[bug#28170] Add gnutls/dane + use it where its needed (gnurl, libmicrohttpd, gnunet)

[ng0 <ng0@infotropique.org>]

[-- Attachment #1.1: Type: text/plain, Size: 3278 bytes --]

Christopher Baines transcribed 3.6K bytes:
> On Sat, 30 Sep 2017 15:01:52 +0000
> ng0 <ng0@infotropique.org> wrote:
> 
> > ng0 transcribed 2.1K bytes:
> > > Christopher Baines transcribed 1.7K bytes:  
> > > > On Sat, 30 Sep 2017 14:12:55 +0000
> > > > ng0 <ng0@infotropique.org> wrote:
> > > >   
> > > > > The fix in this version is to only add the necessary input
> > > > > to the inherited gnutls.  
> > > > 
> > > > Ok. One hopefully final thing. From the commit message [1], it's
> > > > not clear to me if this is fixing an issue with the GNUnet
> > > > package, by providing it with the right dependencies, or, adding
> > > > additional functionality to the GNUnet package, by providing a
> > > > more capable GnuTLS?
> > > > 
> > > > 1: "GNUnet and its dependency chain needs GnuTLS with DANE
> > > > support." 
> > > It provides the right GnuTLS to GNUnet, libmicrohttpd and gnURL.
> > > Certain features of these applications will not work without it.
> > > GnuTLS without Dane is not fatal error for these packages, but
> > > Dane is recommended.
> > > I have no idea how I should put this into the very strict dictionary
> > > we have in commit messages… In more free-form it would be no problem
> > > for me.
> > > -- 
> > > ng0
> > > GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588
> > > GnuPG: https://krosos.org/dist/keys/
> > > https://www.infotropique.org https://krosos.org  
> > 
> > Okay, I now see what you mean.
> > 
> > To make it short: the correct dependency is provided in place
> > of the current working-but-not-correct GnuTLS.
> > 
> > Is that more clear?
> 
> I think you've made it clear to me now.
> 
> From what you're saying, I think its the 2nd thing I said. Making this
> change will enable some functionality in the GNUnet package (and
> possibly some of the other packages changed).
> 
> I'm not sure using the word "correct" helps, unless you say what the
> dependencies are correct/incorrect with respect to, for example, if the
> GNUnet documentation says that it should be built with GnuTLS with Dane
> support, then that would be a reason to talk about correctness.

Yes it does state this, in the documentation and all these applications
list the dependency in README aswell.
This is why I thought the original, first version, comment I made in
gnutls/dane was enough. But I'll have to be more clear then.
Well if gnURL doesn't state it in its README I have to add it, if it's
not in there it's my mistake - it's correct nevertheless.

> As for the commit format. As I understand the conventions, you can put
> anything in between the first line, and the changelog at the bottom.
> For example, one case where I ended up writing quite a bit is here [1].
> 
> It doesn't have to be very specific, but something about the intent or
> intended effect of the change in each commit would be very useful.
> 
> 1:
> http://git.savannah.gnu.org/cgit/guix.git/commit/?id=6230e155afd8c43c12ee3f03032aac34433db11a

Okay, thanks. I will change the commit messages and
reference our (GNUnet) README and documentation sections.
-- 
ng0
GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588
GnuPG: https://krosos.org/dist/keys/
https://www.infotropique.org https://krosos.org

[-- Attachment #1.2: 0001-gnu-gnutls-Add-gnutls-dane.patch --]
[-- Type: text/plain, Size: 2006 bytes --]

From d110c5792959ba62ae3df4435e25d5c95bd60fa8 Mon Sep 17 00:00:00 2001
From: ng0 <ng0@infotropique.org>
Date: Mon, 21 Aug 2017 09:28:51 +0000
Subject: [PATCH 1/4] gnu: gnutls: Add 'gnutls-dane'.

* gnu/packages/tls.scm (gnutls/dane): New variable.
---
 gnu/packages/tls.scm | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index 3251c102b..0e59d7df1 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -6,7 +6,7 @@
 ;;; Copyright © 2015 David Thompson <davet@gnu.org>
 ;;; Copyright © 2015, 2016, 2017 Leo Famulari <leo@famulari.name>
 ;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
-;;; Copyright © 2016, 2017 ng0 <contact.ng0@cryptolab.net>
+;;; Copyright © 2016, 2017 ng0 <ng0@infotropique.org>
 ;;; Copyright © 2016 Hartmut Goebel <h.goebel@crazy-compilers.com>
 ;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
@@ -37,6 +37,7 @@
   #:use-module (guix build-system cmake)
   #:use-module (gnu packages compression)
   #:use-module (gnu packages)
+  #:use-module (gnu packages dns)
   #:use-module (gnu packages guile)
   #:use-module (gnu packages libbsd)
   #:use-module (gnu packages libffi)
@@ -229,6 +230,17 @@ required structures.")
     (inputs `(("guile" ,guile-2.0)
               ,@(alist-delete "guile" (package-inputs gnutls))))))
 
+(define-public gnutls/dane
+  ;; GnuTLS with build libgnutls-dane, implementing DNS-based
+  ;; Authentication of Named Entities.  This is required for GNS functionality
+  ;; by GNUnet and gnURL.  This is done in an extra package definition
+  ;; to have the choice between GnuTLS with Dane and without Dane.
+  (package
+    (inherit gnutls)
+    (name "gnutls-dane")
+    (inputs `(("unbound" ,unbound)
+              ,@(package-inputs gnutls)))))
+
 (define-public openssl
   (package
    (name "openssl")
-- 
2.14.2


[-- Attachment #1.3: 0002-gnu-gnurl-Use-gnutls-dane-as-input.patch --]
[-- Type: text/plain, Size: 1231 bytes --]

From 5580691be6696c5af1b7d6f833958d675b22ece9 Mon Sep 17 00:00:00 2001
From: ng0 <ng0@infotropique.org>
Date: Mon, 21 Aug 2017 09:38:55 +0000
Subject: [PATCH 2/4] gnu: gnurl: Use 'gnutls/dane' as input.

This switches the used GnuTLS to the one recommended
by the GNUnet Documentation (Chapter "Installation Handbook",
Section "Generic installation instructions") where a specific
order of dependency installation is required.  In this
order libunbound is installed first, then GnuTLS, then libgnurl,
followed by libmicrohttpd.

* gnu/packages/gnunet.scm (gnurl)[inputs]: Replace gnutls with 'gnutls/dane'.
---
 gnu/packages/gnunet.scm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gnu/packages/gnunet.scm b/gnu/packages/gnunet.scm
index 82702e4e8..bb434c9ec 100644
--- a/gnu/packages/gnunet.scm
+++ b/gnu/packages/gnunet.scm
@@ -197,7 +197,7 @@ and support for SSL3 and TLS.")
    (build-system gnu-build-system)
    (outputs '("out"
               "doc"))                             ; 1.5 MiB of man3 pages
-   (inputs `(("gnutls" ,gnutls)
+   (inputs `(("gnutls" ,gnutls/dane)
              ("libidn" ,libidn)
              ("zlib" ,zlib)))
    (native-inputs
-- 
2.14.2


[-- Attachment #1.4: 0003-gnu-libmicrohttpd-Use-gnutls-dane-as-input.patch --]
[-- Type: text/plain, Size: 1202 bytes --]

From 31e8a308c16c36eecf30e16acc77ec1d676d416e Mon Sep 17 00:00:00 2001
From: ng0 <ng0@infotropique.org>
Date: Mon, 21 Aug 2017 09:45:54 +0000
Subject: [PATCH 3/4] gnu: libmicrohttpd: Use 'gnutls/dane' as input.

This switches the used GnuTLS to the one recommended
by the GNUnet Documentation (Chapter "Installation Handbook",
Section "Generic installation instructions") where a specific
order of dependency installation is required.  In this
order libunbound is installed first, then GnuTLS, then libgnurl,
followed by libmicrohttpd.

* gnu/packages/gnunet.scm (libmicrohttpd)[inputs]: Replace gnutls with 'gnutls/dane'.
---
 gnu/packages/gnunet.scm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gnu/packages/gnunet.scm b/gnu/packages/gnunet.scm
index bb434c9ec..98574994a 100644
--- a/gnu/packages/gnunet.scm
+++ b/gnu/packages/gnunet.scm
@@ -155,7 +155,7 @@ tool to extract metadata from a file and print the results.")
    (build-system gnu-build-system)
    (inputs
     `(("curl" ,curl)
-      ("gnutls" ,gnutls)
+      ("gnutls" ,gnutls/dane)
       ("libgcrypt" ,libgcrypt)
       ("openssl" ,openssl)
       ("zlib" ,zlib)))
-- 
2.14.2


[-- Attachment #1.5: 0004-gnu-gnunet-Use-gnutls-dane-as-input.patch --]
[-- Type: text/plain, Size: 1205 bytes --]

From 24df6f3fd2a83f36e264a46dfed16d4e8d744585 Mon Sep 17 00:00:00 2001
From: ng0 <ng0@infotropique.org>
Date: Mon, 21 Aug 2017 09:48:32 +0000
Subject: [PATCH 4/4] gnu: gnunet: Use 'gnutls/dane' as input.

This switches the used GnuTLS to the one recommended
by the GNUnet Documentation (Chapter "Installation Handbook",
Section "Generic installation instructions") where a specific
order of dependency installation is required.  In this
order libunbound is installed first, then GnuTLS, then libgnurl,
followed by libmicrohttpd.

* gnu/packages/gnunet.scm (gnunet)[inputs]: Replace gnutls with 'gnutls/dane'.
---
 gnu/packages/gnunet.scm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gnu/packages/gnunet.scm b/gnu/packages/gnunet.scm
index 98574994a..9a2713e66 100644
--- a/gnu/packages/gnunet.scm
+++ b/gnu/packages/gnunet.scm
@@ -271,7 +271,7 @@ supports HTTP, HTTPS and GnuTLS.")
       ("gnurl" ,gnurl)
       ("gstreamer" ,gstreamer)
       ("gst-plugins-base" ,gst-plugins-base)
-      ("gnutls" ,gnutls)
+      ("gnutls" ,gnutls/dane)
       ("libextractor" ,libextractor)
       ("libgcrypt" ,libgcrypt)
       ("libidn" ,libidn)
-- 
2.14.2


[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]