bug#36747: Official MesCC bootstrap binaries differ from my locally built ones

[Jan Nieuwenhuizen]

Jan Nieuwenhuizen writes:

> Hmm, I'm not sure how much work it would be.  If we're lucky then the
> recipes from gnu/packages/bootstrap.scm

 *gnu/packages/make-bootstrap.scm

-- 
Jan Nieuwenhuizen  | GNU LilyPond http://lilypond.org
Freelance IT http://JoyofSource.com | Avatar® http://AvatarAcademy.com

bug#36747: Official MesCC bootstrap binaries differ from my locally built ones

[Jan Nieuwenhuizen]

Mark H Weaver writes:

Hi Mark,

> I agree that store references should be removed, i.e. the hash component
> of the store file names should be replaced with all ee's.  Note that
> 'e' is never found in a valid Nix base32 hash string.  This is what was
> done in our older bootstrap binaries, which we've been using for many
> years, since the early days of Guix.

Yes, I understand the last bit.  However, it is only now with my failure
to remove them that we found something possiblby fishy?  IWBN if we knew
that the hashes are reproducible before we remove them.  Hmm, that might
be a good argument to have two packages, a merely static/content
stripped version and a hashes-stripped version.

> I'd like to build the new bootstrap binaries, but I'm unsure how to
> proceed.  In your new batch of commits, you reference the commit that
> was used to perform the build:

> I guess that I should build from a checkout of commit
> 2e13b6fff94027158b3de5d3a1469dc9f89b0c39.  However, that commit is not
> on Savannah, as demonstrated by the following URL, which reports "Bad
> commit reference: 2e13b6fff94027158b3de5d3a1469dc9f89b0c39".
>
>   
> https://git.savannah.gnu.org/cgit/guix.git/commit/?id=2e13b6fff94027158b3de5d3a1469dc9f89b0c39

Right, that commit is two commits up or my core-updates branch @ gitlab

https://gitlab.com/janneke/guix @ core-updates

it's core-updates plus the two first patches I sent.  I could push a
wip-core-updates branch (but I'll first try the master thing, see
below).

> The other issue is that your proposed new fixes do not seem to apply to
> 'master'.  Did you build the newly fixed bootstrap tarballs from
> something based on 'core-updates'?  If so, that leaves me no way to
> independently verify the new bootstrap without putting my trust in the
> slightly older bootstrap -- the same one that I just failed to
> reproduce.

Ah, hadn't thought about that...

> What I need is a way to build the new bootstrap tarballs without using
> the existing 'core-updates' branch.  I need a way to build them from a
> branch that's based upon the much older bootstrap binaries that we've
> been using for many years.  Preferably, they should be built from
> something close to current 'master'.
>
> Is this feasible?

Hmm, I'm not sure how much work it would be.  If we're lucky then the
recipes from gnu/packages/bootstrap.scm for mescc-tools-static-stripped
and mes-minimal-stripped and their tarballs could be put into and used
on master to build.  I'll have a look into this.

If we could find how you can reproduce the current flawed hash-containing
bootstrap binaries that we have on core-updates, that would be nice...I'm
hoping for Ludo' to step in and say something insightful about the
differences you found :)

janneke

-- 
Jan Nieuwenhuizen  | GNU LilyPond http://lilypond.org
Freelance IT http://JoyofSource.com | Avatar® http://AvatarAcademy.com

bug#36747: Official MesCC bootstrap binaries differ from my locally built ones

[Mark H Weaver]

Hi Janneke,

Thanks very much for the quick response to this issue.

Jan Nieuwenhuizen  wrote:
> In any case, if store references are present in bootstrap binaries, then
> they should be reproducible.  Removing store references is one way to
> make them reproducible but I'm not sure if that's the best way?
>
> Making a reference invalid helps making sure that it isn't used.  But if
> it cannot be used anyway, removing it could hide the fact that it may
> differs accros builds, as we are finding out right now.  Thoughts?

I agree that store references should be removed, i.e. the hash component
of the store file names should be replaced with all ee's.  Note that
'e' is never found in a valid Nix base32 hash string.  This is what was
done in our older bootstrap binaries, which we've been using for many
years, since the early days of Guix.

