| Message ID | 0dafbea136e328cd214e7e1fb05ab91ab04b17da.1739829485.git.ryan@arctype.co |
|---|---|
| State | New |
| Headers |
Return-Path: <guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org> X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 15B4427BBEA; Mon, 17 Feb 2025 22:00:16 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-6.4 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_DNSWL_BLOCKED, RCVD_IN_VALIDITY_CERTIFIED,RCVD_IN_VALIDITY_RPBL,RCVD_IN_VALIDITY_SAFE, SPF_HELO_PASS,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id BE5EB27BBE2 for <patchwork@mira.cbaines.net>; Mon, 17 Feb 2025 22:00:15 +0000 (GMT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from <guix-patches-bounces@gnu.org>) id 1tk99s-0003tc-6V; Mon, 17 Feb 2025 17:00:08 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1tk99q-0003tI-JC for guix-patches@gnu.org; Mon, 17 Feb 2025 17:00:06 -0500 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1tk99q-0002VP-8G; Mon, 17 Feb 2025 17:00:06 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debbugs.gnu.org; s=debbugs-gnu-org; h=MIME-Version:Date:From:To:Subject; bh=tR13vk820nitQmWsDbDaYvl2YSdhDOqypBLBEaX+IWg=; b=DMRebFsVu8Dx8xkhogJRkBRaN5BIF64fyfwFMattqbPmZt+maV8copTJCz+yA0V3xljgdCwH4o07N4C+UI21BxpvikjFWbbYCkVnEeQCYu+6r+XLAhpUFYZFmpUoUIT63bhynrOayHoBOiBUdRTRvepZUXHmnMudHI3o9X6X1p/Gy58zQhutbZL29jKN6buss7F1/ERJ89dZ9+0AonCd6bGGJKq/XxLaqjNZpturMUinVcwK7bBYE/ZWQUjhtKr95Km5Le9ocOqn854OvTsKbfSExS0L1hpptnBWW6JYoLjyCUMRvc9Fe1I3oP/IXZh4XvOuIKPpeeTWAGv4S5yVxw==; Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1tk99m-00033v-Ex; Mon, 17 Feb 2025 17:00:02 -0500 X-Loop: help-debbugs@gnu.org Subject: [bug#76376] [PATCH] guix: gexp: canonicalize file paths for import Resent-From: Ryan Sundberg <ryan@arctype.co> Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org> Resent-CC: guix@cbaines.net, dev@jpoiret.xyz, ludo@gnu.org, othacehe@gnu.org, zimon.toutoune@gmail.com, me@tobias.gr, guix-patches@gnu.org Resent-Date: Mon, 17 Feb 2025 22:00:02 +0000 Resent-Message-ID: <handler.76376.B.173982956611601@debbugs.gnu.org> Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 76376 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 76376@debbugs.gnu.org Cc: Ryan Sundberg <ryan@arctype.co>, Christopher Baines <guix@cbaines.net>, Josselin Poiret <dev@jpoiret.xyz>, Ludovic =?utf-8?q?Court=C3=A8s?= <ludo@gnu.org>, Mathieu Othacehe <othacehe@gnu.org>, Simon Tournier <zimon.toutoune@gmail.com>, Tobias Geerinckx-Rice <me@tobias.gr> X-Debbugs-Original-To: guix-patches@gnu.org X-Debbugs-Original-Xcc: Christopher Baines <guix@cbaines.net>, Josselin Poiret <dev@jpoiret.xyz>, Ludovic =?utf-8?q?Court=C3=A8s?= <ludo@gnu.org>, Mathieu Othacehe <othacehe@gnu.org>, Simon Tournier <zimon.toutoune@gmail.com>, Tobias Geerinckx-Rice <me@tobias.gr> Received: via spool by submit@debbugs.gnu.org id=B.173982956611601 (code B ref -1); Mon, 17 Feb 2025 22:00:02 +0000 Received: (at submit) by debbugs.gnu.org; 17 Feb 2025 21:59:26 +0000 Received: from localhost ([127.0.0.1]:50460 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>) id 1tk99C-000310-6D for submit@debbugs.gnu.org; Mon, 17 Feb 2025 16:59:26 -0500 Received: from lists.gnu.org ([2001:470:142::17]:36440) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from <ryan@arctype.co>) id 1tk994-0002zz-BJ for submit@debbugs.gnu.org; Mon, 17 Feb 2025 16:59:19 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <ryan@arctype.co>) id 1tk98y-0003nY-RQ for guix-patches@gnu.org; Mon, 17 Feb 2025 16:59:12 -0500 Received: from mail.arctype.co ([138.68.9.245]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from <ryan@arctype.co>) id 1tk98w-0002G2-Id for guix-patches@gnu.org; Mon, 17 Feb 2025 16:59:12 -0500 Received: from authenticated-user (mail.arctype.co [138.68.9.245]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by mail.arctype.co (Postfix) with ESMTPSA id 94FCC13B3B6; Mon, 17 Feb 2025 21:58:55 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=arctype.co; s=mail; t=1739829535; bh=vKdpgzDvEqBWHS27E/U7tzuRVcQnsZqymzUUgd8zWo4=; h=From:To:Cc:Subject:Date:From; b=qNe77IicaLsunoHx7ZwbQgz+aa7VmV0xeTtEmwP2wabbn0Zu8Fi0A5CK5bdrYDbjL RDI0BCW6tUI1eQ6d7ZIaC+HCaPq4S46SZcbf9QXS8/bu7BYfZgmeyOjyx9pA9vbK2u AZVESw4i6CZN3vIduxINwGpWYPbWxpb+/VGEo9NmYhAL2B90IKnDoKDkOJRaqMtLyt PVcg+Ir8WJ34OILI6wW3btDs8rVOvgOsKtkKIDrQfvetE/FF9oITHY1BdLe6vvumaS DtCgniWZWljU7P6ZUb9FWbIZOj8CylED9S4YR2yOPTYGP7WtvcBUaCg7qpO1l8nCh0 F7namNiBdCKTg== Date: Mon, 17 Feb 2025 13:58:44 -0800 Message-ID: <0dafbea136e328cd214e7e1fb05ab91ab04b17da.1739829485.git.ryan@arctype.co> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Received-SPF: pass