Update mbedtls-apache to 3.2.1

  • Open
  • quality assurance status badge
Details
3 participants
  • Gabriel Wicki
  • Wicki Gabriel (wicg)
  • Simon Tournier
Owner
unassigned
Submitted by
Gabriel Wicki
Severity
normal
G
G
Gabriel Wicki wrote on 7 Dec 2022 01:01
(address . guix-patches@gnu.org)
87tu28axpj.fsf@erlikon.ch
Hi

Working with it i realized today that mbedtls is somewhat outdated in
Guix, so i took the liberty of creating an update patch. Following the
comments in the package definition i realized that updating mbedtls
would break hiawatha, since that project upgraded to mbedtls 3 with
version 11. So i updatet that package as well.
I removed the snippets in both source blocks since they aren't needed
anymore.

Thanks for review and merge! Kind regards

gabriel



From 94ade2b4e1cf65b4859418ea2e7f7e12e35289bc Mon Sep 17 00:00:00 2001
From: Gabriel Wicki <wicg@zhaw.ch>
Date: Tue, 6 Dec 2022 16:36:11 +0100
Subject: [PATCH] gnu: mbedtls-apache: Update to version 3.2.1.

* gnu/packages/tls.scm (mbedtls-apache): Update to 3.2.1.
[source]: Remove snippet.
* gnu/packages/web.scm (hiawatha): Update to version 11.2
[source] Remove snippet.
---
gnu/packages/tls.scm | 15 +++------------
gnu/packages/web.scm | 10 ++--------
2 files changed, 5 insertions(+), 20 deletions(-)

Toggle diff (62 lines)
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index f1e844b608..ee81359a66 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -1002,7 +1002,7 @@ (define-public mbedtls-apache
(name "mbedtls-apache")
;; XXX Check whether ‘-Wformat-signedness’ still breaks mbedtls-for-hiawatha
;; when updating.
- (version "2.26.0")
+ (version "3.2.1")
(source
(origin
(method git-fetch)
@@ -1010,17 +1010,8 @@ (define-public mbedtls-apache
(url "https://github.com/ARMmbed/mbedtls")
(commit (string-append "mbedtls-" version))))
(sha256
- (base32 "0scwpmrgvg6q7rvqkc352d2fqlsx0aylcbyibcp1f1rsn8iiif2m"))
- (file-name (git-file-name name version))
- (modules '((guix build utils)))
- (snippet
- '(begin
- ;; Can be removed with the next version.
- ;; Reduce level of format truncation warnings due to false positives.
- ;; https://github.com/ARMmbed/mbedtls/commit/2065a8d8af27c6cb1e40c9462b5933336dca7434
- (substitute* "CMakeLists.txt"
- (("Wformat-truncation=2") "Wformat-truncation"))
- #t))))
+ (base32 "1dvj1m2i5lkaf8bcmslap8d82z2pi7ypgr8n7lv0rqjyy4vgmkgq"))
+ (file-name (git-file-name name version))))
(build-system cmake-build-system)
(arguments
`(#:configure-flags
diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm
index a313b0c7a4..f046ddd025 100644
--- a/gnu/packages/web.scm
+++ b/gnu/packages/web.scm
@@ -6095,20 +6095,14 @@ (define-public tidy-html
(define-public hiawatha
(package
(name "hiawatha")
- (version "10.11")
+ (version "11.2")
(source
(origin
(method url-fetch)
(uri (string-append "https://www.hiawatha-webserver.org/files/"
"hiawatha-" version ".tar.gz"))
- (modules '((guix build utils)))
- (snippet '(begin
- ;; We use packaged libraries, so delete the bundled copies.
- (for-each delete-file-recursively
- (list "extra/nghttp2.tgz" "mbedtls"))
- #t))
(sha256
- (base32 "09wpgilbv13zal71v9lbsqr8c3fignygadykpd1p1pb8blb5vn3r"))))
+ (base32 "1i8vrxbvpcj6yxmshbg19gm9g8vrxds6pdra0sgld4vzj9v4zilr"))))
(build-system cmake-build-system)
(arguments
`(#:tests? #f ; no tests included
--
2.38.0
S
S
Simon Tournier wrote on 27 Jan 2023 14:59
(name . Gabriel Wicki)(address . gabriel@erlikon.ch)(address . 59867@debbugs.gnu.org)
871qngoz6u.fsf@gmail.com
Hi,

Thanks for the contribution.

