* [PR PATCH] Standalone LibreSSL libtls
@ 2021-02-13 14:28 leahneukirchen
2021-02-13 14:30 ` leahneukirchen
` (16 more replies)
0 siblings, 17 replies; 18+ messages in thread
From: leahneukirchen @ 2021-02-13 14:28 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 761 bytes --]
There is a new pull request by leahneukirchen against master on the void-packages repository
https://github.com/leahneukirchen/void-packages libtls
https://github.com/void-linux/void-packages/pull/28732
Standalone LibreSSL libtls
This extracts a package that only builds libtls.
- [ ] acme-client-0.1.16_5
- [x] catgirl-1.5_1
- [x] libressl-netcat-3.1.5_2
- [x] litterbox-1.7_1
- [x] openntpd-6.2p3_7
- [x] pounce-2.2_1
Problem is that acme-clients needs libtls *and* libssl.
asm patches are excluded for now, @q66 needs to state whether he wants to keep updating them, or we drop them.
I didn't do conflicts yet etc, this is more of a PoC right now.
A patch file from https://github.com/void-linux/void-packages/pull/28732.patch is attached
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-libtls-28732.patch --]
[-- Type: text/x-diff, Size: 10270 bytes --]
From 3735f3d457cfa31596b39d8bb77e6a425c564eac Mon Sep 17 00:00:00 2001
From: Leah Neukirchen <leah@vuxu.org>
Date: Sat, 13 Feb 2021 15:24:17 +0100
Subject: [PATCH 1/5] New package: libtls-3.2.4
Move libressl-nc to this package.
---
common/shlibs | 2 +-
srcpkgs/libressl-netcat | 2 +-
srcpkgs/libressl/template | 13 +--
srcpkgs/libtls-devel | 1 +
.../fail-instead-of-trying-fallback.patch | 21 ++++
srcpkgs/libtls/template | 98 +++++++++++++++++++
srcpkgs/libtls/update | 1 +
7 files changed, 124 insertions(+), 14 deletions(-)
create mode 120000 srcpkgs/libtls-devel
create mode 100644 srcpkgs/libtls/patches/fail-instead-of-trying-fallback.patch
create mode 100644 srcpkgs/libtls/template
create mode 100644 srcpkgs/libtls/update
diff --git a/common/shlibs b/common/shlibs
index 70596feb769..72892eb6b64 100644
--- a/common/shlibs
+++ b/common/shlibs
@@ -3505,7 +3505,7 @@ libfmt.so.7 fmt-7.0.3_1
libelementary-calendar.so.0 libio.elementary.calendar-4.2.3_1
libolm.so.3 olm-3.0.0_1
libcrypto.so.46 libcrypto46-3.1.1_1
-libtls.so.20 libtls20-3.1.1_1
+libtls.so.20 libtls-3.2.4_1
libssl.so.48 libssl48-3.1.1_1
libxmlb.so.2 libxmlb-0.2.1_1
libvoikko.so.1 libvoikko-4.2_1
diff --git a/srcpkgs/libressl-netcat b/srcpkgs/libressl-netcat
index cab5b6fcb51..fc098467c59 120000
--- a/srcpkgs/libressl-netcat
+++ b/srcpkgs/libressl-netcat
@@ -1 +1 @@
-libressl
\ No newline at end of file
+libtls
\ No newline at end of file
diff --git a/srcpkgs/libressl/template b/srcpkgs/libressl/template
index c9266796f7d..731168709b8 100644
--- a/srcpkgs/libressl/template
+++ b/srcpkgs/libressl/template
@@ -1,7 +1,7 @@
# Template file for 'libressl'
pkgname=libressl
version=3.1.5
-revision=2
+revision=3
bootstrap=yes
build_style=gnu-configure
configure_args="$(vopt_enable asm)"
@@ -107,14 +107,3 @@ libressl-devel_package() {
vmove usr/share/man/man3
}
}
-
-libressl-netcat_package() {
- short_desc="TCP/IP swiss army knife (LibreSSL variant)"
- alternatives="
- nc:nc:/usr/bin/libressl-nc
- nc:nc.1:/usr/share/man/man1/libressl-nc.1"
- pkg_install() {
- vbin apps/nc/.libs/nc libressl-nc
- vman apps/nc/nc.1 libressl-nc.1
- }
-}
diff --git a/srcpkgs/libtls-devel b/srcpkgs/libtls-devel
new file mode 120000
index 00000000000..fc098467c59
--- /dev/null
+++ b/srcpkgs/libtls-devel
@@ -0,0 +1 @@
+libtls
\ No newline at end of file
diff --git a/srcpkgs/libtls/patches/fail-instead-of-trying-fallback.patch b/srcpkgs/libtls/patches/fail-instead-of-trying-fallback.patch
new file mode 100644
index 00000000000..9df423ed7a2
--- /dev/null
+++ b/srcpkgs/libtls/patches/fail-instead-of-trying-fallback.patch
@@ -0,0 +1,21 @@
+<chris2> so, current flow for getentropy is
+<chris2> 1) use SYS_getrandom if it exists (true on glibc and musl)
+<chris2> 2) use /dev/urandom
+<chris2> 3) use sysctl (glibc only)
+<chris2> 4) use terrible fallback
+<chris2> and with a one-line patch it can instead kill itself after 3
+<chris2> so that should only affect processes running without /dev/urandom on old kernels
+<chris2> probably no harm else
+<xtraeme> +1
+
+--- crypto/compat/getentropy_linux.c.orig
++++ crypto/compat/getentropy_linux.c
+@@ -162,7 +162,7 @@
+ * sysctl ABI, or consider providing a new failsafe API which
+ * works in a chroot or when file descriptors are exhausted.
+ */
+-#undef FAIL_INSTEAD_OF_TRYING_FALLBACK
++#define FAIL_INSTEAD_OF_TRYING_FALLBACK
+ #ifdef FAIL_INSTEAD_OF_TRYING_FALLBACK
+ raise(SIGKILL);
+ #endif
diff --git a/srcpkgs/libtls/template b/srcpkgs/libtls/template
new file mode 100644
index 00000000000..db8d04f9549
--- /dev/null
+++ b/srcpkgs/libtls/template
@@ -0,0 +1,98 @@
+# Template file for 'libtls'
+pkgname=libtls
+version=3.2.4
+revision=1
+wrksrc="libressl-${version}"
+build_style=gnu-configure
+#configure_args="$(vopt_enable asm)"
+short_desc="Version of the TLS/crypto stack forked from OpenSSL"
+maintainer="Leah Neukirchen <leah@vuxu.org>"
+license="OpenSSL, ISC"
+changelog="https://raw.githubusercontent.com/libressl-portable/portable/master/ChangeLog"
+homepage="http://www.libressl.org/"
+distfiles="http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-${version}.tar.gz"
+checksum=ac1dbb9e05a64910856599b1ac61118fdec1b3d0c700e42444d81c0d5f507a5a
+_lssl_asm_ver="1.1.0"
+
+build_options="asm"
+desc_option_asm="Use platform assembly for faster crypto"
+
+if [ "$build_option_asm" ]; then
+ distfiles+=" https://github.com/q66/libressl-portable-asm/archive/v${_lssl_asm_ver}.tar.gz"
+ checksum+=" 7d92bf898c3a526cfdd804ea2e6ba1c89bd5a95589092e3ea585ef7c4818d789"
+fi
+
+# only enable asm for full chroots by default
+# otherwise we'd be introducing an autotools dependency on the host
+if [ "$CHROOT_READY" ]; then
+ build_options_default="asm"
+fi
+
+case "$XBPS_TARGET_MACHINE" in
+ # disable ssp
+ i686-musl) configure_args+=" --disable-hardening";;
+ # on armv5 always disable asm as it's not supported
+ armv5*) configure_args+=" --disable-asm";;
+esac
+
+if [ "$CROSS_BUILD" -o "$build_option_asm" ]; then
+ _regen_build=yes
+fi
+
+if [ -n "$_regen_build" ]; then
+ hostmakedepends=" automake libtool"
+fi
+
+post_extract() {
+ [ -z "$build_option_asm" ] && return 0
+ mv ../libressl-portable-asm-${_lssl_asm_ver} .
