diff mbox series

[bug#47495] gnu: vsftpd: Use CentOS version and patches.

Message ID 87y2e4hd2z.fsf@nckx
State Accepted
Headers show
Series [bug#47495] gnu: vsftpd: Use CentOS version and patches. | expand

Checks

Context Check Description
cbaines/submitting builds success
cbaines/comparison success View comparision
cbaines/git branch success View Git branch
cbaines/applying patch fail View Laminar job
cbaines/issue success View issue

Commit Message

Tobias Geerinckx-Rice March 30, 2021, 3:32 p.m. UTC 
David,

david larsson writes:
> Hi,
> the attached patch updates vsftpd so it can use tlsv1.2 etc.

Wow.  Thanks!

As indicated on IRC I've made some changes to the patch, mainly to 
avoid hard-coding all patches.  The result is attached.  Let me 
know what you think.

Further random comments below:

>  From: methuselah-0 <david.larsson@selfhosted.xyz>
> Date: Tue, 30 Mar 2021 11:18:09 +0200
> Subject: [PATCH] gnu: vsftpd: Use CentOS version and patches.
>
>      * gnu/packages/ftp.scm (vftpd): Use CentOS version and 
>      patches.
   ^^^^

This is what happens when you copy commit messages from git and 
paste them right back in :-)  In that case, remove the four 
leading spaces.

> +  (let ((version "3.0.3")

I renamed this to UPSTREAM-VERSION, so we can show a more specific 
VERSION field in the Guix UI.  What we offer isn't ‘3.0.3’ any 
more.

> +        (revision "32")

I subjectively added ‘.el8’ here, mainly to factor it out below. 
Neither of us knows what it means, though...

> +           (add-after 'unpack 'patch-installation-directory
> +             (lambda* (#:key outputs #:allow-other-keys)
> +               (substitute* "Makefile"
> +                 (("/usr") (assoc-ref outputs "out")))
> +               #t))

Moved below the redefined 'unpack phase for clarity.

> +           (replace 'unpack
> +             (lambda* (#:key source #:allow-other-keys)
> +                 (let ((version "3.0.3")
> +                       (revision "32")
> +                       (centos-version "8.3.2011"))

OK, so, as mentioned on IRC this can be avoided by quasiquoting 
<arguments> (as it already was, here) and using ,version instead.

Quoting is probably the most confusing-yet-basic concept in 
Scheme.

> +
> +                   (invoke "7z" "e" source (string-append "-o" 
> "./vsftpd-"
> + 
> version "-"
> + 
> revision 
> ".el8.src.cpio"))
> +                   (chdir (string-append "./vsftpd-" version 
> "-"
> +                                         revision 
> ".el8.src.cpio"))
> +                   (invoke "cpio" "-idmv" (string-append 
> "--file=./vsftpd-"
> + 
> version "-"
> + 
> revision 
> ".el8.src.cpio"))
> +                   (invoke "tar" "xvf" (string-append 
> "./vsftpd-" 
> version ".tar.gz"))

This dance had a few steps too many IMO, so I simplified it.  It's 
OK to keep the unpacked steps around during the (short) build 
process; they are tiny by today's standards.

> +                   (let ((patches

I understand the reason for this: the patches need to be applied 
in this order, or patching will appear to succeed but result in 
unbuildable source.  A simple FIND-FILES is right out.

However, since the order is specified in vsftpd.spec, it's safer, 
shorter, and simply more fun to parse it ourselves.

> +                     (chdir (string-append "./vsftpd-" 
> version))
> +                     (invoke "git" "init" ".")
> +                     (invoke "git" "config" "user.email" 
> "you@example.com")
> +                     (invoke "git" "config" "user.name" "Your 
> Name" )
> +                     (invoke "git" "add" ".")
> +                     (invoke "git" "commit" "-m" "first")
> +                     (map (lambda (x) (invoke "git" "am" 
> (string-append 
> "./" x))) patches)
> +                     (map (lambda (x) (invoke "rm" 
> (string-append "./" 
> x))) patches)
> +                     (invoke "rm" "-rf" "./.git")
> +                     (chdir "../")
> +                     (invoke "mv" (string-append "./vsftpd-" 
> version) 
> "../")
> +                     (chdir "../")
> +                     (invoke "rm" "-rf" (string-append 
> "./vsftpd-" 
> version "-"
> +                                                       revision 
> ".el8.src.cpio"))
> +                     (chdir (string-append "./vsftpd-" 
> version)))

You lost me here.  Why all the git?  I removed all mention of git 
from the package, since it didn't seem necessary, but please 
correct me if needful.

> +                   #t)))

Whilst Guix on master still complains about ‘missing’ #Ts, they 
are a moribund relic and I've secretly started forgetting the odd 
#t on master already...

