Report forwarded
to guix-patches@gnu.org: bug#49859; Package guix-patches.
(Wed, 04 Aug 2021 01:10:02 GMT) (full text, mbox, link).
Acknowledgement sent
to Leo Famulari <leo@famulari.name>:
New bug report received and forwarded. Copy sent to guix-patches@gnu.org.
(Wed, 04 Aug 2021 01:10:02 GMT) (full text, mbox, link).
As discussed in <https://bugs.gnu.org/46602>, Dillo does not include a
supported implementation of TLS / HTTPS, and there does not seem to be
any activity upstream to improve that.
* gnu/packages/web-browsers.scm (dillo): Remove variable.
---
gnu/packages/web-browsers.scm | 31 -------------------------------
1 file changed, 31 deletions(-)
diff --git a/gnu/packages/web-browsers.scm b/gnu/packages/web-browsers.scm
index bd5ed1b5ac..6e011e8b14 100644
--- a/gnu/packages/web-browsers.scm
+++ b/gnu/packages/web-browsers.scm
@@ -147,37 +147,6 @@ management, extensions such as advertisement blocker and colorful tabs.")
(home-page "https://www.midori-browser.org")
(license license:lgpl2.1+)))
-(define-public dillo
- (package
- (name "dillo")
- (version "3.0.5")
- (source (origin
- (method url-fetch)
- (uri (string-append "https://www.dillo.org/download/"
- "dillo-" version ".tar.bz2"))
- (sha256
- (base32
- "12ql8n1lypv3k5zqgwjxlw1md90ixz3ag6j1gghfnhjq3inf26yv"))))
- (build-system gnu-build-system)
- (arguments `(#:configure-flags '("--enable-ssl" "--enable-ipv6")))
- (native-inputs `(("pkg-config" ,pkg-config)))
- (inputs `(("fltk" ,fltk)
- ("fontconfig" ,fontconfig)
- ("libjpeg" ,libjpeg-turbo)
- ("libpng" ,libpng)
- ("libxcursor" ,libxcursor)
- ("libxft" ,libxft)
- ("libxi" ,libxi)
- ("libxinerama" ,libxinerama)
- ("openssl" ,openssl-1.0) ;XXX try latest openssl for dillo > 3.0.5
- ("perl" ,perl)
- ("zlib" ,zlib)))
- (synopsis "Very small and fast graphical web browser")
- (description "Dillo is a minimalistic web browser particularly intended for
-older or slower computers and embedded systems.")
- (home-page "https://www.dillo.org")
- (license license:gpl3+)))
-
(define-public links
(package
(name "links")
--
2.32.0
Changed bug title to 'Remove packages that depend on unsupported old OpenSSL releases' from '[PATCH] gnu: Remove dillo.'
Request was from Leo Famulari <leo@famulari.name>
to control@debbugs.gnu.org.
(Wed, 04 Aug 2021 01:21:02 GMT) (full text, mbox, link).
Information forwarded
to guix-patches@gnu.org: bug#49859; Package guix-patches.
(Wed, 04 Aug 2021 01:22:02 GMT) (full text, mbox, link).
As discussed in <https://bugs.gnu.org/46602>, pidentd does not support a
current release of OpenSSL, and there does not seem to be any activity
upstream to improve that.
* gnu/packages/networking.scm (pidentd): Remove variable.
---
gnu/packages/networking.scm | 27 ---------------------------
1 file changed, 27 deletions(-)
diff --git a/gnu/packages/networking.scm b/gnu/packages/networking.scm
index 05fd092b23..212d4eac2f 100644
--- a/gnu/packages/networking.scm
+++ b/gnu/packages/networking.scm
@@ -2595,33 +2595,6 @@ enabled due to license conflicts between the BSD advertising clause and the GPL.
;; distribution for clarification.
