Remove packages that depend on unsupported old OpenSSL releases

  • Done
  • quality assurance status badge
Details
6 participants
  • Efraim Flashner
  • Giovanni Biscuolo
  • Julien Lepiller
  • Leo Famulari
  • Ludovic Courtès
  • Pierre Langlois
Owner
unassigned
Submitted by
Leo Famulari
Severity
normal
L
L
Leo Famulari wrote on 4 Aug 2021 03:08
[PATCH] gnu: Remove dillo.
(address . guix-patches@gnu.org)
0ee91a928acdf41a8f3fb932827dfb45423ad0d1.1628039334.git.leo@famulari.name
As discussed in https://bugs.gnu.org/46602, Dillo does not include a
supported implementation of TLS / HTTPS, and there does not seem to be
any activity upstream to improve that.

* gnu/packages/web-browsers.scm (dillo): Remove variable.
---
gnu/packages/web-browsers.scm | 31 -------------------------------
1 file changed, 31 deletions(-)

Toggle diff (44 lines)
diff --git a/gnu/packages/web-browsers.scm b/gnu/packages/web-browsers.scm
index bd5ed1b5ac..6e011e8b14 100644
--- a/gnu/packages/web-browsers.scm
+++ b/gnu/packages/web-browsers.scm
@@ -147,37 +147,6 @@ management, extensions such as advertisement blocker and colorful tabs.")
(home-page "https://www.midori-browser.org")
(license license:lgpl2.1+)))
-(define-public dillo
- (package
- (name "dillo")
- (version "3.0.5")
- (source (origin
- (method url-fetch)
- (uri (string-append "https://www.dillo.org/download/"
- "dillo-" version ".tar.bz2"))
- (sha256
- (base32
- "12ql8n1lypv3k5zqgwjxlw1md90ixz3ag6j1gghfnhjq3inf26yv"))))
- (build-system gnu-build-system)
- (arguments `(#:configure-flags '("--enable-ssl" "--enable-ipv6")))
- (native-inputs `(("pkg-config" ,pkg-config)))
- (inputs `(("fltk" ,fltk)
- ("fontconfig" ,fontconfig)
- ("libjpeg" ,libjpeg-turbo)
- ("libpng" ,libpng)
- ("libxcursor" ,libxcursor)
- ("libxft" ,libxft)
- ("libxi" ,libxi)
- ("libxinerama" ,libxinerama)
- ("openssl" ,openssl-1.0) ;XXX try latest openssl for dillo > 3.0.5
- ("perl" ,perl)
- ("zlib" ,zlib)))
- (synopsis "Very small and fast graphical web browser")
- (description "Dillo is a minimalistic web browser particularly intended for
-older or slower computers and embedded systems.")
- (home-page "https://www.dillo.org")
- (license license:gpl3+)))
-
(define-public links
(package
(name "links")
--
2.32.0
L
L
Leo Famulari wrote on 4 Aug 2021 03:20
(no subject)
(address . control@debbugs.gnu.org)
YQnrS81w1NxHSQHW@jasmine.lan
retitle 49859 Remove packages that depend on unsupported old OpenSSL releases
L
L
Leo Famulari wrote on 4 Aug 2021 03:20
[PATCH 1/6] gnu: Remove pidentd.
(address . 49859@debbugs.gnu.org)
e874bdd3732a0423a9fa1c52f2996411ce08072c.1628040048.git.leo@famulari.name
As discussed in https://bugs.gnu.org/46602, pidentd does not support a
current release of OpenSSL, and there does not seem to be any activity
upstream to improve that.

* gnu/packages/networking.scm (pidentd): Remove variable.
---
gnu/packages/networking.scm | 27 ---------------------------
1 file changed, 27 deletions(-)

Toggle diff (40 lines)
diff --git a/gnu/packages/networking.scm b/gnu/packages/networking.scm
index 05fd092b23..212d4eac2f 100644
--- a/gnu/packages/networking.scm
+++ b/gnu/packages/networking.scm
@@ -2595,33 +2595,6 @@ enabled due to license conflicts between the BSD advertising clause and the GPL.
;; distribution for clarification.
(license (list license:bsd-3 license:bsd-4))))
-(define-public pidentd
- (package
- (name "pidentd")
- (version "3.0.19")
- (source
- (origin
- (method git-fetch)
- (uri (git-reference
- (url "https://github.com/ptrrkssn/pidentd")
- (commit (string-append "v" version))))
- (file-name (git-file-name name version))
- (sha256
- (base32
- "1k4rr0b4ygxssbnsykzjvz4hjhazzz4j5arlilyc1iq7b1wzsk7i"))))
- (build-system gnu-build-system)
- (arguments
- `(#:tests? #f)) ; No tests are included
- (inputs
- `(("openssl" ,openssl-1.0))) ;for the DES library
- (home-page "https://www.lysator.liu.se/~pen/pidentd/")
- (synopsis "Small Ident Daemon")
- (description
- "@dfn{Pidentd} (Peter's Ident Daemon) is an identd, which implements a
-identification server. Pidentd looks up specific TCP/IP connections and
-returns the user name and other information about the connection.")
- (license license:public-domain)))
-
(define-public spiped
(package
(name "spiped")
--
2.32.0
L
L
Leo Famulari wrote on 4 Aug 2021 03:20
[PATCH 3/6] gnu: Remove adb and fastboot.
(address . 49859@debbugs.gnu.org)
98b6d8eee70e27683b6617ba92afd7a353514e45.1628040049.git.leo@famulari.name
As discussed in https://bugs.gnu.org/46602, this version of adb does
not support a current release of OpenSSL.