I'd like to build the new bootstrap binaries, but I'm unsure how to
proceed.  In your new batch of commits, you reference the commit that
was used to perform the build:

> From 172ee1045689cd42d2de837ee560d32c43730cc3 Mon Sep 17 00:00:00 2001
> From: Jan Nieuwenhuizen 
> Date: Sun, 21 Jul 2019 14:38:52 +0200
> Subject: [PATCH 3/4] bootstrap: bootstrap-mescc-tools: Update.
> 
> Built with
> 2e13b6fff94027158b3de5d3a1469dc9f89b0c39 bootstrap: 
> mes-minimal-stripped: Remove store references.
> 
> * gnu/packages/bootstrap.scm (%bootstrap-mescc-tools): Update.

I guess that I should build from a checkout of commit
2e13b6fff94027158b3de5d3a1469dc9f89b0c39.  However, that commit is not
on Savannah, as demonstrated by the following URL, which reports "Bad
commit reference: 2e13b6fff94027158b3de5d3a1469dc9f89b0c39".

  
https://git.savannah.gnu.org/cgit/guix.git/commit/?id=2e13b6fff94027158b3de5d3a1469dc9f89b0c39

The other issue is that your proposed new fixes do not seem to apply to
'master'.  Did you build the newly fixed bootstrap tarballs from
something based on 'core-updates'?  If so, that leaves me no way to
independently verify the new bootstrap without putting my trust in the
slightly older bootstrap -- the same one that I just failed to
reproduce.

What I need is a way to build the new bootstrap tarballs without using
the existing 'core-updates' branch.  I need a way to build them from a
branch that's based upon the much older bootstrap binaries that we've
been using for many years.  Preferably, they should be built from
something close to current 'master'.

Is this feasible?

 Thanks,
   Mark

bug#36754: New linux-libre failed to build on armhf on Berlin

[Mark H Weaver]

In commit 1ad9c105c208caa9059924cbfbe4759c8101f6c9, I changed our
linux-libre packages to deblob the linux-libre source tarballs
ourselves, i.e. to run the deblobbing scripts provided by the
linux-libre project to produce linux-libre source tarballs from the
upstream linux tarballs:

  
https://git.savannah.gnu.org/cgit/guix.git/commit/?id=1ad9c105c208caa9059924cbfbe4759c8101f6c9

The following queries show that the updated packages built successfully
on x86_64, i686, and aarch64, but they all failed on armhf:

  https://ci.guix.gnu.org/search?query=linux-libre-5.2.2
  https://ci.guix.gnu.org/search?query=linux-libre-4.19.60
  https://ci.guix.gnu.org/search?query=linux-libre-4.14.134
  https://ci.guix.gnu.org/search?query=linux-libre-4.9.186
  https://ci.guix.gnu.org/search?query=linux-libre-4.4.186
  https://ci.guix.gnu.org/search?query=linux-libre-arm-veyron-5.2.2
  https://ci.guix.gnu.org/search?query=linux-libre-arm-generic-5.2.2
  https://ci.guix.gnu.org/search?query=linux-libre-arm-generic-4.19.60
  https://ci.guix.gnu.org/search?query=linux-libre-arm-generic-4.14.134
  https://ci.guix.gnu.org/search?query=linux-libre-arm-omap2plus-5.2.2
  https://ci.guix.gnu.org/search?query=linux-libre-arm-omap2plus-4.19.60
  https://ci.guix.gnu.org/search?query=linux-libre-arm-omap2plus-4.14.134

Unfortunately, I'm unable to get *any* information about what went wrong
from Cuirass.  None of the failed builds have associated log files, and
the build details page has no useful information either.  For example:

  https://ci.guix.gnu.org/build/1488517/details

My first guess was that something went wrong in the 'computed' origin
that runs the deblobbing script.  However, that's apparently not the
case, because all of the updated 'linux-libre-headers' packages built
successfully on armhf, and those use the same source tarballs as the
main 'linux-libre' packages.

  https://ci.guix.gnu.org/search?query=linux-libre-headers-5.2.2
  https://ci.guix.gnu.org/search?query=linux-libre-headers-4.19.60
  https://ci.guix.gnu.org/search?query=linux-libre-headers-4.14.134

Can someone help me find out what's going on here?  Until then, I'm
sorry to say that armhf-linux users will be unable to update their
systems.

   Mark

bug#36728: LibreOffice fails to open hyperlinks

[Chris Marusich]

Chris Marusich  writes:

> Chris Marusich  writes:
>
>> I have a fix and will post it in a moment.
>
> I've verified that the attached patch fixes the issue.  It took over 4
> hours to build libreoffice on 1 core on my x200 laptop (not including
> the time it took to build dependencies).  I would normally push this
> directly to master because no packages depend on libreoffice, but the
> long build time gave me pause.
>
> Should I commit this change to master or to somewhere else?

