GNU bug report logs - #40115
[PATCH] download: Use correct system and guile in 'url-fetch/tarbomb' and 'url-fetch/zipbomb'.

Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.

Package: guix-patches; Reported by: Diego Nicola Barbato <dnbarbato@HIDDEN>; Keywords: patch; dated Wed, 18 Mar 2020 12:06:01 UTC; Maintainer for guix-patches is guix-patches@HIDDEN.

Message received at 40115 <at> debbugs.gnu.org:


Received: (at 40115) by debbugs.gnu.org; 30 Mar 2020 20:12:07 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Mon Mar 30 16:12:07 2020
Received: from localhost ([127.0.0.1]:35149 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1jJ0lT-0002XQ-9X
	for submit <at> debbugs.gnu.org; Mon, 30 Mar 2020 16:12:07 -0400
Received: from mout01.posteo.de ([185.67.36.65]:34407)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <dnbarbato@HIDDEN>) id 1jJ0lR-0002Wv-9e
 for 40115 <at> debbugs.gnu.org; Mon, 30 Mar 2020 16:12:06 -0400
Received: from submission (posteo.de [89.146.220.130]) 
 by mout01.posteo.de (Postfix) with ESMTPS id C90AE16005F
 for <40115 <at> debbugs.gnu.org>; Mon, 30 Mar 2020 22:11:58 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=posteo.de; s=2017;
 t=1585599118; bh=9c4ZTvnI3PQMlkWy6qDKELAgRWGf/wJqP2B3H2ZpTEE=;
 h=From:To:Subject:Date:From;
 b=iItRqL9u0NfmmZvc1xKlsDVGgDIeGHarTNT8P9JkdRVdmtjbtGaIuGwR2OgFZGFiI
 XKKoyplqenSnEqC78oMa1oajdWx9MaxDwcopCp7xKoiCvgeXifSClnDPOc9jZ++ijb
 gTainKDdErELgQGlDMRwBCe0iFJmm+J1TmvL6/TIhJHpvRu5P+ENOwKu+dUX1887hB
 8Cd6LFwI7cGLxyNLsBMDJyq/fNW3SAYxUq/Cft/DPXyCtNvhZsIWNRpUqhdQ4cSLyc
 e9+9zDsmJbrd83VTr1DaN6pDoVY582pJBiCHo2EliJj1GolsSv6MhiPCgsQnK81lj4
 UWi1k4evnZs9w==
Received: from customer (localhost [127.0.0.1])
 by submission (posteo.de) with ESMTPSA id 48rkBk0MBcz6tmD
 for <40115 <at> debbugs.gnu.org>; Mon, 30 Mar 2020 22:11:57 +0200 (CEST)
From: Diego Nicola Barbato <dnbarbato@HIDDEN>
To: 40115 <at> debbugs.gnu.org
Subject: Re: [PATCH] download: Use correct system and guile in
 'url-fetch/tarbomb' and 'url-fetch/zipbomb'.
References: <87d09927hw.fsf@HIDDEN>
Date: Mon, 30 Mar 2020 22:11:57 +0200
In-Reply-To: <87d09927hw.fsf@HIDDEN> (Diego Nicola Barbato's message of
 "Wed, 18 Mar 2020 13:05:31 +0100")
Message-ID: <871rp9d2lu.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="=-=-="
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 40115
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

--=-=-=
Content-Type: text/plain

Hey Guix,

Here's some additional information.

Diego Nicola Barbato <dnbarbato@HIDDEN> writes:

> The attached patch fixes a bug where e.g.
>
>   guix build -s i686-linux ffmpeg
>
> builds a different derivation on i686-linux than on x86_64-linux.  This
> doesn't just affect ffmpeg but a whole class of packages which use or
> depend on a package that uses 'url-fetch/tarbomb' or 'url-fetch/zipbomb'
> as the origin method of its source.  That's around 334 packages, among
> them diffoscope, enlightenment, gnome, ungoogled-chromium, and wine.

