Hello, I'm going to upgrade some machines - some Guix Systems and some guix on foreign distro - and I read that recently in Guix there was an issue with a grafted libxml2 that broke many programs (at runtime).
I see the «Grafted libxml2 is ABI-incompatible with the original libxml2» (https://codeberg.org/guix/guix/issues/2801) is closed now: does this mean that all related problems are resolved on current master? If all is solved now, I think «Coordination of the ungrafting effort of libxml2 on master.» (https://codeberg.org/guix/guix/issues/2699) should be closed now. Also «Frequent Emacs crashes» (https://codeberg.org/guix/guix/issues/2778)? Given the importance of this issue could the maintenance team please consider to write a coincise post mortem report to explain what happened and what should (has?) be done to prevent similar issues in the future? ...maybe in a blog post? I'm asking because relevant information is scattered among several issues and pull requests and I'm having a hard time collecting them in a coherent "pictire" [1]. AFAIU (but I miss the overall picture!) the core of the problem is that that graft should not have be done [2] in the first place as stated in the manual: --8<---------------cut here---------------start------------->8--- Currently, the length of the name and version of the graft and that of the package it replaces (bash-fixed and bash in the example above) must be equal. This restriction mostly comes from the fact that grafting works by patching files, including binary files, directly. Other restrictions may apply: for instance, when adding a graft to a package providing a shared library, the original shared library and its replacement must have the same SONAME and be binary-compatible. --8<---------------cut here---------------end--------------->8--- (https://guix.gnu.org/manual/devel/en/html_node/Security-Updates.html) IMHO there are two things that could be done: 1. «make a more prominent checklist» as proposed by Ludo' [3] _and_ make sure that all committers read and understand it (at least when they apply as commiter candidates but should be better once in 6 months): a sort of gentle committer agreement :-) 2. add a new lint script "verify grafts" as proposed in #2610 (https://codeberg.org/guix/guix/issues/2610), but AFAIU it's unclear if this kind of check can be automated. Anyway better _some_ automation to help developers/committers than none :-) Last but not least, I'm wondering why - given the clear "golden rule breach" - a quick revert of the related patch was not promptly done as suggested by Ludo' [4] on Sept 23. The issue was clearly reported on Sept 13 [5] (maybe earlier?) and the core of the problem reported on Sept 19; the mesa-updates brance merge was done on Sept 30: two weeks are too much to fix such an issue, in my opinion. Just to be clear: I'm just sharing my thoughts and I do _not_ absolutely intend to put pressure or worst "accuse" any of the involved persons! Thank you all for your great work on this issue, indeed! Happy hacking, Gio' [1] oh how much I _desperately_ miss bug-guix and guix-patches emails that allowed me to search for information in a matter of seconds with my notmuch database (and the unofficially hosted mirrors at yhetil.org https://yhetil.org/)! ;-( [2] https://codeberg.org/guix/guix/issues/2801#issuecomment-7269352 [3] https://codeberg.org/guix/guix/issues/2610#issuecomment-7269379 [4] https://codeberg.org/guix/guix/issues/2801#issuecomment-7313155 [5] https://codeberg.org/guix/guix/issues/2801 -- Giovanni Biscuolo Xelera IT Infrastructures
signature.asc
Description: PGP signature
