From: ng0 <ng0@infotropique.org>
To: Christopher Baines <mail@cbaines.net>
Cc: 28170@debbugs.gnu.org
Subject: [bug#28170] Add gnutls/dane + use it where its needed (gnurl, libmicrohttpd, gnunet)
Date: Sat, 30 Sep 2017 16:36:05 +0000 [thread overview]
Message-ID: <20170930163605.x4sl5irccreah67l@abyayala> (raw)
In-Reply-To: <20170930170504.1c476ed8@cbaines.net>
[-- Attachment #1.1: Type: text/plain, Size: 3278 bytes --]
Christopher Baines transcribed 3.6K bytes:
> On Sat, 30 Sep 2017 15:01:52 +0000
> ng0 <ng0@infotropique.org> wrote:
>
> > ng0 transcribed 2.1K bytes:
> > > Christopher Baines transcribed 1.7K bytes:
> > > > On Sat, 30 Sep 2017 14:12:55 +0000
> > > > ng0 <ng0@infotropique.org> wrote:
> > > >
> > > > > The fix in this version is to only add the necessary input
> > > > > to the inherited gnutls.
> > > >
> > > > Ok. One hopefully final thing. From the commit message [1], it's
> > > > not clear to me if this is fixing an issue with the GNUnet
> > > > package, by providing it with the right dependencies, or, adding
> > > > additional functionality to the GNUnet package, by providing a
> > > > more capable GnuTLS?
> > > >
> > > > 1: "GNUnet and its dependency chain needs GnuTLS with DANE
> > > > support."
> > > It provides the right GnuTLS to GNUnet, libmicrohttpd and gnURL.
> > > Certain features of these applications will not work without it.
> > > GnuTLS without Dane is not fatal error for these packages, but
> > > Dane is recommended.
> > > I have no idea how I should put this into the very strict dictionary
> > > we have in commit messages… In more free-form it would be no problem
> > > for me.
> > > --
> > > ng0
> > > GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588
> > > GnuPG: https://krosos.org/dist/keys/
> > > https://www.infotropique.org https://krosos.org
> >
> > Okay, I now see what you mean.
> >
> > To make it short: the correct dependency is provided in place
> > of the current working-but-not-correct GnuTLS.
> >
> > Is that more clear?
>
> I think you've made it clear to me now.
>
> From what you're saying, I think its the 2nd thing I said. Making this
> change will enable some functionality in the GNUnet package (and
> possibly some of the other packages changed).
>
> I'm not sure using the word "correct" helps, unless you say what the
> dependencies are correct/incorrect with respect to, for example, if the
> GNUnet documentation says that it should be built with GnuTLS with Dane
> support, then that would be a reason to talk about correctness.
Yes it does state this, in the documentation and all these applications
list the dependency in README aswell.
This is why I thought the original, first version, comment I made in
gnutls/dane was enough. But I'll have to be more clear then.
Well if gnURL doesn't state it in its README I have to add it, if it's
not in there it's my mistake - it's correct nevertheless.
> As for the commit format. As I understand the conventions, you can put
> anything in between the first line, and the changelog at the bottom.
> For example, one case where I ended up writing quite a bit is here [1].
>
> It doesn't have to be very specific, but something about the intent or
> intended effect of the change in each commit would be very useful.
>
> 1:
> http://git.savannah.gnu.org/cgit/guix.git/commit/?id=6230e155afd8c43c12ee3f03032aac34433db11a
Okay, thanks. I will change the commit messages and
reference our (GNUnet) README and documentation sections.
--
ng0
GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588
GnuPG: https://krosos.org/dist/keys/
https://www.infotropique.org https://krosos.org
[-- Attachment #1.2: 0001-gnu-gnutls-Add-gnutls-dane.patch --]
[-- Type: text/plain, Size: 2006 bytes --]
From d110c5792959ba62ae3df4435e25d5c95bd60fa8 Mon Sep 17 00:00:00 2001
From: ng0 <ng0@infotropique.org>
Date: Mon, 21 Aug 2017 09:28:51 +0000
Subject: [PATCH 1/4] gnu: gnutls: Add 'gnutls-dane'.
