpak=e084a4f14befc27d08094baba8cc8f714d7e417d flatpak
guix install: error: the source of flatpak@1.14.0 is not a Git reference
kreyren@dreamon /home/kreyren$ guix install flatpak@1.15.0
guix install: error: flatpak: package not found for version 1.15.0

Expected: To get the package flatpak@1.15.0 in the user profile in a non-painful way

-- Jacob "Kreyren" Hrbek
Attachment: file
J
J
Jacob Hrbek wrote on 18 Nov 2022 18:54
[PATCH] flatpak: Adjustments to make --with-commit work
(address . 59363@debbugs.gnu.org)(name . Jacob Hrbek)(address . kreyren@rixotstudio.cz)
20221118175318.18980-1-kreyren@rixotstudio.cz
---
gnu/packages/package-management.scm | 208 +++++++++++++++-------------
1 file changed, 108 insertions(+), 100 deletions(-)

Toggle diff (223 lines)
diff --git a/gnu/packages/package-management.scm b/gnu/packages/package-management.scm
index 891b504a46..be5e581c49 100644
--- a/gnu/packages/package-management.scm
+++ b/gnu/packages/package-management.scm
@@ -1915,110 +1915,118 @@ (define-public libostree
the boot loader configuration.")
(license license:lgpl2.0+)))

-(define-public flatpak
- (package
- (name "flatpak")
- (version "1.14.0")
- (source
- (origin
- (method url-fetch)
- (uri (string-append "https://github.com/flatpak/flatpak/releases/download/"
- version "/flatpak-" version ".tar.xz"))
- (sha256
- (base32 "05bqy9kwmaj32y7f94fydcz3k63bsgn4mbcp4pglv8hffxrnj9wf"))
- (patches
- (search-patches "flatpak-fix-path.patch"
- "flatpak-unset-gdk-pixbuf-for-sandbox.patch"))))
+;; FIXME: Does not respect #:tests? according to guix lint
+;; FIXME: Accodring to guix-lint it's probably vulnerable to CVE-2022-21682, CVE-2021-21261, CVE-2021-21381, CVE-2021-41133, CVE-2021-43860, CVE-2019-10063, CVE-2019-8308
+(define-public flatpak-0.14.0
+ (let ((commit "f9a768721e881debe3a0effa3a47748033d20045"))
+ (package
+ (name "flatpak")
+ (version (git-version "0.14.0" "0" commit))
+ (source (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/flatpak/flatpak.git")
+ (commit commit)))
+ (sha256
+ (base32
+ "05bqy9kwmaj32y7f94fydcz3k63bsgn4mbcp4pglv8hffxrnj9wf"))
+ (file-name (git-file-name name version))
+ (patches (search-patches "flatpak-fix-path.patch"
+ "flatpak-unset-gdk-pixbuf-for-sandbox.patch"))))

- ;; Wrap 'flatpak' so that GIO_EXTRA_MODULES is set, thereby allowing GIO to
- ;; find the TLS backend in glib-networking.
- (build-system glib-or-gtk-build-system)
+ ;; Wrap 'flatpak' so that GIO_EXTRA_MODULES is set, thereby allowing GIO to
+ ;; find the TLS backend in glib-networking.
+ (build-system glib-or-gtk-build-system)