(license (list license:bsd-3 license:bsd-4))))
-(define-public pidentd
- (package
- (name "pidentd")
- (version "3.0.19")
- (source
- (origin
- (method git-fetch)
- (uri (git-reference
- (url "https://github.com/ptrrkssn/pidentd")
- (commit (string-append "v" version))))
- (file-name (git-file-name name version))
- (sha256
- (base32
- "1k4rr0b4ygxssbnsykzjvz4hjhazzz4j5arlilyc1iq7b1wzsk7i"))))
- (build-system gnu-build-system)
- (arguments
- `(#:tests? #f)) ; No tests are included
- (inputs
- `(("openssl" ,openssl-1.0))) ;for the DES library
- (home-page "https://www.lysator.liu.se/~pen/pidentd/")
- (synopsis "Small Ident Daemon")
- (description
- "@dfn{Pidentd} (Peter's Ident Daemon) is an identd, which implements a
-identification server. Pidentd looks up specific TCP/IP connections and
-returns the user name and other information about the connection.")
- (license license:public-domain)))
-
(define-public spiped
(package
(name "spiped")
--
2.32.0
Information forwarded
to guix-patches@gnu.org: bug#49859; Package guix-patches.
(Wed, 04 Aug 2021 01:22:02 GMT) (full text, mbox, link).
As discussed in <https://bugs.gnu.org/46602>, eschalot does not support
a current release of OpenSSL.
* gnu/packages/crypto.scm (eschalot): Remove variable.
---
gnu/packages/crypto.scm | 57 -----------------------------------------
1 file changed, 57 deletions(-)
diff --git a/gnu/packages/crypto.scm b/gnu/packages/crypto.scm
index fe2cec045d..83c1a08dee 100644
--- a/gnu/packages/crypto.scm
+++ b/gnu/packages/crypto.scm
@@ -398,63 +398,6 @@ secure operations. ")
(license (list license:lgpl2.1+ ; the files keyutils.*
license:gpl2+)))) ; the rest
-;; There is no release candidate but commits point out a version number,
-;; furthermore no tarball exists.
-(define-public eschalot
- (let ((commit "0bf31d88a11898c19b1ed25ddd2aff7b35dbac44")
- (revision "1"))
- (package
- (name "eschalot")
- (version (string-append "1.2.0-" revision "." (string-take commit 7)))
- (source
- (origin
- (method git-fetch)
- (uri (git-reference
- (url "https://github.com/schnabear/eschalot")
- (commit commit)))
- (file-name (string-append name "-" version))
- (sha256
- (base32
- "0lj38ldh8vzi11wp4ghw4k0fkwp0s04zv8k8d473p1snmbh7mx98"))))
- (inputs
- `(("openssl" ,openssl-1.0))) ; for openssl/{bn,pem,rsa,sha}.h
- (build-system gnu-build-system)
- (arguments
- `(#:make-flags (list (string-append "CC=" ,(cc-for-target))
- (string-append "PREFIX=" (assoc-ref %outputs "out"))
- (string-append "INSTALL=" "install"))
- ;; XXX: make test would run a !VERY! long hashing of names with the use
- ;; of a wordlist, the amount of computing time this would waste on build
- ;; servers is in no relation to the size or importance of this small
- ;; application, therefore we run our own tests on eschalot and worgen.
- #:phases
- (modify-phases %standard-phases
- (delete 'configure)
- (replace 'check
- (lambda _
- (invoke "./worgen" "8-12" "top1000.txt" "3-10" "top400nouns.txt"
- "3-6" "top150adjectives.txt" "3-6")
- (invoke "./eschalot" "-r" "^guix|^guixsd")
- (invoke "./eschalot" "-r" "^gnu|^free")
- (invoke "./eschalot" "-r" "^cyber|^hack")
- (invoke "./eschalot" "-r" "^troll")))
- ;; Make install can not create the bin dir, create it.
- (add-before 'install 'create-bin-dir
- (lambda* (#:key outputs #:allow-other-keys)
- (let* ((out (assoc-ref outputs "out"))
- (bin (string-append out "/bin")))
- (mkdir-p bin)
- #t))))))
- (home-page "https://github.com/schnabear/eschalot")
- (synopsis "Tor hidden service name generator")
- (description
- "Eschalot is a tor hidden service name generator, it allows one to
-produce customized vanity .onion addresses using a brute-force method. Searches
-for valid names can be run with regular expressions and wordlists. For the
-generation of wordlists the included tool @code{worgen} can be used. There is
-no man page, refer to the home page for usage details.")
