From: leahneukirchen <leahneukirchen@users.noreply.github.com>
To: ml@inbox.vuxu.org
Subject: [PR PATCH] Standalone LibreSSL libtls
Date: Sat, 13 Feb 2021 15:28:54 +0100 [thread overview]
Message-ID: <gh-mailinglist-notifications-41a7ca26-5023-4802-975b-f1789d68868e-void-packages-28732@inbox.vuxu.org> (raw)
[-- Attachment #1: Type: text/plain, Size: 761 bytes --]
There is a new pull request by leahneukirchen against master on the void-packages repository
https://github.com/leahneukirchen/void-packages libtls
https://github.com/void-linux/void-packages/pull/28732
Standalone LibreSSL libtls
This extracts a package that only builds libtls.
- [ ] acme-client-0.1.16_5
- [x] catgirl-1.5_1
- [x] libressl-netcat-3.1.5_2
- [x] litterbox-1.7_1
- [x] openntpd-6.2p3_7
- [x] pounce-2.2_1
Problem is that acme-clients needs libtls *and* libssl.
asm patches are excluded for now, @q66 needs to state whether he wants to keep updating them, or we drop them.
I didn't do conflicts yet etc, this is more of a PoC right now.
A patch file from https://github.com/void-linux/void-packages/pull/28732.patch is attached
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-libtls-28732.patch --]
[-- Type: text/x-diff, Size: 10270 bytes --]
From 3735f3d457cfa31596b39d8bb77e6a425c564eac Mon Sep 17 00:00:00 2001
From: Leah Neukirchen <leah@vuxu.org>
Date: Sat, 13 Feb 2021 15:24:17 +0100
Subject: [PATCH 1/5] New package: libtls-3.2.4
Move libressl-nc to this package.
---
common/shlibs | 2 +-
srcpkgs/libressl-netcat | 2 +-
srcpkgs/libressl/template | 13 +--
srcpkgs/libtls-devel | 1 +
.../fail-instead-of-trying-fallback.patch | 21 ++++
srcpkgs/libtls/template | 98 +++++++++++++++++++
srcpkgs/libtls/update | 1 +
7 files changed, 124 insertions(+), 14 deletions(-)
create mode 120000 srcpkgs/libtls-devel
create mode 100644 srcpkgs/libtls/patches/fail-instead-of-trying-fallback.patch
create mode 100644 srcpkgs/libtls/template
create mode 100644 srcpkgs/libtls/update
diff --git a/common/shlibs b/common/shlibs
index 70596feb769..72892eb6b64 100644
--- a/common/shlibs
+++ b/common/shlibs
@@ -3505,7 +3505,7 @@ libfmt.so.7 fmt-7.0.3_1
libelementary-calendar.so.0 libio.elementary.calendar-4.2.3_1
libolm.so.3 olm-3.0.0_1
libcrypto.so.46 libcrypto46-3.1.1_1
-libtls.so.20 libtls20-3.1.1_1
+libtls.so.20 libtls-3.2.4_1
libssl.so.48 libssl48-3.1.1_1
libxmlb.so.2 libxmlb-0.2.1_1
libvoikko.so.1 libvoikko-4.2_1
diff --git a/srcpkgs/libressl-netcat b/srcpkgs/libressl-netcat
index cab5b6fcb51..fc098467c59 120000
--- a/srcpkgs/libressl-netcat
+++ b/srcpkgs/libressl-netcat
@@ -1 +1 @@
-libressl
\ No newline at end of file
+libtls
\ No newline at end of file
diff --git a/srcpkgs/libressl/template b/srcpkgs/libressl/template
index c9266796f7d..731168709b8 100644
--- a/srcpkgs/libressl/template
+++ b/srcpkgs/libressl/template
@@ -1,7 +1,7 @@
# Template file for 'libressl'
pkgname=libressl
version=3.1.5
-revision=2
+revision=3
bootstrap=yes
build_style=gnu-configure
configure_args="$(vopt_enable asm)"
@@ -107,14 +107,3 @@ libressl-devel_package() {
vmove usr/share/man/man3
}
}
-
-libressl-netcat_package() {
- short_desc="TCP/IP swiss army knife (LibreSSL variant)"
- alternatives="
- nc:nc:/usr/bin/libressl-nc
