GNU bug report logs - #51747
[PATCH]: gnu: nix: Update to 2.4.

Previous Next

Package: guix-patches;

Reported by: Zhu Zihao <all_but_last <at> 163.com>

Date: Wed, 10 Nov 2021 12:37:02 UTC

Severity: normal

Tags: patch

Done: Oleg Pykhalov <go.wigust <at> gmail.com>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Maxime Devos <maximedevos <at> telenet.be>
To: Zhu Zihao <all_but_last <at> 163.com>
Cc: Oleg Pykhalov <go.wigust <at> gmail.com>, 51747 <at> debbugs.gnu.org
Subject: [bug#51747] [PATCH]: gnu: nix: Update to 2.4.
Date: Sat, 15 Jan 2022 11:52:19 +0100

[Message part 1 (text/plain, inline)]
Hi,

I looked a bit in the source code, and it seems to be missing
some error checking.  E.g., in libcpuid/cpuid_main.c:,
it is not verified that 'malloc' succeeded.

        list->names = (char**) malloc(sizeof(char*) * n);
        [...]
        list->names[n] = (char*) malloc (i - last)
        [....]
        list->names[n][i - last - 1 = '\0']

It doesn't seem exploitable here, but I would recommend something
like 'xmalloc' instead to avoid (anti-)learning by bad examples.

Also, in the package definition, you are using cmake-build-system.
This works, but the README doesn't mention CMake anywhere and instead
mentions the autotools (autoconf etc.) and has configure.ac, so I would
use gnu-build-system instead.

Zhu Zihao schreef op za 15-01-2022 om 13:47 [+0800]:
> +      (arguments
> +       (list
> +        #:configure-flags #~(list "-DLIBCPUID_TESTS=ON")
> +        #:phases
> +        #~(modify-phases %standard-phases
> +            (add-after 'unpack 'absolutize
> +              (lambda* (#:key inputs #:allow-other-keys)
> +                ;; Linux specific
> +                (when #$(target-linux?)
> +                  (substitute* "libcpuid/rdmsr.c"
> +                    (("modprobe") (which "modprobe")))))))))

This use of 'which' doesn't work when cross-compiling because it looks
in $PATH (which contains (possibly implicit) native-inputs) and not
'inputs' -- 'inputs' and 'native-inputs' are merged together when
compiling natively so this doesn't cause errors when compiling natively
but it doesn't work when cross-compiling -- try
"./pre-inst-env guix build libcpuid --target=aarch64-linux-gnu".

I would use 'search-input-file' instead:

        ;; using (when #$(target-linux? ...) ...) instead
        ;; of 'guard' would also work
        #~(modify-phases %standard-phases
            (add-after 'unpack 'absolutize
              (lambda* (#:key inputs #:allow-other-keys)
                ;; modprobe doesn't exist on the Hurd 
                (guard (c ((search-error? c) (values)))
                  (substitute* "libcpuid/rdmsr.c"
                    (("modprobe")
                     (search-input-file inputs "bin/modprobe")))))))))


> + confused with the @code{cpuid} command line utility from package
> + @code{cpuid}.")

A definite article is missing before 'package'.

> +      (native-inputs (list python-3))   ;required by tests

I would keep the original comment

      ;; a python from the 3. series is required by tests

here, because it is important that it comes from the 3. series
-- the shebang uses "/usr/bin/env python3", not "python3".  This
comment would be helpful when updating python to the 4. series
(these versions don't exist yet but presumably they eventually will),
as it would make it clear that we cannot simply replace 'python-3' with
'python-4'.

Greetings,
Maxime.

[signature.asc (application/pgp-signature, inline)]
This bug report was last modified 3 years and 120 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.