Package: guix-patches;
Reported by: david larsson <david.larsson <at> selfhosted.xyz>
Date: Tue, 30 Mar 2021 07:53:02 UTC
Severity: normal
Tags: patch
Done: Tobias Geerinckx-Rice <me <at> tobias.gr>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 47495 in the body.
You can then email your comments to 47495 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
View this report as an mbox folder, status mbox, maintainer mbox
guix-patches <at> gnu.org:bug#47495; Package guix-patches.
(Tue, 30 Mar 2021 07:53:02 GMT) Full text and rfc822 format available.david larsson <david.larsson <at> selfhosted.xyz>:guix-patches <at> gnu.org.
(Tue, 30 Mar 2021 07:53:02 GMT) Full text and rfc822 format available.Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
From: david larsson <david.larsson <at> selfhosted.xyz> To: guix-patches <at> gnu.org Subject: [PATCH] gnu: vsftpd: Use CentOS version and patches. Date: Tue, 30 Mar 2021 09:52:12 +0200
[Message part 1 (text/plain, inline)]
Hi, the attached patch updates vsftpd so it can use tlsv1.2 etc. //David
[0001-gnu-vsftpd-Use-CentOS-version-and-patches.patch (text/x-diff, attachment)]
guix-patches <at> gnu.org:bug#47495; Package guix-patches.
(Tue, 30 Mar 2021 09:21:01 GMT) Full text and rfc822 format available.Message #8 received at 47495 <at> debbugs.gnu.org (full text, mbox):
From: david larsson <david.larsson <at> selfhosted.xyz> To: 47495 <at> debbugs.gnu.org Cc: Guix-patches <guix-patches-bounces+david.larsson=selfhosted.xyz <at> gnu.org> Subject: Re: [bug#47495] [PATCH] gnu: vsftpd: Use CentOS version and patches. Date: Tue, 30 Mar 2021 11:20:39 +0200
[Message part 1 (text/plain, inline)]
On 2021-03-30 09:52, david larsson wrote:
> Hi,
> the attached patch updates vsftpd so it can use tlsv1.2 etc.
>
> //David
Sorry, that was the wrong patch that got attached. I have attached the
correct one now, and pasted below:
From 10868d1d6e705abc9e1d5744f6eea321f3dafc64 Mon Sep 17 00:00:00 2001
From: methuselah-0 <david.larsson <at> selfhosted.xyz>
Date: Tue, 30 Mar 2021 11:18:09 +0200
Subject: [PATCH] gnu: vsftpd: Use CentOS version and patches.
* gnu/packages/ftp.scm (vftpd): Use CentOS version and patches.
---
gnu/packages/ftp.scm | 185 +++++++++++++++++++++++++++++++++++--------
1 file changed, 150 insertions(+), 35 deletions(-)
diff --git a/gnu/packages/ftp.scm b/gnu/packages/ftp.scm
index b178063556..1c2c8119c7 100644
--- a/gnu/packages/ftp.scm
+++ b/gnu/packages/ftp.scm
@@ -28,18 +28,21 @@
#:use-module (gnu packages)
#:use-module (gnu packages autotools)
#:use-module (gnu packages check)
+ #:use-module (gnu packages cpio)
#:use-module (gnu packages compression)
#:use-module (gnu packages freedesktop)
#:use-module (gnu packages gettext)
#:use-module (gnu packages glib)
#:use-module (gnu packages gtk)
#:use-module (gnu packages libidn)
+ #:use-module (gnu packages linux)
#:use-module (gnu packages ncurses)
#:use-module (gnu packages nettle)
#:use-module (gnu packages pkg-config)
#:use-module (gnu packages readline)
#:use-module (gnu packages sqlite)
#:use-module (gnu packages tls)
+ #:use-module (gnu packages version-control)
#:use-module (gnu packages wxwidgets)
#:use-module (gnu packages xml))
@@ -251,40 +254,152 @@ directory comparison and more.")
(properties '((upstream-name . "FileZilla")))))
(define-public vsftpd
- (package
- (name "vsftpd")
- (version "3.0.3")
- (source (origin
- (method url-fetch)
- (uri (string-append
"https://security.appspot.com/downloads/"
- name "-" version ".tar.gz"))
- (sha256
- (base32
-
"1xsyjn68k3fgm2incpb3lz2nikffl9by2safp994i272wvv2nkcx"))))
- (build-system gnu-build-system)
- (arguments
- `(#:make-flags '("LDFLAGS=-lcrypt")
- #:tests? #f ; No tests exist.
