GNU bug report logs - #43173
Ensure that the correct linux-libre deblobbing scripts are used

Previous Next

Full log

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Leo Famulari <leo <at> famulari.name>
To: guix-patches <at> gnu.org
Cc: Mark H Weaver <mhw <at> netris.org>, Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
Subject: Ensure that the correct linux-libre deblobbing scripts are used
Date: Wed, 2 Sep 2020 14:29:22 -0400

[Message part 1 (text/plain, inline)]

In recent discussions [0], people raised the possibility that we might
accidentally leave non-free firmware blobs in our linux-libre packages.

If I understand correctly, the root of the issue is that, currently, we
manually specify the versions of the deblobbing scripts. They are not
changed with every linux-libre release, so it is usually okay to use an
older version number — the scripts themselves will be identical.
However, sometimes the scripts do change, and we might not notice, and
thus we would fail to remove every blob from the kernel sources.

These two patches should make that failure mode impossible, by 1) making
sure that the file names of the deblobbing scripts' store items include
the full version number of the kernel and 2) only defining the version
in one place. The hashes of the deblob scripts will be checked
automatically when Guix downloads them for each new kernel release.

I had to move the linux-libre-nnn-version variables to an earlier part
of the file, so that they are defined when referenced in the
deblob-scripts-nnn procedures. I regret changing the way this code is
organized... your advice is welcome!

[0] https://lists.gnu.org/archive/html/guix-devel/2020-08/msg00040.html

[signature.asc (application/pgp-signature, inline)]

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.