* gnu/packages/android.scm (adb, fastboot): Remove variables.
---
gnu/packages/android.scm | 95 ----------------------------------------
1 file changed, 95 deletions(-)

Toggle diff (115 lines)
diff --git a/gnu/packages/android.scm b/gnu/packages/android.scm
index eb538f6540..746a104d43 100644
--- a/gnu/packages/android.scm
+++ b/gnu/packages/android.scm
@@ -351,53 +351,6 @@ various Android core host applications.")
various Android core host applications.")
(license license:asl2.0)))
-(define-public adb
- (package
- (name "adb")
- (version (android-platform-version))
- (source (android-platform-system-core version))
- (build-system android-ndk-build-system)
- (arguments
- `(#:tests? #f ; Test failure: sysdeps_poll.fd_count
- #:make-flags
- (list "CFLAGS=-Wno-error"
- "CXXFLAGS=-fpermissive -Wno-error -std=gnu++14 -D_Nonnull= -D_Nullable= -I ."
- (string-append "LDFLAGS=-Wl,-rpath=" (assoc-ref %outputs "out") "/lib "
- "-Wl,-rpath=" (assoc-ref %build-inputs "openssl") "/lib -L ."))
- #:phases
- (modify-phases %standard-phases
- (add-after 'unpack 'enter-source
- (lambda _ (chdir "adb") #t))
- (add-after 'enter-source 'glibc-compat
- (lambda _
- ;; Include sysmacros.h for "major" and "minor" in Glibc 2.28.
- (substitute* "usb_linux.cpp"
- (("#include <sys/types.h>" all)
- (string-append all "\n#include <sys/sysmacros.h>\n")))
- #t))
- (add-after 'enter-source 'make-libs-available
- (lambda* (#:key inputs outputs #:allow-other-keys)
- (substitute* "Android.mk"
- (("libcrypto_static") "libcrypto"))
- #t))
- (add-after 'install 'install-headers
- (lambda* (#:key inputs outputs #:allow-other-keys)
- (install-file "diagnose_usb.h" (string-append (assoc-ref outputs "out") "/include"))
- #t)))))
- (inputs
- `(("android-libbase" ,android-libbase)
- ("android-libcutils" ,android-libcutils)
- ("android-liblog" ,android-liblog)
- ("openssl" ,openssl-1.0)))
- (home-page "https://developer.android.com/studio/command-line/adb.html")
- (synopsis "Android Debug Bridge")
- (description
- "@command{adb} is a versatile command line tool that lets you communicate
-with an emulator instance or connected Android device. It facilitates a variety
-of device actions, such as installing and debugging apps, and it provides access
-to a Unix shell that can run commands on the connected device or emulator.")
- (license license:asl2.0)))
-
(define-public mkbootimg
(package
(name "mkbootimg")
@@ -652,54 +605,6 @@ file system.")
(description "@code{android-libutils} provides utilities for Android NDK developers.")
(license license:asl2.0)))
-(define-public fastboot
- (package
- (name "fastboot")
- (version (android-platform-version))
- (source (android-platform-system-core version))
- (build-system android-ndk-build-system)
- (arguments
- `(#:phases
- (modify-phases %standard-phases
- (add-after 'unpack 'enter-source
- (lambda _
- (chdir "fastboot")
- #t))
- (add-after 'enter-source 'patch-source
- (lambda _
- (substitute* "Android.mk"
- (("libext4_utils_host") "libext4_utils_host libselinux libpcre"))
- #t))
- (replace 'install
- (lambda* (#:key outputs #:allow-other-keys)
- (let* ((out (assoc-ref outputs "out"))
- (lib (string-append out "/lib"))
- (bin (string-append out "/bin")))
- (install-file "fastboot" bin)
- #t))))))
- (inputs
- `(("adb" ,adb)
- ("android-safe-iop" ,android-safe-iop)
- ("android-ext4-utils" ,android-ext4-utils)
- ("android-f2fs-utils" ,android-f2fs-utils)
- ("android-libbase" ,android-libbase)
- ("android-libcutils" ,android-libcutils)
- ("android-liblog" ,android-liblog)
- ("android-libutils" ,android-libutils)
- ("android-libsparse" ,android-libsparse)
- ("android-libziparchive" ,android-libziparchive)
- ("android-libselinux" ,android-libselinux)
- ("pcre" ,pcre)
- ("mkbootimg" ,mkbootimg)
- ("zlib" ,zlib)))
- (native-inputs
- `(("xz" ,xz)))
- (home-page "https://developer.android.com/studio/command-line/")
- (synopsis "Android image flasher")
- (description
- "This package provides @command{fastboot}, a tool to upload file system images to Android devices.")
- (license license:asl2.0)))
-
(define-public android-udev-rules
(package
(name "android-udev-rules")
--
2.32.0
L
L
Leo Famulari wrote on 4 Aug 2021 03:20
[PATCH 2/6] gnu: Remove cadaver.
(address . 49859@debbugs.gnu.org)
09d99994542520b463a469b45b8a67b500b177cc.1628040048.git.leo@famulari.name
As discussed in https://bugs.gnu.org/46602, cadaver does not support a
current release of OpenSSL.

* gnu/packages/web.scm (cadaver): Remove variable.
---
gnu/packages/web.scm | 32 --------------------------------
1 file changed, 32 deletions(-)

Toggle diff (45 lines)
diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm
index 432ed3c445..24dd08d44f 100644
--- a/gnu/packages/web.scm
+++ b/gnu/packages/web.scm
@@ -6614,38 +6614,6 @@ file links.")
license:psfl ; linkcheck/gzip2.py
license:expat)))) ; linkcheck/mem.py
-(define-public cadaver
- (package
- (name "cadaver")
- (version "0.23.3")
- (source
- (origin
- (method url-fetch)
- (uri (string-append "http://www.webdav.org/cadaver/"
- name "-" version ".tar.gz"))
- (sha256
- (base32
- "1jizq69ifrjbjvz5y79wh1ny94gsdby4gdxwjad4bfih6a5fck7x"))))
- (build-system gnu-build-system)
- ;; TODO: Unbundle libneon and make build succeed with new neon.
- (arguments
- `(#:configure-flags (list "--with-ssl=openssl")
- #:tests? #f)) ;No tests included
- (native-inputs
- `(("gettext" ,gettext-minimal)
- ("pkg-config" ,pkg-config)
- ("intltool" ,intltool)))
- (inputs
- `(("expat" ,expat)
- ("openssl" ,openssl-1.0)))
- (home-page "http://www.webdav.org/cadaver/")
- (synopsis "Command-line WebDAV client")
- (description
- "Cadaver is a command-line WebDAV client for Unix. It supports
-file upload, download, on-screen display, namespace operations (move/copy),
-collection creation and deletion, and locking operations.")
- (license license:gpl2)))
-
(define-public castor
(package
(name "castor")
--
2.32.0
L
L
Leo Famulari wrote on 4 Aug 2021 03:20
[PATCH 4/6] gnu: Remove eschalot.
(address . 49859@debbugs.gnu.org)
f0b61ab3c4dc99fab70cfb6ec54c5e8ee8c26446.1628040049.git.leo@famulari.name
As discussed in https://bugs.gnu.org/46602, eschalot does not support
a current release of OpenSSL.

