From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0 ([2001:41d0:2:4a6f::]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by ms0.migadu.com with LMTPS id OPtKDrVEY2BjWAAAgWs5BA (envelope-from ) for ; Tue, 30 Mar 2021 17:33:09 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0 with LMTPS id mB03CbVEY2CNbAAA1q6Kng (envelope-from ) for ; Tue, 30 Mar 2021 15:33:09 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 41BA71EFB9 for ; Tue, 30 Mar 2021 17:33:08 +0200 (CEST) Received: from localhost ([::1]:48172 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lRGMd-00073b-1v for larch@yhetil.org; Tue, 30 Mar 2021 11:33:07 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:35904) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lRGMY-00071w-Ew for guix-patches@gnu.org; Tue, 30 Mar 2021 11:33:02 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:41128) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1lRGMY-00057N-6D for guix-patches@gnu.org; Tue, 30 Mar 2021 11:33:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1lRGMY-0005Cg-1d for guix-patches@gnu.org; Tue, 30 Mar 2021 11:33:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#47495] [PATCH] gnu: vsftpd: Use CentOS version and patches. Resent-From: Tobias Geerinckx-Rice Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Tue, 30 Mar 2021 15:33:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 47495 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: david larsson Cc: 47495@debbugs.gnu.org, guix-patches-bounces+david.larsson=selfhosted.xyz@gnu.org X-Debbugs-Original-Cc: 47495@debbugs.gnu.org, Guix-patches , guix-patches@gnu.org Received: via spool by 47495-submit@debbugs.gnu.org id=B47495.161711835619963 (code B ref 47495); Tue, 30 Mar 2021 15:33:01 +0000 Received: (at 47495) by debbugs.gnu.org; 30 Mar 2021 15:32:36 +0000 Received: from localhost ([127.0.0.1]:52670 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lRGM0-0005Bm-8l for submit@debbugs.gnu.org; Tue, 30 Mar 2021 11:32:36 -0400 Received: from tobias.gr ([80.241.217.52]:56782) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lRGLv-0005Bb-Ek for 47495@debbugs.gnu.org; Tue, 30 Mar 2021 11:32:26 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tobias.gr; s=2018; bh=pNryxV4qQ53LY8Ib3ZkWp59VVVhrRovQCNkwkqlaq5I=; h=date:in-reply-to: subject:cc:to:from:references; b=Bhtfyv10APXlr+rZ9dl6cTDahYZQQW4dK2/He Va+GGXLP+VsjRpcW4dGMETv7j+msZn7B+fIO7kfKn29iTvgnKoMA/SLOU+KvbPXlfsWZgG BywDamFchFbHc2SIEbuUew1njbkEsBV1VlylERZCOcjaZoEjc+D+sk0Jj1a47nZ3brAqmC 7afYdJipjGuQ35SwKhReFzRSqOBCIAs8oXUfAPwY+QLJlj/I2FSDVyfw/7Tj7Hn5LjXLtt X2KO6bo8SR7MZ7rEzYbzuPxk6pdUr9qPzq0Ziz/Ci6Sj2kN8J2PUNHJbq2vAQK+dabOeAW L+UveCUyagCIzWr8oRMMouxEQ== Received: by submission.tobias.gr (OpenSMTPD) with ESMTPSA id ac25ba79 (TLSv1.2:ECDHE-ECDSA-AES256-GCM-SHA384:256:NO); Tue, 30 Mar 2021 15:33:29 +0000 (UTC) References: <14748028ccd69b0d3a767a70b5832a79@selfhosted.xyz> <08d5f3aefaeff390aa73a1e88bd64e13@selfhosted.xyz> In-reply-to: <08d5f3aefaeff390aa73a1e88bd64e13@selfhosted.xyz> BIMI-Selector: v=BIMI1; s=default; Date: Tue, 30 Mar 2021 17:32:20 +0200 Message-ID: <87y2e4hd2z.fsf@nckx> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: "Guix-patches" Reply-to: Tobias Geerinckx-Rice X-ACL-Warn: , Tobias Geerinckx-Rice via Guix-patches From: Tobias Geerinckx-Rice via Guix-patches via X-Migadu-Flow: FLOW_IN ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1617118388; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:resent-cc:resent-from:resent-sender: resent-message-id:in-reply-to:in-reply-to:references:references: list-id:list-help:list-unsubscribe:list-subscribe:list-post: dkim-signature; bh=pNryxV4qQ53LY8Ib3ZkWp59VVVhrRovQCNkwkqlaq5I=; b=tLrMMacBnjxosSm+I3qCwxUk0C9z0GHP6q+zGtAbXxrwObwsvFToicAI0o86opDm/U0EFE +mZBYnZYlTg4FNFtktyiea7IhHXt4csZaleU30hpjj7A3uUT6bGvBhysv9jI5JfCXJMAcK D8jAIIEEzruCG8szDjEJHmBMYMaOaWzp5X0DJPo6zmZ+iYG2gkymiaUjh9vq6+wpH6EU0l o1SuYRz2hjiVZupR41z1XQUaiyluzAPHD8Sf5MIx/DyyoM1/3XeM3sW3fzVtRk62IwJhzK 2zF6ihZ1D86KDXvhiNxeA82rRS//nFrWG5cASFHI5pangahvd2hyTPaaoaOjKw== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1617118388; a=rsa-sha256; cv=none; b=a3cvMM/ieVrKWe7uSE7Y/7bzBslraInSKWWAzRGx8zHGlu5EX/l2ln+ArEedGMpoMXjgF1 zMOzo/B/ahWPTk8vGJdUY7poQ0LHzGsyxTbhUbmy9NeSzfjil9Qh8/EPGNBuyjby8cnPAi c4H/KiWy5rgGf4UMYwo/6KEfVbzxMQsDeRjuQey3qIQcyff0M9nfARq86dsHxhZ0U4F9o+ QyYpGCRfvE3rqv4NPYCIYe0alzZvbdoVsS7HHaEx6zX6ZTl9WH+VjnA2EcVKEm3VSTFHfZ dly5yNeQ2Bmqs0fb9V5srJPX40AnFekgF78iCqQMz7uE3nUCwKXMLoGPPx/Ngw== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=tobias.gr header.s=2018 header.b=Bhtfyv10; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of guix-patches-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-patches-bounces@gnu.org X-Migadu-Spam-Score: -2.42 Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=tobias.gr header.s=2018 header.b=Bhtfyv10; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of guix-patches-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-patches-bounces@gnu.org X-Migadu-Queue-Id: 41BA71EFB9 X-Spam-Score: -2.42 X-Migadu-Scanner: scn0.migadu.com X-TUID: acIVK+fBOpFo --=-=-= Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: quoted-printable David, david larsson writes: > Hi, > the attached patch updates vsftpd so it can use tlsv1.2 etc. Wow. Thanks! As indicated on IRC I've made some changes to the patch, mainly to=20 avoid hard-coding all patches. The result is attached. Let me=20 know what you think. Further random comments below: > From: methuselah-0 > Date: Tue, 30 Mar 2021 11:18:09 +0200 > Subject: [PATCH] gnu: vsftpd: Use CentOS version and patches. > > * gnu/packages/ftp.scm (vftpd): Use CentOS version and=20 > patches. ^^^^ This is what happens when you copy commit messages from git and=20 paste them right back in :-) In that case, remove the four=20 leading spaces. > + (let ((version "3.0.3") I renamed this to UPSTREAM-VERSION, so we can show a more specific=20 VERSION field in the Guix UI. What we offer isn't =E2=80=983.0.3=E2=80=99 = any=20 more. > + (revision "32") I subjectively added =E2=80=98.el8=E2=80=99 here, mainly to factor it out b= elow.=20 Neither of us knows what it means, though... > + (add-after 'unpack 'patch-installation-directory > + (lambda* (#:key outputs #:allow-other-keys) > + (substitute* "Makefile" > + (("/usr") (assoc-ref outputs "out"))) > + #t)) Moved below the redefined 'unpack phase for clarity. > + (replace 'unpack > + (lambda* (#:key source #:allow-other-keys) > + (let ((version "3.0.3") > + (revision "32") > + (centos-version "8.3.2011")) OK, so, as mentioned on IRC this can be avoided by quasiquoting=20 (as it already was, here) and using ,version instead. Quoting is probably the most confusing-yet-basic concept in=20 Scheme. > + > + (invoke "7z" "e" source (string-append "-o"=20 > "./vsftpd-" > +=20 > version "-" > +=20 > revision=20 > ".el8.src.cpio")) > + (chdir (string-append "./vsftpd-" version=20 > "-" > + revision=20 > ".el8.src.cpio")) > + (invoke "cpio" "-idmv" (string-append=20 > "--file=3D./vsftpd-" > +=20 > version "-" > +=20 > revision=20 > ".el8.src.cpio")) > + (invoke "tar" "xvf" (string-append=20 > "./vsftpd-"=20 > version ".tar.gz")) This dance had a few steps too many IMO, so I simplified it. It's=20 OK to keep the unpacked steps around during the (short) build=20 process; they are tiny by today's standards. > + (let ((patches I understand the reason for this: the patches need to be applied=20 in this order, or patching will appear to succeed but result in=20 unbuildable source. A simple FIND-FILES is right out. However, since the order is specified in vsftpd.spec, it's safer,=20 shorter, and simply more fun to parse it ourselves. > + (chdir (string-append "./vsftpd-"=20 > version)) > + (invoke "git" "init" ".") > + (invoke "git" "config" "user.email"=20 > "you@example.com") > + (invoke "git" "config" "user.name" "Your=20 > Name" ) > + (invoke "git" "add" ".") > + (invoke "git" "commit" "-m" "first") > + (map (lambda (x) (invoke "git" "am"=20 > (string-append=20 > "./" x))) patches) > + (map (lambda (x) (invoke "rm"=20 > (string-append "./"=20 > x))) patches) > + (invoke "rm" "-rf" "./.git") > + (chdir "../") > + (invoke "mv" (string-append "./vsftpd-"=20 > version)=20 > "../") > + (chdir "../") > + (invoke "rm" "-rf" (string-append=20 > "./vsftpd-"=20 > version "-" > + revision=20 > ".el8.src.cpio")) > + (chdir (string-append "./vsftpd-"=20 > version))) You lost me here. Why all the git? I removed all mention of git=20 from the package, since it didn't seem necessary, but please=20 correct me if needful. > + #t))) Whilst Guix on master still complains about =E2=80=98missing=E2=80=99 #Ts, = they=20 are a moribund relic and I've secretly started forgetting the odd=20 #t on master already... > + (native-inputs `(("openssl" ,openssl) > + ("linux-pam" ,linux-pam) > + ("p7zip" ,p7zip) > + ("cpio" ,cpio) > + ("git" ,git-minimal) > + ("libcap" ,libcap))) These are *all* new, correct? I removed git and added them all to=20 the commit message (check it out). Thanks again for your work! T G-R --=-=-= Content-Type: text/x-patch; charset=utf-8 Content-Disposition: inline; filename=0001-gnu-vsftpd-Use-CentOS-version-and-patches.patch Content-Transfer-Encoding: quoted-printable >From 43ca5cf141a61120cf9b02d26394109be75e679f Mon Sep 17 00:00:00 2001 From: methuselah-0 Date: Tue, 30 Mar 2021 11:18:09 +0200 Subject: [PATCH] gnu: vsftpd: Use CentOS version and patches. * gnu/packages/ftp.scm (vftpd)[source]: Use CentOS source RPM. [arguments]: Adapt the 'unpack phase, and apply CentOS patches in a new 'apply-CentOS-patches phase. [native-inputs]: Add openssl, linux-pam, libcap, p7zip, and cpio. --- gnu/packages/ftp.scm | 116 +++++++++++++++++++++++++++++-------------- 1 file changed, 80 insertions(+), 36 deletions(-) diff --git a/gnu/packages/ftp.scm b/gnu/packages/ftp.scm index b178063556..f3d3c68e5e 100644 --- a/gnu/packages/ftp.scm +++ b/gnu/packages/ftp.scm @@ -2,8 +2,9 @@ ;;; Copyright =C2=A9 2014, 2015, 2018 Ludovic Court=C3=A8s ;;; Copyright =C2=A9 2015 Andreas Enge ;;; Copyright =C2=A9 2015 Mark H Weaver -;;; Copyright =C2=A9 2016, 2017, 2018, 2019, 2020 Tobias Geerinckx-Rice +;;; Copyright =C2=A9 2016=E2=80=932021 Tobias Geerinckx-Rice ;;; Copyright =C2=A9 2017 Rene Saavedra +;;; Copyright =C2=A9 2021 David Larsson ;;; ;;; This file is part of GNU Guix. ;;; @@ -28,12 +29,14 @@ #:use-module (gnu packages) #:use-module (gnu packages autotools) #:use-module (gnu packages check) + #:use-module (gnu packages cpio) #:use-module (gnu packages compression) #:use-module (gnu packages freedesktop) #:use-module (gnu packages gettext) #:use-module (gnu packages glib) #:use-module (gnu packages gtk) #:use-module (gnu packages libidn) + #:use-module (gnu packages linux) #:use-module (gnu packages ncurses) #:use-module (gnu packages nettle) #:use-module (gnu packages pkg-config) @@ -251,40 +254,81 @@ directory comparison and more.") (properties '((upstream-name . "FileZilla"))))) =20 (define-public vsftpd - (package - (name "vsftpd") - (version "3.0.3") - (source (origin - (method url-fetch) - (uri (string-append "https://security.appspot.com/downloads/" - name "-" version ".tar.gz")) - (sha256 - (base32 - "1xsyjn68k3fgm2incpb3lz2nikffl9by2safp994i272wvv2nkcx")))) - (build-system gnu-build-system) - (arguments - `(#:make-flags '("LDFLAGS=3D-lcrypt") - #:tests? #f ; No tests exist. - #:phases - (modify-phases %standard-phases - (add-after 'unpack 'patch-installation-directory - (lambda* (#:key outputs #:allow-other-keys) - (substitute* "Makefile" - (("/usr") (assoc-ref outputs "out"))) - #t)) - (add-before 'install 'mkdir - (lambda* (#:key outputs #:allow-other-keys) - (let ((out (assoc-ref outputs "out"))) - (mkdir-p out) - (mkdir (string-append out "/sbin")) - (mkdir (string-append out "/man")) - (mkdir (string-append out "/man/man5")) - (mkdir (string-append out "/man/man8")) - #t))) - (delete 'configure)))) - (synopsis "vsftpd FTP daemon") - (description "@command{vsftpd} is a daemon that listens on a TCP socket + ;; Use a significantly patched CentOS variant supporting TLSv1.2, =E2=80= =98email + ;; passwords=E2=80=99, and XXX davidl: anything else? + (let ((upstream-version "3.0.3") + (centos-version "8.3.2011") + (revision "32.el8")) + (package + (name "vsftpd") + (version (string-append upstream-version "." revision)) + (source + (origin + (method url-fetch) + (uri (string-append + "https://vault.centos.org/centos/" centos-version + "/AppStream/Source/SPackages/vsftpd-" upstream-version "-" + revision ".src.rpm")) + (sha256 + (base32 "1xl0kqcismf82hl99klqbvvpylpyk1yr1qjy5hd8f80cj4lyl0f4"))= )) + (build-system gnu-build-system) + (arguments + `(#:make-flags '("LDFLAGS=3D-lcrypt -lssl -pie") + #:tests? #f ; no tests exist + #:phases + (modify-phases %standard-phases + (replace 'unpack + (lambda* (#:key source #:allow-other-keys) + (invoke "7z" "e" source "-ocpio") + (invoke "cpio" "-idmv" + (string-append "--file=3Dcpio/vsftpd-" + ,upstream-version "-" ,revision + ".src.cpio")) + (invoke "tar" "xvf" + (string-append "vsftpd-" ,upstream-version ".tar.gz= ")) + (chdir (string-append "vsftpd-" ,upstream-version)))) + (add-after 'unpack 'apply-CentOS-patches + ;; Apply all patches as enumerated in vsftpd.spec, in order: + ;; simply using FIND-FILES would silently corrupt the result. + (lambda _ + (call-with-input-file "../vsftpd.spec" + (lambda (port) + (use-modules (ice-9 rdelim)) + (let loop () + (let ((line (read-line port))) + (unless (eof-object? line) + (when (string-prefix? "Patch" line) + (let* ((space (string-rindex line #\space)) + (patch (string-drop line (+ 1 space)))) + (invoke "patch" "-Np1" + "-i" (string-append "../" patch)))) + (loop)))))))) + (add-after 'unpack 'patch-installation-directory + (lambda* (#:key outputs #:allow-other-keys) + (substitute* "Makefile" + (("/usr") (assoc-ref outputs "out"))) + #t)) + (add-before 'install 'mkdir + (lambda* (#:key outputs #:allow-other-keys) + (let ((out (assoc-ref outputs "out"))) + (mkdir-p out) + (mkdir (string-append out "/sbin")) + (mkdir (string-append out "/man")) + (mkdir (string-append out "/man/man5")) + (mkdir (string-append out "/man/man8")) + #t))) + (delete 'configure)))) + (native-inputs + `(("openssl" ,openssl) + ("linux-pam" ,linux-pam) + ("libcap" ,libcap) + + ;; Used to unpack the source RPM. + ("p7zip" ,p7zip) + ("cpio" ,cpio))) + (home-page "https://security.appspot.com/vsftpd.html") + (synopsis "Share files securely over FTP or FTPS") + (description "@command{vsftpd} is a daemon that listens on a TCP soc= ket for clients and gives them access to local files via File Transfer Protocol.") - (home-page "https://security.appspot.com/vsftpd.html") - (license gpl2))) + (license gpl2)))) --=20 2.30.1 --=-=-=--