From patchwork Wed May 17 04:20:56 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Felix Lechner <felix.lechner@lease-up.com>
X-Patchwork-Id: 50073
Return-Path: <guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org>
X-Original-To: patchwork@mira.cbaines.net
Delivered-To: patchwork@mira.cbaines.net
Received: by mira.cbaines.net (Postfix, from userid 113)
	id A979927BBEB; Wed, 17 May 2023 05:22:28 +0100 (BST)
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net
X-Spam-Level: 
X-Spam-Status: No, score=-3.7 required=5.0 tests=BAYES_00,DKIM_INVALID,
	DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,
	URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	by mira.cbaines.net (Postfix) with ESMTPS id 5C57627BBE9
	for <patchwork@mira.cbaines.net>; Wed, 17 May 2023 05:22:28 +0100 (BST)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <guix-patches-bounces@gnu.org>)
	id 1pz8fs-0008GY-Ie; Wed, 17 May 2023 00:22:04 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1pz8fq-0008EI-Cd
 for guix-patches@gnu.org; Wed, 17 May 2023 00:22:02 -0400
Received: from debbugs.gnu.org ([209.51.188.43])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1pz8fq-0006od-3x
 for guix-patches@gnu.org; Wed, 17 May 2023 00:22:02 -0400
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1pz8fq-0004OV-00
 for guix-patches@gnu.org; Wed, 17 May 2023 00:22:02 -0400
X-Loop: help-debbugs@gnu.org
Subject: [bug#63545] [PATCH 2/3] gnu: heimdal: Drop obsolete and insecure user
 tools.
Resent-From: Felix Lechner <felix.lechner@lease-up.com>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Wed, 17 May 2023 04:22:01 +0000
Resent-Message-ID: <handler.63545.B63545.168429727016800@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 63545
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: 63545@debbugs.gnu.org
Cc: Felix Lechner <felix.lechner@lease-up.com>
Received: via spool by 63545-submit@debbugs.gnu.org id=B63545.168429727016800
 (code B ref 63545); Wed, 17 May 2023 04:22:01 +0000
Received: (at 63545) by debbugs.gnu.org; 17 May 2023 04:21:10 +0000
Received: from localhost ([127.0.0.1]:48472 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1pz8f0-0004Mu-2M
 for submit@debbugs.gnu.org; Wed, 17 May 2023 00:21:10 -0400
Received: from sail-ipv4.us-core.com ([208.82.101.137]:33608)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <felix.lechner@us-core.com>) id 1pz8eu-0004MK-LG
 for 63545@debbugs.gnu.org; Wed, 17 May 2023 00:21:05 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; s=2017; bh=Kstn4lm/P+/FX9P
 +Z5b3HDYZKpe65nBlXme/c0dsMiE=;
 h=references:in-reply-to:date:subject:
 cc:to:from; d=lease-up.com; b=OJlTviyfLmFoUbnaNE8I0Nvh3GG2vQkvs6Qe+iym
 9rHtgGX+PZcFSe/mr6Px+QU1myLcTJkENdc+SsD3Ji5VoLgcg7hyYu1XmRPlUg6ugy0br0
 ReFGZM7JwNQceODhTz4gI+d8iCFC8YIYb9fNgxiRPPJwdup6Syhbx05HqzZuM=
Received: by sail-ipv4.us-core.com (OpenSMTPD) with ESMTPSA id f63cf357
 (TLSv1.3:TLS_CHACHA20_POLY1305_SHA256:256:NO);
 Wed, 17 May 2023 04:21:03 +0000 (UTC)
Received: from localhost (localhost [local])
 by localhost (OpenSMTPD) with ESMTPA id d36e6a79;
 Wed, 17 May 2023 04:21:03 +0000 (UTC)
Date: Tue, 16 May 2023 21:20:56 -0700
Message-Id: 
 <08b45237b932692ab246f0a0e36da4fcdb67988b.1684296904.git.felix.lechner@lease-up.com>
X-Mailer: git-send-email 2.40.1
In-Reply-To: <cover.1684296904.git.felix.lechner@lease-up.com>
References: <cover.1684296904.git.felix.lechner@lease-up.com>
MIME-Version: 1.0
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: guix-patches@gnu.org
List-Id: <guix-patches.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guix-patches>
List-Post: <mailto:guix-patches@gnu.org>
List-Help: <mailto:guix-patches-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=subscribe>
Reply-to: Felix Lechner <felix.lechner@lease-up.com>
X-ACL-Warn: ,  Felix Lechner via Guix-patches <guix-patches@gnu.org>
X-Patchwork-Original-From: Felix Lechner via Guix-patches via
 <guix-patches@gnu.org>
From: Felix Lechner <felix.lechner@lease-up.com>
Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org
Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org
X-getmail-retrieved-from-mailbox: Patches

