GNU bug report logs -
#61583
[PATCH] gnu: git: Update to 2.39.2 [fixes CVE-2023-22490 & CVE-2023-23946].
Previous Next
Reported by: Greg Hogan <code <at> greghogan.com>
Date: Fri, 17 Feb 2023 18:05:01 UTC
Severity: normal
Tags: patch
Done: Leo Famulari <leo <at> famulari.name>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 61583 in the body.
You can then email your comments to 61583 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
guix-patches <at> gnu.org
:
bug#61583
; Package
guix-patches
.
(Fri, 17 Feb 2023 18:05:01 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Greg Hogan <code <at> greghogan.com>
:
New bug report received and forwarded. Copy sent to
guix-patches <at> gnu.org
.
(Fri, 17 Feb 2023 18:05:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
* gnu/packages/version-control.scm (git): Update to 2.39.2.
diff --git a/gnu/packages/version-control.scm b/gnu/packages/version-control.scm
index 5de344e549..88df2c2aeb 100644
--- a/gnu/packages/version-control.scm
+++ b/gnu/packages/version-control.scm
@@ -225,14 +225,14 @@ (define git-cross-configure-flags
(define-public git
(package
(name "git")
- (version "2.39.1")
+ (version "2.39.2")
(source (origin
(method url-fetch)
(uri (string-append "mirror://kernel.org/software/scm/git/git-"
version ".tar.xz"))
(sha256
(base32
- "0qf1wly7zagg23svpv533va5v213y7y3lfw76ldkf35k8w48m8s0"))))
+ "1mpjvhyw8mv2q941xny4d0gw3mb6b4bqaqbh73jd8b1v6zqpaps7"))))
(build-system gnu-build-system)
(native-inputs
`(("native-perl" ,perl)
@@ -252,7 +252,7 @@ (define-public git
version ".tar.xz"))
(sha256
(base32
- "0xf7ki90xw77nvmnkw50xaivyfi8jddfq0h8crzi7m9zjs7aa8mm"))))
+ "09cva868qb4705s884dzvbwkm78jlw4q8m6xj7nd7cwxy2i2ff8b"))))
;; For subtree documentation.
("asciidoc" ,asciidoc)
("docbook-xsl" ,docbook-xsl)
--
2.39.2
Information forwarded
to
guix-patches <at> gnu.org
:
bug#61583
; Package
guix-patches
.
(Mon, 20 Feb 2023 11:45:02 GMT)
Full text and
rfc822 format available.
Message #8 received at 61583 <at> debbugs.gnu.org (full text, mbox):
Hi,
On ven., 17 févr. 2023 at 18:04, Greg Hogan <code <at> greghogan.com> wrote:
> * gnu/packages/version-control.scm (git): Update to 2.39.2.
As noticed previously for an update of Git, this implies a lot of
rebuilds because git-minimal inherits from git.
Well, I am checking if git-minimal is used only for the tests by some of
the packages.
For sure, it is a concern since it is a security fixes.
Cheers,
simon
Information forwarded
to
guix-patches <at> gnu.org
:
bug#61583
; Package
guix-patches
.
(Fri, 03 Mar 2023 19:15:01 GMT)
Full text and
rfc822 format available.
Message #11 received at 61583 <at> debbugs.gnu.org (full text, mbox):
Hi,
CC: core team
On Mon, 20 Feb 2023 at 12:44, Simon Tournier <zimon.toutoune <at> gmail.com> wrote:
> On ven., 17 févr. 2023 at 18:04, Greg Hogan <code <at> greghogan.com> wrote:
>> * gnu/packages/version-control.scm (git): Update to 2.39.2.
>
> As noticed previously for an update of Git, this implies a lot of
> rebuilds because git-minimal inherits from git.
Well, I locally rebuilt all and maybe a couple of packages break. The
rebuild is intensive and I do not know if such update should to master
or core-updates and/or use some grafts.
For instance, QA is still saying nothing after 12 days.
https://qa.guix.gnu.org/issue/61583
> Well, I am checking if git-minimal is used only for the tests by some of
> the packages.
I have tried to replace the plain ’git’ or ’git-minimal’ by
’git-minimal/pinned’ for some packages. It does not change much.
> For sure, it is a concern since it is a security fixes.
Hum, we are not very reactive. :-)
Cheers,
simon
Information forwarded
to
guix-patches <at> gnu.org
:
bug#61583
; Package
guix-patches
.
(Fri, 03 Mar 2023 19:35:03 GMT)
Full text and
rfc822 format available.
Message #14 received at 61583 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Hi,
I'd ask ‘why can we not simply graft this’ but…
Simon Tournier 写道:
>> As noticed previously for an update of Git, this implies a lot
>> of
>> rebuilds because git-minimal inherits from git.
>
> Well, I locally rebuilt all and maybe a couple of packages
> break. The
> rebuild is intensive and I do not know if such update should to
> master
> or core-updates and/or use some grafts.
Packages that built with .1 break with .2? That's not a very
semantic versioning :-/
What broke? Then I can test just those.
Kind regards,
T G-R
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to
guix-patches <at> gnu.org
:
bug#61583
; Package
guix-patches
.
(Fri, 03 Mar 2023 21:58:02 GMT)
Full text and
rfc822 format available.
Message #17 received at 61583 <at> debbugs.gnu.org (full text, mbox):
On Mon, Feb 20, 2023 at 12:44:23PM +0100, Simon Tournier wrote:
> On ven., 17 févr. 2023 at 18:04, Greg Hogan <code <at> greghogan.com> wrote:
> > * gnu/packages/version-control.scm (git): Update to 2.39.2.
>
> As noticed previously for an update of Git, this implies a lot of
> rebuilds because git-minimal inherits from git.
------
$ guix refresh -l git-minimal
Building the following 43 packages would ensure 69 dependent packages are rebuilt: r-biocpkgtools <at> 1.16.0 r-biocthis <at> 1.8.1 r-biocworkflowtools <at> 1.24.0 r-golem <at> 0.3.5 r-megadepth <at> 1.8.0 r-chromunity <at> 0.0.1-1.09fce8b r-rnaseqdtu <at> 2.0-1.5bee1e7 r-spectre <at> 0.5.5-1.f6648ab r-battenberg <at> 2.2.9 r-chemometricswithr <at> 0.1.13 r-adapr <at> 2.0.0 r-activpal <at> 0.1.3 rust-git2-6 <at> 0.6.11 rust-git2 <at> 0.15.0 rust-git2 <at> 0.13.24 rust-git2 <at> 0.11.0 rust-git2 <at> 0.14.4 rust-git2 <at> 0.9.1 emacs-libgit <at> 0.0.1-1.ab1a53a nuspell <at> 3.1.2 kicad-doc <at> 7.0.0 musescore <at> 4.0.1 python-oslosphinx <at> 4.18.0 conan <at> 1.50.0 python-jupytext <at> 1.14.1 snakemake <at> 7.7.0 vorta <at> 0.8.7 clipper <at> 2.0.1 gnome <at> 42.4 mate <at> 1.24.1 r-prereg <at> 0.6.0 python-ipython-documentation <at> 8.2.0 python-numpy-documentation <at> 1.21.6 nototools <at> 0.2.16 python-clorm <at> 1.4.1 python-telingo <at> 2.1.1 python-screenkey <at> 1.4 mbed-tools <at> 7.53.0 snakemake <at> 6.15.5 emacs-ghq <at> 0.1.2 pre-commit <at> 2.20.0 gitless <at> 0.8.8 vlang <at> 0.2.4
------
That's not a significant number of packages.
Overall, git and git-minimal will cause more than 300 rebuilds, but not
too many for the current state of the build farm.
Concretely, why can't we push this to master immediately?
Information forwarded
to
guix-patches <at> gnu.org
:
bug#61583
; Package
guix-patches
.
(Sat, 04 Mar 2023 03:40:01 GMT)
Full text and
rfc822 format available.
Message #20 received at 61583 <at> debbugs.gnu.org (full text, mbox):
Hi Simon,
Simon Tournier <zimon.toutoune <at> gmail.com> writes:
> Hi,
>
> CC: core team
>
> On Mon, 20 Feb 2023 at 12:44, Simon Tournier <zimon.toutoune <at> gmail.com> wrote:
>
>> On ven., 17 févr. 2023 at 18:04, Greg Hogan <code <at> greghogan.com> wrote:
>
>>> * gnu/packages/version-control.scm (git): Update to 2.39.2.
>>
>> As noticed previously for an update of Git, this implies a lot of
>> rebuilds because git-minimal inherits from git.
>
> Well, I locally rebuilt all and maybe a couple of packages break. The
> rebuild is intensive and I do not know if such update should to master
> or core-updates and/or use some grafts.
>
> For instance, QA is still saying nothing after 12 days.
>
> https://qa.guix.gnu.org/issue/61583
>
>
>> Well, I am checking if git-minimal is used only for the tests by some of
>> the packages.
>
> I have tried to replace the plain ’git’ or ’git-minimal’ by
> ’git-minimal/pinned’ for some packages. It does not change much.
>
>
>> For sure, it is a concern since it is a security fixes.
>
> Hum, we are not very reactive. :-)
I think the number of rebuilt packages is in the thousands, so that's a
core-updates change. On master it should be grafted instead, if that's
possible.
--
Thanks,
Maxim
Information forwarded
to
guix-patches <at> gnu.org
:
bug#61583
; Package
guix-patches
.
(Sat, 04 Mar 2023 03:46:02 GMT)
Full text and
rfc822 format available.
Message #23 received at 61583 <at> debbugs.gnu.org (full text, mbox):
On Fri, Mar 3, 2023, at 22:39, Maxim Cournoyer wrote:
> Hi Simon,
>
> Simon Tournier <zimon.toutoune <at> gmail.com> writes:
>
>> Hi,
>>
>> CC: core team
>>
>> On Mon, 20 Feb 2023 at 12:44, Simon Tournier <zimon.toutoune <at> gmail.com> wrote:
>>
>>> On ven., 17 févr. 2023 at 18:04, Greg Hogan <code <at> greghogan.com> wrote:
>>
>>>> * gnu/packages/version-control.scm (git): Update to 2.39.2.
>>>
>>> As noticed previously for an update of Git, this implies a lot of
>>> rebuilds because git-minimal inherits from git.
>>
>> Well, I locally rebuilt all and maybe a couple of packages break. The
>> rebuild is intensive and I do not know if such update should to master
>> or core-updates and/or use some grafts.
>>
>> For instance, QA is still saying nothing after 12 days.
>>
>> https://qa.guix.gnu.org/issue/61583
>>
>>
>>> Well, I am checking if git-minimal is used only for the tests by some of
>>> the packages.
>>
>> I have tried to replace the plain ’git’ or ’git-minimal’ by
>> ’git-minimal/pinned’ for some packages. It does not change much.
>>
>>
>>> For sure, it is a concern since it is a security fixes.
>>
>> Hum, we are not very reactive. :-)
>
> I think the number of rebuilt packages is in the thousands, so that's a
> core-updates change. On master it should be grafted instead, if that's
> possible.
`guix refresh -l git git-minimal` shows only hundreds of rebuilds. Am I missing something?
Information forwarded
to
guix-patches <at> gnu.org
:
bug#61583
; Package
guix-patches
.
(Sat, 04 Mar 2023 10:32:02 GMT)
Full text and
rfc822 format available.
Message #26 received at 61583 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Hi Leo,
Leo Famulari <leo <at> famulari.name> writes:
> That's not a significant number of packages.
>
> Overall, git and git-minimal will cause more than 300 rebuilds, but not
> too many for the current state of the build farm.
>
> Concretely, why can't we push this to master immediately?
`guix refresh` is not great for core packages: it only detects things
that depend on other packages through inputs. Here though, git is used
indirectly by git-fetch origins, and would affect the dependency graph a
lot more. I think this should be grafted to avoid too many rebuilds,
and ungrafted on core-updates (maybe now, maybe after the big
core-updates merge).
Best,
--
Josselin Poiret
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to
guix-patches <at> gnu.org
:
bug#61583
; Package
guix-patches
.
(Sat, 04 Mar 2023 14:42:02 GMT)
Full text and
rfc822 format available.
Message #29 received at 61583 <at> debbugs.gnu.org (full text, mbox):
On Sat, Mar 4, 2023, at 05:30, Josselin Poiret wrote:
> Hi Leo,
>
> Leo Famulari <leo <at> famulari.name> writes:
>
>> That's not a significant number of packages.
>>
>> Overall, git and git-minimal will cause more than 300 rebuilds, but not
>> too many for the current state of the build farm.
>>
>> Concretely, why can't we push this to master immediately?
>
> `guix refresh` is not great for core packages: it only detects things
> that depend on other packages through inputs. Here though, git is used
> indirectly by git-fetch origins, and would affect the dependency graph a
> lot more. I think this should be grafted to avoid too many rebuilds,
> and ungrafted on core-updates (maybe now, maybe after the big
> core-updates merge).
Changing the Git package shouldn't affect fixed-output derivations that fetch from Git. If they do, that's a recent and very serious bug.
Git is a security critical package that we've always updated freely.
I'm AFK, only have my phone today . But, please try updating Git and check if the fixed-output source derivations change.
Leo
Information forwarded
to
guix-patches <at> gnu.org
:
bug#61583
; Package
guix-patches
.
(Sat, 04 Mar 2023 15:33:02 GMT)
Full text and
rfc822 format available.
Message #32 received at submit <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Leo Famulari 写道:
> I'm AFK, only have my phone today . But, please try updating Git
> and check if the fixed-output source derivations change.
…and if not, shall we agree to push this? (It's a yes from me,
dog.)
Kind regards,
T G-R
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to
guix-patches <at> gnu.org
:
bug#61583
; Package
guix-patches
.
(Sat, 04 Mar 2023 15:33:02 GMT)
Full text and
rfc822 format available.
Information forwarded
to
guix-patches <at> gnu.org
:
bug#61583
; Package
guix-patches
.
(Sat, 04 Mar 2023 17:54:02 GMT)
Full text and
rfc822 format available.
Message #38 received at 61583 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Hi Leo,
"Leo Famulari" <leo <at> famulari.name> writes:
> Changing the Git package shouldn't affect fixed-output derivations that fetch from Git. If they do, that's a recent and very serious bug.
Whoops, you're right, I completely ignored that. I agree with you and
Tobias about pushing to master immediately then!
Best,
--
Josselin Poiret
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to
guix-patches <at> gnu.org
:
bug#61583
; Package
guix-patches
.
(Sat, 04 Mar 2023 18:53:01 GMT)
Full text and
rfc822 format available.
Message #41 received at 61583 <at> debbugs.gnu.org (full text, mbox):
Hi,
On Fri, 3 Mar 2023 at 22:57, Leo Famulari <leo <at> famulari.name> wrote:
> Overall, git and git-minimal will cause more than 300 rebuilds, but not
> too many for the current state of the build farm.
I get 546 dependent packages for git + git-minimal which need to be
re-built. And some are really expensive -- that what I meant by "a
lot of rebuilds". :-)
Well, I do not know if there is an issue with QA or it is just really
expensive but the process is still pending, if I read correctly
<https://qa.guix.gnu.org/issue/61583>.
> Concretely, why can't we push this to master immediately?
Somehow the guarantee that none of these 546 would not be broken by
the update. ;-)
Anyway, I had locally built them -- it took 3-4 days on my machine,
IIRC -- and I do not remember any "big" breakage, maybe a couple of
packages -- even maybe not since some are already broken. However, I
did not carefully tracked my process thinking to come back later --
well, I ran "guix gc" in the mean for checking stuff with SWH coverage
thinking that QA would have finished.
I do not have an opinion where or whether to push.
Cheers,
simon
Information forwarded
to
guix-patches <at> gnu.org
:
bug#61583
; Package
guix-patches
.
(Sun, 05 Mar 2023 18:47:02 GMT)
Full text and
rfc822 format available.
Message #44 received at 61583 <at> debbugs.gnu.org (full text, mbox):
On Sat, Mar 04, 2023 at 07:52:04PM +0100, Simon Tournier wrote:
> I get 546 dependent packages for git + git-minimal which need to be
> re-built. And some are really expensive -- that what I meant by "a
> lot of rebuilds". :-)
>
> Well, I do not know if there is an issue with QA or it is just really
> expensive but the process is still pending, if I read correctly
> <https://qa.guix.gnu.org/issue/61583>.
At the Guix Days, it was said that there is a limit to how many builds
the QA server will perform for a change. I don't recall the number, but
maybe 300 builds per change? So, if a change causes too many rebuilds,
the QA server will not perform the builds.
Aside: Chris, I'd be happy to add a FAQ page to the QA server that
answers this type of question. Let me know if I've missed that one
already exists.
For the Berlin server, I don't think that 546 builds is too many, at
least for Intel systems.
> > Concretely, why can't we push this to master immediately?
>
> Somehow the guarantee that none of these 546 would not be broken by
> the update. ;-)
It's certainly possible that something breaks. But we can do a simple
test by trying to update our profiles and Guix System installations, and
checking that our tools still work. I think it's okay to cause a little
breakage in order to deploy important security updates.
Information forwarded
to
guix-patches <at> gnu.org
:
bug#61583
; Package
guix-patches
.
(Sun, 05 Mar 2023 19:31:02 GMT)
Full text and
rfc822 format available.
Message #47 received at 61583 <at> debbugs.gnu.org (full text, mbox):
> "Leo Famulari" <leo <at> famulari.name> writes:
> > Changing the Git package shouldn't affect fixed-output derivations that fetch from Git. If they do, that's a recent and very serious bug.
Now I have confused myself and I'm unsure. I stepped away from Guix for
a while and forgot a lot of the intimate knowledge I had on this
subject.
I checked, and this patch does change the derivation of packages
fetching from Git, although the output is identical. So, I am confused
about if this will cause >10k rebuilds or not.
Here's how I checked, first by calculating derivations and outputs on
the master branch, and then after applying the patch:
------
$ git rev-parse --abbrev-ref HEAD
master
$ git rev-parse HEAD
cedf97ed6ee4eba8c39bfe6cc0efe33fcb977ccf
$ ./pre-inst-env guix build --no-grafts corefreq -d
/gnu/store/78lhq407x6sjlf3k7jh16ph1pff1y2nw-corefreq-1.95.2.drv
$ ./pre-inst-env guix build --no-grafts corefreq
/gnu/store/vva0xljihzmpf4ddbihr168f2ymkh2k0-corefreq-1.95.2-linux-module
/gnu/store/qkwah5gnfqh293i36byhc00cd6xb3jml-corefreq-1.95.2
------
Apply the patch:
------
$ git checkout contrib-security-git
Switched to branch 'contrib-security-git'
$ git log --oneline | head -n1
faeb52692d gnu: git: Update to 2.39.2 [fixes CVE-2023-22490 & CVE-2023-23946].
$ ./pre-inst-env guix build --no-grafts corefreq -d
/gnu/store/sw5942gj4f5lm9i9zn6bwj7f0q0dlf7a-corefreq-1.95.2.drv
$ ./pre-inst-env guix build --no-grafts corefreq
/gnu/store/vva0xljihzmpf4ddbihr168f2ymkh2k0-corefreq-1.95.2-linux-module
/gnu/store/qkwah5gnfqh293i36byhc00cd6xb3jml-corefreq-1.95.2
------
The package derivation changed, but not the output.
I'm looking for guidance on how to interpret these results.
Information forwarded
to
guix-patches <at> gnu.org
:
bug#61583
; Package
guix-patches
.
(Sun, 05 Mar 2023 19:48:01 GMT)
Full text and
rfc822 format available.
Message #50 received at 61583 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Leo Famulari <leo <at> famulari.name> writes:
> On Sat, Mar 04, 2023 at 07:52:04PM +0100, Simon Tournier wrote:
>> I get 546 dependent packages for git + git-minimal which need to be
>> re-built. And some are really expensive -- that what I meant by "a
>> lot of rebuilds". :-)
>>
>> Well, I do not know if there is an issue with QA or it is just really
>> expensive but the process is still pending, if I read correctly
>> <https://qa.guix.gnu.org/issue/61583>.
>
> At the Guix Days, it was said that there is a limit to how many builds
> the QA server will perform for a change. I don't recall the number, but
> maybe 300 builds per change? So, if a change causes too many rebuilds,
> the QA server will not perform the builds.
Currently the limit is 200 builds per system.
https://git.cbaines.net/guix/qa-frontpage/tree/guix-qa-frontpage/manage-builds.scm#n99
> Aside: Chris, I'd be happy to add a FAQ page to the QA server that
> answers this type of question. Let me know if I've missed that one
> already exists.
Contributions are very welcome, there's no documentation yet.
>> > Concretely, why can't we push this to master immediately?
>>
>> Somehow the guarantee that none of these 546 would not be broken by
>> the update. ;-)
>
> It's certainly possible that something breaks. But we can do a simple
> test by trying to update our profiles and Guix System installations, and
> checking that our tools still work. I think it's okay to cause a little
> breakage in order to deploy important security updates.
The backlog of revisions to be processed by data.qa.guix.gnu.org is
being processed faster now, so hopefully the impact of this change will
be visible there shortly.
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to
guix-patches <at> gnu.org
:
bug#61583
; Package
guix-patches
.
(Sun, 05 Mar 2023 20:34:02 GMT)
Full text and
rfc822 format available.
Message #53 received at 61583 <at> debbugs.gnu.org (full text, mbox):
Hi Leo,
On Sun, 5 Mar 2023 at 19:46, Leo Famulari <leo <at> famulari.name> wrote:
> At the Guix Days, it was said that there is a limit to how many builds
> the QA server will perform for a change. I don't recall the number, but
> maybe 300 builds per change? So, if a change causes too many rebuilds,
> the QA server will not perform the builds.
Ah thanks! I always forgot that limit. :-) I mean, since it says
"not yet processed", I still think the limit is higher. ;-) Anyway.
> For the Berlin server, I don't think that 546 builds is too many, at
> least for Intel systems.
Indeed. Just to note that the last update of Git was by commit:
--8<---------------cut here---------------start------------->8---
51f8a7aced70b7f79037bd99019dddaea07ced25
Author: Tobias Geerinckx-Rice <me <at> tobias.gr>
AuthorDate: Sun Jan 15 01:00:03 2023 +0100
Commit: Tobias Geerinckx-Rice <me <at> tobias.gr>
CommitDate: Sun Jan 15 01:00:08 2023 +0100
gnu: git: Update to 2.39.1 [fixes CVE-2022-41903 & CVE-2022-23521].
* gnu/packages/version-control.scm (git): Update to 2.39.1.
Reported by HexMachina in #guix.
--8<---------------cut here---------------end--------------->8---
and all was fine...
> > Somehow the guarantee that none of these 546 would not be broken by
> > the update. ;-)
>
> It's certainly possible that something breaks. But we can do a simple
> test by trying to update our profiles and Guix System installations, and
> checking that our tools still work. I think it's okay to cause a little
> breakage in order to deploy important security updates.
...but it was not with the previous,
--8<---------------cut here---------------start------------->8---
83ede5a02e1fc531d912eb92eb0a22a4b897997c
Author: Greg Hogan <code <at> greghogan.com>
AuthorDate: Wed Oct 19 20:13:15 2022 +0000
Commit: Ludovic Courtès <ludo <at> gnu.org>
CommitDate: Tue Nov 8 14:06:00 2022 +0100
gnu: git: Update to 2.38.1.
Fixes CVE-2022-39253 and CVE-2022-39260.
* gnu/packages/version-control.scm (git): Update to 2.38.1.
Co-authored-by: Ludovic Courtès <ludo <at> gnu.org>
--8<---------------cut here---------------end--------------->8---
which had broken part of the Julia ecosystem; now the same problem
cannot arise for Julia. Who knows for the others? Anyway, I did this
rebuild and I did not noticed large breaks.
> > > Concretely, why can't we push this to master immediately?
Since we agree it is fine for master, feel free to push. :-)
Cheers,
simon
Information forwarded
to
guix-patches <at> gnu.org
:
bug#61583
; Package
guix-patches
.
(Mon, 06 Mar 2023 12:55:01 GMT)
Full text and
rfc822 format available.
Message #56 received at submit <at> debbugs.gnu.org (full text, mbox):
Hi,
Tobias Geerinckx-Rice via Guix-patches via <guix-patches <at> gnu.org>
writes:
> Leo Famulari 写道:
>> I'm AFK, only have my phone today . But, please try updating Git and
>> check if the fixed-output source derivations change.
>
> …and if not, shall we agree to push this? (It's a yes from me, dog.)
>
> Kind regards,
As long as it doesn't touch git-minimal/fixed, we should be OK,
otherwise it causes thousands of rebuilds (see the revert of
8a9bf794e184934e1432f25f4954117d4b46f655, where I got bitten by this).
I don't recall why it causes so many rebuilds.
--
Thanks,
Maxim
Information forwarded
to
guix-patches <at> gnu.org
:
bug#61583
; Package
guix-patches
.
(Mon, 06 Mar 2023 12:55:02 GMT)
Full text and
rfc822 format available.
Reply sent
to
Leo Famulari <leo <at> famulari.name>
:
You have taken responsibility.
(Mon, 06 Mar 2023 17:24:02 GMT)
Full text and
rfc822 format available.
Notification sent
to
Greg Hogan <code <at> greghogan.com>
:
bug acknowledged by developer.
(Mon, 06 Mar 2023 17:24:02 GMT)
Full text and
rfc822 format available.
Message #64 received at 61583-done <at> debbugs.gnu.org (full text, mbox):
On Fri, Feb 17, 2023 at 06:04:02PM +0000, Greg Hogan wrote:
> * gnu/packages/version-control.scm (git): Update to 2.39.2.
Thank you! Pushed as a0d22c41989e529859c813fb64a78250bde76991
Some more discussion on the subject on #guix IRC:
http://logs.guix.gnu.org/guix/2023-03-06.log#175418
Information forwarded
to
guix-patches <at> gnu.org
:
bug#61583
; Package
guix-patches
.
(Wed, 08 Mar 2023 10:18:02 GMT)
Full text and
rfc822 format available.
Message #67 received at 61583-done <at> debbugs.gnu.org (full text, mbox):
Hi Leo,
On Mon, 06 Mar 2023 at 12:23, Leo Famulari <leo <at> famulari.name> wrote:
> Some more discussion on the subject on #guix IRC:
>
> http://logs.guix.gnu.org/guix/2023-03-06.log#175418
There is mentioned git-minimal/fixed and git-minimal/pinned.
+ git-minimal/fixed = grafted
+ git-minimal/pinned = that does not change
Basically, the aim of git-minimal/pinned is to avoid “world rebuild”
when updating git-minimal. It is mainly used by some tests and it is
safe to make few upgrades.
See more details here:
https://issues.guix.gnu.org/issue/61078
or the discussion starting here:
https://issues.guix.gnu.org/issue/60042#msgid-c811d75e30752a591d9777368672dbdf801675b4
Cheers,
simon
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org
.
(Wed, 05 Apr 2023 11:24:10 GMT)
Full text and
rfc822 format available.
This bug report was last modified 1 year and 20 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.