Message ID | 87y2e4hd2z.fsf@nckx |
---|---|
State | Accepted |
Headers | show |
Series | [bug#47495] gnu: vsftpd: Use CentOS version and patches. | expand |
Context | Check | Description |
---|---|---|
cbaines/submitting builds | success | |
cbaines/comparison | success | View comparision |
cbaines/git branch | success | View Git branch |
cbaines/applying patch | fail | View Laminar job |
cbaines/issue | success | View issue |
Tobias Geerinckx-Rice forgot to write:
> I've also added a copyright line for you.
Kind regards,
T G-R
On 2021-03-30 17:32, Tobias Geerinckx-Rice wrote: > As indicated on IRC I've made some changes to the patch, mainly to > avoid hard-coding all patches. The result is attached. Let me know > what you think. It looks great! Especially nice to see that you separated the patch and unpack phases - it looks much better now. >> >> * gnu/packages/ftp.scm (vftpd): Use CentOS version and >> patches. > ^^^^ > > This is what happens when you copy commit messages from git and paste > them right back in :-) In that case, remove the four leading spaces. Yep, thats what I did :-) will fix next time! Reg. why to use the significantly patched CentOS variant (asked in your updated patch's comments): the email passwords thing was a mistake to mention by me in IRC - that feature was probably already there - however, the tlsv1.2 was the main reason for switching to the CentOS version - other features added by the whole patch-set I don't know much about except from glancing over them and it looks mostly like bug and security fixes to me. > >> + (let ((version "3.0.3") > > I renamed this to UPSTREAM-VERSION, so we can show a more specific > VERSION field in the Guix UI. What we offer isn't ‘3.0.3’ any more. Ok, I think I understand. >> + (revision "32") > > I subjectively added ‘.el8’ here, mainly to factor it out below. > Neither of us knows what it means, though... That is fine with me. > >> + (add-after 'unpack 'patch-installation-directory >> + (lambda* (#:key outputs #:allow-other-keys) >> + (substitute* "Makefile" >> + (("/usr") (assoc-ref outputs "out"))) >> + #t)) > > Moved below the redefined 'unpack phase for clarity. Great! I had in mind to do the same myself, but didn't due to a combination of a lack of Guile/Guix coding skills and time. >> + (replace 'unpack >> + (lambda* (#:key source #:allow-other-keys) >> + (let ((version "3.0.3") >> + (revision "32") >> + (centos-version "8.3.2011")) > > OK, so, as mentioned on IRC this can be avoided by quasiquoting > <arguments> (as it already was, here) and using ,version instead. > > Quoting is probably the most confusing-yet-basic concept in Scheme. Looks good to me! I am actually quite familiar with unquoting, including g-exp unquoting things, and I somehow missed that I was in a quasiquote context from after "arguments"... I intend to improve! > >> + >> + (invoke "7z" "e" source (string-append "-o" >> "./vsftpd-" >> + version "-" >> + revision ".el8.src.cpio")) >> + (chdir (string-append "./vsftpd-" version "-" >> + revision ".el8.src.cpio")) >> + (invoke "cpio" "-idmv" (string-append >> "--file=./vsftpd-" >> + version "-" >> + revision ".el8.src.cpio")) >> + (invoke "tar" "xvf" (string-append "./vsftpd-" >> version ".tar.gz")) > > This dance had a few steps too many IMO, so I simplified it. It's OK > to keep the unpacked steps around during the (short) build process; > they are tiny by today's standards. Agreed. I was not very happy with this myself. Thanks for fixing! > >> + (let ((patches > > I understand the reason for this: the patches need to be applied in > this order, or patching will appear to succeed but result in > unbuildable source. A simple FIND-FILES is right out. > > However, since the order is specified in vsftpd.spec, it's safer, > shorter, and simply more fun to parse it ourselves. > >> + (chdir (string-append "./vsftpd-" version)) >> + (invoke "git" "init" ".") >> + (invoke "git" "config" "user.email" >> "you@example.com") >> + (invoke "git" "config" "user.name" "Your Name" ) >> + (invoke "git" "add" ".") >> + (invoke "git" "commit" "-m" "first") >> + (map (lambda (x) (invoke "git" "am" >> (string-append "./" x))) patches) >> + (map (lambda (x) (invoke "rm" (string-append >> "./" x))) patches) >> + (invoke "rm" "-rf" "./.git") >> + (chdir "../") >> + (invoke "mv" (string-append "./vsftpd-" version) >> "../") >> + (chdir "../") >> + (invoke "rm" "-rf" (string-append "./vsftpd-" >> version "-" >> + revision >> ".el8.src.cpio")) >> + (chdir (string-append "./vsftpd-" version))) > > You lost me here. Why all the git? I removed all mention of git from > the package, since it didn't seem necessary, but please correct me if > needful. I am, or was, simply unfamiliar with the simplicity of just using "patch". I tried git am which failed and reported errors that was solved by the additional git commands. Your replacement is exactly what I need to learn more about, and looks great, thanks! > >> + (native-inputs `(("openssl" ,openssl) >> + ("linux-pam" ,linux-pam) >> + ("p7zip" ,p7zip) >> + ("cpio" ,cpio) >> + ("git" ,git-minimal) >> + ("libcap" ,libcap))) > > These are *all* new, correct? I removed git and added them all to the > commit message (check it out). Yep! > > Thanks again for your work! > > T G-R Well..., thank you for your work! You made this patch a lot better! :-) Best regards, David Larsson
David, > + (native-inputs `(("openssl" ,openssl) Not sure how I missed this -- actually I do, considering the three empty champagne bottles now adorning our wall -- but the first three should be regular inputs, not native, as they are legitimate references of the resulting package ($ guix gc --references). Native inputs run only during the build. The distinction matters during cross-compilation, when the build-time native-inputs may be a different (say, x86_64) architecture from the output package and its inputs (both identical: say, aarch64). > It looks great! Especially nice to see that you separated the > patch > and unpack phases - it looks much better now. Thank you :-) Pushed as 634d9845a6b4e362f32ba369ae42851719455ba3. Kind regards, T G-R
From 43ca5cf141a61120cf9b02d26394109be75e679f Mon Sep 17 00:00:00 2001 From: methuselah-0 <david.larsson@selfhosted.xyz> Date: Tue, 30 Mar 2021 11:18:09 +0200 Subject: [PATCH] gnu: vsftpd: Use CentOS version and patches. * gnu/packages/ftp.scm (vftpd)[source]: Use CentOS source RPM. [arguments]: Adapt the 'unpack phase, and apply CentOS patches in a new 'apply-CentOS-patches phase. [native-inputs]: Add openssl, linux-pam, libcap, p7zip, and cpio. --- gnu/packages/ftp.scm | 116 +++++++++++++++++++++++++++++-------------- 1 file changed, 80 insertions(+), 36 deletions(-) diff --git a/gnu/packages/ftp.scm b/gnu/packages/ftp.scm index b178063556..f3d3c68e5e 100644 --- a/gnu/packages/ftp.scm +++ b/gnu/packages/ftp.scm @@ -2,8 +2,9 @@ ;;; Copyright © 2014, 2015, 2018 Ludovic Courtès <ludo@gnu.org> ;;; Copyright © 2015 Andreas Enge <andreas@enge.fr> ;;; Copyright © 2015 Mark H Weaver <mhw@netris.org> -;;; Copyright © 2016, 2017, 2018, 2019, 2020 Tobias Geerinckx-Rice <me@tobias.gr> +;;; Copyright © 2016–2021 Tobias Geerinckx-Rice <me@tobias.gr> ;;; Copyright © 2017 Rene Saavedra <rennes@openmailbox.org> +;;; Copyright © 2021 David Larsson <david.larsson@selfhosted.xyz> ;;; ;;; This file is part of GNU Guix. ;;; @@ -28,12 +29,14 @@ #:use-module (gnu packages) #:use-module (gnu packages autotools) #:use-module (gnu packages check) + #:use-module (gnu packages cpio) #:use-module (gnu packages compression) #:use-module (gnu packages freedesktop) #:use-module (gnu packages gettext) #:use-module (gnu packages glib) #:use-module (gnu packages gtk) #:use-module (gnu packages libidn) + #:use-module (gnu packages linux) #:use-module (gnu packages ncurses) #:use-module (gnu packages nettle) #:use-module (gnu packages pkg-config) @@ -251,40 +254,81 @@ directory comparison and more.") (properties '((upstream-name . "FileZilla"))))) (define-public vsftpd - (package - (name "vsftpd") - (version "3.0.3") - (source (origin - (method url-fetch) - (uri (string-append "https://security.appspot.com/downloads/" - name "-" version ".tar.gz")) - (sha256 - (base32 - "1xsyjn68k3fgm2incpb3lz2nikffl9by2safp994i272wvv2nkcx")))) - (build-system gnu-build-system) - (arguments - `(#:make-flags '("LDFLAGS=-lcrypt") - #:tests? #f ; No tests exist. - #:phases - (modify-phases %standard-phases - (add-after 'unpack 'patch-installation-directory - (lambda* (#:key outputs #:allow-other-keys) - (substitute* "Makefile" - (("/usr") (assoc-ref outputs "out"))) - #t)) - (add-before 'install 'mkdir - (lambda* (#:key outputs #:allow-other-keys) - (let ((out (assoc-ref outputs "out"))) - (mkdir-p out) - (mkdir (string-append out "/sbin")) - (mkdir (string-append out "/man")) - (mkdir (string-append out "/man/man5")) - (mkdir (string-append out "/man/man8")) - #t))) - (delete 'configure)))) - (synopsis "vsftpd FTP daemon") - (description "@command{vsftpd} is a daemon that listens on a TCP socket + ;; Use a significantly patched CentOS variant supporting TLSv1.2, ‘email + ;; passwords’, and XXX davidl: anything else? + (let ((upstream-version "3.0.3") + (centos-version "8.3.2011") + (revision "32.el8")) + (package + (name "vsftpd") + (version (string-append upstream-version "." revision)) + (source + (origin + (method url-fetch) + (uri (string-append + "https://vault.centos.org/centos/" centos-version + "/AppStream/Source/SPackages/vsftpd-" upstream-version "-" + revision ".src.rpm")) + (sha256 + (base32 "1xl0kqcismf82hl99klqbvvpylpyk1yr1qjy5hd8f80cj4lyl0f4")))) + (build-system gnu-build-system) + (arguments + `(#:make-flags '("LDFLAGS=-lcrypt -lssl -pie") + #:tests? #f ; no tests exist + #:phases + (modify-phases %standard-phases + (replace 'unpack + (lambda* (#:key source #:allow-other-keys) + (invoke "7z" "e" source "-ocpio") + (invoke "cpio" "-idmv" + (string-append "--file=cpio/vsftpd-" + ,upstream-version "-" ,revision + ".src.cpio")) + (invoke "tar" "xvf" + (string-append "vsftpd-" ,upstream-version ".tar.gz")) + (chdir (string-append "vsftpd-" ,upstream-version)))) + (add-after 'unpack 'apply-CentOS-patches + ;; Apply all patches as enumerated in vsftpd.spec, in order: + ;; simply using FIND-FILES would silently corrupt the result. + (lambda _ + (call-with-input-file "../vsftpd.spec" + (lambda (port) + (use-modules (ice-9 rdelim)) + (let loop () + (let ((line (read-line port))) + (unless (eof-object? line) + (when (string-prefix? "Patch" line) + (let* ((space (string-rindex line #\space)) + (patch (string-drop line (+ 1 space)))) + (invoke "patch" "-Np1" + "-i" (string-append "../" patch)))) + (loop)))))))) + (add-after 'unpack 'patch-installation-directory + (lambda* (#:key outputs #:allow-other-keys) + (substitute* "Makefile" + (("/usr") (assoc-ref outputs "out"))) + #t)) + (add-before 'install 'mkdir + (lambda* (#:key outputs #:allow-other-keys) + (let ((out (assoc-ref outputs "out"))) + (mkdir-p out) + (mkdir (string-append out "/sbin")) + (mkdir (string-append out "/man")) + (mkdir (string-append out "/man/man5")) + (mkdir (string-append out "/man/man8")) + #t))) + (delete 'configure)))) + (native-inputs + `(("openssl" ,openssl) + ("linux-pam" ,linux-pam) + ("libcap" ,libcap) + + ;; Used to unpack the source RPM. + ("p7zip" ,p7zip) + ("cpio" ,cpio))) + (home-page "https://security.appspot.com/vsftpd.html") + (synopsis "Share files securely over FTP or FTPS") + (description "@command{vsftpd} is a daemon that listens on a TCP socket for clients and gives them access to local files via File Transfer Protocol.") - (home-page "https://security.appspot.com/vsftpd.html") - (license gpl2))) + (license gpl2)))) -- 2.30.1