On mer., 07 déc. 2022 at 01:01, Gabriel Wicki <gabriel@erlikon.ch> wrote:

Toggle quote (8 lines)
> Working with it i realized today that mbedtls is somewhat outdated in
> Guix, so i took the liberty of creating an update patch. Following the
> comments in the package definition i realized that updating mbedtls
> would break hiawatha, since that project upgraded to mbedtls 3 with
> version 11. So i updatet that package as well.
> I removed the snippets in both source blocks since they aren't needed
> anymore.

I get this:

Toggle snippet (4 lines)
$ guix refresh -l mbedtls-apache
Building the following 52 packages would ensure 312 dependent packages are rebuilt: dolphin-emu@5.0-13178.a34823d superstarfighter@0.6.5 openrgb@0.8 hashlink@1.12 inspircd@3.12.0 julia-juno@0.8.4 julia-measures@0.3.1 julia-cenum@0.4.1 julia-genericschur@0.5.3 julia-sundials-jll@5.2.1+0 julia-ffmpeg@0.4.1 julia-bfloat16s@0.4.0 julia-fuzzycompletions@0.4.1 julia-millboard@0.2.5 julia-showoff@1.0.2 julia-msgpack@1.1.0 julia-softglobalscope@1.1.0 julia-scratch@1.1.0 julia-tableiointerface@0.1.6 julia-mocking@0.7.3 julia-static@0.8.3 julia-pyplot@2.10.0 julia-infinity@0.2.4 julia-mutablearithmetics@0.2.20 julia-gpuarrays@8.1.3 julia-gr@0.58.1 julia-configurations@0.16.4 julia-bioalignments@2.0.0 julia-suppressor@0.2.0 julia-quadmath@0.5.5 julia-referencetests@0.9.7 julia-imagemagick@1.2.1 julia-optim@1.6.0 julia-lazyarrays@0.22.16 julia-testimages@1.5.0 julia-plotthemes@2.0.1 julia-recipespipeline@0.3.4 julia-csv@0.10.4 julia-bson@0.3.6 julia-geometrybasics@0.4.2 bluez-alsa@3.0.0 kopete@22.04.3 mswebrtc@1.1.1-0.946ca70 msopenh264@1.2.1-0.88697cc mssilk@1.1.1-0.dd0f31e msamr@1.1.3-0.5ab5c09 linphone-desktop@4.2.5 dislocker@0.7.3 nng@1.3.2 obs-spectralizer@1.3.3 obs-websocket@4.9.1 obs-wlrobs@1.0

which means it is tangent for master. :-) Have you rebuilt all these?
Does the update only break hiawatha?


Then, it is not a clean patch; it is not straightforward apply. :-)

Please, could you use “git-send-email” as recommended by the manual [1].
Please mention the base commit against which the patch applies, it helps
as in this case when the file gnu/packages/tls.scm has changed in the
mean time.

Could you send v2?



Thanks,
simon
W
W
Wicki Gabriel (wicg) wrote on 1 Feb 2023 14:12
Updated Mbed TLS 3 patchset
(name . 59867@debbugs.gnu.org)(address . 59867@debbugs.gnu.org)
ZR0P278MB02684BFD4D96BCFA9588F412C1D19@ZR0P278MB0268.CHEP278.PROD.OUTLOOK.COM
Thanks for your review and the comments, Simon!

I've prepared another patchset (on top of base commit: 14323edcc37d9efaae2491cf5f57ea0621412d7e). Since there are so many applications relying on mbedtls v2 I figured it would be best to introduce mbedtls-apache3 to allow gradually upgrading the packages affected -- MbedTLS breaks parts of its old API.
Attachment: file
From a8cfe94b58417ebe9bd5e9af6b247d8ccd882929 Mon Sep 17 00:00:00 2001
From: Gabriel Wicki <gabriel@erlikon.ch>
Date: Fri, 27 Jan 2023 15:45:17 +0100
Subject: [PATCH 1/4] gnu: mbedtls-apache3: Add Mbed TLS 3.

