Message ID | 20180107144251.7cb5c7be.peter.mueller@link38.eu |
---|---|
State | Not Applicable |
Headers |
Return-Path: <development-bounces@lists.ipfire.org> Received: from mail01.ipfire.org (unknown [172.28.1.200]) by web02.ipfire.org (Postfix) with ESMTP id 2F5F560A09 for <patchwork@ipfire.org>; Sun, 7 Jan 2018 14:44:08 +0100 (CET) Received: from mail01.ipfire.org (localhost [IPv6:::1]) by mail01.ipfire.org (Postfix) with ESMTP id 5F6851E7E; Sun, 7 Jan 2018 14:44:07 +0100 (CET) Received: from mx.link38.eu (mx.link38.eu [188.68.43.123]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mx.link38.eu", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 6F09F1E7E for <development@lists.ipfire.org>; Sun, 7 Jan 2018 14:42:58 +0100 (CET) X-Virus-Scanned: ClamAV at mx.link38.eu Received: from mx-fra.brokers.link38.eu (mx-fra.brokers.link38.eu [10.141.75.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx.link38.eu (Postfix) with ESMTPS id 5E2F140240 for <development@lists.ipfire.org>; Sun, 7 Jan 2018 14:42:52 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx-fra.brokers.link38.eu (Postfix) with ESMTPSA id D2DA29F408 for <development@lists.ipfire.org>; Sun, 7 Jan 2018 14:42:51 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=link38.eu; s=201711; t=1515332571; x=1578404571; bh=Y/SE0RNymWtUaCedcM6kpSuTJUsosniihHY4/KA8WcE=; h=Date:From:To:Subject:Message-ID:Content-Type:From:To:Subject:Date: Cc; b=EMcGJ/h4ZICQoOpobXCKpRPcTRfSc0te/2gG14lzEkfeWh90Ysu8a3sTKPH14lAhW V5P3p5o0cZ2I7/UcUW/GsYu+CS+IVKaFUo0XPrywq+yn3mxOufr/YbwQb7Jw20h9P0 nTDCzzo3FfSdoDh9BRSAsMog6ahSZLhdF048p3yc2STOWN6PQDliiV8MIqjxGM5Op0 vl3eYdiF6XLhQOIGBjNMTguykFMbLv78VYqUMOhH55DQpXifMnhRYiwBLx8zTK4mG+ tUn+zdMiIC6Wh0Qryqmo5elD53PznN0UrLL4voQ4AdywFO1rexLgLrUTQUOQYLPMoG 8o3f6z4IsCUkg== Date: Sun, 7 Jan 2018 14:42:51 +0100 From: Peter =?utf-8?q?M=C3=BCller?= <peter.mueller@link38.eu> To: "development@lists.ipfire.org" <development@lists.ipfire.org> Subject: Question regarding package updates, applying patches, and building Message-ID: <20180107144251.7cb5c7be.peter.mueller@link38.eu> Organization: Link38 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: IPFire development talk <development.lists.ipfire.org> List-Unsubscribe: <https://lists.ipfire.org/mailman/options/development>, <mailto:development-request@lists.ipfire.org?subject=unsubscribe> List-Archive: <https://lists.ipfire.org/pipermail/development/> List-Post: <mailto:development@lists.ipfire.org> List-Help: <mailto:development-request@lists.ipfire.org?subject=help> List-Subscribe: <https://lists.ipfire.org/mailman/listinfo/development>, <mailto:development-request@lists.ipfire.org?subject=subscribe> Errors-To: development-bounces@lists.ipfire.org Sender: "Development" <development-bounces@lists.ipfire.org> |
Series |
Question regarding package updates, applying patches, and building
|
|
Commit Message
Peter Müller
Jan. 8, 2018, 12:42 a.m. UTC
Hello, while trying to update entire packages in IPFire (some of them are outdated) and to fix some bugs, I ran into a couple of questions: (a) How to update entire packages? As far as I understood, to every package belongs a file in lfs/[package_name], containing information about how to build, apply patches to it, and so on. It seems like packages are downloaded from https://source.ipfire.org/ , but it did not became clear to me how to upload a new version of a package to this server. Of course, the download URL can be changed manually, but that seems rather ugly to me. Unfortunately, I was unable to find a sort of tutorial in the wiki for this issue. (b) How to apply patches to downloaded packages with changed filenames? As discussed in December (https://wiki.ipfire.org/devel/telco/2017-12-04), I am supposed to have a look at the DEFAULT cipher suite in OpenSSL. To change this value, the .tar.gz file needs to be downloaded and unpacked first. After that, the file "ssl/ssl.h" needs to be changed. The patch at src/patches/openssl-1.0.2h-weak-ciphers.patch does something similar: But where does the file openssl-[...].org came