[bug#50515] [PATCH 2/2] website: Add 'computed-origin-method' packages t

guix-patches

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug#50515] [PATCH 2/2] website: Add 'computed-origin-method' packages t

From:	Mark H Weaver
Subject:	[bug#50515] [PATCH 2/2] website: Add 'computed-origin-method' packages to 'sources.json'.
Date:	Sat, 11 Sep 2021 20:54:50 -0400

Hi Simon,

> With Guix 9875f9bca3976bf3576eab9be42164fde454597e, the packages considered
> are IceCat and the Linux kernel; see: gnu/packages/gnuzilla.scm and
> gnu/packages/linux.scm.
>
> * website/apps/packages/builder.scm (gexp-references): Unexported variable
> from the module '(guix gexp)'.
> (origin->json): Add 'computed-origin-method' case.

Thanks for working on this.

> diff --git a/website/apps/packages/builder.scm 
> b/website/apps/packages/builder.scm
> index fb53215..ecf958a 100644
> --- a/website/apps/packages/builder.scm
> +++ b/website/apps/packages/builder.scm
[...]
> @@ -106,53 +109,67 @@
>           (append-map (cut maybe-expand-mirrors <> %mirrors)
>                       (map string->uri urls))))
> 
> -  `((type . ,(cond ((or (eq? url-fetch method)
> -                        (eq? url-fetch/tarbomb method)
> -                        (eq? url-fetch/zipbomb method)) 'url)
> -                   ((eq? git-fetch method) 'git)
> -                   ((or (eq? svn-fetch method)
> -                        (eq? svn-multi-fetch method)) 'svn)
> -                   ((eq? hg-fetch method) 'hg)
> -                   (else                   #nil)))
> -    ,@(cond ((or (eq? url-fetch method)
> +  (match uri
> +    ((? promise? promise)               ;computed-origin-method
> +     (match (force promise)

Here, you're implicitly assuming that 'computed-origin-method' is the
only origin method that puts a promise in the 'uri' field.  That may be
true today, but it will not necessarily be true tomorrow, and therefore
it seems suboptimal to make that assumption in the code.

Instead, I would suggest checking for "computed origins" in the same way
that is done for the other cases: using 'eq?'.  It's not ideal, but it's
more future-proof than checking for a promise in the 'url' field, and
anyway it's the way things are currently being done.

However, there's a difficulty, and I suspect you're already aware of it
and that it's why you used the suboptimal approach above:

At present, 'computed-origin-method' is not exported by any Guix module,
nor is there even a unique definition of it.  Instead, there are two
copies of it, one in gnuzilla.scm and one in linux.scm.

The reason 'computed-origin-method' is not exported is because it never
went through the review process that such a radical new capability in
Guix should go through before becoming part of it's public API.

At the time that I added 'computed-origin-method', I was under time
pressure to push security updates for IceCat, and my previous method of
cherry picking dozens of upsteam patches and applying them to the most
recent IceCat release suddenly became impractical due to comprehensive
code reformatting done upstream.

I've always viewed 'computed-origin-method' as a temporary hack to work
around limitations in the 'snippet' mechanism.  Most importantly, last I
checked, it was not possible for a 'snippet' to produce a tarball with a
different base name than the original downloaded source.  I consider it
a *requirement* for the 'icecat' source tarball and it's unpacked
directory to be named "icecat-…" and not "firefox-…", and similarly for
'linux-libre'.

I'm sorry that I never found the energy to clean this up properly.

Anyway, regarding your proposed patch: for now, I would suggest the
following options:

(1) In a separate preceding commit, move 'computed-origin-method' to its
    own module, export it, use the exported one in gnuzilla.scm and
    linux.scm, and use 'eq?' to test for it in the code above.  There
    should probably also be a comment next to the definition of
    'computed-origin-method' pointing out that it's a temporary hack,
    hopefully to be superceded by snippets when they have gained the
    required functionality.

(2) Alternatively, for now, use 'eq?' against the two private copies
    (accessed using @@, see below), along with a "FIXME" comment.

___ (or (eq? method (@@ (gnu packages gnuzilla) computed-origin-method))
_______ (eq? method (@@ (gnu packages linux) computed-origin-method)))

What do you think?

I'm not on the guix-patches list, so please CC me on replies that you'd
like me to see.

       Thanks,
         Mark

-- 
Disinformation flourishes because many people care deeply about injustice
but very few check the facts.  Ask me about <https://stallmansupport.org>.

[Prev in Thread]

Current Thread

[Next in Thread]

[bug#50515] (guix-artwork)[PATCH 0/2] List linux origins in 'sources.json'., zimoun, 2021/09/10
- [bug#50515] [PATCH 1/2] website: Tweak 'GUIX_WEB_SITE_LOCAL'., zimoun, 2021/09/10
  - [bug#50515] [PATCH 2/2] website: Add 'computed-origin-method' packages to 'sources.json'., zimoun, 2021/09/10
  - [bug#50515] [PATCH 2/2] website: Add 'computed-origin-method' packages to 'sources.json'., Mark H Weaver <=
    - [bug#50515] [PATCH 2/2] website: Add 'computed-origin-method' packages to 'sources.json'., zimoun, 2021/09/13
    - [bug#50515] [PATCH 2/2] website: Add 'computed-origin-method' packages to 'sources.json'., Mark H Weaver, 2021/09/15
    - [bug#50515] [PATCH 2/2] website: Add 'computed-origin-method' packages to 'sources.json'., zimoun, 2021/09/16

Prev by Date: [bug#50277] This one can be closed since it was merged
Next by Date: bug#47181: Packaging python-soundfile for use in MediaGoblin
Previous by thread: [bug#50515] [PATCH 2/2] website: Add 'computed-origin-method' packages to 'sources.json'.
Next by thread: [bug#50515] [PATCH 2/2] website: Add 'computed-origin-method' packages to 'sources.json'.
Index(es):
- Date
- Thread