GNU bug report logs -
#70350
[PATCH] pack: ‘-R’ (once) does not include fakechroot fallback.
Previous Next
To reply to this bug, email your comments to 70350 AT debbugs.gnu.org.
There is no need to reopen the bug first.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
guix <at> cbaines.net, dev <at> jpoiret.xyz, ludo <at> gnu.org, othacehe <at> gnu.org, rekado <at> elephly.net, zimon.toutoune <at> gmail.com, me <at> tobias.gr, guix-patches <at> gnu.org:
bug#70350; Package
guix-patches.
(Fri, 12 Apr 2024 10:02:05 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Ludovic Courtès <ludo <at> gnu.org>:
New bug report received and forwarded. Copy sent to
guix <at> cbaines.net, dev <at> jpoiret.xyz, ludo <at> gnu.org, othacehe <at> gnu.org, rekado <at> elephly.net, zimon.toutoune <at> gmail.com, me <at> tobias.gr, guix-patches <at> gnu.org.
(Fri, 12 Apr 2024 10:02:05 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
From: Ludovic Courtès <ludovic.courtes <at> inria.fr>
Previously, ‘guix pack -R’ would build a wrapper containing both the
“userns” and “fakechroot” engines, instead of providing nothing but the
“userns” engine as the manual says. This patch fixes it.
* guix/scripts/pack.scm (wrapped-package): Add #:fakechroot?
[build]: When FAKECHROOT? is false, ‘elf-loader-compile-flags’ always
returns '().
Change-Id: Ic75cc8c36bf0a3881f299b274d78bd9fc2d4e2bb
---
guix/scripts/pack.scm | 78 ++++++++++++++++++++++---------------------
1 file changed, 40 insertions(+), 38 deletions(-)
Hello!
I stumbled upon the bug whereby ‘guix pack -RR’, just like (guix build
gremlins), loads entire ELF files in memory just to parse them, which
can OOM if said files are large enough:
https://issues.guix.gnu.org/59365#4
I thought passing a single ‘-R’ would allow me to work around the
problem, since the fakechroot engine was not supposed to be compiled
in this case, but it turns out it was.
This patch makes ‘guix pack’ conform with the doc: with a single ‘-R’,
only the “userns” engine gets compiled.
Thoughts?
Ludo’.
diff --git a/guix/scripts/pack.scm b/guix/scripts/pack.scm
index 3e45c34895..fe4df042d7 100644
--- a/guix/scripts/pack.scm
+++ b/guix/scripts/pack.scm
@@ -1,5 +1,5 @@
;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2015, 2017-2023 Ludovic Courtès <ludo <at> gnu.org>
+;;; Copyright © 2015, 2017-2024 Ludovic Courtès <ludo <at> gnu.org>
;;; Copyright © 2017, 2018 Ricardo Wurmus <rekado <at> elephly.net>
;;; Copyright © 2018 Konrad Hinsen <konrad.hinsen <at> fastmail.net>
;;; Copyright © 2018 Chris Marusich <cmmarusich <at> gmail.com>
@@ -1066,10 +1066,11 @@ (define* (wrapped-package package
#:optional
(output* "out")
(compiler (c-compiler))
- #:key proot?)
+ #:key proot? (fakechroot? proot?))
"Return the OUTPUT of PACKAGE with its binaries wrapped such that they are
relocatable. When PROOT? is true, include PRoot in the result and use it as a
-last resort for relocation."
+last resort for relocation. When FAKECHROOT? is true, include
+libfakechroot.so and related ld.so machinery as a fallback."
(define runner
(local-file (search-auxiliary-file "run-in-namespace.c")))
@@ -1161,43 +1162,44 @@ (define* (wrapped-package package
(define (elf-loader-compile-flags program)
;; Return the cpp flags defining macros for the ld.so/fakechroot
;; wrapper of PROGRAM.
+ #$(if fakechroot?
+ ;; TODO: Handle scripts by wrapping their interpreter.
