From patchwork Sun Apr 13 16:29:31 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jakob Kirsch X-Patchwork-Id: 41638 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 737D527BC4B; Sun, 13 Apr 2025 17:30:34 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=none autolearn=unavailable version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 3AFCA27BC49 for ; Sun, 13 Apr 2025 17:30:34 +0100 (BST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1u40Dm-0002aj-MN; Sun, 13 Apr 2025 12:30:14 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1u40Db-0002Tr-BR for guix-patches@gnu.org; Sun, 13 Apr 2025 12:30:05 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1u40Db-0001eY-20 for guix-patches@gnu.org; Sun, 13 Apr 2025 12:30:03 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debbugs.gnu.org; s=debbugs-gnu-org; h=MIME-Version:From:Date:To:Subject; bh=+s9zvnuA8nJNJS4XrNqEtDtWuJr+DF8ZQbaHvu9awZQ=; b=hc8NvmpB81GT7kVS1gB868MQuGpxMxYVmYTBQBP7er7aAhBay4CUoMWcYyICcplKHi1rkwdGMyItESHKDjAhOfdOD1k8tQHNblqZPzAuRgH/CSoiHRueZDmiCVNlI5UBmDbxvnUDbVmXPsN/bzNbefIjLluCBVS8z3wTqYLnd3gDV5czKKYDjNCgWyfQMMhN/4CpI2LkpOiDZZPuoBvN5PmbXNae/3Ss24BkHvsp+QJUFvS1GXF0YwaLT5EdJ9ajdrXQrJ4FADdiDKs7ACbnRAqxc8kxTy2D8NI4OaHOj6tk8sdwgqvQrUJyFiF4sqYWVHotbLnfEKp/faQWouITvA==; Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1u40Da-0005Pb-Ry for guix-patches@gnu.org; Sun, 13 Apr 2025 12:30:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#77785] [PATCH] gnu: cura: prevent importing outside of store Resent-From: Jakob Kirsch Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sun, 13 Apr 2025 16:30:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 77785 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 77785@debbugs.gnu.org X-Debbugs-Original-To: guix-patches@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.174456180020759 (code B ref -1); Sun, 13 Apr 2025 16:30:02 +0000 Received: (at submit) by debbugs.gnu.org; 13 Apr 2025 16:30:00 +0000 Received: from localhost ([127.0.0.1]:43590 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1u40DY-0005Oj-4J for submit@debbugs.gnu.org; Sun, 13 Apr 2025 12:30:00 -0400 Received: from lists.gnu.org ([2001:470:142::17]:47650) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1u40DW-0005O0-Fc for submit@debbugs.gnu.org; Sun, 13 Apr 2025 12:29:59 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1u40DC-0002Fe-Sd for guix-patches@gnu.org; Sun, 13 Apr 2025 12:29:39 -0400 Received: from mout.web.de ([212.227.15.14]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1u40DA-0001bp-05 for guix-patches@gnu.org; Sun, 13 Apr 2025 12:29:38 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=web.de; s=s29768273; t=1744561773; x=1745166573; i=jakob.kirsch@web.de; bh=+s9zvnuA8nJNJS4XrNqEtDtWuJr+DF8ZQbaHvu9awZQ=; h=X-UI-Sender-Class:Date:From:To:Subject:Message-ID:MIME-Version: Content-Type:cc:content-transfer-encoding:content-type:date:from: message-id:mime-version:reply-to:subject:to; b=rG+J306JlovybvQScmgZdxwqOOD23JleCw9xfsMj3WJ/AgOJq1reR6N1Boh5GY/C QbmGaQg/LxQYwqmIeVmkLJB1BDK+3Ruf1qyQL73+U3zGieqMYX1iNNIUYDGBGGZDR +HZQ2CRpvOBqf0WCRuvw64yq7s2TFMDEA/pDaLC+mvtxzT/XRBKT8tTiYe+2x+l8W