* gnu/packages/tls.scm (mbedtls-apache3): New variable.
---
gnu/packages/tls.scm | 17 +++++++++++++++--
1 file changed, 15 insertions(+), 2 deletions(-)

Toggle diff (37 lines)
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index bdac8a6e63..19cefec795 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -1018,8 +1018,6 @@ (define-public perl-crypt-openssl-random
(define-public mbedtls-apache
(package
(name "mbedtls-apache")
- ;; XXX Check whether ‘-Wformat-signedness’ still breaks mbedtls-for-hiawatha
- ;; when updating.
(version "2.28.0")
(source
(origin
@@ -1051,6 +1049,21 @@ (define-public mbedtls-apache
(home-page "https://www.trustedfirmware.org/projects/mbed-tls/")
(license license:asl2.0)))
+(define-public mbedtls-apache3
+ (package
+ (inherit mbedtls-apache)
+ (name "mbedtls-apache3")
+ (version "3.2.1")
+ (source (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/ARMmbed/mbedtls")
+ (commit (string-append "mbedtls-" version))))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32
+ "1dvj1m2i5lkaf8bcmslap8d82z2pi7ypgr8n7lv0rqjyy4vgmkgq"))))))
+
;; The Hiawatha Web server requires some specific features to be enabled.
(define-public mbedtls-for-hiawatha
(hidden-package
--
2.39.1
From 90eabe004c15eb94862c8c1cc3569c86226f93cb Mon Sep 17 00:00:00 2001
From: Gabriel Wicki <gabriel@erlikon.ch>
Date: Fri, 27 Jan 2023 15:54:54 +0100
Subject: [PATCH 2/4] gnu: hiawatha: Update to 11.2.

* gnu/packages/web.scm (hiawatha): Update to 11.2. [source] Delete unused
snippet. [arguments] Clean up configure-flags. Point hiawatha to mbedtls-apache3.
* gnu/packages/tls.scm (mbedtls-for-hiawatha): Update to MbedTLS
3.2.1. [source] Delete unnecessary snippet.
---
gnu/packages/tls.scm | 22 +++++-----------------
gnu/packages/web.scm | 14 +++-----------
2 files changed, 8 insertions(+), 28 deletions(-)

Toggle diff (91 lines)
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index 19cefec795..1a1c99ab59 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -1068,9 +1068,9 @@ (define-public mbedtls-apache3
(define-public mbedtls-for-hiawatha
(hidden-package
(package
- (inherit mbedtls-apache)
- (name "mbedtls-apache")
- (version "2.26.0")
+ (inherit mbedtls-apache3)
+ (name "mbedtls-apache3")
+ (version "3.2.1")
(source
(origin
(method git-fetch)
@@ -1078,17 +1078,8 @@ (define-public mbedtls-for-hiawatha
(url "https://github.com/ARMmbed/mbedtls")
(commit (string-append "mbedtls-" version))))
(sha256
- (base32 "0scwpmrgvg6q7rvqkc352d2fqlsx0aylcbyibcp1f1rsn8iiif2m"))
- (file-name (git-file-name name version))
- (modules '((guix build utils)))
- (snippet
- '(begin
- ;; Can be removed with the next version.
- ;; Reduce level of format truncation warnings due to false positives.
- ;; https://github.com/ARMmbed/mbedtls/commit/2065a8d8af27c6cb1e40c9462b5933336dca7434
- (substitute* "CMakeLists.txt"
- (("Wformat-truncation=2") "Wformat-truncation"))
- #t))))
+ (base32 "1dvj1m2i5lkaf8bcmslap8d82z2pi7ypgr8n7lv0rqjyy4vgmkgq"))
+ (file-name (git-file-name name version))))
(arguments
(substitute-keyword-arguments (package-arguments mbedtls-apache)
((#:phases phases)
@@ -1099,9 +1090,6 @@ (define-public mbedtls-for-hiawatha
(invoke "scripts/config.pl" "set" feature))
(list "MBEDTLS_THREADING_C"
"MBEDTLS_THREADING_PTHREAD"))
- ;; XXX The above enables code that breaks with -Werror…
- (substitute* "CMakeLists.txt"
- ((" -Wformat-signedness") ""))
#t)))))))))
(define-public dehydrated
diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm
index a29f53108c..d92457ea6b 100644
--- a/gnu/packages/web.scm
+++ b/gnu/packages/web.scm
@@ -6159,26 +6159,18 @@ (define-public tidy-html
(define-public hiawatha
(package
(name "hiawatha")
- (version "10.11")
+ (version "11.2")
(source
(origin
(method url-fetch)
(uri (string-append "https://www.hiawatha-webserver.org/files/"
"hiawatha-" version ".tar.gz"))
- (modules '((guix build utils)))
- (snippet '(begin
- ;; We use packaged libraries, so delete the bundled copies.
- (for-each delete-file-recursively
- (list "extra/nghttp2.tgz" "mbedtls"))
- #t))
(sha256
- (base32 "09wpgilbv13zal71v9lbsqr8c3fignygadykpd1p1pb8blb5vn3r"))))
+ (base32 "1i8vrxbvpcj6yxmshbg19gm9g8vrxds6pdra0sgld4vzj9v4zilr"))))
(build-system cmake-build-system)
(arguments
`(#:tests? #f ; no tests included
#:configure-flags (list (string-append "-DUSE_SYSTEM_MBEDTLS=on")
- (string-append "-DENABLE_HTTP2=on")
- (string-append "-DUSE_SYSTEM_NGHTTP2=on")
(string-append "-DENABLE_TOMAHAWK=on")
(string-append "-DLOG_DIR=/var/log/hiawatha")
(string-append "-DPID_DIR=/run")
@@ -6199,7 +6191,7 @@ (define-public hiawatha
;; Make sure 'hiawatha' finds 'mbedtls'.
(let* ((out (assoc-ref outputs "out"))
(sbin (string-append out "/sbin"))
- (mbed (assoc-ref inputs "mbedtls-apache")))
+ (mbed (assoc-ref inputs "mbedtls-apache3")))
(wrap-program (string-append sbin "/hiawatha")
`("PATH" ":" prefix (,mbed)))))))))
(inputs
--
2.39.1
From a71139d67bc471ab7eceeb0ccd770cb96a00eed4 Mon Sep 17 00:00:00 2001
From: gabriel <gabriel@erlikon.ch>
Date: Wed, 1 Feb 2023 13:44:22 +0100
Subject: [PATCH 3/4] gnu: mbedtls-apache: Improve package style.

