GNU bug report logs - #43160
linux-libre: compare guix-generated sources against upstream releases

Message received at 43160 <at> debbugs.gnu.org:

Received: (at 43160) by debbugs.gnu.org; 15 Sep 2020 10:34:32 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Tue Sep 15 06:34:31 2020
Received: from localhost ([127.0.0.1]:57329 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1kI8IB-0005Mn-Oc
	for submit <at> debbugs.gnu.org; Tue, 15 Sep 2020 06:34:31 -0400
Received: from world.peace.net ([64.112.178.59]:39536)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <mhw@HIDDEN>) id 1kI8I8-0005MY-VD
 for 43160 <at> debbugs.gnu.org; Tue, 15 Sep 2020 06:34:30 -0400
Received: from mhw by world.peace.net with esmtpsa
 (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92)
 (envelope-from <mhw@HIDDEN>)
 id 1kI8I3-0000Py-AE; Tue, 15 Sep 2020 06:34:23 -0400
From: Mark H Weaver <mhw@HIDDEN>
To: Maxim Cournoyer <maxim.cournoyer@HIDDEN>
Subject: Re: [PATCH v3 1/2] gnu: linux-libre: Compare generated sources
 against Linux-libre releases.
In-Reply-To: <87sgbl5j94.fsf@HIDDEN>
References: <87a6y1cg3i.fsf@HIDDEN>
 <20200911144459.27220-1-maxim.cournoyer@HIDDEN>
 <87tuw2exex.fsf@HIDDEN> <87sgbl5j94.fsf@HIDDEN>
Date: Tue, 15 Sep 2020 06:33:07 -0400
Message-ID: <87mu1rba81.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 43160
Cc: 43160 <at> debbugs.gnu.org, leo@HIDDEN
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Hi Maxim,

Maxim Cournoyer <maxim.cournoyer@HIDDEN> writes:

> Mark H Weaver <mhw@HIDDEN> writes:
>
>> I've grown tired of arguing about this.  You have the authority, so do
>> as you will, and I will take my leave from maintenance of the kernel
>> packages.  Thanks for asking my opinion, anyway.
>>
>>       Mark
>
> I was hoping this latest modified patch would meet both our goals
> (strictly verified for the usual case, with an option to switch to
> manual verification of the kernel sources for the exceptional security
> quick releases).
>
> Sorry to have worn you out on this.  I'll leave 2 weeks for the issue to
> settle, hoping you might reconsider.

I appreciate that.  I'll attempt another followup in the next few days.

       Mark

Message received at 43160 <at> debbugs.gnu.org:

Received: (at 43160) by debbugs.gnu.org; 13 Sep 2020 23:49:55 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sun Sep 13 19:49:55 2020
Received: from localhost ([127.0.0.1]:52079 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1kHbkp-0005N3-7W
	for submit <at> debbugs.gnu.org; Sun, 13 Sep 2020 19:49:55 -0400
Received: from mail-qv1-f65.google.com ([209.85.219.65]:35009)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <maxim.cournoyer@HIDDEN>) id 1kHbkk-0005Mm-Ni
 for 43160 <at> debbugs.gnu.org; Sun, 13 Sep 2020 19:49:53 -0400
Received: by mail-qv1-f65.google.com with SMTP id b13so8111904qvl.2
 for <43160 <at> debbugs.gnu.org>; Sun, 13 Sep 2020 16:49:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=from:to:cc:subject:references:date:in-reply-to:message-id
 :user-agent:mime-version;
 bh=0AxUuD+/A3moeZlP9/9gEm/F4/f9tZrZ0KUGeFUH+AA=;
 b=YJYOZyrrkyu3eNxvMQAht4sbJZF0CGFttzDm+bmjIDpGGV65UN5+B4Rwud0/L3hHdQ
 Zps+2pTY4Okp1nBbUcaocM0piiKGkRJIvknynFD3Q7rxbVAZ2x85CEkBKiogS5yxpSDW
 YruMfj1h70h0AMh6X1hpY7Kf8wpEDA4P6z8YfsP1k+uYsKHOgL96ACg40Lu8Fk/N63JX
 E5EyTwbGqN3J3iHHHUhYimCBqyfqityJewgj9vPtCkRIyxcl6+rkgFQQjOn1ImXwWIu0
 O6+N9O3g9IBcwxhmXPHd2Gri4KZ6SUV4B+y8Z/rbOqwNosM/aJZ4o3jNHW8JR75i09w+
 jYeQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:references:date:in-reply-to
 :message-id:user-agent:mime-version;
 bh=0AxUuD+/A3moeZlP9/9gEm/F4/f9tZrZ0KUGeFUH+AA=;
 b=AP8JEHw7HIvH5IPoomLaGfDcQMYAR72SN/F9uzhkB53cutl5eyewuu+374a7/CEpYi
 03EbR53vdBppdEwkxevv2vZvZKAfirRHa2/WLffV0CbWd34vnexpvmvGszwFFnFs3R3M
 /6ZlcTwQ79e5elzO2kKozWfr7caWeTVgoUoVxcEHgY/kZZgik2B7ffDpDoComBxBmA34
 WT0V0VXBDJrpCxL1pyxrRGPRyYer6fMfnqoN8yKMpOsi8PHs58Rty6QbV+RvXbDcp25c
 W2Xf4HQvGcYeG4NaB/YW45qL6T1l2xdzByk+yDF0aJh8buig1/M44+2vvOxwFChlbF9F
 CsMA==
X-Gm-Message-State: AOAM533ARUrrs7xFl3YixBVrH8ZNVXTnmUz8hpGef9ok3cEGl7b5IVcP
 LM4EUXpINrqBBFdS+ngaUbCjO+WijZw=
X-Google-Smtp-Source: ABdhPJxZ4pJxsDRNMck/XU3TWj+YUX5pso8nL4fdO5PRd0eBGJ5Vd6z4V8Etbu/EKwiA8MkpR+xuVQ==
X-Received: by 2002:a0c:80c3:: with SMTP id 61mr10995656qvb.23.1600040984957; 
 Sun, 13 Sep 2020 16:49:44 -0700 (PDT)
Received: from hurd (dsl-205-233-124-4.b2b2c.ca. [205.233.124.4])
 by smtp.gmail.com with ESMTPSA id s15sm12790230qke.134.2020.09.13.16.49.44
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Sun, 13 Sep 2020 16:49:44 -0700 (PDT)
From: Maxim Cournoyer <maxim.cournoyer@HIDDEN>
To: Mark H Weaver <mhw@HIDDEN>
Subject: Re: [PATCH v3 1/2] gnu: linux-libre: Compare generated sources
 against Linux-libre releases.
References: <87a6y1cg3i.fsf@HIDDEN>
 <20200911144459.27220-1-maxim.cournoyer@HIDDEN>
 <87tuw2exex.fsf@HIDDEN>
Date: Sun, 13 Sep 2020 19:50:31 -0400
In-Reply-To: <87tuw2exex.fsf@HIDDEN> (Mark H. Weaver's message of "Sat, 12
 Sep 2020 13:07:07 -0400")
Message-ID: <87sgbl5j94.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 43160
Cc: 43160 <at> debbugs.gnu.org, leo@HIDDEN
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Hello Mark,

Mark H Weaver <mhw@HIDDEN> writes:

> I've grown tired of arguing about this.  You have the authority, so do
> as you will, and I will take my leave from maintenance of the kernel
> packages.  Thanks for asking my opinion, anyway.
>
>       Mark

I was hoping this latest modified patch would meet both our goals
(strictly verified for the usual case, with an option to switch to
manual verification of the kernel sources for the exceptional security
quick releases).

Sorry to have worn you out on this.  I'll leave 2 weeks for the issue to
settle, hoping you might reconsider.

Thanks again,

Maxim

Message received at 43160 <at> debbugs.gnu.org:

Received: (at 43160) by debbugs.gnu.org; 12 Sep 2020 17:08:32 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sat Sep 12 13:08:32 2020
Received: from localhost ([127.0.0.1]:48917 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1kH90q-00082w-G7
	for submit <at> debbugs.gnu.org; Sat, 12 Sep 2020 13:08:32 -0400
Received: from world.peace.net ([64.112.178.59]:55852)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <mhw@HIDDEN>) id 1kH90o-00082i-UX
 for 43160 <at> debbugs.gnu.org; Sat, 12 Sep 2020 13:08:31 -0400
Received: from mhw by world.peace.net with esmtpsa
 (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92)
 (envelope-from <mhw@HIDDEN>)
 id 1kH90i-0003lD-2v; Sat, 12 Sep 2020 13:08:24 -0400
From: Mark H Weaver <mhw@HIDDEN>
To: Maxim Cournoyer <maxim.cournoyer@HIDDEN>, 43160 <at> debbugs.gnu.org
Subject: Re: [PATCH v3 1/2] gnu: linux-libre: Compare generated sources
 against Linux-libre releases.
In-Reply-To: <20200911144459.27220-1-maxim.cournoyer@HIDDEN>
References: <87a6y1cg3i.fsf@HIDDEN>
 <20200911144459.27220-1-maxim.cournoyer@HIDDEN>
Date: Sat, 12 Sep 2020 13:07:07 -0400
Message-ID: <87tuw2exex.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 43160
Cc: Maxim Cournoyer <maxim.cournoyer@HIDDEN>, leo@HIDDEN
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

I've grown tired of arguing about this.  You have the authority, so do
as you will, and I will take my leave from maintenance of the kernel
packages.  Thanks for asking my opinion, anyway.

      Mark

Message received at 43160 <at> debbugs.gnu.org:

Received: (at 43160) by debbugs.gnu.org; 11 Sep 2020 14:45:09 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri Sep 11 10:45:09 2020
Received: from localhost ([127.0.0.1]:45068 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1kGkIW-0004Lx-RZ
	for submit <at> debbugs.gnu.org; Fri, 11 Sep 2020 10:45:09 -0400
Received: from mail-qt1-f196.google.com ([209.85.160.196]:39131)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <maxim.cournoyer@HIDDEN>) id 1kGkIS-0004Db-T4
 for 43160 <at> debbugs.gnu.org; Fri, 11 Sep 2020 10:45:05 -0400
Received: by mail-qt1-f196.google.com with SMTP id h6so8001019qtd.6
 for <43160 <at> debbugs.gnu.org>; Fri, 11 Sep 2020 07:45:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=from:to:cc:subject:date:message-id:in-reply-to:references
 :mime-version:content-transfer-encoding;
 bh=K0tb7Uv3HU/+w0k57kC2dlmkV0ZHqJfM2vaxbLlGeoY=;
 b=pAcPcXFYMggo4h4FLcKt1RIuuzoEg0TXzJUWvrCPj90tKjLuhOEhSY/fZGVxHsM+2Z
 vxiPRGgUqEksgssj9oRXMzqck0ECzbeUkV28ieJ4mdiB70q/Xq5w3TKSpOPibIlrxtU2
 I5M9t+Gext1WXQ8UQS9Yqntd7rfGZqVnhzvxFAumJkWAl1aBr/coP+6j5ocZezEhMZdz
 lUfbOn6UbRhkjW+6omNucSyRR8sT1x9a8lIftHW5vCQDc/DRc3iIjR7rJzXY5+spWMm2
 eWHeh5/O9KCJRxxmgBFT7yVwOb7f5NKVBtvjZOtAcTGq1jRVtSK11ByIqGzIUrgsh1L7
 wzYw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references:mime-version:content-transfer-encoding;
 bh=K0tb7Uv3HU/+w0k57kC2dlmkV0ZHqJfM2vaxbLlGeoY=;
 b=Nl6A4OXNDwxLvCMzSW3Vepsp+GAt1YNo+7pmAK+RcmxNGuxMI8gpz6/771ao7c4JLg
 THrFzCvbsT36t6b2fl34IwWQUVC5QXndixPe1xmHOVYPCp6ZbuGCIgjkmCn7Q0PqiGq7
 ZR2lJRl8owpaIGV0TXhXzGtzVD8xteg4YTWVOD2TJhGJ8FkCLyaqfkZsk21qWmTC2GUJ
 P7qMLxM9HJPUyEavUI4p2SkA6ubf4+XsOJDsFwGnMxUDdbnUKtai9yY61y2qt8F9iEyo
 Sc7Dw3YLVUybC9hyVOJrYvX/DPM/akpG2dF8i4vpShgLe88m7iGRtXVMddclqmUlVMYu
 F9bQ==
X-Gm-Message-State: AOAM532zwj8UuHycVVuV9VkLqjhLzs6YRFKXJebnc1F77rmnnSqW/V6n
 Ip7W5dNhZqPlr7Nxui5VuSrXqMB41GU=
X-Google-Smtp-Source: ABdhPJzwxwpuBw8KPktLR2twmT2uDBOZedEgftbXtRYW5vAhdwaZ3XSoeuoWO9d2WMujjmpRN3Epzw==
X-Received: by 2002:ac8:3855:: with SMTP id r21mr2058959qtb.320.1599835499218; 
 Fri, 11 Sep 2020 07:44:59 -0700 (PDT)
Received: from localhost.localdomain (dsl-10-146-200.b2b2c.ca. [72.10.146.200])
 by smtp.gmail.com with ESMTPSA id v15sm2897277qkg.108.2020.09.11.07.44.58
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Fri, 11 Sep 2020 07:44:58 -0700 (PDT)
From: Maxim Cournoyer <maxim.cournoyer@HIDDEN>
To: 43160 <at> debbugs.gnu.org
Subject: [PATCH v3 2/2] linux-libre: Enable multi-core xz compression during
 tarball generation.
Date: Fri, 11 Sep 2020 10:44:59 -0400
Message-Id: <20200911144459.27220-2-maxim.cournoyer@HIDDEN>
X-Mailer: git-send-email 2.28.0
In-Reply-To: <20200911144459.27220-1-maxim.cournoyer@HIDDEN>
References: <87a6y1cg3i.fsf@HIDDEN>
 <20200911144459.27220-1-maxim.cournoyer@HIDDEN>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 43160
Cc: mhw@HIDDEN, Maxim Cournoyer <maxim.cournoyer@HIDDEN>,
 leo@HIDDEN
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

* gnu/packages/linux.scm (make-linux-libre-source): Add an NCORES binding, and
use it to configure the number of threads xz should use via the XZ_DEFAULTS
environment variable.
---
 gnu/packages/linux.scm | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 1df66330cb..d6441fa181 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -255,7 +255,8 @@ new Linux changes for nonfree code is required when skipping the comparison."
 
                 (setvbuf (current-output-port) 'line)
 
-                (let ((dir (string-append "linux-" #$version)))
+                (let ((dir (string-append "linux-" #$version))
+                      (ncores (number->string (parallel-job-count))))
 
                   (mkdir "/tmp/bin")
                   (set-path-environment-variable
@@ -289,6 +290,9 @@ new Linux changes for nonfree code is required when skipping the comparison."
                       (("/bin/sed") (which "sed"))
                       (("/usr/bin/python") (which "python"))))
 
+                  ;; This enables xz multi-core compression/decompression.
+                  (setenv "XZ_DEFAULTS" (string-append "--threads=" ncores))
+
                   (if (file-is-directory? #+linux-upstream-source)
                       (begin
                         (format #t "Copying upstream Linux source...~%")
-- 
2.28.0

Message received at 43160 <at> debbugs.gnu.org:

Received: (at 43160) by debbugs.gnu.org; 11 Sep 2020 14:45:05 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri Sep 11 10:45:05 2020
Received: from localhost ([127.0.0.1]:45065 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1kGkIS-0004Ha-TZ
	for submit <at> debbugs.gnu.org; Fri, 11 Sep 2020 10:45:05 -0400
Received: from mail-qt1-f193.google.com ([209.85.160.193]:34148)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <maxim.cournoyer@HIDDEN>) id 1kGkIQ-0004DX-Hr
 for 43160 <at> debbugs.gnu.org; Fri, 11 Sep 2020 10:45:03 -0400
Received: by mail-qt1-f193.google.com with SMTP id 19so8034346qtp.1
 for <43160 <at> debbugs.gnu.org>; Fri, 11 Sep 2020 07:45:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=from:to:cc:subject:date:message-id:in-reply-to:references
 :mime-version:content-transfer-encoding;
 bh=dFv9R7onslpYjBcNQ9QcOhmV3nFV6t75I4aV4zliwvE=;
 b=H7S6ApZe09nNDpNc1mqtWwW2osEp3zESRgxqWX8ywVloQmI9jHplIoJOlbGvUheFac
 5EHJG0tHTdNugbkmgn6bNOYleZnA/q3ZoB8N6/7tagjo+CSd3FlW0ECC9b22M9i7YHGU
 urrW0WY7EGQzmA4fQR9P6nImuLcfkObATt/X3o4SrfK2itYKIjmyWnUUqZlqlvCyAg99
 W3wHzPh1m8VE/pIbuUIKPW+aw5Z+vw693CAUPtVn2fmiQWn9SWH57PyYDtLZXlzxpThE
 iW6v9FIjE646u0EIae6BH5rMKbM4PAM9/a0yHRhFdYymeSvSCrkMrmK5BtCBaOSkBmji
 fAfA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references:mime-version:content-transfer-encoding;
 bh=dFv9R7onslpYjBcNQ9QcOhmV3nFV6t75I4aV4zliwvE=;
 b=SlP1IlhStg+QzB8DZIZ3Yv/VU6hIWfZArz/9XG36V5rMpdO3+uITp2IV3dJB1s7kAn
 eAXxBWAqPpQT6stHFAvX4iw4dSigipXJD6UPKfO7vXiOkGw3HpuhgCpygdD1AaHX1kgq
 XP/78/dG5BFeOZZyIhHXU6K3joBhncXbkbRyhaYAc6ZjGDF3sa3v3zBvoAPBs2c6OWB9
 NCRSBsA5n04NySHz0cbtezcAKY6Q4nGfTL6VnbXH6HBmKEvahuHh42vGFZubELYO9/gU
 dQdvZgNBT+7GUE9jVaKB1lNTNigy4MsUpdh6nWz+4thZCFOcjYGgL8lALC98XQdXyd76
 BH6Q==
X-Gm-Message-State: AOAM532jh5nSNh/Bd5i7BDTJFpYRj7xOj/rbtfY4F07L8Qh25/etVoDX
 FD63JMQCEEkdLAiVaF6x0rkKbRw8ZP8=
X-Google-Smtp-Source: ABdhPJyo5hYdrX8wHN1fq9D3RINI2AImK9WlS1zzEKmuGuzzRy9i5i/vD6KdUjRGN+4Dqfzuhjp0bA==
X-Received: by 2002:aed:2964:: with SMTP id s91mr2167161qtd.247.1599835496301; 
 Fri, 11 Sep 2020 07:44:56 -0700 (PDT)
Received: from localhost.localdomain (dsl-10-146-200.b2b2c.ca. [72.10.146.200])
 by smtp.gmail.com with ESMTPSA id v15sm2897277qkg.108.2020.09.11.07.44.55
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Fri, 11 Sep 2020 07:44:55 -0700 (PDT)
From: Maxim Cournoyer <maxim.cournoyer@HIDDEN>
To: 43160 <at> debbugs.gnu.org
Subject: [PATCH v3 1/2] gnu: linux-libre: Compare generated sources against
 Linux-libre releases.
Date: Fri, 11 Sep 2020 10:44:58 -0400
Message-Id: <20200911144459.27220-1-maxim.cournoyer@HIDDEN>
X-Mailer: git-send-email 2.28.0
In-Reply-To: <87a6y1cg3i.fsf@HIDDEN>
References: <87a6y1cg3i.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=yes
Content-Transfer-Encoding: 8bit
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 43160
Cc: mhw@HIDDEN, Maxim Cournoyer <maxim.cournoyer@HIDDEN>,
 leo@HIDDEN
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