from? (c) How to build the distribution partly? In the past, I handed in some patches to allow remote syslogging via TCP, too. After some struggles (settings are written by a C program, not the CGI file itself), I modified syslogdctrl.c, and the changes were shipped. (See https://bugzilla.ipfire.org/show_bug.cgi?id=11540 for details.) But since this program now crashes with a segfault on my machine (*sigh*), it seems like my patch contained some errors. However, building the entire distribution is somewhat time-consuming and not worth the effort for a probably small error. Is there any way of just building this C program, and omit the rest? Thanks in advance! Best regards, Peter Müller
Comments
Hi, On Sun, 2018-01-07 at 14:42 +0100, Peter Müller wrote: > Hello, > > while trying to update entire packages in IPFire (some > of them are outdated) and to fix some bugs, I ran into > a couple of questions: > > (a) How to update entire packages? > > As far as I understood, to every package belongs a file > in lfs/[package_name], containing information about how > to build, apply patches to it, and so on. Yes. > It seems like packages are downloaded from https://source.ipfire.org/ , > but it did not became clear to me how to upload a new > version of a package to this server. Of course, the > download URL can be changed manually, but that seems rather > ugly to me. We usually upload everything here manually since the official download mirrors are always a bit slow and maintainers seem to move their packages around a lot by moving them to an /old/ directory and then the URLs break. That's not fun. So we need to create an LDAP account for you and then you can login to git.ipfire.org and upload them to /pub/sources/... > Unfortunately, I was unable to find a sort of tutorial > in the wiki for this issue. Indeed this isn't being documented. > (b) How to apply patches to downloaded packages with changed filenames? > > As discussed in December (https://wiki.ipfire.org/devel/telco/2017-12-04), > I am supposed to have a look at the DEFAULT cipher suite in > OpenSSL. > > To change this value, the .tar.gz file needs to be downloaded > and unpacked first. After that, the file "ssl/ssl.h" needs to be > changed. We NEVER change the original archives that we download from some project's website. That makes it impossible to track what has been changed compared to the official release. So, we use patches. > The patch at src/patches/openssl-1.0.2h-weak-ciphers.patch does > something similar: > > diff -Naur openssl-1.0.2h.org/ssl/ssl.h openssl-1.0.2h/ssl/ssl.h > --- openssl-1.0.2h.org/ssl/ssl.h 2016-05-03 15:44:42.000000000 +0200 > +++ openssl-1.0.2h/ssl/ssl.h 2016-05-03 18:49:10.393302264 +0200 > @@ -338,7 +338,7 @@ > * The following cipher list is used by default. It also is substituted when > * an application-defined cipher list string starts with 'DEFAULT'. > */ > -# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!LOW:!aNULL:!eNULL:!SSLv2" > +# define SSL_DEFAULT_CIPHER_LIST > "ALL:!EXPORT:!LOW:!aNULL:!eNULL:!SSLv2:!RC2:!DES" > /* > * As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always > * starts with a reasonable order, and all we have to do for DEFAULT is > > But where does the file openssl-[...].org came from? That isn't a domain name. It is usually that I extract the archive like this: tar xvfa openssl-1.0.2h.tar.gz Then I move everything to a new directory that usually gets a ".org" or "- vanilla" suffix. This is the original version as it comes from the upstream project. Then I extract the tarball again and modify my files. And finally I just diff the changed directory against the original one like this: diff -Nur openssl-1.0.2h.org/ openssl-1.0.2h/ And that creates the patch. For bigger changes I just check out their Git repository and create a new branch based on the latest release. This is also handy when submitting the patches upstream. > (c) How to build the distribution partly? > > In the past, I handed in some patches to allow remote syslogging via > TCP, too. After some struggles (settings