Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

p7zip: vendor debian patches #45097

Merged
merged 1 commit into from Aug 16, 2018
Merged

p7zip: vendor debian patches #45097

merged 1 commit into from Aug 16, 2018

Conversation

bhipple
Copy link
Contributor

@bhipple bhipple commented Aug 16, 2018
edited

A few months ago I moved these patches to the new debian alsa instance [1], but
it looks like their sha256s on the tag at the remote have changed again.

It doesn't appear that debian's source remote is stable in the way we need it to
be; let's just vendor the patches to avoid future issues.

[1] #41769

Motivation for this change
Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nox --run "nox-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Fits CONTRIBUTING.md.

@bhipple
p7zip: vendor debian patches
0c11968 
A few months ago I moved these patches to the new debian alsa instance [1], but
it looks like their `sha256`s on the tag at the remote have changed again.

It doesn't appear that debian's source remote is stable in the way we need it to
be; let's just vendor the patches to avoid future issues.

[1] NixOS#41769
@bhipple
Copy link
Contributor Author

bhipple commented Aug 16, 2018

@GrahamcOfBorg build p7zip

bhipple
bhipple commented Aug 16, 2018
View reviewed changes
pkgs/tools/archivers/p7zip/default.nix
(fetchpatch rec {
name = "CVE-2016-9296.patch";
url = "https://salsa.debian.org/debian/p7zip/raw/debian/${version}+dfsg-6/debian/patches/12-${name}";
sha256 = "09wbkzai46bwm8zmplsz0m4jck3qn7snr68i9p1gsih300zidj0m";
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I guess they rebased and moved the tag? Strange.

$ nix-prefetch-url https://salsa.debian.org/debian/p7zip/raw/debian/16.02+dfsg-6/debian/patches/12-CVE-2016-9296.patch
0inblicg24gcbaq84n0mr6w4yc5ak65mh9wxml96wlhdf7ph2i3m

@GrahamcOfBorg
Copy link

Success on x86_64-linux (full log)

Attempted: p7zip

Partial log (click to expand)

shrinking /nix/store/qwpjbmwn01n3ik1pvr8kwj19j5jm2c57-p7zip-16.02/lib/p7zip/Codecs/Rar.so
gzipping man pages under /nix/store/qwpjbmwn01n3ik1pvr8kwj19j5jm2c57-p7zip-16.02/share/man/
strip is /nix/store/gpc2wld1s0c6qzx9326cwn1wcx29xzsj-binutils-2.30/bin/strip
stripping (with command strip and flags -S) in /nix/store/qwpjbmwn01n3ik1pvr8kwj19j5jm2c57-p7zip-16.02/lib  /nix/store/qwpjbmwn01n3ik1pvr8kwj19j5jm2c57-p7zip-16.02/bin
patching script interpreter paths in /nix/store/qwpjbmwn01n3ik1pvr8kwj19j5jm2c57-p7zip-16.02
/nix/store/qwpjbmwn01n3ik1pvr8kwj19j5jm2c57-p7zip-16.02/bin/7zr: interpreter directive changed from " /bin/sh" to "/nix/store/56nrxy58wbhvs2sy3rir1jqa68p0kkm5-bash-4.4-p23/bin/sh"
/nix/store/qwpjbmwn01n3ik1pvr8kwj19j5jm2c57-p7zip-16.02/bin/7za: interpreter directive changed from " /bin/sh" to "/nix/store/56nrxy58wbhvs2sy3rir1jqa68p0kkm5-bash-4.4-p23/bin/sh"
/nix/store/qwpjbmwn01n3ik1pvr8kwj19j5jm2c57-p7zip-16.02/bin/7z: interpreter directive changed from " /bin/sh" to "/nix/store/56nrxy58wbhvs2sy3rir1jqa68p0kkm5-bash-4.4-p23/bin/sh"
checking for references to /build in /nix/store/qwpjbmwn01n3ik1pvr8kwj19j5jm2c57-p7zip-16.02...
/nix/store/qwpjbmwn01n3ik1pvr8kwj19j5jm2c57-p7zip-16.02

@GrahamcOfBorg
Copy link

Success on aarch64-linux (full log)

