From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:58260)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1eyCIV-0003by-8x
	for guix-patches@gnu.org; Tue, 20 Mar 2018 04:07:11 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1eyCIQ-0005Ul-Fy
	for guix-patches@gnu.org; Tue, 20 Mar 2018 04:07:07 -0400
Received: from debbugs.gnu.org ([208.118.235.43]:34772)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
	id 1eyCIQ-0005UF-CP
	for guix-patches@gnu.org; Tue, 20 Mar 2018 04:07:02 -0400
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1eyCIQ-0000Pp-0U
	for guix-patches@gnu.org; Tue, 20 Mar 2018 04:07:02 -0400
Subject: [bug#30845] [PATCH 05/82] gnu: Add java-bouncycastle.
Resent-Message-ID: <handler.30845.B30845.15215331651521@debbugs.gnu.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8;
 format=flowed
Content-Transfer-Encoding: 8bit
Date: Tue, 20 Mar 2018 09:06:00 +0100
From: julien lepiller <julien@lepiller.eu>
In-Reply-To: <20180319233229.100a43dd@alma-ubu>
References: <20180318134211.38163cd6@lepiller.eu>
	<20180318130530.1654-5-julien@lepiller.eu>
	<20180319233229.100a43dd@alma-ubu>
Message-ID: <832fd33b40df274d86fa2f54e9201cfe@lepiller.eu>
List-Id: <guix-patches.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>,
	<mailto:guix-patches-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-patches/>
List-Post: <mailto:guix-patches@gnu.org>
List-Help: <mailto:guix-patches-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>,
	<mailto:guix-patches-request@gnu.org?subject=subscribe>
Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org
Sender: "Guix-patches" <guix-patches-bounces+kyle=kyleam.com@gnu.org>
To: 30845@debbugs.gnu.org

Le 2018-03-19 23:32, Björn Höfling a écrit :
> On Sun, 18 Mar 2018 14:05:25 +0100
> Julien Lepiller <julien@lepiller.eu> wrote:
> 
>> * gnu/packages/java.scm (java-bouncycastle): New variable.
>> (java-bouncycastle-bcprov, java-bouncycastle-bcpkix): Remove variable.
>> (java-kafka-clients): Use java-bouncycastle.
> 
> What's the difference between the old ones and the new one, besides of
> the hosting site?

The new one includes all subpackages (bouncycastle-bcprov, -bcpkix, 
-bcpg, -bcmail, …) and no generated source.

> 
>> ---
>>  gnu/packages/java.scm | 69
>> ++++++++++++++++----------------------------------- 1 file changed,
>> 21 insertions(+), 48 deletions(-)
>> 
>> diff --git a/gnu/packages/java.scm b/gnu/packages/java.scm
>> index b1ecf843d..9f5b234bb 100644
>> --- a/gnu/packages/java.scm
>> +++ b/gnu/packages/java.scm
>> @@ -8229,29 +8229,37 @@ by technical operatives or consultants
>> working with enterprise platforms.") algorithms and xxHash hashing
>> algorithm.") (license license:asl2.0)))
>> 
>> -(define-public java-bouncycastle-bcprov
>> +(define-public java-bouncycastle
>>    (package
>> -    (name "java-bouncycastle-bcprov")
>> +    (name "java-bouncycastle")
>>      (version "1.58")
> 
> Upstream has 1.59 available that fixes a CVE. Can you use the newest
> version, or do you need that specific one for Maven? If the latter is
> the case, write a comment next to the version.

OK, I'll try with 1.59.

> 
>>      (source (origin
>>                (method url-fetch)
>> -              (uri
>> "https://bouncycastle.org/download/bcprov-jdk15on-158.tar.gz")
>> +              (uri (string-append
>> "https://github.com/bcgit/bc-java/archive/r"
>> +                                  (substring version 0 1) "rv"
>> +                                  (substring version 2 4) ".tar.gz"))
>> +              ;(uri
>> "https://bouncycastle.org/download/bcprov-jdk15on-158.tar.gz") (sha256
> 
> Old URI is kept as a comment. Is that by intention? Why?
Oops, my mistake.

> 
>>                 (base32
>> -
>> "1hgkg96llbvgs8i0krwz2n0j7wlg6jfnq8w8kg0cc899j0wfmf3n"))))
>> +                
>> ;"1hgkg96llbvgs8i0krwz2n0j7wlg6jfnq8w8kg0cc899j0wfmf3n"))))
> 
> Same for the old hash. OK?
> 
> 
> At least the 1.59 version contains two jars for the test:
> 
> bc-java-r1rv59$ find . -name "*.jar"
> ./test/libs/jna-4.3.0.jar
> ./test/libs/jna-platform-4.3.0.jar
> 
> Can you snip them away?

Oh, good catch! But jna and jna-platform are patches 9 and 10, and they 
depend on bouncycastle...

> 
> I tried to build it but it still hangs here:
> 
> [..]
> test:
>     [mkdir] Created dir:
> /tmp/guix-build-java-bouncycastle-1.58.drv-0/bc-java-r1rv58/build/jdk15on
>     [junit] Test org.bouncycastle.mail.smime.test.AllTests FAILED
> 
> 
> Maybe it takes a bit longer and I know something tomorrow.

This phase takes a lot of time without output, but it eventually 
terminates. My only concern is that the first test fails, but the phase 
terminates correctly, so bouncycastle is installed disregarding test 
result. I'll investigate.

> 
> Final review in that series for me for tonight :-)
> 
> Thank you,
> 
> Björn