From 8db4ebb0cd9bfdcf1aea63eb8d20eb6af0c87c93 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Tue, 20 Oct 2020 09:18:07 +0200 Subject: packages: Better preserve object identity when rewriting. Fixes a bug whereby the presence of propagated inputs could lead to two non-eq? but actually equal packages in a bag's inputs. The problem would manifest itself when running, for instance: guix build inkscape -d --with-graft=glib=glib-networking --no-grafts The resulting derivation would differ due from that without '--with-graft'. This was due to the fact that glib propagates libffi; this instance of libffi was not rewritten even though other instances in the graph were rewritten. Thus, glib would end up with two non-eq? libffi instances, which in turn would lead to duplicate entries in its '%build-inputs' variable. Fixes . * guix/packages.scm (package-mapping)[rewrite]: Remove call to 'cut?' and call 'replace' unconditionally. [replace]: Add 'cut?' case. * tests/guix-build.sh: Add test combining '--no-grafts' and '--with-graft'. * tests/packages.scm ("package-input-rewriting/spec, identity") ("package-input-rewriting, identity"): New tests. --- tests/guix-build.sh | 6 ++++++ tests/packages.scm | 43 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 49 insertions(+) (limited to 'tests') diff --git a/tests/guix-build.sh b/tests/guix-build.sh index 4a58ea1476..b7602e668c 100644 --- a/tests/guix-build.sh +++ b/tests/guix-build.sh @@ -289,6 +289,12 @@ drv1=`guix build glib -d` drv2=`guix build glib -d --with-input=libreoffice=inkscape` test "$drv1" = "$drv2" +# '--with-graft' should have no effect when using '--no-grafts'. +# See . +drv1=`guix build inkscape -d --no-grafts` +drv2=`guix build inkscape -d --no-grafts --with-graft=glib=glib-networking` +test "$drv1" = "$drv2" + # Rewriting implicit inputs. drv1=`guix build hello -d` drv2=`guix build hello -d --with-input=gcc=gcc-toolchain` diff --git a/tests/packages.scm b/tests/packages.scm index 2d13d91344..18e8e16e74 100644 --- a/tests/packages.scm +++ b/tests/packages.scm @@ -1450,6 +1450,49 @@ (define toolchain-packages (eq? foo grep) (eq? bar dep)))))) +(test-assert "package-input-rewriting/spec, identity" + ;; Make sure that 'package-input-rewriting/spec' doesn't gratuitously + ;; introduce variants. In this case, the LIBFFI propagated input should not + ;; be duplicated when passing GOBJECT through REWRITE. + ;; See . + (let* ((libffi (dummy-package "libffi" + (build-system trivial-build-system))) + (glib (dummy-package "glib" + (build-system trivial-build-system) + (propagated-inputs `(("libffi" ,libffi))))) + (gobject (dummy-package "gobject-introspection" + (build-system trivial-build-system) + (inputs `(("glib" ,glib))) + (propagated-inputs `(("libffi" ,libffi))))) + (rewrite (package-input-rewriting/spec + `(("glib" . ,identity))))) + (and (= (length (package-transitive-inputs gobject)) + (length (package-transitive-inputs (rewrite gobject)))) + (string=? (derivation-file-name + (package-derivation %store (rewrite gobject))) + (derivation-file-name + (package-derivation %store gobject)))))) + +(test-assert "package-input-rewriting, identity" + ;; Similar to the test above, but with 'package-input-rewriting'. + ;; See . + (let* ((libffi (dummy-package "libffi" + (build-system trivial-build-system))) + (glib (dummy-package "glib" + (build-system trivial-build-system) + (propagated-inputs `(("libffi" ,libffi))))) + (gobject (dummy-package "gobject-introspection" + (build-system trivial-build-system) + (inputs `(("glib" ,glib))) + (propagated-inputs `(("libffi" ,libffi))))) + (rewrite (package-input-rewriting `((,glib . ,glib))))) + (and (= (length (package-transitive-inputs gobject)) + (length (package-transitive-inputs (rewrite gobject)))) + (string=? (derivation-file-name + (package-derivation %store (rewrite gobject))) + (derivation-file-name + (package-derivation %store gobject)))))) + (test-equal "package-patched-vulnerabilities" '(("CVE-2015-1234") ("CVE-2016-1234" "CVE-2018-4567") -- cgit v1.2.3