gnu: bash: Use the bootstrap Guile in 'url-fetch/reset-patch-level'.

Fixes <http://bugs.gnu.org/25775>.
Reported by Sirgazil, Ricardo Wurmus, Andy Wingo, and others.

* guix/download.scm (in-band-download): Always use GUILE.  This reverts
9f05908fb1.
* gnu/packages/bash.scm (url-fetch/reset-patch-level): Remove #:guile.
Pass %BOOTSTRAP-GUILE as #:guile to 'url-fetch'.  Remove #:guile-for-build
argument in 'gexp->derivation' call.
This commit is contained in:
Ludovic Courtès 2017-03-07 23:42:13 +01:00
parent faa65e2735
commit 6c5b56f9fa
No known key found for this signature in database
GPG Key ID: 090B11993D9AEBB5
2 changed files with 7 additions and 7 deletions

View File

@ -21,6 +21,7 @@
(define-module (gnu packages bash) (define-module (gnu packages bash)
#:use-module (guix licenses) #:use-module (guix licenses)
#:use-module (gnu packages) #:use-module (gnu packages)
#:use-module (gnu packages bootstrap)
#:use-module (gnu packages ncurses) #:use-module (gnu packages ncurses)
#:use-module (gnu packages readline) #:use-module (gnu packages readline)
#:use-module (gnu packages bison) #:use-module (gnu packages bison)
@ -243,14 +244,17 @@ without modification.")
(define* (url-fetch/reset-patch-level url hash-algo hash (define* (url-fetch/reset-patch-level url hash-algo hash
#:optional name #:optional name
#:key (system (%current-system)) guile) #:key (system (%current-system)))
"Fetch the Bash patch from URL and reset its 'PATCHLEVEL' definition so it "Fetch the Bash patch from URL and reset its 'PATCHLEVEL' definition so it
can apply to a patch-level 0 Bash." can apply to a patch-level 0 Bash."
;; Note: Forcefully use %BOOTSTRAP-GUILE here to work around bootstrapping
;; issues when using a daemon that lacks the "download" built-in. See
;; <https://bugs.gnu.org/25775>.
(mlet* %store-monad ((name -> (or name (basename url))) (mlet* %store-monad ((name -> (or name (basename url)))
(patch (url-fetch url hash-algo hash (patch (url-fetch url hash-algo hash
(string-append name ".orig") (string-append name ".orig")
#:system system #:system system
#:guile guile))) #:guile %bootstrap-guile)))
(gexp->derivation name (gexp->derivation name
(with-imported-modules '((guix build utils)) (with-imported-modules '((guix build utils))
#~(begin #~(begin
@ -259,7 +263,6 @@ can apply to a patch-level 0 Bash."
(substitute* #$output (substitute* #$output
(("PATCHLEVEL [0-6]+") (("PATCHLEVEL [0-6]+")
"PATCHLEVEL 0")))) "PATCHLEVEL 0"))))
#:guile-for-build guile
#:system system))) #:system system)))
(define bash/fixed ;CVE-2017-5932 (RCE with completion) (define bash/fixed ;CVE-2017-5932 (RCE with completion)

View File

@ -418,10 +418,7 @@ GnuTLS itself and its dependencies. See <http://bugs.gnu.org/22774>."
;; hash of the expected result. ;; hash of the expected result.
#:verify-certificate? #f))))) #:verify-certificate? #f)))))
(mlet %store-monad ((guile (package->derivation (mlet %store-monad ((guile (package->derivation guile system)))
(or guile
(@@ (gnu packages bootstrap) %bootstrap-guile))
system)))
(gexp->derivation file-name builder (gexp->derivation file-name builder
#:guile-for-build guile #:guile-for-build guile
#:system system #:system system