- #:phases
- (modify-phases %standard-phases
- (add-after 'unpack 'patch-installation-directory
- (lambda* (#:key outputs #:allow-other-keys)
- (substitute* "Makefile"
- (("/usr") (assoc-ref outputs "out")))
- #t))
- (add-before 'install 'mkdir
- (lambda* (#:key outputs #:allow-other-keys)
- (let ((out (assoc-ref outputs "out")))
- (mkdir-p out)
- (mkdir (string-append out "/sbin"))
- (mkdir (string-append out "/man"))
- (mkdir (string-append out "/man/man5"))
- (mkdir (string-append out "/man/man8"))
- #t)))
- (delete 'configure))))
- (synopsis "vsftpd FTP daemon")
- (description "@command{vsftpd} is a daemon that listens on a TCP
socket
+ (let ((version "3.0.3")
+ (revision "32")
+ (centos-version "8.3.2011"))
+ (package
+ (name "vsftpd")
+ (version version)
+ (source (origin
+ (method url-fetch)
+ (uri (string-append
+ "https://vault.centos.org/centos/" centos-version
+ "/AppStream/Source/SPackages/vsftpd-" version "-"
+ revision ".el8.src.rpm"))
+ (sha256
+ (base32
+
"1xl0kqcismf82hl99klqbvvpylpyk1yr1qjy5hd8f80cj4lyl0f4"))))
+ (build-system gnu-build-system)
+ (arguments
+ `(#:make-flags '("LDFLAGS=-lcrypt -lssl -pie")
+ #:tests? #f ; No tests exist.
+ #:phases
+ (modify-phases %standard-phases
+ (add-after 'unpack 'patch-installation-directory
+ (lambda* (#:key outputs #:allow-other-keys)
+ (substitute* "Makefile"
+ (("/usr") (assoc-ref outputs "out")))
+ #t))
+ (replace 'unpack
+ (lambda* (#:key source #:allow-other-keys)
+ (let ((version "3.0.3")
+ (revision "32")
+ (centos-version "8.3.2011"))
+
+ (invoke "7z" "e" source (string-append "-o"
"./vsftpd-"
+ version "-"
+ revision
".el8.src.cpio"))
+ (chdir (string-append "./vsftpd-" version "-"
+ revision ".el8.src.cpio"))
+ (invoke "cpio" "-idmv" (string-append
"--file=./vsftpd-"
+ version "-"
+ revision
".el8.src.cpio"))
+ (invoke "tar" "xvf" (string-append "./vsftpd-"
version ".tar.gz"))
+ (let ((patches
+
'("0001-Don-t-use-the-provided-script-to-locate-libraries.patch"
+ "0002-Enable-build-with-SSL.patch"
+ "0003-Enable-build-with-TCP-Wrapper.patch"
+
"0004-Use-etc-vsftpd-dir-for-config-files-instead-of-etc.patch"
+
"0005-Use-hostname-when-calling-PAM-authentication-module.patch"
+
"0006-Close-stdin-out-err-before-listening-for-incoming-co.patch"
+ "0007-Make-filename-filters-smarter.patch"
+ "0008-Write-denied-logins-into-the-log.patch"
+
"0009-Trim-whitespaces-when-reading-configuration.patch"
+ "0010-Improve-daemonizing.patch"
+ "0011-Fix-listing-with-more-than-one-star.patch"
+
"0012-Replace-syscall-__NR_clone-.-with-clone.patch"
+ "0013-Extend-man-pages-with-systemd-info.patch"
+
"0014-Add-support-for-square-brackets-in-ls.patch"
+ "0015-Listen-on-IPv6-by-default.patch"
+
"0016-Increase-VSFTP_AS_LIMIT-from-200UL-to-400UL.patch"
+
"0017-Fix-an-issue-with-timestamps-during-DST.patch"
+
"0018-Change-the-default-log-file-in-configuration.patch"
+
"0019-Introduce-reverse_lookup_enable-option.patch"
+
"0020-Use-unsigned-int-for-uid-and-gid-representation.patch"
+
"0021-Introduce-support-for-DHE-based-cipher-suites.patch"
+
"0022-Introduce-support-for-EDDHE-based-cipher-suites.patch"
+
"0023-Add-documentation-for-isolate_-options.-Correct-defa.patch"
+ "0024-Introduce-new-return-value-450.patch"
+ "0025-Improve-local_max_rate-option.patch"
+ "0026-Prevent-hanging-in-SIGCHLD-handler.patch"