* gnu/packages/crypto.scm (eschalot): Remove variable.
---
gnu/packages/crypto.scm | 57 -----------------------------------------
1 file changed, 57 deletions(-)

Toggle diff (70 lines)
diff --git a/gnu/packages/crypto.scm b/gnu/packages/crypto.scm
index fe2cec045d..83c1a08dee 100644
--- a/gnu/packages/crypto.scm
+++ b/gnu/packages/crypto.scm
@@ -398,63 +398,6 @@ secure operations. ")
(license (list license:lgpl2.1+ ; the files keyutils.*
license:gpl2+)))) ; the rest
-;; There is no release candidate but commits point out a version number,
-;; furthermore no tarball exists.
-(define-public eschalot
- (let ((commit "0bf31d88a11898c19b1ed25ddd2aff7b35dbac44")
- (revision "1"))
- (package
- (name "eschalot")
- (version (string-append "1.2.0-" revision "." (string-take commit 7)))
- (source
- (origin
- (method git-fetch)
- (uri (git-reference
- (url "https://github.com/schnabear/eschalot")
- (commit commit)))
- (file-name (string-append name "-" version))
- (sha256
- (base32
- "0lj38ldh8vzi11wp4ghw4k0fkwp0s04zv8k8d473p1snmbh7mx98"))))
- (inputs
- `(("openssl" ,openssl-1.0))) ; for openssl/{bn,pem,rsa,sha}.h
- (build-system gnu-build-system)
- (arguments
- `(#:make-flags (list (string-append "CC=" ,(cc-for-target))
- (string-append "PREFIX=" (assoc-ref %outputs "out"))
- (string-append "INSTALL=" "install"))
- ;; XXX: make test would run a !VERY! long hashing of names with the use
- ;; of a wordlist, the amount of computing time this would waste on build
- ;; servers is in no relation to the size or importance of this small
- ;; application, therefore we run our own tests on eschalot and worgen.
- #:phases
- (modify-phases %standard-phases
- (delete 'configure)
- (replace 'check
- (lambda _
- (invoke "./worgen" "8-12" "top1000.txt" "3-10" "top400nouns.txt"
- "3-6" "top150adjectives.txt" "3-6")
- (invoke "./eschalot" "-r" "^guix|^guixsd")
- (invoke "./eschalot" "-r" "^gnu|^free")
- (invoke "./eschalot" "-r" "^cyber|^hack")
- (invoke "./eschalot" "-r" "^troll")))
- ;; Make install can not create the bin dir, create it.
- (add-before 'install 'create-bin-dir
- (lambda* (#:key outputs #:allow-other-keys)
- (let* ((out (assoc-ref outputs "out"))
- (bin (string-append out "/bin")))
- (mkdir-p bin)
- #t))))))
- (home-page "https://github.com/schnabear/eschalot")
- (synopsis "Tor hidden service name generator")
- (description
- "Eschalot is a tor hidden service name generator, it allows one to
-produce customized vanity .onion addresses using a brute-force method. Searches
-for valid names can be run with regular expressions and wordlists. For the
-generation of wordlists the included tool @code{worgen} can be used. There is
-no man page, refer to the home page for usage details.")
- (license (list license:isc license:expat)))))
-
(define-public ssss
(package
(name "ssss")
--
2.32.0
L
L
Leo Famulari wrote on 4 Aug 2021 03:20
[PATCH 5/6] gnu: Remove psyclpc.
(address . 49859@debbugs.gnu.org)
cce346e3f56b2eeb0c68db54630d638f87dceb87.1628040049.git.leo@famulari.name
As discussed in https://bugs.gnu.org/46602, psyclpc does not support a
current release of OpenSSL.

* gnu/packages/messaging.scm (psyclpc): Remove variable.
---
gnu/packages/messaging.scm | 73 --------------------------------------
1 file changed, 73 deletions(-)

