me/guix
Archived
1
0
Fork 0
Code Activity

gnu: racket: Adjust patch for "/bin/sh" in rktio.

Browse source 
Use '_PATH_BSHELL' instead of a custom preprocessor macro. This may not
be The Right Thing in the long term, but it at least avoids a
proliferation of 'CPPFLAGS'.

* gnu/packages/patches/racket-minimal-sh-via-rktio.patch: Rename to ...
* gnu/packages/patches/racket-rktio-bin-sh.patch: ... this, and change
to use '_PATH_BSHELL'.
* gnu/local.mk (dist_patch_DATA): Update accordingly.
* gnu/packages/racket.scm (%racket-origin)[patches]: Likewise.
(racket-vm-common-configure-flags): Stop setting 'CPPFLAGS'. Change to a
constant instead of a function, since we no longer need the delay.
(racket-vm-cgc, racket-vm-bc,
racket-vm-cs)[arguments]<#:configure-flags>: Update accordingly.
[inputs]: Remove 'bash-minimal'.

Signed-off-by: Ludovic Courtès <ludo@gnu.org>
This commit is contained in:
Philip McGrath 2022-08-27 14:55:45 -04:00 committed by Ludovic Courtès
parent b8a6f6b40d
commit 911768b6d5
No known key found for this signature in database
GPG key ID: 090B11993D9AEBB5
3 changed files with 36 additions and 43 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
gnu/local.mk
View file

@ -1774,7 +1774,7 @@ dist_patch_DATA = \
%D%/packages/patches/ripperx-missing-file.patch \ %D%/packages/patches/ripperx-missing-file.patch \
%D%/packages/patches/rpcbind-CVE-2017-8779.patch \ %D%/packages/patches/rpcbind-CVE-2017-8779.patch \
%D%/packages/patches/rtags-separate-rct.patch \ %D%/packages/patches/rtags-separate-rct.patch \
%D%/packages/patches/racket-minimal-sh-via-rktio.patch \ %D%/packages/patches/racket-rktio-bin-sh.patch \
%D%/packages/patches/remake-impure-dirs.patch \ %D%/packages/patches/remake-impure-dirs.patch \
%D%/packages/patches/restic-0.9.6-fix-tests-for-go1.15.patch \ %D%/packages/patches/restic-0.9.6-fix-tests-for-go1.15.patch \
%D%/packages/patches/retroarch-LIBRETRO_DIRECTORY.patch \ %D%/packages/patches/retroarch-LIBRETRO_DIRECTORY.patch \

62
gnu/packages/patches/racket-minimal-sh-via-rktio.patch → gnu/packages/patches/racket-rktio-bin-sh.patch
View file

@ -1,7 +1,7 @@
From 3574b567c486d264d680a37586436c3b5a8cb978 Mon Sep 17 00:00:00 2001 From 6a553f24439fe64fd3a2f0b5902f00590ca4241f Mon Sep 17 00:00:00 2001
From: Philip McGrath <philip@philipmcgrath.com> From: Philip McGrath <philip@philipmcgrath.com>
Date: Thu, 4 Mar 2021 04:11:50 -0500 Date: Thu, 4 Mar 2021 04:11:50 -0500
Subject: [PATCH] patch rktio_process for "/bin/sh" on Guix Subject: [PATCH] rktio: patch rktio_process for "/bin/sh" on Guix
Racket provides the functions `system` and `process`, Racket provides the functions `system` and `process`,
which execute shell commands using `sh` (or `cmd` on Windows). which execute shell commands using `sh` (or `cmd` on Windows).
@ -12,37 +12,38 @@ This patch adds a special case for "/bin/sh" to `rktio_process`,
the C function that implements the core of `system`, `process`, the C function that implements the core of `system`, `process`,
and related Racket functions. and related Racket functions.
Guix should enable the special case by defining the C preprocessor
macro `GUIX_RKTIO_PATCH_BIN_SH` with the path to `sh` in the store.
If: If:
1. The `GUIX_RKTIO_PATCH_BIN_SH` macro is defined; and 1. The nonstandard but ubiquitous macro `_PATH_BSHELL` from
<paths.h> is defined; and
2. `rktio_process` is called with the exact path "/bin/sh"; and 2. `rktio_process` is called with the exact path "/bin/sh"; and
3. The path specified by `GUIX_RKTIO_PATCH_BIN_SH` does exists; 3. The file specified by `_PATH_BSHELL` exists;
then `rktio_process` will execute the file specified then `rktio_process` will execute the file specified by `_PATH_BSHELL`
by `GUIX_RKTIO_PATCH_BIN_SH` instead of "/bin/sh". instead of "/bin/sh".
Compared to previous attempts to patch the Racket sources, Checking that the path specified by `_PATH_BSHELL` exists safeguards
making this change at the C level is both: against obscure errors if attempting to use stand-alone executables
built by the patched Racket in non-Guix envoronments.
- More comprehensive: it catches all attempts to execute "/bin/sh",
without having to track down the source of every occurance; and
- Less intrusive: by guarding the special case with a C preprocessor
conditional and a runtime check that the file in the store exists,
we make it much less likely that it will "leak" out of Guix.
--- ---
racket/src/rktio/rktio_process.c | 21 ++++++++++++++++++++- racket/src/rktio/rktio_process.c | 17 ++++++++++++++++-
1 file changed, 20 insertions(+), 1 deletion(-) 1 file changed, 16 insertions(+), 1 deletion(-)
diff --git a/racket/src/rktio/rktio_process.c b/racket/src/rktio/rktio_process.c diff --git a/racket/src/rktio/rktio_process.c b/racket/src/rktio/rktio_process.c
index 89202436c0..465ebdd5c5 100644 index fafaf728c1..796ebc59ce 100644
--- a/racket/src/rktio/rktio_process.c --- a/racket/src/rktio/rktio_process.c
+++ b/racket/src/rktio/rktio_process.c +++ b/racket/src/rktio/rktio_process.c
@@ -1224,12 +1224,14 @@ int rktio_process_allowed_flags(rktio_t *rktio) @@ -9,6 +9,7 @@
# include <sys/wait.h>
# include <errno.h>
# include <unistd.h>
+# include <paths.h> /* PATCHED for Guix */
# ifdef USE_ULIMIT
# include <ulimit.h>
# endif
@@ -1301,12 +1302,14 @@ int rktio_process_allowed_flags(rktio_t *rktio)
/*========================================================================*/ /*========================================================================*/
rktio_process_result_t *rktio_process(rktio_t *rktio, rktio_process_result_t *rktio_process(rktio_t *rktio,
@ -58,22 +59,17 @@ index 89202436c0..465ebdd5c5 100644
rktio_process_result_t *result; rktio_process_result_t *result;
intptr_t to_subprocess[2], from_subprocess[2], err_subprocess[2]; intptr_t to_subprocess[2], from_subprocess[2], err_subprocess[2];
int pid; int pid;
@@ -1255,6 +1257,23 @@ rktio_process_result_t *rktio_process(rktio_t *rktio, @@ -1333,6 +1336,18 @@ rktio_process_result_t *rktio_process(rktio_t *rktio,
int i; int i;
#endif #endif
+/* BEGIN PATCH for Guix */ +/* BEGIN PATCH for Guix */
+#if defined(GUIX_RKTIO_PATCH_BIN_SH) +#if defined(_PATH_BSHELL)
+# define GUIX_AS_a_STR_HELPER(x) #x
+# define GUIX_AS_a_STR(x) GUIX_AS_a_STR_HELPER(x)
+ /* A level of indirection makes `#` work as needed: */
+ command = + command =
+ ((0 == strcmp(_guix_orig_command, "/bin/sh")) + ((0 == strcmp(_guix_orig_command, "/bin/sh"))
+ && rktio_file_exists(rktio, GUIX_AS_a_STR(GUIX_RKTIO_PATCH_BIN_SH))) + && rktio_file_exists(rktio, _PATH_BSHELL))
+ ? GUIX_AS_a_STR(GUIX_RKTIO_PATCH_BIN_SH) + ? _PATH_BSHELL
+ : _guix_orig_command; + : _guix_orig_command;
+# undef GUIX_AS_a_STR
+# undef GUIX_AS_a_STR_HELPER
+#else +#else
+ command = _guix_orig_command; + command = _guix_orig_command;
+#endif +#endif
@ -82,6 +78,8 @@ index 89202436c0..465ebdd5c5 100644
/* avoid compiler warnings: */ /* avoid compiler warnings: */
to_subprocess[0] = -1; to_subprocess[0] = -1;
to_subprocess[1] = -1; to_subprocess[1] = -1;
--
2.21.1 (Apple Git-122.3) base-commit: 9d228d16fb99c274c964e5bef93e97333888769f
--
2.32.0

15
gnu/packages/racket.scm
View file

@ -36,7 +36,6 @@
#:use-module (ice-9 match) #:use-module (ice-9 match)
#:use-module (gnu packages) #:use-module (gnu packages)
#:use-module (gnu packages autotools) #:use-module (gnu packages autotools)
#:use-module (gnu packages bash)
#:use-module (gnu packages chez) #:use-module (gnu packages chez)
#:use-module (gnu packages compression) #:use-module (gnu packages compression)
#:use-module (gnu packages databases) #:use-module (gnu packages databases)
@ -212,7 +211,7 @@ otherwise."
(sha256 (sha256
(base32 "0f9zyhdvbh4xsndrqjzl85j5ziz0rmqi676g9s1lw3h3skq2636h")) (base32 "0f9zyhdvbh4xsndrqjzl85j5ziz0rmqi676g9s1lw3h3skq2636h"))
(file-name (git-file-name "racket" %racket-version)) (file-name (git-file-name "racket" %racket-version))
(patches (search-patches "racket-minimal-sh-via-rktio.patch")) (patches (search-patches "racket-rktio-bin-sh.patch"))
(modules '((guix build utils))) (modules '((guix build utils)))
(snippet (snippet
#~(begin #~(begin
@ -232,8 +231,7 @@ otherwise."
;; Unbundle libffi. ;; Unbundle libffi.
(delete-file-recursively "racket/src/bc/foreign/libffi"))))) (delete-file-recursively "racket/src/bc/foreign/libffi")))))
(define (racket-vm-common-configure-flags) (define racket-vm-common-configure-flags
;; under a lambda abstraction to avoid evaluating bash-minimal too early.
#~`(,@(cond #~`(,@(cond
((false-if-exception ((false-if-exception
(search-input-file %build-inputs "/bin/libtool")) (search-input-file %build-inputs "/bin/libtool"))
@ -248,8 +246,6 @@ otherwise."
(list (string-append "--enable-racket=" racket)))) (list (string-append "--enable-racket=" racket))))
(else (else
'())) '()))
,(string-append "CPPFLAGS=-DGUIX_RKTIO_PATCH_BIN_SH="
#$(file-append bash-minimal "/bin/sh"))
"--disable-strip" "--disable-strip"
;; Using --enable-origtree lets us distinguish the VM from subsequent ;; Using --enable-origtree lets us distinguish the VM from subsequent
;; layers and produces a build with the shape expected by tools such as ;; layers and produces a build with the shape expected by tools such as
@ -267,7 +263,6 @@ otherwise."
(version %racket-version) (version %racket-version)
(source %racket-origin) (source %racket-origin)
(inputs (list ncurses ;; <- common to all variants (for #%terminal) (inputs (list ncurses ;; <- common to all variants (for #%terminal)
bash-minimal ;; <- common to all variants (for `system`)
libffi)) ;; <- only for BC variants libffi)) ;; <- only for BC variants
(native-inputs (list libtool)) ;; <- only for BC variants (native-inputs (list libtool)) ;; <- only for BC variants
(outputs '("out" "debug")) (outputs '("out" "debug"))
@ -276,7 +271,7 @@ otherwise."
(list (list
#:configure-flags #:configure-flags
#~(cons "--enable-cgcdefault" #~(cons "--enable-cgcdefault"
#$(racket-vm-common-configure-flags)) #$racket-vm-common-configure-flags)
;; Tests are in packages like racket-test-core and ;; Tests are in packages like racket-test-core and
;; main-distribution-test that aren't part of the main ;; main-distribution-test that aren't part of the main
;; distribution. ;; distribution.
@ -359,7 +354,7 @@ code to use the 3M garbage collector.")
(substitute-keyword-arguments (package-arguments racket-vm-cgc) (substitute-keyword-arguments (package-arguments racket-vm-cgc)
((#:configure-flags _ '()) ((#:configure-flags _ '())
#~(cons "--enable-bconly" #~(cons "--enable-bconly"
#$(racket-vm-common-configure-flags))))) #$racket-vm-common-configure-flags))))
(synopsis "Racket BC [3M] implementation") (synopsis "Racket BC [3M] implementation")
(description "The Racket BC (``before Chez'' or ``bytecode'') (description "The Racket BC (``before Chez'' or ``bytecode'')
implementation was the default before Racket 8.0. It uses a compiler written implementation was the default before Racket 8.0. It uses a compiler written
@ -405,7 +400,7 @@ collector, 3M (``Moving Memory Manager'').")
#$(this-package-native-input #$(this-package-native-input
"chez-scheme-for-racket") "chez-scheme-for-racket")
"/bin/scheme") "/bin/scheme")
#$(racket-vm-common-configure-flags))))) #$racket-vm-common-configure-flags))))
(synopsis "Racket CS implementation") (synopsis "Racket CS implementation")
(description "The Racket CS implementation, which uses ``Chez Scheme'' as (description "The Racket CS implementation, which uses ``Chez Scheme'' as
its core compiler and runtime system, has been the default Racket VM its core compiler and runtime system, has been the default Racket VM