- nc:nc.1:/usr/share/man/man1/libressl-nc.1"
- pkg_install() {
- vbin apps/nc/.libs/nc libressl-nc
- vman apps/nc/nc.1 libressl-nc.1
- }
-}
diff --git a/srcpkgs/libtls-devel b/srcpkgs/libtls-devel
new file mode 120000
index 00000000000..fc098467c59
--- /dev/null
+++ b/srcpkgs/libtls-devel
@@ -0,0 +1 @@
+libtls
\ No newline at end of file
diff --git a/srcpkgs/libtls/patches/fail-instead-of-trying-fallback.patch b/srcpkgs/libtls/patches/fail-instead-of-trying-fallback.patch
new file mode 100644
index 00000000000..9df423ed7a2
--- /dev/null
+++ b/srcpkgs/libtls/patches/fail-instead-of-trying-fallback.patch
@@ -0,0 +1,21 @@
+<chris2> so, current flow for getentropy is
+<chris2> 1) use SYS_getrandom if it exists (true on glibc and musl)
+<chris2> 2) use /dev/urandom
+<chris2> 3) use sysctl (glibc only)
+<chris2> 4) use terrible fallback
+<chris2> and with a one-line patch it can instead kill itself after 3
+<chris2> so that should only affect processes running without /dev/urandom on old kernels
+<chris2> probably no harm else
+<xtraeme> +1
+
+--- crypto/compat/getentropy_linux.c.orig
++++ crypto/compat/getentropy_linux.c
+@@ -162,7 +162,7 @@
+ * sysctl ABI, or consider providing a new failsafe API which
+ * works in a chroot or when file descriptors are exhausted.
+ */
+-#undef FAIL_INSTEAD_OF_TRYING_FALLBACK
++#define FAIL_INSTEAD_OF_TRYING_FALLBACK
+ #ifdef FAIL_INSTEAD_OF_TRYING_FALLBACK
+ raise(SIGKILL);
+ #endif
diff --git a/srcpkgs/libtls/template b/srcpkgs/libtls/template
new file mode 100644
index 00000000000..db8d04f9549
--- /dev/null
+++ b/srcpkgs/libtls/template
@@ -0,0 +1,98 @@
+# Template file for 'libtls'
+pkgname=libtls
+version=3.2.4
+revision=1
+wrksrc="libressl-${version}"
+build_style=gnu-configure
+#configure_args="$(vopt_enable asm)"
+short_desc="Version of the TLS/crypto stack forked from OpenSSL"
+maintainer="Leah Neukirchen <leah@vuxu.org>"
+license="OpenSSL, ISC"
+changelog="https://raw.githubusercontent.com/libressl-portable/portable/master/ChangeLog"
+homepage="http://www.libressl.org/"
+distfiles="http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-${version}.tar.gz"
+checksum=ac1dbb9e05a64910856599b1ac61118fdec1b3d0c700e42444d81c0d5f507a5a
+_lssl_asm_ver="1.1.0"
+
+build_options="asm"
+desc_option_asm="Use platform assembly for faster crypto"
+
+if [ "$build_option_asm" ]; then
+ distfiles+=" https://github.com/q66/libressl-portable-asm/archive/v${_lssl_asm_ver}.tar.gz"
+ checksum+=" 7d92bf898c3a526cfdd804ea2e6ba1c89bd5a95589092e3ea585ef7c4818d789"
+fi
+
+# only enable asm for full chroots by default
+# otherwise we'd be introducing an autotools dependency on the host
+if [ "$CHROOT_READY" ]; then
+ build_options_default="asm"
+fi
+
+case "$XBPS_TARGET_MACHINE" in
+ # disable ssp
+ i686-musl) configure_args+=" --disable-hardening";;
+ # on armv5 always disable asm as it's not supported
+ armv5*) configure_args+=" --disable-asm";;
+esac
+
+if [ "$CROSS_BUILD" -o "$build_option_asm" ]; then
+ _regen_build=yes
+fi
+
+if [ -n "$_regen_build" ]; then
+ hostmakedepends=" automake libtool"
+fi
+
+post_extract() {
+ [ -z "$build_option_asm" ] && return 0
+ mv ../libressl-portable-asm-${_lssl_asm_ver} .
