GNU bug report logs - #24418
Conflicting grafts are dismissed

Package: guix;

Reported by: ludo <at> gnu.org (Ludovic Courtès)

Date: Mon, 12 Sep 2016 12:57:02 UTC

Severity: serious

Tags: fixed

Done: ludo <at> gnu.org (Ludovic Courtès)

Bug is archived. No further changes may be made.

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 24418 in the body.
You can then email your comments to 24418 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to bug-guix <at> gnu.org:
bug#24418; Package guix. (Mon, 12 Sep 2016 12:57:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to ludo <at> gnu.org (Ludovic Courtès):
New bug report received and forwarded. Copy sent to bug-guix <at> gnu.org. (Mon, 12 Sep 2016 12:57:02 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: ludo <at> gnu.org (Ludovic Courtès)
To: Leo Famulari <leo <at> famulari.name>
Cc: guix-devel <at> gnu.org, bug-guix <at> gnu.org
Subject: Re: GnuTLS security update
Date: Mon, 12 Sep 2016 14:56:13 +0200

Leo Famulari <leo <at> famulari.name> skribis:

> $ ./pre-inst-env guix build gnutls            
> /gnu/store/4x9r7rkinycxr7xda5a92knm8ikila6p-gnutls-3.5.2-debug
> /gnu/store/n93gb4n301rz46k9cm0d12hb26gq5lg5-gnutls-3.5.2-doc
> /gnu/store/di3yhn5hy4hzshpazkc6dkb4r67dbhks-gnutls-3.5.2
>
> $ guix build gnutls # This Guix is from `guix pull`, not my Git repo.
> /gnu/store/7dy8xca0y8vz94af242cqnq9ddk2nwxn-gnutls-3.5.2-debug
> /gnu/store/q27cnlfkf8kc6gjl0cdw5nvq45lfllvx-gnutls-3.5.2-doc
> /gnu/store/yrl3c1mxqwcpppyh0sjlwn3sj2w5qj54-gnutls-3.5.2
>
> $ guix gc --references $(./pre-inst-env guix build msmtp) 
> /gnu/store/9nifwk709wajpyfwa0jzaa3p6mf10vxs-gcc-4.9.3-lib
> /gnu/store/l1s4cw9g58hmcpd2qgbckfl228143qzx-glib-2.48.0
> /gnu/store/m9vxvhdj691bq1f85lpflvnhcvrdilih-glibc-2.23
> /gnu/store/nwzi32dmlrvqkfy5fplrh9ndnivxv851-libsecret-0.18.5
> /gnu/store/ppd0q1mwl6rz51y5bmmwz3x89hc561cw-msmtp-1.6.5
> /gnu/store/r60cjgawd6dqz3gfdmw4ihkvbcp27f3a-gsasl-1.8.0
> /gnu/store/ykzwykkvr2c80rw4l1qh3mvfdkl7jibi-bash-4.3.42
> /gnu/store/yrl3c1mxqwcpppyh0sjlwn3sj2w5qj54-gnutls-3.5.2
>
> The problem is that the msmtp package I have built using this patch does
> not refer to the grafted gnutls. I got the same result after building a
> fresh Git clone of Guix.

Indeed, there’s a bug.  :-/

With your patch, I get:

--8<---------------cut here---------------start------------->8---
$ git describe
v0.11.0-970-g8d4169a
$ guix gc --references $(./pre-inst-env guix build msmtp)|grep gnutls
/gnu/store/yrl3c1mxqwcpppyh0sjlwn3sj2w5qj54-gnutls-3.5.2
$ ./pre-inst-env guix build gnutls
/gnu/store/4x9r7rkinycxr7xda5a92knm8ikila6p-gnutls-3.5.2-debug
/gnu/store/n93gb4n301rz46k9cm0d12hb26gq5lg5-gnutls-3.5.2-doc
/gnu/store/di3yhn5hy4hzshpazkc6dkb4r67dbhks-gnutls-3.5.2
$ ./pre-inst-env guix build gnutls --no-grafts
/gnu/store/23vx0mdw6q96pakyps2cjjvcjng1mxqx-gnutls-3.5.2-debug
/gnu/store/p0zrk9424l0aljzsqyqx5zgh86x9glmi-gnutls-3.5.2-doc
/gnu/store/1qv5i6rfxjc4d0rg7z6r9dapmf85kzmy-gnutls-3.5.2
$ /gnu/store/yrl3c1mxqwcpppyh0sjlwn3sj2w5qj54-gnutls-3.5.2/bin/gnutls-cli --version
gnutls-cli 3.5.2
Copyright (C) 2000-2016 Free Software Foundation, and others, all rights reserved.
This is free software. It is licensed for use, modification and
redistribution under the terms of the GNU General Public License,
version 3 or later <http://gnu.org/licenses/gpl.html>


Please send bug reports to:  <bugs <at> gnutls.org>
$ /gnu/store/di3yhn5hy4hzshpazkc6dkb4r67dbhks-gnutls-3.5.2/bin/gnutls-cli --version
gnutls-cli 3.5.4
Copyright (C) 2000-2016 Free Software Foundation, and others, all rights reserved.
This is free software. It is licensed for use, modification and
redistribution under the terms of the GNU General Public License,
version 3 or later <http://gnu.org/licenses/gpl.html>


Please send bug reports to:  <bugs <at> gnutls.org>
--8<---------------cut here---------------end--------------->8---

msmtp uses a GnuTLS that is different from from both other GnuTLS.

I think the bug has to do with the fact that GnuTLS has a replacement
and at the same time needs to be grafted (the libidn and libgcrypt
grafts apply to GnuTLS).

In the meantime, I suggest that you apply the patch anyway.

Ludo’.

Information forwarded to bug-guix <at> gnu.org:
bug#24418; Package guix. (Mon, 12 Sep 2016 16:35:01 GMT) Full text and rfc822 format available.

Message #8 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Leo Famulari <leo <at> famulari.name>
To: Ludovic Courtès <ludo <at> gnu.org>
Cc: guix-devel <at> gnu.org, bug-guix <at> gnu.org
Subject: Re: GnuTLS security update
Date: Mon, 12 Sep 2016 12:34:21 -0400

[Message part 1 (text/plain, inline)]

On Mon, Sep 12, 2016 at 02:56:13PM +0200, Ludovic Courtès wrote:
> msmtp uses a GnuTLS that is different from from both other GnuTLS.

The GnuTLS being used [0] corresponds to the GnuTLS on the master branch
from before I pushed this graft.

> I think the bug has to do with the fact that GnuTLS has a replacement
> and at the same time needs to be grafted (the libidn and libgcrypt
> grafts apply to GnuTLS).
> 
> In the meantime, I suggest that you apply the patch anyway.

Okay, done as 974e2b297104d2de01632df1a56069b383e645f4

[0]
yrl3c1mxqwcpppyh0sjlwn3sj2w5qj54-gnutls-3.5.2

[signature.asc (application/pgp-signature, inline)]

Changed bug title to 'Conflicting grafts are dismissed' from 'GnuTLS security update' Request was from ludo <at> gnu.org (Ludovic Courtès) to control <at> debbugs.gnu.org. (Mon, 12 Sep 2016 20:58:01 GMT) Full text and rfc822 format available.

Severity set to 'serious' from 'normal' Request was from ludo <at> gnu.org (Ludovic Courtès) to control <at> debbugs.gnu.org. (Mon, 12 Sep 2016 20:59:02 GMT) Full text and rfc822 format available.

Information forwarded to bug-guix <at> gnu.org:
bug#24418; Package guix. (Fri, 14 Oct 2016 07:58:01 GMT) Full text and rfc822 format available.

