Update mbedtls-apache to 3.2.1

  • Open
  • quality assurance status badge
Details
3 participants
  • Gabriel Wicki
  • Wicki Gabriel (wicg)
  • Simon Tournier
Owner
unassigned
Submitted by
Gabriel Wicki
Severity
normal
G
G
Gabriel Wicki wrote on 7 Dec 2022 01:01
(address . guix-patches@gnu.org)
87tu28axpj.fsf@erlikon.ch
Hi

Working with it i realized today that mbedtls is somewhat outdated in
Guix, so i took the liberty of creating an update patch. Following the
comments in the package definition i realized that updating mbedtls
would break hiawatha, since that project upgraded to mbedtls 3 with
version 11. So i updatet that package as well.
I removed the snippets in both source blocks since they aren't needed
anymore.

Thanks for review and merge! Kind regards

gabriel



From 94ade2b4e1cf65b4859418ea2e7f7e12e35289bc Mon Sep 17 00:00:00 2001
From: Gabriel Wicki <wicg@zhaw.ch>
Date: Tue, 6 Dec 2022 16:36:11 +0100
Subject: [PATCH] gnu: mbedtls-apache: Update to version 3.2.1.

* gnu/packages/tls.scm (mbedtls-apache): Update to 3.2.1.
[source]: Remove snippet.
* gnu/packages/web.scm (hiawatha): Update to version 11.2
[source] Remove snippet.
---
gnu/packages/tls.scm | 15 +++------------
gnu/packages/web.scm | 10 ++--------
2 files changed, 5 insertions(+), 20 deletions(-)

Toggle diff (62 lines)
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index f1e844b608..ee81359a66 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -1002,7 +1002,7 @@ (define-public mbedtls-apache
(name "mbedtls-apache")
;; XXX Check whether ‘-Wformat-signedness’ still breaks mbedtls-for-hiawatha
;; when updating.
- (version "2.26.0")
+ (version "3.2.1")
(source
(origin
(method git-fetch)
@@ -1010,17 +1010,8 @@ (define-public mbedtls-apache
(url "https://github.com/ARMmbed/mbedtls")
(commit (string-append "mbedtls-" version))))
(sha256
- (base32 "0scwpmrgvg6q7rvqkc352d2fqlsx0aylcbyibcp1f1rsn8iiif2m"))
- (file-name (git-file-name name version))
- (modules '((guix build utils)))
- (snippet
- '(begin
- ;; Can be removed with the next version.
- ;; Reduce level of format truncation warnings due to false positives.
- ;; https://github.com/ARMmbed/mbedtls/commit/2065a8d8af27c6cb1e40c9462b5933336dca7434
- (substitute* "CMakeLists.txt"
- (("Wformat-truncation=2") "Wformat-truncation"))
- #t))))
+ (base32 "1dvj1m2i5lkaf8bcmslap8d82z2pi7ypgr8n7lv0rqjyy4vgmkgq"))
+ (file-name (git-file-name name version))))
(build-system cmake-build-system)
(arguments
`(#:configure-flags
diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm
index a313b0c7a4..f046ddd025 100644
--- a/gnu/packages/web.scm
+++ b/gnu/packages/web.scm
@@ -6095,20 +6095,14 @@ (define-public tidy-html
(define-public hiawatha
(package
(name "hiawatha")
- (version "10.11")
+ (version "11.2")
(source
(origin
(method url-fetch)
(uri (string-append "https://www.hiawatha-webserver.org/files/"
"hiawatha-" version ".tar.gz"))
- (modules '((guix build utils)))
- (snippet '(begin
- ;; We use packaged libraries, so delete the bundled copies.
- (for-each delete-file-recursively
- (list "extra/nghttp2.tgz" "mbedtls"))
- #t))
(sha256
- (base32 "09wpgilbv13zal71v9lbsqr8c3fignygadykpd1p1pb8blb5vn3r"))))
+ (base32 "1i8vrxbvpcj6yxmshbg19gm9g8vrxds6pdra0sgld4vzj9v4zilr"))))
(build-system cmake-build-system)
(arguments
`(#:tests? #f ; no tests included
--
2.38.0
S
S
Simon Tournier wrote on 27 Jan 2023 14:59
(name . Gabriel Wicki)(address . gabriel@erlikon.ch)(address . 59867@debbugs.gnu.org)
871qngoz6u.fsf@gmail.com
Hi,

Thanks for the contribution.

