From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:45753) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dyIME-0007M0-1r for guix-patches@gnu.org; Sat, 30 Sep 2017 10:03:07 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dyIMB-0004Oo-9A for guix-patches@gnu.org; Sat, 30 Sep 2017 10:03:06 -0400 Received: from debbugs.gnu.org ([208.118.235.43]:60782) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1dyIMB-0004OJ-1f for guix-patches@gnu.org; Sat, 30 Sep 2017 10:03:03 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1dyIMA-0004MA-62 for guix-patches@gnu.org; Sat, 30 Sep 2017 10:03:02 -0400 Subject: [bug#28170] Add gnutls/dane + use it where its needed (gnurl, libmicrohttpd, gnunet) Resent-Message-ID: Date: Sat, 30 Sep 2017 14:01:44 +0000 From: ng0 Message-ID: <20170930140144.yenmf7pr2ffecmll@abyayala> References: <20170821095726.qtf2ko526nup4yba@abyayala> <20170930122616.17079913@cbaines.net> <20170930122309.akl2dxa46eru36pb@abyayala> <20170930134346.54a4c54a@cbaines.net> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="oioycalfmlipv3b2" Content-Disposition: inline In-Reply-To: <20170930134346.54a4c54a@cbaines.net> List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org Sender: "Guix-patches" To: Christopher Baines Cc: 28170@debbugs.gnu.org --oioycalfmlipv3b2 Content-Type: multipart/mixed; boundary="b4blzr27v62yadap" Content-Disposition: inline --b4blzr27v62yadap Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Christopher Baines transcribed 2.8K bytes: > On Sat, 30 Sep 2017 12:23:09 +0000 > ng0 wrote: >=20 > > Christopher Baines transcribed 2.1K bytes: > > > On Mon, 21 Aug 2017 09:57:26 +0000 > > > ng0 wrote: > > > =20 > > > > The dependency chain of GNUnet demands GnuTLS with DANE support. > > > > You can use it without DANE, but there are certain parts which > > > > will not work. DANE is recommended. (ports of FREEBSD uses > > > > gnutls-dane for libmicrohttpd aswell for example). =20 > > > =20 > > > > From c9dedfd1a6f91d557006b00505a428be84102b1e Mon Sep 17 00:00:00 > > > > 2001 From: ng0 > > > > Date: Mon, 21 Aug 2017 09:28:51 +0000 > > > > Subject: [PATCH 1/4] gnu: gnutls: Add 'gnutls-dane'. > > > >=20 > > > > * gnu/packages/tls.scm (gnutls/dane): New variable. =20 > > >=20 > > > Hey, so I'm trying to do some reviewing. > > >=20 > > > What was your reasoning for creating a new gnutls/dane package, > > > rather than adding unbound to the existing gnutls package? > > >=20 > > > I don't know much about GnuTLS, but it would be good to make it > > > clear why this approach was taken, especially in the commit message > > > and by the gnutls/dane package definition. =20 > >=20 > > Honestly, I did not want to touch the gnutls package for this. > > I wanted to leave the option open to have gnutls without dane. > > Sure, it's a useful feature. If you think I should apply it > > directly to gnutls, tell me and I'll send a new patch. >=20 > I'm happy with that reason, if you could put that in the relevant > commit message, or in a comment by the gnutls/dane package