The number (348 for commit 151f3d4) and full list of affected packages
can be computed by loading the attached script [0] into `guix repl' and
running `(show-affected-packages)'.

> The problem is fixed by explicitly passing the correct #:system and
> #:guile-for-build to 'gexp->derivation' (as is done in other origin
> methods such as 'git-fetch' or 'hg-fetch').
>
> This shouldn't trigger any rebuils as it only affects the behaviour of
> `guix build -s $system $package' if $system differs from the system type
> of Guix itself.

A closer look at some derivations and outputs suggests that this patch
will actually trigger rebuilds for all affected packages on all systems
except x86_64 because the build farm currently builds the wrong
derivations as can be seen for e.g. QEMU by comparing the build on
Cuirass

  https://ci.guix.gnu.org/build/2442001/details

with the derivations computed by

  guix build -s i686-linux --no-grafts -d qemu

on i686-linux and x86_64-linux (commit 151f3d4) respectively:

  Cuirass:
    /gnu/store/wc2k8h4iahbnfvl35220hvdx6mc70v7l-qemu-4.2.0.drv
    /gnu/store/fjg87f21qdzi7h5pqsxpd6rlf9mcy58h-qemu-4.2.0        <~
  i686-linux:
    /gnu/store/019ccjdh1nxfkpjyzwmirvif1ra9v3lh-qemu-4.2.0.drv
    /gnu/store/8a0cg5ip9967y54gkwskfxmiwwk9mf1b-qemu-4.2.0
  x86_64-linux:
    /gnu/store/iajzrw7lahcyhgyr7anmcjxa33607nqh-qemu-4.2.0.drv
    /gnu/store/fjg87f21qdzi7h5pqsxpd6rlf9mcy58h-qemu-4.2.0        <~

Consequently no substitutes are available for the affected packages on
systems other than x86_64-linux as witnessed by the different number of
available substitutes reported by

  guix weather -s i686-linux -m tarbomb-zipbomb-manifest-small.scm

on i686-linux

--8<---------------cut here---------------start------------->8---
computing 37 package derivations for i686-linux...
looking for 37 store items on https://ci.guix.gnu.org...
https://ci.guix.gnu.org
  18.9% substitutes available (7 out of 37)
  at least 2.3 MiB of nars (compressed)
  5.1 MiB on disk (uncompressed)
  0.001 seconds per request (0.0 seconds in total)
  1028.5 requests per second
  'https://ci.guix.gnu.org/api/queue?nr=1000' returned 504 ("Gateway Time-out")
--8<---------------cut here---------------end--------------->8---

and on x86_64-linux

--8<---------------cut here---------------start------------->8---
computing 37 package derivations for i686-linux...
looking for 37 store items on https://ci.guix.gnu.org...
https://ci.guix.gnu.org
  81.1% substitutes available (30 out of 37)
  at least 165.9 MiB of nars (compressed)
  423.3 MiB on disk (uncompressed)
  0.001 seconds per request (0.1 seconds in total)
  703.3 requests per second
  'https://ci.guix.gnu.org/api/queue?nr=1000' returned 504 ("Gateway Time-out")
--8<---------------cut here---------------end--------------->8---

I have attached manifest files for the packages directly using
`url-fetch/tarbomb' or `url-fetch/zipbomb' [1] and for all affected
packages [2] (they use the aforementioned script).

I think this patch can go on master even though it triggers more than
300 rebuilds, since there are currently no substitutes available for the
affected packages anyway.

Regards,

Diego

PS I hope I got all the terminology (e.g. computing vs. building a
derivation) right.

