From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:49530) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1djjUC-0000wO-Uy for guix-patches@gnu.org; Mon, 21 Aug 2017 05:59:10 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1djjU6-0007jX-Pl for guix-patches@gnu.org; Mon, 21 Aug 2017 05:59:09 -0400 Received: from debbugs.gnu.org ([208.118.235.43]:38642) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1djjU6-0007jR-Lu for guix-patches@gnu.org; Mon, 21 Aug 2017 05:59:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1djjU6-0004vJ-EF for guix-patches@gnu.org; Mon, 21 Aug 2017 05:59:02 -0400 Subject: [bug#28170] Add gnutls/dane + use it where its needed (gnurl, libmicrohttpd, gnunet) Resent-Message-ID: Received: from eggs.gnu.org ([2001:4830:134:3::10]:49399) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1djjT1-0000gA-8u for guix-patches@gnu.org; Mon, 21 Aug 2017 05:57:56 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1djjSy-00075V-4r for guix-patches@gnu.org; Mon, 21 Aug 2017 05:57:55 -0400 Received: from aibo.runbox.com ([91.220.196.211]:38088) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1djjSx-00074D-O6 for guix-patches@gnu.org; Mon, 21 Aug 2017 05:57:52 -0400 Received: from [10.9.9.210] (helo=mailfront10.runbox.com) by mailtransmit03.runbox with esmtp (Exim 4.86_2) (envelope-from ) id 1djjSv-0008WC-HR for guix-patches@gnu.org; Mon, 21 Aug 2017 11:57:49 +0200 Received: from tor-exit4-readme.dfri.se ([171.25.193.78] helo=localhost) by mailfront10.runbox.com with esmtpsa (uid:892961 ) (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) id 1djjSc-0001VV-HY for guix-patches@gnu.org; Mon, 21 Aug 2017 11:57:31 +0200 Date: Mon, 21 Aug 2017 09:57:26 +0000 From: ng0 Message-ID: <20170821095726.qtf2ko526nup4yba@abyayala> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="5kdtxvlxx4vrfkhl" Content-Disposition: inline List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org Sender: "Guix-patches" To: 28170@debbugs.gnu.org --5kdtxvlxx4vrfkhl Content-Type: multipart/mixed; boundary="s5f7dm5z6atyrisw" Content-Disposition: inline --s5f7dm5z6atyrisw Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable The dependency chain of GNUnet demands GnuTLS with DANE support. You can use it without DANE, but there are certain parts which will not work. DANE is recommended. (ports of FREEBSD uses gnutls-dane for libmicrohttpd aswell for example). The attached patches: - Add 'gnutls/dane' - Use it in - libmicrohttpd - gnurl - gnunet --=20 ng0 GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588 GnuPG: https://n0is.noblogs.org/my-keys https://www.infotropique.org https://krosos.org --s5f7dm5z6atyrisw Content-Type: text/plain; charset=utf-8 Content-Disposition: attachment; filename="0001-gnu-gnutls-Add-gnutls-dane.patch" Content-Transfer-Encoding: quoted-printable =46rom c9dedfd1a6f91d557006b00505a428be84102b1e Mon Sep 17 00:00:00 2001 =46rom: ng0 Date: Mon, 21 Aug 2017 09:28:51 +0000 Subject: [PATCH 1/4] gnu: gnutls: Add 'gnutls-dane'. * gnu/packages/tls.scm (gnutls/dane): New variable. --- gnu/packages/tls.scm | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index 88c71a908..43c37690d 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -6,7 +6,7 @@ ;;; Copyright =C2=A9 2015 David Thompson ;;; Copyright =C2=A9 2015, 2016, 2017 Leo Famulari ;;; Copyright =C2=A9 2016, 2017 Efraim Flashner -;;; Copyright =C2=A9 2016, 2017 ng0 +;;; Copyright =C2=A9 2016, 2017 ng0 ;;; Copyright =C2=A9 2016 Hartmut Goebel ;;; Copyright =C2=A9 2017 Marius Bakke ;;; @@ -36,6 +36,7 @@ #:use-module (guix build-system cmake) #:use-module (gnu packages compression) #:use-module (gnu packages) + #:use-module (gnu packages dns) #:use-module (gnu packages guile) #:use-module (gnu packages libbsd) #:use-module (gnu packages libffi) @@ -253,6 +254,17 @@ required structures.") (inputs `(("guile" ,guile-2.2) ,@(alist-delete "guile" (package-inputs gnutls)))))) =20 +(define-public gnutls/dane + ;; GnuTLS with build libgnutls-dane, implementing DNS-based + ;; Authentication of Named Entities. This is required for GNS functional= ity + ;; by GNUnet and gnURL. + (package + (inherit