* [bug#63545] [PATCH 0/3] gnu: heimdal: Drop obsolete user tools.
@ 2023-05-17 4:19 Felix Lechner via Guix-patches via
2023-05-17 4:20 ` [bug#63545] [PATCH 1/3] gnu: heimdal: Build from Git Felix Lechner via Guix-patches via
` (3 more replies)
0 siblings, 4 replies; 8+ messages in thread
From: Felix Lechner via Guix-patches via @ 2023-05-17 4:19 UTC (permalink / raw)
To: 63545; +Cc: Felix Lechner
This patch stops Guix from shipping user tools that, according to two Heimdal
maintainers have been obsolete for over five years.
While mostly harmless, those tools shadowed legitimate tools like 'su' from
core-utils. [1]
[1] https://lists.gnu.org/archive/html/guix-devel/2023-04/msg00364.html
Felix Lechner (3):
gnu: heimdal: Build from Git.
gnu: heimdal: Drop obsolete and insecure user tools.
gnu: heimdal: Re-indent code; no functional change.
gnu/packages/kerberos.scm | 202 +++++++++++++++++++-------------------
1 file changed, 103 insertions(+), 99 deletions(-)
base-commit: 6e38ec447f98383e0722ac300734f8d7c8c5c7b0
--
2.40.1
^ permalink raw reply [flat|nested] 8+ messages in thread
* [bug#63545] [PATCH 1/3] gnu: heimdal: Build from Git.
2023-05-17 4:19 [bug#63545] [PATCH 0/3] gnu: heimdal: Drop obsolete user tools Felix Lechner via Guix-patches via
@ 2023-05-17 4:20 ` Felix Lechner via Guix-patches via
2023-05-17 20:20 ` Josselin Poiret via Guix-patches via
2023-05-17 4:20 ` [bug#63545] [PATCH 2/3] gnu: heimdal: Drop obsolete and insecure user tools Felix Lechner via Guix-patches via
` (2 subsequent siblings)
3 siblings, 1 reply; 8+ messages in thread
From: Felix Lechner via Guix-patches via @ 2023-05-17 4:20 UTC (permalink / raw)
To: 63545; +Cc: Felix Lechner
This is in preparation to drop obsolete tools from the Automake files. The
tarball comes with a ./configure script. It was not clear to the author what
the best way was to run 'autoreconf -f -i' with the tarball in Guix's
gnu-build-system.
* gnu/packages/kerberos (heimdal): Build from Git; prepare to drop obsolete
tools from Automake.
---
gnu/packages/kerberos.scm | 39 +++++++++++++++++++++++----------------
1 file changed, 23 insertions(+), 16 deletions(-)
diff --git a/gnu/packages/kerberos.scm b/gnu/packages/kerberos.scm
index c553f8180a..af67bff6c9 100644
--- a/gnu/packages/kerberos.scm
+++ b/gnu/packages/kerberos.scm
@@ -56,6 +56,7 @@ (define-module (gnu packages kerberos)
#:use-module (guix packages)
#:use-module (guix download)
#:use-module (guix gexp)
+ #:use-module (guix git-download)
#:use-module (guix utils)
#:use-module (guix build-system gnu))
@@ -171,26 +172,22 @@ (define-public shishi
(license license:gpl3+)))
(define-public heimdal
+ (let ((commit "a6cf94577c0d1e5bca5304342e4ddffb18255afe")
+ (revision "1"))
(package
(name "heimdal")
- (version "7.8.0")
+ (version (git-version "7.8.0" revision commit))
(source (origin
- (method url-fetch)
- (uri (string-append
- "https://github.com/heimdal/heimdal/releases/download/"
- "heimdal-" version "/" "heimdal-" version ".tar.gz"))
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/heimdal/heimdal")
+ (commit commit)))
+ (file-name (git-file-name name version))
(sha256
(base32
- "0f4dblav859p5hn7b2jdj1akw6d8p32as6bj6zym19kghh3s51zx"))
+ "0df646hzi10s0w07kqzj10aniv6jsbmlpx6j3lqjvpsjpmm9lww9"))
(patches
- (search-patches "heimdal-CVE-2022-45142.patch"))
- (modules '((guix build utils)))
- (snippet
- '(begin
- (substitute* "configure"
- (("User=.*$") "User=Guix\n")
- (("Host=.*$") "Host=GNU")
- (("Date=.*$") "Date=2022\n"))))))
+ (search-patches "heimdal-CVE-2022-45142.patch"))))
(build-system gnu-build-system)
(arguments
`(#:configure-flags
@@ -224,6 +221,10 @@ (define-public heimdal
(add-before 'configure 'pre-configure
(lambda* (#:key inputs #:allow-other-keys)
(substitute* "configure"
+ ;; Reproducible build date, etc.