[0]: 
--=-=-=
Content-Type: application/octet-stream
Content-Disposition: attachment; filename=uses-tarbomb-zipbomb.scm
Content-Transfer-Encoding: base64

KHVzZS1tb2R1bGVzIChnbnUgcGFja2FnZXMpCiAgICAgICAgICAgICAoZ3VpeCBwYWNrYWdlcykK
ICAgICAgICAgICAgIChndWl4IGRvd25sb2FkKQogICAgICAgICAgICAgKHNyZmkgc3JmaS0xKSkK
CihkZWZpbmUgKHVzZXMtb3JpZ2luLW1ldGhvZHM/IG1ldGhvZHMgcGFja2FnZSkKICAoYW5kIChw
YWNrYWdlLXNvdXJjZSBwYWNrYWdlKQogICAgICAgKGlmIChsaXN0PyBtZXRob2RzKQogICAgICAg
ICAgIChhbmQKICAgICAgICAgICAgKG1lbWJlciAob3JpZ2luLW1ldGhvZCAocGFja2FnZS1zb3Vy
Y2UgcGFja2FnZSkpIG1ldGhvZHMpCiAgICAgICAgICAgICN0KQogICAgICAgICAgIChlcT8gKG9y
aWdpbi1tZXRob2QgKHBhY2thZ2Utc291cmNlIHBhY2thZ2UpKSBtZXRob2RzKSkpKQoKKGRlZmlu
ZSAoc29tZWhvdy1kZXBlbmRzLW9uLW9yaWdpbi1tZXRob2RzPyBtZXRob2RzIHBhY2thZ2UpCiAg
KG5vdAogICAobnVsbD8KICAgIChmb2xkCiAgICAgKGxhbWJkYSAocCBsc3QpCiAgICAgICAoaWYg
KHVzZXMtb3JpZ2luLW1ldGhvZHM/IG1ldGhvZHMgcCkKICAgICAgICAgICAoY29ucyBwIGxzdCkK
ICAgICAgICAgICBsc3QpKQogICAgICcoKQogICAgIChwYWNrYWdlLWNsb3N1cmUgKGxpc3QgcGFj
a2FnZSkpKSkpKQoKKGRlZmluZSAoYWxsLWRpcmVjdGx5LWFmZmVjdGVkLXBhY2thZ2VzIG1ldGhv
ZHMpCiAgKGZvbGQtcGFja2FnZXMKICAgKGxhbWJkYSAocCByKQogICAgIChpZiAodXNlcy1vcmln
aW4tbWV0aG9kcz8gbWV0aG9kcyBwKQogICAgICAgICAoY29ucyBwIHIpIHIpKQogICAnKCkpKQoK
KGRlZmluZSAoYWxsLWFmZmVjdGVkLXBhY2thZ2VzIG1ldGhvZHMpCiAgKGZvbGQtcGFja2FnZXMK
ICAgKGxhbWJkYSAocCByKQogICAgIChpZiAoc29tZWhvdy1kZXBlbmRzLW9uLW9yaWdpbi1tZXRo
b2RzPyBtZXRob2RzIHApCiAgICAgICAgIChjb25zIHAgcikgcikpCiAgICcoKSkpCgooZGVmaW5l
IChwYWNrYWdlLW5hbWUrdmVyc2lvbiBwYWNrYWdlKQogIChzdHJpbmctYXBwZW5kCiAgIChwYWNr
YWdlLW5hbWUgcGFja2FnZSkKICAgIkAiCiAgIChwYWNrYWdlLXZlcnNpb24gcGFja2FnZSkpKQoK
KGRlZmluZSAoZGlzcGxheS1hZmZlY3RlZC1wYWNrYWdlcykKICAobGV0ICgodGFyYm9tYit6aXBi
b21iLWRpcmVjdAogICAgICAgICAoYWxsLWRpcmVjdGx5LWFmZmVjdGVkLXBhY2thZ2VzIGAoLHVy
bC1mZXRjaC90YXJib21iICx1cmwtZmV0Y2gvemlwYm9tYikpKQogICAgICAgICh0YXJib21iK3pp
cGJvbWItYWxsCiAgICAgICAgIChhbGwtYWZmZWN0ZWQtcGFja2FnZXMgYCgsdXJsLWZldGNoL3Rh
cmJvbWIgLHVybC1mZXRjaC96aXBib21iKSkpKQogICAgKGZvcm1hdCAjdCAifiZ+ZCBwYWNrYWdl
cyB1c2UgdXJsLWZldGNoL3RhcmJvbWIgb3IgdXJsLWZldGNoL3ppcGJvbWI6fgogICAgICAgICAg
ICAgICAgfiZ+e35hfkB7IH5hfn1+fX4lfgogICAgICAgICAgICAgICAgfiZ+ZCBwYWNrYWdlcyBk
ZXBlbmQgaW5kaXJlY3RseSBvbiB1cmwtZmV0Y2gvdGFyYm9tYiBvciB1cmwtZmV0Y2gvemlwYm9t
Yjp+CiAgICAgICAgICAgICAgICB+Jn57fmF+QHsgfmF+fX59fiV+IgogICAgICAgICAgICAobGVu
Z3RoIHRhcmJvbWIremlwYm9tYi1kaXJlY3QpCiAgICAgICAgICAgIChzb3J0IChtYXAgcGFja2Fn
ZS1uYW1lK3ZlcnNpb24gdGFyYm9tYit6aXBib21iLWRpcmVjdCkgc3RyaW5nPCkKICAgICAgICAg
ICAgKGxlbmd0aCB0YXJib21iK3ppcGJvbWItYWxsKQogICAgICAgICAgICAoc29ydCAobWFwIHBh
Y2thZ2UtbmFtZSt2ZXJzaW9uIHRhcmJvbWIremlwYm9tYi1hbGwpIHN0cmluZzwpKSkpCg==
--=-=-=
Content-Type: text/plain

