GNU bug report logs -
#57345
[PATCH] Add gnupg to propagated-inputs of trezor-agent
Previous Next
To reply to this bug, email your comments to 57345 AT debbugs.gnu.org.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
guix-patches <at> gnu.org:
bug#57345; Package
guix-patches.
(Mon, 22 Aug 2022 19:05:02 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Marek Paśnikowski <marekpasnikowski <at> protonmail.com>:
New bug report received and forwarded. Copy sent to
guix-patches <at> gnu.org.
(Mon, 22 Aug 2022 19:05:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
This is my first patch submission ever.
Please tell me if there is anything I did wrong.
The patch is motivated by failure of `trezor-gpg init` command.
After I applied it to the system, I was able to initialize my Trezor-based GPG identity.
[0001-Add-gnupg-to-propagated-inputs-of-trezor-agent.patch (text/x-patch, attachment)]
Information forwarded
to
guix-patches <at> gnu.org:
bug#57345; Package
guix-patches.
(Thu, 01 Sep 2022 08:57:01 GMT)
Full text and
rfc822 format available.
Message #8 received at 57345 <at> debbugs.gnu.org (full text, mbox):
Hi Marek,
thanks for your patch. This looks like a good fix of the problem.
Propagation is generally used sparingly, when there is no other option.
We try to avoid it when possible, because it can lead to unexpected
conflicts, e.g. when a user has a particular version of gnupg installed
in their profile and then installs trezor-agent with a more recent
version of Guix it would abort with a conflict error as it cannot
install two variants of gnupg into the same Guix profile.
I wonder if we can avoid propagation here. We could, for example, look
up gnupg in PATH (so that a user’s installation of gnupg is preferred)
and fall back to an explicit gnupg from the inputs (not
propagated-inputs). This would require minor patching of trezor-agent.
What do you think?
--
Ricardo
Information forwarded
to
guix-patches <at> gnu.org:
bug#57345; Package
guix-patches.
(Mon, 05 Sep 2022 05:51:01 GMT)
Full text and
rfc822 format available.
Message #11 received at 57345 <at> debbugs.gnu.org (full text, mbox):
Nothing I do seems to work at all.
Last night I thought of a fundamental question:
Are `inputs` accessible in the guix store at runtime?
If they are, that means I am too dumb to correctly parse the documentation. My initial patch proves, that `gnupg` has to be available at runtime. At this point I am incapable of doing anything more. I got physically sick of trying to understand and use all the procedures.
Information forwarded
to
guix-patches <at> gnu.org:
bug#57345; Package
guix-patches.
(Mon, 05 Sep 2022 09:26:02 GMT)
Full text and
rfc822 format available.
Message #14 received at 57345 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
On Mon, Sep 05, 2022 at 05:49:55AM +0000, guix-patches--- via wrote:
> Nothing I do seems to work at all.
>
> Last night I thought of a fundamental question:
> Are `inputs` accessible in the guix store at runtime?
>
> If they are, that means I am too dumb to correctly parse the documentation. My initial patch proves, that `gnupg` has to be available at runtime. At this point I am incapable of doing anything more. I got physically sick of trying to understand and use all the procedures.
After some poking around on IRC and in trezor-agent and
python-trezor-agent, it seems that there are a number of calls to the
gpgconf binary and the actual path to gpg is probably set in
python-trezor-agent in libagent/gpg/keyring.py. With all of this it's
probably best to just wrap the files in the bin output of trezor agent
so that we don't miss any files.
(ins)efraim <at> 3900XT /tmp$ tree /gnu/store/46br8illcfv93ryh28s2haz1s59n584v-trezor-agent-0.14.4
/gnu/store/46br8illcfv93ryh28s2haz1s59n584v-trezor-agent-0.14.4
├── bin
│ ├── __pycache__
│ │ └── trezor_agent.cpython-39.pyc
│ ├── trezor-agent
│ ├── trezor_agent.py
│ ├── trezor-gpg
│ ├── trezor-gpg-agent
│ └── trezor-signify
└── lib
└── python3.9
└── site-packages
└── trezor_agent-0.11.0-py3.9.egg-info
├── dependency_links.txt
├── entry_points.txt
├── PKG-INFO
├── requires.txt
├── SOURCES.txt
└── top_level.txt
trezor_agent.py is an actual python script, so I'd use wrap-script, but
the other extensionless files I'd use wrap-program, which IIRC will Do
The Right Thing™ and not double-wrap those files, which are already
wrappers.