+}
+
+pre_configure() {
+ [ -z "$_regen_build" ] && return 0
+ if [ "$build_option_asm" ]; then
+ : # ./libressl-portable-asm-${_lssl_asm_ver}/patch_libressl.sh .
+ fi
+ autoreconf -if
+}
+
+do_install() {
+ make -C tls install DESTDIR="$DESTDIR"
+ make -C apps/nc install DESTDIR="$DESTDIR"
+}
+
+post_install() {
+ # Use CA file from ca-certificates instead.
+ #rm -f ${DESTDIR}/etc/ssl/cert.pem
+ #ln -s certs.pem ${DESTDIR}/etc/ssl/cert.pem
+
+ vlicense COPYING
+ if [ "$build_option_asm" ]; then
+ vlicense libressl-portable-asm-${_lssl_asm_ver}/LICENSE.cryptogams
+ vlicense libressl-portable-asm-${_lssl_asm_ver}/LICENSE.openssl
+ fi
+ #find ${DESTDIR}/usr/share/man/man1 -type f ! -name openssl.1 -delete
+}
+
+libtls-devel_package() {
+ short_desc+=" - development files"
+ depends="libtls-${version}_${revision}"
+ pkg_install() {
+ vinstall include/tls.h 644 usr/include
+ vmove "usr/lib/*.a"
+ vmove "usr/lib/*.so"
+ vinstall libtls.pc 644 usr/lib/pkgconfig
+ for m in man/tls_*; do vman $m; done
+ }
+}
+
+libressl-netcat_package() {
+ short_desc="TCP/IP swiss army knife (LibreSSL variant)"
+ alternatives="
+ nc:nc:/usr/bin/libressl-nc
+ nc:nc.1:/usr/share/man/man1/libressl-nc.1"
+ pkg_install() {
+ vbin apps/nc/.libs/nc libressl-nc
+ vman apps/nc/nc.1 libressl-nc.1
+ }
+}
diff --git a/srcpkgs/libtls/update b/srcpkgs/libtls/update
new file mode 100644
index 00000000000..a5d5038a832
--- /dev/null
+++ b/srcpkgs/libtls/update
@@ -0,0 +1 @@
+ignore="*.0 *.1"
From 8700df2e7705f051809c1de7beebacfda6463d33 Mon Sep 17 00:00:00 2001
From: Leah Neukirchen <leah@vuxu.org>
Date: Sat, 13 Feb 2021 15:25:13 +0100
Subject: [PATCH 2/5] catgirl: rebuild for libtls-3.2.4.
---
srcpkgs/catgirl/template | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/srcpkgs/catgirl/template b/srcpkgs/catgirl/template
index 24967a8c1f0..a338e53b1e4 100644
--- a/srcpkgs/catgirl/template
+++ b/srcpkgs/catgirl/template
@@ -1,11 +1,11 @@
# Template file for 'catgirl'
pkgname=catgirl
version=1.5
-revision=1
+revision=2
build_style=gnu-configure
make_build_target="all"
hostmakedepends="pkg-config"
-makedepends="libressl-devel ncurses-devel"
+makedepends="libtls-devel ncurses-devel"
short_desc="TLS-only terminal IRC client"
maintainer="Paper <paper@tilde.institute>"
license="GPL-3.0-or-later"
From d2b1ba6a9244c44a06b890f5667dc3a632cedb24 Mon Sep 17 00:00:00 2001
From: Leah Neukirchen <leah@vuxu.org>
Date: Sat, 13 Feb 2021 15:25:16 +0100
Subject: [PATCH 3/5] litterbox: rebuild for libtls-3.2.4.
