[bug#33701,staging,00/23] Glib/GTK+ updates

Message ID	87k1kfssm6.fsf@fastmail.com
State	Accepted
Headers	show Return-Path: <guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org> Subject: [bug#33701] [PATCH staging 00/23] Glib/GTK+ updates Resent-From: Marius Bakke <mbakke@fastmail.com> Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org> Resent-CC: guix-patches@gnu.org Resent-Date: Tue, 11 Dec 2018 20:43:01 +0000 Resent-Message-ID: <handler.33701.B33701.154456094529658@debbugs.gnu.org> Resent-Sender: help-debbugs@gnu.org To: 33701@debbugs.gnu.org From: Marius Bakke <mbakke@fastmail.com> In-Reply-To: <20181211011205.15542-1-mbakke@fastmail.com> References: <20181211011205.15542-1-mbakke@fastmail.com> User-Agent: Notmuch/0.28 (https://notmuchmail.org) Emacs/26.1 (x86_64-pc-linux-gnu) Date: Tue, 11 Dec 2018 21:42:09 +0100 Message-ID: <87k1kfssm6.fsf@fastmail.com> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="==-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" Precedence: list Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: "Guix-patches" <guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org> X-getmail-retrieved-from-mailbox: Patches

Message ID

87k1kfssm6.fsf@fastmail.com

State

Accepted

Headers

Subject: [bug#33701] [PATCH staging 00/23] Glib/GTK+ updates
Resent-From: Marius Bakke <mbakke@fastmail.com>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Tue, 11 Dec 2018 20:43:01 +0000
Resent-Message-ID: <handler.33701.B33701.154456094529658@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
To: 33701@debbugs.gnu.org
From: Marius Bakke <mbakke@fastmail.com>
In-Reply-To: <20181211011205.15542-1-mbakke@fastmail.com>
References: <20181211011205.15542-1-mbakke@fastmail.com>
User-Agent: Notmuch/0.28 (https://notmuchmail.org) Emacs/26.1
	(x86_64-pc-linux-gnu)
Date: Tue, 11 Dec 2018 21:42:09 +0100
Message-ID: <87k1kfssm6.fsf@fastmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="==-=-=";
	micalg=pgp-sha512; protocol="application/pgp-signature"
Precedence: list
Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org
Sender: "Guix-patches"
	<guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org>

Commit Message

Marius Bakke Dec. 11, 2018, 8:42 p.m. UTC

Marius Bakke <mbakke@fastmail.com> writes:

> This late series adds around 1000 rebuilds to the current staging
> branch.  They also bring many of the GNOME family libraries to the
> latest upstream versions.
>
> The good:
> * Latest Ghostscript, Poppler, Harfbuzz, GnuTLS, and other
>   security-critical libraries.  Some of these have changed
>   build systems, or ABIs, so future patching is easier.
> * Most/all regressions are already fixed.

Whoops, I spoke too soon: I upgraded glib-networking from 2.58 to 2.59
in the last minute (to fix a test failure), but the change broke libsoup
and possibly more.

In v2 of this series, two patches have diverged.  Libsoup was adjusted
to cope with the new "certtool" API from GnuTLS 3.6:
...while Glib-Networking was downgraded to 2.58, and removes related
code at the same time:
The reason for removing SSL_CERT_FILE completely instead of adjusting
the patch is that Glib-Networking no longer does any certificate
handling by itself, instead everything is handed over to GnuTLS.  Thus
supporting such a patch is difficult, and it does not seem to be needed
anymore in practice.

From ade89abc16f2247e6d5db633f001ff853fa989ba Mon Sep 17 00:00:00 2001
From: Marius Bakke <mbakke@fastmail.com>
Date: Mon, 10 Dec 2018 07:39:52 +0100
Subject: [PATCH staging 23/23] gnu: glib-networking: Update to 2.58.0.