Attempted: p7zip

Partial log (click to expand)

shrinking /nix/store/dq9wy8sjj77hib5m6w9ip38q55f6n8y3-p7zip-16.02/lib/p7zip/7za
gzipping man pages under /nix/store/dq9wy8sjj77hib5m6w9ip38q55f6n8y3-p7zip-16.02/share/man/
strip is /nix/store/ah0va6j4cnwj9nx4j6rwcfc8nh785jwm-binutils-2.30/bin/strip
stripping (with command strip and flags -S) in /nix/store/dq9wy8sjj77hib5m6w9ip38q55f6n8y3-p7zip-16.02/lib  /nix/store/dq9wy8sjj77hib5m6w9ip38q55f6n8y3-p7zip-16.02/bin
patching script interpreter paths in /nix/store/dq9wy8sjj77hib5m6w9ip38q55f6n8y3-p7zip-16.02
/nix/store/dq9wy8sjj77hib5m6w9ip38q55f6n8y3-p7zip-16.02/bin/7z: interpreter directive changed from " /bin/sh" to "/nix/store/7q3ayirslrcva28wava6zpjcflcz1h3b-bash-4.4-p23/bin/sh"
/nix/store/dq9wy8sjj77hib5m6w9ip38q55f6n8y3-p7zip-16.02/bin/7zr: interpreter directive changed from " /bin/sh" to "/nix/store/7q3ayirslrcva28wava6zpjcflcz1h3b-bash-4.4-p23/bin/sh"
/nix/store/dq9wy8sjj77hib5m6w9ip38q55f6n8y3-p7zip-16.02/bin/7za: interpreter directive changed from " /bin/sh" to "/nix/store/7q3ayirslrcva28wava6zpjcflcz1h3b-bash-4.4-p23/bin/sh"
checking for references to /build in /nix/store/dq9wy8sjj77hib5m6w9ip38q55f6n8y3-p7zip-16.02...
/nix/store/dq9wy8sjj77hib5m6w9ip38q55f6n8y3-p7zip-16.02

@GrahamcOfBorg
Copy link

Success on aarch64-linux (full log)

Attempted: p7zip

Partial log (click to expand)

/nix/store/dq9wy8sjj77hib5m6w9ip38q55f6n8y3-p7zip-16.02

@GrahamcOfBorg
Copy link

Success on x86_64-linux (full log)

Attempted: p7zip

Partial log (click to expand)

shrinking /nix/store/qwpjbmwn01n3ik1pvr8kwj19j5jm2c57-p7zip-16.02/lib/p7zip/7za
gzipping man pages under /nix/store/qwpjbmwn01n3ik1pvr8kwj19j5jm2c57-p7zip-16.02/share/man/
strip is /nix/store/gpc2wld1s0c6qzx9326cwn1wcx29xzsj-binutils-2.30/bin/strip
stripping (with command strip and flags -S) in /nix/store/qwpjbmwn01n3ik1pvr8kwj19j5jm2c57-p7zip-16.02/lib  /nix/store/qwpjbmwn01n3ik1pvr8kwj19j5jm2c57-p7zip-16.02/bin
patching script interpreter paths in /nix/store/qwpjbmwn01n3ik1pvr8kwj19j5jm2c57-p7zip-16.02
/nix/store/qwpjbmwn01n3ik1pvr8kwj19j5jm2c57-p7zip-16.02/bin/7z: interpreter directive changed from " /bin/sh" to "/nix/store/56nrxy58wbhvs2sy3rir1jqa68p0kkm5-bash-4.4-p23/bin/sh"
/nix/store/qwpjbmwn01n3ik1pvr8kwj19j5jm2c57-p7zip-16.02/bin/7zr: interpreter directive changed from " /bin/sh" to "/nix/store/56nrxy58wbhvs2sy3rir1jqa68p0kkm5-bash-4.4-p23/bin/sh"
/nix/store/qwpjbmwn01n3ik1pvr8kwj19j5jm2c57-p7zip-16.02/bin/7za: interpreter directive changed from " /bin/sh" to "/nix/store/56nrxy58wbhvs2sy3rir1jqa68p0kkm5-bash-4.4-p23/bin/sh"
checking for references to /build in /nix/store/qwpjbmwn01n3ik1pvr8kwj19j5jm2c57-p7zip-16.02...
/nix/store/qwpjbmwn01n3ik1pvr8kwj19j5jm2c57-p7zip-16.02

@Mic92 Mic92 merged commit 823312f into NixOS:master Aug 16, 2018
@Mic92
Copy link
Member

Mic92 commented Aug 16, 2018

Is a backport required?

@bhipple
Copy link
Contributor Author

bhipple commented Aug 17, 2018

Probably not; as far as I can tell the actual content of the patches hasn't materially changed, so as long as Hydra has it in its content-addressed source cache older builds should be OK.

@bhipple bhipple deleted the fix/p7zip-patch-url branch August 18, 2018 16:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@orivej orivej orivej approved these changes

Assignees
No one assigned
Labels
10.rebuild-darwin: 1-10 10.rebuild-linux: 11-100
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@bhipple @GrahamcOfBorg @Mic92 @orivej