* gnu/packages/tls.scm (gnutls/dane): New variable.
---
gnu/packages/tls.scm | 14 +++++++++++++-
1 file changed, 13 insertions(+), 1 deletion(-)
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index 3251c102b..0e59d7df1 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -6,7 +6,7 @@
;;; Copyright © 2015 David Thompson <davet@gnu.org>
;;; Copyright © 2015, 2016, 2017 Leo Famulari <leo@famulari.name>
;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
-;;; Copyright © 2016, 2017 ng0 <contact.ng0@cryptolab.net>
+;;; Copyright © 2016, 2017 ng0 <ng0@infotropique.org>
;;; Copyright © 2016 Hartmut Goebel <h.goebel@crazy-compilers.com>
;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net>
;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
@@ -37,6 +37,7 @@
#:use-module (guix build-system cmake)
#:use-module (gnu packages compression)
#:use-module (gnu packages)
+ #:use-module (gnu packages dns)
#:use-module (gnu packages guile)
#:use-module (gnu packages libbsd)
#:use-module (gnu packages libffi)
@@ -229,6 +230,17 @@ required structures.")
(inputs `(("guile" ,guile-2.0)
,@(alist-delete "guile" (package-inputs gnutls))))))
+(define-public gnutls/dane
+ ;; GnuTLS with build libgnutls-dane, implementing DNS-based
+ ;; Authentication of Named Entities. This is required for GNS functionality
+ ;; by GNUnet and gnURL. This is done in an extra package definition
+ ;; to have the choice between GnuTLS with Dane and without Dane.
+ (package
+ (inherit gnutls)
+ (name "gnutls-dane")
+ (inputs `(("unbound" ,unbound)
+ ,@(package-inputs gnutls)))))
+
(define-public openssl
(package
(name "openssl")
--
2.14.2
[-- Attachment #1.3: 0002-gnu-gnurl-Use-gnutls-dane-as-input.patch --]
[-- Type: text/plain, Size: 1231 bytes --]
From 5580691be6696c5af1b7d6f833958d675b22ece9 Mon Sep 17 00:00:00 2001
From: ng0 <ng0@infotropique.org>
Date: Mon, 21 Aug 2017 09:38:55 +0000
Subject: [PATCH 2/4] gnu: gnurl: Use 'gnutls/dane' as input.
This switches the used GnuTLS to the one recommended
by the GNUnet Documentation (Chapter "Installation Handbook",
Section "Generic installation instructions") where a specific
order of dependency installation is required. In this
order libunbound is installed first, then GnuTLS, then libgnurl,
followed by libmicrohttpd.
* gnu/packages/gnunet.scm (gnurl)[inputs]: Replace gnutls with 'gnutls/dane'.
---
gnu/packages/gnunet.scm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/gnu/packages/gnunet.scm b/gnu/packages/gnunet.scm
index 82702e4e8..bb434c9ec 100644
--- a/gnu/packages/gnunet.scm
+++ b/gnu/packages/gnunet.scm
@@ -197,7 +197,7 @@ and support for SSL3 and TLS.")
(build-system gnu-build-system)
(outputs '("out"
"doc")) ; 1.5 MiB of man3 pages
- (inputs `(("gnutls" ,gnutls)
+ (inputs `(("gnutls" ,gnutls/dane)
("libidn" ,libidn)
("zlib" ,zlib)))
(native-inputs
--
2.14.2
[-- Attachment #1.4: 0003-gnu-libmicrohttpd-Use-gnutls-dane-as-input.patch --]
[-- Type: text/plain, Size: 1202 bytes --]
From 31e8a308c16c36eecf30e16acc77ec1d676d416e Mon Sep 17 00:00:00 2001
From: ng0 <ng0@infotropique.org>
Date: Mon, 21 Aug 2017 09:45:54 +0000
Subject: [PATCH 3/4] gnu: libmicrohttpd: Use 'gnutls/dane' as input.
