Package: guix;
Reported by: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
Date: Fri, 9 Oct 2020 21:59:02 UTC
Severity: normal
Tags: patch
Done: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 43893 in the body.
You can then email your comments to 43893 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
View this report as an mbox folder, status mbox, maintainer mbox
bug-guix <at> gnu.org:bug#43893; Package guix.
(Fri, 09 Oct 2020 21:59:02 GMT) Full text and rfc822 format available.Maxim Cournoyer <maxim.cournoyer <at> gmail.com>:bug-guix <at> gnu.org.
(Fri, 09 Oct 2020 21:59:02 GMT) Full text and rfc822 format available.Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
From: Maxim Cournoyer <maxim.cournoyer <at> gmail.com> To: bug-guix <bug-guix <at> gnu.org> Subject: make update-guix-package produced an incorrect hash Date: Fri, 09 Oct 2020 17:58:39 -0400
Hello, Today, I used 'make update-guix-package' and pushed the result (commit f08587682a). Users later reported being unable to pull because of a hash mismatch on the newly updated Guix package :-/. I haven't investigated why yet, and simply reverted the faulty update for now in commit a279f7c61c. Thank you, Maxim
bug-guix <at> gnu.org:bug#43893; Package guix.
(Sat, 10 Oct 2020 00:05:02 GMT) Full text and rfc822 format available.Message #8 received at 43893 <at> debbugs.gnu.org (full text, mbox):
From: Danny Milosavljevic <dannym <at> scratchpost.org> To: Maxim Cournoyer <maxim.cournoyer <at> gmail.com> Cc: 43893 <at> debbugs.gnu.org Subject: Re: bug#43893: make update-guix-package produced an incorrect hash Date: Sat, 10 Oct 2020 02:04:10 +0200
[Message part 1 (text/plain, inline)]
I'm guessing it has something to do with update-guix-package using git-predicate to add only git-known (but not necessarily committed) files to the store and then calculating the checksum of that--but the git-fetch for the guix package not necessarily doing the same. Then update-guix-package.scm does one worse and actively prevents guix from doing the checkout from git when building that "guix" package. That means the person invoking update-guix-package.scm can't notice even when the sha256 hash is definitely wrong--because guix will have the source for package "guix" in the store already (a faked entry added by update-guix-package.scm) and thus won't fetch it again. Also, doesn't this entire approach have a problem? If you make a commit into the git repo of guix in order to update the package "guix" to commit A, at that point you can't know what commit hash commit A will have (since you haven't committed it yet) and yet you have to know the commit hash of commit A in order to write it into the package definition of package "guix". That cannot work. The only way it works, more or less by accident is that, (1) At first, update-guix-package.scm does NOT update the "guix" package inside, and calculates the hash of the working copy (hash A). (2) Then, it updates the "guix" package inside to refer to hash A and to a USER-SPECIFIED COMMIT HASH (the latter is determined by the user via git rev-parse HEAD). (3) Then, it commits that changed working copy as commit B. Commit B is essentially not referred-to by anyone--it's just to make it to the git repository so guix pull can pick it up. That works only as long as there will be no reference to a nested-nested "guix" package, by the eventual user. @Maxim: I think this entire thing has to assume that git rev-parse HEAD (which it did at the very beginning of make update-guix-package) actually refers to a commit that is available on the guix git repository on savannah. That means as soon as you change anything (no matter what) (and not actually commit that) before invoking make update-guix-package the commit it refers to in the "guix" package will be one which cannot be resolved by users. Worse, if you change anything but not commit it (even locally), then that surely counts as "part of the checkout" for make update-guix-package, so the hash will be calculated including those change--but the changes are not committed, so no one can build the resulting guix package (because of a hash mismatch). That can happen automatically very easily if "make" updates po files. An easy fix, also done by a lot of other such release tools, is to make make update-guix-package first check whether there are any uncommitted changes. If so, make it fail. There's guix build guix --with-git-url=guix=. but even that won't work with (locally) uncommitted changes. Note: uncommitted and unpushed are different. It's totally fine to have UNPUSHED changes and then use ./pre-inst-env guix build guix --with-git-url=guix=`pwd` in order to build it anyway. But it's not fine to do that with UNCOMMITTED changes--because the sha256 hash will include those, but the commit id won't. Long story short, we should make "make update-guix-package" check for uncommitted changes in the working copy, and fail if any such exist[1]. There are no downsides that I can see. Even building from local working copy still works then. Also, let's please document update-guix-package. [1] git diff-index --quiet HEAD || echo fail
[Message part 2 (application/pgp-signature, inline)]
bug-guix <at> gnu.org:bug#43893; Package guix.
(Sat, 10 Oct 2020 05:09:01 GMT) Full text and rfc822 format available.Message #11 received at 43893 <at> debbugs.gnu.org (full text, mbox):
From: Maxim Cournoyer <maxim.cournoyer <at> gmail.com> To: Danny Milosavljevic <dannym <at> scratchpost.org> Cc: 43893 <at> debbugs.gnu.org Subject: Re: bug#43893: make update-guix-package produced an incorrect hash Date: Sat, 10 Oct 2020 01:08:28 -0400
Hello Danny, Thanks for the quick investigation. Danny Milosavljevic <dannym <at> scratchpost.org> writes: > I'm guessing it has something to do with update-guix-package using git-predicate > to add only git-known (but not necessarily committed) files to the store and then > calculating the checksum of that--but the git-fetch for the guix package not > necessarily doing the same. That's a good observation; it is indeed dangerous. In my case, my tree looks clean (no modified git-tracked files), but I had in fact modifications made to .dir-locals that I've been testing and these were hidden from the view by using: $ git update-index --skip-worktree .dir-locals But since the .dir-locals file is known to git, it was probably picked up with my invisible changes, causing the hash mismatch. > Then update-guix-package.scm does one worse and actively prevents guix from > doing the checkout from git when building that "guix" package. That means the > person invoking update-guix-package.scm can't notice even when the sha256 hash > is definitely wrong--because guix will have the source for package "guix" in > the store already (a faked entry added by update-guix-package.scm) and thus > won't fetch it again. > > Also, doesn't this entire approach have a problem? > > If you make a commit into the git repo of guix in order to update the > package "guix" to commit A, at that point you can't know what commit hash > commit A will have (since you haven't committed it yet) and yet you have > to know the commit hash of commit A in order to write it into the package > definition of package "guix". > > That cannot work. > The only way it works, more or less by accident is that, > > (1) At first, update-guix-package.scm does NOT update the "guix" package > inside, and calculates the hash of the working copy (hash A). > (2) Then, it updates the "guix" package inside to refer to hash A and to a > USER-SPECIFIED COMMIT HASH (the latter is determined by the user via > git rev-parse HEAD). > (3) Then, it commits that changed working copy as commit B. Commit B is > essentially not referred-to by anyone--it's just to make it to the > git repository so guix pull can pick it up. Yes, that's my understanding of how it works too. This means you have to be extra careful doing this while no-one else is commiting changes, else you have to start over because rebasing is not an option (it'd change the hashes, breaking the computed Guix hash). That's how I broke 'guix pull' the first time I used 'make update-guix-package' :-). But I think it's inevitable, so perhaps the best we can do is documement it well and print a warning when running the target. > That works only as long as there will be no reference to a nested-nested "guix" > package, by the eventual user. What do you mean by nested-nested Guix? Are there valid uses of such a thing? > @Maxim: I think this entire thing has to assume that > > git rev-parse HEAD > > (which it did at the very beginning of make update-guix-package) actually > refers to a commit that is available on the guix git repository on savannah. > > That means as soon as you change anything (no matter what) (and not actually > commit that) before invoking > > make update-guix-package > > the commit it refers to in the "guix" package will be one which cannot be > resolved by users. Indeed. [...] > Long story short, we should make "make update-guix-package" check for > uncommitted changes in the working copy, and fail if any such exist[1]. > There are no downsides that I can see. Even building from local working > copy still works then. Yes, that's a good step. Actually I just had an idea to use a clean worktree to do the computation, because that's even safer as it prevents subtle things like "git update-index --skip-worktree some/path" from interacting with the computed hash too. > Also, let's please document update-guix-package. I'll send a first commit. I haven't found a way to build it locally with the command in the message; it seems to create a cycle. Let me know what you think. Maxim
bug-guix <at> gnu.org:bug#43893; Package guix.
(Sat, 10 Oct 2020 05:10:02 GMT) Full text and rfc822 format available.Message #14 received at 43893 <at> debbugs.gnu.org (full text, mbox):
From: Maxim Cournoyer <maxim.cournoyer <at> gmail.com> To: 43893 <at> debbugs.gnu.org Cc: Maxim Cournoyer <maxim.cournoyer <at> gmail.com> Subject: [PATCH] maint: update-guix-package: Ensure sources are clean. Date: Sat, 10 Oct 2020 01:08:52 -0400
By using a fresh copy of the last commit, we ensure the computed hash is
stable in the face of local edits. This change also computes the hash
externally from the store, which allows to verify that the hashes are valid
using, e.g.:
#FIXME: This doesn't work (recursion?)
./pre-inst-env guix build guix --with-git-url=guix=file://$PWD
* build-aux/update-guix-package.scm (git-add-worktree): New procedure.
(main): Use it to checkout a clean copy of the used commit, and compute the
hash from it. Print a user warning after completion.
---
build-aux/update-guix-package.scm | 59 +++++++++++++------------------
1 file changed, 25 insertions(+), 34 deletions(-)
diff --git a/build-aux/update-guix-package.scm b/build-aux/update-guix-package.scm
index f695e91cfd..b609e57b8f 100644
--- a/build-aux/update-guix-package.scm
+++ b/build-aux/update-guix-package.scm
@@ -1,5 +1,6 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2017, 2018 Ludovic Courtès <ludo <at> gnu.org>
+;;; Copyright © 2020 Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -29,6 +30,7 @@
(guix utils)
(guix base32)
(guix build utils)
+ (guix scripts hash)
(gnu packages package-management)
(ice-9 match))
@@ -101,44 +103,33 @@ COMMIT."
(exp
(error "'guix' package definition is not as expected" exp)))))
+(define (git-add-worktree directory commit-ish)
+ "Create a new git worktree at DIRECTORY, detached on commit COMMIT-ISH."
+ (invoke "git" "worktree" "add" "--detach" directory commit-ish))
+
(define (main . args)
(match args
((commit version)
- (with-store store
- (let* ((source (add-to-store store
- "guix-checkout" ;dummy name
- #t "sha256" %top-srcdir
- #:select? version-controlled?))
- (hash (query-path-hash store source))
- (location (package-definition-location))
- (old-hash (content-hash-value
- (origin-hash (package-source guix)))))
- (edit-expression location
- (update-definition commit hash
- #:old-hash old-hash
- #:version version))
-
- ;; Re-add SOURCE to the store, but this time under the real name used
- ;; in the 'origin'. This allows us to build the package without
- ;; having to make a real checkout; thus, it also works when working
- ;; on a private branch.
- (reload-module
- (resolve-module '(gnu packages package-management)))
-
- (let* ((source (add-to-store store
- (origin-file-name (package-source guix))
- #t "sha256" source))
- (root (store-path-package-name source)))
-
- ;; Add an indirect GC root for SOURCE in the current directory.
- (false-if-exception (delete-file root))
- (symlink source root)
- (add-indirect-root store
- (string-append (getcwd) "/" root))
-
- (format #t "source code for commit ~a: ~a (GC root: ~a)~%"
- commit source root)))))
+ (with-directory-excursion %top-srcdir
+ (call-with-temporary-directory
+ (lambda (tmp-directory)
+ (let* ((dummy (git-add-worktree tmp-directory commit))
+ (hash (nix-base32-string->bytevector
+ (string-trim-both
+ (with-output-to-string
+ (lambda ()
+ (guix-hash "-rx" tmp-directory))))))
+ (location (package-definition-location))
+ (old-hash (content-hash-value
+ (origin-hash (package-source guix)))))
+ (edit-expression location
+ (update-definition commit hash
+ #:old-hash old-hash
+ #:version version))
+ (format #t "Updated Guix to commit ~s. You must ensure this
+commit hash exists in the public repository, else 'guix pull' will break.
+Beware of 'git rebase'~%" commit))))))
((commit)
;; Automatically deduce the version and revision numbers.
(main commit #f))))
--
2.28.0
bug-guix <at> gnu.org:bug#43893; Package guix.
(Sat, 10 Oct 2020 12:00:02 GMT) Full text and rfc822 format available.Message #17 received at 43893 <at> debbugs.gnu.org (full text, mbox):
From: Danny Milosavljevic <dannym <at> scratchpost.org> To: Maxim Cournoyer <maxim.cournoyer <at> gmail.com> Cc: 43893 <at> debbugs.gnu.org Subject: Re: bug#43893: [PATCH] maint: update-guix-package: Ensure sources are clean. Date: Sat, 10 Oct 2020 13:59:13 +0200
[Message part 1 (text/plain, inline)]
Hi Maxim, hmm, git worktree can fail if the commit already is checked out somewhere (for example if you invoke make update-guix-package twice in a row), or if the user used git worktree on that repo for that commit for other purposes. That would mean that make update-guix-package would fail in weird undocumented ways again. Please please let's document stuff at least. Also, why not just fail when there's uncommitted stuff? This patch looks like it goes to quite some length to enable you to build a guix package of committed stuff only (which is NOT what your working copy is actually like). Is there a use case for that? Sounds weird to me. Even if there's a use case for that, please add a warning if there are uncommitted changes that are now not included in the "guix" package. Other than that, okay. >#FIXME: This doesn't work (recursion?) >./pre-inst-env guix build guix --with-git-url=guix=file://$PWD Why doesn't it work? That sounds like a big limitation--that basically means you can't test with local-only commits, you'd always have to push. We should find out why this doesn't work and fix it.
[Message part 2 (application/pgp-signature, inline)]
bug-guix <at> gnu.org:bug#43893; Package guix.
(Sat, 10 Oct 2020 20:09:01 GMT) Full text and rfc822 format available.Message #20 received at 43893 <at> debbugs.gnu.org (full text, mbox):
From: Ludovic Courtès <ludo <at> gnu.org> To: Maxim Cournoyer <maxim.cournoyer <at> gmail.com> Cc: 43893 <at> debbugs.gnu.org Subject: Re: bug#43893: [PATCH] maint: update-guix-package: Ensure sources are clean. Date: Sat, 10 Oct 2020 22:08:19 +0200
Hi, Maxim Cournoyer <maxim.cournoyer <at> gmail.com> skribis: > By using a fresh copy of the last commit, we ensure the computed hash is > stable in the face of local edits. This change also computes the hash > externally from the store, which allows to verify that the hashes are valid > using, e.g.: > > #FIXME: This doesn't work (recursion?) > ./pre-inst-env guix build guix --with-git-url=guix=file://$PWD Works for me, please open a separate bug report. :-) > * build-aux/update-guix-package.scm (git-add-worktree): New procedure. > (main): Use it to checkout a clean copy of the used commit, and compute the > hash from it. Print a user warning after completion. I’m not quite enthusiastic about the tool creating a worktree behind my back. > - ;; Re-add SOURCE to the store, but this time under the real name used > - ;; in the 'origin'. This allows us to build the package without > - ;; having to make a real checkout; thus, it also works when working > - ;; on a private branch. So this preserves this possibility, right? > + (format #t "Updated Guix to commit ~s. You must ensure this > +commit hash exists in the public repository, else 'guix pull' will break. > +Beware of 'git rebase'~%" commit)))))) I think this is the most important bit. :-) I could also suggest running ‘guix build guix --check’. Honestly, I would simply add this last message; better yet, we could use Guile-Git to (1) check whether we’re on a dirty tree and stop right away if we are, and (2) check whether the commit exists in the official Git repo and error out if it doesn’t, unless GUIX_ALLOW_ME_TO_USE_PRIVATE_COMMIT is set. #2 could also be implemented by building the derivation of (package-source guix) in ‘check’ mode (perhaps easier). WDYT? Thanks for looking into it, experience has shown that this really needs to be addressed! Ludo’.
bug-guix <at> gnu.org:bug#43893; Package guix.
