From unknown Sat Jul 26 23:55:43 2025 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) Content-Type: text/plain; charset=utf-8 From: bug#67707 <67707@debbugs.gnu.org> To: bug#67707 <67707@debbugs.gnu.org> Subject: Status: Fresh installation leaks details about ISO build environment Reply-To: bug#67707 <67707@debbugs.gnu.org> Date: Sun, 27 Jul 2025 06:55:43 +0000 retitle 67707 Fresh installation leaks details about ISO build environment reassign 67707 guix submitter 67707 Ludovic Court=C3=A8s severity 67707 important thanks From debbugs-submit-bounces@debbugs.gnu.org Fri Dec 08 08:11:57 2023 Received: (at submit) by debbugs.gnu.org; 8 Dec 2023 13:11:57 +0000 Received: from localhost ([127.0.0.1]:44122 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rBae5-0001oe-8s for submit@debbugs.gnu.org; Fri, 08 Dec 2023 08:11:57 -0500 Received: from lists.gnu.org ([2001:470:142::17]:54950) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rBae2-0001oL-Ur for submit@debbugs.gnu.org; Fri, 08 Dec 2023 08:11:55 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rBadg-0006qV-OR for bug-guix@gnu.org; Fri, 08 Dec 2023 08:11:32 -0500 Received: from mail2-relais-roc.national.inria.fr ([192.134.164.83]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rBadP-0001MK-Uz for bug-guix@gnu.org; Fri, 08 Dec 2023 08:11:32 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=inria.fr; s=dc; h=from:to:subject:date:message-id:mime-version: content-transfer-encoding; bh=ut48Ilial/jv8mQUBK/vie/oZUPiPYv2yJXiefI3QEY=; b=qrOVBvyGjpi5LrkYClu78Xol0b2gyWSc3I16HC1fvvI8+7eRM4rsoK8l LOAT+9EWgxNoc3Ah5Ji6zW+PFwLx9C+7J2/7PaVCe6ToyfKjTX4Xxp/mC P9ErFjeEtaP0Vd2ifeC03BmrlXCUH7xzxvxaeS9IZg3q1SiZlGmx6uWU7 A=; Authentication-Results: mail2-relais-roc.national.inria.fr; dkim=none (message not signed) header.i=none; spf=SoftFail smtp.mailfrom=ludovic.courtes@inria.fr; dmarc=fail (p=none dis=none) d=inria.fr X-IronPort-AV: E=Sophos;i="6.04,260,1695679200"; d="scan'208";a="141209757" Received: from unknown (HELO ribbon) ([193.50.110.69]) by mail2-relais-roc.national.inria.fr with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 08 Dec 2023 14:11:04 +0100 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: bug-guix@gnu.org Subject: Fresh installation leaks details about ISO build environment X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: Octidi 18 Frimaire an 232 de la =?utf-8?Q?R=C3=A9vol?= =?utf-8?Q?ution=2C?= jour du Lierre X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Fri, 08 Dec 2023 14:11:02 +0100 Message-ID: <875y18c00p.fsf@inria.fr> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Received-SPF: pass client-ip=192.134.164.83; envelope-from=ludovic.courtes@inria.fr; helo=mail2-relais-roc.national.inria.fr X-Spam_score_int: -43 X-Spam_score: -4.4 X-Spam_bar: ---- X-Spam_report: (-4.4 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: 1.0 (+) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.0 (/) On a fresh installation of 1.4.0, we get: --8<---------------cut here---------------start------------->8--- # guix system describe G=C3=A9n=C3=A9ration 1 08 d=C3=A9c. 2023 10:39:47 (actuelle) nom de fichier=E2=80=AF: /var/guix/profiles/system-1-link nom de fichier canonique : /gnu/store/d8g35zgpcg0k42jlxi3pda59nx3cgmhl-sy= stem =C3=A9tiquette : GNU with Linux-Libre 6.0.10 chargeur de d=C3=A9marrage : grub p=C3=A9riph=C3=A9rique racine : UUID : d17c4651-b142-4802-9d70-b018ee72c5= 8e noyau : /gnu/store/3qdad0k7wvwl09wah246q7fvsb1hbr0x-linux-libre-6.0.10/bz= Image canaux : guix: URL du d=C3=A9p=C3=B4t : /home/ludo/src/guix/+version-1.4.0/ branche : version-1.4.0 commit : 989a3916dc8967bcb7275f10452f89bc6c3389cc fichier de configuration : /gnu/store/ram19r21j1rp0pfkdadmi3a6jp24fy36-co= nfiguration.scm --8<---------------cut here---------------end--------------->8--- Oops! That the URL is wrong doesn=E2=80=99t have any impact because it=E2=80=99s = not used by =E2=80=98guix pull=E2=80=99 or anything, but it=E2=80=99s obviously not gre= at. Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Thu Aug 29 05:38:17 2024 Received: (at control) by debbugs.gnu.org; 29 Aug 2024 09:38:18 +0000 Received: from localhost ([127.0.0.1]:50442 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sjbbd-0000nA-KR for submit@debbugs.gnu.org; Thu, 29 Aug 2024 05:38:17 -0400 Received: from eggs.gnu.org ([209.51.188.92]:54238) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sjbbb-0000mo-5z for control@debbugs.gnu.org; Thu, 29 Aug 2024 05:38:15 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sjbac-00066u-NF for control@debbugs.gnu.org; Thu, 29 Aug 2024 05:37:14 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-version:Subject:From:To:Date:in-reply-to: references; bh=Vd/rJCGhdjKUhF14cUSCRcHzP4LKc2Gnkjpp74+Chi4=; b=Hbw4hLfdSwO8Au V+36cz9EskbmBFEdaUbtrw6RyrATmtzCsI9+zMGwlIlS4hwJ7D8ca1LaaRRQT6Zgv5LDl5xUjG2gf abRpX+MCOaJTN5mL5sfhHumrazSllt7280rTCE6mDoHJwtxaG8j/XNVXk+lenDpecqbkZGv0ntNAM imijZpV2Ahp+I5QmmwML9TaQp79CNn3NHZg4TP8OcmTn4sS/2fr5EcYPXRBjv3q0RqEJ1VxrcpSuF HqllNZ3QKkFC7IFlzO7gVvuuQXRNXSujdHBrIjYoUH6QPVgWTMttFTtSRkzihnCpsKqRrvcjjLUwi VQUWbeaKRZTIRd+5yCcA==; Date: Thu, 29 Aug 2024 11:37:12 +0200 Message-Id: <87y14ffz5j.fsf@gnu.org> To: control@debbugs.gnu.org From: =?utf-8?Q?Ludovic_Court=C3=A8s?= Subject: control message for bug #67707 MIME-version: 1.0 Content-type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: control X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) severity 67707 important quit From debbugs-submit-bounces@debbugs.gnu.org Thu May 01 08:47:27 2025 Received: (at 67707) by debbugs.gnu.org; 1 May 2025 12:47:27 +0000 Received: from localhost ([127.0.0.1]:49588 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1uATK3-0006dw-11 for submit@debbugs.gnu.org; Thu, 01 May 2025 08:47:27 -0400 Received: from ditigal.xyz ([2a01:4f8:1c1b:6a1c::]:40070 helo=mail.ditigal.xyz) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1uATJy-0006dc-Ve for 67707@debbugs.gnu.org; Thu, 01 May 2025 08:47:24 -0400 Received: by cerebrum (OpenSMTPD) with ESMTPSA id bc469e8b (TLSv1.3:TLS_CHACHA20_POLY1305_SHA256:256:NO); Thu, 1 May 2025 12:47:15 +0000 (UTC) From: Rutherther To: 67707@debbugs.gnu.org Subject: Re: Fresh installation leaks details about ISO build environment In-Reply-To: <87y14ffz5j.fsf@gnu.org> Date: Thu, 01 May 2025 14:47:12 +0200 Message-ID: <8734doh50v.fsf@ditigal.xyz> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ditigal.xyz; i=@ditigal.xyz; q=dns/txt; s=20240917; t=1746103635; h=from : to : cc : subject : in-reply-to : date : message-id : mime-version : content-type : content-transfer-encoding : from; bh=TUnKdVtTwXjuhByUvpzZjSAEJ7viPq2KebQjWH4cOz4=; b=jqMnK8IRXL6aXwUCa21fyXoEFwiTk2FRNp465KSlagJO2gDZrWC0xvhvPPsB0Cp7qqx2S FFrTrKrL6/3W5EdIMFVcj+/gji1u8ywj9eGOQ58LVDnJnH5EMbFAIL4cKRtSBSxe1/jmKwo EQgg5WEqVHezHQ+F6FwCw+d5O1JHHRE= X-Spam-Score: 0.5 (/) X-Debbugs-Envelope-To: 67707 Cc: Ludovic =?utf-8?B?Q291cnTDg8Kocw==?= , Ludovic =?utf-8?B?Q291cnTDg8Kocw==?= X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.5 (/) Hi Ludo', > That the URL is wrong doesn=E2=80=99t have any impact because it=E2=80=99= s not used by > =E2=80=98guix pull=E2=80=99 or anything, but it=E2=80=99s obviously not g= reat. this is not exactly true. It might be used, by the forward update check on guix system reconfigure. When the user hasn't pulled yet, they don't have any checkout, and a new one is being created by looking at the folder /home/ludo/src/guix/version/... That will end up with an error. Maybe the installation-os should not use (current-guix) as that can lead to issues like this? Could we instead just detect the commit and change the url to the savannah/codeberg one? Or will it just be ensured next time that the channels used to build it point to the hosting url and not at a local one? Regards Rutherther From debbugs-submit-bounces@debbugs.gnu.org Sat May 03 12:32:38 2025 Received: (at 67707) by debbugs.gnu.org; 3 May 2025 16:32:38 +0000 Received: from localhost ([127.0.0.1]:42810 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1uBFn3-0000hR-OE for submit@debbugs.gnu.org; Sat, 03 May 2025 12:32:38 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:50520) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1uBFn0-0000gG-6E for 67707@debbugs.gnu.org; Sat, 03 May 2025 12:32:35 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1uBFmu-0007MY-O1; Sat, 03 May 2025 12:32:28 -0400 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Rutherther Subject: Re: Fresh installation leaks details about ISO build environment In-Reply-To: <8734doh50v.fsf@ditigal.xyz> (rutherther@ditigal.xyz's message of "Thu, 01 May 2025 14:47:12 +0200") Date: Sat, 03 May 2025 18:23:15 +0200 Message-ID: <87ikmh8xzg.fsf@gnu.