* gnu/packages/linux.scm (make-linux-libre-source): Rename the UPSTREAM-SOURCE
parameter to LINUX-UPSTREAM-SOURCE.  Add a new LINUX-LIBRE-UPSTREAM-SOURCE
parameter.  Update doc.  Adjust variable names.  Capitalize "Linux" in the
user messages.  Remove empty directories from the generated sources, then
invoke diff between these sources and those of the corresponding Linux-libre
release, unless LINUX-LIBRE-UPSTREAM-SOURCE is #f.
(%upstream-linux-source): Convert the hash as base32 inside the definition, to
simplify its use.
(%upstream-linux-libre-source): New procedure.
(linux-libre-5.8-pristine-source): Add a LIBRE-HASH binding and use it with
%UPSTREAM-LINUX-LIBRE-SOURCE to provide the Linux-libre release origin to the
make-linux-libre-source procedure call.
(linux-libre-5.4-pristine-source): Likewise.
(linux-libre-4.19-pristine-source): Likewise.
(linux-libre-4.14-pristine-source): Likewise.
(linux-libre-4.9-pristine-source): Likewise.
(linux-libre-4.4-pristine-source): Likewise.
---
 gnu/packages/linux.scm | 79 ++++++++++++++++++++++++++++++++----------
 1 file changed, 61 insertions(+), 18 deletions(-)

diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 72fb3ca49d..1df66330cb 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -221,10 +221,18 @@ from forcing GEXP-PROMISE."
                       #:guile-for-build guile)))
 
 (define (make-linux-libre-source version
-                                 upstream-source
+                                 linux-upstream-source
+                                 linux-libre-upstream-source
                                  deblob-scripts)
   "Return a 'computed' origin that generates a Linux-libre tarball from the
-corresponding UPSTREAM-SOURCE (an origin), using the given DEBLOB-SCRIPTS."
+corresponding LINUX-UPSTREAM-SOURCE (an origin), using the given
+DEBLOB-SCRIPTS.  The generated Linux-libre source is compared against the
+corresponding LINUX-LIBRE-UPSTREAM-SOURCE upstream release (an origin), to
+ensure correctness.  This comparison is skipped when
+LINUX-LIBRE-UPSTREAM-SOURCE is set to #f.  This can be used in exceptional
+cases where for security reasons an update must be pushed before the
+Linux-libre project could publish a cleaned up tree.  Manual screening of the
+new Linux changes for nonfree code is required when skipping the comparison."
   (match deblob-scripts
     ((deblob-version (? origin? deblob) (? origin? deblob-check))
      (unless (string=? deblob-version (version-major+minor version))
@@ -281,14 +289,14 @@ corresponding UPSTREAM-SOURCE (an origin), using the given DEBLOB-SCRIPTS."
                       (("/bin/sed") (which "sed"))
                       (("/usr/bin/python") (which "python"))))
 
-                  (if (file-is-directory? #+upstream-source)
+                  (if (file-is-directory? #+linux-upstream-source)
                       (begin
-                        (format #t "Copying upstream linux source...~%")
-                        (invoke "cp" "--archive" #+upstream-source dir)
+                        (format #t "Copying upstream Linux source...~%")
+                        (invoke "cp" "--archive" #+linux-upstream-source dir)
                         (invoke "chmod" "--recursive" "u+w" dir))
                       (begin
-                        (format #t "Unpacking upstream linux tarball...~%")
-                        (invoke "tar" "xf" #$upstream-source)
+                        (format #t "Unpacking upstream Linux tarball...~%")
+                        (invoke "tar" "xf" #$linux-upstream-source)
                         (match (scandir "."
                                         (lambda (name)
                                           (and (not (member name '("." "..")))
@@ -315,7 +323,22 @@ corresponding UPSTREAM-SOURCE (an origin), using the given DEBLOB-SCRIPTS."
 
                   (format #t "~%Scanning the generated tarball for blobs...~%")
                   (invoke "/tmp/bin/deblob-check" "--use-awk" "--list-blobs"
-                          #$output))))))))))
+                          #$output)
+
+                  (if #+linux-libre-upstream-source
+                      (begin
+
+                        ;; Git doesn't track empty directories, so remove them
+                        ;; from our local tree for the sake of comparison.
+                        (invoke "find" dir "-type" "d" "-empty" "-delete")
+                        (invoke "diff" "-ur"
+                                dir
+                                #+linux-libre-upstream-source))
+                      (begin
+                        (format #t "~%Skipping comparison with the upstream \
+Linux-libre release...  Ensure new sources have been manually verified \
+against nonfree software.~%")
+                        #t)))))))))))
 
 
 ;;;
@@ -344,8 +367,16 @@ corresponding UPSTREAM-SOURCE (an origin), using the given DEBLOB-SCRIPTS."
     (uri (string-append "mirror://kernel.org"
                         "/linux/kernel/v" (version-major version) ".x/"
                         "linux-" version ".tar.xz"))
-    (sha256 hash)))
+    (sha256 (base32 hash))))
 
+(define (%upstream-linux-libre-source version hash)
+  (origin
+    (method git-fetch)
+    (uri (git-reference
+          (url "git://linux-libre.fsfla.org/releases.git")
+          (commit (string-append "sources/v" version "-gnu"))))
+    (file-name (git-file-name "linux-libre-source" version))
+    (sha256 (base32 hash))))
 
 ;; The current "stable" kernel. That is, the most recently released major
 ;; version.
@@ -357,9 +388,11 @@ corresponding UPSTREAM-SOURCE (an origin), using the given DEBLOB-SCRIPTS."
    (base32 "0j6jba5fcddqlb42f95gjl78jisfla4nswqila074gglcrbnl9q7")))
 (define-public linux-libre-5.8-pristine-source
   (let ((version linux-libre-5.8-version)
-        (hash (base32 "0xm901zvvrwsb9k88la6pb65nybi43bygiyz1z68njwsx6ripxik")))
+        (hash "0xm901zvvrwsb9k88la6pb65nybi43bygiyz1z68njwsx6ripxik")
+        (libre-hash "0zjw82xrmlgmjb5w0ar4mhjsn9pf8halwzq6dvv71hmrmskjxbyn"))
    (make-linux-libre-source version
                             (%upstream-linux-source version hash)
+                            (%upstream-linux-libre-source version libre-hash)
                             deblob-scripts-5.8)))
 
 ;; The "longterm" kernels — the older releases with long-term upstream support.
@@ -373,10 +406,12 @@ corresponding UPSTREAM-SOURCE (an origin), using the given DEBLOB-SCRIPTS."
    (base32 "1b3q88i2qfdxyvpi9f7jds0qlb8hfpw87mgia096ax6822c2cmyb")))
 (define-public linux-libre-5.4-pristine-source
   (let ((version linux-libre-5.4-version)
-        (hash (base32 "1vymhl6p7i06gfgpw9iv75bvga5sj5kgv46i1ykqiwv6hj9w5lxr")))
-   (make-linux-libre-source version
-                            (%upstream-linux-source version hash)
-                            deblob-scripts-5.4)))
+        (hash "1vymhl6p7i06gfgpw9iv75bvga5sj5kgv46i1ykqiwv6hj9w5lxr")
+        (libre-hash "150cz1h9cn8klh8dhnbhb9zmxc6pf6x9rj5fa2wv9k7r42lk9kis"))
+    (make-linux-libre-source version
+                             (%upstream-linux-source version hash)
+                             (%upstream-linux-libre-source version libre-hash)
+                             deblob-scripts-5.4)))
 
 (define-public linux-libre-4.19-version "4.19.144")
 (define deblob-scripts-4.19
@@ -386,9 +421,11 @@ corresponding UPSTREAM-SOURCE (an origin), using the given DEBLOB-SCRIPTS."
    (base32 "1jiaw0as1ippkrjdpd52657w5mz9qczg3y2hlra7m9k0xawwiqlf")))
 (define-public linux-libre-4.19-pristine-source
   (let ((version linux-libre-4.19-version)
-        (hash (base32 "0jnj65bdy5y9lcj5zhrn4iaszpww8z41ac66j00l75sd931l1g9k")))
+        (hash "0jnj65bdy5y9lcj5zhrn4iaszpww8z41ac66j00l75sd931l1g9k")
+        (libre-hash "04lijps8qjk3kwsgvkw9plhmy5rxgrp6ld82d96jgjm27s5xd308"))
     (make-linux-libre-source version
                              (%upstream-linux-source version hash)
+                             (%upstream-linux-libre-source version libre-hash)
                              deblob-scripts-4.19)))
 
 (define-public linux-libre-4.14-version "4.14.197")
@@ -399,9 +436,11 @@ corresponding UPSTREAM-SOURCE (an origin), using the given DEBLOB-SCRIPTS."
    (base32 "1qij18inijj6c3ma8hv98yjagnzxdxyn134da9fd23ky8q6hbvky")))
 (define-public linux-libre-4.14-pristine-source
   (let ((version linux-libre-4.14-version)
-        (hash (base32 "029h46yki2hxdbn7afmnf3yar1pnwrpszx76irsa5mf8gnrasyp0")))
+        (hash "029h46yki2hxdbn7afmnf3yar1pnwrpszx76irsa5mf8gnrasyp0")
+        (libre-hash "1hbp1shhhifk3xy8026c466vpfpgll11xx1kawq97llx1pars4hn"))
     (make-linux-libre-source version
                              (%upstream-linux-source version hash)
+                             (%upstream-linux-libre-source version libre-hash)
                              deblob-scripts-4.14)))
 
 (define-public linux-libre-4.9-version "4.9.235")
@@ -412,9 +451,11 @@ corresponding UPSTREAM-SOURCE (an origin), using the given DEBLOB-SCRIPTS."
    (base32 "0fxajshb75siq39lj5h8xvhdj8lcmddkslwlyj65rhlwk6g2r4b2")))
 (define-public linux-libre-4.9-pristine-source
   (let ((version linux-libre-4.9-version)
-        (hash (base32 "1hqcb3zw4546h6x5xy2mywdznha8813lx15mxbgfbvwm4qhsc9g6")))
+        (hash "1hqcb3zw4546h6x5xy2mywdznha8813lx15mxbgfbvwm4qhsc9g6")
+        (libre-hash "0sz73pxdz4kl4fyfvbkm7xzdhzx8x2xajr93mhapc65hssyz3059"))
     (make-linux-libre-source version
                              (%upstream-linux-source version hash)
+                             (%upstream-linux-libre-source version libre-hash)
                              deblob-scripts-4.9)))
 
 (define-public linux-libre-4.4-version "4.4.235")
@@ -425,9 +466,11 @@ corresponding UPSTREAM-SOURCE (an origin), using the given DEBLOB-SCRIPTS."
    (base32 "0hhin1jpfkd6nwrb6xqxjzl3hdxy4pn8a15hy2d3d83yw6pflbsf")))
 (define-public linux-libre-4.4-pristine-source
   (let ((version linux-libre-4.4-version)
-        (hash (base32 "0w5pkv936zb0shjgnpv17gcp5n8f91djznzq54p6j1bl5q2qdyqd")))
+        (hash "0w5pkv936zb0shjgnpv17gcp5n8f91djznzq54p6j1bl5q2qdyqd")
+        (libre-hash "1pydy3cr4malqlr69ksw22nphpydfmpbrfh190ahgym741zdfncg"))
     (make-linux-libre-source version
                              (%upstream-linux-source version hash)
+                             (%upstream-linux-libre-source version libre-hash)
                              deblob-scripts-4.4)))
 
 (define %boot-logo-patch
-- 
2.28.0

Message received at 43160 <at> debbugs.gnu.org:

Received: (at 43160) by debbugs.gnu.org; 11 Sep 2020 01:52:42 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu Sep 10 21:52:42 2020
Received: from localhost ([127.0.0.1]:41802 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1kGYEz-0000lo-J0
	for submit <at> debbugs.gnu.org; Thu, 10 Sep 2020 21:52:42 -0400
Received: from mail-qk1-f195.google.com ([209.85.222.195]:33380)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <maxim.cournoyer@HIDDEN>) id 1kGYEw-0000lY-Fe
 for 43160 <at> debbugs.gnu.org; Thu, 10 Sep 2020 21:52:39 -0400
Received: by mail-qk1-f195.google.com with SMTP id p4so8414628qkf.0
 for <43160 <at> debbugs.gnu.org>; Thu, 10 Sep 2020 18:52:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=from:to:cc:subject:references:date:message-id:mime-version;
 bh=nrITbU0nb/3kKbAX1/WRH+aVXPJo2KXrf4KfmnB8Dyc=;
 b=PKsHCPEoTDvrbpIbReCuMxLLOgfapj5Ho/wskp5vqFglOJv7CIzsaoRsFhsmgh3hLl
 EfjXb86id016xfNjsMwl8xKW8IBXA7I85t6vOnhaNHWlNMauueajrQg8FxlMVwJAzIll
 U0zAN/2KyEx++bQbQbpgG2EUNROjbKE1vqSv+fxOT58ETVp0oobGZjbFv+U5SwfyZgGC
 sXwszaAdA8ocUyR4EFPgKekkCVHxmsiQv2+8KdcELG5/LmS/WCkYN1Gjkk6Q7BrSd0s7
 kxD4UdCJC1/lcSobyv3mYReio+rqRHjEwk8mMyLdA0c8LsNC5cfjBblp1YM1zQS/EVbv
 UYsQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:references:date:message-id
 :mime-version;
 bh=nrITbU0nb/3kKbAX1/WRH+aVXPJo2KXrf4KfmnB8Dyc=;
 b=l0y6cGBQj/Hq3Ae8R3WVO1FjlR5Eh1GL5ecvRHH2PhsiVZ5wBck8Xf8O2hoHKORzJE
 iRzxRAJSMVBs6qCG2X2YlAb4+U8jOizQ68nkjn1lulu9z3SAZUel55uXbdo189+flqcG
 sX2vRFIk8kiWEUqmfWzLSz8+pMURNxP+wOmTwHOY2ZaF7EM01vfajKcchaxCyUZEjroT
 q3ItAYT7MPudj+3JRH8rbmLLvWYG+Scu2Po1hI3sZSeAvNHPBdOog7hW9x+b/PFf9MIk
 Gv7QtyROqZ9DeY4J+epdvNXx4eUGh5DZixhKd7u+MfuZofyHIQoWiAgn/oBF9dSPZeRi
 19pg==
X-Gm-Message-State: AOAM533Lcqp3DYl6sP17fPB3LXYXjKCTSERxi+r3PrAAHZ0wLwvL/zfN
 igceibXt4G/45cXMBPX74aybQQFu/d8=
X-Google-Smtp-Source: ABdhPJxI5wHV0EWWu7nJHD+m4D+8K80WJOZXQm7RTzbAKYdIq7Ehku2Gx+Y/WrO8WmgkelwAM73Xrg==
X-Received: by 2002:a37:4496:: with SMTP id
 r144mr10550416qka.230.1599789152504; 
 Thu, 10 Sep 2020 18:52:32 -0700 (PDT)
Received: from hurd (dsl-205-236-230-174.b2b2c.ca. [205.236.230.174])
 by smtp.gmail.com with ESMTPSA id v90sm747133qtd.66.2020.09.10.18.52.31
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Thu, 10 Sep 2020 18:52:31 -0700 (PDT)
From: Maxim Cournoyer <maxim.cournoyer@HIDDEN>
To: Mark H Weaver <mhw@HIDDEN>
Subject: Re: [bug#43160] Validate the result of our linux-libre sources
 clean up
References: <20200902182922.GA26301@HIDDEN> <87363z28fs.fsf@HIDDEN>
 <20200902221552.GA32317@HIDDEN> <87zh67zqfa.fsf@HIDDEN>
 <87h7sedz0w.fsf_-_@HIDDEN> <874kodsh21.fsf@HIDDEN>
 <87imcpbd8d.fsf@HIDDEN> <87a6y1cg3i.fsf@HIDDEN>
Date: Thu, 10 Sep 2020 21:53:09 -0400
Message-ID: <875z8l84fu.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 43160
Cc: 43160 <at> debbugs.gnu.org, Leo Famulari <leo@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Hello Mark,

Sorry for the delayed reply.

Mark H Weaver <mhw@HIDDEN> writes:

> Hi Maxim,
>
> Thanks again for the patches that you've already pushed.
> They are a great improvement.

Thank you for the kind words.

> Maxim Cournoyer <maxim.cournoyer@HIDDEN> writes:
>
>> Mark H Weaver <mhw@HIDDEN> writes:
>>
>>> I'm opposed to it because it would make it prohibitively difficult to
>>> push micro kernel updates (most of which contain potential security
>>> fixes) before Linux-libre has published their tarball release.
>>
>> Following recent discussions, I had understood that you agreed to wait
>> for the Linux-libre releases before bumping our own releases.
>
> Sorry, but that's incorrect.  I agreed to either wait or to look for new
> blobs myself.  I've already exercised that second option a couple of
> times since making that pledge.  I've found it to be quite easy.  The
> overwhelming majority of commits to the stable branches are bug fixes
> that obviously do not add anything resembling a blob.

Thanks for clarifying the option you chose.

> If you haven't already done so, I'd encourage you to look over the
> upstream commits between two consecutive upstream stable releases, to
> see more concretely what I'm talking about, and how straightforward it
> is to conclude that no new blobs could possibly have been added.

I just did for v5.4.8..v5.4.9 and v5.8.5..v5.8.6.  The human brain is
quite good at spotting patterns, so it wasn't too difficult indeed, but
the bug fix releases had a rather large number of commits (191 and 254,
respectively).  That's a serious commitment to make.

