download: Use correct system and guile in 'url-fetch/tarbomb' and 'url-fetch/zipbomb'.

Fixes <https://bugs.gnu.org/40115>.

Previously the result of `guix build -s $system $package' would depend on the
system Guix was built for if $package or one of its dependencies used
'url-fetch/tarbomb' or 'url-fetch/zipbomb' as the origin method of its
source (e.g. `guix build -s i686-linux ffmpeg' on i686-linux would build a
different derivation than on x86_64-linux).

This patch fixes this by explicitly passing the correct system and guile to
'gexp->derivation'.

* guix/download.scm (url-fetch/tarbomb): Pass #:system system and
  #:guile-for-build guile to 'gexp->derivation', where guile is the derivation
  of guile for system.
  (url-fetch/zipbomb): Likewise.

Signed-off-by: Ludovic Courtès <ludo@gnu.org>
This commit is contained in:
Diego Nicola Barbato 2020-03-16 18:43:20 +01:00 committed by Ludovic Courtès
parent 198571b264
commit c1d81df93d
No known key found for this signature in database
GPG Key ID: 090B11993D9AEBB5

@ -531,7 +531,8 @@ own. This helper makes it easier to deal with \"tar bombs\"."
(string-append "tarbomb-"
(or name file-name))
#:system system
#:guile guile)))
#:guile guile))
(guile (package->derivation guile system)))
;; Take the tar bomb, and simply unpack it as a directory.
;; Use ungrafted tar/gzip so that the resulting tarball doesn't depend on
;; whether grafts are enabled.
@ -544,6 +545,8 @@ own. This helper makes it easier to deal with \"tar bombs\"."
(chdir #$output)
(invoke (string-append #$tar "/bin/tar")
"xf" #$drv)))
#:system system
#:guile-for-build guile
#:graft? #f
#:local-build? #t)))
@ -566,7 +569,8 @@ own. This helper makes it easier to deal with \"zip bombs\"."
(string-append "zipbomb-"
(or name file-name))
#:system system
#:guile guile)))
#:guile guile))
(guile (package->derivation guile system)))
;; Take the zip bomb, and simply unpack it as a directory.
;; Use ungrafted unzip so that the resulting tarball doesn't depend on
;; whether grafts are enabled.
@ -578,6 +582,8 @@ own. This helper makes it easier to deal with \"zip bombs\"."
(chdir #$output)
(invoke (string-append #$unzip "/bin/unzip")
#$drv)))
#:system system
#:guile-for-build guile
#:graft? #f
#:local-build? #t)))