From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:44109) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dyKlG-0003U0-3e for guix-patches@gnu.org; Sat, 30 Sep 2017 12:37:07 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dyKlC-0007yb-67 for guix-patches@gnu.org; Sat, 30 Sep 2017 12:37:06 -0400 Received: from debbugs.gnu.org ([208.118.235.43]:60899) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1dyKlB-0007y6-VI for guix-patches@gnu.org; Sat, 30 Sep 2017 12:37:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1dyKlB-0008EZ-KA for guix-patches@gnu.org; Sat, 30 Sep 2017 12:37:01 -0400 Subject: [bug#28170] Add gnutls/dane + use it where its needed (gnurl, libmicrohttpd, gnunet) Resent-Message-ID: Date: Sat, 30 Sep 2017 16:36:05 +0000 From: ng0 Message-ID: <20170930163605.x4sl5irccreah67l@abyayala> References: <20170821095726.qtf2ko526nup4yba@abyayala> <20170930122616.17079913@cbaines.net> <20170930122309.akl2dxa46eru36pb@abyayala> <20170930134346.54a4c54a@cbaines.net> <20170930140144.yenmf7pr2ffecmll@abyayala> <20170930141255.yrnasw4aenfl77n4@abyayala> <20170930153444.3e49436f@cbaines.net> <20170930145636.dpri5bh7ipy22mib@abyayala> <20170930150152.oqwfd7ff5xshkt4s@abyayala> <20170930170504.1c476ed8@cbaines.net> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="4wx5sbsh5ngjupwb" Content-Disposition: inline In-Reply-To: <20170930170504.1c476ed8@cbaines.net> List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org Sender: "Guix-patches" To: Christopher Baines Cc: 28170@debbugs.gnu.org --4wx5sbsh5ngjupwb Content-Type: multipart/mixed; boundary="54qb5nx7sjvbexqf" Content-Disposition: inline --54qb5nx7sjvbexqf Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Christopher Baines transcribed 3.6K bytes: > On Sat, 30 Sep 2017 15:01:52 +0000 > ng0 wrote: >=20 > > ng0 transcribed 2.1K bytes: > > > Christopher Baines transcribed 1.7K bytes: =20 > > > > On Sat, 30 Sep 2017 14:12:55 +0000 > > > > ng0 wrote: > > > > =20 > > > > > The fix in this version is to only add the necessary input > > > > > to the inherited gnutls. =20 > > > >=20 > > > > Ok. One hopefully final thing. From the commit message [1], it's > > > > not clear to me if this is fixing an issue with the GNUnet > > > > package, by providing it with the right dependencies, or, adding > > > > additional functionality to the GNUnet package, by providing a > > > > more capable GnuTLS? > > > >=20 > > > > 1: "GNUnet and its dependency chain needs GnuTLS with DANE > > > > support."=20 > > > It provides the right GnuTLS to GNUnet, libmicrohttpd and gnURL. > > > Certain features of these applications will not work without it. > > > GnuTLS without Dane is not fatal error for these packages, but > > > Dane is recommended. > > > I have no idea how I should put this into the very strict dictionary > > > we have in commit messages=E2=80=A6 In more free-form it would be no = problem > > > for me. > > > --=20 > > > ng0 > > > GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588 > > > GnuPG: https://krosos.org/dist/keys/ > > > https://www.infotropique.org https://krosos.org =20 > >=20 > > Okay, I now see what you mean. > >=20 > > To make it short: the correct dependency is provided in place > > of the current working-but-not-correct GnuTLS. > >=20 > > Is that more clear? >=20 > I think you've made it clear to me now. >=20 > From what you're saying, I think its the 2nd thing I said. Making this > change will enable some functionality in the GNUnet package (and > possibly some of the other packages changed). >=20 > I'm not sure using the word "correct" helps, unless you say what the > dependencies are correct/incorrect with respect to, for example, if the > GNUnet documentation says that it should be built with GnuTLS with Dane > support, then that would be a reason to talk about correctness. Yes it does state this, in the documentation and all these applications list the dependency in README aswell. This is why I thought the original, first version, comment I made in gnutls/dane was enough. But I'll have to be more clear then. Well if gnURL doesn't state it in its README I have to add it, if it's not in there it's my mistake - it's correct nevertheless. > As for the commit format. As I understand the conventions, you can put > anything in between the first line, and the changelog at the bottom. > For example, one case where I ended up writing quite a bit is here [1]. >=20 > It doesn't have to be very specific, but something about the intent or > intended effect of the change in each commit would be very useful. >=20 > 1: > http://git.savannah.gnu.org/cgit/guix.git/commit/?id=3D6230e155afd8c43c12= ee3f03032aac34433db11a Okay, thanks. I will change the commit messages and reference our (GNUnet) README and documentation sections. --=20 ng0 GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588 GnuPG: https://krosos.org/dist/keys/ https://www.infotropique.org https://krosos.org --54qb5nx7sjvbexqf Content-Type: text/plain; charset=utf-8 Content-Disposition: attachment; filename="0001-gnu-gnutls-Add-gnutls-dane.patch" Content-Transfer-Encoding: quoted-printable =46rom d110c5792959ba62ae3df4435e25d5c95bd60fa8 Mon Sep 17 00:00:00 2001 =46rom: ng0 Date: Mon, 21 Aug 2017 09:28:51 +0000 Subject: [PATCH 1/4] gnu: gnutls: Add 'gnutls-dane'. * gnu/packages/tls.scm (gnutls/dane): New variable. --- gnu/packages/tls.scm | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index 3251c102b..0e59d7df1 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -6,7 +6,7 @@ ;;; Copyright =C2=A9 2015 David Thompson ;;; Copyright =C2=A9 2015, 2016, 2017 Leo Famulari ;;; Copyright =C2=A9 2016, 2017 Efraim Flashner -;;; Copyright =C2=A9 2016, 2017 ng0 +;;; Copyright =C2=A9 2016, 2017 ng0 ;;; Copyright =C2=A9 2016 Hartmut Goebel ;;; Copyright =C2=A9 2017 Ricardo Wurmus ;;; Copyright =C2=A9 2017 Marius Bakke @@ -37,6 +37,7 @@ #:use-module (guix build-system cmake) #:use-module (gnu packages compression) #:use-module (gnu packages) + #:use-module (gnu packages dns) #:use-module (gnu packages guile) #:use-module (gnu packages libbsd) #:use-module (gnu packages libffi) @@ -229,6 +230,17 @@ required structures.") (inputs `(("guile" ,guile-2.0) ,@(alist-delete "guile" (package-inputs gnutls)))))) =20 +(define-public gnutls/dane + ;; GnuTLS with build libgnutls-dane, implementing DNS-based + ;; Authentication of Named Entities. This is required for GNS functiona= lity + ;; by GNUnet and gnURL. This is done in an extra package definition + ;; to have the choice between GnuTLS with Dane and without Dane. + (package + (inherit gnutls) + (name "gnutls-dane") + (inputs `(("unbound" ,unbound) + ,@(package-inputs gnutls))))) + (define-public openssl (package (name "openssl") --=20 2.14.2 --54qb5nx7sjvbexqf Content-Type: text/plain; charset=utf-8 Content-Disposition: attachment; filename="0002-gnu-gnurl-Use-gnutls-dane-as-input.patch" Content-Transfer-Encoding: quoted-printable =46rom 5580691be6696c5af1b7d6f833958d675b22ece9 Mon Sep 17 00:00:00 2001 =46rom: ng0 Date: Mon, 21 Aug 2017 09:38:55 +0000 Subject: [PATCH 2/4] gnu: gnurl: Use 'gnutls/dane' as input. This switches the used GnuTLS to the one recommended by the GNUnet Documentation (Chapter "Installation Handbook", Section "Generic installation instructions") where a specific order of dependency installation is required. In this order libunbound is installed first, then GnuTLS, then libgnurl, followed by libmicrohttpd. * gnu/packages/gnunet.scm (gnurl)[inputs]: Replace gnutls with 'gnutls/dane= '. --- gnu/packages/gnunet.scm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gnu/packages/gnunet.scm b/gnu/packages/gnunet.scm index 82702e4e8..bb434c9ec 100644 --- a/gnu/packages/gnunet.scm +++ b/gnu/packages/gnunet.scm @@ -197,7 +197,7 @@ and support for SSL3 and TLS.") (build-system gnu-build-system) (outputs '("out" "doc")) ; 1.5 MiB of man3 pages - (inputs `(("gnutls" ,gnutls) + (inputs `(("gnutls" ,gnutls/dane) ("libidn" ,libidn) ("zlib" ,zlib))) (native-inputs --=20 2.14.2 --54qb5nx7sjvbexqf Content-Type: text/plain; charset=utf-8 Content-Disposition: attachment; filename="0003-gnu-libmicrohttpd-Use-gnutls-dane-as-input.patch" Content-Transfer-Encoding: quoted-printable =46rom 31e8a308c16c36eecf30e16acc77ec1d676d416e Mon Sep 17 00:00:00 2001 =46rom: ng0 Date: Mon, 21 Aug 2017 09:45:54 +0000 Subject: [PATCH 3/4] gnu: libmicrohttpd: Use 'gnutls/dane' as input. This switches the used GnuTLS to the one recommended by the GNUnet Documentation (Chapter "Installation Handbook", Section "Generic installation instructions") where a specific order of dependency installation is required. In this order libunbound is installed first, then GnuTLS, then libgnurl, followed by libmicrohttpd. * gnu/packages/gnunet.scm (libmicrohttpd)[inputs]: Replace gnutls with 'gnu= tls/dane'. --- gnu/packages/gnunet.scm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gnu/packages/gnunet.scm b/gnu/packages/gnunet.scm index bb434c9ec..98574994a 100644 --- a/gnu/packages/gnunet.scm +++ b/gnu/packages/gnunet.scm @@ -155,7 +155,7 @@ tool to extract metadata from a file and print the resu= lts.") (build-system gnu-build-system) (inputs `(("curl" ,curl) - ("gnutls" ,gnutls) + ("gnutls" ,gnutls/dane) ("libgcrypt" ,libgcrypt) ("openssl" ,openssl) ("zlib" ,zlib))) --=20 2.14.2 --54qb5nx7sjvbexqf Content-Type: text/plain; charset=utf-8 Content-Disposition: attachment; filename="0004-gnu-gnunet-Use-gnutls-dane-as-input.patch" Content-Transfer-Encoding: quoted-printable =46rom 24df6f3fd2a83f36e264a46dfed16d4e8d744585 Mon Sep 17 00:00:00 2001 =46rom: ng0 Date: Mon, 21 Aug 2017 09:48:32 +0000 Subject: [PATCH 4/4] gnu: gnunet: Use 'gnutls/dane' as input. This switches the used GnuTLS to the one recommended by the GNUnet Documentation (Chapter "Installation Handbook", Section "Generic installation instructions") where a specific order of dependency installation is required. In this order libunbound is installed first, then GnuTLS, then libgnurl, followed by libmicrohttpd. * gnu/packages/gnunet.scm (gnunet)[inputs]: Replace gnutls with 'gnutls/dan= e'. --- gnu/packages/gnunet.scm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gnu/packages/gnunet.scm b/gnu/packages/gnunet.scm index 98574994a..9a2713e66 100644 --- a/gnu/packages/gnunet.scm +++ b/gnu/packages/gnunet.scm @@ -271,7 +271,7 @@ supports HTTP, HTTPS and GnuTLS.") ("gnurl" ,gnurl) ("gstreamer" ,gstreamer) ("gst-plugins-base" ,gst-plugins-base) - ("gnutls" ,gnutls) + ("gnutls" ,gnutls/dane) ("libextractor" ,libextractor) ("libgcrypt" ,libgcrypt) ("libidn" ,libidn) --=20 2.14.2 --54qb5nx7sjvbexqf-- --4wx5sbsh5ngjupwb Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEqIyK3RKYKNfqwC5S4i+bv+40hYgFAlnPx/UACgkQ4i+bv+40 hYiS1g/9G30PKEuuFNl+CxkYMlceJ3YlJ6vza85LYFqG7x43y9VZuotcFh9BD8r4 oLDgM24s6qEyGGkXSZxCd+3rbZtcycuVRJIarN9LruukYpYM6cwyia025QOtI8vz gjGb8Om7RtAB1fS/eulEJRMEND/SVXLkoUS5T2SJ+x7zMBrlDttueIReZhTWjRUr MDRQ7afz+wA2WY66pLaUMw+kN5BwPtL5sfCiD/X6pS2k3FCvDjz3CYZSTqmDaEGw OKDVOj3EyIRK5wgi4AiFsyWE0EaTgbuYWN5072ayDVmMBez+g7TlRUh8m73AnGJA Pcv9pqWbbUBlcy54K9sfUMiZXmZxLCqJsdWdc6gcyl2ouHERf66Ydr807c09TORb eghiP9tZQCqovi9d8ohqkadKsbPRUShRupydq4mAhFhHq0JIdzvM3ptcZedRqq0b v8Uirb7HVVV9nK/lovOTiHu3+kf4tvtqSrhqyaB5xrUgt1m5c5U52pqRSGb5/eFB wqNAGEO/1rer7A+/nf8sarDW80uxE3fezL/Ty/B6LAp+KhtqHdtVpMsHa8w7d7KA T6pEkZNZUQhklGAddJDG44BmJkyeQ7+QwmtfCkkuZWT4Xuz8ebSL1Ikj9tShGPRH TXigyhJ1NMc0MxByS6GtwnMtWbVcRFJKmiyXcPPqfDJN6KOwitA= =nIcz -----END PGP SIGNATURE----- --4wx5sbsh5ngjupwb--