unofficial mirror of guix-patches@gnu.org 
 help / color / mirror / code / Atom feed
* [bug#28170] Add gnutls/dane + use it where its needed (gnurl, libmicrohttpd, gnunet)
@ 2017-08-21  9:57 ng0
  2017-09-30 11:26 ` Christopher Baines
  0 siblings, 1 reply; 14+ messages in thread
From: ng0 @ 2017-08-21  9:57 UTC (permalink / raw)
  To: 28170


[-- Attachment #1.1: Type: text/plain, Size: 492 bytes --]

The dependency chain of GNUnet demands GnuTLS with DANE support.
You can use it without DANE, but there are certain parts which
will not work. DANE is recommended. (ports of FREEBSD uses
gnutls-dane for libmicrohttpd aswell for example).

The attached patches:
- Add 'gnutls/dane'
- Use it in
  - libmicrohttpd
  - gnurl
  - gnunet
-- 
ng0
GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588
GnuPG: https://n0is.noblogs.org/my-keys
https://www.infotropique.org https://krosos.org

[-- Attachment #1.2: 0001-gnu-gnutls-Add-gnutls-dane.patch --]
[-- Type: text/plain, Size: 1883 bytes --]

From c9dedfd1a6f91d557006b00505a428be84102b1e Mon Sep 17 00:00:00 2001
From: ng0 <ng0@infotropique.org>
Date: Mon, 21 Aug 2017 09:28:51 +0000
Subject: [PATCH 1/4] gnu: gnutls: Add 'gnutls-dane'.

* gnu/packages/tls.scm (gnutls/dane): New variable.
---
 gnu/packages/tls.scm | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index 88c71a908..43c37690d 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -6,7 +6,7 @@
 ;;; Copyright © 2015 David Thompson <davet@gnu.org>
 ;;; Copyright © 2015, 2016, 2017 Leo Famulari <leo@famulari.name>
 ;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
-;;; Copyright © 2016, 2017 ng0 <contact.ng0@cryptolab.net>
+;;; Copyright © 2016, 2017 ng0 <ng0@infotropique.org>
 ;;; Copyright © 2016 Hartmut Goebel <h.goebel@crazy-compilers.com>
 ;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
 ;;;
@@ -36,6 +36,7 @@
   #:use-module (guix build-system cmake)
   #:use-module (gnu packages compression)
   #:use-module (gnu packages)
+  #:use-module (gnu packages dns)
   #:use-module (gnu packages guile)
   #:use-module (gnu packages libbsd)
   #:use-module (gnu packages libffi)
@@ -253,6 +254,17 @@ required structures.")
     (inputs `(("guile" ,guile-2.2)
               ,@(alist-delete "guile" (package-inputs gnutls))))))
 
+(define-public gnutls/dane
+  ;; GnuTLS with build libgnutls-dane, implementing DNS-based
+  ;; Authentication of Named Entities. This is required for GNS functionality
+  ;; by GNUnet and gnURL.
+  (package
+    (inherit gnutls)
+    (source (package-source gnutls-3.5.13))
+    (name "gnutls-dane")
+    (inputs `(("unbound" ,unbound)
+              ,@(package-inputs gnutls)))))
+
 (define-public openssl
   (package
    (name "openssl")
-- 
2.14.1


[-- Attachment #1.3: 0002-gnu-gnurl-Use-gnutls-dane-as-input.patch --]
[-- Type: text/plain, Size: 966 bytes --]

From 54bde59405ccae78aa48f9cdd325b3280178408e Mon Sep 17 00:00:00 2001
From: ng0 <ng0@infotropique.org>
Date: Mon, 21 Aug 2017 09:38:55 +0000
Subject: [PATCH 2/4] gnu: gnurl: Use 'gnutls/dane' as input.

GNUnet and its dependency chain needs GnuTLS with DANE support.

* gnu/packages/gnunet.scm (gnurl)[inputs]: Replace gnutls with 'gnutls/dane'.
---
 gnu/packages/gnunet.scm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gnu/packages/gnunet.scm b/gnu/packages/gnunet.scm
index 7ff1a3f6f..93aab2894 100644
--- a/gnu/packages/gnunet.scm
+++ b/gnu/packages/gnunet.scm
@@ -197,7 +197,7 @@ and support for SSL3 and TLS.")
    (build-system gnu-build-system)
    (outputs '("out"
               "doc"))                             ; 1.5 MiB of man3 pages
-   (inputs `(("gnutls" ,gnutls)
+   (inputs `(("gnutls" ,gnutls/dane)
              ("libidn" ,libidn)
              ("zlib" ,zlib)))
    (native-inputs
-- 
2.14.1


[-- Attachment #1.4: 0003-gnu-libmicrohttpd-Use-gnutls-dane-as-input.patch --]
[-- Type: text/plain, Size: 937 bytes --]

From 6bdd32e899d955cb14980cf98a645204247528c4 Mon Sep 17 00:00:00 2001
From: ng0 <ng0@infotropique.org>
Date: Mon, 21 Aug 2017 09:45:54 +0000
Subject: [PATCH 3/4] gnu: libmicrohttpd: Use 'gnutls/dane' as input.

GNUnet and its dependency chain needs GnuTLS with DANE support.

* gnu/packages/gnunet.scm (libmicrohttpd)[inputs]: Replace gnutls with 'gnutls/dane'.
---
 gnu/packages/gnunet.scm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gnu/packages/gnunet.scm b/gnu/packages/gnunet.scm
index 93aab2894..5d8d72fbb 100644
--- a/gnu/packages/gnunet.scm
+++ b/gnu/packages/gnunet.scm
@@ -155,7 +155,7 @@ tool to extract metadata from a file and print the results.")
    (build-system gnu-build-system)
    (inputs
     `(("curl" ,curl)
-      ("gnutls" ,gnutls)
+      ("gnutls" ,gnutls/dane)
       ("libgcrypt" ,libgcrypt)
       ("openssl" ,openssl)
       ("zlib" ,zlib)))
-- 
2.14.1


[-- Attachment #1.5: 0004-gnu-gnunet-Use-gnutls-dane-as-input.patch --]
[-- Type: text/plain, Size: 940 bytes --]

From 78ec8c48d225bddb51078b9ec57d6ff432598f53 Mon Sep 17 00:00:00 2001
From: ng0 <ng0@infotropique.org>
Date: Mon, 21 Aug 2017 09:48:32 +0000
Subject: [PATCH 4/4] gnu: gnunet: Use 'gnutls/dane' as input.

GNUnet and its dependency chain needs GnuTLS with DANE support.

