* [PATCH] gnu: openldap: Use gnutls.
@ 2016-09-16 16:21 Alex Vong
2016-09-20 9:35 ` Efraim Flashner
` (2 more replies)
0 siblings, 3 replies; 8+ messages in thread
From: Alex Vong @ 2016-09-16 16:21 UTC (permalink / raw)
To: guix-devel
[-- Attachment #1: Type: text/plain, Size: 1752 bytes --]
Hello,
The following patch does what the title says. The link of the bug
<http://www.openldap.org/its/index.cgi/Incoming?id=7430;page=17> is no
longer accessible, so I assume the bug is fixd since I cannot find it on
the internet. In addition, I have checked debian's version, which is
slightly older (2.4.42), which also uses gnutls. So I think we are safe
here. Please object if there is a problem!
Please note that openldap is an input for curl, so I guess it is causing
the openssl dependency problem for octave I mentioned earlier. I haven't
test to build octave with curl though, which takes a while.
Finally, I have checked debian's build script and find the following:
======================================================================
# Download the upstream source and make changes as required for DFSG reasons.
# Assumes wget is available, as this is generally only used by the package
# maintainers.
get-orig-source:
@if [ ! -d "debian/schema" ] ; then \
echo 'Run this from the top directory of the Debian source' >&2; \
exit 1; \
fi
wget $(URL)/openldap-$(VERSION).tgz
tar xzf openldap-$(VERSION).tgz
rm -r openldap-$(VERSION)/doc/drafts
rm -r openldap-$(VERSION)/doc/rfc
set -e; for schema in debian/schema/*.schema debian/schema/*.ldif ; do \
file=`basename "$$schema"`; \
rm openldap-$(VERSION)/servers/slapd/schema/$$file; \
done
mv openldap-$(VERSION) openldap-$(VERSION)+dfsg
tar cf openldap_$(VERSION)+dfsg.orig.tar openldap-$(VERSION)+dfsg
rm -r openldap-$(VERSION)+dfsg
gzip -9 openldap_$(VERSION)+dfsg.orig.tar
======================================================================
Is the rfc documents considered fsf-free? Otherwise, we will have to
remove them and repack the source.
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: 0001-gnu-openldap-Use-gnutls.patch --]
[-- Type: text/x-diff, Size: 1198 bytes --]
From ecffd2252b0f6778919b97903c5419cbd5a06f4f Mon Sep 17 00:00:00 2001
From: Alex Vong <alexvong1995@gmail.com>
Date: Sat, 17 Sep 2016 00:03:05 +0800
Subject: [PATCH] gnu: openldap: Use gnutls.
* gnu/packages/openldap.scm (openldap)[inputs]: Switch to gnutls.
---
gnu/packages/openldap.scm | 5 +----
1 file changed, 1 insertion(+), 4 deletions(-)
diff --git a/gnu/packages/openldap.scm b/gnu/packages/openldap.scm
index 4bbc6a6..627319b 100644
--- a/gnu/packages/openldap.scm
+++ b/gnu/packages/openldap.scm
@@ -55,14 +55,11 @@
"0044p20hx07fwgw2mbwj1fkx04615hhs1qyx4mawj2bhqvrnppnp"))))
(build-system gnu-build-system)
(inputs `(("bdb" ,bdb-5.3)
- ("openssl" ,openssl)
("cyrus-sasl" ,cyrus-sasl)
+ ("gnutls" ,gnutls)
("groff" ,groff)
("icu4c" ,icu4c)
("libgcrypt" ,libgcrypt)
- ;; FIXME: currently, openldap requires openssl or gnutls<3, see
- ;; http://www.openldap.org/its/index.cgi/Incoming?id=7430;page=17
- ;; Once this is fixed, switch to gnutls.
("zlib" ,zlib)))
(native-inputs `(("libtool" ,libtool)))
(arguments
--
2.10.0
[-- Attachment #3: Type: text/plain, Size: 14 bytes --]
Cheers,
Alex
^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [PATCH] gnu: openldap: Use gnutls.
2016-09-16 16:21 [PATCH] gnu: openldap: Use gnutls Alex Vong
@ 2016-09-20 9:35 ` Efraim Flashner
2016-09-20 10:35 ` Jan Synáček
2016-09-20 16:35 ` Efraim Flashner
2 siblings, 0 replies; 8+ messages in thread
From: Efraim Flashner @ 2016-09-20 9:35 UTC (permalink / raw)
To: Alex Vong; +Cc: guix-devel
[-- Attachment #1: Type: text/plain, Size: 2401 bytes --]
On Sat, Sep 17, 2016 at 12:21:10AM +0800, Alex Vong wrote:
> Hello,
>
> The following patch does what the title says. The link of the bug
> <http://www.openldap.org/its/index.cgi/Incoming?id=7430;page=17> is no
> longer accessible, so I assume the bug is fixd since I cannot find it on
> the internet. In addition, I have checked debian's version, which is
> slightly older (2.4.42), which also uses gnutls. So I think we are safe
> here. Please object if there is a problem!
