From unknown Fri Jun 20 07:23:16 2025 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) Content-Type: text/plain; charset=utf-8 From: bug#33300 <33300@debbugs.gnu.org> To: bug#33300 <33300@debbugs.gnu.org> Subject: Status: hplip 3.18.9 contains non-free binary blobs Reply-To: bug#33300 <33300@debbugs.gnu.org> Date: Fri, 20 Jun 2025 14:23:16 +0000 retitle 33300 hplip 3.18.9 contains non-free binary blobs reassign 33300 guix submitter 33300 ludo@gnu.org (Ludovic Court=C3=A8s) severity 33300 normal thanks From debbugs-submit-bounces@debbugs.gnu.org Wed Nov 07 05:20:20 2018 Received: (at submit) by debbugs.gnu.org; 7 Nov 2018 10:20:20 +0000 Received: from localhost ([127.0.0.1]:38176 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gKKwS-00059R-VB for submit@debbugs.gnu.org; Wed, 07 Nov 2018 05:20:20 -0500 Received: from eggs.gnu.org ([208.118.235.92]:43727) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gKKwO-00058l-25 for submit@debbugs.gnu.org; Wed, 07 Nov 2018 05:20:07 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1gKKwH-0006gn-Kk for submit@debbugs.gnu.org; Wed, 07 Nov 2018 05:19:58 -0500 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:44910) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1gKKwG-0006fs-U7 for submit@debbugs.gnu.org; Wed, 07 Nov 2018 05:19:57 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:53291) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gKKwF-0004F5-HT for bug-guix@gnu.org; Wed, 07 Nov 2018 05:19:56 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1gKKwB-0006d9-6h for bug-guix@gnu.org; Wed, 07 Nov 2018 05:19:53 -0500 Received: from fencepost.gnu.org ([2001:4830:134:3::e]:48568) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gKKvx-0006On-9W; Wed, 07 Nov 2018 05:19:38 -0500 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=48900 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1gKKvw-00026M-MB; Wed, 07 Nov 2018 05:19:37 -0500 From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=) To: bug-guix@gnu.org Subject: hplip 3.18.9 contains non-free binary blobs X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 17 Brumaire an 227 de la =?utf-8?Q?R=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Wed, 07 Nov 2018 11:19:35 +0100 Message-ID: <87sh0dur48.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Received-From: 2001:4830:134:3::11 X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: submit Cc: Tobias Geerinckx-Rice , Efraim Flashner X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hello, The tarball of hplip 3.18.9 contains several .so files that it installs as-is: --8<---------------cut here---------------start------------->8--- ludo@ribbon ~/src/guix$ (cd /tmp; tar xf $(guix build -S hplip)) ludo@ribbon ~/src/guix$ find /tmp/hplip-3.18.9 -name \*.so /tmp/hplip-3.18.9/prnt/plugins/hbpl1-arm32.so /tmp/hplip-3.18.9/prnt/plugins/hbpl1-x86_64.so /tmp/hplip-3.18.9/prnt/plugins/lj-x86_32.so /tmp/hplip-3.18.9/prnt/plugins/hbpl1-arm64.so /tmp/hplip-3.18.9/prnt/plugins/hbpl1-x86_32.so /tmp/hplip-3.18.9/prnt/plugins/lj-arm64.so /tmp/hplip-3.18.9/prnt/plugins/lj-x86_64.so /tmp/hplip-3.18.9/prnt/plugins/lj-arm32.so /tmp/hplip-3.18.9/prnt/hpcups/libImageProcessor-x86_32.so /tmp/hplip-3.18.9/prnt/hpcups/libImageProcessor-x86_64.so --8<---------------cut here---------------end--------------->8--- I tried removing them with a snippet (patch attached), but installation eventually fails while trying to link against libImageProcessor, which is now missing. In people suggest that 3.18.6 is the last known-good version. Indeed that version does not have the obnoxious libImageProcessor, so that should be fine. It does come with the non-free binary plug-ins, though these are just plugins so removing them will be easier: --8<---------------cut here---------------start------------->8--- ludo@ribbon ~/src/guix$ find /tmp/hplip-3.18.6/ -name \*.so /tmp/hplip-3.18.6/prnt/plugins/hbpl1-arm32.so /tmp/hplip-3.18.6/prnt/plugins/hbpl1-x86_64.so /tmp/hplip-3.18.6/prnt/plugins/lj-x86_32.so /tmp/hplip-3.18.6/prnt/plugins/hbpl1-arm64.so /tmp/hplip-3.18.6/prnt/plugins/hbpl1-x86_32.so /tmp/hplip-3.18.6/prnt/plugins/lj-arm64.so /tmp/hplip-3.18.6/prnt/plugins/lj-x86_64.so /tmp/hplip-3.18.6/prnt/plugins/lj-arm32.so --8<---------------cut here---------------end--------------->8--- Thus, I propose to: 1. Revert to 3.18.6 (we=E2=80=99ll upgrade if and when hplip becomes free again.) 2. Add a snippet to remove the non-free plugins. Thoughts? Thanks, Ludo=E2=80=99. --=-=-= Content-Type: text/x-patch Content-Disposition: inline diff --git a/gnu/packages/cups.scm b/gnu/packages/cups.scm index 4259648c69..c0ac365691 100644 --- a/gnu/packages/cups.scm +++ b/gnu/packages/cups.scm @@ -410,6 +410,19 @@ device-specific programs to convert and print many types of files.") '(begin (substitute* "prnt/hpcups/genPCLm.cpp" (("boolean") "bool")) + + ;; Starting from version 3.18.9, hplip comes with binary + ;; blobs under prnt/hpcups and prnt/plugins. Remove them. + (for-each delete-file (find-files "." "\\.so$")) + + ;; This trick changes the behavior of the + ;; 'install-data-hook' target so that it doesn't install the + ;; binary blobs. + (substitute* "Makefile.in" + (("^UNAME =.