>> It seems the Linux-libre releases occur fast enough to not pose much
>> of a security issue; below is what I did to arrive to this conclusion.
>
> The timestamp data you collected is clearly off by several hours.  It
> appears to show that over two thirds of linux-libre releases come out
> *before* the corresponding linux release.  One third of them appear to
> have come out more than 4 hours before the corresponding linux release.
> That cannot be right.  I guess someone's clock is off by several hours,
> or somehow the timezones are not being taken into account.

The git commands I used are supposed to take the timezones into account
(converting the author dates into my local time), but as you mentioned
something seems off.

> I can tell you that within the last couple of weeks, since my pledge to
> either wait for linux-libre or to check for blobs myself, I very clearly
> remember upstream updates being tagged a few hours after midnight one
> morning, and that it was not until after dark the next evening before
> linux-libre had tagged their releases.  That instance is not reflected
> in the data you collected, which again suggests to me that there's a
> very significant systemic error in that data.
>
> Even with this apparently large bias in the data, it shows that
> linux-libre-5.7.7 was tagged almost 22 hours after the corresponding
> linux release.  Most likely that was actually at least 28 hours.
>
> Please don't misunderstand me: I do not fault the Linux-libre developers
> for not being quick enough.  On the contrary, they've been consistently
> *excellent* in that regard for as long as I've been paying attention.  I
> certainly don't fault them for occasionally spending some time away from
> their computers.
>
> What I _do_ fault them for is *insisting* on placing themselves in the
> middle of what should be a fast path for security updates from the
> upstream developers to us.

I agree that it is sub-optimal, but I don't see how that could be made
differently, with upstream Linux being at odds with our ideals.  We
can't have it both ways.

> To my mind, the practices that the Linux-libre developers are attempting
> to impose on us feel like Service as a Software Substitute (SaaSS), but
> in this case enforced by social pressure (and the suggestion that it
> might violate the GNU FSDG) instead of the usual technical restrictions.
>
> I'll also note that what you're proposing will apparently not be enough
> to satisfy Jason and Alexandre.  They've gone so far as to suggest that
> it's improper for an FSDG-compliant distribution to ever download
> non-FSDG-compliant source code to a user machine.  It seems that to
> satisfy them, Guix developers would apparently need to host our own
> distribution site for cleaned-up copies of source tarballs, and to use
> some separate tools to produce and upload new source tarballs to this
> site for every update of software whose upstream source is not
> FSDG-compliant.

I've reached the same conclusion, after engaging with them in the
#linux-libre channel.  To my understanding, we are not violating the
current GNU FSDG.  The spirit of the FSDG, as I understand it, is
basically "don't thwart users towards nonfree software".  I don't think
downloading a nonfree archive with the objective of turning it into free
software counts as such.  To the contrary, it can be seen as some form
of empowerment of how the process of freeing the software they use work,
enabling them to more directly improve such process.

I'd really like someone explain to me how the process of cleaning
nonfree software into free software can be considered a freedom issue.
So far the people I've asked either support their argument using their
personal interpretation of the FSDG or simply do not produce an answer.

[...]

>>> also make it prohibitively difficult to perform deblobbed bisections
>>> between two adjacent versions from the upstream stable git repository.
>>
>> In my opinion, we should not trade our correctness guarantee in exchange
>> for convenience,
>
> First, I think that it's a mistake to suggest that any "correctness
> guarantee" exists or could exist in Guix, with or without your proposed
> patch.  Massive amounts of new code are flowing into Guix from upstream
> projects on a daily basis, almost none of which is checked for
> FSDG-compliance ahead of time.  It is widely acknowledged, even in the
> FSDG document itself, that the most we can realistically hope to do is
> to pledge to fix FSDG-compliance problems in a timely fashion if they
> are brought to our attention.

I agree about the broader FSDG-compliance correctness guarantee.  I'm
sorry if I was unclear, but what I meant was in the more narrow sense of
correctness w.r.t. the official Linux-libre releases.

> Secondly, I think you're exaggerating the remaining risk.
>
> I acknowledge that before these discussions began, the risk of
> introducing new blobs was as high as 3% per Linux-libre update, which I
> agree was too high.  However, we've made several important changes since
> then.  Most importantly, I pledged to either wait for Linux-libre
> updates or to manually check for new blobs, and you introduced a
> 'deblob-check' pass in 'make-linux-libre-source'.  Leo also made changes
> to eliminate the risk of old deblob scripts being accidentally used.

Those are good improvements, yes.  My fear is that the amount of
complexity upgrading our Linux-libre package is starting to reach
unwieldy levels.  Consider a newcomer wanting to upgrade our Linux-libre
package.  They bump the sources.  Run 'make defconfig'.  Successfully
build a kernel.  Send a patch.  One of us reviews it, it looks OK, gets
merged.  It's easy to see what can silently go wrong.  I'd prefer
leaving the Linux-libre team handle that complexity rather than
duplicate it.

[...]

>>> In my opinion, at minimum, the 'linux-libre-upstream-source' argument to
>>> 'make-linux-libre-source' should optional.
>>
>> Perhaps, like for the change proposed by Leo, the edge case of bisecting
>> per-commit could be accommodated by reverting this patch when needed?
>
> That can be done easily for Leo's patch, but not for yours.
>
> In the case of Leo's patch, if I choose to manually check for new blobs,
> I can simply change one line in a 'deblob-script-X.Y' definition, like
> this:
>
>  (define-public linux-libre-5.8-version "5.8.7")
>  (define deblob-scripts-5.8
>    (linux-libre-deblob-scripts
> -   linux-libre-5.8-version
> +   "5.8.6"
>     (base32 "07z7sglyrfh0706icqqf3shadf638pvyid9386r661ds5lbsa2mw")
>     (base32 "0j6jba5fcddqlb42f95gjl78jisfla4nswqila074gglcrbnl9q7")))
>
> In contrast, your patch changes the 'make-linux-libre-source' procedure
> to *require* an existing 'linux-libre' tarball that precisely matches
> what it's going to produce.  In other words, it removes the ability to
> produce a new tarball, and has been reduced to merely being a verifier
> of pre-existing tarballs.

I think that's a good thing, at least for the usual use case.  But now
that you've mentioned that there *is* an occasional need to push
security updates faster than the Linux-libre official releases can
allow, I've modified the patch to make it optional, as you suggested.
I'd suggest that disabling that check be only allowed for seasoned
linux-libre maintainers such as you or Leo, and only when strictly
necessary (serious security threats affecting the Guix System and no
Linux-libre release yet).  Any other casual "bump" should fully make use
of the verification machinery.

> Reverting those changes would not only be extremely invasive for a
> simple micro kernel update, but would also, as a side effect, entail
> redeblobing and rebuilding *every* version of linux-libre in Guix, even
> if only one or two of the kernels needed updates.

I was only considering reverting this as a local hack in the context of
per-commit bisection.

> I guess from my perspective, I see a lot of disadvantages:
> disempowerment of users, occasional unnecessary delays on the order of
> tens of hours to deploy security updates, not to mention having to do
> another expensive git checkout and comparison on every kernel build, and
> for what?

This ensures we benefit from the experience of the Linux-libre
developers in screening the Linux sources for new nonfree threats.

> The main argument in favor, namely to reduce the risk of blobs being
> accidentally included in our kernel updates, seems to be adequately
> addressed by (1) my pledge to either wait or to check for blobs myself,
> and (2) the recently-added 'deblob-check' invocation in
> 'make-linux-libre-source'.  Do you think these are insufficient?

The trust chain is made simpler if we validate the Linux-libre result
(i.e. we need only trust the Linux-libre project).  As it is used by a
number of distros, we can hope for any mistake they might do to be
quickly flagged.  If we choose instead to generate our own Linux-libre
releases, doing our own "development", then people need to trust you or
Leo, or whoever bumped the linux-libre package for having done due
diligence (screening new commits for nonfree code).  With all due
respect, it seems easier to put our trust in the Linux-libre project for
this task, as this is their purpose and they have greater exposure.

> Thanks again for this discussion, and for the work you've already done
> to improve our deblobbing.

I'm equally thankful to you for your patience in handling all these
discussions, and for sticking around after all these years, keeping the
flow of kernel and icecat updates (amongst other) coming!

Please see the revised patch which I'll git send-email shortly.

Maxim

Message received at 43160 <at> debbugs.gnu.org:

Received: (at 43160) by debbugs.gnu.org; 7 Sep 2020 23:39:43 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Mon Sep 07 19:39:43 2020
Received: from localhost ([127.0.0.1]:51371 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1kFQjf-0005lm-49
	for submit <at> debbugs.gnu.org; Mon, 07 Sep 2020 19:39:43 -0400
Received: from world.peace.net ([64.112.178.59]:39686)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <mhw@HIDDEN>) id 1kFQjd-0005lY-2U
 for 43160 <at> debbugs.gnu.org; Mon, 07 Sep 2020 19:39:42 -0400
Received: from mhw by world.peace.net with esmtpsa
 (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92)
 (envelope-from <mhw@HIDDEN>)
 id 1kFQjV-0004wB-Ru; Mon, 07 Sep 2020 19:39:34 -0400
From: Mark H Weaver <mhw@HIDDEN>
To: Maxim Cournoyer <maxim.cournoyer@HIDDEN>
Subject: Re: [bug#43160] Validate the result of our linux-libre sources
 clean up
In-Reply-To: <87imcpbd8d.fsf@HIDDEN>
References: <20200902182922.GA26301@HIDDEN> <87363z28fs.fsf@HIDDEN>
 <20200902221552.GA32317@HIDDEN> <87zh67zqfa.fsf@HIDDEN>
 <87h7sedz0w.fsf_-_@HIDDEN> <874kodsh21.fsf@HIDDEN>
 <87imcpbd8d.fsf@HIDDEN>
Date: Mon, 07 Sep 2020 19:38:14 -0400
Message-ID: <87a6y1cg3i.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 43160
Cc: 43160 <at> debbugs.gnu.org, Leo Famulari <leo@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Hi Maxim,

Thanks again for the patches that you've already pushed.
They are a great improvement.

Maxim Cournoyer <maxim.cournoyer@HIDDEN> writes:

> Mark H Weaver <mhw@HIDDEN> writes:
>
>> I'm opposed to it because it would make it prohibitively difficult to
>> push micro kernel updates (most of which contain potential security
>> fixes) before Linux-libre has published their tarball release.
>
> Following recent discussions, I had understood that you agreed to wait
> for the Linux-libre releases before bumping our own releases.

Sorry, but that's incorrect.  I agreed to either wait or to look for new
blobs myself.  I've already exercised that second option a couple of
times since making that pledge.  I've found it to be quite easy.  The
overwhelming majority of commits to the stable branches are bug fixes
that obviously do not add anything resembling a blob.

If you haven't already done so, I'd encourage you to look over the
upstream commits between two consecutive upstream stable releases, to
see more concretely what I'm talking about, and how straightforward it
is to conclude that no new blobs could possibly have been added.

> It seems the Linux-libre releases occur fast enough to not pose much
> of a security issue; below is what I did to arrive to this conclusion.

The timestamp data you collected is clearly off by several hours.  It
appears to show that over two thirds of linux-libre releases come out
*before* the corresponding linux release.  One third of them appear to
have come out more than 4 hours before the corresponding linux release.
That cannot be right.  I guess someone's clock is off by several hours,
or somehow the timezones are not being taken into account.

I can tell you that within the last couple of weeks, since my pledge to
either wait for linux-libre or to check for blobs myself, I very clearly
remember upstream updates being tagged a few hours after midnight one
morning, and that it was not until after dark the next evening before
linux-libre had tagged their releases.  That instance is not reflected
in the data you collected, which again suggests to me that there's a
very significant systemic error in that data.

Even with this apparently large bias in the data, it shows that
linux-libre-5.7.7 was tagged almost 22 hours after the corresponding
linux release.  Most likely that was actually at least 28 hours.

Please don't misunderstand me: I do not fault the Linux-libre developers
for not being quick enough.  On the contrary, they've been consistently
*excellent* in that regard for as long as I've been paying attention.  I
certainly don't fault them for occasionally spending some time away from
their computers.

What I _do_ fault them for is *insisting* on placing themselves in the
middle of what should be a fast path for security updates from the
upstream developers to us.

To my mind, the practices that the Linux-libre developers are attempting
to impose on us feel like Service as a Software Substitute (SaaSS), but
in this case enforced by social pressure (and the suggestion that it
might violate the GNU FSDG) instead of the usual technical restrictions.

I'll also note that what you're proposing will apparently not be enough
to satisfy Jason and Alexandre.  They've gone so far as to suggest that
it's improper for an FSDG-compliant distribution to ever download
non-FSDG-compliant source code to a user machine.  It seems that to
satisfy them, Guix developers would apparently need to host our own
distribution site for cleaned-up copies of source tarballs, and to use
some separate tools to produce and upload new source tarballs to this
site for every update of software whose upstream source is not
FSDG-compliant.

I don't know about you, but I find their demands *oppressive*.

>> also make it prohibitively difficult to perform deblobbed bisections
>> between two adjacent versions from the upstream stable git repository.
>
> In my opinion, we should not trade our correctness guarantee in exchange
> for convenience,

First, I think that it's a mistake to suggest that any "correctness
guarantee" exists or could exist in Guix, with or without your proposed
patch.  Massive amounts of new code are flowing into Guix from upstream
projects on a daily basis, almost none of which is checked for
FSDG-compliance ahead of time.  It is widely acknowledged, even in the
FSDG document itself, that the most we can realistically hope to do is
to pledge to fix FSDG-compliance problems in a timely fashion if they
are brought to our attention.

Secondly, I think you're exaggerating the remaining risk.

I acknowledge that before these discussions began, the risk of
introducing new blobs was as high as 3% per Linux-libre update, which I
agree was too high.  However, we've made several important changes since
then.  Most importantly, I pledged to either wait for Linux-libre
updates or to manually check for new blobs, and you introduced a
'deblob-check' pass in 'make-linux-libre-source'.  Leo also made changes
to eliminate the risk of old deblob scripts being accidentally used.

It seems to me that these changes already reduce the risk of
accidentally introducing new blobs in our Linux-libre packages to near
zero, and probably at least an order of magnitude less than the risk of
non-FSDG-compliant code being introduced in, e.g., ungoogled-chromium.

> It'd be oversimplifying to say that the Linux-libre developers just
> run their scripts to produce a release; they also manually screen the
> new upstream changes and update their scripts accordingly.

Agreed, and we now account for that by either (1) waiting for them to
certify a new release or (2) checking manually for blobs ourselves.

> To give due credit to their efforts, we should not simply run their
> scripts with a newer version/commit of Linux and expect arriving at a
> correct result.

I've already agreed not to do that anymore.

It seems to me that some of these arguments are outdated, based on our
practices from before these discussions began.

>> In my opinion, at minimum, the 'linux-libre-upstream-source' argument to
>> 'make-linux-libre-source' should optional.
>
> Perhaps, like for the change proposed by Leo, the edge case of bisecting
> per-commit could be accommodated by reverting this patch when needed?

That can be done easily for Leo's patch, but not for yours.

In the case of Leo's patch, if I choose to manually check for new blobs,
I can simply change one line in a 'deblob-script-X.Y' definition, like
this:

--8<---------------cut here---------------start------------->8---
 (define-public linux-libre-5.8-version "5.8.7")
 (define deblob-scripts-5.8
   (linux-libre-deblob-scripts
-   linux-libre-5.8-version
+   "5.8.6"
    (base32 "07z7sglyrfh0706icqqf3shadf638pvyid9386r661ds5lbsa2mw")
    (base32 "0j6jba5fcddqlb42f95gjl78jisfla4nswqila074gglcrbnl9q7")))
--8<---------------cut here---------------end--------------->8---

In contrast, your patch changes the 'make-linux-libre-source' procedure
to *require* an existing 'linux-libre' tarball that precisely matches
what it's going to produce.  In other words, it removes the ability to
produce a new tarball, and has been reduced to merely being a verifier
of pre-existing tarballs.

Reverting those changes would not only be extremely invasive for a
simple micro kernel update, but would also, as a side effect, entail
redeblobing and rebuilding *every* version of linux-libre in Guix, even
if only one or two of the kernels needed updates.

I guess from my perspective, I see a lot of disadvantages:
disempowerment of users, occasional unnecessary delays on the order of
tens of hours to deploy security updates, not to mention having to do
another expensive git checkout and comparison on every kernel build, and
for what?

The main argument in favor, namely to reduce the risk of blobs being
accidentally included in our kernel updates, seems to be adequately
addressed by (1) my pledge to either wait or to check for blobs myself,
and (2) the recently-added 'deblob-check' invocation in
'make-linux-libre-source'.  Do you think these are insufficient?

Thanks again for this discussion, and for the work you've already done
to improve our deblobbing.

