makeWrapper: Fail loudly when misused #24944
Conversation
|
Hmmm, it looks like the set of packages that |
|
I'm okay with the changes in |
| # Loop over files, without falling prey to filenames containing | ||
| # newlines, backslashes, or other horrible things. | ||
| find "${prefix}/bin" "${prefix}/libexec" -type f -executable -print0 \ | ||
| | while IFS= read -r -d '' file; do |
There was a problem hiding this comment.
Are you sure -d '' is correct here and not -d $'\0'?
There was a problem hiding this comment.
Ok. Probably works. I was just reading this FAQ, where variables were set in the loop, which is not the case here.
| for srcstore in "''${srcstores[@]}"; do | ||
| if [[ -d "$srcstore"/bin ]]; then | ||
| find "$srcstore"/bin -type f -executable -print0 \ | ||
| | while read -d "" srcfile; do |
There was a problem hiding this comment.
The delimiter is probably ok, but I wonder why IFS is not unset here.
There was a problem hiding this comment.
You're correct, according to that link, IFS should be set.
ahmedtd
force-pushed
the
make-makewrapper-picky
branch
from
b301ffa
to
63c0813
Compare
|
Hmmm, it looks like nox-review chokes on this PR, because it tries to pull in The fundamental problem seems to be that nix-env doesn't properly quote that attribute when dumping it with |
|
According to nix issue 1342, dots are not allowed in attribute names. I guess I will open a PR to fix the packages identified there as being problematic. |
|
@volth, I would be fine adding that to this commit series, but I'm worried that making it affect more packages will make it even harder to merge. What can I do to help move this PR forward? |
| fi | ||
|
|
||
| if test "$p" = "--suffix" -o "$p" = "--prefix"; then | ||
| elif [[ ("$p" == "--suffix") || ("$p" == "--prefix") ]]; then |
There was a problem hiding this comment.
It's very unfortunate that unrelated changes likes this one are mixed into a PR that's supposed to be about makeWrapper, really. These changes needlessly increase the size of the patch and make it harder to review, which is going to delay a successful merge (or even prevent it from happening altogether). 😞
There was a problem hiding this comment.
I don't think this increases the size of the rebuild... the PR would include that first hunk (calling die for improper targets) regardless, so the rebuild set already includes all packages using makeWrapper.
I can split the argument strictness commit into a separate PR, though.
There was a problem hiding this comment.
I am not talking about rebuilds. I'm talking about the size of the patch that constitutes this PR i.e. the diff you're suggesting be committed to Nixpkgs.
There was a problem hiding this comment.
Sure, it can be split out
| for i in $prefix/bin/* $prefix/libexec/*; do | ||
| echo "Wrapping app $i" | ||
| wrapProgram "$i" "${gappsWrapperArgs[@]}" | ||
| # Loop over files, without falling prey to filenames containing |
There was a problem hiding this comment.
I don't believe the problem this change attempts to fix actually exists:
$ touch "this is a test"
$ for n in *this*; do echo "$n"; done
this is a test
There was a problem hiding this comment.
Before, it was attempting to wrap all files in $prefix/bin and $prefix/libexec, including non-executable files and directories. Additionally, it ignored files in subdirectories of these roots.
emacs, in particular, was broken because of the attempt to wrap directories.
There was a problem hiding this comment.
Well, then maybe the comment is misleading since it suggests the change is intended to fix handling of file names that contain white space? Am I missing something?
There was a problem hiding this comment.
I agree, the comment is misleading. I will remove it.
| rm -f "$out/bin/$prg" | ||
| makeWrapper "$path/bin/$prg" "$out/bin/$prg" --set PYTHONHOME "$out" | ||
| fi | ||
| # Generate new wrapper scripts for the all the executables found in our |
There was a problem hiding this comment.
I don't understand why this modification is a part of this PR. Is this change necessary after the modification of makeWrapper? Does it depend on the change of makeWrapper? If either of these answers is "no", then this modification should be a separate PR.
There was a problem hiding this comment.
It is necessary --- before, this code would try to wrap anything at top level in $path/bin, including non-executable files (in this case, .pyc files) and directories.
There was a problem hiding this comment.
Sorry, it wouldn't try to wrap directories, but it would ignore any files in subdirectories of $path/bin (strange, but some packages do this).
There was a problem hiding this comment.
Could this change conceivably be applied to Nixpkgs without having the change to makeWrapper first?
There was a problem hiding this comment.
Yes, it could. Is that your preferred route?
ahmedtd
force-pushed
the
make-makewrapper-picky
branch
2 times, most recently
from
1639154
to
0ee7952
Compare
|
OK, everything is separated. This PR now depends on #25185, for the |
ahmedtd
force-pushed
the
make-makewrapper-picky
branch
from
0ee7952
to
5e15cf8
Compare
| @@ -24,6 +24,10 @@ makeWrapper() { | |||
| local params varName value command separator n fileNames | |||
| local argv0 flagsBefore flags | |||
|
|
|||
| # We should only be wrapping executable files. | |||
| [[ -f "${original}" && -x "${original}" ]] || \ | |||
| die "makeWrapper cannot be invoked on ${prog} because it is not an executable file" | |||
There was a problem hiding this comment.
