* [bug#28170] Add gnutls/dane + use it where its needed (gnurl, libmicrohttpd, gnunet) @ 2017-08-21 9:57 ng0 2017-09-30 11:26 ` Christopher Baines 0 siblings, 1 reply; 14+ messages in thread From: ng0 @ 2017-08-21 9:57 UTC (permalink / raw) To: 28170 [-- Attachment #1.1: Type: text/plain, Size: 492 bytes --] The dependency chain of GNUnet demands GnuTLS with DANE support. You can use it without DANE, but there are certain parts which will not work. DANE is recommended. (ports of FREEBSD uses gnutls-dane for libmicrohttpd aswell for example). The attached patches: - Add 'gnutls/dane' - Use it in - libmicrohttpd - gnurl - gnunet -- ng0 GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588 GnuPG: https://n0is.noblogs.org/my-keys https://www.infotropique.org https://krosos.org [-- Attachment #1.2: 0001-gnu-gnutls-Add-gnutls-dane.patch --] [-- Type: text/plain, Size: 1883 bytes --] From c9dedfd1a6f91d557006b00505a428be84102b1e Mon Sep 17 00:00:00 2001 From: ng0 <ng0@infotropique.org> Date: Mon, 21 Aug 2017 09:28:51 +0000 Subject: [PATCH 1/4] gnu: gnutls: Add 'gnutls-dane'. * gnu/packages/tls.scm (gnutls/dane): New variable. --- gnu/packages/tls.scm | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index 88c71a908..43c37690d 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -6,7 +6,7 @@ ;;; Copyright © 2015 David Thompson <davet@gnu.org> ;;; Copyright © 2015, 2016, 2017 Leo Famulari <leo@famulari.name> ;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il> -;;; Copyright © 2016, 2017 ng0 <contact.ng0@cryptolab.net> +;;; Copyright © 2016, 2017 ng0 <ng0@infotropique.org> ;;; Copyright © 2016 Hartmut Goebel <h.goebel@crazy-compilers.com> ;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com> ;;; @@ -36,6 +36,7 @@ #:use-module (guix build-system cmake) #:use-module (gnu packages compression) #:use-module (gnu packages) + #:use-module (gnu packages dns) #:use-module (gnu packages guile) #:use-module (gnu packages libbsd) #:use-module (gnu packages libffi) @@ -253,6 +254,17 @@ required structures.") (inputs `(("guile" ,guile-2.2) ,@(alist-delete "guile" (package-inputs gnutls)))))) +(define-public gnutls/dane + ;; GnuTLS with build libgnutls-dane, implementing DNS-based + ;; Authentication of Named Entities. This is required for GNS functionality + ;; by GNUnet and gnURL. + (package + (inherit gnutls) + (source (package-source gnutls-3.5.13)) + (name "gnutls-dane") + (inputs `(("unbound" ,unbound) + ,@(package-inputs gnutls))))) + (define-public openssl (package (name "openssl") -- 2.14.1 [-- Attachment #1.3: 0002-gnu-gnurl-Use-gnutls-dane-as-input.patch --] [-- Type: text/plain, Size: 966 bytes --] From 54bde59405ccae78aa48f9cdd325b3280178408e Mon Sep 17 00:00:00 2001 From: ng0 <ng0@infotropique.org> Date: Mon, 21 Aug 2017 09:38:55 +0000 Subject: [PATCH 2/4] gnu: gnurl: Use 'gnutls/dane' as input. GNUnet and its dependency chain needs GnuTLS with DANE support. * gnu/packages/gnunet.scm (gnurl)[inputs]: Replace gnutls with 'gnutls/dane'. --- gnu/packages/gnunet.scm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gnu/packages/gnunet.scm b/gnu/packages/gnunet.scm index 7ff1a3f6f..93aab2894 100644 --- a/gnu/packages/gnunet.scm +++ b/gnu/packages/gnunet.scm @@ -197,7 +197,7 @@ and support for SSL3 and TLS.") (build-system gnu-build-system) (outputs '("out" "doc")) ; 1.5 MiB of man3 pages - (inputs `(("gnutls" ,gnutls) + (inputs `(("gnutls" ,gnutls/dane) ("libidn" ,libidn) ("zlib" ,zlib))) (native-inputs -- 2.14.1 [-- Attachment #1.4: 0003-gnu-libmicrohttpd-Use-gnutls-dane-as-input.patch --] [-- Type: text/plain, Size: 937 bytes --] From 6bdd32e899d955cb14980cf98a645204247528c4 Mon Sep 17 00:00:00 2001 From: ng0 <ng0@infotropique.org> Date: Mon, 21 Aug 2017 09:45:54 +0000 Subject: [PATCH 3/4] gnu: libmicrohttpd: Use 'gnutls/dane' as input. GNUnet and its dependency chain needs GnuTLS with DANE support. * gnu/packages/gnunet.scm (libmicrohttpd)[inputs]: Replace gnutls with 'gnutls/dane'. --- gnu/packages/gnunet.scm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gnu/packages/gnunet.scm b/gnu/packages/gnunet.scm index 93aab2894..5d8d72fbb 100644 --- a/gnu/packages/gnunet.scm +++ b/gnu/packages/gnunet.scm @@ -155,7 +155,7 @@ tool to extract metadata from a file and print the results.") (build-system gnu-build-system) (inputs `(("curl" ,curl) - ("gnutls" ,gnutls) + ("gnutls" ,gnutls/dane) ("libgcrypt" ,libgcrypt) ("openssl" ,openssl) ("zlib" ,zlib))) -- 2.14.1 [-- Attachment #1.5: 0004-gnu-gnunet-Use-gnutls-dane-as-input.patch --] [-- Type: text/plain, Size: 940 bytes --] From 78ec8c48d225bddb51078b9ec57d6ff432598f53 Mon Sep 17 00:00:00 2001 From: ng0 <ng0@infotropique.org> Date: Mon, 21 Aug 2017 09:48:32 +0000 Subject: [PATCH 4/4] gnu: gnunet: Use 'gnutls/dane' as input. GNUnet and its dependency chain needs GnuTLS with DANE support. * gnu/packages/gnunet.scm (gnunet)[inputs]: Replace gnutls with 'gnutls/dane'. --- gnu/packages/gnunet.scm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gnu/packages/gnunet.scm b/gnu/packages/gnunet.scm index 5d8d72fbb..83b0ba613 100644 --- a/gnu/packages/gnunet.scm +++ b/gnu/packages/gnunet.scm @@ -277,7 +277,7 @@ supports HTTP, HTTPS and GnuTLS.") ("gnurl" ,gnurl) ("gstreamer" ,gstreamer) ("gst-plugins-base" ,gst-plugins-base) - ("gnutls" ,gnutls) + ("gnutls" ,gnutls/dane) ("libextractor" ,libextractor) ("libgcrypt" ,libgcrypt) ("libidn" ,libidn) -- 2.14.1 [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 833 bytes --] ^ permalink raw reply related [flat|nested] 14+ messages in thread
* [bug#28170] Add gnutls/dane + use it where its needed (gnurl, libmicrohttpd, gnunet) 2017-08-21 9:57 [bug#28170] Add gnutls/dane + use it where its needed (gnurl, libmicrohttpd, gnunet) ng0 @ 2017-09-30 11:26 ` Christopher Baines 2017-09-30 12:23 ` ng0 0 siblings, 1 reply; 14+ messages in thread From: Christopher Baines @ 2017-09-30 11:26 UTC (permalink / raw) To: ng0; +Cc: 28170 [-- Attachment #1: Type: text/plain, Size: 942 bytes --] On Mon, 21 Aug 2017 09:57:26 +0000 ng0 <ng0@infotropique.org> wrote: > The dependency chain of GNUnet demands GnuTLS with DANE support. > You can use it without DANE, but there are certain parts which > will not work. DANE is recommended. (ports of FREEBSD uses > gnutls-dane for libmicrohttpd aswell for example). > From c9dedfd1a6f91d557006b00505a428be84102b1e Mon Sep 17 00:00:00 2001 > From: ng0 <ng0@infotropique.org> > Date: Mon, 21 Aug 2017 09:28:51 +0000 > Subject: [PATCH 1/4] gnu: gnutls: Add 'gnutls-dane'. > > * gnu/packages/tls.scm (gnutls/dane): New variable. Hey, so I'm trying to do some reviewing. What was your reasoning for creating a new gnutls/dane package, rather than adding unbound to the existing gnutls package? I don't know much about GnuTLS, but it would be good to make it clear why this approach was taken, especially in the commit message and by the gnutls/dane package definition. [-- Attachment #2: OpenPGP digital signature --] [-- Type: application/pgp-signature, Size: 963 bytes --] ^ permalink raw reply [flat|nested] 14+ messages in thread