*") + "UNAME = free-software-only-thanks\n") + (("prnt/hpcups/libImageProcessor-([[:graph:]]+)\\.so") + "")) #t)))) (build-system gnu-build-system) (home-page "https://developers.hp.com/hp-linux-imaging-and-printing") --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Wed Nov 07 07:49:31 2018 Received: (at submit) by debbugs.gnu.org; 7 Nov 2018 12:49:31 +0000 Received: from localhost ([127.0.0.1]:38216 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gKNGr-0002Ud-Sq for submit@debbugs.gnu.org; Wed, 07 Nov 2018 07:49:31 -0500 Received: from eggs.gnu.org ([208.118.235.92]:60585) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gKNGl-0002UL-KE for submit@debbugs.gnu.org; Wed, 07 Nov 2018 07:49:20 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1gKNGe-0008Fz-Vz for submit@debbugs.gnu.org; Wed, 07 Nov 2018 07:49:10 -0500 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50 autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:60790) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1gKNGe-0008FK-PF for submit@debbugs.gnu.org; Wed, 07 Nov 2018 07:49:08 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:41924) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gKNGd-0003VU-GY for bug-guix@gnu.org; Wed, 07 Nov 2018 07:49:08 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1gKNGY-0008Bg-Q4 for bug-guix@gnu.org; Wed, 07 Nov 2018 07:49:07 -0500 Received: from flashner.co.il ([178.62.234.194]:34464) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gKNGY-00089J-0O; Wed, 07 Nov 2018 07:49:02 -0500 Received: from localhost (unknown [5.102.239.133]) by flashner.co.il (Postfix) with ESMTPSA id B9FA64002F; Wed, 7 Nov 2018 12:48:59 +0000 (UTC) Date: Wed, 7 Nov 2018 14:48:58 +0200 From: Efraim Flashner To: Ludovic =?utf-8?Q?Court=C3=A8s?= Subject: Re: hplip 3.18.9 contains non-free binary blobs Message-ID: <20181107124858.GE1206@macbook41> References: <87sh0dur48.fsf@gnu.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="xaMk4Io5JJdpkLEb" Content-Disposition: inline In-Reply-To: <87sh0dur48.fsf@gnu.org> User-Agent: Mutt/1.10.1 (2018-07-13) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Received-From: 2001:4830:134:3::11 X-Spam-Score: 1.0 (+) X-Debbugs-Envelope-To: submit Cc: Tobias Geerinckx-Rice , bug-guix@gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.0 (/) --xaMk4Io5JJdpkLEb Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Nov 07, 2018 at 11:19:35AM +0100, Ludovic Court=C3=A8s wrote: > Hello, >=20 > The tarball of hplip 3.18.9 contains several .so files that it installs > as-is: >=20 > --8<---------------cut here---------------start------------->8--- > ludo@ribbon ~/src/guix$ (cd /tmp; tar xf $(guix build -S hplip)) > ludo@ribbon ~/src/guix$ find /tmp/hplip-3.18.9 -name \*.so > /tmp/hplip-3.18.9/prnt/plugins/hbpl1-arm32.so > /tmp/hplip-3.18.9/prnt/plugins/hbpl1-x86_64.so > /tmp/hplip-3.18.9/prnt/plugins/lj-x86_32.so > /tmp/hplip-3.18.9/prnt/plugins/hbpl1-arm64.so > /tmp/hplip-3.18.9/prnt/plugins/hbpl1-x86_32.so > /tmp/hplip-3.18.9/prnt/plugins/lj-arm64.so > /tmp/hplip-3.18.9/prnt/plugins/lj-x86_64.so > /tmp/hplip-3.18.9/prnt/plugins/lj-arm32.so > /tmp/hplip-3.18.9/prnt/hpcups/libImageProcessor-x86_32.so > /tmp/hplip-3.18.9/prnt/hpcups/libImageProcessor-x86_64.so > --8<---------------cut here---------------end--------------->8--- >=20 > I tried removing them with a snippet (patch attached), but installation > eventually fails while trying to link against libImageProcessor, which > is now missing. >=20 > In people suggest that > 3.18.6 is the last known-good version. Indeed that version does not > have the obnoxious libImageProcessor, so that should be fine. It does > come with the non-free binary plug-ins, though these are just plugins so > removing them will be easier: >=20 > --8<---------------cut here---------------start------------->8--- > ludo@ribbon ~/src/guix$ find /tmp/hplip-3.18.6/ -name \*.so > /tmp/hplip-3.18.6/prnt/plugins/hbpl1-arm32.so > /tmp/hplip-3.18.6/prnt/plugins/hbpl1-x86_64.so > /tmp/hplip-3.18.6/prnt/plugins/lj-x86_32.so > /tmp/hplip-3.18.6/prnt/plugins/hbpl1-arm64.so > /tmp/hplip-3.18.6/prnt/plugins/hbpl1-x86_32.so > /tmp/hplip-3.18.6/prnt/plugins/lj-arm64.so > /tmp/hplip-3.18.6/prnt/plugins/lj-x86_64.so > /tmp/hplip-3.18.6/prnt/plugins/lj-arm32.so > --8<---------------cut here---------------end--------------->8--- >=20 > Thus, I propose to: >=20 > 1. Revert to 3.18.6 (we=E2=80=99ll upgrade if and when hplip becomes fr= ee > again.) Not bad for an interm solution. Debian already has 3.18.10 packaged, and based on their versioning scheme it still contains non-free artifacts. >=20 > 2. Add a snippet to remove the non-free plugins. >=20 > Thoughts? Here's what I have right now: ;; Delete non-free blobs$ (delete-file "prnt/hpcups/libImageProcessor-x86_64.so")$ (delete-file "prnt/hpcups/libImageProcessor-x86_32.so")$ (delete-file-recursively "prnt/plugins")$ (substitute* "Makefile.am"$ (("dist_printplugins_DATA") "# dist_printplugins_DATA")) and a patch from debian to address imageprocessor: https://salsa.debian.org/printing-team/hplip/raw/debian/3.18.10+dfsg0-1/d= ebian/patches/0025-Remove-all-ImageProcessor-functionality-which-is-clo.pat= ch >=20 > Thanks, > Ludo=E2=80=99. >=20 > diff --git a/gnu/packages/cups.scm b/gnu/packages/cups.scm > index 4259648c69..c0ac365691 100644 > --- a/gnu/packages/cups.scm > +++ b/gnu/packages/cups.scm > @@ -410,6 +410,19 @@ device-specific programs to convert and print many t= ypes of files.") > '(begin > (substitute* "prnt/hpcups/genPCLm.cpp" > (("boolean") "bool")) > + > + ;; Starting from version 3.18.9, hplip comes with bina= ry > + ;; blobs under prnt/hpcups and prnt/plugins. Remove t= hem. > + (for-each delete-file (find-files "." "\\.so$")) > + > + ;; This trick changes the behavior of the > + ;; 'install-data-hook' target so that it doesn't insta= ll the > + ;; binary blobs. > + (substitute* "Makefile.in" > + (("^UNAME =3D.