f3a5BLfFzdUWTxNF095IVjMzjxQttsyrTnYv8hKw5oPE6zEY9jH/HT9O2c1yI4AM0 gMTddpqSs3/KuDUdXB94YH8FwSge28cvfSeJNkjKURFOlEwTrjcXvXMWZ9P/BRD/O WmLh1DSHJ2tQMIuWtQ== X-UI-Sender-Class: 814a7b36-bfc1-4dae-8640-3722d8ec6cd6 Received: from kernelpanicroom ([134.19.24.167]) by smtp.web.de (mrweb006 [213.165.67.108]) with ESMTPSA (Nemesis) id 1MMGyA-1tmsV046oo-00TsDr for ; Sun, 13 Apr 2025 18:29:33 +0200 Date: Sun, 13 Apr 2025 18:29:31 +0200 Message-ID: MIME-Version: 1.0 Content-Disposition: inline X-Provags-ID: V03:K1:VR04c7HcSkgSmBDim8SaEORhfASUSqLuQoyYyaaW+IFLPfgqy/m oiYqlEQ88tD8GGVMQl7UgQnYBdSix3jLUdEVIyDt5DLsemwS5/dBW3TOFdZqdo/VWU7qd3x LzwvhgWaEh8VQciENBtE3jjjbSnEmXfvu6X5W8nbq5THDJEyS1kTjWIxgIWy6bogWXF0qyy 0GgBisyN9tyucolbtwBag== UI-OutboundReport: notjunk:1;M01:P0:0fZs9gDzusU=;XBA6ZWPAr2um4nls3b1IFkKfhK6 1PtzlnylAebu4vNb8ahXZnhHAxCuJfpsJBXjv7z1LV/Cx/vsJQ4g3Q4KVIZfWiEWYLAGD0knl WaOHEtZADchnn9kOvQiBQKsH5V3lkMpKsOxZmz0pgxZNmlKbeJ+HnvSfiRE6BALjQKP2Tz5kS RqiNX1kOAvowi9MY4ZRfk4/7qkMXyPHWm81Zw9gx12Yuv/nrTSvw79xJCvHAcXRlX/NC5eZU+ aBM4iu4rybJYfhvV7c+OvgRYIljs7W5DTUYH2f/JfvTXs1tDtanwWXtCHlaPAYmVTSy5yBuAy H2EdAtuhPS84eY42cDRdGZYopmsKIBLXaJ2PC297bWDaxP6yVNuuAbhMy1XumOIbUo7bb/1mZ 4vnYnF0ACwmNYSZMxZvUgX8xaXMBdffkyn9qrUuQD4No2ZNvkSQi77pEQ6miQLlXm1RxIp9A8 6xK34Y+0BrvZBfL+0vN9DOReEUTQSB4Ory5zgJFvBCd5jp19ZIcL5AM4ph/WplPaR/Awi1fxo C8L17Jx33A8MwAJJK4NmcLaNh0PL7hHNjqfQ05KaW06IE0eZQVrg1YgiLOBp2MKB/XC6tfqIo 4BFvbPu1Y73YrjM4C0mCt0LzTXCzJaE3miIswrxBnrockIIvgu/AdpivshH3y5fmo27S/BNVz Jo9VOl+kUhBfj/VDnCOSR9N/Jf/VaZ7jPj3+WgnNx5FIgVZpZkjumVT+bwU/sv6zWrJWOhN8V SScgZb4r+kf0gPrR/lZueCXaaY/cE7uVTznyhVP+aDxinVs9xbPBWsITRbjPxAXtw/BRw6+Ax ni6V/5eSow1WzO79TzkZS6s5oHip4xFo1EwxoyWhqL9aDNBL2DH2ZEOW3sk02iUEHCOegCLwF kxEGTZow9OmVZoRh/WbNgCihKdu2LBaSMpyKAwnteFVBT7OO7zd0vzkhPVokUlV4cI5jslhTM 4k7qqwxAVA5JyEwt3zkooVs3kL8xOyjxnmgJiyR8e9rCNTXku+vhhzFMs8/OCoI9QsIhDDCMe Rk39znvnT/vAOrNMeWF/lsb48ARCYNomBXHqRTgtkKgFmzMxUR66dqvUxcVYq8lcO1PvMLamp Mnp18YV3jjv1zdiSUGWJAgovKZ74Goqp9oCIc5GOierv7lGxKVvPausf6euu1/c+aO7kJnUq1 Y1rV5ZrCeZQOMyvvOqH4jFZlVyERG4S/EQS+QPrOnFoW/gT7sAItWgTuDW/EXfDTM5Ud0rAd5 4jZMY7+f2cmhDrFI2sYNPhaT+WMIvBTAODShaTDe166RMYBAvL3Detp8pyp23Y75ra30lT2Hn 0z3FRVmPXca38lJaSGWuJlMJm7/8IKiaKE+YO2GfPePg9ROT28tRarHJyippB9G7/MkL+SXkT mM7CnldrpuBJyYhNBeo6id27elYa7kGGKkQGxhbyaT093GqVsQxXgIybprQ4ZaYMMIyk6x9ic CZU2EM2oe4PLUoQ32sGsX10Ci7Fk6AS5IYhrRsdXCu6+tXRpT Received-SPF: pass client-ip=212.227.15.14; envelope-from=jakob.kirsch@web.de; helo=mout.web.de X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-to: Jakob Kirsch X-ACL-Warn: , Jakob Kirsch via Guix-patches X-Patchwork-Original-From: Jakob Kirsch via Guix-patches via From: Jakob Kirsch Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches I've recently tried to run cura but it kept crashing because it couldn't find shared libraries. As it turns out, python adds directories in the home directory to the search path and a pyqt5 installed by pip managed to be loaded, which obviously won't work. This patch addresses this by adding a small snippet of code to the top of bin/cura that clears out all paths from sys.path that don't start with /gnu. From f49e1297a0be295a7d47ebf33fe3e27ceecefefa Mon Sep 17 