Toggle diff (86 lines)
diff --git a/gnu/packages/messaging.scm b/gnu/packages/messaging.scm
index e5ecdb8894..3aa386ed6d 100644
--- a/gnu/packages/messaging.scm
+++ b/gnu/packages/messaging.scm
@@ -1839,79 +1839,6 @@ including psyced.")
(synopsis "PSYC library in C")
(license license:agpl3+)))
-;; This commit removes the historic bundled pcre and makes psyclpc reproducible.
-(define-public psyclpc
- (let* ((commit "61cf9aa81297085e5c40170fd01221c752f8deba")
- (revision "2"))
- (package
- (name "psyclpc")
- (version (string-append "20160821-" revision "." (string-take commit 7)))
- (source (origin
- (method git-fetch)
- (uri (git-reference
- (url "git://git.psyced.org/git/psyclpc")
- (commit commit)))
- (file-name (string-append name "-" version "-checkout"))
- (sha256
- (base32
- "1viwqymbhn3cwvx0zl58rlzl5gw47zxn0ldg2nbi55ghm5zxl1z5"))))
- (build-system gnu-build-system)
- (arguments
- `(#:tests? #f ; There are no tests/checks.
- #:configure-flags
- ;; If you have questions about this part, look at
- ;; "src/settings/psyced" and the ebuild.
- (list
- "--enable-use-tls=yes"
- "--enable-use-mccp" ; Mud Client Compression Protocol, leave this enabled.
- (string-append "--prefix="
- (assoc-ref %outputs "out"))
- ;; src/Makefile: Set MUD_LIB to the directory which contains
- ;; the mud data. defaults to MUD_LIB = @libdir@
- (string-append "--libdir="
- (assoc-ref %outputs "out")
- "/opt/psyced/world")
- (string-append "--bindir="
- (assoc-ref %outputs "out")
- "/opt/psyced/bin")
- ;; src/Makefile: Set ERQ_DIR to directory which contains the
- ;; stuff which ERQ can execute (hopefully) savely. Was formerly
- ;; defined in config.h. defaults to ERQ_DIR= @libexecdir@
- (string-append "--libexecdir="
- (assoc-ref %outputs "out")
- "/opt/psyced/run"))
- #:phases
- (modify-phases %standard-phases
- (add-before 'configure 'chdir-to-src
- ;; We need to pass this as env variables
- ;; and manually change the directory.
- (lambda _
- (chdir "src")
- (setenv "CONFIG_SHELL" (which "sh"))
- (setenv "SHELL" (which "sh"))
- #t)))
- #:make-flags (list "install-all")))
- (inputs
- `(("zlib" ,zlib)
- ("openssl" ,openssl-1.0)
- ("pcre" ,pcre)))
- (native-inputs
- `(("pkg-config" ,pkg-config)
- ("bison" ,bison)
- ("gettext" ,gettext-minimal)
- ("help2man" ,help2man)
- ("autoconf" ,autoconf)
- ("automake" ,automake)))
- (home-page "http://lpc.psyc.eu/")
- (synopsis "psycLPC is a multi-user network server programming language")
- (description
- "LPC is a bytecode language, invented to specifically implement
-multi user virtual environments on the internet. This technology is used for
-MUDs and also the psyced implementation of the Protocol for SYnchronous
-Conferencing (PSYC). psycLPC is a fork of LDMud with some new features and
-many bug fixes.")
- (license license:gpl2))))
-
(define-public loudmouth
(package
(name "loudmouth")
--
2.32.0
L
L
Leo Famulari wrote on 4 Aug 2021 03:20
[PATCH 6/6] gnu: Remove tlsdate.
(address . 49859@debbugs.gnu.org)
0498f753e60dc28c5c82b9f8c331db307a67f8c0.1628040049.git.leo@famulari.name
As discussed in https://bugs.gnu.org/46602, tlsdate does not support a
current release of OpenSSL.

* gnu/packages/ntp.scm (tlsdate): Remove variable.
---
gnu/packages/ntp.scm | 51 --------------------------------------------
1 file changed, 51 deletions(-)

Toggle diff (61 lines)
diff --git a/gnu/packages/ntp.scm b/gnu/packages/ntp.scm
index 191eedd158..55b9a73b22 100644
--- a/gnu/packages/ntp.scm
+++ b/gnu/packages/ntp.scm
@@ -216,54 +216,3 @@ secure, easy to configure, and accurate enough for most purposes, so it's more
minimalist than ntpd.")
;; A few of the source files are under bsd-3.
(license (list l:isc l:bsd-3))))
-
-(define-public tlsdate
- (package
- (name "tlsdate")
- (version "0.0.13")
- (home-page "https://github.com/ioerror/tlsdate")
- (source (origin
- (method git-fetch)
- (uri (git-reference
- (commit (string-append "tlsdate-" version))
- (url home-page)))
- (sha256
- (base32
- "0w3v63qmbhpqlxjsvf4k3zp90k6mdzi8cdpgshan9iphy1f44xgl"))
- (file-name (string-append name "-" version "-checkout"))))
- (build-system gnu-build-system)
- (arguments
- `(;; Disable seccomp when it's not supported--e.g., on aarch64. See
- ;; 'src/seccomp.c' for the list of supported systems.
- #:configure-flags ,(if (any (lambda (system)
- (string-contains (or
- (%current-target-system)
- (%current-system))
- system))
- '("x86_64" "i686" "arm"))
- ''()
- ''("--disable-seccomp-filter"))
-
- #:phases (modify-phases %standard-phases
- (add-after 'unpack 'autogen
- (lambda _
- ;; The ancestor of 'SOURCE_DATE_EPOCH'; it contains the
- ;; date that is recorded in binaries. It must be a
- ;; "recent date" since it is used to detect bogus dates
- ;; received from servers.
- (setenv "COMPILE_DATE" (number->string 1530144000))
- (invoke "sh" "autogen.sh"))))))
- (inputs `(("openssl" ,openssl-1.0)
- ("libevent" ,libevent)))
- (native-inputs `(("pkg-config" ,pkg-config)
- ("autoconf" ,autoconf)
- ("automake" ,automake)
- ("libtool" ,libtool)))
- (synopsis "Extract remote time from TLS handshakes")
- (description
- "@command{tlsdate} sets the local clock by securely connecting with TLS
-to remote servers and extracting the remote time out of the secure handshake.
-Unlike ntpdate, @command{tlsdate} uses TCP, for instance connecting to a
-remote HTTPS or TLS enabled service, and provides some protection against
-adversaries that try to feed you malicious time information.")
- (license l:bsd-3)))
--
2.32.0
L
L
Leo Famulari wrote on 4 Aug 2021 03:29
Re: Remove packages that depend on unsupported old OpenSSL releases
(address . 49859@debbugs.gnu.org)
YQntlUpQ2VNVW1gO@jasmine.lan
My plan is to push these patches within 2 weeks.
J
J
Julien Lepiller wrote on 4 Aug 2021 04:42
Re: [bug#49859] [PATCH 3/6] gnu: Remove adb and fastboot.
83DA07E5-55F3-4F1C-9C57-8957526A53B6@lepiller.eu
Gasp… do we have no other choice? Adb and fastboot are really useful to me.

