Re: Grafts

[Mark H Weaver]

address@hidden (Ludovic Courtès) writes:

> I pushed ‘wip-grafts’, a branch that implements “grafts.”
>
> Normally security updates deep in the DAG, such as an update of Bash or
> libc, cause a rebuild of everything, which can some time, as we’ve seen
> lately.
>
> The idea of grafts is to graft the fixed package on any packages users
> may want to install.  So, suppose there’s a libc fix; when installing
> IceCat, you’ll just be starting from the (pre-built) IceCat, and an
> additional derivation will patch the files in it to replace references
> to the old libc with references to the fixed libc (in practice this only
> works if the file name of the old and fixed libc have the same length.)

Thanks for working on this!  I think it will be quite important.

> ‘wip-grafts’ adds a ‘graft’ field to package records.  In the example
> above, we’d just add a ‘graft’ field to glibc, pointing to the fixed
> glibc, and the graft would just be automagically applied.  The branch
> has an example of that with Bash:
>
> --- a/gnu/packages/bash.scm
> +++ b/gnu/packages/bash.scm
> @@ -185,7 +185,13 @@ allows command-line editing, unlimited command history, 
> shell functions and
>  aliases, and job control while still allowing most sh scripts to be run
>  without modification.")
>       (license gpl3+)
> -     (home-page "http://www.gnu.org/software/bash/";))))
> +     (home-page "http://www.gnu.org/software/bash/";)
> +     (graft bash-fixed))))
> +
> +(define bash-fixed                                ;FIXME: Use something real.
> +  (package (inherit bash)
> +    (version "4.3.42")
> +    (graft #f)))

If you want a real example, upstream bash is at 4.3.30, whereas we only
have 4.3.27.

    Thanks!
      Mark