+ (("User=.*$") "User=Guix\n")
+ (("Host=.*$") "Host=GNU")
+ (("Date=.*$") "Date=2022\n")
;; The e2fsprogs input is included for libcom_err,
;; let's use it even if cross-compiling.
(("test \"\\$\\{krb_cv_com_err\\}\" = \"yes\"")
@@ -255,12 +256,17 @@ (define-public heimdal
(format #t "#!~a~%exit 1~%" (which "sh")))))))
;; Tests fail when run in parallel.
#:parallel-tests? #f))
- (native-inputs (list bison
+ (native-inputs (list autoconf
+ automake
+ bison
e2fsprogs ;for 'compile_et'
flex
+ libtool
texinfo
unzip ;for tests
pkg-config
+ perl
+ perl-json
python))
(inputs (list readline
bash-minimal
@@ -274,4 +280,5 @@ (define-public heimdal
(description
"Heimdal is an implementation of Kerberos 5 network authentication
service.")
- (license license:bsd-3)))
+ (license license:bsd-3))))
+
--
2.40.1
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [bug#63545] [PATCH 2/3] gnu: heimdal: Drop obsolete and insecure user tools.
2023-05-17 4:19 [bug#63545] [PATCH 0/3] gnu: heimdal: Drop obsolete user tools Felix Lechner via Guix-patches via
2023-05-17 4:20 ` [bug#63545] [PATCH 1/3] gnu: heimdal: Build from Git Felix Lechner via Guix-patches via
@ 2023-05-17 4:20 ` Felix Lechner via Guix-patches via
2023-05-17 4:20 ` [bug#63545] [PATCH 3/3] gnu: heimdal: Re-indent code; no functional change Felix Lechner via Guix-patches via
2023-05-29 0:19 ` [bug#63545] [PATCH v2 1/2] gnu: heimdal: Run autoreconf Felix Lechner via Guix-patches via
3 siblings, 0 replies; 8+ messages in thread
From: Felix Lechner via Guix-patches via @ 2023-05-17 4:20 UTC (permalink / raw)
To: 63545; +Cc: Felix Lechner
According to messages from the Heimdal maintainers Brian May and Nico
Williams, no one should be using their version of 'su' anymore. It was deleted
from the development branch five years ago [1] and is only being shipped
because the 7.8.0 is based on an older, stable branch.
[1] https://github.com/heimdal/heimdal/commit/8a77f45aff366b1cd8c70c43ce63eb16a0c9839c
Following the directions from the maintainers, this commit drops all
executables built from the ./appl folder via deletion of that SUBDIR from
the top-level Makefile.am.
Unfortunately, the heimdal-discuss mailing list does not appear to have a
public archive. The relevant SMTP Message-Id was:
<MDAEMON-F202305111940.AA401569md5001000003030@sequoia-grove.ad.secure-endpoints.com>
Since the 7.8.0 tarball shipped with all the files generated by 'autoreconf'
it seemed superior to build from Git instead. For that, please see the
preceeding commit.
