subject:"bug#66305\: Error with recursive git checkout"

bug#66305: Error with recursive git checkout

2023-10-26 Thread Alexis Simon via Bug reports for GNU Guix


This is what was needed in the selinux policy to fix the errors

--8<---cut here---start->8---
(allow guix_daemon_t
   bin_t
   (file (execute execute_no_trans map)))
--8<---cut here---end--->8---

Alexis

bug#66305: Error with recursive git checkout

2023-10-26 Thread Alexis Simon via Bug reports for GNU Guix


ah well it seems this is due to a selinux policy error

--8<---cut here---start->8---
SELinux is preventing git-submodule from execute access on the file 
/usr/bin/sed.


*  Plugin catchall (100. confidence) suggests 
**


If you believe that git-submodule should be allowed execute access on 
the sed file by default.

Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'git-submodule' --raw | audit2allow -M my-gitsubmodule
# semodule -X 300 -i my-gitsubmodule.pp


Additional Information:
Source Contextsystem_u:system_r:guix_daemon.guix_daemon_t:s0
Target Contextsystem_u:object_r:bin_t:s0
Target Objects/usr/bin/sed [ file ]
Sourcegit-submodule
Source Path   git-submodule
Port  
Host  xps13
Source RPM Packages
Target RPM Packages   sed-4.8-12.fc38.x86_64
SELinux Policy RPMselinux-policy-targeted-38.29-1.fc38.noarch
Local Policy RPM
Selinux Enabled   True
Policy Type   targeted
Enforcing ModeEnforcing
Host Name xps13
Platform  Linux xps13 6.5.7-200.fc38.x86_64 #1 SMP
  PREEMPT_DYNAMIC Wed Oct 11 04:07:58 UTC 2023
  x86_64
Alert Count   460
First Seen2023-10-24 20:20:26 PDT
Last Seen 2023-10-25 09:44:31 PDT
Local ID  fa57086c-6738-4eec-8252-3abb66a9e249

Raw Audit Messages
type=AVC msg=audit(1698252271.150:513): avc:  denied  { execute } for 
pid=10644 comm="git-submodule" name="sed" dev="dm-0" ino=261979 
scontext=system_u:system_r:guix_daemon.guix_daemon_t:s0 
tcontext=system_u:object_r:bin_t:s0 tclass=file permissive=0



Hash: git-submodule,guix_daemon.guix_daemon_t,bin_t,file,execute
--8<---cut here---end--->8---

But trying to fix it does not seem to have any effect. I've added this 
to the guix-daemon.cil and re-applied

--8<---cut here---start->8---
(allow guix_daemon_t
   bin_t
   (file (execute)))
--8<---cut here---end--->8---

Alexis

bug#66305: Error with recursive git checkout

2023-10-26 Thread Alexis Simon via Bug reports for GNU Guix


Hi,

I think I'm hitting this bug trying to git-fetch with submodules.
I am on a foreign distro.

--8<---cut here---start->8---
/gnu/store/pmv37cxc4cg1s7x8yg8dkhikkwmwpncr-git-minimal-2.41.0/libexec/git-core/git-submodule: 
line 7: /bin/basename: Permission denied
/gnu/store/pmv37cxc4cg1s7x8yg8dkhikkwmwpncr-git-minimal-2.41.0/libexec/git-core/git-submodule: 
line 7: /bin/sed: Permission denied
/gnu/store/pmv37cxc4cg1s7x8yg8dkhikkwmwpncr-git-minimal-2.41.0/libexec/git-core/git-sh-setup: 
line 77: /bin/basename: Permission denied
/gnu/store/pmv37cxc4cg1s7x8yg8dkhikkwmwpncr-git-minimal-2.41.0/libexec/git-core/git-sh-setup: 
line 77: /bin/sed: Permission denied
/gnu/store/pmv37cxc4cg1s7x8yg8dkhikkwmwpncr-git-minimal-2.41.0/libexec/git-core/git-sh-setup: 
line 292: /bin/uname: Permission denied
/gnu/store/pmv37cxc4cg1s7x8yg8dkhikkwmwpncr-git-minimal-2.41.0/libexec/git-core/git-submodule: 
line 613: /bin/sed: Permission denied
/gnu/store/pmv37cxc4cg1s7x8yg8dkhikkwmwpncr-git-minimal-2.41.0/libexec/git-core/git-submodule: 
line 613 : cmd_: command not found
git-fetch: 
'/gnu/store/pmv37cxc4cg1s7x8yg8dkhikkwmwpncr-git-minimal-2.41.0/bin/git 
submodule update --init --recursive' failed with exit code 127

