[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: openssl is now a dependency of guix: possible license conflict?
|
From: |
Mark H Weaver |
|
Subject: |
Re: openssl is now a dependency of guix: possible license conflict? |
|
Date: |
Fri, 18 Aug 2017 17:21:24 -0400 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/25.2 (gnu/linux) |
Mark H Weaver <address@hidden> writes:
> There exist patches for libgit2 to support the mbedTLS library, but it
> is not yet clear whether they will be accepted upstream:
>
> https://github.com/libgit2/libgit2/pull/3462
> https://github.com/libgit2/libgit2/pull/3935
Here's the currently-open pull request:
https://github.com/libgit2/libgit2/pull/4173
I've attached work-in-progress patches to switch our libgit2 to use a
modified version that supports mbedTLS. Currently, there is a failing
test in libgit2. It may be a couple of days before I can work more on
this. I'm sending out these patches in case someone else wants to work
more on this in the meantime.
Mark
>From ff3267d15cde38f8af1751cbd15bf7a8e4a0eea0 Mon Sep 17 00:00:00 2001
From: Mark H Weaver <address@hidden>
Date: Fri, 18 Aug 2017 17:06:39 -0400
Subject: [PATCH 1/2] DRAFT: gnu: mbedTLS: Build shared libraries.
---
gnu/packages/tls.scm | 2 ++
1 file changed, 2 insertions(+)
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index 9d3e9d9e9..0c5b53162 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -775,6 +775,8 @@ then ported to the GNU / Linux environment.")
(base32
"1yc1rj0izjihj9hbzvskpa4gjzqf4dm2i84nmmm2s9j1i66fp6jm"))))
(build-system cmake-build-system)
+ (arguments
+ `(#:configure-flags '("-DUSE_SHARED_MBEDTLS_LIBRARY=On")))
(native-inputs
`(("perl" ,perl)))
(synopsis "Small TLS library")
--
2.14.1
>From 2680d40d32ab3452522f87be09c69f1ec0399c6e Mon Sep 17 00:00:00 2001
From: Mark H Weaver <address@hidden>
Date: Fri, 18 Aug 2017 17:06:18 -0400
Subject: [PATCH 2/2] PRELIMINARY: libgit2: Use mbedTLS.
---
.../patches/libgit2-mbedtls-cert-location.patch | 21 ++++
gnu/packages/version-control.scm | 111 ++++++++++++---------
2 files changed, 87 insertions(+), 45 deletions(-)
create mode 100644 gnu/packages/patches/libgit2-mbedtls-cert-location.patch
diff --git a/gnu/packages/patches/libgit2-mbedtls-cert-location.patch
b/gnu/packages/patches/libgit2-mbedtls-cert-location.patch
new file mode 100644
index 000000000..3f068d9a5
--- /dev/null
+++ b/gnu/packages/patches/libgit2-mbedtls-cert-location.patch
@@ -0,0 +1,21 @@
+Cope with the absence of /etc/ssl/certs within the build container.
+
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index 6976946ca..8c8841464 100644
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -361,9 +361,11 @@ ELSEIF(TLS_BACKEND STREQUAL "mbedTLS")
+ ENDIF()
+
+ IF(CERT_LOCATION)
+- IF(NOT EXISTS ${CERT_LOCATION})
+- MESSAGE(FATAL_ERROR "Cannot use
CERT_LOCATION=${CERT_LOCATION} as it doesn't exist")
+- ENDIF()
++ # Within Guix's build container, the certificates will
++ # not exist in the standard system-wide directory.
++ #IF(NOT EXISTS ${CERT_LOCATION})
++ # MESSAGE(FATAL_ERROR "Cannot use
CERT_LOCATION=${CERT_LOCATION} as it doesn't exist")
++ #ENDIF()
+ ADD_FEATURE_INFO(CERT_LOCATION ON "using certificates from
${CERT_LOCATION}")
+ ADD_DEFINITIONS(-DGIT_DEFAULT_CERT_LOCATION="${CERT_LOCATION}")
+ ENDIF()
diff --git a/gnu/packages/version-control.scm b/gnu/packages/version-control.scm
index 869672ca4..8bc761863 100644
--- a/gnu/packages/version-control.scm
+++ b/gnu/packages/version-control.scm
@@ -352,53 +352,74 @@ everything from small to very large projects with speed
and efficiency.")
