emacs-bug-tracker
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#41499: closed (/proc/filesystems impurity in build environment)


From: GNU bug Tracking System
Subject: bug#41499: closed (/proc/filesystems impurity in build environment)
Date: Tue, 02 Jun 2020 01:19:02 +0000

Your message dated Mon, 01 Jun 2020 18:17:57 -0700
with message-id <877dwqw9iy.fsf@gmail.com>
and subject line Re: bug#41499: /proc/filesystems impurity in build environment
has caused the debbugs.gnu.org bug report #41499,
regarding /proc/filesystems impurity in build environment
to be marked as done.

(If you believe you have received this mail in error, please contact
help-debbugs@gnu.org.)


-- 
41499: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=41499
GNU Bug Tracking System
Contact help-debbugs@gnu.org with problems
--- Begin Message --- Subject: /proc/filesystems impurity in build environment Date: Sun, 24 May 2020 01:32:42 -0700 User-agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux)
Hi,

The Linux kernel's /proc/filesystems is an impurity in the Guix build
environment.  Its contents can cause the same derivation to behave
differently on different systems.

For example, the default kernel on Fedora systems uses SELinux, so
/proc/filesystems contains "selinuxfs".  However, the default kernel on
Guix System does not use SELinux, so /proc/filesystems does not contain
"selinuxfs".  This causes the sed derivation to fail when run on Fedora,
but not on Guix System:

https://debbugs.gnu.org/cgi/bugreport.cgi?bug=41498

Can we avoid this problem somehow?  For example, is there a way to
normalize /proc/filesystems in the build environment?

We have the --impersonate-linux-2.6 option as a way to eliminate a
similar kind of impurity, but that option doesn't actually change the
contents of /proc/filesystems at all.  I tried it.

-- 
Chris

Attachment: signature.asc
Description: PGP signature


--- End Message ---
--- Begin Message --- Subject: Re: bug#41499: /proc/filesystems impurity in build environment Date: Mon, 01 Jun 2020 18:17:57 -0700 User-agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux)
Hi Ludo,

Ludovic Courtès <ludo@gnu.org> writes:

> There’s /proc, but there are also syscalls that leak info, such as
> uname(2).
>
> Fortunately these issues are quite rare in practice (it’s mentioned in
> <https://guix.gnu.org/blog/2015/reproducible-builds-a-means-to-an-end/>,
> which references an earlier NixOS paper that discusses it.)
>
>> Shall we close this bug report, then?
>
> I think so.

OK.  Thank you for the interesting link!  I'm closing this bug report.

-- 
Chris

Attachment: signature.asc
Description: PGP signature


--- End Message ---

reply via email to

[Prev in Thread] Current Thread [Next in Thread]