New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
makeWrapper: Fail loudly when misused #24944
Conversation
Hmmm, it looks like the set of packages that |
I'm okay with the changes in |
# Loop over files, without falling prey to filenames containing | ||
# newlines, backslashes, or other horrible things. | ||
find "${prefix}/bin" "${prefix}/libexec" -type f -executable -print0 \ | ||
| while IFS= read -r -d '' file; do |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Are you sure -d ''
is correct here and not -d $'\0'
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ok. Probably works. I was just reading this FAQ, where variables were set in the loop, which is not the case here.
for srcstore in "''${srcstores[@]}"; do | ||
if [[ -d "$srcstore"/bin ]]; then | ||
find "$srcstore"/bin -type f -executable -print0 \ | ||
| while read -d "" srcfile; do |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
same question here regarding -d
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The delimiter is probably ok, but I wonder why IFS is not unset here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You're correct, according to that link, IFS should be set.
b301ffa
to
63c0813
Compare
Hmmm, it looks like nox-review chokes on this PR, because it tries to pull in The fundamental problem seems to be that nix-env doesn't properly quote that attribute when dumping it with |
According to nix issue 1342, dots are not allowed in attribute names. I guess I will open a PR to fix the packages identified there as being problematic. |
@volth, I would be fine adding that to this commit series, but I'm worried that making it affect more packages will make it even harder to merge. What can I do to help move this PR forward? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I am very much in favor of this modification. I'm not thrilled by the fact that seemingly unrelated changes are mixed up in one PR though.
fi | ||
|
||
if test "$p" = "--suffix" -o "$p" = "--prefix"; then | ||
elif [[ ("$p" == "--suffix") || ("$p" == "--prefix") ]]; then |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's very unfortunate that unrelated changes likes this one are mixed into a PR that's supposed to be about makeWrapper
, really. These changes needlessly increase the size of the patch and make it harder to review, which is going to delay a successful merge (or even prevent it from happening altogether). 😞
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think this increases the size of the rebuild... the PR would include that first hunk (calling die
for improper targets) regardless, so the rebuild set already includes all packages using makeWrapper
.
I can split the argument strictness commit into a separate PR, though.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I am not talking about rebuilds. I'm talking about the size of the patch that constitutes this PR i.e. the diff you're suggesting be committed to Nixpkgs.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sure, it can be split out
for i in $prefix/bin/* $prefix/libexec/*; do | ||
echo "Wrapping app $i" | ||
wrapProgram "$i" "${gappsWrapperArgs[@]}" | ||
# Loop over files, without falling prey to filenames containing |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't believe the problem this change attempts to fix actually exists:
$ touch "this is a test"
$ for n in *this*; do echo "$n"; done
this is a test
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Before, it was attempting to wrap all files in $prefix/bin
and $prefix/libexec
, including non-executable files and directories. Additionally, it ignored files in subdirectories of these roots.
emacs
, in particular, was broken because of the attempt to wrap directories.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Well, then maybe the comment is misleading since it suggests the change is intended to fix handling of file names that contain white space? Am I missing something?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I agree, the comment is misleading. I will remove it.
rm -f "$out/bin/$prg" | ||
makeWrapper "$path/bin/$prg" "$out/bin/$prg" --set PYTHONHOME "$out" | ||
fi | ||
# Generate new wrapper scripts for the all the executables found in our |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't understand why this modification is a part of this PR. Is this change necessary after the modification of makeWrapper
? Does it depend on the change of makeWrapper
? If either of these answers is "no", then this modification should be a separate PR.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It is necessary --- before, this code would try to wrap anything at top level in $path/bin
, including non-executable files (in this case, .pyc
files) and directories.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry, it wouldn't try to wrap directories, but it would ignore any files in subdirectories of $path/bin
(strange, but some packages do this).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could this change conceivably be applied to Nixpkgs without having the change to makeWrapper
first?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, it could. Is that your preferred route?
1639154
to
0ee7952
Compare
OK, everything is separated. This PR now depends on #25185, for the |
0ee7952
to
5e15cf8
Compare
@@ -24,6 +24,10 @@ makeWrapper() { | |||
local params varName value command separator n fileNames | |||
local argv0 flagsBefore flags | |||
|
|||
# We should only be wrapping executable files. | |||
[[ -f "${original}" && -x "${original}" ]] || \ | |||
die "makeWrapper cannot be invoked on ${prog} because it is not an executable file" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Shouldn't that be ${original}
instead of ${prog}
?
