From patchwork Mon May 29 00:19:17 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Felix Lechner X-Patchwork-Id: 50415 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 5418F27BBE9; Mon, 29 May 2023 01:20:35 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,SPF_HELO_PASS,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 66F3227BBE2 for ; Mon, 29 May 2023 01:20:32 +0100 (BST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1q3QcF-0000f2-I5; Sun, 28 May 2023 20:20:03 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1q3QcE-0000eg-JF for guix-patches@gnu.org; Sun, 28 May 2023 20:20:02 -0400 Received: from debbugs.gnu.org ([209.51.188.43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1q3QcE-00046x-AV for guix-patches@gnu.org; Sun, 28 May 2023 20:20:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1q3QcD-0007oe-Sh for guix-patches@gnu.org; Sun, 28 May 2023 20:20:01 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#63545] [PATCH v2 1/2] gnu: heimdal: Run autoreconf. References: In-Reply-To: Resent-From: Felix Lechner Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Mon, 29 May 2023 00:20:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 63545 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 63545@debbugs.gnu.org Cc: Josselin Poiret , Felix Lechner Received: via spool by 63545-submit@debbugs.gnu.org id=B63545.168531958430005 (code B ref 63545); Mon, 29 May 2023 00:20:01 +0000 Received: (at 63545) by debbugs.gnu.org; 29 May 2023 00:19:44 +0000 Received: from localhost ([127.0.0.1]:56668 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1q3Qbv-0007nt-LE for submit@debbugs.gnu.org; Sun, 28 May 2023 20:19:43 -0400 Received: from sail-ipv4.us-core.com ([208.82.101.137]:60618) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1q3Qbt-0007ni-RC for 63545@debbugs.gnu.org; Sun, 28 May 2023 20:19:42 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; s=2017; bh=VafNrJYQCYncgVP KIXAhrLXbhDf6nRRZyPUBiczHpgc=; h=date:subject:cc:to:from; d=lease-up.com; b=Jb0aJRmXY/u5MJRaXNoYmrc3B5WdsY59YWhGF/6Z6foDJU275iPG c4k19ZThj8NZso6r4YEc8CJOucKE/jc40p3+akzPv+EWTPlEGKtWY5YNE6PB+ZcwRTkmvY 33gFf+D6ToS6NlkNEyDWGR/XQIwO3fq559958CMmVE262C1MY= Received: by sail-ipv4.us-core.com (OpenSMTPD) with ESMTPSA id a174531d (TLSv1.3:TLS_CHACHA20_POLY1305_SHA256:256:NO); Mon, 29 May 2023 00:19:40 +0000 (UTC) Received: from localhost (localhost [local]) by localhost (OpenSMTPD) with ESMTPA id e3649568; Mon, 29 May 2023 00:19:39 +0000 (UTC) Date: Sun, 28 May 2023 17:19:17 -0700 Message-Id: <700bdb497cd0431ea9f3d71516f4168f55882ce4.1685319429.git.felix.lechner@lease-up.com> X-Mailer: git-send-email 2.40.1 MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-to: Felix Lechner X-ACL-Warn: , Felix Lechner via Guix-patches X-Patchwork-Original-From: Felix Lechner via Guix-patches via From: Felix Lechner Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches * gnu/packages/kerberos.scm (heimdal): Run autoreconf. --- Hi Josselin, Thanks for your review! I sidestepped your suggestions by continuing to build from the tarball, and running 'autoreconf.' Kind regards Felix gnu/packages/kerberos.scm | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) base-commit: d64d6ea2cf5a1be801be355031fb2cfa5901a92a diff --git a/gnu/packages/kerberos.scm b/gnu/packages/kerberos.scm index c553f8180a..f06410b8f8 100644 --- a/gnu/packages/kerberos.scm +++ b/gnu/packages/kerberos.scm @@ -183,14 +183,7 @@ (define-public heimdal (base32 "0f4dblav859p5hn7b2jdj1akw6d8p32as6bj6zym19kghh3s51zx")) (patches - (search-patches "heimdal-CVE-2022-45142.patch")) - (modules '((guix build utils))) - (snippet - '(begin - (substitute* "configure" - (("User=.*$") "User=Guix\n") - (("Host=.*$") "Host=GNU") - (("Date=.*$") "Date=2022\n")))))) + (search-patches "heimdal-CVE-2022-45142.patch")))) (build-system gnu-build-system) (arguments `(#:configure-flags @@ -223,7 +216,12 @@ (define-public heimdal #:phases (modify-phases %standard-phases (add-before 'configure 'pre-configure (lambda* (#:key inputs #:allow-other-keys) + (invoke (search-input-file inputs "bin/autoreconf") "--install" "--force") (substitute* "configure" + ;; Reproducible build date, etc. + (("User=.*$") "User=Guix\n") + (("Host=.*$") "Host=GNU\n") + (("Date=.*$") "Date=2022\n") ;; The e2fsprogs input is included for libcom_err, ;; let's use it even if cross-compiling. (("test \"\\$\\{krb_cv_com_err\\}\" = \"yes\"") @@ -255,12 +253,17 @@ (define-public heimdal (format #t "#!