Le 3 août 2021 21:20:46 GMT-04:00, Leo Famulari <leo@famulari.name> a écrit :
Toggle quote (127 lines)
>As discussed in https://bugs.gnu.org/46602, this version of adb does
>not support a current release of OpenSSL.
>
>* gnu/packages/android.scm (adb, fastboot): Remove variables.
>---
> gnu/packages/android.scm | 95 ----------------------------------------
> 1 file changed, 95 deletions(-)
>
>diff --git a/gnu/packages/android.scm b/gnu/packages/android.scm
>index eb538f6540..746a104d43 100644
>--- a/gnu/packages/android.scm
>+++ b/gnu/packages/android.scm
>@@ -351,53 +351,6 @@ various Android core host applications.")
> various Android core host applications.")
> (license license:asl2.0)))
>
>-(define-public adb
>- (package
>- (name "adb")
>- (version (android-platform-version))
>- (source (android-platform-system-core version))
>- (build-system android-ndk-build-system)
>- (arguments
>- `(#:tests? #f ; Test failure: sysdeps_poll.fd_count
>- #:make-flags
>- (list "CFLAGS=-Wno-error"
>- "CXXFLAGS=-fpermissive -Wno-error -std=gnu++14 -D_Nonnull= -D_Nullable= -I ."
>- (string-append "LDFLAGS=-Wl,-rpath=" (assoc-ref %outputs "out") "/lib "
>- "-Wl,-rpath=" (assoc-ref %build-inputs "openssl") "/lib -L ."))
>- #:phases
>- (modify-phases %standard-phases
>- (add-after 'unpack 'enter-source
>- (lambda _ (chdir "adb") #t))
>- (add-after 'enter-source 'glibc-compat
>- (lambda _
>- ;; Include sysmacros.h for "major" and "minor" in Glibc 2.28.
>- (substitute* "usb_linux.cpp"
>- (("#include <sys/types.h>" all)
>- (string-append all "\n#include <sys/sysmacros.h>\n")))
>- #t))
>- (add-after 'enter-source 'make-libs-available
>- (lambda* (#:key inputs outputs #:allow-other-keys)
>- (substitute* "Android.mk"
>- (("libcrypto_static") "libcrypto"))
>- #t))
>- (add-after 'install 'install-headers
>- (lambda* (#:key inputs outputs #:allow-other-keys)
>- (install-file "diagnose_usb.h" (string-append (assoc-ref outputs "out") "/include"))
>- #t)))))
>- (inputs
>- `(("android-libbase" ,android-libbase)
>- ("android-libcutils" ,android-libcutils)
>- ("android-liblog" ,android-liblog)
>- ("openssl" ,openssl-1.0)))
>- (home-page "https://developer.android.com/studio/command-line/adb.html")
>- (synopsis "Android Debug Bridge")
>- (description
>- "@command{adb} is a versatile command line tool that lets you communicate
>-with an emulator instance or connected Android device. It facilitates a variety
>-of device actions, such as installing and debugging apps, and it provides access
>-to a Unix shell that can run commands on the connected device or emulator.")
>- (license license:asl2.0)))
>-
> (define-public mkbootimg
> (package
> (name "mkbootimg")
>@@ -652,54 +605,6 @@ file system.")
> (description "@code{android-libutils} provides utilities for Android NDK developers.")
> (license license:asl2.0)))
>
>-(define-public fastboot
>- (package
>- (name "fastboot")
>- (version (android-platform-version))
>- (source (android-platform-system-core version))
>- (build-system android-ndk-build-system)
>- (arguments
>- `(#:phases
>- (modify-phases %standard-phases
>- (add-after 'unpack 'enter-source
>- (lambda _
>- (chdir "fastboot")
>- #t))
>- (add-after 'enter-source 'patch-source
>- (lambda _
>- (substitute* "Android.mk"
>- (("libext4_utils_host") "libext4_utils_host libselinux libpcre"))
>- #t))
>- (replace 'install
>- (lambda* (#:key outputs #:allow-other-keys)
>- (let* ((out (assoc-ref outputs "out"))
>- (lib (string-append out "/lib"))
>- (bin (string-append out "/bin")))
>- (install-file "fastboot" bin)
>- #t))))))
>- (inputs
>- `(("adb" ,adb)
>- ("android-safe-iop" ,android-safe-iop)
>- ("android-ext4-utils" ,android-ext4-utils)
>- ("android-f2fs-utils" ,android-f2fs-utils)
>- ("android-libbase" ,android-libbase)
>- ("android-libcutils" ,android-libcutils)
>- ("android-liblog" ,android-liblog)
>- ("android-libutils" ,android-libutils)
>- ("android-libsparse" ,android-libsparse)
>- ("android-libziparchive" ,android-libziparchive)
>- ("android-libselinux" ,android-libselinux)
>- ("pcre" ,pcre)
>- ("mkbootimg" ,mkbootimg)
>- ("zlib" ,zlib)))
>- (native-inputs
>- `(("xz" ,xz)))
>- (home-page "https://developer.android.com/studio/command-line/")
>- (synopsis "Android image flasher")
>- (description
>- "This package provides @command{fastboot}, a tool to upload file system images to Android devices.")
>- (license license:asl2.0)))
>-
> (define-public android-udev-rules
> (package
> (name "android-udev-rules")
>--
>2.32.0
>
>
>
>
Attachment: file
L
L
Leo Famulari wrote on 4 Aug 2021 04:53
(name . Julien Lepiller)(address . julien@lepiller.eu)(address . 49859@debbugs.gnu.org)
YQoBD7/TqncxyRG4@jasmine.lan
On Tue, Aug 03, 2021 at 10:42:50PM -0400, Julien Lepiller wrote:
Toggle quote (2 lines)
> Gasp… do we have no other choice? Adb and fastboot are really useful to me.

I think there must be a new version of adb that doesn't use the old
unsupported OpenSSL. Do you have time to check on that?

The unsupported OpenSSL version is the 1.0 series.

The supported version is 1.1.1.

Looking at android.scm, I see that our packages are based on the Git tag
7.1.2_r36 from this repo:

J
J
Julien Lepiller wrote on 4 Aug 2021 04:58
(name . Leo Famulari)(address . leo@famulari.name)(address . 49859@debbugs.gnu.org)
FCC37C95-6E9F-46C2-8A08-EF9CADB4CEE8@lepiller.eu
There are more recent versions, unfortunately this is the latest version we can support. Later versions use a different build system, soong, that require much more work. I have a wip for that, but it will need more work to be really useful and be able to build adb and fastboot.