[1]: 
--=-=-=
Content-Type: application/octet-stream
Content-Disposition: attachment; filename=tarbomb-zipbomb-manifest-small.scm
Content-Transfer-Encoding: base64

OzsgRXZhbHVhdGUgdG8gYSBtYW5pZmVzdCBjb250YWluaW5nIGFsbCBwYWNrYWdlcyB0aGF0IHVz
ZQo7OyBgdXJsLWZldGNoL3RhcmJvbWInIG9yIGB1cmwtZmV0Y2gvemlwYm9tYicgYXMgdGhlIG9y
aWdpbi1tZXRob2Qgb2YKOzsgdGhlaXIgc291cmNlLgoobG9hZCAidXNlcy10YXJib21iLXppcGJv
bWIuc2NtIikKKHBhY2thZ2VzLT5tYW5pZmVzdAogKGFsbC1kaXJlY3RseS1hZmZlY3RlZC1wYWNr
YWdlcyBgKCx1cmwtZmV0Y2gvdGFyYm9tYiAsdXJsLWZldGNoL3ppcGJvbWIpKSkK
--=-=-=
Content-Type: text/plain

[2]: 
--=-=-=
Content-Type: application/octet-stream
Content-Disposition: attachment; filename=tarbomb-zipbomb-manifest-full.scm
Content-Transfer-Encoding: base64

OzsgRXZhbHVhdGUgdG8gYSBtYW5pZmVzdCBjb250YWluaW5nIGFsbCBwYWNrYWdlcyB0aGF0IHNv
bWVob3cgZGVwZW5kCjs7IG9uIGB1cmwtZmV0Y2gvdGFyYm9tYicgb3IgYHVybC1mZXRjaC96aXBi
b21iJy4KKGxvYWQgInVzZXMtdGFyYm9tYi16aXBib21iLnNjbSIpCihwYWNrYWdlcy0+bWFuaWZl
c3QKIChhbGwtYWZmZWN0ZWQtcGFja2FnZXMgYCgsdXJsLWZldGNoL3RhcmJvbWIgLHVybC1mZXRj
aC96aXBib21iKSkpCg==
--=-=-=--




Information forwarded to guix-patches@HIDDEN:
bug#40115; Package guix-patches. Full text available.