are written by a C program, not > the CGI file itself), I modified syslogdctrl.c, and the changes were shipped. > (See https://bugzilla.ipfire.org/show_bug.cgi?id=11540 for details.) > > But since this program now crashes with a segfault on my machine (*sigh*), > it seems like my patch contained some errors. > > However, building the entire distribution is somewhat time-consuming > and not worth the effort for a probably small error. Is there any way > of just building this C program, and omit the rest? You have to build the entire distribution the first time. If you want to rebuild a single package, you have to delete the log file for that package from the logs/ directory and run "./make.sh build" again. Hope this helps so far. If you have any more questions, please ask. Best, -Michael > > > Thanks in advance! > > Best regards, > Peter Müller
Hello, while updating gnupg, I stumbled over an empty log file (log/gunpg-1.4.23). However, it seems to compile successfully. What is this supposed to mean? Thanks, and best regards, Peter Müller > Hi, > > On Sun, 2018-01-07 at 14:42 +0100, Peter Müller wrote: >> Hello, >> >> while trying to update entire packages in IPFire (some >> of them are outdated) and to fix some bugs, I ran into >> a couple of questions: >> >> (a) How to update entire packages? >> >> As far as I understood, to every package belongs a file >> in lfs/[package_name], containing information about how >> to build, apply patches to it, and so on. > > Yes. > >> It seems like packages are downloaded from https://source.ipfire.org/ , >> but it did not became clear to me how to upload a new >> version of a package to this server. Of course, the >> download URL can be changed manually, but that seems rather >> ugly to me. > > We usually upload everything here manually since the official download mirrors > are always a bit slow and maintainers seem to move their packages around a lot > by moving them to an /old/ directory and then the URLs break. That's not fun. > > So we need to create an LDAP account for you and then you can login to > git.ipfire.org and upload them to /pub/sources/... > >> Unfortunately, I was unable to find a sort of tutorial >> in the wiki for this issue. > > Indeed this isn't being documented. > >> (b) How to apply patches to downloaded packages with changed filenames? >> >> As discussed in December (https://wiki.ipfire.org/devel/telco/2017-12-04), >> I am supposed to have a look at the DEFAULT cipher suite in >> OpenSSL. >> >> To change this value, the .tar.gz file needs to be downloaded >> and unpacked first. After that, the file "ssl/ssl.h" needs to be >> changed. > > We NEVER change the original archives that we download from some project's > website. That makes it impossible to track what has been changed compared to the > official release. So, we use patches. > >> The patch at src/patches/openssl-1.0.2h-weak-ciphers.patch does >> something similar: >> >> diff -Naur openssl-1.0.2h.org/ssl/ssl.h openssl-1.0.2h/ssl/ssl.h >> --- openssl-1.0.2h.org/ssl/ssl.h 2016-05-03 15:44:42.000000000 +0200 >> +++ openssl-1.0.2h/ssl/ssl.h 2016-05-03 18:49:10.393302264 +0200 >> @@ -338,7 +338,7 @@ >> * The following cipher list is used by default. It also is substituted when >> * an application-defined cipher list string starts with 'DEFAULT'. >> */ >> -# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!LOW:!aNULL:!eNULL:!SSLv2" >> +# define SSL_DEFAULT_CIPHER_LIST >> "ALL:!EXPORT:!LOW:!aNULL:!eNULL:!SSLv2:!RC2:!DES" >> /* >> * As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always >> * starts with a reasonable order, and all we have to do for DEFAULT is >> >> But where does the file openssl-[...].org came from? > > That isn't a domain name. It is usually that I extract the archive like this: > > tar xvfa openssl-1.0.2h.tar.gz > > Then I move everything to a new directory that usually gets a ".org" or "- > vanilla" suffix. This is the original version as it comes from the upstream > project. > > Then I extract the tarball again and modify my files. > > And finally I just