* gnu/packages/tls.scm (mbedtls-apache) [source, arguments, native-inputs]:
Whitespace adjustments following `guix style`.
---
gnu/packages/tls.scm | 36 +++++++++++++++++-------------------
1 file changed, 17 insertions(+), 19 deletions(-)

Toggle diff (51 lines)
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index 1a1c99ab59..d33dee6a7d 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -1019,27 +1019,25 @@ (define-public mbedtls-apache
(package
(name "mbedtls-apache")
(version "2.28.0")
- (source
- (origin
- (method git-fetch)
- (uri (git-reference
- (url "https://github.com/ARMmbed/mbedtls")
- (commit (string-append "mbedtls-" version))))
- (file-name (git-file-name name version))
- (sha256
- (base32 "0s37dsi29v7146fi9k4frvx5rz2snxdm6c3rwq2fvnca2r80hfjl"))))
+ (source (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/ARMmbed/mbedtls")
+ (commit (string-append "mbedtls-" version))))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32
+ "0s37dsi29v7146fi9k4frvx5rz2snxdm6c3rwq2fvnca2r80hfjl"))))
(build-system cmake-build-system)
(arguments
- `(#:configure-flags
- (list "-DUSE_SHARED_MBEDTLS_LIBRARY=ON"
- "-DUSE_STATIC_MBEDTLS_LIBRARY=OFF")
- #:phases
- (modify-phases %standard-phases
- (add-after 'unpack 'make-source-writable
- (lambda _
- (for-each make-file-writable (find-files ".")))))))
- (native-inputs
- (list perl python))
+ `(#:configure-flags (list "-DUSE_SHARED_MBEDTLS_LIBRARY=ON"
+ "-DUSE_STATIC_MBEDTLS_LIBRARY=OFF")
+ #:phases (modify-phases %standard-phases
+ (add-after 'unpack 'make-source-writable
+ (lambda _
+ (for-each make-file-writable
+ (find-files ".")))))))
+ (native-inputs (list perl python))
(synopsis "Small TLS library")
(description
"@code{mbed TLS}, formerly known as PolarSSL, makes it trivially easy
--
2.39.1
From ad06f80cd789a5da4104a35c6d33ad58ebce7668 Mon Sep 17 00:00:00 2001
From: gabriel <gabriel@erlikon.ch>
Date: Wed, 1 Feb 2023 13:52:43 +0100
Subject: [PATCH 4/4] gnu: hiawatha: Improve package style.