       Regards,
         Mark

Message received at 43160 <at> debbugs.gnu.org:

Received: (at 43160) by debbugs.gnu.org; 7 Sep 2020 19:25:50 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Mon Sep 07 15:25:50 2020
Received: from localhost ([127.0.0.1]:50907 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1kFMly-0005Yg-95
	for submit <at> debbugs.gnu.org; Mon, 07 Sep 2020 15:25:50 -0400
Received: from mail-qt1-f194.google.com ([209.85.160.194]:36482)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <maxim.cournoyer@HIDDEN>) id 1kFMlw-0005YR-Am
 for 43160 <at> debbugs.gnu.org; Mon, 07 Sep 2020 15:25:48 -0400
Received: by mail-qt1-f194.google.com with SMTP id n10so10412656qtv.3
 for <43160 <at> debbugs.gnu.org>; Mon, 07 Sep 2020 12:25:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=from:to:cc:subject:references:date:in-reply-to:message-id
 :user-agent:mime-version;
 bh=zicvDX1sO3XY2L29b0qEzOxywwFSMwCYBDh9COOjsmA=;
 b=gZkUH/+Xd0i50C5ji75vKrfieIEU38GK0uAlA6mPgastMpcDFWQ28ZQ9NpZYwZmktJ
 eFeI9gpu24fgwm8ZPqnbPnLJZ0M/4QrIs9Nu6YAZ6mVMKfrZx0YbeuNQGA1pnWH2pclh
 oPFJp+F6zTzsQKZSDfC1NMbkHiP6EElXrIFpvKjtkLsMajg8AsyTRsI2BSiPf0/f7sOR
 ciJhw2DsBQahJjscuKc+5YgV88PlFMOZUlhJvWZuDMmSGJzP95Pp2wHaAhCc6ODSQpzI
 8DsUO1kmKzkNqJwS0bll3kg2Ul5I83fuL98iYk+0OXvHTJ18NU4ankHIBxkmMVeoEE9j
 at2Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:references:date:in-reply-to
 :message-id:user-agent:mime-version;
 bh=zicvDX1sO3XY2L29b0qEzOxywwFSMwCYBDh9COOjsmA=;
 b=lQQl5MXR33YDm2BW10UlvCRUS43YSN2af/v4zLEzbBSssrtZBAwze5B+kDgA2oX+Cx
 6eom/OOLpkQwLgxalA6GscsqgM0LLmEgCQKnc05o7gxWmEpXrh5K3+QOsCtxFlWVout0
 EsnSVfk26CRDSjlPmWe2PuVRjUju/MRMRW/wqafE/2OeBXB732Qt3wgIu5Nqh3lTh6Jm
 pehDf5GZS1Bqy3J0G9wLo2PMY1C8ioqxG+qJca0RzQIoqpwf7CubGx9zIdqBdRuRYMVN
 ovDvAg5Ay005hToLRLFSvGX3IOcFIfS/yckY9PGwHkNAqfyXO2bW096+lRQAQ47FEFKi
 FXiw==
X-Gm-Message-State: AOAM533iF7VCCvNRdYnObS6AMimDNyYuEGfhLuf6eS/ummQvcG3xIe9q
 vqSsru2uxL9tZ9m9jdOMZiM=
X-Google-Smtp-Source: ABdhPJxWD3qKjSvjbQ/irlMjfRBWsv9uCdcbDlvKYNvTexf5WeoGp8srnmUK4bTmZegQlk7VyTR5DQ==
X-Received: by 2002:ac8:1c82:: with SMTP id f2mr16725959qtl.305.1599506742286; 
 Mon, 07 Sep 2020 12:25:42 -0700 (PDT)
Received: from hurd (dsl-205-233-125-88.b2b2c.ca. [205.233.125.88])
 by smtp.gmail.com with ESMTPSA id e1sm12398876qtb.0.2020.09.07.12.25.41
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Mon, 07 Sep 2020 12:25:41 -0700 (PDT)
From: Maxim Cournoyer <maxim.cournoyer@HIDDEN>
To: Mark H Weaver <mhw@HIDDEN>
Subject: Re: [bug#43160] Validate the result of our linux-libre sources
 clean up
References: <20200902182922.GA26301@HIDDEN> <87363z28fs.fsf@HIDDEN>
 <20200902221552.GA32317@HIDDEN> <87zh67zqfa.fsf@HIDDEN>
 <87h7sedz0w.fsf_-_@HIDDEN> <874kodsh21.fsf@HIDDEN>
Date: Mon, 07 Sep 2020 15:25:54 -0400
In-Reply-To: <874kodsh21.fsf@HIDDEN> (Mark H. Weaver's message of "Fri, 04
 Sep 2020 11:21:47 -0400")
Message-ID: <87imcpbd8d.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 43160
Cc: 43160 <at> debbugs.gnu.org, Leo Famulari <leo@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Hi Mark!

Mark H Weaver <mhw@HIDDEN> writes:

> Hi Maxim,
>
> Maxim Cournoyer <maxim.cournoyer@HIDDEN> writes:
>> I'd like to point you to the following patches, as they touch the
>> generation of the linux-libre sources, in case they hadn't caught your
>> attention: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=43160.
>
> Thanks very much for bringing this to my attention.  I do not subscribe
> to the guix-patches list, so I would not have seen this otherwise.
>
> I'm in favor of the following patches:
>
>   gnu: linux-libre: Use Python 3 in make-linux-libre-source.
>   gnu: make-linux-libre-source: Set output port buffering to line mode.
>   gnu: linux-libre: Validate that the cleaned up tarball is free of blobs.
>
> Thanks for these.  Please push them whenever you feel is appropriate.

Thanks for taking a look!  I've now done so.

> On other other hand, I'm strongly opposed to the following patch:
>
>   gnu: linux-libre: Compare generated sources against Linux-libre releases.
>
> I'm opposed to it because it would make it prohibitively difficult to
> push micro kernel updates (most of which contain potential security
> fixes) before Linux-libre has published their tarball release.

Following recent discussions, I had understood that you agreed to wait
for the Linux-libre releases before bumping our own releases.  It seems
the Linux-libre releases occur fast enough to not pose much of a
security issue; below is what I did to arrive to this conclusion.

For Linux stable, the author dates of the last releases of the version 5
series, omitting release candidates:

--8<---------------cut here---------------start------------->8---
$ git tag | grep -E '5\.[0-9]+\.' | grep -v -- '-rc' \
    | sort -t '.' -k1,1n -k2,2n -k3,3n | tail -n20 \
    | xargs -i{} git log --date='format:%c' --pretty='%ad %d' {} -1
Wed 24 Jun 2020 05:49:26 PM GMT  (tag: v5.7.6)
Tue 30 Jun 2020 04:21:22 PM GMT  (tag: v5.7.7)
Thu 09 Jul 2020 09:39:40 AM GMT  (tag: v5.7.8)
Thu 16 Jul 2020 08:13:36 AM GMT  (tag: v5.7.9)
Wed 22 Jul 2020 09:34:29 AM GMT  (tag: v5.7.10)
Wed 29 Jul 2020 10:20:01 AM GMT  (tag: v5.7.11)
Fri 31 Jul 2020 06:47:17 PM GMT  (tag: v5.7.12)
Wed 05 Aug 2020 09:58:51 AM GMT  (tag: v5.7.13)
Fri 07 Aug 2020 09:33:11 AM GMT  (tag: v5.7.14)
Tue 11 Aug 2020 03:35:42 PM GMT  (tag: v5.7.15)
Wed 19 Aug 2020 08:24:20 AM GMT  (tag: v5.7.16)
Fri 21 Aug 2020 01:07:46 PM GMT  (tag: v5.7.17)
Wed 26 Aug 2020 11:42:25 AM GMT  (tag: v5.7.18)
Thu 27 Aug 2020 09:30:50 AM GMT  (tag: v5.7.19, origin/linux-5.7.y)
Tue 11 Aug 2020 03:48:12 PM GMT  (tag: v5.8.1)
Wed 19 Aug 2020 08:27:10 AM GMT  (tag: v5.8.2)
Fri 21 Aug 2020 01:15:22 PM GMT  (tag: v5.8.3)
Wed 26 Aug 2020 11:49:20 AM GMT  (tag: v5.8.4)
Thu 27 Aug 2020 09:31:49 AM GMT  (tag: v5.8.5)
Thu 03 Sep 2020 11:29:52 AM GMT  (tag: v5.8.6, origin/linux-5.8.y)
--8<---------------cut here---------------end--------------->8---

Similarly, for Linux-libre:

--8<---------------cut here---------------start------------->8---
git tag | grep -E 'sources/v5\.[0-9]+\.' | grep -v -- '-rc' \
    | sort -t '.' -k1,1n -k2,2n -k3,3n | tail -n20 \
    | xargs -i{} git log --date='format:%c' --pretty='%ad %d' {} -1
Wed 24 Jun 2020 02:51:34 PM GMT  (tag: sources/v5.7.6-gnu)
Wed 01 Jul 2020 02:01:47 PM GMT  (tag: sources/v5.7.7-gnu)
Thu 09 Jul 2020 08:59:49 AM GMT  (tag: sources/v5.7.8-gnu)
Thu 16 Jul 2020 11:51:43 AM GMT  (tag: sources/v5.7.9-gnu)
Wed 22 Jul 2020 06:40:22 AM GMT  (tag: sources/v5.7.10-gnu)
Wed 29 Jul 2020 06:33:25 AM GMT  (tag: sources/v5.7.11-gnu)
Fri 31 Jul 2020 02:22:04 PM GMT  (tag: sources/v5.7.12-gnu)
Wed 05 Aug 2020 05:44:37 AM GMT  (tag: sources/v5.7.13-gnu)
Fri 07 Aug 2020 04:46:28 AM GMT  (tag: sources/v5.7.14-gnu)
Tue 11 Aug 2020 02:48:28 PM GMT  (tag: sources/v5.7.15-gnu)
Wed 19 Aug 2020 02:14:46 PM GMT  (tag: sources/v5.7.16-gnu)
Fri 21 Aug 2020 09:37:45 AM GMT  (tag: sources/v5.7.17-gnu)
Wed 26 Aug 2020 07:27:54 AM GMT  (tag: sources/v5.7.18-gnu)
Thu 27 Aug 2020 01:14:21 PM GMT  (tag: sources/v5.7.19-gnu)
Tue 11 Aug 2020 02:47:58 PM GMT  (tag: sources/v5.8.1-gnu)
Wed 19 Aug 2020 02:15:42 PM GMT  (tag: sources/v5.8.2-gnu)
Fri 21 Aug 2020 09:37:45 AM GMT  (tag: sources/v5.8.3-gnu)
Wed 26 Aug 2020 07:27:54 AM GMT  (tag: sources/v5.8.4-gnu)
Thu 27 Aug 2020 01:14:21 PM GMT  (tag: sources/v5.8.5-gnu)
Thu 03 Sep 2020 07:14:30 AM GMT  (tag: sources/v5.8.6-gnu)
--8<---------------cut here---------------end--------------->8---

While the author dates of the commits don't appear to be very precise
(some Linux-libre commits would have occurred before their Linux
counterpart), we can at least see that each Linux release was met with a
Linux-libre on the same day for all except the 5.7.7 release.

Also, if we compare with our own Linux-libre update timings:

--8<---------------cut here---------------start------------->8---
git log --grep 'gnu: linux-libre: Update to 5' --date='format:%c' \
    --pretty='%ad %s' | head -n20 | sort -r -t '.' -k1,1n -k2,2n -k3,3n
Thu 11 Jun 2020 04:15:35 PM GMT gnu: linux-libre: Update to 5.4.46.
Thu 18 Jun 2020 12:39:23 AM GMT gnu: linux-libre: Update to 5.4.47
Mon 22 Jun 2020 09:02:33 PM GMT gnu: linux-libre: Update to 5.4.48.
Wed 24 Jun 2020 09:08:00 PM GMT gnu: linux-libre: Update to 5.4.49.
Wed 01 Jul 2020 01:31:06 PM GMT gnu: linux-libre: Update to 5.4.50.
Thu 09 Jul 2020 04:40:27 PM GMT gnu: linux-libre: Update to 5.4.51.
Thu 16 Jul 2020 03:37:05 PM GMT gnu: linux-libre: Update to 5.4.52.
Thu 23 Jul 2020 12:28:46 AM GMT gnu: linux-libre: Update to 5.4.53.
Wed 29 Jul 2020 05:14:00 PM GMT gnu: linux-libre: Update to 5.4.54.
Sat 01 Aug 2020 12:07:08 AM GMT gnu: linux-libre: Update to 5.4.55.
Wed 05 Aug 2020 03:21:53 PM GMT gnu: linux-libre: Update to 5.4.56.
Sat 01 Aug 2020 12:39:30 PM GMT gnu: linux-libre: Update to 5.7.12.
Fri 07 Aug 2020 09:37:11 PM GMT gnu: linux-libre: Update to 5.7.14.
Tue 11 Aug 2020 05:34:48 PM GMT gnu: linux-libre: Update to 5.7.15.
Wed 19 Aug 2020 07:35:03 PM GMT gnu: linux-libre: Update to 5.7.16.
Thu 20 Aug 2020 04:03:46 PM GMT gnu: linux-libre: Update to 5.8.2.
Fri 21 Aug 2020 09:01:17 PM GMT gnu: linux-libre: Update to 5.8.3.
Wed 26 Aug 2020 04:01:11 PM GMT gnu: linux-libre: Update to 5.8.4.
Thu 27 Aug 2020 04:13:32 PM GMT gnu: linux-libre: Update to 5.8.5.
Thu 03 Sep 2020 01:56:31 PM GMT gnu: linux-libre: Update to 5.8.6.
--8<---------------cut here---------------end--------------->8---

For the subset that we did package, we were always trailing the
Linux-libre releases, so the argument that waiting for their releases
would hamper our security doesn't seem to hold.

> also make it prohibitively difficult to perform deblobbed bisections
> between two adjacent versions from the upstream stable git repository.

In my opinion, we should not trade our correctness guarantee in exchange
for convenience, especially if the convenience is only gained in such a
corner case as per-commit bisection of the Linux kernel.  It'd be
oversimplifying to say that the Linux-libre developers just run their
scripts to produce a release; they also manually screen the new upstream
changes and update their scripts accordingly.  To give due credit to
their efforts, we should not simply run their scripts with a newer
version/commit of Linux and expect arriving at a correct result.

> In my opinion, at minimum, the 'linux-libre-upstream-source' argument to
> 'make-linux-libre-source' should optional.

Perhaps, like for the change proposed by Leo, the edge case of bisecting
per-commit could be accommodated by reverting this patch when needed?
It seems more important that the common case be rigorously verified.

Also note that it should be possible to:

1) Test each packaged release in Guix to "bisect" (duh)
2) Test any Linux stable release via the Linux-libre git repo, building
with a command such as "guix build
--with-git-url=linux-libre=git://linux-libre.fsfla.org/releases.git
--with-commit=linux-libre=sources/v5.8.3-gnu linux-libre". Unfortunately
this can't be done from the command line using 'guix system build ...'
but it should be easy to define your own linux-libre package using the
'make-linux-libre*' procedure (which will gladly accept any linux-libre
source).

For when the per-commit granularity is not required.

In the future, the linux-libre git repo will apply their clean ups per
commit, allowing to do like 2) above for any commit.

> I find it depressing that Jason's and Alexandre's attempts to browbeat
> us to limit ourselves to deblob only the precise tarballs that they
> produce, and to always wait for them to produce them before pushing
> security fixes (although it takes less than 10 minutes to look over the
> upstream commits for new blobs) have gained traction here.

Despite the somewhat corrosive tone of the exchange, some valid points
were made.  I've scavenged these and adapted the recipe.  I think the
end result is a win-win situation for both Linux-libre and Guix.

As shown above, there hasn't been a case where the Linux-libre effort
slowed down the deployment of a new Linux kernel version in Guix.  I
don't foresee this changing.

What do you think? Are there holes in my analysis/understanding?

Thank you,

Maxim

Message received at 43160 <at> debbugs.gnu.org:

Received: (at 43160) by debbugs.gnu.org; 5 Sep 2020 01:51:29 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri Sep 04 21:51:29 2020
Received: from localhost ([127.0.0.1]:41214 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1kENMX-0003y1-26
	for submit <at> debbugs.gnu.org; Fri, 04 Sep 2020 21:51:29 -0400
Received: from mail-qk1-f193.google.com ([209.85.222.193]:33831)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <maxim.cournoyer@HIDDEN>) id 1kENMU-0003xn-Sh
 for 43160 <at> debbugs.gnu.org; Fri, 04 Sep 2020 21:51:27 -0400
Received: by mail-qk1-f193.google.com with SMTP id w186so8312866qkd.1
 for <43160 <at> debbugs.gnu.org>; Fri, 04 Sep 2020 18:51:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=from:to:cc:subject:references:date:in-reply-to:message-id
 :user-agent:mime-version;
 bh=EY8Q5qb3s4EknsXho8IXLN2s4E/yUv5igK7yVsZ+U9k=;
 b=CoqpxSS5QSa7iqJ5LsQchszekAiEXy7KJHxsB4s1W/5YzpvUvAR6LTN8dAqnxv+Xkr
 nI8/VwYh9QC6YElaXWqgDtPmgZbEPHAhP+dha0BaNaFysVMfs7cDJfHSbYxhSj3hENBx
 Jo9QcXBs2WYqhdmSM0/Dfwg5k2u46YdMUaNWSNpEQoxQbJrcILfGD16ykdPhebvXMhpu
 3lKGubLqrWjbTEWLHVx9I6HS/tfztFjr1/KbHJCwF/EJ09tbzajyuqwKxNeGSnZ7ML2y
 cBPV5nl6K6+BRoAVMuE+Rg6LC6wtuA9lqtgw1c9pzHfRxUcA1S2T3JQ+1Z1/iCvt59eE
 Drdg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:references:date:in-reply-to
 :message-id:user-agent:mime-version;
 bh=EY8Q5qb3s4EknsXho8IXLN2s4E/yUv5igK7yVsZ+U9k=;
 b=jmemJst1ah7gpTJPbzPRC/0cmUOdO0yfqmLpUsg1iZgrNWU7CDtwt9kVpcUF2cjfsZ
 v1fWhOV2VrzuWFDtQE6SPltSyg3GdqgV/jRtrX9PVSsHmLEC7wfyIf9S0k9ybB8jZSfT
 M8bBpYqMGxfGMayByrNTTovMoSihh7hPqGEv4j1wC6MGnwM7OLedhUFQa4U4GC+I1UkF
 uYX1aJUgr3jfPBQNMGedeMdRaMuuDNJ8UyW5x7uNHukbO6XtjWaQAEvKouFM/YYXiIM8
 tgb7pXlE//R0vA7jZ0t6KO/GN+79m4PigwdeQVJF1gGpkwvasFZjAQCY1rEzGW/cqLCH
 gpWQ==
X-Gm-Message-State: AOAM531NgsautNhAaMhKFy9mhtvJN/S0nDlyk9bZzDjKuTNj22w8aj6f
 PSITjyYsmwWXjecabun1dEIC9gUTM9w=
X-Google-Smtp-Source: ABdhPJx3TVGLk1gN38t71EA5arj4DZK/rxxXjtlFLtVwx3DqND0Ckp7s9k19CF9m3JDrQcHwTSZSRQ==
X-Received: by 2002:a05:620a:1597:: with SMTP id
 d23mr9212870qkk.347.1599270681084; 
 Fri, 04 Sep 2020 18:51:21 -0700 (PDT)
Received: from hurd ([207.35.95.135])
 by smtp.gmail.com with ESMTPSA id p28sm5991453qta.88.2020.09.04.18.51.20
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Fri, 04 Sep 2020 18:51:20 -0700 (PDT)
From: Maxim Cournoyer <maxim.cournoyer@HIDDEN>
To: Mathieu Othacehe <othacehe@HIDDEN>
Subject: Re: [bug#43160] [PATCH v2 1/4] gnu: linux-libre: Use Python 3 in
 make-linux-libre-source.
References: <20200901203859.4695-1-maxim.cournoyer@HIDDEN>
 <20200902125643.27201-1-maxim.cournoyer@HIDDEN>
 <87o8mne7ct.fsf@HIDDEN> <874koff1o1.fsf@HIDDEN>
 <87tuweqd8x.fsf@HIDDEN>
Date: Fri, 04 Sep 2020 21:51:25 -0400
In-Reply-To: <87tuweqd8x.fsf@HIDDEN> (Mathieu Othacehe's message of "Fri, 04
 Sep 2020 08:15:10 +0200")
Message-ID: <87d031dm8y.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 43160
Cc: 43160 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Hello!

