Hi Maxime, Maxime Devos skribis: > I've tried to patch the glibc package for the problems noted at > ;. > > I've found two recent patches (glibc-hurd-proc-reauth.patch and > glibc-hurd-sendmsg-SCM_CREDS.patch) that appeared relevant. I tried > to patch our glibc package with those patches. > > The modified tarball builds fine for --system=x86_64-linux, but not > for --system=i586-gnu (tested with ./pre-inst-env guix build hello > --system=i586-gnu). Any idea what's happening here? Thanks for looking into it! > From cdf38fbfcba4c87777d7ba2175f08e877dafe86a Mon Sep 17 00:00:00 2001 > From: Maxime Devos > Date: Mon, 13 Sep 2021 11:23:21 +0200 > Subject: [PATCH] WIP gnu: glibc: New security patches. > MIME-Version: 1.0 > Content-Type: text/plain; charset=UTF-8 > Content-Transfer-Encoding: 8bit > > The existence of the vulnerabilities was noted at > . > > TODO: check if these are all necessary packages for glibc. > TODO: why does the glibc tarball build for --system=x86_64-linux but not > for --system=i586-gnu? > > Build error: > ‘patching file hurd/hurdinit.c > Hunk #1 FAILED at 177. > 1 out of 1 hunk FAILED -- saving rejects to file hurd/hurdinit.c.rej’ > > but this file isn't modified by the new patches! > > * gnu/local.mk (dist_patch_DATA): Register new patches. > * gnu/packages/base.scm (glibc)[replacement]: Register replacement. > (glibc/fixed): New variable. > * gnu/packages/patches/glibc-hurd-proc-reauth.patch: New file. > * gnu/packages/patches/glibc-hurd-sendmsg-SCM_CREDS.patch. [...] > --- a/gnu/packages/base.scm > +++ b/gnu/packages/base.scm > @@ -706,6 +706,7 @@ the store.") > (package > (name "glibc") > (version "2.31") > + (replacement glibc/fixed) > (source (origin > (method url-fetch) > (uri (string-append "mirror://gnu/glibc/glibc-" version ".tar.xz")) > @@ -966,6 +967,12 @@ with the Linux kernel.") > (license lgpl2.0+) > (home-page "https://www.gnu.org/software/libc/"))) > > +(define glibc/fixed > + (package-with-extra-patches > + glibc > + (search-patches "glibc-hurd-sendmsg-SCM_CREDS.patch" > + "glibc-hurd-proc-reauth.patch"))) Instead of a replacement, which makes no sense on GNU/Linux, could you add a conditional phase for (hurd-target?) that applies the patches? (On ‘core-updates’ (or ‘-frozen’?) we will apply patches unconditionally.) Not answering your initial question, but maybe the problem will vanish if you do things this way, who knows. :-) > +++ b/gnu/packages/patches/glibc-hurd-proc-reauth.patch > @@ -0,0 +1,114 @@ > +Index: glibc-2.31/hurd/hurdsig.c Please add a comment explaining what this patch does, what its status is, with a link to upstream discussions. Thank you! Ludo’.