--8<---cut here---end--->8---

This is with a recent guix I think
--8<---cut here---start->8---
❯ guix describe
Generation 8oct. 24 2023 21:31:58   (current)
  guix 0074731
repository URL: https://git.savannah.gnu.org/git/guix.git
branch: master
commit: 00747316ee0e1a7962ffe226c727776ba7a8163b
--8<---cut here---end--->8---

Alexis

bug#66305: Error with recursive git checkout

2023-10-12 Thread Ludovic Courtès

Ludovic Courtès  skribis:

> Pushed as 762fdbdef52b4c17df578478cadc8655d56171a4.
>
> Now to update ‘guix’…

Done last week in 16fd9d6e3d626fc624c38cb3096331905a4161e4.

Closing!

bug#66305: Error with recursive git checkout

2023-10-05 Thread Ludovic Courtès

Hi!

Pushed as 762fdbdef52b4c17df578478cadc8655d56171a4.

Now to update ‘guix’…

Ludo’.

bug#66305: Error with recursive git checkout

2023-10-05 Thread Ludovic Courtès

Hello,

Simon Tournier  skribis:

> On Wed, 04 Oct 2023 at 18:25, Ludovic Courtès  wrote:
>
>> diff --git a/guix/scripts/perform-download.scm 
>> b/guix/scripts/perform-download.scm
>> index 045dd84ad6..c869f19502 100644
>> --- a/guix/scripts/perform-download.scm
>> +++ b/guix/scripts/perform-download.scm
>> @@ -108,6 +108,10 @@ (define* (perform-git-download drv output
>> (drv-output (assoc-ref (derivation-outputs drv) "out"))
>> (algo   (derivation-output-hash-algo drv-output))
>> (hash   (derivation-output-hash drv-output)))
>> +  ;; Commands such as 'git submodule' expect Coreutils and sed (among
>> +  ;; others) to be in $PATH.
>> +  (setenv "PATH" "/run/current-system/profile/bin:/bin:/usr/bin")
>> +
>>(git-fetch-with-fallback url commit output
>> #:recursive? recursive?
>> #:git-command %git
>
> LGTM.
>
> Well, I would add a comment explicitly mentioning that’s a temporary fix
> pointing this issue #66305.

It’s not temporary in that it will still be needed for example by the
Debian package of Guix.  But yeah, I’ll clarify that in the comment.

> And I have tested with:
>
> $ guix build  ocaml-ansiterminal -S --no-substitutes
> $ guix build volk --no-substitutes --check -S

Awesome, thanks for checking!

Ludo’.

bug#66305: Error with recursive git checkout

2023-10-04 Thread Simon Tournier

On Wed, 4 Oct 2023 at 20:16, Simon Tournier  wrote:

> And I have tested with:

On foreign distro I mean :-)

bug#66305: Error with recursive git checkout

2023-10-04 Thread Simon Tournier

Hi Ludo,

On Wed, 04 Oct 2023 at 18:25, Ludovic Courtès  wrote:

> diff --git a/guix/scripts/perform-download.scm 
> b/guix/scripts/perform-download.scm
> index 045dd84ad6..c869f19502 100644
> --- a/guix/scripts/perform-download.scm
> +++ b/guix/scripts/perform-download.scm
> @@ -108,6 +108,10 @@ (define* (perform-git-download drv output
> (drv-output (assoc-ref (derivation-outputs drv) "out"))
> (algo   (derivation-output-hash-algo drv-output))
> (hash   (derivation-output-hash drv-output)))
> +  ;; Commands such as 'git submodule' expect Coreutils and sed (among
> +  ;; others) to be in $PATH.
> +  (setenv "PATH" "/run/current-system/profile/bin:/bin:/usr/bin")
> +
>(git-fetch-with-fallback url commit output
> #:recursive? recursive?
> #:git-command %git

LGTM.

Well, I would add a comment explicitly mentioning that’s a temporary fix
pointing this issue #66305.

And I have tested with:

--8<---cut here---start->8---
$ guix build  ocaml-ansiterminal -S --no-substitutes
$ guix build volk --no-substitutes --check -S
--8<---cut here---end--->8---


Cheers,
simon

bug#66305: Error with recursive git checkout

2023-10-04 Thread Ludovic Courtès

Hello,

Simon Tournier  skribis:

> On Mon, 02 Oct 2023 at 11:17, Guillaume Le Vaillant  wrote:
>
>> With Guix at 47d0346553fdad9795c9390a60944ccaad7e5255, I'm unable to
>> build a package (see attached patch) requiring a recursive git-fetch to
>> get the sources:
>
> [...]
>
>> HEAD is now at 41ef634 Revert "libbladeRF: update compatibility for FPGA 
>> v0.15.0 from libbladeRF 2.4.0 to 2.5.0"
>> /gnu/store/y3vdq2pdkljrw63xxnc2vb6lz07ycar6-git-minimal-2.41.0/libexec/git-core/git-submodule:
>>  line 7: basename: command not found
>> /gnu/store/y3vdq2pdkljrw63xxnc2vb6lz07ycar6-git-minimal-2.41.0/libexec/git-core/git-submodule:
>>  line 7: sed: command not found
>> /gnu/store/y3vdq2pdkljrw63xxnc2vb6lz07ycar6-git-minimal-2.41.0/libexec/git-core/git-sh-setup:
>>  line 77: basename: command not found
>> /gnu/store/y3vdq2pdkljrw63xxnc2vb6lz07ycar6-git-minimal-2.41.0/libexec/git-core/git-sh-setup:
>>  line 77: sed: command not found
>> /gnu/store/y3vdq2pdkljrw63xxnc2vb6lz07ycar6-git-minimal-2.41.0/libexec/git-core/git-sh-setup:
>>  line 292: uname: command not found
>> /gnu/store/y3vdq2pdkljrw63xxnc2vb6lz07ycar6-git-minimal-2.41.0/libexec/git-core/git-submodule:
>>  line 613: sed: command not found
>> /gnu/store/y3vdq2pdkljrw63xxnc2vb6lz07ycar6-git-minimal-2.41.0/libexec/git-core/git-submodule:
>>  line 613: cmd_: command not found
>> git-fetch: 
>> '/gnu/store/y3vdq2pdkljrw63xxnc2vb6lz07ycar6-git-minimal-2.41.0/bin/git 
>> submodule update --init --recursive' failed with exit code 127
>
> It looks very similar as bug#65924:
>
> bug#65924: git searches coreutils and util-linux commands in PATH
> Maxim Cournoyer 

D’oh!  Thanks Simon and Guillaume for the heads-up (I had totally
overlooked that you raised this during the review, Simon; my bad).

Here’s a patch that fixes it for me:

diff --git a/guix/scripts/perform-download.scm b/guix/scripts/perform-download.scm
index 045dd84ad6..c869f19502 100644
--- a/guix/scripts/perform-download.scm
+++ b/guix/scripts/perform-download.scm
@@ -108,6 +108,10 @@ (define* (perform-git-download drv output
(drv-output (assoc-ref (derivation-outputs drv) "out"))
(algo   (derivation-output-hash-algo drv-output))
(hash   (derivation-output-hash drv-output)))
+  ;; Commands such as 'git submodule' expect Coreutils and sed (among
+  ;; others) to be in $PATH.
+  (setenv "PATH" "/run/current-system/profile/bin:/bin:/usr/bin")
+
   (git-fetch-with-fallback url commit output
#:recursive? recursive?
#:git-command %git

To test it, you need to run the daemon from your checkout, with
something like:

  sudo herd stop guix-daemon
  sudo -E ./pre-inst-env guix-daemon --build-users-group=guixbuild &

(Once we’ve applied the fix, we’ll have to update the ‘guix’ package.)

I think we should eventually our ‘git’ package as discussed in
, but that won’t help on foreign
distros anyway, hence the fix above.

WDYT?

Ludo’.

bug#66305: Error with recursive git checkout

2023-10-03 Thread Simon Tournier

Hi Guillaume,

On Mon, 02 Oct 2023 at 11:17, Guillaume Le Vaillant  wrote:

> With Guix at 47d0346553fdad9795c9390a60944ccaad7e5255, I'm unable to
> build a package (see attached patch) requiring a recursive git-fetch to
> get the sources:

[...]

> HEAD is now at 41ef634 Revert "libbladeRF: update compatibility for FPGA 
> v0.15.0 from libbladeRF 2.4.0 to 2.5.0"
> /gnu/store/y3vdq2pdkljrw63xxnc2vb6lz07ycar6-git-minimal-2.41.0/libexec/git-core/git-submodule:
>  line 7: basename: command not found
> /gnu/store/y3vdq2pdkljrw63xxnc2vb6lz07ycar6-git-minimal-2.41.0/libexec/git-core/git-submodule:
>  line 7: sed: command not found
> /gnu/store/y3vdq2pdkljrw63xxnc2vb6lz07ycar6-git-minimal-2.41.0/libexec/git-core/git-sh-setup:
>  line 77: basename: command not found
> /gnu/store/y3vdq2pdkljrw63xxnc2vb6lz07ycar6-git-minimal-2.41.0/libexec/git-core/git-sh-setup:
>  line 77: sed: command not found
> /gnu/store/y3vdq2pdkljrw63xxnc2vb6lz07ycar6-git-minimal-2.41.0/libexec/git-core/git-sh-setup:
>  line 292: uname: command not found
> /gnu/store/y3vdq2pdkljrw63xxnc2vb6lz07ycar6-git-minimal-2.41.0/libexec/git-core/git-submodule:
>  line 613: sed: command not found
> /gnu/store/y3vdq2pdkljrw63xxnc2vb6lz07ycar6-git-minimal-2.41.0/libexec/git-core/git-submodule:
>  line 613: cmd_: command not found
> git-fetch: 
> '/gnu/store/y3vdq2pdkljrw63xxnc2vb6lz07ycar6-git-minimal-2.41.0/bin/git 
> submodule update --init --recursive' failed with exit code 127

