From: Mark H Weaver <mhw@netris.org>
To: Alex Vong <alexvong1995@gmail.com>
Cc: guix-devel@gnu.org
Subject: Re: openssl is now a dependency of guix: possible license conflict?
Date: Fri, 18 Aug 2017 17:21:24 -0400 [thread overview]
Message-ID: <87a82wefmz.fsf@netris.org> (raw)
In-Reply-To: <878tii8x2k.fsf@netris.org> (Mark H. Weaver's message of "Thu, 17 Aug 2017 03:36:51 -0400")
[-- Attachment #1: Type: text/plain, Size: 691 bytes --]
Mark H Weaver <mhw@netris.org> writes:
> There exist patches for libgit2 to support the mbedTLS library, but it
> is not yet clear whether they will be accepted upstream:
>
> https://github.com/libgit2/libgit2/pull/3462
> https://github.com/libgit2/libgit2/pull/3935
Here's the currently-open pull request:
https://github.com/libgit2/libgit2/pull/4173
I've attached work-in-progress patches to switch our libgit2 to use a
modified version that supports mbedTLS. Currently, there is a failing
test in libgit2. It may be a couple of days before I can work more on
this. I'm sending out these patches in case someone else wants to work
more on this in the meantime.
Mark
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: [PATCH 1/2] DRAFT: gnu: mbedTLS: Build shared libraries --]
[-- Type: text/x-patch, Size: 790 bytes --]
From ff3267d15cde38f8af1751cbd15bf7a8e4a0eea0 Mon Sep 17 00:00:00 2001
From: Mark H Weaver <mhw@netris.org>
Date: Fri, 18 Aug 2017 17:06:39 -0400
Subject: [PATCH 1/2] DRAFT: gnu: mbedTLS: Build shared libraries.
---
gnu/packages/tls.scm | 2 ++
1 file changed, 2 insertions(+)
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index 9d3e9d9e9..0c5b53162 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -775,6 +775,8 @@ then ported to the GNU / Linux environment.")
(base32
"1yc1rj0izjihj9hbzvskpa4gjzqf4dm2i84nmmm2s9j1i66fp6jm"))))
(build-system cmake-build-system)
+ (arguments
+ `(#:configure-flags '("-DUSE_SHARED_MBEDTLS_LIBRARY=On")))
(native-inputs
`(("perl" ,perl)))
(synopsis "Small TLS library")
--
2.14.1
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #3: [PATCH 2/2] PRELIMINARY: libgit2: Use mbedTLS. --]
[-- Type: text/x-patch, Size: 6881 bytes --]
From 2680d40d32ab3452522f87be09c69f1ec0399c6e Mon Sep 17 00:00:00 2001
From: Mark H Weaver <mhw@netris.org>
Date: Fri, 18 Aug 2017 17:06:18 -0400
Subject: [PATCH 2/2] PRELIMINARY: libgit2: Use mbedTLS.
---
.../patches/libgit2-mbedtls-cert-location.patch | 21 ++++
gnu/packages/version-control.scm | 111 ++++++++++++---------
2 files changed, 87 insertions(+), 45 deletions(-)
create mode 100644 gnu/packages/patches/libgit2-mbedtls-cert-location.patch
diff --git a/gnu/packages/patches/libgit2-mbedtls-cert-location.patch b/gnu/packages/patches/libgit2-mbedtls-cert-location.patch
new file mode 100644
index 000000000..3f068d9a5
--- /dev/null
+++ b/gnu/packages/patches/libgit2-mbedtls-cert-location.patch
@@ -0,0 +1,21 @@
+Cope with the absence of /etc/ssl/certs within the build container.
+
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index 6976946ca..8c8841464 100644
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -361,9 +361,11 @@ ELSEIF(TLS_BACKEND STREQUAL "mbedTLS")
+ ENDIF()
+
+ IF(CERT_LOCATION)
+- IF(NOT EXISTS ${CERT_LOCATION})
+- MESSAGE(FATAL_ERROR "Cannot use CERT_LOCATION=${CERT_LOCATION} as it doesn't exist")
+- ENDIF()
++ # Within Guix's build container, the certificates will
++ # not exist in the standard system-wide directory.
++ #IF(NOT EXISTS ${CERT_LOCATION})
++ # MESSAGE(FATAL_ERROR "Cannot use CERT_LOCATION=${CERT_LOCATION} as it doesn't exist")
++ #ENDIF()
+ ADD_FEATURE_INFO(CERT_LOCATION ON "using certificates from ${CERT_LOCATION}")
+ ADD_DEFINITIONS(-DGIT_DEFAULT_CERT_LOCATION="${CERT_LOCATION}")
+ ENDIF()
diff --git a/gnu/packages/version-control.scm b/gnu/packages/version-control.scm
index 869672ca4..8bc761863 100644
--- a/gnu/packages/version-control.scm
+++ b/gnu/packages/version-control.scm
@@ -352,53 +352,74 @@ everything from small to very large projects with speed and efficiency.")
(home-page "https://git-scm.com/")))
(define-public libgit2
- (package
- (name "libgit2")
- (version "0.26.0")
- (source (origin
- (method url-fetch)
- (uri (string-append "https://github.com/libgit2/libgit2/"
- "archive/v" version ".tar.gz"))
- (file-name (string-append name "-" version ".tar.gz"))
- (sha256
- (base32
- "1fdk9yhwvl1w1z71ykzcvgh4nsf8scxcbclz5anh98zpplmhmisa"))
- (patches (search-patches "libgit2-0.25.1-mtime-0.patch"))))
- (build-system cmake-build-system)
- (outputs '("out" "debug"))
- (arguments
- `(#:configure-flags '("-DUSE_SHA1DC=ON") ; SHA-1 collision detection
- #:phases
- (modify-phases %standard-phases
- (add-after 'unpack 'fix-hardcoded-paths
- (lambda _
- (substitute* "tests/repo/init.c"
- (("#!/bin/sh") (string-append "#!" (which "sh"))))
- (substitute* "tests/clar/fs.h"
- (("/bin/cp") (which "cp"))
- (("/bin/rm") (which "rm")))
- #t))
- ;; Run checks more verbosely.
- (replace 'check
- (lambda _ (zero? (system* "./libgit2_clar" "-v" "-Q")))))))
- (inputs
- `(("libssh2" ,libssh2)
- ("libcurl" ,curl)
- ("python" ,python-wrapper)))
- (native-inputs
- `(("pkg-config" ,pkg-config)))
- (propagated-inputs
- ;; These two libraries are in 'Requires.private' in libgit2.pc.
- `(("openssl" ,openssl)
- ("zlib" ,zlib)))
- (home-page "https://libgit2.github.com/")
- (synopsis "Library providing Git core methods")
- (description
- "Libgit2 is a portable, pure C implementation of the Git core methods
+ (let ((version "0.26.0")
+ (commit "f16ff6db95964a5ea55b6654ab0f98d7711b4041")
+ (revision 1))
+ (package
+ (name "libgit2")
+ (version (string-append version "-"
+ (number->string revision)
+ "." (string-take commit 7)))
+ (source (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/tiennou/libgit2")
+ (commit commit)))
+ (sha256
+ (base32
+ "1zaynw5qqjg38vjqmvdnrf74i3c26cnql7d2akz0r4r0x51qz37f"))
+ (file-name (string-append name "-" version "-checkout"))
+ (patches (search-patches "libgit2-mbedtls-cert-location.patch"
+ "libgit2-0.25.1-mtime-0.patch")))
+ #;
+ (origin
+ (method url-fetch)
+ (uri (string-append "https://github.com/libgit2/libgit2/"
+ "archive/v" version ".tar.gz"))
+ (file-name (string-append name "-" version ".tar.gz"))
+ (sha256
+ (base32
+ "1fdk9yhwvl1w1z71ykzcvgh4nsf8scxcbclz5anh98zpplmhmisa"))
+ (patches (search-patches "libgit2-0.25.1-mtime-0.patch"))))
+ (build-system cmake-build-system)
+ (outputs '("out" "debug"))
+ (arguments
+ `(#:configure-flags
+ '("-DUSE_SHA1DC=ON" ; SHA-1 collision detection
+ "-DUSE_TLS=mbedTLS" ; Avoid OpenSSL for GPL compatibility
+ "-DCERT_LOCATION=/phony/etc/ssl/certs") ; XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+ #:phases
+ (modify-phases %standard-phases
+ (add-after 'unpack 'fix-hardcoded-paths
+ (lambda _
+ (substitute* "tests/repo/init.c"
+ (("#!/bin/sh") (string-append "#!" (which "sh"))))
+ (substitute* "tests/clar/fs.h"
+ (("/bin/cp") (which "cp"))
+ (("/bin/rm") (which "rm")))
+ #t))
+ ;; Run checks more verbosely.
+ (replace 'check
+ (lambda _ (zero? (system* "./libgit2_clar" "-v" "-Q")))))))
+ (inputs
+ `(("libssh2" ,libssh2)
+ ("libcurl" ,curl)
+ ("mbedtls" ,mbedtls-apache)
+ ("http-parser" ,http-parser)
+ ("python" ,python-wrapper)))
+ (native-inputs
+ `(("pkg-config" ,pkg-config)))
+ (propagated-inputs
+ ;; zlib in 'Requires.private' in libgit2.pc.
+ `(("zlib" ,zlib)))
+ (home-page "https://libgit2.github.com/")
+ (synopsis "Library providing Git core methods")
+ (description
+ "Libgit2 is a portable, pure C implementation of the Git core methods
provided as a re-entrant linkable library with a solid API, allowing you to
write native speed custom Git applications in any language with bindings.")
- ;; GPLv2 with linking exception
- (license license:gpl2)))
+ ;; GPLv2 with linking exception
+ (license license:gpl2))))
(define-public git-crypt
(package
--
2.14.1
next prev parent reply other threads:[~2017-08-18 21:22 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-08-17 0:31 openssl is now a dependency of guix: possible license conflict? Alex Vong
2017-08-17 2:29 ` Mark H Weaver
2017-08-17 7:36 ` Mark H Weaver
2017-08-18 14:44 ` Alex Vong
2017-08-18 18:06 ` Leo Famulari
2017-08-18 21:21 ` Mark H Weaver [this message]
2017-08-19 12:51 ` Adonay Felipe Nogueira
2017-08-22 8:32 ` Ludovic Courtès
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87a82wefmz.fsf@netris.org \
--to=mhw@netris.org \
--cc=alexvong1995@gmail.com \
--cc=guix-devel@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).