I haven't tested the code out, but something like this should work
inside trezor-agent.
(add-before 'check 'wrap-more
;; We want to make sure we're before 'check but after 'wrap
(lambda* (#:key inputs outputs #:allow-other-keys)
(wrap-script (string-append #$output "/bin/trezor_agent.py")
`(("PATH" ":" prefix (,(dirname (search-input-file inputs
"gpg"))))))
(for-each
(lambda (file)
(wrap-program file
`(("PATH" ":" prefix (,(dirname (search-input-file inputs
"gpg")))))))
(find-files (string-append #$output "/bin") "^trezor-"))))
--
Efraim Flashner <efraim <at> flashner.co.il> אפרים פלשנר
GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to
guix-patches <at> gnu.org:
bug#57345; Package
guix-patches.
(Mon, 05 Sep 2022 11:27:02 GMT)
Full text and
rfc822 format available.
Message #17 received at 57345 <at> debbugs.gnu.org (full text, mbox):
I have encountered the same problem as in this email:
https://lists.gnu.org/archive/html/help-guix/2019-06/msg00073.html
I do not understand how to apply the proposed fix.
Information forwarded
to
guix-patches <at> gnu.org:
bug#57345; Package
guix-patches.
(Tue, 06 Sep 2022 13:07:01 GMT)
Full text and
rfc822 format available.
Message #20 received at 57345 <at> debbugs.gnu.org (full text, mbox):
Let us not have perfect be the enemy of good, and merge the `propagated-inputs` solution. Once an `inputs` solution is found, it would be used instead.
A potential conflict with other `gnupg` instances is less harmful than the currently happening guaranteed loss of major functionality.
What do you think?
Information forwarded
to
guix-patches <at> gnu.org:
bug#57345; Package
guix-patches.
(Tue, 06 Sep 2022 15:40:02 GMT)
Full text and
rfc822 format available.
Message #23 received at 57345 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
On 05-09-2022 13:26, guix-patches--- via wrote:
> I do not understand how to apply the proposed fix.
Copy-paste Efraim's phase to the %standard-phases (I assume before
fixup-agent-py).
Greetings,
Maxime
[OpenPGP_0x49E3EE22191725EE.asc (application/pgp-keys, attachment)]
[OpenPGP_signature (application/pgp-signature, attachment)]
Information forwarded
to
guix-patches <at> gnu.org:
bug#57345; Package
guix-patches.
(Tue, 06 Sep 2022 15:42:02 GMT)
Full text and
rfc822 format available.
Message #26 received at 57345 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
On 06-09-2022 15:06, guix-patches--- via wrote:
> Let us not have perfect be the enemy of good, and merge the `propagated-inputs` solution. Once an `inputs` solution is found, it would be used instead.
>
> A potential conflict with other `gnupg` instances is less harmful than the currently happening guaranteed loss of major functionality.
>
> What do you think?
Efraim has posted a potential 'inputs' solution.
Greetings,
Maxime.
[OpenPGP_0x49E3EE22191725EE.asc (application/pgp-keys, attachment)]
[OpenPGP_signature (application/pgp-signature, attachment)]
Information forwarded
to
guix-patches <at> gnu.org:
bug#57345; Package
guix-patches.
(Tue, 06 Sep 2022 15:45:01 GMT)
Full text and
rfc822 format available.
Message #29 received at 57345 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
On 05-09-2022 13:26, guix-patches--- via wrote:
> I have encountered the same problem as in this email:
> https://lists.gnu.org/archive/html/help-guix/2019-06/msg00073.html
>
> I do not understand how to apply the proposed fix.
>
IIRC, python-build-system uses G-exps nowadays, so to use #$, all you
need to do is replace
(arguments `(#:phases (modify-phases ...)))
by
(arguments (list #:phases #~(modify-phases ...))),
no need for separate inputs.
[OpenPGP_0x49E3EE22191725EE.asc (application/pgp-keys, attachment)]
[OpenPGP_signature (application/pgp-signature, attachment)]
Information forwarded
to
guix-patches <at> gnu.org:
bug#57345; Package
guix-patches.
(Tue, 06 Sep 2022 15:49:02 GMT)
Full text and
rfc822 format available.