Le 3 août 2021 22:53:03 GMT-04:00, Leo Famulari <leo@famulari.name> a écrit :
Toggle quote (14 lines)
>On Tue, Aug 03, 2021 at 10:42:50PM -0400, Julien Lepiller wrote:
>> Gasp… do we have no other choice? Adb and fastboot are really useful to me.
>
>I think there must be a new version of adb that doesn't use the old
>unsupported OpenSSL. Do you have time to check on that?
>
>The unsupported OpenSSL version is the 1.0 series.
>
>The supported version is 1.1.1.
>
>Looking at android.scm, I see that our packages are based on the Git tag
>7.1.2_r36 from this repo:
>
>https://android.googlesource.com/platform/system/core
Attachment: file
L
L
Leo Famulari wrote on 4 Aug 2021 05:01
(name . Julien Lepiller)(address . julien@lepiller.eu)(address . 49859@debbugs.gnu.org)
YQoDA7UrMBzBPQse@jasmine.lan
On Tue, Aug 03, 2021 at 10:53:03PM -0400, Leo Famulari wrote:
Toggle quote (3 lines)
> Looking at android.scm, I see that our packages are based on the Git tag
> 7.1.2_r36 from this repo:

I checked the license for 'libcrypto.so' on my phone, which is on
Android 11. And they are not even using OpenSSL anymore, but instead
BoringSSL. So, maybe there is some intermediate version of Android
between 7 and 11 that uses OpenSSL 1.1.1 (released September 2018).


Or, maybe we can move these packages (openssl-1.0 and these Android 7
packages) to guix-past. Or maybe someone has some other ideas.
L
L
Leo Famulari wrote on 4 Aug 2021 05:21
(name . Julien Lepiller)(address . julien@lepiller.eu)(address . 49859@debbugs.gnu.org)
YQoHsO+cSPwRamQi@jasmine.lan
On Tue, Aug 03, 2021 at 10:58:46PM -0400, Julien Lepiller wrote:
Toggle quote (2 lines)
> There are more recent versions, unfortunately this is the latest version we can support. Later versions use a different build system, soong, that require much more work. I have a wip for that, but it will need more work to be really useful and be able to build adb and fastboot.

I see. Well, the packages could be moved to guix-past for now. Let's
wait and see what others have to say.

This version of OpenSSL became unsupported at the end of 2019.
L
L
Leo Famulari wrote on 4 Aug 2021 18:29
(name . Julien Lepiller)(address . julien@lepiller.eu)(address . 49859@debbugs.gnu.org)
YQrAViNOKnI4nG+4@jasmine.lan
On Tue, Aug 03, 2021 at 11:21:20PM -0400, Leo Famulari wrote:
Toggle quote (6 lines)
> On Tue, Aug 03, 2021 at 10:58:46PM -0400, Julien Lepiller wrote:
> > There are more recent versions, unfortunately this is the latest version we can support. Later versions use a different build system, soong, that require much more work. I have a wip for that, but it will need more work to be really useful and be able to build adb and fastboot.
>
> I see. Well, the packages could be moved to guix-past for now. Let's
> wait and see what others have to say.

I got more feedback on #guix IRC that we should not remove adb /
fastboot, because it's an important tool for freeing Android
smartphones.

Is there a reason we shouldn't use guix-past to hold these packages?
E
E
Efraim Flashner wrote on 5 Aug 2021 10:11
(name . Leo Famulari)(address . leo@famulari.name)
YQudScMrlKJ3DFtC@3900XT
On Wed, Aug 04, 2021 at 12:29:10PM -0400, Leo Famulari wrote:
Toggle quote (14 lines)
> On Tue, Aug 03, 2021 at 11:21:20PM -0400, Leo Famulari wrote:
> > On Tue, Aug 03, 2021 at 10:58:46PM -0400, Julien Lepiller wrote:
> > > There are more recent versions, unfortunately this is the latest version we can support. Later versions use a different build system, soong, that require much more work. I have a wip for that, but it will need more work to be really useful and be able to build adb and fastboot.
> >
> > I see. Well, the packages could be moved to guix-past for now. Let's
> > wait and see what others have to say.
>
> I got more feedback on #guix IRC that we should not remove adb /
> fastboot, because it's an important tool for freeing Android
> smartphones.
>
> Is there a reason we shouldn't use guix-past to hold these packages?
>

I'm in favor of moving openssl-1.0 to guix-past, it's the perfect type
of package to go there. Upstream has declared it dead and no one is
going to touch it. Similar to how qt-4 moved there a few months ago.

ADB and fastboot are still useful, and (ignoring some networking options
they apparently have) are localhost only. I'd rather leave them both for
now with an eye to shoehorning in an updated version somehow, hiding
openssl-1.0, and adding a note to remove it as soon as nothing needs it
anymore.

--
Efraim Flashner <efraim@flashner.co.il> ????? ?????
GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted
-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEoov0DD5VE3JmLRT3Qarn3Mo9g1EFAmELnUcACgkQQarn3Mo9
g1GzCBAAsrXGOMYQxUdlh9FiYjgGn4+eEdnOWbmtkjfSlEZd9OdA0sMXyLXT8tER
25IhW3hmBbwrkHo6ftTmWR/K865PL5L00idVpqe/HG+hW0NZva4YIQMbvYxB59wn
lQsHp4cS2+6ASDgYzVMjIR37TcNvu2FrgOrmucmP+BAOQgfYNKEWhA/LNd84Ispv
ZZf4HDshVZZLxygXOL4AW0p3KVbeTGmor9yLQ19TQhDbWQrGcbgfqDA9Q+1ilf2o
2T66XSArOk+43L3tboXU4M6wJa2En36dwgbCpf/TaQsUwnKdMOreXGBBTlyj3mUJ
N3gLXRgTfpf8qsldm+2hsmAp3uBt/jHEi8enJowCMHlT6dMmt89GQVQNTIcvcegl
2ATyR349uHXxvBE80Js3FMkjkboWc3p+J7eXYJquLrVFpzLzHOQnCHuJQZV4kgcw
wnoia/v3jOLznPr+bVrXu5KitfzNVWyCUqau5ieiDoJwkRXGOnM3VBiXjNsg9HE/
XR9WT6ydXttfyHOO6Xa1mRukLR0t8F0X+tceGojk+ESPlDGSNZMTtGJwQWYQlS7S
x9HsrW5qW0r0GPbuVTFPzKRrO/2pBxiM7VUHa7DxnGJD9sFpaRJf8hUT7/YdHEks
22ruFVVaFmifvSBYAkh70cox6yKUah2bb5g6yGOQ3abhg7sRJl8=
=xfO7
-----END PGP SIGNATURE-----