Mathieu Othacehe <othacehe@HIDDEN> writes:

> Hey Maxim,
>
>> I just tested with guix build --system=linux-armhf --check --source, and
>> it seems to be working correctly.  I pushed that single commit to master
>> as f029bca1032c7e032f2920540b0aa1a3733e2cc9.
>
> Great. I just had a look to the rest of the patchset. This seems fine to
> me :).

Thank you! As you and Mark agreed that the first 3 were good to go, I've
now pushed them.  The last one is still in discussion with Mark.

Thanks,

Maxim

Message received at 43160 <at> debbugs.gnu.org:

Received: (at 43160) by debbugs.gnu.org; 4 Sep 2020 15:23:08 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri Sep 04 11:23:08 2020
Received: from localhost ([127.0.0.1]:40375 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1kEDYR-00075R-Oi
	for submit <at> debbugs.gnu.org; Fri, 04 Sep 2020 11:23:08 -0400
Received: from world.peace.net ([64.112.178.59]:55750)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <mhw@HIDDEN>) id 1kEDYP-00074k-Uj
 for 43160 <at> debbugs.gnu.org; Fri, 04 Sep 2020 11:23:06 -0400
Received: from mhw by world.peace.net with esmtpsa
 (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92)
 (envelope-from <mhw@HIDDEN>)
 id 1kEDYJ-0006LY-Lq; Fri, 04 Sep 2020 11:22:59 -0400
From: Mark H Weaver <mhw@HIDDEN>
To: Maxim Cournoyer <maxim.cournoyer@HIDDEN>
Subject: Re: Validate the result of our linux-libre sources clean up
In-Reply-To: <87h7sedz0w.fsf_-_@HIDDEN>
References: <20200902182922.GA26301@HIDDEN> <87363z28fs.fsf@HIDDEN>
 <20200902221552.GA32317@HIDDEN> <87zh67zqfa.fsf@HIDDEN>
 <87h7sedz0w.fsf_-_@HIDDEN>
Date: Fri, 04 Sep 2020 11:21:47 -0400
Message-ID: <874kodsh21.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 43160
Cc: 43160 <at> debbugs.gnu.org, Leo Famulari <leo@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Hi Maxim,

Maxim Cournoyer <maxim.cournoyer@HIDDEN> writes:
> I'd like to point you to the following patches, as they touch the
> generation of the linux-libre sources, in case they hadn't caught your
> attention: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=43160.

Thanks very much for bringing this to my attention.  I do not subscribe
to the guix-patches list, so I would not have seen this otherwise.

I'm in favor of the following patches:

  gnu: linux-libre: Use Python 3 in make-linux-libre-source.
  gnu: make-linux-libre-source: Set output port buffering to line mode.
  gnu: linux-libre: Validate that the cleaned up tarball is free of blobs.

Thanks for these.  Please push them whenever you feel is appropriate.

On other other hand, I'm strongly opposed to the following patch:

  gnu: linux-libre: Compare generated sources against Linux-libre releases.

I'm opposed to it because it would make it prohibitively difficult to
push micro kernel updates (most of which contain potential security
fixes) before Linux-libre has published their tarball release.  It would
also make it prohibitively difficult to perform deblobbed bisections
between two adjacent versions from the upstream stable git repository.

In my opinion, at minimum, the 'linux-libre-upstream-source' argument to
'make-linux-libre-source' should optional.

I find it depressing that Jason's and Alexandre's attempts to browbeat
us to limit ourselves to deblob only the precise tarballs that they
produce, and to always wait for them to produce them before pushing
security fixes (although it takes less than 10 minutes to look over the
upstream commits for new blobs) have gained traction here.

      Thanks,
        Mark

Message received at 43160 <at> debbugs.gnu.org:

Received: (at 43160) by debbugs.gnu.org; 4 Sep 2020 14:46:12 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri Sep 04 10:46:11 2020
Received: from localhost ([127.0.0.1]:40316 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1kECyh-0006BT-NA
	for submit <at> debbugs.gnu.org; Fri, 04 Sep 2020 10:46:11 -0400
Received: from mail-pj1-f65.google.com ([209.85.216.65]:51585)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <mike.rosset@HIDDEN>) id 1kECyf-0006B6-Dh
 for 43160 <at> debbugs.gnu.org; Fri, 04 Sep 2020 10:46:10 -0400
Received: by mail-pj1-f65.google.com with SMTP id a9so100188pjg.1
 for <43160 <at> debbugs.gnu.org>; Fri, 04 Sep 2020 07:46:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=references:user-agent:from:to:cc:subject:in-reply-to:date
 :message-id:mime-version;
 bh=KzlVJqx/zGy8tZHe2C9RA/0wXHfIQP+0Bdd/3ozT4Jc=;
 b=MncA6vGoDgJio9TuVj0Wv+TwhvapO+LCAPyB9nrry8p1zwprzCs4h0rlUUomyg/JJO
 yRlwJ2afsoqZ0R8oe00EhsP7dZpoKddDCYZsXK6BqrjmQq1J5HNndjl+pmXKDdNsRTf/
 Yz5kXkeUX1RosJSC+hcijqN+qKfHOZelCGFjMLsD1owlSIecMEh/SBDjZD7UU5sFxsE1
 XNT269VuZuUg8XUTfrMG+3GIvPucACKcMEPLx3WsgTycuBk4v5wfXr3MqvWzxMcyqTeG
 mkc/lOH3sN7RA4rsftvrnx5o2WLvU1MOlhtUqplJGWzbpRYQnHo1BfhxgiLA52F2MPHl
 1WZQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:references:user-agent:from:to:cc:subject
 :in-reply-to:date:message-id:mime-version;
 bh=KzlVJqx/zGy8tZHe2C9RA/0wXHfIQP+0Bdd/3ozT4Jc=;
 b=Ep7BLuLtEdTPzoKxpw6PzZ+aCGTFFtS/J3+pqdV6DHrE7TCxBxHPiYeDUJJIBh1Odt
 kA3JywZPUlq2x1ZH4viY+A9B/62OxojyX4NGawBhHEz/CEQzxhw2nNWMwP/5ZLU3PqRL
 wrQb3T4u+BheV1A5mScwkhwiLTu3mNf6hctZ1K15bxc017XqfICXBcF/N9JDQJFrzTQf
 33qb+JlyoQgGP+mf3wAhEY7v9ihYAAeESgesNP1vAQ6lwG6nxfROxwbYcPmiCAr252dE
 DDYMlA2PHw6DtNUG9kRBeHnD0CZ2RowEk3XGyjApR7UBN6O+9O5zWQObqDJ5qIGRa4a3
 V8Cw==
X-Gm-Message-State: AOAM531tXi3BXDFJ+Jz3V5qgBg1gkxNfoa66mbOnQl9jVwWDwN42wusB
 7KZrtPKTGxCpa0KF2VxWNh4=
X-Google-Smtp-Source: ABdhPJzVwTjKnnRXg22O4pZ21D9hYDuFii0eVdMy5tk6kpRgGLcpSRnpUnedOuw0/f5WSiD1M506sA==
X-Received: by 2002:a17:90a:d488:: with SMTP id
 s8mr8716932pju.176.1599230763482; 
 Fri, 04 Sep 2020 07:46:03 -0700 (PDT)
Received: from neutron (S010664777da04f43.vf.shawcable.net. [70.68.94.152])
 by smtp.gmail.com with ESMTPSA id k5sm5775994pjq.5.2020.09.04.07.46.02
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Fri, 04 Sep 2020 07:46:02 -0700 (PDT)
References: <20200901203859.4695-1-maxim.cournoyer@HIDDEN>
 <20200902125643.27201-1-maxim.cournoyer@HIDDEN>
 <87o8mne7ct.fsf@HIDDEN> <874koff1o1.fsf@HIDDEN>
 <87tuweqd8x.fsf@HIDDEN>
User-agent: mu4e 1.4.13; emacs 27.1
From: Mike Rosset <mike.rosset@HIDDEN>
To: Mathieu Othacehe <othacehe@HIDDEN>
Subject: Re: [bug#43160] [PATCH v2 1/4] gnu: linux-libre: Use Python 3 in
 make-linux-libre-source.
In-reply-to: <87tuweqd8x.fsf@HIDDEN>
Date: Fri, 04 Sep 2020 07:45:56 -0700
Message-ID: <87zh65iorf.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 43160
Cc: 43160 <at> debbugs.gnu.org, guix-patches@HIDDEN,
 Maxim Cournoyer <maxim.cournoyer@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)


Mathieu Othacehe <othacehe@HIDDEN> writes:

> Great. I just had a look to the rest of the patchset. This seems fine to
> me :).
>
> Thanks,
>
> Mathieu

Hello Mathieu

Thanks for looking at this.  I have split the patch into 3 commits and
 emailed as a new series.

Mike

Message received at submit <at> debbugs.gnu.org:

Received: (at submit) by debbugs.gnu.org; 4 Sep 2020 14:46:12 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri Sep 04 10:46:12 2020
Received: from localhost ([127.0.0.1]:40318 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1kECyh-0006BV-TC
	for submit <at> debbugs.gnu.org; Fri, 04 Sep 2020 10:46:12 -0400
Received: from lists.gnu.org ([209.51.188.17]:56668)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <mike.rosset@HIDDEN>) id 1kECyf-0006BG-Rn
 for submit <at> debbugs.gnu.org; Fri, 04 Sep 2020 10:46:10 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:38466)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mike.rosset@HIDDEN>)
 id 1kECyf-0002YS-JC
 for guix-patches@HIDDEN; Fri, 04 Sep 2020 10:46:09 -0400
Received: from mail-pl1-x644.google.com ([2607:f8b0:4864:20::644]:43346)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <mike.rosset@HIDDEN>)
 id 1kECyd-00061V-P7; Fri, 04 Sep 2020 10:46:09 -0400
Received: by mail-pl1-x644.google.com with SMTP id y6so1247447plk.10;
 Fri, 04 Sep 2020 07:46:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=references:user-agent:from:to:cc:subject:in-reply-to:date
 :message-id:mime-version;
 bh=KzlVJqx/zGy8tZHe2C9RA/0wXHfIQP+0Bdd/3ozT4Jc=;
 b=MncA6vGoDgJio9TuVj0Wv+TwhvapO+LCAPyB9nrry8p1zwprzCs4h0rlUUomyg/JJO
 yRlwJ2afsoqZ0R8oe00EhsP7dZpoKddDCYZsXK6BqrjmQq1J5HNndjl+pmXKDdNsRTf/
 Yz5kXkeUX1RosJSC+hcijqN+qKfHOZelCGFjMLsD1owlSIecMEh/SBDjZD7UU5sFxsE1
 XNT269VuZuUg8XUTfrMG+3GIvPucACKcMEPLx3WsgTycuBk4v5wfXr3MqvWzxMcyqTeG
 mkc/lOH3sN7RA4rsftvrnx5o2WLvU1MOlhtUqplJGWzbpRYQnHo1BfhxgiLA52F2MPHl
 1WZQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:references:user-agent:from:to:cc:subject
 :in-reply-to:date:message-id:mime-version;
 bh=KzlVJqx/zGy8tZHe2C9RA/0wXHfIQP+0Bdd/3ozT4Jc=;
 b=iYGekaNggRD5dPDLRITT9sAzvDJpiXZEgBBVY7urF70mcvsBNp/ODnrEO7AsnMbHuc
 Lsp+8B1Dy+8mVKP49Bex6PbtwrjVRQNcW9FN5KR0v0V0q98V9RzMjNtz4LW/4q0UOSy7
 C0YVt4PJfvG3x2TY6mCDFs95/o7HFsI8ZR/Vpq/ZXKjL7N4mocO6O+ZlUdD5guxY7aK/
 ngNn/Gx1iY4B9UW7bOI/RAn4rnbLYyvnX7nGRgezNNmy4wDi+jbQn4uRizqFcce+GgzY
 EIQzCq5YDL1L7Q2WoPghoAwKqzDPMgbCteO2M5aiheHcHaXoMToJZFqXxvprZxFEVVBN
 YT8A==
X-Gm-Message-State: AOAM533u35tdtdRjpY1VN32qYNl0mj6q7l12fyHM+q5Jm22J2GnRE1nC
 AhcYfK15uyOpvqn65YvxtPUwgwvnbstsCw==
X-Google-Smtp-Source: ABdhPJzVwTjKnnRXg22O4pZ21D9hYDuFii0eVdMy5tk6kpRgGLcpSRnpUnedOuw0/f5WSiD1M506sA==
X-Received: by 2002:a17:90a:d488:: with SMTP id
 s8mr8716932pju.176.1599230763482; 
 Fri, 04 Sep 2020 07:46:03 -0700 (PDT)
Received: from neutron (S010664777da04f43.vf.shawcable.net. [70.68.94.152])
 by smtp.gmail.com with ESMTPSA id k5sm5775994pjq.5.2020.09.04.07.46.02
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Fri, 04 Sep 2020 07:46:02 -0700 (PDT)
References: <20200901203859.4695-1-maxim.cournoyer@HIDDEN>
 <20200902125643.27201-1-maxim.cournoyer@HIDDEN>
 <87o8mne7ct.fsf@HIDDEN> <874koff1o1.fsf@HIDDEN>
 <87tuweqd8x.fsf@HIDDEN>
User-agent: mu4e 1.4.13; emacs 27.1
From: Mike Rosset <mike.rosset@HIDDEN>
To: Mathieu Othacehe <othacehe@HIDDEN>
Subject: Re: [bug#43160] [PATCH v2 1/4] gnu: linux-libre: Use Python 3 in
 make-linux-libre-source.
In-reply-to: <87tuweqd8x.fsf@HIDDEN>
Date: Fri, 04 Sep 2020 07:45:56 -0700
Message-ID: <87zh65iorf.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain
Received-SPF: pass client-ip=2607:f8b0:4864:20::644;
 envelope-from=mike.rosset@HIDDEN; helo=mail-pl1-x644.google.com
X-detected-operating-system: by eggs.gnu.org: No matching host in p0f cache.
 That's all we know.
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,
 RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-Spam-Score: -1.3 (-)
X-Debbugs-Envelope-To: submit
Cc: 43160 <at> debbugs.gnu.org, guix-patches@HIDDEN,
 Maxim Cournoyer <maxim.cournoyer@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -2.3 (--)


Mathieu Othacehe <othacehe@HIDDEN> writes:

> Great. I just had a look to the rest of the patchset. This seems fine to
> me :).
>
> Thanks,
>
> Mathieu

Hello Mathieu

Thanks for looking at this.  I have split the patch into 3 commits and
 emailed as a new series.

Mike

Message received at 43160 <at> debbugs.gnu.org:

Received: (at 43160) by debbugs.gnu.org; 4 Sep 2020 06:15:21 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri Sep 04 02:15:21 2020
Received: from localhost ([127.0.0.1]:37018 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1kE50L-0002UY-2I
	for submit <at> debbugs.gnu.org; Fri, 04 Sep 2020 02:15:21 -0400
Received: from eggs.gnu.org ([209.51.188.92]:40676)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <othacehe@HIDDEN>) id 1kE50J-0002NV-8w
 for 43160 <at> debbugs.gnu.org; Fri, 04 Sep 2020 02:15:19 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:53639)
 by eggs.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <othacehe@HIDDEN>)
 id 1kE50E-0005Se-0m; Fri, 04 Sep 2020 02:15:14 -0400
Received: from [2a01:e0a:19b:d9a0:9d9d:97cc:d92a:8ac0] (port=58210 helo=cervin)
 by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256)
 (Exim 4.82) (envelope-from <othacehe@HIDDEN>)
 id 1kE50D-0005cp-4O; Fri, 04 Sep 2020 02:15:13 -0400
From: Mathieu Othacehe <othacehe@HIDDEN>
To: Maxim Cournoyer <maxim.cournoyer@HIDDEN>
Subject: Re: [bug#43160] [PATCH v2 1/4] gnu: linux-libre: Use Python 3 in
 make-linux-libre-source.
References: <20200901203859.4695-1-maxim.cournoyer@HIDDEN>
 <20200902125643.27201-1-maxim.cournoyer@HIDDEN>
 <87o8mne7ct.fsf@HIDDEN> <874koff1o1.fsf@HIDDEN>
Date: Fri, 04 Sep 2020 08:15:10 +0200
In-Reply-To: <874koff1o1.fsf@HIDDEN> (Maxim Cournoyer's message of "Thu, 03
 Sep 2020 09:08:30 -0400")
Message-ID: <87tuweqd8x.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 43160
Cc: 43160 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)


Hey Maxim,

> I just tested with guix build --system=linux-armhf --check --source, and
> it seems to be working correctly.  I pushed that single commit to master
> as f029bca1032c7e032f2920540b0aa1a3733e2cc9.

Great. I just had a look to the rest of the patchset. This seems fine to
me :).