*") > + "UNAME =3D free-software-only-thanks\n") > + (("prnt/hpcups/libImageProcessor-([[:graph:]]+)\\.so= ") > + "")) > #t)))) > (build-system gnu-build-system) > (home-page "https://developers.hp.com/hp-linux-imaging-and-printing") --=20 Efraim Flashner =D7=90=D7=A4=D7=A8=D7=99=D7=9D = =D7=A4=D7=9C=D7=A9=D7=A0=D7=A8 GPG key =3D A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351 Confidentiality cannot be guaranteed on emails sent or received unencrypted --xaMk4Io5JJdpkLEb Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEoov0DD5VE3JmLRT3Qarn3Mo9g1EFAlvi3zcACgkQQarn3Mo9 g1GC2w//eEUPcbbb4+g25mvI/ZtZZrZbFiKFyXztcuE57pipsjcGTH8iACvsOidy W8iwFqwutEPzALaKIpWW3TKJ0oS5yzqnxP4Hykec2tN7zZlUsr0yqObAwhDTpoxR 9vy0L42/4WKQayKi3aKlLLKiGoT26irYPN2miXDTijF4e3wtuy7BE6Kq60hYeKyX PgTZLsye2CeaMXydbJ+Y9dtWiT51FUdVfLKwtJoB2chl/9h7xk8KLFevYWiBvA2x yfsQ3+a3ToshIGh8RU/y3XDWECwa3o8odlOfjIumCyfFABSL7h5Zdmzw3ogHsBWr MqVaHQ1pQCFTqufKaDAEewc8nonYUDEVqvHN1fxd9EvrZGI9QvbtLgB8MDit7yn/ 31Id13FrE2oDr+SjeykA3G/dWXB9fDsl+UUbeXds6JrFRwOHwglG3hFcU9d9/giu QGJOpFkm0cyVZVYr7h32ysEdgsr13yZChgTXitg6xvwZpK8eqRK/Aaglr6AqdFSs 09S6VMdmIGdxyitRL89EjCRSB2D0fwnXRWzOsmbPfj76oRqv4ftL4b/wMsTXUVA5 Jw3Uwxx8VRAXBpraQiO/t/umLeOExVUlAaSRD1Y1Ub5z2+R9qNN9mZHW/1KgT1Up rVCM8TEBXIpS0zkng3ENLUvV27m7wisbxFpCdfjcPGpWnAItHlM= =CtNY -----END PGP SIGNATURE----- --xaMk4Io5JJdpkLEb-- From debbugs-submit-bounces@debbugs.gnu.org Wed Nov 07 08:10:52 2018 Received: (at submit) by debbugs.gnu.org; 7 Nov 2018 13:10:52 +0000 Received: from localhost ([127.0.0.1]:38229 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gKNbg-000311-1O for submit@debbugs.gnu.org; Wed, 07 Nov 2018 08:10:52 -0500 Received: from eggs.gnu.org ([208.118.235.92]:40746) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gKNbe-00030n-HL for submit@debbugs.gnu.org; Wed, 07 Nov 2018 08:10:51 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1gKNbW-0002op-7P for submit@debbugs.gnu.org; Wed, 07 Nov 2018 08:10:44 -0500 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:37610) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1gKNbQ-0002j3-S6 for submit@debbugs.gnu.org; Wed, 07 Nov 2018 08:10:39 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:50307) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gKNbP-0006dc-Sa for bug-guix@gnu.org; Wed, 07 Nov 2018 08:10:36 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1gKNbF-00028x-Bx for bug-guix@gnu.org; Wed, 07 Nov 2018 08:10:33 -0500 Received: from tobias.gr ([2001:470:7405::1]:44616) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1gKNbC-0001op-N2; Wed, 07 Nov 2018 08:10:24 -0500 Received: by tobias.gr (OpenSMTPD) with ESMTP id 46e28435; Wed, 7 Nov 2018 13:10:07 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=tobias.gr; h=references :from:to:cc:subject:in-reply-to:date:message-id:mime-version :content-type:content-transfer-encoding; s=2018; i=me@tobias.gr; bh=tWR1ZdyaLwyZYW7HDwUnCju10cSB4312ueqNUaVYoFQ=; b=joC2v20J8vn8 dtts//INvuFeL4bTHxmciE2ufjfwKxhQEvkHJslPmrDJzaaUhniK+5vkyoU/qnLW 4lv1s8khBsbf7ypS2ZEPmReBmRz8Yv5QApteevJZcPjvdNapd4IW/7KREosb4gf1 2n0O4zIIXuyoiJiU/e5lbso+aROuTOmJfpc6zSkuXL7yDxYdnMt9rOSdoQxAPaPz VYdFNxdzFZGQ29AY+eJMjdMdJEAVEdNWNP5Hu0BuFPgwpB4whId6Zq/aJqp74k03 kArtLCgf5U6gvKTPXjUAoMqFkDSbHvfUjpIc2LoQmun7OJoTqwDQPIOhjyKP0IdP XAEKQePv+A== Received: by submission.tobias.gr (OpenSMTPD) with ESMTPSA id 3cb8073f (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256:NO); Wed, 7 Nov 2018 13:10:00 +0000 (UTC) References: <87sh0dur48.fsf@gnu.org> From: Tobias Geerinckx-Rice To: Ludovic =?utf-8?Q?Court=C3=A8s?= Subject: Re: hplip 3.18.9 contains non-free binary blobs In-reply-to: <87sh0dur48.fsf@gnu.org> Date: Wed, 07 Nov 2018 14:09:54 +0100 Message-ID: <875zx9dof1.fsf@nckx> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -4.1 (----) X-Debbugs-Envelope-To: submit Cc: bug-guix@gnu.org, Efraim Flashner X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.1 (-----) Ludo', How horrid. Ludovic Court=C3=A8s wrote: > I tried removing them with a snippet (patch attached), but=20 > installation > eventually fails while trying to link against libImageProcessor,=20 > which > is now missing. If I correctly read the Debian maintainer's post in the bug you=20 linked[0], it's possible to revert only the libImageProcessor=20 infec^Waddition. If it's all right with everyone, I'd like to give=20 that a try first. Say by tomorrow? Or do you want to revert first=20 & ask such questions later? > + ;; This trick changes the behavior of the > + ;; 'install-data-hook' target so that it=20 > doesn't install the > + ;; binary blobs. > + (substitute* "Makefile.in" > + (("^UNAME =3D.