[PATCH core-updates] gnu: gnutls: Enable p11-kit.

  • Done
  • quality assurance status badge
Details
2 participants
  • Jakub Kądziołka
  • Christopher Baines
Owner
unassigned
Submitted by
Christopher Baines
Severity
normal

Debbugs page

Christopher Baines wrote 5 years ago
[PATCH] gnu: gnutls: Enable p11-kit.
(address . guix-patches@gnu.org)
20200416083409.6230-1-mail@cbaines.net
Everywhere except mips64el, where a comment says it doesn't work. I can't test
as I can't build this on mips64el anyway.

This change will enable running the tests for libcacard.

* gnu/packages/tls.scm (gnutls)[arguments]: Only specify --without-p11-kit on
mips64el.
[inputs]: Include the p11-kit for all systems except mips64el.
---
gnu/packages/tls.scm | 20 +++++++++++++++-----
1 file changed, 15 insertions(+), 5 deletions(-)

Toggle diff (47 lines)
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index 3eb32fc27a..85f159a401 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -181,7 +181,7 @@ living in the same process.")
`(; Ensure we don't keep a reference to this buggy software.
#:disallowed-references (,net-tools)
#:configure-flags
- (list
+ (cons*
;; GnuTLS doesn't consult any environment variables to specify
;; the location of the system-wide trust store. Instead it has a
;; configure-time option. Unless specified, its configure script
@@ -202,9 +202,14 @@ living in the same process.")
(string-append "--with-guile-extension-dir="
"$(libdir)/guile/$(GUILE_EFFECTIVE_VERSION)/extensions")
- ;; FIXME: Temporarily disable p11-kit support since it is not
- ;; working on mips64el.
- "--without-p11-kit")
+ (let ((system ,(or (%current-target-system)
+ (%current-system))))
+ (if (string-prefix? "mips64el" system)
+ (list
+ ;; FIXME: Temporarily disable p11-kit support since it is
+ ;; not working on mips64el.
+ "--without-p11-kit")
+ '())))
#:phases (modify-phases %standard-phases
(add-after
@@ -227,7 +232,12 @@ living in the same process.")
("pkg-config" ,pkg-config)
("which" ,which)))
(inputs
- `(("guile" ,guile-2.2)))
+ `(("guile" ,guile-2.2)
+ ,@(let ((system (or (%current-target-system)
+ (%current-system))))
+ (if (string-prefix? "mips64el" system)
+ '()
+ `(("p11-kit" ,p11-kit))))))
(propagated-inputs
;; These are all in the 'Requires.private' field of gnutls.pc.
`(("libtasn1" ,libtasn1)
--
2.26.0
Jakub Kądziołka wrote 5 years ago
(name . Christopher Baines)(address . mail@cbaines.net)
20200416121627.6uaox5yd3vmpym53@gravity
retitle 40654 [PATCH core-updates] gnu: gnutls: Enable p11-kit.
thanks

On Thu, Apr 16, 2020 at 09:34:09AM +0100, Christopher Baines wrote:
Toggle quote (9 lines)
> Everywhere except mips64el, where a comment says it doesn't work. I can't test
> as I can't build this on mips64el anyway.
>
> This change will enable running the tests for libcacard.
>
> * gnu/packages/tls.scm (gnutls)[arguments]: Only specify --without-p11-kit on
> mips64el.
> [inputs]: Include the p11-kit for all systems except mips64el.

Chris,

not sure if you noticed, but even though `guix refresh --list-dependent
gnutls' lists only 2 packages, this change will trigger a
core-updates-worthy rebuild due to the graft currently used for gnutls.

I was under the impression that, as a convention, we mark such patches
with [PATCH core-updates] in the subject, which made me uncertain as to
whether you realized that this will rebuild the world. (Though, now that
I think of it, testing this has probably required a significant amount
of time...)

Have a nice day!

Jakub Kądziołka
-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEE5Xa/ss9usT31cTO54xWnWEYTFWQFAl6YTJsACgkQ4xWnWEYT
FWQnaA//b/zsGvpCP6qGuSWajQ6JUCoM1fDOlypnqtC7JjfYymBXfh1jiDQs7+f3
6NFXTtzIREn5IbB9lpOpSRsgDLs3JBwKzliOhcxIC8u0kEpW3EMBEEC58hJV69K7
ruUudoiTTUtgC51tHniKTSO6kWh4h0SOVpzMP+2zfL9c8qVfA9+wuHs4LZPmlTIp
KVotsBTvt/BAG8J/IdF3Tg8ATV18kOy9Jn1OVlIG+/wKXxLWnVWNioCwUujZBdWv
608O+Nn3MgkZMpVzMDFliuLW0A5kKgv31KQW3F4ePcVMdiJ7RWu49DCWJQzM3UB4
Bp4uTPitmR5rN8BPN+nhec0YbUqUlF7cl3IdmLRjQmTZxrhD3c6lLNT3m3UvHIhq
L6aiOwwc/M4xXqukIVW+rb63S2JF1Fl4vsY1hf3hSpPZZzObtauJZL2ZcyBwhFC+
URLzyx62K/WsckHA4B7bt4JdOApVDZvaho0GSwNvm4XI1Lemie8Ft+t6MVpDH41I
cMMX6A213mJLr5L/N1au9bAhnU3j9wIP+zGXeLcc/bR72jLeXT1iClArQP53C87a
PE4aR501lUClTJEt3c3AAxqq+q58IHvHbmE68e4J8yzzYRKXSQj86JkULGQFxmHH
u1M3p7ZFFi18mqE538dgIFHMPjJRyPa0GtQ3vWQtKFXUF909nsE=
=UJe5
-----END PGP SIGNATURE-----


