[PATCH] gnu: gmnisrv: Update to commit 32854b7.

  • Done
  • quality assurance status badge
Details
3 participants
  • Arun Isaac
  • Sarah Morgensen
  • Xinglu Chen
Owner
unassigned
Submitted by
Sarah Morgensen
Severity
normal
S
S
Sarah Morgensen wrote on 23 Jul 2021 10:08
(address . guix-patches@gnu.org)
b7ff0902726773b928ffd829516899381837036f.1627027093.git.iskarian@mgsn.dev
Update to latest commit. Gmnisrv uses v3 X509 certificates now, and so
"requires fresh certificates, which could break clients with strict
trust-on-first-use policies."

gnu/packages/web.scm (gmnisrv): Update to commit 32854b7.
---
Hello Guix,

There is one possibly breaking change in this update:

Toggle quote (10 lines)
> Use v3 X509 certificate
>
> This fixes an issue where rustls failed to validate the X509v1 certificate.
>
> Tested with Amfora, av-98, and titan (https://github.com/mkeeter/titan)
>
> This requires fresh certificates, which could break clients with strict
> trust-on-first-use policies; unfortunately, it doesn't appear to be possible
> to migrate v1 certificates to v3.

Also, I'm not sure if this is the correct style for updating unversioned
software, so if I missed something, please let me know!

--
Sarah

gnu/packages/web.scm | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)

Toggle diff (29 lines)
diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm
index 12ba55cdc8..270ad31331 100644
--- a/gnu/packages/web.scm
+++ b/gnu/packages/web.scm
@@ -7968,8 +7968,8 @@ solution for any project's interface needs:
(license license:expat)))
(define-public gmnisrv
- (let ((commit "d484ba0ab0020866535a44be5948c9482b8f2b8d")
- (revision "1"))
+ (let ((commit "32854b79c73b278bf33eb5123abf1c36abdc7c01")
+ (revision "2"))
(package
(name "gmnisrv")
(version (git-version "0" revision commit))
@@ -7981,7 +7981,7 @@ solution for any project's interface needs:
(commit commit)))
(sha256
(base32
- "11phipixsxx1jgm42agp76p5s68l0zj65kgb41vzaymgwcq79ivn"))
+ "0lbb3ablwkdcgm1cjr1hikr55y8gpl420nh8b8g9wn4abhm2xgr9"))
(file-name (git-file-name name version))))
(build-system gnu-build-system)
(arguments

base-commit: 89ea0918a4a6cc9c250b85c0b713e471b7769c48
prerequisite-patch-id: 2d6692cc3cf8a733e69e6ff6b02863a160b03011
--
2.31.1
X
X
Xinglu Chen wrote on 24 Jul 2021 15:29
87h7gj3kn9.fsf@yoctocell.xyz
On Fri, Jul 23 2021, Sarah Morgensen wrote:

Toggle quote (23 lines)
> Update to latest commit. Gmnisrv uses v3 X509 certificates now, and so
> "requires fresh certificates, which could break clients with strict
> trust-on-first-use policies."
>
> gnu/packages/web.scm (gmnisrv): Update to commit 32854b7.
> ---
> Hello Guix,
>
> There is one possibly breaking change in this update:
>
>> Use v3 X509 certificate
>>
>> This fixes an issue where rustls failed to validate the X509v1 certificate.
>>
>> Tested with Amfora, av-98, and titan (https://github.com/mkeeter/titan)
>>
>> This requires fresh certificates, which could break clients with strict
>> trust-on-first-use policies; unfortunately, it doesn't appear to be possible
>> to migrate v1 certificates to v3.
>
> Also, I'm not sure if this is the correct style for updating unversioned
> software, so if I missed something, please let me know!

It is usually has the format VERSION-REVISION.COMMIT, where COMMIT is
the first 7 characters of the commit id. In this case the commit
summary would be:

gnu: gmnisrv: Update to 0-2.32854b7.

If you use Emacs, there is a Yasnippet snippet for generating commit
messages in Magit, just type “update<TAB>” in the commit buffer.

I don’t use ‘gmnisrv’, so I can’t really test it, but it builds fine for
me. :)
-----BEGIN PGP SIGNATURE-----

