GNU bug report logs

#28659 Content-addressed mirror is not used upon invalid hash

PackageSource(s)Maintainer(s)
guix PTS Buildd Popcon
Full log

Message #63 received at 28659@debbugs.gnu.org (full text, mbox, reply):

Received: (at 28659) by debbugs.gnu.org; 4 Oct 2017 23:53:39 +0000
From debbugs-submit-bounces@debbugs.gnu.org Wed Oct 04 19:53:39 2017
Received: from localhost ([127.0.0.1]:49486 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1dztTv-0002UC-Hy
	for submit@debbugs.gnu.org; Wed, 04 Oct 2017 19:53:39 -0400
Received: from mail-it0-f50.google.com ([209.85.214.50]:46970)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <maxim.cournoyer@gmail.com>) id 1dztTu-0002Ty-8L
 for 28659@debbugs.gnu.org; Wed, 04 Oct 2017 19:53:38 -0400
Received: by mail-it0-f50.google.com with SMTP id v62so7662164itd.1
 for <28659@debbugs.gnu.org>; Wed, 04 Oct 2017 16:53:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=from:to:cc:subject:references:date:in-reply-to:message-id
 :user-agent:mime-version;
 bh=crXxBTpW8ZuD9HIpVOv6QQsj3iZobbV/Jeff/QUX+Hs=;
 b=Xnc3EmzMjxRnZJOJtiTGgy3qw5Vkt7PiEVirIVQ0qCoZTMPivVWQupQTODTfX1MvjI
 zZY/agF+L/9bS3prEmTaWAV3ief5NZBcmk9yDKlKTk4QsoSBJNCZmOCf3TCDvRYdUAX9
 lnp4ZHLw3vqLOh6DrVyZTe2T15AtqrH0CmM3JEL2Hzf4NUlhgBBbWQ8rOmF8STAj7HIm
 atbHIf5f0CvybT2jRuAXOGO/l/hRzD2DqMs9oMc1lONsdI1ciJLoCo7kOoOXQm+g7OEY
 n1PtuXEAYT/ptcEx7F3h1ePOsvdt6I6VGK6Xza52Pm0pgpC0YZK2aLSOJwc8ANU+VVRN
 2dGw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:references:date:in-reply-to
 :message-id:user-agent:mime-version;
 bh=crXxBTpW8ZuD9HIpVOv6QQsj3iZobbV/Jeff/QUX+Hs=;
 b=GwRlITVJmocrbjwhnliUEM4qH2JQayDLWusNVCHMm6E/aoGqBJzaEMxU277s0/fyKS
 eNf29Mrt7MG9hFbfQWcreV1KXnahAvbAFydhWKesLSzmz9uA6gHKsi7M06/HWpzwUsZ/
 pr+eLO7vA46otDGWeBl2fL20cKqcUAh1dtn3EGIRrwBODFwN1I4pk9XU8iaeLgFmz9HM
 2ATnzUV53Ru98XqyOa1u4WCb5WL6j3AFJbPonstL6jKFl0ojj1LpxYBnaftyyNY1anjw
 8LafnWbEyDP0yF5eX76UO9ExV+knvkNzy19blkSZ6Mk3yqaSfuu6btvB/nCgiQr0KaFp
 NoIg==
X-Gm-Message-State: AMCzsaX3qK96Qqv8euy1a7QbO2QSagQAwOjxIveHH7IyD4lSBdPiy2ll
 qjSmY5/HxuKsE+zBVwGO7/DdY8mM
X-Google-Smtp-Source: AOwi7QC0EUX6WryHWf+6OIV5AfHQ4WLpj66GbtJXIYZH4pFEtaMmiJltDGHdi2jGOYVZpp0c5LGNcQ==
X-Received: by 10.36.111.4 with SMTP id x4mr28511583itb.144.1507161212368;
 Wed, 04 Oct 2017 16:53:32 -0700 (PDT)
Received: from apteryx (104-222-112-128.cpe.teksavvy.com. [104.222.112.128])
 by smtp.gmail.com with ESMTPSA id q129sm1169222iod.32.2017.10.04.16.53.31
 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
 Wed, 04 Oct 2017 16:53:31 -0700 (PDT)
From: Maxim Cournoyer <maxim.cournoyer@gmail.com>
To: Leo Famulari <leo@famulari.name>
Subject: Re: bug#28659: v0.13: guix pull fails;
 libgit2-0.26.0 and 0.25.1 content hashes fail
References: <877ewf18d4.fsf@gnu.org> <87wp4e8yk5.fsf@gnu.org>
 <20171001204237.GA11804@jasmine.lan> <87vajxoavx.fsf@gnu.org>
 <20171002181929.GA10773@jasmine.lan> <87infx2mmt.fsf@gmail.com>
 <20171003142449.GB23431@jasmine.lan> <874lrfee45.fsf@gmail.com>
 <20171004165413.GA4596@jasmine.lan>
Date: Wed, 04 Oct 2017 19:53:30 -0400
In-Reply-To: <20171004165413.GA4596@jasmine.lan> (Leo Famulari's message of
 "Wed, 4 Oct 2017 12:54:13 -0400")
Message-ID: <87r2uih3lx.fsf@gmail.com>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="=-=-="
X-Spam-Score: -0.2 (/)
X-Debbugs-Envelope-To: 28659
Cc: Ludovic Courtès <ludo@gnu.org>, 28659@debbugs.gnu.org
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -0.2 (/)