---
srcpkgs/litterbox/template | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/srcpkgs/litterbox/template b/srcpkgs/litterbox/template
index ace7ae0b5df..ac855d9474b 100644
--- a/srcpkgs/litterbox/template
+++ b/srcpkgs/litterbox/template
@@ -1,11 +1,11 @@
# Template file for 'litterbox'
pkgname=litterbox
version=1.7
-revision=1
+revision=2
build_style=gnu-configure
make_build_target="all"
hostmakedepends="pkg-config"
-makedepends="sqlite-devel libressl-devel"
+makedepends="sqlite-devel libtls-devel"
short_desc="IRC logger"
maintainer="Allen Sobot <chilledfrogs@disroot.org>"
license="GPL-3.0-or-later"
From 4cfbcd1bb9d61c2682de4317838c36bd16a5ea55 Mon Sep 17 00:00:00 2001
From: Leah Neukirchen <leah@vuxu.org>
Date: Sat, 13 Feb 2021 15:25:22 +0100
Subject: [PATCH 4/5] pounce: rebuild for libtls-3.2.4.
---
srcpkgs/pounce/template | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/srcpkgs/pounce/template b/srcpkgs/pounce/template
index 57959706a54..62a4c618cac 100644
--- a/srcpkgs/pounce/template
+++ b/srcpkgs/pounce/template
@@ -1,11 +1,11 @@
# Template file for 'pounce'
pkgname=pounce
version=2.2
-revision=1
+revision=2
build_style=gnu-configure
make_build_target="all"
hostmakedepends="pkg-config"
-makedepends="libressl-devel"
+makedepends="libtls-devel"
short_desc="Multi-client, TLS-only IRC bouncer"
maintainer="Paper <paper@tilde.institute>"
license="GPL-3.0-or-later"
From af06f689ccdebe5b39de6f5402ef8255c6574387 Mon Sep 17 00:00:00 2001
From: Leah Neukirchen <leah@vuxu.org>
Date: Sat, 13 Feb 2021 15:25:30 +0100
Subject: [PATCH 5/5] openntpd: rebuild for libtls-3.2.4.
---
srcpkgs/openntpd/template | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/srcpkgs/openntpd/template b/srcpkgs/openntpd/template
index e7b1e2877ac..b7e7db5c41f 100644
--- a/srcpkgs/openntpd/template
+++ b/srcpkgs/openntpd/template
@@ -1,11 +1,11 @@
# Template file for 'openntpd'
pkgname=openntpd
version=6.2p3
-revision=7
+revision=8
build_style=gnu-configure
configure_args="--with-privsep-user=${pkgname} --with-cacert=/etc/ssl/certs.pem"
hostmakedepends="automake libtool"
-makedepends="libressl-devel"
+makedepends="libtls-devel"
depends="ca-certificates"
short_desc="FREE, easy to use implementation of the Network Time Protocol"
maintainer="Orphaned <orphan@voidlinux.org>"
next reply other threads:[~2021-02-13 14:28 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-02-13 14:28 leahneukirchen [this message]
2021-02-13 14:30 ` leahneukirchen
2021-02-13 14:41 ` ericonr
2021-02-13 17:28 ` paper42
2021-02-13 17:37 ` Duncaen
2021-02-13 18:40 ` Johnnynator
2021-02-13 21:24 ` fosslinux
2021-02-22 0:13 ` q66
2021-02-27 23:26 ` leahneukirchen
2021-02-28 0:12 ` q66
2021-02-28 15:11 ` [PR PATCH] [Closed]: " leahneukirchen
2021-02-28 15:11 ` [PR PATCH] [Updated] " leahneukirchen
2021-02-28 15:12 ` leahneukirchen
2021-02-28 15:19 ` leahneukirchen
2021-02-28 15:35 ` leahneukirchen
2021-03-01 8:00 ` mgorny
2021-03-05 11:32 ` Johnnynator
2021-03-05 11:32 ` [PR PATCH] [Closed]: " Johnnynator
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=gh-mailinglist-notifications-41a7ca26-5023-4802-975b-f1789d68868e-void-packages-28732@inbox.vuxu.org \
--to=leahneukirchen@users.noreply.github.com \
--cc=ml@inbox.vuxu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).