> +      (native-inputs `(("openssl" ,openssl)
> +                       ("linux-pam" ,linux-pam)
> +                       ("p7zip" ,p7zip)
> +                       ("cpio" ,cpio)
> +                       ("git" ,git-minimal)
> +                       ("libcap" ,libcap)))

These are *all* new, correct?  I removed git and added them all to 
the commit message (check it out).

Thanks again for your work!

T G-R

Comments

Tobias Geerinckx-Rice March 30, 2021, 3:34 p.m. UTC | #1 
Tobias Geerinckx-Rice forgot to write:
> I've also added a copyright line for you.

Kind regards,

T G-R
david larsson March 30, 2021, 6:38 p.m. UTC | #2 
On 2021-03-30 17:32, Tobias Geerinckx-Rice wrote:

> As indicated on IRC I've made some changes to the patch, mainly to
> avoid hard-coding all patches.  The result is attached.  Let me know
> what you think.

It looks great! Especially nice to see that you separated the patch and 
unpack phases - it looks much better now.

>> 
>>      * gnu/packages/ftp.scm (vftpd): Use CentOS version and      
>> patches.
>   ^^^^
> 
> This is what happens when you copy commit messages from git and paste
> them right back in :-)  In that case, remove the four leading spaces.

Yep, thats what I did :-) will fix next time!

Reg. why to use the significantly patched CentOS variant (asked in your 
updated patch's comments): the email passwords thing was a mistake to 
mention by me in IRC - that feature was probably already there - 
however, the tlsv1.2 was the main reason for switching to the CentOS 
version - other features added by the whole patch-set I don't know much 
about except from glancing over them and it looks mostly like bug and 
security fixes to me.

> 
>> +  (let ((version "3.0.3")
> 
> I renamed this to UPSTREAM-VERSION, so we can show a more specific
> VERSION field in the Guix UI.  What we offer isn't ‘3.0.3’ any more.

Ok, I think I understand.

>> +        (revision "32")
> 
> I subjectively added ‘.el8’ here, mainly to factor it out below.
> Neither of us knows what it means, though...

That is fine with me.

> 
>> +           (add-after 'unpack 'patch-installation-directory
>> +             (lambda* (#:key outputs #:allow-other-keys)
>> +               (substitute* "Makefile"
>> +                 (("/usr") (assoc-ref outputs "out")))
>> +               #t))
> 
> Moved below the redefined 'unpack phase for clarity.

Great! I had in mind to do the same myself, but didn't due to a 
combination of a lack of Guile/Guix coding skills and time.

>> +           (replace 'unpack
>> +             (lambda* (#:key source #:allow-other-keys)
>> +                 (let ((version "3.0.3")
>> +                       (revision "32")
>> +                       (centos-version "8.3.2011"))
> 
> OK, so, as mentioned on IRC this can be avoided by quasiquoting
> <arguments> (as it already was, here) and using ,version instead.
> 
> Quoting is probably the most confusing-yet-basic concept in Scheme.

Looks good to me! I am actually quite familiar with unquoting, including 
g-exp unquoting things, and I somehow missed that I was in a quasiquote 
context from after "arguments"... I intend to improve!

> 
>> +
>> +                   (invoke "7z" "e" source (string-append "-o" 
>> "./vsftpd-"
>> + version "-"
>> + revision ".el8.src.cpio"))
>> +                   (chdir (string-append "./vsftpd-" version "-"
>> +                                         revision ".el8.src.cpio"))
>> +                   (invoke "cpio" "-idmv" (string-append 
>> "--file=./vsftpd-"
>> + version "-"
>> + revision ".el8.src.cpio"))
>> +                   (invoke "tar" "xvf" (string-append "./vsftpd-" 
>> version ".tar.gz"))
> 
> This dance had a few steps too many IMO, so I simplified it.  It's OK
> to keep the unpacked steps around during the (short) build process;
> they are tiny by today's standards.

Agreed. I was not very happy with this myself. Thanks for fixing!

> 
>> +                   (let ((patches
> 
> I understand the reason for this: the patches need to be applied in
> this order, or patching will appear to succeed but result in
> unbuildable source.  A simple FIND-FILES is right out.
> 
> However, since the order is specified in vsftpd.spec, it's safer,
> shorter, and simply more fun to parse it ourselves.
> 
>> +                     (chdir (string-append "./vsftpd-" version))
>> +                     (invoke "git" "init" ".")
>> +                     (invoke "git" "config" "user.email" 
>> "you@example.com")
>> +                     (invoke "git" "config" "user.name" "Your Name" )
>> +                     (invoke "git" "add" ".")
>> +                     (invoke "git" "commit" "-m" "first")
>> +                     (map (lambda (x) (invoke "git" "am" 
>> (string-append "./" x))) patches)
>> +                     (map (lambda (x) (invoke "rm" (string-append 
>> "./" x))) patches)
>> +                     (invoke "rm" "-rf" "./.git")
>> +                     (chdir "../")
>> +                     (invoke "mv" (string-append "./vsftpd-" version) 
>> "../")
>> +                     (chdir "../")
>> +                     (invoke "rm" "-rf" (string-append "./vsftpd-" 
>> version "-"
>> +                                                       revision 
>> ".el8.src.cpio"))
>> +                     (chdir (string-append "./vsftpd-" version)))
> 
> You lost me here.  Why all the git?  I removed all mention of git from
> the package, since it didn't seem necessary, but please correct me if
> needful.