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 67707 Cc: 67707@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable References: <8734doh50v.fsf@ditigal.xyz> User-Agent: mu4e 1.12.9; emacs 29.4 X-URL: https://people.bordeaux.inria.fr/lcourtes/ X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu X-Revolutionary-Date: Quartidi 14 Flor=C3=A9al an 233 de la R=C3=A9volution= , jour du Cham=C3=A9risier Hello, Rutherther writes: >> That the URL is wrong doesn=E2=80=99t have any impact because it=E2=80= =99s not used by >> =E2=80=98guix pull=E2=80=99 or anything, but it=E2=80=99s obviously not = great. > > this is not exactly true. It might be used, by the forward update check > on guix system reconfigure. > When the user hasn't pulled yet, they don't have any checkout, and a new > one is being created by looking at the folder > /home/ludo/src/guix/version/... That will end up with an error. True. > Maybe the installation-os should not use (current-guix) as that can lead > to issues like this? Could we instead just detect the commit and change > the url to the savannah/codeberg one? > Or will it just be ensured next time that the channels used to build it > point to the hosting url and not at a local one? I think so. It should be as simple as this: --=-=-= Content-Type: text/x-patch; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable diff --git a/gnu/packages/package-management.scm b/gnu/packages/package-man= agement.scm index f0a9b39e25..46cf9b8512 100644 --- a/gnu/packages/package-management.scm +++ b/gnu/packages/package-management.scm @@ -1,5 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright =C2=A9 2013-2024 Ludovic Court=C3=A8s +;;; Copyright =C2=A9 2013-2025 Ludovic Court=C3=A8s ;;; Copyright =C2=A9 2015, 2017, 2020, 2021, 2022, 2023 Ricardo Wurmus ;;; Copyright =C2=A9 2017 Muriithi Frederick Muriuki ;;; Copyright =C2=A9 2017, 2018 Oleg Pykhalov @@ -673,7 +673,8 @@ (define-public current-guix-package ((? channel? source) (package (inherit guix) - (source source) + (source (channel (inherit %default-guix-channel) + (commit (channel-commit source)))) (build-system channel-build-system) (inputs '()) (native-inputs '()) --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Maybe there are cases where it=E2=80=99s not desirable (someone maintaining= a fork for example), but those are hypothetical edge cases. WDYT? Ludo=E2=80=99. Date: Sat, 03 May 2025 18:23:14 +0200 --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Sat May 03 13:29:21 2025 Received: (at 67707) by debbugs.gnu.org; 3 May 2025 17:29:22 +0000 Received: from localhost ([127.0.0.1]:43073 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1uBGfx-0003iQ-Cg for submit@debbugs.gnu.org; Sat, 03 May 2025 13:29:21 -0400 Received: from ditigal.xyz ([2a01:4f8:1c1b:6a1c::]:34652 helo=mail.ditigal.xyz) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1uBGfs-0003i4-GJ for 67707@debbugs.gnu.org; Sat, 03 May 2025 13:29:18 -0400 Received: by cerebrum (OpenSMTPD) with ESMTPSA id 0836e2b2 (TLSv1.3:TLS_CHACHA20_POLY1305_SHA256:256:NO); Sat, 3 May 2025 17:29:07 +0000 (UTC) From: Rutherther To: Ludovic =?utf-8?Q?Court=C3=A8s?