bug#41796: Grafts don't handle outputs other than out

Thu, 11 Jun 2020 09:50:12 -0700 

Hi!

I’m trying to estimate the impact of this bug.  As of
a50628bbe0fa4ba3835e311098e4fdf7a1d8a29e, there seems to be only one
package whose replacement could end up not being grafted (here I’m
omitting outputs that, if left ungrafted, won’t affect security):

--8<---------------cut here---------------start------------->8---
scheme@(guile-user)> (fold-packages (lambda (p result)
                                      (if (and (package-replacement p)
                                               (> (length (fold delete 
(package-outputs p) '("debug" "doc" "static"))) 1))
                                          (cons p result)
                                          result))
                                    '())
$11 = (#<package nss@3.50 gnu/packages/nss.scm:73 7f88caa62e60>)
--8<---------------cut here---------------end--------------->8---

This is because of the “bin” output of ‘nss’.

>From a quick grep, there 3 packages depending on nss:bin: 389-ds-base,
libcacard, and xmlsec-nss.

389-ds-base is affected: it keeps a reference to the ungrafted “bin”:

--8<---------------cut here---------------start------------->8---
$ guix gc --references $(guix build 389-ds-base --no-grafts) |grep nss-
/gnu/store/gfpgqvwrixhf3sf1bnzsfxzvld0nd8b7-nss-3.50
/gnu/store/vvsa5q0g790wi97zadj5qklqpiw1fqc1-nss-3.50-bin
$ guix gc --references $(guix build 389-ds-base) |grep nss-
/gnu/store/588jh89ng8f7ks4wsay6mdm4dxapk2d6-nss-3.50
/gnu/store/vvsa5q0g790wi97zadj5qklqpiw1fqc1-nss-3.50-bin
--8<---------------cut here---------------end--------------->8---

The other two are fine:

--8<---------------cut here---------------start------------->8---
$ guix gc --references $(guix build libcacard --no-grafts) |grep nss-
/gnu/store/gfpgqvwrixhf3sf1bnzsfxzvld0nd8b7-nss-3.50
$ guix gc --references $(guix build libcacard) |grep nss-
/gnu/store/588jh89ng8f7ks4wsay6mdm4dxapk2d6-nss-3.50
$ guix gc --references $(guix build xmlsec-nss --no-grafts) |grep nss-
/gnu/store/fwb0adczsx3nqsdnj92xnv85n93qa17n-xmlsec-nss-1.2.30
/gnu/store/gfpgqvwrixhf3sf1bnzsfxzvld0nd8b7-nss-3.50
$ guix gc --references $(guix build xmlsec-nss ) |grep nss-
/gnu/store/2gzk5rfg86zyxk8d9z6b7x0xkwar95cj-xmlsec-nss-1.2.30
/gnu/store/588jh89ng8f7ks4wsay6mdm4dxapk2d6-nss-3.50
--8<---------------cut here---------------end--------------->8---

Ludo’.

Reply via email to