~a~%exit 1~%" (which "sh"))))))) ;; Tests fail when run in parallel. #:parallel-tests? #f)) - (native-inputs (list bison + (native-inputs (list autoconf + automake + bison e2fsprogs ;for 'compile_et' flex + libtool texinfo unzip ;for tests pkg-config + perl + perl-json python)) (inputs (list readline bash-minimal From patchwork Mon May 29 00:19:18 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Felix Lechner X-Patchwork-Id: 50416 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 9826C27BBE2; Mon, 29 May 2023 01:20:35 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,SPF_HELO_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 7AA6827BBEA for ; Mon, 29 May 2023 01:20:32 +0100 (BST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1q3QcG-0000fM-Fw; Sun, 28 May 2023 20:20:04 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1q3QcE-0000eh-Mh for guix-patches@gnu.org; Sun, 28 May 2023 20:20:02 -0400 Received: from debbugs.gnu.org ([209.51.188.43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1q3QcE-00048S-E6 for guix-patches@gnu.org; Sun, 28 May 2023 20:20:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1q3QcE-0007om-9p for guix-patches@gnu.org; Sun, 28 May 2023 20:20:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#63545] [PATCH v2 2/2] gnu: heimdal: Drop obsolete and insecure user tools. Resent-From: Felix Lechner Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Mon, 29 May 2023 00:20:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 63545 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 63545@debbugs.gnu.org Cc: Josselin Poiret , Felix Lechner Received: via spool by 63545-submit@debbugs.gnu.org id=B63545.168531958730020 (code B ref 63545); Mon, 29 May 2023 00:20:02 +0000 Received: (at 63545) by debbugs.gnu.org; 29 May 2023 00:19:47 +0000 Received: from localhost ([127.0.0.1]:56670 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1q3Qby-0007o8-Uu for submit@debbugs.gnu.org; Sun, 28 May 2023 20:19:47 -0400 Received: from sail-ipv4.us-core.com ([208.82.101.137]:60618) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1q3Qbu-0007ni-TG for 63545@debbugs.gnu.org; Sun, 28 May 2023 20:19:43 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; s=2017; bh=Hh2MTLJT2J/hrDp mZ+H5OKYZntKrkJsCakYrrmlfELs=; h=references:in-reply-to:date:subject: cc:to:from; d=lease-up.com; b=rE4XF/EUh/bs02OunAEc28J2+kivK2yEPDUPFM1f q+IvDtWqcriuLc1JrlYzHP2YttYuXv3y1DNfHp+4eJmtZbisExC5+QOtpkG9n9cXGFM+el OsNOPcgV0Ur93WpgMXJDOJIUiJqENN4eW7iswI8TIpQCZJAJoqllSaIQIa5w0= Received: by sail-ipv4.us-core.com (OpenSMTPD) with ESMTPSA id fce3d390 (TLSv1.3:TLS_CHACHA20_POLY1305_SHA256:256:NO); Mon, 29 May 2023 00:19:41 +0000 (UTC) Received: from localhost (localhost [local]) by localhost (OpenSMTPD) with ESMTPA id d571a8e1; Mon, 29 May 2023 00:19:41 +0000 (UTC) Date: Sun, 28 May 2023 17:19:18 -0700 Message-Id: X-Mailer: git-send-email 2.40.1 In-Reply-To: <700bdb497cd0431ea9f3d71516f4168f55882ce4.1685319429.git.felix.lechner@lease-up.com> References: <700bdb497cd0431ea9f3d71516f4168f55882ce4.1685319429.git.felix.lechner@lease-up.com> MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-to: Felix Lechner X-ACL-Warn: , Felix Lechner via Guix-patches X-Patchwork-Original-From: Felix Lechner via Guix-patches via From: Felix Lechner Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches According to messages from the Heimdal maintainers Brian May and Nico Williams, no one should be using their version of 'su' anymore. It was deleted from the development branch five years ago [1] and is only being shipped because the 7.8.0 is based on an older, stable branch. [1] https://github.com/heimdal/heimdal/commit/8a77f45aff366b1cd8c70c43ce63eb16a0c9839c Following the directions from the maintainers, this commit drops all executables built from the ./appl folder via deletion of that SUBDIR from the top-level Makefile.am. Unfortunately, the heimdal-discuss mailing list does not appear to have a public archive. The relevant SMTP Message-Id was: Since the 7.8.0 tarball shipped with all the files generated by 'autoreconf' it seemed superior to build from Git instead. For that, please see the preceeding commit. * gnu/packages/kerberos.scm (heimdal): Drop obsolete and insecure user tools. --- gnu/packages/kerberos.scm | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) diff --git a/gnu/packages/kerberos.scm b/gnu/packages/kerberos.scm index f06410b8f8..241881ea47 100644 --- a/gnu/packages/kerberos.scm +++ b/gnu/packages/kerberos.scm @@ -214,6 +214,12 @@ (define-public heimdal "/libexec/heimdal"))) #~())) #:phases (modify-phases %standard-phases + ;; Skip the appl folder as obsolete per message from Brian May + ;; + (add-after 'unpack 'drop-obsolete-executables + (lambda* (#:key inputs #:allow-other-keys) + (substitute* '("Makefile.am") + (("appl") "")))) (add-before 'configure 'pre-configure (lambda* (#:key inputs #:allow-other-keys) (invoke (search-input-file inputs "bin/autoreconf") "--install" "--force") @@ -230,15 +236,6 @@ (define-public heimdal ;; which confuses heimdal. (("ac_cv_prog_COMPILE_ET=\\$\\{with_cross_tools\\}compile_et") "ac_cv_PROG_COMPILE_ET=compile_et")) - (substitute* '("appl/afsutil/pagsh.c" "appl/su/su.c") - (("/bin/sh") - (search-input-file inputs "bin/sh")) - ;; Use the cross-compiled bash instead of the - ;; native bash (XXX shouldn't _PATH_BSHELL point - ;; to a cross-compiled bash?). - (("_PATH_BSHELL") - (string-append - "\"" (search-input-file inputs "bin/sh") "\""))) (substitute* '("tools/Makefile.in") (("/bin/sh") (which "sh"))))) (add-before 'check 'pre-check