From: ng0 <ng0@infotropique.org>
To: Christopher Baines <mail@cbaines.net>
Cc: 28170@debbugs.gnu.org
Subject: [bug#28170] Add gnutls/dane + use it where its needed (gnurl, libmicrohttpd, gnunet)
Date: Sat, 30 Sep 2017 14:01:44 +0000 [thread overview]
Message-ID: <20170930140144.yenmf7pr2ffecmll@abyayala> (raw)
In-Reply-To: <20170930134346.54a4c54a@cbaines.net>
[-- Attachment #1.1: Type: text/plain, Size: 1942 bytes --]
Christopher Baines transcribed 2.8K bytes:
> On Sat, 30 Sep 2017 12:23:09 +0000
> ng0 <ng0@infotropique.org> wrote:
>
> > Christopher Baines transcribed 2.1K bytes:
> > > On Mon, 21 Aug 2017 09:57:26 +0000
> > > ng0 <ng0@infotropique.org> wrote:
> > >
> > > > The dependency chain of GNUnet demands GnuTLS with DANE support.
> > > > You can use it without DANE, but there are certain parts which
> > > > will not work. DANE is recommended. (ports of FREEBSD uses
> > > > gnutls-dane for libmicrohttpd aswell for example).
> > >
> > > > From c9dedfd1a6f91d557006b00505a428be84102b1e Mon Sep 17 00:00:00
> > > > 2001 From: ng0 <ng0@infotropique.org>
> > > > Date: Mon, 21 Aug 2017 09:28:51 +0000
> > > > Subject: [PATCH 1/4] gnu: gnutls: Add 'gnutls-dane'.
> > > >
> > > > * gnu/packages/tls.scm (gnutls/dane): New variable.
> > >
> > > Hey, so I'm trying to do some reviewing.
> > >
> > > What was your reasoning for creating a new gnutls/dane package,
> > > rather than adding unbound to the existing gnutls package?
> > >
> > > I don't know much about GnuTLS, but it would be good to make it
> > > clear why this approach was taken, especially in the commit message
> > > and by the gnutls/dane package definition.
> >
> > Honestly, I did not want to touch the gnutls package for this.
> > I wanted to leave the option open to have gnutls without dane.
> > Sure, it's a useful feature. If you think I should apply it
> > directly to gnutls, tell me and I'll send a new patch.
>
> I'm happy with that reason, if you could put that in the relevant
> commit message, or in a comment by the gnutls/dane package definition
> (or both), I'll check I can build all the changed packages, and push
> if they all build for me.
Okay. Appended.
--
ng0
GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588
GnuPG: https://krosos.org/dist/keys/
https://www.infotropique.org https://krosos.org
[-- Attachment #1.2: 0001-gnu-gnutls-Add-gnutls-dane.patch --]
[-- Type: text/plain, Size: 2053 bytes --]
From 2a56a48f36484c8f5b3f7ef70e51e9b40604c071 Mon Sep 17 00:00:00 2001
From: ng0 <ng0@infotropique.org>
Date: Mon, 21 Aug 2017 09:28:51 +0000
Subject: [PATCH 1/4] gnu: gnutls: Add 'gnutls-dane'.
* gnu/packages/tls.scm (gnutls/dane): New variable.
---
gnu/packages/tls.scm | 15 ++++++++++++++-
1 file changed, 14 insertions(+), 1 deletion(-)
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index 3251c102b..445f4ba83 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -6,7 +6,7 @@
;;; Copyright © 2015 David Thompson <davet@gnu.org>
;;; Copyright © 2015, 2016, 2017 Leo Famulari <leo@famulari.name>
;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
-;;; Copyright © 2016, 2017 ng0 <contact.ng0@cryptolab.net>
+;;; Copyright © 2016, 2017 ng0 <ng0@infotropique.org>
;;; Copyright © 2016 Hartmut Goebel <h.goebel@crazy-compilers.com>
;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net>
;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
@@ -37,6 +37,7 @@
#:use-module (guix build-system cmake)
#:use-module (gnu packages compression)
#:use-module (gnu packages)
+ #:use-module (gnu packages dns)
#:use-module (gnu packages guile)
#:use-module (gnu packages libbsd)
#:use-module (gnu packages libffi)
@@ -229,6 +230,18 @@ required structures.")
(inputs `(("guile" ,guile-2.0)
,@(alist-delete "guile" (package-inputs gnutls))))))
+(define-public gnutls/dane
+ ;; GnuTLS with build libgnutls-dane, implementing DNS-based
+ ;; Authentication of Named Entities. This is required for GNS functionality
+ ;; by GNUnet and gnURL. This is done in an extra package definition
+ ;; to have the choice between GnuTLS with Dane and without Dane.
