unofficial mirror of guix-devel@gnu.org 
 help / color / mirror / code / Atom feed
* Is anyone opposed to GnuTLS with DANE by default?
@ 2017-11-14 18:54 ng0
  2017-11-14 19:22 ` Tobias Geerinckx-Rice
  0 siblings, 1 reply; 8+ messages in thread
From: ng0 @ 2017-11-14 18:54 UTC (permalink / raw)
  To: guix-devel

[-- Attachment #1: Type: text/plain, Size: 525 bytes --]

Hi,

I have some minutes to work on Guix tomorrow, and
with the libwget2 patch pending QA I thought it
would probably be better to build GnuTLS with
DANE support by default.

I would remove the gnutls/dane package definition,
add unbound to the inputs of gnutls and adjust
the packages that depend on this gnutls.

If no one is opposed to this change, I will
prepare a patch tomorrow.
-- 
GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588
GnuPG: https://dl.n0.is/dist/keys/
  WWW: https://we.make.ritual.n0.is

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: Is anyone opposed to GnuTLS with DANE by default?
  2017-11-14 18:54 Is anyone opposed to GnuTLS with DANE by default? ng0
@ 2017-11-14 19:22 ` Tobias Geerinckx-Rice
  2017-11-14 20:13   ` Leo Famulari
  2017-11-16 10:08   ` Ludovic Courtès
  0 siblings, 2 replies; 8+ messages in thread
From: Tobias Geerinckx-Rice @ 2017-11-14 19:22 UTC (permalink / raw)
  To: ng0, guix-devel

ng0,

What a coincidence! I was slogging through some very old mail, had just
read your original gnutls/dane message, and was about to post the very
same question. Then I ran ‘guix size’.

ng0 wrote on 14/11/17 at 19:54:
> If no one is opposed to this change, I will
> prepare a patch tomorrow.

I certainly don't object, but am forced to note that ’gnutls-dane’ more
than doubles the closure size of ‘gnutls’ proper (294.2 MiB vs. 138.5).

The only new input is ‘unbound’, but that manages to pull in both
Pythons 2 and 3. It would be nice™ if it could first be -minimalised...

You know. By someone™.

Kind regards,

T G-R

^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: Is anyone opposed to GnuTLS with DANE by default?
  2017-11-14 19:22 ` Tobias Geerinckx-Rice
@ 2017-11-14 20:13   ` Leo Famulari
  2017-11-16 10:08   ` Ludovic Courtès
  1 sibling, 0 replies; 8+ messages in thread
From: Leo Famulari @ 2017-11-14 20:13 UTC (permalink / raw)
  To: Tobias Geerinckx-Rice; +Cc: guix-devel

[-- Attachment #1: Type: text/plain, Size: 1218 bytes --]

On Tue, Nov 14, 2017 at 08:22:54PM +0100, Tobias Geerinckx-Rice wrote:
> ng0,
> 
> What a coincidence! I was slogging through some very old mail, had just
> read your original gnutls/dane message, and was about to post the very
> same question. Then I ran ‘guix size’.
> 
> ng0 wrote on 14/11/17 at 19:54:
> > If no one is opposed to this change, I will
> > prepare a patch tomorrow.
> 
> I certainly don't object, but am forced to note that ’gnutls-dane’ more
> than doubles the closure size of ‘gnutls’ proper (294.2 MiB vs. 138.5).
> 
> The only new input is ‘unbound’, but that manages to pull in both
> Pythons 2 and 3. It would be nice™ if it could first be -minimalised...

I have no opinion about DANE, but if this brings unbound into the GnuTLS
closure, we should make sure we can build it reliably. So far this is
not the case on Hydra (not sure about Berlin):

https://lists.gnu.org/archive/html/guix-devel/2017-10/msg00182.html
https://hydra.gnu.org/job/gnu/master/unbound-1.6.3.x86_64-linux
https://hydra.gnu.org/job/gnu/master/unbound-1.6.7.x86_64-linux

Also, it would be a bit of a shame to make GnuTLS depend on Python, thus
making it depend on OpenSSL ;)

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: Is anyone opposed to GnuTLS with DANE by default?
  2017-11-14 19:22 ` Tobias Geerinckx-Rice
  2017-11-14 20:13   ` Leo Famulari
@ 2017-11-16 10:08   ` Ludovic Courtès
  2017-11-16 15:25     ` ng0
  1 sibling, 1 reply; 8+ messages in thread
From: Ludovic Courtès @ 2017-11-16 10:08 UTC (permalink / raw)
  To: Tobias Geerinckx-Rice; +Cc: guix-devel

Tobias Geerinckx-Rice <me@tobias.gr> skribis:

> I certainly don't object, but am forced to note that ’gnutls-dane’ more
> than doubles the closure size of ‘gnutls’ proper (294.2 MiB vs. 138.5).
>
> The only new input is ‘unbound’, but that manages to pull in both
> Pythons 2 and 3. It would be nice™ if it could first be -minimalised...

Yes, to me that’s a showstopper.  (One of the Pythons comes from
libevent.)

Thanks,
Ludo’.

