From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:54243) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dyIWr-0008JO-Nl for guix-patches@gnu.org; Sat, 30 Sep 2017 10:14:07 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dyIWo-0008V0-Ux for guix-patches@gnu.org; Sat, 30 Sep 2017 10:14:05 -0400 Received: from debbugs.gnu.org ([208.118.235.43]:60804) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1dyIWo-0008Um-P3 for guix-patches@gnu.org; Sat, 30 Sep 2017 10:14:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1dyIWo-0004d7-Je for guix-patches@gnu.org; Sat, 30 Sep 2017 10:14:02 -0400 Subject: [bug#28170] Add gnutls/dane + use it where its needed (gnurl, libmicrohttpd, gnunet) Resent-Message-ID: Date: Sat, 30 Sep 2017 14:12:55 +0000 From: ng0 Message-ID: <20170930141255.yrnasw4aenfl77n4@abyayala> References: <20170821095726.qtf2ko526nup4yba@abyayala> <20170930122616.17079913@cbaines.net> <20170930122309.akl2dxa46eru36pb@abyayala> <20170930134346.54a4c54a@cbaines.net> <20170930140144.yenmf7pr2ffecmll@abyayala> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="2zbhahlufaff6p5h" Content-Disposition: inline In-Reply-To: <20170930140144.yenmf7pr2ffecmll@abyayala> List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org Sender: "Guix-patches" To: Christopher Baines Cc: 28170@debbugs.gnu.org --2zbhahlufaff6p5h Content-Type: multipart/mixed; boundary="ytcyccd4hqk32i2w" Content-Disposition: inline --ytcyccd4hqk32i2w Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable The fix in this version is to only add the necessary input to the inherited gnutls. --=20 ng0 GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588 GnuPG: https://krosos.org/dist/keys/ https://www.infotropique.org https://krosos.org --ytcyccd4hqk32i2w Content-Type: text/plain; charset=utf-8 Content-Disposition: attachment; filename="0001-gnu-gnutls-Add-gnutls-dane.patch" Content-Transfer-Encoding: quoted-printable =46rom 8f986b5b4cc2302420aa825491e0a05e905b6247 Mon Sep 17 00:00:00 2001 =46rom: ng0 Date: Mon, 21 Aug 2017 09:28:51 +0000 Subject: [PATCH 1/4] gnu: gnutls: Add 'gnutls-dane'. * gnu/packages/tls.scm (gnutls/dane): New variable. --- gnu/packages/tls.scm | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index 3251c102b..0e59d7df1 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -6,7 +6,7 @@ ;;; Copyright =C2=A9 2015 David Thompson ;;; Copyright =C2=A9 2015, 2016, 2017 Leo Famulari ;;; Copyright =C2=A9 2016, 2017 Efraim Flashner -;;; Copyright =C2=A9 2016, 2017 ng0 +;;; Copyright =C2=A9 2016, 2017 ng0 ;;; Copyright =C2=A9 2016 Hartmut Goebel ;;; Copyright =C2=A9 2017 Ricardo Wurmus ;;; Copyright =C2=A9 2017 Marius Bakke @@ -37,6 +37,7 @@ #:use-module (guix build-system cmake) #:use-module (gnu packages compression) #:use-module (gnu packages) + #:use-module (gnu packages dns) #:use-module (gnu packages guile) #:use-module (gnu packages libbsd) #:use-module (gnu packages libffi) @@ -229,6 +230,17 @@ required structures.") (inputs `(("guile" ,guile-2.0) ,@(alist-delete "guile" (package-inputs gnutls)))))) =20 +(define-public gnutls/dane + ;; GnuTLS with build libgnutls-dane, implementing DNS-based + ;; Authentication of Named Entities. This is required for GNS functiona= lity + ;; by GNUnet and gnURL. This is done in an extra package definition + ;; to have the choice between GnuTLS with Dane and without Dane. + (package + (inherit gnutls) + (name "gnutls-dane") + (inputs `(("unbound" ,unbound) + ,@(package-inputs gnutls))))) + (define-public openssl (package (name "openssl") --=20 2.14.2 --ytcyccd4hqk32i2w Content-Type: text/plain; charset=utf-8 Content-Disposition: attachment; filename="0002-gnu-gnurl-Use-gnutls-dane-as-input.patch" Content-Transfer-Encoding: quoted-printable =46rom 1a5651a3babdc5d62b3a6ed8c94aec1a3fc51892 Mon Sep 17 00:00:00 2001 =46rom: ng0 Date: Mon, 21 Aug 2017 09:38:55 +0000 Subject: [PATCH 2/4] gnu: gnurl: Use 'gnutls/dane' as input. GNUnet and its dependency chain needs GnuTLS with DANE support. * gnu/packages/gnunet.scm (gnurl)[inputs]: Replace gnutls with 'gnutls/dane= '. --- gnu/packages/gnunet.scm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gnu/packages/gnunet.scm b/gnu/packages/gnunet.scm index 82702e4e8..bb434c9ec 100644 --- a/gnu/packages/gnunet.scm +++ b/gnu/packages/gnunet.scm @@ -197,7 +197,7 @@ and support for SSL3 and TLS.") (build-system gnu-build-system) (outputs '("out" "doc")) ; 1.5 MiB of man3 pages - (inputs `(("gnutls" ,gnutls) + (inputs `(("gnutls" ,gnutls/dane) ("libidn" ,libidn) ("zlib" ,zlib))) (native-inputs --=20 2.14.2 --ytcyccd4hqk32i2w Content-Type: text/plain; charset=utf-8 Content-Disposition: attachment; filename="0003-gnu-libmicrohttpd-Use-gnutls-dane-as-input.patch" Content-Transfer-Encoding: quoted-printable =46rom 7fd53bf4f29120a5a4a4e22b2363f16b7dd86191 Mon Sep 17 00:00:00 2001 =46rom: ng0 Date: Mon, 21 Aug 2017 09:45:54 +0000 Subject: [PATCH 3/4] gnu: libmicrohttpd: Use 'gnutls/dane' as input. GNUnet and its dependency chain needs GnuTLS with DANE support. * gnu/packages/gnunet.scm (libmicrohttpd)[inputs]: Replace gnutls with 'gnu= tls/dane'. --- gnu/packages/gnunet.scm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gnu/packages/gnunet.scm b/gnu/packages/gnunet.scm index bb434c9ec..98574994a 100644 --- a/gnu/packages/gnunet.scm +++ b/gnu/packages/gnunet.scm @@ -155,7 +155,7 @@ tool to extract metadata from a file and print the resu= lts.") (build-system gnu-build-system) (inputs `(("curl" ,curl) - ("gnutls" ,gnutls) + ("gnutls" ,gnutls/dane) ("libgcrypt" ,libgcrypt) ("openssl" ,openssl) ("zlib" ,zlib))) --=20 2.14.2 --ytcyccd4hqk32i2w Content-Type: text/plain; charset=utf-8 Content-Disposition: attachment; filename="0004-gnu-gnunet-Use-gnutls-dane-as-input.patch" Content-Transfer-Encoding: quoted-printable =46rom c9738fff0e82937e8f4483b98baf06b45968ff47 Mon Sep 17 00:00:00 2001 =46rom: ng0 Date: Mon, 21 Aug 2017 09:48:32 +0000 Subject: [PATCH 4/4] gnu: gnunet: Use 'gnutls/dane' as input. GNUnet and its dependency chain needs GnuTLS with DANE support. * gnu/packages/gnunet.scm (gnunet)[inputs]: Replace gnutls with 'gnutls/dan= e'. --- gnu/packages/gnunet.scm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gnu/packages/gnunet.scm b/gnu/packages/gnunet.scm index 98574994a..9a2713e66 100644 --- a/gnu/packages/gnunet.scm +++ b/gnu/packages/gnunet.scm @@ -271,7 +271,7 @@ supports HTTP, HTTPS and GnuTLS.") ("gnurl" ,gnurl) ("gstreamer" ,gstreamer) ("gst-plugins-base" ,gst-plugins-base) - ("gnutls" ,gnutls) + ("gnutls" ,gnutls/dane) ("libextractor" ,libextractor) ("libgcrypt" ,libgcrypt) ("libidn" ,libidn) --=20 2.14.2 --ytcyccd4hqk32i2w-- --2zbhahlufaff6p5h Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEqIyK3RKYKNfqwC5S4i+bv+40hYgFAlnPpmcACgkQ4i+bv+40 hYjkDQ//SdgXDB3E0+bZ/Tn2+/q25whPut8iBH3ap76kp64qpBiSDWSe4PQmxhcA j8xhfk0prGj6/++G3uIs5CRQKFvQsNgHwghJAA4ilGTZdQqe0kx+o/2xo0idmv2Q NVXNiG0kT4U5KGByTfLP1q17pNzGTlWzPvIpm/hGhLpgNdh7/nlxHUkxAQDzDeSW yyoleQZnrZ/krYCYYIIqz6wxGRQqmf9rBsdaXQasWdQ5ZiAGtQy47Jr62EFrTSSu z65EpCaZUxWErnRIIG2taHFth69GqhrUww2s5/EyLrGaAUmbjf0sLFVXgcdKU/gT 4W2l6bIbKs/7Tr2bvUDaZujOA+FZeVz2vYnjAXr8IuWBlV2txTLNUFppVVEazTB3 cPR9ku7kODeQaxxV17T06U81ZUl1kZ/tD32RkyHLT/NxLLTONAXGxJcqSy9frJll YRznvY6TkrJyXnrKZxlhqXjpZp9QIb8kV7yGBQaWsF4v6FQF/EJODCabFMDndaE6 TxPVDosDwkJ1GC04dl6mjw1CP4kqd3tyAwoTmcq00CrSnRJuZvmYSb4VQ833Oa3j L/uRyxajoWAtAFniwIPbxloEzLH8Im8XUgeYP1cpQeIx/991J8OPSfpyx7SkJPnh Cs/Su7j/ICK0JQzI6XlS7wPHrV+RgPvY08fcGITDZHVPgYPVZaM= =+kLA -----END PGP SIGNATURE----- --2zbhahlufaff6p5h--