(Sat, 10 Oct 2020 21:15:02 GMT) Full text and rfc822 format available.Message #23 received at 43893 <at> debbugs.gnu.org (full text, mbox):
From: Danny Milosavljevic <dannym <at> scratchpost.org> To: Ludovic Courtès <ludo <at> gnu.org> Cc: 43893 <at> debbugs.gnu.org, Maxim Cournoyer <maxim.cournoyer <at> gmail.com> Subject: Re: bug#43893: [PATCH] maint: update-guix-package: Ensure sources are clean. Date: Sat, 10 Oct 2020 23:14:16 +0200
[Message part 1 (text/plain, inline)]
Hi Ludo, On Sat, 10 Oct 2020 22:08:19 +0200 Ludovic Courtès <ludo <at> gnu.org> wrote: > Maxim Cournoyer <maxim.cournoyer <at> gmail.com> skribis: > > > #FIXME: This doesn't work (recursion?) > > ./pre-inst-env guix build guix --with-git-url=guix=file://$PWD > > Works for me, please open a separate bug report. :-) Doesn't work for me on x86_64, using a checkout of guix at commit 93d3cfec32bbbe1dfbe0be686b371973545b35b8. $ guix environment --pure guix --ad-hoc git guile-readline guile-json nano guile-zlib guile-lzlib bash -- ./pre-inst-env guix build guix --with-git-url=guix=file://$PWD I get: [...] updating checkout of 'file:///home/dannym/src/guix-master/guix'... retrieved commit 93d3cfec32bbbe1dfbe0be686b371973545b35b8 [...] test-name: channel-instances->manifest location: /tmp/guix-build-guix-1.1.0-30.5918cb5.drv-0/source/tests/channels.scm:233 source: + (test-assert + "channel-instances->manifest" + (let* ((spec (lambda deps + `(channel + (version 0) + (dependencies + ,@(map (lambda (dep) + `(channel + (name ,dep) + (url "http://example.org"))) + deps))))) + (guix (make-instance #:name 'guix)) + (instance0 (make-instance #:name 'a)) + (instance1 + (make-instance #:name 'b #:spec (spec 'a))) + (instance2 + (make-instance #:name 'c #:spec (spec 'b))) + (instance3 + (make-instance #:name 'd #:spec (spec 'c 'a)))) + (%graft? #f) + (let ((source (channel-instance-checkout guix))) + (mkdir (string-append source "/build-aux")) + (call-with-output-file + (string-append + source + "/build-aux/build-self.scm") + (lambda (port) + (write '(begin + (use-modules (guix) (gnu packages bootstrap)) + (lambda _ (package->derivation %bootstrap-guile))) + port)))) + (with-store + store + (let () + (define manifest + (run-with-store + store + (channel-instances->manifest + (list guix + instance0 + instance1 + instance2 + instance3)))) + (define entries (manifest-entries manifest)) + (define (depends? drv in out) + (let ((set (list->set + (requisites + store + (list (derivation-file-name drv))))) + (in (map derivation-file-name in)) + (out (map derivation-file-name out))) + (and (every (cut set-contains? set <>) in) + (not (any (cut set-contains? set <>) out))))) + (define (lookup name) + (run-with-store + store + (lower-object + (manifest-entry-item + (manifest-lookup + manifest + (manifest-pattern (name name))))))) + (let ((drv-guix (lookup "guix")) + (drv0 (lookup "a")) + (drv1 (lookup "b")) + (drv2 (lookup "c")) + (drv3 (lookup "d"))) + (and (depends? + drv-guix + '() + (list drv0 drv1 drv2 drv3)) + (depends? drv0 (list) (list drv1 drv2 drv3)) + (depends? drv1 (list drv0) (list drv2 drv3)) + (depends? drv2 (list drv1) (list drv3)) + (depends? drv3 (list drv2 drv0) (list)))))))) actual-value: #f actual-error: + (wrong-type-arg + "struct-vtable" + "Wrong type argument in position 1 (expecting struct): ~S" + (#f) + (#f)) result: FAIL [...] command "make" "check" failed with status 2 builder for `/gnu/store/csagsyh01rq7ilqkcpaa2d7vp1bn41w3-guix-1.1.0-30.5918cb5.drv' failed with exit code 1 build of /gnu/store/csagsyh01rq7ilqkcpaa2d7vp1bn41w3-guix-1.1.0-30.5918cb5.drv failed View build log at '/var/log/guix/drvs/cs/agsyh01rq7ilqkcpaa2d7vp1bn41w3-guix-1.1.0-30.5918cb5.drv.bz2'. guix build: error: build of `/gnu/store/csagsyh01rq7ilqkcpaa2d7vp1bn41w3-guix-1.1.0-30.5918cb5.drv' failed I didn't even RUN update-guix-package or apply this patch--and the above still fails. This is reproducible every time--both on my laptop and on a x86_64 build host. So I'm confused how there's a substitute for the package "guix" available. How was it built? O_o.
[Message part 2 (application/pgp-signature, inline)]
bug-guix <at> gnu.org:bug#43893; Package guix.
(Sun, 11 Oct 2020 02:36:01 GMT) Full text and rfc822 format available.Message #26 received at 43893 <at> debbugs.gnu.org (full text, mbox):
From: Maxim Cournoyer <maxim.cournoyer <at> gmail.com> To: Danny Milosavljevic <dannym <at> scratchpost.org>, ludo <at> gnu.org Cc: 43893 <at> debbugs.gnu.org Subject: Re: bug#43893: [PATCH] maint: update-guix-package: Ensure sources are clean. Date: Sat, 10 Oct 2020 22:35:22 -0400
Hi Danny, Danny Milosavljevic <dannym <at> scratchpost.org> writes: > Hi Maxim, > > hmm, git worktree can fail if the commit already is checked out somewhere (for > example if you invoke make update-guix-package twice in a row), or if the user > used git worktree on that repo for that commit for other purposes. That would > mean that > > make update-guix-package The "--detached" option is the one allowing to have multiple checkouts of the same commit. > would fail in weird undocumented ways again. Please please let's document > stuff at least. > > Also, why not just fail when there's uncommitted stuff? Well, if the tool says clearly it's going to update the guix package to commit X, which is the latest commit in your tree, and doesn't have technical reasons preventing it from doing so successfully, why enforce a clean tree? Using a worktree to setup a pristine checkout also covers for uses such as 'git update-index --skip-worktree some-file-or-path' or 'git update-index --assume-unchanged some-file-or-path', which would go undetected by checking for modifications with 'git diff-index --quiet HEAD'. We'd also have to check for the output of > This patch looks like it goes to quite some length to enable you to build a > guix package of committed stuff only (which is NOT what your working copy is > actually like). Is there a use case for that? Sounds weird to me. That's exactly what the tool should do, as there's no point upgrading the guix package definition to a state that doesn't exist as a commit. > Even if there's a use case for that, please add a warning if there are > uncommitted changes that are now not included in the "guix" package. They were never included in the upgraded guix package (the one you'd 'git push' anyway), they were just put in your store for computing the hash, which is problematic as we saw. > Other than that, okay. > >>#FIXME: This doesn't work (recursion?) >>./pre-inst-env guix build guix --with-git-url=guix=file://$PWD > > Why doesn't it work? That sounds like a big limitation--that basically means > you can't test with local-only commits, you'd always have to push. We > should find out why this doesn't work and fix it. I've tested it again, and it worked... I think what got is surprising is that the only output I had for multiple minutes was: --8<---------------cut here---------------start------------->8--- updating checkout of 'file:///home/maxim/src/guix'... --8<---------------cut here---------------end--------------->8--- And the CPU peaked and the RAM stayed around 1 GiB while it was doing its magic. Maxim
bug-guix <at> gnu.org:bug#43893; Package guix.
(Sun, 11 Oct 2020 19:44:02 GMT) Full text and rfc822 format available.Message #29 received at 43893 <at> debbugs.gnu.org (full text, mbox):
From: Maxim Cournoyer <maxim.cournoyer <at> gmail.com> To: Ludovic Courtès <ludo <at> gnu.org> Cc: 43893 <at> debbugs.gnu.org Subject: Re: bug#43893: [PATCH] maint: update-guix-package: Ensure sources are clean. Date: Sun, 11 Oct 2020 15:43:05 -0400
Hello!
Ludovic Courtès <ludo <at> gnu.org> writes:
[...]
>> * build-aux/update-guix-package.scm (git-add-worktree): New procedure.
>> (main): Use it to checkout a clean copy of the used commit, and compute the
>> hash from it. Print a user warning after completion.
>
> I’m not quite enthusiastic about the tool creating a worktree behind my
> back.
May I ask why? It's not something you'd (need to) be aware of (it
doesn't leave traces in my v2 as 'git worktree prune' clears up the
temporary worktree entries), and it's quite cheap to create.
>> - ;; Re-add SOURCE to the store, but this time under the real name used
>> - ;; in the 'origin'. This allows us to build the package without
>> - ;; having to make a real checkout; thus, it also works when working
>> - ;; on a private branch.
>
> So this preserves this possibility, right?
Yes.
[...]
> I could also suggest running ‘guix build guix --check’.
>
> Honestly, I would simply add this last message; better yet, we could use
> Guile-Git to (1) check whether we’re on a dirty tree and stop right away
> if we are
Using the worktree approach, checking for local changes is made
unnecessary; as long as the tool clearly says which commit will be used
for the updated Guix package, I don't see why we should force the
developer to stash their changes (in the same way git checkout doesn't
forces you to do so in the absence of conflicts).
Also, this bug reported was triggered by something like:
--8<---------------cut here---------------start------------->8---
echo ";;some comment" >> .dir-locals \
&& git update-index --skip-worktree .dir-locals \
&& make update-guix-package)
--8<---------------cut here---------------end--------------->8---
leading 'update-guix-package' to produce a wrong hash. Git has been
told to ignore changes on .dir-locals so checking for changes would not
have been sufficient (you'd also need to 'git ls-files -v' and interpret
the result).
> and (2) check whether the commit exists in the official Git
> repo and error out if it doesn’t, unless
> GUIX_ALLOW_ME_TO_USE_PRIVATE_COMMIT is set.
That's a good idea; implemented in the v2 patch I'm about to send.
Thanks,
Maxim
bug-guix <at> gnu.org:bug#43893; Package guix.
(Sun, 11 Oct 2020 19:59:01 GMT) Full text and rfc822 format available.Message #32 received at 43893 <at> debbugs.gnu.org (full text, mbox):
From: Maxim Cournoyer <maxim.cournoyer <at> gmail.com> To: 43893 <at> debbugs.gnu.org Cc: dannym <at> scratchpost.org, ludo <at> gnu.org, Maxim Cournoyer <maxim.cournoyer <at> gmail.com> Subject: [PATCH v2] maint: update-guix-package: Prevent accidentally breaking guix pull. Date: Sun, 11 Oct 2020 15:57:40 -0400
Fixes <https://issues.guix.gnu.org/43893>.
This changes the 'update-guix-package' tool so that it:
1. Always uses a clean checkout to compute the hash of the updated 'guix'
package.
2. Ensures the commit used in the updated 'guix' package definition has already
been pushed upstream.
* build-aux/update-guix-package.scm (%savannah-guix-git-repo-push-url): New
variable.
(with-input-pipe-to-string): New syntax.
(find-origin-remote, git-add-worktree): New procedures.
(commit-already-pushed?): New predicate.
(main): Check the commit used has already been pushed upstream and compute the
hash from a clean checkout.
* doc/contributing.texi (Updating the Guix Package): Document it.
---
build-aux/update-guix-package.scm | 103 ++++++++++++++++++++----------
doc/contributing.texi | 43 +++++++++++++
2 files changed, 111 insertions(+), 35 deletions(-)
diff --git a/build-aux/update-guix-package.scm b/build-aux/update-guix-package.scm
index f695e91cfd..397b404922 100644
--- a/build-aux/update-guix-package.scm
+++ b/build-aux/update-guix-package.scm
@@ -1,5 +1,6 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2017, 2018 Ludovic Courtès <ludo <at> gnu.org>
+;;; Copyright © 2020 Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -24,13 +25,20 @@
;;; Code:
(use-modules (guix)
+ (guix ui)
(guix git-download)
(guix upstream)
(guix utils)
(guix base32)
(guix build utils)
+ (guix scripts hash)
(gnu packages package-management)
- (ice-9 match))
+ (ice-9 match)
+ (ice-9 popen)
+ (ice-9 textual-ports)
+ (srfi srfi-1)
+ (srfi srfi-2)
+ (srfi srfi-26))
(define %top-srcdir
(string-append (current-source-directory) "/.."))
@@ -101,44 +109,69 @@ COMMIT."
(exp
(error "'guix' package definition is not as expected" exp)))))
-
-(define (main . args)
- (match args
- ((commit version)
- (with-store store
- (let* ((source (add-to-store store
- "guix-checkout" ;dummy name
- #t "sha256" %top-srcdir
- #:select? version-controlled?))
- (hash (query-path-hash store source))
- (location (package-definition-location))
- (old-hash (content-hash-value
- (origin-hash (package-source guix)))))
- (edit-expression location
- (update-definition commit hash
- #:old-hash old-hash
- #:version version))
+(define (git-add-worktree directory commit-ish)
+ "Create a new git worktree at DIRECTORY, detached on commit COMMIT-ISH."
+ (invoke "git" "worktree" "add" "--detach" directory commit-ish))
+
+(define %savannah-guix-git-repo-push-url
+ "git.savannah.gnu.org/srv/git/guix.git")
- ;; Re-add SOURCE to the store, but this time under the real name used
- ;; in the 'origin'. This allows us to build the package without
- ;; having to make a real checkout; thus, it also works when working
- ;; on a private branch.
- (reload-module
- (resolve-module '(gnu packages package-management)))
+(define-syntax-rule (with-input-pipe-to-string prog arg ...)
+ (let* ((input-pipe (open-pipe* OPEN_READ prog arg ...))
+ (output (get-string-all input-pipe))
+ (exit-val (status:exit-val (close-pipe input-pipe))))
+ (unless (zero? exit-val)
+ (error (format #f "Command ~s exited with non-zero exit status: ~s"
+ (string-join (list prog arg ...)) exit-val)))
+ (string-trim-both output)))
- (let* ((source (add-to-store store
- (origin-file-name (package-source guix))
- #t "sha256" source))
- (root (store-path-package-name source)))
+(define (find-origin-remote)
+ "Find the name of the git remote with the Savannah Guix git repo URL."
+ (and-let* ((remotes (string-split (with-input-pipe-to-string
+ "git" "remote" "-v")
+ #\newline))
+ (origin-entry (find (cut string-contains <>
+ (string-append
+ %savannah-guix-git-repo-push-url
+ " (push)"))
+ remotes)))
+ (first (string-split origin-entry #\tab))))
- ;; Add an indirect GC root for SOURCE in the current directory.
- (false-if-exception (delete-file root))
- (symlink source root)
- (add-indirect-root store
- (string-append (getcwd) "/" root))
+(define (commit-already-pushed? remote commit)
+ "True if COMMIT is found in the REMOTE repository."
+ (not (string-null? (with-input-pipe-to-string
+ "git" "branch" "-r" "--contains" commit
+ (string-append remote "/master")))))
- (format #t "source code for commit ~a: ~a (GC root: ~a)~%"
- commit source root)))))
+
+(define (main . args)
+ (match args
+ ((commit version)
+ (with-directory-excursion %top-srcdir
+ (or (getenv "GUIX_ALLOW_ME_TO_USE_PRIVATE_COMMIT")
+ (commit-already-pushed? (find-origin-remote) commit)
+ (leave (G_ "Commit ~a is not pushed upstream. Aborting.~%") commit))
+ (dynamic-wind
+ (lambda ()
+ #t)
+ (lambda ()
+ (call-with-temporary-directory
+ (lambda (tmp-directory)
+ (let* ((dummy (git-add-worktree tmp-directory commit))
+ (hash (nix-base32-string->bytevector
+ (string-trim-both
+ (with-output-to-string
+ (lambda ()
+ (guix-hash "-rx" tmp-directory))))))
+ (location (package-definition-location))
+ (old-hash (content-hash-value
+ (origin-hash (package-source guix)))))
+ (edit-expression location
+ (update-definition commit hash
+ #:old-hash old-hash
+ #:version version))))))
+ (lambda ()
+ (invoke "git" "worktree" "prune")))))
((commit)
;; Automatically deduce the version and revision numbers.
(main commit #f))))
diff --git a/doc/contributing.texi b/doc/contributing.texi
index af3601442e..11a932a9bf 100644
--- a/doc/contributing.texi
+++ b/doc/contributing.texi
@@ -28,6 +28,7 @@ choice.
* Submitting Patches:: Share your work.
* Tracking Bugs and Patches:: Using Debbugs.
* Commit Access:: Pushing to the official repository.
+* Updating the Guix Package:: Updating the Guix package definition.
@end menu
@node Building from Git
@@ -1323,3 +1324,45 @@ only push their own awesome changes, but also offer some of their time
@emph{reviewing} and pushing other people's changes. As a committer,
you're welcome to use your expertise and commit rights to help other
contributors, too!
+
+@node Updating the Guix Package
+@section Updating the Guix Package
+
+@cindex update-guix-package, updating the guix package
+It is sometimes desirable to update the @code{guix} package itself (the
+package defined in @code{(gnu packages package-management)}), for
+example to make new daemon features available for use by the
+@code{guix-service-type} service type. In order to simplify this task,
+the following command can be used:
+
+@example
+make update-guix-package
+@end example
+
+The @code{update-guix-package} make target will use the last known
+@emph{commit} corresponding to @code{HEAD} in your Guix checkout,
+compute the hash of the Guix sources corresponding to that commit and
+update the @code{commit}, @code{revision} and hash of the @code{guix}
+package definition.
+
+To validate that the updated @code{guix} package hashes are correct and
+that it can be built successfully, the following command can be run from
+the directory of your Guix checkout:
+
+@example
+./pre-inst-env guix build guix
+@end example
+
+To guard against accidentally updating the @code{guix} package to a
+commit that others can't refer to, a check is made that the commit used
+has already been pushed to the Savannah-hosted Guix git repository.
+
+This check can be disabled, @emph{at your own peril}, by setting the
+@code{GUIX_ALLOW_ME_TO_USE_PRIVATE_COMMIT} environment variable.
+
+To build the resulting 'guix' package when using a private commit, the
+following command can be used:
+
+@example
+./pre-inst-env guix build guix --with-git-url=guix=$PWD
+@end example
--
2.28.0
bug-guix <at> gnu.org:bug#43893; Package guix.
(Mon, 12 Oct 2020 04:41:01 GMT) Full text and rfc822 format available.Message #35 received at 43893 <at> debbugs.gnu.org (full text, mbox):
From: Maxim Cournoyer <maxim.cournoyer <at> gmail.com> To: Danny Milosavljevic <dannym <at> scratchpost.org> Cc: Ludovic Courtès <ludo <at> gnu.org>, 43893 <at> debbugs.gnu.org Subject: Re: bug#43893: [PATCH] maint: update-guix-package: Ensure sources are clean. Date: Mon, 12 Oct 2020 00:40:40 -0400
Hello Danny, Danny Milosavljevic <dannym <at> scratchpost.org> writes: > Hi Ludo, [...] > Doesn't work for me on x86_64, using a checkout of guix at commit 93d3cfec32bbbe1dfbe0be686b371973545b35b8. > > $ guix environment --pure guix --ad-hoc git guile-readline guile-json > nano guile-zlib guile-lzlib bash -- ./pre-inst-env guix build guix > --with-git-url=guix=file://$PWD > > I get: > > [...] > updating checkout of 'file:///home/dannym/src/guix-master/guix'... > retrieved commit 93d3cfec32bbbe1dfbe0be686b371973545b35b8 > [...] > test-name: channel-instances->manifest > location: /tmp/guix-build-guix-1.1.0-30.5918cb5.drv-0/source/tests/channels.scm:233 > source: > + (test-assert > + "channel-instances->manifest" [...] > actual-value: #f > actual-error: > + (wrong-type-arg > + "struct-vtable" > + "Wrong type argument in position 1 (expecting struct): ~S" > + (#f) > + (#f)) > result: FAIL > [...] > command "make" "check" failed with status 2 > builder for `/gnu/store/csagsyh01rq7ilqkcpaa2d7vp1bn41w3-guix-1.1.0-30.5918cb5.drv' failed with exit code 1 > build of /gnu/store/csagsyh01rq7ilqkcpaa2d7vp1bn41w3-guix-1.1.0-30.5918cb5.drv failed > View build log at '/var/log/guix/drvs/cs/agsyh01rq7ilqkcpaa2d7vp1bn41w3-guix-1.1.0-30.5918cb5.drv.bz2'. > guix build: error: build of `/gnu/store/csagsyh01rq7ilqkcpaa2d7vp1bn41w3-guix-1.1.0-30.5918cb5.drv' failed > > I didn't even RUN update-guix-package or apply this patch--and the above still fails. > > This is reproducible every time--both on my laptop and on a x86_64 build host. > > So I'm confused how there's a substitute for the package "guix" available. How was it built? O_o. You found a bug! I've reported and investigated it at https://issues.guix.gnu.org/43940 and marked the test as expected to fail for now so that we can continue to update our Guix package. The current guix package was using 4e3ed9bad9ed5758cdee6e636805f65e9ab710eb, which didn't had that problem. Thanks, Maxim
Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
to control <at> debbugs.gnu.org.