Message #15 received at 24418 <at> debbugs.gnu.org (full text, mbox):

From: ludo <at> gnu.org (Ludovic Courtès)
To: 24418 <at> debbugs.gnu.org
Cc: Mark H Weaver <mhw <at> netris.org>
Subject: Grafted item refers to a mixture of grafted and ungrafted outputs of
 the same derivation
Date: Fri, 14 Oct 2016 09:57:14 +0200

Mark reported on IRC that gnome-session, as of v0.11.0-1639-g34f9582,
refers to the grafted “out” of glib, but at the same time refers to the
*ungrafted* “bin” output of glib:

--8<---------------cut here---------------start------------->8---
$ ./pre-inst-env guix build gnome-session
/gnu/store/rchskrbc42yjlb85lq8zigpvynwc2zz7-gnome-session-3.20.2
$ guix gc -R /gnu/store/rchskrbc42yjlb85lq8zigpvynwc2zz7-gnome-session-3.20.2|grep glib-2
/gnu/store/l1s4cw9g58hmcpd2qgbckfl228143qzx-glib-2.48.0
/gnu/store/c4rjjznraqnw7wk7zwr8ndmq7bdmj51q-glib-2.48.0-bin
$ ./pre-inst-env guix build glib
/gnu/store/ya5d1r6bvph3m5nisjywrnkvffpdrjfn-glib-2.48.0-bin
/gnu/store/jav2d6c39k3amv4k1670845li7284a6q-glib-2.48.0-doc
/gnu/store/77f9q6kvgrrwhqbzxzc10bwdwq6kd690-glib-2.48.0
$ ./pre-inst-env guix build glib --no-grafts
/gnu/store/c4rjjznraqnw7wk7zwr8ndmq7bdmj51q-glib-2.48.0-bin
/gnu/store/ib12bfrx83aawhabpp0rijgmm61gi0wg-glib-2.48.0-doc
/gnu/store/l1s4cw9g58hmcpd2qgbckfl228143qzx-glib-2.48.0
--8<---------------cut here---------------end--------------->8---

Ludo’.

Information forwarded to bug-guix <at> gnu.org:
bug#24418; Package guix. (Fri, 14 Oct 2016 21:38:01 GMT) Full text and rfc822 format available.

Message #18 received at 24418 <at> debbugs.gnu.org (full text, mbox):

From: ludo <at> gnu.org (Ludovic Courtès)
To: Leo Famulari <leo <at> famulari.name>
Cc: guix-devel <at> gnu.org, 24418 <at> debbugs.gnu.org
Subject: Re: bug#24418: GnuTLS security update
Date: Fri, 14 Oct 2016 23:37:04 +0200

[Message part 1 (text/plain, inline)]

Hello!

ludo <at> gnu.org (Ludovic Courtès) skribis:

> $ git describe
> v0.11.0-970-g8d4169a
> $ guix gc --references $(./pre-inst-env guix build msmtp)|grep gnutls
> /gnu/store/yrl3c1mxqwcpppyh0sjlwn3sj2w5qj54-gnutls-3.5.2
> $ ./pre-inst-env guix build gnutls
> /gnu/store/4x9r7rkinycxr7xda5a92knm8ikila6p-gnutls-3.5.2-debug
> /gnu/store/n93gb4n301rz46k9cm0d12hb26gq5lg5-gnutls-3.5.2-doc
> /gnu/store/di3yhn5hy4hzshpazkc6dkb4r67dbhks-gnutls-3.5.2
> $ ./pre-inst-env guix build gnutls --no-grafts
> /gnu/store/23vx0mdw6q96pakyps2cjjvcjng1mxqx-gnutls-3.5.2-debug
> /gnu/store/p0zrk9424l0aljzsqyqx5zgh86x9glmi-gnutls-3.5.2-doc
> /gnu/store/1qv5i6rfxjc4d0rg7z6r9dapmf85kzmy-gnutls-3.5.2
> $ /gnu/store/yrl3c1mxqwcpppyh0sjlwn3sj2w5qj54-gnutls-3.5.2/bin/gnutls-cli --version
> gnutls-cli 3.5.2
> Copyright (C) 2000-2016 Free Software Foundation, and others, all rights reserved.
> This is free software. It is licensed for use, modification and
> redistribution under the terms of the GNU General Public License,
> version 3 or later <http://gnu.org/licenses/gpl.html>
>
>
> Please send bug reports to:  <bugs <at> gnutls.org>
> $ /gnu/store/di3yhn5hy4hzshpazkc6dkb4r67dbhks-gnutls-3.5.2/bin/gnutls-cli --version
> gnutls-cli 3.5.4
> Copyright (C) 2000-2016 Free Software Foundation, and others, all rights reserved.
> This is free software. It is licensed for use, modification and
> redistribution under the terms of the GNU General Public License,
> version 3 or later <http://gnu.org/licenses/gpl.html>

