Message ID | oamh7oxIpfduEsGj0C875PjRnOZQr49eMY9S2AZdH4h4T5wwhwD_cOAsSZXDGlTn2rGP3751cdC6uLsdswY4PhgAa1js_xzDh3XgVdIFFdo=@protonmail.com |
---|---|
State | New |
Headers | show |
Series | [bug#57345] Add gnupg to propagated-inputs of trezor-agent | expand |
Context | Check | Description |
---|---|---|
cbaines/comparison | success | View comparision |
cbaines/git-branch | success | View Git branch |
cbaines/applying patch | success | |
cbaines/issue | success | View issue |
cbaines/comparison | success | View comparision |
cbaines/git-branch | success | View Git branch |
cbaines/applying patch | success | View Laminar job |
cbaines/issue | success | View issue |
Hi Marek, thanks for your patch. This looks like a good fix of the problem. Propagation is generally used sparingly, when there is no other option. We try to avoid it when possible, because it can lead to unexpected conflicts, e.g. when a user has a particular version of gnupg installed in their profile and then installs trezor-agent with a more recent version of Guix it would abort with a conflict error as it cannot install two variants of gnupg into the same Guix profile. I wonder if we can avoid propagation here. We could, for example, look up gnupg in PATH (so that a user’s installation of gnupg is preferred) and fall back to an explicit gnupg from the inputs (not propagated-inputs). This would require minor patching of trezor-agent. What do you think?
Nothing I do seems to work at all. Last night I thought of a fundamental question: Are `inputs` accessible in the guix store at runtime? If they are, that means I am too dumb to correctly parse the documentation. My initial patch proves, that `gnupg` has to be available at runtime. At this point I am incapable of doing anything more. I got physically sick of trying to understand and use all the procedures.
On Mon, Sep 05, 2022 at 05:49:55AM +0000, guix-patches--- via wrote: > Nothing I do seems to work at all. > > Last night I thought of a fundamental question: > Are `inputs` accessible in the guix store at runtime? > > If they are, that means I am too dumb to correctly parse the documentation. My initial patch proves, that `gnupg` has to be available at runtime. At this point I am incapable of doing anything more. I got physically sick of trying to understand and use all the procedures. After some poking around on IRC and in trezor-agent and python-trezor-agent, it seems that there are a number of calls to the gpgconf binary and the actual path to gpg is probably set in python-trezor-agent in libagent/gpg/keyring.py. With all of this it's probably best to just wrap the files in the bin output of trezor agent so that we don't miss any files. (ins)efraim@3900XT /tmp$ tree /gnu/store/46br8illcfv93ryh28s2haz1s59n584v-trezor-agent-0.14.4 /gnu/store/46br8illcfv93ryh28s2haz1s59n584v-trezor-agent-0.14.4 ├── bin │ ├── __pycache__ │ │ └── trezor_agent.cpython-39.pyc │ ├── trezor-agent │ ├── trezor_agent.py │ ├── trezor-gpg │ ├── trezor-gpg-agent │ └── trezor-signify └── lib └── python3.9 └── site-packages └── trezor_agent-0.11.0-py3.9.egg-info ├── dependency_links.txt ├── entry_points.txt ├── PKG-INFO ├── requires.txt ├── SOURCES.txt └── top_level.txt trezor_agent.py is an actual python script, so I'd use wrap-script, but the other extensionless files I'd use wrap-program, which IIRC will Do The Right Thing™ and not double-wrap those files, which are already wrappers. I haven't tested the code out, but something like this should work inside trezor-agent. (add-before 'check 'wrap-more ;; We want to make sure we're before 'check but after 'wrap (lambda* (#:key inputs outputs #:allow-other-keys) (wrap-script (string-append #$output "/bin/trezor_agent.py") `(("PATH" ":" prefix (,(dirname (search-input-file inputs "gpg")))))) (for-each (lambda (file) (wrap-program file `(("PATH" ":" prefix (,(dirname (search-input-file inputs "gpg"))))))) (find-files (string-append #$output "/bin") "^trezor-"))))
I have encountered the same problem as in this email: https://lists.gnu.org/archive/html/help-guix/2019-06/msg00073.html I do not understand how to apply the proposed fix.
Let us not have perfect be the enemy of good, and merge the `propagated-inputs` solution. Once an `inputs` solution is found, it would be used instead. A potential conflict with other `gnupg` instances is less harmful than the currently happening guaranteed loss of major functionality. What do you think?