*") > + "UNAME =3D free-software-only-thanks\n") Nice. I wish it worked. Aside, -ish: looks like most distributions there found out about=20 this file due to some failing sanity check. Perhaps we could add=20 our own, in =E2=80=98guix lint=E2=80=99 or at build time, to warn about ELF= files=20 and other suspicious binaries in post-snippet sourceballs? No idea if it's worth the trouble/performance hit/false-positive=20 rate, of course. That's for the ner^Wgods to decide. Kind regards, T G-R [0]: https://bugs.launchpad.net/hplip/+bug/1785230/comments/6 From debbugs-submit-bounces@debbugs.gnu.org Wed Nov 07 09:34:56 2018 Received: (at 33300) by debbugs.gnu.org; 7 Nov 2018 14:34:56 +0000 Received: from localhost ([127.0.0.1]:38278 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gKOv2-00056T-E5 for submit@debbugs.gnu.org; Wed, 07 Nov 2018 09:34:56 -0500 Received: from eggs.gnu.org ([208.118.235.92]:38781) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gKOv0-00056G-Ab for 33300@debbugs.gnu.org; Wed, 07 Nov 2018 09:34:54 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1gKOuu-0006DU-7c for 33300@debbugs.gnu.org; Wed, 07 Nov 2018 09:34:49 -0500 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=disabled version=3.3.2 Received: from fencepost.gnu.org ([2001:4830:134:3::e]:53051) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gKOur-0006AW-NY; Wed, 07 Nov 2018 09:34:47 -0500 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=53416 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1gKOur-0004e3-Fm; Wed, 07 Nov 2018 09:34:45 -0500 From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=) To: Efraim Flashner Subject: Re: bug#33300: hplip 3.18.9 contains non-free binary blobs References: <87sh0dur48.fsf@gnu.org> <20181107124858.GE1206@macbook41> Date: Wed, 07 Nov 2018 15:34:44 +0100 In-Reply-To: <20181107124858.GE1206@macbook41> (Efraim Flashner's message of "Wed, 7 Nov 2018 14:48:58 +0200") Message-ID: <87d0rhufaz.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:4830:134:3::e X-Spam-Score: -5.0 (-----) X-Debbugs-Envelope-To: 33300 Cc: 33300@debbugs.gnu.org, me@tobias.gr X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -6.0 (------) Hello! Efraim Flashner skribis: > Here's what I have right now: > > ;; Delete non-free blobs$ > (delete-file "prnt/hpcups/libImageProcessor-x86_64.so")$ > (delete-file "prnt/hpcups/libImageProcessor-x86_32.so")$ > (delete-file-recursively "prnt/plugins")$ I=E2=80=99d suggest simply something along the lines of what I tried earlie= r: ;; Starting from version 3.18.9, hplip comes with binary ;; blobs under prnt/hpcups and prnt/plugins. Remove them. (for-each delete-file (find-files "." "\\.so$")) > (substitute* "Makefile.am"$ > (("dist_printplugins_DATA") "# dist_printplugins_DATA")) Rather =E2=80=9CMakefile.in=E2=80=9D, to avoid depending on Automake. > and a patch from debian to address imageprocessor: > https://salsa.debian.org/printing-team/hplip/raw/debian/3.18.10+dfsg0-1= /debian/patches/0025-Remove-all-ImageProcessor-functionality-which-is-clo.p= atch With this patch we should be able to keep 3.18.9, so it looks better than reverting. Could you send a patch for this? (If not Tobias said he can work on it soon. :-)). Thanks! Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Wed Nov 07 09:41:55 2018 Received: (at 33300) by debbugs.gnu.org; 7 Nov 2018 14:41:55 +0000 Received: from localhost ([127.0.0.1]:38283 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gKP1n-0005Gt-74 for submit@debbugs.gnu.org; Wed, 07 Nov 2018 09:41:55 -0500 Received: from eggs.gnu.org ([208.118.235.92]:41038) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gKP1k-0005Gc-VZ for 33300@debbugs.gnu.org; Wed, 07 Nov 2018 09:41:53 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1gKP1c-0004Vl-O1 for 33300@debbugs.gnu.org; Wed, 07 Nov 2018 09:41:46 -0500 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=disabled version=3.3.2 Received: from fencepost.gnu.org ([2001:4830:134:3::e]:53160) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gKP1U-0004BL-QK; Wed, 07 Nov 2018 09:41:38 -0500 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=52106 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1gKP1O-0005Cs-1c; Wed, 07 Nov 2018 09:41:34 -0500 From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=) To: Tobias Geerinckx-Rice Subject: Re: bug#33300: hplip 3.18.9 contains non-free binary blobs References: <87sh0dur48.fsf@gnu.org> <875zx9dof1.fsf@nckx> Date: Wed, 07 Nov 2018 15:41:28 +0100 In-Reply-To: <875zx9dof1.fsf@nckx> (Tobias Geerinckx-Rice's message of "Wed, 07 Nov 2018 14:09:54 +0100") Message-ID: <87zhult0fb.