GNU bug report logs -
#47144
security patching of 'patch' package
Previous Next
Reported by: Mark H Weaver <mhw <at> netris.org>
Date: Sun, 14 Mar 2021 21:39:02 UTC
Severity: normal
Tags: security
Done: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
Bug is archived. No further changes may be made.
Full log
View this message in rfc822 format
Hi Simon,
Simon Tournier <zimon.toutoune <at> gmail.com> writes:
> Hi Maxim,
>
> On Thu, 30 May 2024 at 22:59, Maxim Cournoyer <maxim.cournoyer <at> gmail.com> wrote:
>
>> + (source (origin
>> + (inherit (package-source patch))
>> + (method git-fetch)
>> + (uri (git-reference
>> + (url "https://git.savannah.gnu.org/git/patch.git")
>> + (commit commit)))
>> + (file-name (git-file-name name version))
>> + (sha256
>> + (base32
>> + "1bk38169c0xh01b0q0zmnrjqz8k9byz3arp4q7q66sn6xwf94nvz"))))
>
> If I read correctly, (package-source patch) reads:
>
> (source (origin
> (method url-fetch)
> (uri (string-append "mirror://gnu/patch/patch-"
> version ".tar.xz"))
> (sha256
> (base32
> "1zfqy4rdcy279vwn2z1kbv19dcfw25d2aqy9nzvdkq5bjzd0nqdc"))
> (patches (search-patches "patch-hurd-path-max.patch"))))
>
> Therefore the only thing that is copied is the ’patches’ field. Right?
>
> I think it would easy the readability to avoid ’inherit’ and plainly
> write ’patches’.
I preferred inheritance to avoid having to manually sync things in the
long run... (hopefully the graft gets ungrafted before 'patch' amasses
new phatces, but we never know...)
--
Thanks,
Maxim
This bug report was last modified 333 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.