* gnu/packages/kerberos.scm (heimdal): Drop obsolete and insecure user tools.
---
gnu/packages/kerberos.scm | 15 ++++++---------
1 file changed, 6 insertions(+), 9 deletions(-)
diff --git a/gnu/packages/kerberos.scm b/gnu/packages/kerberos.scm
index af67bff6c9..cc5f3f9ef2 100644
--- a/gnu/packages/kerberos.scm
+++ b/gnu/packages/kerberos.scm
@@ -218,6 +218,12 @@ (define-public heimdal
"/libexec/heimdal")))
#~()))
#:phases (modify-phases %standard-phases
+ ;; Skip the appl folder as obsolete per message from Brian May <brian@linuxpenguins.xyz>
+ ;; <MDAEMON-F202305111940.AA401569md5001000003030@sequoia-grove.ad.secure-endpoints.com>
+ (add-after 'unpack 'drop-obsolete-executables
+ (lambda* (#:key inputs #:allow-other-keys)
+ (substitute* '("Makefile.am")
+ (("appl") ""))))
(add-before 'configure 'pre-configure
(lambda* (#:key inputs #:allow-other-keys)
(substitute* "configure"
@@ -233,15 +239,6 @@ (define-public heimdal
;; which confuses heimdal.
(("ac_cv_prog_COMPILE_ET=\\$\\{with_cross_tools\\}compile_et")
"ac_cv_PROG_COMPILE_ET=compile_et"))
- (substitute* '("appl/afsutil/pagsh.c" "appl/su/su.c")
- (("/bin/sh")
- (search-input-file inputs "bin/sh"))
- ;; Use the cross-compiled bash instead of the
- ;; native bash (XXX shouldn't _PATH_BSHELL point
- ;; to a cross-compiled bash?).
- (("_PATH_BSHELL")
- (string-append
- "\"" (search-input-file inputs "bin/sh") "\"")))
(substitute* '("tools/Makefile.in")
(("/bin/sh") (which "sh")))))
(add-before 'check 'pre-check
--
2.40.1
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [bug#63545] [PATCH 3/3] gnu: heimdal: Re-indent code; no functional change.
2023-05-17 4:19 [bug#63545] [PATCH 0/3] gnu: heimdal: Drop obsolete user tools Felix Lechner via Guix-patches via
2023-05-17 4:20 ` [bug#63545] [PATCH 1/3] gnu: heimdal: Build from Git Felix Lechner via Guix-patches via
2023-05-17 4:20 ` [bug#63545] [PATCH 2/3] gnu: heimdal: Drop obsolete and insecure user tools Felix Lechner via Guix-patches via
@ 2023-05-17 4:20 ` Felix Lechner via Guix-patches via
2023-05-29 0:19 ` [bug#63545] [PATCH v2 1/2] gnu: heimdal: Run autoreconf Felix Lechner via Guix-patches via
3 siblings, 0 replies; 8+ messages in thread
From: Felix Lechner via Guix-patches via @ 2023-05-17 4:20 UTC (permalink / raw)
To: 63545; +Cc: Felix Lechner
* gnu/packages/kerberos (heimdal): Re-indent code; no functional change.
---
gnu/packages/kerberos.scm | 198 +++++++++++++++++++-------------------
1 file changed, 99 insertions(+), 99 deletions(-)
diff --git a/gnu/packages/kerberos.scm b/gnu/packages/kerberos.scm
index cc5f3f9ef2..3bfeefd558 100644
--- a/gnu/packages/kerberos.scm
+++ b/gnu/packages/kerberos.scm
@@ -174,108 +174,108 @@ (define-public shishi
(define-public heimdal
(let ((commit "a6cf94577c0d1e5bca5304342e4ddffb18255afe")
(revision "1"))
- (package
- (name "heimdal")
- (version (git-version "7.8.0" revision commit))
- (source (origin
- (method git-fetch)
- (uri (git-reference
- (url "https://github.com/heimdal/heimdal")
- (commit commit)))
- (file-name (git-file-name name version))
- (sha256
- (base32
- "0df646hzi10s0w07kqzj10aniv6jsbmlpx6j3lqjvpsjpmm9lww9"))
- (patches
- (search-patches "heimdal-CVE-2022-45142.patch"))))
- (build-system gnu-build-system)
- (arguments
- `(#:configure-flags
- ,#~(list
- ;; Avoid 7 MiB of .a files.