- (arguments
- (list
- #:configure-flags
- #~(list
- "--enable-documentation=no" ;; FIXME
- "--enable-system-helper=no"
- "--localstatedir=/var"
- (string-append "--with-system-bubblewrap="
- (assoc-ref %build-inputs "bubblewrap")
- "/bin/bwrap")
- (string-append "--with-system-dbus-proxy="
- (assoc-ref %build-inputs "xdg-dbus-proxy")
- "/bin/xdg-dbus-proxy"))
- #:phases
- #~(modify-phases %standard-phases
- (add-after 'unpack 'fix-tests
- (lambda* (#:key inputs #:allow-other-keys)
- (copy-recursively
- (search-input-directory inputs "lib/locale")
- "/tmp/locale")
- (for-each make-file-writable (find-files "/tmp"))
- (substitute* "tests/make-test-runtime.sh"
- (("cp `which.*") "echo guix\n")
- (("cp -r /usr/lib/locale/C\\.\\*")
- (string-append "mkdir ${DIR}/usr/lib/locale/en_US; \
-cp -r /tmp/locale/*/en_US.*")))
- (substitute* "tests/libtest.sh"
- (("/bin/kill") (which "kill"))
- (("/usr/bin/python3") (which "python3")))
- #t))
- (add-after 'unpack 'p11-kit-fix
- (lambda* (#:key inputs #:allow-other-keys)
- (let ((p11-path (search-input-file inputs "/bin/p11-kit")))
- (substitute* "session-helper/flatpak-session-helper.c"
- (("\"p11-kit\",")
- (string-append "\"" p11-path "\","))
- (("if \\(g_find_program_in_path \\(\"p11-kit\"\\)\\)")
- (string-append "if (g_find_program_in_path (\""
- p11-path "\"))"))))))
- ;; Many tests fail for unknown reasons, so we just run a few basic
- ;; tests.
- (replace 'check
- (lambda _
- (setenv "HOME" "/tmp")
- (invoke "make" "check"
- "TESTS=tests/test-basic.sh tests/test-config.sh testcommon"))))))
- (native-inputs
- (list bison
- dbus ; for dbus-daemon
- gettext-minimal
- `(,glib "bin") ; for glib-mkenums + gdbus-codegen
- glibc-utf8-locales
- gobject-introspection
- libcap
- pkg-config
- python
- python-pyparsing
- socat
- which))
- (inputs
- (list appstream
- appstream-glib
- bubblewrap
- curl
- dconf
- fuse
- gdk-pixbuf
- gpgme
- json-glib
- libarchive
- libostree
- libseccomp
- libsoup-minimal-2
- libxau
- libxml2
- p11-kit-next
- util-linux
- xdg-dbus-proxy))
- (propagated-inputs (list glib-networking gnupg gsettings-desktop-schemas))
- (home-page "https://flatpak.org")
- (synopsis "System for building, distributing, and running sandboxed desktop
+ (arguments
+ (list #:configure-flags #~(list "--enable-documentation=no"
+ "--enable-system-helper=no"