# We should only be wrapping executable files. | ||
[[ -f "${prog}" && -x "${prog}" ]] || \ | ||
die "wrapProgram cannot be invoked on ${prog} because it is not an executable file" | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would personally prefer moving this into a function to avoid the duplication.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Once #24944 (comment) is addressed, this patch is ready for merging (into staging
) IMHO.
5e15cf8
to
0f67517
Compare
OK, the patch is rebased on staging and the check has been broken out into its own function,
|
@ahmedtd, we cannot merge this patch without #25185, and that PR has had merge conflicts and hasn't seen any update since a long time. I would really like to see both PRs merged, like, soon, but I need your help to get that done. If we cannot make progress with these patches in the next couple of days, then I am inclined to declare this a lost cause and to close both PRs. |
Oh, it looks like I missed the activity on the other PR. I will update it
tonight.
…On Aug 7, 2017 12:36 PM, "Peter Simons" ***@***.***> wrote:
@ahmedtd <https://github.com/ahmedtd>, we cannot merge this patch without
#25185 <#25185>, and that PR has had
merge conflicts and hasn't seen any update since a long time. I would
really like to see both PRs merged, like, soon, but I need your help to get
that done. If we cannot make progress with these patches in the next couple
of days, then I am inclined to declare this a lost cause and to close both
PRs.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#24944 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/AA-FcpM4_t5XQb9E8A9olgfSZKIXs4rAks5sV2czgaJpZM4M-jBF>
.
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'll merge once that typo pointed out in https://github.com/NixOS/nixpkgs/pull/24944/files#r129479438 is fixed.
@@ -24,6 +24,10 @@ makeWrapper() { | |||
local params varName value command separator n fileNames | |||
local argv0 flagsBefore flags | |||
|
|||
# We should only be wrapping executable files. | |||
[[ -f "${original}" && -x "${original}" ]] || \ | |||
die "makeWrapper cannot be invoked on ${prog} because it is not an executable file" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please address https://github.com/NixOS/nixpkgs/pull/24944/files#r129479438.
`makeWrapper` and `wrapProgram` are being invoked on all kinds of wacky things (usually with the help of bash globs or other machine assistance). So far, I have come across `wrapProgram` being invoked on a directory, as well as on the empty string. As far as I can tell, it's only valid to invoke these utilities on a normal (non-directory, non-device) executable file. This commit enforces that precondition.
0f67517
to
e1d46c0
Compare
I'm sorry, it looks like I messed up my rebase on to staging. I had meant to address that in my last push to the branch. The branch is now properly rebased on staging, and has the check broken out into an |
# Assert that FILE exists and is executable | ||
# | ||
# assertExecutable FILE | ||
assertExecutable() { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What happens if the given path is a symlink to an executable?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It is handled properly. Cases I just tested:
- non-executable file: Assertion failure
- symlink to non-executable file: Assertion failure
- executable file: Success
- symlink to executable file: Success
- traversable directory: Assertion failure
- symlink to traversable directory: Assertion failure
https://nix-cache.s3.amazonaws.com/log/dy9xw4d9swsj5ynjkw2q2snz5n01hn3v-help2man-1.47.4.drv |
The same happens with
The wrapper is defined at https://github.com/NixOS/nixpkgs/blob/master/pkgs/development/interpreters/python/wrap.sh |
@ahmedtd, I wonder why those error message don't contain the path that was supposed to be wrapped? |
@@ -24,6 +33,8 @@ makeWrapper() { | |||
local params varName value command separator n fileNames | |||
local argv0 flagsBefore flags | |||
|
|||
assertExecutable "${file}" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this should be original
instead of file
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oh, how embarrassing. Sorry.
In some cases wrappers could not be made. See e.g. NixOS#24944 (comment)
In some cases wrappers could not be made. See e.g. #24944 (comment)
Dropbox build is affected by this change:
UPDATE: fixed in 516ba12 |
Motivation for this change
On Wednesday, I tried to run
hexl-mode
in emacs, and four days later, here I am.This pull request does two things to
makeWrapper
andwrapProgram
:makeWrapper
checks that the file it is trying to wrap is a normal, executable file. If not, it dies with a (sometimes) useful backtrace. This prevents us from trying to wrap insane things like directories and.pyc
files.makeWrapper
dies with a backtrace on unsupported arguments.Additionally, there are some follow-on commits that resolve misuses of
makeWrapper
that I ran into while getting emacs to build.This pull request resolves #24445 and #3277.
Open question: This pull request will convert a lot of currently-silent breakage into build failures. Will
nox-review wip
be sufficient to shake all of these issues out?Things done
(nix.useSandbox on NixOS,
or option
build-use-sandbox
innix.conf
on non-NixOS)
nix-shell -p nox --run "nox-review wip"
./result/bin/
)