* gnu/packages/gnome.scm (glib-networking): Update to 2.58.0.
[build-system]: Change to MESON-BUILD-SYSTEM.
[arguments]: Explicitly disable libproxy; add phase to appease tests.
(libgdata, libsoup)[arguments]: Remove phase that sets SSL_CERT_FILE.
* gnu/packages/spice.scm (spice)[arguments]: Likewise.
* gnu/packages/web.scm (uhttpmock)[arguments]: Likewise.
---
 gnu/local.mk                                  |  1 -
 gnu/packages/gnome.scm                        | 43 +++++--------------
 .../glib-networking-ssl-cert-file.patch       | 29 -------------
 gnu/packages/spice.scm                        |  6 +--
 gnu/packages/web.scm                          |  9 ----
 5 files changed, 12 insertions(+), 76 deletions(-)
 delete mode 100644 gnu/packages/patches/glib-networking-ssl-cert-file.patch

diff --git a/gnu/local.mk b/gnu/local.mk
index 3f2ca7a845..03627b98c1 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -741,7 +741,6 @@  dist_patch_DATA =						\
   %D%/packages/patches/ghostscript-no-header-uuid.patch		\
   %D%/packages/patches/ghostscript-no-header-creationdate.patch \
   %D%/packages/patches/giflib-make-reallocarray-private.patch	\
-  %D%/packages/patches/glib-networking-ssl-cert-file.patch	\
   %D%/packages/patches/glib-tests-timer.patch			\
   %D%/packages/patches/glibc-CVE-2015-5180.patch		\
   %D%/packages/patches/glibc-CVE-2015-7547.patch		\
diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm
index cea9445191..95bfcaf564 100644
--- a/gnu/packages/gnome.scm
+++ b/gnu/packages/gnome.scm
@@ -360,12 +360,6 @@  formats like PNG, SVG, PDF and EPS.")
     (arguments
      '(#:phases
        (modify-phases %standard-phases
-         (add-before 'check 'use-empty-ssl-cert-file
-           (lambda _
-             ;; The ca-certificates.crt is not available in the build
-             ;; environment.
-             (setenv "SSL_CERT_FILE" "/dev/null")
-             #t))
          (add-before 'check 'disable-failing-tests
            (lambda _
              ;; The PicasaWeb API tests fail with gnome-online-accounts@3.24.2.
@@ -2396,7 +2390,7 @@  library.")
 (define-public glib-networking
   (package
     (name "glib-networking")
-    (version "2.54.1")
+    (version "2.58.0")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/glib-networking/"
@@ -2404,29 +2398,17 @@  library.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "0bq16m9nh3gcz9x2fvygr0iwxd2pxcbrm3lj3kihsnh1afv8g9za"))
-              (patches
-               (search-patches "glib-networking-ssl-cert-file.patch"))))
-    (build-system gnu-build-system)
+                "0s006gs9nsq6mg31spqha1jffzmp6qjh10y27h0fxf1iw1ah5ymx"))))
+    (build-system meson-build-system)
     (arguments
-     `(#:configure-flags
-       '("--with-ca-certificates=/etc/ssl/certs/ca-certificates.crt")
-       #:phases
-       (modify-phases %standard-phases
-         (add-before 'configure 'patch-giomoduledir
-           ;; Install GIO modules into $out/lib/gio/modules.
-           (lambda _
-             (substitute* "configure"
-               (("GIO_MODULE_DIR=.*")
-                (string-append "GIO_MODULE_DIR=" %output
-                               "/lib/gio/modules\n")))
-             #t))
-         (add-before 'check 'use-empty-ssl-cert-file
-           (lambda _
-             ;; The ca-certificates.crt is not available in the build
-             ;; environment.
-             (setenv "SSL_CERT_FILE" "/dev/null")
-             #t)))))
+     `(#:configure-flags '("-Dlibproxy_support=false")
+       #:phases (modify-phases %standard-phases
+                  (add-before 'check 'disable-TLSv1.3
+                    (lambda _
+                      ;; XXX: One test fails when TLS 1.3 is enabled, fixed in 2.60.0:
+                      ;; <https://gitlab.com/gnutls/gnutls/issues/615>.
+                      (setenv "G_TLS_GNUTLS_PRIORITY" "NORMAL:-VERS-TLS1.3")
+                      #t)))))
     (native-inputs
      `(("pkg-config" ,pkg-config)
        ("intltool" ,intltool)))
@@ -2516,9 +2498,6 @@  libxml to ease remote use of the RESTful API.")
              ;; The 'check-local' target runs 'env LANG=C sort -u',
              ;; unset 'LC_ALL' to make 'LANG' working.
              (unsetenv "LC_ALL")
-             ;; The ca-certificates.crt is not available in the build
-             ;; environment.
-             (setenv "SSL_CERT_FILE" "/dev/null")
              ;; HTTPD in Guix uses mod_event and does not build prefork.
              (substitute* "tests/httpd.conf"
                (("^LoadModule mpm_prefork_module.*$") "\n"))
diff --git a/gnu/packages/patches/glib-networking-ssl-cert-file.patch b/gnu/packages/patches/glib-networking-ssl-cert-file.patch
deleted file mode 100644
index 32bdd0790f..0000000000
--- a/gnu/packages/patches/glib-networking-ssl-cert-file.patch
+++ /dev/null
@@ -1,29 +0,0 @@ 
-From b010e41346d418220582c20ab8d7f3971e4fb78a Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?=E5=AE=8B=E6=96=87=E6=AD=A6?= <iyzsong@gmail.com>
-Date: Fri, 14 Aug 2015 17:28:36 +0800
-Subject: [PATCH] gnutls: Allow overriding the anchor file location by
- 'SSL_CERT_FILE'
-
----
- tls/gnutls/gtlsbackend-gnutls.c | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/tls/gnutls/gtlsbackend-gnutls.c b/tls/gnutls/gtlsbackend-gnutls.c
-index 55ec1a5..217d3c8 100644
---- a/tls/gnutls/gtlsbackend-gnutls.c
-+++ b/tls/gnutls/gtlsbackend-gnutls.c
-@@ -101,8 +101,10 @@ g_tls_backend_gnutls_real_create_database (GTlsBackendGnutls  *self,
-                                            GError            **error)
- {
-   const gchar *anchor_file = NULL;
-+  anchor_file = g_getenv ("SSL_CERT_FILE");
- #ifdef GTLS_SYSTEM_CA_FILE
--  anchor_file = GTLS_SYSTEM_CA_FILE;
-+  if (!anchor_file)
-+    anchor_file = GTLS_SYSTEM_CA_FILE;
- #endif
-   return g_tls_file_database_new (anchor_file, error);
- }
--- 
-2.4.3
-
diff --git a/gnu/packages/spice.scm b/gnu/packages/spice.scm
index 94e6aa8438..8ab5a335c8 100644
--- a/gnu/packages/spice.scm
+++ b/gnu/packages/spice.scm
@@ -213,11 +213,7 @@  which allows users to view a desktop computing environment.")
           "--enable-automated-tests")
 