+}
+
+pre_configure() {
+ [ -z "$_regen_build" ] && return 0
+ if [ "$build_option_asm" ]; then
+ : # ./libressl-portable-asm-${_lssl_asm_ver}/patch_libressl.sh .
+ fi
+ autoreconf -if
+}
+
+do_install() {
+ make -C tls install DESTDIR="$DESTDIR"
+ make -C apps/nc install DESTDIR="$DESTDIR"
+}
+
+post_install() {
+ # Use CA file from ca-certificates instead.
+ #rm -f ${DESTDIR}/etc/ssl/cert.pem
+ #ln -s certs.pem ${DESTDIR}/etc/ssl/cert.pem
+
+ vlicense COPYING
+ if [ "$build_option_asm" ]; then
+ vlicense libressl-portable-asm-${_lssl_asm_ver}/LICENSE.cryptogams
+ vlicense libressl-portable-asm-${_lssl_asm_ver}/LICENSE.openssl
+ fi
+ #find ${DESTDIR}/usr/share/man/man1 -type f ! -name openssl.1 -delete
+}
+
+libtls-devel_package() {
+ short_desc+=" - development files"
+ depends="libtls-${version}_${revision}"
+ pkg_install() {
+ vinstall include/tls.h 644 usr/include
+ vmove "usr/lib/*.a"
+ vmove "usr/lib/*.so"
+ vinstall libtls.pc 644 usr/lib/pkgconfig
+ for m in man/tls_*; do vman $m; done
+ }
+}
+
+libressl-netcat_package() {
+ short_desc="TCP/IP swiss army knife (LibreSSL variant)"
+ alternatives="
+ nc:nc:/usr/bin/libressl-nc
+ nc:nc.1:/usr/share/man/man1/libressl-nc.1"
+ pkg_install() {
+ vbin apps/nc/.libs/nc libressl-nc
+ vman apps/nc/nc.1 libressl-nc.1
+ }
+}
diff --git a/srcpkgs/libtls/update b/srcpkgs/libtls/update
new file mode 100644
index 00000000000..a5d5038a832
--- /dev/null
+++ b/srcpkgs/libtls/update
@@ -0,0 +1 @@
+ignore="*.0 *.1"
From 8700df2e7705f051809c1de7beebacfda6463d33 Mon Sep 17 00:00:00 2001
From: Leah Neukirchen <leah@vuxu.org>
Date: Sat, 13 Feb 2021 15:25:13 +0100
Subject: [PATCH 2/5] catgirl: rebuild for libtls-3.2.4.
---
srcpkgs/catgirl/template | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/srcpkgs/catgirl/template b/srcpkgs/catgirl/template
index 24967a8c1f0..a338e53b1e4 100644
--- a/srcpkgs/catgirl/template
+++ b/srcpkgs/catgirl/template
@@ -1,11 +1,11 @@
# Template file for 'catgirl'
pkgname=catgirl
version=1.5
-revision=1
+revision=2
build_style=gnu-configure
make_build_target="all"
hostmakedepends="pkg-config"
-makedepends="libressl-devel ncurses-devel"
+makedepends="libtls-devel ncurses-devel"
short_desc="TLS-only terminal IRC client"
maintainer="Paper <paper@tilde.institute>"
license="GPL-3.0-or-later"
From d2b1ba6a9244c44a06b890f5667dc3a632cedb24 Mon Sep 17 00:00:00 2001
From: Leah Neukirchen <leah@vuxu.org>
Date: Sat, 13 Feb 2021 15:25:16 +0100
Subject: [PATCH 3/5] litterbox: rebuild for libtls-3.2.4.
---
srcpkgs/litterbox/template | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/srcpkgs/litterbox/template b/srcpkgs/litterbox/template
index ace7ae0b5df..ac855d9474b 100644
--- a/srcpkgs/litterbox/template
+++ b/srcpkgs/litterbox/template
@@ -1,11 +1,11 @@
# Template file for 'litterbox'
pkgname=litterbox
version=1.7
-revision=1
+revision=2
build_style=gnu-configure
make_build_target="all"
hostmakedepends="pkg-config"
-makedepends="sqlite-devel libressl-devel"
+makedepends="sqlite-devel libtls-devel"
short_desc="IRC logger"
maintainer="Allen Sobot <chilledfrogs@disroot.org>"
license="GPL-3.0-or-later"
From 4cfbcd1bb9d61c2682de4317838c36bd16a5ea55 Mon Sep 17 00:00:00 2001
From: Leah Neukirchen <leah@vuxu.org>
Date: Sat, 13 Feb 2021 15:25:22 +0100
Subject: [PATCH 4/5] pounce: rebuild for libtls-3.2.4.
---
srcpkgs/pounce/template | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/srcpkgs/pounce/template b/srcpkgs/pounce/template
index 57959706a54..62a4c618cac 100644
--- a/srcpkgs/pounce/template
+++ b/srcpkgs/pounce/template
@@ -1,11 +1,11 @@
# Template file for 'pounce'
pkgname=pounce
version=2.2
-revision=1
+revision=2
build_style=gnu-configure
make_build_target="all"
hostmakedepends="pkg-config"
-makedepends="libressl-devel"
+makedepends="libtls-devel"
short_desc="Multi-client, TLS-only IRC bouncer"
maintainer="Paper <paper@tilde.institute>"
license="GPL-3.0-or-later"
From af06f689ccdebe5b39de6f5402ef8255c6574387 Mon Sep 17 00:00:00 2001
From: Leah Neukirchen <leah@vuxu.org>
Date: Sat, 13 Feb 2021 15:25:30 +0100
Subject: [PATCH 5/5] openntpd: rebuild for libtls-3.2.4.
---
srcpkgs/openntpd/template | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/srcpkgs/openntpd/template b/srcpkgs/openntpd/template
index e7b1e2877ac..b7e7db5c41f 100644
--- a/srcpkgs/openntpd/template
+++ b/srcpkgs/openntpd/template
@@ -1,11 +1,11 @@
# Template file for 'openntpd'
pkgname=openntpd
version=6.2p3
-revision=7
+revision=8
build_style=gnu-configure
configure_args="--with-privsep-user=${pkgname} --with-cacert=/etc/ssl/certs.pem"
hostmakedepends="automake libtool"
-makedepends="libressl-devel"
+makedepends="libtls-devel"
depends="ca-certificates"
short_desc="FREE, easy to use implementation of the Network Time Protocol"
maintainer="Orphaned <orphan@voidlinux.org>"
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: Standalone LibreSSL libtls
2021-02-13 14:28 [PR PATCH] Standalone LibreSSL libtls leahneukirchen
@ 2021-02-13 14:30 ` leahneukirchen
2021-02-13 14:41 ` ericonr
` (15 subsequent siblings)
16 siblings, 0 replies; 18+ messages in thread
From: leahneukirchen @ 2021-02-13 14:30 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 263 bytes --]
New comment by leahneukirchen on void-packages repository
https://github.com/void-linux/void-packages/pull/28732#issuecomment-778627286
Comment:
For acme-client we need a better idea probably, not sure it would build with any of the other libtls shims as well.