AFAICS this is fixed by these two patches:

b013c33 * grafts: 'graft-derivation' does now introduce grafts that shadow other grafts.
d0025d0 * packages: 'package-grafts' applies grafts on replacement.

Please let know if you notice anything wrong.

For debugging purposes, I found it easier to have the attached patch
applied, so that replacements are easily distinguishable from the
original packages.  You might want to use it too.  :-)

(I didn’t apply it to master because it would lead to merge conflicts in
core-updates, but feel free to apply it if that seems OK to you.)

Thanks,
Ludo’.

[Message part 2 (text/x-patch, inline)]

modified   gnu/packages/gnupg.scm
@@ -138,15 +138,14 @@ generation.")
 (define libgcrypt-1.5.6
   (package
     (inherit libgcrypt-1.5)
-    (source
-     (let ((version "1.5.6"))
-       (origin
-         (method url-fetch)
-         (uri (string-append "mirror://gnupg/libgcrypt/libgcrypt-"
-                             version ".tar.bz2"))
-         (sha256
-          (base32
-           "0ydy7bgra5jbq9mxl5x031nif3m6y3balc6ndw2ngj11wnsjc61h")))))))
+    (version "1.5.6")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "mirror://gnupg/libgcrypt/libgcrypt-"
+                                  version ".tar.bz2"))
+              (sha256
+               (base32
+                "0ydy7bgra5jbq9mxl5x031nif3m6y3balc6ndw2ngj11wnsjc61h"))))))
 
 (define-public libassuan
   (package
modified   gnu/packages/tls.scm
@@ -215,16 +215,15 @@ required structures.")
 (define gnutls-3.5.4
   (package
     (inherit gnutls)
-    (source
-      (let ((version "3.5.4"))
-        (origin
-          (method url-fetch)
-          (uri (string-append "mirror://gnupg/gnutls/v"
-                              (version-major+minor version)
-                              "/gnutls-" version ".tar.xz"))
-          (sha256
-           (base32
-            "1sx8p7v452s9m854r2c5pvcd1k15a3caiv5h35fhrxz0691h2f2f")))))))
+    (version "3.5.4")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "mirror://gnupg/gnutls/v"
+                                  (version-major+minor version)
+                                  "/gnutls-" version ".tar.xz"))
+              (sha256
+               (base32
+                "1sx8p7v452s9m854r2c5pvcd1k15a3caiv5h35fhrxz0691h2f2f"))))))
 
 (define-public openssl

Added tag(s) fixed. Request was from ludo <at> gnu.org (Ludovic Courtès) to control <at> debbugs.gnu.org. (Tue, 01 Nov 2016 21:23:02 GMT) Full text and rfc822 format available.

bug closed, send any further explanations to 24418 <at> debbugs.gnu.org and ludo <at> gnu.org (Ludovic Courtès) Request was from ludo <at> gnu.org (Ludovic Courtès) to control <at> debbugs.gnu.org. (Tue, 01 Nov 2016 21:23:02 GMT) Full text and rfc822 format available.

bug archived. Request was from Debbugs Internal Request <help-debbugs <at> gnu.org> to internal_control <at> debbugs.gnu.org. (Wed, 30 Nov 2016 12:24:03 GMT) Full text and rfc822 format available.

This bug report was last modified 7 years and 148 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #24418 Conflicting grafts are dismissed

GNU bug report logs - #24418
Conflicting grafts are dismissed