From c1d81df93d4b67671fc4a8e0a80c0f02c5821663 Mon Sep 17 00:00:00 2001
From: Diego Nicola Barbato <dnbarbato@posteo.de>
Date: Mon, 16 Mar 2020 18:43:20 +0100
Subject: download: Use correct system and guile in 'url-fetch/tarbomb' and
 'url-fetch/zipbomb'.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Fixes <https://bugs.gnu.org/40115>.

Previously the result of `guix build -s $system $package' would depend on the
system Guix was built for if $package or one of its dependencies used
'url-fetch/tarbomb' or 'url-fetch/zipbomb' as the origin method of its
source (e.g. `guix build -s i686-linux ffmpeg' on i686-linux would build a
different derivation than on x86_64-linux).

This patch fixes this by explicitly passing the correct system and guile to
'gexp->derivation'.

* guix/download.scm (url-fetch/tarbomb): Pass #:system system and
  #:guile-for-build guile to 'gexp->derivation', where guile is the derivation
  of guile for system.
  (url-fetch/zipbomb): Likewise.

Signed-off-by: Ludovic Courtès <ludo@gnu.org>
---
 guix/download.scm | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

(limited to 'guix')

diff --git a/guix/download.scm b/guix/download.scm
index 91a2b4ce5f..c3dc5a208c 100644
--- a/guix/download.scm
+++ b/guix/download.scm
@@ -531,7 +531,8 @@ own.  This helper makes it easier to deal with \"tar bombs\"."
                                       (string-append "tarbomb-"
                                                      (or name file-name))
                                       #:system system
-                                      #:guile guile)))
+                                      #:guile guile))
+                      (guile (package->derivation guile system)))
     ;; Take the tar bomb, and simply unpack it as a directory.
     ;; Use ungrafted tar/gzip so that the resulting tarball doesn't depend on
     ;; whether grafts are enabled.
@@ -544,6 +545,8 @@ own.  This helper makes it easier to deal with \"tar bombs\"."
                             (chdir #$output)
                             (invoke (string-append #$tar "/bin/tar")
                                     "xf" #$drv)))
+                      #:system system
+                      #:guile-for-build guile
                       #:graft? #f
                       #:local-build? #t)))
 
@@ -566,7 +569,8 @@ own.  This helper makes it easier to deal with \"zip bombs\"."
                                       (string-append "zipbomb-"
                                                      (or name file-name))
                                       #:system system
-                                      #:guile guile)))
+                                      #:guile guile))
+                      (guile (package->derivation guile system)))
     ;; Take the zip bomb, and simply unpack it as a directory.
     ;; Use ungrafted unzip so that the resulting tarball doesn't depend on
     ;; whether grafts are enabled.
@@ -578,6 +582,8 @@ own.  This helper makes it easier to deal with \"zip bombs\"."
                             (chdir #$output)
                             (invoke (string-append #$unzip "/bin/unzip")
                                     #$drv)))
+                      #:system system
+                      #:guile-for-build guile
                       #:graft? #f
                       #:local-build? #t)))
 
-- 
cgit v1.2.3


From d95252baf97adb261dd823d4e7a74a7522815c1c Mon Sep 17 00:00:00 2001
From: Efraim Flashner <efraim@flashner.co.il>
Date: Fri, 10 Apr 2020 00:29:56 +0300
Subject: lint: Check for inappropriate inputs in propagated-inputs too.

* guix/lint.scm (check-inputs-should-be-native): Also check the
propagated inputs of the package.
---
 guix/lint.scm | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'guix')

diff --git a/guix/lint.scm b/guix/lint.scm
index 72582cfffb..bda5c0cd77 100644
--- a/guix/lint.scm
+++ b/guix/lint.scm
@@ -7,7 +7,7 @@
 ;;; Copyright © 2016 Hartmut Goebel <h.goebel@crazy-compilers.com>
 ;;; Copyright © 2017 Alex Kost <alezost@gmail.com>
 ;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
-;;; Copyright © 2017, 2018 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2017, 2018, 2020 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2018, 2019 Arun Isaac <arunisaac@systemreboot.net>
 ;;;
 ;;; This file is part of GNU Guix.
@@ -286,7 +286,8 @@ of a package, and INPUT-NAMES, a list of package specifications such as
 (define (check-inputs-should-be-native package)
   ;; Emit a warning if some inputs of PACKAGE are likely to belong to its
   ;; native inputs.
-  (let ((inputs (package-inputs package))
+  (let ((inputs (append (package-inputs package)
+                        (package-propagated-inputs package)))
         (input-names
          '("pkg-config"
             "autoconf"
-- 
cgit v1.2.3


From 92587f8ed6b5217cf02cfdaf208a78491729da15 Mon Sep 17 00:00:00 2001
From: Ludovic Courtès <ludo@gnu.org>
Date: Fri, 10 Apr 2020 15:58:01 +0200
Subject: lint: 'check-patch-file-names' restricts to shorter file names.

* guix/lint.scm (check-patch-file-names): Increase MARGIN.
---
 guix/lint.scm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'guix')

diff --git a/guix/lint.scm b/guix/lint.scm
index bda5c0cd77..e192f292a4 100644
--- a/guix/lint.scm
+++ b/guix/lint.scm
@@ -686,7 +686,7 @@ patch could not be found."
 
      ;; Check whether we're reaching tar's maximum file name length.
      (let ((prefix (string-length (%distro-directory)))
-           (margin (string-length "guix-0.13.0-10-123456789/"))
+           (margin (string-length "guix-2.0.0rc3-10000-1234567890/"))
            (max    99))
        (filter-map (match-lambda
                      ((? string? patch)
-- 
cgit v1.2.3