* gnu/packages/gnunet.scm (gnunet)[inputs]: Replace gnutls with 'gnutls/dane'.
---
 gnu/packages/gnunet.scm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gnu/packages/gnunet.scm b/gnu/packages/gnunet.scm
index 5d8d72fbb..83b0ba613 100644
--- a/gnu/packages/gnunet.scm
+++ b/gnu/packages/gnunet.scm
@@ -277,7 +277,7 @@ supports HTTP, HTTPS and GnuTLS.")
       ("gnurl" ,gnurl)
       ("gstreamer" ,gstreamer)
       ("gst-plugins-base" ,gst-plugins-base)
-      ("gnutls" ,gnutls)
+      ("gnutls" ,gnutls/dane)
       ("libextractor" ,libextractor)
       ("libgcrypt" ,libgcrypt)
       ("libidn" ,libidn)
-- 
2.14.1


[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply related	[flat|nested] 14+ messages in thread

* [bug#28170] Add gnutls/dane + use it where its needed (gnurl, libmicrohttpd, gnunet)
  2017-08-21  9:57 [bug#28170] Add gnutls/dane + use it where its needed (gnurl, libmicrohttpd, gnunet) ng0
@ 2017-09-30 11:26 ` Christopher Baines
  2017-09-30 12:23   ` ng0
  0 siblings, 1 reply; 14+ messages in thread
From: Christopher Baines @ 2017-09-30 11:26 UTC (permalink / raw)
  To: ng0; +Cc: 28170

[-- Attachment #1: Type: text/plain, Size: 942 bytes --]

On Mon, 21 Aug 2017 09:57:26 +0000
ng0 <ng0@infotropique.org> wrote:

> The dependency chain of GNUnet demands GnuTLS with DANE support.
> You can use it without DANE, but there are certain parts which
> will not work. DANE is recommended. (ports of FREEBSD uses
> gnutls-dane for libmicrohttpd aswell for example).

> From c9dedfd1a6f91d557006b00505a428be84102b1e Mon Sep 17 00:00:00 2001
> From: ng0 <ng0@infotropique.org>
> Date: Mon, 21 Aug 2017 09:28:51 +0000
> Subject: [PATCH 1/4] gnu: gnutls: Add 'gnutls-dane'.
> 
> * gnu/packages/tls.scm (gnutls/dane): New variable.

Hey, so I'm trying to do some reviewing.

What was your reasoning for creating a new gnutls/dane package, rather
than adding unbound to the existing gnutls package?

I don't know much about GnuTLS, but it would be good to make it clear
why this approach was taken, especially in the commit message and by
the gnutls/dane package definition.

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 963 bytes --]

^ permalink raw reply	[flat|nested] 14+ messages in thread

* [bug#28170] Add gnutls/dane + use it where its needed (gnurl, libmicrohttpd, gnunet)
  2017-09-30 11:26 ` Christopher Baines
@ 2017-09-30 12:23   ` ng0
  2017-09-30 12:43     ` Christopher Baines
  0 siblings, 1 reply; 14+ messages in thread
From: ng0 @ 2017-09-30 12:23 UTC (permalink / raw)
  To: Christopher Baines; +Cc: 28170

[-- Attachment #1: Type: text/plain, Size: 1425 bytes --]

Christopher Baines transcribed 2.1K bytes:
> On Mon, 21 Aug 2017 09:57:26 +0000
> ng0 <ng0@infotropique.org> wrote:
> 
> > The dependency chain of GNUnet demands GnuTLS with DANE support.
> > You can use it without DANE, but there are certain parts which
> > will not work. DANE is recommended. (ports of FREEBSD uses
> > gnutls-dane for libmicrohttpd aswell for example).
> 
> > From c9dedfd1a6f91d557006b00505a428be84102b1e Mon Sep 17 00:00:00 2001
> > From: ng0 <ng0@infotropique.org>
> > Date: Mon, 21 Aug 2017 09:28:51 +0000
> > Subject: [PATCH 1/4] gnu: gnutls: Add 'gnutls-dane'.
> > 
> > * gnu/packages/tls.scm (gnutls/dane): New variable.
> 
> Hey, so I'm trying to do some reviewing.
> 
> What was your reasoning for creating a new gnutls/dane package, rather
> than adding unbound to the existing gnutls package?
> 
> I don't know much about GnuTLS, but it would be good to make it clear
> why this approach was taken, especially in the commit message and by
> the gnutls/dane package definition.

Honestly, I did not want to touch the gnutls package for this.
I wanted to leave the option open to have gnutls without dane.
Sure, it's a useful feature. If you think I should apply it
directly to gnutls, tell me and I'll send a new patch.
-- 
ng0
GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588
GnuPG: https://krosos.org/dist/keys/
https://www.infotropique.org https://krosos.org

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 14+ messages in thread

* [bug#28170] Add gnutls/dane + use it where its needed (gnurl, libmicrohttpd, gnunet)
  2017-09-30 12:23   ` ng0
@ 2017-09-30 12:43     ` Christopher Baines
  2017-09-30 14:01       ` ng0
  2017-09-30 14:03       ` [bug#28170] " ng0
  0 siblings, 2 replies; 14+ messages in thread
From: Christopher Baines @ 2017-09-30 12:43 UTC (permalink / raw)
  To: ng0; +Cc: 28170

[-- Attachment #1: Type: text/plain, Size: 1657 bytes --]

On Sat, 30 Sep 2017 12:23:09 +0000
ng0 <ng0@infotropique.org> wrote:

> Christopher Baines transcribed 2.1K bytes:
> > On Mon, 21 Aug 2017 09:57:26 +0000
> > ng0 <ng0@infotropique.org> wrote:
> >   
> > > The dependency chain of GNUnet demands GnuTLS with DANE support.
> > > You can use it without DANE, but there are certain parts which
> > > will not work. DANE is recommended. (ports of FREEBSD uses
> > > gnutls-dane for libmicrohttpd aswell for example).  
> >   
> > > From c9dedfd1a6f91d557006b00505a428be84102b1e Mon Sep 17 00:00:00
> > > 2001 From: ng0 <ng0@infotropique.org>
> > > Date: Mon, 21 Aug 2017 09:28:51 +0000
> > > Subject: [PATCH 1/4] gnu: gnutls: Add 'gnutls-dane'.
> > > 
> > > * gnu/packages/tls.scm (gnutls/dane): New variable.  
> > 
> > Hey, so I'm trying to do some reviewing.
> > 
> > What was your reasoning for creating a new gnutls/dane package,
> > rather than adding unbound to the existing gnutls package?
> > 
> > I don't know much about GnuTLS, but it would be good to make it
> > clear why this approach was taken, especially in the commit message
> > and by the gnutls/dane package definition.  
> 
> Honestly, I did not want to touch the gnutls package for this.
> I wanted to leave the option open to have gnutls without dane.
> Sure, it's a useful feature. If you think I should apply it
> directly to gnutls, tell me and I'll send a new patch.

I'm happy with that reason, if you could put that in the relevant
commit message, or in a comment by the gnutls/dane package definition
(or both), I'll check I can build all the changed packages, and push
if they all build for me.

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 963 bytes --]

^ permalink raw reply	[flat|nested] 14+ messages in thread

* [bug#28170] Add gnutls/dane + use it where its needed (gnurl, libmicrohttpd, gnunet)
  2017-09-30 12:43     ` Christopher Baines
@ 2017-09-30 14:01       ` ng0
  2017-09-30 14:12         ` ng0
  2017-09-30 14:03       ` [bug#28170] " ng0
  1 sibling, 1 reply; 14+ messages in thread
From: ng0 @ 2017-09-30 14:01 UTC (permalink / raw)
  To: Christopher Baines; +Cc: 28170


[-- Attachment #1.1: Type: text/plain, Size: 1942 bytes --]

Christopher Baines transcribed 2.8K bytes:
> On Sat, 30 Sep 2017 12:23:09 +0000
> ng0 <ng0@infotropique.org> wrote:
> 
> > Christopher Baines transcribed 2.1K bytes:
> > > On Mon, 21 Aug 2017 09:57:26 +0000
> > > ng0 <ng0@infotropique.org> wrote:
> > >   
> > > > The dependency chain of GNUnet demands GnuTLS with DANE support.
> > > > You can use it without DANE, but there are certain parts which
> > > > will not work. DANE is recommended. (ports of FREEBSD uses
> > > > gnutls-dane for libmicrohttpd aswell for example).  
> > >   
> > > > From c9dedfd1a6f91d557006b00505a428be84102b1e Mon Sep 17 00:00:00
> > > > 2001 From: ng0 <ng0@infotropique.org>
> > > > Date: Mon, 21 Aug 2017 09:28:51 +0000
> > > > Subject: [PATCH 1/4] gnu: gnutls: Add 'gnutls-dane'.
> > > > 
> > > > * gnu/packages/tls.scm (gnutls/dane): New variable.  
> > > 
> > > Hey, so I'm trying to do some reviewing.
> > > 
> > > What was your reasoning for creating a new gnutls/dane package,
> > > rather than adding unbound to the existing gnutls package?
> > > 
> > > I don't know much about GnuTLS, but it would be good to make it
> > > clear why this approach was taken, especially in the commit message
> > > and by the gnutls/dane package definition.  
> > 
> > Honestly, I did not want to touch the gnutls package for this.
> > I wanted to leave the option open to have gnutls without dane.
> > Sure, it's a useful feature. If you think I should apply it
> > directly to gnutls, tell me and I'll send a new patch.
> 
> I'm happy with that reason, if you could put that in the relevant
> commit message, or in a comment by the gnutls/dane package definition
> (or both), I'll check I can build all the changed packages, and push
> if they all build for me.

Okay. Appended.

-- 
ng0
GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588
GnuPG: https://krosos.org/dist/keys/
https://www.infotropique.org https://krosos.org

[-- Attachment #1.2: 0001-gnu-gnutls-Add-gnutls-dane.patch --]
[-- Type: text/plain, Size: 2053 bytes --]

From 2a56a48f36484c8f5b3f7ef70e51e9b40604c071 Mon Sep 17 00:00:00 2001
From: ng0 <ng0@infotropique.org>
Date: Mon, 21 Aug 2017 09:28:51 +0000
Subject: [PATCH 1/4] gnu: gnutls: Add 'gnutls-dane'.

* gnu/packages/tls.scm (gnutls/dane): New variable.
---
 gnu/packages/tls.scm | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index 3251c102b..445f4ba83 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -6,7 +6,7 @@
 ;;; Copyright © 2015 David Thompson <davet@gnu.org>
 ;;; Copyright © 2015, 2016, 2017 Leo Famulari <leo@famulari.name>
 ;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
-;;; Copyright © 2016, 2017 ng0 <contact.ng0@cryptolab.net>
+;;; Copyright © 2016, 2017 ng0 <ng0@infotropique.org>
 ;;; Copyright © 2016 Hartmut Goebel <h.goebel@crazy-compilers.com>
 ;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
@@ -37,6 +37,7 @@
   #:use-module (guix build-system cmake)
   #:use-module (gnu packages compression)
   #:use-module (gnu packages)
+  #:use-module (gnu packages dns)
   #:use-module (gnu packages guile)
   #:use-module (gnu packages libbsd)
   #:use-module (gnu packages libffi)
@@ -229,6 +230,18 @@ required structures.")
     (inputs `(("guile" ,guile-2.0)
               ,@(alist-delete "guile" (package-inputs gnutls))))))
 
+(define-public gnutls/dane
+  ;; GnuTLS with build libgnutls-dane, implementing DNS-based
+  ;; Authentication of Named Entities.  This is required for GNS functionality
+  ;; by GNUnet and gnURL.  This is done in an extra package definition
+  ;; to have the choice between GnuTLS with Dane and without Dane.
+  (package
+    (inherit gnutls)
+    (source (package-source gnutls-3.5.13))
+    (name "gnutls-dane")
+    (inputs `(("unbound" ,unbound)
+              ,@(package-inputs gnutls)))))
+
 (define-public openssl
   (package
    (name "openssl")
-- 
2.14.2


[-- Attachment #1.3: 0002-gnu-gnurl-Use-gnutls-dane-as-input.patch --]
[-- Type: text/plain, Size: 966 bytes --]

From 60b4b4a90cbcfa5d7f8702c3341714f5a0dceade Mon Sep 17 00:00:00 2001
From: ng0 <ng0@infotropique.org>
Date: Mon, 21 Aug 2017 09:38:55 +0000
Subject: [PATCH 2/4] gnu: gnurl: Use 'gnutls/dane' as input.

GNUnet and its dependency chain needs GnuTLS with DANE support.

* gnu/packages/gnunet.scm (gnurl)[inputs]: Replace gnutls with 'gnutls/dane'.
---
 gnu/packages/gnunet.scm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gnu/packages/gnunet.scm b/gnu/packages/gnunet.scm
index 82702e4e8..bb434c9ec 100644
--- a/gnu/packages/gnunet.scm
+++ b/gnu/packages/gnunet.scm
@@ -197,7 +197,7 @@ and support for SSL3 and TLS.")
    (build-system gnu-build-system)
    (outputs '("out"
               "doc"))                             ; 1.5 MiB of man3 pages
-   (inputs `(("gnutls" ,gnutls)
+   (inputs `(("gnutls" ,gnutls/dane)
              ("libidn" ,libidn)
              ("zlib" ,zlib)))
    (native-inputs
-- 
2.14.2


[-- Attachment #1.4: 0003-gnu-libmicrohttpd-Use-gnutls-dane-as-input.patch --]
[-- Type: text/plain, Size: 937 bytes --]

From 987534a31c304bf6bfb200268f4c3b86fecb024e Mon Sep 17 00:00:00 2001
From: ng0 <ng0@infotropique.org>
Date: Mon, 21 Aug 2017 09:45:54 +0000
Subject: [PATCH 3/4] gnu: libmicrohttpd: Use 'gnutls/dane' as input.

GNUnet and its dependency chain needs GnuTLS with DANE support.

* gnu/packages/gnunet.scm (libmicrohttpd)[inputs]: Replace gnutls with 'gnutls/dane'.
---
 gnu/packages/gnunet.scm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gnu/packages/gnunet.scm b/gnu/packages/gnunet.scm
index bb434c9ec..98574994a 100644
--- a/gnu/packages/gnunet.scm
+++ b/gnu/packages/gnunet.scm
@@ -155,7 +155,7 @@ tool to extract metadata from a file and print the results.")
    (build-system gnu-build-system)
    (inputs
     `(("curl" ,curl)
-      ("gnutls" ,gnutls)
+      ("gnutls" ,gnutls/dane)
       ("libgcrypt" ,libgcrypt)
       ("openssl" ,openssl)
       ("zlib" ,zlib)))
-- 
2.14.2


[-- Attachment #1.5: 0004-gnu-gnunet-Use-gnutls-dane-as-input.patch --]
[-- Type: text/plain, Size: 940 bytes --]

From a8fcb786f2ca89f65fd24c1d038c957f880a5ef5 Mon Sep 17 00:00:00 2001
From: ng0 <ng0@infotropique.org>
Date: Mon, 21 Aug 2017 09:48:32 +0000
Subject: [PATCH 4/4] gnu: gnunet: Use 'gnutls/dane' as input.

GNUnet and its dependency chain needs GnuTLS with DANE support.

* gnu/packages/gnunet.scm (gnunet)[inputs]: Replace gnutls with 'gnutls/dane'.
---
 gnu/packages/gnunet.scm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gnu/packages/gnunet.scm b/gnu/packages/gnunet.scm
index 98574994a..9a2713e66 100644
--- a/gnu/packages/gnunet.scm
+++ b/gnu/packages/gnunet.scm
@@ -271,7 +271,7 @@ supports HTTP, HTTPS and GnuTLS.")
       ("gnurl" ,gnurl)
       ("gstreamer" ,gstreamer)
       ("gst-plugins-base" ,gst-plugins-base)
-      ("gnutls" ,gnutls)
+      ("gnutls" ,gnutls/dane)
       ("libextractor" ,libextractor)
       ("libgcrypt" ,libgcrypt)
       ("libidn" ,libidn)
-- 
2.14.2


[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply related	[flat|nested] 14+ messages in thread

* [bug#28170] Add gnutls/dane + use it where its needed (gnurl, libmicrohttpd, gnunet)
  2017-09-30 12:43     ` Christopher Baines
  2017-09-30 14:01       ` ng0
@ 2017-09-30 14:03       ` ng0
  1 sibling, 0 replies; 14+ messages in thread
From: ng0 @ 2017-09-30 14:03 UTC (permalink / raw)
  To: Christopher Baines; +Cc: 28170

[-- Attachment #1: Type: text/plain, Size: 2029 bytes --]

Christopher Baines transcribed 2.8K bytes:
> On Sat, 30 Sep 2017 12:23:09 +0000
> ng0 <ng0@infotropique.org> wrote:
> 
> > Christopher Baines transcribed 2.1K bytes:
> > > On Mon, 21 Aug 2017 09:57:26 +0000
> > > ng0 <ng0@infotropique.org> wrote:
> > >   
> > > > The dependency chain of GNUnet demands GnuTLS with DANE support.
> > > > You can use it without DANE, but there are certain parts which
> > > > will not work. DANE is recommended. (ports of FREEBSD uses
> > > > gnutls-dane for libmicrohttpd aswell for example).  
> > >   
> > > > From c9dedfd1a6f91d557006b00505a428be84102b1e Mon Sep 17 00:00:00
> > > > 2001 From: ng0 <ng0@infotropique.org>
> > > > Date: Mon, 21 Aug 2017 09:28:51 +0000
> > > > Subject: [PATCH 1/4] gnu: gnutls: Add 'gnutls-dane'.
> > > > 
> > > > * gnu/packages/tls.scm (gnutls/dane): New variable.  
> > > 
> > > Hey, so I'm trying to do some reviewing.
> > > 
> > > What was your reasoning for creating a new gnutls/dane package,
> > > rather than adding unbound to the existing gnutls package?
> > > 
> > > I don't know much about GnuTLS, but it would be good to make it
> > > clear why this approach was taken, especially in the commit message
> > > and by the gnutls/dane package definition.  
> > 
> > Honestly, I did not want to touch the gnutls package for this.
> > I wanted to leave the option open to have gnutls without dane.
> > Sure, it's a useful feature. If you think I should apply it
> > directly to gnutls, tell me and I'll send a new patch.
> 
> I'm happy with that reason, if you could put that in the relevant
> commit message, or in a comment by the gnutls/dane package definition
> (or both), I'll check I can build all the changed packages, and push
> if they all build for me.


…and I need to send it again, there were some changes introduced which
broke this package it seems.
-- 
ng0
GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588
GnuPG: https://krosos.org/dist/keys/
https://www.infotropique.org https://krosos.org

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 14+ messages in thread

* [bug#28170] Add gnutls/dane + use it where its needed (gnurl, libmicrohttpd, gnunet)
  2017-09-30 14:01       ` ng0
@ 2017-09-30 14:12         ` ng0
  2017-09-30 14:34           ` Christopher Baines
  0 siblings, 1 reply; 14+ messages in thread
From: ng0 @ 2017-09-30 14:12 UTC (permalink / raw)
  To: Christopher Baines; +Cc: 28170


[-- Attachment #1.1: Type: text/plain, Size: 234 bytes --]

The fix in this version is to only add the necessary input
to the inherited gnutls.

-- 
ng0
GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588
GnuPG: https://krosos.org/dist/keys/
https://www.infotropique.org https://krosos.org

[-- Attachment #1.2: 0001-gnu-gnutls-Add-gnutls-dane.patch --]
[-- Type: text/plain, Size: 2006 bytes --]

From 8f986b5b4cc2302420aa825491e0a05e905b6247 Mon Sep 17 00:00:00 2001
From: ng0 <ng0@infotropique.org>
Date: Mon, 21 Aug 2017 09:28:51 +0000
Subject: [PATCH 1/4] gnu: gnutls: Add 'gnutls-dane'.

* gnu/packages/tls.scm (gnutls/dane): New variable.
---
 gnu/packages/tls.scm | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index 3251c102b..0e59d7df1 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -6,7 +6,7 @@
 ;;; Copyright © 2015 David Thompson <davet@gnu.org>
 ;;; Copyright © 2015, 2016, 2017 Leo Famulari <leo@famulari.name>
 ;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
-;;; Copyright © 2016, 2017 ng0 <contact.ng0@cryptolab.net>
+;;; Copyright © 2016, 2017 ng0 <ng0@infotropique.org>
 ;;; Copyright © 2016 Hartmut Goebel <h.goebel@crazy-compilers.com>
 ;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
@@ -37,6 +37,7 @@
   #:use-module (guix build-system cmake)
   #:use-module (gnu packages compression)
   #:use-module (gnu packages)
+  #:use-module (gnu packages dns)
   #:use-module (gnu packages guile)
   #:use-module (gnu packages libbsd)
   #:use-module (gnu packages libffi)
@@ -229,6 +230,17 @@ required structures.")
     (inputs `(("guile" ,guile-2.0)
               ,@(alist-delete "guile" (package-inputs gnutls))))))
 
+(define-public gnutls/dane
+  ;; GnuTLS with build libgnutls-dane, implementing DNS-based
+  ;; Authentication of Named Entities.  This is required for GNS functionality
+  ;; by GNUnet and gnURL.  This is done in an extra package definition
+  ;; to have the choice between GnuTLS with Dane and without Dane.
+  (package
+    (inherit gnutls)
+    (name "gnutls-dane")
+    (inputs `(("unbound" ,unbound)
+              ,@(package-inputs gnutls)))))
+
 (define-public openssl
   (package
    (name "openssl")
-- 
2.14.2


[-- Attachment #1.3: 0002-gnu-gnurl-Use-gnutls-dane-as-input.patch --]
[-- Type: text/plain, Size: 966 bytes --]

From 1a5651a3babdc5d62b3a6ed8c94aec1a3fc51892 Mon Sep 17 00:00:00 2001
From: ng0 <ng0@infotropique.org>
Date: Mon, 21 Aug 2017 09:38:55 +0000
Subject: [PATCH 2/4] gnu: gnurl: Use 'gnutls/dane' as input.

GNUnet and its dependency chain needs GnuTLS with DANE support.

* gnu/packages/gnunet.scm (gnurl)[inputs]: Replace gnutls with 'gnutls/dane'.
---
 gnu/packages/gnunet.scm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gnu/packages/gnunet.scm b/gnu/packages/gnunet.scm
index 82702e4e8..bb434c9ec 100644
--- a/gnu/packages/gnunet.scm
+++ b/gnu/packages/gnunet.scm
@@ -197,7 +197,7 @@ and support for SSL3 and TLS.")
    (build-system gnu-build-system)
    (outputs '("out"
               "doc"))                             ; 1.5 MiB of man3 pages
-   (inputs `(("gnutls" ,gnutls)
+   (inputs `(("gnutls" ,gnutls/dane)
              ("libidn" ,libidn)
              ("zlib" ,zlib)))
    (native-inputs
-- 
2.14.2


[-- Attachment #1.4: 0003-gnu-libmicrohttpd-Use-gnutls-dane-as-input.patch --]
[-- Type: text/plain, Size: 937 bytes --]

From 7fd53bf4f29120a5a4a4e22b2363f16b7dd86191 Mon Sep 17 00:00:00 2001
From: ng0 <ng0@infotropique.org>
Date: Mon, 21 Aug 2017 09:45:54 +0000
Subject: [PATCH 3/4] gnu: libmicrohttpd: Use 'gnutls/dane' as input.

GNUnet and its dependency chain needs GnuTLS with DANE support.

* gnu/packages/gnunet.scm (libmicrohttpd)[inputs]: Replace gnutls with 'gnutls/dane'.
---
 gnu/packages/gnunet.scm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gnu/packages/gnunet.scm b/gnu/packages/gnunet.scm
index bb434c9ec..98574994a 100644
--- a/gnu/packages/gnunet.scm
+++ b/gnu/packages/gnunet.scm
@@ -155,7 +155,7 @@ tool to extract metadata from a file and print the results.")
    (build-system gnu-build-system)
    (inputs
     `(("curl" ,curl)
-      ("gnutls" ,gnutls)
+      ("gnutls" ,gnutls/dane)
       ("libgcrypt" ,libgcrypt)
       ("openssl" ,openssl)
       ("zlib" ,zlib)))
-- 
2.14.2


[-- Attachment #1.5: 0004-gnu-gnunet-Use-gnutls-dane-as-input.patch --]
[-- Type: text/plain, Size: 940 bytes --]

From c9738fff0e82937e8f4483b98baf06b45968ff47 Mon Sep 17 00:00:00 2001
From: ng0 <ng0@infotropique.org>
Date: Mon, 21 Aug 2017 09:48:32 +0000
Subject: [PATCH 4/4] gnu: gnunet: Use 'gnutls/dane' as input.

GNUnet and its dependency chain needs GnuTLS with DANE support.

* gnu/packages/gnunet.scm (gnunet)[inputs]: Replace gnutls with 'gnutls/dane'.
---
 gnu/packages/gnunet.scm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gnu/packages/gnunet.scm b/gnu/packages/gnunet.scm
index 98574994a..9a2713e66 100644
--- a/gnu/packages/gnunet.scm
+++ b/gnu/packages/gnunet.scm
@@ -271,7 +271,7 @@ supports HTTP, HTTPS and GnuTLS.")
       ("gnurl" ,gnurl)
       ("gstreamer" ,gstreamer)
       ("gst-plugins-base" ,gst-plugins-base)
-      ("gnutls" ,gnutls)
+      ("gnutls" ,gnutls/dane)
       ("libextractor" ,libextractor)
       ("libgcrypt" ,libgcrypt)
       ("libidn" ,libidn)
-- 
2.14.2


[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply related	[flat|nested] 14+ messages in thread

* [bug#28170] Add gnutls/dane + use it where its needed (gnurl, libmicrohttpd, gnunet)
  2017-09-30 14:12         ` ng0
@ 2017-09-30 14:34           ` Christopher Baines
  2017-09-30 14:56             ` ng0
  0 siblings, 1 reply; 14+ messages in thread
From: Christopher Baines @ 2017-09-30 14:34 UTC (permalink / raw)
  To: ng0; +Cc: 28170

[-- Attachment #1: Type: text/plain, Size: 516 bytes --]

On Sat, 30 Sep 2017 14:12:55 +0000
ng0 <ng0@infotropique.org> wrote:

> The fix in this version is to only add the necessary input
> to the inherited gnutls.

Ok. One hopefully final thing. From the commit message [1], it's not
clear to me if this is fixing an issue with the GNUnet package, by
providing it with the right dependencies, or, adding additional
functionality to the GNUnet package, by providing a more capable GnuTLS?

1: "GNUnet and its dependency chain needs GnuTLS with DANE support."


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 963 bytes --]

^ permalink raw reply	[flat|nested] 14+ messages in thread

* [bug#28170] Add gnutls/dane + use it where its needed (gnurl, libmicrohttpd, gnunet)
  2017-09-30 14:34           ` Christopher Baines
@ 2017-09-30 14:56             ` ng0
  2017-09-30 15:01               ` ng0
  0 siblings, 1 reply; 14+ messages in thread
From: ng0 @ 2017-09-30 14:56 UTC (permalink / raw)
  To: Christopher Baines; +Cc: 28170

[-- Attachment #1: Type: text/plain, Size: 1101 bytes --]

Christopher Baines transcribed 1.7K bytes:
> On Sat, 30 Sep 2017 14:12:55 +0000
> ng0 <ng0@infotropique.org> wrote:
> 
> > The fix in this version is to only add the necessary input
> > to the inherited gnutls.
> 
> Ok. One hopefully final thing. From the commit message [1], it's not
> clear to me if this is fixing an issue with the GNUnet package, by
> providing it with the right dependencies, or, adding additional
> functionality to the GNUnet package, by providing a more capable GnuTLS?
> 
> 1: "GNUnet and its dependency chain needs GnuTLS with DANE support."
> 
It provides the right GnuTLS to GNUnet, libmicrohttpd and gnURL.
Certain features of these applications will not work without it.
GnuTLS without Dane is not fatal error for these packages, but
Dane is recommended.
I have no idea how I should put this into the very strict dictionary
we have in commit messages… In more free-form it would be no problem
for me.
-- 
ng0
GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588
GnuPG: https://krosos.org/dist/keys/
https://www.infotropique.org https://krosos.org

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 14+ messages in thread

* [bug#28170] Add gnutls/dane + use it where its needed (gnurl, libmicrohttpd, gnunet)
  2017-09-30 14:56             ` ng0
@ 2017-09-30 15:01               ` ng0
  2017-09-30 16:05                 ` Christopher Baines
  0 siblings, 1 reply; 14+ messages in thread
From: ng0 @ 2017-09-30 15:01 UTC (permalink / raw)
  To: Christopher Baines; +Cc: 28170

[-- Attachment #1: Type: text/plain, Size: 1500 bytes --]

ng0 transcribed 2.1K bytes:
> Christopher Baines transcribed 1.7K bytes:
> > On Sat, 30 Sep 2017 14:12:55 +0000
> > ng0 <ng0@infotropique.org> wrote:
> > 
> > > The fix in this version is to only add the necessary input
> > > to the inherited gnutls.
> > 
> > Ok. One hopefully final thing. From the commit message [1], it's not
> > clear to me if this is fixing an issue with the GNUnet package, by
> > providing it with the right dependencies, or, adding additional
> > functionality to the GNUnet package, by providing a more capable GnuTLS?
> > 
> > 1: "GNUnet and its dependency chain needs GnuTLS with DANE support."
> > 
> It provides the right GnuTLS to GNUnet, libmicrohttpd and gnURL.
> Certain features of these applications will not work without it.
> GnuTLS without Dane is not fatal error for these packages, but
> Dane is recommended.
> I have no idea how I should put this into the very strict dictionary
> we have in commit messages… In more free-form it would be no problem
> for me.
> -- 
> ng0
> GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588
> GnuPG: https://krosos.org/dist/keys/
> https://www.infotropique.org https://krosos.org

Okay, I now see what you mean.

To make it short: the correct dependency is provided in place
of the current working-but-not-correct GnuTLS.

Is that more clear?

-- 
ng0
GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588
GnuPG: https://krosos.org/dist/keys/
https://www.infotropique.org https://krosos.org

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 14+ messages in thread

* [bug#28170] Add gnutls/dane + use it where its needed (gnurl, libmicrohttpd, gnunet)
  2017-09-30 15:01               ` ng0
@ 2017-09-30 16:05                 ` Christopher Baines
  2017-09-30 16:36                   ` ng0
  0 siblings, 1 reply; 14+ messages in thread
From: Christopher Baines @ 2017-09-30 16:05 UTC (permalink / raw)
  To: ng0; +Cc: 28170

[-- Attachment #1: Type: text/plain, Size: 2481 bytes --]

On Sat, 30 Sep 2017 15:01:52 +0000
ng0 <ng0@infotropique.org> wrote:

> ng0 transcribed 2.1K bytes:
> > Christopher Baines transcribed 1.7K bytes:  
> > > On Sat, 30 Sep 2017 14:12:55 +0000
> > > ng0 <ng0@infotropique.org> wrote:
> > >   
> > > > The fix in this version is to only add the necessary input
> > > > to the inherited gnutls.  
> > > 
> > > Ok. One hopefully final thing. From the commit message [1], it's
> > > not clear to me if this is fixing an issue with the GNUnet
> > > package, by providing it with the right dependencies, or, adding
> > > additional functionality to the GNUnet package, by providing a
> > > more capable GnuTLS?
> > > 
> > > 1: "GNUnet and its dependency chain needs GnuTLS with DANE
> > > support." 
> > It provides the right GnuTLS to GNUnet, libmicrohttpd and gnURL.
> > Certain features of these applications will not work without it.
> > GnuTLS without Dane is not fatal error for these packages, but
> > Dane is recommended.
> > I have no idea how I should put this into the very strict dictionary
> > we have in commit messages… In more free-form it would be no problem
> > for me.
> > -- 
> > ng0
> > GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588
> > GnuPG: https://krosos.org/dist/keys/
> > https://www.infotropique.org https://krosos.org  
> 
> Okay, I now see what you mean.
> 
> To make it short: the correct dependency is provided in place
> of the current working-but-not-correct GnuTLS.
> 
> Is that more clear?

I think you've made it clear to me now.

From what you're saying, I think its the 2nd thing I said. Making this
change will enable some functionality in the GNUnet package (and
possibly some of the other packages changed).

I'm not sure using the word "correct" helps, unless you say what the
dependencies are correct/incorrect with respect to, for example, if the
GNUnet documentation says that it should be built with GnuTLS with Dane
support, then that would be a reason to talk about correctness.

As for the commit format. As I understand the conventions, you can put
anything in between the first line, and the changelog at the bottom.
For example, one case where I ended up writing quite a bit is here [1].

It doesn't have to be very specific, but something about the intent or
intended effect of the change in each commit would be very useful.

1:
http://git.savannah.gnu.org/cgit/guix.git/commit/?id=6230e155afd8c43c12ee3f03032aac34433db11a

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 963 bytes --]

^ permalink raw reply	[flat|nested] 14+ messages in thread

* [bug#28170] Add gnutls/dane + use it where its needed (gnurl, libmicrohttpd, gnunet)
  2017-09-30 16:05                 ` Christopher Baines
@ 2017-09-30 16:36                   ` ng0
  2017-09-30 17:38                     ` Christopher Baines
  2017-10-01  9:52                     ` bug#28170: " Christopher Baines
  0 siblings, 2 replies; 14+ messages in thread
From: ng0 @ 2017-09-30 16:36 UTC (permalink / raw)
  To: Christopher Baines; +Cc: 28170


[-- Attachment #1.1: Type: text/plain, Size: 3278 bytes --]

Christopher Baines transcribed 3.6K bytes:
> On Sat, 30 Sep 2017 15:01:52 +0000
> ng0 <ng0@infotropique.org> wrote:
> 
> > ng0 transcribed 2.1K bytes:
> > > Christopher Baines transcribed 1.7K bytes:  
> > > > On Sat, 30 Sep 2017 14:12:55 +0000
> > > > ng0 <ng0@infotropique.org> wrote:
> > > >   
> > > > > The fix in this version is to only add the necessary input
> > > > > to the inherited gnutls.  
> > > > 
> > > > Ok. One hopefully final thing. From the commit message [1], it's
> > > > not clear to me if this is fixing an issue with the GNUnet
> > > > package, by providing it with the right dependencies, or, adding
> > > > additional functionality to the GNUnet package, by providing a
> > > > more capable GnuTLS?
> > > > 
> > > > 1: "GNUnet and its dependency chain needs GnuTLS with DANE
> > > > support." 
> > > It provides the right GnuTLS to GNUnet, libmicrohttpd and gnURL.
> > > Certain features of these applications will not work without it.
> > > GnuTLS without Dane is not fatal error for these packages, but
> > > Dane is recommended.
> > > I have no idea how I should put this into the very strict dictionary
> > > we have in commit messages… In more free-form it would be no problem
> > > for me.
> > > -- 
> > > ng0
> > > GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588
> > > GnuPG: https://krosos.org/dist/keys/
> > > https://www.infotropique.org https://krosos.org  
> > 
> > Okay, I now see what you mean.
> > 
> > To make it short: the correct dependency is provided in place
> > of the current working-but-not-correct GnuTLS.
> > 
> > Is that more clear?
> 
> I think you've made it clear to me now.
> 
> From what you're saying, I think its the 2nd thing I said. Making this
> change will enable some functionality in the GNUnet package (and
> possibly some of the other packages changed).
> 
> I'm not sure using the word "correct" helps, unless you say what the
> dependencies are correct/incorrect with respect to, for example, if the
> GNUnet documentation says that it should be built with GnuTLS with Dane
> support, then that would be a reason to talk about correctness.

Yes it does state this, in the documentation and all these applications
list the dependency in README aswell.
This is why I thought the original, first version, comment I made in
gnutls/dane was enough. But I'll have to be more clear then.
Well if gnURL doesn't state it in its README I have to add it, if it's
not in there it's my mistake - it's correct nevertheless.

> As for the commit format. As I understand the conventions, you can put
> anything in between the first line, and the changelog at the bottom.
> For example, one case where I ended up writing quite a bit is here [1].
> 
> It doesn't have to be very specific, but something about the intent or
> intended effect of the change in each commit would be very useful.
> 
> 1:
> http://git.savannah.gnu.org/cgit/guix.git/commit/?id=6230e155afd8c43c12ee3f03032aac34433db11a

Okay, thanks. I will change the commit messages and
reference our (GNUnet) README and documentation sections.
-- 
ng0
GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588
GnuPG: https://krosos.org/dist/keys/
https://www.infotropique.org https://krosos.org

[-- Attachment #1.2: 0001-gnu-gnutls-Add-gnutls-dane.patch --]
[-- Type: text/plain, Size: 2006 bytes --]

From d110c5792959ba62ae3df4435e25d5c95bd60fa8 Mon Sep 17 00:00:00 2001
From: ng0 <ng0@infotropique.org>
Date: Mon, 21 Aug 2017 09:28:51 +0000
Subject: [PATCH 1/4] gnu: gnutls: Add 'gnutls-dane'.

* gnu/packages/tls.scm (gnutls/dane): New variable.
---
 gnu/packages/tls.scm | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index 3251c102b..0e59d7df1 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -6,7 +6,7 @@
 ;;; Copyright © 2015 David Thompson <davet@gnu.org>
 ;;; Copyright © 2015, 2016, 2017 Leo Famulari <leo@famulari.name>
 ;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
-;;; Copyright © 2016, 2017 ng0 <contact.ng0@cryptolab.net>
+;;; Copyright © 2016, 2017 ng0 <ng0@infotropique.org>
 ;;; Copyright © 2016 Hartmut Goebel <h.goebel@crazy-compilers.com>
 ;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
@@ -37,6 +37,7 @@
   #:use-module (guix build-system cmake)
   #:use-module (gnu packages compression)
   #:use-module (gnu packages)
+  #:use-module (gnu packages dns)
   #:use-module (gnu packages guile)
   #:use-module (gnu packages libbsd)
   #:use-module (gnu packages libffi)
@@ -229,6 +230,17 @@ required structures.")
     (inputs `(("guile" ,guile-2.0)
               ,@(alist-delete "guile" (package-inputs gnutls))))))
 
+(define-public gnutls/dane
+  ;; GnuTLS with build libgnutls-dane, implementing DNS-based
+  ;; Authentication of Named Entities.  This is required for GNS functionality
+  ;; by GNUnet and gnURL.  This is done in an extra package definition
+  ;; to have the choice between GnuTLS with Dane and without Dane.
+  (package
+    (inherit gnutls)
+    (name "gnutls-dane")
+    (inputs `(("unbound" ,unbound)
+              ,@(package-inputs gnutls)))))
+
 (define-public openssl
   (package
    (name "openssl")
-- 
2.14.2


[-- Attachment #1.3: 0002-gnu-gnurl-Use-gnutls-dane-as-input.patch --]
[-- Type: text/plain, Size: 1231 bytes --]

From 5580691be6696c5af1b7d6f833958d675b22ece9 Mon Sep 17 00:00:00 2001
From: ng0 <ng0@infotropique.org>
Date: Mon, 21 Aug 2017 09:38:55 +0000
Subject: [PATCH 2/4] gnu: gnurl: Use 'gnutls/dane' as input.

This switches the used GnuTLS to the one recommended
by the GNUnet Documentation (Chapter "Installation Handbook",
Section "Generic installation instructions") where a specific
order of dependency installation is required.  In this
order libunbound is installed first, then GnuTLS, then libgnurl,
followed by libmicrohttpd.

* gnu/packages/gnunet.scm (gnurl)[inputs]: Replace gnutls with 'gnutls/dane'.
---
 gnu/packages/gnunet.scm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gnu/packages/gnunet.scm b/gnu/packages/gnunet.scm
index 82702e4e8..bb434c9ec 100644
--- a/gnu/packages/gnunet.scm
+++ b/gnu/packages/gnunet.scm
@@ -197,7 +197,7 @@ and support for SSL3 and TLS.")
    (build-system gnu-build-system)
    (outputs '("out"
               "doc"))                             ; 1.5 MiB of man3 pages
-   (inputs `(("gnutls" ,gnutls)
+   (inputs `(("gnutls" ,gnutls/dane)
              ("libidn" ,libidn)
              ("zlib" ,zlib)))
    (native-inputs
-- 
2.14.2


[-- Attachment #1.4: 0003-gnu-libmicrohttpd-Use-gnutls-dane-as-input.patch --]
[-- Type: text/plain, Size: 1202 bytes --]

From 31e8a308c16c36eecf30e16acc77ec1d676d416e Mon Sep 17 00:00:00 2001
From: ng0 <ng0@infotropique.org>
Date: Mon, 21 Aug 2017 09:45:54 +0000
Subject: [PATCH 3/4] gnu: libmicrohttpd: Use 'gnutls/dane' as input.

This switches the used GnuTLS to the one recommended
by the GNUnet Documentation (Chapter "Installation Handbook",
Section "Generic installation instructions") where a specific
order of dependency installation is required.  In this
order libunbound is installed first, then GnuTLS, then libgnurl,
followed by libmicrohttpd.

* gnu/packages/gnunet.scm (libmicrohttpd)[inputs]: Replace gnutls with 'gnutls/dane'.
---
 gnu/packages/gnunet.scm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gnu/packages/gnunet.scm b/gnu/packages/gnunet.scm
index bb434c9ec..98574994a 100644
--- a/gnu/packages/gnunet.scm
+++ b/gnu/packages/gnunet.scm
@@ -155,7 +155,7 @@ tool to extract metadata from a file and print the results.")
    (build-system gnu-build-system)
    (inputs
     `(("curl" ,curl)
-      ("gnutls" ,gnutls)
+      ("gnutls" ,gnutls/dane)
       ("libgcrypt" ,libgcrypt)
       ("openssl" ,openssl)
       ("zlib" ,zlib)))
-- 
2.14.2


[-- Attachment #1.5: 0004-gnu-gnunet-Use-gnutls-dane-as-input.patch --]
[-- Type: text/plain, Size: 1205 bytes --]

From 24df6f3fd2a83f36e264a46dfed16d4e8d744585 Mon Sep 17 00:00:00 2001
From: ng0 <ng0@infotropique.org>
Date: Mon, 21 Aug 2017 09:48:32 +0000
Subject: [PATCH 4/4] gnu: gnunet: Use 'gnutls/dane' as input.

This switches the used GnuTLS to the one recommended
by the GNUnet Documentation (Chapter "Installation Handbook",
Section "Generic installation instructions") where a specific
order of dependency installation is required.  In this
order libunbound is installed first, then GnuTLS, then libgnurl,
followed by libmicrohttpd.

* gnu/packages/gnunet.scm (gnunet)[inputs]: Replace gnutls with 'gnutls/dane'.
---
 gnu/packages/gnunet.scm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gnu/packages/gnunet.scm b/gnu/packages/gnunet.scm
index 98574994a..9a2713e66 100644
--- a/gnu/packages/gnunet.scm
+++ b/gnu/packages/gnunet.scm
@@ -271,7 +271,7 @@ supports HTTP, HTTPS and GnuTLS.")
       ("gnurl" ,gnurl)
       ("gstreamer" ,gstreamer)
       ("gst-plugins-base" ,gst-plugins-base)
-      ("gnutls" ,gnutls)
+      ("gnutls" ,gnutls/dane)
       ("libextractor" ,libextractor)
       ("libgcrypt" ,libgcrypt)
       ("libidn" ,libidn)
-- 
2.14.2


[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply related	[flat|nested] 14+ messages in thread

* [bug#28170] Add gnutls/dane + use it where its needed (gnurl, libmicrohttpd, gnunet)
  2017-09-30 16:36                   ` ng0
@ 2017-09-30 17:38                     ` Christopher Baines
  2017-10-01  9:52                     ` bug#28170: " Christopher Baines
  1 sibling, 0 replies; 14+ messages in thread
From: Christopher Baines @ 2017-09-30 17:38 UTC (permalink / raw)
  To: ng0; +Cc: 28170

[-- Attachment #1: Type: text/plain, Size: 2986 bytes --]

On Sat, 30 Sep 2017 16:36:05 +0000
ng0 <ng0@infotropique.org> wrote:

> Christopher Baines transcribed 3.6K bytes:
> > On Sat, 30 Sep 2017 15:01:52 +0000
> > ng0 <ng0@infotropique.org> wrote:
> >   
> > > ng0 transcribed 2.1K bytes:  
> > > > Christopher Baines transcribed 1.7K bytes:    
> > > > > On Sat, 30 Sep 2017 14:12:55 +0000
> > > > > ng0 <ng0@infotropique.org> wrote:
> > > > >     
> > > > > > The fix in this version is to only add the necessary input
> > > > > > to the inherited gnutls.    
> > > > > 
> > > > > Ok. One hopefully final thing. From the commit message [1],
> > > > > it's not clear to me if this is fixing an issue with the
> > > > > GNUnet package, by providing it with the right dependencies,
> > > > > or, adding additional functionality to the GNUnet package, by
> > > > > providing a more capable GnuTLS?
> > > > > 
> > > > > 1: "GNUnet and its dependency chain needs GnuTLS with DANE
> > > > > support."   
> > > > It provides the right GnuTLS to GNUnet, libmicrohttpd and gnURL.
> > > > Certain features of these applications will not work without it.
> > > > GnuTLS without Dane is not fatal error for these packages, but
> > > > Dane is recommended.
> > > > I have no idea how I should put this into the very strict
> > > > dictionary we have in commit messages… In more free-form it
> > > > would be no problem for me.
> > > > -- 
> > > > ng0
> > > > GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588
> > > > GnuPG: https://krosos.org/dist/keys/
> > > > https://www.infotropique.org https://krosos.org    
> > > 
> > > Okay, I now see what you mean.
> > > 
> > > To make it short: the correct dependency is provided in place
> > > of the current working-but-not-correct GnuTLS.
> > > 
> > > Is that more clear?  
> > 
> > I think you've made it clear to me now.
> > 
> > From what you're saying, I think its the 2nd thing I said. Making
> > this change will enable some functionality in the GNUnet package
> > (and possibly some of the other packages changed).
> > 
> > I'm not sure using the word "correct" helps, unless you say what the
> > dependencies are correct/incorrect with respect to, for example, if
> > the GNUnet documentation says that it should be built with GnuTLS
> > with Dane support, then that would be a reason to talk about
> > correctness.  
> 
> Yes it does state this, in the documentation and all these
> applications list the dependency in README aswell.
> This is why I thought the original, first version, comment I made in
> gnutls/dane was enough. But I'll have to be more clear then.
> Well if gnURL doesn't state it in its README I have to add it, if it's
> not in there it's my mistake - it's correct nevertheless.

Ah yes, I didn't really take in that comment in when I read the patch,
but I can see it now "This is required for GNS functionality by
GNUnet and gnURL.". That's great information, and having it in the
commit would also be great.

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 963 bytes --]

^ permalink raw reply	[flat|nested] 14+ messages in thread

* bug#28170: Add gnutls/dane + use it where its needed (gnurl, libmicrohttpd, gnunet)
  2017-09-30 16:36                   ` ng0
  2017-09-30 17:38                     ` Christopher Baines
@ 2017-10-01  9:52                     ` Christopher Baines
  1 sibling, 0 replies; 14+ messages in thread
From: Christopher Baines @ 2017-10-01  9:52 UTC (permalink / raw)
  To: ng0; +Cc: 28170-done

[-- Attachment #1: Type: text/plain, Size: 3467 bytes --]

On Sat, 30 Sep 2017 16:36:05 +0000
ng0 <ng0@infotropique.org> wrote:

> Christopher Baines transcribed 3.6K bytes:
> > On Sat, 30 Sep 2017 15:01:52 +0000
> > ng0 <ng0@infotropique.org> wrote:
> >   
> > > ng0 transcribed 2.1K bytes:  
> > > > Christopher Baines transcribed 1.7K bytes:    
> > > > > On Sat, 30 Sep 2017 14:12:55 +0000
> > > > > ng0 <ng0@infotropique.org> wrote:
> > > > >     
> > > > > > The fix in this version is to only add the necessary input
> > > > > > to the inherited gnutls.    
> > > > > 
> > > > > Ok. One hopefully final thing. From the commit message [1],
> > > > > it's not clear to me if this is fixing an issue with the
> > > > > GNUnet package, by providing it with the right dependencies,
> > > > > or, adding additional functionality to the GNUnet package, by
> > > > > providing a more capable GnuTLS?
> > > > > 
> > > > > 1: "GNUnet and its dependency chain needs GnuTLS with DANE
> > > > > support."   
> > > > It provides the right GnuTLS to GNUnet, libmicrohttpd and gnURL.
> > > > Certain features of these applications will not work without it.
> > > > GnuTLS without Dane is not fatal error for these packages, but
> > > > Dane is recommended.
> > > > I have no idea how I should put this into the very strict
> > > > dictionary we have in commit messages… In more free-form it
> > > > would be no problem for me.
> > > > -- 
> > > > ng0
> > > > GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588
> > > > GnuPG: https://krosos.org/dist/keys/
> > > > https://www.infotropique.org https://krosos.org    
> > > 
> > > Okay, I now see what you mean.
> > > 
> > > To make it short: the correct dependency is provided in place
> > > of the current working-but-not-correct GnuTLS.
> > > 
> > > Is that more clear?  
> > 
> > I think you've made it clear to me now.
> > 
> > From what you're saying, I think its the 2nd thing I said. Making
> > this change will enable some functionality in the GNUnet package
> > (and possibly some of the other packages changed).
> > 
> > I'm not sure using the word "correct" helps, unless you say what the
> > dependencies are correct/incorrect with respect to, for example, if
> > the GNUnet documentation says that it should be built with GnuTLS
> > with Dane support, then that would be a reason to talk about
> > correctness.  
> 
> Yes it does state this, in the documentation and all these
> applications list the dependency in README aswell.
> This is why I thought the original, first version, comment I made in
> gnutls/dane was enough. But I'll have to be more clear then.
> Well if gnURL doesn't state it in its README I have to add it, if it's
> not in there it's my mistake - it's correct nevertheless.
> 
> > As for the commit format. As I understand the conventions, you can
> > put anything in between the first line, and the changelog at the
> > bottom. For example, one case where I ended up writing quite a bit
> > is here [1].
> > 
> > It doesn't have to be very specific, but something about the intent
> > or intended effect of the change in each commit would be very
> > useful.
> > 
> > 1:
> > http://git.savannah.gnu.org/cgit/guix.git/commit/?id=6230e155afd8c43c12ee3f03032aac34433db11a  
> 
> Okay, thanks. I will change the commit messages and
> reference our (GNUnet) README and documentation sections.

I've now merged the patches that were attached to this email :)

Thanks,

Chris

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 963 bytes --]

^ permalink raw reply	[flat|nested] 14+ messages in thread

end of thread, other threads:[~2017-10-01  9:53 UTC | newest]

Thread overview: 14+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-08-21  9:57 [bug#28170] Add gnutls/dane + use it where its needed (gnurl, libmicrohttpd, gnunet) ng0
2017-09-30 11:26 ` Christopher Baines
2017-09-30 12:23   ` ng0
2017-09-30 12:43     ` Christopher Baines
2017-09-30 14:01       ` ng0
2017-09-30 14:12         ` ng0
2017-09-30 14:34           ` Christopher Baines
2017-09-30 14:56             ` ng0
2017-09-30 15:01               ` ng0
2017-09-30 16:05                 ` Christopher Baines
2017-09-30 16:36                   ` ng0
2017-09-30 17:38                     ` Christopher Baines
2017-10-01  9:52                     ` bug#28170: " Christopher Baines
2017-09-30 14:03       ` [bug#28170] " ng0

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).