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:4830:134:3::e X-Spam-Score: -5.0 (-----) X-Debbugs-Envelope-To: 33300 Cc: 33300@debbugs.gnu.org, efraim@flashner.co.il X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -6.0 (------) Hi! Tobias Geerinckx-Rice skribis: > Ludovic Court=C3=A8s wrote: >> I tried removing them with a snippet (patch attached), but >> installation >> eventually fails while trying to link against libImageProcessor, >> which >> is now missing. > > If I correctly read the Debian maintainer's post in the bug you > linked[0], it's possible to revert only the libImageProcessor > infec^Waddition. If it's all right with everyone, I'd like to give > that a try first. Indeed, the Debian patch Efraim linked to does exactly that. So it should be easy to solve. Let=E2=80=99s see if Efraim or another one of us = can get it done soon! > Aside, -ish: looks like most distributions there found out about this > file due to some failing sanity check. Perhaps we could add our own, > in =E2=80=98guix lint=E2=80=99 or at build time, to warn about ELF files = and other > suspicious binaries in post-snippet sourceballs? Commit b17004f9f9541acbd07b45e35222e431427bfde0 added a -Wl,-rpath flag; perhaps that was due to address an error in libImageProcessor.so detected by =E2=80=98validate-runpath=E2=80=99? That said, we could have a post-unpack phase that fails when ELF files are found. The problem is that there are exceptions, in particular =E2=80=9Cyogurt software=E2=80=9D (compilers, mostly). So we=E2=80=99d hav= e to manually fix every exception. > No idea if it's worth the trouble/performance hit/false-positive rate, > of course. That's for the ner^Wgods to decide. Yeah I wonder if it would be fruitful. Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Wed Nov 07 18:57:15 2018 Received: (at 33300) by debbugs.gnu.org; 7 Nov 2018 23:57:15 +0000 Received: from localhost ([127.0.0.1]:40117 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gKXhD-0002DC-8l for submit@debbugs.gnu.org; Wed, 07 Nov 2018 18:57:15 -0500 Received: from dd26836.kasserver.com ([85.13.145.193]:53480) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gKXhB-0002D3-C5 for 33300@debbugs.gnu.org; Wed, 07 Nov 2018 18:57:13 -0500 Received: from localhost (178.112.138.94.wireless.dyn.drei.com [178.112.138.94]) by dd26836.kasserver.com (Postfix) with ESMTPSA id A774F3360539; Thu, 8 Nov 2018 00:57:11 +0100 (CET) Date: Thu, 8 Nov 2018 00:57:01 +0100 From: Danny Milosavljevic To: ludo@gnu.org (Ludovic =?ISO-8859-1?Q?Court=E8s?=) Subject: Automatically detecting binaries in source tarballs Message-ID: <20181108005701.2e76fd3d@scratchpost.org> In-Reply-To: <87zhult0fb.fsf@gnu.org> References: <87sh0dur48.fsf@gnu.org> <875zx9dof1.fsf@nckx> <87zhult0fb.fsf@gnu.org> X-Mailer: Claws Mail 3.17.1 (GTK+ 2.24.32; x86_64-unknown-linux-gnu) MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; boundary="Sig_/uFf3igTX1bINKrZ/_Per2fx"; protocol="application/pgp-signature" X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 33300 Cc: 33300@debbugs.gnu.org, Tobias Geerinckx-Rice X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) --Sig_/uFf3igTX1bINKrZ/_Per2fx Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hi, I think it would be good to have guix check for closed-source binaries after unpacking, automatically (including jar files with class files in them). Even when I know that they are there, I sometimes forget to delete them. In the long run it could even auto-delete those, but I guess only after a looo= ng time of integration. > > Aside, -ish: looks like most distributions there found out about this > > file due to some failing sanity check. Perhaps we could add our own, > > in =E2=80=98guix lint=E2=80=99 or at build time, to warn about ELF file= s and other > > suspicious binaries in post-snippet sourceballs? =20 That would be great. > Commit b17004f9f9541acbd07b45e35222e431427bfde0 added a -Wl,-rpath flag; > perhaps that was due to address an error in libImageProcessor.so > detected by =E2=80=98validate-runpath=E2=80=99? >=20 > That said, we could have a post-unpack phase that fails when ELF files > are found. The problem is that there are exceptions, in particular > =E2=80=9Cyogurt software=E2=80=9D (compilers, mostly). So we=E2=80=99d h= ave to manually fix > every exception. >=20 > > No idea if it's worth the trouble/performance hit/false-positive rate, > > of course. That's for the ner^Wgods to decide. =20 >=20 > Yeah I wonder if it would be fruitful. Marking known-good binaries (whitelisting) is still better than hoping we notice some closed-source binary (blacklisting). It would be a conspicious reminder of what we still have to do - as opposed to the situation now where it's mostly in someone's head (if at all). Once we finish the bootstrapping effort, the source tarballs won't need to contain any binaries anymore anyway :) I wonder just how many whitelist entries that would be, though. --Sig_/uFf3igTX1bINKrZ/_Per2fx Content-Type: application/pgp-signature Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEds7GsXJ0tGXALbPZ5xo1VCwwuqUFAlvje80ACgkQ5xo1VCww uqXtqgf/YP6c3HckhRh8Utygveisutk6jeHQCulUbMxZWZVlhQpeft2blGaooWHT TYGofuW9xUGPSFIqKqllK4I+PF/DY4zq6XwDKqdOXVkt2qkj2rGPBG2oHSIFU0X8 1gh2oJP+FeRfFqU/nZA1wCDrbyze7Y+GAJhU0fFs6X6v/CS5EfKU5HUsnp3itLhh Qg97e1wt/wEWitLrq9lBItR7j5xycTwPTKmRfoQYOq3RTB2UW39mGt4/BNa3sDyS /7mWMEl5rcJpH2vo1HrA5jyjTx7B1bt2Y+qGMFGc/x/cqzQrl4FIo73yVl2+qr9s Ein2cWPK3HBOaW4tPXraNwzHOv3QjQ== =prih -----END PGP SIGNATURE----- --Sig_/uFf3igTX1bINKrZ/_Per2fx-- From debbugs-submit-bounces@debbugs.gnu.org Thu Nov 08 03:50:46 2018 Received: (at 33300) by debbugs.gnu.org; 8 Nov 2018 08:50:46 +0000 Received: from localhost ([127.0.0.1]:40242 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gKg1W-0000Fg-I7 for submit@debbugs.gnu.org; Thu, 08 Nov 2018 03:50:46 -0500 Received: from eggs.gnu.org ([208.118.235.92]:33295) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gKg1U-0000FU-AD for 33300@debbugs.gnu.org; Thu, 08 Nov 2018 03:50:44 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1gKg1L-00065N-3V for 33300@debbugs.gnu.org; Thu, 08 Nov 2018 03:50:38 -0500 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=BAYES_20 autolearn=disabled version=3.3.2 Received: from fencepost.gnu.org ([2001:4830:134:3::e]:47985) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gKg1C-0005oc-1q; Thu, 08 Nov 2018 03:50:28 -0500 Received: from [2001:660:6102:320:e120:2c8f:8909:cdfe] (port=58918 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1gKg1A-00035r-VV; Thu, 08 Nov 2018 03:50:25 -0500 From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=) To: Danny Milosavljevic Subject: Re: Automatically detecting binaries in source tarballs References: <87sh0dur48.fsf@gnu.org> <875zx9dof1.fsf@nckx> <87zhult0fb.fsf@gnu.org> <20181108005701.2e76fd3d@scratchpost.org> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 18 Brumaire an 227 de la =?utf-8?Q?R=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Thu, 08 Nov 2018 09:50:23 +0100 In-Reply-To: <20181108005701.2e76fd3d@scratchpost.org> (Danny Milosavljevic's message of "Thu, 8 Nov 2018 00:57:01 +0100") Message-ID: <87y3a454xc.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:4830:134:3::e X-Spam-Score: -5.0 (-----) X-Debbugs-Envelope-To: 33300 Cc: 33300@debbugs.gnu.org, Tobias Geerinckx-Rice X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -6.0 (------) Hello, Danny Milosavljevic skribis: > I think it would be good to have guix check for closed-source binaries af= ter > unpacking, automatically (including jar files with class files in them). Oh right, jars are certainly quite common, more than .so files. >> > No idea if it's worth the trouble/performance hit/false-positive rate, >> > of course. That's for the ner^Wgods to decide.=20=20 >>=20 >> Yeah I wonder if it would be fruitful. > > Marking known-good binaries (whitelisting) is still better than hoping > we notice some closed-source binary (blacklisting). > > It would be a conspicious reminder of what we still have to do - as > opposed to the situation now where it's mostly in someone's head > (if at all). Yeah, that makes sense. What about adding such a phase in %standard-phases in core-updates-next? I guess it could check for files that match =E2=80=98elf-file?=E2=80=99 or = =E2=80=98ar-file?=E2=80=99 and for *.jar. WDYT? We must make add a keyword parameter in =E2=80=98gnu-build-system=E2=80=99 = to make it easy to disable it and/or to skip specific files. Any takers? Thanks, Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Thu Nov 08 18:11:41 2018 Received: (at 33300) by debbugs.gnu.org; 8 Nov 2018 23:11:41 +0000 Received: from localhost ([127.0.0.1]:41999 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gKtSe-00052u-Q2 for submit@debbugs.gnu.org; Thu, 08 Nov 2018 18:11:40 -0500 Received: from m4s11.vlinux.de ([83.151.27.109]:34880 helo=bjoernhoefling.de) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gKtSb-00052k-80 for 33300@debbugs.gnu.org; Thu, 08 Nov 2018 18:11:37 -0500 Received: from alma-ubu (pD951FD06.dip0.t-ipconnect.de [217.81.253.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by bjoernhoefling.de (Postfix) with ESMTPSA id E02623FF40; Fri, 9 Nov 2018 00:11:35 +0100 (CET) Date: Fri, 9 Nov 2018 00:11:34 +0100 From: =?UTF-8?B?QmrDtnJuIEjDtmZsaW5n?= To: ludo@gnu.org (Ludovic =?UTF-8?B?Q291cnTDqHM=?=) Subject: Re: bug#33300: Automatically detecting binaries in source tarballs Message-ID: <20181109001134.3cccd949@alma-ubu> In-Reply-To: <87y3a454xc.fsf@gnu.org> References: <87sh0dur48.fsf@gnu.org> <875zx9dof1.fsf@nckx> <87zhult0fb.fsf@gnu.org> <20181108005701.2e76fd3d@scratchpost.org> <87y3a454xc.fsf@gnu.org> X-Mailer: Claws Mail 3.13.2 (GTK+ 2.24.30; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; boundary="Sig_/SeOeW_rJI7tTz=I0+lRdu2A"; protocol="application/pgp-signature" X-Spam-Score: 0.1 (/) X-Debbugs-Envelope-To: 33300 Cc: Danny Milosavljevic , 33300@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.9 (/) --Sig_/SeOeW_rJI7tTz=I0+lRdu2A Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On Thu, 08 Nov 2018 09:50:23 +0100 ludo@gnu.org (Ludovic Court=C3=A8s) wrote: > Hello, >=20 > Danny Milosavljevic skribis: >=20 > > I think it would be good to have guix check for closed-source > > binaries after unpacking, automatically (including jar files with > > class files in them). =20 >=20 > Oh right, jars are certainly quite common, more than .so files. >=20 > >> > No idea if it's worth the trouble/performance hit/false-positive > >> > rate, of course. That's for the ner^Wgods to decide. =20 > >>=20 > >> Yeah I wonder if it would be fruitful. =20 > > > > Marking known-good binaries (whitelisting) is still better than > > hoping we notice some closed-source binary (blacklisting). > > > > It would be a conspicious reminder of what we still have to do - as > > opposed to the situation now where it's mostly in someone's head > > (if at all). =20 >=20 > Yeah, that makes sense. >=20 > What about adding such a phase in %standard-phases in > core-updates-next? I guess it could check for files that match > =E2=80=98elf-file?=E2=80=99 or =E2=80=98ar-file?