+ "--localstatedir=/var"
+ (string-append
+ "--with-system-bubblewrap="
+ (assoc-ref %build-inputs "bubblewrap")
+ "/bin/bwrap")
+ (string-append
+ "--with-system-dbus-proxy="
+ (assoc-ref %build-inputs
+ "xdg-dbus-proxy")
+ "/bin/xdg-dbus-proxy"))
+ #:phases #~(modify-phases %standard-phases
+ (add-after 'unpack 'fix-tests
+ (lambda* (#:key inputs #:allow-other-keys)
+ (copy-recursively (search-input-directory inputs
+ "lib/locale") "/tmp/locale")
+ (for-each make-file-writable
+ (find-files "/tmp"))
+ (substitute* "tests/make-test-runtime.sh"
+ (("cp `which.*")
+ "echo guix\n")
+ (("cp -r /usr/lib/locale/C\\.\\*")
+ (string-append
+ "mkdir ${DIR}/usr/lib/locale/en_US; cp -r /tmp/locale/*/en_US.*")))
+ (substitute* "tests/libtest.sh"
+ (("/bin/kill")
+ (which "kill"))
+ (("/usr/bin/python3")
+ (which "python3"))) #t))
+ (add-after 'unpack 'p11-kit-fix
+ (lambda* (#:key inputs #:allow-other-keys)
+ (let ((p11-path (search-input-file inputs
+ "/bin/p11-kit")))
+ (substitute* "session-helper/flatpak-session-helper.c"
+ (("\"p11-kit\",")
+ (string-append "\"" p11-path "\","))
+ (("if \\(g_find_program_in_path \\(\"p11-kit\"\\)\\)")
+ (string-append
+ "if (g_find_program_in_path (\"" p11-path
+ "\"))"))))))
+ (replace 'check
+ (lambda _
+ (setenv "HOME" "/tmp")
+ (invoke "make" "check"
+ "TESTS=tests/test-basic.sh tests/test-config.sh testcommon"))))))
+ (native-inputs (list autoconf
+ automake ;for alocal
+ bison
+ dbus ;for dbus-daemon
+ gettext-minimal
+ `(,glib "bin") ;for glib-mkenums + gdbus-codegen
+ glibc-utf8-locales
+ gobject-introspection
+ libcap
+ libtool
+ pkg-config
+ python
+ python-pyparsing
+ socat
+ which))
+ (inputs (list appstream
+ appstream-glib
+ bubblewrap
+ curl
+ dconf
+ fuse
+ gdk-pixbuf
+ gpgme
+ json-glib
+ libarchive
+ libostree
+ libseccomp
+ libsoup-minimal-2
+ libxau
+ libxml2
+ p11-kit-next
+ util-linux
+ xdg-dbus-proxy))
+ (propagated-inputs (list glib-networking gnupg gsettings-desktop-schemas))
+ (home-page "https://flatpak.org")
+ (synopsis
+ "System for building, distributing, and running sandboxed desktop
applications")
- (description "Flatpak is a system for building, distributing, and running
+ (description
+ "Flatpak is a system for building, distributing, and running
sandboxed desktop applications on GNU/Linux.")
- (license license:lgpl2.1+)))
+ (license license:lgpl2.1+))))