Christopher Baines wrote 5 years ago
(name . Jakub Kądziołka)(address . kuba@kadziolka.net)(address . 40654@debbugs.gnu.org)
87o8rr5o20.fsf@cbaines.net
Jakub Kądziołka <kuba@kadziolka.net> writes:

Toggle quote (16 lines)
> On Thu, Apr 16, 2020 at 09:34:09AM +0100, Christopher Baines wrote:
>> Everywhere except mips64el, where a comment says it doesn't work. I can't test
>> as I can't build this on mips64el anyway.
>>
>> This change will enable running the tests for libcacard.
>>
>> * gnu/packages/tls.scm (gnutls)[arguments]: Only specify --without-p11-kit on
>> mips64el.
>> [inputs]: Include the p11-kit for all systems except mips64el.
>
> Chris,
>
> not sure if you noticed, but even though `guix refresh --list-dependent
> gnutls' lists only 2 packages, this change will trigger a
> core-updates-worthy rebuild due to the graft currently used for gnutls.

Yeah, I noticed. This is a change I made when working on the QEMU
smartcard support for GNOME Boxes [1], and I sent it as a separate patch
as it does need handling differently.


Toggle quote (6 lines)
> I was under the impression that, as a convention, we mark such patches
> with [PATCH core-updates] in the subject, which made me uncertain as to
> whether you realized that this will rebuild the world. (Though, now that
> I think of it, testing this has probably required a significant amount
> of time...)

I simply didn't know about that convention, thanks for letting me know
:)

Chris
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEPonu50WOcg2XVOCyXiijOwuE9XcFAl6Yl/dfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDNF
ODlFRUU3NDU4RTcyMEQ5NzU0RTBCMjVFMjhBMzNCMEI4NEY1NzcACgkQXiijOwuE
9XcgGhAAlrxEGhRrNzmKpt0BOIa7XaHlcdMfcjHxovnKNkjZenyeZ4nNlbcxGuLm
QVIpZpV6OuDTMjIh4QvvWovfBgJ7A/n5XGybMyFeHQvnqtMYeu3cWMHrXgaO5JgD
F003AqM0X7cLEi29SYyZvEDmQK1LqFUovP0xDEs43HqrFW9VPdzmhsHrz9sBFOW4
5kLae/5oVvLMCJ2qsPHDYJpEHKBY82rPwJWyi7WwSc3b7008aeKC+nP6ZPERDQyT
+go0FOl/b0xm+Df76hNIIzC3RYR0DR6lAkHINc/9m3jIEUQ8U0GoxhuOmxjB2h5q
Z7d2qC5j2fcqkmggL9XK56vCZyfELfx5XM+MOWkFVA3zmXyo/kA6vqk7c6KTyKOl
TTXB9xZxHzr9Z7Jz6XS2D2BY3xzBn7M7dw/uHq3BbQPRPiG7Y0UsyIy/AXz1So7X
SWvRvlrDjMya+O4qLSlDH0euOn4QW8prypNchil1dwoSm9r3gYuUxtlqR6CtHEKG
DtuXL5Lyw3slhO7pi2gpCTllEIUQyHtUk+/4QZW7/h7JH/I/DpKlwdtqgoEbe3Oj
TLZUF6wapEDiH788MY6aD8EvkwEaZoUYG6VVA4cqOlCYmNW2HZWeL32Vs052Wnsk
umkGe9RwKus+P/d5QhtKG9opKD1miLzCk+sAJgwKfYbnic9f9pU=
=hoKq
-----END PGP SIGNATURE-----

Christopher Baines wrote 4 years ago
Re: [bug#40654] [PATCH] gnu: gnutls: Enable p11-kit.
(address . 40654-done@debbugs.gnu.org)
87h7qngv69.fsf@cbaines.net
Christopher Baines <mail@cbaines.net> writes:

Toggle quote (58 lines)
> Everywhere except mips64el, where a comment says it doesn't work. I can't test
> as I can't build this on mips64el anyway.
>
> This change will enable running the tests for libcacard.
>
> * gnu/packages/tls.scm (gnutls)[arguments]: Only specify --without-p11-kit on
> mips64el.
> [inputs]: Include the p11-kit for all systems except mips64el.
> ---
> gnu/packages/tls.scm | 20 +++++++++++++++-----
> 1 file changed, 15 insertions(+), 5 deletions(-)
>
> diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
> index 3eb32fc27a..85f159a401 100644
> --- a/gnu/packages/tls.scm
> +++ b/gnu/packages/tls.scm
> @@ -181,7 +181,7 @@ living in the same process.")
> `(; Ensure we don't keep a reference to this buggy software.
> #:disallowed-references (,net-tools)
> #:configure-flags
> - (list
> + (cons*
> ;; GnuTLS doesn't consult any environment variables to specify
> ;; the location of the system-wide trust store. Instead it has a
> ;; configure-time option. Unless specified, its configure script
> @@ -202,9 +202,14 @@ living in the same process.")
> (string-append "--with-guile-extension-dir="
> "$(libdir)/guile/$(GUILE_EFFECTIVE_VERSION)/extensions")
>
> - ;; FIXME: Temporarily disable p11-kit support since it is not
> - ;; working on mips64el.
> - "--without-p11-kit")
> + (let ((system ,(or (%current-target-system)
> + (%current-system))))
> + (if (string-prefix? "mips64el" system)
> + (list
> + ;; FIXME: Temporarily disable p11-kit support since it is
> + ;; not working on mips64el.
> + "--without-p11-kit")
> + '())))
>
> #:phases (modify-phases %standard-phases
> (add-after
> @@ -227,7 +232,12 @@ living in the same process.")
> ("pkg-config" ,pkg-config)
> ("which" ,which)))
> (inputs
> - `(("guile" ,guile-2.2)))
> + `(("guile" ,guile-2.2)
> + ,@(let ((system (or (%current-target-system)
> + (%current-system))))
> + (if (string-prefix? "mips64el" system)
> + '()
> + `(("p11-kit" ,p11-kit))))))
> (propagated-inputs
> ;; These are all in the 'Requires.private' field of gnutls.pc.
> `(("libtasn1" ,libtasn1)

I've pushed this to core-updates now as
1c2889b1ce08e1f91193e237e03462dc74c63726.
-----BEGIN PGP SIGNATURE-----

iQKlBAEBCgCPFiEEPonu50WOcg2XVOCyXiijOwuE9XcFAl+Qny5fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDNF
ODlFRUU3NDU4RTcyMEQ5NzU0RTBCMjVFMjhBMzNCMEI4NEY1NzcRHG1haWxAY2Jh
aW5lcy5uZXQACgkQXiijOwuE9XeSfg/7BHSDQqEEEwDLRqMDye4Fk/cjFWCAd7qa
21Q3pdYiEHd6QbaH7baiSzScHHzT41TLWRIz6hHQtbYDk72OzhQr3idX+//ZYY6P
/0TLmvKJUKHLlkm2uGmu9IF2s2+asJcY4WlprBPp/yuedKFqIERXAw6hLUJErNOQ
OlfSpwsDLBQeL4/iVR46YBi1q291rjNxHxtKsXyUMI4dWw0mQnFCA+iXHD5m/ecI
gnaLJIscpEPoD0/E0R9/F1Fv+TzfyrwyCr02LRRiFpy1E+58BVK/LbeC7kae1Zoi
TiJTaJZN03bteQ7mNZE1XQFaxwnnVaASgsWNluXE3RSY1BVCtYCe0Ktxfm9hZOAy
o048DiOeVD4F09rXyNCG5TIiTBcu8OdGW3Xd6yvwpaCdSPq5MjACeXnXX6LNlF2v
U7CEkn/umqBxTWkLAQtGnyK8NuJ4waZDo4vDy48UcInqXlwUAkoej5sMhn8yDqSD
Rtxp4KXxwrcwU5aeDpyZcxbuNrXq6Er89B1uz4oJV4iGYQbj+tD7Z9Z09Pl9pVOw
Yk8Xv04rrw02DgBlQzeCflkVlniUeKIfbWFDh3JAT3+bFAGS/8EFu48+6RHMTykI
+DN26Hg5xlL5dU3dFfadQhjjKbFNvxBtWigJjm7eDkLn6DJ1ZneRQrQCxEsGysym
o0Q17KA9YjY=
=R7OM
-----END PGP SIGNATURE-----

Closed
?
Your comment

This issue is archived.

To comment on this conversation send an email to 40654@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it
mumi current 40654
Then, you may apply the latest patchset in this issue (with sign off)
mumi am -- -s
Or, compose a reply to this issue
mumi compose
Or, send patches to this issue
mumi send-email *.patch
You may also tag this issue. See list of standard tags. For example, to set the confirmed and easy tags
mumi command -t +confirmed -t +easy
Or, remove the moreinfo tag and set the help tag
mumi command -t -moreinfo -t +help