+ "0027-Delete-files-when-upload-fails.patch"
+ "0028-Fix-man-page-rendering.patch"
+ "0029-Fix-segfault-in-config-file-parser.patch"
+
"0030-Fix-logging-into-syslog-when-enabled-in-config.patch"
+
"0031-Fix-question-mark-wildcard-withing-a-file-name.patch"
+
"0032-Propagate-errors-from-nfs-with-quota-to-client.patch"
+
"0033-Introduce-TLSv1.1-and-TLSv1.2-options.patch"
+
"0034-Turn-off-seccomp-sandbox-because-it-is-too-strict.patch"
+
"0035-Modify-DH-enablement-patch-to-build-with-OpenSSL-1.1.patch"
+ "0036-Redefine-VSFTP_COMMAND_FD-to-1.patch"
+
"0037-Document-the-relationship-of-text_userdb_names-and-c.patch"
+
"0038-Document-allow_writeable_chroot-in-the-man-page.patch"
+
"0039-Improve-documentation-of-ASCII-mode-in-the-man-page.patch"
+ "0040-Use-system-wide-crypto-policy.patch"
+
"0041-Document-the-new-default-for-ssl_ciphers-in-the-man-.patch"
+
"0042-When-handling-FEAT-command-check-ssl_tlsv1_1-and-ssl.patch"
+ "0043-Enable-only-TLSv1.2-by-default.patch"
+
"0044-Disable-anonymous_enable-in-default-config-file.patch"
+
"0045-Expand-explanation-of-ascii_-options-behaviour-in-ma.patch"
+
"0046-vsftpd.conf-Refer-to-the-man-page-regarding-the-asci.patch"
+ "0047-Disable-tcp_wrappers-support.patch"
+
"0048-Fix-default-value-of-strict_ssl_read_eof-in-man-page.patch"
+
"0049-Add-new-filename-generation-algorithm-for-STOU-comma.patch"
+ "0050-Don-t-link-with-libnsl.patch"
+
"0051-Improve-documentation-of-better_stou-in-the-man-page.patch"
+ "0052-Fix-rDNS-with-IPv6.patch"
+ "0053-Always-do-chdir-after-chroot.patch"
+
"0054-vsf_sysutil_rcvtimeo-Check-return-value-of-setsockop.patch"
+
"0055-vsf_sysutil_get_tz-Check-the-return-value-of-syscall.patch"
+ "0056-Log-die-calls-to-syslog.patch"
+
"0057-Improve-error-message-when-max-number-of-bind-attemp.patch"
+
"0058-Make-the-max-number-of-bind-retries-tunable.patch"
+
"0059-Fix-SEGFAULT-when-running-in-a-container-as-PID-1.patch"
+
"0001-Move-closing-standard-FDs-after-listen.patch"
+ "0002-Prevent-recursion-in-bug.patch"
+
"0001-Set-s_uwtmp_inserted-only-after-record-insertion-rem.patch"
+
"0002-Repeat-pututxline-if-it-fails-with-EINTR.patch"
+
"0003-Repeat-pututxline-until-it-succeeds-if-it-fails-with.patch"
+ "0001-Fix-timestamp-handling-in-MDTM.patch"
+
"0001-Remove-a-hint-about-the-ftp_home_dir-SELinux-boolean.patch")))
+ (map (lambda (x) (invoke "mv" (string-append "./"
x)
+ (string-append "vsftpd-"
version "/")))
+ patches)
+ (chdir (string-append "./vsftpd-" version))
+ (invoke "git" "init" ".")
+ (invoke "git" "config" "user.email"
"you <at> example.com")
+ (invoke "git" "config" "user.name" "Your Name" )
+ (invoke "git" "add" ".")
+ (invoke "git" "commit" "-m" "first")
+ (map (lambda (x) (invoke "git" "am" (string-append
"./" x))) patches)
+ (map (lambda (x) (invoke "rm" (string-append "./"
x))) patches)
+ (invoke "rm" "-rf" "./.git")
+ (chdir "../")
+ (invoke "mv" (string-append "./vsftpd-" version)
"../")
+ (chdir "../")
+ (invoke "rm" "-rf" (string-append "./vsftpd-"
version "-"
+ revision
".el8.src.cpio"))
+ (chdir (string-append "./vsftpd-" version)))
+ #t)))
+ (add-before 'install 'mkdirFrom
10868d1d6e705abc9e1d5744f6eea321f3dafc64 Mon Sep 17 00:00:00 2001
From: methuselah-0 <david.larsson <at> selfhosted.xyz>
Date: Tue, 30 Mar 2021 11:18:09 +0200
Subject: [PATCH] gnu: vsftpd: Use CentOS version and patches.