(define-public akku
(package
--
2.37.3
J
J
Jacob Hrbek wrote on 20 Nov 2022 00:05
(name . 59363@debbugs.gnu.org)(address . 59363@debbugs.gnu.org)
-KIRryZSsPSW6pok7axTItUUSakFUdqVXEKveOCmfVFKWpdpyq7L6yZJc-oIoSpwWbXLXoiQ-9qMDPJBzNA1lvE4iyz9jhg0ICEHnvO9PnU=@rixotstudio.cz
CC mentors -- please review and merge if appropriate

-- Jacob "Kreyren" Hrbek

------- Original Message -------
On Friday, November 18th, 2022 at 6:54 PM, Jacob Hrbek <kreyren@rixotstudio.cz> wrote:


Toggle quote (170 lines)
> ---
> gnu/packages/package-management.scm | 208 +++++++++++++++-------------
> 1 file changed, 108 insertions(+), 100 deletions(-)
>
> diff --git a/gnu/packages/package-management.scm b/gnu/packages/package-management.scm
> index 891b504a46..be5e581c49 100644
> --- a/gnu/packages/package-management.scm
> +++ b/gnu/packages/package-management.scm
> @@ -1915,110 +1915,118 @@ (define-public libostree
> the boot loader configuration.")
> (license license:lgpl2.0+)))
>
> -(define-public flatpak
> - (package
> - (name "flatpak")
> - (version "1.14.0")
> - (source
> - (origin
> - (method url-fetch)
> - (uri (string-append "https://github.com/flatpak/flatpak/releases/download/"
> - version "/flatpak-" version ".tar.xz"))
> - (sha256
> - (base32 "05bqy9kwmaj32y7f94fydcz3k63bsgn4mbcp4pglv8hffxrnj9wf"))
> - (patches
> - (search-patches "flatpak-fix-path.patch"
> - "flatpak-unset-gdk-pixbuf-for-sandbox.patch"))))
> +;; FIXME: Does not respect #:tests? according to guix lint
> +;; FIXME: Accodring to guix-lint it's probably vulnerable to CVE-2022-21682, CVE-2021-21261, CVE-2021-21381, CVE-2021-41133, CVE-2021-43860, CVE-2019-10063, CVE-2019-8308
> +(define-public flatpak-0.14.0
> + (let ((commit "f9a768721e881debe3a0effa3a47748033d20045"))
> + (package
> + (name "flatpak")
> + (version (git-version "0.14.0" "0" commit))
> + (source (origin
> + (method git-fetch)
> + (uri (git-reference
> + (url "https://github.com/flatpak/flatpak.git")
> + (commit commit)))
> + (sha256
> + (base32
> + "05bqy9kwmaj32y7f94fydcz3k63bsgn4mbcp4pglv8hffxrnj9wf"))
> + (file-name (git-file-name name version))
> + (patches (search-patches "flatpak-fix-path.patch"
> + "flatpak-unset-gdk-pixbuf-for-sandbox.patch"))))
>
> - ;; Wrap 'flatpak' so that GIO_EXTRA_MODULES is set, thereby allowing GIO to
> - ;; find the TLS backend in glib-networking.
> - (build-system glib-or-gtk-build-system)
> + ;; Wrap 'flatpak' so that GIO_EXTRA_MODULES is set, thereby allowing GIO to
> + ;; find the TLS backend in glib-networking.
> + (build-system glib-or-gtk-build-system)
>
> - (arguments
> - (list
> - #:configure-flags
> - #~(list
> - "--enable-documentation=no" ;; FIXME
> - "--enable-system-helper=no"
> - "--localstatedir=/var"
> - (string-append "--with-system-bubblewrap="
> - (assoc-ref %build-inputs "bubblewrap")
> - "/bin/bwrap")
> - (string-append "--with-system-dbus-proxy="
> - (assoc-ref %build-inputs "xdg-dbus-proxy")
> - "/bin/xdg-dbus-proxy"))
> - #:phases
> - #~(modify-phases %standard-phases
> - (add-after 'unpack 'fix-tests
> - (lambda* (#:key inputs #:allow-other-keys)
> - (copy-recursively
> - (search-input-directory inputs "lib/locale")
> - "/tmp/locale")
> - (for-each make-file-writable (find-files "/tmp"))
> - (substitute* "tests/make-test-runtime.sh"
> - (("cp `which.*") "echo guix\\n") - (("cp -r /usr/lib/locale/C\\\\.\\\\*") - (string-append "mkdir ${DIR}/usr/lib/locale/en_US; \\ -cp -r /tmp/locale/*/en_US.*"))) - (substitute* "tests/libtest.sh" - (("/bin/kill") (which "kill")) - (("/usr/bin/python3") (which "python3"))) - #t)) - (add-after 'unpack 'p11-kit-fix - (lambda* (#:key inputs #:allow-other-keys) - (let ((p11-path (search-input-file inputs "/bin/p11-kit"))) - (substitute* "session-helper/flatpak-session-helper.c" - (("\\"p11-kit\\",") - (string-append "\\"" p11-path "\\",")) - (("if \\\\(g_find_program_in_path \\\\(\\"p11-kit\\"\\\\)\\\\)") - (string-append "if (g_find_program_in_path (\\"" - p11-path "\\"))")))))) - ;; Many tests fail for unknown reasons, so we just run a few basic - ;; tests. - (replace 'check - (lambda _ - (setenv "HOME" "/tmp") - (invoke "make" "check" - "TESTS=tests/test-basic.sh tests/test-config.sh testcommon")))))) - (native-inputs - (list bison - dbus ; for dbus-daemon - gettext-minimal -` (,glib "bin") ; for glib-mkenums + gdbus-codegen