On 05-09-2022 13:26, guix-patches--- via wrote:
> I do not understand how to apply the proposed fix.
Copy-paste Efraim's phase to the %standard-phases (I assume before
fixup-agent-py).
Greetings,
Maxime
On 06-09-2022 15:06, guix-patches--- via wrote: > Let us not have perfect be the enemy of good, and merge the `propagated-inputs` solution. Once an `inputs` solution is found, it would be used instead. > > A potential conflict with other `gnupg` instances is less harmful than the currently happening guaranteed loss of major functionality. > > What do you think? Efraim has posted a potential 'inputs' solution. Greetings, Maxime.
On 05-09-2022 13:26, guix-patches--- via wrote: > I have encountered the same problem as in this email: > https://lists.gnu.org/archive/html/help-guix/2019-06/msg00073.html > > I do not understand how to apply the proposed fix. > IIRC, python-build-system uses G-exps nowadays, so to use #$, all you need to do is replace (arguments `(#:phases (modify-phases ...))) by (arguments (list #:phases #~(modify-phases ...))), no need for separate inputs.
On 05-09-2022 07:49, guix-patches--- via wrote: > Nothing I do seems to work at all. > > Last night I thought of a fundamental question: > Are `inputs` accessible in the guix store at runtime? If a reference (i.e., a /gnu/store/the-input-... string) ends up in the resulting store item of trezor-agent, then yes. > If they are, that means I am too dumb to correctly parse the documentation. As far as I'm aware it is not documented that the GC is based on reference-scanning. > My initial patch proves, that `gnupg` has to be available at runtime. At this point I am incapable of doing anything more. I got physically sick of trying to understand and use all the procedures. Look where 'gnupg' is used in trezor-agent (git grep -F can be useful) and replace it with substitute* + search-input-file. Alternatively, wrap-program, as proposed in Efraim's reply. Greetings, Maxime.
I give up. So far, the cleanest workaround is to explicitly declare `gnupg` installation. I decided to use that going forward. ``` (inputs (list gnupg guile-2.0 python-3 python-trezor python-trezor-agent)) (add-before 'check 'wrap-more (lambda* (#:key inputs outputs #:allow-other-keys) (wrap-script (string-append #$output "/bin/trezor_agent.py") '("PATH" ":" prefix '("/gnu/store/3bpq5knfvzhxhqfwzqm9br917nz7r0yp-gnupg-2.2.32/bin"))))) ``` This is as far as I was able to go while maintaining any sense of understanding and control over the code. All attempts to progress end with this failure: ``` Backtrace [...] ERROR: 1. &wrap-error: program: "/gnu/store/rb3wzd5pi899mlvv4wj35afc4z8ys60m-trezor-agent-0.14.4/bin/trezor_agent.py" type: no-interpreter-found ``` Clearly, the wrapping documentation assumes something and fails to mention it - and now a programming noob like me is totally lost. My conclusions: 1. Current state of `trezor-agent` - broken critical functionality by default. 2. Presence of `gnupg` in profile fixes the above. 3. `propagated-inputs` also fixes 1., but is not acceptable. 4. In theory, it should be possible to expose a PATH to `gnupg` in `inputs`; but after days of working towards it, I am still not capable of reaching this solution.
the problem is that there's no #! shebang line at the head of trezor_agent.py but i'm not sure that file needs to be patched. the user-facing entry point is trezor-agent, not the .py file.
From 8c8d465c28923591a5ef7124b1f6835a6f398c51 Mon Sep 17 00:00:00 2001 From: Marek Paśnikowski <marekpasnikowski@protonmail.com> Date: Mon, 22 Aug 2022 20:10:47 +0200 Subject: [PATCH] Add gnupg to propagated-inputs of trezor-agent This fixes "OSError: Cannot find 'gpgconf' in $PATH". --- gnu/packages/finance.scm | 2 ++ 1 file changed, 2 insertions(+) diff --git a/gnu/packages/finance.scm b/gnu/packages/finance.scm index 849f9aba99..f6c15aebdb 100644 --- a/gnu/packages/finance.scm +++ b/gnu/packages/finance.scm @@ -1223,6 +1223,8 @@ (define-public trezor-agent (list python-trezor python-trezor-agent)) (native-inputs (list python-attrs)) + (propagated-inputs + (list gnupg)) (home-page "https://github.com/romanz/trezor-agent") (synopsis "Using Trezor as hardware SSH/GPG agent") (description "This package allows using Trezor as a hardware SSH/GPG -- 2.37.2