guix system: "guix graph -t referrers" could be more helpful in some cases

  • Open
  • quality assurance status badge
Details
2 participants
  • Zack Weinberg
  • Simon Tournier
Owner
unassigned
Submitted by
Zack Weinberg
Severity
normal
Z
Z
Zack Weinberg wrote on 23 Jul 2024 19:24
(address . bug-guix@gnu.org)
1044fab9-b70d-477f-a0c6-97757cba2c00@app.fastmail.com
On a Guix System installation, "guix graph -t referrers" is not
helpful when the package you're investigating is brought in directly
by the operating-system declaration. Here are two examples.

1) Packages that have been added to the 'packages' property of the
operating-system declaration, but have no connection to any other
package, are described as unconnected.

(operating-system
(packages (cons* (specification->package "lsof") %base-packages))
;; etc
)

# guix graph -t referrers lsof
digraph "Guix referrers" {
"/gnu/store/7fkgda85xj4dr2d0r8lafyvnx5b9xwzp-lsof-4.94.0"
[label = "lsof-4.94.0", shape = box, fontname = sans];
}

2) If you've excluded a %base-packages package that ships setuid
binaries (e.g. "sudo", but forgotten to exclude the actual setuid
binaries as well, the package will still be included in the
operating-system derivation, and guix graph won't tell you why:

(operating-system
(packages
(filter
(lambda (pkg) (not (string= (package-name pkg) "sudo")))
%base-packages))
;; etc
)

# guix graph -t referrers sudo
digraph "Guix referrers" {
"/gnu/store/gnybfg31is632dyaivd907f2h0wff80d-sudo-1.9.14p3"
[label = "sudo-1.9.14p3", shape = box, fontname = sans];
"/gnu/store/gnybfg31is632dyaivd907f2h0wff80d-sudo-1.9.14p3" ->
"/gnu/store/gnybfg31is632dyaivd907f2h0wff80d-sudo-1.9.14p3"
[color = darkviolet];
}

This is saying that sudo refers to _itself_ and nothing else does,
which doesn't make any sense.

In both cases I would have expected "guix graph -t referrers"
to report that the package was a direct dependency of the
operating-system derivation itself; in the latter case I would
have liked it if there was some indication that the dependency
was because of 'setuid-binaries'.

zw
S
S
Simon Tournier wrote on 24 Jul 2024 01:15
8734nzg0os.fsf@gmail.com
Hi,

On Tue, 23 Jul 2024 at 13:24, "Zack Weinberg" via Bug reports for GNU Guix <bug-guix@gnu.org> wrote:

Toggle quote (4 lines)
> I would have expected "guix graph -t referrers"
> to report that the package was a direct dependency of the
> operating-system derivation itself

Hum, I do not think that “guix graph” operated on the level of
’operating-system’. That said, indeed something seems unexpected: you
get,

Toggle quote (6 lines)
> # guix graph -t referrers lsof
> digraph "Guix referrers" {
> "/gnu/store/7fkgda85xj4dr2d0r8lafyvnx5b9xwzp-lsof-4.94.0"
> [label = "lsof-4.94.0", shape = box, fontname = sans];
> }

and the manual reads [1],

‘referrers’
This is the graph of the “referrers” of a store item, as returned
by ‘guix gc --referrers’ (*note Invoking guix gc::).

This relies exclusively on local information from your store. For
instance, let us suppose that the current Inkscape is available in
10 profiles on your machine; ‘guix graph -t referrers inkscape’
will show a graph rooted at Inkscape and with those 10 profiles
linked to it.

It can help determine what is preventing a store item from being
garbage collected.

Toggle snippet (16 lines)
$ guix package -p /tmp/one-profile -I
lsof 4.94.0 out /gnu/store/6nyp9cvksvyfww5d7j7rvm43jb46p521-lsof-4.94.0

$ guix gc --referrers /gnu/store/6nyp9cvksvyfww5d7j7rvm43jb46p521-lsof-4.94.0
/gnu/store/5wmvmlba841wvy681840cjwjcdifcjq2-profile

$ guix graph -t referrers /gnu/store/6nyp9cvksvyfww5d7j7rvm43jb46p521-lsof-4.94.0
digraph "Guix referrers" {
"/gnu/store/6nyp9cvksvyfww5d7j7rvm43jb46p521-lsof-4.94.0" [label = "lsof-4.94.0", shape = box, fontname = sans];
"/gnu/store/6nyp9cvksvyfww5d7j7rvm43jb46p521-lsof-4.94.0" -> "/gnu/store/5wmvmlba841wvy681840cjwjcdifcjq2-profile" [color = red];
"/gnu/store/5wmvmlba841wvy681840cjwjcdifcjq2-profile" [label = "profile", shape = box, fontname = sans];
"/gnu/store/5wmvmlba841wvy681840cjwjcdifcjq2-profile" -> "/gnu/store/5wmvmlba841wvy681840cjwjcdifcjq2-profile" [color = darkgoldenrod];

}

So far, so good! However, indeed:

Toggle snippet (7 lines)
$ guix graph -t referrers lsof
digraph "Guix referrers" {
"/gnu/store/7fkgda85xj4dr2d0r8lafyvnx5b9xwzp-lsof-4.94.0" [label = "lsof-4.94.0", shape = box, fontname = sans];

}

And the reason is because grafts.

Toggle snippet (15 lines)
$ guix build lsof --no-grafts
/gnu/store/7fkgda85xj4dr2d0r8lafyvnx5b9xwzp-lsof-4.94.0

$ guix package -p /tmp/another-profile -i lsof --no-grafts

$ guix graph -t referrers lsof
digraph "Guix referrers" {
"/gnu/store/7fkgda85xj4dr2d0r8lafyvnx5b9xwzp-lsof-4.94.0" [label = "lsof-4.94.0", shape = box, fontname = sans];
"/gnu/store/7fkgda85xj4dr2d0r8lafyvnx5b9xwzp-lsof-4.94.0" -> "/gnu/store/hjgbwa566fwzmwvrdal5ycxzlzz3al6x-profile" [color = blue];
"/gnu/store/hjgbwa566fwzmwvrdal5ycxzlzz3al6x-profile" [label = "profile", shape = box, fontname = sans];
"/gnu/store/hjgbwa566fwzmwvrdal5ycxzlzz3al6x-profile" -> "/gnu/store/hjgbwa566fwzmwvrdal5ycxzlzz3al6x-profile" [color = darkgoldenrod];

}

Well, the fix should be to have the grafted item by default pointing to
the non-grafted one and potentially referencing the others as describe
by the manual.

Cheers,
simon


?
Your comment

Commenting via the web interface is currently disabled.

To comment on this conversation send an email to 72259@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it
mumi current 72259
Then, you may apply the latest patchset in this issue (with sign off)
mumi am -- -s
Or, compose a reply to this issue
mumi compose
Or, send patches to this issue
mumi send-email *.patch