= Subject: Re: Fresh installation leaks details about ISO build environment In-Reply-To: <87ikmh8xzg.fsf@gnu.org> References: <87ikmh8xzg.fsf@gnu.org> Date: Sat, 03 May 2025 19:29:06 +0200 Message-ID: <87msbtvc0t.fsf@ditigal.xyz> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ditigal.xyz; i=@ditigal.xyz; q=dns/txt; s=20240917; t=1746293348; h=from : to : cc : subject : in-reply-to : references : date : message-id : mime-version : content-type : content-transfer-encoding : from; bh=daEvM6mg1hiKZmFtLqU+biMyaElnqmgrLDzF9fNh1Kc=; b=JwQ2NWG0AjwuYI3DHgEF4EBYFxLWvWMUXGn54xXXAjvUMFz2HdqyqKgggy4LxtjxIF18t /ApRzqZk1ayw0aUYIBckUSZ7WVe6naSRH9EovtiLVB0foynPug7hxnzCpX0h8KSU3KUVsxL 3VQw3JoFlp4L4QXTD3FRuC6W9Ki3hF4= X-Spam-Score: 0.5 (/) X-Debbugs-Envelope-To: 67707 Cc: 67707@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.5 (/) Hi Ludo, Ludovic Court=C3=A8s writes: > > Rutherther writes: > >>> That the URL is wrong doesn=E2=80=99t have any impact because it=E2=80= =99s not used by >>> =E2=80=98guix pull=E2=80=99 or anything, but it=E2=80=99s obviously not= great. >> >> this is not exactly true. It might be used, by the forward update check >> on guix system reconfigure. >> When the user hasn't pulled yet, they don't have any checkout, and a new >> one is being created by looking at the folder >> /home/ludo/src/guix/version/... That will end up with an error. > > True. > >> Maybe the installation-os should not use (current-guix) as that can lead >> to issues like this? Could we instead just detect the commit and change >> the url to the savannah/codeberg one? >> Or will it just be ensured next time that the channels used to build it >> point to the hosting url and not at a local one? > > I think so. It should be as simple as this: > > diff --git a/gnu/packages/package-management.scm b/gnu/packages/package-m= anagement.scm > index f0a9b39e25..46cf9b8512 100644 > --- a/gnu/packages/package-management.scm > +++ b/gnu/packages/package-management.scm > @@ -1,5 +1,5 @@ > ;;; GNU Guix --- Functional package management for GNU > -;;; Copyright =C2=A9 2013-2024 Ludovic Court=C3=A8s > +;;; Copyright =C2=A9 2013-2025 Ludovic Court=C3=A8s > ;;; Copyright =C2=A9 2015, 2017, 2020, 2021, 2022, 2023 Ricardo Wurmus <= rekado@elephly.net> > ;;; Copyright =C2=A9 2017 Muriithi Frederick Muriuki > ;;; Copyright =C2=A9 2017, 2018 Oleg Pykhalov > @@ -673,7 +673,8 @@ (define-public current-guix-package > ((? channel? source) > (package > (inherit guix) > - (source source) > + (source (channel (inherit %default-guix-channel) > + (commit (channel-commit source)))) > (build-system channel-build-system) > (inputs '()) > (native-inputs '()) > > Maybe there are cases where it=E2=80=99s not desirable (someone maintaini= ng a > fork for example), but those are hypothetical edge cases. > > WDYT? What I had in mind in the first place was replacing it just in the install.scm, I didn't even think about changing it here. I don't know, it feels a bit icky. This might be a good default - one commonly uses (current-guix) for putting to virtual machines and you don't want to end up with a local folder there. On the other hand, there are cases when you do want the same channels and will get more complicated with this change since one will have to get to know repository->guix-channel and current-source-directory. What about making two procedures, one that replaces with the default channel url and one that doesn't? Btw given the current state of things, I think this is quite 'dangerous' as savannah is commonly failing, and people using (current-guix) end up with it. This will hopefully be resolved in the future (either by switch to codeberg or hopefully savannah will get better), but if this was merged now I think it can cause more confusion. Related to this issue, I am playing with an idea to introduce a new option to guix system reconfigure that would skip the forward update check. While it makes sense, especially lately it shows how problematic it can get. There are people who cannot reconfigure because they have savannah in their channels, they first have to pull from codeberg, and even that is just a workaround (thankfully the forward update check will use the repository you currently have configured instead of the older one). This could happen even with other channels, not just guix. Additionally it's also not so good for virtual machines where you are just quickly testing something, and