- (license (list license:isc license:expat)))))
-
(define-public ssss
(package
(name "ssss")
--
2.32.0
Information forwarded
to guix-patches@gnu.org: bug#49859; Package guix-patches.
(Wed, 04 Aug 2021 01:22:03 GMT) (full text, mbox, link).
As discussed in <https://bugs.gnu.org/46602>, tlsdate does not support a
current release of OpenSSL.
* gnu/packages/ntp.scm (tlsdate): Remove variable.
---
gnu/packages/ntp.scm | 51 --------------------------------------------
1 file changed, 51 deletions(-)
diff --git a/gnu/packages/ntp.scm b/gnu/packages/ntp.scm
index 191eedd158..55b9a73b22 100644
--- a/gnu/packages/ntp.scm
+++ b/gnu/packages/ntp.scm
@@ -216,54 +216,3 @@ secure, easy to configure, and accurate enough for most purposes, so it's more
minimalist than ntpd.")
;; A few of the source files are under bsd-3.
(license (list l:isc l:bsd-3))))
-
-(define-public tlsdate
- (package
- (name "tlsdate")
- (version "0.0.13")
- (home-page "https://github.com/ioerror/tlsdate")
- (source (origin
- (method git-fetch)
- (uri (git-reference
- (commit (string-append "tlsdate-" version))
- (url home-page)))
- (sha256
- (base32
- "0w3v63qmbhpqlxjsvf4k3zp90k6mdzi8cdpgshan9iphy1f44xgl"))
- (file-name (string-append name "-" version "-checkout"))))
- (build-system gnu-build-system)
- (arguments
- `(;; Disable seccomp when it's not supported--e.g., on aarch64. See
- ;; 'src/seccomp.c' for the list of supported systems.
- #:configure-flags ,(if (any (lambda (system)
- (string-contains (or
- (%current-target-system)
- (%current-system))
- system))
- '("x86_64" "i686" "arm"))
- ''()
- ''("--disable-seccomp-filter"))
-
- #:phases (modify-phases %standard-phases
- (add-after 'unpack 'autogen
- (lambda _
- ;; The ancestor of 'SOURCE_DATE_EPOCH'; it contains the
- ;; date that is recorded in binaries. It must be a
- ;; "recent date" since it is used to detect bogus dates
- ;; received from servers.
- (setenv "COMPILE_DATE" (number->string 1530144000))
- (invoke "sh" "autogen.sh"))))))
- (inputs `(("openssl" ,openssl-1.0)
- ("libevent" ,libevent)))
- (native-inputs `(("pkg-config" ,pkg-config)
- ("autoconf" ,autoconf)
- ("automake" ,automake)
- ("libtool" ,libtool)))
- (synopsis "Extract remote time from TLS handshakes")
- (description
- "@command{tlsdate} sets the local clock by securely connecting with TLS
-to remote servers and extracting the remote time out of the secure handshake.
-Unlike ntpdate, @command{tlsdate} uses TCP, for instance connecting to a
-remote HTTPS or TLS enabled service, and provides some protection against
-adversaries that try to feed you malicious time information.")
- (license l:bsd-3)))
--
2.32.0
Information forwarded
to guix-patches@gnu.org: bug#49859; Package guix-patches.
(Wed, 04 Aug 2021 01:31:01 GMT) (full text, mbox, link).
Subject: Re: [bug#49859] [PATCH 3/6] gnu: Remove adb and fastboot.
Date: Tue, 3 Aug 2021 22:53:03 -0400
On Tue, Aug 03, 2021 at 10:42:50PM -0400, Julien Lepiller wrote:
> Gasp… do we have no other choice? Adb and fastboot are really useful to me.