Thanks,

Mathieu

Message received at 43160 <at> debbugs.gnu.org:

Received: (at 43160) by debbugs.gnu.org; 3 Sep 2020 13:08:38 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu Sep 03 09:08:38 2020
Received: from localhost ([127.0.0.1]:33970 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1kDoyk-0006xF-BZ
	for submit <at> debbugs.gnu.org; Thu, 03 Sep 2020 09:08:38 -0400
Received: from mail-qt1-f193.google.com ([209.85.160.193]:45831)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <maxim.cournoyer@HIDDEN>) id 1kDoyi-0006x3-Lp
 for 43160 <at> debbugs.gnu.org; Thu, 03 Sep 2020 09:08:36 -0400
Received: by mail-qt1-f193.google.com with SMTP id z2so1761000qtv.12
 for <43160 <at> debbugs.gnu.org>; Thu, 03 Sep 2020 06:08:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=from:to:cc:subject:references:date:in-reply-to:message-id
 :user-agent:mime-version;
 bh=BDt12mhkZpS5R7EJFod6OwdbKgaWxnA5ZGcxyTnZmGY=;
 b=biezCqkfpKkCdpP4L4sCLz6WDFxdgUucC6FtIvhBp7Qs01dgaSHbs579awD6qFfo0/
 Hzlg/e6M9T0dVCsrByPqKA3wkuzjjumjb/VuSOKNFmORe8/YWtol7B7COGJFpp3h9AUg
 QIiJweEQ99eK46lA0H9v/vArXBJDm+Y2nj4aprsUAZKu/5ewOqQf1IePWOehEVmC0l2W
 oLqdMS1+JV2w/6ukCyj4ml9KNT3Cb16+T9LnWdfSBAf75apNpuCZ4k58GG4ax0wn9aqj
 VfvbdExBtgS4y2BvXN1usdBcUuqH/PLqCT3ThFIQNulOX0hvFZrVKpf9kV9uovroKsEw
 jwHw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:references:date:in-reply-to
 :message-id:user-agent:mime-version;
 bh=BDt12mhkZpS5R7EJFod6OwdbKgaWxnA5ZGcxyTnZmGY=;
 b=t/pKi6OeASoT8G+tGJsk5Ul8HQJGz6xWXSCI9S1Qd2U0a3tNAOPPuXLIqXxdKfTdeU
 ZoMQ70/l+gFQZmeji/k4XAGT7uFQN4cie7265oiQU/Z4ZrYH/86dkHE5D716wME6IfAB
 e52+ZJ2orQDwLtDDs3RyhK9red55roa3nGwKafgrITNVbGWYitsOzd5Bf/TcrSOSHKKC
 lF2rk6sIGr+jsOk5bfN6msGp2Z+9pnCoWVv/E0sEfxqo8xNK1JchXKg1YJDpMXVhxdjJ
 F3evpcLe4lAWJ1aZ6p9MhJaPrK5caUS4FpkTwSdh0Sj9cPZygwyrTYoMCGPD6cmISLIO
 SS5w==
X-Gm-Message-State: AOAM533tArArd9z2J8blztz7cNKGwofQGewwavYBlBdgV+QCiVOSEx8R
 O+RMcVWiDaliJvgJbZLw+0CNJ74UG1V02g==
X-Google-Smtp-Source: ABdhPJz2TI2zEYJXsdGl5nfqahbUGMxlJTwPMD6kSf+7a694/03bOXjkBMV2dDu2xsqtLVw0Gm2F3w==
X-Received: by 2002:ac8:5b09:: with SMTP id m9mr3433607qtw.12.1599138511082;
 Thu, 03 Sep 2020 06:08:31 -0700 (PDT)
Received: from hurd ([207.35.95.135])
 by smtp.gmail.com with ESMTPSA id w3sm2132360qkc.10.2020.09.03.06.08.29
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Thu, 03 Sep 2020 06:08:30 -0700 (PDT)
From: Maxim Cournoyer <maxim.cournoyer@HIDDEN>
To: Mathieu Othacehe <othacehe@HIDDEN>
Subject: Re: [bug#43160] [PATCH v2 1/4] gnu: linux-libre: Use Python 3 in
 make-linux-libre-source.
References: <20200901203859.4695-1-maxim.cournoyer@HIDDEN>
 <20200902125643.27201-1-maxim.cournoyer@HIDDEN>
 <87o8mne7ct.fsf@HIDDEN>
Date: Thu, 03 Sep 2020 09:08:30 -0400
In-Reply-To: <87o8mne7ct.fsf@HIDDEN> (Mathieu Othacehe's message of "Thu, 03
 Sep 2020 07:50:58 +0200")
Message-ID: <874koff1o1.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 43160
Cc: 43160 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Hello Mathieu,

Mathieu Othacehe <othacehe@HIDDEN> writes:

> Hello Maxim,
>
>> Successfully tested with all of the linux-libre versions we carry in Guix:
>> 4.4.234, 4.9.234, 4.14.195, 4.19.142, 5.4.61 and 5.8.5.
>
> This looks fine. Did you check if cross-compilation is also working
> correctly?

I just tested with guix build --system=linux-armhf --check --source, and
it seems to be working correctly.  I pushed that single commit to master
as f029bca1032c7e032f2920540b0aa1a3733e2cc9.

Thank you,

Maxim

Message received at 43160 <at> debbugs.gnu.org:

Received: (at 43160) by debbugs.gnu.org; 3 Sep 2020 05:51:09 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu Sep 03 01:51:09 2020
Received: from localhost ([127.0.0.1]:33223 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1kDi9M-0003ym-QB
	for submit <at> debbugs.gnu.org; Thu, 03 Sep 2020 01:51:09 -0400
Received: from eggs.gnu.org ([209.51.188.92]:41446)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <othacehe@HIDDEN>) id 1kDi9K-0003yL-T9
 for 43160 <at> debbugs.gnu.org; Thu, 03 Sep 2020 01:51:07 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:60549)
 by eggs.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <othacehe@HIDDEN>)
 id 1kDi9F-0007pm-Ii; Thu, 03 Sep 2020 01:51:01 -0400
Received: from [2a01:e0a:19b:d9a0:9d9d:97cc:d92a:8ac0] (port=36356 helo=cervin)
 by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256)
 (Exim 4.82) (envelope-from <othacehe@HIDDEN>)
 id 1kDi9E-0000C8-I6; Thu, 03 Sep 2020 01:51:01 -0400
From: Mathieu Othacehe <othacehe@HIDDEN>
To: Maxim Cournoyer <maxim.cournoyer@HIDDEN>
Subject: Re: [bug#43160] [PATCH v2 1/4] gnu: linux-libre: Use Python 3 in
 make-linux-libre-source.
References: <20200901203859.4695-1-maxim.cournoyer@HIDDEN>
 <20200902125643.27201-1-maxim.cournoyer@HIDDEN>
Date: Thu, 03 Sep 2020 07:50:58 +0200
In-Reply-To: <20200902125643.27201-1-maxim.cournoyer@HIDDEN> (Maxim
 Cournoyer's message of "Wed, 2 Sep 2020 08:56:40 -0400")
Message-ID: <87o8mne7ct.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 43160
Cc: 43160 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)


Hello Maxim,

> Successfully tested with all of the linux-libre versions we carry in Guix:
> 4.4.234, 4.9.234, 4.14.195, 4.19.142, 5.4.61 and 5.8.5.

This looks fine. Did you check if cross-compilation is also working
correctly?

Thanks,

Mathieu

Message received at 43160 <at> debbugs.gnu.org:

Received: (at 43160) by debbugs.gnu.org; 2 Sep 2020 12:57:36 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Wed Sep 02 08:57:36 2020
Received: from localhost ([127.0.0.1]:58632 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1kDSKW-0005gX-Bl
	for submit <at> debbugs.gnu.org; Wed, 02 Sep 2020 08:57:36 -0400
Received: from mail-qk1-f196.google.com ([209.85.222.196]:45726)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <maxim.cournoyer@HIDDEN>) id 1kDSKU-0005fj-7T
 for 43160 <at> debbugs.gnu.org; Wed, 02 Sep 2020 08:57:34 -0400
Received: by mail-qk1-f196.google.com with SMTP id o5so4159315qke.12
 for <43160 <at> debbugs.gnu.org>; Wed, 02 Sep 2020 05:57:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=from:to:cc:subject:date:message-id:in-reply-to:references
 :mime-version:content-transfer-encoding;
 bh=dgOGVMxgG3sYhr5w+yMcGGVaP1v70ZAUL/3C9ZrYKhI=;
 b=hP8lFua4ojpBwvBi9aI3/CIeh4JuFzyIwA9R3TlnoeZ2K4n2zp2/miFemjBvdHyipD
 uH6D8W7GVp6MGrrUXFvg2WvGLsy/kAWRRy2Q/fZk3XCwInPRvkVjRQ5X878dn13IkckL
 LwCn1p8Jx+sCvXY5sQMqDud8XDeu3uQKGjemYyB0Ri+PyBtKWqSlRxKfeLIiqN/WuNmX
 bCIuCQgjKPGFJ+8TktZzS6suPhoCiYdvOUw8FEJewlGQvPTv+Jrivy34gjjqOhrOgeEV
 Vc62oxXPPAP2sPx+p12P7DpXVWTEt/GXz59RfFwiFn+XSwvQPPdwwr5PrPqpWwhpT5zP
 lcmQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references:mime-version:content-transfer-encoding;
 bh=dgOGVMxgG3sYhr5w+yMcGGVaP1v70ZAUL/3C9ZrYKhI=;
 b=Ir0NlJyIZDPQZwSFOTJaNoT+mXluJYiOSD/fqw02N6LJHn1ZGhcD7lgxDDN/cR2zh1
 4RU0H16Y3EmBjBu2pCHIa7l9bcKEuoaIpP6V0MXe/IYIvretHYdMN1xui3yD6Bb+8wjO
 v/vzRvXIDyoNPwKuwTEnwNKfjPvVcEEBceJy7JsII/CAMWq4LHWb6dBqJqHTN/3JEXY3
 MtCgo3pEt8vC0uZdAAGEFZR/Qq8RDZvPdShVQvxUbTYgXNgq7XwgEGEq10ShfGQlDjsI
 z+6u39BMbtIbbdNFR9EMAwq7TGF5Zt92AeRI3wd1xkze13nIJ/DrQMTR3iXBVxDy7EsV
 PV+g==
X-Gm-Message-State: AOAM532hkDX1Z1zz/J5bEXVulmkF02DFkNL1AIe4pMjR3ivQVTYHOBp2
 S4VCarHKqH8Z2i6uEkx/p0/YWgwOXs8ueg==
X-Google-Smtp-Source: ABdhPJw3sLm6dB1oXje8zU1cyfz8kkwweTgLabUf7AAdnBcgC3YhpyH7kuaSw4tVHgWgsd/NaI2bGA==
X-Received: by 2002:a05:620a:134e:: with SMTP id
 c14mr718763qkl.223.1599051448376; 
 Wed, 02 Sep 2020 05:57:28 -0700 (PDT)
Received: from localhost.localdomain (dsl-10-133-254.b2b2c.ca. [72.10.133.254])
 by smtp.gmail.com with ESMTPSA id x6sm4712553qke.54.2020.09.02.05.57.27
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Wed, 02 Sep 2020 05:57:27 -0700 (PDT)
From: Maxim Cournoyer <maxim.cournoyer@HIDDEN>
To: 43160 <at> debbugs.gnu.org
Subject: [PATCH v2 4/4] gnu: linux-libre: Compare generated sources against
 Linux-libre releases.
Date: Wed,  2 Sep 2020 08:56:43 -0400
Message-Id: <20200902125643.27201-4-maxim.cournoyer@HIDDEN>
X-Mailer: git-send-email 2.27.0
In-Reply-To: <20200902125643.27201-1-maxim.cournoyer@HIDDEN>
References: <20200902125643.27201-1-maxim.cournoyer@HIDDEN>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 43160
Cc: Maxim Cournoyer <maxim.cournoyer@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

* gnu/packages/linux.scm (make-linux-libre-source): Rename the UPSTREAM-SOURCE
parameter to LINUX-UPSTREAM-SOURCE.  Add a new LINUX-LIBRE-UPSTREAM-SOURCE
parameter.  Update doc.  Adjust variable names.  Capitalize "Linux" in the
user messages.  Remove empty directories from the generated sources, then
invoke diff between these sources and those of the corresponding Linux-libre
release.
(%upstream-linux-source): Convert the hash as base32 inside the definition, to
simplify its use.
(%upstream-linux-libre-source): New procedure.
(linux-libre-5.8-pristine-source): Add a LIBRE-HASH binding and use it with
%UPSTREAM-LINUX-LIBRE-SOURCE to provide the Linux-libre release origin to the
make-linux-libre-source procedure call.
(linux-libre-5.4-pristine-source): Likewise.
(linux-libre-4.19-pristine-source): Likewise.
(linux-libre-4.14-pristine-source): Likewise.
(linux-libre-4.9-pristine-source): Likewise.
(linux-libre-4.4-pristine-source): Likewise.
---
 gnu/packages/linux.scm | 63 ++++++++++++++++++++++++++++++++----------
 1 file changed, 48 insertions(+), 15 deletions(-)

diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index e177386312..020eb1670c 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -258,10 +258,14 @@ from forcing GEXP-PROMISE."
                       #:guile-for-build guile)))
 
 (define (make-linux-libre-source version
-                                 upstream-source
+                                 linux-upstream-source
+                                 linux-libre-upstream-source
                                  deblob-scripts)
   "Return a 'computed' origin that generates a Linux-libre tarball from the
-corresponding UPSTREAM-SOURCE (an origin), using the given DEBLOB-SCRIPTS."
+corresponding LINUX-UPSTREAM-SOURCE (an origin), using the given
+DEBLOB-SCRIPTS.  The generated Linux-libre source is compared against the
+corresponding LINUX-LIBRE-UPSTREAM-SOURCE upstream release (an origin), to
+ensure correctness."
   (match deblob-scripts
     ((deblob-version (? origin? deblob) (? origin? deblob-check))
      (unless (string=? deblob-version (version-major+minor version))
@@ -318,14 +322,14 @@ corresponding UPSTREAM-SOURCE (an origin), using the given DEBLOB-SCRIPTS."
                       (("/bin/sed") (which "sed"))
                       (("/usr/bin/python") (which "python"))))
 
-                  (if (file-is-directory? #+upstream-source)
+                  (if (file-is-directory? #+linux-upstream-source)
                       (begin
-                        (format #t "Copying upstream linux source...~%")
-                        (invoke "cp" "--archive" #+upstream-source dir)
+                        (format #t "Copying upstream Linux source...~%")
+                        (invoke "cp" "--archive" #+linux-upstream-source dir)
                         (invoke "chmod" "--recursive" "u+w" dir))
                       (begin
-                        (format #t "Unpacking upstream linux tarball...~%")
-                        (invoke "tar" "xf" #$upstream-source)
+                        (format #t "Unpacking upstream Linux tarball...~%")
+                        (invoke "tar" "xf" #$linux-upstream-source)
                         (match (scandir "."
                                         (lambda (name)
                                           (and (not (member name '("." "..")))
@@ -352,7 +356,16 @@ corresponding UPSTREAM-SOURCE (an origin), using the given DEBLOB-SCRIPTS."
 
                   (format #t "~%Scanning the generated tarball for blobs...~%")
                   (invoke "/tmp/bin/deblob-check" "--use-awk" "--list-blobs"
-                          #$output))))))))))
+                          #$output)
+
+                  (format #t "~%Comparing with the upstream Linux-libre \
+release...~%")
+                  ;; Git doesn't track empty directories, so remove them from
+                  ;; our local tree for the sake of comparison.
+                  (invoke "find" dir "-type" "d" "-empty" "-delete")
+                  (invoke "diff" "-ur"
+                          dir
+                          #+linux-libre-upstream-source))))))))))
 
 
 ;;;
@@ -381,55 +394,75 @@ corresponding UPSTREAM-SOURCE (an origin), using the given DEBLOB-SCRIPTS."
     (uri (string-append "mirror://kernel.org"
                         "/linux/kernel/v" (version-major version) ".x/"
                         "linux-" version ".tar.xz"))
-    (sha256 hash)))
+    (sha256 (base32 hash))))
 
+(define (%upstream-linux-libre-source version hash)
+  (origin
+    (method git-fetch)
+    (uri (git-reference
+          (url "git://linux-libre.fsfla.org/releases.git")
+          (commit (string-append "sources/v" version "-gnu"))))
+    (file-name (git-file-name "linux-libre-source" version))
+    (sha256 (base32 hash))))
 
 (define-public linux-libre-5.8-version "5.8.5")
 (define-public linux-libre-5.8-pristine-source
   (let ((version linux-libre-5.8-version)
-        (hash (base32 "0zwl0nk3x6fxwsbnmpx1drh7v0116yhgamisb1pghd472mmw6klx")))
+        (hash "0zwl0nk3x6fxwsbnmpx1drh7v0116yhgamisb1pghd472mmw6klx")
+        (libre-hash "0blgkbfvl5p6y6fj0xkdnd0dk2qla02pc37gj7dc3ha0asxv4mp8"))
    (make-linux-libre-source version
                             (%upstream-linux-source version hash)
+                            (%upstream-linux-libre-source version libre-hash)
                             deblob-scripts-5.8)))
 
 (define-public linux-libre-5.4-version "5.4.61")
 (define-public linux-libre-5.4-pristine-source
   (let ((version linux-libre-5.4-version)
-        (hash (base32 "197y2yb60m1k8i7mig4pa9wsrklfxq81ba3zfahwb2b31w2kvwc6")))
+        (hash "197y2yb60m1k8i7mig4pa9wsrklfxq81ba3zfahwb2b31w2kvwc6")
+        (libre-hash "1ycbalnlmgbaq3yh7yc7l8gw7c8d2x4jbwildf04zgfq9g0lv78m"))
    (make-linux-libre-source version
                             (%upstream-linux-source version hash)
+                            (%upstream-linux-libre-source version libre-hash)
                             deblob-scripts-5.4)))
 
 (define-public linux-libre-4.19-version "4.19.142")
 (define-public linux-libre-4.19-pristine-source
   (let ((version linux-libre-4.19-version)
-        (hash (base32 "19372sri4962dqf5rbr211lrfpckmj11kxsginfcwwid4hfdn4k9")))
+        (hash "19372sri4962dqf5rbr211lrfpckmj11kxsginfcwwid4hfdn4k9")
+        (libre-hash "1281d0rx17yiy9723ig381jq3bww59xqggisbxhdrxvfbxv0vvp4"))
     (make-linux-libre-source version
                              (%upstream-linux-source version hash)
+                             (%upstream-linux-libre-source version libre-hash)
                              deblob-scripts-4.19)))
 
 (define-public linux-libre-4.14-version "4.14.195")
 (define-public linux-libre-4.14-pristine-source
   (let ((version linux-libre-4.14-version)
-        (hash (base32 "08d08la3h48fbdlr3h8zbvdghydx3x9cwb4yrnm0n93hhrwjhkrr")))
+        (hash "08d08la3h48fbdlr3h8zbvdghydx3x9cwb4yrnm0n93hhrwjhkrr")
+        (libre-hash "0vgfw8jv3mnn6d9pvccqvx4v143ck02inivnhmxylq0nqfxb7nj4"))
     (make-linux-libre-source version
                              (%upstream-linux-source version hash)
+                             (%upstream-linux-libre-source version libre-hash)
                              deblob-scripts-4.14)))
 
 (define-public linux-libre-4.9-version "4.9.234")
 (define-public linux-libre-4.9-pristine-source
   (let ((version linux-libre-4.9-version)
-        (hash (base32 "1qw26x2qc29yr094c7scw68m9yz4j0b2c4f92rvi3s31s928avvm")))
+        (hash "1qw26x2qc29yr094c7scw68m9yz4j0b2c4f92rvi3s31s928avvm")
+        (libre-hash "1p7dpsqad9vra22r00ha6vg2fap4jjplfkcaskz9fvih6m4m7wgp"))
     (make-linux-libre-source version
                              (%upstream-linux-source version hash)
+                             (%upstream-linux-libre-source version libre-hash)
                              deblob-scripts-4.9)))
 