- "--disable-static"
+ (package
+ (name "heimdal")
+ (version (git-version "7.8.0" revision commit))
+ (source (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/heimdal/heimdal")
+ (commit commit)))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32
+ "0df646hzi10s0w07kqzj10aniv6jsbmlpx6j3lqjvpsjpmm9lww9"))
+ (patches
+ (search-patches "heimdal-CVE-2022-45142.patch"))))
+ (build-system gnu-build-system)
+ (arguments
+ `(#:configure-flags
+ ,#~(list
+ ;; Avoid 7 MiB of .a files.
+ "--disable-static"
- ;; Do not build libedit.
- (string-append
- "--with-readline-lib="
- (assoc-ref %build-inputs "readline") "/lib")
- (string-append
- "--with-readline-include="
- (assoc-ref %build-inputs "readline") "/include")
+ ;; Do not build libedit.
+ (string-append
+ "--with-readline-lib="
+ (assoc-ref %build-inputs "readline") "/lib")
+ (string-append
+ "--with-readline-include="
+ (assoc-ref %build-inputs "readline") "/include")
- ;; Do not build sqlite.
- (string-append
- "--with-sqlite3="
- (assoc-ref %build-inputs "sqlite"))
+ ;; Do not build sqlite.
+ (string-append
+ "--with-sqlite3="
+ (assoc-ref %build-inputs "sqlite"))
- #$@(if (%current-target-system)
- ;; The configure script is too pessimistic.
- ;; Setting this also resolves a linking error.
- #~("ac_cv_func_getpwnam_r_posix=yes"
- ;; Allow 'slc' and 'asn1_compile' to be found.
- (string-append "--with-cross-tools="
- #+(file-append this-package
- "/libexec/heimdal")))
- #~()))
- #:phases (modify-phases %standard-phases
- ;; Skip the appl folder as obsolete per message from Brian May <brian@linuxpenguins.xyz>
- ;; <MDAEMON-F202305111940.AA401569md5001000003030@sequoia-grove.ad.secure-endpoints.com>
- (add-after 'unpack 'drop-obsolete-executables
- (lambda* (#:key inputs #:allow-other-keys)
- (substitute* '("Makefile.am")
- (("appl") ""))))
- (add-before 'configure 'pre-configure
- (lambda* (#:key inputs #:allow-other-keys)
- (substitute* "configure"
- ;; Reproducible build date, etc.
- (("User=.*$") "User=Guix\n")
- (("Host=.*$") "Host=GNU")
- (("Date=.*$") "Date=2022\n")
- ;; The e2fsprogs input is included for libcom_err,
- ;; let's use it even if cross-compiling.
- (("test \"\\$\\{krb_cv_com_err\\}\" = \"yes\"")
- ":")
- ;; Our 'compile_et' is not in --with-cross-tools,
- ;; which confuses heimdal.
- (("ac_cv_prog_COMPILE_ET=\\$\\{with_cross_tools\\}compile_et")
- "ac_cv_PROG_COMPILE_ET=compile_et"))
- (substitute* '("tools/Makefile.in")
- (("/bin/sh") (which "sh")))))
- (add-before 'check 'pre-check
- (lambda _
- ;; For 'getxxyyy-test'.
- (setenv "USER" (passwd:name (getpwuid (getuid))))
+ #$@(if (%current-target-system)
+ ;; The configure script is too pessimistic.
+ ;; Setting this also resolves a linking error.