On mer., 07 déc. 2022 at 01:01, Gabriel Wicki <gabriel@erlikon.ch> wrote:

Toggle quote (8 lines)
> Working with it i realized today that mbedtls is somewhat outdated in
> Guix, so i took the liberty of creating an update patch. Following the
> comments in the package definition i realized that updating mbedtls
> would break hiawatha, since that project upgraded to mbedtls 3 with
> version 11. So i updatet that package as well.
> I removed the snippets in both source blocks since they aren't needed
> anymore.

I get this:

Toggle snippet (4 lines)
$ guix refresh -l mbedtls-apache
Building the following 52 packages would ensure 312 dependent packages are rebuilt: dolphin-emu@5.0-13178.a34823d superstarfighter@0.6.5 openrgb@0.8 hashlink@1.12 inspircd@3.12.0 julia-juno@0.8.4 julia-measures@0.3.1 julia-cenum@0.4.1 julia-genericschur@0.5.3 julia-sundials-jll@5.2.1+0 julia-ffmpeg@0.4.1 julia-bfloat16s@0.4.0 julia-fuzzycompletions@0.4.1 julia-millboard@0.2.5 julia-showoff@1.0.2 julia-msgpack@1.1.0 julia-softglobalscope@1.1.0 julia-scratch@1.1.0 julia-tableiointerface@0.1.6 julia-mocking@0.7.3 julia-static@0.8.3 julia-pyplot@2.10.0 julia-infinity@0.2.4 julia-mutablearithmetics@0.2.20 julia-gpuarrays@8.1.3 julia-gr@0.58.1 julia-configurations@0.16.4 julia-bioalignments@2.0.0 julia-suppressor@0.2.0 julia-quadmath@0.5.5 julia-referencetests@0.9.7 julia-imagemagick@1.2.1 julia-optim@1.6.0 julia-lazyarrays@0.22.16 julia-testimages@1.5.0 julia-plotthemes@2.0.1 julia-recipespipeline@0.3.4 julia-csv@0.10.4 julia-bson@0.3.6 julia-geometrybasics@0.4.2 bluez-alsa@3.0.0 kopete@22.04.3 mswebrtc@1.1.1-0.946ca70 msopenh264@1.2.1-0.88697cc mssilk@1.1.1-0.dd0f31e msamr@1.1.3-0.5ab5c09 linphone-desktop@4.2.5 dislocker@0.7.3 nng@1.3.2 obs-spectralizer@1.3.3 obs-websocket@4.9.1 obs-wlrobs@1.0

which means it is tangent for master. :-) Have you rebuilt all these?
Does the update only break hiawatha?


Then, it is not a clean patch; it is not straightforward apply. :-)

Please, could you use “git-send-email” as recommended by the manual [1].
Please mention the base commit against which the patch applies, it helps
as in this case when the file gnu/packages/tls.scm has changed in the
mean time.

Could you send v2?



Thanks,
simon
W
W
Wicki Gabriel (wicg) wrote on 1 Feb 2023 14:12
Updated Mbed TLS 3 patchset
(name . 59867@debbugs.gnu.org)(address . 59867@debbugs.gnu.org)
ZR0P278MB02684BFD4D96BCFA9588F412C1D19@ZR0P278MB0268.CHEP278.PROD.OUTLOOK.COM
Thanks for your review and the comments, Simon!

I've prepared another patchset (on top of base commit: 14323edcc37d9efaae2491cf5f57ea0621412d7e). Since there are so many applications relying on mbedtls v2 I figured it would be best to introduce mbedtls-apache3 to allow gradually upgrading the packages affected -- MbedTLS breaks parts of its old API.
Attachment: file
From a8cfe94b58417ebe9bd5e9af6b247d8ccd882929 Mon Sep 17 00:00:00 2001
From: Gabriel Wicki <gabriel@erlikon.ch>
Date: Fri, 27 Jan 2023 15:45:17 +0100
Subject: [PATCH 1/4] gnu: mbedtls-apache3: Add Mbed TLS 3.