iQJJBAEBCAAzFiEEAVhh4yyK5+SEykIzrPUJmaL7XHkFAmD8FboVHHB1YmxpY0B5
b2N0b2NlbGwueHl6AAoJEKz1CZmi+1x5nbUP/2UWjSXV2clPWQoyg+rugFovM7LO
ZCEhLbJJNshbNudTD8WWFiwgw4g/KL9t4za3vic3gq06EncLvWdj61SNF92pDlLu
WBL0/048OK0W+iy+JbU87bJvxXq+8ka2K0NE1embymIyNVAuM0dCv9sUoPAU8qHJ
vkzlpC6T8SLvNog4xk1gL5+VmTtswaK2iTU8Y5ZYuNYEhwZd6UkAr0MNUb4RCMH5
9WK5faI28Hr5ACdeyNVL6ubnNZ+tpkWsi+uHsPTR5rNyyotZndT5T7efSNajyaE1
ybA5gYd5Kd7O8PSjXpiS1tCBuWjBtI6MMX8BONKCyhYO6zw9JOrXPDge3BGfxBlD
0io8I0TIciw/DRxzwMBzMLRbrRaN1E62YmlcrdZH6Ca4ozeMt+Q7nruecIyUOGLi
wDdPhAVlNFp2El311eczeTK+TtmdBlhD0A58cOdAczzjBHyV6gHZr/BYdAzijbwk
363bi0+vX+0z2RMvnytL2Eo6B/p4bCYSJnSjUJoQBKkGEfnjbctynPQntB5VbLf8
hg4f+b+f6y57do0xnr7y4RpENWZqKH4/HI88IPTmxIl3OeyZ4/YQHZ+Ymx/brJTT
eyaTawjo6EN2taMvl3X5IgPIw+uUi26m//5JwLGry4qvc05V6AD6karF58mB9bZF
X0JyJF176QjEERrv
=Xi7d
-----END PGP SIGNATURE-----

S
S
Sarah Morgensen wrote on 25 Jul 2021 03:42
[PATCH v2] gnu: gmnisrv: Update to 0-2.32854b7.
(address . 49706@debbugs.gnu.org)
ed1cd639e4d29941520bd5f27cbd7f3e0cd0dbaa.1627176461.git.iskarian@mgsn.dev
Update to latest commit. Gmnisrv uses v3 X509 certificates now, and so
"requires fresh certificates, which could break clients with strict
trust-on-first-use policies."

gnu/packages/web.scm (gmnisrv): Update to 0-2.32854b7.
---
gnu/packages/web.scm | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)

Toggle diff (29 lines)
diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm
index 12ba55cdc8..270ad31331 100644
--- a/gnu/packages/web.scm
+++ b/gnu/packages/web.scm
@@ -7968,8 +7968,8 @@ solution for any project's interface needs:
(license license:expat)))
(define-public gmnisrv
- (let ((commit "d484ba0ab0020866535a44be5948c9482b8f2b8d")
- (revision "1"))
+ (let ((commit "32854b79c73b278bf33eb5123abf1c36abdc7c01")
+ (revision "2"))
(package
(name "gmnisrv")
(version (git-version "0" revision commit))
@@ -7981,7 +7981,7 @@ solution for any project's interface needs:
(commit commit)))
(sha256
(base32
- "11phipixsxx1jgm42agp76p5s68l0zj65kgb41vzaymgwcq79ivn"))
+ "0lbb3ablwkdcgm1cjr1hikr55y8gpl420nh8b8g9wn4abhm2xgr9"))
(file-name (git-file-name name version))))
(build-system gnu-build-system)
(arguments

base-commit: 89ea0918a4a6cc9c250b85c0b713e471b7769c48
prerequisite-patch-id: 2d6692cc3cf8a733e69e6ff6b02863a160b03011
--
2.31.1
A
A
Arun Isaac wrote on 25 Jul 2021 12:31
(name . Xinglu Chen)(address . public@yoctocell.xyz)
87im0yfzx4.fsf@systemreboot.net
Hi Sarah and Xinglu,

Thanks for working on this patch! I have pushed this with the following
two minor changes.

1. Added copyright header for Sarah.

Toggle quote (2 lines)
> Update to latest commit. Gmnisrv uses v3 X509 certificates now, and so

2. Downcased Gmnisrv to gmnisrv since that seems to be the correct
capitalization according to upstream.

Regards,
Arun
-----BEGIN PGP SIGNATURE-----

iQFPBAEBCAA5FiEEf3MDQ/Lwnzx3v3nTLiXui2GAK7MFAmD9PWcbHGFydW5pc2Fh
Y0BzeXN0ZW1yZWJvb3QubmV0AAoJEC4l7othgCuzzXEIAIF5NM+2VZq4+wJNWBVp
qjoDURDPDOeyxAximS9a2iV91j+CZLS6p5MXCtfF+kxbRYKha7NMGBcbSswetGuK
oJXck37eKX8jNCjpumU4Xnitp08r/3tuobbLaBEjqa+YNphkMKZ/L31tFAGyzs3w
LhqjQuLXDeabBif2opdMM9lSfs3XyfjJBQlatYxqKZORclNhNCUt1ItYrmdWQnqs
/5kPZ0DV/QqZVlZUAz5RcyfYfq/rCtp07jNc6FB6RW8Ds9RSf+CIMbkdA/Cqdp+Y
ZGBfOedAJuf8DX8SEOtvjCRepPm0+lYHwGaq9xrSlVqbGYwP0xz141TvZxS5JL2e
OQE=
=nauw
-----END PGP SIGNATURE-----

Closed
?