have to wait for a full checkout fetch just because you decided to reconfigure. (maybe if the commit is the same one as the old one there should be an additional check so that nothing is fetched in the first place) Thanks Rutherther From debbugs-submit-bounces@debbugs.gnu.org Mon May 05 03:50:59 2025 Received: (at submit) by debbugs.gnu.org; 5 May 2025 07:51:00 +0000 Received: from localhost ([127.0.0.1]:38224 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1uBqbL-00086C-H6 for submit@debbugs.gnu.org; Mon, 05 May 2025 03:50:59 -0400 Received: from lists.gnu.org ([2001:470:142::17]:37884) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1uBqbG-00085m-OC for submit@debbugs.gnu.org; Mon, 05 May 2025 03:50:55 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1uBqbA-00077u-JW for bug-guix@gnu.org; Mon, 05 May 2025 03:50:48 -0400 Received: from mail2-relais-roc.national.inria.fr ([192.134.164.83]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1uBqb8-0007pD-6d for bug-guix@gnu.org; Mon, 05 May 2025 03:50:48 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=inria.fr; s=dc; h=from:to:cc:subject:in-reply-to:references:date: message-id:mime-version; bh=pi/d7JldUAC0VKr1WILvmX2K2PaIdAAXDPSb577fuHA=; b=RItvfhG7YeGSt7VWzlzRZsd6MyVuCdgcfSkStFzPSpk5K2WtAoVWiwSh d6DTAjl19+YXIVMKBHindaPn30yss52jD7YobRnL5W11LxrNI4qovc1yd EAsy9BCorGjc3o2t5QWfi1PnpWs/S83SQvPwJzDJP0uevfUF4g9s1leHO I=; Authentication-Results: mail2-relais-roc.national.inria.fr; dkim=none (message not signed) header.i=none; spf=SoftFail smtp.mailfrom=ludovic.courtes@inria.fr; dmarc=fail (p=none dis=none) d=inria.fr X-IronPort-AV: E=Sophos;i="6.15,262,1739833200"; d="scan'208";a="220571491" Received: from unknown (HELO ribbon) ([193.50.110.53]) by mail2-relais-roc.national.inria.fr with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 05 May 2025 09:50:39 +0200 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Rutherther via Bug reports for GNU Guix Subject: Re: bug#67707: Fresh installation leaks details about ISO build environment In-Reply-To: <87msbtvc0t.fsf@ditigal.xyz> (Rutherther via Bug reports for's message of "Sat, 03 May 2025 19:29:06 +0200") Organization: Inria References: <87ikmh8xzg.fsf@gnu.org> <87msbtvc0t.fsf@ditigal.xyz> User-Agent: mu4e 1.12.9; emacs 29.4 X-URL: https://people.bordeaux.inria.fr/lcourtes/ X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu X-Revolutionary-Date: Sextidi 16 =?utf-8?Q?Flor=C3=A9al?= an 233 de la =?utf-8?Q?R=C3=A9volution=2C?= jour de la Consoude Date: Mon, 05 May 2025 08:44:21 +0200 Message-ID: <874ixz8sl6.fsf@inria.fr> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" Received-SPF: pass client-ip=192.134.164.83; envelope-from=ludovic.courtes@inria.fr; helo=mail2-relais-roc.national.inria.fr X-Spam_score_int: -53 X-Spam_score: -5.4 X-Spam_bar: ----- X-Spam_report: (-5.4 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H5=-1, RCVD_IN_MSPIKE_WL=-0.01, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: submit Cc: 67707@debbugs.gnu.org, Rutherther X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hi, Rutherther via Bug reports for GNU Guix writes: > What I had in mind in the first place was replacing it just in the > install.scm, I didn't even think about changing it here. Oh right, it=E2=80=99s probably best to change it there. Something like th= is? --=-=-= Content-Type: text/x-patch Content-Disposition: inline diff --git a/gnu/system/install.scm b/gnu/system/install.scm index 15ea401f1c..50320a6698 100644 --- a/gnu/system/install.scm +++ b/gnu/system/install.scm @@ -35,6 +35,11 @@ (define-module (gnu system install) #:use-module ((guix packages) #:select (package-version supported-package?)) #:use-module (guix platform) #:use-module (guix utils) + #:use-module (guix packages) + #:use-module ((guix channels) + #:select (%default-guix-channel + channel + channel-commit)) #:use-module (gnu installer) #:use-module (gnu system locale) #:use-module (gnu services avahi) @@ -392,7 +397,13 @@ (define* (%installation-services #:key (system (or (and=> ;; Install and run the current