I've committed this to the master branch as
afb986e77cd669c2f21953f501f7893237730ca7.  Closing.

-- 
Chris


signature.asc
Description: PGP signature

bug#36706: "guix gc --verify" fails with "FOREIGN KEY constraint failed"

[Chris Marusich]

Ingo Ruhnke  writes:

> On Wed, Jul 17, 2019 at 10:02 PM Ricardo Wurmus  wrote:
>
>> This is bad and you cannot recover from it.  The store should *never* be
>> edited manually as it will become inconsistent with the database (which
>> I assume you have not edited).
>>
>
> I recovered it just fine with a quick&dirty:
>
> $ sqlite3 /var/guix/db.sqlite
> delete from Refs where reference in (select id from ValidPaths where path
> glob "*libreof*");
> delete from Refs where referrer in (select id from ValidPaths where path
> glob "*libreof*");
> delete from DerivationOutputs where path glob "*libreof*";
> delete from ValidPaths where path glob "*libreof*";
>
> Which I assume is what `guix gc --verify=repair` was trying to do, but it's
> not cleaning up Refs table and thus failing at the FOREIGN KEY constraint.
>
> $ sqlite3 /var/guix/db/db.sqlite
> [...]
> sqlite> .schema
> [...]
> CREATE TABLE Refs (
> referrer  integer not null,
> reference integer not null,
> primary key (referrer, reference),
> foreign key (referrer) references ValidPaths(id) on delete cascade,
> foreign key (reference) references ValidPaths(id) on delete restrict
> < this one here
> );

That might work, or it might not.  Since manual manipulation of the
store and the database is not supported, and your Guix installation
might now be in an unknown, invalid state.  At the very least, you
should probably run "guix gc --verify=contents,repair".  The safest (but
admittedly heavy-handed) thing to do is to reinstall Guix completely.

The guix-daemon is carefully designed to maintain several critical
invariants regarding the state of the store and its database.  If by
manually modifying the store or the database you have accidentally
invalidated one of those invariants (or if you have made a change that
is not detected now but which later on might invalidate one of those
invariants), there is no guarantee you can easily recover.

-- 
Chris


signature.asc
Description: PGP signature

bug#36667: crates-io.scm packages should build on master

[Chris Marusich]

Hi Giacomo,

Thank you for taking the time to submit a patch!

goodoldp...@autistici.org writes:

> Rust libraries contained in gnu/packages/crates-io.scm are not
> building anymore because cargo wants to download crate dependencies
> inside the store.

Curious!  I wonder when this changed.

> The attached patch sets the CARGO_HOME environment variable  to "."
> much earlier than it previously was, just after the configure
> phase. With the attached patch all packages in crates-io.scm build
> without errors.
>
> I hope I did everything right,

Unfortunately, your patch does not apply cleanly to the current tip of
the master branch (d1e766e5c6b9e25ff0fa8e0a2adf3e764401a3a2).  Could you
please tell me what commit or branch it applies against, or send a new
patch that applies cleanly to the current tip of the master branch?

Thank you,

-- 
Chris


signature.asc
Description: PGP signature

bug#36363: let's encrypt hash mismatch

[Chris Marusich]

Ludovic Courtès  writes:

> Julien Lepiller  skribis:
>
>>  expected hash: 0zhd1ps7sz4w1x52xk3v7ng6d0rcyi7y7rcrplwkmilnq5hzjv1y
>>  actual hash:   0zycy85ff9ga53z1q03df89ka9iihb9p8bjhw056rq2y4rn3b6ac
>>  hash mismatch for store item
>>  '/gnu/store/1drx7dy1zakc0xs60nb0im1jbvxp11dj-isrgrootx1.pem' build
>
> I believe you’d be fine if substitutes were enabled, but they’re not.
>
> In the meantime, you can fetch those files with something like:
>
>   wget -O /tmp/isrgrootx1.pem \
> 
> http://berlin.guix.gnu.org/file/isrgrootx1.pem/sha256/0zhd1ps7sz4w1x52xk3v7ng6d0rcyi7y7rcrplwkmilnq5hzjv1y
>   guix download file:///tmp/isrgrootx1.pem
>
> But yeah, like Tobias writes, it’s a bit of a problem.  Should we mirror
> them somewhere?  Does Let’s Encrypt have them under a versioned URL
> elsewhere?