I am, or was, simply unfamiliar with the simplicity of just using 
"patch". I tried git am which failed and reported errors that was solved 
by the additional git commands. Your replacement is exactly what I need 
to learn more about, and looks great, thanks!

> 
>> +      (native-inputs `(("openssl" ,openssl)
>> +                       ("linux-pam" ,linux-pam)
>> +                       ("p7zip" ,p7zip)
>> +                       ("cpio" ,cpio)
>> +                       ("git" ,git-minimal)
>> +                       ("libcap" ,libcap)))
> 
> These are *all* new, correct?  I removed git and added them all to the
> commit message (check it out).

Yep!

> 
> Thanks again for your work!
> 
> T G-R

Well..., thank you for your work! You made this patch a lot better! :-)

Best regards,
David Larsson
Tobias Geerinckx-Rice March 30, 2021, 7:41 p.m. UTC | #3 
David,

> +      (native-inputs `(("openssl" ,openssl)

Not sure how I missed this -- actually I do, considering the three 
empty champagne bottles now adorning our wall -- but the first 
three should be regular inputs, not native, as they are legitimate 
references of the resulting package ($ guix gc --references).

Native inputs run only during the build.  The distinction matters 
during cross-compilation, when the build-time native-inputs may be 
a different (say, x86_64) architecture from the output package and 
its inputs (both identical: say, aarch64).

> It looks great! Especially nice to see that you separated the 
> patch
> and unpack phases - it looks much better now.

Thank you :-)  Pushed as 634d9845a6b4e362f32ba369ae42851719455ba3.

Kind regards,

T G-R
diff mbox series

Patch

From 43ca5cf141a61120cf9b02d26394109be75e679f Mon Sep 17 00:00:00 2001
From: methuselah-0 <david.larsson@selfhosted.xyz>
Date: Tue, 30 Mar 2021 11:18:09 +0200
Subject: [PATCH] gnu: vsftpd: Use CentOS version and patches.

* gnu/packages/ftp.scm (vftpd)[source]: Use CentOS source RPM.
[arguments]: Adapt the 'unpack phase, and apply CentOS patches in a new
'apply-CentOS-patches phase.
[native-inputs]: Add openssl, linux-pam, libcap, p7zip, and cpio.
---
 gnu/packages/ftp.scm | 116 +++++++++++++++++++++++++++++--------------
 1 file changed, 80 insertions(+), 36 deletions(-)

diff --git a/gnu/packages/ftp.scm b/gnu/packages/ftp.scm
index b178063556..f3d3c68e5e 100644
--- a/gnu/packages/ftp.scm
+++ b/gnu/packages/ftp.scm
@@ -2,8 +2,9 @@ 
 ;;; Copyright © 2014, 2015, 2018 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2015 Andreas Enge <andreas@enge.fr>
 ;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
-;;; Copyright © 2016, 2017, 2018, 2019, 2020 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2016–2021 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2017 Rene Saavedra <rennes@openmailbox.org>
+;;; Copyright © 2021 David Larsson <david.larsson@selfhosted.xyz>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -28,12 +29,14 @@ 
   #:use-module (gnu packages)
   #:use-module (gnu packages autotools)
   #:use-module (gnu packages check)
+  #:use-module (gnu packages cpio)
   #:use-module (gnu packages compression)
   #:use-module (gnu packages freedesktop)
   #:use-module (gnu packages gettext)
   #:use-module (gnu packages glib)
   #:use-module (gnu packages gtk)
   #:use-module (gnu packages libidn)
+  #:use-module (gnu packages linux)
   #:use-module (gnu packages ncurses)
   #:use-module (gnu packages nettle)
   #:use-module (gnu packages pkg-config)
@@ -251,40 +254,81 @@  directory comparison and more.")
     (properties '((upstream-name . "FileZilla")))))
 