+ #~(if (elf-file? program)
+ (let* ((bv (call-with-input-file program
+ get-bytevector-all))
+ (elf (parse-elf bv))
+ (interp (elf-interpreter elf))
+ (gconv (and interp
+ (string-append (dirname interp)
+ "/gconv"))))
+ (if interp
+ (list (string-append "-DPROGRAM_INTERPRETER=\""
+ interp "\"")
+ (string-append "-DFAKECHROOT_LIBRARY=\""
+ #$(fakechroot-library) "\"")
- ;; TODO: Handle scripts by wrapping their interpreter.
- (if (elf-file? program)
- (let* ((bv (call-with-input-file program
- get-bytevector-all))
- (elf (parse-elf bv))
- (interp (elf-interpreter elf))
- (gconv (and interp
- (string-append (dirname interp)
- "/gconv"))))
- (if interp
- (list (string-append "-DPROGRAM_INTERPRETER=\""
- interp "\"")
- (string-append "-DFAKECHROOT_LIBRARY=\""
- #$(fakechroot-library) "\"")
+ (string-append "-DLOADER_AUDIT_MODULE=\""
+ #$(audit-module) "\"")
- (string-append "-DLOADER_AUDIT_MODULE=\""
- #$(audit-module) "\"")
-
- ;; XXX: Normally (runpath #$(audit-module)) is
- ;; enough. However, to work around
- ;; <https://sourceware.org/bugzilla/show_bug.cgi?id=26634>
- ;; (glibc <= 2.32), pass the whole search path of
- ;; PROGRAM, which presumably is a superset of that
- ;; of the audit module.
- (string-append "-DLOADER_AUDIT_RUNPATH={ "
- (string-join
- (map object->string
- (runpath program))
- ", " 'suffix)
- "NULL }")
- (if gconv
- (string-append "-DGCONV_DIRECTORY=\""
- gconv "\"")
- "-UGCONV_DIRECTORY"))
- '()))
- '()))
+ ;; XXX: Normally (runpath #$(audit-module)) is
+ ;; enough. However, to work around
+ ;; <https://sourceware.org/bugzilla/show_bug.cgi?id=26634>
+ ;; (glibc <= 2.32), pass the whole search path of
+ ;; PROGRAM, which presumably is a superset of that
+ ;; of the audit module.
+ (string-append "-DLOADER_AUDIT_RUNPATH={ "
+ (string-join
+ (map object->string
+ (runpath program))
+ ", " 'suffix)
+ "NULL }")
+ (if gconv
+ (string-append "-DGCONV_DIRECTORY=\""
+ gconv "\"")
+ "-UGCONV_DIRECTORY"))
+ '()))
+ '())
+ #~'()))
(define (build-wrapper program)
;; Build a user-namespace wrapper for PROGRAM.
base-commit: 4e7337536ba41e888a601c92fada8a4adca9d2c6
--
2.41.0
Reply sent
to
Ludovic Courtès <ludo <at> gnu.org>:
You have taken responsibility.
(Mon, 29 Apr 2024 22:33:01 GMT)
Full text and
rfc822 format available.
Notification sent
to
Ludovic Courtès <ludo <at> gnu.org>:
bug acknowledged by developer.
(Mon, 29 Apr 2024 22:33:01 GMT)
Full text and
rfc822 format available.
Message #10 received at 70350-done <at> debbugs.gnu.org (full text, mbox):
Ludovic Courtès <ludo <at> gnu.org> skribis:
> From: Ludovic Courtès <ludovic.courtes <at> inria.fr>
>
> Previously, ‘guix pack -R’ would build a wrapper containing both the
> “userns” and “fakechroot” engines, instead of providing nothing but the
> “userns” engine as the manual says. This patch fixes it.
>
> * guix/scripts/pack.scm (wrapped-package): Add #:fakechroot?
> [build]: When FAKECHROOT? is false, ‘elf-loader-compile-flags’ always
> returns '().
>
> Change-Id: Ic75cc8c36bf0a3881f299b274d78bd9fc2d4e2bb
Pushed as a15db2ee5090441c08d9a642d9284ef3ccdd95d0.
Ludo'.
This bug report was last modified 4 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.