(Mon, 12 Oct 2020 04:42:02 GMT) Full text and rfc822 format available.bug-guix <at> gnu.org:bug#43893; Package guix.
(Mon, 12 Oct 2020 09:42:01 GMT) Full text and rfc822 format available.Message #40 received at 43893 <at> debbugs.gnu.org (full text, mbox):
From: Ludovic Courtès <ludo <at> gnu.org> To: Danny Milosavljevic <dannym <at> scratchpost.org> Cc: 43893 <at> debbugs.gnu.org, Maxim Cournoyer <maxim.cournoyer <at> gmail.com> Subject: Re: bug#43893: [PATCH] maint: update-guix-package: Ensure sources are clean. Date: Mon, 12 Oct 2020 11:40:56 +0200
Danny Milosavljevic <dannym <at> scratchpost.org> skribis: > Doesn't work for me on x86_64, using a checkout of guix at commit 93d3cfec32bbbe1dfbe0be686b371973545b35b8. Oh I see, you’re hitting a test failure; I thought you were saying that ‘--with-git-url’ didn’t work. Ludo’.
bug-guix <at> gnu.org:bug#43893; Package guix.
(Mon, 12 Oct 2020 09:44:02 GMT) Full text and rfc822 format available.Message #43 received at 43893 <at> debbugs.gnu.org (full text, mbox):
From: Ludovic Courtès <ludo <at> gnu.org> To: Maxim Cournoyer <maxim.cournoyer <at> gmail.com> Cc: 43893 <at> debbugs.gnu.org Subject: Re: bug#43893: [PATCH] maint: update-guix-package: Ensure sources are clean. Date: Mon, 12 Oct 2020 11:43:13 +0200
Hi, Maxim Cournoyer <maxim.cournoyer <at> gmail.com> skribis: > Ludovic Courtès <ludo <at> gnu.org> writes: > > [...] > >>> * build-aux/update-guix-package.scm (git-add-worktree): New procedure. >>> (main): Use it to checkout a clean copy of the used commit, and compute the >>> hash from it. Print a user warning after completion. >> >> I’m not quite enthusiastic about the tool creating a worktree behind my >> back. > > May I ask why? It's not something you'd (need to) be aware of (it > doesn't leave traces in my v2 as 'git worktree prune' clears up the > temporary worktree entries), and it's quite cheap to create. To me, this is all my workspace, and I generally assume I’m the only one touching it; it’s more about the mental model, I guess. Thanks, Ludo’.
bug-guix <at> gnu.org:bug#43893; Package guix.
(Mon, 12 Oct 2020 14:19:02 GMT) Full text and rfc822 format available.Message #46 received at 43893 <at> debbugs.gnu.org (full text, mbox):
From: Danny Milosavljevic <dannym <at> scratchpost.org> To: Ludovic Courtès <ludo <at> gnu.org> Cc: 43893 <at> debbugs.gnu.org, Maxim Cournoyer <maxim.cournoyer <at> gmail.com> Subject: Re: bug#43893: [PATCH] maint: update-guix-package: Ensure sources are clean. Date: Mon, 12 Oct 2020 16:18:53 +0200
[Message part 1 (text/plain, inline)]
Hi Ludo, On Mon, 12 Oct 2020 11:40:56 +0200 Ludovic Courtès <ludo <at> gnu.org> wrote: > Danny Milosavljevic <dannym <at> scratchpost.org> skribis: > > > Doesn't work for me on x86_64, using a checkout of guix at commit 93d3cfec32bbbe1dfbe0be686b371973545b35b8. > > Oh I see, you’re hitting a test failure; I thought you were saying that > ‘--with-git-url’ didn’t work. I wasn't saying the latter. That was Maxim. It just happened that I also had a similar problem, and provided more detail. But whether it was the same I don't know (it probably was, though). (also, it was not possible to distinguish whether the test failure was caused by "--with-git-url")
[Message part 2 (application/pgp-signature, inline)]
bug-guix <at> gnu.org:bug#43893; Package guix.
(Tue, 13 Oct 2020 01:34:01 GMT) Full text and rfc822 format available.Message #49 received at 43893 <at> debbugs.gnu.org (full text, mbox):
From: Maxim Cournoyer <maxim.cournoyer <at> gmail.com> To: Ludovic Courtès <ludo <at> gnu.org> Cc: 43893 <at> debbugs.gnu.org Subject: Re: bug#43893: [PATCH] maint: update-guix-package: Ensure sources are clean. Date: Mon, 12 Oct 2020 21:33:26 -0400
Hi Ludovic, Ludovic Courtès <ludo <at> gnu.org> writes: > Hi, > > Maxim Cournoyer <maxim.cournoyer <at> gmail.com> skribis: > >> Ludovic Courtès <ludo <at> gnu.org> writes: >> >> [...] >> >>>> * build-aux/update-guix-package.scm (git-add-worktree): New procedure. >>>> (main): Use it to checkout a clean copy of the used commit, and compute the >>>> hash from it. Print a user warning after completion. >>> >>> I’m not quite enthusiastic about the tool creating a worktree behind my >>> back. >> >> May I ask why? It's not something you'd (need to) be aware of (it >> doesn't leave traces in my v2 as 'git worktree prune' clears up the >> temporary worktree entries), and it's quite cheap to create. > > To me, this is all my workspace, and I generally assume I’m the only one > touching it; it’s more about the mental model, I guess. I see. I understand your position, but also feel it's not a big deal here, given you wouldn't be able to notice a new worktree unless you watch the output of 'git worktree list' in a loop while updating the guix package ;-). I think the change brings good guarantees to guard against breaking 'guix pull' with a 'make update-guix-package' as it is, and also documents the thing. If it's OK with you I'd like to merge it in the coming days. Thanks, Maxim
bug-guix <at> gnu.org:bug#43893; Package guix.
(Tue, 13 Oct 2020 16:02:01 GMT) Full text and rfc822 format available.Message #52 received at 43893 <at> debbugs.gnu.org (full text, mbox):
From: Marius Bakke <marius <at> gnu.org> To: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>, 43893 <at> debbugs.gnu.org Cc: Maxim Cournoyer <maxim.cournoyer <at> gmail.com> Subject: Re: bug#43893: [PATCH v2] maint: update-guix-package: Prevent accidentally breaking guix pull. Date: Tue, 13 Oct 2020 18:00:23 +0200
[Message part 1 (text/plain, inline)]
Maxim Cournoyer <maxim.cournoyer <at> gmail.com> writes: > Fixes <https://issues.guix.gnu.org/43893>. > > This changes the 'update-guix-package' tool so that it: > > 1. Always uses a clean checkout to compute the hash of the updated 'guix' > package. > 2. Ensures the commit used in the updated 'guix' package definition has already > been pushed upstream. > > * build-aux/update-guix-package.scm (%savannah-guix-git-repo-push-url): New > variable. > (with-input-pipe-to-string): New syntax. > (find-origin-remote, git-add-worktree): New procedures. > (commit-already-pushed?): New predicate. > (main): Check the commit used has already been pushed upstream and compute the > hash from a clean checkout. > * doc/contributing.texi (Updating the Guix Package): Document it. [...] > (define %top-srcdir > (string-append (current-source-directory) "/..")) > @@ -101,44 +109,69 @@ COMMIT." > (exp > (error "'guix' package definition is not as expected" exp))))) > > - > -(define (main . args) > - (match args > - ((commit version) > - (with-store store > - (let* ((source (add-to-store store > - "guix-checkout" ;dummy name > - #t "sha256" %top-srcdir > - #:select? version-controlled?)) > - (hash (query-path-hash store source)) > - (location (package-definition-location)) > - (old-hash (content-hash-value > - (origin-hash (package-source guix))))) > - (edit-expression location > - (update-definition commit hash > - #:old-hash old-hash > - #:version version)) > +(define (git-add-worktree directory commit-ish) > + "Create a new git worktree at DIRECTORY, detached on commit COMMIT-ISH." > + (invoke "git" "worktree" "add" "--detach" directory commit-ish)) Is it feasible to use Guile-Git here (given appropriate bindings)? > +(define %savannah-guix-git-repo-push-url > + "git.savannah.gnu.org/srv/git/guix.git") > > - ;; Re-add SOURCE to the store, but this time under the real name used > - ;; in the 'origin'. This allows us to build the package without > - ;; having to make a real checkout; thus, it also works when working > - ;; on a private branch. > - (reload-module > - (resolve-module '(gnu packages package-management))) > +(define-syntax-rule (with-input-pipe-to-string prog arg ...) > + (let* ((input-pipe (open-pipe* OPEN_READ prog arg ...)) > + (output (get-string-all input-pipe)) > + (exit-val (status:exit-val (close-pipe input-pipe)))) > + (unless (zero? exit-val) > + (error (format #f "Command ~s exited with non-zero exit status: ~s" > + (string-join (list prog arg ...)) exit-val))) > + (string-trim-both output))) > > - (let* ((source (add-to-store store > - (origin-file-name (package-source guix)) > - #t "sha256" source)) > - (root (store-path-package-name source))) > +(define (find-origin-remote) > + "Find the name of the git remote with the Savannah Guix git repo URL." > + (and-let* ((remotes (string-split (with-input-pipe-to-string > + "git" "remote" "-v") > + #\newline)) > + (origin-entry (find (cut string-contains <> > + (string-append > + %savannah-guix-git-repo-push-url > + " (push)")) > + remotes))) > + (first (string-split origin-entry #\tab)))) > > - ;; Add an indirect GC root for SOURCE in the current directory. > - (false-if-exception (delete-file root)) > - (symlink source root) > - (add-indirect-root store > - (string-append (getcwd) "/" root)) > +(define (commit-already-pushed? remote commit) > + "True if COMMIT is found in the REMOTE repository." > + (not (string-null? (with-input-pipe-to-string > + "git" "branch" "-r" "--contains" commit > + (string-append remote "/master"))))) ...because parsing git CLI output is error-prone and "ugly" (IMO). But not a strong opinion. > - (format #t "source code for commit ~a: ~a (GC root: ~a)~%" > - commit source root))))) > + > +(define (main . args) > + (match args > + ((commit version) > + (with-directory-excursion %top-srcdir > + (or (getenv "GUIX_ALLOW_ME_TO_USE_PRIVATE_COMMIT") > + (commit-already-pushed? (find-origin-remote) commit) > + (leave (G_ "Commit ~a is not pushed upstream. Aborting.~%") commit)) > + (dynamic-wind > + (lambda () > + #t) > + (lambda () > + (call-with-temporary-directory > + (lambda (tmp-directory) > + (let* ((dummy (git-add-worktree tmp-directory commit)) > + (hash (nix-base32-string->bytevector > + (string-trim-both > + (with-output-to-string > + (lambda () > + (guix-hash "-rx" tmp-directory)))))) > + (location (package-definition-location)) > + (old-hash (content-hash-value > + (origin-hash (package-source guix))))) > + (edit-expression location > + (update-definition commit hash > + #:old-hash old-hash > + #:version version)))))) > + (lambda () > + (invoke "git" "worktree" "prune"))))) This is not great, because users (well, developers who run this script) may have worktrees that are temporarily inaccessible (e.g. on a USB drive or whatever). Better to just leave the stale reference instead of potentially destroying users worktrees. Perhaps the script could 'git clone --maxdepth=1' instead of creating a worktree?
[signature.asc (application/pgp-signature, inline)]
bug-guix <at> gnu.org:bug#43893; Package guix.
(Wed, 14 Oct 2020 03:19:01 GMT) Full text and rfc822 format available.Message #55 received at 43893 <at> debbugs.gnu.org (full text, mbox):
From: Maxim Cournoyer <maxim.cournoyer <at> gmail.com> To: 43893 <at> debbugs.gnu.org Cc: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>, marius <at> gnu.org Subject: [PATCH v3] maint: update-guix-package: Prevent accidentally breaking guix pull. Date: Tue, 13 Oct 2020 23:17:05 -0400
Fixes <https://issues.guix.gnu.org/43893>.
This changes the 'update-guix-package' tool so that it:
1. Always uses a clean checkout to compute the hash of the updated 'guix'
package.
2. Ensures the commit used in the updated 'guix' package definition has already
been pushed upstream.
* build-aux/update-guix-package.scm (%savannah-guix-git-repo-push-url): New
variable.
(with-input-pipe-to-string, with-temporary-git-worktree): New syntaxes.
(find-origin-remote, git-add-worktree): New procedures.
(commit-already-pushed?): New predicate.
(main): Check the commit used has already been pushed upstream and compute the
hash from a clean checkout.
* doc/contributing.texi (Updating the Guix Package): Document it.
* .dir-locals.el (scheme-mode): Fix indentation of with-temporary-git-worktree.
---
.dir-locals.el | 1 +
build-aux/update-guix-package.scm | 98 +++++++++++++++++++++----------
doc/contributing.texi | 43 ++++++++++++++
3 files changed, 112 insertions(+), 30 deletions(-)
diff --git a/.dir-locals.el b/.dir-locals.el
index 7f310d2612..19f15b3e1a 100644
--- a/.dir-locals.el
+++ b/.dir-locals.el
@@ -103,6 +103,7 @@
(eval . (put 'call-with-progress-reporter 'scheme-indent-function 1))
(eval . (put 'with-repository 'scheme-indent-function 2))
(eval . (put 'with-temporary-git-repository 'scheme-indent-function 2))
+ (eval . (put 'with-temporary-git-worktree 'scheme-indent-function 2))
(eval . (put 'with-environment-variables 'scheme-indent-function 1))
(eval . (put 'with-fresh-gnupg-setup 'scheme-indent-function 1))
diff --git a/build-aux/update-guix-package.scm b/build-aux/update-guix-package.scm
index f695e91cfd..9b03b06c7c 100644
--- a/build-aux/update-guix-package.scm
+++ b/build-aux/update-guix-package.scm
@@ -1,5 +1,6 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2017, 2018 Ludovic Courtès <ludo <at> gnu.org>
+;;; Copyright © 2020 Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -24,13 +25,20 @@
;;; Code:
(use-modules (guix)
+ (guix ui)
(guix git-download)
(guix upstream)
(guix utils)
(guix base32)
(guix build utils)
+ (guix scripts hash)
(gnu packages package-management)
- (ice-9 match))
+ (ice-9 match)
+ (ice-9 popen)
+ (ice-9 textual-ports)
+ (srfi srfi-1)
+ (srfi srfi-2)
+ (srfi srfi-26))
(define %top-srcdir
(string-append (current-source-directory) "/.."))
@@ -101,44 +109,74 @@ COMMIT."
(exp
(error "'guix' package definition is not as expected" exp)))))
+(define (git-add-worktree directory commit)
+ "Create a new git worktree at DIRECTORY, detached on commit COMMIT."
+ (invoke "git" "worktree" "add" "--detach" directory commit))
+
+(define-syntax-rule (with-temporary-git-worktree commit body ...)
+ "Execute BODY in the context of a temporary git worktree created from COMMIT."
+ (call-with-temporary-directory
+ (lambda (tmp-directory)
+ (dynamic-wind
+ (lambda ()
+ #t)
+ (lambda ()
+ (git-add-worktree tmp-directory commit)
+ (with-directory-excursion tmp-directory body ...))
+ (lambda ()
+ (invoke "git" "worktree" "remove" "--force" tmp-directory))))))
+
+(define %savannah-guix-git-repo-push-url
+ "git.savannah.gnu.org/srv/git/guix.git")
+
+(define-syntax-rule (with-input-pipe-to-string prog arg ...)
+ (let* ((input-pipe (open-pipe* OPEN_READ prog arg ...))
+ (output (get-string-all input-pipe))
+ (exit-val (status:exit-val (close-pipe input-pipe))))
+ (unless (zero? exit-val)
+ (error (format #f "Command ~s exited with non-zero exit status: ~s"
+ (string-join (list prog arg ...)) exit-val)))
+ (string-trim-both output)))
+
+(define (find-origin-remote)
+ "Find the name of the git remote with the Savannah Guix git repo URL."
+ (and-let* ((remotes (string-split (with-input-pipe-to-string
+ "git" "remote" "-v")
+ #\newline))
+ (origin-entry (find (cut string-contains <>
+ (string-append
+ %savannah-guix-git-repo-push-url
+ " (push)"))
+ remotes)))
+ (first (string-split origin-entry #\tab))))
+
+(define (commit-already-pushed? remote commit)
+ "True if COMMIT is found in the REMOTE repository."
+ (not (string-null? (with-input-pipe-to-string
+ "git" "branch" "-r" "--contains" commit
+ (string-append remote "/master")))))
+
(define (main . args)
(match args
((commit version)
- (with-store store
- (let* ((source (add-to-store store
- "guix-checkout" ;dummy name
- #t "sha256" %top-srcdir
- #:select? version-controlled?))
- (hash (query-path-hash store source))
+ (with-directory-excursion %top-srcdir
+ (or (getenv "GUIX_ALLOW_ME_TO_USE_PRIVATE_COMMIT")
+ (commit-already-pushed? (find-origin-remote) commit)
+ (leave (G_ "Commit ~a is not pushed upstream. Aborting.~%") commit))
+ (let* ((hash (with-temporary-git-worktree commit
+ (nix-base32-string->bytevector
+ (string-trim-both
+ (with-output-to-string
+ (lambda ()
+ (guix-hash "-rx" ".")))))))