> - glibc-utf8-locales
> - gobject-introspection
> - libcap
> - pkg-config
> - python
> - python-pyparsing
> - socat
> - which))
> - (inputs
> - (list appstream
> - appstream-glib
> - bubblewrap
> - curl
> - dconf
> - fuse
> - gdk-pixbuf
> - gpgme
> - json-glib
> - libarchive
> - libostree
> - libseccomp
> - libsoup-minimal-2
> - libxau
> - libxml2
> - p11-kit-next
> - util-linux
> - xdg-dbus-proxy))
> - (propagated-inputs (list glib-networking gnupg gsettings-desktop-schemas))
> - (home-page "https://flatpak.org")
> - (synopsis "System for building, distributing, and running sandboxed desktop
> + (arguments
> + (list #:configure-flags #~(list "--enable-documentation=no"
> + "--enable-system-helper=no"
> + "--localstatedir=/var"
> + (string-append
> + "--with-system-bubblewrap="
> + (assoc-ref %build-inputs "bubblewrap")
> + "/bin/bwrap")
> + (string-append
> + "--with-system-dbus-proxy="
> + (assoc-ref %build-inputs
> + "xdg-dbus-proxy")
> + "/bin/xdg-dbus-proxy"))
> + #:phases #~(modify-phases %standard-phases
> + (add-after 'unpack 'fix-tests
> + (lambda* (#:key inputs #:allow-other-keys)
> + (copy-recursively (search-input-directory inputs
> + "lib/locale") "/tmp/locale")
> + (for-each make-file-writable
> + (find-files "/tmp"))
> + (substitute* "tests/make-test-runtime.sh"
> + (("cp `which.*") + "echo guix\\n") + (("cp -r /usr/lib/locale/C\\\\.\\\\*") + (string-append + "mkdir ${DIR}/usr/lib/locale/en_US; cp -r /tmp/locale/*/en_US.*"))) + (substitute* "tests/libtest.sh" + (("/bin/kill") + (which "kill")) + (("/usr/bin/python3") + (which "python3"))) #t)) + (add-after 'unpack 'p11-kit-fix + (lambda* (#:key inputs #:allow-other-keys) + (let ((p11-path (search-input-file inputs + "/bin/p11-kit"))) + (substitute* "session-helper/flatpak-session-helper.c" + (("\\"p11-kit\\",") + (string-append "\\"" p11-path "\\",")) + (("if \\\\(g_find_program_in_path \\\\(\\"p11-kit\\"\\\\)\\\\)") + (string-append + "if (g_find_program_in_path (\\"" p11-path + "\\"))")))))) + (replace 'check + (lambda _ + (setenv "HOME" "/tmp") + (invoke "make" "check" + "TESTS=tests/test-basic.sh tests/test-config.sh testcommon")))))) + (native-inputs (list autoconf + automake ;for alocal + bison + dbus ;for dbus-daemon + gettext-minimal +` (,glib "bin") ;for glib-mkenums + gdbus-codegen
> + glibc-utf8-locales
> + gobject-introspection
> + libcap
> + libtool
> + pkg-config
> + python
> + python-pyparsing
> + socat
> + which))
> + (inputs (list appstream
> + appstream-glib
> + bubblewrap
> + curl
> + dconf
> + fuse
> + gdk-pixbuf
> + gpgme
> + json-glib
> + libarchive
> + libostree
> + libseccomp
> + libsoup-minimal-2
> + libxau
> + libxml2
> + p11-kit-next
> + util-linux
> + xdg-dbus-proxy))
> + (propagated-inputs (list glib-networking gnupg gsettings-desktop-schemas))
> + (home-page "https://flatpak.org")
> + (synopsis
> + "System for building, distributing, and running sandboxed desktop
> applications")
> - (description "Flatpak is a system for building, distributing, and running
> + (description
> + "Flatpak is a system for building, distributing, and running
> sandboxed desktop applications on GNU/Linux.")
> - (license license:lgpl2.1+)))
> + (license license:lgpl2.1+))))
>
> (define-public akku
> (package
> --
> 2.37.3
J
(name . Jacob Hrbek)(address . kreyren@rixotstudio.cz)
20221119182347.GB1888@dismail.de
On Sat, 19 Nov 2022 23:05:21 +0000 Jacob Hrbek <kreyren@rixotstudio.cz> wrote:
Toggle quote (2 lines)
> CC mentors -- please review and merge if appropriate