It looks very similar as bug#65924:

bug#65924: git searches coreutils and util-linux commands in PATH
Maxim Cournoyer 
Wed, 13 Sep 2023 14:00:09 -0400
id:87fs3iuf6e@gmail.com
https://issues.guix.gnu.org//65924
https://issues.guix.gnu.org/msgid/87fs3iuf6e@gmail.com
https://yhetil.org/guix/87fs3iuf6e@gmail.com

I think it is a corollary from:

bug#65866: [PATCH 0/8] Add built-in builder for Git checkouts
Ludovic Courtès 
Tue, 26 Sep 2023 17:44:22 +0200
id:87fs312b3d.fsf...@gnu.org
https://issues.guix.gnu.org//65866
https://issues.guix.gnu.org/msgid/87fs312b3d.fsf...@gnu.org
https://yhetil.org/guix/87fs312b3d.fsf...@gnu.org

and if I am correct, such potential issue had been pointed by:

Re: hard dependency on Git? (was bug#65866: [PATCH 0/8] Add built-in 
builder for Git checkouts)
Simon Tournier 
Thu, 14 Sep 2023 19:28:06 +0200
id:CAJ3okZ0hzimVNtTcSsJKR-x=wkppvthyxshzngzecqxnhfw...@mail.gmail.com
https://lists.gnu.org/archive/html/guix-devel/2023-09

https://yhetil.org/guix/CAJ3okZ0hzimVNtTcSsJKR-x=wkppvthyxshzngzecqxnhfw...@mail.gmail.com

Cheers,
simon

bug#66305: Error with recursive git checkout

2023-10-02 Thread Guillaume Le Vaillant

Workaround: by rebooting the machine to an older generation (and
therefore an older guix-daemon, with Guix at
4f35ff1275e05be31f5d41464ccf147e9dbfd016), the recursive git-fetch
works.


signature.asc
Description: PGP signature

bug#66305: Error with recursive git checkout

2023-10-02 Thread Guillaume Le Vaillant

Hi.

With Guix at 47d0346553fdad9795c9390a60944ccaad7e5255, I'm unable to
build a package (see attached patch) requiring a recursive git-fetch to
get the sources:

--8<---cut here---start->8---
$ ./pre-inst-env guix build bladerf
The following derivations will be built:
  /gnu/store/982zz7z94va89fxn79hpjil5wp0v49pn-bladerf-2023.02.drv
  /gnu/store/5rlqf4srlnnymsv93ydxkgxwgfszkszw-bladerf-2023.02-checkout.drv
building 
/gnu/store/5rlqf4srlnnymsv93ydxkgxwgfszkszw-bladerf-2023.02-checkout.drv...
Initialized empty Git repository in 
/gnu/store/fhlm9zxs4r4cgapbngckpzrs8rnzf1l2-bladerf-2023.02-checkout/.git/
From https://github.com/Nuand/bladeRF
 * tag   2023.02-> FETCH_HEAD
Note: switching to 'FETCH_HEAD'.

You are in 'detached HEAD' state. You can look around, make experimental
changes and commit them, and you can discard any commits you make in this
state without impacting any branches by switching back to a branch.