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: Standalone LibreSSL libtls
2021-02-13 14:28 [PR PATCH] Standalone LibreSSL libtls leahneukirchen
2021-02-13 14:30 ` leahneukirchen
@ 2021-02-13 14:41 ` ericonr
2021-02-13 17:28 ` paper42
` (14 subsequent siblings)
16 siblings, 0 replies; 18+ messages in thread
From: ericonr @ 2021-02-13 14:41 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 194 bytes --]
New comment by ericonr on void-packages repository
https://github.com/void-linux/void-packages/pull/28732#issuecomment-778628528
Comment:
@paper42 would you be willing to try this branch out?
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: Standalone LibreSSL libtls
2021-02-13 14:28 [PR PATCH] Standalone LibreSSL libtls leahneukirchen
2021-02-13 14:30 ` leahneukirchen
2021-02-13 14:41 ` ericonr
@ 2021-02-13 17:28 ` paper42
2021-02-13 17:37 ` Duncaen
` (13 subsequent siblings)
16 siblings, 0 replies; 18+ messages in thread
From: paper42 @ 2021-02-13 17:28 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 167 bytes --]
New comment by paper42 on void-packages repository
https://github.com/void-linux/void-packages/pull/28732#issuecomment-778649642
Comment:
catgirl seems to work fine
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: Standalone LibreSSL libtls
2021-02-13 14:28 [PR PATCH] Standalone LibreSSL libtls leahneukirchen
` (2 preceding siblings ...)
2021-02-13 17:28 ` paper42
@ 2021-02-13 17:37 ` Duncaen
2021-02-13 18:40 ` Johnnynator
` (12 subsequent siblings)
16 siblings, 0 replies; 18+ messages in thread
From: Duncaen @ 2021-02-13 17:37 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 209 bytes --]
New comment by Duncaen on void-packages repository
https://github.com/void-linux/void-packages/pull/28732#issuecomment-778650818
Comment:
acme-client is pretty much dead, no idea if this even works anymore.
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: Standalone LibreSSL libtls
2021-02-13 14:28 [PR PATCH] Standalone LibreSSL libtls leahneukirchen
` (3 preceding siblings ...)
2021-02-13 17:37 ` Duncaen
@ 2021-02-13 18:40 ` Johnnynator
2021-02-13 21:24 ` fosslinux
` (11 subsequent siblings)
16 siblings, 0 replies; 18+ messages in thread
From: Johnnynator @ 2021-02-13 18:40 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 280 bytes --]
New comment by Johnnynator on void-packages repository
https://github.com/void-linux/void-packages/pull/28732#issuecomment-778660077
Comment:
Alpine seems to use a different fork than we do: https://git.sr.ht/~graywolf/acme-client-portable which still does seem to get updates.
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: Standalone LibreSSL libtls
2021-02-13 14:28 [PR PATCH] Standalone LibreSSL libtls leahneukirchen
` (4 preceding siblings ...)
2021-02-13 18:40 ` Johnnynator
@ 2021-02-13 21:24 ` fosslinux
2021-02-22 0:13 ` q66
` (10 subsequent siblings)
16 siblings, 0 replies; 18+ messages in thread
From: fosslinux @ 2021-02-13 21:24 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 288 bytes --]
New comment by fosslinux on void-packages repository
https://github.com/void-linux/void-packages/pull/28732#issuecomment-778680290
Comment:
Don't think the asm patches are worth it for the causal.agency suite or openntpd, they aren't all that speed-sensitive (IRC and NTP). Just my 2c.
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: Standalone LibreSSL libtls
2021-02-13 14:28 [PR PATCH] Standalone LibreSSL libtls leahneukirchen
` (5 preceding siblings ...)
2021-02-13 21:24 ` fosslinux
@ 2021-02-22 0:13 ` q66
2021-02-27 23:26 ` leahneukirchen
` (9 subsequent siblings)
16 siblings, 0 replies; 18+ messages in thread
From: q66 @ 2021-02-22 0:13 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 319 bytes --]
New comment by q66 on void-packages repository
https://github.com/void-linux/void-packages/pull/28732#issuecomment-782957802
Comment:
you should probably be able to just drop the asm patches in the same way as we do for libressl right now
I can probably rebase them when needed, worst case we can drop them later
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: Standalone LibreSSL libtls
2021-02-13 14:28 [PR PATCH] Standalone LibreSSL libtls leahneukirchen
` (6 preceding siblings ...)
2021-02-22 0:13 ` q66
@ 2021-02-27 23:26 ` leahneukirchen
2021-02-28 0:12 ` q66
` (8 subsequent siblings)
16 siblings, 0 replies; 18+ messages in thread
From: leahneukirchen @ 2021-02-27 23:26 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 190 bytes --]
New comment by leahneukirchen on void-packages repository
https://github.com/void-linux/void-packages/pull/28732#issuecomment-787203407
Comment:
@q66 yes, they don't apply cleanly on 3.2.
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: Standalone LibreSSL libtls
2021-02-13 14:28 [PR PATCH] Standalone LibreSSL libtls leahneukirchen
` (7 preceding siblings ...)
2021-02-27 23:26 ` leahneukirchen
@ 2021-02-28 0:12 ` q66
2021-02-28 15:11 ` [PR PATCH] [Closed]: " leahneukirchen
` (7 subsequent siblings)
16 siblings, 0 replies; 18+ messages in thread
From: q66 @ 2021-02-28 0:12 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 214 bytes --]
New comment by q66 on void-packages repository
https://github.com/void-linux/void-packages/pull/28732#issuecomment-787207997
Comment:
now they do: https://github.com/q66/libressl-portable-asm/releases/tag/v1.2.0
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [PR PATCH] [Closed]: Standalone LibreSSL libtls
2021-02-13 14:28 [PR PATCH] Standalone LibreSSL libtls leahneukirchen
` (8 preceding siblings ...)
2021-02-28 0:12 ` q66
@ 2021-02-28 15:11 ` leahneukirchen
2021-02-28 15:11 ` [PR PATCH] [Updated] " leahneukirchen
` (6 subsequent siblings)
16 siblings, 0 replies; 18+ messages in thread
From: leahneukirchen @ 2021-02-28 15:11 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 597 bytes --]
There's a closed pull request on the void-packages repository
Standalone LibreSSL libtls
https://github.com/void-linux/void-packages/pull/28732
Description:
This extracts a package that only builds libtls.
- [ ] acme-client-0.1.16_5
- [x] catgirl-1.5_1
- [x] libressl-netcat-3.1.5_2
- [x] litterbox-1.7_1
- [x] openntpd-6.2p3_7
- [x] pounce-2.2_1
Problem is that acme-clients needs libtls *and* libssl.
asm patches are excluded for now, @q66 needs to state whether he wants to keep updating them, or we drop them.
I didn't do conflicts yet etc, this is more of a PoC right now.
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [PR PATCH] [Updated] Standalone LibreSSL libtls
2021-02-13 14:28 [PR PATCH] Standalone LibreSSL libtls leahneukirchen
` (9 preceding siblings ...)
2021-02-28 15:11 ` [PR PATCH] [Closed]: " leahneukirchen
@ 2021-02-28 15:11 ` leahneukirchen
2021-02-28 15:12 ` leahneukirchen
` (5 subsequent siblings)
16 siblings, 0 replies; 18+ messages in thread
From: leahneukirchen @ 2021-02-28 15:11 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 766 bytes --]
There is an updated pull request by leahneukirchen against master on the void-packages repository
https://github.com/leahneukirchen/void-packages libtls
https://github.com/void-linux/void-packages/pull/28732
Standalone LibreSSL libtls
This extracts a package that only builds libtls.
- [ ] acme-client-0.1.16_5
- [x] catgirl-1.5_1
- [x] libressl-netcat-3.1.5_2
- [x] litterbox-1.7_1
- [x] openntpd-6.2p3_7
- [x] pounce-2.2_1
Problem is that acme-clients needs libtls *and* libssl.
asm patches are excluded for now, @q66 needs to state whether he wants to keep updating them, or we drop them.