* gnu/packages/tls.scm (mbedtls-apache3): New variable.
---
gnu/packages/tls.scm | 17 +++++++++++++++--
1 file changed, 15 insertions(+), 2 deletions(-)

Toggle diff (37 lines)
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index bdac8a6e63..19cefec795 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -1018,8 +1018,6 @@ (define-public perl-crypt-openssl-random
(define-public mbedtls-apache
(package
(name "mbedtls-apache")
- ;; XXX Check whether ‘-Wformat-signedness’ still breaks mbedtls-for-hiawatha
- ;; when updating.
(version "2.28.0")
(source
(origin
@@ -1051,6 +1049,21 @@ (define-public mbedtls-apache
(home-page "https://www.trustedfirmware.org/projects/mbed-tls/")
(license license:asl2.0)))
+(define-public mbedtls-apache3
+ (package
+ (inherit mbedtls-apache)
+ (name "mbedtls-apache3")
+ (version "3.2.1")
+ (source (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/ARMmbed/mbedtls")
+ (commit (string-append "mbedtls-" version))))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32
+ "1dvj1m2i5lkaf8bcmslap8d82z2pi7ypgr8n7lv0rqjyy4vgmkgq"))))))
+
;; The Hiawatha Web server requires some specific features to be enabled.
(define-public mbedtls-for-hiawatha
(hidden-package
--
2.39.1
From 90eabe004c15eb94862c8c1cc3569c86226f93cb Mon Sep 17 00:00:00 2001
From: Gabriel Wicki <gabriel@erlikon.ch>
Date: Fri, 27 Jan 2023 15:54:54 +0100
Subject: [PATCH 2/4] gnu: hiawatha: Update to 11.2.

* gnu/packages/web.scm (hiawatha): Update to 11.2. [source] Delete unused
snippet. [arguments] Clean up configure-flags. Point hiawatha to mbedtls-apache3.
* gnu/packages/tls.scm (mbedtls-for-hiawatha): Update to MbedTLS
3.2.1. [source] Delete unnecessary snippet.
---
gnu/packages/tls.scm | 22 +++++-----------------
gnu/packages/web.scm | 14 +++-----------
2 files changed, 8 insertions(+), 28 deletions(-)