>
> Please note that openldap is an input for curl, so I guess it is causing
> the openssl dependency problem for octave I mentioned earlier. I haven't
> test to build octave with curl though, which takes a while.
>
> Finally, I have checked debian's build script and find the following:
>
> ======================================================================
> # Download the upstream source and make changes as required for DFSG reasons.
> # Assumes wget is available, as this is generally only used by the package
> # maintainers.
> get-orig-source:
> @if [ ! -d "debian/schema" ] ; then \
> echo 'Run this from the top directory of the Debian source' >&2; \
> exit 1; \
> fi
> wget $(URL)/openldap-$(VERSION).tgz
> tar xzf openldap-$(VERSION).tgz
> rm -r openldap-$(VERSION)/doc/drafts
> rm -r openldap-$(VERSION)/doc/rfc
> set -e; for schema in debian/schema/*.schema debian/schema/*.ldif ; do \
> file=`basename "$$schema"`; \
> rm openldap-$(VERSION)/servers/slapd/schema/$$file; \
> done
> mv openldap-$(VERSION) openldap-$(VERSION)+dfsg
> tar cf openldap_$(VERSION)+dfsg.orig.tar openldap-$(VERSION)+dfsg
> rm -r openldap-$(VERSION)+dfsg
> gzip -9 openldap_$(VERSION)+dfsg.orig.tar
> ======================================================================
>
> Is the rfc documents considered fsf-free? Otherwise, we will have to
> remove them and repack the source.
>
I believe that Debian doesn't consider them to be DFSG compliant because
they cannot be modified, just like the invariant sections of the GFDL
run afoul of the DFSG. So without actually checking I'd assume that
they're ok to distribute in Guix.
--
Efraim Flashner <efraim@flashner.co.il> אפרים פלשנר
GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] gnu: openldap: Use gnutls.
2016-09-16 16:21 [PATCH] gnu: openldap: Use gnutls Alex Vong
2016-09-20 9:35 ` Efraim Flashner
@ 2016-09-20 10:35 ` Jan Synáček
2016-09-24 16:03 ` Alex Vong
2016-09-20 16:35 ` Efraim Flashner
2 siblings, 1 reply; 8+ messages in thread
From: Jan Synáček @ 2016-09-20 10:35 UTC (permalink / raw)
To: Alex Vong; +Cc: guix-devel
On Fri, Sep 16, 2016 at 6:21 PM, Alex Vong <alexvong1995@gmail.com> wrote:
> Hello,
Hi,
> The following patch does what the title says. The link of the bug
> <http://www.openldap.org/its/index.cgi/Incoming?id=7430;page=17> is no
> longer accessible, so I assume the bug is fixd since I cannot find it on
> the internet.
The #7430 was fixed in 2013.
> ======================================================================
> # Download the upstream source and make changes as required for DFSG reasons.
> # Assumes wget is available, as this is generally only used by the package
> # maintainers.
> get-orig-source:
> @if [ ! -d "debian/schema" ] ; then \
> echo 'Run this from the top directory of the Debian source' >&2; \
> exit 1; \
> fi
> wget $(URL)/openldap-$(VERSION).tgz
> tar xzf openldap-$(VERSION).tgz
> rm -r openldap-$(VERSION)/doc/drafts
> rm -r openldap-$(VERSION)/doc/rfc
> set -e; for schema in debian/schema/*.schema debian/schema/*.ldif ; do \
> file=`basename "$$schema"`; \
> rm openldap-$(VERSION)/servers/slapd/schema/$$file; \
> done
> mv openldap-$(VERSION) openldap-$(VERSION)+dfsg
> tar cf openldap_$(VERSION)+dfsg.orig.tar openldap-$(VERSION)+dfsg
> rm -r openldap-$(VERSION)+dfsg
> gzip -9 openldap_$(VERSION)+dfsg.orig.tar
> ======================================================================
as a former OpenLDAP maintainer on Fedora and RHEL, I strongly suggest
you link it against openssl. It's basically the only really supported
crypto upstream.
--
Jan Synáček
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] gnu: openldap: Use gnutls.