I didn't do conflicts yet etc, this is more of a PoC right now.
A patch file from https://github.com/void-linux/void-packages/pull/28732.patch is attached
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-libtls-28732.patch --]
[-- Type: text/x-diff, Size: 0 bytes --]
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [PR PATCH] [Updated] Standalone LibreSSL libtls
2021-02-13 14:28 [PR PATCH] Standalone LibreSSL libtls leahneukirchen
` (10 preceding siblings ...)
2021-02-28 15:11 ` [PR PATCH] [Updated] " leahneukirchen
@ 2021-02-28 15:12 ` leahneukirchen
2021-02-28 15:19 ` leahneukirchen
` (4 subsequent siblings)
16 siblings, 0 replies; 18+ messages in thread
From: leahneukirchen @ 2021-02-28 15:12 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 766 bytes --]
There is an updated pull request by leahneukirchen against master on the void-packages repository
https://github.com/leahneukirchen/void-packages libtls
https://github.com/void-linux/void-packages/pull/28732
Standalone LibreSSL libtls
This extracts a package that only builds libtls.
- [ ] acme-client-0.1.16_5
- [x] catgirl-1.5_1
- [x] libressl-netcat-3.1.5_2
- [x] litterbox-1.7_1
- [x] openntpd-6.2p3_7
- [x] pounce-2.2_1
Problem is that acme-clients needs libtls *and* libssl.
asm patches are excluded for now, @q66 needs to state whether he wants to keep updating them, or we drop them.
I didn't do conflicts yet etc, this is more of a PoC right now.
A patch file from https://github.com/void-linux/void-packages/pull/28732.patch is attached
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-libtls-28732.patch --]
[-- Type: text/x-diff, Size: 12150 bytes --]
From 5aa9827ca829507ca8f4a7d18eb03408e7b998e5 Mon Sep 17 00:00:00 2001
From: Leah Neukirchen <leah@vuxu.org>
Date: Sat, 13 Feb 2021 15:24:17 +0100
Subject: [PATCH 1/6] New package: libtls-3.2.4
Move libressl-nc to this package.
---
common/shlibs | 2 +-
srcpkgs/libressl-netcat | 2 +-
srcpkgs/libressl/template | 13 +--
srcpkgs/libtls-devel | 1 +
.../fail-instead-of-trying-fallback.patch | 21 +++++
srcpkgs/libtls/template | 94 +++++++++++++++++++
srcpkgs/libtls/update | 1 +
7 files changed, 120 insertions(+), 14 deletions(-)
create mode 120000 srcpkgs/libtls-devel
create mode 100644 srcpkgs/libtls/patches/fail-instead-of-trying-fallback.patch
create mode 100644 srcpkgs/libtls/template
create mode 100644 srcpkgs/libtls/update
diff --git a/common/shlibs b/common/shlibs
index 959f1692961..7c4bd4d8f39 100644
--- a/common/shlibs
+++ b/common/shlibs
@@ -3446,7 +3446,7 @@ libfmt.so.7 fmt-7.0.3_1
libelementary-calendar.so.0 libio.elementary.calendar-4.2.3_1
libolm.so.3 olm-3.0.0_1
libcrypto.so.46 libcrypto46-3.1.1_1
-libtls.so.20 libtls20-3.1.1_1
+libtls.so.20 libtls-3.2.4_1
libssl.so.48 libssl48-3.1.1_1
libxmlb.so.2 libxmlb-0.2.1_1
libvoikko.so.1 libvoikko-4.2_1
diff --git a/srcpkgs/libressl-netcat b/srcpkgs/libressl-netcat
index cab5b6fcb51..fc098467c59 120000
--- a/srcpkgs/libressl-netcat
+++ b/srcpkgs/libressl-netcat
@@ -1 +1 @@
-libressl
\ No newline at end of file
+libtls
\ No newline at end of file
diff --git a/srcpkgs/libressl/template b/srcpkgs/libressl/template
index c9266796f7d..731168709b8 100644
--- a/srcpkgs/libressl/template
+++ b/srcpkgs/libressl/template
@@ -1,7 +1,7 @@
# Template file for 'libressl'
pkgname=libressl
version=3.1.5
-revision=2
+revision=3
bootstrap=yes
build_style=gnu-configure
configure_args="$(vopt_enable asm)"
@@ -107,14 +107,3 @@ libressl-devel_package() {
vmove usr/share/man/man3
}
}
-
-libressl-netcat_package() {
- short_desc="TCP/IP swiss army knife (LibreSSL variant)"
- alternatives="
- nc:nc:/usr/bin/libressl-nc
- nc:nc.1:/usr/share/man/man1/libressl-nc.1"
- pkg_install() {
- vbin apps/nc/.libs/nc libressl-nc
- vman apps/nc/nc.1 libressl-nc.1
- }
-}
diff --git a/srcpkgs/libtls-devel b/srcpkgs/libtls-devel
new file mode 120000
index 00000000000..fc098467c59
--- /dev/null
+++ b/srcpkgs/libtls-devel
@@ -0,0 +1 @@
+libtls
\ No newline at end of file
diff --git a/srcpkgs/libtls/patches/fail-instead-of-trying-fallback.patch b/srcpkgs/libtls/patches/fail-instead-of-trying-fallback.patch
new file mode 100644
index 00000000000..9df423ed7a2
--- /dev/null
+++ b/srcpkgs/libtls/patches/fail-instead-of-trying-fallback.patch
@@ -0,0 +1,21 @@
+<chris2> so, current flow for getentropy is
+<chris2> 1) use SYS_getrandom if it exists (true on glibc and musl)
+<chris2> 2) use /dev/urandom
+<chris2> 3) use sysctl (glibc only)
+<chris2> 4) use terrible fallback
+<chris2> and with a one-line patch it can instead kill itself after 3
+<chris2> so that should only affect processes running without /dev/urandom on old kernels
+<chris2> probably no harm else
+<xtraeme> +1
+
+--- crypto/compat/getentropy_linux.c.orig
++++ crypto/compat/getentropy_linux.c
+@@ -162,7 +162,7 @@
+ * sysctl ABI, or consider providing a new failsafe API which
+ * works in a chroot or when file descriptors are exhausted.
+ */
+-#undef FAIL_INSTEAD_OF_TRYING_FALLBACK
++#define FAIL_INSTEAD_OF_TRYING_FALLBACK
+ #ifdef FAIL_INSTEAD_OF_TRYING_FALLBACK
+ raise(SIGKILL);
+ #endif
diff --git a/srcpkgs/libtls/template b/srcpkgs/libtls/template
new file mode 100644
index 00000000000..91903d67054
--- /dev/null
+++ b/srcpkgs/libtls/template
@@ -0,0 +1,94 @@
+# Template file for 'libtls'
+pkgname=libtls
+version=3.2.4
+revision=1
+wrksrc="libressl-${version}"
+build_style=gnu-configure
+#configure_args="$(vopt_enable asm)"
+short_desc="Version of the TLS/crypto stack forked from OpenSSL"
+maintainer="Leah Neukirchen <leah@vuxu.org>"
+license="OpenSSL, ISC"
+changelog="https://raw.githubusercontent.com/libressl-portable/portable/master/ChangeLog"
+homepage="http://www.libressl.org/"
+distfiles="http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-${version}.tar.gz"
+checksum=ac1dbb9e05a64910856599b1ac61118fdec1b3d0c700e42444d81c0d5f507a5a
+_lssl_asm_ver="1.2.0"
+
+build_options="asm"
+desc_option_asm="Use platform assembly for faster crypto"
+
+if [ "$build_option_asm" ]; then
+ distfiles+=" https://github.com/q66/libressl-portable-asm/archive/v${_lssl_asm_ver}.tar.gz"
+ checksum+=" e1c76178c4deb1cd20a0cd7ba553d6607f8131acb2e0844223f797e42f0d6f60"
+fi
+
+# only enable asm for full chroots by default
+# otherwise we'd be introducing an autotools dependency on the host
+if [ "$CHROOT_READY" ]; then
+ build_options_default="asm"
+fi
+
+case "$XBPS_TARGET_MACHINE" in
+ # disable ssp
+ i686-musl) configure_args+=" --disable-hardening";;
+ # on armv5 always disable asm as it's not supported
+ armv5*) configure_args+=" --disable-asm";;
+esac
+
+if [ "$CROSS_BUILD" -o "$build_option_asm" ]; then
+ _regen_build=yes
+fi
+
+if [ -n "$_regen_build" ]; then
+ hostmakedepends=" automake libtool"
+fi
+
+post_extract() {
+ [ -z "$build_option_asm" ] && return 0
+ mv ../libressl-portable-asm-${_lssl_asm_ver} .