What is Guix using these files for?  I realize it's got something to do
with TLS, but it isn't clear to me why Guix downloads these certs.

I don't have the full context, so please forgive me if my comments are
unhelpful, but before deciding to use stale versions, I think it's worth
asking, "Could using a stale version introduce any security risk?"
Maybe there's a reason why LE doesn't publish the old versions.

-- 
Chris


signature.asc
Description: PGP signature

bug#36634: Virtual Machine Manager (virt-manager)

[Raghav Gururajan]

> So, I've experienced this too. Even though this is a cgroup thing,
> I'm
> pretty sure this isn't an issue with Linux.

I see.

> I've tried reverting the changes in [1], and that seems to solve the
> issue. Unfortunately, I don't have any insight in to what's different
> between the problematic 5.5.0 release, and the working 5.4.0 release.

So, by reverting changes, do you mean you patched and made a new
commit?

Thank you!

Regards,
RG.

bug#36634: Virtual Machine Manager (virt-manager)

[Christopher Baines]

Raghav Gururajan  writes:

> libvirt.libvirtError: Unable to read from
> '/sys/fs/cgroup/unified/machine/cgroup.controllers': No such file or
> directory

So, I've experienced this too. Even though this is a cgroup thing, I'm
pretty sure this isn't an issue with Linux.

I've tried reverting the changes in [1], and that seems to solve the
issue. Unfortunately, I don't have any insight in to what's different
between the problematic 5.5.0 release, and the working 5.4.0 release.

1: 458fe419232844d2021608d20dcd8f6e095eb2b4
https://git.savannah.gnu.org/cgit/guix.git/commit/?id=458fe419232844d2021608d20dcd8f6e095eb2b4


signature.asc
Description: PGP signature

bug#36685: ant-bootstrap fails on core-updates (409 dependents)

[Gábor Boskovits]

Hello,

Ricardo Wurmus  ezt írta (időpont: 2019. júl. 21., Vas
13:29):

> So, with the following change I was able to build all the way up to the
> latest openjdk.  Should we use it despite the introduction of a memory
> leak in a bootstrap JVM?  Can we make the patch smaller (fewer uses of
> glibc 2.28 or gcc-5)?
>
> What do you think?
>

I will have a look at reducing the patch later today. I will report back
tomorrow morning with the results.


>
> --
> Ricardo
>

bug#36747: Official MesCC bootstrap binaries differ from my locally built ones

[Jan Nieuwenhuizen]

 #:phases (modify-phases %standard-phases
+  (delete 'configure)
+  (add-after 'install 'strip-store-references
+(lambda _
+  (let* ((out (assoc-ref %outputs "out"))
+ (bin (string-append out "/bin")))
+(for-each (lambda (file)
+ (let ((target (string-append bin "/" file)))
+   (format #t "strippingg `~a'...~%" target)
+   (remove-store-references target)))
+   '( "M1" "blood-elf" "hex2"))
 
 (define-public %mes-minimal-stripped
   ;; A minimal Mes without documentation dependencies, for bootstrap.
@@ -791,7 +802,7 @@ for `sh' in $PATH, and without nscd, and with static NSS modules."
 
 (define %mescc-tools-bootstrap-tarball
   ;; A tarball with MesCC binary seed.
-  (tarball-package %mescc-tools-static))
+  (tarball-package %mescc-tools-static-stripped))
 
 (define %mes-bootstrap-tarball
   ;; A tarball with Mes ASCII Seed and binary Mes C Library.
-- 
2.21.0

>From 2e13b6fff94027158b3de5d3a1469dc9f89b0c39 Mon Sep 17 00:00:00 2001
From: Jan Nieuwenhuizen 
Date: Sun, 21 Jul 2019 14:27:07 +0200
Subject: [PATCH 2/4] bootstrap: mes-minimal-stripped: Remove store references.