 (define-public linux-libre-4.4-version "4.4.234")
 (define-public linux-libre-4.4-pristine-source
   (let ((version linux-libre-4.4-version)
-        (hash (base32 "123354h05fip161rzlxc8h0cn5lh0d1gz06gc5b7zyz9i2lxv539")))
+        (hash "123354h05fip161rzlxc8h0cn5lh0d1gz06gc5b7zyz9i2lxv539")
+        (libre-hash "07adliis6kln7531jwwl0h2v9wkzn2j3jn2zjlyashxd9p85kywm"))
     (make-linux-libre-source version
                              (%upstream-linux-source version hash)
+                             (%upstream-linux-libre-source version libre-hash)
                              deblob-scripts-4.4)))
 
 (define %boot-logo-patch
-- 
2.27.0

Message received at 43160 <at> debbugs.gnu.org:

Received: (at 43160) by debbugs.gnu.org; 2 Sep 2020 12:57:35 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Wed Sep 02 08:57:35 2020
Received: from localhost ([127.0.0.1]:58630 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1kDSKU-0005gG-W0
	for submit <at> debbugs.gnu.org; Wed, 02 Sep 2020 08:57:35 -0400
Received: from mail-qk1-f196.google.com ([209.85.222.196]:32805)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <maxim.cournoyer@HIDDEN>) id 1kDSKT-0005fh-9l
 for 43160 <at> debbugs.gnu.org; Wed, 02 Sep 2020 08:57:34 -0400
Received: by mail-qk1-f196.google.com with SMTP id p4so4189582qkf.0
 for <43160 <at> debbugs.gnu.org>; Wed, 02 Sep 2020 05:57:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=from:to:cc:subject:date:message-id:in-reply-to:references
 :mime-version:content-transfer-encoding;
 bh=iqcYTgmCDczmSBP6e7yXP0c4RIybBrQzuVkQdoBZUOw=;
 b=V00Uo4iB0z2wZtvJw452Nynm0om/aWfXlmgYBBO5+0gLNgUo9eIfibM4ZEUo/0RsuP
 txQglYSi53uQkeC0iI5uJCBJV/Td5VTZ9ruGgrjgyIjGt+TNl/q/Pcw/KPGfZ/tUlK3C
 eq3YYFUCjfAjbLeKXdE4STZgFS27K1T6ZLccplOKj6O4Y2mKyNS0OoZC3r13068xctsX
 ZPSaYg7R96ftWqSb3UOMdABqQf1fhMfATyP9CpdstBtwqxGSgLNYuvj3n5unbx5g1fhM
 IEg92LRlNk9aTOmLZvbC9eFb6FHXfUTGR+bx18LX5RKxcyfHpklFFed4Yabu0FkJXpeI
 OcOg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references:mime-version:content-transfer-encoding;
 bh=iqcYTgmCDczmSBP6e7yXP0c4RIybBrQzuVkQdoBZUOw=;
 b=PcxAe3qPWh/B57ECapJa1KC8oaJqcRA44mPZsEOJT4dqvuWNn5ha5ra6lTVw2gWgMj
 xuOee1UsJVlYZHRZkPQnVQvU6cp3u1tJbF4FTNYLNHN/vx30QA4G4PceISUSh4bePiSc
 2v7VlArex4wRWRcOokVyOGfcEUyXm7y+6AHb3lGfQLrpTQaPLxRwzWv5r36cbOzXBaPU
 5EDcQPTGAExDidh1HLKbpxaGcV1Z3w2nd6/7heeg7GJzOGgHjd4mjf7cGCz1AvYc+LTf
 /4buo60ejnVA5lOog+eZIMOyC+tJ9FC7YC7edEATxre6sJlSS66pI96yC8WnRLTOFHAj
 ygCA==
X-Gm-Message-State: AOAM531XFhEEX1wD/+nLBGey7lQulaFRvBh+MP9zwYv/v944wz2tNvXh
 0c+6NIOYytGHAdVd/2r67hzhFoIlAGMWGg==
X-Google-Smtp-Source: ABdhPJyz948oGb66aP+kzIEZ8cYGuwrPvOfh05zwxnkvYTXrkG+8wqU+UTXRndVozuQoT3tLTU3X+Q==
X-Received: by 2002:a37:814:: with SMTP id 20mr847853qki.142.1599051447592;
 Wed, 02 Sep 2020 05:57:27 -0700 (PDT)
Received: from localhost.localdomain (dsl-10-133-254.b2b2c.ca. [72.10.133.254])
 by smtp.gmail.com with ESMTPSA id x6sm4712553qke.54.2020.09.02.05.57.26
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Wed, 02 Sep 2020 05:57:26 -0700 (PDT)
From: Maxim Cournoyer <maxim.cournoyer@HIDDEN>
To: 43160 <at> debbugs.gnu.org
Subject: [PATCH v2 3/4] gnu: linux-libre: Validate that the cleaned up tarball
 is free of blobs.
Date: Wed,  2 Sep 2020 08:56:42 -0400
Message-Id: <20200902125643.27201-3-maxim.cournoyer@HIDDEN>
X-Mailer: git-send-email 2.27.0
In-Reply-To: <20200902125643.27201-1-maxim.cournoyer@HIDDEN>
References: <20200902125643.27201-1-maxim.cournoyer@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=yes
Content-Transfer-Encoding: 8bit
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 43160
Cc: Maxim Cournoyer <maxim.cournoyer@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

* gnu/packages/linux.scm (make-linux-libre-source): Call the deblob-check
script on the generated tarball archive with the --use-awk and --list-blobs
options.
---
 gnu/packages/linux.scm | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 1b923f0c0a..e177386312 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -48,6 +48,7 @@
 ;;; Copyright © 2020 John Soo <jsoo1@HIDDEN>
 ;;; Copyright © 2020 Michael Rohleder <mike@HIDDEN>
 ;;; Copyright © 2020 Anders Thuné <asse.97@HIDDEN>
+;;; Copyright © 2020 Maxim Cournoyer <maxim.cournoyer@HIDDEN>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -90,6 +91,7 @@
   #:use-module (gnu packages flex)
   #:use-module (gnu packages file)
   #:use-module (gnu packages freedesktop)
+  #:use-module (gnu packages gawk)
   #:use-module (gnu packages gcc)
   #:use-module (gnu packages gettext)
   #:use-module (gnu packages glib)
@@ -299,6 +301,7 @@ corresponding UPSTREAM-SOURCE (an origin), using the given DEBLOB-SCRIPTS."
                          #+(canonical-package bzip2)
                          #+(canonical-package gzip)
                          #+(canonical-package tar)
+                         #+(canonical-package gawk)
                          #+python-wrapper))
 
                   (with-directory-excursion "/tmp/bin"
@@ -345,7 +348,11 @@ corresponding UPSTREAM-SOURCE (an origin), using the given DEBLOB-SCRIPTS."
                           "--group=root:0"
                           "--sort=name"
                           "--hard-dereference"
-                          dir))))))))))
+                          dir)
+
+                  (format #t "~%Scanning the generated tarball for blobs...~%")
+                  (invoke "/tmp/bin/deblob-check" "--use-awk" "--list-blobs"
+                          #$output))))))))))
 
 
 ;;;
-- 
2.27.0

Message received at 43160 <at> debbugs.gnu.org:

Received: (at 43160) by debbugs.gnu.org; 2 Sep 2020 12:57:35 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Wed Sep 02 08:57:35 2020
Received: from localhost ([127.0.0.1]:58628 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1kDSKU-0005g7-Id
	for submit <at> debbugs.gnu.org; Wed, 02 Sep 2020 08:57:34 -0400
Received: from mail-qk1-f195.google.com ([209.85.222.195]:32803)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <maxim.cournoyer@HIDDEN>) id 1kDSKS-0005ff-Dd
 for 43160 <at> debbugs.gnu.org; Wed, 02 Sep 2020 08:57:33 -0400
Received: by mail-qk1-f195.google.com with SMTP id p4so4189535qkf.0
 for <43160 <at> debbugs.gnu.org>; Wed, 02 Sep 2020 05:57:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=from:to:cc:subject:date:message-id:in-reply-to:references
 :mime-version:content-transfer-encoding;
 bh=ewHS0xlJAVa09tfUmlNl6YSVI0wEpLUI0mQUZvNxeWU=;
 b=Ng015Gdlz0s7negaMIFxJVyW9RAWAGH8Gm4GKp0DTqbcr/xnabv+3j7k2NGdqByZrb
 cdFLle95H3EIiH25iRhVaNowzEkS/hxJxam6UlgtXtVGiewEQyo785AUP8ysbmeM5bQN
 /aKxQkHZx6uwkzO3e1C0V18fAATAF6zeB7x4JGf9+lf/SSTodZpEAPIlPZ9+srK0Jw5v
 RBozXRWGkOd0QQ9swTjaa1+/Yi8mOeepYccWaFcMQtP19C69Pa419iJw0wS+TEZXMWVn
 HP26r0EbfO3wXtIbIMBRzQXOm5hjY+ctzE5/gbsD+OUOlVVvJTxnKvRKLSxIEIPD4wBd
 5cRA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references:mime-version:content-transfer-encoding;
 bh=ewHS0xlJAVa09tfUmlNl6YSVI0wEpLUI0mQUZvNxeWU=;
 b=kr5Q3CVzGKDvAR36hbqmB1sziJuen/ztYsS/QhX7ukPX9hVasjyvNlZXtX01NTsJWs
 rfc28nsR9yO5HBRqvdx8P9y09ROwh/ESPY3C0+fmN5F4UxoPAug7bDWmqwxRMz8qwaZD
 hMqHBQEkL/9ERVNqf6g5cdLJgbXhOeVQ6HD/cvlU5XphREhMDuMvrMtOw2wdvaY31fFM
 uVKt7zITJBQXlj2BAXjpctYdJ6QG1TRrRjIh+zKP4SXYtiaFMPy9yBdYnt0PV+XHBOm+
 0KLWWSQHorMtquLlHj4hocOClZLW7jocIEHuAHqLGakuCDCVs/VOgZLQrfesbi5TCIVB
 5UUg==
X-Gm-Message-State: AOAM531VxtKRd/h0fvCqRC1D7sY5ZlMQpIgL9Sr3XRG5SGD3p+BQGgJY
 dU6DEZgqpDpiSJVMN+d47yp3ct7o6kwVRA==
X-Google-Smtp-Source: ABdhPJxx9DEeFPdhw/GPJ3XMU6lEqoFmyvgIDqGOUkSxK0Fb/FNPpJpOXfADx9J2H203aL2fEeUxtg==
X-Received: by 2002:a37:6481:: with SMTP id y123mr6801232qkb.464.1599051446696; 
 Wed, 02 Sep 2020 05:57:26 -0700 (PDT)
Received: from localhost.localdomain (dsl-10-133-254.b2b2c.ca. [72.10.133.254])
 by smtp.gmail.com with ESMTPSA id x6sm4712553qke.54.2020.09.02.05.57.25
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Wed, 02 Sep 2020 05:57:26 -0700 (PDT)
From: Maxim Cournoyer <maxim.cournoyer@HIDDEN>
To: 43160 <at> debbugs.gnu.org
Subject: [PATCH v2 2/4] gnu: make-linux-libre-source: Set output port
 buffering to line mode.
Date: Wed,  2 Sep 2020 08:56:41 -0400
Message-Id: <20200902125643.27201-2-maxim.cournoyer@HIDDEN>
X-Mailer: git-send-email 2.27.0
In-Reply-To: <20200902125643.27201-1-maxim.cournoyer@HIDDEN>
References: <20200902125643.27201-1-maxim.cournoyer@HIDDEN>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 43160
Cc: Maxim Cournoyer <maxim.cournoyer@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

* gnu/packages/linux.scm (make-linux-libre-source): Set output port buffering
to line mode via setvbuf.  Remove the ad-hoc calls to force-output.
---
 gnu/packages/linux.scm | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 8edbe4e7e4..1b923f0c0a 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -279,6 +279,9 @@ corresponding UPSTREAM-SOURCE (an origin), using the given DEBLOB-SCRIPTS."
                              (srfi srfi-1)
                              (ice-9 match)
                              (ice-9 ftw))
+
+                (setvbuf (current-output-port) 'line)
+
                 (let ((dir (string-append "linux-" #$version)))
 
                   (mkdir "/tmp/bin")
@@ -315,12 +318,10 @@ corresponding UPSTREAM-SOURCE (an origin), using the given DEBLOB-SCRIPTS."
                   (if (file-is-directory? #+upstream-source)
                       (begin
                         (format #t "Copying upstream linux source...~%")
-                        (force-output)
                         (invoke "cp" "--archive" #+upstream-source dir)
                         (invoke "chmod" "--recursive" "u+w" dir))
                       (begin
                         (format #t "Unpacking upstream linux tarball...~%")
-                        (force-output)
                         (invoke "tar" "xf" #$upstream-source)
                         (match (scandir "."
                                         (lambda (name)
@@ -334,11 +335,9 @@ corresponding UPSTREAM-SOURCE (an origin), using the given DEBLOB-SCRIPTS."
 
                   (with-directory-excursion dir
                     (format #t "Running deblob script...~%")
-                    (force-output)
                     (invoke "/tmp/bin/deblob"))
 
                   (format #t "~%Packing new Linux-libre tarball...~%")
-                  (force-output)
                   (invoke "tar" "cvfa" #$output
                           ;; Avoid non-determinism in the archive.
                           "--mtime=@0"
-- 
2.27.0

Message received at 43160 <at> debbugs.gnu.org:

Received: (at 43160) by debbugs.gnu.org; 2 Sep 2020 12:57:34 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Wed Sep 02 08:57:34 2020
Received: from localhost ([127.0.0.1]:58625 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1kDSKU-0005fz-7r
	for submit <at> debbugs.gnu.org; Wed, 02 Sep 2020 08:57:34 -0400
Received: from mail-qk1-f176.google.com ([209.85.222.176]:33237)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <maxim.cournoyer@HIDDEN>) id 1kDSKR-0005fd-Mu
 for 43160 <at> debbugs.gnu.org; Wed, 02 Sep 2020 08:57:32 -0400
Received: by mail-qk1-f176.google.com with SMTP id p4so4189496qkf.0
 for <43160 <at> debbugs.gnu.org>; Wed, 02 Sep 2020 05:57:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=from:to:cc:subject:date:message-id:mime-version
 :content-transfer-encoding;
 bh=XAPyFqDOD7yG2j14fM/LDQHFcpQfsvT52QyQy3AteNY=;
 b=JKJXoY/OUoaffUj2h/S+WI9BaQPGFLJ+JUYg4gmqZuCO36G5zMsF73lnTe5r7vFdIr
 jhjtRswxb0qSrjwSQnGrJMHSKB2raVx92Kpg+o6Fo+GpbRa/X2yiKc8LSKyrxX354D8r
 ctvVZ5zq7VOtPUytHsDFE4NVNoi2zI/DalS2Zdwl+uK2PvuHPViGkFtOnTtWCwDqQIw9
 uT8DzSGNXDdPN1XSdVcb9zHQlUok/J/VjgraWcQLburJJ8vPaB3af6v36F9C7FVrHkQw
 +xaE25V5zmuTeyMbc8nGJNCFykrKf9SlBasHZo5CG6Bx0ObfNXXBfC61ybqYAPusKL/T
 BZ3Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version
 :content-transfer-encoding;
 bh=XAPyFqDOD7yG2j14fM/LDQHFcpQfsvT52QyQy3AteNY=;
 b=uBibHvirYE08GKOHaJ4VYcup/Mvsxg3sGZhu4YnulMcHnSPNm+t7VKWppLYKb7kIb4
 qSFYBnC1lWiDdz2TbIlEnO2AY2V4n9At7krl3vmqdCExJQJcbagGQo62Y2veqBxSobZR
 JYZW6bYc6/z87GBZR3RR+vRJOPJhLccO1e3BpB8h6+OSnAVDq7WewFac+Ny9bKb++JiO
 6zSus73wLrfR4S0CZjT60Aa0DLCotzZCxMMlpow6YjYuMHtSf+O080n3yPSkaZ7orFH2
 KNg53CIGUXNDN8EaKN0MnAyApthucBcC4M5Nf97eDTIN/QaL6ESmU17Qwcp2ITVuj8XS
 tTTA==
X-Gm-Message-State: AOAM533LJf9sDqm1CTqDua8bGQnHc9d3Nhbwz9QxVDDbVO4s/LBrcniU
 2zsY/BOvurz3PLZNX6F/5bekTwiFnWhfaQ==
X-Google-Smtp-Source: ABdhPJx5TloxkTBOdQX5zVgVUvAbzp6/CBYSTUNWJuaO+woASqn9Wjnzlj3gdjmG9SXlfOCS0IYhgg==
X-Received: by 2002:a05:620a:141a:: with SMTP id
 d26mr6652059qkj.217.1599051445849; 
 Wed, 02 Sep 2020 05:57:25 -0700 (PDT)
Received: from localhost.localdomain (dsl-10-133-254.b2b2c.ca. [72.10.133.254])
 by smtp.gmail.com with ESMTPSA id x6sm4712553qke.54.2020.09.02.05.57.24
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Wed, 02 Sep 2020 05:57:24 -0700 (PDT)
From: Maxim Cournoyer <maxim.cournoyer@HIDDEN>
To: 43160 <at> debbugs.gnu.org
Subject: [PATCH v2 1/4] gnu: linux-libre: Use Python 3 in
 make-linux-libre-source.
Date: Wed,  2 Sep 2020 08:56:40 -0400
Message-Id: <20200902125643.27201-1-maxim.cournoyer@HIDDEN>
X-Mailer: git-send-email 2.27.0
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 43160
Cc: Maxim Cournoyer <maxim.cournoyer@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Successfully tested with all of the linux-libre versions we carry in Guix:
4.4.234, 4.9.234, 4.14.195, 4.19.142, 5.4.61 and 5.8.5.