+}
+
+pre_configure() {
+ [ -z "$_regen_build" ] && return 0
+ if [ "$build_option_asm" ]; then
+ ./libressl-portable-asm-${_lssl_asm_ver}/patch_libressl.sh .
+ fi
+ autoreconf -if
+}
+
+do_install() {
+ make -C tls install DESTDIR="$DESTDIR"
+ make -C apps/nc install DESTDIR="$DESTDIR"
+}
+
+post_install() {
+ vlicense COPYING
+ if [ "$build_option_asm" ]; then
+ vlicense libressl-portable-asm-${_lssl_asm_ver}/LICENSE.cryptogams
+ vlicense libressl-portable-asm-${_lssl_asm_ver}/LICENSE.openssl
+ fi
+ #find ${DESTDIR}/usr/share/man/man1 -type f ! -name openssl.1 -delete
+}
+
+libtls-devel_package() {
+ short_desc+=" - development files"
+ depends="libtls-${version}_${revision}"
+ pkg_install() {
+ vinstall include/tls.h 644 usr/include
+ vmove "usr/lib/*.a"
+ vmove "usr/lib/*.so"
+ vinstall libtls.pc 644 usr/lib/pkgconfig
+ for m in man/tls_*; do vman $m; done
+ }
+}
+
+libressl-netcat_package() {
+ short_desc="TCP/IP swiss army knife (LibreSSL variant)"
+ alternatives="
+ nc:nc:/usr/bin/libressl-nc
+ nc:nc.1:/usr/share/man/man1/libressl-nc.1"
+ pkg_install() {
+ vbin apps/nc/.libs/nc libressl-nc
+ vman apps/nc/nc.1 libressl-nc.1
+ }
+}
diff --git a/srcpkgs/libtls/update b/srcpkgs/libtls/update
new file mode 100644
index 00000000000..a5d5038a832
--- /dev/null
+++ b/srcpkgs/libtls/update
@@ -0,0 +1 @@
+ignore="*.0 *.1"
From eb852507409f6a0334177988ec11dc7b9c37ae40 Mon Sep 17 00:00:00 2001
From: Leah Neukirchen <leah@vuxu.org>
Date: Sat, 13 Feb 2021 15:25:13 +0100
Subject: [PATCH 2/6] catgirl: rebuild for libtls-3.2.4.
---
srcpkgs/catgirl/template | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/srcpkgs/catgirl/template b/srcpkgs/catgirl/template
index 4a93282dc54..6ddf5e3bb62 100644
--- a/srcpkgs/catgirl/template
+++ b/srcpkgs/catgirl/template
@@ -1,11 +1,11 @@
# Template file for 'catgirl'
pkgname=catgirl
version=1.6
-revision=1
+revision=2
build_style=gnu-configure
make_build_target="all"
hostmakedepends="pkg-config"
-makedepends="libressl-devel ncurses-devel"
+makedepends="libtls-devel ncurses-devel"
short_desc="TLS-only terminal IRC client"
maintainer="Paper <paper@tilde.institute>"
license="GPL-3.0-or-later"
From 9e6ba6a3dfdd8c554e54a02721d0f58a145ff6d2 Mon Sep 17 00:00:00 2001
From: Leah Neukirchen <leah@vuxu.org>
Date: Sat, 13 Feb 2021 15:25:16 +0100
Subject: [PATCH 3/6] litterbox: rebuild for libtls-3.2.4.
---
srcpkgs/litterbox/template | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/srcpkgs/litterbox/template b/srcpkgs/litterbox/template
index ace7ae0b5df..ac855d9474b 100644
--- a/srcpkgs/litterbox/template
+++ b/srcpkgs/litterbox/template
@@ -1,11 +1,11 @@
# Template file for 'litterbox'
pkgname=litterbox
version=1.7
-revision=1
+revision=2
build_style=gnu-configure
make_build_target="all"
hostmakedepends="pkg-config"
-makedepends="sqlite-devel libressl-devel"
+makedepends="sqlite-devel libtls-devel"
short_desc="IRC logger"
maintainer="Allen Sobot <chilledfrogs@disroot.org>"
license="GPL-3.0-or-later"
From 3b9cd239322c3dbe2581dc8c61de16551f12675f Mon Sep 17 00:00:00 2001
From: Leah Neukirchen <leah@vuxu.org>
Date: Sat, 13 Feb 2021 15:25:22 +0100
Subject: [PATCH 4/6] pounce: rebuild for libtls-3.2.4.
---
srcpkgs/pounce/template | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/srcpkgs/pounce/template b/srcpkgs/pounce/template
index 63b55178a17..4e33113d349 100644
--- a/srcpkgs/pounce/template
+++ b/srcpkgs/pounce/template
@@ -1,11 +1,11 @@
# Template file for 'pounce'
pkgname=pounce
version=2.3
-revision=1
+revision=2
build_style=gnu-configure
make_build_target="all"
hostmakedepends="pkg-config"
-makedepends="libressl-devel"
+makedepends="libtls-devel"
short_desc="Multi-client, TLS-only IRC bouncer"
maintainer="Paper <paper@tilde.institute>"
license="GPL-3.0-or-later"
From b3f71f708063e2a4acb35d9e6d349f96baee43f0 Mon Sep 17 00:00:00 2001
From: Leah Neukirchen <leah@vuxu.org>
Date: Sat, 13 Feb 2021 15:25:30 +0100
Subject: [PATCH 5/6] openntpd: rebuild for libtls-3.2.4.
---
srcpkgs/openntpd/template | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/srcpkgs/openntpd/template b/srcpkgs/openntpd/template
index e7b1e2877ac..b7e7db5c41f 100644
--- a/srcpkgs/openntpd/template
+++ b/srcpkgs/openntpd/template
@@ -1,11 +1,11 @@
# Template file for 'openntpd'
pkgname=openntpd
version=6.2p3
-revision=7
+revision=8
build_style=gnu-configure
configure_args="--with-privsep-user=${pkgname} --with-cacert=/etc/ssl/certs.pem"
hostmakedepends="automake libtool"
-makedepends="libressl-devel"
+makedepends="libtls-devel"
depends="ca-certificates"
short_desc="FREE, easy to use implementation of the Network Time Protocol"
maintainer="Orphaned <orphan@voidlinux.org>"
From 659f81806e174af01fe9d0cd4611778bf2f8364b Mon Sep 17 00:00:00 2001
From: Leah Neukirchen <leah@vuxu.org>
Date: Sun, 28 Feb 2021 16:10:02 +0100
Subject: [PATCH 6/6] acme-client: remove, unmaintained upstream.
