From mboxrd@z Thu Jan 1 00:00:00 1970 From: Mark H Weaver Subject: Re: openssl is now a dependency of guix: possible license conflict? Date: Fri, 18 Aug 2017 17:21:24 -0400 Message-ID: <87a82wefmz.fsf@netris.org> References: <87tw17ox0x.fsf@gmail.com> <87y3qjncyi.fsf@netris.org> <878tii8x2k.fsf@netris.org> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:32787) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dioiN-0003Ms-Jm for guix-devel@gnu.org; Fri, 18 Aug 2017 17:22:01 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dioiK-0002wJ-50 for guix-devel@gnu.org; Fri, 18 Aug 2017 17:21:59 -0400 Received: from world.peace.net ([50.252.239.5]:46765) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1dioiJ-0002sa-T3 for guix-devel@gnu.org; Fri, 18 Aug 2017 17:21:56 -0400 In-Reply-To: <878tii8x2k.fsf@netris.org> (Mark H. Weaver's message of "Thu, 17 Aug 2017 03:36:51 -0400") List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Alex Vong Cc: guix-devel@gnu.org --=-=-= Content-Type: text/plain Mark H Weaver writes: > There exist patches for libgit2 to support the mbedTLS library, but it > is not yet clear whether they will be accepted upstream: > > https://github.com/libgit2/libgit2/pull/3462 > https://github.com/libgit2/libgit2/pull/3935 Here's the currently-open pull request: https://github.com/libgit2/libgit2/pull/4173 I've attached work-in-progress patches to switch our libgit2 to use a modified version that supports mbedTLS. Currently, there is a failing test in libgit2. It may be a couple of days before I can work more on this. I'm sending out these patches in case someone else wants to work more on this in the meantime. Mark --=-=-= Content-Type: text/x-patch Content-Disposition: inline; filename=0001-DRAFT-gnu-mbedTLS-Build-shared-libraries.patch Content-Description: [PATCH 1/2] DRAFT: gnu: mbedTLS: Build shared libraries >From ff3267d15cde38f8af1751cbd15bf7a8e4a0eea0 Mon Sep 17 00:00:00 2001 From: Mark H Weaver Date: Fri, 18 Aug 2017 17:06:39 -0400 Subject: [PATCH 1/2] DRAFT: gnu: mbedTLS: Build shared libraries. --- gnu/packages/tls.scm | 2 ++ 1 file changed, 2 insertions(+) diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index 9d3e9d9e9..0c5b53162 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -775,6 +775,8 @@ then ported to the GNU / Linux environment.") (base32 "1yc1rj0izjihj9hbzvskpa4gjzqf4dm2i84nmmm2s9j1i66fp6jm")))) (build-system cmake-build-system) + (arguments + `(#:configure-flags '("-DUSE_SHARED_MBEDTLS_LIBRARY=On"))) (native-inputs `(("perl" ,perl))) (synopsis "Small TLS library") -- 2.14.1 --=-=-= Content-Type: text/x-patch Content-Disposition: inline; filename=0002-PRELIMINARY-libgit2-Use-mbedTLS.patch Content-Description: [PATCH 2/2] PRELIMINARY: libgit2: Use mbedTLS. >From 2680d40d32ab3452522f87be09c69f1ec0399c6e Mon Sep 17 00:00:00 2001 From: Mark H Weaver Date: Fri, 18 Aug 2017 17:06:18 -0400 Subject: [PATCH 2/2] PRELIMINARY: libgit2: Use mbedTLS. --- .../patches/libgit2-mbedtls-cert-location.patch | 21 ++++ gnu/packages/version-control.scm | 111 ++++++++++++--------- 2 files changed, 87 insertions(+), 45 deletions(-) create mode 100644 gnu/packages/patches/libgit2-mbedtls-cert-location.patch diff --git a/gnu/packages/patches/libgit2-mbedtls-cert-location.patch b/gnu/packages/patches/libgit2-mbedtls-cert-location.patch new file mode 100644 index 000000000..3f068d9a5 --- /dev/null +++ b/gnu/packages/patches/libgit2-mbedtls-cert-location.patch @@ -0,0 +1,21 @@ +Cope with the absence of /etc/ssl/certs within the build container. + +diff --git a/CMakeLists.txt b/CMakeLists.txt +index 6976946ca..8c8841464 100644 +--- a/CMakeLists.txt ++++ b/CMakeLists.txt +@@ -361,9 +361,11 @@ ELSEIF(TLS_BACKEND STREQUAL "mbedTLS") + ENDIF() + + IF(CERT_LOCATION) +- IF(NOT EXISTS ${CERT_LOCATION}) +- MESSAGE(FATAL_ERROR "Cannot use CERT_LOCATION=${CERT_LOCATION} as it doesn't exist") +- ENDIF() ++ # Within Guix's build container, the certificates will ++ # not exist in the standard system-wide directory. ++ #IF(NOT EXISTS ${CERT_LOCATION}) ++ # MESSAGE(FATAL_ERROR "Cannot use CERT_LOCATION=${CERT_LOCATION} as it doesn't exist") ++ #ENDIF() + ADD_FEATURE_INFO(CERT_LOCATION ON "using certificates from ${CERT_LOCATION}") + ADD_DEFINITIONS(-DGIT_DEFAULT_CERT_LOCATION="${CERT_LOCATION}") + ENDIF() diff --git a/gnu/packages/version-control.scm b/gnu/packages/version-control.scm index 869672ca4..8bc761863 100644 --- a/gnu/packages/version-control.scm +++ b/gnu/packages/version-control.scm @@ -352,53 +352,74 @@ everything from small to very large projects with speed and efficiency.") (home-page "https://git-scm.com/"))) (define-public libgit2 - (package - (name "libgit2") - (version "0.26.0") - (source (origin - (method url-fetch) - (uri (string-append "https://github.com/libgit2/libgit2/" - "archive/v" version ".tar.gz")) - (file-name (string-append name "-" version ".tar.gz")) - (sha256 - (base32 - "1fdk9yhwvl1w1z71ykzcvgh4nsf8scxcbclz5anh98zpplmhmisa")) - (patches (search-patches "libgit2-0.25.1-mtime-0.patch")))) - (build-system cmake-build-system) - (outputs '("out" "debug")) - (arguments - `(#:configure-flags '("-DUSE_SHA1DC=ON") ; SHA-1 collision detection - #:phases - (modify-phases %standard-phases - (add-after 'unpack 'fix-hardcoded-paths - (lambda _ - (substitute* "tests/repo/init.c" - (("#!/bin/sh") (string-append "#!" (which "sh")))) - (substitute* "tests/clar/fs.h" - (("/bin/cp") (which "cp")) - (("/bin/rm") (which "rm"))) - #t)) - ;; Run checks more verbosely. - (replace 'check - (lambda _ (zero? (system* "./libgit2_clar" "-v" "-Q"))))))) - (inputs - `(("libssh2" ,libssh2) - ("libcurl" ,curl) - ("python" ,python-wrapper))) - (native-inputs - `(("pkg-config" ,pkg-config))) - (propagated-inputs - ;; These two libraries are in 'Requires.private' in libgit2.pc. - `(("openssl" ,openssl) - ("zlib" ,zlib))) - (home-page "https://libgit2.github.com/") - (synopsis "Library providing Git core methods") - (description - "Libgit2 is a portable, pure C implementation of the Git core methods + (let ((version "0.26.0") + (commit "f16ff6db95964a5ea55b6654ab0f98d7711b4041") + (revision 1)) + (package + (name "libgit2") + (version (string-append version "-" + (number->string revision) + "." (string-take commit 7))) + (source (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/tiennou/libgit2") + (commit commit))) + (sha256 + (base32 + "1zaynw5qqjg38vjqmvdnrf74i3c26cnql7d2akz0r4r0x51qz37f")) + (file-name (string-append name "-" version "-checkout")) + (patches (search-patches "libgit2-mbedtls-cert-location.patch" + "libgit2-0.25.1-mtime-0.patch"))) + #; + (origin + (method url-fetch) + (uri (string-append "https://github.com/libgit2/libgit2/" + "archive/v" version ".tar.gz")) + (file-name (string-append name "-" version ".tar.gz")) + (sha256 + (base32 + "1fdk9yhwvl1w1z71ykzcvgh4nsf8scxcbclz5anh98zpplmhmisa")) + (patches (search-patches "libgit2-0.25.1-mtime-0.patch")))) + (build-system cmake-build-system) + (outputs '("out" "debug")) + (arguments + `(#:configure-flags + '("-DUSE_SHA1DC=ON" ; SHA-1 collision detection + "-DUSE_TLS=mbedTLS" ; Avoid OpenSSL for GPL compatibility + "-DCERT_LOCATION=/phony/etc/ssl/certs") ; XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + #:phases + (modify-phases %standard-phases + (add-after 'unpack 'fix-hardcoded-paths + (lambda _ + (substitute* "tests/repo/init.c" + (("#!/bin/sh") (string-append "#!" (which "sh")))) + (substitute* "tests/clar/fs.h" + (("/bin/cp") (which "cp")) + (("/bin/rm") (which "rm"))) + #t)) + ;; Run checks more verbosely. + (replace 'check + (lambda _ (zero? (system* "./libgit2_clar" "-v" "-Q"))))))) + (inputs + `(("libssh2" ,libssh2) + ("libcurl" ,curl) + ("mbedtls" ,mbedtls-apache) + ("http-parser" ,http-parser) + ("python" ,python-wrapper))) + (native-inputs + `(("pkg-config" ,pkg-config))) + (propagated-inputs + ;; zlib in 'Requires.private' in libgit2.pc. + `(("zlib" ,zlib))) + (home-page "https://libgit2.github.com/") + (synopsis "Library providing Git core methods") + (description + "Libgit2 is a portable, pure C implementation of the Git core methods provided as a re-entrant linkable library with a solid API, allowing you to write native speed custom Git applications in any language with bindings.") - ;; GPLv2 with linking exception - (license license:gpl2))) + ;; GPLv2 with linking exception + (license license:gpl2)))) (define-public git-crypt (package -- 2.14.1 --=-=-=--