Hi Mark, Mark H Weaver <m...@netris.org> skribis:
> l...@gnu.org (Ludovic Courtès) writes: >> 91c9b5d01 * packages: 'package-grafts' trims native inputs. > > [...] > >> Long story short: we were flagging native inputs as potential sources of >> grafts even though, by definition, native inputs are not referred to at >> run time. > > I agree that this *should* never happen, but I see little reason for > confidence that it never happens in actual fact. > > What would happen if a reference to a native-input *was* present in the > build outputs? The reason I ask is that, for security reasons, it's > obviously very important to reliably avoid using ungrafted software at > run time. > > I'm concerned that this recent change could cause minor > nearly-undetectable packaging mistakes to become major security holes. Given the examples that Tobias and Ben were quick to find, I’m afraid you’re right and I was overconfident. I’m reverting the change. > One solution would be to explicitly check build outputs for references > to native-inputs, and to force a build failure in that case. We could do that, though I suppose a lot of packages would break. Thanks to the quick reply, Ludo’.