---
srcpkgs/acme-client/INSTALL.msg | 1 -
srcpkgs/acme-client/template | 25 -------------------------
srcpkgs/acme-client/update | 1 -
3 files changed, 27 deletions(-)
delete mode 100644 srcpkgs/acme-client/INSTALL.msg
delete mode 100644 srcpkgs/acme-client/template
delete mode 100644 srcpkgs/acme-client/update
diff --git a/srcpkgs/acme-client/INSTALL.msg b/srcpkgs/acme-client/INSTALL.msg
deleted file mode 100644
index a799d36a283..00000000000
--- a/srcpkgs/acme-client/INSTALL.msg
+++ /dev/null
@@ -1 +0,0 @@
-NOTE: acme-client uses new default directories since version 0.1.12
diff --git a/srcpkgs/acme-client/template b/srcpkgs/acme-client/template
deleted file mode 100644
index d583ddfa476..00000000000
--- a/srcpkgs/acme-client/template
+++ /dev/null
@@ -1,25 +0,0 @@
-# Template file for 'acme-client'
-pkgname=acme-client
-version=0.1.16
-revision=5
-_distver=VERSION_${version//./_}
-wrksrc=acme-client-portable-${_distver}
-build_style=gnu-makefile
-make_install_args="MAN1DIR=/usr/share/man/man1 BINDIR=/usr/bin"
-hostmakedepends="pkg-config"
-makedepends="libbsd-devel libressl-devel"
-short_desc="A secure ACME client"
-maintainer="Toyam Cox <Vaelatern@gmail.com>"
-license="ISC"
-homepage="https://kristaps.bsd.lv/acme-client/"
-distfiles="https://github.com/kristapsdz/acme-client-portable/archive/${_distver}.tar.gz"
-checksum=69d5867ae8b7db49f08a0c536655e41f960bab7c033b234ff0e2a03fab98f667
-
-CFLAGS="-fcommon -DHAVE_CONFIG_H"
-case "$XBPS_TARGET_MACHINE" in
- *-musl) CFLAGS+=" -DMUSL_LIBC" ;;
-esac
-
-post_install() {
- vlicense LICENSE.md
-}
diff --git a/srcpkgs/acme-client/update b/srcpkgs/acme-client/update
deleted file mode 100644
index d56d0ea5fd7..00000000000
--- a/srcpkgs/acme-client/update
+++ /dev/null
@@ -1 +0,0 @@
-pattern='VERSION_\K[\d_]+'
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [PR PATCH] [Updated] Standalone LibreSSL libtls
2021-02-13 14:28 [PR PATCH] Standalone LibreSSL libtls leahneukirchen
` (11 preceding siblings ...)
2021-02-28 15:12 ` leahneukirchen
@ 2021-02-28 15:19 ` leahneukirchen
2021-02-28 15:35 ` leahneukirchen
` (3 subsequent siblings)
16 siblings, 0 replies; 18+ messages in thread
From: leahneukirchen @ 2021-02-28 15:19 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 766 bytes --]
There is an updated pull request by leahneukirchen against master on the void-packages repository
https://github.com/leahneukirchen/void-packages libtls
https://github.com/void-linux/void-packages/pull/28732
Standalone LibreSSL libtls
This extracts a package that only builds libtls.
- [ ] acme-client-0.1.16_5
- [x] catgirl-1.5_1
- [x] libressl-netcat-3.1.5_2
- [x] litterbox-1.7_1
- [x] openntpd-6.2p3_7
- [x] pounce-2.2_1
Problem is that acme-clients needs libtls *and* libssl.
asm patches are excluded for now, @q66 needs to state whether he wants to keep updating them, or we drop them.
I didn't do conflicts yet etc, this is more of a PoC right now.
A patch file from https://github.com/void-linux/void-packages/pull/28732.patch is attached
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-libtls-28732.patch --]
[-- Type: text/x-diff, Size: 11334 bytes --]
From 45f543f1986ac5897b6ddee781f1cc0df665a66f Mon Sep 17 00:00:00 2001
From: Leah Neukirchen <leah@vuxu.org>
Date: Sat, 13 Feb 2021 15:24:17 +0100
Subject: [PATCH 1/7] libressl-netcat: remove, will be moved to libtls.
---
common/shlibs | 2 +-
srcpkgs/libressl-netcat | 1 -
srcpkgs/libressl/template | 13 +------------
3 files changed, 2 insertions(+), 14 deletions(-)
delete mode 120000 srcpkgs/libressl-netcat
diff --git a/common/shlibs b/common/shlibs
index 959f1692961..7c4bd4d8f39 100644
--- a/common/shlibs
+++ b/common/shlibs
@@ -3446,7 +3446,7 @@ libfmt.so.7 fmt-7.0.3_1
libelementary-calendar.so.0 libio.elementary.calendar-4.2.3_1
libolm.so.3 olm-3.0.0_1
libcrypto.so.46 libcrypto46-3.1.1_1
-libtls.so.20 libtls20-3.1.1_1
+libtls.so.20 libtls-3.2.4_1
libssl.so.48 libssl48-3.1.1_1
libxmlb.so.2 libxmlb-0.2.1_1
libvoikko.so.1 libvoikko-4.2_1
diff --git a/srcpkgs/libressl-netcat b/srcpkgs/libressl-netcat
deleted file mode 120000
index cab5b6fcb51..00000000000
--- a/srcpkgs/libressl-netcat
+++ /dev/null
@@ -1 +0,0 @@
-libressl
\ No newline at end of file
diff --git a/srcpkgs/libressl/template b/srcpkgs/libressl/template
index c9266796f7d..731168709b8 100644
--- a/srcpkgs/libressl/template
+++ b/srcpkgs/libressl/template
@@ -1,7 +1,7 @@
# Template file for 'libressl'
pkgname=libressl
version=3.1.5
-revision=2
+revision=3
bootstrap=yes
build_style=gnu-configure
configure_args="$(vopt_enable asm)"
@@ -107,14 +107,3 @@ libressl-devel_package() {
vmove usr/share/man/man3
}
}
-
-libressl-netcat_package() {
- short_desc="TCP/IP swiss army knife (LibreSSL variant)"
- alternatives="
- nc:nc:/usr/bin/libressl-nc
- nc:nc.1:/usr/share/man/man1/libressl-nc.1"
- pkg_install() {
- vbin apps/nc/.libs/nc libressl-nc
- vman apps/nc/nc.1 libressl-nc.1
- }
-}
From 4a7a2e0b67833cd75d9ad6ee682d4b7ba58fbd8f Mon Sep 17 00:00:00 2001
From: Leah Neukirchen <leah@vuxu.org>
Date: Sat, 13 Feb 2021 15:24:17 +0100
Subject: [PATCH 2/7] New package: libtls-3.2.4
---
srcpkgs/libressl-netcat | 1 +
srcpkgs/libtls-devel | 1 +
srcpkgs/libtls/template | 94 +++++++++++++++++++++++++++++++++++++++++
srcpkgs/libtls/update | 1 +
4 files changed, 97 insertions(+)
create mode 120000 srcpkgs/libressl-netcat
create mode 120000 srcpkgs/libtls-devel
create mode 100644 srcpkgs/libtls/template
create mode 100644 srcpkgs/libtls/update
diff --git a/srcpkgs/libressl-netcat b/srcpkgs/libressl-netcat
new file mode 120000
index 00000000000..fc098467c59
--- /dev/null
+++ b/srcpkgs/libressl-netcat
@@ -0,0 +1 @@
+libtls
\ No newline at end of file
diff --git a/srcpkgs/libtls-devel b/srcpkgs/libtls-devel
new file mode 120000
index 00000000000..fc098467c59
--- /dev/null
+++ b/srcpkgs/libtls-devel
@@ -0,0 +1 @@
+libtls
\ No newline at end of file
diff --git a/srcpkgs/libtls/template b/srcpkgs/libtls/template
new file mode 100644
index 00000000000..9577944a860
--- /dev/null
+++ b/srcpkgs/libtls/template
@@ -0,0 +1,94 @@
+# Template file for 'libtls'
+pkgname=libtls
+version=3.2.4
+revision=1
+wrksrc="libressl-${version}"
+build_style=gnu-configure
+#configure_args="$(vopt_enable asm)"
+short_desc="Version of the TLS/crypto stack forked from OpenSSL"
+maintainer="Leah Neukirchen <leah@vuxu.org>"
+license="OpenSSL, ISC"
+homepage="http://www.libressl.org/"
+changelog="https://raw.githubusercontent.com/libressl-portable/portable/master/ChangeLog"
+distfiles="http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-${version}.tar.gz"
+checksum=ac1dbb9e05a64910856599b1ac61118fdec1b3d0c700e42444d81c0d5f507a5a
+_lssl_asm_ver="1.2.0"
+
+build_options="asm"
+desc_option_asm="Use platform assembly for faster crypto"
+
+if [ "$build_option_asm" ]; then
+ distfiles+=" https://github.com/q66/libressl-portable-asm/archive/v${_lssl_asm_ver}.tar.gz"
+ checksum+=" e1c76178c4deb1cd20a0cd7ba553d6607f8131acb2e0844223f797e42f0d6f60"
+fi
+
+# only enable asm for full chroots by default
+# otherwise we'd be introducing an autotools dependency on the host
+if [ "$CHROOT_READY" ]; then
+ build_options_default="asm"
+fi
+
+case "$XBPS_TARGET_MACHINE" in
+ # disable ssp
+ i686-musl) configure_args+=" --disable-hardening";;
+ # on armv5 always disable asm as it's not supported
+ armv5*) configure_args+=" --disable-asm";;
+esac
+
+if [ "$CROSS_BUILD" -o "$build_option_asm" ]; then
+ _regen_build=yes
+fi
+
+if [ -n "$_regen_build" ]; then
+ hostmakedepends=" automake libtool"
+fi
+
+post_extract() {
+ [ -z "$build_option_asm" ] && return 0
+ mv ../libressl-portable-asm-${_lssl_asm_ver} .