Thanks for sending! I'll take a look soon.
C
C
Christopher Baines wrote on 20 Nov 2022 10:33
(name . Jacob Hrbek)(address . kreyren@rixotstudio.cz)(name . 59363@debbugs.gnu.org)(address . 59363@debbugs.gnu.org)
87fseex937.fsf@cbaines.net
Jacob Hrbek <kreyren@rixotstudio.cz> writes:

Toggle quote (2 lines)
> CC mentors -- please review and merge if appropriate

I think patches are best sent to guix-patches, even if they relate to a
bug filed against the guix package.

Also, for some reason, I'm missing the original mail for this bug.

Anyway, --with-commit doesn't work because of the reason displayed when
you try and use it. --with-source is what you should be using:

-----BEGIN PGP SIGNATURE-----

iQKlBAEBCgCPFiEEPonu50WOcg2XVOCyXiijOwuE9XcFAmN59LxfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDNF
ODlFRUU3NDU4RTcyMEQ5NzU0RTBCMjVFMjhBMzNCMEI4NEY1NzcRHG1haWxAY2Jh
aW5lcy5uZXQACgkQXiijOwuE9XdZMQ/+Ib23CqKo2phGq3R9Er2EjHkecT3L60JQ
BEN8PmFmomim3ASZHvRHQND2QZlTeuGKaPJes5TyJ3QgUoe3NF7kqDxQSsE9r9oY
d0g13zijrA2QtkVJb3/F0xvB5n2vDvFmAOEVSN54+i7AljkhHgCe5BD76o6Lu1YE
2riImiAhM20RTDWI9ZRjnnGsVnwXTCAi5C8qK2GU8jp5nQlRpBqBg/pJUus/yPyR
5KxwhGF1os5/4eDkT8eVrefUefLZ9M+Q8hKjnnpGTQlfx7n7TtUeHNxdCWiuMy48
RPTGp8tjxtwAwWXKiCV/+y/mYH9EWpWFT8bRw+j4PW5/kLmlzlUXpEsR+8rdvk5/
BMxNJu6UJFzZg3CL9qu/zsPSu60igTcxTuZcLMTJf2Q0mQAGscgbtrFnM0eHtP8M
mgYpa62QCJPjADvc6qzeeh+b5LamP/MGg2/NJHXO2nkFkrkBLcw/Rnf9Q+vx/1C/
Om0U3MWHVBB18om0HHlXGNVcMUjYnIxtxOyUVn+4iKrRsB3S3JMexJTF0i9aBA5s
ehNjZIekQpW8OfUb7We0hFGwS1aa8DlWMatW/eB5b8oc+Fmqjp7aczJJS2NDOfka
XEtc3gmNPcXjNk1rJEKtZge9e+Z9gja6Z78yuJs20k5pjY/eSdi6bQ7dtWZkJoE5
9x5/VcTVrAA=
=PBg0
-----END PGP SIGNATURE-----

T
T
Tobias Geerinckx-Rice wrote on 20 Nov 2022 13:11
Re: bug#59363: Fw: [PATCH] flatpak: A djustments to make --with-commit work
(address . bug-guix@gnu.org)
CD572FBF-704F-4944-8394-09F05F97AB64@tobias.gr
[Off list]

Hi Chris,

You didn't receive their mails because their address is banned from all lists that support doing so.

Unfortunately, there are loopholes.

Kind regards,

T G-R

Sent on the go. Excuse or enjoy my brevity.
T
T
Tobias Geerinckx-Rice wrote on 20 Nov 2022 13:14
(address . bug-guix@gnu.org)
F564C9F7-FCAA-48E0-836A-34BB75D7A421@tobias.gr
On 20 November 2022 12:11:28 UTC, Tobias Geerinckx-Rice <me@tobias.gr> wrote:
Toggle quote (2 lines)
>[Off list]

...or not! :-D. Phones are a cruel joke.

Anyway, that's the dealio.
L
L
Ludovic Courtès wrote on 22 Nov 2022 09:16
control message for bug #59363
(address . control@debbugs.gnu.org)
87h6yrietr.fsf@gnu.org
tags 59363 notabug
close 59363
quit
J
J
Jacob Hrbek wrote on 22 Nov 2022 16:00
The package transformation 'with-commit' does not work in user-friendly way
(name . 59363@debbugs.gnu.org)(address . 59363@debbugs.gnu.org)
jrjIBSS1mpcsy759h6G-QOsc-5Sx-5A_jXBHgELTgS0-dwvHyVPNzI6mh6IfIMuYbOPXnnInm-WiEs-KDislzMif1MWe3hNd9BM1M2gM0SA=@rixotstudio.cz
Toggle quote (2 lines)
>> You didn't receive their mails because their address is banned from all lists that support doing so.

I am not aware of being banned from any gnu list or any reasoning to be banned to begin with. So I am once again asking you to behave appropriately and stop sabotaging my contributions, this is an evident bug that I want to fix.

-- Jacob "Kreyren" Hrbek
Attachment: file
?