Toggle diff (91 lines)
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index 19cefec795..1a1c99ab59 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -1068,9 +1068,9 @@ (define-public mbedtls-apache3
(define-public mbedtls-for-hiawatha
(hidden-package
(package
- (inherit mbedtls-apache)
- (name "mbedtls-apache")
- (version "2.26.0")
+ (inherit mbedtls-apache3)
+ (name "mbedtls-apache3")
+ (version "3.2.1")
(source
(origin
(method git-fetch)
@@ -1078,17 +1078,8 @@ (define-public mbedtls-for-hiawatha
(url "https://github.com/ARMmbed/mbedtls")
(commit (string-append "mbedtls-" version))))
(sha256
- (base32 "0scwpmrgvg6q7rvqkc352d2fqlsx0aylcbyibcp1f1rsn8iiif2m"))
- (file-name (git-file-name name version))
- (modules '((guix build utils)))
- (snippet
- '(begin
- ;; Can be removed with the next version.
- ;; Reduce level of format truncation warnings due to false positives.
- ;; https://github.com/ARMmbed/mbedtls/commit/2065a8d8af27c6cb1e40c9462b5933336dca7434
- (substitute* "CMakeLists.txt"
- (("Wformat-truncation=2") "Wformat-truncation"))
- #t))))
+ (base32 "1dvj1m2i5lkaf8bcmslap8d82z2pi7ypgr8n7lv0rqjyy4vgmkgq"))
+ (file-name (git-file-name name version))))
(arguments
(substitute-keyword-arguments (package-arguments mbedtls-apache)
((#:phases phases)
@@ -1099,9 +1090,6 @@ (define-public mbedtls-for-hiawatha
(invoke "scripts/config.pl" "set" feature))
(list "MBEDTLS_THREADING_C"
"MBEDTLS_THREADING_PTHREAD"))
- ;; XXX The above enables code that breaks with -Werror…
- (substitute* "CMakeLists.txt"
- ((" -Wformat-signedness") ""))
#t)))))))))
(define-public dehydrated
diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm
index a29f53108c..d92457ea6b 100644
--- a/gnu/packages/web.scm
+++ b/gnu/packages/web.scm
@@ -6159,26 +6159,18 @@ (define-public tidy-html
(define-public hiawatha
(package
(name "hiawatha")
- (version "10.11")
+ (version "11.2")
(source
(origin
(method url-fetch)
(uri (string-append "https://www.hiawatha-webserver.org/files/"
"hiawatha-" version ".tar.gz"))
- (modules '((guix build utils)))
- (snippet '(begin
- ;; We use packaged libraries, so delete the bundled copies.
- (for-each delete-file-recursively
- (list "extra/nghttp2.tgz" "mbedtls"))
- #t))
(sha256
- (base32 "09wpgilbv13zal71v9lbsqr8c3fignygadykpd1p1pb8blb5vn3r"))))
+ (base32 "1i8vrxbvpcj6yxmshbg19gm9g8vrxds6pdra0sgld4vzj9v4zilr"))))
(build-system cmake-build-system)
(arguments
`(#:tests? #f ; no tests included
#:configure-flags (list (string-append "-DUSE_SYSTEM_MBEDTLS=on")
- (string-append "-DENABLE_HTTP2=on")
- (string-append "-DUSE_SYSTEM_NGHTTP2=on")
(string-append "-DENABLE_TOMAHAWK=on")
(string-append "-DLOG_DIR=/var/log/hiawatha")
(string-append "-DPID_DIR=/run")
@@ -6199,7 +6191,7 @@ (define-public hiawatha
;; Make sure 'hiawatha' finds 'mbedtls'.
(let* ((out (assoc-ref outputs "out"))
(sbin (string-append out "/sbin"))
- (mbed (assoc-ref inputs "mbedtls-apache")))
+ (mbed (assoc-ref inputs "mbedtls-apache3")))
(wrap-program (string-append sbin "/hiawatha")
`("PATH" ":" prefix (,mbed)))))))))
(inputs
--
2.39.1
From a71139d67bc471ab7eceeb0ccd770cb96a00eed4 Mon Sep 17 00:00:00 2001
From: gabriel <gabriel@erlikon.ch>
Date: Wed, 1 Feb 2023 13:44:22 +0100
Subject: [PATCH 3/4] gnu: mbedtls-apache: Improve package style.

* gnu/packages/tls.scm (mbedtls-apache) [source, arguments, native-inputs]:
Whitespace adjustments following `guix style`.
---
gnu/packages/tls.scm | 36 +++++++++++++++++-------------------
1 file changed, 17 insertions(+), 19 deletions(-)

Toggle diff (51 lines)
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index 1a1c99ab59..d33dee6a7d 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -1019,27 +1019,25 @@ (define-public mbedtls-apache
(package
(name "mbedtls-apache")
(version "2.28.0")
- (source
- (origin
- (method git-fetch)
- (uri (git-reference
- (url "https://github.com/ARMmbed/mbedtls")
- (commit (string-append "mbedtls-" version))))
- (file-name (git-file-name name version))
- (sha256
- (base32 "0s37dsi29v7146fi9k4frvx5rz2snxdm6c3rwq2fvnca2r80hfjl"))))
+ (source (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/ARMmbed/mbedtls")
+ (commit (string-append "mbedtls-" version))))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32
+ "0s37dsi29v7146fi9k4frvx5rz2snxdm6c3rwq2fvnca2r80hfjl"))))
(build-system cmake-build-system)
(arguments
- `(#:configure-flags
- (list "-DUSE_SHARED_MBEDTLS_LIBRARY=ON"
- "-DUSE_STATIC_MBEDTLS_LIBRARY=OFF")
- #:phases
- (modify-phases %standard-phases
- (add-after 'unpack 'make-source-writable
- (lambda _
- (for-each make-file-writable (find-files ".")))))))
- (native-inputs
- (list perl python))
+ `(#:configure-flags (list "-DUSE_SHARED_MBEDTLS_LIBRARY=ON"
+ "-DUSE_STATIC_MBEDTLS_LIBRARY=OFF")
+ #:phases (modify-phases %standard-phases
+ (add-after 'unpack 'make-source-writable
+ (lambda _
+ (for-each make-file-writable
+ (find-files ".")))))))
+ (native-inputs (list perl python))
(synopsis "Small TLS library")
(description
"@code{mbed TLS}, formerly known as PolarSSL, makes it trivially easy
--
2.39.1
From ad06f80cd789a5da4104a35c6d33ad58ebce7668 Mon Sep 17 00:00:00 2001
From: gabriel <gabriel@erlikon.ch>
Date: Wed, 1 Feb 2023 13:52:43 +0100
Subject: [PATCH 4/4] gnu: hiawatha: Improve package style.