Guix rather than an older ;; snapshot. - (guix (current-guix)))) + (guix (let ((guix (current-guix))) + (package + (inherit guix) + (source (channel + (inherit %default-guix-channel) + (commit (channel-commit + (package-source guix)))))))))) ;; Start udev so that useful device nodes are available. ;; Use device-mapper rules for cryptsetup & co; enable the CRDA for --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable > Related to this issue, I am playing with an idea to introduce a new > option to guix system reconfigure that would skip the forward update > check. While it makes sense, especially lately it shows how problematic > it can get. [=E2=80=A6] I=E2=80=99m not sure I follow: even if one uses a mirror of Savannah, downg= rade prevention works fine. Or are you referring to some other motivation? Thanks, Ludo=E2=80=99. --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Mon May 05 12:48:44 2025 Received: (at submit) by debbugs.gnu.org; 5 May 2025 16:48:44 +0000 Received: from localhost ([127.0.0.1]:42315 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1uByzj-0004WI-BW for submit@debbugs.gnu.org; Mon, 05 May 2025 12:48:43 -0400 Received: from lists.gnu.org ([2001:470:142::17]:54298) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1uByzg-0004Vf-Pk for submit@debbugs.gnu.org; Mon, 05 May 2025 12:48:41 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1uByzE-0004sA-Dn for bug-guix@gnu.org; Mon, 05 May 2025 12:48:15 -0400 Received: from ditigal.xyz ([2a01:4f8:1c1b:6a1c::] helo=mail.ditigal.xyz) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_CHACHA20_POLY1305:256) (Exim 4.90_1) (envelope-from ) id 1uByzB-0001mT-UZ for bug-guix@gnu.org; Mon, 05 May 2025 12:48:11 -0400 Received: by cerebrum (OpenSMTPD) with ESMTPSA id 8083fee8 (TLSv1.3:TLS_CHACHA20_POLY1305_SHA256:256:NO); Mon, 5 May 2025 16:48:06 +0000 (UTC) From: Rutherther To: Ludovic =?utf-8?Q?Court=C3=A8s?= , Rutherther via Bug reports for GNU Guix Subject: Re: bug#67707: Fresh installation leaks details about ISO build environment In-Reply-To: <874ixz8sl6.fsf@inria.fr> References: <87ikmh8xzg.fsf@gnu.org> <87msbtvc0t.fsf@ditigal.xyz> <874ixz8sl6.fsf@inria.fr> Date: Mon, 05 May 2025 18:48:04 +0200 Message-ID: <87wmavatrv.fsf@ditigal.xyz> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ditigal.xyz; i=@ditigal.xyz; q=dns/txt; s=20240917; t=1746463686; h=from : to : cc : subject : in-reply-to : references : date : message-id : mime-version : content-type : content-transfer-encoding : from; bh=w4vm7wnpLJvhJe+74v0DO56R7xSAjQl14RoGd/R7ZC4=; b=ecV4xg2BGdi3nYrSEZ7cTapT5QOBo30YYBa1ZLTHswdkGCOW2Rje04tQI24Espjx6Ooqh 3lzlDmyW8206WtV31R8F9lMUIgd6ws8bgfJDA+glZCIHcveN1eU9WFhs5A6SDgWb8Gzuj+P VMhLAg2e8awG3OIggwfQaJbQavJD0bc= Received-SPF: pass client-ip=2a01:4f8:1c1b:6a1c::; envelope-from=rutherther@ditigal.xyz; helo=mail.ditigal.xyz X-Spam_score_int: 4 X-Spam_score: 0.4 X-Spam_bar: / X-Spam_report: (0.4 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FROM_SUSPICIOUS_NTLD=0.499, PDS_OTHER_BAD_TLD=1.999, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-Spam-Score: 3.4 (+++) X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Hi Ludo', Ludovic Courtès writes: > Hi, > > Rutherther via Bug reports for GNU Guix writes: > >> What I had in mind in the first place was replacing it just in the >> install.scm, I didn't even think about changing [...] Content analysis details: (3.4 points, 10.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2001:470:142:0:0:0:0:17 listed in] [list.dnswl.org] 2.0 PDS_OTHER_BAD_TLD Untrustworthy TLDs [URI: ditigal.xyz (xyz)] 0.9 SPF_FAIL SPF: sender does not match SPF record (fail) [SPF failed: Please see http://www.openspf.org/Why?s=mfrom;id=rutherther%40ditigal.xyz;ip=2001%3A470%3A142%3A%3A17;r=debbugs.gnu.org] -0.0 SPF_HELO_PASS SPF: HELO matches SPF record 0.5 FROM_SUSPICIOUS_NTLD From abused NTLD X-Debbugs-Envelope-To: submit Cc: 67707@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 3.4 (+++) X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Hi Ludo', Ludovic Courtès writes: > Hi, > > Rutherther via Bug reports for GNU Guix writes: > >> What I had in mind in the first place was replacing it just in the >> install.scm, I didn't even think about changing [...] Content analysis details: (3.4 points, 10.