I think there must be a new version of adb that doesn't use the old
unsupported OpenSSL. Do you have time to check on that?
The unsupported OpenSSL version is the 1.0 series.
The supported version is 1.1.1.
Looking at android.scm, I see that our packages are based on the Git tag
7.1.2_r36 from this repo:
https://android.googlesource.com/platform/system/core
Information forwarded
to guix-patches@gnu.org: bug#49859; Package guix-patches.
(Wed, 04 Aug 2021 02:59:01 GMT) (full text, mbox, link).
There are more recent versions, unfortunately this is the latest version we can support. Later versions use a different build system, soong, that require much more work. I have a wip for that, but it will need more work to be really useful and be able to build adb and fastboot.
Le 3 août 2021 22:53:03 GMT-04:00, Leo Famulari <leo@famulari.name> a écrit :
>On Tue, Aug 03, 2021 at 10:42:50PM -0400, Julien Lepiller wrote:
>> Gasp… do we have no other choice? Adb and fastboot are really useful to me.
>
>I think there must be a new version of adb that doesn't use the old
>unsupported OpenSSL. Do you have time to check on that?
>
>The unsupported OpenSSL version is the 1.0 series.
>
>The supported version is 1.1.1.
>
>Looking at android.scm, I see that our packages are based on the Git tag
>7.1.2_r36 from this repo:
>
>https://android.googlesource.com/platform/system/core
Subject: Re: [bug#49859] [PATCH 3/6] gnu: Remove adb and fastboot.
Date: Tue, 3 Aug 2021 23:01:23 -0400
On Tue, Aug 03, 2021 at 10:53:03PM -0400, Leo Famulari wrote:
> Looking at android.scm, I see that our packages are based on the Git tag
> 7.1.2_r36 from this repo:
I checked the license for 'libcrypto.so' on my phone, which is on
Android 11. And they are not even using OpenSSL anymore, but instead
BoringSSL. So, maybe there is some intermediate version of Android
between 7 and 11 that uses OpenSSL 1.1.1 (released September 2018).
https://boringssl.googlesource.com/boringssl/
Or, maybe we can move these packages (openssl-1.0 and these Android 7
packages) to guix-past. Or maybe someone has some other ideas.
Information forwarded
to guix-patches@gnu.org: bug#49859; Package guix-patches.
(Wed, 04 Aug 2021 03:22:02 GMT) (full text, mbox, link).
Subject: Re: [bug#49859] [PATCH 3/6] gnu: Remove adb and fastboot.
Date: Tue, 3 Aug 2021 23:21:20 -0400
On Tue, Aug 03, 2021 at 10:58:46PM -0400, Julien Lepiller wrote:
> There are more recent versions, unfortunately this is the latest version we can support. Later versions use a different build system, soong, that require much more work. I have a wip for that, but it will need more work to be really useful and be able to build adb and fastboot.
I see. Well, the packages could be moved to guix-past for now. Let's
wait and see what others have to say.
This version of OpenSSL became unsupported at the end of 2019.
Information forwarded
to guix-patches@gnu.org: bug#49859; Package guix-patches.
(Wed, 04 Aug 2021 16:30:02 GMT) (full text, mbox, link).
Subject: Re: [bug#49859] [PATCH 3/6] gnu: Remove adb and fastboot.
Date: Wed, 4 Aug 2021 12:29:10 -0400
On Tue, Aug 03, 2021 at 11:21:20PM -0400, Leo Famulari wrote:
> On Tue, Aug 03, 2021 at 10:58:46PM -0400, Julien Lepiller wrote:
> > There are more recent versions, unfortunately this is the latest version we can support. Later versions use a different build system, soong, that require much more work. I have a wip for that, but it will need more work to be really useful and be able to build adb and fastboot.
>
> I see. Well, the packages could be moved to guix-past for now. Let's
> wait and see what others have to say.
I got more feedback on #guix IRC that we should not remove adb /
fastboot, because it's an important tool for freeing Android
smartphones.
Is there a reason we shouldn't use guix-past to hold these packages?