2016-09-16 16:21 [PATCH] gnu: openldap: Use gnutls Alex Vong
2016-09-20 9:35 ` Efraim Flashner
2016-09-20 10:35 ` Jan Synáček
@ 2016-09-20 16:35 ` Efraim Flashner
2016-09-24 2:11 ` Ludovic Courtès
2 siblings, 1 reply; 8+ messages in thread
From: Efraim Flashner @ 2016-09-20 16:35 UTC (permalink / raw)
To: Alex Vong; +Cc: guix-devel
[-- Attachment #1: Type: text/plain, Size: 1135 bytes --]
On Sat, Sep 17, 2016 at 12:21:10AM +0800, Alex Vong wrote:
> Hello,
>
> The following patch does what the title says. The link of the bug
> <http://www.openldap.org/its/index.cgi/Incoming?id=7430;page=17> is no
> longer accessible, so I assume the bug is fixd since I cannot find it on
> the internet. In addition, I have checked debian's version, which is
> slightly older (2.4.42), which also uses gnutls. So I think we are safe
> here. Please object if there is a problem!
>
> Please note that openldap is an input for curl, so I guess it is causing
> the openssl dependency problem for octave I mentioned earlier. I haven't
> test to build octave with curl though, which takes a while.
>
I built it out. With this patch, octave will build with curl and
cyrus-sasl added as inputs, and will retain references to gnutls and
cyrus-sasl, as checked with `guix gc --references /gnu/store/...octave'
--
Efraim Flashner <efraim@flashner.co.il> אפרים פלשנר
GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] gnu: openldap: Use gnutls.
2016-09-20 16:35 ` Efraim Flashner
@ 2016-09-24 2:11 ` Ludovic Courtès
2016-09-25 19:25 ` Efraim Flashner
0 siblings, 1 reply; 8+ messages in thread
From: Ludovic Courtès @ 2016-09-24 2:11 UTC (permalink / raw)
To: Efraim Flashner; +Cc: guix-devel
Efraim Flashner <efraim@flashner.co.il> skribis:
> On Sat, Sep 17, 2016 at 12:21:10AM +0800, Alex Vong wrote:
>> Hello,
>>
>> The following patch does what the title says. The link of the bug
>> <http://www.openldap.org/its/index.cgi/Incoming?id=7430;page=17> is no
>> longer accessible, so I assume the bug is fixd since I cannot find it on
>> the internet. In addition, I have checked debian's version, which is
>> slightly older (2.4.42), which also uses gnutls. So I think we are safe
>> here. Please object if there is a problem!
>>
>> Please note that openldap is an input for curl, so I guess it is causing
>> the openssl dependency problem for octave I mentioned earlier. I haven't
>> test to build octave with curl though, which takes a while.
>>
>
> I built it out. With this patch, octave will build with curl and
> cyrus-sasl added as inputs, and will retain references to gnutls and
> cyrus-sasl, as checked with `guix gc --references /gnu/store/...octave'
So I think this patch can be safely applied, at least in core-updates
due to the large number of rebuilds.
Efraim, could you take care of it?
Thanks!
Ludo’.
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] gnu: openldap: Use gnutls.
2016-09-20 10:35 ` Jan Synáček
@ 2016-09-24 16:03 ` Alex Vong
0 siblings, 0 replies; 8+ messages in thread
From: Alex Vong @ 2016-09-24 16:03 UTC (permalink / raw)
To: Jan Synáček; +Cc: guix-devel
Hello,
Jan Synáček <jan.synacek@gmail.com> writes:
> On Fri, Sep 16, 2016 at 6:21 PM, Alex Vong <alexvong1995@gmail.com> wrote:
>> Hello,
>
> Hi,
>
>> The following patch does what the title says. The link of the bug
>> <http://www.openldap.org/its/index.cgi/Incoming?id=7430;page=17> is no
>> longer accessible, so I assume the bug is fixd since I cannot find it on
>> the internet.
>
> The #7430 was fixed in 2013.
>
>> ======================================================================
>> # Download the upstream source and make changes as required for DFSG reasons.
>> # Assumes wget is available, as this is generally only used by the package
>> # maintainers.
>> get-orig-source:
>> @if [ ! -d "debian/schema" ] ; then \
>> echo 'Run this from the top directory of the Debian source' >&2; \
>> exit 1; \
>> fi
>> wget $(URL)/openldap-$(VERSION).tgz
>> tar xzf openldap-$(VERSION).tgz
>> rm -r openldap-$(VERSION)/doc/drafts
>> rm -r openldap-$(VERSION)/doc/rfc
>> set -e; for schema in debian/schema/*.schema debian/schema/*.ldif ; do \
>> file=`basename "$$schema"`; \
>> rm openldap-$(VERSION)/servers/slapd/schema/$$file; \
>> done
>> mv openldap-$(VERSION) openldap-$(VERSION)+dfsg
>> tar cf openldap_$(VERSION)+dfsg.orig.tar openldap-$(VERSION)+dfsg
>> rm -r openldap-$(VERSION)+dfsg
>> gzip -9 openldap_$(VERSION)+dfsg.orig.tar
>> ======================================================================
>
> as a former OpenLDAP maintainer on Fedora and RHEL, I strongly suggest
> you link it against openssl. It's basically the only really supported
> crypto upstream.