(location (package-definition-location))
(old-hash (content-hash-value
- (origin-hash (package-source guix)))))
+ (origin-hash (package-source guix)))))
(edit-expression location
(update-definition commit hash
#:old-hash old-hash
- #:version version))
-
- ;; Re-add SOURCE to the store, but this time under the real name used
- ;; in the 'origin'. This allows us to build the package without
- ;; having to make a real checkout; thus, it also works when working
- ;; on a private branch.
- (reload-module
- (resolve-module '(gnu packages package-management)))
-
- (let* ((source (add-to-store store
- (origin-file-name (package-source guix))
- #t "sha256" source))
- (root (store-path-package-name source)))
-
- ;; Add an indirect GC root for SOURCE in the current directory.
- (false-if-exception (delete-file root))
- (symlink source root)
- (add-indirect-root store
- (string-append (getcwd) "/" root))
-
- (format #t "source code for commit ~a: ~a (GC root: ~a)~%"
- commit source root)))))
+ #:version version)))))
((commit)
;; Automatically deduce the version and revision numbers.
(main commit #f))))
diff --git a/doc/contributing.texi b/doc/contributing.texi
index af3601442e..11a932a9bf 100644
--- a/doc/contributing.texi
+++ b/doc/contributing.texi
@@ -28,6 +28,7 @@ choice.
* Submitting Patches:: Share your work.
* Tracking Bugs and Patches:: Using Debbugs.
* Commit Access:: Pushing to the official repository.
+* Updating the Guix Package:: Updating the Guix package definition.
@end menu
@node Building from Git
@@ -1323,3 +1324,45 @@ only push their own awesome changes, but also offer some of their time
@emph{reviewing} and pushing other people's changes. As a committer,
you're welcome to use your expertise and commit rights to help other
contributors, too!
+
+@node Updating the Guix Package
+@section Updating the Guix Package
+
+@cindex update-guix-package, updating the guix package
+It is sometimes desirable to update the @code{guix} package itself (the
+package defined in @code{(gnu packages package-management)}), for
+example to make new daemon features available for use by the
+@code{guix-service-type} service type. In order to simplify this task,
+the following command can be used:
+
+@example
+make update-guix-package
+@end example
+
+The @code{update-guix-package} make target will use the last known
+@emph{commit} corresponding to @code{HEAD} in your Guix checkout,
+compute the hash of the Guix sources corresponding to that commit and
+update the @code{commit}, @code{revision} and hash of the @code{guix}
+package definition.
+
+To validate that the updated @code{guix} package hashes are correct and
+that it can be built successfully, the following command can be run from
+the directory of your Guix checkout:
+
+@example
+./pre-inst-env guix build guix
+@end example
+
+To guard against accidentally updating the @code{guix} package to a
+commit that others can't refer to, a check is made that the commit used
+has already been pushed to the Savannah-hosted Guix git repository.
+
+This check can be disabled, @emph{at your own peril}, by setting the
+@code{GUIX_ALLOW_ME_TO_USE_PRIVATE_COMMIT} environment variable.
+
+To build the resulting 'guix' package when using a private commit, the
+following command can be used:
+
+@example
+./pre-inst-env guix build guix --with-git-url=guix=$PWD
+@end example
--
2.28.0
bug-guix <at> gnu.org:bug#43893; Package guix.
(Wed, 14 Oct 2020 04:11:02 GMT) Full text and rfc822 format available.Message #58 received at 43893 <at> debbugs.gnu.org (full text, mbox):
From: Maxim Cournoyer <maxim.cournoyer <at> gmail.com> To: Marius Bakke <marius <at> gnu.org> Cc: 43893 <at> debbugs.gnu.org Subject: Re: bug#43893: [PATCH v2] maint: update-guix-package: Prevent accidentally breaking guix pull. Date: Wed, 14 Oct 2020 00:10:07 -0400
Hello Marius, And thanks for the review! [...] >> +(define (git-add-worktree directory commit-ish) >> + "Create a new git worktree at DIRECTORY, detached on commit COMMIT-ISH." >> + (invoke "git" "worktree" "add" "--detach" directory commit-ish)) > > Is it feasible to use Guile-Git here (given appropriate bindings)? I had a cursory look at the guile-git sources, and it seems to miss at least bindings for manipulating worktrees, and I'm not sure how we could get a list of all the remotes and check their URLs to find the remote used to push to Savannah. Supposing we'd be able to get that remote, I also don't know how we could query if its master branch contains a given commit (I imagine it's doable, but it's not documented so it takes time to figure it out :-). [...] >> - (string-append (getcwd) "/" root)) >> +(define (commit-already-pushed? remote commit) >> + "True if COMMIT is found in the REMOTE repository." >> + (not (string-null? (with-input-pipe-to-string >> + "git" "branch" "-r" "--contains" commit >> + (string-append remote "/master"))))) > > ...because parsing git CLI output is error-prone and "ugly" (IMO). But > not a strong opinion. I agree; but for the time being we don't have an another option. I'd be happy to be proven wrong. [...] >> + (lambda () >> + (invoke "git" "worktree" "prune"))))) > > This is not great, because users (well, developers who run this script) > may have worktrees that are temporarily inaccessible (e.g. on a USB > drive or whatever). Better to just leave the stale reference instead of > potentially destroying users worktrees. That's a good point. I've improved the cleanup in v3 to only remove the worktree it creates and no other. > Perhaps the script could 'git clone --maxdepth=1' instead of creating > a worktree? I think you meant something like: --8<---------------cut here---------------start------------->8--- $ git clone --branch the-branch --depth -1 %top-srcdir --8<---------------cut here---------------end--------------->8--- That could work, but it's about 2x slower and more expensive than creating a worktree (15975 syscalls vs 647, according to 'strace -c'). Thank you, Maxim
Maxim Cournoyer <maxim.cournoyer <at> gmail.com>:Maxim Cournoyer <maxim.cournoyer <at> gmail.com>:Message #63 received at 43893-done <at> debbugs.gnu.org (full text, mbox):
From: Maxim Cournoyer <maxim.cournoyer <at> gmail.com> To: Marius Bakke <marius <at> gnu.org>, ludo <at> gnu.org Cc: 43893-done <at> debbugs.gnu.org Subject: Re: bug#43893: [PATCH v2] maint: update-guix-package: Prevent accidentally breaking guix pull. Date: Mon, 19 Oct 2020 14:04:18 -0400
Hello! I went ahead and merged this with commit 5800d2aae2. I think it provides more benefits (breaking 'guix pull' is quite bad) than drawbacks. Thanks for your input! Closing, Maxim
bug-guix <at> gnu.org:bug#43893; Package guix.
(Tue, 20 Oct 2020 21:07:02 GMT) Full text and rfc822 format available.Message #66 received at 43893 <at> debbugs.gnu.org (full text, mbox):
From: Ludovic Courtès <ludo <at> gnu.org> To: Maxim Cournoyer <maxim.cournoyer <at> gmail.com> Cc: 43893 <at> debbugs.gnu.org, marius <at> gnu.org Subject: Re: bug#43893: [PATCH v3] maint: update-guix-package: Prevent accidentally breaking guix pull. Date: Tue, 20 Oct 2020 23:06:45 +0200
Hi Maxim, Maxim Cournoyer <maxim.cournoyer <at> gmail.com> skribis: > (define (main . args) > (match args > ((commit version) > - (with-store store > - (let* ((source (add-to-store store > - "guix-checkout" ;dummy name > - #t "sha256" %top-srcdir > - #:select? version-controlled?)) > - (hash (query-path-hash store source)) > + (with-directory-excursion %top-srcdir > + (or (getenv "GUIX_ALLOW_ME_TO_USE_PRIVATE_COMMIT") > + (commit-already-pushed? (find-origin-remote) commit) > + (leave (G_ "Commit ~a is not pushed upstream. Aborting.~%") commit)) > + (let* ((hash (with-temporary-git-worktree commit > + (nix-base32-string->bytevector > + (string-trim-both > + (with-output-to-string > + (lambda () > + (guix-hash "-rx" "."))))))) > (location (package-definition-location)) > (old-hash (content-hash-value > - (origin-hash (package-source guix))))) > + (origin-hash (package-source guix))))) > (edit-expression location > (update-definition commit hash > #:old-hash old-hash > - #:version version)) > - > - ;; Re-add SOURCE to the store, but this time under the real name used > - ;; in the 'origin'. This allows us to build the package without > - ;; having to make a real checkout; thus, it also works when working > - ;; on a private branch. > - (reload-module > - (resolve-module '(gnu packages package-management))) > - > - (let* ((source (add-to-store store > - (origin-file-name (package-source guix)) > - #t "sha256" source)) > - (root (store-path-package-name source))) > - > - ;; Add an indirect GC root for SOURCE in the current directory. > - (false-if-exception (delete-file root)) > - (symlink source root) > - (add-indirect-root store > - (string-append (getcwd) "/" root)) > - > - (format #t "source code for commit ~a: ~a (GC root: ~a)~%" > - commit source root))))) I realize it was maybe enough to wrap this whole portion (starting from “Re-add SOURCE”) in (unless (getenv "GUIX_ALLOW_ME_TO_USE_PRIVATE_COMMIT") …)? Running ‘guix build guix’ would have forced the source derivation to be built. Anyhow, thanks for working on it! Ludo’, who’s always wary of shelling out.
bug-guix <at> gnu.org:bug#43893; Package guix.
(Wed, 21 Oct 2020 02:38:02 GMT) Full text and rfc822 format available.Message #69 received at 43893 <at> debbugs.gnu.org (full text, mbox):
From: Maxim Cournoyer <maxim.cournoyer <at> gmail.com> To: Ludovic Courtès <ludo <at> gnu.org> Cc: 43893 <at> debbugs.gnu.org, marius <at> gnu.org Subject: Re: bug#43893: [PATCH v3] maint: update-guix-package: Prevent accidentally breaking guix pull. Date: Tue, 20 Oct 2020 22:36:57 -0400
Hello Ludovic, Ludovic Courtès <ludo <at> gnu.org> writes: > Hi Maxim, > > Maxim Cournoyer <maxim.cournoyer <at> gmail.com> skribis: > >> (define (main . args) >> (match args >> ((commit version) >> - (with-store store >> - (let* ((source (add-to-store store >> - "guix-checkout" ;dummy name >> - #t "sha256" %top-srcdir >> - #:select? version-controlled?)) >> - (hash (query-path-hash store source)) >> + (with-directory-excursion %top-srcdir >> + (or (getenv "GUIX_ALLOW_ME_TO_USE_PRIVATE_COMMIT") >> + (commit-already-pushed? (find-origin-remote) commit) >> + (leave (G_ "Commit ~a is not pushed upstream. Aborting.~%") commit)) >> + (let* ((hash (with-temporary-git-worktree commit >> + (nix-base32-string->bytevector >> + (string-trim-both >> + (with-output-to-string >> + (lambda () >> + (guix-hash "-rx" "."))))))) >> (location (package-definition-location)) >> (old-hash (content-hash-value >> - (origin-hash (package-source guix))))) >> + (origin-hash (package-source guix))))) >> (edit-expression location >> (update-definition commit hash >> #:old-hash old-hash >> - #:version version)) >> - >> - ;; Re-add SOURCE to the store, but this time under the real name used >> - ;; in the 'origin'. This allows us to build the package without >> - ;; having to make a real checkout; thus, it also works when working >> - ;; on a private branch. >> - (reload-module >> - (resolve-module '(gnu packages package-management))) >> - >> - (let* ((source (add-to-store store >> - (origin-file-name (package-source guix)) >> - #t "sha256" source)) >> - (root (store-path-package-name source))) >> - >> - ;; Add an indirect GC root for SOURCE in the current directory. >> - (false-if-exception (delete-file root)) >> - (symlink source root) >> - (add-indirect-root store >> - (string-append (getcwd) "/" root)) >> - >> - (format #t "source code for commit ~a: ~a (GC root: ~a)~%" >> - commit source root))))) > > I realize it was maybe enough to wrap this whole portion (starting from > “Re-add SOURCE”) in (unless (getenv > "GUIX_ALLOW_ME_TO_USE_PRIVATE_COMMIT") …)? Running ‘guix build guix’ > would have forced the source derivation to be built. > > Anyhow, thanks for working on it! Sorry, I'm a bit lost. Are you suggesting that we should restore the code following the ;; Re-add SOURCE [...], but wrapped with unless to make it conditional to GUIX_ALLOW_ME_TO_USE_PRIVATE_COMMIT being defined? That part depends on SOURCE, a store file name, which we don't have anymore since we no longer add the sources to the store to compute the hash. We could add the sources to the store from the clean checkout, but I thought one great thing about the patch was that it removed interactions with the store, allowing for the source derivations to happen normally when testing with 'guix build guix' (previously you'd have had to 'guix build guix --check', as the store had silently been pre-populated with the sources). I see value in using the usual mechanism to get the source rather than a side-channel, optimization hack, as it will help ensuring correctness. Perhaps I misunderstood your point? Thank you, Maxim
bug-guix <at> gnu.org:bug#43893; Package guix.
(Wed, 21 Oct 2020 08:54:02 GMT) Full text and rfc822 format available.Message #72 received at 43893 <at> debbugs.gnu.org (full text, mbox):
From: Ludovic Courtès <ludo <at> gnu.org> To: Maxim Cournoyer <maxim.cournoyer <at> gmail.com> Cc: 43893 <at> debbugs.gnu.org, marius <at> gnu.org Subject: Re: bug#43893: [PATCH v3] maint: update-guix-package: Prevent accidentally breaking guix pull. Date: Wed, 21 Oct 2020 10:53:10 +0200
Hi, Maxim Cournoyer <maxim.cournoyer <at> gmail.com> skribis: > Ludovic Courtès <ludo <at> gnu.org> writes: [...] >>> - ;; Re-add SOURCE to the store, but this time under the real name used >>> - ;; in the 'origin'. This allows us to build the package without >>> - ;; having to make a real checkout; thus, it also works when working >>> - ;; on a private branch. >>> - (reload-module >>> - (resolve-module '(gnu packages package-management))) >>> - >>> - (let* ((source (add-to-store store >>> - (origin-file-name (package-source guix)) >>> - #t "sha256" source)) >>> - (root (store-path-package-name source))) >>> - >>> - ;; Add an indirect GC root for SOURCE in the current directory. >>> - (false-if-exception (delete-file root)) >>> - (symlink source root) >>> - (add-indirect-root store >>> - (string-append (getcwd) "/" root)) >>> - >>> - (format #t "source code for commit ~a: ~a (GC root: ~a)~%" >>> - commit source root))))) >> >> I realize it was maybe enough to wrap this whole portion (starting from >> “Re-add SOURCE”) in (unless (getenv >> "GUIX_ALLOW_ME_TO_USE_PRIVATE_COMMIT") …)? Running ‘guix build guix’ >> would have forced the source derivation to be built. >> >> Anyhow, thanks for working on it! > > Sorry, I'm a bit lost. Are you suggesting that we should restore the > code following the ;; Re-add SOURCE [...], but wrapped with unless to > make it conditional to GUIX_ALLOW_ME_TO_USE_PRIVATE_COMMIT being > defined? That part depends on SOURCE, a store file name, which we don't > have anymore since we no longer add the sources to the store to compute > the hash. I’m saying that the solution to the initial problem (that if you don’t run ‘guix build guix -S --check’ you’re not sure ‘guix’ is referring to a valid upstream commit) could have been to simply not do the trick above. The trick at “Re-add SOURCE” is here precisely to prevent attempts to re-download, as the comment explains, and this is what has been causing these troubles. The advantages (to me) would have been simpler code, no shelling out to ‘git’, and no fiddling with files under $PWD. BTW, in ‘make release’ does ‘make update-guix-package’ and expects it to work with a not-pushed-yet commit. So it’s a case where we need GUIX_ALLOW_ME_TO_USE_PRIVATE_COMMIT=yes. Thanks, Ludo’.
bug-guix <at> gnu.org:bug#43893; Package guix.