+ #~("ac_cv_func_getpwnam_r_posix=yes"
+ ;; Allow 'slc' and 'asn1_compile' to be found.
+ (string-append "--with-cross-tools="
+ #+(file-append this-package
+ "/libexec/heimdal")))
+ #~()))
+ #:phases (modify-phases %standard-phases
+ ;; Skip the appl folder as obsolete per message from Brian May <brian@linuxpenguins.xyz>
+ ;; <MDAEMON-F202305111940.AA401569md5001000003030@sequoia-grove.ad.secure-endpoints.com>
+ (add-after 'unpack 'drop-obsolete-executables
+ (lambda* (#:key inputs #:allow-other-keys)
+ (substitute* '("Makefile.am")
+ (("appl") ""))))
+ (add-before 'configure 'pre-configure
+ (lambda* (#:key inputs #:allow-other-keys)
+ (substitute* "configure"
+ ;; Reproducible build date, etc.
+ (("User=.*$") "User=Guix\n")
+ (("Host=.*$") "Host=GNU")
+ (("Date=.*$") "Date=2022\n")
+ ;; The e2fsprogs input is included for libcom_err,
+ ;; let's use it even if cross-compiling.
+ (("test \"\\$\\{krb_cv_com_err\\}\" = \"yes\"")
+ ":")
+ ;; Our 'compile_et' is not in --with-cross-tools,
+ ;; which confuses heimdal.
+ (("ac_cv_prog_COMPILE_ET=\\$\\{with_cross_tools\\}compile_et")
+ "ac_cv_PROG_COMPILE_ET=compile_et"))
+ (substitute* '("tools/Makefile.in")
+ (("/bin/sh") (which "sh")))))
+ (add-before 'check 'pre-check
+ (lambda _
+ ;; For 'getxxyyy-test'.
+ (setenv "USER" (passwd:name (getpwuid (getuid))))
- ;; Skip 'db' and 'kdc' tests for now.
- ;; FIXME: figure out why 'kdc' tests fail.
- (with-output-to-file "tests/db/have-db.in"
- (lambda ()
- (format #t "#!~a~%exit 1~%" (which "sh")))))))
- ;; Tests fail when run in parallel.
- #:parallel-tests? #f))
- (native-inputs (list autoconf
- automake
- bison
- e2fsprogs ;for 'compile_et'
- flex
- libtool
- texinfo
- unzip ;for tests
- pkg-config
- perl
- perl-json
- python))
- (inputs (list readline
- bash-minimal
- bdb
- e2fsprogs ;for libcom_err
- libcap-ng
- openldap
- sqlite))
- (home-page "http://www.h5l.org/")
- (synopsis "Kerberos 5 network authentication")
- (description
- "Heimdal is an implementation of Kerberos 5 network authentication
+ ;; Skip 'db' and 'kdc' tests for now.
+ ;; FIXME: figure out why 'kdc' tests fail.
+ (with-output-to-file "tests/db/have-db.in"
+ (lambda ()
+ (format #t "#!~a~%exit 1~%" (which "sh")))))))
+ ;; Tests fail when run in parallel.
+ #:parallel-tests? #f))
+ (native-inputs (list autoconf
+ automake
+ bison
+ e2fsprogs ;for 'compile_et'
+ flex
+ libtool
+ texinfo
+ unzip ;for tests
+ pkg-config
+ perl
+ perl-json
+ python))
+ (inputs (list readline
+ bash-minimal
+ bdb
+ e2fsprogs ;for libcom_err
+ libcap-ng
+ openldap
+ sqlite))
+ (home-page "http://www.h5l.org/")
+ (synopsis "Kerberos 5 network authentication")
+ (description
+ "Heimdal is an implementation of Kerberos 5 network authentication
service.")
- (license license:bsd-3))))
+ (license license:bsd-3))))
--
2.40.1
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [bug#63545] [PATCH 1/3] gnu: heimdal: Build from Git.