Shouldn't that be ${original} instead of ${prog} ?
| # We should only be wrapping executable files. | ||
| [[ -f "${prog}" && -x "${prog}" ]] || \ | ||
| die "wrapProgram cannot be invoked on ${prog} because it is not an executable file" | ||
|
|
There was a problem hiding this comment.
I would personally prefer moving this into a function to avoid the duplication.
There was a problem hiding this comment.
Once #24944 (comment) is addressed, this patch is ready for merging (into staging) IMHO.
ahmedtd
force-pushed
the
make-makewrapper-picky
branch
from
5e15cf8
to
0f67517
Compare
|
OK, the patch is rebased on staging and the check has been broken out into its own function,
|
|
@ahmedtd, we cannot merge this patch without #25185, and that PR has had merge conflicts and hasn't seen any update since a long time. I would really like to see both PRs merged, like, soon, but I need your help to get that done. If we cannot make progress with these patches in the next couple of days, then I am inclined to declare this a lost cause and to close both PRs. |
|
Oh, it looks like I missed the activity on the other PR. I will update it
tonight.
…On Aug 7, 2017 12:36 PM, "Peter Simons" ***@***.***> wrote:
@ahmedtd <https://github.com/ahmedtd>, we cannot merge this patch without
#25185 <#25185>, and that PR has had
merge conflicts and hasn't seen any update since a long time. I would
really like to see both PRs merged, like, soon, but I need your help to get
that done. If we cannot make progress with these patches in the next couple
of days, then I am inclined to declare this a lost cause and to close both
PRs.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#24944 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/AA-FcpM4_t5XQb9E8A9olgfSZKIXs4rAks5sV2czgaJpZM4M-jBF>
.
|
There was a problem hiding this comment.
I'll merge once that typo pointed out in https://github.com/NixOS/nixpkgs/pull/24944/files#r129479438 is fixed.
| @@ -24,6 +24,10 @@ makeWrapper() { | |||
| local params varName value command separator n fileNames | |||
| local argv0 flagsBefore flags | |||
|
|
|||
| # We should only be wrapping executable files. | |||
| [[ -f "${original}" && -x "${original}" ]] || \ | |||
| die "makeWrapper cannot be invoked on ${prog} because it is not an executable file" | |||
There was a problem hiding this comment.
Please address https://github.com/NixOS/nixpkgs/pull/24944/files#r129479438.
`makeWrapper` and `wrapProgram` are being invoked on all kinds of wacky things (usually with the help of bash globs or other machine assistance). So far, I have come across `wrapProgram` being invoked on a directory, as well as on the empty string. As far as I can tell, it's only valid to invoke these utilities on a normal (non-directory, non-device) executable file. This commit enforces that precondition.
ahmedtd
force-pushed
the
make-makewrapper-picky
branch
from
0f67517
to
e1d46c0
Compare
|
I'm sorry, it looks like I messed up my rebase on to staging. I had meant to address that in my last push to the branch. The branch is now properly rebased on staging, and has the check broken out into an |
| # Assert that FILE exists and is executable | ||
| # | ||
| # assertExecutable FILE | ||
| assertExecutable() { |
There was a problem hiding this comment.
What happens if the given path is a symlink to an executable?
There was a problem hiding this comment.
It is handled properly. Cases I just tested:
- non-executable file: Assertion failure
- symlink to non-executable file: Assertion failure
- executable file: Success
- symlink to executable file: Success
- traversable directory: Assertion failure
- symlink to traversable directory: Assertion failure
|
https://nix-cache.s3.amazonaws.com/log/dy9xw4d9swsj5ynjkw2q2snz5n01hn3v-help2man-1.47.4.drv |
|
The same happens with The wrapper is defined at https://github.com/NixOS/nixpkgs/blob/master/pkgs/development/interpreters/python/wrap.sh |
|
@ahmedtd, I wonder why those error message don't contain the path that was supposed to be wrapped? |
| @@ -24,6 +33,8 @@ makeWrapper() { | |||
| local params varName value command separator n fileNames | |||
| local argv0 flagsBefore flags | |||
|
|
|||
| assertExecutable "${file}" | |||
There was a problem hiding this comment.
I think this should be original instead of file
There was a problem hiding this comment.
Oh, how embarrassing. Sorry.
In some cases wrappers could not be made. See e.g. NixOS#24944 (comment)
In some cases wrappers could not be made. See e.g. #24944 (comment)
|
Dropbox build is affected by this change: UPDATE: fixed in 516ba12 |
Motivation for this change
On Wednesday, I tried to run
hexl-modein emacs, and four days later, here I am.This pull request does two things to
makeWrapperandwrapProgram:makeWrapperchecks that the file it is trying to wrap is a normal, executable file. If not, it dies with a (sometimes) useful backtrace. This prevents us from trying to wrap insane things like directories and.pycfiles.makeWrapperdies with a backtrace on unsupported arguments.Additionally, there are some follow-on commits that resolve misuses of
makeWrapperthat I ran into while getting emacs to build.This pull request resolves #24445 and #3277.
Open question: This pull request will convert a lot of currently-silent breakage into build failures. Will
nox-review wipbe sufficient to shake all of these issues out?Things done
(nix.useSandbox on NixOS,
or option
build-use-sandboxinnix.confon non-NixOS)
nix-shell -p nox --run "nox-review wip"./result/bin/)