+ (package
+ (inherit gnutls)
+ (source (package-source gnutls-3.5.13))
+ (name "gnutls-dane")
+ (inputs `(("unbound" ,unbound)
+ ,@(package-inputs gnutls)))))
+
(define-public openssl
(package
(name "openssl")
--
2.14.2
[-- Attachment #1.3: 0002-gnu-gnurl-Use-gnutls-dane-as-input.patch --]
[-- Type: text/plain, Size: 966 bytes --]
From 60b4b4a90cbcfa5d7f8702c3341714f5a0dceade Mon Sep 17 00:00:00 2001
From: ng0 <ng0@infotropique.org>
Date: Mon, 21 Aug 2017 09:38:55 +0000
Subject: [PATCH 2/4] gnu: gnurl: Use 'gnutls/dane' as input.
GNUnet and its dependency chain needs GnuTLS with DANE support.
* gnu/packages/gnunet.scm (gnurl)[inputs]: Replace gnutls with 'gnutls/dane'.
---
gnu/packages/gnunet.scm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/gnu/packages/gnunet.scm b/gnu/packages/gnunet.scm
index 82702e4e8..bb434c9ec 100644
--- a/gnu/packages/gnunet.scm
+++ b/gnu/packages/gnunet.scm
@@ -197,7 +197,7 @@ and support for SSL3 and TLS.")
(build-system gnu-build-system)
(outputs '("out"
"doc")) ; 1.5 MiB of man3 pages
- (inputs `(("gnutls" ,gnutls)
+ (inputs `(("gnutls" ,gnutls/dane)
("libidn" ,libidn)
("zlib" ,zlib)))
(native-inputs
--
2.14.2
[-- Attachment #1.4: 0003-gnu-libmicrohttpd-Use-gnutls-dane-as-input.patch --]
[-- Type: text/plain, Size: 937 bytes --]
From 987534a31c304bf6bfb200268f4c3b86fecb024e Mon Sep 17 00:00:00 2001
From: ng0 <ng0@infotropique.org>
Date: Mon, 21 Aug 2017 09:45:54 +0000
Subject: [PATCH 3/4] gnu: libmicrohttpd: Use 'gnutls/dane' as input.
GNUnet and its dependency chain needs GnuTLS with DANE support.
* gnu/packages/gnunet.scm (libmicrohttpd)[inputs]: Replace gnutls with 'gnutls/dane'.
---
gnu/packages/gnunet.scm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/gnu/packages/gnunet.scm b/gnu/packages/gnunet.scm
index bb434c9ec..98574994a 100644
--- a/gnu/packages/gnunet.scm
+++ b/gnu/packages/gnunet.scm
@@ -155,7 +155,7 @@ tool to extract metadata from a file and print the results.")
(build-system gnu-build-system)
(inputs
`(("curl" ,curl)
- ("gnutls" ,gnutls)
+ ("gnutls" ,gnutls/dane)
("libgcrypt" ,libgcrypt)
("openssl" ,openssl)
("zlib" ,zlib)))
--
2.14.2
[-- Attachment #1.5: 0004-gnu-gnunet-Use-gnutls-dane-as-input.patch --]
[-- Type: text/plain, Size: 940 bytes --]
From a8fcb786f2ca89f65fd24c1d038c957f880a5ef5 Mon Sep 17 00:00:00 2001
From: ng0 <ng0@infotropique.org>
Date: Mon, 21 Aug 2017 09:48:32 +0000
Subject: [PATCH 4/4] gnu: gnunet: Use 'gnutls/dane' as input.
GNUnet and its dependency chain needs GnuTLS with DANE support.
* gnu/packages/gnunet.scm (gnunet)[inputs]: Replace gnutls with 'gnutls/dane'.
---
gnu/packages/gnunet.scm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/gnu/packages/gnunet.scm b/gnu/packages/gnunet.scm
index 98574994a..9a2713e66 100644
--- a/gnu/packages/gnunet.scm
+++ b/gnu/packages/gnunet.scm
@@ -271,7 +271,7 @@ supports HTTP, HTTPS and GnuTLS.")
("gnurl" ,gnurl)
("gstreamer" ,gstreamer)
("gst-plugins-base" ,gst-plugins-base)
- ("gnutls" ,gnutls)
+ ("gnutls" ,gnutls/dane)
("libextractor" ,libextractor)
("libgcrypt" ,libgcrypt)
("libidn" ,libidn)
--
2.14.2
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
next prev parent reply other threads:[~2017-09-30 14:03 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-08-21 9:57 [bug#28170] Add gnutls/dane + use it where its needed (gnurl, libmicrohttpd, gnunet) ng0
2017-09-30 11:26 ` Christopher Baines
2017-09-30 12:23 ` ng0
2017-09-30 12:43 ` Christopher Baines
2017-09-30 14:01 ` ng0 [this message]
2017-09-30 14:12 ` ng0
2017-09-30 14:34 ` Christopher Baines
2017-09-30 14:56 ` ng0
2017-09-30 15:01 ` ng0
2017-09-30 16:05 ` Christopher Baines
2017-09-30 16:36 ` ng0
2017-09-30 17:38 ` Christopher Baines
2017-10-01 9:52 ` bug#28170: " Christopher Baines
2017-09-30 14:03 ` [bug#28170] " ng0
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170930140144.yenmf7pr2ffecmll@abyayala \
--to=ng0@infotropique.org \
--cc=28170@debbugs.gnu.org \
--cc=mail@cbaines.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.