definition > (or both), I'll check I can build all the changed packages, and push > if they all build for me. Okay. Appended. --=20 ng0 GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588 GnuPG: https://krosos.org/dist/keys/ https://www.infotropique.org https://krosos.org --b4blzr27v62yadap Content-Type: text/plain; charset=utf-8 Content-Disposition: attachment; filename="0001-gnu-gnutls-Add-gnutls-dane.patch" Content-Transfer-Encoding: quoted-printable =46rom 2a56a48f36484c8f5b3f7ef70e51e9b40604c071 Mon Sep 17 00:00:00 2001 =46rom: ng0 Date: Mon, 21 Aug 2017 09:28:51 +0000 Subject: [PATCH 1/4] gnu: gnutls: Add 'gnutls-dane'. * gnu/packages/tls.scm (gnutls/dane): New variable. --- gnu/packages/tls.scm | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index 3251c102b..445f4ba83 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -6,7 +6,7 @@ ;;; Copyright =C2=A9 2015 David Thompson ;;; Copyright =C2=A9 2015, 2016, 2017 Leo Famulari ;;; Copyright =C2=A9 2016, 2017 Efraim Flashner -;;; Copyright =C2=A9 2016, 2017 ng0 +;;; Copyright =C2=A9 2016, 2017 ng0 ;;; Copyright =C2=A9 2016 Hartmut Goebel ;;; Copyright =C2=A9 2017 Ricardo Wurmus ;;; Copyright =C2=A9 2017 Marius Bakke @@ -37,6 +37,7 @@ #:use-module (guix build-system cmake) #:use-module (gnu packages compression) #:use-module (gnu packages) + #:use-module (gnu packages dns) #:use-module (gnu packages guile) #:use-module (gnu packages libbsd) #:use-module (gnu packages libffi) @@ -229,6 +230,18 @@ required structures.") (inputs `(("guile" ,guile-2.0) ,@(alist-delete "guile" (package-inputs gnutls)))))) =20 +(define-public gnutls/dane + ;; GnuTLS with build libgnutls-dane, implementing DNS-based + ;; Authentication of Named Entities. This is required for GNS functiona= lity + ;; by GNUnet and gnURL. This is done in an extra package definition + ;; to have the choice between GnuTLS with Dane and without Dane. + (package + (inherit gnutls) + (source (package-source gnutls-3.5.13)) + (name "gnutls-dane") + (inputs `(("unbound" ,unbound) + ,@(package-inputs gnutls))))) + (define-public openssl (package (name "openssl") --=20 2.14.2 --b4blzr27v62yadap Content-Type: text/plain; charset=utf-8 Content-Disposition: attachment; filename="0002-gnu-gnurl-Use-gnutls-dane-as-input.patch" Content-Transfer-Encoding: quoted-printable =46rom 60b4b4a90cbcfa5d7f8702c3341714f5a0dceade Mon Sep 17 00:00:00 2001 =46rom: ng0 Date: Mon, 21 Aug 2017 09:38:55 +0000 Subject: [PATCH 2/4] gnu: gnurl: Use 'gnutls/dane' as input. GNUnet and its dependency chain needs GnuTLS with DANE support. * gnu/packages/gnunet.scm (gnurl)[inputs]: Replace gnutls with 'gnutls/dane= '. --- gnu/packages/gnunet.scm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gnu/packages/gnunet.scm b/gnu/packages/gnunet.scm index 82702e4e8..bb434c9ec 100644 --- a/gnu/packages/gnunet.scm +++ b/gnu/packages/gnunet.scm @@ -197,7 +197,7 @@ and support for SSL3 and TLS.") (build-system gnu-build-system) (outputs '("out" "doc")) ; 1.5 MiB of man3 pages - (inputs `(("gnutls" ,gnutls) + (inputs `(("gnutls" ,gnutls/dane) ("libidn" ,libidn) ("zlib" ,zlib))) (native-inputs --=20 2.14.2 --b4blzr27v62yadap Content-Type: text/plain; charset=utf-8 Content-Disposition: attachment; filename="0003-gnu-libmicrohttpd-Use-gnutls-dane-as-input.patch" Content-Transfer-Encoding: quoted-printable =46rom 987534a31c304bf6bfb200268f4c3b86fecb024e Mon Sep 17 00:00:00 2001 =46rom: ng0 Date: Mon, 21 Aug 2017 09:45:54 +0000 Subject: [PATCH 3/4] gnu: libmicrohttpd: Use 'gnutls/dane' as input. GNUnet and its dependency chain needs GnuTLS with DANE support. * gnu/packages/gnunet.scm (libmicrohttpd)[inputs]: Replace gnutls with 'gnu= tls/dane'. --- gnu/packages/gnunet.scm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gnu/packages/gnunet.scm b/gnu/packages/gnunet.scm index bb434c9ec..98574994a 100644 --- a/gnu/packages/gnunet.scm +++ b/gnu/packages/gnunet.scm @@ -155,7 +155,7 @@ tool to extract metadata from a file and print the resu= lts.") (build-system gnu-build-system) (inputs `(("curl" ,curl) - ("gnutls" ,gnutls) + ("gnutls" ,gnutls/dane) ("libgcrypt" ,libgcrypt) ("openssl" ,openssl) ("zlib" ,zlib))) --=20 2.14.2 --b4blzr27v62yadap Content-Type: text/plain; charset=utf-8 Content-Disposition: attachment; filename="0004-gnu-gnunet-Use-gnutls-dane-as-input.patch" Content-Transfer-Encoding: quoted-printable =46rom a8fcb786f2ca89f65fd24c1d038c957f880a5ef5 Mon Sep 17 00:00:00 2001 =46rom: ng0 Date: Mon, 21 Aug 2017 09:48:32 +0000 Subject: [PATCH 4/4] gnu: gnunet: Use 'gnutls/dane' as input. GNUnet and its dependency chain needs GnuTLS with DANE support. * gnu/packages/gnunet.scm (gnunet)[inputs]: Replace gnutls with 'gnutls/dan= e'. --- gnu/packages/gnunet.scm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gnu/packages/gnunet.scm b/gnu/packages/gnunet.scm index 98574994a..9a2713e66 100644 --- a/gnu/packages/gnunet.scm +++ b/gnu/packages/gnunet.scm @@ -271,7 +271,7 @@ supports HTTP, HTTPS and GnuTLS.") ("gnurl" ,gnurl) ("gstreamer" ,gstreamer) ("gst-plugins-base" ,gst-plugins-base) - ("gnutls" ,gnutls) + ("gnutls" ,gnutls/dane) ("libextractor" ,libextractor) ("libgcrypt" ,libgcrypt) ("libidn" ,libidn) --=20 2.14.2 --b4blzr27v62yadap-- --oioycalfmlipv3b2 Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEqIyK3RKYKNfqwC5S4i+bv+40hYgFAlnPo8gACgkQ4i+bv+40 hYgXABAAl2znXHn1W1WY40fjT512vESQrbC6YfmDMZjxJmKdMHoltn916lbtJWnR V8G08NvL+my8prEFe9SG/P28xD15jiXjkOKi7nHioYNjEP1QCvRbLUm6tzwBL1uX T6oFtEMeyvKimWbUXOWhVgbqoj6jiZLYWLvpQmWdsSmf/qImC7tpQrFqqDThlwYX 7goFHwMV0IgqeDrZUNG5ZgIGHPnhvPhmGQ022Sg8nXwa71T3lxtr60+DQbk0nyT/ xXlh9XVw01fwNCSqsaMTMRcsYM6PPlDa4nrf0ay9ZM+7R0U8SC+8xCuAWekTG3qT 9MvHgA1G0I8Ojkhin4ZjOTPXrEC44B745BhZWtznVbyBDkTFg8m2DCZKXPk+7Etc qCwLtKkqrl36+2mNJym0ICbzwP0ob7WFW5GHNwx5+xn/shs/6yyTTdmrspoR1jAi v/dOrPfBxmcHN4CU8q/7Uu+Fz/fYmyequqhsoun8smDwtNeOyAoJ7qg6M1ukryJV 5Nd4Ru4FB/dTtak6oadgWbF1yzAlbxWE06VFIaL1aNfiInBMx5ZidHq3tHsyuKQa Dr9ArwOs6bNdL2Jpd95yt21AIWfMtqUlff3Fs1E43k95ZW3ahOKSF9SmzgqlKpea UBrK95tYqR4meac1yVL4sBDeNsmb5/5xfvBEyz9nWEqmqPhjfok= =Zvht -----END PGP SIGNATURE----- --oioycalfmlipv3b2--