2023-05-17 4:20 ` [bug#63545] [PATCH 1/3] gnu: heimdal: Build from Git Felix Lechner via Guix-patches via
@ 2023-05-17 20:20 ` Josselin Poiret via Guix-patches via
0 siblings, 0 replies; 8+ messages in thread
From: Josselin Poiret via Guix-patches via @ 2023-05-17 20:20 UTC (permalink / raw)
To: 63545; +Cc: Felix Lechner
[-- Attachment #1: Type: text/plain, Size: 1056 bytes --]
Hi Felix,
I am no user of Heimdal, but this looks good to me apart from some
nitpicks below.
Felix Lechner via Guix-patches via <guix-patches@gnu.org> writes:
> (define-public heimdal
> + (let ((commit "a6cf94577c0d1e5bca5304342e4ddffb18255afe")
> + (revision "1"))
No need to use commit+revision for fixed releases, unless upstream has
the bad habit of moving their upstream tags. I see the tag
heimdal-7.8.0, which you should use in (commit ...), possibly with
(commit (string-append "heimdall-" version)).
> (package
> (name "heimdal")
> - (version "7.8.0")
> + (version (git-version "7.8.0" revision commit))
This would lead to a very ugly version string for what is actually
7.8.0, no need to change this.
The other patches seem fine, although I think you don't need to go as
far as make the indentation change its own patch (and by dropping the
commit+revision thing, there shouldn't be one).
I haven't tried building this yet though, will let QA go over it.
Best,
--
Josselin Poiret
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 682 bytes --]
^ permalink raw reply [flat|nested] 8+ messages in thread
* [bug#63545] [PATCH v2 1/2] gnu: heimdal: Run autoreconf.
2023-05-17 4:19 [bug#63545] [PATCH 0/3] gnu: heimdal: Drop obsolete user tools Felix Lechner via Guix-patches via
` (2 preceding siblings ...)
2023-05-17 4:20 ` [bug#63545] [PATCH 3/3] gnu: heimdal: Re-indent code; no functional change Felix Lechner via Guix-patches via
@ 2023-05-29 0:19 ` Felix Lechner via Guix-patches via
2023-05-29 0:19 ` [bug#63545] [PATCH v2 2/2] gnu: heimdal: Drop obsolete and insecure user tools Felix Lechner via Guix-patches via
2023-06-04 9:39 ` bug#63545: [PATCH v2 1/2] gnu: heimdal: Run autoreconf Josselin Poiret via Guix-patches via
3 siblings, 2 replies; 8+ messages in thread
From: Felix Lechner via Guix-patches via @ 2023-05-29 0:19 UTC (permalink / raw)
To: 63545; +Cc: Josselin Poiret, Felix Lechner
* gnu/packages/kerberos.scm (heimdal): Run autoreconf.
---
Hi Josselin,
Thanks for your review! I sidestepped your suggestions by continuing
to build from the tarball, and running 'autoreconf.'
Kind regards
Felix
gnu/packages/kerberos.scm | 21 ++++++++++++---------
1 file changed, 12 insertions(+), 9 deletions(-)
diff --git a/gnu/packages/kerberos.scm b/gnu/packages/kerberos.scm
index c553f8180a..f06410b8f8 100644
--- a/gnu/packages/kerberos.scm
+++ b/gnu/packages/kerberos.scm
@@ -183,14 +183,7 @@ (define-public heimdal
(base32
"0f4dblav859p5hn7b2jdj1akw6d8p32as6bj6zym19kghh3s51zx"))
(patches
- (search-patches "heimdal-CVE-2022-45142.patch"))
- (modules '((guix build utils)))
- (snippet
- '(begin
- (substitute* "configure"
- (("User=.*$") "User=Guix\n")
- (("Host=.*$") "Host=GNU")
- (("Date=.*$") "Date=2022\n"))))))
+ (search-patches "heimdal-CVE-2022-45142.patch"))))
(build-system gnu-build-system)
(arguments
`(#:configure-flags
@@ -223,7 +216,12 @@ (define-public heimdal
#:phases (modify-phases %standard-phases
(add-before 'configure 'pre-configure
(lambda* (#:key inputs #:allow-other-keys)
+ (invoke (search-input-file inputs "bin/autoreconf") "--install" "--force")
(substitute* "configure"
+ ;; Reproducible build date, etc.
