On 2025-07-15, Vagrant Cascadian wrote: > On 2025-07-11, Denis 'GNUtoo' Carikli wrote: >> On Tue, 8 Jul 2025 21:01:58 +0200 >> Denis 'GNUtoo' Carikli <gnu...@cyberdimension.org> wrote: > I applied your patches, but nix/libutil/seccomp.cc was not able to > compile on Debian: > > g++ -DHAVE_CONFIG_H -I. -I./nix -I./nix -Wdate-time -D_FORTIFY_SOURCE=2 > -Wall -std=c++11 -g -O2 > -ffile-prefix-map=/build/reproducible-path/guix-1.4.0=. > -fstack-protector-strong -fstack-clash-protection -Wformat > -Werror=format-security -fcf-protection -c -o > nix/boost/format/libformat_a-free_funcs.o `test -f > 'nix/boost/format/free_funcs.cc' || echo './'`nix/boost/format/free_funcs.cc > In file included from nix/libutil/seccomp.cc:3: > ./nix/libutil/seccomp.hh:209:5: error: ‘uint32_t’ does not name a type > 209 | uint32_t low; /* inclusive */ > | ^~~~~~~~ > ./nix/libutil/seccomp.hh:7:1: note: ‘uint32_t’ is defined in header > ‘<cstdint>’; this is probably fixable by adding ‘#include <cstdint>’ > 6 | #include <linux/filter.h> > +++ |+#include <cstdint> > > Which appears to be fixed with patching seccomp.hh: > > --- guix-debian.orig/nix/libutil/seccomp.hh > +++ guix-debian/nix/libutil/seccomp.hh > @@ -1,6 +1,7 @@ > #pragma once > > #include "util.hh" > +#include <cstdint> > #include <linux/audit.h> /* For AUDIT_ARCH_* */ > #include <linux/seccomp.h> > #include <linux/filter.h> > > Although I get a few test suite failures... > > But that is progress!
Though I have appeared to have stalled out at this point... Has anyone else made further progress? Given that Debian is deeply frozen and we do not yet have a viable path forward, this very likely means both that Guix will be removed from Debian Trixie (scheduled to released as stable August 9th), and most likely also from Bookworm (stable) and Bullseye (oldstable) unless we get some viable backported patches in under a week... In retrospect, trying to maintain Guix in a distribution with a stable release cycle (e.g. Debian), while Guix strives to be a rolling release... it was just lack of development on the guix daemon that made it possible to backport security patches for the last 4.5 years or so; it was maybe not such a good idea. The tension between feature development and not changing very often is always a challenge! Maybe if guix starts releasing regularly again and there is a team of folks working on backporting security fixes to prior releases, it would make sense to try again... at the moment I have my doubts. live well, vagrant
signature.asc
Description: PGP signature