Message #32 received at 57345 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
On 05-09-2022 07:49, guix-patches--- via wrote:
> Nothing I do seems to work at all.
>
> Last night I thought of a fundamental question:
> Are `inputs` accessible in the guix store at runtime?
If a reference (i.e., a /gnu/store/the-input-... string) ends up in the
resulting store item of trezor-agent, then yes.
> If they are, that means I am too dumb to correctly parse the documentation.
As far as I'm aware it is not documented that the GC is based on
reference-scanning.
> My initial patch proves, that `gnupg` has to be available at runtime. At this point I am incapable of doing anything more. I got physically sick of trying to understand and use all the procedures.
Look where 'gnupg' is used in trezor-agent (git grep -F can be useful)
and replace it with substitute* + search-input-file. Alternatively,
wrap-program, as proposed in Efraim's reply.
Greetings,
Maxime.
[OpenPGP_0x49E3EE22191725EE.asc (application/pgp-keys, attachment)]
[OpenPGP_signature (application/pgp-signature, attachment)]
Added tag(s) moreinfo.
Request was from
Ludovic Courtès <ludo <at> gnu.org>
to
control <at> debbugs.gnu.org.
(Thu, 08 Sep 2022 12:50:02 GMT)
Full text and
rfc822 format available.
Information forwarded
to
guix-patches <at> gnu.org:
bug#57345; Package
guix-patches.
(Fri, 09 Sep 2022 19:56:02 GMT)
Full text and
rfc822 format available.
Message #37 received at 57345 <at> debbugs.gnu.org (full text, mbox):
I give up.
So far, the cleanest workaround is to explicitly declare `gnupg` installation.
I decided to use that going forward.
```
(inputs (list gnupg guile-2.0 python-3 python-trezor python-trezor-agent))
(add-before 'check 'wrap-more
(lambda* (#:key inputs outputs #:allow-other-keys)
(wrap-script (string-append #$output "/bin/trezor_agent.py")
'("PATH" ":" prefix '("/gnu/store/3bpq5knfvzhxhqfwzqm9br917nz7r0yp-gnupg-2.2.32/bin")))))
```
This is as far as I was able to go while maintaining any sense of understanding and control over the code.
All attempts to progress end with this failure:
```
Backtrace [...]
ERROR:
1. &wrap-error:
program: "/gnu/store/rb3wzd5pi899mlvv4wj35afc4z8ys60m-trezor-agent-0.14.4/bin/trezor_agent.py"
type: no-interpreter-found
```
Clearly, the wrapping documentation assumes something and fails to mention it - and now a programming noob like me is totally lost.
My conclusions:
1. Current state of `trezor-agent` - broken critical functionality by default.
2. Presence of `gnupg` in profile fixes the above.
3. `propagated-inputs` also fixes 1., but is not acceptable.
4. In theory, it should be possible to expose a PATH to `gnupg` in `inputs`; but after days of working towards it, I am still not capable of reaching this solution.
Information forwarded
to
guix-patches <at> gnu.org:
bug#57345; Package
guix-patches.
(Tue, 11 Oct 2022 14:45:01 GMT)
Full text and
rfc822 format available.
Message #40 received at 57345 <at> debbugs.gnu.org (full text, mbox):
the problem is that there's no #! shebang line at the head of trezor_agent.py
but i'm not sure that file needs to be patched. the user-facing entry point is trezor-agent, not the .py file.
--
• attila lendvai
• PGP: 963F 5D5F 45C7 DFCD 0A39
--
“There is no reason ever to have the same thought twice, unless you like having that thought.”
— David Allen (1945–), 'Getting Things Done'
Information forwarded
to
guix-patches <at> gnu.org:
bug#57345; Package
guix-patches.
(Mon, 09 Sep 2024 14:36:01 GMT)
Full text and
rfc822 format available.
Message #43 received at 57345 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
i have updated Trezor support in https://issues.guix.gnu.org/73148 and
the last patch fixes this issue (by using absolute store paths to access
gnupg binaries).
i think this one can be closed.
--
• attila lendvai
• PGP: 963F 5D5F 45C7 DFCD 0A39
--
“If a nation values anything more than freedom, it will lose its freedom; and the irony of it is that if it is comfort or money that it values more, it will lose that, too.”
— Somerset Maugham (1874–1965)
[signature.asc (application/pgp-signature, inline)]
This bug report was last modified 286 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.