Message received at submit <at> debbugs.gnu.org:


Received: (at submit) by debbugs.gnu.org; 18 Mar 2020 12:05:44 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Wed Mar 18 08:05:43 2020
Received: from localhost ([127.0.0.1]:39941 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1jEXSB-0004FC-IM
	for submit <at> debbugs.gnu.org; Wed, 18 Mar 2020 08:05:43 -0400
Received: from lists.gnu.org ([209.51.188.17]:54589)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <dnbarbato@HIDDEN>) id 1jEXS9-0004F4-Vt
 for submit <at> debbugs.gnu.org; Wed, 18 Mar 2020 08:05:42 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:35203)
 by lists.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <dnbarbato@HIDDEN>) id 1jEXS7-0006C5-Dq
 for guix-patches@HIDDEN; Wed, 18 Mar 2020 08:05:41 -0400
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
 URIBL_BLOCKED autolearn=disabled version=3.3.2
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <dnbarbato@HIDDEN>) id 1jEXS5-0006qz-MI
 for guix-patches@HIDDEN; Wed, 18 Mar 2020 08:05:39 -0400
Received: from mout01.posteo.de ([185.67.36.65]:36800)
 by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)
 (Exim 4.71) (envelope-from <dnbarbato@HIDDEN>) id 1jEXS4-0006dI-AE
 for guix-patches@HIDDEN; Wed, 18 Mar 2020 08:05:36 -0400
Received: from submission (posteo.de [89.146.220.130]) 
 by mout01.posteo.de (Postfix) with ESMTPS id 8339E16005E
 for <guix-patches@HIDDEN>; Wed, 18 Mar 2020 13:05:32 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=posteo.de; s=2017;
 t=1584533132; bh=ZECccJPE2xxApJN99JZCaU3EhSp5gdG1EuLGZgOgmLs=;
 h=From:To:Subject:Date:From;
 b=WHNS4lbwpkw5FI9lJ49Y1+Kfy89WFaPEJN6Bij0excdpusaTo34y7UvJlCOqxdqQU
 r4F6obMeYc7SvsP6VMPiTltISpLntSIzyckf+bJ+deizYl4VkUspsWCGNoCANx16Pc
 z6zU+Tt7A9WHmJa5Xf3wSvk6OaSGkHDps72uf3xDtLGSH4eieXyOJWAgYLs+zbpUva
 wJ4kzafXrpJXOsghkLpxs5iTC4kxi7pXCWxaQ/pRhxfAtlVqAoD8IDOF9APBfM8kHq
 MJgoiLy2hzq1le45vQFypTuU1uIrhEI67cJ6Lbk64hxYbRve3wgmiUpMVzPwlPSqOZ
 32nUc9KqLAwpQ==
Received: from customer (localhost [127.0.0.1])
 by submission (posteo.de) with ESMTPSA id 48j7yz6Jd4z6tmL
 for <guix-patches@HIDDEN>; Wed, 18 Mar 2020 13:05:31 +0100 (CET)
From: Diego Nicola Barbato <dnbarbato@HIDDEN>
To: guix-patches@HIDDEN
Subject: [PATCH] download: Use correct system and guile in 'url-fetch/tarbomb'
 and 'url-fetch/zipbomb'.
Date: Wed, 18 Mar 2020 13:05:31 +0100
Message-ID: <87d09927hw.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="=-=-="
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
 [fuzzy]
X-Received-From: 185.67.36.65
X-Spam-Score: 0.3 (/)
X-Debbugs-Envelope-To: submit
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.7 (/)

--=-=-=
Content-Type: text/plain

Hi Guix,

The attached patch fixes a bug where e.g.

  guix build -s i686-linux ffmpeg

builds a different derivation on i686-linux than on x86_64-linux.  This
doesn't just affect ffmpeg but a whole class of packages which use or
depend on a package that uses 'url-fetch/tarbomb' or 'url-fetch/zipbomb'
as the origin method of its source.  That's around 334 packages, among
them diffoscope, enlightenment, gnome, ungoogled-chromium, and wine.