         ;; Several tests appear to be opening the same sockets concurrently.
-        #:parallel-tests? #f
-
-        #:phases (modify-phases %standard-phases
-                   (add-before 'check 'use-empty-ssl-cert-file
-                     (lambda _ (setenv "SSL_CERT_FILE" "/dev/null") #t)))))
+        #:parallel-tests? #f))
     (synopsis "Server implementation of the SPICE protocol")
     (description "SPICE is a remote display system built for virtual
 environments which allows you to view a computing 'desktop' environment
diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm
index f8315d4379..8dc6927897 100644
--- a/gnu/packages/web.scm
+++ b/gnu/packages/web.scm
@@ -4241,15 +4241,6 @@  you'd expect.")
         (base32
          "163py4klka423x7li2b685gmg3a6hjf074mlff2ajhmi3l0lm8x6"))))
     (build-system glib-or-gtk-build-system)
-    (arguments
-     `(#:phases
-       (modify-phases %standard-phases
-         (add-before 'check 'use-empty-ssl-cert-file
-           (lambda _
-             ;; Search for ca-certificates.crt files
-             ;; during the check phase.
-             (setenv "SSL_CERT_FILE" "/dev/null")
-             #t)))))
     (native-inputs
      `(("gobject-introspection" ,gobject-introspection)
        ;; For check phase.
-- 
2.20.0