OK, first let me introduce '->' to means 'is a dependency of'.
Currently we have the following:
openldap -> curl -> octave
This means 'openssl -> openldap' cannot happens,
otherwise 'openssl -> octave',
which is a violation of GPLv3+.
I am interested in knowing how Fedora solves this issue.
Thanks,
Alex
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] gnu: openldap: Use gnutls.
2016-09-24 2:11 ` Ludovic Courtès
@ 2016-09-25 19:25 ` Efraim Flashner
2016-09-27 16:37 ` Alex Vong
0 siblings, 1 reply; 8+ messages in thread
From: Efraim Flashner @ 2016-09-25 19:25 UTC (permalink / raw)
To: Ludovic Courtès; +Cc: guix-devel
[-- Attachment #1: Type: text/plain, Size: 1531 bytes --]
On Sat, Sep 24, 2016 at 11:11:02AM +0900, Ludovic Courtès wrote:
> Efraim Flashner <efraim@flashner.co.il> skribis:
>
> > On Sat, Sep 17, 2016 at 12:21:10AM +0800, Alex Vong wrote:
> >> Hello,
> >>
> >> The following patch does what the title says. The link of the bug
> >> <http://www.openldap.org/its/index.cgi/Incoming?id=7430;page=17> is no
> >> longer accessible, so I assume the bug is fixd since I cannot find it on
> >> the internet. In addition, I have checked debian's version, which is
> >> slightly older (2.4.42), which also uses gnutls. So I think we are safe
> >> here. Please object if there is a problem!
> >>
> >> Please note that openldap is an input for curl, so I guess it is causing
> >> the openssl dependency problem for octave I mentioned earlier. I haven't
> >> test to build octave with curl though, which takes a while.
> >>
> >
> > I built it out. With this patch, octave will build with curl and
> > cyrus-sasl added as inputs, and will retain references to gnutls and
> > cyrus-sasl, as checked with `guix gc --references /gnu/store/...octave'
>
> So I think this patch can be safely applied, at least in core-updates
> due to the large number of rebuilds.
>
> Efraim, could you take care of it?
>
> Thanks!
>
> Ludo’.
pushed to core-updates!
--
Efraim Flashner <efraim@flashner.co.il> אפרים פלשנר
GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] gnu: openldap: Use gnutls.
2016-09-25 19:25 ` Efraim Flashner
@ 2016-09-27 16:37 ` Alex Vong
0 siblings, 0 replies; 8+ messages in thread
From: Alex Vong @ 2016-09-27 16:37 UTC (permalink / raw)
To: Efraim Flashner; +Cc: guix-devel
Efraim Flashner <efraim@flashner.co.il> writes:
> On Sat, Sep 24, 2016 at 11:11:02AM +0900, Ludovic Courtès wrote:
>> Efraim Flashner <efraim@flashner.co.il> skribis:
>>
>> > On Sat, Sep 17, 2016 at 12:21:10AM +0800, Alex Vong wrote:
>> >> Hello,
>> >>
>> >> The following patch does what the title says. The link of the bug
>> >> <http://www.openldap.org/its/index.cgi/Incoming?id=7430;page=17> is no
>> >> longer accessible, so I assume the bug is fixd since I cannot find it on
>> >> the internet. In addition, I have checked debian's version, which is
>> >> slightly older (2.4.42), which also uses gnutls. So I think we are safe
>> >> here. Please object if there is a problem!
>> >>
>> >> Please note that openldap is an input for curl, so I guess it is causing
>> >> the openssl dependency problem for octave I mentioned earlier. I haven't
>> >> test to build octave with curl though, which takes a while.
>> >>
>> >
>> > I built it out. With this patch, octave will build with curl and
>> > cyrus-sasl added as inputs, and will retain references to gnutls and
>> > cyrus-sasl, as checked with `guix gc --references /gnu/store/...octave'
>>
>> So I think this patch can be safely applied, at least in core-updates
>> due to the large number of rebuilds.
>>
>> Efraim, could you take care of it?
>>
>> Thanks!
>>
>> Ludo’.
>
> pushed to core-updates!
Thank you!
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2016-09-27 16:37 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-09-16 16:21 [PATCH] gnu: openldap: Use gnutls Alex Vong
2016-09-20 9:35 ` Efraim Flashner
2016-09-20 10:35 ` Jan Synáček
2016-09-24 16:03 ` Alex Vong
2016-09-20 16:35 ` Efraim Flashner
2016-09-24 2:11 ` Ludovic Courtès
2016-09-25 19:25 ` Efraim Flashner
2016-09-27 16:37 ` Alex Vong
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).