* gnu/packages/make-bootstrap.scm (%mes-minimal-stripped): Remove store
references.
---
 gnu/packages/make-bootstrap.scm | 15 +++
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/gnu/packages/make-bootstrap.scm b/gnu/packages/make-bootstrap.scm
index 8cc4eef430..af89ca8c3c 100644
--- a/gnu/packages/make-bootstrap.scm
+++ b/gnu/packages/make-bootstrap.scm
@@ -621,6 +621,7 @@ for `sh' in $PATH, and without nscd, and with static NSS modules."
  #:configure-flags '("--mes")
  #:phases
  (modify-phases %standard-phases
+   (delete 'patch-shebangs)
(add-after 'install 'strip-install
  (lambda _
(let* ((out (assoc-ref %outputs "out"))
@@ -628,10 +629,16 @@ for `sh' in $PATH, and without nscd, and with static NSS modules."
  (delete-file-recursively (string-append out "/lib/guile"))
  (delete-file-recursively (string-append share "/guile"))
  (delete-file-recursively (string-append share "/mes/scaffold"))
- (for-each
-  delete-file
-  (find-files (string-append share  "/mes/lib")
-  "\\.(h|c)")))
+
+ (for-each delete-file
+   (find-files
+(string-append share "/mes/lib") "\\.(h|c)"))
+
+ (for-each (lambda (dir)
+ (for-each remove-store-references
+   (find-files (string-append out "/" dir)
+   ".*")))
+   '("bin" "share/mes")))
 
 (define %guile-static
   ;; A statically-linked Guile that is relocatable--i.e., it can search
-- 
2.21.0

>From 172ee1045689cd42d2de837ee560d32c43730cc3 Mon Sep 17 00:00:00 2001
From: Jan Nieuwenhuizen 
Date: Sun, 21 Jul 2019 14:38:52 +0200
Subject: [PATCH 3/4] bootstrap: bootstrap-mescc-tools: Update.

Built with
2e13b6fff94027158b3de5d3a1469dc9f89b0c39 bootstrap: mes-minimal-stripped: Remove store references.

* gnu/packages/bootstrap.scm (%bootstrap-mescc-tools): Update.
---
 gnu/packages/bootstrap.scm | 8 
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/gnu/packages/bootstrap.scm b/gnu/packages/bootstrap.scm
index 8dbe52435e..a8a5c93e01 100644
--- a/gnu/packages/bootstrap.scm
+++ b/gnu/packages/bootstrap.scm
@@ -703,7 +703,7 @@ exec ~a/bin/.gcc-wrapped -B~a/lib \
   ;; %MESCC-TOOLS-BOOTSTRAP-TARBALL.
   (package
 (name "bootstrap-mescc-tools")
-(version "0.5.2")
+(version "1")
 (source #f)
 (build-system trivial-build-system)
 (arguments
@@ -735,12 +735,12 @@ exec ~a/bin/.gcc-wrapped -B~a/lib \
 (method url-fetch)
 (uri (map
   (cute string-append <>
-"/i686-linux/20181020/"
-"mescc-tools-static-0.5.2-0.bb062b0-i686-linux.tar.xz")
+"/i686-linux/20190721/"
+"mescc-tools-static-stripped-0.5.2-0.bb062b0-i686-linux.tar.xz")
   %bootstrap-base-urls))
 (sha256
  (base32
-  "11lniw0vg61kmyhvnwkmcnkci9ym6

bug#36685: ant-bootstrap fails on core-updates (409 dependents)

[Ricardo Wurmus]

So, with the following change I was able to build all the way up to the
latest openjdk.  Should we use it despite the introduction of a memory
leak in a bootstrap JVM?  Can we make the patch smaller (fewer uses of
glibc 2.28 or gcc-5)?

What do you think?

