From patchwork Fri Mar 19 02:34:51 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Philip McGrath X-Patchwork-Id: 27967 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 2730027BC57; Fri, 19 Mar 2021 02:36:16 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DKIM_SIGNED, MAILING_LIST_MULTI,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_PASS, T_DKIM_INVALID,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.2 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id EF76227BC55 for ; Fri, 19 Mar 2021 02:36:14 +0000 (GMT) Received: from localhost ([::1]:38976 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lN4zm-0002My-2P for patchwork@mira.cbaines.net; Thu, 18 Mar 2021 22:36:14 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:53902) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lN4za-0002Mp-JB for guix-patches@gnu.org; Thu, 18 Mar 2021 22:36:02 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:36832) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1lN4za-0002Ye-9G for guix-patches@gnu.org; Thu, 18 Mar 2021 22:36:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1lN4zZ-0005IR-Tp for guix-patches@gnu.org; Thu, 18 Mar 2021 22:36:01 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#47180] [PATCH v2] gnu: racket: Don't inject store paths into Racket files. Resent-From: Philip McGrath Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Fri, 19 Mar 2021 02:36:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 47180 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 47180@debbugs.gnu.org Cc: Philip McGrath Received: via spool by 47180-submit@debbugs.gnu.org id=B47180.161612133920329 (code B ref 47180); Fri, 19 Mar 2021 02:36:01 +0000 Received: (at 47180) by debbugs.gnu.org; 19 Mar 2021 02:35:39 +0000 Received: from localhost ([127.0.0.1]:48378 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lN4z4-0005Hf-7d for submit@debbugs.gnu.org; Thu, 18 Mar 2021 22:35:39 -0400 Received: from mail-qv1-f49.google.com ([209.85.219.49]:40569) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lN4z2-0005HQ-2g for 47180@debbugs.gnu.org; Thu, 18 Mar 2021 22:35:29 -0400 Received: by mail-qv1-f49.google.com with SMTP id d10so4324040qve.7 for <47180@debbugs.gnu.org>; Thu, 18 Mar 2021 19:35:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=philipmcgrath.com; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=l+CTx4EBN+cz7gOieTPAqPlOS1Tjl4YDp92ygVUhoog=; b=JX+58dKoBU5oIvVotwTODQvy/KVvu9BYp2fLlh0+5H2BCMZV/0rPg3roHG1R9m5dTg dqhdV2FGxhhE62KZOlWB0RryDa8WGBghKnTHS1W11/4i7r0qwkEQ0Yv+wjaSm2vM8tyZ i+o3+krtqa3sAutWR9TCYMKDpBY8tcRRgvlwhjJeqQLJBPVyHciHg/KkAfMPXMM9fPJq Hrs6yNw1hSh+KhN42hkBKnLEFJu9MMvqAhDfJlSX++V/ikuZ9JLZGMwI7yn1ZTrBXhgN 4Dh9SKYCJWY+bh6xBg1/vU1UaVEjA0M6138I4YPfbxp7690kdc1In7BIxwYMP2BspJwQ J1Lg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=l+CTx4EBN+cz7gOieTPAqPlOS1Tjl4YDp92ygVUhoog=; b=mwsafZDlaU2COB7OyLYvVwunSbhHe7mZayK3HJvyRCZU0Q5ALBVPQHrfq5w3yNeS/W tsc9i5DJ+V9wE/kxlSLhfbaZnm5OoSdH3sETt0z12KOhW4JKIo5fXh9bty5EQqPopJLO P9n9uYzMuT4QLHkqOvwiss9HZSlX+74CL6n/m5Q23nYkLYVAegoFSPfHAvfYrLRKu55r t2Mkejns3B9PYnLoQNkjjDHR7fwPDSgQr8bSJps2YorWDpRa2MN8qCBXKMT3hZNOrsTh Nzg8HHRcKPN3G/E6vyuhYT5Q6LidGkp55iKGfKUIRC/mx0nf9hrpHxUL2f1mDH54fTAH iJuQ== X-Gm-Message-State: AOAM530LBdVsMk7iLSt40Zwnr+B9ceqnRunPR21Oqlhv0xKo2u+8Q6DV PsvuPvMCPlP/AR9RFf68du3/1YTRARUc+OvK9zY= X-Google-Smtp-Source: ABdhPJyXQFSU0Vv0qJFuef9bvwYApCiYRcPntY6fwB17JBfJS8vORt7+4Daj9Td2VfB46N+PjwDnbw== X-Received: by 2002:a05:6214:80a:: with SMTP id