The problem is fixed by explicitly passing the correct #:system and
#:guile-for-build to 'gexp->derivation' (as is done in other origin
methods such as 'git-fetch' or 'hg-fetch').

This shouldn't trigger any rebuils as it only affects the behaviour of
`guix build -s $system $package' if $system differs from the system type
of Guix itself.

Regards,

Diego


--=-=-=
Content-Type: text/x-patch
Content-Disposition: attachment;
 filename=0001-download-Use-correct-system-and-guile-in-url-fetch-t.patch

From 85594ce40c98ac5763b8295e2358567c6920188e Mon Sep 17 00:00:00 2001
From: Diego Nicola Barbato <dnbarbato@HIDDEN>
Date: Mon, 16 Mar 2020 18:43:20 +0100
Subject: [PATCH] download: Use correct system and guile in 'url-fetch/tarbomb'
 and 'url-fetch/zipbomb'.

Previously the result of `guix build -s $system $package' would depend on the
system Guix was built for if $package or one of its dependencies used
'url-fetch/tarbomb' or 'url-fetch/zipbomb' as the origin method of its
source (e.g. `guix build -s i686-linux ffmpeg' on i686-linux would build a
different derivation than on x86_64-linux).

This patch fixes this by explicitly passing the correct system and guile to
'gexp->derivation'.

* guix/download.scm (url-fetch/tarbomb): Pass #:system system and
  #:guile-for-build guile to 'gexp->derivation', where guile is the derivation
  of guile for system.
  (url-fetch/zipbomb): Likewise.
---
 guix/download.scm | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/guix/download.scm b/guix/download.scm
index 91a2b4ce5f..c3dc5a208c 100644
--- a/guix/download.scm
+++ b/guix/download.scm
@@ -531,7 +531,8 @@ own.  This helper makes it easier to deal with \"tar bombs\"."
                                       (string-append "tarbomb-"
                                                      (or name file-name))
                                       #:system system
-                                      #:guile guile)))
+                                      #:guile guile))
+                      (guile (package->derivation guile system)))
     ;; Take the tar bomb, and simply unpack it as a directory.
     ;; Use ungrafted tar/gzip so that the resulting tarball doesn't depend on
     ;; whether grafts are enabled.
@@ -544,6 +545,8 @@ own.  This helper makes it easier to deal with \"tar bombs\"."
                             (chdir #$output)
                             (invoke (string-append #$tar "/bin/tar")
                                     "xf" #$drv)))
+                      #:system system
+                      #:guile-for-build guile
                       #:graft? #f
                       #:local-build? #t)))
 
@@ -566,7 +569,8 @@ own.  This helper makes it easier to deal with \"zip bombs\"."
                                       (string-append "zipbomb-"
                                                      (or name file-name))
                                       #:system system
-                                      #:guile guile)))
+                                      #:guile guile))
+                      (guile (package->derivation guile system)))
     ;; Take the zip bomb, and simply unpack it as a directory.
     ;; Use ungrafted unzip so that the resulting tarball doesn't depend on
     ;; whether grafts are enabled.
@@ -578,6 +582,8 @@ own.  This helper makes it easier to deal with \"zip bombs\"."
                             (chdir #$output)
                             (invoke (string-append #$unzip "/bin/unzip")
                                     #$drv)))
+                      #:system system
+                      #:guile-for-build guile
                       #:graft? #f
                       #:local-build? #t)))
 
-- 
2.25.1


--=-=-=--




Acknowledgement sent to Diego Nicola Barbato <dnbarbato@HIDDEN>:
New bug report received and forwarded. Copy sent to guix-patches@HIDDEN. Full text available.
Report forwarded to guix-patches@HIDDEN:
bug#40115; Package guix-patches. Full text available.
Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.
Last modified: Mon, 30 Mar 2020 20:15:02 UTC

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997 nCipher Corporation Ltd, 1994-97 Ian Jackson.