According to messages from the Heimdal maintainers Brian May and Nico
Williams, no one should be using their version of 'su' anymore. It was deleted
from the development branch five years ago [1] and is only being shipped
because the 7.8.0 is based on an older, stable branch.

[1] https://github.com/heimdal/heimdal/commit/8a77f45aff366b1cd8c70c43ce63eb16a0c9839c

Following the directions from the maintainers, this commit drops all
executables built from the ./appl folder via deletion of that SUBDIR from
the top-level Makefile.am.

Unfortunately, the heimdal-discuss mailing list does not appear to have a
public archive. The relevant SMTP Message-Id was:

    <MDAEMON-F202305111940.AA401569md5001000003030@sequoia-grove.ad.secure-endpoints.com>

Since the 7.8.0 tarball shipped with all the files generated by 'autoreconf'
it seemed superior to build from Git instead. For that, please see the
preceeding commit.

* gnu/packages/kerberos.scm (heimdal): Drop obsolete and insecure user tools.
---
 gnu/packages/kerberos.scm | 15 ++++++---------
 1 file changed, 6 insertions(+), 9 deletions(-)

diff --git a/gnu/packages/kerberos.scm b/gnu/packages/kerberos.scm
index af67bff6c9..cc5f3f9ef2 100644
--- a/gnu/packages/kerberos.scm
+++ b/gnu/packages/kerberos.scm
@@ -218,6 +218,12 @@ (define-public heimdal
                                                    "/libexec/heimdal")))
                   #~()))
        #:phases (modify-phases %standard-phases
+                  ;; Skip the appl folder as obsolete per message from Brian May <brian@linuxpenguins.xyz>
+                  ;; <MDAEMON-F202305111940.AA401569md5001000003030@sequoia-grove.ad.secure-endpoints.com>
+                  (add-after 'unpack 'drop-obsolete-executables
+                    (lambda* (#:key inputs #:allow-other-keys)
+                      (substitute* '("Makefile.am")
+                        (("appl") ""))))
                   (add-before 'configure 'pre-configure
                     (lambda* (#:key inputs #:allow-other-keys)
                       (substitute* "configure"
@@ -233,15 +239,6 @@ (define-public heimdal
                         ;; which confuses heimdal.
                         (("ac_cv_prog_COMPILE_ET=\\$\\{with_cross_tools\\}compile_et")
                          "ac_cv_PROG_COMPILE_ET=compile_et"))
-                      (substitute* '("appl/afsutil/pagsh.c" "appl/su/su.c")
-                        (("/bin/sh")
-                         (search-input-file inputs "bin/sh"))
-                        ;; Use the cross-compiled bash instead of the
-                        ;; native bash (XXX shouldn't _PATH_BSHELL point
-                        ;; to a cross-compiled bash?).
-                        (("_PATH_BSHELL")
-                         (string-append
-                          "\"" (search-input-file inputs "bin/sh") "\"")))
                       (substitute* '("tools/Makefile.in")
                         (("/bin/sh") (which "sh")))))
                   (add-before 'check 'pre-check