Information forwarded
to guix-patches@gnu.org: bug#49859; Package guix-patches.
(Thu, 05 Aug 2021 08:13:02 GMT) (full text, mbox, link).
On Wed, Aug 04, 2021 at 12:29:10PM -0400, Leo Famulari wrote:
> On Tue, Aug 03, 2021 at 11:21:20PM -0400, Leo Famulari wrote:
> > On Tue, Aug 03, 2021 at 10:58:46PM -0400, Julien Lepiller wrote:
> > > There are more recent versions, unfortunately this is the latest version we can support. Later versions use a different build system, soong, that require much more work. I have a wip for that, but it will need more work to be really useful and be able to build adb and fastboot.
> >
> > I see. Well, the packages could be moved to guix-past for now. Let's
> > wait and see what others have to say.
>
> I got more feedback on #guix IRC that we should not remove adb /
> fastboot, because it's an important tool for freeing Android
> smartphones.
>
> Is there a reason we shouldn't use guix-past to hold these packages?
>
I'm in favor of moving openssl-1.0 to guix-past, it's the perfect type
of package to go there. Upstream has declared it dead and no one is
going to touch it. Similar to how qt-4 moved there a few months ago.
ADB and fastboot are still useful, and (ignoring some networking options
they apparently have) are localhost only. I'd rather leave them both for
now with an eye to shoehorning in an updated version somehow, hiding
openssl-1.0, and adding a note to remove it as soon as nothing needs it
anymore.
--
Efraim Flashner <efraim@flashner.co.il> אפרים פלשנר
GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted
Cc: Julien Lepiller <julien@lepiller.eu>, 49859@debbugs.gnu.org,
Leo Famulari <leo@famulari.name>
Subject: Re: bug#49859: Remove packages that depend on unsupported old
OpenSSL releases
Date: Wed, 11 Aug 2021 16:08:21 +0200
Hi,
Efraim Flashner <efraim@flashner.co.il> skribis:
> I'm in favor of moving openssl-1.0 to guix-past, it's the perfect type
> of package to go there. Upstream has declared it dead and no one is
> going to touch it. Similar to how qt-4 moved there a few months ago.
Agreed. However…
> ADB and fastboot are still useful, and (ignoring some networking options
> they apparently have) are localhost only. I'd rather leave them both for
> now with an eye to shoehorning in an updated version somehow, hiding
> openssl-1.0, and adding a note to remove it as soon as nothing needs it
> anymore.
… this means we need to keep openssl 1.0, hidden, in Guix proper. That
sounds like a reasonable option to me. Leo’s approach of progressively
removing anything that depends on it sounds good to me nevertheless, but
it’s good that we can weigh the pros and cons for each candidate.
Julien said upgrading ADB/fastboot is not an option, at least not now.
Another option would be to patch ADB so it can use OpenSSL 1.1.
Hopefully the changes can be relatively simple and isolated. Worth
trying?
Ludo’.
Information forwarded
to guix-patches@gnu.org: bug#49859; Package guix-patches.
(Wed, 11 Aug 2021 15:20:01 GMT) (full text, mbox, link).
Hi,
Ludovic Courtès <ludo@gnu.org> writes:
[...]
> Another option would be to patch ADB so it can use OpenSSL 1.1.
> Hopefully the changes can be relatively simple and isolated. Worth
> trying?
AFAIU Debian was applying this patch:
https://sources.debian.org/patches/android-platform-system-core/1:7.0.0+r33-1/adb_libssl_11.diff/
in the adb package ver 1:7.0.0+r33-1
OpenWRT was (is?) applying this (more "invasive") patch:
https://github.com/openwrt/openwrt/pull/971/files
I'll try the Debian one and send a patch if I succeed.
Thanks! Gio'
--
Giovanni Biscuolo
Xelera IT Infrastructures
Subject: Re: [bug#49859] Remove packages that depend on unsupported old
OpenSSL releases
Date: Wed, 11 Aug 2021 13:52:29 -0400
On Wed, Aug 11, 2021 at 05:18:38PM +0200, Giovanni Biscuolo wrote:
> Hi,
>
> Ludovic Courtès <ludo@gnu.org> writes:
>
> [...]