(Fri, 23 Oct 2020 04:39:02 GMT) Full text and rfc822 format available.Message #75 received at 43893 <at> debbugs.gnu.org (full text, mbox):
From: Maxim Cournoyer <maxim.cournoyer <at> gmail.com> To: Ludovic Courtès <ludo <at> gnu.org> Cc: 43893 <at> debbugs.gnu.org, marius <at> gnu.org Subject: Re: bug#43893: [PATCH v3] maint: update-guix-package: Prevent accidentally breaking guix pull. Date: Fri, 23 Oct 2020 00:38:32 -0400
Hi Ludovic, Ludovic Courtès <ludo <at> gnu.org> writes: > Hi, > > Maxim Cournoyer <maxim.cournoyer <at> gmail.com> skribis: > >> Ludovic Courtès <ludo <at> gnu.org> writes: > [...] >> Sorry, I'm a bit lost. Are you suggesting that we should restore the >> code following the ;; Re-add SOURCE [...], but wrapped with unless to >> make it conditional to GUIX_ALLOW_ME_TO_USE_PRIVATE_COMMIT being >> defined? That part depends on SOURCE, a store file name, which we don't >> have anymore since we no longer add the sources to the store to compute >> the hash. > > I’m saying that the solution to the initial problem (that if you don’t > run ‘guix build guix -S --check’ you’re not sure ‘guix’ is referring to > a valid upstream commit) The original problem was about the updated Guix package containing a faulty hash (due to being computed from a uncontrolled checkout that could be dirty). The other concern about preventing the use of a not yet published commit was added based on earlier feedback. > above. The trick at “Re-add SOURCE” is here precisely to prevent > attempts to re-download, as the comment explains, and this is what has > been causing these troubles. > > The advantages (to me) would have been simpler code, no shelling out to > ‘git’, and no fiddling with files under $PWD. Less code would also mean poorer diagnostics: time ./pre-inst-env guix build guix -S The following derivation will be built: /gnu/store/zhfchz831mncd2kyqmh5d2q0r2rpg57s-guix-1.1.0-31.07c13ae-checkout.drv building /gnu/store/zhfchz831mncd2kyqmh5d2q0r2rpg57s-guix-1.1.0-31.07c13ae-checkout.drv... guile: warning: failed to install locale environment variable `PATH' set to `/gnu/store/378zjf2kgajcfd7mfr98jn5xyc5wa3qv-gzip-1.10/bin:/gnu/store/sf3rbvb6iqcphgm1afbplcs72hsywg25-tar-1.32/bin' Initialized empty Git repository in /gnu/store/02da8jb3wzzi3bqvrl214gdg0kkxmaf8-guix-1.1.0-31.07c13ae-checkout/.git/ error: Server does not allow request for unadvertised object 07c13aeb5abb1a5bc3cabffb9b2212993a0d5a0e Failed to do a shallow fetch; retrying a full fetch... From https://git.savannah.gnu.org/git/guix * [new branch] core-updates -> origin/core-updates [...] * [new tag] v1.1.0rc2 -> v1.1.0rc2 fatal: reference is not a tree: 07c13aeb5abb1a5bc3cabffb9b2212993a0d5a0e git-fetch: '/gnu/store/i5b1vv7qc6l2gi4xwa9mqzjy3shvgk30-git-minimal-2.28.0/bin/git checkout 07c13aeb5abb1a5bc3cabffb9b2212993a0d5a0e' failed with exit code 128 Trying content-addressed mirror at berlin.guix.gnu.org... Trying content-addressed mirror at berlin.guix.gnu.org... Trying to download from Software Heritage... builder for `/gnu/store/zhfchz831mncd2kyqmh5d2q0r2rpg57s-guix-1.1.0-31.07c13ae-checkout.drv' failed to produce output path `/gnu/store/02da8jb3wzzi3bqvrl214gdg0kkxmaf8-guix-1.1.0-31.07c13ae-checkout' build of /gnu/store/zhfchz831mncd2kyqmh5d2q0r2rpg57s-guix-1.1.0-31.07c13ae-checkout.drv failed View build log at '/var/log/guix/drvs/zh/fchz831mncd2kyqmh5d2q0r2rpg57s-guix-1.1.0-31.07c13ae-checkout.drv.bz2'. guix build: error: build of `/gnu/store/zhfchz831mncd2kyqmh5d2q0r2rpg57s-guix-1.1.0-31.07c13ae-checkout.drv' failed real 1m42.825s user 0m2.191s sys 0m0.189s This took nearly 2 minutes, fetching the full Guix git repo just to tell me that *something* is not right. Currently, we have: time make update-guix-package git rev-parse HEAD 4893a1394e2eb8b97995b491f2f37ed85513a20f ./pre-inst-env "/gnu/store/i7z4pfa0c22q0qkxyl7fy2nlp3w658yg-profile/bin/guile" \ ./build-aux/update-guix-package.scm \ "`git rev-parse HEAD`" error: Commit 4893a1394e2eb8b97995b491f2f37ed85513a20f is not pushed upstream. Aborting. make: *** [Makefile:6507: update-guix-package] Error 1 real 0m1.135s user 0m1.066s sys 0m0.199s > BTW, in ‘make release’ does ‘make update-guix-package’ and expects it to > work with a not-pushed-yet commit. So it’s a case where we need > GUIX_ALLOW_ME_TO_USE_PRIVATE_COMMIT=yes. Ah, good point. I'd like to fix this, but running 'make release', it fails on: make[3]: *** No rule to make target 'po/doc/guix-manual.pot', needed by 'distdir-am'. Stop. What did I miss? Thank you! Maxim
bug-guix <at> gnu.org:bug#43893; Package guix.
(Fri, 23 Oct 2020 15:02:02 GMT) Full text and rfc822 format available.Message #78 received at 43893 <at> debbugs.gnu.org (full text, mbox):
From: Ludovic Courtès <ludo <at> gnu.org> To: Maxim Cournoyer <maxim.cournoyer <at> gmail.com> Cc: 43893 <at> debbugs.gnu.org, marius <at> gnu.org Subject: Re: bug#43893: [PATCH v3] maint: update-guix-package: Prevent accidentally breaking guix pull. Date: Fri, 23 Oct 2020 17:01:23 +0200
Hi Maxim, Maxim Cournoyer <maxim.cournoyer <at> gmail.com> skribis: > The original problem was about the updated Guix package containing a > faulty hash (due to being computed from a uncontrolled checkout that > could be dirty). The other concern about preventing the use of a not > yet published commit was added based on earlier feedback. > >> above. The trick at “Re-add SOURCE” is here precisely to prevent >> attempts to re-download, as the comment explains, and this is what has >> been causing these troubles. >> >> The advantages (to me) would have been simpler code, no shelling out to >> ‘git’, and no fiddling with files under $PWD. > > Less code would also mean poorer diagnostics: > > time ./pre-inst-env guix build guix -S > The following derivation will be built: > /gnu/store/zhfchz831mncd2kyqmh5d2q0r2rpg57s-guix-1.1.0-31.07c13ae-checkout.drv > building /gnu/store/zhfchz831mncd2kyqmh5d2q0r2rpg57s-guix-1.1.0-31.07c13ae-checkout.drv... > guile: warning: failed to install locale > environment variable `PATH' set to `/gnu/store/378zjf2kgajcfd7mfr98jn5xyc5wa3qv-gzip-1.10/bin:/gnu/store/sf3rbvb6iqcphgm1afbplcs72hsywg25-tar-1.32/bin' > Initialized empty Git repository in /gnu/store/02da8jb3wzzi3bqvrl214gdg0kkxmaf8-guix-1.1.0-31.07c13ae-checkout/.git/ > error: Server does not allow request for unadvertised object 07c13aeb5abb1a5bc3cabffb9b2212993a0d5a0e > Failed to do a shallow fetch; retrying a full fetch... > From https://git.savannah.gnu.org/git/guix > * [new branch] core-updates -> origin/core-updates > [...] > * [new tag] v1.1.0rc2 -> v1.1.0rc2 > fatal: reference is not a tree: 07c13aeb5abb1a5bc3cabffb9b2212993a0d5a0e > git-fetch: '/gnu/store/i5b1vv7qc6l2gi4xwa9mqzjy3shvgk30-git-minimal-2.28.0/bin/git checkout 07c13aeb5abb1a5bc3cabffb9b2212993a0d5a0e' failed with exit code 128 > Trying content-addressed mirror at berlin.guix.gnu.org... > Trying content-addressed mirror at berlin.guix.gnu.org... > Trying to download from Software Heritage... > builder for `/gnu/store/zhfchz831mncd2kyqmh5d2q0r2rpg57s-guix-1.1.0-31.07c13ae-checkout.drv' failed to produce output path `/gnu/store/02da8jb3wzzi3bqvrl214gdg0kkxmaf8-guix-1.1.0-31.07c13ae-checkout' > build of /gnu/store/zhfchz831mncd2kyqmh5d2q0r2rpg57s-guix-1.1.0-31.07c13ae-checkout.drv failed > View build log at '/var/log/guix/drvs/zh/fchz831mncd2kyqmh5d2q0r2rpg57s-guix-1.1.0-31.07c13ae-checkout.drv.bz2'. > guix build: error: build of `/gnu/store/zhfchz831mncd2kyqmh5d2q0r2rpg57s-guix-1.1.0-31.07c13ae-checkout.drv' failed > > real 1m42.825s > user 0m2.191s > sys 0m0.189s > > This took nearly 2 minutes, fetching the full Guix git repo just to tell > me that *something* is not right. > > Currently, we have: > > time make update-guix-package > git rev-parse HEAD > 4893a1394e2eb8b97995b491f2f37ed85513a20f > ./pre-inst-env "/gnu/store/i7z4pfa0c22q0qkxyl7fy2nlp3w658yg-profile/bin/guile" \ > ./build-aux/update-guix-package.scm \ > "`git rev-parse HEAD`" > error: Commit 4893a1394e2eb8b97995b491f2f37ed85513a20f is not pushed upstream. Aborting. > make: *** [Makefile:6507: update-guix-package] Error 1 I agree that the better diagnostic is nice. Though it’s a script that’s essentially for a handful of people, who can certainly cope with the ugly error. Anyway, I think we didn’t analyze the initial situation well enough (myself included, by not commenting early and accurately). I’m also not fond of the added complexity and the risk of surprises when we make the release, but OTOH, it’s no big deal in the big picture! >> BTW, in ‘make release’ does ‘make update-guix-package’ and expects it to >> work with a not-pushed-yet commit. So it’s a case where we need >> GUIX_ALLOW_ME_TO_USE_PRIVATE_COMMIT=yes. > > Ah, good point. I'd like to fix this, It’s mostly about setting this variable at the right place in Makefile.am. > but running 'make release', it fails on: > > make[3]: *** No rule to make target 'po/doc/guix-manual.pot', needed by > 'distdir-am'. Stop. > > What did I miss? Probably you need ./bootstrap to generate the POT files. Thanks, Ludo’.
bug-guix <at> gnu.org:bug#43893; Package guix.
(Sun, 25 Oct 2020 04:34:01 GMT) Full text and rfc822 format available.Message #81 received at 43893 <at> debbugs.gnu.org (full text, mbox):
From: Maxim Cournoyer <maxim.cournoyer <at> gmail.com> To: Ludovic Courtès <ludo <at> gnu.org> Cc: 43893 <at> debbugs.gnu.org, marius <at> gnu.org Subject: Re: bug#43893: [PATCH v3] maint: update-guix-package: Prevent accidentally breaking guix pull. Date: Sun, 25 Oct 2020 00:32:56 -0400
Hi Ludovic, Ludovic Courtès <ludo <at> gnu.org> writes: [...] >> Currently, we have: >> >> time make update-guix-package >> git rev-parse HEAD >> 4893a1394e2eb8b97995b491f2f37ed85513a20f >> ./pre-inst-env "/gnu/store/i7z4pfa0c22q0qkxyl7fy2nlp3w658yg-profile/bin/guile" \ >> ./build-aux/update-guix-package.scm \ >> "`git rev-parse HEAD`" >> error: Commit 4893a1394e2eb8b97995b491f2f37ed85513a20f is not pushed upstream. Aborting. >> make: *** [Makefile:6507: update-guix-package] Error 1 > > I agree that the better diagnostic is nice. Though it’s a script that’s > essentially for a handful of people, who can certainly cope with the > ugly error. > > Anyway, I think we didn’t analyze the initial situation well enough > (myself included, by not commenting early and accurately). I’m also not > fond of the added complexity and the risk of surprises when we make the > release, but OTOH, it’s no big deal in the big picture! I'm sorry but I don't agree with the "we didn't analyze the initial situation well enough"; if I had to think about the best way to solve this problem now, I'd still choose the way that was chosen then, as it provides the best guarantee against producing a broken Guix package, something that happened a couple times in the past, judging from git log. About complexity, I'd much rather the tool break on me than breaking 'guix pull' for everyone :-). It seems we'll have to disagree on this one; but as you said, it's a tiny part of the bigger landscape! >>> BTW, in ‘make release’ does ‘make update-guix-package’ and expects it to >>> work with a not-pushed-yet commit. So it’s a case where we need >>> GUIX_ALLOW_ME_TO_USE_PRIVATE_COMMIT=yes. I want to be able to run 'make release' first to test this works correctly, but even after rebuilding my source tree from scratch (following a 'make distclean'), and also attempting 'make download-po', and following release.org from guix-maintenance, I still get: make[3]: *** No rule to make target 'po/doc/guix-manual.pot', needed by 'distdir-am'. Stop. make[3]: Leaving directory '/home/maxim/src/guix' make[2]: *** [Makefile:5521: distdir] Error 2 make[2]: Leaving directory '/home/maxim/src/guix' make[1]: *** [Makefile:5630: dist] Error 2 make[1]: Leaving directory '/home/maxim/src/guix' make: *** [Makefile:6410: dist-with-updated-version] Error 2 Can you reproduce this problem? Thank you, Maxim
bug-guix <at> gnu.org:bug#43893; Package guix.
(Sun, 25 Oct 2020 14:42:02 GMT) Full text and rfc822 format available.Message #84 received at 43893 <at> debbugs.gnu.org (full text, mbox):
From: Ludovic Courtès <ludo <at> gnu.org> To: Maxim Cournoyer <maxim.cournoyer <at> gmail.com> Cc: 43893 <at> debbugs.gnu.org, marius <at> gnu.org Subject: Re: bug#43893: [PATCH v3] maint: update-guix-package: Prevent accidentally breaking guix pull. Date: Sun, 25 Oct 2020 15:41:36 +0100
Hi, Maxim Cournoyer <maxim.cournoyer <at> gmail.com> skribis: > +(define %savannah-guix-git-repo-push-url > + "git.savannah.gnu.org/srv/git/guix.git") [...] > +(define (find-origin-remote) > + "Find the name of the git remote with the Savannah Guix git repo URL." > + (and-let* ((remotes (string-split (with-input-pipe-to-string > + "git" "remote" "-v") > + #\newline)) > + (origin-entry (find (cut string-contains <> > + (string-append > + %savannah-guix-git-repo-push-url > + " (push)")) > + remotes))) > + (first (string-split origin-entry #\tab)))) I noticed that this returns #f for me because I’m using git.sv.gnu.org, not git.savannah.gnu.org. Initially I thought it would break due to i18n, but it seems that the string “push” is not translated (currently). Ludo’.
bug-guix <at> gnu.org:bug#43893; Package guix.
(Sun, 25 Oct 2020 14:51:02 GMT) Full text and rfc822 format available.Message #87 received at 43893 <at> debbugs.gnu.org (full text, mbox):
From: Ludovic Courtès <ludo <at> gnu.org> To: Maxim Cournoyer <maxim.cournoyer <at> gmail.com> Cc: 43893 <at> debbugs.gnu.org, marius <at> gnu.org Subject: Re: bug#43893: [PATCH v3] maint: update-guix-package: Prevent accidentally breaking guix pull. Date: Sun, 25 Oct 2020 15:50:24 +0100
Hi Maxim, Maxim Cournoyer <maxim.cournoyer <at> gmail.com> skribis: > Ludovic Courtès <ludo <at> gnu.org> writes: > > [...] > >>> Currently, we have: >>> >>> time make update-guix-package >>> git rev-parse HEAD >>> 4893a1394e2eb8b97995b491f2f37ed85513a20f >>> ./pre-inst-env "/gnu/store/i7z4pfa0c22q0qkxyl7fy2nlp3w658yg-profile/bin/guile" \ >>> ./build-aux/update-guix-package.scm \ >>> "`git rev-parse HEAD`" >>> error: Commit 4893a1394e2eb8b97995b491f2f37ed85513a20f is not pushed upstream. Aborting. >>> make: *** [Makefile:6507: update-guix-package] Error 1 >> >> I agree that the better diagnostic is nice. Though it’s a script that’s >> essentially for a handful of people, who can certainly cope with the >> ugly error. >> >> Anyway, I think we didn’t analyze the initial situation well enough >> (myself included, by not commenting early and accurately). I’m also not >> fond of the added complexity and the risk of surprises when we make the >> release, but OTOH, it’s no big deal in the big picture! > > I'm sorry but I don't agree with the "we didn't analyze the initial > situation well enough"; The reason I wrote that is that we had overlooked the fact that ‘update-guix-package’ purposefully allows non-upstream commits, and that’s what allows ‘make release’ to work. It didn’t occur to me at the time, but the simplest path would have been to conditionalize the bit that makes it possible to refer to non-upstream commits. > if I had to think about the best way to solve this problem now, I'd > still choose the way that was chosen then, as it provides the best > guarantee against producing a broken Guix package, something that > happened a couple times in the past, judging from git log. About > complexity, I'd much rather the tool break on me than breaking 'guix > pull' for everyone :-). I agree that addressing this problem was in order. :-) The added complexity brings its own set of (less serious) issues though. >>>> BTW, in ‘make release’ does ‘make update-guix-package’ and expects it to >>>> work with a not-pushed-yet commit. So it’s a case where we need >>>> GUIX_ALLOW_ME_TO_USE_PRIVATE_COMMIT=yes. > > I want to be able to run 'make release' first to test this works > correctly, but even after rebuilding my source tree from scratch > (following a 'make distclean'), and also attempting 'make download-po', > and following release.org from guix-maintenance, I still get: > > make[3]: *** No rule to make target 'po/doc/guix-manual.pot', needed by 'distdir-am'. Stop. Oh my bad; the solution appears to be: make doc-pot-update Lemme know how it goes! Ludo’.
bug-guix <at> gnu.org:bug#43893; Package guix.
(Sun, 25 Oct 2020 15:31:01 GMT) Full text and rfc822 format available.Message #90 received at 43893 <at> debbugs.gnu.org (full text, mbox):
From: Ludovic Courtès <ludo <at> gnu.org> To: Maxim Cournoyer <maxim.cournoyer <at> gmail.com> Cc: 43893 <at> debbugs.gnu.org, marius <at> gnu.org Subject: Re: bug#43893: [PATCH v3] maint: update-guix-package: Prevent accidentally breaking guix pull. Date: Sun, 25 Oct 2020 16:29:53 +0100
[Message part 1 (text/plain, inline)]
Hi again,
How about this variant of the initial script? I think it addresses the
main issues we discussed here:
1. By default it doesn’t re-add the source in the store, so wrong
commit/hash issues are caught when running ‘guix build guix’.
2. It diagnoses dirty trees early on. It does not explicitly diagnose
missing upstream commits though, but again they’re caught when
running ‘guix build guix’.
WDYT?
Sorry for all the back-and-forth on what looks like a tiny issue. I do
think we’re making progress anyway!
Thanks,
Ludo’.
[update-guix-package.scm (text/plain, inline)]
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2017, 2018 Ludovic Courtès <ludo <at> gnu.org>
;;; Copyright © 2020 Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
;;;
;;; This file is part of GNU Guix.
;;;
;;; GNU Guix is free software; you can redistribute it and/or modify it
;;; under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 3 of the License, or (at
;;; your option) any later version.
;;;
;;; GNU Guix is distributed in the hope that it will be useful, but
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
;;; Commentary:
;;;
;;; This scripts updates the definition of the 'guix' package in Guix for the
;;; current commit. It requires Git to be installed.
;;;
;;; Code:
(use-modules (git)
(guix)
(guix git-download)
(guix upstream)
(guix utils)
(guix base32)
(guix build utils)
(guix i18n)
(guix diagnostics)
(gnu packages package-management)
(ice-9 match))
(define %top-srcdir
(string-append (current-source-directory) "/.."))
(define version-controlled?
(git-predicate %top-srcdir))
(define (package-definition-location)
"Return the source properties of the definition of the 'guix' package."