diff --git a/gnu/packages/java.scm b/gnu/packages/java.scm
index 403c446a82..60363d60c3 100644
--- a/gnu/packages/java.scm
+++ b/gnu/packages/java.scm
@@ -116,6 +116,9 @@
(base32
 "1qqldrp74pzpy5ly421srqn30qppmm9cvjiqdngk8hf47dv2rc0c"
 (build-system gnu-build-system)
+(native-inputs
+ `(("libc" ,glibc-2.28)
+   ("gcc" ,gcc-5)))
 (home-page "http://jikes.sourceforge.net/";)
 (synopsis "Compiler for the Java language")
 (description "Jikes is a compiler that translates Java source files as
@@ -152,12 +155,20 @@ and binary format defined in The Java Virtual Machine Specification.")
  "--disable-gjdoc")
#:phases
(modify-phases %standard-phases
+ (add-after 'unpack 'foo
+   (lambda _
+ (substitute* "native/jni/java-io/java_io_VMFile.c"
+   (("result = cpio_isFileExists.*" m)
+(string-append m "\n//")))
+ #t))
  (add-after 'install 'install-data
(lambda _ (invoke "make" "install-data"))
 (native-inputs
  `(("jikes" ,jikes)
("fastjar" ,fastjar)
("libltdl" ,libltdl)
+   ("gcc" ,gcc-5)
+   ("libc" ,glibc-2.28)
("pkg-config" ,pkg-config)))
 (home-page "https://www.gnu.org/software/classpath/";)
 (synopsis "Essential libraries for Java")
@@ -191,6 +202,9 @@ language.")
  `(("classpath" ,classpath-bootstrap)
("jikes" ,jikes)
("zlib" ,zlib)))
+(native-inputs
+ `(("libc" ,glibc-2.28)
+   ("gcc" ,gcc-5)))
 (home-page "http://jamvm.sourceforge.net/";)
 (synopsis "Small Java Virtual Machine")
 (description "JamVM is a Java Virtual Machine conforming to the JVM
@@ -302,7 +316,9 @@ JNI.")
  `(("jikes" ,jikes)
("jamvm" ,jamvm-1-bootstrap)
("unzip" ,unzip)
-   ("zip" ,zip)))
+   ("zip" ,zip)
+   ("gcc" ,gcc-5)
+   ("libc" ,glibc-2.28)))
 (home-page "http://ant.apache.org";)
 (synopsis "Build tool for Java")
 (description
@@ -627,7 +643,9 @@ machine.")))
  ("fastjar" ,fastjar)
  ("jamvm" ,jamvm-1-bootstrap)
  ("libltdl" ,libltdl)
- ("pkg-config" ,pkg-config))
+ ("pkg-config" ,pkg-config)
+ ("gcc" ,gcc-5)
+ ("libc" ,glibc-2.28))
 
 (define jamvm
   (package (inherit jamvm-1-bootstrap)
@@ -656,7 +674,9 @@ machine.")))
  `(("guile" ,guile-2.2)
("ecj-bootstrap" ,ecj-bootstrap)
("jamvm" ,jamvm)
-   ("classpath" ,classpath-devel)
+   ("classpath" ,classpath-devel)
+   ("gcc" ,gcc-5)
+   ("libc" ,glibc-2.28)
 
 ;; The bootstrap JDK consisting of jamvm, classpath-devel,
 ;; ecj-javac-wrapper-final cannot build Icedtea 2.x directly, because it's
@@ -740,6 +760,9 @@ machine.")))
  (with-directory-excursion "openjdk"
(invoke "tar" "xvf" (assoc-ref inputs "hotspot-src"))
(rename-file "hg-checkout" "hotspot"))
+ (substitute* "patches/freetypeversion.patch"
+   (("REQUIRED_FREETYPE_VERSION = 2.2.1")
+"REQUIRED_FREETYPE_VERSION = 2.10.1"))
  (substitute* "Makefile.in"
(("echo \"ERROR: No up-to-date OpenJDK zip available\"; exit -1;")
 "echo \"trust me\";")
@@ -907,7 +930,8 @@ machine.")))
("fastjar" ,fastjar)
("fontconfig" ,fontconfig)
("freetype" ,freetype)
-   ("gcc" ,gcc-4.9) ; there's a segmentation fault when compiling with gcc-5 or gcc-7
+   ("gcc" ,gcc-5)
+   ("libc" ,glibc-2.28)
("gtk" ,gtk+-2)
("gawk" ,gawk)
("giflib" ,giflib)
@@ -1107,6 +1131,18 @@ bootstrapping purposes.")
 ((name . _) name))
   inputs
  #t)))
+   (add-after 'unpack 'patch-bitrot
+ (lambda _
+   (substitute* '("patches/boot/revert-6973616.patch"
+  "openjdk.src/jdk/make/common/shared/Defs-versions.gmk")
+ (("REQUIRED_FREETYPE_VERSION = 2.2.1")
+  "REQUIRED_FREETYPE_VERSION = 2.10.1"))
+   ;; As of attr 2.4.48 this header is no longer
+   ;; included.  It is provided by the libc instead.
+   (substitute* '("configure"
+  "openjdk.src/jdk/src/solaris/native/sun/nio/fs/LinuxNativeDispatcher.c")
+ (("attr/xattr.h") "sys/xattr.h"))
+   #t))
(add-after 'unpack 'fix-x11-extension-include-path
  (lambda* (#:key inputs #:allow-other-keys)
(substitute* "openjdk.src/jdk/make/sun/awt/mawt.gmk"
@