* gnu/packages/web.scm (hiawatha) [source, arguments, inputs]: Whitespace
adjustments following `guix style`.
---
gnu/packages/web.scm | 54 +++++++++++++++++++++-----------------------
1 file changed, 26 insertions(+), 28 deletions(-)

Toggle diff (76 lines)
diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm
index d92457ea6b..37cf1c4238 100644
--- a/gnu/packages/web.scm
+++ b/gnu/packages/web.scm
@@ -6160,16 +6160,16 @@ (define-public hiawatha
(package
(name "hiawatha")
(version "11.2")
- (source
- (origin
- (method url-fetch)
- (uri (string-append "https://www.hiawatha-webserver.org/files/"
- "hiawatha-" version ".tar.gz"))
- (sha256
- (base32 "1i8vrxbvpcj6yxmshbg19gm9g8vrxds6pdra0sgld4vzj9v4zilr"))))
+ (source (origin
+ (method url-fetch)
+ (uri (string-append "https://www.hiawatha-webserver.org/files/"
+ "hiawatha-" version ".tar.gz"))
+ (sha256
+ (base32
+ "1i8vrxbvpcj6yxmshbg19gm9g8vrxds6pdra0sgld4vzj9v4zilr"))))
(build-system cmake-build-system)
(arguments
- `(#:tests? #f ; no tests included
+ `(#:tests? #f ; no tests included
#:configure-flags (list (string-append "-DUSE_SYSTEM_MBEDTLS=on")
(string-append "-DENABLE_TOMAHAWK=on")
(string-append "-DLOG_DIR=/var/log/hiawatha")
@@ -6178,26 +6178,24 @@ (define-public hiawatha
(assoc-ref %outputs "out")
"/share/hiawatha/html")
(string-append "-DWORK_DIR=/var/lib/hiawatha"))
- #:phases
- (modify-phases %standard-phases
- (add-after 'unpack 'install-no-empty-directories
- (lambda _
- (substitute* "CMakeLists.txt"
- (("install\\(DIRECTORY DESTINATION" match)
- (string-append "#" match)))
- #t))
- (add-after 'install 'wrap
- (lambda* (#:key inputs outputs #:allow-other-keys)
- ;; Make sure 'hiawatha' finds 'mbedtls'.
- (let* ((out (assoc-ref outputs "out"))
- (sbin (string-append out "/sbin"))
- (mbed (assoc-ref inputs "mbedtls-apache3")))
- (wrap-program (string-append sbin "/hiawatha")
- `("PATH" ":" prefix (,mbed)))))))))
- (inputs
- ;; TODO: package "hiawatha-monitor", an optional dependency of "hiawatha".
- (list libxslt libxml2 mbedtls-for-hiawatha
- `(,nghttp2 "lib") zlib))
+ #:phases (modify-phases %standard-phases
+ (add-after 'unpack 'install-no-empty-directories
+ (lambda _
+ (substitute* "CMakeLists.txt"
+ (("install\\(DIRECTORY DESTINATION" match)
+ (string-append "#" match))) #t))
+ (add-after 'install 'wrap
+ (lambda* (#:key inputs outputs #:allow-other-keys)
+ ;; Make sure 'hiawatha' finds 'mbedtls'.
+ (let* ((out (assoc-ref outputs "out"))
+ (sbin (string-append out "/sbin"))
+ (mbed (assoc-ref inputs "mbedtls-apache3")))
+ (wrap-program (string-append sbin "/hiawatha")
+ `("PATH" ":" prefix
+ (,mbed)))))))))
+ (inputs ; TODO: package "hiawatha-monitor", an optional dependency of "hiawatha".
+ (list libxslt libxml2 mbedtls-for-hiawatha
+ `(,nghttp2 "lib") zlib))
(home-page "https://www.hiawatha-webserver.org")
(synopsis "Webserver with focus on security")
(description
--
2.39.1
?
Your comment

Commenting via the web interface is currently disabled.

To comment on this conversation send an email to 59867@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it
mumi current 59867
Then, you may apply the latest patchset in this issue (with sign off)
mumi am -- -s
Or, compose a reply to this issue
mumi compose
Or, send patches to this issue
mumi send-email *.patch