>
> > Another option would be to patch ADB so it can use OpenSSL 1.1.
> > Hopefully the changes can be relatively simple and isolated. Worth
> > trying?
>
> AFAIU Debian was applying this patch:
> https://sources.debian.org/patches/android-platform-system-core/1:7.0.0+r33-1/adb_libssl_11.diff/
>
> in the adb package ver 1:7.0.0+r33-1
>
> OpenWRT was (is?) applying this (more "invasive") patch:
> https://github.com/openwrt/openwrt/pull/971/files
>
> I'll try the Debian one and send a patch if I succeed.
Awesome, thanks! Let us know how it goes. I'll proceed with hiding
openssl-1.0 and removing the other packages (not adb or fastboot) in the
meantime.
Added indication that bug 49859 blocks46602
Request was from Leo Famulari <leo@famulari.name>
to control@debbugs.gnu.org.
(Wed, 11 Aug 2021 17:59:02 GMT) (full text, mbox, link).
Information forwarded
to guix-patches@gnu.org: bug#49859; Package guix-patches.
(Wed, 11 Aug 2021 18:19:02 GMT) (full text, mbox, link).
Hi Julien and Leo,
Julien Lepiller <julien@lepiller.eu> writes:
> There are more recent versions, unfortunately this is the latest version we can support. Later versions use a different build system, soong, that require much more work. I have a wip for that, but it will need more work to be really useful and be able to build adb and
> fastboot.
Recently I noticed this repository, by looking at how Archlinux managed
to package newer versions of adb/fastboot: https://github.com/nmeum/android-tools
I wonder if using it is something you've considered? Using submodules to
gather all the sources isn't very guix-y, but at least it's using cmake
so we wouldn't need to package Android build tools.
Just thought I'd make sure we're aware this exists! I too would be said
to see adb/fastboot go away :-).
Thanks,
Pierre
Hi Leo,
Leo Famulari <leo@famulari.name> writes:
[...]
>> AFAIU Debian was applying this patch:
>> https://sources.debian.org/patches/android-platform-system-core/1:7.0.0+r33-1/adb_libssl_11.diff/
>>
>> in the adb package ver 1:7.0.0+r33-1
>>
>> OpenWRT was (is?) applying this (more "invasive") patch:
>> https://github.com/openwrt/openwrt/pull/971/files
>>
>> I'll try the Debian one and send a patch if I succeed.
>
> Awesome, thanks! Let us know how it goes.
It seems I did it! :-D (fortunately it was really easy)
I sent a patch as bug#50029.
AFAIU the adb patch also fixes the issue with fastboot, since fastboot
does not directly depend on openssl but indirectly via adb and
android-libselinux that already have openssl (1.1) as input: right?
> I'll proceed with hiding openssl-1.0 and removing the other packages
> (not adb or fastboot) in the meantime.
Thank you and happy hacking!
Ciao, Gio'
--
Giovanni Biscuolo
Xelera IT Infrastructures
Subject: Re: [bug#49859] Remove packages that depend on unsupported old
OpenSSL releases
Date: Sun, 15 Aug 2021 18:10:13 -0400
On Wed, Aug 11, 2021 at 01:52:29PM -0400, Leo Famulari wrote:
> Awesome, thanks! Let us know how it goes. I'll proceed with hiding
> openssl-1.0 and removing the other packages (not adb or fastboot) in the
> meantime.
Done as 12099eac1b161d364be923451d27d7d739d0f14d
bug archived.
Request was from Debbugs Internal Request <help-debbugs@gnu.org>
to internal_control@debbugs.gnu.org.
(Mon, 13 Sep 2021 11:24:06 GMT) (full text, mbox, link).
Debbugs is free software and licensed under the terms of the
GNU Public License version 2. The current version can be
obtained from https://bugs.debian.org/debbugs-source/.