=E2=80=99 and for *.jar. = WDYT? >=20 > We must make add a keyword parameter in =E2=80=98gnu-build-system=E2=80= =99 to make it > easy to disable it and/or to skip specific files. That is definitively a good idea. One of my review-tasks is this: [] Binaries included? If yes, created a snipped? find . -name "*.rar" -or -name "*.pdf" -or -name "*.bin" -or -name "*.pd= f" -or -name "*.dsy" -or -name "*.jar" -or -name "*.exe"=20 Should this be a phase of the build system? Or just a linter, that was my first idea? If it is a build-system-phase, it should probably go to core-updates and beforehand someone must rebuild the world. I'm sure at least for Java there are some JARs remaining and I had the plan to fold-packages through them, but that had low priority. Bj=C3=B6rn --Sig_/SeOeW_rJI7tTz=I0+lRdu2A Content-Type: application/pgp-signature Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iEYEARECAAYFAlvkwqcACgkQvyhstlk+X/2y1wCfTnR9j+EZAMk39DCH9v2OFl7L eB8AnRxDKqNbFncv7r3jBwTe2aDiu+eZ =by8o -----END PGP SIGNATURE----- --Sig_/SeOeW_rJI7tTz=I0+lRdu2A-- From debbugs-submit-bounces@debbugs.gnu.org Sun Nov 11 02:23:43 2018 Received: (at 33300) by debbugs.gnu.org; 11 Nov 2018 07:23:44 +0000 Received: from localhost ([127.0.0.1]:45249 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gLk5v-0003cl-KO for submit@debbugs.gnu.org; Sun, 11 Nov 2018 02:23:43 -0500 Received: from flashner.co.il ([178.62.234.194]:59558) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gLk5t-0003cY-9C for 33300@debbugs.gnu.org; Sun, 11 Nov 2018 02:23:42 -0500 Received: from localhost (unknown [5.102.239.133]) by flashner.co.il (Postfix) with ESMTPSA id 80CF2400F7; Sun, 11 Nov 2018 07:23:35 +0000 (UTC) Date: Sun, 11 Nov 2018 09:23:34 +0200 From: Efraim Flashner To: =?utf-8?B?QmrDtnJuIEjDtmZsaW5n?= Subject: Re: bug#33300: Automatically detecting binaries in source tarballs Message-ID: <20181111072334.GF1206@macbook41> References: <87sh0dur48.fsf@gnu.org> <875zx9dof1.fsf@nckx> <87zhult0fb.fsf@gnu.org> <20181108005701.2e76fd3d@scratchpost.org> <87y3a454xc.fsf@gnu.org> <20181109001134.3cccd949@alma-ubu> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="xjyYRNSh/RebjC6o" Content-Disposition: inline In-Reply-To: <20181109001134.3cccd949@alma-ubu> User-Agent: Mutt/1.10.1 (2018-07-13) X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 33300 Cc: Ludovic =?utf-8?Q?Court=C3=A8s?= , 33300@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --xjyYRNSh/RebjC6o Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Nov 09, 2018 at 12:11:34AM +0100, Bj=C3=B6rn H=C3=B6fling wrote: > On Thu, 08 Nov 2018 09:50:23 +0100 > ludo@gnu.org (Ludovic Court=C3=A8s) wrote: >=20 > > Hello, > >=20 > > Danny Milosavljevic skribis: > >=20 > > > I think it would be good to have guix check for closed-source > > > binaries after unpacking, automatically (including jar files with > > > class files in them). =20 > >=20 > > Oh right, jars are certainly quite common, more than .so files. > >=20 > > >> > No idea if it's worth the trouble/performance hit/false-positive > > >> > rate, of course. That's for the ner^Wgods to decide. =20 > > >>=20 > > >> Yeah I wonder if it would be fruitful. =20 > > > > > > Marking known-good binaries (whitelisting) is still better than > > > hoping we notice some closed-source binary (blacklisting). > > > > > > It would be a conspicious reminder of what we still have to do - as > > > opposed to the situation now where it's mostly in someone's head > > > (if at all). =20 > >=20 > > Yeah, that makes sense. > >=20 > > What about adding such a phase in %standard-phases in > > core-updates-next? I guess it could check for files that match > > =E2=80=98elf-file?=E2=80=99 or =E2=80=98ar-file?=E2=80=99 and for *.jar= =2E WDYT? > >=20 > > We must make add a keyword parameter in =E2=80=98gnu-build-system=E2=80= =99 to make it > > easy to disable it and/or to skip specific files. >=20 > That is definitively a good idea. >=20 > One of my review-tasks is this: >=20 > [] Binaries included? If yes, created a snipped? > find . -name "*.rar" -or -name "*.pdf" -or -name "*.bin" -or -name "*.= pdf" -or -name "*.dsy" -or -name "*.jar" -or -name "*.exe"=20 also "*.so" or "*.a" I assume. For python we'd want to grep the source files for "Generated by Cython" >=20 > Should this be a phase of the build system? Or just a linter, that was > my first idea? I'd go with a phase >=20 > If it is a build-system-phase, it should probably go to core-updates > and beforehand someone must rebuild the world. I'm sure at least for > Java there are some JARs remaining and I had the plan to fold-packages > through them, but that had low priority. >=20 > Bj=C3=B6rn --=20 Efraim Flashner =D7=90=D7=A4=D7=A8=D7=99=D7=9D = =D7=A4=D7=9C=D7=A9=D7=A0=D7=A8 GPG key =3D A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351 Confidentiality cannot be guaranteed on emails sent or received unencrypted --xjyYRNSh/RebjC6o Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEoov0DD5VE3JmLRT3Qarn3Mo9g1EFAlvn2PEACgkQQarn3Mo9 g1E8/BAAjdEVtSK5Ydh1Pp1OvW7aZII2a2+tROqzGq3rmi7A+WBC3B4bnor6Yvu+ 4ovOTVeLsWt481vySRqLIsfpVHgjLr4PkQTrWDnj6k9i9KJRhU+xvzHomgFSfhci sjaqgJleNcQ1tYW1l5AGBHZh/eLkWSEJtrTUHbIzohd0WLrmgH+nZg1F91rCkLju 5xnScJSuXXeaDboIuW558Xuk+nkb+9q7rmtoZ527TFMmEenfpXeTSJ03z58QzaJm 