[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Writing recipe for Crypto++, and getting build errors
|
From: |
Ludovic Courtès |
|
Subject: |
Re: Writing recipe for Crypto++, and getting build errors |
|
Date: |
Mon, 26 Sep 2016 18:30:11 +0900 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux) |
Hello!
Adonay Felipe Nogueira <address@hidden> skribis:
> Archive: /gnu/store/52v106n4y88myk2c8nykymfidq6080ws-cryptopp-5.6.4.zip
> inflating: 3way.cpp
> inflating: 3way.h
[...]
> ?: 0 [chdir "3way.cpp"]
>
> ERROR: In procedure chdir:
> ERROR: In procedure chdir: Not a directory
The problem here is that this .zip file is a “tar bomb”, meaning that it
unpacks everything in the current directory, which the apply-snippet
logic isn’t prepared to deal with.
The way we’ve addressed it in the past is by using the
‘url-fetch/tarbomb’ procedure defined in (guix download). That method
is currently limited to tarballs, so we’d need a variant that deals with
zip files (see patch below).
If ‘url-fetch/zipbomb’ from the patch below works for you, I’ll apply
it.
Thanks!
Ludo’.
diff --git a/guix/download.scm b/guix/download.scm
index 649e96b..7f82ff2 100644
--- a/guix/download.scm
+++ b/guix/download.scm
@@ -35,6 +35,7 @@
#:export (%mirrors
url-fetch
url-fetch/tarbomb
+ url-fetch/zipbomb
download-to-store))
;;; Commentary:
@@ -427,6 +428,28 @@ own. This helper makes it easier to deal with \"tar
bombs\"."
"xf" #$drv)))
#:local-build? #t)))
+(define* (url-fetch/zipbomb url hash-algo hash
+ #:optional name
+ #:key (system (%current-system))
+ (guile (default-guile)))
+ "Similar to 'url-fetch' but unpack the zip file at URL in a directory of its
+own. This helper makes it easier to deal with \"zip bombs\"."
+ (define unzip
+ (module-ref (resolve-interface '(gnu packages zip)) 'unzip))
+
+ (mlet %store-monad ((drv (url-fetch url hash-algo hash
+ (string-append "tarbomb-" name)
+ #:system system
+ #:guile guile)))
+ ;; Take the zip bomb, and simply unpack it as a directory.
+ (gexp->derivation name
+ #~(begin
+ (mkdir #$output)
+ (chdir #$output)
+ (zero? (system* (string-append #$unzip "/bin/unzip")
+ #$drv)))
+ #:local-build? #t)))
+
(define* (download-to-store store url #:optional (name (basename url))
#:key (log (current-error-port)) recursive?)
"Download from URL to STORE, either under NAME or URL's basename if
- Writing recipe for Crypto++, and getting build errors, Adonay Felipe Nogueira, 2016/09/21
- Re: Writing recipe for Crypto++, and getting build errors, Ben Woodcroft, 2016/09/21
- Re: Writing recipe for Crypto++, and getting build errors, Ben Woodcroft, 2016/09/21
- Re: Writing recipe for Crypto++, and getting build errors,
Ludovic Courtès <=
- Re: Writing recipe for Crypto++, and getting build errors, Adonay Felipe Nogueira, 2016/09/30
- Re: Writing recipe for Crypto++, and getting build errors, Ludovic Courtès, 2016/09/30
- Re: Writing recipe for Crypto++, and getting build errors, Adonay Felipe Nogueira, 2016/09/30