* [bug#28170] Add gnutls/dane + use it where its needed (gnurl, libmicrohttpd, gnunet) 2017-09-30 11:26 ` Christopher Baines @ 2017-09-30 12:23 ` ng0 2017-09-30 12:43 ` Christopher Baines 0 siblings, 1 reply; 14+ messages in thread From: ng0 @ 2017-09-30 12:23 UTC (permalink / raw) To: Christopher Baines; +Cc: 28170 [-- Attachment #1: Type: text/plain, Size: 1425 bytes --] Christopher Baines transcribed 2.1K bytes: > On Mon, 21 Aug 2017 09:57:26 +0000 > ng0 <ng0@infotropique.org> wrote: > > > The dependency chain of GNUnet demands GnuTLS with DANE support. > > You can use it without DANE, but there are certain parts which > > will not work. DANE is recommended. (ports of FREEBSD uses > > gnutls-dane for libmicrohttpd aswell for example). > > > From c9dedfd1a6f91d557006b00505a428be84102b1e Mon Sep 17 00:00:00 2001 > > From: ng0 <ng0@infotropique.org> > > Date: Mon, 21 Aug 2017 09:28:51 +0000 > > Subject: [PATCH 1/4] gnu: gnutls: Add 'gnutls-dane'. > > > > * gnu/packages/tls.scm (gnutls/dane): New variable. > > Hey, so I'm trying to do some reviewing. > > What was your reasoning for creating a new gnutls/dane package, rather > than adding unbound to the existing gnutls package? > > I don't know much about GnuTLS, but it would be good to make it clear > why this approach was taken, especially in the commit message and by > the gnutls/dane package definition. Honestly, I did not want to touch the gnutls package for this. I wanted to leave the option open to have gnutls without dane. Sure, it's a useful feature. If you think I should apply it directly to gnutls, tell me and I'll send a new patch. -- ng0 GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588 GnuPG: https://krosos.org/dist/keys/ https://www.infotropique.org https://krosos.org [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 833 bytes --] ^ permalink raw reply [flat|nested] 14+ messages in thread
* [bug#28170] Add gnutls/dane + use it where its needed (gnurl, libmicrohttpd, gnunet) 2017-09-30 12:23 ` ng0 @ 2017-09-30 12:43 ` Christopher Baines 2017-09-30 14:01 ` ng0 2017-09-30 14:03 ` [bug#28170] " ng0 0 siblings, 2 replies; 14+ messages in thread From: Christopher Baines @ 2017-09-30 12:43 UTC (permalink / raw) To: ng0; +Cc: 28170 [-- Attachment #1: Type: text/plain, Size: 1657 bytes --] On Sat, 30 Sep 2017 12:23:09 +0000 ng0 <ng0@infotropique.org> wrote: > Christopher Baines transcribed 2.1K bytes: > > On Mon, 21 Aug 2017 09:57:26 +0000 > > ng0 <ng0@infotropique.org> wrote: > > > > > The dependency chain of GNUnet demands GnuTLS with DANE support. > > > You can use it without DANE, but there are certain parts which > > > will not work. DANE is recommended. (ports of FREEBSD uses > > > gnutls-dane for libmicrohttpd aswell for example). > > > > > From c9dedfd1a6f91d557006b00505a428be84102b1e Mon Sep 17 00:00:00 > > > 2001 From: ng0 <ng0@infotropique.org> > > > Date: Mon, 21 Aug 2017 09:28:51 +0000 > > > Subject: [PATCH 1/4] gnu: gnutls: Add 'gnutls-dane'. > > > > > > * gnu/packages/tls.scm (gnutls/dane): New variable. > > > > Hey, so I'm trying to do some reviewing. > > > > What was your reasoning for creating a new gnutls/dane package, > > rather than adding unbound to the existing gnutls package? > > > > I don't know much about GnuTLS, but it would be good to make it > > clear why this approach was taken, especially in the commit message > > and by the gnutls/dane package definition. > > Honestly, I did not want to touch the gnutls package for this. > I wanted to leave the option open to have gnutls without dane. > Sure, it's a useful feature. If you think I should apply it > directly to gnutls, tell me and I'll send a new patch. I'm happy with that reason, if you could put that in the relevant commit message, or in a comment by the gnutls/dane package definition (or both), I'll check I can build all the changed packages, and push if they all build for me. [-- Attachment #2: OpenPGP digital signature --] [-- Type: application/pgp-signature, Size: 963 bytes --] ^ permalink raw reply [flat|nested] 14+ messages in thread
* [bug#28170] Add gnutls/dane + use it where its needed (gnurl, libmicrohttpd, gnunet) 2017-09-30 12:43 ` Christopher Baines @ 2017-09-30 14:01 ` ng0 2017-09-30 14:12 ` ng0 2017-09-30 14:03 ` [bug#28170] " ng0 1 sibling, 1 reply; 14+ messages in thread From: ng0 @ 2017-09-30 14:01 UTC (permalink / raw) To: Christopher Baines; +Cc: 28170 [-- Attachment #1.1: Type: text/plain, Size: 1942 bytes --] Christopher Baines transcribed 2.8K bytes: > On Sat, 30 Sep 2017 12:23:09 +0000 > ng0 <ng0@infotropique.org> wrote: > > > Christopher Baines transcribed 2.1K bytes: > > > On Mon, 21 Aug 2017 09:57:26 +0000 > > > ng0 <ng0@infotropique.org> wrote: > > > > > > > The dependency chain of GNUnet demands GnuTLS with DANE support. > > > > You can use it without DANE, but there are certain parts which > > > > will not work. DANE is recommended. (ports of FREEBSD uses > > > > gnutls-dane for libmicrohttpd aswell for example). > > > > > > > From c9dedfd1a6f91d557006b00505a428be84102b1e Mon Sep 17 00:00:00 > > > > 2001 From: ng0 <ng0@infotropique.org> > > > > Date: Mon, 21 Aug 2017 09:28:51 +0000 > > > > Subject: [PATCH 1/4] gnu: gnutls: Add 'gnutls-dane'. > > > > > > > > * gnu/packages/tls.scm (gnutls/dane): New variable. > > > > > > Hey, so I'm trying to do some reviewing. > > > > > > What was your reasoning for creating a new gnutls/dane package, > > > rather than adding unbound to the existing gnutls package? > > > > > > I don't know much about GnuTLS, but it would be good to make it > > > clear why this approach was taken, especially in the commit message > > > and by the gnutls/dane package definition. > > > > Honestly, I did not want to touch the gnutls