+}
+
+pre_configure() {
+ [ -z "$_regen_build" ] && return 0
+ if [ "$build_option_asm" ]; then
+ ./libressl-portable-asm-${_lssl_asm_ver}/patch_libressl.sh .
+ fi
+ autoreconf -if
+}
+
+do_install() {
+ make -C tls install DESTDIR="$DESTDIR"
+ make -C apps/nc install DESTDIR="$DESTDIR"
+}
+
+post_install() {
+ vlicense COPYING
+ if [ "$build_option_asm" ]; then
+ vlicense libressl-portable-asm-${_lssl_asm_ver}/LICENSE.cryptogams
+ vlicense libressl-portable-asm-${_lssl_asm_ver}/LICENSE.openssl
+ fi
+ #find ${DESTDIR}/usr/share/man/man1 -type f ! -name openssl.1 -delete
+}
+
+libtls-devel_package() {
+ short_desc+=" - development files"
+ depends="libtls-${version}_${revision}"
+ pkg_install() {
+ vinstall include/tls.h 644 usr/include
+ vmove "usr/lib/*.a"
+ vmove "usr/lib/*.so"
+ vinstall libtls.pc 644 usr/lib/pkgconfig
+ for m in man/tls_*; do vman $m; done
+ }
+}
+
+libressl-netcat_package() {
+ short_desc="TCP/IP swiss army knife (LibreSSL variant)"
+ alternatives="
+ nc:nc:/usr/bin/libressl-nc
+ nc:nc.1:/usr/share/man/man1/libressl-nc.1"
+ pkg_install() {
+ vbin apps/nc/.libs/nc libressl-nc
+ vman apps/nc/nc.1 libressl-nc.1
+ }
+}
diff --git a/srcpkgs/libtls/update b/srcpkgs/libtls/update
new file mode 100644
index 00000000000..a5d5038a832
--- /dev/null
+++ b/srcpkgs/libtls/update
@@ -0,0 +1 @@
+ignore="*.0 *.1"
From 621cfb144508b2874a83f43bbcc9d228fe12b730 Mon Sep 17 00:00:00 2001
From: Leah Neukirchen <leah@vuxu.org>
Date: Sat, 13 Feb 2021 15:25:13 +0100
Subject: [PATCH 3/7] catgirl: rebuild for libtls-3.2.4.
---
srcpkgs/catgirl/template | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/srcpkgs/catgirl/template b/srcpkgs/catgirl/template
index 4a93282dc54..6ddf5e3bb62 100644
--- a/srcpkgs/catgirl/template
+++ b/srcpkgs/catgirl/template
@@ -1,11 +1,11 @@
# Template file for 'catgirl'
pkgname=catgirl
version=1.6
-revision=1
+revision=2
build_style=gnu-configure
make_build_target="all"
hostmakedepends="pkg-config"
-makedepends="libressl-devel ncurses-devel"
+makedepends="libtls-devel ncurses-devel"
short_desc="TLS-only terminal IRC client"
maintainer="Paper <paper@tilde.institute>"
license="GPL-3.0-or-later"
From 5a213820ee9aa85a927d65c800f76cd0e13c6587 Mon Sep 17 00:00:00 2001
From: Leah Neukirchen <leah@vuxu.org>
Date: Sat, 13 Feb 2021 15:25:16 +0100
Subject: [PATCH 4/7] litterbox: rebuild for libtls-3.2.4.
---
srcpkgs/litterbox/template | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/srcpkgs/litterbox/template b/srcpkgs/litterbox/template
index ace7ae0b5df..ac855d9474b 100644
--- a/srcpkgs/litterbox/template
+++ b/srcpkgs/litterbox/template
@@ -1,11 +1,11 @@
# Template file for 'litterbox'
pkgname=litterbox
version=1.7
-revision=1
+revision=2
build_style=gnu-configure
make_build_target="all"
hostmakedepends="pkg-config"
-makedepends="sqlite-devel libressl-devel"
+makedepends="sqlite-devel libtls-devel"
short_desc="IRC logger"
maintainer="Allen Sobot <chilledfrogs@disroot.org>"
license="GPL-3.0-or-later"
From 78bdb12c2040d819216515515679aa30c12082ab Mon Sep 17 00:00:00 2001
From: Leah Neukirchen <leah@vuxu.org>
Date: Sat, 13 Feb 2021 15:25:22 +0100
Subject: [PATCH 5/7] pounce: rebuild for libtls-3.2.4.
---
srcpkgs/pounce/template | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/srcpkgs/pounce/template b/srcpkgs/pounce/template
index 63b55178a17..4e33113d349 100644
--- a/srcpkgs/pounce/template
+++ b/srcpkgs/pounce/template
@@ -1,11 +1,11 @@
# Template file for 'pounce'
pkgname=pounce
version=2.3
-revision=1
+revision=2
build_style=gnu-configure
make_build_target="all"
hostmakedepends="pkg-config"
-makedepends="libressl-devel"
+makedepends="libtls-devel"
short_desc="Multi-client, TLS-only IRC bouncer"
maintainer="Paper <paper@tilde.institute>"
license="GPL-3.0-or-later"
From 4c54402f3d56782b21eacfd84b9b78ae3449e815 Mon Sep 17 00:00:00 2001
From: Leah Neukirchen <leah@vuxu.org>
Date: Sat, 13 Feb 2021 15:25:30 +0100
Subject: [PATCH 6/7] openntpd: rebuild for libtls-3.2.4.