This switches the used GnuTLS to the one recommended
by the GNUnet Documentation (Chapter "Installation Handbook",
Section "Generic installation instructions") where a specific
order of dependency installation is required. In this
order libunbound is installed first, then GnuTLS, then libgnurl,
followed by libmicrohttpd.
* gnu/packages/gnunet.scm (libmicrohttpd)[inputs]: Replace gnutls with 'gnutls/dane'.
---
gnu/packages/gnunet.scm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/gnu/packages/gnunet.scm b/gnu/packages/gnunet.scm
index bb434c9ec..98574994a 100644
--- a/gnu/packages/gnunet.scm
+++ b/gnu/packages/gnunet.scm
@@ -155,7 +155,7 @@ tool to extract metadata from a file and print the results.")
(build-system gnu-build-system)
(inputs
`(("curl" ,curl)
- ("gnutls" ,gnutls)
+ ("gnutls" ,gnutls/dane)
("libgcrypt" ,libgcrypt)
("openssl" ,openssl)
("zlib" ,zlib)))
--
2.14.2
[-- Attachment #1.5: 0004-gnu-gnunet-Use-gnutls-dane-as-input.patch --]
[-- Type: text/plain, Size: 1205 bytes --]
From 24df6f3fd2a83f36e264a46dfed16d4e8d744585 Mon Sep 17 00:00:00 2001
From: ng0 <ng0@infotropique.org>
Date: Mon, 21 Aug 2017 09:48:32 +0000
Subject: [PATCH 4/4] gnu: gnunet: Use 'gnutls/dane' as input.
This switches the used GnuTLS to the one recommended
by the GNUnet Documentation (Chapter "Installation Handbook",
Section "Generic installation instructions") where a specific
order of dependency installation is required. In this
order libunbound is installed first, then GnuTLS, then libgnurl,
followed by libmicrohttpd.
* gnu/packages/gnunet.scm (gnunet)[inputs]: Replace gnutls with 'gnutls/dane'.
---
gnu/packages/gnunet.scm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/gnu/packages/gnunet.scm b/gnu/packages/gnunet.scm
index 98574994a..9a2713e66 100644
--- a/gnu/packages/gnunet.scm
+++ b/gnu/packages/gnunet.scm
@@ -271,7 +271,7 @@ supports HTTP, HTTPS and GnuTLS.")
("gnurl" ,gnurl)
("gstreamer" ,gstreamer)
("gst-plugins-base" ,gst-plugins-base)
- ("gnutls" ,gnutls)
+ ("gnutls" ,gnutls/dane)
("libextractor" ,libextractor)
("libgcrypt" ,libgcrypt)
("libidn" ,libidn)
--
2.14.2
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
next prev parent reply other threads:[~2017-09-30 16:37 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-08-21 9:57 [bug#28170] Add gnutls/dane + use it where its needed (gnurl, libmicrohttpd, gnunet) ng0
2017-09-30 11:26 ` Christopher Baines
2017-09-30 12:23 ` ng0
2017-09-30 12:43 ` Christopher Baines
2017-09-30 14:01 ` ng0
2017-09-30 14:12 ` ng0
2017-09-30 14:34 ` Christopher Baines
2017-09-30 14:56 ` ng0
2017-09-30 15:01 ` ng0
2017-09-30 16:05 ` Christopher Baines
2017-09-30 16:36 ` ng0 [this message]
2017-09-30 17:38 ` Christopher Baines
2017-10-01 9:52 ` bug#28170: " Christopher Baines
2017-09-30 14:03 ` [bug#28170] " ng0
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170930163605.x4sl5irccreah67l@abyayala \
--to=ng0@infotropique.org \
--cc=28170@debbugs.gnu.org \
--cc=mail@cbaines.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.