* gnu/packages/linux.scm (make-linux-libre-source): Replace python-2 by
python-wrapper.  Do not set the PYTHON environment variable, which is not
required when using python-wrapper.
---
 gnu/packages/linux.scm | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index d3b3f4de9c..8edbe4e7e4 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -296,11 +296,7 @@ corresponding UPSTREAM-SOURCE (an origin), using the given DEBLOB-SCRIPTS."
                          #+(canonical-package bzip2)
                          #+(canonical-package gzip)
                          #+(canonical-package tar)
-                         ;; The comments in the 'deblob-check' script
-                         ;; claim that it supports Python 2 and 3, but
-                         ;; in fact it fails when run in Python 3 as
-                         ;; of version 5.1.3.
-                         #+python-2))
+                         #+python-wrapper))
 
                   (with-directory-excursion "/tmp/bin"
 
@@ -337,7 +333,6 @@ corresponding UPSTREAM-SOURCE (an origin), using the given DEBLOB-SCRIPTS."
                            (error "multiple directories found" dirs)))))
 
                   (with-directory-excursion dir
-                    (setenv "PYTHON" (which "python"))
                     (format #t "Running deblob script...~%")
                     (force-output)
                     (invoke "/tmp/bin/deblob"))
-- 
2.27.0

Message received at 43160 <at> debbugs.gnu.org:

Received: (at 43160) by debbugs.gnu.org; 1 Sep 2020 20:44:30 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Tue Sep 01 16:44:30 2020
Received: from localhost ([127.0.0.1]:57484 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1kDD8n-0002m5-OY
	for submit <at> debbugs.gnu.org; Tue, 01 Sep 2020 16:44:30 -0400
Received: from mail-qk1-f196.google.com ([209.85.222.196]:36722)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <maxim.cournoyer@HIDDEN>) id 1kDD8m-0002ls-6x
 for 43160 <at> debbugs.gnu.org; Tue, 01 Sep 2020 16:44:28 -0400
Received: by mail-qk1-f196.google.com with SMTP id f2so2338705qkh.3
 for <43160 <at> debbugs.gnu.org>; Tue, 01 Sep 2020 13:44:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=from:to:cc:subject:date:message-id:in-reply-to:references
 :mime-version:content-transfer-encoding;
 bh=eTeY0nM6CHr7KqlYh7NRh3Rr1F4RBnkBJ5cwLs2L/LQ=;
 b=uEmpu1o4dnA+MPo3SgzEL34p6OgOK35sTM51ZUnbbppGenzTHkrfpZuOKTQGoo2C6P
 ECiLpn2LuJ/qUp8HLoxHWqlYfFw8/SH9tf0Z5TzbB/oTg2BnMIKhBkvDoywGs+3YeEzS
 hnkwOau0vd7IiqNk+TTwxbVHU2cfVic6deu/HXJckdZPpQYeFyjGQ58pu+ypffWULArC
 Sw9u5/EhrvBfgETJPEa4J2gMMqAxRt//xXMQW2BzKy5WRTZ1opv2nVjRcu8pOMbwZuDw
 6FW2MYxbdMvcyZYMHHJbGZrkQThEzw43g9D4SRP2Spj46/+xAIUsV/eFyre993+TuFin
 YnoA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references:mime-version:content-transfer-encoding;
 bh=eTeY0nM6CHr7KqlYh7NRh3Rr1F4RBnkBJ5cwLs2L/LQ=;
 b=oxuOAowhmOfIZ9J6feNY5wDrSfU0tJ1aBa70+40u7E5plo7M9+QUvVkO88Kb4uM7IG
 5USR5roMmOy8kNjgQIZeiuKibBld72HFBrzbAAM38hlsOtnMogE0aqxk1oG2rf9ypCs3
 Wq9nNq52uPu/UEGFgiDwcdkyi10EuNBQz9twGkEYCye+QaSLrLQAGRjuF85tqqdCDnR8
 feMwhnK4CMo+WCPu+1htnuG1hcSxBQl27vXkOeQQKiylf5Z55GxcNukO2E7BkA/zYJBP
 cYfhoBD43I6ti+jPDX4dN6F5OyR/pPUCxw0qln5gxjw6cem6w9rnD06tiyzCcOchyCcC
 VoXA==
X-Gm-Message-State: AOAM533yddthycZ3oN7yPkHgYOmnlZFuKwCvI7Vdp0CWgJH6Nwy8y5t9
 /5FYmEXcL2rL9Q/xxx2JZTKk5deoWujUEw==
X-Google-Smtp-Source: ABdhPJy2f4J+IpLbqhDUJWDLS8I2UylF+vMgCIih8mDLM4tcecNb74Zv9ZBDfs+usyVaKrnYVs21yw==
X-Received: by 2002:a05:620a:1085:: with SMTP id
 g5mr3751826qkk.32.1598993062332; 
 Tue, 01 Sep 2020 13:44:22 -0700 (PDT)
Received: from localhost.localdomain (dsl-10-133-254.b2b2c.ca. [72.10.133.254])
 by smtp.gmail.com with ESMTPSA id g4sm2681820qtp.89.2020.09.01.13.44.21
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Tue, 01 Sep 2020 13:44:21 -0700 (PDT)
From: Maxim Cournoyer <maxim.cournoyer@HIDDEN>
To: 43160 <at> debbugs.gnu.org
Subject: [PATCH 2/2] gnu: linux-libre: Validate that the cleaned up tarball is
 free of blobs.
Date: Tue,  1 Sep 2020 16:41:52 -0400
Message-Id: <20200901204152.4802-2-maxim.cournoyer@HIDDEN>
X-Mailer: git-send-email 2.27.0
In-Reply-To: <20200901204152.4802-1-maxim.cournoyer@HIDDEN>
References: <20200901204152.4802-1-maxim.cournoyer@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=yes
Content-Transfer-Encoding: 8bit
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 43160
Cc: Maxim Cournoyer <maxim.cournoyer@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

* gnu/packages/linux.scm (make-linux-libre-source): Call the deblob-check
script on the generated tarball archive with the --use-awk and --list-blobs
options.
---
 gnu/packages/linux.scm | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 9507178fb6..cd9c3a18fa 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -48,6 +48,7 @@
 ;;; Copyright © 2020 John Soo <jsoo1@HIDDEN>
 ;;; Copyright © 2020 Michael Rohleder <mike@HIDDEN>
 ;;; Copyright © 2020 Anders Thuné <asse.97@HIDDEN>
+;;; Copyright © 2020 Maxim Cournoyer <maxim.cournoyer@HIDDEN>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -90,6 +91,7 @@
   #:use-module (gnu packages flex)
   #:use-module (gnu packages file)
   #:use-module (gnu packages freedesktop)
+  #:use-module (gnu packages gawk)
   #:use-module (gnu packages gcc)
   #:use-module (gnu packages gettext)
   #:use-module (gnu packages glib)
@@ -346,7 +348,11 @@ corresponding UPSTREAM-SOURCE (an origin), using the given DEBLOB-SCRIPTS."
                           "--group=root:0"
                           "--sort=name"
                           "--hard-dereference"
-                          dir))))))))))
+                          dir)
+
+                  (format #t "~%Validating the generated tarball...~%")
+                  (invoke "/tmp/bin/deblob-check" "--use-awk" "--list-blobs"
+                          #$output))))))))))
 
 
 ;;;
-- 
2.27.0

Message received at 43160 <at> debbugs.gnu.org:

Received: (at 43160) by debbugs.gnu.org; 1 Sep 2020 20:42:15 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Tue Sep 01 16:42:15 2020
Received: from localhost ([127.0.0.1]:57480 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1kDD6d-0002ie-Ag
	for submit <at> debbugs.gnu.org; Tue, 01 Sep 2020 16:42:15 -0400
Received: from mail-qk1-f194.google.com ([209.85.222.194]:37267)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <maxim.cournoyer@HIDDEN>) id 1kDD6X-0002iE-13
 for 43160 <at> debbugs.gnu.org; Tue, 01 Sep 2020 16:42:13 -0400
Received: by mail-qk1-f194.google.com with SMTP id b14so2325884qkn.4
 for <43160 <at> debbugs.gnu.org>; Tue, 01 Sep 2020 13:42:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=from:to:cc:subject:date:message-id:mime-version
 :content-transfer-encoding;
 bh=t3mkNNcjVZVcQwafZjWs344oZV3SUeAbAK+jz+lncak=;
 b=l2DOcIMUP4/ApqrV3M2vPrflRxPDSbcXV0BPP4o1zdiCyoWSpxyY3T+Axx56G1eZ2u
 gfnY1jckIpLzBSB1gYi2qfDVFxki07kHPcCnkAKfigJliU2J9GKEe/g5adEJVfTG4MVx
 r8hNBudTptRsWXi0lt+qpzVB16psIPhXjCfxakDBzXi6cdqg5OML/neJ/StNxU3pl7oK
 twuLYy9p4MN0xn0Y6ZsnZfH0AvlWcXbwVFRUFVqSIIpO/EZ3+7hm04Vo8BSZwQZtLLIx
 3fHpJgLy878uGa4Lgs0s5MPcZxZFbR/qab6juVdE94kvYdC8jlCgpErtw9wCYdQCPnMB
 V/ow==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version
 :content-transfer-encoding;
 bh=t3mkNNcjVZVcQwafZjWs344oZV3SUeAbAK+jz+lncak=;
 b=eeevJg1eQsSXJGqcchchx9PJmbVFmaUqJ99whOzonHpXRmSxF5lbQpLt1v7NxiYPpQ
 fhImhBCf0r42Apm6VaQRtJs+cVGfG+o9ZtQ8CNYoqV/vjXp2QO1iQ8rs0dYHPnSdwChk
 wmcoB7paUxhTN94xBq2RbGvToM49Ng2taoNQj3W6xdKEIdfOV2H4UJc/lSy+UFv7Whoq
 KSvnTFbp9DcOoUjZUlv0f9yyP46WdrynEExjxhN0iBFo37De9Qu37a2x4bZdR0M1IFjc
 sPA7nciw3DxlvDfIqFzRiwDg4cZ6J5v2hUyEuZpsFRsgrxPArmiUXlJh1o+FTAb1vlaG
 Iolg==
X-Gm-Message-State: AOAM532t6A106NS+4DGN3CQRdh/DPvWQPRMmPLSRWbtfpi3QI4W5YE6k
 FoEZFPkrihOia+arhmuokUwLAOdixpv2Qg==
X-Google-Smtp-Source: ABdhPJy/vfJ+WqI1fRadU5fXzLT/PsSKgG2tfy0vL425RsS1TIYkXWGf5CMlFWgqAteu/Zscbc/tyw==
X-Received: by 2002:a05:620a:48:: with SMTP id
 t8mr3793630qkt.474.1598992923008; 
 Tue, 01 Sep 2020 13:42:03 -0700 (PDT)
Received: from localhost.localdomain (dsl-10-133-254.b2b2c.ca. [72.10.133.254])
 by smtp.gmail.com with ESMTPSA id g4sm2681820qtp.89.2020.09.01.13.42.02
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Tue, 01 Sep 2020 13:42:02 -0700 (PDT)
From: Maxim Cournoyer <maxim.cournoyer@HIDDEN>
To: 43160 <at> debbugs.gnu.org
Subject: [PATCH 1/2] gnu: make-linux-libre-source: Set output port buffering
 to line mode.
Date: Tue,  1 Sep 2020 16:41:51 -0400
Message-Id: <20200901204152.4802-1-maxim.cournoyer@HIDDEN>
X-Mailer: git-send-email 2.27.0
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 43160
Cc: Maxim Cournoyer <maxim.cournoyer@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

* gnu/packages/linux.scm (make-linux-libre-source): Set output port buffering
to line mode via setvbuf.  Remove the ad-hoc calls to force-output.
---
 gnu/packages/linux.scm | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index e9bfca25af..9507178fb6 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -279,6 +279,9 @@ corresponding UPSTREAM-SOURCE (an origin), using the given DEBLOB-SCRIPTS."
                              (srfi srfi-1)
                              (ice-9 match)
                              (ice-9 ftw))
+
+                (setvbuf (current-output-port) 'line)
+
                 (let ((dir (string-append "linux-" #$version)))
 
                   (mkdir "/tmp/bin")
@@ -315,12 +318,10 @@ corresponding UPSTREAM-SOURCE (an origin), using the given DEBLOB-SCRIPTS."
                   (if (file-is-directory? #+upstream-source)
                       (begin
                         (format #t "Copying upstream linux source...~%")
-                        (force-output)
                         (invoke "cp" "--archive" #+upstream-source dir)
                         (invoke "chmod" "--recursive" "u+w" dir))
                       (begin
                         (format #t "Unpacking upstream linux tarball...~%")
-                        (force-output)
                         (invoke "tar" "xf" #$upstream-source)
                         (match (scandir "."
                                         (lambda (name)
@@ -335,11 +336,9 @@ corresponding UPSTREAM-SOURCE (an origin), using the given DEBLOB-SCRIPTS."
                   (with-directory-excursion dir
                     (setenv "PYTHON" (which "python"))
                     (format #t "Running deblob script...~%")
-                    (force-output)
                     (invoke "/tmp/bin/deblob"))
 
                   (format #t "~%Packing new Linux-libre tarball...~%")
-                  (force-output)
                   (invoke "tar" "cvfa" #$output
                           ;; Avoid non-determinism in the archive.
                           "--mtime=@0"
-- 
2.27.0

Message received at submit <at> debbugs.gnu.org:

Received: (at submit) by debbugs.gnu.org; 1 Sep 2020 20:40:14 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Tue Sep 01 16:40:14 2020
Received: from localhost ([127.0.0.1]:57467 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1kDD4f-0002ea-R1
	for submit <at> debbugs.gnu.org; Tue, 01 Sep 2020 16:40:14 -0400
Received: from lists.gnu.org ([209.51.188.17]:44942)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <maxim.cournoyer@HIDDEN>) id 1kDD4a-0002eO-52
 for submit <at> debbugs.gnu.org; Tue, 01 Sep 2020 16:40:12 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:46202)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <maxim.cournoyer@HIDDEN>)
 id 1kDD4Z-0003Zn-Th
 for guix-patches@HIDDEN; Tue, 01 Sep 2020 16:40:07 -0400
Received: from mail-qv1-xf44.google.com ([2607:f8b0:4864:20::f44]:39519)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <maxim.cournoyer@HIDDEN>)
 id 1kDD4Y-00065S-6q
 for guix-patches@HIDDEN; Tue, 01 Sep 2020 16:40:07 -0400
Received: by mail-qv1-xf44.google.com with SMTP id o2so1188673qvk.6
 for <guix-patches@HIDDEN>; Tue, 01 Sep 2020 13:40:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=from:to:cc:subject:date:message-id:mime-version
 :content-transfer-encoding;
 bh=IbCJjy+/FMVGgRuRZ0nWnyy59wljjnsEuUJVtsMYLMw=;
 b=lIIoBct0kNbWhMGsN9Ueemie5mxkqMRBS2bqnTzRrI1yKgPbkbqAlM8D5/dITRFFUF
 WAKxFUGYrPTTBKVlKjCGR7Qcq0PE/hZbPiigcw3fWMOYh73YD/XbZ63Lak3zP1+5qY4w
 cmwhbH/H9de3+OTaKJ/cwARb47DRoefrhDJtJzCkAQr2orO7HpNHYsQkcF5ECr1BQoJN
 /VMlTImjCHeiBstdVxnAZqgAAeLl7XTABbWtBdUkrQYkhEIlceNppKWc4OkluSLewZSF
 OgX4fuaTMmdr1BAXiItlJvnaidFzs3oJ/TmGEQR5CAR/ZbF+GvQq3HN1muu53J7xZvAv
 3THg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version
 :content-transfer-encoding;
 bh=IbCJjy+/FMVGgRuRZ0nWnyy59wljjnsEuUJVtsMYLMw=;
 b=MOSRX31bX1K9Yohee89AONQmqbDB+qiu/h+YOhWfoY5Xe/bpF6leAtlfr5o27qQtTd
 qS9H28AtAXu7QD3wtvxE7B5aJR1wyZPc5thmHfjqauTNkxRuJrQvBMlXd4qAkCSM94CZ
 9OjAcAJLmBgn6gQCiQAuxVllrohGokKbrfpukIuBINz/EPrCeC1RcG+vez8TmwgH823U
 2Hi+3/uvNrpoKZXo7nHNvfbrdci4eFn0k/BPhVWLNv49PL5OStGkfjq3CvTWBdfZHWch
 pNhtA40qtb21sFgEB+fXOyeZSOibEeIdbVyYSjXK1BFBbmvSYWzANZjYxGl0eEEaocgK
 i8sQ==
X-Gm-Message-State: AOAM532r3MvD+K/w6UEqOONO685CBF0ZZWkOhzmCIEcFWAkSiLpg9SC3
 ewTOQRY8ntATVuHKUzqnGS0cFvyAmbqtRA==
X-Google-Smtp-Source: ABdhPJzzDS7vunJsGKW4Gp5Z5i5yTzvVN07s4Y1CPfr3BisZ5M50qrcXWCWXaOlgf2UP4NHu/Ys5sQ==
X-Received: by 2002:a0c:aedf:: with SMTP id n31mr3686301qvd.16.1598992804776; 
 Tue, 01 Sep 2020 13:40:04 -0700 (PDT)
Received: from localhost.localdomain (dsl-10-133-254.b2b2c.ca. [72.10.133.254])
 by smtp.gmail.com with ESMTPSA id w27sm2586606qtv.68.2020.09.01.13.40.03
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Tue, 01 Sep 2020 13:40:03 -0700 (PDT)
From: Maxim Cournoyer <maxim.cournoyer@HIDDEN>
To: guix-patches@HIDDEN
Subject: [PATCH] gnu: linux-libre: Use Python 3 in make-linux-libre-source.
Date: Tue,  1 Sep 2020 16:38:59 -0400
Message-Id: <20200901203859.4695-1-maxim.cournoyer@HIDDEN>
X-Mailer: git-send-email 2.27.0
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Received-SPF: pass client-ip=2607:f8b0:4864:20::f44;
 envelope-from=maxim.cournoyer@HIDDEN; helo=mail-qv1-xf44.google.com
X-detected-operating-system: by eggs.gnu.org: No matching host in p0f cache.
 That's all we know.
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,
 RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-Spam-Score: -0.0 (/)
X-Debbugs-Envelope-To: submit
Cc: Maxim Cournoyer <maxim.cournoyer@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -2.3 (--)

Successfully tested with all of the linux-libre versions we carry in Guix:
4.4.234, 4.9.234, 4.14.195, 4.19.142, 5.4.61 and 5.8.5.

* gnu/packages/linux.scm (make-linux-libre-source): Replace python-2 by
python-wrapper.
---
 gnu/packages/linux.scm | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index d3365e7a4b..e9bfca25af 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -296,11 +296,7 @@ corresponding UPSTREAM-SOURCE (an origin), using the given DEBLOB-SCRIPTS."
                          #+(canonical-package bzip2)
                          #+(canonical-package gzip)
                          #+(canonical-package tar)
-                         ;; The comments in the 'deblob-check' script
-                         ;; claim that it supports Python 2 and 3, but
-                         ;; in fact it fails when run in Python 3 as
-                         ;; of version 5.1.3.
-                         #+python-2))
+                         #+python-wrapper))
 
                   (with-directory-excursion "/tmp/bin"
 
-- 
2.27.0