package for this. > > I wanted to leave the option open to have gnutls without dane. > > Sure, it's a useful feature. If you think I should apply it > > directly to gnutls, tell me and I'll send a new patch. > > I'm happy with that reason, if you could put that in the relevant > commit message, or in a comment by the gnutls/dane package definition > (or both), I'll check I can build all the changed packages, and push > if they all build for me. Okay. Appended. -- ng0 GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588 GnuPG: https://krosos.org/dist/keys/ https://www.infotropique.org https://krosos.org [-- Attachment #1.2: 0001-gnu-gnutls-Add-gnutls-dane.patch --] [-- Type: text/plain, Size: 2053 bytes --] From 2a56a48f36484c8f5b3f7ef70e51e9b40604c071 Mon Sep 17 00:00:00 2001 From: ng0 <ng0@infotropique.org> Date: Mon, 21 Aug 2017 09:28:51 +0000 Subject: [PATCH 1/4] gnu: gnutls: Add 'gnutls-dane'. * gnu/packages/tls.scm (gnutls/dane): New variable. --- gnu/packages/tls.scm | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index 3251c102b..445f4ba83 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -6,7 +6,7 @@ ;;; Copyright © 2015 David Thompson <davet@gnu.org> ;;; Copyright © 2015, 2016, 2017 Leo Famulari <leo@famulari.name> ;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il> -;;; Copyright © 2016, 2017 ng0 <contact.ng0@cryptolab.net> +;;; Copyright © 2016, 2017 ng0 <ng0@infotropique.org> ;;; Copyright © 2016 Hartmut Goebel <h.goebel@crazy-compilers.com> ;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net> ;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com> @@ -37,6 +37,7 @@ #:use-module (guix build-system cmake) #:use-module (gnu packages compression) #:use-module (gnu packages) + #:use-module (gnu packages dns) #:use-module (gnu packages guile) #:use-module (gnu packages libbsd) #:use-module (gnu packages libffi) @@ -229,6 +230,18 @@ required structures.") (inputs `(("guile" ,guile-2.0) ,@(alist-delete "guile" (package-inputs gnutls)))))) +(define-public gnutls/dane + ;; GnuTLS with build libgnutls-dane, implementing DNS-based + ;; Authentication of Named Entities. This is required for GNS functionality + ;; by GNUnet and gnURL. This is done in an extra package definition + ;; to have the choice between GnuTLS with Dane and without Dane. + (package + (inherit gnutls) + (source (package-source gnutls-3.5.13)) + (name "gnutls-dane") + (inputs `(("unbound" ,unbound) + ,@(package-inputs gnutls))))) + (define-public openssl (package (name "openssl") -- 2.14.2 [-- Attachment #1.3: 0002-gnu-gnurl-Use-gnutls-dane-as-input.patch --] [-- Type: text/plain, Size: 966 bytes --] From 60b4b4a90cbcfa5d7f8702c3341714f5a0dceade Mon Sep 17 00:00:00 2001 From: ng0 <ng0@infotropique.org> Date: Mon, 21 Aug 2017 09:38:55 +0000 Subject: [PATCH 2/4] gnu: gnurl: Use 'gnutls/dane' as input. GNUnet and its dependency chain needs GnuTLS with DANE support. * gnu/packages/gnunet.scm (gnurl)[inputs]: Replace gnutls with 'gnutls/dane'. --- gnu/packages/gnunet.scm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gnu/packages/gnunet.scm b/gnu/packages/gnunet.scm index 82702e4e8..bb434c9ec 100644 --- a/gnu/packages/gnunet.scm +++ b/gnu/packages/gnunet.scm @@ -197,7 +197,7 @@ and support for SSL3 and TLS.") (build-system gnu-build-system) (outputs '("out" "doc")) ; 1.5 MiB of man3 pages - (inputs `(("gnutls" ,gnutls) + (inputs `(("gnutls" ,gnutls/dane) ("libidn" ,libidn) ("zlib" ,zlib))) (native-inputs -- 2.14.2 [-- Attachment #1.4: 0003-gnu-libmicrohttpd-Use-gnutls-dane-as-input.patch --] [-- Type: text/plain, Size: 937 bytes --] From 987534a31c304bf6bfb200268f4c3b86fecb024e Mon Sep 17 00:00:00 2001 From: ng0 <ng0@infotropique.org> Date: Mon, 21 Aug 2017 09:45:54 +0000 Subject: [PATCH 3/4] gnu: libmicrohttpd: Use 'gnutls/dane' as input. GNUnet and its dependency chain needs GnuTLS with DANE support. * gnu/packages/gnunet.scm (libmicrohttpd)[inputs]: Replace gnutls with 'gnutls/dane'. --- gnu/packages/gnunet.scm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gnu/packages/gnunet.scm b/gnu/packages/gnunet.scm index bb434c9ec..98574994a 100644 --- a/gnu/packages/gnunet.scm +++ b/gnu/packages/gnunet.scm @@ -155,7 +155,7 @@ tool to extract metadata from a file and print the results.") (build-system gnu-build-system) (inputs `(("curl" ,curl) - ("gnutls" ,gnutls) + ("gnutls" ,gnutls/dane) ("libgcrypt" ,libgcrypt) ("openssl" ,openssl) ("zlib" ,zlib))) -- 2.14.2 [-- Attachment #1.5: 0004-gnu-gnunet-Use-gnutls-dane-as-input.patch --] [-- Type: text/plain, Size: 940 bytes --] From a8fcb786f2ca89f65fd24c1d038c957f880a5ef5 Mon Sep 17 00:00:00 2001 From: ng0 <ng0@infotropique.org> Date: Mon, 21 Aug 2017 09:48:32 +0000 Subject: [PATCH 4/4] gnu: gnunet: Use 'gnutls/dane' as input. GNUnet and its dependency chain needs GnuTLS with DANE support. * gnu/packages/gnunet.scm (gnunet)[inputs]: Replace gnutls with 'gnutls/dane'. --- gnu/packages/gnunet.scm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gnu/packages/gnunet.scm b/gnu/packages/gnunet.scm index 98574994a..9a2713e66 100644 --- a/gnu/packages/gnunet.scm +++ b/gnu/packages/gnunet.scm @@ -271,7 +271,7 @@ supports HTTP, HTTPS and GnuTLS.") ("gnurl" ,gnurl) ("gstreamer" ,gstreamer) ("gst-plugins-base" ,gst-plugins-base) - ("gnutls" ,gnutls) + ("gnutls" ,gnutls/dane) ("libextractor" ,libextractor) ("libgcrypt" ,libgcrypt) ("libidn" ,libidn) -- 2.14.2 [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 833 bytes --] ^ permalink raw reply related [flat|nested] 14+ messages in thread