+ (("User=.*$") "User=Guix\n")
+ (("Host=.*$") "Host=GNU\n")
+ (("Date=.*$") "Date=2022\n")
;; The e2fsprogs input is included for libcom_err,
;; let's use it even if cross-compiling.
(("test \"\\$\\{krb_cv_com_err\\}\" = \"yes\"")
@@ -255,12 +253,17 @@ (define-public heimdal
(format #t "#!~a~%exit 1~%" (which "sh")))))))
;; Tests fail when run in parallel.
#:parallel-tests? #f))
- (native-inputs (list bison
+ (native-inputs (list autoconf
+ automake
+ bison
e2fsprogs ;for 'compile_et'
flex
+ libtool
texinfo
unzip ;for tests
pkg-config
+ perl
+ perl-json
python))
(inputs (list readline
bash-minimal
base-commit: d64d6ea2cf5a1be801be355031fb2cfa5901a92a
--
2.40.1
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [bug#63545] [PATCH v2 2/2] gnu: heimdal: Drop obsolete and insecure user tools.
2023-05-29 0:19 ` [bug#63545] [PATCH v2 1/2] gnu: heimdal: Run autoreconf Felix Lechner via Guix-patches via
@ 2023-05-29 0:19 ` Felix Lechner via Guix-patches via
2023-06-04 9:39 ` bug#63545: [PATCH v2 1/2] gnu: heimdal: Run autoreconf Josselin Poiret via Guix-patches via
1 sibling, 0 replies; 8+ messages in thread
From: Felix Lechner via Guix-patches via @ 2023-05-29 0:19 UTC (permalink / raw)
To: 63545; +Cc: Josselin Poiret, Felix Lechner
According to messages from the Heimdal maintainers Brian May and Nico
Williams, no one should be using their version of 'su' anymore. It was deleted
from the development branch five years ago [1] and is only being shipped
because the 7.8.0 is based on an older, stable branch.
[1] https://github.com/heimdal/heimdal/commit/8a77f45aff366b1cd8c70c43ce63eb16a0c9839c
Following the directions from the maintainers, this commit drops all
executables built from the ./appl folder via deletion of that SUBDIR from
the top-level Makefile.am.
Unfortunately, the heimdal-discuss mailing list does not appear to have a
public archive. The relevant SMTP Message-Id was:
<MDAEMON-F202305111940.AA401569md5001000003030@sequoia-grove.ad.secure-endpoints.com>
Since the 7.8.0 tarball shipped with all the files generated by 'autoreconf'
it seemed superior to build from Git instead. For that, please see the
preceeding commit.
* gnu/packages/kerberos.scm (heimdal): Drop obsolete and insecure user tools.
---
gnu/packages/kerberos.scm | 15 ++++++---------
1 file changed, 6 insertions(+), 9 deletions(-)
diff --git a/gnu/packages/kerberos.scm b/gnu/packages/kerberos.scm
index f06410b8f8..241881ea47 100644
--- a/gnu/packages/kerberos.scm
+++ b/gnu/packages/kerberos.scm
@@ -214,6 +214,12 @@ (define-public heimdal
"/libexec/heimdal")))
#~()))
#:phases (modify-phases %standard-phases
+ ;; Skip the appl folder as obsolete per message from Brian May <brian@linuxpenguins.xyz>
+ ;; <MDAEMON-F202305111940.AA401569md5001000003030@sequoia-grove.ad.secure-endpoints.com>
+ (add-after 'unpack 'drop-obsolete-executables
+ (lambda* (#:key inputs #:allow-other-keys)
+ (substitute* '("Makefile.am")
+ (("appl") ""))))
(add-before 'configure 'pre-configure
(lambda* (#:key inputs #:allow-other-keys)
(invoke (search-input-file inputs "bin/autoreconf") "--install" "--force")
@@ -230,15 +236,6 @@ (define-public heimdal
;; which confuses heimdal.
