Thank you Efraim!

On Sun, Jan 26, 2025, 08:41 Efraim Flashner <efr...@flashner.co.il> wrote:

> On Fri, Jan 24, 2025 at 10:55:34AM +0100, Roman Scherer wrote:
> >
> > Hi Efraim,
> >
> > thanks for looking into this! Much appreciated. I just tried your patch
> > and reconfigured my system as usual without using --no-grafts and I can
> > confirm that it is working again.
> >
> > I'm not very familiar with grafts and have a question. When no grafts
> > are used for building the Grub image, does it mean it uses packages with
> > no security updates applied, or is it just that the grafts are not used
> > and the packages are built from scratch using the latest security
> > updates?
> >
> > Thanks, Roman.
> >
> > Efraim Flashner <efr...@flashner.co.il> writes:
> >
> > > On Wed, Jan 22, 2025 at 12:52:25AM +0100, vicvbcun wrote:
> > >> Hi,
> > >>
> > >> below are my current findings.
> > >>
> > >> As of commit
> > >>     87045f0982 (gnu: paritwine: Update to 0.2.1., 2025-01-17)
> > >> guile-rsvg depends on a version of guile-cairo different from the one
> I get
> > >> by simply building guile-cairo:
> > >>
> > >>     $ ./pre-inst-env guix build guile-cairo
> > >>     ⇒ /gnu/store/k4kglplg98098y78flnw0f9wjyyc9zk2-guile-cairo-1.11.2
> > >>
> > >> whereas
> > >>
> > >>     $ guix gc --references "$(./pre-inst-env guix build guile-rsvg)"
> | grep guile-cairo
> > >>     ⇒ /gnu/store/lz8cv73yzzrbwrhafzadixnwgmspz2cg-guile-cairo-1.11.2
> > >>
> > >> (gnu build svg) loads both (rsvg) and (cairo) which causes two
> different
> > >> libguile-cairo.so's to be loaded (interestingly enough the order
> matters:
> > >> loading (cairo) first would hide the issue):
> > >> --8<---------------cut here---------------start------------->8---
> > >> ./pre-inst-env guix shell --no-cwd -C guile guile-cairo guile-rsvg --
> \
> > >>     guile -s /dev/stdin <<EOF | grep libguile-cairo
> > >>
> > >> (begin
> > >>  (use-modules (ice-9 textual-ports)
> > >>               ;; order matters!
> > >>               (rsvg)
> > >>                (cairo))
> > >>
> > >> (display (call-with-input-file "/proc/self/maps" get-string-all)))
> > >> EOF
> > >> --8<---------------cut here---------------end--------------->8---
> > >> shows two different libguile-cairo.so's.  The only difference between
> the
> > >> two guile-cairo derivation is that they graft cairo to different
> > >> derivations, which in turn differ only in grafting fontconfig-minimal
> to
> > >> different versions which finally only graft glibc and expat in
> different
> > >> order.
> > >>
> > >> All this confirms the hypothesis Mark expressed in [0].
> > >>
> > >> My guess is that the change to rust-ring somehow changes how it
> interacts
> > >> with grafting.  Perhaps it is added / not added to some hashtable,
> causing
> > >> iteration order to change?
> > >>
> > >> 0: https://issues.guix.gnu.org/47115#23
> > >
> > > I tried setting rust-ring's sources to #:target #f but that didn't make
> > > any difference.  I feel like it shouldn't make a difference, and should
> > > probably be #:target #f anyway, but that can be a different time.
> > >
> > > I'm attaching a patch that creates the grub image using ungrafted
> > > inputs.  I think it would make sense to go through and figure out which
> > > derivations actually need to use grafted inputs and which ones don't
> > > matter, but I'm not sure it's worth the maintenance burden to check
> them
> > > regularly.
> > >
> > > The image also seems like something that could be #:target #f and we
> > > could cheat by getting a generated image built on a different
> > > architecture, but that's never seemed to work that way, only for
> > > cross-building.
>
> I've pushed the commit, so it should work on master now.
>
> Now to go and pull and reconfigure my pinebook pro :)
>
> --
> Efraim Flashner   <efr...@flashner.co.il>   אפרים פלשנר
> GPG key = A28B F40C 3E55 1372 662D  14F7 41AA E7DC CA3D 8351
> Confidentiality cannot be guaranteed on emails sent or received unencrypted
>

Reply via email to