From: Marius Bakke <mbakke@fastmail.com>
To: 33701@debbugs.gnu.org
Subject: [bug#33701] [PATCH staging 00/23] Glib/GTK+ updates
Date: Tue, 11 Dec 2018 21:42:09 +0100 [thread overview]
Message-ID: <87k1kfssm6.fsf@fastmail.com> (raw)
In-Reply-To: <20181211011205.15542-1-mbakke@fastmail.com>
[-- Attachment #1.1: Type: text/plain, Size: 737 bytes --]
Marius Bakke <mbakke@fastmail.com> writes:
> This late series adds around 1000 rebuilds to the current staging
> branch. They also bring many of the GNOME family libraries to the
> latest upstream versions.
>
> The good:
> * Latest Ghostscript, Poppler, Harfbuzz, GnuTLS, and other
> security-critical libraries. Some of these have changed
> build systems, or ABIs, so future patching is easier.
> * Most/all regressions are already fixed.
Whoops, I spoke too soon: I upgraded glib-networking from 2.58 to 2.59
in the last minute (to fix a test failure), but the change broke libsoup
and possibly more.
In v2 of this series, two patches have diverged. Libsoup was adjusted
to cope with the new "certtool" API from GnuTLS 3.6:
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1.2: 0019-gnu-GnuTLS-Update-to-3.6.5.patch --]
[-- Type: text/x-patch, Size: 5325 bytes --]
From cab3a4a7fe3e719f2991384c161043bbfae742d6 Mon Sep 17 00:00:00 2001
From: Marius Bakke <mbakke@fastmail.com>
Date: Mon, 10 Dec 2018 02:38:32 +0100
Subject: [PATCH staging 19/23] gnu: GnuTLS: Update to 3.6.5.
* gnu/packages/patches/gnutls-skip-pkgconfig-test.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Remove it.
* gnu/packages/tls.scm (gnutls): Update to 3.6.5.
[source](patches): Remove obsolete.
[source](snippet): Add Guile detection fix.
* gnu/packages/gnome.scm (libsoup)[arguments]: Adjust 'certtool' invokation to
cope with the new API.
---
gnu/local.mk | 1 -
gnu/packages/gnome.scm | 3 ++-
.../patches/gnutls-skip-pkgconfig-test.patch | 24 -------------------
gnu/packages/tls.scm | 17 +++++++++----
4 files changed, 14 insertions(+), 31 deletions(-)
delete mode 100644 gnu/packages/patches/gnutls-skip-pkgconfig-test.patch
diff --git a/gnu/local.mk b/gnu/local.mk
index 0d279e55eb..3f2ca7a845 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -772,7 +772,6 @@ dist_patch_DATA = \
%D%/packages/patches/gnucash-price-quotes-perl.patch \
%D%/packages/patches/gnucash-disable-failing-tests.patch \
%D%/packages/patches/gnutls-skip-trust-store-test.patch \
- %D%/packages/patches/gnutls-skip-pkgconfig-test.patch \
%D%/packages/patches/gobject-introspection-absolute-shlib-path.patch \
%D%/packages/patches/gobject-introspection-cc.patch \
%D%/packages/patches/gobject-introspection-girepository.patch \
diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm
index 9d8e4a8d33..cea9445191 100644
--- a/gnu/packages/gnome.scm
+++ b/gnu/packages/gnome.scm
@@ -2556,7 +2556,8 @@ libxml to ease remote use of the RESTful API.")
"" ;URI of subject
"127.0.0.1" ;IP address of subject
"" ;signing?
- "" ;encryption?
+ "" ;encryption (RSA)?
+ "" ;data encryption?
"" ;sign OCSP requests?
"" ;sign code?
"" ;time stamping?
diff --git a/gnu/packages/patches/gnutls-skip-pkgconfig-test.patch b/gnu/packages/patches/gnutls-skip-pkgconfig-test.patch
deleted file mode 100644
index 1fad7c14e3..0000000000
--- a/gnu/packages/patches/gnutls-skip-pkgconfig-test.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-FIXME: The static test fails with an error such as:
-
-/tmp/guix-build-gnutls-3.5.13.drv-0/ccOnGPmc.o: In function `main':
-c.29617.tmp.c:(.text+0x5): undefined reference to `gnutls_global_init'
-collect2: error: ld returned 1 exit status
-FAIL pkgconfig.sh (exit status: 1)
-
-diff --git a/tests/pkgconfig.sh b/tests/pkgconfig.sh
-index 6bd4e62f9..05aab8278 100755
---- a/tests/pkgconfig.sh
-+++ b/tests/pkgconfig.sh
-@@ -57,11 +57,7 @@ echo "Trying dynamic linking with:"
- echo " * flags: $(${PKGCONFIG} --libs gnutls)"
- echo " * common: ${COMMON}"
- echo " * lib: ${CFLAGS}"
--cc ${TMPFILE} -o ${TMPFILE_O} $(${PKGCONFIG} --libs gnutls) $(${PKGCONFIG} --cflags gnutls) ${COMMON}
--
--echo ""
--echo "Trying static linking with $(${PKGCONFIG} --libs --static gnutls)"
--cc ${TMPFILE} -o ${TMPFILE_O} $(${PKGCONFIG} --static --libs gnutls) $(${PKGCONFIG} --cflags gnutls) ${COMMON}
-+gcc ${TMPFILE} -o ${TMPFILE_O} $(${PKGCONFIG} --libs gnutls) $(${PKGCONFIG} --cflags gnutls) ${COMMON}
-
- rm -f ${TMPFILE} ${TMPFILE_O}
-
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index d9971441c6..73be90d0d3 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -162,7 +162,7 @@ living in the same process.")
(define-public gnutls
(package
(name "gnutls")
- (version "3.5.18")
+ (version "3.6.5")
(source (origin
(method url-fetch)
(uri
@@ -171,12 +171,19 @@ living in the same process.")
(string-append "mirror://gnupg/gnutls/v"
(version-major+minor version)
"/gnutls-" version ".tar.xz"))
- (patches
- (search-patches "gnutls-skip-trust-store-test.patch"
- "gnutls-skip-pkgconfig-test.patch"))
+ (patches (search-patches "gnutls-skip-trust-store-test.patch"))
(sha256
(base32
- "0d02x28fwkkx7xzn7807nww6idchizzq3plx8sfcyiw7wzclh8mf"))))
+ "0ddvg97dyrh8dkffv1mdc0knxx5my3qdbzv97s4a6jggmk9wwgh7"))
+ (modules '((guix build utils)))
+ (snippet
+ '(begin
+ ;; XXX: The generated configure script in GnuTLS 3.6.5
+ ;; apparently does not know about Guile 2.2.
+ (substitute* "configure"
+ (("guile_versions_to_search=\"2\\.0 1\\.8\"")
+ "guile_versions_to_search=\"2.2 2.0 1.8\""))
+ #t))))
(build-system gnu-build-system)
(arguments
`(; Ensure we don't keep a reference to this buggy software.
--
2.20.0
[-- Attachment #1.3: Type: text/plain, Size: 94 bytes --]
...while Glib-Networking was downgraded to 2.58, and removes related
code at the same time:
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1.4: 0023-gnu-glib-networking-Update-to-2.58.0.patch --]
[-- Type: text/x-patch, Size: 7968 bytes --]
From ade89abc16f2247e6d5db633f001ff853fa989ba Mon Sep 17 00:00:00 2001
From: Marius Bakke <mbakke@fastmail.com>
Date: Mon, 10 Dec 2018 07:39:52 +0100
Subject: [PATCH staging 23/23] gnu: glib-networking: Update to 2.58.0.
* gnu/packages/gnome.scm (glib-networking): Update to 2.58.0.
[build-system]: Change to MESON-BUILD-SYSTEM.
[arguments]: Explicitly disable libproxy; add phase to appease tests.
(libgdata, libsoup)[arguments]: Remove phase that sets SSL_CERT_FILE.
* gnu/packages/spice.scm (spice)[arguments]: Likewise.
* gnu/packages/web.scm (uhttpmock)[arguments]: Likewise.
---
gnu/local.mk | 1 -
gnu/packages/gnome.scm | 43 +++++--------------
.../glib-networking-ssl-cert-file.patch | 29 -------------
gnu/packages/spice.scm | 6 +--
gnu/packages/web.scm | 9 ----
5 files changed, 12 insertions(+), 76 deletions(-)
delete mode 100644 gnu/packages/patches/glib-networking-ssl-cert-file.patch
diff --git a/gnu/local.mk b/gnu/local.mk
index 3f2ca7a845..03627b98c1 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -741,7 +741,6 @@ dist_patch_DATA = \
%D%/packages/patches/ghostscript-no-header-uuid.patch \
%D%/packages/patches/ghostscript-no-header-creationdate.patch \
%D%/packages/patches/giflib-make-reallocarray-private.patch \
- %D%/packages/patches/glib-networking-ssl-cert-file.patch \
%D%/packages/patches/glib-tests-timer.patch \
%D%/packages/patches/glibc-CVE-2015-5180.patch \
%D%/packages/patches/glibc-CVE-2015-7547.patch \
diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm
index cea9445191..95bfcaf564 100644
--- a/gnu/packages/gnome.scm
+++ b/gnu/packages/gnome.scm
@@ -360,12 +360,6 @@ formats like PNG, SVG, PDF and EPS.")
(arguments
'(#:phases
(modify-phases %standard-phases
- (add-before 'check 'use-empty-ssl-cert-file
- (lambda _
- ;; The ca-certificates.crt is not available in the build
- ;; environment.
- (setenv "SSL_CERT_FILE" "/dev/null")
- #t))
(add-before 'check 'disable-failing-tests
(lambda _
;; The PicasaWeb API tests fail with gnome-online-accounts@3.24.2.
@@ -2396,7 +2390,7 @@ library.")
(define-public glib-networking
(package
(name "glib-networking")
- (version "2.54.1")
+ (version "2.58.0")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnome/sources/glib-networking/"
@@ -2404,29 +2398,17 @@ library.")
name "-" version ".tar.xz"))
(sha256
(base32
- "0bq16m9nh3gcz9x2fvygr0iwxd2pxcbrm3lj3kihsnh1afv8g9za"))
- (patches
- (search-patches "glib-networking-ssl-cert-file.patch"))))
- (build-system gnu-build-system)
+ "0s006gs9nsq6mg31spqha1jffzmp6qjh10y27h0fxf1iw1ah5ymx"))))
+ (build-system meson-build-system)
(arguments
- `(#:configure-flags
- '("--with-ca-certificates=/etc/ssl/certs/ca-certificates.crt")
- #:phases
- (modify-phases %standard-phases
- (add-before 'configure 'patch-giomoduledir
- ;; Install GIO modules into $out/lib/gio/modules.
- (lambda _
- (substitute* "configure"
- (("GIO_MODULE_DIR=.*")
- (string-append "GIO_MODULE_DIR=" %output
- "/lib/gio/modules\n")))
- #t))
- (add-before 'check 'use-empty-ssl-cert-file
- (lambda _
- ;; The ca-certificates.crt is not available in the build
- ;; environment.
- (setenv "SSL_CERT_FILE" "/dev/null")
- #t)))))
+ `(#:configure-flags '("-Dlibproxy_support=false")
+ #:phases (modify-phases %standard-phases
+ (add-before 'check 'disable-TLSv1.3
+ (lambda _
+ ;; XXX: One test fails when TLS 1.3 is enabled, fixed in 2.60.0:
+ ;; <https://gitlab.com/gnutls/gnutls/issues/615>.
+ (setenv "G_TLS_GNUTLS_PRIORITY" "NORMAL:-VERS-TLS1.3")
+ #t)))))
(native-inputs
`(("pkg-config" ,pkg-config)
("intltool" ,intltool)))
@@ -2516,9 +2498,6 @@ libxml to ease remote use of the RESTful API.")
;; The 'check-local' target runs 'env LANG=C sort -u',
;; unset 'LC_ALL' to make 'LANG' working.
(unsetenv "LC_ALL")
- ;; The ca-certificates.crt is not available in the build
- ;; environment.
- (setenv "SSL_CERT_FILE" "/dev/null")
;; HTTPD in Guix uses mod_event and does not build prefork.
(substitute* "tests/httpd.conf"
(("^LoadModule mpm_prefork_module.*$") "\n"))
diff --git a/gnu/packages/patches/glib-networking-ssl-cert-file.patch b/gnu/packages/patches/glib-networking-ssl-cert-file.patch
deleted file mode 100644
index 32bdd0790f..0000000000
--- a/gnu/packages/patches/glib-networking-ssl-cert-file.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From b010e41346d418220582c20ab8d7f3971e4fb78a Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?=E5=AE=8B=E6=96=87=E6=AD=A6?= <iyzsong@gmail.com>
-Date: Fri, 14 Aug 2015 17:28:36 +0800
-Subject: [PATCH] gnutls: Allow overriding the anchor file location by
- 'SSL_CERT_FILE'
-
----
- tls/gnutls/gtlsbackend-gnutls.c | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/tls/gnutls/gtlsbackend-gnutls.c b/tls/gnutls/gtlsbackend-gnutls.c
-index 55ec1a5..217d3c8 100644
---- a/tls/gnutls/gtlsbackend-gnutls.c
-+++ b/tls/gnutls/gtlsbackend-gnutls.c
-@@ -101,8 +101,10 @@ g_tls_backend_gnutls_real_create_database (GTlsBackendGnutls *self,
- GError **error)
- {
- const gchar *anchor_file = NULL;
-+ anchor_file = g_getenv ("SSL_CERT_FILE");
- #ifdef GTLS_SYSTEM_CA_FILE
-- anchor_file = GTLS_SYSTEM_CA_FILE;
-+ if (!anchor_file)
-+ anchor_file = GTLS_SYSTEM_CA_FILE;
- #endif
- return g_tls_file_database_new (anchor_file, error);
- }
---
-2.4.3
-
diff --git a/gnu/packages/spice.scm b/gnu/packages/spice.scm
index 94e6aa8438..8ab5a335c8 100644
--- a/gnu/packages/spice.scm
+++ b/gnu/packages/spice.scm
@@ -213,11 +213,7 @@ which allows users to view a desktop computing environment.")
"--enable-automated-tests")
;; Several tests appear to be opening the same sockets concurrently.
- #:parallel-tests? #f
-
- #:phases (modify-phases %standard-phases
- (add-before 'check 'use-empty-ssl-cert-file
- (lambda _ (setenv "SSL_CERT_FILE" "/dev/null") #t)))))
+ #:parallel-tests? #f))
(synopsis "Server implementation of the SPICE protocol")
(description "SPICE is a remote display system built for virtual
environments which allows you to view a computing 'desktop' environment
diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm
index f8315d4379..8dc6927897 100644
--- a/gnu/packages/web.scm
+++ b/gnu/packages/web.scm
@@ -4241,15 +4241,6 @@ you'd expect.")
(base32
"163py4klka423x7li2b685gmg3a6hjf074mlff2ajhmi3l0lm8x6"))))
(build-system glib-or-gtk-build-system)
- (arguments
- `(#:phases
- (modify-phases %standard-phases
- (add-before 'check 'use-empty-ssl-cert-file
- (lambda _
- ;; Search for ca-certificates.crt files
- ;; during the check phase.
- (setenv "SSL_CERT_FILE" "/dev/null")
- #t)))))
(native-inputs
`(("gobject-introspection" ,gobject-introspection)
;; For check phase.
--
2.20.0
[-- Attachment #1.5: Type: text/plain, Size: 300 bytes --]
The reason for removing SSL_CERT_FILE completely instead of adjusting
the patch is that Glib-Networking no longer does any certificate
handling by itself, instead everything is handed over to GnuTLS. Thus
supporting such a patch is difficult, and it does not seem to be needed
anymore in practice.
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 487 bytes --]
next prev parent reply other threads:[~2018-12-11 20:43 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-12-11 1:12 [bug#33701] [PATCH staging 00/23] Glib/GTK+ updates Marius Bakke
2018-12-11 1:13 ` [bug#33701] [PATCH staging 01/23] gnu: cups-filters: Update to 1.21.5 Marius Bakke
2018-12-11 1:13 ` [bug#33701] [PATCH staging 02/23] gnu: libjpeg-turbo: Update to 2.0.1 Marius Bakke
2018-12-11 1:13 ` [bug#33701] [PATCH staging 03/23] gnu: harfbuzz: Update to 2.2.0 Marius Bakke
2018-12-11 1:13 ` [bug#33701] [PATCH staging 04/23] gnu: poppler: Update to 0.72.0 Marius Bakke
2018-12-12 1:08 ` Leo Famulari
2018-12-11 1:13 ` [bug#33701] [PATCH staging 05/23] gnu: D-Bus: Update to 1.12.12 Marius Bakke
2018-12-11 1:13 ` [bug#33701] [PATCH staging 06/23] gnu: glib: Remove obsolete variable Marius Bakke
2018-12-11 1:14 ` [bug#33701] [PATCH staging 07/23] gnu: glib: Update to 2.56.3 Marius Bakke
2018-12-11 1:14 ` [bug#33701] [PATCH staging 08/23] gnu: pixman: Update to 0.36.0 Marius Bakke
2018-12-11 1:14 ` [bug#33701] [PATCH staging 09/23] gnu: cairo: Update to 1.16.0 Marius Bakke
2018-12-11 1:14 ` [bug#33701] [PATCH staging 10/23] gnu: libqmi: Update to 1.20.2 Marius Bakke
2018-12-11 1:14 ` [bug#33701] [PATCH staging 11/23] gnu: curl: Remove replacement for 7.62.0 Marius Bakke
2018-12-11 1:14 ` [bug#33701] [PATCH staging 12/23] gnu: ghostscript: Update to 9.26 Marius Bakke
2018-12-12 1:07 ` Leo Famulari
2018-12-11 1:14 ` [bug#33701] [PATCH staging 13/23] gnu: icu4c: Update to 63.1 Marius Bakke
2018-12-11 1:14 ` [bug#33701] [PATCH staging 14/23] gnu: tzdata-for-tests: Update to 2018g Marius Bakke
2018-12-11 1:14 ` [bug#33701] [PATCH staging 15/23] gnu: nghttp2: Update to 1.35.1 Marius Bakke
2018-12-11 1:14 ` [bug#33701] [PATCH staging 16/23] gnu: nettle: Update to 3.4.1 Marius Bakke
2018-12-11 1:14 ` [bug#33701] [PATCH staging 17/23] gnu: cyrus-sasl: Update to 2.1.27 Marius Bakke
2018-12-11 1:14 ` [bug#33701] [PATCH staging 18/23] gnu: jansson: Update to 2.12 Marius Bakke
2018-12-11 1:14 ` [bug#33701] [PATCH staging 19/23] gnu: GnuTLS: Update to 3.6.5 Marius Bakke
2018-12-11 1:14 ` [bug#33701] [PATCH staging 20/23] gnu: libuv: Update to 1.24.0 Marius Bakke
2018-12-11 1:14 ` [bug#33701] [PATCH staging 21/23] gnu: CMake: Update to 3.13.1 Marius Bakke
2018-12-11 1:14 ` [bug#33701] [PATCH staging 22/23] gnu: meson: Update to 0.49.0 Marius Bakke
2018-12-11 1:14 ` [bug#33701] [PATCH staging 23/23] gnu: glib-networking: Update to 2.59.1 Marius Bakke
2018-12-11 20:42 ` Marius Bakke [this message]
2018-12-12 1:05 ` [bug#33701] [PATCH staging 00/23] Glib/GTK+ updates Leo Famulari
2018-12-12 20:57 ` bug#33701: " Marius Bakke
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87k1kfssm6.fsf@fastmail.com \
--to=mbakke@fastmail.com \
--cc=33701@debbugs.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).