If you want to create a new branch to retain commits you create, you may
do so (now or later) by using -c with the switch command. Example:

  git switch -c 

Or undo this operation with:

  git switch -

Turn off this advice by setting config variable advice.detachedHead to false

HEAD is now at 41ef634 Revert "libbladeRF: update compatibility for FPGA 
v0.15.0 from libbladeRF 2.4.0 to 2.5.0"
/gnu/store/y3vdq2pdkljrw63xxnc2vb6lz07ycar6-git-minimal-2.41.0/libexec/git-core/git-submodule:
 line 7: basename: command not found
/gnu/store/y3vdq2pdkljrw63xxnc2vb6lz07ycar6-git-minimal-2.41.0/libexec/git-core/git-submodule:
 line 7: sed: command not found
/gnu/store/y3vdq2pdkljrw63xxnc2vb6lz07ycar6-git-minimal-2.41.0/libexec/git-core/git-sh-setup:
 line 77: basename: command not found
/gnu/store/y3vdq2pdkljrw63xxnc2vb6lz07ycar6-git-minimal-2.41.0/libexec/git-core/git-sh-setup:
 line 77: sed: command not found
/gnu/store/y3vdq2pdkljrw63xxnc2vb6lz07ycar6-git-minimal-2.41.0/libexec/git-core/git-sh-setup:
 line 292: uname: command not found
/gnu/store/y3vdq2pdkljrw63xxnc2vb6lz07ycar6-git-minimal-2.41.0/libexec/git-core/git-submodule:
 line 613: sed: command not found
/gnu/store/y3vdq2pdkljrw63xxnc2vb6lz07ycar6-git-minimal-2.41.0/libexec/git-core/git-submodule:
 line 613: cmd_: command not found
git-fetch: 
'/gnu/store/y3vdq2pdkljrw63xxnc2vb6lz07ycar6-git-minimal-2.41.0/bin/git 
submodule update --init --recursive' failed with exit code 127
--8<---cut here---end--->8---
From ac6fc0fdf16187c4e0c61916c52ced35a031fd76 Mon Sep 17 00:00:00 2001
Message-ID: 
From: Guillaume Le Vaillant 
Date: Sat, 30 Sep 2023 11:17:40 +0200
Subject: [PATCH 1/8] gnu: Add bladerf.

* gnu/packages/radio.scm (bladerf): New variable.
---
 gnu/packages/radio.scm | 39 +++
 1 file changed, 39 insertions(+)

diff --git a/gnu/packages/radio.scm b/gnu/packages/radio.scm
index 2e4e9db4cc..aa26c04db2 100644
--- a/gnu/packages/radio.scm
+++ b/gnu/packages/radio.scm
@@ -69,10 +69,12 @@ (define-module (gnu packages radio)
   #:use-module (gnu packages image)
   #:use-module (gnu packages image-processing)
   #:use-module (gnu packages javascript)
+  #:use-module (gnu packages libedit)
   #:use-module (gnu packages libusb)
   #:use-module (gnu packages linux)
   #:use-module (gnu packages logging)
   #:use-module (gnu packages lua)
+  #:use-module (gnu packages man)
   #:use-module (gnu packages maths)
   #:use-module (gnu packages mp3)
   #:use-module (gnu packages multiprecision)
@@ -1416,6 +1418,43 @@ (define-public hackrf
 @code{(udev-rules-service 'hackrf hackrf #:groups '(\"dialout\"))}.")
 (license license:gpl2)))
 
+(define-public bladerf
+  (package
+(name "bladerf")
+(version "2023.02")
+(source
+ (origin
+   (method git-fetch)
+   (uri (git-reference
+ (url "https://github.com/Nuand/bladeRF;)
+ (commit version)
+ (recursive? #t)))
+   (file-name (git-file-name name version))
+   (sha256
+(base32 "038v9qdmrwx9mxsrq4l36bap0bsypyg4i8hs7l7srv4b0c2s7ynp"
+(build-system cmake-build-system)
+(native-inputs (list doxygen help2man pkg-config))
+(inputs (list libedit libusb))
+(arguments
+ (list #:configure-flags #~(list "-DTAGGED_RELEASE=ON"
+ (string-append "-DUDEV_RULES_PATH="
+#$output
+"/lib/udev/rules.d")
+ "-DBLADERF_GROUP=dialout"
+ "-DBUILD_DOCUMENTATION=ON")
+   #:tests? #f)) ; No test suite
+(home-page "https://www.nuand.com/;)
+(synopsis "User-space library and utilities for BladeRF SDR")
+(description
+ "This package contains a library and command line utilities for
+controlling the BladeRF Software Defined Radio (SDR) over USB.  To install the
+hackrf udev rules, you must

bug#66305: Error with recursive git checkout

bug#66305: Error with recursive git checkout

bug#66305: Error with recursive git checkout

bug#66305: Error with recursive git checkout

bug#66305: Error with recursive git checkout

bug#66305: Error with recursive git checkout

bug#66305: Error with recursive git checkout

bug#66305: Error with recursive git checkout

bug#66305: Error with recursive git checkout

bug#66305: Error with recursive git checkout

bug#66305: Error with recursive git checkout

bug#66305: Error with recursive git checkout

12 matches

Site Navigation

Mail list logo

Footer information