df10mr7444270qvb.46.1616121321851; Thu, 18 Mar 2021 19:35:21 -0700 (PDT) Received: from localhost (c-73-125-89-242.hsd1.fl.comcast.net. [73.125.89.242]) by smtp.gmail.com with ESMTPSA id r17sm2764838qtn.25.2021.03.18.19.35.21 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 18 Mar 2021 19:35:21 -0700 (PDT) From: Philip McGrath Date: Thu, 18 Mar 2021 22:34:51 -0400 Message-Id: <20210319023451.3405-1-philip@philipmcgrath.com> X-Mailer: git-send-email 2.21.1 (Apple Git-122.3) In-Reply-To: References: MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: "Guix-patches" X-getmail-retrieved-from-mailbox: Patches Apparently, during grafting, Guix can somehow mangle compiled Racket CS files (.zo) such that Racket will refuse to load them. (Maybe it has something to do with compression?) So, we stop patching Racket sources with absolute paths to store files (i.e. for foreign libraries to dlopen). Instead, we put them in a data file that doesn't get compiled or, in one case, embed it in C. Fixes https://issues.guix.gnu.org/47064 * gnu/packages/patches/racket-sh-via-rktio.patch: New file. Adds a special case at the C level, controlled by a preprocessor macro, to handle attempts to execute "/bin/sh". * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/scheme.scm (racket)[source](patches): Apply it. (racket)[arguments](#:configure-flags): Add the CPP flag to enable it. (racket)[arguments](#:modules): Use srfi-1. (racket)[arguments](#:phases): Remove 'patch-/bin/sh and 'pre-configure. Change 'pre-configure-minimal to just change directory. Add 'patch-config.rktd-lib-search-dirs after 'build and before 'install to configure Racket's "lib-search-dirs". (racket, racket-minimal)[inputs]: Add bash-minimal as an explicit input. (racket-minimal)[source]: Adjust to inherit patches from racket. (racket-minimal)[arguments]: Inherit from racket: changes no longer needed. --- gnu/local.mk | 2 + .../patches/racket-sh-via-rktio.patch | 87 ++++++++ gnu/packages/scheme.scm | 191 ++++++++---------- 3 files changed, 176 insertions(+), 104 deletions(-) create mode 100644 gnu/packages/patches/racket-sh-via-rktio.patch diff --git a/gnu/local.mk b/gnu/local.mk index afd9c17f9c..1128dbd080 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -40,6 +40,7 @@ # Copyright © 2020 Malte Frank Gerdes # Copyright © 2020 Vinicius Monego # Copyright © 2021 Björn Höfling +# Copyright © 2021 Philip McGrath # # This file is part of GNU Guix. # @@ -1629,6 +1630,7 @@ dist_patch_DATA = \ %D%/packages/patches/ripperx-missing-file.patch \ %D%/packages/patches/rpcbind-CVE-2017-8779.patch \ %D%/packages/patches/rtags-separate-rct.patch \ + %D%/packages/patches/racket-sh-via-rktio.patch \ %D%/packages/patches/racket-store-checksum-override.patch \ %D%/packages/patches/remake-impure-dirs.patch \ %D%/packages/patches/retroarch-LIBRETRO_DIRECTORY.patch \ diff --git a/gnu/packages/patches/racket-sh-via-rktio.patch b/gnu/packages/patches/racket-sh-via-rktio.patch new file mode 100644 index 0000000000..b4fefd1514 --- /dev/null +++ b/gnu/packages/patches/racket-sh-via-rktio.patch @@ -0,0 +1,87 @@ +From 3574b567c486d264d680a37586436c3b5a8cb978 Mon Sep 17 00:00:00 2001 +From: Philip McGrath +Date: Thu, 4 Mar 2021 04:11:50 -0500 +Subject: [PATCH] patch rktio_process for "/bin/sh" on Guix + +Racket provides the functions `system` and `process`, +which execute shell commands using `sh` (or `cmd` on Windows). +Racket assumes that `sh` can be found at "/bin/sh", +which is not necessarily true on Guix. + +This patch adds a special