From patchwork Fri Apr 12 10:01:17 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Ludovic_Court=C3=A8s?= X-Patchwork-Id: 62939 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id CC12127BBEA; Fri, 12 Apr 2024 11:02:16 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-3.7 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS, URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id B1BE827BBE2 for ; Fri, 12 Apr 2024 11:02:15 +0100 (BST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rvDjP-00035i-Ev; Fri, 12 Apr 2024 06:02:03 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rvDjO-00035G-15 for guix-patches@gnu.org; Fri, 12 Apr 2024 06:02:02 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rvDjN-0001De-CL; Fri, 12 Apr 2024 06:02:01 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1rvDjR-0001PO-4M; Fri, 12 Apr 2024 06:02:05 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#70350] [PATCH] pack: =?utf-8?b?4oCYLVLigJk=?= (once) does not include fakechroot fallback. Resent-From: Ludovic =?utf-8?q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix@cbaines.net, dev@jpoiret.xyz, ludo@gnu.org, othacehe@gnu.org, rekado@elephly.net, zimon.toutoune@gmail.com, me@tobias.gr, guix-patches@gnu.org Resent-Date: Fri, 12 Apr 2024 10:02:04 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 70350 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 70350@debbugs.gnu.org Cc: Ludovic =?utf-8?q?Court=C3=A8s?= , romain.garbage@inria.fr, Christopher Baines , Josselin Poiret , Ludovic =?utf-8?q?Court=C3=A8s?= , Mathieu Othacehe , Ricardo Wurmus , Simon Tournier , Tobias Geerinckx-Rice X-Debbugs-Original-To: guix-patches@gnu.org X-Debbugs-Original-Xcc: Christopher Baines , Josselin Poiret , Ludovic =?utf-8?q?Court=C3=A8s?= , Mathieu Othacehe , Ricardo Wurmus , Simon Tournier , Tobias Geerinckx-Rice Received: via spool by submit@debbugs.gnu.org id=B.17129161095254 (code B ref -1); Fri, 12 Apr 2024 10:02:04 +0000 Received: (at submit) by debbugs.gnu.org; 12 Apr 2024 10:01:49 +0000 Received: from localhost ([127.0.0.1]:57917 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rvDj9-0001MW-Mn for submit@debbugs.gnu.org; Fri, 12 Apr 2024 06:01:49 -0400 Received: from lists.gnu.org ([2001:470:142::17]:49802) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rvDj3-0001KX-D0 for submit@debbugs.gnu.org; Fri, 12 Apr 2024 06:01:46 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rvDin-0002iu-MP for guix-patches@gnu.org; Fri, 12 Apr 2024 06:01:25 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rvDim-000190-Ep; Fri, 12 Apr 2024 06:01:24 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:Date:Subject:To:From:in-reply-to: references; bh=wKoIiFhKzzqwldiPEG+NQ0gzgMrioWP0sLeN6o1yCW4=; b=MlizuLosbeH9p3 mpjmYvNa08H6BDD3ubtq1KUrG5PnfdhiOVNgQzzc0PiXZMwD4QSxNawVbSn1EdSc0O6mNmkaS9dLY 4IAphg8OfkwGLWj7KP0P4meuLk9D/GqogWWFUEsPCzOytFPOUL+hWGQm3ALbMkRo+KeQe8A2t9v+e JQAOEk718Nd/JF3mNbZEj1LgU6RgcTH+tUXIN5K+NDMTubSySywD/2F8nB+BYptPQ/y5sAethVLJ8 M0npzHQE2dL+xqKm+0YszLQt3XlwR9WEzXhDie/509kfmnHTLraDGNRrReLK0C5aWNyZTK64UV+S6 NXPxIFGlDtMQc+6umB2Q==; From: Ludovic =?utf-8?q?Court=C3=A8s?= Date: Fri, 12 Apr 2024 12:01:17 +0200 Message-ID: X-Mailer: git-send-email 2.41.0 MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches From: Ludovic Courtès Previously, ‘guix pack -R’ would build a wrapper containing both the “userns” and “fakechroot” engines, instead of providing nothing but the “userns” engine as the manual says. This patch fixes it. * guix/scripts/pack.scm (wrapped-package): Add #:fakechroot? [build]: When FAKECHROOT? is false, ‘elf-loader-compile-flags’ always returns '(). Change-Id: Ic75cc8c36bf0a3881f299b274d78bd9fc2d4e2bb --- guix/scripts/pack.scm | 78 ++++++++++++++++++++++--------------------- 1 file