gnutls) + (source (package-source gnutls-3.5.13)) + (name "gnutls-dane") + (inputs `(("unbound" ,unbound) + ,@(package-inputs gnutls))))) + (define-public openssl (package (name "openssl") --=20 2.14.1 --s5f7dm5z6atyrisw Content-Type: text/plain; charset=utf-8 Content-Disposition: attachment; filename="0002-gnu-gnurl-Use-gnutls-dane-as-input.patch" Content-Transfer-Encoding: quoted-printable =46rom 54bde59405ccae78aa48f9cdd325b3280178408e Mon Sep 17 00:00:00 2001 =46rom: ng0 Date: Mon, 21 Aug 2017 09:38:55 +0000 Subject: [PATCH 2/4] gnu: gnurl: Use 'gnutls/dane' as input. GNUnet and its dependency chain needs GnuTLS with DANE support. * gnu/packages/gnunet.scm (gnurl)[inputs]: Replace gnutls with 'gnutls/dane= '. --- gnu/packages/gnunet.scm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gnu/packages/gnunet.scm b/gnu/packages/gnunet.scm index 7ff1a3f6f..93aab2894 100644 --- a/gnu/packages/gnunet.scm +++ b/gnu/packages/gnunet.scm @@ -197,7 +197,7 @@ and support for SSL3 and TLS.") (build-system gnu-build-system) (outputs '("out" "doc")) ; 1.5 MiB of man3 pages - (inputs `(("gnutls" ,gnutls) + (inputs `(("gnutls" ,gnutls/dane) ("libidn" ,libidn) ("zlib" ,zlib))) (native-inputs --=20 2.14.1 --s5f7dm5z6atyrisw Content-Type: text/plain; charset=utf-8 Content-Disposition: attachment; filename="0003-gnu-libmicrohttpd-Use-gnutls-dane-as-input.patch" Content-Transfer-Encoding: quoted-printable =46rom 6bdd32e899d955cb14980cf98a645204247528c4 Mon Sep 17 00:00:00 2001 =46rom: ng0 Date: Mon, 21 Aug 2017 09:45:54 +0000 Subject: [PATCH 3/4] gnu: libmicrohttpd: Use 'gnutls/dane' as input. GNUnet and its dependency chain needs GnuTLS with DANE support. * gnu/packages/gnunet.scm (libmicrohttpd)[inputs]: Replace gnutls with 'gnu= tls/dane'. --- gnu/packages/gnunet.scm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gnu/packages/gnunet.scm b/gnu/packages/gnunet.scm index 93aab2894..5d8d72fbb 100644 --- a/gnu/packages/gnunet.scm +++ b/gnu/packages/gnunet.scm @@ -155,7 +155,7 @@ tool to extract metadata from a file and print the resu= lts.") (build-system gnu-build-system) (inputs `(("curl" ,curl) - ("gnutls" ,gnutls) + ("gnutls" ,gnutls/dane) ("libgcrypt" ,libgcrypt) ("openssl" ,openssl) ("zlib" ,zlib))) --=20 2.14.1 --s5f7dm5z6atyrisw Content-Type: text/plain; charset=utf-8 Content-Disposition: attachment; filename="0004-gnu-gnunet-Use-gnutls-dane-as-input.patch" Content-Transfer-Encoding: quoted-printable =46rom 78ec8c48d225bddb51078b9ec57d6ff432598f53 Mon Sep 17 00:00:00 2001 =46rom: ng0 Date: Mon, 21 Aug 2017 09:48:32 +0000 Subject: [PATCH 4/4] gnu: gnunet: Use 'gnutls/dane' as input. GNUnet and its dependency chain needs GnuTLS with DANE support. * gnu/packages/gnunet.scm (gnunet)[inputs]: Replace gnutls with 'gnutls/dan= e'. --- gnu/packages/gnunet.scm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gnu/packages/gnunet.scm b/gnu/packages/gnunet.scm index 5d8d72fbb..83b0ba613 100644 --- a/gnu/packages/gnunet.scm +++ b/gnu/packages/gnunet.scm @@ -277,7 +277,7 @@ supports HTTP, HTTPS and GnuTLS.") ("gnurl" ,gnurl) ("gstreamer" ,gstreamer) ("gst-plugins-base" ,gst-plugins-base) - ("gnutls" ,gnutls) + ("gnutls" ,gnutls/dane) ("libextractor" ,libextractor) ("libgcrypt" ,libgcrypt) ("libidn" ,libidn) --=20 2.14.1 --s5f7dm5z6atyrisw-- --5kdtxvlxx4vrfkhl Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEqIyK3RKYKNfqwC5S4i+bv+40hYgFAlmaroYACgkQ4i+bv+40 hYgVrQ//YGClYvgDoGU+a3OyDmjVw8/4WLo6dbf/R35c6+pcsWvspJR14XrIMqJI gBD61ABiCrAQNCvH/6M8KlRrFj4i7wRBCtthTH67a8NJ2EVgfhoimThtUXXAtU2X J+XzNMCuqnsPqnC0sqJJMbv94pdHwjofFUOY7m9z7vbV0JckZwg9AiERobiyj+zO W4kaKrrdI3nyEXGlJA7+lRB9A1IU/Xw24lJkAXaUqnhDF/SGJKRKyMNJg8+oDkqT 4SMMfTl7/h4J2rvxrVSGQundVot5TTTyeDC8AWi9r0xtxmFZXCjXLmVjjDj3HVzL j3UuAWdPWzvjyXS2eguQ6K+pXNQDHN+2taUNr6U83QuQzfrHE9gW1jBFFwzh3mFl Nj0TLoAZqXthR9LI2ZzLDOP2hpruYPmH6y009pz/KEeLvXKjz16yY/+5adWi5/HQ 4e8aeEIqjOXqie+GXa4XkBqrlXh8+tO6NHjt+z/FrYkdy4uJHUMni0AfiU9/P1jR QaNjvuKrJYg2R5f390SmjCqR8VQIsLbOwS0Klg50dLzorzeV3dLS0S9+YdROXzs0 RKKhrdE75N3LvHIeux98wVlkGw1kA+1xL2dKbuXmOWeykkaIeFKCv2qtq7grKW/5 fsCjGGHh1exJh3ACcm+xh8tbhfqyqdCgl4iPrGRHczFeMtIlWxQ= =oa5Z -----END PGP SIGNATURE----- --5kdtxvlxx4vrfkhl--