7BbTvSsl1Pr8VVXVXy7TYm2pRSEF8uZAtQm0RTuCS1/NVKo+57dPO4auJ4jKbfq0 LE4wMxH2Pqz1I8mcD+2t3tvwKp3UurY4wOy6AU3CrQ7NHfNsd54l/x9NqLrsTjND muq92H0pkc1HhvhS9JNprgOt2TzgqljVJ90wEziGlAcZMJZL4sYRSGTv9FYGnMdo lrNfLXe+c+i7+EiyPj2pDZRtxYsQ8XZZQ8BfLefZjwhAQ6LJKSooMJrX9ugpRZV4 W5JCwaJct24RLvrDTtpXmtfw45nCXmVTel4TM53xbWjViSnGWvfh1YSYiClHxVmN Ft9TAmVCykESa9PGCha/CGr6ci1x9aDD7te+bkWklgI6bH4ZyWEbyP/GK3PSxtwu unVXSaZyDFm6N6mgO9JkhL0a11w9jHXDLGfB5EIMEh8wkS+fa2I= =kRr4 -----END PGP SIGNATURE----- --xjyYRNSh/RebjC6o-- From debbugs-submit-bounces@debbugs.gnu.org Sun Nov 11 12:29:04 2018 Received: (at 33300) by debbugs.gnu.org; 11 Nov 2018 17:29:04 +0000 Received: from localhost ([127.0.0.1]:46684 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gLtXk-0007tT-9N for submit@debbugs.gnu.org; Sun, 11 Nov 2018 12:29:04 -0500 Received: from eggs.gnu.org ([208.118.235.92]:59897) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gLtXi-0007t0-PU for 33300@debbugs.gnu.org; Sun, 11 Nov 2018 12:29:03 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1gLtXd-0007KD-0a for 33300@debbugs.gnu.org; Sun, 11 Nov 2018 12:28:57 -0500 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=disabled version=3.3.2 Received: from fencepost.gnu.org ([2001:4830:134:3::e]:51057) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gLtXc-0007K8-ST; Sun, 11 Nov 2018 12:28:56 -0500 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=41868 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1gLtXc-0007AX-Fi; Sun, 11 Nov 2018 12:28:56 -0500 From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=) To: Efraim Flashner Subject: Re: bug#33300: Automatically detecting binaries in source tarballs References: <87sh0dur48.fsf@gnu.org> <875zx9dof1.fsf@nckx> <87zhult0fb.fsf@gnu.org> <20181108005701.2e76fd3d@scratchpost.org> <87y3a454xc.fsf@gnu.org> <20181109001134.3cccd949@alma-ubu> <20181111072334.GF1206@macbook41> Date: Sun, 11 Nov 2018 18:28:54 +0100 In-Reply-To: <20181111072334.GF1206@macbook41> (Efraim Flashner's message of "Sun, 11 Nov 2018 09:23:34 +0200") Message-ID: <87zhufplpl.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:4830:134:3::e X-Spam-Score: -5.0 (-----) X-Debbugs-Envelope-To: 33300 Cc: =?utf-8?Q?Bj=C3=B6rn_H=C3=B6fling?= , 33300@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -6.0 (------) Hi, Efraim Flashner skribis: > On Fri, Nov 09, 2018 at 12:11:34AM +0100, Bj=C3=B6rn H=C3=B6fling wrote: [...] >> One of my review-tasks is this: >>=20 >> [] Binaries included? If yes, created a snipped? >> find . -name "*.rar" -or -name "*.pdf" -or -name "*.bin" -or -name "*= .pdf" -or -name "*.dsy" -or -name "*.jar" -or -name "*.exe"=20 > > also "*.so" or "*.a" I assume. > > For python we'd want to grep the source files for "Generated by Cython" Indeed. The =E2=80=9Crisk=E2=80=9D, if we make the list too long, is that = we=E2=80=99ll find that we=E2=80=99re not doing so well in many cases. We should make sure we can address all these issues. >> Should this be a phase of the build system? Or just a linter, that was >> my first idea? > > I'd go with a phase Same here. It=E2=80=99d be inconvenient to implement in =E2=80=98guix lint= =E2=80=99 because we=E2=80=99d first need to extract the tarball etc. Thanks, Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Sun Nov 11 12:30:18 2018 Received: (at 33300-done) by debbugs.gnu.org; 11 Nov 2018 17:30:18 +0000 Received: from localhost ([127.0.0.1]:46688 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gLtYw-0007wh-Kx for submit@debbugs.gnu.org; Sun, 11 Nov 2018 12:30:18 -0500 Received: from eggs.gnu.org ([208.118.235.92]:60336) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gLtYu-0007wU-O5 for 33300-done@debbugs.gnu.org; Sun, 11 Nov 2018 12:30:16 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1gLtYp-0008SH-1n for 33300-done@debbugs.gnu.org; Sun, 11 Nov 2018 12:30:11 -0500 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=disabled version=3.3.2 Received: from fencepost.gnu.org ([2001:4830:134:3::e]:51070) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gLtYn-0008Pp-Ea; Sun, 11 Nov 2018 12:30:09 -0500 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=46728 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1gLtYn-0001ra-3Q; Sun, 11 Nov 2018 12:30:09 -0500 From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=) To: Tobias Geerinckx-Rice Subject: Re: bug#33300: hplip 3.18.9 contains non-free binary blobs References: <87sh0dur48.fsf@gnu.org> <875zx9dof1.fsf@nckx> <87zhult0fb.fsf@gnu.org> Date: Sun, 11 Nov 2018 18:30:07 +0100 In-Reply-To: <87zhult0fb.fsf@gnu.org> ("Ludovic \=\?utf-8\?Q\?Court\=C3\=A8s\=22'\?\= \=\?utf-8\?Q\?s\?\= message of "Wed, 07 Nov 2018 15:41:28 +0100") Message-ID: <87va53plnk.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:4830:134:3::e X-Spam-Score: -5.0 (-----) X-Debbugs-Envelope-To: 33300-done Cc: 33300-done@debbugs.gnu.org, efraim@flashner.co.il X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -6.0 (------) Closing this bug, which Efraim addressed in commit b44b1f08f6945ea8370746cfdadb44c7dea9ea3e. Thanks! Ludo=E2=80=99. From unknown Fri Jun 20 07:23:16 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Mon, 10 Dec 2018 12:24:04 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator