Update to latest commit. Gmnisrv uses v3 X509 certificates now, and so "requires fresh certificates, which could break clients with strict trust-on-first-use policies." gnu/packages/web.scm (gmnisrv): Update to commit 32854b7. --- Hello Guix, There is one possibly breaking change in this update: > Use v3 X509 certificate > > This fixes an issue where rustls failed to validate the X509v1 certificate. > > Tested with Amfora, av-98, and titan (https://github.com/mkeeter/titan) > > This requires fresh certificates, which could break clients with strict > trust-on-first-use policies; unfortunately, it doesn't appear to be possible > to migrate v1 certificates to v3. Also, I'm not sure if this is the correct style for updating unversioned software, so if I missed something, please let me know! -- Sarah gnu/packages/web.scm | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm index 12ba55cdc8..270ad31331 100644 --- a/gnu/packages/web.scm +++ b/gnu/packages/web.scm @@ -7968,8 +7968,8 @@ solution for any project's interface needs: (license license:expat))) (define-public gmnisrv - (let ((commit "d484ba0ab0020866535a44be5948c9482b8f2b8d") - (revision "1")) + (let ((commit "32854b79c73b278bf33eb5123abf1c36abdc7c01") + (revision "2")) (package (name "gmnisrv") (version (git-version "0" revision commit)) @@ -7981,7 +7981,7 @@ solution for any project's interface needs: (commit commit))) (sha256 (base32 - "11phipixsxx1jgm42agp76p5s68l0zj65kgb41vzaymgwcq79ivn")) + "0lbb3ablwkdcgm1cjr1hikr55y8gpl420nh8b8g9wn4abhm2xgr9")) (file-name (git-file-name name version)))) (build-system gnu-build-system) (arguments base-commit: 89ea0918a4a6cc9c250b85c0b713e471b7769c48 prerequisite-patch-id: 2d6692cc3cf8a733e69e6ff6b02863a160b03011 -- 2.31.1
[-- Attachment #1: Type: text/plain, Size: 1357 bytes --] On Fri, Jul 23 2021, Sarah Morgensen wrote: > Update to latest commit. Gmnisrv uses v3 X509 certificates now, and so > "requires fresh certificates, which could break clients with strict > trust-on-first-use policies." > > gnu/packages/web.scm (gmnisrv): Update to commit 32854b7. > --- > Hello Guix, > > There is one possibly breaking change in this update: > >> Use v3 X509 certificate >> >> This fixes an issue where rustls failed to validate the X509v1 certificate. >> >> Tested with Amfora, av-98, and titan (https://github.com/mkeeter/titan) >> >> This requires fresh certificates, which could break clients with strict >> trust-on-first-use policies; unfortunately, it doesn't appear to be possible >> to migrate v1 certificates to v3. > > Also, I'm not sure if this is the correct style for updating unversioned > software, so if I missed something, please let me know! It is usually has the format VERSION-REVISION.COMMIT, where COMMIT is the first 7 characters of the commit id. In this case the commit summary would be: gnu: gmnisrv: Update to 0-2.32854b7. If you use Emacs, there is a Yasnippet snippet for generating commit messages in Magit, just type “update<TAB>” in the commit buffer. I don’t use ‘gmnisrv’, so I can’t really test it, but it builds fine for me. :) [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 861 bytes --]
Update to latest commit. Gmnisrv uses v3 X509 certificates now, and so "requires fresh certificates, which could break clients with strict trust-on-first-use policies." gnu/packages/web.scm (gmnisrv): Update to 0-2.32854b7. --- gnu/packages/web.scm | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm index 12ba55cdc8..270ad31331 100644 --- a/gnu/packages/web.scm +++ b/gnu/packages/web.scm @@ -7968,8 +7968,8 @@ solution for any project's interface needs: (license license:expat))) (define-public gmnisrv - (let ((commit "d484ba0ab0020866535a44be5948c9482b8f2b8d") - (revision "1")) + (let ((commit "32854b79c73b278bf33eb5123abf1c36abdc7c01") + (revision "2")) (package (name "gmnisrv") (version (git-version "0" revision commit)) @@ -7981,7 +7981,7 @@ solution for any project's interface needs: (commit commit))) (sha256 (base32 - "11phipixsxx1jgm42agp76p5s68l0zj65kgb41vzaymgwcq79ivn")) + "0lbb3ablwkdcgm1cjr1hikr55y8gpl420nh8b8g9wn4abhm2xgr9")) (file-name (git-file-name name version)))) (build-system gnu-build-system) (arguments base-commit: 89ea0918a4a6cc9c250b85c0b713e471b7769c48 prerequisite-patch-id: 2d6692cc3cf8a733e69e6ff6b02863a160b03011 -- 2.31.1
[-- Attachment #1: Type: text/plain, Size: 347 bytes --] Hi Sarah and Xinglu, Thanks for working on this patch! I have pushed this with the following two minor changes. 1. Added copyright header for Sarah. > Update to latest commit. Gmnisrv uses v3 X509 certificates now, and so 2. Downcased Gmnisrv to gmnisrv since that seems to be the correct capitalization according to upstream. Regards, Arun [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 524 bytes --]