client-ip=138.68.9.245; envelope-from=ryan@arctype.co; helo=mail.arctype.co X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: <guix-patches.gnu.org> List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>, <mailto:guix-patches-request@gnu.org?subject=unsubscribe> List-Archive: <https://lists.gnu.org/archive/html/guix-patches> List-Post: <mailto:guix-patches@gnu.org> List-Help: <mailto:guix-patches-request@gnu.org?subject=help> List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>, <mailto:guix-patches-request@gnu.org?subject=subscribe> Reply-to: Ryan Sundberg <ryan@arctype.co> X-ACL-Warn: , Ryan Sundberg via Guix-patches <guix-patches@gnu.org> From: Ryan Sundberg via Guix-patches via <guix-patches@gnu.org> Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches |
| Series |
[bug#76376] guix: gexp: canonicalize file paths for import
|
|
Commit Message
Ryan Sundberg
Feb. 17, 2025, 9:58 p.m. UTC
When we intern a file from the store during `imported-modules`, if the file is a symlink (e.g., from a Guix profile), a dangling symlink can be created in the module-import builder. Follow any symlinks before interning the files to the store, so that the file itself is imported and not the dangling link. See also: https://issues.guix.gnu.org/73275 * guix/gexp.scm (imported-files/derivation): canonicalize-path Change-Id: Ic0af90cda7c5c5819526e455cf62300e18408dbd --- guix/gexp.scm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) base-commit: 91b18baa4274a025d28f06133682a9269217730d
Comments
Hello team, This is a patch for a "deep" bug in Guix gexp processing which evokes in circumstances when using g-expressions to build things that try to create module closures with code that is referenced in the current environment via symlink. It can manifest in difficult to comprehend errors, such as "no code for module: (guix utils)` when guix/utils.scm is correctly defined in the load path of the program and exists (but it is a symlink, such as by using `guix shell` to load another guix environment, e.g. where the shell imports a different guix itself). In my use case, I was using `guix` to build raw os disk images with my own set of customized packages and services when this bug blocked me at a dead stop. The root cause of this after much complex debugging, tracing, and reading helped me to identify the bug report from Ludo at https://issues.guix.gnu.org/73275 and understand the dangling symlink issue. What happens here, and what this patch fixes, is that the `interned-file` procedure will not follow symlinks, and will intern a symlink if it is told to. In most scenarios this is harmless as the symlinks intersect to something (e.g. guix/utils.scm) which is already in the profile anyways, so the bug is dormant. However, in other cases, it is possible to create a dangling symlink here when `imported-modules` references a file which is a symlink on the Guile %load-path, and `interned-file` in this line of gexp.scm can intern a dangling symlink. This patch closes that possibility by canonicalizing the path of the interned file before loading it into the module closure path, so that `imported-modules` will never import a dangling symlink to a guile file used by a module-closure. --Ryan
Hi, Ryan Sundberg <ryan@arctype.co> skribis: > When we intern a file from the store during `imported-modules`, if the > file is a symlink (e.g., from a Guix profile), a dangling symlink can be > created in the module-import builder. > > Follow any symlinks before interning the files to the store, so that the > file itself is imported and not the dangling link. > > See also: https://issues.guix.gnu.org/73275 > > * guix/gexp.scm (imported-files/derivation): canonicalize-path > > Change-Id: Ic0af90cda7c5c5819526e455cf62300e18408dbd [...] > ((final-path . (? string? file-name)) > - (mlet %store-monad ((file (interned-file file-name > + (mlet %store-monad ((file (interned-file (canonicalize-path file-name) > (basename final-path)))) Instead of calling ‘canonicalize-path’, which leads to many syscalls, I’d suggest: (interned-file file-name (basename final-path) #:recursive? #f) I believe that would have the desired effect. Could you also add a test that reproduces the problem? Thanks, Ludo’.
diff --git a/guix/gexp.scm b/guix/gexp.scm index e44aea6420..85351b0322 100644 --- a/guix/gexp.scm +++ b/guix/gexp.scm @@ -1576,7 +1576,7 @@ (define* (imported-files/derivation files (define file-pair (match-lambda ((final-path . (? string? file-name)) - (mlet %store-monad ((file (interned-file file-name + (mlet %store-monad ((file (interned-file (canonicalize-path file-name) (basename final-path)))) (return (list final-path file)))) ((final-path . file-like)