L
L
Ludovic Courtès wrote on 11 Aug 2021 16:08
Re: bug#49859: Remove packages that depend on unsupported old OpenSSL releases
(name . Efraim Flashner)(address . efraim@flashner.co.il)
877dgsm5uy.fsf_-_@gnu.org
Hi,

Efraim Flashner <efraim@flashner.co.il> skribis:

Toggle quote (4 lines)
> I'm in favor of moving openssl-1.0 to guix-past, it's the perfect type
> of package to go there. Upstream has declared it dead and no one is
> going to touch it. Similar to how qt-4 moved there a few months ago.

Agreed. However…

Toggle quote (6 lines)
> ADB and fastboot are still useful, and (ignoring some networking options
> they apparently have) are localhost only. I'd rather leave them both for
> now with an eye to shoehorning in an updated version somehow, hiding
> openssl-1.0, and adding a note to remove it as soon as nothing needs it
> anymore.

… this means we need to keep openssl 1.0, hidden, in Guix proper. That
sounds like a reasonable option to me. Leo’s approach of progressively
removing anything that depends on it sounds good to me nevertheless, but
it’s good that we can weigh the pros and cons for each candidate.

Julien said upgrading ADB/fastboot is not an option, at least not now.

Another option would be to patch ADB so it can use OpenSSL 1.1.
Hopefully the changes can be relatively simple and isolated. Worth
trying?

Ludo’.
G
G
Giovanni Biscuolo wrote on 11 Aug 2021 17:18
Re: [bug#49859] Remove packages that depend on unsupported old OpenSSL releases
87k0ksf1rl.fsf@xelera.eu
Hi,

Ludovic Courtès <ludo@gnu.org> writes:

[...]

Toggle quote (4 lines)
> Another option would be to patch ADB so it can use OpenSSL 1.1.
> Hopefully the changes can be relatively simple and isolated. Worth
> trying?

AFAIU Debian was applying this patch:

in the adb package ver 1:7.0.0+r33-1

OpenWRT was (is?) applying this (more "invasive") patch:

I'll try the Debian one and send a patch if I succeed.

Thanks! Gio'

--
Giovanni Biscuolo

Xelera IT Infrastructures
-----BEGIN PGP SIGNATURE-----

iQJABAEBCgAqFiEERcxjuFJYydVfNLI5030Op87MORIFAmET6k8MHGdAeGVsZXJh
LmV1AAoJENN9DqfOzDkS240P/0Fb3BEjZ6mCM1JsgrxhtPqDj0HJ7ZajNsNyD6C7
pj/wW+Kq/LrnnaMMqEMuTfy08usENtBKVsjkrCo4mS0OAnyTAc6FD24HSkvMQtqx
ylA1CaMFdmKd+FVeBRD5PL9pYqAoso83b2JkiL68o9Rn7UBHb4lgHr47IHHEKzwD
y+gjmn7mpU+ORd8Vgona00aXCAk4Cceue57CeUqzniff6dihPMb3snswhW9cHDuw
s+0nyRx0RnbuTQABgR/pqfHEmWhMiTM/e95XER94DzX6EGQl05z66f3MtLEWgeOI
btoBZj4SW57IXF9Nd0p3SqMjX+wDI84eKb3W37j6SQA2xi1/Dq8QB2ppxrERbJCj
qaAqc9GlqELtQ1SbgKtZ1gX2WTrpDsMcKYz+xCExK2ayFHMA1Y/WQ9Rvmkzqh+Y+
4kklteKYa36z+NlsdBx1qUQJXqzCX2vg6FAAL+h4PUO9yya/zGux6Px10DL4S/IL
0vbGknztSmJNDEc9nj/mD2OxmX0G1lvf+DIwlvFfaZC64pmvxOFfU50oSsrlJHXE
6+J950IjMo/c+Lahpu75uB8Unvc70lPBvi5gzQMooEmdY3uaZIEt+59j2lyQjJVl
xCaOxJiUDjvYOE1rutSA8VfoWzdPhMqVfRA03zX3dxcpw+6KEa+G6FsjwgjQoqGm
tkuj
=PRmF
-----END PGP SIGNATURE-----

L
L
Leo Famulari wrote on 11 Aug 2021 19:52
(name . Giovanni Biscuolo)(address . g@xelera.eu)
YRQOXXauAu5aY+t6@jasmine.lan
On Wed, Aug 11, 2021 at 05:18:38PM +0200, Giovanni Biscuolo wrote:
Toggle quote (20 lines)
> Hi,
>
> Ludovic Court�s <ludo@gnu.org> writes:
>
> [...]
>
> > Another option would be to patch ADB so it can use OpenSSL 1.1.
> > Hopefully the changes can be relatively simple and isolated. Worth
> > trying?
>
> AFAIU Debian was applying this patch:
> https://sources.debian.org/patches/android-platform-system-core/1:7.0.0+r33-1/adb_libssl_11.diff/
>
> in the adb package ver 1:7.0.0+r33-1
>
> OpenWRT was (is?) applying this (more "invasive") patch:
> https://github.com/openwrt/openwrt/pull/971/files
>
> I'll try the Debian one and send a patch if I succeed.

Awesome, thanks! Let us know how it goes. I'll proceed with hiding
openssl-1.0 and removing the other packages (not adb or fastboot) in the
meantime.
L
L
Leo Famulari wrote on 11 Aug 2021 19:58
(no subject)
(address . control@debbugs.gnu.org)
YRQPz0Hj/SRPoJ/F@jasmine.lan
block 46602 with 49859
P
P
Pierre Langlois wrote on 11 Aug 2021 20:13
Re: [bug#49859] [PATCH 3/6] gnu: Remove adb and fastboot.
(name . Julien Lepiller)(address . julien@lepiller.eu)
87a6lnonfi.fsf@gmx.com
Hi Julien and Leo,

Julien Lepiller <julien@lepiller.eu> writes:

Toggle quote (3 lines)
> There are more recent versions, unfortunately this is the latest version we can support. Later versions use a different build system, soong, that require much more work. I have a wip for that, but it will need more work to be really useful and be able to build adb and
> fastboot.