(("ac_cv_prog_COMPILE_ET=\\$\\{with_cross_tools\\}compile_et")
"ac_cv_PROG_COMPILE_ET=compile_et"))
- (substitute* '("appl/afsutil/pagsh.c" "appl/su/su.c")
- (("/bin/sh")
- (search-input-file inputs "bin/sh"))
- ;; Use the cross-compiled bash instead of the
- ;; native bash (XXX shouldn't _PATH_BSHELL point
- ;; to a cross-compiled bash?).
- (("_PATH_BSHELL")
- (string-append
- "\"" (search-input-file inputs "bin/sh") "\"")))
(substitute* '("tools/Makefile.in")
(("/bin/sh") (which "sh")))))
(add-before 'check 'pre-check
--
2.40.1
^ permalink raw reply related [flat|nested] 8+ messages in thread
* bug#63545: [PATCH v2 1/2] gnu: heimdal: Run autoreconf.
2023-05-29 0:19 ` [bug#63545] [PATCH v2 1/2] gnu: heimdal: Run autoreconf Felix Lechner via Guix-patches via
2023-05-29 0:19 ` [bug#63545] [PATCH v2 2/2] gnu: heimdal: Drop obsolete and insecure user tools Felix Lechner via Guix-patches via
@ 2023-06-04 9:39 ` Josselin Poiret via Guix-patches via
1 sibling, 0 replies; 8+ messages in thread
From: Josselin Poiret via Guix-patches via @ 2023-06-04 9:39 UTC (permalink / raw)
To: Felix Lechner, 63545-done; +Cc: Felix Lechner
[-- Attachment #1: Type: text/plain, Size: 429 bytes --]
Hi Felix,
Felix Lechner <felix.lechner@lease-up.com> writes:
> Hi Josselin,
>
> Thanks for your review! I sidestepped your suggestions by continuing
> to build from the tarball, and running 'autoreconf.'
>
> Kind regards
> Felix
Thanks, pushed as d89247150fe6e97c2fceed8d578fd119a782624d. I removed
the last sentence of the second commit message, as it was no longer
applicable.
Best,
--
Josselin Poiret
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 682 bytes --]
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2023-06-04 9:40 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-05-17 4:19 [bug#63545] [PATCH 0/3] gnu: heimdal: Drop obsolete user tools Felix Lechner via Guix-patches via
2023-05-17 4:20 ` [bug#63545] [PATCH 1/3] gnu: heimdal: Build from Git Felix Lechner via Guix-patches via
2023-05-17 20:20 ` Josselin Poiret via Guix-patches via
2023-05-17 4:20 ` [bug#63545] [PATCH 2/3] gnu: heimdal: Drop obsolete and insecure user tools Felix Lechner via Guix-patches via
2023-05-17 4:20 ` [bug#63545] [PATCH 3/3] gnu: heimdal: Re-indent code; no functional change Felix Lechner via Guix-patches via
2023-05-29 0:19 ` [bug#63545] [PATCH v2 1/2] gnu: heimdal: Run autoreconf Felix Lechner via Guix-patches via
2023-05-29 0:19 ` [bug#63545] [PATCH v2 2/2] gnu: heimdal: Drop obsolete and insecure user tools Felix Lechner via Guix-patches via
2023-06-04 9:39 ` bug#63545: [PATCH v2 1/2] gnu: heimdal: Run autoreconf Josselin Poiret via Guix-patches via
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).