(call-with-input-file (location-file (package-location guix))
(lambda (port)
(let loop ()
(match (read port)
((? eof-object?)
(error "definition of 'guix' package could not be found"
(port-filename port)))
(('define-public 'guix value)
(source-properties value))
(_
(loop)))))))
(define* (update-definition commit hash
#:key version old-hash)
"Return a one-argument procedure that takes a string, the definition of the
'guix' package, and returns a string, the update definition for VERSION,
COMMIT."
(define (linear-offset str line column)
;; Return the offset in characters to reach LINE and COLUMN (both
;; zero-indexed) in STR.
(call-with-input-string str
(lambda (port)
(let loop ((offset 0))
(cond ((and (= (port-column port) column)
(= (port-line port) line))
offset)
((eof-object? (read-char port))
(error "line and column not reached!"
str))
(else
(loop (+ 1 offset))))))))
(define (update-hash str)
;; Replace OLD-HASH with HASH in STR.
(string-replace-substring str
(bytevector->nix-base32-string old-hash)
(bytevector->nix-base32-string hash)))
(lambda (str)
(match (call-with-input-string str read)
(('let (('version old-version)
('commit old-commit)
('revision old-revision))
defn)
(let* ((location (source-properties defn))
(line (assq-ref location 'line))
(column 0)
(offset (linear-offset str line column)))
(string-append (format #f "(let ((version \"~a\")
(commit \"~a\")
(revision ~a))\n"
(or version old-version)
commit
(if (and version
(not (string=? version old-version)))
0
(+ 1 old-revision)))
(string-drop (update-hash str) offset))))
(exp
(error "'guix' package definition is not as expected" exp)))))
(define (keep-source-in-store store source)
"Add SOURCE to the store under the name that the 'guix' package expects."
;; Add SOURCE to the store, but this time under the real name used in the
;; 'origin'. This allows us to build the package without having to make a
;; real checkout; thus, it also works when working on a private branch.
(reload-module
(resolve-module '(gnu packages package-management)))
(let* ((source (add-to-store store
(origin-file-name (package-source guix))
#t "sha256" source))
(root (store-path-package-name source)))
;; Add an indirect GC root for SOURCE in the current directory.
(false-if-exception (delete-file root))
(symlink source root)
(add-indirect-root store
(string-append (getcwd) "/" root))
(info (G_ "source code kept in ~a (GC root: ~a)~%")
source root)))
(define (assert-clean-checkout repository)
"Error out if the working directory at REPOSITORY contains local
modifications."
(define description
(let ((format-options (make-describe-format-options
#:dirty-suffix "-dirty")))
(describe-format (describe-workdir repository) format-options)))
(when (string-suffix? "-dirty" description)
(leave (G_ "attempt to update 'guix' package from a dirty tree (~a)~%")
description))
(info (G_ "updating 'guix' package to '~a'~%") description))
(define (main . args)
(match args
((commit version)
(with-store store
(let* ((source (add-to-store store
"guix-checkout" ;dummy name
#t "sha256" %top-srcdir
#:select? version-controlled?))
(hash (query-path-hash store source))
(location (package-definition-location))
(old-hash (content-hash-value
(origin-hash (package-source guix)))))
(unless (getenv "GUIX_ALLOW_ME_TO_USE_PRIVATE_COMMIT")
(let ((repository (repository-open ".")))
(assert-clean-checkout repository)
(repository-close! repository)))
(edit-expression location
(update-definition commit hash
#:old-hash old-hash
#:version version))
(when (getenv "GUIX_ALLOW_ME_TO_USE_PRIVATE_COMMIT")
(keep-source-in-store store source)))))
((commit)
;; Automatically deduce the version and revision numbers.
(main commit #f))))
(apply main (cdr (command-line)))
bug-guix <at> gnu.org:bug#43893; Package guix.
(Sun, 25 Oct 2020 19:18:02 GMT) Full text and rfc822 format available.Message #93 received at 43893 <at> debbugs.gnu.org (full text, mbox):
From: Maxim Cournoyer <maxim.cournoyer <at> gmail.com> To: Ludovic Courtès <ludo <at> gnu.org> Cc: 43893 <at> debbugs.gnu.org Subject: Re: bug#43893: [PATCH v3] maint: update-guix-package: Prevent accidentally breaking guix pull. Date: Sun, 25 Oct 2020 15:17:12 -0400
Hey Ludo, Ludovic Courtès <ludo <at> gnu.org> writes: > Hi, > > Maxim Cournoyer <maxim.cournoyer <at> gmail.com> skribis: > >> +(define %savannah-guix-git-repo-push-url >> + "git.savannah.gnu.org/srv/git/guix.git") > > [...] > >> +(define (find-origin-remote) >> + "Find the name of the git remote with the Savannah Guix git repo URL." >> + (and-let* ((remotes (string-split (with-input-pipe-to-string >> + "git" "remote" "-v") >> + #\newline)) >> + (origin-entry (find (cut string-contains <> >> + (string-append >> + %savannah-guix-git-repo-push-url >> + " (push)")) >> + remotes))) >> + (first (string-split origin-entry #\tab)))) > > I noticed that this returns #f for me because I’m using git.sv.gnu.org, > not git.savannah.gnu.org. Thank for the report! It should be fixed with 13a3b9c748a80c0d4c79450e479416480273d2f7. Feel free to edit the %savannah-guix-git-repo-push-url-regexp regexp if there are more variants that we're still missing. Maxim
bug-guix <at> gnu.org:bug#43893; Package guix.
(Sat, 31 Oct 2020 03:57:01 GMT) Full text and rfc822 format available.Message #96 received at 43893 <at> debbugs.gnu.org (full text, mbox):
From: Maxim Cournoyer <maxim.cournoyer <at> gmail.com> To: Ludovic Courtès <ludo <at> gnu.org> Cc: 43893 <at> debbugs.gnu.org Subject: Re: bug#43893: [PATCH v3] maint: update-guix-package: Prevent accidentally breaking guix pull. Date: Fri, 30 Oct 2020 23:56:09 -0400
Hi Ludovic, Ludovic Courtès <ludo <at> gnu.org> writes: > Hi again, > > How about this variant of the initial script? I think it addresses the > main issues we discussed here: > > 1. By default it doesn’t re-add the source in the store, so wrong > commit/hash issues are caught when running ‘guix build guix’. > > 2. It diagnoses dirty trees early on. It does not explicitly diagnose > missing upstream commits though, but again they’re caught when > running ‘guix build guix’. > > WDYT? > > Sorry for all the back-and-forth on what looks like a tiny issue. I do > think we’re making progress anyway! > > Thanks, > Ludo’ Reproducing as a diff over the original script for brevity: > @@ -23,12 +24,15 @@ > ;;; > ;;; Code: > -(use-modules (guix) > +(use-modules (git) > + (guix) > (guix git-download) > (guix upstream) > (guix utils) > (guix base32) > (guix build utils) > + (guix i18n) > + (guix diagnostics) > (gnu packages package-management) > (ice-9 match)) > @@ -101,7 +105,43 @@ COMMIT." > (exp > (error "'guix' package definition is not as expected" exp))))) > - > +(define (keep-source-in-store store source) > + "Add SOURCE to the store under the name that the 'guix' package expects." > + > + ;; Add SOURCE to the store, but this time under the real name used in the > + ;; 'origin'. This allows us to build the package without having to make a > + ;; real checkout; thus, it also works when working on a private branch. > + (reload-module > + (resolve-module '(gnu packages package-management))) > + > + (let* ((source (add-to-store store > + (origin-file-name (package-source guix)) > + #t "sha256" source)) > + (root (store-path-package-name source))) > + > + ;; Add an indirect GC root for SOURCE in the current directory. > + (false-if-exception (delete-file root)) > + (symlink source root) > + (add-indirect-root store > + (string-append (getcwd) "/" root)) > + > + (info (G_ "source code kept in ~a (GC root: ~a)~%") > + source root))) > + > +(define (assert-clean-checkout repository) > + "Error out if the working directory at REPOSITORY contains local > +modifications." > + (define description > + (let ((format-options (make-describe-format-options > + #:dirty-suffix "-dirty"))) > + (describe-format (describe-workdir repository) format-options))) > + > + (when (string-suffix? "-dirty" description) > + (leave (G_ "attempt to update 'guix' package from a dirty tree (~a)~%") > + description)) > + > + (info (G_ "updating 'guix' package to '~a'~%") description)) Unfortunately this doesn't catch the case where git has explicitly been told to '--skip-worktree' on a path or file (the original cause of this bug report). See https://debbugs.gnu.org/cgi/bugreport.cgi?bug=43893#11. > (define (main . args) > (match args > ((commit version) > @@ -113,32 +153,20 @@ COMMIT." > (hash (query-path-hash store source)) > (location (package-definition-location)) > (old-hash (content-hash-value > - (origin-hash (package-source guix))))) > + (origin-hash (package-source guix))))) > + > + (unless (getenv "GUIX_ALLOW_ME_TO_USE_PRIVATE_COMMIT") > + (let ((repository (repository-open "."))) > + (assert-clean-checkout repository) > + (repository-close! repository))) > + > (edit-expression location > (update-definition commit hash > #:old-hash old-hash > #:version version)) > - ;; Re-add SOURCE to the store, but this time under the real name used > - ;; in the 'origin'. This allows us to build the package without > - ;; having to make a real checkout; thus, it also works when working > - ;; on a private branch. > - (reload-module > - (resolve-module '(gnu packages package-management))) > - > - (let* ((source (add-to-store store > - (origin-file-name (package-source guix)) > - #t "sha256" source)) > - (root (store-path-package-name source))) > - > - ;; Add an indirect GC root for SOURCE in the current directory. > - (false-if-exception (delete-file root)) > - (symlink source root) > - (add-indirect-root store > - (string-append (getcwd) "/" root)) > - > - (format #t "source code for commit ~a: ~a (GC root: ~a)~%" > - commit source root))))) > + (when (getenv "GUIX_ALLOW_ME_TO_USE_PRIVATE_COMMIT") > + (keep-source-in-store store source))))) That environment variable would now do more than it advertises. I'd prefer to keep the behavior consistent in both modes, unless there's a very good reason not too? Thanks, Maxim
bug-guix <at> gnu.org:bug#43893; Package guix.
(Sat, 31 Oct 2020 10:44:02 GMT) Full text and rfc822 format available.Message #99 received at 43893 <at> debbugs.gnu.org (full text, mbox):
From: Ludovic Courtès <ludo <at> gnu.org> To: Maxim Cournoyer <maxim.cournoyer <at> gmail.com> Cc: 43893 <at> debbugs.gnu.org Subject: Re: bug#43893: [PATCH v3] maint: update-guix-package: Prevent accidentally breaking guix pull. Date: Sat, 31 Oct 2020 11:42:58 +0100
Hi Maxim, Maxim Cournoyer <maxim.cournoyer <at> gmail.com> skribis: >> +(define (assert-clean-checkout repository) >> + "Error out if the working directory at REPOSITORY contains local >> +modifications." >> + (define description >> + (let ((format-options (make-describe-format-options >> + #:dirty-suffix "-dirty"))) >> + (describe-format (describe-workdir repository) format-options))) >> + >> + (when (string-suffix? "-dirty" description) >> + (leave (G_ "attempt to update 'guix' package from a dirty tree (~a)~%") >> + description)) >> + >> + (info (G_ "updating 'guix' package to '~a'~%") description)) > > Unfortunately this doesn't catch the case where git has explicitly been > told to '--skip-worktree' on a path or file (the original cause of this > bug report). See > https://debbugs.gnu.org/cgi/bugreport.cgi?bug=43893#11. Any such issue is caught when one eventually runs ‘guix build guix’ (wrong commit ID, wrong hash, etc.). But you’re right that the above test isn’t fool-proof: it’s just a way to catch this common mistake early and report it nicely. >> (define (main . args) >> (match args >> ((commit version) >> @@ -113,32 +153,20 @@ COMMIT." >> (hash (query-path-hash store source)) >> (location (package-definition-location)) >> (old-hash (content-hash-value >> - (origin-hash (package-source guix))))) >> + (origin-hash (package-source guix))))) >> + >> + (unless (getenv "GUIX_ALLOW_ME_TO_USE_PRIVATE_COMMIT") >> + (let ((repository (repository-open "."))) >> + (assert-clean-checkout repository) >> + (repository-close! repository))) >> + >> (edit-expression location >> (update-definition commit hash >> #:old-hash old-hash >> #:version version)) > >> - ;; Re-add SOURCE to the store, but this time under the real name used >> - ;; in the 'origin'. This allows us to build the package without >> - ;; having to make a real checkout; thus, it also works when working >> - ;; on a private branch. >> - (reload-module >> - (resolve-module '(gnu packages package-management))) >> - >> - (let* ((source (add-to-store store >> - (origin-file-name (package-source guix)) >> - #t "sha256" source)) >> - (root (store-path-package-name source))) >> - >> - ;; Add an indirect GC root for SOURCE in the current directory. >> - (false-if-exception (delete-file root)) >> - (symlink source root) >> - (add-indirect-root store >> - (string-append (getcwd) "/" root)) >> - >> - (format #t "source code for commit ~a: ~a (GC root: ~a)~%" >> - commit source root))))) >> + (when (getenv "GUIX_ALLOW_ME_TO_USE_PRIVATE_COMMIT") >> + (keep-source-in-store store source))))) > > That environment variable would now do more than it advertises. I'd > prefer to keep the behavior consistent in both modes, unless there's a > very good reason not too? Adding the source to the store, under the right name, with a GC root, is a prerequisite for use cases like ‘make release’: there you not only want to update the package definition to refer to your private commit and corresponding hash, you also want to be able to build it. If the source isn’t already in the store, ‘guix build guix’ tries to look it up on Savannah, which fails. Conversely, when GUIX_ALLOW_ME_TO_USE_PRIVATE_COMMIT is unset, we don’t add the source to the store: that way, ‘guix build guix’ is forced to clone from Savannah, which fails if for some reason the commit or hash is incorrect. This catches the kinds of mistakes that we previously made, where we sometimes unwillingly ended up updating to the wrong commit/hash. I hope that makes sense. Thanks for your time! Ludo’.
bug-guix <at> gnu.org:bug#43893; Package guix.
(Mon, 09 Nov 2020 19:29:01 GMT) Full text and rfc822 format available.Message #102 received at 43893 <at> debbugs.gnu.org (full text, mbox):
From: Maxim Cournoyer <maxim.cournoyer <at> gmail.com> To: Ludovic Courtès <ludo <at> gnu.org> Cc: 43893 <at> debbugs.gnu.org Subject: Re: bug#43893: [PATCH v3] maint: update-guix-package: Prevent accidentally breaking guix pull. Date: Mon, 09 Nov 2020 14:28:00 -0500
Hello Ludovic! Ludovic Courtès <ludo <at> gnu.org> writes: > Hi Maxim, > > Maxim Cournoyer <maxim.cournoyer <at> gmail.com> skribis: > >>> +(define (assert-clean-checkout repository) >>> + "Error out if the working directory at REPOSITORY contains local >>> +modifications." >>> + (define description >>> + (let ((format-options (make-describe-format-options >>> + #:dirty-suffix "-dirty"))) >>> + (describe-format (describe-workdir repository) format-options))) >>> + >>> + (when (string-suffix? "-dirty" description) >>> + (leave (G_ "attempt to update 'guix' package from a dirty tree (~a)~%") >>> + description)) >>> + >>> + (info (G_ "updating 'guix' package to '~a'~%") description)) >> >> Unfortunately this doesn't catch the case where git has explicitly been >> told to '--skip-worktree' on a path or file (the original cause of this >> bug report). See >> https://debbugs.gnu.org/cgi/bugreport.cgi?bug=43893#11. > > Any such issue is caught when one eventually runs ‘guix build guix’ > (wrong commit ID, wrong hash, etc.). > > But you’re right that the above test isn’t fool-proof: it’s just a way > to catch this common mistake early and report it nicely. Right. I still don't like that it wouldn't work from a checkout where someone would have modified, e.g., the .dir-locals file locally and marked it with 'git --skip-worktree'. Having to revert this kind of 'developer setup' is painful. The current approach makes it unnecessary (only committed changes are taken into account, not just git tracked files). >>> (define (main . args) >>> (match args >>> ((commit version) >>> @@ -113,32 +153,20 @@ COMMIT." >>> (hash (query-path-hash store source)) >>> (location (package-definition-location)) >>> (old-hash (content-hash-value >>> - (origin-hash (package-source guix))))) >>> + (origin-hash (package-source guix))))) >>> + >>> + (unless (getenv "GUIX_ALLOW_ME_TO_USE_PRIVATE_COMMIT") >>> + (let ((repository (repository-open "."))) >>> + (assert-clean-checkout repository) >>> + (repository-close! repository))) >>> + >>> (edit-expression location >>> (update-definition commit hash >>> #:old-hash old-hash >>> #:version version)) >> >>> - ;; Re-add SOURCE to the store, but this time under the real name used >>> - ;; in the 'origin'. This allows us to build the package without >>> - ;; having to make a real checkout; thus, it also works when working >>> - ;; on a private branch. >>> - (reload-module >>> - (resolve-module '(gnu packages package-management))) >>> - >>> - (let* ((source (add-to-store store >>> - (origin-file-name (package-source guix)) >>> - #t "sha256" source)) >>> - (root (store-path-package-name source))) >>> - >>> - ;; Add an indirect GC root for SOURCE in the current directory. >>> - (false-if-exception (delete-file root)) >>> - (symlink source root) >>> - (add-indirect-root store >>> - (string-append (getcwd) "/" root)) >>> - >>> - (format #t "source code for commit ~a: ~a (GC root: ~a)~%" >>> - commit source root))))) >>> + (when (getenv "GUIX_ALLOW_ME_TO_USE_PRIVATE_COMMIT") >>> + (keep-source-in-store store source))))) >> >> That environment variable would now do more than it advertises. I'd >> prefer to keep the behavior consistent in both modes, unless there's a >> very good reason not too? > > Adding the source to the store, under the right name, with a GC root, is > a prerequisite for use cases like ‘make release’: there you not only > want to update the package definition to refer to your private commit > and corresponding hash, you also want to be able to build it. If the > source isn’t already in the store, ‘guix build guix’ tries to look it up > on Savannah, which fails. Thanks for providing a rational for it. I'll git-send a new patch which adds the source to the store using the procedure you shared above, but otherwise keeps the existing mechanism intact. Thank you for you patience! Maxim
bug-guix <at> gnu.org:bug#43893; Package guix.
(Mon, 09 Nov 2020 19:30:02 GMT) Full text and rfc822 format available.Message #105 received at 43893 <at> debbugs.gnu.org (full text, mbox):
From: Maxim Cournoyer <maxim.cournoyer <at> gmail.com> To: 43893 <at> debbugs.gnu.org Cc: Ludovic Courtès <ludo <at> gnu.org>, Maxim Cournoyer <maxim.cournoyer <at> gmail.com> Subject: [PATCH] maint: update-guix-package: Optionally add sources to store. Date: Mon, 9 Nov 2020 14:29:23 -0500
Following discussions in <https://issues.guix.gnu.org/43893>, keeping a copy
of the updated package source is desirable when generating a release.
* build-aux/update-guix-package.scm (version-controlled?): Remove variable.
(call-with-temporary-git-worktree): Renamed from
'with-temporary-git-worktree'. Update doc. Do not change directory
implicitly.
(keep-source-in-store): New procedure.
(main): Adjust to use with call-with-temporary-git-worktree. Add the sources
to the store when GUIX_ALLOW_ME_TO_USE_PRIVATE_COMMIT is set.
* .dir-locals.el (scheme-mode): Update.
* doc/contributing.texi (Updating the Guix Package): Update doc.
Co-authored-by: Ludovic Courtès <ludo <at> gnu.org>
---
.dir-locals.el | 2 +-
build-aux/update-guix-package.scm | 66 ++++++++++++++++++++++---------
doc/contributing.texi | 11 ++----
3 files changed, 51 insertions(+), 28 deletions(-)
diff --git a/.dir-locals.el b/.dir-locals.el
index 8e5d3902e3..38bb3af344 100644
--- a/.dir-locals.el
+++ b/.dir-locals.el
@@ -123,7 +123,7 @@
(eval . (put 'call-with-progress-reporter 'scheme-indent-function 1))
(eval . (put 'with-repository 'scheme-indent-function 2))
(eval . (put 'with-temporary-git-repository 'scheme-indent-function 2))
- (eval . (put 'with-temporary-git-worktree 'scheme-indent-function 2))
+ (eval . (put 'call-with-temporary-git-worktree 'scheme-indent-function 2))
(eval . (put 'with-environment-variables 'scheme-indent-function 1))
(eval . (put 'with-fresh-gnupg-setup 'scheme-indent-function 1))
diff --git a/build-aux/update-guix-package.scm b/build-aux/update-guix-package.scm
index ff6b105468..f197bc7e2a 100644
--- a/build-aux/update-guix-package.scm
+++ b/build-aux/update-guix-package.scm
@@ -44,9 +44,6 @@
(define %top-srcdir
(string-append (current-source-directory) "/.."))
-(define version-controlled?
- (git-predicate %top-srcdir))
-
(define (package-definition-location)
"Return the source properties of the definition of the 'guix' package."
(call-with-input-file (location-file (package-location guix))
@@ -114,8 +111,9 @@ COMMIT."
"Create a new git worktree at DIRECTORY, detached on commit COMMIT."
(invoke "git" "worktree" "add" "--detach" directory commit))
-(define-syntax-rule (with-temporary-git-worktree commit body ...)
- "Execute BODY in the context of a temporary git worktree created from COMMIT."
+(define-syntax-rule (call-with-temporary-git-worktree commit proc)
+ "Execute PROC in the context of a temporary git worktree created from
+COMMIT. PROC receives the temporary directory file name as an argument."
(call-with-temporary-directory
(lambda (tmp-directory)
(dynamic-wind
@@ -123,7 +121,7 @@ COMMIT."
#t)
(lambda ()
(git-add-worktree tmp-directory commit)
- (with-directory-excursion tmp-directory body ...))
+ (proc tmp-directory))
(lambda ()
(invoke "git" "worktree" "remove" "--force" tmp-directory))))))
@@ -156,6 +154,30 @@ COMMIT."
"git" "branch" "-r" "--contains" commit
(string-append remote "/master")))))
+(define (keep-source-in-store store source)
+ "Add SOURCE to the store under the name that the 'guix' package expects."
+
+ ;; Add SOURCE to the store, but this time under the real name used in the
+ ;; 'origin'. This allows us to build the package without having to make a
+ ;; real checkout; thus, it also works when working on a private branch.
+ (reload-module
+ (resolve-module '(gnu packages package-management)))
+
+ (let* ((source (add-to-store store
+ (origin-file-name (package-source guix))
+ #t "sha256" source
+ #:select? (git-predicate source)))
+ (root (store-path-package-name source)))
+
+ ;; Add an indirect GC root for SOURCE in the current directory.
+ (false-if-exception (delete-file root))
+ (symlink source root)
+ (add-indirect-root store
+ (string-append (getcwd) "/" root))
+
+ (info (G_ "source code kept in ~a (GC root: ~a)~%")
+ source root)))
+
(define (main . args)
(match args
@@ -164,19 +186,25 @@ COMMIT."
(or (getenv "GUIX_ALLOW_ME_TO_USE_PRIVATE_COMMIT")
(commit-already-pushed? (find-origin-remote) commit)
(leave (G_ "Commit ~a is not pushed upstream. Aborting.~%") commit))
- (let* ((hash (with-temporary-git-worktree commit
- (nix-base32-string->bytevector
- (string-trim-both
- (with-output-to-string
- (lambda ()
- (guix-hash "-rx" ".")))))))
- (location (package-definition-location))
- (old-hash (content-hash-value
- (origin-hash (package-source guix)))))
- (edit-expression location
- (update-definition commit hash
- #:old-hash old-hash
- #:version version)))))
+ (call-with-temporary-git-worktree commit
+ (lambda (tmp-directory)
+ (let* ((hash (nix-base32-string->bytevector
+ (string-trim-both
+ (with-output-to-string
+ (lambda ()
+ (guix-hash "-rx" tmp-directory))))))
+ (location (package-definition-location))
+ (old-hash (content-hash-value
+ (origin-hash (package-source guix)))))
+ (edit-expression location
+ (update-definition commit hash
+ #:old-hash old-hash
+ #:version version))
+ ;; When GUIX_ALLOW_ME_TO_USE_PRIVATE_COMMIT is set, the sources are
+ ;; added to the store. This is used as part of 'make release'.
+ (when (getenv "GUIX_ALLOW_ME_TO_USE_PRIVATE_COMMIT")
+ (with-store store
+ (keep-source-in-store store tmp-directory))))))))
((commit)
;; Automatically deduce the version and revision numbers.
(main commit #f))))
diff --git a/doc/contributing.texi b/doc/contributing.texi
index d3f6325c3f..d8de71055a 100644
--- a/doc/contributing.texi
+++ b/doc/contributing.texi
@@ -1368,11 +1368,6 @@ commit that others can't refer to, a check is made that the commit used
has already been pushed to the Savannah-hosted Guix git repository.
This check can be disabled, @emph{at your own peril}, by setting the
-@code{GUIX_ALLOW_ME_TO_USE_PRIVATE_COMMIT} environment variable.
-
-To build the resulting 'guix' package when using a private commit, the
-following command can be used:
-
-@example
-./pre-inst-env guix build guix --with-git-url=guix=$PWD
-@end example
+@code{GUIX_ALLOW_ME_TO_USE_PRIVATE_COMMIT} environment variable. When
+this variable is set, the updated package source is also added to the
+store. This is used as part of the release process of Guix.
--
2.28.0
bug-guix <at> gnu.org:bug#43893; Package guix.
(Mon, 09 Nov 2020 22:04:02 GMT) Full text and rfc822 format available.Message #108 received at 43893 <at> debbugs.gnu.org (full text, mbox):
From: Ludovic Courtès <ludo <at> gnu.org> To: Maxim Cournoyer <maxim.cournoyer <at> gmail.com> Cc: 43893 <at> debbugs.gnu.org Subject: Re: bug#43893: [PATCH v3] maint: update-guix-package: Prevent accidentally breaking guix pull. Date: Mon, 09 Nov 2020 23:03:37 +0100
Hi! Maxim Cournoyer <maxim.cournoyer <at> gmail.com> skribis: >> Maxim Cournoyer <maxim.cournoyer <at> gmail.com> skribis: >> >>>> +(define (assert-clean-checkout repository) >>>> + "Error out if the working directory at REPOSITORY contains local >>>> +modifications." >>>> + (define description >>>> + (let ((format-options (make-describe-format-options >>>> + #:dirty-suffix "-dirty"))) >>>> + (describe-format (describe-workdir repository) format-options))) >>>> + >>>> + (when (string-suffix? "-dirty" description) >>>> + (leave (G_ "attempt to update 'guix' package from a dirty tree (~a)~%") >>>> + description)) >>>> + >>>> + (info (G_ "updating 'guix' package to '~a'~%") description)) >>> >>> Unfortunately this doesn't catch the case where git has explicitly been >>> told to '--skip-worktree' on a path or file (the original cause of this >>> bug report). See >>> https://debbugs.gnu.org/cgi/bugreport.cgi?bug=43893#11. >> >> Any such issue is caught when one eventually runs ‘guix build guix’ >> (wrong commit ID, wrong hash, etc.). >> >> But you’re right that the above test isn’t fool-proof: it’s just a way >> to catch this common mistake early and report it nicely. > > Right. I still don't like that it wouldn't work from a checkout where > someone would have modified, e.g., the .dir-locals file locally and > marked it with 'git --skip-worktree'. Having to revert this kind of > 'developer setup' is painful. The current approach makes it unnecessary > (only committed changes are taken into account, not just git tracked > files). “Wouldn’t work” is a strong statement: like I wrote, mistakes would always be caught when you try to build ‘guix’, as with any other package (we don’t have special support for other packages, why would this one have to be different?). Thanks, Ludo’.
bug-guix <at> gnu.org:bug#43893; Package guix.
(Mon, 09 Nov 2020 22:19:02 GMT) Full text and rfc822 format available.Message #111 received at 43893 <at> debbugs.gnu.org (full text, mbox):
From: Ludovic Courtès <ludo <at> gnu.org> To: Maxim Cournoyer <maxim.cournoyer <at> gmail.com> Cc: 43893 <at> debbugs.gnu.org Subject: Re: [PATCH] maint: update-guix-package: Optionally add sources to store. Date: Mon, 09 Nov 2020 23:18:33 +0100
Maxim Cournoyer <maxim.cournoyer <at> gmail.com> skribis: > Following discussions in <https://issues.guix.gnu.org/43893>, keeping a copy > of the updated package source is desirable when generating a release. Not just when generating a release: anytime you want to refer to a private commit, which could be for mere testing. > * build-aux/update-guix-package.scm (version-controlled?): Remove variable. > (call-with-temporary-git-worktree): Renamed from > 'with-temporary-git-worktree'. Update doc. Do not change directory > implicitly. > (keep-source-in-store): New procedure. > (main): Adjust to use with call-with-temporary-git-worktree. Add the sources > to the store when GUIX_ALLOW_ME_TO_USE_PRIVATE_COMMIT is set. > * .dir-locals.el (scheme-mode): Update. > * doc/contributing.texi (Updating the Guix Package): Update doc. > > Co-authored-by: Ludovic Courtès <ludo <at> gnu.org> [...] > -(define-syntax-rule (with-temporary-git-worktree commit body ...) > - "Execute BODY in the context of a temporary git worktree created from COMMIT." > +(define-syntax-rule (call-with-temporary-git-worktree commit proc) > + "Execute PROC in the context of a temporary git worktree created from > +COMMIT. PROC receives the temporary directory file name as an argument." This could be a procedure rather a macro now. [...] > + (call-with-temporary-git-worktree commit > + (lambda (tmp-directory) > + (let* ((hash (nix-base32-string->bytevector > + (string-trim-both > + (with-output-to-string > + (lambda () > + (guix-hash "-rx" tmp-directory)))))) > + (location (package-definition-location)) > + (old-hash (content-hash-value > + (origin-hash (package-source guix))))) > + (edit-expression location > + (update-definition commit hash > + #:old-hash old-hash > + #:version version)) > + ;; When GUIX_ALLOW_ME_TO_USE_PRIVATE_COMMIT is set, the sources are > + ;; added to the store. This is used as part of 'make release'. > + (when (getenv "GUIX_ALLOW_ME_TO_USE_PRIVATE_COMMIT") > + (with-store store > + (keep-source-in-store store tmp-directory)))))))) OK, that should do the job. Thanks for the patch, that should break the deadlock and allow us to proceed with the release! Next we need to update the ‘release’ target so GUIX_ALLOW_ME_TO_USE_PRIVATE_COMMIT is set. I like that the initial issue is fixed, but I still don’t buy the extra dependency on Git, the extra copies of the whole tree, the extra code, and the shell pipelines, something avoided in the rest of Guix. Perhaps that suggests there are unwritten coding guidelines we should eventually discuss and write. We’ll see! Thanks, Ludo’.
bug-guix <at> gnu.org:bug#43893; Package guix.
(Mon, 09 Nov 2020 22:48:01 GMT) Full text and rfc822 format available.Message #114 received at 43893 <at> debbugs.gnu.org (full text, mbox):
From: Maxim Cournoyer <maxim.cournoyer <at> gmail.com> To: 43893 <at> debbugs.gnu.org Cc: Ludovic Courtès <ludo <at> gnu.org>, Maxim Cournoyer <maxim.cournoyer <at> gmail.com> Subject: [PATCH v5] maint: update-guix-package: Optionally add sources to store. Date: Mon, 9 Nov 2020 17:44:43 -0500
Following discussions in <https://issues.guix.gnu.org/43893>, keeping a copy
of the updated package source is desirable when generating a release.
* build-aux/update-guix-package.scm (version-controlled?): Remove variable.
(call-with-temporary-git-worktree): Renamed from
'with-temporary-git-worktree'. Update doc. Do not change directory
implicitly.
(keep-source-in-store): New procedure.
(main): Adjust to use with call-with-temporary-git-worktree. Add the sources
to the store when GUIX_ALLOW_ME_TO_USE_PRIVATE_COMMIT is set. Exit gracefully
when FIND-ORIGIN-REMOTE returns #f.
(%savannah-guix-git-repo-push-url-regexp): Adjust match for a potential colon
separator.
* Makefile.am (GUIX_ALLOW_ME_TO_USE_PRIVATE_COMMIT): Adjust.
* .dir-locals.el (scheme-mode): Update.
* doc/contributing.texi (Updating the Guix Package): Update doc.
Co-authored-by: Ludovic Courtès <ludo <at> gnu.org>
---
.dir-locals.el | 2 +-
Makefile.am | 14 +++---
build-aux/update-guix-package.scm | 73 ++++++++++++++++++++++---------
doc/contributing.texi | 11 ++---
4 files changed, 64 insertions(+), 36 deletions(-)
diff --git a/.dir-locals.el b/.dir-locals.el
index 8e5d3902e3..38bb3af344 100644
--- a/.dir-locals.el
+++ b/.dir-locals.el
@@ -123,7 +123,7 @@
(eval . (put 'call-with-progress-reporter 'scheme-indent-function 1))
(eval . (put 'with-repository 'scheme-indent-function 2))
(eval . (put 'with-temporary-git-repository 'scheme-indent-function 2))
- (eval . (put 'with-temporary-git-worktree 'scheme-indent-function 2))
+ (eval . (put 'call-with-temporary-git-worktree 'scheme-indent-function 2))
(eval . (put 'with-environment-variables 'scheme-indent-function 1))
(eval . (put 'with-fresh-gnupg-setup 'scheme-indent-function 1))
diff --git a/Makefile.am b/Makefile.am
index e7053ee4f4..6faf8c9349 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -826,9 +826,10 @@ release: dist-with-updated-version
$(MKDIR_P) "$(releasedir)"
rm -f "$(releasedir)"/*
mv $(SOURCE_TARBALLS) "$(releasedir)"
- $(top_builddir)/pre-inst-env "$(GUILE)" \
- $(top_srcdir)/build-aux/update-guix-package.scm \
- "`git rev-parse HEAD`" "$(PACKAGE_VERSION)"
+ GUIX_ALLOW_ME_TO_USE_PRIVATE_COMMIT=yes \
+ $(top_builddir)/pre-inst-env "$(GUILE)" \
+ $(top_srcdir)/build-aux/update-guix-package.scm \
+ "`git rev-parse HEAD`" "$(PACKAGE_VERSION)"
git add $(top_srcdir)/gnu/packages/package-management.scm
git commit -m "gnu: guix: Update to $(PACKAGE_VERSION)."
$(top_builddir)/pre-inst-env guix build $(GUIX_FOR_BINARY_TARBALL) \
@@ -840,9 +841,10 @@ release: dist-with-updated-version
mv "guix-binary.$$system.tar.xz" \
"$(releasedir)/guix-binary-$(PACKAGE_VERSION).$$system.tar.xz" ; \
done
- $(top_builddir)/pre-inst-env "$(GUILE)" \
- $(top_srcdir)/build-aux/update-guix-package.scm \
- "`git rev-parse HEAD`"
+ GUIX_ALLOW_ME_TO_USE_PRIVATE_COMMIT=yes \
+ $(top_builddir)/pre-inst-env "$(GUILE)" \
+ $(top_srcdir)/build-aux/update-guix-package.scm \
+ "`git rev-parse HEAD`"
git add $(top_srcdir)/gnu/packages/package-management.scm
git commit -m "gnu: guix: Update to `git rev-parse HEAD | cut -c1-7`."
$(top_builddir)/pre-inst-env guix build guix \
diff --git a/build-aux/update-guix-package.scm b/build-aux/update-guix-package.scm
index ff6b105468..b79e96eb96 100644
--- a/build-aux/update-guix-package.scm
+++ b/build-aux/update-guix-package.scm
@@ -44,9 +44,6 @@
(define %top-srcdir
(string-append (current-source-directory) "/.."))
-(define version-controlled?
- (git-predicate %top-srcdir))
-
(define (package-definition-location)
"Return the source properties of the definition of the 'guix' package."
(call-with-input-file (location-file (package-location guix))
@@ -114,8 +111,9 @@ COMMIT."
