gnu: bash: Use the bootstrap Guile in 'url-fetch/reset-patch-level'.
Fixes <http://bugs.gnu.org/25775>.
Reported by Sirgazil, Ricardo Wurmus, Andy Wingo, and others.
* guix/download.scm (in-band-download): Always use GUILE. This reverts
9f05908fb1
.
* gnu/packages/bash.scm (url-fetch/reset-patch-level): Remove #:guile.
Pass %BOOTSTRAP-GUILE as #:guile to 'url-fetch'. Remove #:guile-for-build
argument in 'gexp->derivation' call.
This commit is contained in:
parent
faa65e2735
commit
6c5b56f9fa
|
@ -21,6 +21,7 @@
|
||||||
(define-module (gnu packages bash)
|
(define-module (gnu packages bash)
|
||||||
#:use-module (guix licenses)
|
#:use-module (guix licenses)
|
||||||
#:use-module (gnu packages)
|
#:use-module (gnu packages)
|
||||||
|
#:use-module (gnu packages bootstrap)
|
||||||
#:use-module (gnu packages ncurses)
|
#:use-module (gnu packages ncurses)
|
||||||
#:use-module (gnu packages readline)
|
#:use-module (gnu packages readline)
|
||||||
#:use-module (gnu packages bison)
|
#:use-module (gnu packages bison)
|
||||||
|
@ -243,14 +244,17 @@ without modification.")
|
||||||
|
|
||||||
(define* (url-fetch/reset-patch-level url hash-algo hash
|
(define* (url-fetch/reset-patch-level url hash-algo hash
|
||||||
#:optional name
|
#:optional name
|
||||||
#:key (system (%current-system)) guile)
|
#:key (system (%current-system)))
|
||||||
"Fetch the Bash patch from URL and reset its 'PATCHLEVEL' definition so it
|
"Fetch the Bash patch from URL and reset its 'PATCHLEVEL' definition so it
|
||||||
can apply to a patch-level 0 Bash."
|
can apply to a patch-level 0 Bash."
|
||||||
|
;; Note: Forcefully use %BOOTSTRAP-GUILE here to work around bootstrapping
|
||||||
|
;; issues when using a daemon that lacks the "download" built-in. See
|
||||||
|
;; <https://bugs.gnu.org/25775>.
|
||||||
(mlet* %store-monad ((name -> (or name (basename url)))
|
(mlet* %store-monad ((name -> (or name (basename url)))
|
||||||
(patch (url-fetch url hash-algo hash
|
(patch (url-fetch url hash-algo hash
|
||||||
(string-append name ".orig")
|
(string-append name ".orig")
|
||||||
#:system system
|
#:system system
|
||||||
#:guile guile)))
|
#:guile %bootstrap-guile)))
|
||||||
(gexp->derivation name
|
(gexp->derivation name
|
||||||
(with-imported-modules '((guix build utils))
|
(with-imported-modules '((guix build utils))
|
||||||
#~(begin
|
#~(begin
|
||||||
|
@ -259,7 +263,6 @@ can apply to a patch-level 0 Bash."
|
||||||
(substitute* #$output
|
(substitute* #$output
|
||||||
(("PATCHLEVEL [0-6]+")
|
(("PATCHLEVEL [0-6]+")
|
||||||
"PATCHLEVEL 0"))))
|
"PATCHLEVEL 0"))))
|
||||||
#:guile-for-build guile
|
|
||||||
#:system system)))
|
#:system system)))
|
||||||
|
|
||||||
(define bash/fixed ;CVE-2017-5932 (RCE with completion)
|
(define bash/fixed ;CVE-2017-5932 (RCE with completion)
|
||||||
|
|
|
@ -418,10 +418,7 @@ GnuTLS itself and its dependencies. See <http://bugs.gnu.org/22774>."
|
||||||
;; hash of the expected result.
|
;; hash of the expected result.
|
||||||
#:verify-certificate? #f)))))
|
#:verify-certificate? #f)))))
|
||||||
|
|
||||||
(mlet %store-monad ((guile (package->derivation
|
(mlet %store-monad ((guile (package->derivation guile system)))
|
||||||
(or guile
|
|
||||||
(@@ (gnu packages bootstrap) %bootstrap-guile))
|
|
||||||
system)))
|
|
||||||
(gexp->derivation file-name builder
|
(gexp->derivation file-name builder
|
||||||
#:guile-for-build guile
|
#:guile-for-build guile
|
||||||
#:system system
|
#:system system
|
||||||
|
|
Loading…
Reference in New Issue