case for "/bin/sh" to `rktio_process`, +the C function that implements the core of `system`, `process`, +and related Racket functions. + +Guix should enable the special case by defining the C preprocessor +macro `GUIX_RKTIO_PATCH_BIN_SH` with the path to `sh` in the store. +If: + + 1. The `GUIX_RKTIO_PATCH_BIN_SH` macro is defined; and + + 2. `rktio_process` is called with the exact path "/bin/sh"; and + + 3. The path specified by `GUIX_RKTIO_PATCH_BIN_SH` does exists; + +then `rktio_process` will execute the file specified +by `GUIX_RKTIO_PATCH_BIN_SH` instead of "/bin/sh". + +Compared to previous attempts to patch the Racket sources, +making this change at the C level is both: + + - More comprehensive: it catches all attempts to execute "/bin/sh", + without having to track down the source of every occurance; and + + - Less intrusive: by guarding the special case with a C preprocessor + conditional and a runtime check that the file in the store exists, + we make it much less likely that it will "leak" out of Guix. +--- + src/rktio/rktio_process.c | 21 ++++++++++++++++++++- + 1 file changed, 20 insertions(+), 1 deletion(-) + +diff --git a/src/rktio/rktio_process.c b/src/rktio/rktio_process.c +index 89202436c0..465ebdd5c5 100644 +--- a/src/rktio/rktio_process.c ++++ b/src/rktio/rktio_process.c +@@ -1224,12 +1224,14 @@ int rktio_process_allowed_flags(rktio_t *rktio) + /*========================================================================*/ + + rktio_process_result_t *rktio_process(rktio_t *rktio, +- const char *command, int argc, rktio_const_string_t *argv, ++ /* PATCHED for Guix (next line) */ ++ const char *_guix_orig_command, int argc, rktio_const_string_t *argv, + rktio_fd_t *stdout_fd, rktio_fd_t *stdin_fd, rktio_fd_t *stderr_fd, + rktio_process_t *group_proc, + const char *current_directory, rktio_envvars_t *envvars, + int flags) + { ++ const char *command; /* PATCHED for Guix */ + rktio_process_result_t *result; + intptr_t to_subprocess[2], from_subprocess[2], err_subprocess[2]; + int pid; +@@ -1255,6 +1257,23 @@ rktio_process_result_t *rktio_process(rktio_t *rktio, + int i; + #endif + ++/* BEGIN PATCH for Guix */ ++#if defined(GUIX_RKTIO_PATCH_BIN_SH) ++# define GUIX_AS_a_STR_HELPER(x) #x ++# define GUIX_AS_a_STR(x) GUIX_AS_a_STR_HELPER(x) ++ /* A level of indirection makes `#` work as needed: */ ++ command = ++ ((0 == strcmp(_guix_orig_command, "/bin/sh")) ++ && rktio_file_exists(rktio, GUIX_AS_a_STR(GUIX_RKTIO_PATCH_BIN_SH))) ++ ? GUIX_AS_a_STR(GUIX_RKTIO_PATCH_BIN_SH) ++ : _guix_orig_command; ++# undef GUIX_AS_a_STR ++# undef GUIX_AS_a_STR_HELPER ++#else ++ command = _guix_orig_command; ++#endif ++/* END PATCH for Guix */ ++ + /* avoid compiler warnings: */ + to_subprocess[0] = -1; + to_subprocess[1] = -1; +-- +2.21.1 (Apple Git-122.3) + diff --git a/gnu/packages/scheme.scm b/gnu/packages/scheme.scm index 10be0aa28a..b5d526bfc3 100644 --- a/gnu/packages/scheme.scm +++ b/gnu/packages/scheme.scm @@ -14,6 +14,7 @@ ;;; Copyright © 2020 Pierre Neidhardt ;;; Copyright © 2020 Brett Gilio ;;; Copyright © 2020 Edouard Klein +;;; Copyright © 2021 Philip McGrath ;;; ;;; This file is part of GNU Guix. ;;; @@ -43,6 +44,7 @@ #:use-module (guix build-system trivial) #:use-module (gnu packages autotools) #:use-module (gnu packages bdw-gc) + #:use-module (gnu packages bash) #:use-module (gnu packages compression) #:use-module (gnu packages databases) #:use-module (gnu packages libevent) @@ -411,94 +413,26 @@ implementation techniques and as an expository