GNU bug report logs - #67707
Fresh installation leaks details about ISO build environment

Previous Next

Package: guix;

Reported by: Ludovic Courtès <ludovic.courtes <at> inria.fr>

Date: Fri, 8 Dec 2023 13:12:01 UTC

Severity: important

Done: Ludovic Courtès <ludovic.courtes <at> inria.fr>

Bug is archived. No further changes may be made.

Full log

Message #13 received at 67707 <at> debbugs.gnu.org (full text, mbox):

From: Ludovic Courtès <ludovic.courtes <at> inria.fr>
To: Rutherther <rutherther <at> ditigal.xyz>
Cc: 67707 <at> debbugs.gnu.org
Subject: Re: Fresh installation leaks details about ISO build environment
Date: Sat, 03 May 2025 18:23:15 +0200

[Message part 1 (text/plain, inline)]
References: <8734doh50v.fsf <at> ditigal.xyz>
User-Agent: mu4e 1.12.9; emacs 29.4
X-URL: https://people.bordeaux.inria.fr/lcourtes/
X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4  0CFB 090B 1199 3D9A EBB5
X-OS: x86_64-pc-linux-gnu
X-Revolutionary-Date: Quartidi 14 Floréal an 233 de la Révolution, jour du Chamérisier
Hello,

Rutherther <rutherther <at> ditigal.xyz> writes:

>> That the URL is wrong doesn’t have any impact because it’s not used by
>> ‘guix pull’ or anything, but it’s obviously not great.
>
> this is not exactly true. It might be used, by the forward update check
> on guix system reconfigure.
> When the user hasn't pulled yet, they don't have any checkout, and a new
> one is being created by looking at the folder
> /home/ludo/src/guix/version/... That will end up with an error.

True.

> Maybe the installation-os should not use (current-guix) as that can lead
> to issues like this? Could we instead just detect the commit and change
> the url to the savannah/codeberg one?
> Or will it just be ensured next time that the channels used to build it
> point to the hosting url and not at a local one?

I think so.  It should be as simple as this:


[Message part 2 (text/x-patch, inline)]
diff --git a/gnu/packages/package-management.scm b/gnu/packages/package-management.scm
index f0a9b39e25..46cf9b8512 100644
--- a/gnu/packages/package-management.scm
+++ b/gnu/packages/package-management.scm
@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2013-2024 Ludovic Courtès <ludo <at> gnu.org>
+;;; Copyright © 2013-2025 Ludovic Courtès <ludo <at> gnu.org>
 ;;; Copyright © 2015, 2017, 2020, 2021, 2022, 2023 Ricardo Wurmus <rekado <at> elephly.net>
 ;;; Copyright © 2017 Muriithi Frederick Muriuki <fredmanglis <at> gmail.com>
 ;;; Copyright © 2017, 2018 Oleg Pykhalov <go.wigust <at> gmail.com>
@@ -673,7 +673,8 @@ (define-public current-guix-package
             ((? channel? source)
              (package
                (inherit guix)
-               (source source)
+               (source (channel (inherit %default-guix-channel)
+                                (commit (channel-commit source))))
                (build-system channel-build-system)
                (inputs '())
                (native-inputs '())

[Message part 3 (text/plain, inline)]
Maybe there are cases where it’s not desirable (someone maintaining a
fork for example), but those are hypothetical edge cases.

WDYT?

Ludo’.
Date: Sat, 03 May 2025 18:23:14 +0200
This bug report was last modified 53 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.