GNU bug report logs -
#30109
[core-updates] shishi 1.0.2 not reproducible
Previous Next
Reported by: Gábor Boskovits <boskovits <at> gmail.com>
Date: Sun, 14 Jan 2018 11:30:01 UTC
Severity: normal
Done: Danny Milosavljevic <dannym <at> scratchpost.org>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 30109 in the body.
You can then email your comments to 30109 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
bug-guix <at> gnu.org
:
bug#30109
; Package
guix
.
(Sun, 14 Jan 2018 11:30:02 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Gábor Boskovits <boskovits <at> gmail.com>
:
New bug report received and forwarded. Copy sent to
bug-guix <at> gnu.org
.
(Sun, 14 Jan 2018 11:30:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
It seems, that the shishi build generates keys which end up in the store,
making the build unreproducible. Can the key generation be extracted from
the build?
If yes, then are we able to do the following: use a reproducible substitute
without the key, generate the key afterwards, and store it somewhere else.
diffoscope output attached.
[Message part 2 (text/html, inline)]
[diffoscope-shishi (application/octet-stream, attachment)]
Information forwarded
to
bug-guix <at> gnu.org
:
bug#30109
; Package
guix
.
(Mon, 04 Mar 2019 11:47:01 GMT)
Full text and
rfc822 format available.
Message #8 received at 30109 <at> debbugs.gnu.org (full text, mbox):
Fixes <https://bugs.gnu.org/30109>.
* gnu/packages/kerberos.scm (shishi)[arguments]<#:configure-flags>:
Add --with-key-dir, --with-db-dir.
<#:phases>[disable-automatic-key-generation]: New phase.
---
gnu/packages/kerberos.scm | 21 +++++++++++++++++----
1 file changed, 17 insertions(+), 4 deletions(-)
diff --git a/gnu/packages/kerberos.scm b/gnu/packages/kerberos.scm
index 873f5d8a3..9cfe95f4e 100644
--- a/gnu/packages/kerberos.scm
+++ b/gnu/packages/kerberos.scm
@@ -116,9 +116,19 @@ cryptography.")
(build-system gnu-build-system)
(arguments
'(;; This is required since we patch some of the build scripts.
- ;; Remove for the next Shishi release after 1.0.2 or when
- ;; removing 'shishi-fix-libgcrypt-detection.patch'.
- #:configure-flags '("ac_cv_libgcrypt=yes" "--disable-static")))
+ ;; Remove first two items for the next Shishi release after 1.0.2 or
+ ;; when removing 'shishi-fix-libgcrypt-detection.patch'.
+ #:configure-flags
+ '("ac_cv_libgcrypt=yes" "--disable-static"
+ "--with-key-dir=/etc/shishi" "--with-db-dir=/var/shishi")
+ #:phases
+ (modify-phases %standard-phases
+ (add-after 'configure 'disable-automatic-key-generation
+ (lambda* (#:key outputs #:allow-other-keys)
+ (substitute* "Makefile"
+ (("^install-data-hook:")
+ "install-data-hook:\nx:\n"))
+ #t)))))
(native-inputs `(("pkg-config" ,pkg-config)))
(inputs
`(("gnutls" ,gnutls)
@@ -132,7 +142,10 @@ cryptography.")
(description
"GNU Shishi is a free implementation of the Kerberos 5 network security
system. It is used to allow non-secure network nodes to communicate in a
-secure manner through client-server mutual authentication via tickets.")
+secure manner through client-server mutual authentication via tickets.
+
+After installation, the system administrator should generate keys using
+@code{shisa -a /etc/shishi/shishi.keys}.")
(license license:gpl3+)))
(define-public heimdal
Information forwarded
to
bug-guix <at> gnu.org
:
bug#30109
; Package
guix
.
(Thu, 18 Apr 2019 23:07:01 GMT)
Full text and
rfc822 format available.
Message #11 received at 30109 <at> debbugs.gnu.org (full text, mbox):
Hello Danny!
Danny Milosavljevic <dannym <at> scratchpost.org> writes:
> Fixes <https://bugs.gnu.org/30109>.
>
> * gnu/packages/kerberos.scm (shishi)[arguments]<#:configure-flags>:
> Add --with-key-dir, --with-db-dir.
> <#:phases>[disable-automatic-key-generation]: New phase.
> ---
> gnu/packages/kerberos.scm | 21 +++++++++++++++++----
> 1 file changed, 17 insertions(+), 4 deletions(-)
>
> diff --git a/gnu/packages/kerberos.scm b/gnu/packages/kerberos.scm
> index 873f5d8a3..9cfe95f4e 100644
> --- a/gnu/packages/kerberos.scm
> +++ b/gnu/packages/kerberos.scm
> @@ -116,9 +116,19 @@ cryptography.")
> (build-system gnu-build-system)
> (arguments
> '(;; This is required since we patch some of the build scripts.
> - ;; Remove for the next Shishi release after 1.0.2 or when
> - ;; removing 'shishi-fix-libgcrypt-detection.patch'.
> - #:configure-flags '("ac_cv_libgcrypt=yes" "--disable-static")))
> + ;; Remove first two items for the next Shishi release after 1.0.2 or
> + ;; when removing 'shishi-fix-libgcrypt-detection.patch'.
> + #:configure-flags
> + '("ac_cv_libgcrypt=yes" "--disable-static"
> + "--with-key-dir=/etc/shishi" "--with-db-dir=/var/shishi")
> + #:phases
> + (modify-phases %standard-phases
> + (add-after 'configure 'disable-automatic-key-generation
> + (lambda* (#:key outputs #:allow-other-keys)
> + (substitute* "Makefile"
> + (("^install-data-hook:")
> + "install-data-hook:\nx:\n"))
> + #t)))))
> (native-inputs `(("pkg-config" ,pkg-config)))
> (inputs
> `(("gnutls" ,gnutls)
> @@ -132,7 +142,10 @@ cryptography.")
> (description
> "GNU Shishi is a free implementation of the Kerberos 5 network security
> system. It is used to allow non-secure network nodes to communicate in a
> -secure manner through client-server mutual authentication via tickets.")
> +secure manner through client-server mutual authentication via tickets.
> +
> +After installation, the system administrator should generate keys using
> +@code{shisa -a /etc/shishi/shishi.keys}.")
> (license license:gpl3+)))
>
> (define-public heimdal
I've applied and tried your proposed fix, and it made shishi
reproducible; so LGTM! Could you apply your fix to core-updates?
Thank you!
Maxim
Reply sent
to
Danny Milosavljevic <dannym <at> scratchpost.org>
:
You have taken responsibility.
(Sat, 20 Apr 2019 15:20:02 GMT)
Full text and
rfc822 format available.
Notification sent
to
Gábor Boskovits <boskovits <at> gmail.com>
:
bug acknowledged by developer.
(Sat, 20 Apr 2019 15:20:02 GMT)
Full text and
rfc822 format available.
Message #16 received at 30109-done <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Hi Maxim,
> I've applied and tried your proposed fix, and it made shishi
> reproducible; so LGTM! Could you apply your fix to core-updates?
Thanks for the test!
I've pushed the fix to core-updates.
[Message part 2 (application/pgp-signature, inline)]
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org
.
(Sun, 19 May 2019 11:24:04 GMT)
Full text and
rfc822 format available.
This bug report was last modified 4 years and 315 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.