"Create a new git worktree at DIRECTORY, detached on commit COMMIT."
(invoke "git" "worktree" "add" "--detach" directory commit))
-(define-syntax-rule (with-temporary-git-worktree commit body ...)
- "Execute BODY in the context of a temporary git worktree created from COMMIT."
+(define-syntax-rule (call-with-temporary-git-worktree commit proc)
+ "Execute PROC in the context of a temporary git worktree created from
+COMMIT. PROC receives the temporary directory file name as an argument."
(call-with-temporary-directory
(lambda (tmp-directory)
(dynamic-wind
@@ -123,12 +121,12 @@ COMMIT."
#t)
(lambda ()
(git-add-worktree tmp-directory commit)
- (with-directory-excursion tmp-directory body ...))
+ (proc tmp-directory))
(lambda ()
(invoke "git" "worktree" "remove" "--force" tmp-directory))))))
(define %savannah-guix-git-repo-push-url-regexp
- "git.(savannah|sv).gnu.org/srv/git/guix.git \\(push\\)")
+ "git.(savannah|sv).gnu.org:?/srv/git/guix.git \\(push\\)")
(define-syntax-rule (with-input-pipe-to-string prog arg ...)
(let* ((input-pipe (open-pipe* OPEN_READ prog arg ...))
@@ -156,27 +154,60 @@ COMMIT."
"git" "branch" "-r" "--contains" commit
(string-append remote "/master")))))
+(define (keep-source-in-store store source)
+ "Add SOURCE to the store under the name that the 'guix' package expects."
+
+ ;; Add SOURCE to the store, but this time under the real name used in the
+ ;; 'origin'. This allows us to build the package without having to make a
+ ;; real checkout; thus, it also works when working on a private branch.
+ (reload-module
+ (resolve-module '(gnu packages package-management)))
+
+ (let* ((source (add-to-store store
+ (origin-file-name (package-source guix))
+ #t "sha256" source
+ #:select? (git-predicate source)))
+ (root (store-path-package-name source)))
+
+ ;; Add an indirect GC root for SOURCE in the current directory.
+ (false-if-exception (delete-file root))
+ (symlink source root)
+ (add-indirect-root store
+ (string-append (getcwd) "/" root))
+
+ (info (G_ "source code kept in ~a (GC root: ~a)~%")
+ source root)))
+
(define (main . args)
(match args
((commit version)
(with-directory-excursion %top-srcdir
(or (getenv "GUIX_ALLOW_ME_TO_USE_PRIVATE_COMMIT")
- (commit-already-pushed? (find-origin-remote) commit)
+ (let ((remote (find-origin-remote)))
+ (unless remote
+ (leave (G_ "Failed to find the origin git remote.~%")))
+ (commit-already-pushed? remote commit))
(leave (G_ "Commit ~a is not pushed upstream. Aborting.~%") commit))
- (let* ((hash (with-temporary-git-worktree commit
- (nix-base32-string->bytevector
- (string-trim-both
- (with-output-to-string
- (lambda ()
- (guix-hash "-rx" ".")))))))
- (location (package-definition-location))
- (old-hash (content-hash-value
- (origin-hash (package-source guix)))))
- (edit-expression location
- (update-definition commit hash
- #:old-hash old-hash
- #:version version)))))
+ (call-with-temporary-git-worktree commit
+ (lambda (tmp-directory)
+ (let* ((hash (nix-base32-string->bytevector
+ (string-trim-both
+ (with-output-to-string
+ (lambda ()
+ (guix-hash "-rx" tmp-directory))))))
+ (location (package-definition-location))
+ (old-hash (content-hash-value
+ (origin-hash (package-source guix)))))
+ (edit-expression location
+ (update-definition commit hash
+ #:old-hash old-hash
+ #:version version))
+ ;; When GUIX_ALLOW_ME_TO_USE_PRIVATE_COMMIT is set, the sources are
+ ;; added to the store. This is used as part of 'make release'.
+ (when (getenv "GUIX_ALLOW_ME_TO_USE_PRIVATE_COMMIT")
+ (with-store store
+ (keep-source-in-store store tmp-directory))))))))
((commit)
;; Automatically deduce the version and revision numbers.
(main commit #f))))
diff --git a/doc/contributing.texi b/doc/contributing.texi
index d3f6325c3f..d8de71055a 100644
--- a/doc/contributing.texi
+++ b/doc/contributing.texi
@@ -1368,11 +1368,6 @@ commit that others can't refer to, a check is made that the commit used
has already been pushed to the Savannah-hosted Guix git repository.
This check can be disabled, @emph{at your own peril}, by setting the
-@code{GUIX_ALLOW_ME_TO_USE_PRIVATE_COMMIT} environment variable.
-
-To build the resulting 'guix' package when using a private commit, the
-following command can be used:
-
-@example
-./pre-inst-env guix build guix --with-git-url=guix=$PWD
-@end example
+@code{GUIX_ALLOW_ME_TO_USE_PRIVATE_COMMIT} environment variable. When
+this variable is set, the updated package source is also added to the
+store. This is used as part of the release process of Guix.
--
2.28.0
bug-guix <at> gnu.org:bug#43893; Package guix.
(Tue, 10 Nov 2020 09:33:02 GMT) Full text and rfc822 format available.Message #117 received at 43893 <at> debbugs.gnu.org (full text, mbox):
From: Ludovic Courtès <ludo <at> gnu.org> To: Maxim Cournoyer <maxim.cournoyer <at> gmail.com> Cc: 43893 <at> debbugs.gnu.org Subject: Re: [PATCH v5] maint: update-guix-package: Optionally add sources to store. Date: Tue, 10 Nov 2020 10:32:53 +0100
Hi Maxim, Maxim Cournoyer <maxim.cournoyer <at> gmail.com> skribis: > Following discussions in <https://issues.guix.gnu.org/43893>, keeping a copy > of the updated package source is desirable when generating a release. > > * build-aux/update-guix-package.scm (version-controlled?): Remove variable. > (call-with-temporary-git-worktree): Renamed from > 'with-temporary-git-worktree'. Update doc. Do not change directory > implicitly. > (keep-source-in-store): New procedure. > (main): Adjust to use with call-with-temporary-git-worktree. Add the sources > to the store when GUIX_ALLOW_ME_TO_USE_PRIVATE_COMMIT is set. Exit gracefully > when FIND-ORIGIN-REMOTE returns #f. > (%savannah-guix-git-repo-push-url-regexp): Adjust match for a potential colon > separator. > * Makefile.am (GUIX_ALLOW_ME_TO_USE_PRIVATE_COMMIT): Adjust. > * .dir-locals.el (scheme-mode): Update. > * doc/contributing.texi (Updating the Guix Package): Update doc. > > Co-authored-by: Ludovic Courtès <ludo <at> gnu.org> Go for it, thanks! Ludo’.
bug-guix <at> gnu.org:bug#43893; Package guix.
(Tue, 10 Nov 2020 14:04:02 GMT) Full text and rfc822 format available.Message #120 received at 43893 <at> debbugs.gnu.org (full text, mbox):
From: Maxim Cournoyer <maxim.cournoyer <at> gmail.com> To: Ludovic Courtès <ludo <at> gnu.org> Cc: 43893 <at> debbugs.gnu.org Subject: Re: [PATCH] maint: update-guix-package: Optionally add sources to store. Date: Tue, 10 Nov 2020 09:02:58 -0500
Hello Ludovic, Ludovic Courtès <ludo <at> gnu.org> writes: > Maxim Cournoyer <maxim.cournoyer <at> gmail.com> skribis: [...] >> -(define-syntax-rule (with-temporary-git-worktree commit body ...) >> - "Execute BODY in the context of a temporary git worktree created from COMMIT." >> +(define-syntax-rule (call-with-temporary-git-worktree commit proc) >> + "Execute PROC in the context of a temporary git worktree created from >> +COMMIT. PROC receives the temporary directory file name as an argument." > > This could be a procedure rather a macro now. I've changed it to a plain define in the latest version (now merged). > [...] > >> + (call-with-temporary-git-worktree commit >> + (lambda (tmp-directory) >> + (let* ((hash (nix-base32-string->bytevector >> + (string-trim-both >> + (with-output-to-string >> + (lambda () >> + (guix-hash "-rx" tmp-directory)))))) >> + (location (package-definition-location)) >> + (old-hash (content-hash-value >> + (origin-hash (package-source guix))))) >> + (edit-expression location >> + (update-definition commit hash >> + #:old-hash old-hash >> + #:version version)) >> + ;; When GUIX_ALLOW_ME_TO_USE_PRIVATE_COMMIT is set, the sources are >> + ;; added to the store. This is used as part of 'make release'. >> + (when (getenv "GUIX_ALLOW_ME_TO_USE_PRIVATE_COMMIT") >> + (with-store store >> + (keep-source-in-store store tmp-directory)))))))) > > OK, that should do the job. > > Thanks for the patch, that should break the deadlock and allow us to > proceed with the release! > > Next we need to update the ‘release’ target so > GUIX_ALLOW_ME_TO_USE_PRIVATE_COMMIT is set. Done! > I like that the initial issue is fixed, but I still don’t buy [...] Hehe. Last round of weighing the + and - of this change > the extra dependency on Git, To me, this script (update-guix-package), is an extension of the Make-based build system (that's currently it's sole entry-point). There are already calls to git in this build system (for example, to get the commit corresponding to HEAD), so I don't perceive it as nasty in this context. It can also be used as a reminder of things that are missing in (guile git), for the purists ;-). > the extra copies of the whole tree, There used to be 3 copies required in total (the Guix checkout, a first dummy copy in the store, and a final copy in the store). Now, we have 2 copies unless GUIX_ALLOW_ME_TO_USE_PRIVATE_COMMIT is set, in which case we get a third one in the store. Seems pretty even to me! > the extra code The extra code make things smoother (better/faster diagnostic), causes less friction in the workflow (I don't need to go paranoid about my tree being in pristine condition before 'make update-guix-package' -- I can rely on Guix computing it deterministically from the last commit). > and the shell pipelines, something avoided in the rest of Guix. Again, to me this script is a standalone extension of the build system. It's not defined as a module, cannot be used in the rest of the code base, so that it does things a bit differently doesn't strike me as bad. > Perhaps that suggests there are unwritten coding guidelines we should > eventually discuss and write. We’ll see! That could be nice. Although a linter included with Guile (ala Rust or Go) and configurable through a config file could have even more impact, in my opinion. In any case I'd be honored that my code got to be the spark behind such guidelines/tool, eh :-). Thank you, Maxim
bug-guix <at> gnu.org:bug#43893; Package guix.
(Tue, 10 Nov 2020 14:32:01 GMT) Full text and rfc822 format available.Message #123 received at 43893 <at> debbugs.gnu.org (full text, mbox):
From: Maxim Cournoyer <maxim.cournoyer <at> gmail.com> To: Ludovic Courtès <ludo <at> gnu.org> Cc: 43893 <at> debbugs.gnu.org Subject: Re: bug#43893: [PATCH v3] maint: update-guix-package: Prevent accidentally breaking guix pull. Date: Tue, 10 Nov 2020 09:31:17 -0500
Hey, Ludovic Courtès <ludo <at> gnu.org> writes: > Hi! > > Maxim Cournoyer <maxim.cournoyer <at> gmail.com> skribis: > >>> Maxim Cournoyer <maxim.cournoyer <at> gmail.com> skribis: >>> >>>>> +(define (assert-clean-checkout repository) >>>>> + "Error out if the working directory at REPOSITORY contains local >>>>> +modifications." >>>>> + (define description >>>>> + (let ((format-options (make-describe-format-options >>>>> + #:dirty-suffix "-dirty"))) >>>>> + (describe-format (describe-workdir repository) format-options))) >>>>> + >>>>> + (when (string-suffix? "-dirty" description) >>>>> + (leave (G_ "attempt to update 'guix' package from a dirty tree (~a)~%") >>>>> + description)) >>>>> + >>>>> + (info (G_ "updating 'guix' package to '~a'~%") description)) >>>> >>>> Unfortunately this doesn't catch the case where git has explicitly been >>>> told to '--skip-worktree' on a path or file (the original cause of this >>>> bug report). See >>>> https://debbugs.gnu.org/cgi/bugreport.cgi?bug=43893#11. >>> >>> Any such issue is caught when one eventually runs ‘guix build guix’ >>> (wrong commit ID, wrong hash, etc.). >>> >>> But you’re right that the above test isn’t fool-proof: it’s just a way >>> to catch this common mistake early and report it nicely. >> >> Right. I still don't like that it wouldn't work from a checkout where >> someone would have modified, e.g., the .dir-locals file locally and >> marked it with 'git --skip-worktree'. Having to revert this kind of >> 'developer setup' is painful. The current approach makes it unnecessary >> (only committed changes are taken into account, not just git tracked >> files). > > “Wouldn’t work” is a strong statement: like I wrote, mistakes would > always be caught when you try to build ‘guix’, as with any other package > (we don’t have special support for other packages, why would this one > have to be different?). True. I meant it in the sense "I wouldn't be able to update the Guix package before manually ensuring that the HEAD of my tree was in a pristine condition, that is, equivalent to the last commit". Since Guix is the focus of Guix developers, it's much more likely to have its sources in flux compared to the other packages we update in Guix. To me it seems useful to automate the 'cleanliness' part of the tree rather than force it on developers, since it can be. We also don't update the package in place from a Git checkout when updating other packages. It's a manual work of 'git clone', 'guix hash -rx' and editing the source manually, which is different from 'make update-guix-package', which strives to automate the process. My 2 cents! Time will tell if this is a viable route. If it breaks every time we use it, we can fallback to the simpler scheme. Maxim
bug-guix <at> gnu.org:bug#43893; Package guix.
(Tue, 10 Nov 2020 14:49:01 GMT) Full text and rfc822 format available.Message #126 received at 43893 <at> debbugs.gnu.org (full text, mbox):
From: Ludovic Courtès <ludo <at> gnu.org> To: Maxim Cournoyer <maxim.cournoyer <at> gmail.com> Cc: 43893 <at> debbugs.gnu.org Subject: Re: [PATCH] maint: update-guix-package: Optionally add sources to store. Date: Tue, 10 Nov 2020 15:48:16 +0100
Hi, Maxim Cournoyer <maxim.cournoyer <at> gmail.com> skribis: >> Thanks for the patch, that should break the deadlock and allow us to >> proceed with the release! >> >> Next we need to update the ‘release’ target so >> GUIX_ALLOW_ME_TO_USE_PRIVATE_COMMIT is set. > > Done! Thanks! >> the extra dependency on Git, > > To me, this script (update-guix-package), is an extension of the > Make-based build system (that's currently it's sole entry-point). There > are already calls to git in this build system (for example, to get the > commit corresponding to HEAD), so I don't perceive it as nasty in this > context. It can also be used as a reminder of things that are missing > in (guile git), for the purists ;-). I think we had everything needed in Guile-Git. >> the extra copies of the whole tree, > > There used to be 3 copies required in total (the Guix checkout, a first > dummy copy in the store, and a final copy in the store). > > Now, we have 2 copies unless GUIX_ALLOW_ME_TO_USE_PRIVATE_COMMIT is set, > in which case we get a third one in the store. Seems pretty even to me! Right, I stand corrected. >> the extra code > > The extra code make things smoother (better/faster diagnostic), causes > less friction in the workflow (I don't need to go paranoid about my tree > being in pristine condition before 'make update-guix-package' -- I can > rely on Guix computing it deterministically from the last commit). > >> and the shell pipelines, something avoided in the rest of Guix. > > Again, to me this script is a standalone extension of the build system. > It's not defined as a module, cannot be used in the rest of the code > base, so that it does things a bit differently doesn't strike me as bad. Note that quite a few modules started their life under build-aux/. >> Perhaps that suggests there are unwritten coding guidelines we should >> eventually discuss and write. We’ll see! > > That could be nice. Although a linter included with Guile (ala Rust or > Go) and configurable through a config file could have even more impact, > in my opinion. In any case I'd be honored that my code got to be the > spark behind such guidelines/tool, eh :-). I don’t think a linter could flag high-level patterns like the ones we’re talking about, but human-written text could. I hope this discussion can at least help improve mutual understanding on future patches and review processes. Thanks again for your time and patience! Ludo’.
bug-guix <at> gnu.org:bug#43893; Package guix.
(Tue, 10 Nov 2020 15:19:01 GMT) Full text and rfc822 format available.Message #129 received at 43893 <at> debbugs.gnu.org (full text, mbox):
From: Maxim Cournoyer <maxim.cournoyer <at> gmail.com> To: Ludovic Courtès <ludo <at> gnu.org> Cc: 43893 <at> debbugs.gnu.org Subject: Re: [PATCH] maint: update-guix-package: Optionally add sources to store. Date: Tue, 10 Nov 2020 10:18:15 -0500
Hi again! Ludovic Courtès <ludo <at> gnu.org> writes: > Hi, > > Maxim Cournoyer <maxim.cournoyer <at> gmail.com> skribis: > >>> Thanks for the patch, that should break the deadlock and allow us to >>> proceed with the release! >>> >>> Next we need to update the ‘release’ target so >>> GUIX_ALLOW_ME_TO_USE_PRIVATE_COMMIT is set. >> >> Done! > > Thanks! > >>> the extra dependency on Git, >> >> To me, this script (update-guix-package), is an extension of the >> Make-based build system (that's currently it's sole entry-point). There >> are already calls to git in this build system (for example, to get the >> commit corresponding to HEAD), so I don't perceive it as nasty in this >> context. It can also be used as a reminder of things that are missing >> in (guile git), for the purists ;-). > > I think we had everything needed in Guile-Git. Not for the current implementation, that uses git worktrees and search for the presence of the commit corresponding to HEAD in the upstream remote. If my (summary) analysis of the current state of (guile git) is wrong, I'd be happy to migrate the bits shelling out to git to actual library calls via (guile git). [...] > I hope this discussion can at least help improve mutual understanding on > future patches and review processes. > > Thanks again for your time and patience! I am equally grateful for yours. This is a long thread! Thanks, Maxim
Debbugs Internal Request <help-debbugs <at> gnu.org>
to internal_control <at> debbugs.gnu.org.
(Wed, 09 Dec 2020 12:24:13 GMT) Full text and rfc822 format available.
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.