Recently I noticed this repository, by looking at how Archlinux managed
to package newer versions of adb/fastboot: https://github.com/nmeum/android-tools

I wonder if using it is something you've considered? Using submodules to
gather all the sources isn't very guix-y, but at least it's using cmake
so we wouldn't need to package Android build tools.

Just thought I'd make sure we're aware this exists! I too would be said
to see adb/fastboot go away :-).

Thanks,
Pierre
-----BEGIN PGP SIGNATURE-----

iQFMBAEBCgA2FiEEctU9gYy29KFyWDdMqPyeRH9PfVQFAmEUFGEYHHBpZXJyZS5s
YW5nbG9pc0BnbXguY29tAAoJEKj8nkR/T31URSwH+QHmxED+Rr+YL/gaRdFJldNP
VlU07g86LHLv0fxxKLax8jXDi8m4kWjFA31cL2HHlDUQ24OgsJ/fXQ0HcIu8d9cr
fAz/6PSFBaNySzfpCnGIF/QD7cyXEmLGe2EEFDyYAXLXDu3euCa/ipBCG90W2wiH
Tq4qnDGh05RCwizRxbc6UwCmiPaqRDLnUNYrqrgXdjeKDIARorDrYwF3V3f4nOP1
fCRtE0LLN1kc1PiLGihNBuDgZX9tumvgJAXhriyG6VFy+moQWQ9U9yKz3T9lB6PT
LOwmDmv1H+ZO3OR3AY6OmfuyBTU41XjDAyYjmyMiwz6SUHPsv0QQuSi9C5KO2Po=
=hnm0
-----END PGP SIGNATURE-----

G
G
Giovanni Biscuolo wrote on 12 Aug 2021 19:24
Re: [bug#49859] Remove packages that depend on unsupported old OpenSSL releases
87a6lmfuen.fsf@xelera.eu
Hi Leo,

Leo Famulari <leo@famulari.name> writes:

[...]

Toggle quote (12 lines)
>> AFAIU Debian was applying this patch:
>> https://sources.debian.org/patches/android-platform-system-core/1:7.0.0+r33-1/adb_libssl_11.diff/
>>
>> in the adb package ver 1:7.0.0+r33-1
>>
>> OpenWRT was (is?) applying this (more "invasive") patch:
>> https://github.com/openwrt/openwrt/pull/971/files
>>
>> I'll try the Debian one and send a patch if I succeed.
>
> Awesome, thanks! Let us know how it goes.

It seems I did it! :-D (fortunately it was really easy)

I sent a patch as bug#50029.

AFAIU the adb patch also fixes the issue with fastboot, since fastboot
does not directly depend on openssl but indirectly via adb and
android-libselinux that already have openssl (1.1) as input: right?

Toggle quote (3 lines)
> I'll proceed with hiding openssl-1.0 and removing the other packages
> (not adb or fastboot) in the meantime.

Thank you and happy hacking!

Ciao, Gio'

--
Giovanni Biscuolo

Xelera IT Infrastructures
-----BEGIN PGP SIGNATURE-----

iQJABAEBCgAqFiEERcxjuFJYydVfNLI5030Op87MORIFAmEVWVAMHGdAeGVsZXJh
LmV1AAoJENN9DqfOzDkSGjwP/i5DsThMIhSyOUGrw2N6kjWef6srn0ne/fetBrBt
0/wxhGO+rHwssbkk6oaJPeDx9Gg9WByChaKYzbcA852zHi38Z9FS3NcOj8rxsogE
gZiA4BKrbohiOPIwEV3gaLQtuaxceVSFi4iuFKcukDDFtFGV8Ntk/QSGwfDElBG0
4N6MPrHJG0SddeqPz2LwZnFq7wNG+504+EOojfa1zNX2sq1k6b1to961seTIgUOr
dkus/pUyz3SObKcrh2FKh78S4cG3J9ueI7myDkbpK7FJX2+GKklhWtXC4HxM09t9
q/QN6ZzRI8Q5si3S5Bw5ypNlTwo8k4dBoEViFlGqNjPx7hiQcXzdT8smTAmb6CVY
no2q0HlEODm4krYo670jQrgQnJ1vBiJjtRFhYu4/7Wdfb+8h4dBdBMeKy2ViE3wn
2+NaTJ8Coy4ALuY2p+HISnq90iLFDpqyP9yBCto7OXJXQ18cKQ65FcULn/dTT6o0
6o1+6CG4uPo2YNHk9iwizqPUT2qtiVSc2NxpoPIsC2EotehfomM6wKBYx+JiqYKV
BWazvewslQnCcUqqGWbPzRVB5QeP6p16/mQKJVX2t9tVkyQMW9ECjQz+diHs9SAq
7pNIzyGaw0wPN1GIc9Oo4T8QBtnLtg64PzpYxeYxqCjd0tu2MEiUa6r9qvRr/TVt
Wz+D
=H4eK
-----END PGP SIGNATURE-----

L
L
Leo Famulari wrote on 16 Aug 2021 00:10
(name . Giovanni Biscuolo)(address . g@xelera.eu)
YRmQxQGEoGO351p+@jasmine.lan
On Wed, Aug 11, 2021 at 01:52:29PM -0400, Leo Famulari wrote:
Toggle quote (4 lines)
> Awesome, thanks! Let us know how it goes. I'll proceed with hiding
> openssl-1.0 and removing the other packages (not adb or fastboot) in the
> meantime.

Done as 12099eac1b161d364be923451d27d7d739d0f14d
Closed
?
Your comment

This issue is archived.

To comment on this conversation send an email to 49859@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it
mumi current 49859
Then, you may apply the latest patchset in this issue (with sign off)
mumi am -- -s
Or, compose a reply to this issue
mumi compose
Or, send patches to this issue
mumi send-email *.patch