diff the changed directory against the original one like > this: > > diff -Nur openssl-1.0.2h.org/ openssl-1.0.2h/ > > And that creates the patch. > > For bigger changes I just check out their Git repository and create a new branch > based on the latest release. This is also handy when submitting the patches > upstream. > >> (c) How to build the distribution partly? >> >> In the past, I handed in some patches to allow remote syslogging via >> TCP, too. After some struggles (settings are written by a C program, not >> the CGI file itself), I modified syslogdctrl.c, and the changes were shipped. >> (See https://bugzilla.ipfire.org/show_bug.cgi?id=11540 for details.) >> >> But since this program now crashes with a segfault on my machine (*sigh*), >> it seems like my patch contained some errors. >> >> However, building the entire distribution is somewhat time-consuming >> and not worth the effort for a probably small error. Is there any way >> of just building this C program, and omit the rest? > > You have to build the entire distribution the first time. If you want to rebuild > a single package, you have to delete the log file for that package from the > logs/ directory and run "./make.sh build" again. > > Hope this helps so far. If you have any more questions, please ask. > > Best, > -Michael > >> >> >> Thanks in advance! >> >> Best regards, >> Peter Müller
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 That means that that package did not install any files. That should of course not happen. Check if you are calling "make install" and perform a clean build. Best, - -Michael On Sun, 2018-06-17 at 10:37 +0200, Peter Müller wrote: > Hello, > > while updating gnupg, I stumbled over an empty log file (log/gunpg-1.4.23). > However, it seems to compile successfully. What is this supposed to mean? > > Thanks, and best regards, > Peter Müller > > > Hi, > > > > On Sun, 2018-01-07 at 14:42 +0100, Peter Müller wrote: > > > Hello, > > > > > > while trying to update entire packages in IPFire (some > > > of them are outdated) and to fix some bugs, I ran into > > > a couple of questions: > > > > > > (a) How to update entire packages? > > > > > > As far as I understood, to every package belongs a file > > > in lfs/[package_name], containing information about how > > > to build, apply patches to it, and so on. > > > > Yes. > > > > > It seems like packages are downloaded from https://source.ipfire.org/ , > > > but it did not became clear to me how to upload a new > > > version of a package to this server. Of course, the > > > download URL can be changed manually, but that seems rather > > > ugly to me. > > > > We usually upload everything here manually since the official download > > mirrors > > are always a bit slow and maintainers seem to move their packages around a > > lot > > by moving them to an /old/ directory and then the URLs break. That's not > > fun. > > > > So we need to create an LDAP account for you and then you can login to > > git.ipfire.org and upload them to /pub/sources/... > > > > > Unfortunately, I was unable to find a sort of tutorial > > > in the wiki for this issue. > > > > Indeed this isn't being documented. > > > > > (b) How to apply patches to downloaded packages with changed filenames? > > > > > > As discussed in December (https://wiki.ipfire.org/devel/telco/2017-12-04), > > > I am supposed to have a look at the DEFAULT cipher suite in > > > OpenSSL. > > > > > > To change this value, the .tar.gz file needs to be downloaded > > > and unpacked first. After that, the file "ssl/ssl.h" needs to be > > > changed. > > > > We NEVER change the original archives that we download from some project's > > website. That makes it impossible to track what has been changed compared to > > the > > official release. So, we use patches. > > > > > The patch at src/patches/openssl-1.0.2h-weak-ciphers.patch does > > > something similar: > > > > > > diff -Naur openssl-1.0.2h.org/ssl/ssl.h openssl-1.0.2h/ssl/ssl.h > > > --- openssl-1.0.2h.org/ssl/ssl.h 2016-05-03 15:44:42.000000000 > > > +0200 > > > +++ openssl-1.0.2h/ssl/ssl.h 2016-05-03 18:49:10.393302264 +0200 > > > @@ -338,7 +338,7 @@ > > > * The following cipher list is used by default. It also is substituted > > > when > > > * an application-defined cipher list string starts with 'DEFAULT'. > > > */ > > > -# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!LOW:!aNULL:!eNULL:!SSLv2" > > > +# define SSL_DEFAULT_CIPHER_LIST > > > "ALL:!EXPORT:!LOW:!aNULL:!eNULL:!SSLv2:!RC2:!DES" > > > /* > > > * As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always > > > * starts with a reasonable order, and all we have to do for DEFAULT is > > > > > > But where does the file openssl-[...].org came from? > > > > That isn't a domain name. It is usually that I extract the archive like > > this: > > > > tar xvfa openssl-1.0.2h.tar.gz > > > > Then I move everything to a new directory that usually gets a ".org" or "- > > vanilla" suffix. This is the original version as it comes from the upstream > > project. > > > > Then I extract the tarball again and modify my files. > > > > And finally I just diff the changed directory against the original one like > > this: > > > > diff -Nur openssl-1.0.2h.org/ openssl-1.0.2h/ > > > > And that creates the patch. > > > > For bigger changes I just check out their Git repository and create a new > > branch > > based on the latest release. This is also handy when submitting the patches > > upstream. > > > > > (c) How to build the distribution partly? > > > > > > In the past, I handed in some patches to allow remote syslogging via > > > TCP, too. After some struggles (settings are written by a C program, not > > > the CGI file itself), I modified syslogdctrl.c, and the changes were > > > shipped. > > > (See https://bugzilla.ipfire.org/show_bug.cgi?id=11540 for details.) > > > > > > But since this program now crashes with a segfault on my machine (*sigh*), > > > it seems like my patch contained some errors. > > > > > > However, building the entire distribution is somewhat time-consuming > > > and not worth the effort for a probably small error. Is there any way > > > of just building this C program, and omit the rest? > > > > You have to build the entire distribution the first time. If you want to > > rebuild > > a single package, you have to delete the log file for that package from the > > logs/ directory and run "./make.sh build" again. > > > > Hope this helps so far. If you have any more questions, please ask. > > > > Best, > > -Michael > > > > > > > > > > > Thanks in advance! > > > > > > Best regards, > > > Peter Müller > > -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE5/rW5l3GGe2ypktxgHnw/2+QCQcFAlsmYPYACgkQgHnw/2+Q CQeJCw/+O6SPT7VsVO+fdSq6zn7eN3WWFoPNaibCldfV/+jSRtNBCMQD9LRjhXW8 Qe7XPFrD0ApvRFTOSDwqgBlSstAB0pZ3cI0jdvdWFK2Oi39ZTvHxCWMxnHPyhdxH AdPJp/QIKYbDpoCGnghvhBf644GmryooTxTaoTrntEI+aQQoESdkc0DxmZZ6QsbV AtboCRSBQgc15g7vaZttakarHLIqyG8YKjQ+4AXJQ8Ntr7y6tpfCjan4MaMykbS1 f5gtIu0FBuRvpSAyoqCoLYTCME1J1Wk7w2evtkpm43f+ciBdBmQtRsBjC1jGJwBH I5ZAR97PqG9cIDIBkOhXP0bZAKbiETEkMr0TIrEj0dPJRyHUn+imtM1RujtybURb 1ybkT/SFpua7JSlrRVJzxH0DdSpbU6LQZDygwnduVCHe+fmfskRUWC8OtC6ERQJO 5jU5gFOqUmsEeuOsYpJUstNeekpAac/7gN+1IizCKfPwb5t0tjob02YhlVbHvKHq uEylBrJA7R6kqGGrChfdev1j1zP3fmAXArQS7W8Y2BGex/U958LqXwmXjalW7dbR XVJ0K8yZF8m3amYX0iGOzxc5BF+ot9DE9/bmxS5PQTkqKwv9BZBUnNCJvST0/Jg9 HIKGlC/dhrPNRAVT648XyCUiUFLuZf7OtQV2gzn+33knJsp9z6M= =FSqs -----END PGP SIGNATURE-----
diff -Naur openssl-1.0.2h.org/ssl/ssl.h openssl-1.0.2h/ssl/ssl.h --- openssl-1.0.2h.org/ssl/ssl.h 2016-05-03 15:44:42.000000000 +0200 +++ openssl-1.0.2h/ssl/ssl.h 2016-05-03 18:49:10.393302264 +0200 @@ -338,7 +338,7 @@ * The following cipher list is used by default. It also is substituted when * an application-defined cipher list string starts with 'DEFAULT'. */ -# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!LOW:!aNULL:!eNULL:!SSLv2" +# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!LOW:!aNULL:!eNULL:!SSLv2:!RC2:!DES" /* * As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always * starts with a reasonable order, and all we have to do for DEFAULT is