Hi,
On Fri, 25 Mar 2022 at 20:39, kias...@tutanota.com wrote:
> ====the middle of guix build -f hardened.scm====
> building /gnu/store/1nlrgg5ryl486haw0kdqnbp4wa17lhwh-gcc-10.3.0.drv...
> Backtrace:
> In ice-9/eval.scm:
> 217:50 19 (lp (#<procedure 7ffff3fff5e0 at ice-9/eval.scm:282:?> ?))
> 217:50 18 (lp (#<procedure 7ffff3fff580 at ice-9/eval.scm:282:?> ?))
> 217:50 17 (lp (#<procedure 7ffff3fff4c0 at ice-9/eval.scm:649:?> ?))
> 217:50 16 (lp (#<procedure 7ffff3fff300 at ice-9/eval.scm:282:?> ?))
> 217:50 15 (lp (#<procedure 7ffff3fff2a0 at ice-9/eval.scm:649:?> ?))
> 217:50 14 (lp (#<procedure 7ffff3fff140 at ice-9/eval.scm:282:?> ?))
> 217:50 13 (lp (#<procedure 7ffff3fff120 at ice-9/eval.scm:282:?> ?))
> 217:50 12 (lp (#<procedure 7ffff3fff100 at ice-9/eval.scm:282:?> ?))
> 217:50 11 (lp (#<procedure 7ffff2c01f40 at ice-9/eval.scm:649:?> ?))
> 217:50 10 (lp (#<procedure 7ffff2c01f20 at ice-9/eval.scm:282:?> ?))
> 217:50 9 (lp (#<procedure 7ffff2c01f00 at ice-9/eval.scm:282:?> ?))
> 217:50 8 (lp (#<procedure 7ffff2c01ee0 at ice-9/eval.scm:282:?> ?))
> 217:50 7 (lp (#<procedure 7ffff2c01e80 at ice-9/eval.scm:649:?> ?))
> 217:50 6 (lp (#<procedure 7ffff2c01e60 at ice-9/eval.scm:282:?> ?))
> 217:50 5 (lp (#<procedure 7ffff2c20ed0 at ice-9/eval.scm:196:?> ?))
> 217:50 4 (lp (#<procedure 7ffff2c01d20 at ice-9/eval.scm:282:?> ?))
> 217:33 3 (lp (#<procedure 7ffff2c01b20 at ice-9/eval.scm:649:?> ?))
> 159:9 2 (_ #(#(#<directory (guile-user) 7ffff3fd7c80> #f) #f))
> 159:9 1 (_ #(#(#<directory (guile-user) 7ffff3fd7c80> #f) #f))
> In unknown file:
> 0 (string-append "LDFLAGS=" "-Wl,-rpath=" #f "/lib " "-W?" ?)
>
> ERROR: In procedure string-append:
> In procedure string-append: Wrong type (expecting string): #f
> builder for `/gnu/store/1nlrgg5ryl486haw0kdqnbp4wa17lhwh-gcc-10.3.0.drv'
> failed with exit code 1
> build of /gnu/store/1nlrgg5ryl486haw0kdqnbp4wa17lhwh-gcc-10.3.0.drv failed
> View build log at
> '/var/log/guix/drvs/1n/lrgg5ryl486haw0kdqnbp4wa17lhwh-gcc-10.3.0.drv.gz'.
> guix build: error: build of
> `/gnu/store/1nlrgg5ryl486haw0kdqnbp4wa17lhwh-gcc-10.3.0.drv' failed
> ====the middle of guix build -f hardened.scm====
You are creating a cycle, no? It is not a DAG and so the transformation
fails, no?
For instance, this:
--8<---------------cut here---------------start------------->8---
(use-modules (guix packages)
(gnu packages gcc)
(gnu packages base))
(define make-gcc-toolchain
(@@ (gnu packages commencement) make-gcc-toolchain))
(define gcc-bis
(package
(inherit gcc)
(version (string-append (package-version gcc) "-bis"))))
(define gcc-toolchain-bis
(make-gcc-toolchain gcc-bis glibc))
(define (package-with-c-toolchain-bis package)
(package-with-c-toolchain
package `(("toolchain" ,gcc-toolchain-bis))))
(package-with-c-toolchain-bis gcc-bis)
--8<---------------cut here---------------end--------------->8---
fails with the same message. There is bootstrapping issue: the binary
of gcc-bis is required to compile the source of gcc-bis; where does come
from such binary of gcc-bis?
Considering your use case, you need:
- gcc considered as binary seed
- use this binary gcc with the hardened options to compile the source
of GCC; resulting to the binary gcc-hardened-1
- use this binary gcc-hardened-2 with the hardened options to recompile
the source of GCC; resulting to the binary gcc-hardened-2
- if checksum(gcc-hardened-1) == checksum(gcc-hardened-2)
then use this binary to define a new toolchain
else reach the fixed point
fixed point: use this binary gcc-hardened-{n-1} to compile the source of
GCC and output the binary gcc-hardened-{n}; compare the checksum of
the binary {n-1} and {n} and repeat until equality is reached.
Guix is not auto-magically resolving the fixed-point, i.e., it does not
unroll the cycle by magic. :-) You have to do it manually or write code
for automatise the process; described above.
Hope that helps.
Cheers,
simon