changed, 40 insertions(+), 38 deletions(-) Hello! I stumbled upon the bug whereby ‘guix pack -RR’, just like (guix build gremlins), loads entire ELF files in memory just to parse them, which can OOM if said files are large enough: https://issues.guix.gnu.org/59365#4 I thought passing a single ‘-R’ would allow me to work around the problem, since the fakechroot engine was not supposed to be compiled in this case, but it turns out it was. This patch makes ‘guix pack’ conform with the doc: with a single ‘-R’, only the “userns” engine gets compiled. Thoughts? Ludo’. base-commit: 4e7337536ba41e888a601c92fada8a4adca9d2c6 diff --git a/guix/scripts/pack.scm b/guix/scripts/pack.scm index 3e45c34895..fe4df042d7 100644 --- a/guix/scripts/pack.scm +++ b/guix/scripts/pack.scm @@ -1,5 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2015, 2017-2023 Ludovic Courtès +;;; Copyright © 2015, 2017-2024 Ludovic Courtès ;;; Copyright © 2017, 2018 Ricardo Wurmus ;;; Copyright © 2018 Konrad Hinsen ;;; Copyright © 2018 Chris Marusich @@ -1066,10 +1066,11 @@ (define* (wrapped-package package #:optional (output* "out") (compiler (c-compiler)) - #:key proot?) + #:key proot? (fakechroot? proot?)) "Return the OUTPUT of PACKAGE with its binaries wrapped such that they are relocatable. When PROOT? is true, include PRoot in the result and use it as a -last resort for relocation." +last resort for relocation. When FAKECHROOT? is true, include +libfakechroot.so and related ld.so machinery as a fallback." (define runner (local-file (search-auxiliary-file "run-in-namespace.c"))) @@ -1161,43 +1162,44 @@ (define* (wrapped-package package (define (elf-loader-compile-flags program) ;; Return the cpp flags defining macros for the ld.so/fakechroot ;; wrapper of PROGRAM. + #$(if fakechroot? + ;; TODO: Handle scripts by wrapping their interpreter. + #~(if (elf-file? program) + (let* ((bv (call-with-input-file program + get-bytevector-all)) + (elf (parse-elf bv)) + (interp (elf-interpreter elf)) + (gconv (and interp + (string-append (dirname interp) + "/gconv")))) + (if interp + (list (string-append "-DPROGRAM_INTERPRETER=\"" + interp "\"") + (string-append "-DFAKECHROOT_LIBRARY=\"" + #$(fakechroot-library) "\"") - ;; TODO: Handle scripts by wrapping their interpreter. - (if (elf-file? program) - (let* ((bv (call-with-input-file program - get-bytevector-all)) - (elf (parse-elf bv)) - (interp (elf-interpreter elf)) - (gconv (and interp - (string-append (dirname interp) - "/gconv")))) - (if interp - (list (string-append "-DPROGRAM_INTERPRETER=\"" - interp "\"") - (string-append "-DFAKECHROOT_LIBRARY=\"" - #$(fakechroot-library) "\"") + (string-append "-DLOADER_AUDIT_MODULE=\"" + #$(audit-module) "\"") - (string-append "-DLOADER_AUDIT_MODULE=\"" - #$(audit-module) "\"") - - ;; XXX: Normally (runpath #$(audit-module)) is - ;; enough. However, to work around - ;; - ;; (glibc <= 2.32), pass the whole search path of - ;; PROGRAM, which presumably is a superset of that - ;; of the audit module. - (string-append "-DLOADER_AUDIT_RUNPATH={ " - (string-join - (map object->string - (runpath program)) - ", " 'suffix) - "NULL }") - (if gconv - (string-append "-DGCONV_DIRECTORY=\"" - gconv "\"") - "-UGCONV_DIRECTORY")) - '())) - '())) + ;; XXX: Normally (runpath #$(audit-module)) is + ;; enough. However, to work around + ;; + ;; (glibc <= 2.32), pass the whole search path of + ;; PROGRAM, which presumably is a superset of that + ;; of the audit module. + (string-append "-DLOADER_AUDIT_RUNPATH={ " + (string-join + (map object->string + (runpath program)) + ", " 'suffix) + "NULL }") + (if gconv + (string-append "-DGCONV_DIRECTORY=\"" + gconv "\"") + "-UGCONV_DIRECTORY")) + '())) + '()) + #~'())) (define (build-wrapper program) ;; Build a user-namespace wrapper for PROGRAM.