^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: Is anyone opposed to GnuTLS with DANE by default?
  2017-11-16 10:08   ` Ludovic Courtès
@ 2017-11-16 15:25     ` ng0
  2017-11-16 16:16       ` Ludovic Courtès
  0 siblings, 1 reply; 8+ messages in thread
From: ng0 @ 2017-11-16 15:25 UTC (permalink / raw)
  To: Ludovic Courtès; +Cc: guix-devel

[-- Attachment #1: Type: text/plain, Size: 1127 bytes --]

Ludovic Courtès transcribed 0.5K bytes:
> Tobias Geerinckx-Rice <me@tobias.gr> skribis:
> 
> > I certainly don't object, but am forced to note that ’gnutls-dane’ more
> > than doubles the closure size of ‘gnutls’ proper (294.2 MiB vs. 138.5).
> >
> > The only new input is ‘unbound’, but that manages to pull in both
> > Pythons 2 and 3. It would be nice™ if it could first be -minimalised...
> 
> Yes, to me that’s a showstopper.  (One of the Pythons comes from
> libevent.)
> 
> Thanks,
> Ludo’.

Okay, sounds reasonable to me and I agree, especially with Python not being
reproducible at the moment (if I remember the threads right).

Am I in the 'old system design' mindwset when I think that
every application that has applications such as libmicrohttpd
in its direct dependency chain should depend on the GnuTLS
version LMH uses and not the 'normal' GnuTLS
(It also depends on the features of GnuTLS which are being used,
but to be on the safe side)?
-- 
GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588
GnuPG: https://dl.n0.is/dist/keys/
  WWW: https://we.make.ritual.n0.is

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: Is anyone opposed to GnuTLS with DANE by default?
  2017-11-16 15:25     ` ng0
@ 2017-11-16 16:16       ` Ludovic Courtès
  2017-11-16 17:01         ` ng0
  0 siblings, 1 reply; 8+ messages in thread
From: Ludovic Courtès @ 2017-11-16 16:16 UTC (permalink / raw)
  To: Tobias Geerinckx-Rice; +Cc: guix-devel

ng0 <ng0@infotropique.org> skribis:

> Am I in the 'old system design' mindwset when I think that
> every application that has applications such as libmicrohttpd
> in its direct dependency chain should depend on the GnuTLS
> version LMH uses and not the 'normal' GnuTLS
> (It also depends on the features of GnuTLS which are being used,
> but to be on the safe side)?

You’re right, it’s a bad sign when there are two different variants of
the same package in a reference graph.

Ludo’.

^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: Is anyone opposed to GnuTLS with DANE by default?
  2017-11-16 16:16       ` Ludovic Courtès
@ 2017-11-16 17:01         ` ng0
  2017-11-17 20:53           ` Ludovic Courtès
  0 siblings, 1 reply; 8+ messages in thread
From: ng0 @ 2017-11-16 17:01 UTC (permalink / raw)
  To: Ludovic Courtès; +Cc: guix-devel

[-- Attachment #1: Type: text/plain, Size: 813 bytes --]

Ludovic Courtès transcribed 0.5K bytes:
> ng0 <ng0@infotropique.org> skribis:
> 
> > Am I in the 'old system design' mindwset when I think that
> > every application that has applications such as libmicrohttpd
> > in its direct dependency chain should depend on the GnuTLS
> > version LMH uses and not the 'normal' GnuTLS
> > (It also depends on the features of GnuTLS which are being used,
> > but to be on the safe side)?
> 
> You’re right, it’s a bad sign when there are two different variants of
> the same package in a reference graph.
> 
> Ludo’.

I haven't read much (or at all?) into guix lint so far,
but can we lint for occurence of this pair somehow?
-- 
GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588
GnuPG: https://dl.n0.is/dist/keys/
  WWW: https://we.make.ritual.n0.is

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: Is anyone opposed to GnuTLS with DANE by default?
  2017-11-16 17:01         ` ng0
@ 2017-11-17 20:53           ` Ludovic Courtès
  0 siblings, 0 replies; 8+ messages in thread
From: Ludovic Courtès @ 2017-11-17 20:53 UTC (permalink / raw)
  To: Tobias Geerinckx-Rice; +Cc: guix-devel

ng0 <ng0@infotropique.org> skribis:

> Ludovic Courtès transcribed 0.5K bytes:
>> ng0 <ng0@infotropique.org> skribis:
>> 
>> > Am I in the 'old system design' mindwset when I think that
>> > every application that has applications such as libmicrohttpd
>> > in its direct dependency chain should depend on the GnuTLS
>> > version LMH uses and not the 'normal' GnuTLS
>> > (It also depends on the features of GnuTLS which are being used,
>> > but to be on the safe side)?
>> 
>> You’re right, it’s a bad sign when there are two different variants of
>> the same package in a reference graph.
>> 
>> Ludo’.
>
> I haven't read much (or at all?) into guix lint so far,
> but can we lint for occurence of this pair somehow?

We could, but the problem is that we can’t determine if there’s an
actual problem until we’ve built it (we need to look at the reference
graph, not the package graph.)

Ludo’.

^ permalink raw reply	[flat|nested] 8+ messages in thread

end of thread, other threads:[~2017-11-17 20:53 UTC | newest]

Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-11-14 18:54 Is anyone opposed to GnuTLS with DANE by default? ng0
2017-11-14 19:22 ` Tobias Geerinckx-Rice
2017-11-14 20:13   ` Leo Famulari
2017-11-16 10:08   ` Ludovic Courtès
2017-11-16 15:25     ` ng0
2017-11-16 16:16       ` Ludovic Courtès
2017-11-16 17:01         ` ng0
2017-11-17 20:53           ` Ludovic Courtès

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).