[Message part 1 (text/plain, inline)]
Leo Famulari <leo@famulari.name> writes:

> On Wed, Oct 04, 2017 at 12:22:34AM -0400, Maxim Cournoyer wrote:
>> Here are the first 10 lines of the output:
>> --8<---------------cut here---------------start------------->8---
>> Number of potentially problematic GitHub packages:1011
>> fdupes
>> cbatticon
>> sedsed
>> cpulimit
>> autojump
>> sudo
>
> I think the script is buggy; sudo's source is not downloaded from GitHub
> as far as I can tell.

Good catch! I was assuming empty lists were falsy, but that's not the
case! I've ensured purely boolean predicates now and it gets the list
down to 650.

Here's the corrected script:

[Message part 2 (text/plain, inline)]
;;; A script to find packages possibly affected by GitHub
;;; infrastructure update that caused minor changes in the
;;; automatically generated tarballs.

(use-modules (ice-9 match)
	     (gnu packages)
	     (guix download)
	     (guix packages))

(define (problematic-uri? uri)

  (define (contains-github-archive? uri)
    (regexp-match? (string-match "github.com/.*/archive/" uri)))

  ;; URI can be a string or a list of string.
  (match uri
    ((uri1 uri2 ...)			;match list of strings
     (not (null? (filter contains-github-archive? uri))))
    (uri1				;match string
     (contains-github-archive? uri1))))

(define (problematic-github-package? package)
  (let ((source (package-source package)))
    (and (origin? source)
	 (eq? (origin-method source) url-fetch)
	 (problematic-uri? (origin-uri source)))))

(define (problematic-github-packages)
  "List of all the potentially problematic GitHub packages."
  (fold-packages (lambda (p r)
		   (if (problematic-github-package? p)
		       (cons p r)
		       r))
		 '()))
(define (main)
  "Find and print the names of the potentially problematic GitHub packages."
  (let ((packages (problematic-github-packages)))
    (format #t "Number of potentially problematic GitHub packages: ~a~%"
	    (length packages))
    (for-each (lambda (p)
		(format #t "~a~%" (package-name p)))
	      packages)))

;;; Run the program.
(main)

[Message part 3 (text/plain, inline)]
And sample output:
--8<---------------cut here---------------start------------->8---
Number of potentially problematic GitHub packages: 650
fdupes
cbatticon
cpulimit
thefuck
thermald
neofetch
autojump
progress
nnn
[...]
wxwidgets
xclip
xcape
sxhkd
maim
slop
tinyxml2
xlsx2csv
--8<---------------cut here---------------end--------------->8---

Maxim

Send a report that this bug log contains spam.

debbugs.gnu.org maintainers <help-debbugs@gnu.org>. Last modified: Mon Sep 8 01:21:56 2025; Machine Name: wallace-server

GNU bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.