diff mbox series

[bug#49706] gnu: gmnisrv: Update to commit 32854b7.

Message ID b7ff0902726773b928ffd829516899381837036f.1627027093.git.iskarian@mgsn.dev
State Accepted
Headers show
Series [bug#49706] gnu: gmnisrv: Update to commit 32854b7. | expand

Checks

Context Check Description
cbaines/applying patch fail View Laminar job
cbaines/issue success View issue

Commit Message

Sarah Morgensen July 23, 2021, 8:08 a.m. UTC 
Update to latest commit. Gmnisrv uses v3 X509 certificates now, and so
"requires fresh certificates, which could break clients with strict
trust-on-first-use policies."

gnu/packages/web.scm (gmnisrv): Update to commit 32854b7.
---
Hello Guix,

There is one possibly breaking change in this update:

>    Use v3 X509 certificate
>
>    This fixes an issue where rustls failed to validate the X509v1 certificate.
>
>    Tested with Amfora, av-98, and titan (https://github.com/mkeeter/titan)
>
>    This requires fresh certificates, which could break clients with strict
>    trust-on-first-use policies; unfortunately, it doesn't appear to be possible
>    to migrate v1 certificates to v3.

Also, I'm not sure if this is the correct style for updating unversioned
software, so if I missed something, please let me know!

--
Sarah

 gnu/packages/web.scm | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)


base-commit: 89ea0918a4a6cc9c250b85c0b713e471b7769c48
prerequisite-patch-id: 2d6692cc3cf8a733e69e6ff6b02863a160b03011

Comments

Xinglu Chen July 24, 2021, 1:29 p.m. UTC | #1 
On Fri, Jul 23 2021, Sarah Morgensen wrote:

> Update to latest commit. Gmnisrv uses v3 X509 certificates now, and so
> "requires fresh certificates, which could break clients with strict
> trust-on-first-use policies."
>
> gnu/packages/web.scm (gmnisrv): Update to commit 32854b7.
> ---
> Hello Guix,
>
> There is one possibly breaking change in this update:
>
>>    Use v3 X509 certificate
>>
>>    This fixes an issue where rustls failed to validate the X509v1 certificate.
>>
>>    Tested with Amfora, av-98, and titan (https://github.com/mkeeter/titan)
>>
>>    This requires fresh certificates, which could break clients with strict
>>    trust-on-first-use policies; unfortunately, it doesn't appear to be possible
>>    to migrate v1 certificates to v3.
>
> Also, I'm not sure if this is the correct style for updating unversioned
> software, so if I missed something, please let me know!

It is usually has the format VERSION-REVISION.COMMIT, where COMMIT is
the first 7 characters of the commit id.  In this case the commit
summary would be:

  gnu: gmnisrv: Update to 0-2.32854b7.

If you use Emacs, there is a Yasnippet snippet for generating commit
messages in Magit, just type “update<TAB>” in the commit buffer.

I don’t use ‘gmnisrv’, so I can’t really test it, but it builds fine for
me.  :)
diff mbox series

Patch

diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm
index 12ba55cdc8..270ad31331 100644
--- a/gnu/packages/web.scm
+++ b/gnu/packages/web.scm
@@ -7968,8 +7968,8 @@  solution for any project's interface needs:
     (license license:expat)))
 
 (define-public gmnisrv
-  (let ((commit "d484ba0ab0020866535a44be5948c9482b8f2b8d")
-        (revision "1"))
+  (let ((commit "32854b79c73b278bf33eb5123abf1c36abdc7c01")
+        (revision "2"))
     (package
       (name "gmnisrv")
       (version (git-version "0" revision commit))
@@ -7981,7 +7981,7 @@  solution for any project's interface needs:
                       (commit commit)))
                 (sha256
                  (base32
-                  "11phipixsxx1jgm42agp76p5s68l0zj65kgb41vzaymgwcq79ivn"))
+                  "0lbb3ablwkdcgm1cjr1hikr55y8gpl420nh8b8g9wn4abhm2xgr9"))
                 (file-name (git-file-name name version))))
       (build-system gnu-build-system)
       (arguments