* gnu/packages/web.scm (hiawatha) [source, arguments, inputs]: Whitespace
adjustments following `guix style`.
---
gnu/packages/web.scm | 54 +++++++++++++++++++++-----------------------
1 file changed, 26 insertions(+), 28 deletions(-)

Toggle diff (76 lines)
diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm
index d92457ea6b..37cf1c4238 100644
--- a/gnu/packages/web.scm
+++ b/gnu/packages/web.scm
@@ -6160,16 +6160,16 @@ (define-public hiawatha
(package
(name "hiawatha")
(version "11.2")
- (source
- (origin
- (method url-fetch)
- (uri (string-append "https://www.hiawatha-webserver.org/files/"
- "hiawatha-" version ".tar.gz"))
- (sha256
- (base32 "1i8vrxbvpcj6yxmshbg19gm9g8vrxds6pdra0sgld4vzj9v4zilr"))))
+ (source (origin
+ (method url-fetch)
+ (uri (string-append "https://www.hiawatha-webserver.org/files/"
+ "hiawatha-" version ".tar.gz"))
+ (sha256
+ (base32
+ "1i8vrxbvpcj6yxmshbg19gm9g8vrxds6pdra0sgld4vzj9v4zilr"))))
(build-system cmake-build-system)
(arguments
- `(#:tests? #f ; no tests included
+ `(#:tests? #f ; no tests included
#:configure-flags (list (string-append "-DUSE_SYSTEM_MBEDTLS=on")
(string-append "-DENABLE_TOMAHAWK=on")
(string-append "-DLOG_DIR=/var/log/hiawatha")
@@ -6178,26 +6178,24 @@ (define-public hiawatha
(assoc-ref %outputs "out")
"/share/hiawatha/html")
(string-append "-DWORK_DIR=/var/lib/hiawatha"))
- #:phases
- (modify-phases %standard-phases
- (add-after 'unpack 'install-no-empty-directories
- (lambda _
- (substitute* "CMakeLists.txt"
- (("install\\(DIRECTORY DESTINATION" match)
- (string-append "#" match)))
- #t))
- (add-after 'install 'wrap
- (lambda* (#:key inputs outputs #:allow-other-keys)
- ;; Make sure 'hiawatha' finds 'mbedtls'.
- (let* ((out (assoc-ref outputs "out"))
- (sbin (string-append out "/sbin"))
- (mbed (assoc-ref inputs "mbedtls-apache3")))
- (wrap-program (string-append sbin "/hiawatha")
- `("PATH" ":" prefix (,mbed)))))))))
- (inputs
- ;; TODO: package "hiawatha-monitor", an optional dependency of "hiawatha".
- (list libxslt libxml2 mbedtls-for-hiawatha
- `(,nghttp2 "lib") zlib))
+ #:phases (modify-phases %standard-phases
+ (add-after 'unpack 'install-no-empty-directories
+ (lambda _
+ (substitute* "CMakeLists.txt"
+ (("install\\(DIRECTORY DESTINATION" match)
+ (string-append "#" match))) #t))
+ (add-after 'install 'wrap
+ (lambda* (#:key inputs outputs #:allow-other-keys)
+ ;; Make sure 'hiawatha' finds 'mbedtls'.
+ (let* ((out (assoc-ref outputs "out"))
+ (sbin (string-append out "/sbin"))
+ (mbed (assoc-ref inputs "mbedtls-apache3")))
+ (wrap-program (string-append sbin "/hiawatha")
+ `("PATH" ":" prefix
+ (,mbed)))))))))
+ (inputs ; TODO: package "hiawatha-monitor", an optional dependency of "hiawatha".
+ (list libxslt libxml2 mbedtls-for-hiawatha
+ `(,nghttp2 "lib") zlib))
(home-page "https://www.hiawatha-webserver.org")
(synopsis "Webserver with focus on security")
(description
--
2.39.1
?