 (define-public vsftpd
-  (package
-    (name "vsftpd")
-    (version "3.0.3")
-    (source (origin
-              (method url-fetch)
-              (uri (string-append "https://security.appspot.com/downloads/"
-                                  name "-" version ".tar.gz"))
-              (sha256
-               (base32
-                "1xsyjn68k3fgm2incpb3lz2nikffl9by2safp994i272wvv2nkcx"))))
-    (build-system gnu-build-system)
-    (arguments
-     `(#:make-flags '("LDFLAGS=-lcrypt")
-       #:tests? #f                      ; No tests exist.
-       #:phases
-       (modify-phases %standard-phases
-         (add-after 'unpack 'patch-installation-directory
-           (lambda* (#:key outputs #:allow-other-keys)
-             (substitute* "Makefile"
-               (("/usr") (assoc-ref outputs "out")))
-             #t))
-         (add-before 'install 'mkdir
-           (lambda* (#:key outputs #:allow-other-keys)
-             (let ((out (assoc-ref outputs "out")))
-               (mkdir-p out)
-               (mkdir (string-append out "/sbin"))
-               (mkdir (string-append out "/man"))
-               (mkdir (string-append out "/man/man5"))
-               (mkdir (string-append out "/man/man8"))
-               #t)))
-         (delete 'configure))))
-    (synopsis "vsftpd FTP daemon")
-    (description "@command{vsftpd} is a daemon that listens on a TCP socket
+  ;; Use a significantly patched CentOS variant supporting TLSv1.2, ‘email
+  ;; passwords’, and XXX davidl: anything else?
+  (let ((upstream-version "3.0.3")
+        (centos-version "8.3.2011")
+        (revision "32.el8"))
+    (package
+      (name "vsftpd")
+      (version (string-append upstream-version "." revision))
+      (source
+       (origin
+         (method url-fetch)
+         (uri (string-append
+               "https://vault.centos.org/centos/" centos-version
+               "/AppStream/Source/SPackages/vsftpd-" upstream-version "-"
+               revision ".src.rpm"))
+         (sha256
+          (base32 "1xl0kqcismf82hl99klqbvvpylpyk1yr1qjy5hd8f80cj4lyl0f4"))))
+      (build-system gnu-build-system)
+      (arguments
+       `(#:make-flags '("LDFLAGS=-lcrypt -lssl -pie")
+         #:tests? #f                    ; no tests exist
+         #:phases
+         (modify-phases %standard-phases
+           (replace 'unpack
+             (lambda* (#:key source #:allow-other-keys)
+               (invoke "7z" "e" source "-ocpio")
+               (invoke "cpio" "-idmv"
+                       (string-append "--file=cpio/vsftpd-"
+                                      ,upstream-version "-" ,revision
+                                      ".src.cpio"))
+               (invoke "tar" "xvf"
+                       (string-append "vsftpd-" ,upstream-version ".tar.gz"))
+               (chdir (string-append "vsftpd-" ,upstream-version))))
+           (add-after 'unpack 'apply-CentOS-patches
+             ;; Apply all patches as enumerated in vsftpd.spec, in order:
+             ;; simply using FIND-FILES would silently corrupt the result.
+             (lambda _
+               (call-with-input-file "../vsftpd.spec"
+                 (lambda (port)
+                   (use-modules (ice-9 rdelim))
+                   (let loop ()
+                     (let ((line (read-line port)))
+                       (unless (eof-object? line)
+                         (when (string-prefix? "Patch" line)
+                           (let* ((space (string-rindex line #\space))
+                                  (patch (string-drop line (+ 1 space))))
+                             (invoke "patch" "-Np1"
+                                     "-i" (string-append "../" patch))))
+                         (loop))))))))
+           (add-after 'unpack 'patch-installation-directory
+             (lambda* (#:key outputs #:allow-other-keys)
+               (substitute* "Makefile"
+                 (("/usr") (assoc-ref outputs "out")))
+               #t))
+           (add-before 'install 'mkdir
+             (lambda* (#:key outputs #:allow-other-keys)
+               (let ((out (assoc-ref outputs "out")))
+                 (mkdir-p out)
+                 (mkdir (string-append out "/sbin"))
+                 (mkdir (string-append out "/man"))
+                 (mkdir (string-append out "/man/man5"))
+                 (mkdir (string-append out "/man/man8"))
+                 #t)))
+           (delete 'configure))))
+      (native-inputs
+       `(("openssl" ,openssl)
+         ("linux-pam" ,linux-pam)
+         ("libcap" ,libcap)
+
+         ;; Used to unpack the source RPM.
+         ("p7zip" ,p7zip)
+         ("cpio" ,cpio)))
+      (home-page "https://security.appspot.com/vsftpd.html")
+      (synopsis "Share files securely over FTP or FTPS")
+      (description "@command{vsftpd} is a daemon that listens on a TCP socket
 for clients and gives them access to local files via File Transfer
 Protocol.")
-    (home-page "https://security.appspot.com/vsftpd.html")
-    (license gpl2)))
+      (license gpl2))))
-- 
2.30.1