tool.") (base32 "047wpjblfzmf1msz7snrp2c2h0zxyzlmbsqr9bwsyvz3frcg0888")) (patches (search-patches + "racket-sh-via-rktio.patch" + ;; TODO: If we're no longer patching Racket source + ;; files with store paths, we may also fix the + ;; issue that necessitated the following patch: "racket-store-checksum-override.patch")))) (build-system gnu-build-system) (arguments - '(#:configure-flags - '("--enable-libz" + `(#:configure-flags + `(,(string-append "CPPFLAGS=-DGUIX_RKTIO_PATCH_BIN_SH=" + (assoc-ref %build-inputs "sh") + "/bin/sh") + "--enable-libz" "--enable-liblz4") + #:modules + ((guix build gnu-build-system) + (guix build utils) + (srfi srfi-1)) #:phases (modify-phases %standard-phases - (add-before 'configure 'pre-configure-minimal - (lambda* (#:key inputs #:allow-other-keys) - ;; Patch dynamically loaded libraries with their absolute paths. - (let* ((library-path (search-path-as-string->list - (getenv "LIBRARY_PATH"))) - (find-so (lambda (soname) - (search-path - library-path - (format #f "~a.so" soname))))) - (substitute* "collects/db/private/sqlite3/ffi.rkt" - (("ffi-lib sqlite-so") - (format #f "ffi-lib \"~a\"" (find-so "libsqlite3")))) - (substitute* "collects/openssl/libssl.rkt" - (("ffi-lib libssl-so") - (format #f "ffi-lib \"~a\"" (find-so "libssl")))) - (substitute* "collects/openssl/libcrypto.rkt" - (("ffi-lib libcrypto-so") - (format #f "ffi-lib \"~a\"" (find-so "libcrypto"))))) - (chdir "src") - #t)) - (add-before 'pre-configure-minimal 'pre-configure - (lambda* (#:key inputs #:allow-other-keys) - ;; Patch dynamically loaded libraries with their absolute paths. - (let* ((library-path (search-path-as-string->list - (getenv "LIBRARY_PATH"))) - (find-so (lambda (soname) - (search-path - library-path - (format #f "~a.so" soname)))) - (patch-ffi-libs (lambda (file libs) - (for-each - (lambda (lib) - (substitute* file - (((format #f "\"~a\"" lib)) - (format #f "\"~a\"" (find-so lib))))) - libs)))) - (substitute* "share/pkgs/math-lib/math/private/bigfloat/gmp.rkt" - (("ffi-lib libgmp-so") - (format #f "ffi-lib \"~a\"" (find-so "libgmp")))) - (substitute* "share/pkgs/math-lib/math/private/bigfloat/mpfr.rkt" - (("ffi-lib libmpfr-so") - (format #f "ffi-lib \"~a\"" (find-so "libmpfr")))) - (substitute* "share/pkgs/readline-lib/readline/rktrl.rkt" - (("\\(getenv \"PLT_READLINE_LIB\"\\)") - (format #f "\"~a\"" (find-so "libedit")))) - (for-each - (lambda (x) (apply patch-ffi-libs x)) - '(("share/pkgs/draw-lib/racket/draw/unsafe/cairo-lib.rkt" - ("libfontconfig" "libcairo")) - ("share/pkgs/draw-lib/racket/draw/unsafe/glib.rkt" - ("libglib-2.0" "libgmodule-2.0" "libgobject-2.0")) - ("share/pkgs/draw-lib/racket/draw/unsafe/jpeg.rkt" - ("libjpeg")) - ("share/pkgs/draw-lib/racket/draw/unsafe/pango.rkt" - ("libpango-1.0" "libpangocairo-1.0")) - ("share/pkgs/draw-lib/racket/draw/unsafe/png.rkt" - ("libpng")) - ("share/pkgs/db-lib/db/private/odbc/ffi.rkt" - ("libodbc")) - ("share/pkgs/gui-lib/mred/private/wx/gtk/x11.rkt" - ("libX11")) - ("share/pkgs/gui-lib/mred/private/wx/gtk/gsettings.rkt" - ("libgio-2.0")) - ("share/pkgs/gui-lib/mred/private/wx/gtk/gtk3.rkt" - ("libgdk-3" "libgtk-3")) - ("share/pkgs/gui-lib/mred/private/wx/gtk/unique.rkt" - ("libunique-1.0")) - ("share/pkgs/gui-lib/mred/private/wx/gtk/utils.rkt" - ("libgdk-x11-2.0" "libgdk_pixbuf-2.0" "libgtk-x11-2.0")) - ("share/pkgs/gui-lib/mred/private/wx/gtk/gl-context.rkt" - ("libGL")) - ("share/pkgs/sgl/gl.rkt" - ("libGL" "libGLU"))))) - #t)) - (add-after 'unpack 'patch-/bin/sh - (lambda _ - (substitute* "collects/racket/system.rkt" - (("/bin/sh") (which "sh"))) - #t)) - (add-after 'patch-/bin/sh 'patch-chez-configure + (add-after 'unpack 'patch-chez-configure (lambda* (#:key inputs outputs #:allow-other-keys) (substitute* "src/cs/c/Makefile.in" (("/bin/sh") (which "sh"))) @@ -526,12 +460,69 @@ implementation techniques and as an expository tool.") (("/bin/cp") (which "cp")) (("/bin/echo") (which "echo"))) (substitute* "makefiles/installsh" - (("/bin/true") (which "true"))))))) + (("/bin/true") (which "true")))) + #t)) + (add-before 'configure 'pre-configure-minimal + (lambda* (#:key inputs #:allow-other-keys) + (chdir "src") + #t)) + (add-after 'build 'patch-config.rktd-lib-search-dirs + (lambda* (#:key inputs outputs #:allow-other-keys) + ;; We do this between the `build` and `install` phases + ;; so that we have racket to read and write the hash table, + ;; but it comes before `raco setup`, when foreign libraries + ;; are needed to build the documentation. + (define out (assoc-ref outputs "out")) + (apply invoke + "./cs/c/racketcs" + "-e" + ,(format #f + "~s" + '(let* ((args + (vector->list + (current-command-line-arguments))) + (file (car args)) + (extra-lib-search-dirs (cdr args))) + (write-to-file + (hash-update + (file->value file) + 'lib-search-dirs + (lambda (dirs) + (append dirs extra-lib-search-dirs)) + null) + #:exists 'truncate/replace + file))) + "--" + "../etc/config.rktd" + (filter-map (lambda (lib) + (cond + ((assoc-ref inputs lib) + => (lambda (pth) + (string-append pth "/lib"))) + (else + #f))) + '("cairo" + "fontconfig" + "glib" + "glu" + "gmp" + "gtk+" + "libjpeg" + "libpng" + "libx11" + "mesa" + "mpfr" + "openssl" + "pango" + "sqlite" + "unixodbc" + "libedit"))) + #t))) ;; XXX: how to run them? #:tests? #f)) (inputs - `(;; Hardcode dynamically loaded libraries for better functionality. - ;; sqlite and libraries for `racket/draw' are needed to build the doc. + `(;; sqlite and libraries for `racket/draw' are needed to build the doc. + ("sh" ,bash-minimal) ("zlib" ,zlib) ("zlib:static" ,zlib "static") ("lz4" ,lz4) @@ -571,29 +562,21 @@ of languages such as Typed Racket, R5RS and R6RS Scheme, and Datalog.") (inherit racket) (name "racket-minimal") (version (package-version racket)) - (source (origin - (method url-fetch) - (uri (list (string-append "https://mirror.racket-lang.org/installers/" - version "/racket-minimal-src.tgz") - ;; this mirror seems to have broken HTTPS: - (string-append - "http://mirror.informatik.uni-tuebingen.de/mirror/racket/" - version "/racket-minimal-src.tgz"))) - (sha256 - (base32 - "0mwyffw4gcci8wmzxa3j28h03h0gsz55aard8qrk3lri8r2xyg21")) - (patches (search-patches - "racket-store-checksum-override.patch")))) + (source + (origin + (inherit (package-source racket)) + (uri (list (string-append "https://mirror.racket-lang.org/installers/" + version "/racket-minimal-src.tgz") + ;; this mirror seems to have broken HTTPS: + (string-append + "http://mirror.informatik.uni-tuebingen.de/mirror/racket/" + version "/racket-minimal-src.tgz"))) + (sha256 "0mwyffw4gcci8wmzxa3j28h03h0gsz55aard8qrk3lri8r2xyg21"))) (synopsis "Racket without bundled packages such as Dr. Racket") - (arguments - (substitute-keyword-arguments (package-arguments racket) - ((#:phases phases) - `(modify-phases ,phases - ;; Delete fix that applies to files not included in the minimal package. - (delete 'pre-configure))))) (inputs `(("openssl" ,openssl) ("sqlite" ,sqlite) + ("sh" ,bash-minimal) ("zlib" ,zlib) ("zlib:static" ,zlib "static") ("lz4" ,lz4)