(home-page "https://git-scm.com/";)))
(define-public libgit2
- (package
- (name "libgit2")
- (version "0.26.0")
- (source (origin
- (method url-fetch)
- (uri (string-append "https://github.com/libgit2/libgit2/";
- "archive/v" version ".tar.gz"))
- (file-name (string-append name "-" version ".tar.gz"))
- (sha256
- (base32
- "1fdk9yhwvl1w1z71ykzcvgh4nsf8scxcbclz5anh98zpplmhmisa"))
- (patches (search-patches "libgit2-0.25.1-mtime-0.patch"))))
- (build-system cmake-build-system)
- (outputs '("out" "debug"))
- (arguments
- `(#:configure-flags '("-DUSE_SHA1DC=ON") ; SHA-1 collision detection
- #:phases
- (modify-phases %standard-phases
- (add-after 'unpack 'fix-hardcoded-paths
- (lambda _
- (substitute* "tests/repo/init.c"
- (("#!/bin/sh") (string-append "#!" (which "sh"))))
- (substitute* "tests/clar/fs.h"
- (("/bin/cp") (which "cp"))
- (("/bin/rm") (which "rm")))
- #t))
- ;; Run checks more verbosely.
- (replace 'check
- (lambda _ (zero? (system* "./libgit2_clar" "-v" "-Q")))))))
- (inputs
- `(("libssh2" ,libssh2)
- ("libcurl" ,curl)
- ("python" ,python-wrapper)))
- (native-inputs
- `(("pkg-config" ,pkg-config)))
- (propagated-inputs
- ;; These two libraries are in 'Requires.private' in libgit2.pc.
- `(("openssl" ,openssl)
- ("zlib" ,zlib)))
- (home-page "https://libgit2.github.com/";)
- (synopsis "Library providing Git core methods")
- (description
- "Libgit2 is a portable, pure C implementation of the Git core methods
+ (let ((version "0.26.0")
+ (commit "f16ff6db95964a5ea55b6654ab0f98d7711b4041")
+ (revision 1))
+ (package
+ (name "libgit2")
+ (version (string-append version "-"
+ (number->string revision)
+ "." (string-take commit 7)))
+ (source (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/tiennou/libgit2";)
+ (commit commit)))
+ (sha256
+ (base32
+ "1zaynw5qqjg38vjqmvdnrf74i3c26cnql7d2akz0r4r0x51qz37f"))
+ (file-name (string-append name "-" version "-checkout"))
+ (patches (search-patches "libgit2-mbedtls-cert-location.patch"
+ "libgit2-0.25.1-mtime-0.patch")))
+ #;
+ (origin
+ (method url-fetch)
+ (uri (string-append "https://github.com/libgit2/libgit2/";
+ "archive/v" version ".tar.gz"))
+ (file-name (string-append name "-" version ".tar.gz"))
+ (sha256
+ (base32
+ "1fdk9yhwvl1w1z71ykzcvgh4nsf8scxcbclz5anh98zpplmhmisa"))
+ (patches (search-patches "libgit2-0.25.1-mtime-0.patch"))))
+ (build-system cmake-build-system)
+ (outputs '("out" "debug"))
+ (arguments
+ `(#:configure-flags
+ '("-DUSE_SHA1DC=ON" ; SHA-1 collision detection
+ "-DUSE_TLS=mbedTLS" ; Avoid OpenSSL for GPL compatibility
+ "-DCERT_LOCATION=/phony/etc/ssl/certs") ;
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+ #:phases
+ (modify-phases %standard-phases
+ (add-after 'unpack 'fix-hardcoded-paths
+ (lambda _
+ (substitute* "tests/repo/init.c"
+ (("#!/bin/sh") (string-append "#!" (which "sh"))))
+ (substitute* "tests/clar/fs.h"
+ (("/bin/cp") (which "cp"))
+ (("/bin/rm") (which "rm")))
+ #t))
+ ;; Run checks more verbosely.
+ (replace 'check
+ (lambda _ (zero? (system* "./libgit2_clar" "-v" "-Q")))))))
+ (inputs
+ `(("libssh2" ,libssh2)
+ ("libcurl" ,curl)
+ ("mbedtls" ,mbedtls-apache)
+ ("http-parser" ,http-parser)
+ ("python" ,python-wrapper)))
+ (native-inputs
+ `(("pkg-config" ,pkg-config)))
+ (propagated-inputs
+ ;; zlib in 'Requires.private' in libgit2.pc.
+ `(("zlib" ,zlib)))
+ (home-page "https://libgit2.github.com/";)
+ (synopsis "Library providing Git core methods")
+ (description
+ "Libgit2 is a portable, pure C implementation of the Git core methods
provided as a re-entrant linkable library with a solid API, allowing you to
write native speed custom Git applications in any language with bindings.")
- ;; GPLv2 with linking exception
- (license license:gpl2)))
+ ;; GPLv2 with linking exception
+ (license license:gpl2))))
(define-public git-crypt
(package
--
2.14.1