00:00:00 2001 Message-ID: From: Jakob Kirsch Date: Sun, 13 Apr 2025 18:25:20 +0200 Subject: [PATCH] gnu: cura: prevent importing outside of store * gnu/packages/engineering.scm (cura)[arguments]<#:phases>: substitute* code into bin/cura to clear all paths from sys.path that don't start with /gnu. Change-Id: Ie67c26ae7d43d5801a6cde7619491dacedf4e2a0 --- gnu/packages/engineering.scm | 75 ++++++++++++++++++------------------ 1 file changed, 37 insertions(+), 38 deletions(-) base-commit: 94e7afbb557d3f2709072bf2bf58618293ca7fbd -- 2.49.0 diff --git a/gnu/packages/engineering.scm b/gnu/packages/engineering.scm index f37b0e3844..079e849ae9 100644 --- a/gnu/packages/engineering.scm +++ b/gnu/packages/engineering.scm @@ -4897,46 +4897,45 @@ (define-public cura (sha256 (base32 "0yg17pcrj5gm02aqcjfk40ynvpb9r9aaq9rj108dkpki1is15ks7")))) (build-system qt-build-system) - (native-inputs - (list python-certifi - python-mypy - python-pytest - python-requests)) - (inputs - (list bash-minimal - cura-engine - libcharon - libsavitar - python - python-keyring - python-pynest2d - python-pyserial - python-sentry-sdk - python-sip - uranium)) + (native-inputs (list python-certifi python-mypy python-pytest + python-requests)) + (inputs (list bash-minimal + cura-engine + libcharon + libsavitar + python + python-keyring + python-pynest2d + python-pyserial + python-sentry-sdk + python-sip + uranium)) (arguments - `(;; TODO: Fix tests. - #:tests? #f + `( ;TODO: Fix tests. + #:tests? #f #:configure-flags '("-DURANIUM_SCRIPTS_DIR=") - #:phases - (modify-phases %standard-phases - (add-after 'install 'link-to-CuraEngine - (lambda* (#:key inputs outputs #:allow-other-keys) - (symlink (string-append (assoc-ref inputs "cura-engine") - "/bin/CuraEngine") - (string-append (assoc-ref outputs "out") - "/bin/CuraEngine")))) - (add-after 'link-to-CuraEngine 'wrap-pythonpath - (lambda* (#:key outputs #:allow-other-keys) - (let ((out (assoc-ref outputs "out"))) - (wrap-program (string-append out "/bin/cura") - (list "GUIX_PYTHONPATH" - 'prefix (list (string-append out - "/lib/python" - ,(version-major+minor - (package-version python)) - "/site-packages") - (getenv "GUIX_PYTHONPATH")))))))))) + #:phases (modify-phases %standard-phases + (add-after 'install 'link-to-CuraEngine + (lambda* (#:key inputs outputs #:allow-other-keys) + (symlink (string-append (assoc-ref inputs "cura-engine") + "/bin/CuraEngine") + (string-append (assoc-ref outputs "out") + "/bin/CuraEngine")))) + (add-after 'link-to-CuraEngine 'wrap-pythonpath + (lambda* (#:key outputs #:allow-other-keys) + (let ((out (assoc-ref outputs "out"))) + (begin + (substitute* (string-append out "/bin/cura") + (("import sys") + "import sys; [sys.path.remove(x) for x in sys.path if not x.startswith('/gnu')]")) + (wrap-program (string-append out "/bin/cura") + (list "GUIX_PYTHONPATH" + 'prefix + (list (string-append out "/lib/python" + ,(version-major+minor (package-version + python)) + "/site-packages") + (getenv "GUIX_PYTHONPATH"))))))))))) (home-page "https://github.com/Ultimaker/Cura") (synopsis "Slicer for 3D printers") (description "Cura is a slicing software from Ultimaker. A @emph{slicer}