---
srcpkgs/openntpd/template | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/srcpkgs/openntpd/template b/srcpkgs/openntpd/template
index e7b1e2877ac..b7e7db5c41f 100644
--- a/srcpkgs/openntpd/template
+++ b/srcpkgs/openntpd/template
@@ -1,11 +1,11 @@
# Template file for 'openntpd'
pkgname=openntpd
version=6.2p3
-revision=7
+revision=8
build_style=gnu-configure
configure_args="--with-privsep-user=${pkgname} --with-cacert=/etc/ssl/certs.pem"
hostmakedepends="automake libtool"
-makedepends="libressl-devel"
+makedepends="libtls-devel"
depends="ca-certificates"
short_desc="FREE, easy to use implementation of the Network Time Protocol"
maintainer="Orphaned <orphan@voidlinux.org>"
From f20483b6001351648c7fa97902fc63bb192c7c89 Mon Sep 17 00:00:00 2001
From: Leah Neukirchen <leah@vuxu.org>
Date: Sun, 28 Feb 2021 16:10:02 +0100
Subject: [PATCH 7/7] acme-client: remove, unmaintained upstream.
---
srcpkgs/acme-client/INSTALL.msg | 1 -
srcpkgs/acme-client/template | 25 -------------------------
srcpkgs/acme-client/update | 1 -
3 files changed, 27 deletions(-)
delete mode 100644 srcpkgs/acme-client/INSTALL.msg
delete mode 100644 srcpkgs/acme-client/template
delete mode 100644 srcpkgs/acme-client/update
diff --git a/srcpkgs/acme-client/INSTALL.msg b/srcpkgs/acme-client/INSTALL.msg
deleted file mode 100644
index a799d36a283..00000000000
--- a/srcpkgs/acme-client/INSTALL.msg
+++ /dev/null
@@ -1 +0,0 @@
-NOTE: acme-client uses new default directories since version 0.1.12
diff --git a/srcpkgs/acme-client/template b/srcpkgs/acme-client/template
deleted file mode 100644
index d583ddfa476..00000000000
--- a/srcpkgs/acme-client/template
+++ /dev/null
@@ -1,25 +0,0 @@
-# Template file for 'acme-client'
-pkgname=acme-client
-version=0.1.16
-revision=5
-_distver=VERSION_${version//./_}
-wrksrc=acme-client-portable-${_distver}
-build_style=gnu-makefile
-make_install_args="MAN1DIR=/usr/share/man/man1 BINDIR=/usr/bin"
-hostmakedepends="pkg-config"
-makedepends="libbsd-devel libressl-devel"
-short_desc="A secure ACME client"
-maintainer="Toyam Cox <Vaelatern@gmail.com>"
-license="ISC"
-homepage="https://kristaps.bsd.lv/acme-client/"
-distfiles="https://github.com/kristapsdz/acme-client-portable/archive/${_distver}.tar.gz"
-checksum=69d5867ae8b7db49f08a0c536655e41f960bab7c033b234ff0e2a03fab98f667
-
-CFLAGS="-fcommon -DHAVE_CONFIG_H"
-case "$XBPS_TARGET_MACHINE" in
- *-musl) CFLAGS+=" -DMUSL_LIBC" ;;
-esac
-
-post_install() {
- vlicense LICENSE.md
-}
diff --git a/srcpkgs/acme-client/update b/srcpkgs/acme-client/update
deleted file mode 100644
index d56d0ea5fd7..00000000000
--- a/srcpkgs/acme-client/update
+++ /dev/null
@@ -1 +0,0 @@
-pattern='VERSION_\K[\d_]+'
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: Standalone LibreSSL libtls
2021-02-13 14:28 [PR PATCH] Standalone LibreSSL libtls leahneukirchen
` (12 preceding siblings ...)
2021-02-28 15:19 ` leahneukirchen
@ 2021-02-28 15:35 ` leahneukirchen
2021-03-01 8:00 ` mgorny
` (2 subsequent siblings)
16 siblings, 0 replies; 18+ messages in thread
From: leahneukirchen @ 2021-02-28 15:35 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 200 bytes --]
New comment by leahneukirchen on void-packages repository
https://github.com/void-linux/void-packages/pull/28732#issuecomment-787471019
Comment:
This can be rebased after the libressl removal then.
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: Standalone LibreSSL libtls
2021-02-13 14:28 [PR PATCH] Standalone LibreSSL libtls leahneukirchen
` (13 preceding siblings ...)
2021-02-28 15:35 ` leahneukirchen
@ 2021-03-01 8:00 ` mgorny
2021-03-05 11:32 ` Johnnynator
2021-03-05 11:32 ` [PR PATCH] [Closed]: " Johnnynator
16 siblings, 0 replies; 18+ messages in thread
From: mgorny @ 2021-03-01 8:00 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 323 bytes --]
New comment by mgorny on void-packages repository
https://github.com/void-linux/void-packages/pull/28732#issuecomment-787740855
Comment:
Wouldn't it be simple to use https://git.causal.agency/libretls/ ? These are libtls sources modified to build and link against OpenSSL, without the need to redo all the work yourself.
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: Standalone LibreSSL libtls
2021-02-13 14:28 [PR PATCH] Standalone LibreSSL libtls leahneukirchen
` (14 preceding siblings ...)
2021-03-01 8:00 ` mgorny
@ 2021-03-05 11:32 ` Johnnynator
2021-03-05 11:32 ` [PR PATCH] [Closed]: " Johnnynator
16 siblings, 0 replies; 18+ messages in thread
From: Johnnynator @ 2021-03-05 11:32 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 246 bytes --]
New comment by Johnnynator on void-packages repository
https://github.com/void-linux/void-packages/pull/28732#issuecomment-791362392
Comment:
Merged in https://github.com/void-linux/void-packages/commit/5d5c473cd05e0b9fc36fb37ac903d4d7107b1df5
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [PR PATCH] [Closed]: Standalone LibreSSL libtls
2021-02-13 14:28 [PR PATCH] Standalone LibreSSL libtls leahneukirchen
` (15 preceding siblings ...)
2021-03-05 11:32 ` Johnnynator
@ 2021-03-05 11:32 ` Johnnynator
16 siblings, 0 replies; 18+ messages in thread
From: Johnnynator @ 2021-03-05 11:32 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 597 bytes --]
There's a closed pull request on the void-packages repository
Standalone LibreSSL libtls
https://github.com/void-linux/void-packages/pull/28732
Description:
This extracts a package that only builds libtls.
- [ ] acme-client-0.1.16_5
- [x] catgirl-1.5_1
- [x] libressl-netcat-3.1.5_2
- [x] litterbox-1.7_1
- [x] openntpd-6.2p3_7
- [x] pounce-2.2_1
Problem is that acme-clients needs libtls *and* libssl.
asm patches are excluded for now, @q66 needs to state whether he wants to keep updating them, or we drop them.
I didn't do conflicts yet etc, this is more of a PoC right now.
^ permalink raw reply [flat|nested] 18+ messages in thread
end of thread, other threads:[~2021-03-05 11:32 UTC | newest]
Thread overview: 18+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-02-13 14:28 [PR PATCH] Standalone LibreSSL libtls leahneukirchen
2021-02-13 14:30 ` leahneukirchen
2021-02-13 14:41 ` ericonr
2021-02-13 17:28 ` paper42
2021-02-13 17:37 ` Duncaen
2021-02-13 18:40 ` Johnnynator
2021-02-13 21:24 ` fosslinux
2021-02-22 0:13 ` q66
2021-02-27 23:26 ` leahneukirchen
2021-02-28 0:12 ` q66
2021-02-28 15:11 ` [PR PATCH] [Closed]: " leahneukirchen
2021-02-28 15:11 ` [PR PATCH] [Updated] " leahneukirchen
2021-02-28 15:12 ` leahneukirchen
2021-02-28 15:19 ` leahneukirchen
2021-02-28 15:35 ` leahneukirchen
2021-03-01 8:00 ` mgorny
2021-03-05 11:32 ` Johnnynator
2021-03-05 11:32 ` [PR PATCH] [Closed]: " Johnnynator
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).