Re: How to build GNUTLS Guile bindings on Xubuntu

[Alex Vong <alexvong1995@gmail.com>]

[-- Attachment #1: Type: text/plain, Size: 4847 bytes --]

Hi Zelphir,

Zelphir Kaltstahl <zelphirkaltstahl@gmail.com> writes:

> Hi Mark,
>
> I took another look at the page you linked to. The issue is, that I
> would like to try Guix package manager to install GNUTLS + Guile
> bindings, but Guix itself has the requirement of GNUTLS + Guile
> bindings. See:
> https://www.gnu.org/software/guix/manual/en/html_node/Requirements.html#Requirements
>
> So I guess I would need to somehow get GNUTLS and Guile bindings working
> before getting Guix and then when I have Guix, I can probably somehow
> link to the Guix installed GNUTLS and Guile bindings.
>
> Now I don't know where I would get the Guile bindings from. Are they
> included in the releases on https://gnutls.org/ ?
>
As Mark has pointed out, if you use the binary installation of guix,
then you can install gnutls using guix. However, I prefer to build guix
from source. Therefore, I use the standard "configure, make, make
install" method with appropriate CPPFLAGS, CFLAGS, CXXFLAGS and LDFLAGS
(I include some hardending flags[0][1]):

  ./configure --with-included-libtasn1 --with-included-unistring --with-guile-site-dir=/usr/local/share/guile/site/2.2
  make
  make check
  make install

The above works in Debian. Apart from it, you also have to build
scheme-bytestructure, guile-git and guile-sqlite3 from source using the
same method. Besides, it is important to keep gnutls up to date (since
it is a piece of security-sensitive software).

> Regards,
>
> Zelphir
>
Cheers,
Alex

[0]: https://wiki.debian.org/Hardening
[1]: https://security.stackexchange.com/questions/24444/what-is-the-most-hardened-set-of-options-for-gcc-compiling-c-c

> On 15.11.18 08:28, Mark H Weaver wrote:
>> Hi Zelphir,
>>
>> Zelphir Kaltstahl <zelphirkaltstahl@gmail.com> writes:
>>
>>> I read in the docs at
>>> https://www.gnu.org/software/guile/manual/html_node/Web-Client.html that
>>> Guile will dynamically make use of GNUTLS for HTTPS requests. However, I
>>> don't seem to have the bindings installed. There is a link to a guide on
>>> the same docs page, but the link is dead:
>>> https://www.gnu.org/software/guile/manual/gnutls-guile/Guile-Preparations.html#Guile-Preparations
>>> . More searching showed me the following:
>>>
>>> There seems to have been some bug which prevented some tests on Debian
>>> from completing:
>>>
>>> Bug discussions seem to indicate the bug was fixed?:
>>>
>>> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=821457
>>> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=805863
>>>
>>> Then there is a commit removing Guile bindings from the gnutls-dev
>>> package on Debian:
>>>
>>> https://salsa.debian.org/gnutls-team/gnutls/commit/ebb7130b47dc08311c1de2c189758a73bbaeca27#58ef006ab62b83b4bec5d81fe5b32c3b4c2d1cc2_35_35
>> If you look closely, those two bugs were "fixed" by the above commit,
>> i.e. by simply disabling the Guile bindings in Debian's GnuTLS package.
>>
>>> Apart from that, I could not find a download link or repository of the
>>> bindings, like I could for other libraries I so far used in Guile and
>>> run configure make make install in it. So I do not know how to get the
>>> bindings for my system, so that my Guile will be able to make requests
>>> using HTTPS as well as HTTP.
>> The bindings in question are not a separate package.  They are built and
>> installed by GnuTLS itself, unless explicitly disabled by passing
>> "--disable-guile" to the GnuTLS configure script, as Debian now does.
>>
>>> The bindings seem to be available on GUIX:
>>>
>>> https://gitlab.digitalcourage.de/htgoebel/guix/commit/1dbe3a8db0a3e5a8e5f9b30e6f6a6bbfb699275b
>> Note that the repository above is not the official Guix repository, but
>> rather someone's personal variant.  Here's the same commit in the
>> official Guix repository:
>>
>>   https://git.sv.gnu.org/cgit/guix.git/commit/?id=1dbe3a8db0a3e5a8e5f9b30e6f6a6bbfb699275b
>>
>>> How can I make it work on a Xubuntu 18.04?
>> Yes, an easy solution would be to install Guix on top of Xubuntu, and
>> installing the 'guile' and 'gnutls' packages from Guix.  Note that the
>> binaries from Guix are self-contained and independent of the host
>> system, in the sense that they are installed in different directories
>> (within /gnu/store) and don't use any libraries from the host system,
>> not even the C library.  Guix installs only in /gnu, /var/guix,
>> /var/log/guix, /etc/guix, ~/.config/guix, and ~/.guix-profile.  You must
>> set your environment variables to point within ~/.guix-profile, e.g. add
>> ~/.guix-profile/bin to your PATH, to enable the use of software from
>> Guix.  If you'd like to try it, the instructions are here:
>>
>>   https://www.gnu.org/software/guix/manual/en/html_node/Installation.html
>>
>>       Mark

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 227 bytes --]