* [bug#28170] Add gnutls/dane + use it where its needed (gnurl, libmicrohttpd, gnunet) 2017-09-30 14:01 ` ng0 @ 2017-09-30 14:12 ` ng0 2017-09-30 14:34 ` Christopher Baines 0 siblings, 1 reply; 14+ messages in thread From: ng0 @ 2017-09-30 14:12 UTC (permalink / raw) To: Christopher Baines; +Cc: 28170 [-- Attachment #1.1: Type: text/plain, Size: 234 bytes --] The fix in this version is to only add the necessary input to the inherited gnutls. -- ng0 GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588 GnuPG: https://krosos.org/dist/keys/ https://www.infotropique.org https://krosos.org [-- Attachment #1.2: 0001-gnu-gnutls-Add-gnutls-dane.patch --] [-- Type: text/plain, Size: 2006 bytes --] From 8f986b5b4cc2302420aa825491e0a05e905b6247 Mon Sep 17 00:00:00 2001 From: ng0 <ng0@infotropique.org> Date: Mon, 21 Aug 2017 09:28:51 +0000 Subject: [PATCH 1/4] gnu: gnutls: Add 'gnutls-dane'. * gnu/packages/tls.scm (gnutls/dane): New variable. --- gnu/packages/tls.scm | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index 3251c102b..0e59d7df1 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -6,7 +6,7 @@ ;;; Copyright © 2015 David Thompson <davet@gnu.org> ;;; Copyright © 2015, 2016, 2017 Leo Famulari <leo@famulari.name> ;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il> -;;; Copyright © 2016, 2017 ng0 <contact.ng0@cryptolab.net> +;;; Copyright © 2016, 2017 ng0 <ng0@infotropique.org> ;;; Copyright © 2016 Hartmut Goebel <h.goebel@crazy-compilers.com> ;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net> ;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com> @@ -37,6 +37,7 @@ #:use-module (guix build-system cmake) #:use-module (gnu packages compression) #:use-module (gnu packages) + #:use-module (gnu packages dns) #:use-module (gnu packages guile) #:use-module (gnu packages libbsd) #:use-module (gnu packages libffi) @@ -229,6 +230,17 @@ required structures.") (inputs `(("guile" ,guile-2.0) ,@(alist-delete "guile" (package-inputs gnutls)))))) +(define-public gnutls/dane + ;; GnuTLS with build libgnutls-dane, implementing DNS-based + ;; Authentication of Named Entities. This is required for GNS functionality + ;; by GNUnet and gnURL. This is done in an extra package definition + ;; to have the choice between GnuTLS with Dane and without Dane. + (package + (inherit gnutls) + (name "gnutls-dane") + (inputs `(("unbound" ,unbound) + ,@(package-inputs gnutls))))) + (define-public openssl (package (name "openssl") -- 2.14.2 [-- Attachment #1.3: 0002-gnu-gnurl-Use-gnutls-dane-as-input.patch --] [-- Type: text/plain, Size: 966 bytes --] From 1a5651a3babdc5d62b3a6ed8c94aec1a3fc51892 Mon Sep 17 00:00:00 2001 From: ng0 <ng0@infotropique.org> Date: Mon, 21 Aug 2017 09:38:55 +0000 Subject: [PATCH 2/4] gnu: gnurl: Use 'gnutls/dane' as input. GNUnet and its dependency chain needs GnuTLS with DANE support. * gnu/packages/gnunet.scm (gnurl)[inputs]: Replace gnutls with 'gnutls/dane'. --- gnu/packages/gnunet.scm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gnu/packages/gnunet.scm b/gnu/packages/gnunet.scm index 82702e4e8..bb434c9ec 100644 --- a/gnu/packages/gnunet.scm +++ b/gnu/packages/gnunet.scm @@ -197,7 +197,7 @@ and support for SSL3 and TLS.") (build-system gnu-build-system) (outputs '("out" "doc")) ; 1.5 MiB of man3 pages - (inputs `(("gnutls" ,gnutls) + (inputs `(("gnutls" ,gnutls/dane) ("libidn" ,libidn) ("zlib" ,zlib))) (native-inputs -- 2.14.2 [-- Attachment #1.4: 0003-gnu-libmicrohttpd-Use-gnutls-dane-as-input.patch --] [-- Type: text/plain, Size: 937 bytes --] From 7fd53bf4f29120a5a4a4e22b2363f16b7dd86191 Mon Sep 17 00:00:00 2001 From: ng0 <ng0@infotropique.org> Date: Mon, 21 Aug 2017 09:45:54 +0000 Subject: [PATCH 3/4] gnu: libmicrohttpd: Use 'gnutls/dane' as input. GNUnet and its dependency chain needs GnuTLS with DANE support. * gnu/packages/gnunet.scm (libmicrohttpd)[inputs]: Replace gnutls with 'gnutls/dane'. --- gnu/packages/gnunet.scm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gnu/packages/gnunet.scm b/gnu/packages/gnunet.scm index bb434c9ec..98574994a 100644 --- a/gnu/packages/gnunet.scm +++ b/gnu/packages/gnunet.scm @@ -155,7 +155,7 @@ tool to extract metadata from a file and print the results.") (build-system gnu-build-system) (inputs `(("curl" ,curl) - ("gnutls" ,gnutls) + ("gnutls" ,gnutls/dane) ("libgcrypt" ,libgcrypt) ("openssl" ,openssl) ("zlib" ,zlib))) -- 2.14.2 [-- Attachment #1.5: 0004-gnu-gnunet-Use-gnutls-dane-as-input.patch --] [-- Type: text/plain, Size: 940 bytes --] From c9738fff0e82937e8f4483b98baf06b45968ff47 Mon Sep 17 00:00:00 2001 From: ng0 <ng0@infotropique.org> Date: Mon, 21 Aug 2017 09:48:32 +0000 Subject: [PATCH 4/4] gnu: gnunet: Use 'gnutls/dane' as input. GNUnet and its dependency chain needs GnuTLS with DANE support. * gnu/packages/gnunet.scm (gnunet)[inputs]: Replace gnutls with 'gnutls/dane'. --- gnu/packages/gnunet.scm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gnu/packages/gnunet.scm b/gnu/packages/gnunet.scm index 98574994a..9a2713e66 100644 --- a/gnu/packages/gnunet.scm +++ b/gnu/packages/gnunet.scm @@ -271,7 +271,7 @@ supports HTTP, HTTPS and GnuTLS.") ("gnurl" ,gnurl) ("gstreamer" ,gstreamer) ("gst-plugins-base" ,gst-plugins-base) - ("gnutls" ,gnutls) + ("gnutls" ,gnutls/dane) ("libextractor" ,libextractor) ("libgcrypt" ,libgcrypt) ("libidn" ,libidn) -- 2.14.2 [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 833 bytes --] ^ permalink raw reply related [flat|nested] 14+ messages in thread
* [bug#28170] Add gnutls/dane + use it where its needed (gnurl, libmicrohttpd, gnunet) 2017-09-30 14:12 ` ng0 @ 2017-09-30 14:34 ` Christopher Baines 2017-09-30 14:56 ` ng0 0 siblings, 1 reply; 14+ messages in thread From: Christopher Baines @ 2017-09-30 14:34 UTC (permalink / raw) To: ng0; +Cc: 28170 [-- Attachment #1: Type: text/plain, Size: 516 bytes --] On Sat, 30 Sep 2017 14:12:55 +0000 ng0 <ng0@infotropique.org> wrote: > The fix in this version is to only add the necessary input > to the inherited gnutls. Ok. One hopefully final thing. From the commit message [1], it's not clear to me if this is fixing an issue with the GNUnet package, by providing it with the right dependencies, or, adding additional functionality to the GNUnet package, by providing a more capable GnuTLS? 1: "GNUnet and its dependency chain needs GnuTLS with DANE support." [-- Attachment #2: OpenPGP digital signature --] [-- Type: application/pgp-signature, Size: 963 bytes --] ^ permalink raw reply [flat|nested] 14+ messages in thread
* [bug#28170] Add gnutls/dane + use it where its needed (gnurl, libmicrohttpd, gnunet) 2017-09-30 14:34 ` Christopher Baines @ 2017-09-30 14:56 ` ng0 2017-09-30 15:01 ` ng0 0 siblings, 1 reply; 14+ messages in thread From: ng0 @ 2017-09-30 14:56 UTC (permalink / raw) To: Christopher Baines; +Cc: 28170 [-- Attachment #1: Type: text/plain, Size: 1101 bytes --] Christopher Baines transcribed 1.7K bytes: > On Sat, 30 Sep 2017 14:12:55 +0000 > ng0 <ng0@infotropique.org> wrote: > > > The fix in this version is to only add the necessary input > > to the inherited gnutls. > > Ok. One hopefully final thing. From the commit message [1], it's not > clear to me if this is fixing an issue with the GNUnet package, by > providing it with the right dependencies, or, adding additional > functionality to the GNUnet package, by providing a more capable GnuTLS? > > 1: "GNUnet and its dependency chain needs GnuTLS with DANE support." > It provides the right GnuTLS to GNUnet, libmicrohttpd and gnURL. Certain features of these applications will not work without it. GnuTLS without Dane is not fatal error for these packages, but Dane is recommended. I have no idea how I should put this into the very strict dictionary we have in commit messages… In more free-form it would be no problem for me. -- ng0 GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588 GnuPG: https://krosos.org/dist/keys/ https://www.infotropique.org https://krosos.org [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 833 bytes --] ^ permalink raw reply [flat|nested] 14+ messages in thread
* [bug#28170] Add gnutls/dane + use it where its needed (gnurl, libmicrohttpd, gnunet) 2017-09-30 14:56 ` ng0 @ 2017-09-30 15:01 ` ng0 2017-09-30 16:05 ` Christopher Baines 0 siblings, 1 reply; 14+ messages in thread From: ng0 @ 2017-09-30 15:01 UTC (permalink / raw) To: Christopher Baines; +Cc: 28170 [-- Attachment #1: Type: text/plain, Size: 1500 bytes --] ng0 transcribed 2.1K bytes: > Christopher Baines transcribed 1.7K bytes: > > On Sat, 30 Sep 2017 14:12:55 +0000 > > ng0 <ng0@infotropique.org> wrote: > > > > > The fix in this version is to only add the necessary input > > > to the inherited gnutls. > > > > Ok. One hopefully final thing. From the commit message [1], it's not > > clear to me if this is fixing an issue with the GNUnet package, by > > providing it with the right dependencies, or, adding additional > > functionality to the GNUnet package, by providing a more capable GnuTLS? > > > > 1: "GNUnet and its dependency chain needs GnuTLS with DANE support." > > > It provides the right GnuTLS to GNUnet, libmicrohttpd and gnURL. > Certain features of these applications will not work without it. > GnuTLS without Dane is not fatal error for these packages, but > Dane is recommended. > I have no idea how I should put this into the very strict dictionary > we have in commit messages… In more free-form it would be no problem > for me. > -- > ng0 > GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588 > GnuPG: https://krosos.org/dist/keys/ > https://www.infotropique.org https://krosos.org Okay, I now see what you mean. To make it short: the correct dependency is provided in place of the current working-but-not-correct GnuTLS. Is that more clear? -- ng0 GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588 GnuPG: https://krosos.org/dist/keys/ https://www.infotropique.org https://krosos.org [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 833 bytes --] ^ permalink raw reply [flat|nested] 14+ messages in thread
* [bug#28170] Add gnutls/dane + use it where its needed (gnurl, libmicrohttpd, gnunet) 2017-09-30 15:01 ` ng0 @ 2017-09-30 16:05 ` Christopher Baines 2017-09-30 16:36 ` ng0 0 siblings, 1 reply; 14+ messages in thread From: Christopher Baines @ 2017-09-30 16:05 UTC (permalink / raw) To: ng0; +Cc: 28170 [-- Attachment #1: Type: text/plain, Size: 2481 bytes --] On Sat, 30 Sep 2017 15:01:52 +0000 ng0 <ng0@infotropique.org> wrote: > ng0 transcribed 2.1K bytes: > > Christopher Baines transcribed 1.7K bytes: > > > On Sat, 30 Sep 2017 14:12:55 +0000 > > > ng0 <ng0@infotropique.org> wrote: > > > > > > > The fix in this version is to only add the necessary input > > > > to the inherited gnutls. > > > > > > Ok. One hopefully final thing. From the commit message [1], it's > > > not clear to me if this is fixing an issue with the GNUnet > > > package, by providing it with the right dependencies, or, adding > > > additional functionality to the GNUnet package, by providing a > > > more capable GnuTLS? > > > > > > 1: "GNUnet and its dependency chain needs GnuTLS with DANE > > > support." > > It provides the right GnuTLS to GNUnet, libmicrohttpd and gnURL. > > Certain features of these applications will not work without it. > > GnuTLS without Dane is not fatal error for these packages, but > > Dane is recommended. > > I have no idea how I should put this into the very strict dictionary > > we have in commit messages… In more free-form it would be no problem > > for me. > > -- > > ng0 > > GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588 > > GnuPG: https://krosos.org/dist/keys/ > > https://www.infotropique.org https://krosos.org > > Okay, I now see what you mean. > > To make it short: the correct dependency is provided in place > of the current working-but-not-correct GnuTLS. > > Is that more clear? I think you've made it clear to me now. From what you're saying, I think its the 2nd thing I said. Making this change will enable some functionality in the GNUnet package (and possibly some of the other packages changed). I'm not sure using the word "correct" helps, unless you say what the dependencies are correct/incorrect with respect to, for example, if the GNUnet documentation says that it should be built with GnuTLS with Dane support, then that would be a reason to talk about correctness. As for the commit format. As I understand the conventions, you can put anything in between the first line, and the changelog at the bottom. For example, one case where I ended up writing quite a bit is here [1]. It doesn't have to be very specific, but something about the intent or intended effect of the change in each commit would be very useful. 1: http://git.savannah.gnu.org/cgit/guix.git/commit/?id=6230e155afd8c43c12ee3f03032aac34433db11a [-- Attachment #2: OpenPGP digital signature --] [-- Type: application/pgp-signature, Size: 963 bytes --] ^ permalink raw reply [flat|nested] 14+ messages in thread
* [bug#28170] Add gnutls/dane + use it where its needed (gnurl, libmicrohttpd, gnunet) 2017-09-30 16:05 ` Christopher Baines @ 2017-09-30 16:36 ` ng0 2017-09-30 17:38 ` Christopher Baines 2017-10-01 9:52 ` bug#28170: " Christopher Baines 0 siblings, 2 replies; 14+ messages in thread From: ng0 @ 2017-09-30 16:36 UTC (permalink / raw) To: Christopher Baines; +Cc: 28170 [-- Attachment #1.1: Type: text/plain, Size: 3278 bytes --] Christopher Baines transcribed 3.6K bytes: > On Sat, 30 Sep 2017 15:01:52 +0000 > ng0 <ng0@infotropique.org> wrote: > > > ng0 transcribed 2.1K bytes: > > > Christopher Baines transcribed 1.7K bytes: > > > > On Sat, 30 Sep 2017 14:12:55 +0000 > > > > ng0 <ng0@infotropique.org> wrote: > > > > > > > > > The fix in this version is to only add the necessary input > > > > > to the inherited gnutls. > > > > > > > > Ok. One hopefully final thing. From the commit message [1], it's > > > > not clear to me if this is fixing an issue with the GNUnet > > > > package, by providing it with the right dependencies, or, adding > > > > additional functionality to the GNUnet package, by providing a > > > > more capable GnuTLS? > > > > > > > > 1: "GNUnet and its dependency chain needs GnuTLS with DANE > > > > support." > > > It provides the right GnuTLS to GNUnet, libmicrohttpd and gnURL. > > > Certain features of these applications will not work without it. > > > GnuTLS without Dane is not fatal error for these packages, but > > > Dane is recommended. > > > I have no idea how I should put this into the very strict dictionary > > > we have in commit messages… In more free-form it would be no problem > > > for me. > > > -- > > > ng0 > > > GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588 > > > GnuPG: https://krosos.org/dist/keys/ > > > https://www.infotropique.org https://krosos.org > > > > Okay, I now see what you mean. > > > > To make it short: the correct dependency is provided in place > > of the current working-but-not-correct GnuTLS. > > > > Is that more clear? > > I think you've made it clear to me now. > > From what you're saying, I think its the 2nd thing I said. Making this > change will enable some functionality in the GNUnet package (and > possibly some of the other packages changed). > > I'm not sure using the word "correct" helps, unless you say what the > dependencies are correct/incorrect with respect to, for example, if the > GNUnet documentation says that it should be built with GnuTLS with Dane > support, then that would be a reason to talk about correctness. Yes it does state this, in the documentation and all these applications list the dependency in README aswell. This is why I thought the original, first version, comment I made in gnutls/dane was enough. But I'll have to be more clear then. Well if gnURL doesn't state it in its README I have to add it, if it's not in there it's my mistake - it's correct nevertheless. > As for the commit format. As I understand the conventions, you can put > anything in between the first line, and the changelog at the bottom. > For example, one case where I ended up writing quite a bit is here [1]. > > It doesn't have to be very specific, but something about the intent or > intended effect of the change in each commit would be very useful. > > 1: > http://git.savannah.gnu.org/cgit/guix.git/commit/?id=6230e155afd8c43c12ee3f03032aac34433db11a Okay, thanks. I will change the commit messages and reference our (GNUnet) README and documentation sections. -- ng0 GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588 GnuPG: https://krosos.org/dist/keys/ https://www.infotropique.org https://krosos.org [-- Attachment #1.2: 0001-gnu-gnutls-Add-gnutls-dane.patch --] [-- Type: text/plain, Size: 2006 bytes --] From d110c5792959ba62ae3df4435e25d5c95bd60fa8 Mon Sep 17 00:00:00 2001 From: ng0 <ng0@infotropique.org> Date: Mon, 21 Aug 2017 09:28:51 +0000 Subject: [PATCH 1/4] gnu: gnutls: Add 'gnutls-dane'. * gnu/packages/tls.scm (gnutls/dane): New variable. --- gnu/packages/tls.scm | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index 3251c102b..0e59d7df1 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -6,7 +6,7 @@ ;;; Copyright © 2015 David Thompson <davet@gnu.org> ;;; Copyright © 2015, 2016, 2017 Leo Famulari <leo@famulari.name> ;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il> -;;; Copyright © 2016, 2017 ng0 <contact.ng0@cryptolab.net> +;;; Copyright © 2016, 2017 ng0 <ng0@infotropique.org> ;;; Copyright © 2016 Hartmut Goebel <h.goebel@crazy-compilers.com> ;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net> ;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com> @@ -37,6 +37,7 @@ #:use-module (guix build-system cmake) #:use-module (gnu packages compression) #:use-module (gnu packages) + #:use-module (gnu packages dns) #:use-module (gnu packages guile) #:use-module (gnu packages libbsd) #:use-module (gnu packages libffi) @@ -229,6 +230,17 @@ required structures.") (inputs `(("guile" ,guile-2.0) ,@(alist-delete "guile" (package-inputs gnutls)))))) +(define-public gnutls/dane + ;; GnuTLS with build libgnutls-dane, implementing DNS-based + ;; Authentication of Named Entities. This is required for GNS functionality + ;; by GNUnet and gnURL. This is done in an extra package definition + ;; to have the choice between GnuTLS with Dane and without Dane. + (package + (inherit gnutls) + (name "gnutls-dane") + (inputs `(("unbound" ,unbound) + ,@(package-inputs gnutls))))) + (define-public openssl (package (name "openssl") -- 2.14.2 [-- Attachment #1.3: 0002-gnu-gnurl-Use-gnutls-dane-as-input.patch --] [-- Type: text/plain, Size: 1231 bytes --] From 5580691be6696c5af1b7d6f833958d675b22ece9 Mon Sep 17 00:00:00 2001 From: ng0 <ng0@infotropique.org> Date: Mon, 21 Aug 2017 09:38:55 +0000 Subject: [PATCH 2/4] gnu: gnurl: Use 'gnutls/dane' as input. This switches the used GnuTLS to the one recommended by the GNUnet Documentation (Chapter "Installation Handbook", Section "Generic installation instructions") where a specific order of dependency installation is required. In this order libunbound is installed first, then GnuTLS, then libgnurl, followed by libmicrohttpd. * gnu/packages/gnunet.scm (gnurl)[inputs]: Replace gnutls with 'gnutls/dane'. --- gnu/packages/gnunet.scm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gnu/packages/gnunet.scm b/gnu/packages/gnunet.scm index 82702e4e8..bb434c9ec 100644 --- a/gnu/packages/gnunet.scm +++ b/gnu/packages/gnunet.scm @@ -197,7 +197,7 @@ and support for SSL3 and TLS.") (build-system gnu-build-system) (outputs '("out" "doc")) ; 1.5 MiB of man3 pages - (inputs `(("gnutls" ,gnutls) + (inputs `(("gnutls" ,gnutls/dane) ("libidn" ,libidn) ("zlib" ,zlib))) (native-inputs -- 2.14.2 [-- Attachment #1.4: 0003-gnu-libmicrohttpd-Use-gnutls-dane-as-input.patch --] [-- Type: text/plain, Size: 1202 bytes --] From 31e8a308c16c36eecf30e16acc77ec1d676d416e Mon Sep 17 00:00:00 2001 From: ng0 <ng0@infotropique.org> Date: Mon, 21 Aug 2017 09:45:54 +0000 Subject: [PATCH 3/4] gnu: libmicrohttpd: Use 'gnutls/dane' as input. This switches the used GnuTLS to the one recommended by the GNUnet Documentation (Chapter "Installation Handbook", Section "Generic installation instructions") where a specific order of dependency installation is required. In this order libunbound is installed first, then GnuTLS, then libgnurl, followed by libmicrohttpd. * gnu/packages/gnunet.scm (libmicrohttpd)[inputs]: Replace gnutls with 'gnutls/dane'. --- gnu/packages/gnunet.scm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gnu/packages/gnunet.scm b/gnu/packages/gnunet.scm index bb434c9ec..98574994a 100644 --- a/gnu/packages/gnunet.scm +++ b/gnu/packages/gnunet.scm @@ -155,7 +155,7 @@ tool to extract metadata from a file and print the results.") (build-system gnu-build-system) (inputs `(("curl" ,curl) - ("gnutls" ,gnutls) + ("gnutls" ,gnutls/dane) ("libgcrypt" ,libgcrypt) ("openssl" ,openssl) ("zlib" ,zlib))) -- 2.14.2 [-- Attachment #1.5: 0004-gnu-gnunet-Use-gnutls-dane-as-input.patch --] [-- Type: text/plain, Size: 1205 bytes --] From 24df6f3fd2a83f36e264a46dfed16d4e8d744585 Mon Sep 17 00:00:00 2001 From: ng0 <ng0@infotropique.org> Date: Mon, 21 Aug 2017 09:48:32 +0000 Subject: [PATCH 4/4] gnu: gnunet: Use 'gnutls/dane' as input. This switches the used GnuTLS to the one recommended by the GNUnet Documentation (Chapter "Installation Handbook", Section "Generic installation instructions") where a specific order of dependency installation is required. In this order libunbound is installed first, then GnuTLS, then libgnurl, followed by libmicrohttpd. * gnu/packages/gnunet.scm (gnunet)[inputs]: Replace gnutls with 'gnutls/dane'. --- gnu/packages/gnunet.scm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gnu/packages/gnunet.scm b/gnu/packages/gnunet.scm index 98574994a..9a2713e66 100644 --- a/gnu/packages/gnunet.scm +++ b/gnu/packages/gnunet.scm @@ -271,7 +271,7 @@ supports HTTP, HTTPS and GnuTLS.") ("gnurl" ,gnurl) ("gstreamer" ,gstreamer) ("gst-plugins-base" ,gst-plugins-base) - ("gnutls" ,gnutls) + ("gnutls" ,gnutls/dane) ("libextractor" ,libextractor) ("libgcrypt" ,libgcrypt) ("libidn" ,libidn) -- 2.14.2 [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 833 bytes --] ^ permalink raw reply related [flat|nested] 14+ messages in thread
* [bug#28170] Add gnutls/dane + use it where its needed (gnurl, libmicrohttpd, gnunet) 2017-09-30 16:36 ` ng0 @ 2017-09-30 17:38 ` Christopher Baines 2017-10-01 9:52 ` bug#28170: " Christopher Baines 1 sibling, 0 replies; 14+ messages in thread From: Christopher Baines @ 2017-09-30 17:38 UTC (permalink / raw) To: ng0; +Cc: 28170 [-- Attachment #1: Type: text/plain, Size: 2986 bytes --] On Sat, 30 Sep 2017 16:36:05 +0000 ng0 <ng0@infotropique.org> wrote: > Christopher Baines transcribed 3.6K bytes: > > On Sat, 30 Sep 2017 15:01:52 +0000 > > ng0 <ng0@infotropique.org> wrote: > > > > > ng0 transcribed 2.1K bytes: > > > > Christopher Baines transcribed 1.7K bytes: > > > > > On Sat, 30 Sep 2017 14:12:55 +0000 > > > > > ng0 <ng0@infotropique.org> wrote: > > > > > > > > > > > The fix in this version is to only add the necessary input > > > > > > to the inherited gnutls. > > > > > > > > > > Ok. One hopefully final thing. From the commit message [1], > > > > > it's not clear to me if this is fixing an issue with the > > > > > GNUnet package, by providing it with the right dependencies, > > > > > or, adding additional functionality to the GNUnet package, by > > > > > providing a more capable GnuTLS? > > > > > > > > > > 1: "GNUnet and its dependency chain needs GnuTLS with DANE > > > > > support." > > > > It provides the right GnuTLS to GNUnet, libmicrohttpd and gnURL. > > > > Certain features of these applications will not work without it. > > > > GnuTLS without Dane is not fatal error for these packages, but > > > > Dane is recommended. > > > > I have no idea how I should put this into the very strict > > > > dictionary we have in commit messages… In more free-form it > > > > would be no problem for me. > > > > -- > > > > ng0 > > > > GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588 > > > > GnuPG: https://krosos.org/dist/keys/ > > > > https://www.infotropique.org https://krosos.org > > > > > > Okay, I now see what you mean. > > > > > > To make it short: the correct dependency is provided in place > > > of the current working-but-not-correct GnuTLS. > > > > > > Is that more clear? > > > > I think you've made it clear to me now. > > > > From what you're saying, I think its the 2nd thing I said. Making > > this change will enable some functionality in the GNUnet package > > (and possibly some of the other packages changed). > > > > I'm not sure using the word "correct" helps, unless you say what the > > dependencies are correct/incorrect with respect to, for example, if > > the GNUnet documentation says that it should be built with GnuTLS > > with Dane support, then that would be a reason to talk about > > correctness. > > Yes it does state this, in the documentation and all these > applications list the dependency in README aswell. > This is why I thought the original, first version, comment I made in > gnutls/dane was enough. But I'll have to be more clear then. > Well if gnURL doesn't state it in its README I have to add it, if it's > not in there it's my mistake - it's correct nevertheless. Ah yes, I didn't really take in that comment in when I read the patch, but I can see it now "This is required for GNS functionality by GNUnet and gnURL.". That's great information, and having it in the commit would also be great. [-- Attachment #2: OpenPGP digital signature --] [-- Type: application/pgp-signature, Size: 963 bytes --] ^ permalink raw reply [flat|nested] 14+ messages in thread
* bug#28170: Add gnutls/dane + use it where its needed (gnurl, libmicrohttpd, gnunet) 2017-09-30 16:36 ` ng0 2017-09-30 17:38 ` Christopher Baines @ 2017-10-01 9:52 ` Christopher Baines 1 sibling, 0 replies; 14+ messages in thread From: Christopher Baines @ 2017-10-01 9:52 UTC (permalink / raw) To: ng0; +Cc: 28170-done [-- Attachment #1: Type: text/plain, Size: 3467 bytes --] On Sat, 30 Sep 2017 16:36:05 +0000 ng0 <ng0@infotropique.org> wrote: > Christopher Baines transcribed 3.6K bytes: > > On Sat, 30 Sep 2017 15:01:52 +0000 > > ng0 <ng0@infotropique.org> wrote: > > > > > ng0 transcribed 2.1K bytes: > > > > Christopher Baines transcribed 1.7K bytes: > > > > > On Sat, 30 Sep 2017 14:12:55 +0000 > > > > > ng0 <ng0@infotropique.org> wrote: > > > > > > > > > > > The fix in this version is to only add the necessary input > > > > > > to the inherited gnutls. > > > > > > > > > > Ok. One hopefully final thing. From the commit message [1], > > > > > it's not clear to me if this is fixing an issue with the > > > > > GNUnet package, by providing it with the right dependencies, > > > > > or, adding additional functionality to the GNUnet package, by > > > > > providing a more capable GnuTLS? > > > > > > > > > > 1: "GNUnet and its dependency chain needs GnuTLS with DANE > > > > > support." > > > > It provides the right GnuTLS to GNUnet, libmicrohttpd and gnURL. > > > > Certain features of these applications will not work without it. > > > > GnuTLS without Dane is not fatal error for these packages, but > > > > Dane is recommended. > > > > I have no idea how I should put this into the very strict > > > > dictionary we have in commit messages… In more free-form it > > > > would be no problem for me. > > > > -- > > > > ng0 > > > > GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588 > > > > GnuPG: https://krosos.org/dist/keys/ > > > > https://www.infotropique.org https://krosos.org > > > > > > Okay, I now see what you mean. > > > > > > To make it short: the correct dependency is provided in place > > > of the current working-but-not-correct GnuTLS. > > > > > > Is that more clear? > > > > I think you've made it clear to me now. > > > > From what you're saying, I think its the 2nd thing I said. Making > > this change will enable some functionality in the GNUnet package > > (and possibly some of the other packages changed). > > > > I'm not sure using the word "correct" helps, unless you say what the > > dependencies are correct/incorrect with respect to, for example, if > > the GNUnet documentation says that it should be built with GnuTLS > > with Dane support, then that would be a reason to talk about > > correctness. > > Yes it does state this, in the documentation and all these > applications list the dependency in README aswell. > This is why I thought the original, first version, comment I made in > gnutls/dane was enough. But I'll have to be more clear then. > Well if gnURL doesn't state it in its README I have to add it, if it's > not in there it's my mistake - it's correct nevertheless. > > > As for the commit format. As I understand the conventions, you can > > put anything in between the first line, and the changelog at the > > bottom. For example, one case where I ended up writing quite a bit > > is here [1]. > > > > It doesn't have to be very specific, but something about the intent > > or intended effect of the change in each commit would be very > > useful. > > > > 1: > > http://git.savannah.gnu.org/cgit/guix.git/commit/?id=6230e155afd8c43c12ee3f03032aac34433db11a > > Okay, thanks. I will change the commit messages and > reference our (GNUnet) README and documentation sections. I've now merged the patches that were attached to this email :) Thanks, Chris [-- Attachment #2: OpenPGP digital signature --] [-- Type: application/pgp-signature, Size: 963 bytes --] ^ permalink raw reply [flat|nested] 14+ messages in thread
* [bug#28170] Add gnutls/dane + use it where its needed (gnurl, libmicrohttpd, gnunet) 2017-09-30 12:43 ` Christopher Baines 2017-09-30 14:01 ` ng0 @ 2017-09-30 14:03 ` ng0 1 sibling, 0 replies; 14+ messages in thread From: ng0 @ 2017-09-30 14:03 UTC (permalink / raw) To: Christopher Baines; +Cc: 28170 [-- Attachment #1: Type: text/plain, Size: 2029 bytes --] Christopher Baines transcribed 2.8K bytes: > On Sat, 30 Sep 2017 12:23:09 +0000 > ng0 <ng0@infotropique.org> wrote: > > > Christopher Baines transcribed 2.1K bytes: > > > On Mon, 21 Aug 2017 09:57:26 +0000 > > > ng0 <ng0@infotropique.org> wrote: > > > > > > > The dependency chain of GNUnet demands GnuTLS with DANE support. > > > > You can use it without DANE, but there are certain parts which > > > > will not work. DANE is recommended. (ports of FREEBSD uses > > > > gnutls-dane for libmicrohttpd aswell for example). > > > > > > > From c9dedfd1a6f91d557006b00505a428be84102b1e Mon Sep 17 00:00:00 > > > > 2001 From: ng0 <ng0@infotropique.org> > > > > Date: Mon, 21 Aug 2017 09:28:51 +0000 > > > > Subject: [PATCH 1/4] gnu: gnutls: Add 'gnutls-dane'. > > > > > > > > * gnu/packages/tls.scm (gnutls/dane): New variable. > > > > > > Hey, so I'm trying to do some reviewing. > > > > > > What was your reasoning for creating a new gnutls/dane package, > > > rather than adding unbound to the existing gnutls package? > > > > > > I don't know much about GnuTLS, but it would be good to make it > > > clear why this approach was taken, especially in the commit message > > > and by the gnutls/dane package definition. > > > > Honestly, I did not want to touch the gnutls package for this. > > I wanted to leave the option open to have gnutls without dane. > > Sure, it's a useful feature. If you think I should apply it > > directly to gnutls, tell me and I'll send a new patch. > > I'm happy with that reason, if you could put that in the relevant > commit message, or in a comment by the gnutls/dane package definition > (or both), I'll check I can build all the changed packages, and push > if they all build for me. …and I need to send it again, there were some changes introduced which broke this package it seems. -- ng0 GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588 GnuPG: https://krosos.org/dist/keys/ https://www.infotropique.org https://krosos.org [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 833 bytes --] ^ permalink raw reply [flat|nested] 14+ messages in thread
end of thread, other threads:[~2017-10-01 9:53 UTC | newest] Thread overview: 14+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2017-08-21 9:57 [bug#28170] Add gnutls/dane + use it where its needed (gnurl, libmicrohttpd, gnunet) ng0 2017-09-30 11:26 ` Christopher Baines 2017-09-30 12:23 ` ng0 2017-09-30 12:43 ` Christopher Baines 2017-09-30 14:01 ` ng0 2017-09-30 14:12 ` ng0 2017-09-30 14:34 ` Christopher Baines 2017-09-30 14:56 ` ng0 2017-09-30 15:01 ` ng0 2017-09-30 16:05 ` Christopher Baines 2017-09-30 16:36 ` ng0 2017-09-30 17:38 ` Christopher Baines 2017-10-01 9:52 ` bug#28170: " Christopher Baines 2017-09-30 14:03 ` [bug#28170] " ng0
Code repositories for project(s) associated with this public inbox https://git.savannah.gnu.org/cgit/guix.git This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).