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2001:470:142:0:0:0:0:17 listed in] [list.dnswl.org] 2.0 PDS_OTHER_BAD_TLD Untrustworthy TLDs [URI: ditigal.xyz (xyz)] 0.9 SPF_FAIL SPF: sender does not match SPF record (fail) [SPF failed: Please see http://www.openspf.org/Why?s=mfrom;id=rutherther%40ditigal.xyz;ip=2001%3A470%3A142%3A%3A17;r=debbugs.gnu.org] -0.0 SPF_HELO_PASS SPF: HELO matches SPF record 1.0 BULK_RE_SUSP_NTLD Precedence bulk and RE: from a suspicious TLD 0.5 FROM_SUSPICIOUS_NTLD From abused NTLD -1.0 MAILING_LIST_MULTI Multiple indicators imply a widely-seen list manager Hi Ludo', Ludovic Court=C3=A8s writes: > Hi, > > Rutherther via Bug reports for GNU Guix writes: > >> What I had in mind in the first place was replacing it just in the >> install.scm, I didn't even think about changing it here. > > Oh right, it=E2=80=99s probably best to change it there. Something like = this? Yes, that is exactly what I had in mind. Btw I am wondering, is there a policy on (not) updating the released iso? > > diff --git a/gnu/system/install.scm b/gnu/system/install.scm > index 15ea401f1c..50320a6698 100644 > --- a/gnu/system/install.scm > +++ b/gnu/system/install.scm > @@ -35,6 +35,11 @@ (define-module (gnu system install) > #:use-module ((guix packages) #:select (package-version supported-pack= age?)) > #:use-module (guix platform) > #:use-module (guix utils) > + #:use-module (guix packages) > + #:use-module ((guix channels) > + #:select (%default-guix-channel > + channel > + channel-commit)) > #:use-module (gnu installer) > #:use-module (gnu system locale) > #:use-module (gnu services avahi) > @@ -392,7 +397,13 @@ (define* (%installation-services #:key (system (or (= and=3D> >=20=20 > ;; Install and run the current Guix rather than an = older > ;; snapshot. > - (guix (current-guix)))) > + (guix (let ((guix (current-guix))) > + (package > + (inherit guix) > + (source (channel > + (inherit %default-guix-channel) > + (commit (channel-commit > + (package-source guix)))= ))))))) >=20=20 > ;; Start udev so that useful device nodes are available. > ;; Use device-mapper rules for cryptsetup & co; enable the CR= DA for > > >> Related to this issue, I am playing with an idea to introduce a new >> option to guix system reconfigure that would skip the forward update >> check. While it makes sense, especially lately it shows how problematic >> it can get. [=E2=80=A6] > > I=E2=80=99m not sure I follow: even if one uses a mirror of Savannah, dow= ngrade > prevention works fine. Or are you referring to some other motivation? I agree that the prevention works fine even with a mirror. What I wanted to say is that sometimes it can't work. Like if a repository hosting is down or you don't have internet connection. That is, if the checkout (usually the one of root) doesn't contain the commit. Lately, it shows because savannah is down very often. So one pulls successfully, but then can't reconfigure, because savannah is down again. This is because root has a separate checkout. Even if it didn't, if the checkouts are removed, the user can't reconfigure if repo hosting is down. This just feels like an unnecessary limitation - why not allow the user to say: yes, this is a forward update, don't check, ie. --disable-forward-update-check. Workaround for savannah being down is to use a mirror. Thankfully the check uses the currently configured source of the repository, so just pulling out of the mirror, and then reconfiguring works. Thanks Rutherther From debbugs-submit-bounces@debbugs.gnu.org Mon May 05 18:25:01 2025 Received: (at 67707-done) by debbugs.gnu.org; 5 May 2025 22:25:01 +0000 Received: from localhost ([127.0.0.1]:43902 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1uC4FB-0005bX-6J for submit@debbugs.gnu.org; Mon, 05 May 2025 18:25:01 -0400 Received: from mail3-relais-sop.national.inria.fr ([192.134.164.104]:60553) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1uC4F7-0005aT-UJ for 67707-done@debbugs.gnu.org; Mon, 05 May 2025 18:24:58 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=inria.fr; s=dc; h=from:to:cc:subject:in-reply-to:references:date: message-id:mime-version:content-transfer-encoding; bh=OCvMmLOGSlMcfWVbgTLwtRHM/mRtG3CJbFnAx5rlnAo=; b=vL1TviTGV4OcGJejljlS/vqbdnaagHFN69w88j/0Sk2juux3b1f1Irj0 gdMeMJ+k93nEyHc31Lxh6u5sx3vqG5IAkVJWlEDgsHIvN+cgUBT9iln9V egU1Q3BqWehnAITucrqnpwXxq2rAIfLH7q2Lnfg4aUzrPsglQl07LUPX6 0=; Authentication-Results: mail3-relais-sop.national.inria.fr; dkim=none (message not signed) header.i=none; spf=SoftFail smtp.mailfrom=ludo@gnu.org; dmarc=fail (p=none dis=none) d=inria.fr X-IronPort-AV: E=Sophos;i="6.15,264,1739833200"; d="scan'208";a="115891455" Received: from 91-160-117-201.subs.proxad.net (HELO ribbon) ([91.160.117.201]) by mail3-relais-sop.national.inria.fr with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 06 May 2025 00:24:49 +0200 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Rutherther via Bug reports for GNU Guix Subject: Re: bug#67707: Fresh installation leaks details about ISO build environment In-Reply-To: <87wmavatrv.fsf@ditigal.xyz> (Rutherther via Bug reports for's message of "Mon, 05 May 2025 18:48:04 +0200") Organization: Inria References: <87ikmh8xzg.fsf@gnu.org> <87msbtvc0t.fsf@ditigal.xyz> <874ixz8sl6.fsf@inria.fr> <87wmavatrv.fsf@ditigal.xyz> User-Agent: mu4e 1.12.9; emacs 29.4 X-URL: https://people.bordeaux.inria.fr/lcourtes/ X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu X-Revolutionary-Date: Sextidi 16 =?utf-8?Q?Flor=C3=A9al?= an 233 de la =?utf-8?Q?R=C3=A9volution=2C?= jour de la Consoude Date: Tue, 06 May 2025 00:23:07 +0200 Message-ID: <87a57q3df8.fsf@gnu.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -1.3 (-) X-Debbugs-Envelope-To: 67707-done Cc: 67707-done@debbugs.gnu.org, Rutherther X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.3 (--) Hello, Rutherther via Bug reports for GNU Guix writes: > Ludovic Court=C3=A8s writes: [...] >> Oh right, it=E2=80=99s probably best to change it there. Something like= this? > > Yes, that is exactly what I had in mind. OK, pushed as 94c9e53fa4b45e85c1664a9bab6aea0d5c3ac123. I checked in =E2=80=98guix system vm gnu/system/install.scm=E2=80=99 that = =E2=80=98guix describe=E2=80=99 reports the right URL. > Btw I am wondering, is there a policy on (not) updating the released > iso? Release artifacts in general are immutable. But of course, we should make a new release, that=E2=80=99s consensual. :-) >> I=E2=80=99m not sure I follow: even if one uses a mirror of Savannah, do= wngrade >> prevention works fine. Or are you referring to some other motivation? > > I agree that the prevention works fine even with a mirror. What I wanted > to say is that sometimes it can't work. Like if a repository hosting is > down or you don't have internet connection. That is, if the checkout > (usually the one of root) doesn't contain the commit. Lately, it shows > because savannah is down very often. So one pulls successfully, but then > can't reconfigure, because savannah is down again. This is because root > has a separate checkout. Oh right, got it. Hopefully this particular issue will vanish if we decide to move to Codeberg (GCD 002). > Even if it didn't, if the checkouts are removed, the user can't > reconfigure if repo hosting is down. This just feels like an > unnecessary limitation - why not allow the user to say: yes, this is a > forward update, don't check, ie. --disable-forward-update-check. I was going to say that it=E2=80=99s called =E2=80=98--allow-downgrades=E2= =80=99, but in fact no, because that still clones/pulls to perform the check and emit a warning (instead of an error). Still, maybe it could catch clone/pull errors? Anyway, that=E2=80=99s for another bug report. :-) Thanks, Ludo=E2=80=99. From unknown Sat Jul 26 23:55:43 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Tue, 03 Jun 2025 11:24:22 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator