From: "Wicki Gabriel (wicg)" <wicg@zhaw.ch>
To: "59867@debbugs.gnu.org" <59867@debbugs.gnu.org>
Subject: [bug#59867] Updated Mbed TLS 3 patchset
Date: Wed, 1 Feb 2023 13:12:00 +0000 [thread overview]
Message-ID: <ZR0P278MB02684BFD4D96BCFA9588F412C1D19@ZR0P278MB0268.CHEP278.PROD.OUTLOOK.COM> (raw)
In-Reply-To: <87tu28axpj.fsf@erlikon.ch>
[-- Attachment #1.1: Type: text/plain, Size: 357 bytes --]
Thanks for your review and the comments, Simon!
I've prepared another patchset (on top of base commit: 14323edcc37d9efaae2491cf5f57ea0621412d7e). Since there are so many applications relying on mbedtls v2 I figured it would be best to introduce mbedtls-apache3 to allow gradually upgrading the packages affected -- MbedTLS breaks parts of its old API.
[-- Attachment #1.2: Type: text/html, Size: 1126 bytes --]
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: 0001-gnu-mbedtls-apache3-Add-Mbed-TLS-3.patch --]
[-- Type: text/x-patch; name="0001-gnu-mbedtls-apache3-Add-Mbed-TLS-3.patch", Size: 1639 bytes --]
From a8cfe94b58417ebe9bd5e9af6b247d8ccd882929 Mon Sep 17 00:00:00 2001
From: Gabriel Wicki <gabriel@erlikon.ch>
Date: Fri, 27 Jan 2023 15:45:17 +0100
Subject: [PATCH 1/4] gnu: mbedtls-apache3: Add Mbed TLS 3.
* gnu/packages/tls.scm (mbedtls-apache3): New variable.
---
gnu/packages/tls.scm | 17 +++++++++++++++--
1 file changed, 15 insertions(+), 2 deletions(-)
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index bdac8a6e63..19cefec795 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -1018,8 +1018,6 @@ (define-public perl-crypt-openssl-random
(define-public mbedtls-apache
(package
(name "mbedtls-apache")
- ;; XXX Check whether ‘-Wformat-signedness’ still breaks mbedtls-for-hiawatha
- ;; when updating.
(version "2.28.0")
(source
(origin
@@ -1051,6 +1049,21 @@ (define-public mbedtls-apache
(home-page "https://www.trustedfirmware.org/projects/mbed-tls/")
(license license:asl2.0)))
+(define-public mbedtls-apache3
+ (package
+ (inherit mbedtls-apache)
+ (name "mbedtls-apache3")
+ (version "3.2.1")
+ (source (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/ARMmbed/mbedtls")
+ (commit (string-append "mbedtls-" version))))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32
+ "1dvj1m2i5lkaf8bcmslap8d82z2pi7ypgr8n7lv0rqjyy4vgmkgq"))))))
+
;; The Hiawatha Web server requires some specific features to be enabled.
(define-public mbedtls-for-hiawatha
(hidden-package
--
2.39.1
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #3: 0002-gnu-hiawatha-Update-to-11.2.patch --]
[-- Type: text/x-patch; name="0002-gnu-hiawatha-Update-to-11.2.patch", Size: 4578 bytes --]
From 90eabe004c15eb94862c8c1cc3569c86226f93cb Mon Sep 17 00:00:00 2001
From: Gabriel Wicki <gabriel@erlikon.ch>
Date: Fri, 27 Jan 2023 15:54:54 +0100
Subject: [PATCH 2/4] gnu: hiawatha: Update to 11.2.
* gnu/packages/web.scm (hiawatha): Update to 11.2. [source] Delete unused
snippet. [arguments] Clean up configure-flags. Point hiawatha to mbedtls-apache3.
* gnu/packages/tls.scm (mbedtls-for-hiawatha): Update to MbedTLS
3.2.1. [source] Delete unnecessary snippet.
---
gnu/packages/tls.scm | 22 +++++-----------------
gnu/packages/web.scm | 14 +++-----------
2 files changed, 8 insertions(+), 28 deletions(-)
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index 19cefec795..1a1c99ab59 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -1068,9 +1068,9 @@ (define-public mbedtls-apache3
(define-public mbedtls-for-hiawatha
(hidden-package
(package
- (inherit mbedtls-apache)
- (name "mbedtls-apache")
- (version "2.26.0")
+ (inherit mbedtls-apache3)
+ (name "mbedtls-apache3")
+ (version "3.2.1")
(source
(origin
(method git-fetch)
@@ -1078,17 +1078,8 @@ (define-public mbedtls-for-hiawatha
(url "https://github.com/ARMmbed/mbedtls")
(commit (string-append "mbedtls-" version))))
(sha256
- (base32 "0scwpmrgvg6q7rvqkc352d2fqlsx0aylcbyibcp1f1rsn8iiif2m"))
- (file-name (git-file-name name version))
- (modules '((guix build utils)))
- (snippet
- '(begin
- ;; Can be removed with the next version.
- ;; Reduce level of format truncation warnings due to false positives.
- ;; https://github.com/ARMmbed/mbedtls/commit/2065a8d8af27c6cb1e40c9462b5933336dca7434
- (substitute* "CMakeLists.txt"
- (("Wformat-truncation=2") "Wformat-truncation"))
- #t))))
+ (base32 "1dvj1m2i5lkaf8bcmslap8d82z2pi7ypgr8n7lv0rqjyy4vgmkgq"))
+ (file-name (git-file-name name version))))
(arguments
(substitute-keyword-arguments (package-arguments mbedtls-apache)
((#:phases phases)
@@ -1099,9 +1090,6 @@ (define-public mbedtls-for-hiawatha
(invoke "scripts/config.pl" "set" feature))
(list "MBEDTLS_THREADING_C"
"MBEDTLS_THREADING_PTHREAD"))
- ;; XXX The above enables code that breaks with -Werror…
- (substitute* "CMakeLists.txt"
- ((" -Wformat-signedness") ""))
#t)))))))))
(define-public dehydrated
diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm
index a29f53108c..d92457ea6b 100644
--- a/gnu/packages/web.scm
+++ b/gnu/packages/web.scm
@@ -6159,26 +6159,18 @@ (define-public tidy-html
(define-public hiawatha
(package
(name "hiawatha")
- (version "10.11")
+ (version "11.2")
(source
(origin
(method url-fetch)
(uri (string-append "https://www.hiawatha-webserver.org/files/"
"hiawatha-" version ".tar.gz"))
- (modules '((guix build utils)))
- (snippet '(begin
- ;; We use packaged libraries, so delete the bundled copies.
- (for-each delete-file-recursively
- (list "extra/nghttp2.tgz" "mbedtls"))
- #t))
(sha256
- (base32 "09wpgilbv13zal71v9lbsqr8c3fignygadykpd1p1pb8blb5vn3r"))))
+ (base32 "1i8vrxbvpcj6yxmshbg19gm9g8vrxds6pdra0sgld4vzj9v4zilr"))))
(build-system cmake-build-system)
(arguments
`(#:tests? #f ; no tests included
#:configure-flags (list (string-append "-DUSE_SYSTEM_MBEDTLS=on")
- (string-append "-DENABLE_HTTP2=on")
- (string-append "-DUSE_SYSTEM_NGHTTP2=on")
(string-append "-DENABLE_TOMAHAWK=on")
(string-append "-DLOG_DIR=/var/log/hiawatha")
(string-append "-DPID_DIR=/run")
@@ -6199,7 +6191,7 @@ (define-public hiawatha
;; Make sure 'hiawatha' finds 'mbedtls'.
(let* ((out (assoc-ref outputs "out"))
(sbin (string-append out "/sbin"))
- (mbed (assoc-ref inputs "mbedtls-apache")))
+ (mbed (assoc-ref inputs "mbedtls-apache3")))
(wrap-program (string-append sbin "/hiawatha")
`("PATH" ":" prefix (,mbed)))))))))
(inputs
--
2.39.1
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #4: 0003-gnu-mbedtls-apache-Improve-package-style.patch --]
[-- Type: text/x-patch; name="0003-gnu-mbedtls-apache-Improve-package-style.patch", Size: 2443 bytes --]
From a71139d67bc471ab7eceeb0ccd770cb96a00eed4 Mon Sep 17 00:00:00 2001
From: gabriel <gabriel@erlikon.ch>
Date: Wed, 1 Feb 2023 13:44:22 +0100
Subject: [PATCH 3/4] gnu: mbedtls-apache: Improve package style.
* gnu/packages/tls.scm (mbedtls-apache) [source, arguments, native-inputs]:
Whitespace adjustments following `guix style`.
---
gnu/packages/tls.scm | 36 +++++++++++++++++-------------------
1 file changed, 17 insertions(+), 19 deletions(-)
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index 1a1c99ab59..d33dee6a7d 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -1019,27 +1019,25 @@ (define-public mbedtls-apache
(package
(name "mbedtls-apache")
(version "2.28.0")
- (source
- (origin
- (method git-fetch)
- (uri (git-reference
- (url "https://github.com/ARMmbed/mbedtls")
- (commit (string-append "mbedtls-" version))))
- (file-name (git-file-name name version))
- (sha256
- (base32 "0s37dsi29v7146fi9k4frvx5rz2snxdm6c3rwq2fvnca2r80hfjl"))))
+ (source (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/ARMmbed/mbedtls")
+ (commit (string-append "mbedtls-" version))))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32
+ "0s37dsi29v7146fi9k4frvx5rz2snxdm6c3rwq2fvnca2r80hfjl"))))
(build-system cmake-build-system)
(arguments
- `(#:configure-flags
- (list "-DUSE_SHARED_MBEDTLS_LIBRARY=ON"
- "-DUSE_STATIC_MBEDTLS_LIBRARY=OFF")
- #:phases
- (modify-phases %standard-phases
- (add-after 'unpack 'make-source-writable
- (lambda _
- (for-each make-file-writable (find-files ".")))))))
- (native-inputs
- (list perl python))
+ `(#:configure-flags (list "-DUSE_SHARED_MBEDTLS_LIBRARY=ON"
+ "-DUSE_STATIC_MBEDTLS_LIBRARY=OFF")
+ #:phases (modify-phases %standard-phases
+ (add-after 'unpack 'make-source-writable
+ (lambda _
+ (for-each make-file-writable
+ (find-files ".")))))))
+ (native-inputs (list perl python))
(synopsis "Small TLS library")
(description
"@code{mbed TLS}, formerly known as PolarSSL, makes it trivially easy
--
2.39.1
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #5: 0004-gnu-hiawatha-Improve-package-style.patch --]
[-- Type: text/x-patch; name="0004-gnu-hiawatha-Improve-package-style.patch", Size: 4099 bytes --]
From ad06f80cd789a5da4104a35c6d33ad58ebce7668 Mon Sep 17 00:00:00 2001
From: gabriel <gabriel@erlikon.ch>
Date: Wed, 1 Feb 2023 13:52:43 +0100
Subject: [PATCH 4/4] gnu: hiawatha: Improve package style.
* gnu/packages/web.scm (hiawatha) [source, arguments, inputs]: Whitespace
adjustments following `guix style`.
---
gnu/packages/web.scm | 54 +++++++++++++++++++++-----------------------
1 file changed, 26 insertions(+), 28 deletions(-)
diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm
index d92457ea6b..37cf1c4238 100644
--- a/gnu/packages/web.scm
+++ b/gnu/packages/web.scm
@@ -6160,16 +6160,16 @@ (define-public hiawatha
(package
(name "hiawatha")
(version "11.2")
- (source
- (origin
- (method url-fetch)
- (uri (string-append "https://www.hiawatha-webserver.org/files/"
- "hiawatha-" version ".tar.gz"))
- (sha256
- (base32 "1i8vrxbvpcj6yxmshbg19gm9g8vrxds6pdra0sgld4vzj9v4zilr"))))
+ (source (origin
+ (method url-fetch)
+ (uri (string-append "https://www.hiawatha-webserver.org/files/"
+ "hiawatha-" version ".tar.gz"))
+ (sha256
+ (base32
+ "1i8vrxbvpcj6yxmshbg19gm9g8vrxds6pdra0sgld4vzj9v4zilr"))))
(build-system cmake-build-system)
(arguments
- `(#:tests? #f ; no tests included
+ `(#:tests? #f ; no tests included
#:configure-flags (list (string-append "-DUSE_SYSTEM_MBEDTLS=on")
(string-append "-DENABLE_TOMAHAWK=on")
(string-append "-DLOG_DIR=/var/log/hiawatha")
@@ -6178,26 +6178,24 @@ (define-public hiawatha
(assoc-ref %outputs "out")
"/share/hiawatha/html")
(string-append "-DWORK_DIR=/var/lib/hiawatha"))
- #:phases
- (modify-phases %standard-phases
- (add-after 'unpack 'install-no-empty-directories
- (lambda _
- (substitute* "CMakeLists.txt"
- (("install\\(DIRECTORY DESTINATION" match)
- (string-append "#" match)))
- #t))
- (add-after 'install 'wrap
- (lambda* (#:key inputs outputs #:allow-other-keys)
- ;; Make sure 'hiawatha' finds 'mbedtls'.
- (let* ((out (assoc-ref outputs "out"))
- (sbin (string-append out "/sbin"))
- (mbed (assoc-ref inputs "mbedtls-apache3")))
- (wrap-program (string-append sbin "/hiawatha")
- `("PATH" ":" prefix (,mbed)))))))))
- (inputs
- ;; TODO: package "hiawatha-monitor", an optional dependency of "hiawatha".
- (list libxslt libxml2 mbedtls-for-hiawatha
- `(,nghttp2 "lib") zlib))
+ #:phases (modify-phases %standard-phases
+ (add-after 'unpack 'install-no-empty-directories
+ (lambda _
+ (substitute* "CMakeLists.txt"
+ (("install\\(DIRECTORY DESTINATION" match)
+ (string-append "#" match))) #t))
+ (add-after 'install 'wrap
+ (lambda* (#:key inputs outputs #:allow-other-keys)
+ ;; Make sure 'hiawatha' finds 'mbedtls'.
+ (let* ((out (assoc-ref outputs "out"))
+ (sbin (string-append out "/sbin"))
+ (mbed (assoc-ref inputs "mbedtls-apache3")))
+ (wrap-program (string-append sbin "/hiawatha")
+ `("PATH" ":" prefix
+ (,mbed)))))))))
+ (inputs ; TODO: package "hiawatha-monitor", an optional dependency of "hiawatha".
+ (list libxslt libxml2 mbedtls-for-hiawatha
+ `(,nghttp2 "lib") zlib))
(home-page "https://www.hiawatha-webserver.org")
(synopsis "Webserver with focus on security")
(description
--
2.39.1
prev parent reply other threads:[~2023-02-01 15:37 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-12-07 0:01 [bug#59867] Update mbedtls-apache to 3.2.1 Gabriel Wicki
2023-01-27 13:59 ` Simon Tournier
2023-02-01 13:12 ` Wicki Gabriel (wicg) [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZR0P278MB02684BFD4D96BCFA9588F412C1D19@ZR0P278MB0268.CHEP278.PROD.OUTLOOK.COM \
--to=wicg@zhaw.ch \
--cc=59867@debbugs.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).