* gnu/packages/ftp.scm (vftpd): Use CentOS version and patches.
---
gnu/packages/ftp.scm | 185 +++++++++++++++++++++++++++++++++++--------
1 file changed, 150 insertions(+), 35 deletions(-)
diff --git a/gnu/packages/ftp.scm b/gnu/packages/ftp.scm
index b178063556..1c2c8119c7 100644
--- a/gnu/packages/ftp.scm
+++ b/gnu/packages/ftp.scm
@@ -28,18 +28,21 @@
#:use-module (gnu packages)
#:use-module (gnu packages autotools)
#:use-module (gnu packages check)
+ #:use-module (gnu packages cpio)
#:use-module (gnu packages compression)
#:use-module (gnu packages freedesktop)
#:use-module (gnu packages gettext)
#:use-module (gnu packages glib)
#:use-module (gnu packages gtk)
#:use-module (gnu packages libidn)
+ #:use-module (gnu packages linux)
#:use-module (gnu packages ncurses)
#:use-module (gnu packages nettle)
#:use-module (gnu packages pkg-config)
#:use-module (gnu packages readline)
#:use-module (gnu packages sqlite)
#:use-module (gnu packages tls)
+ #:use-module (gnu packages version-control)
#:use-module (gnu packages wxwidgets)
#:use-module (gnu packages xml))
@@ -251,40 +254,152 @@ directory comparison and more.")
(properties '((upstream-name . "FileZilla")))))
(define-public vsftpd
- (package
- (name "vsftpd")
- (version "3.0.3")
- (source (origin
- (method url-fetch)
- (uri (string-append
"https://security.appspot.com/downloads/"
- name "-" version ".tar.gz"))
- (sha256
- (base32
-
"1xsyjn68k3fgm2incpb3lz2nikffl9by2safp994i272wvv2nkcx"))))
- (build-system gnu-build-system)
- (arguments
- `(#:make-flags '("LDFLAGS=-lcrypt")
- #:tests? #f ; No tests exist.
- #:phases
- (modify-phases %standard-phases
- (add-after 'unpack 'patch-installation-directory
- (lambda* (#:key outputs #:allow-other-keys)
- (substitute* "Makefile"
- (("/usr") (assoc-ref outputs "out")))
- #t))
- (add-before 'install 'mkdir
- (lambda* (#:key outputs #:allow-other-keys)
- (let ((out (assoc-ref outputs "out")))
- (mkdir-p out)
- (mkdir (string-append out "/sbin"))
- (mkdir (string-append out "/man"))
- (mkdir (string-append out "/man/man5"))
- (mkdir (string-append out "/man/man8"))
- #t)))
- (delete 'configure))))
- (synopsis "vsftpd FTP daemon")
- (description "@command{vsftpd} is a daemon that listens on a TCP
socket
+ (let ((version "3.0.3")
+ (revision "32")
+ (centos-version "8.3.2011"))
+ (package
+ (name "vsftpd")
+ (version version)
+ (source (origin
+ (method url-fetch)
+ (uri (string-append
+ "https://vault.centos.org/centos/" centos-version
+ "/AppStream/Source/SPackages/vsftpd-" version "-"
+ revision ".el8.src.rpm"))
+ (sha256
+ (base32
+
"1xl0kqcismf82hl99klqbvvpylpyk1yr1qjy5hd8f80cj4lyl0f4"))))
+ (build-system gnu-build-system)
+ (arguments
+ `(#:make-flags '("LDFLAGS=-lcrypt -lssl -pie")
+ #:tests? #f ; No tests exist.
+ #:phases
+ (modify-phases %standard-phases
+ (add-after 'unpack 'patch-installation-directory
+ (lambda* (#:key outputs #:allow-other-keys)
+ (substitute* "Makefile"
+ (("/usr") (assoc-ref outputs "out")))
+ #t))
+ (replace 'unpack
+ (lambda* (#:key source #:allow-other-keys)
+ (let ((version "3.0.3")
+ (revision "32")
+ (centos-version "8.3.2011"))
+
+ (invoke "7z" "e" source (string-append "-o"
"./vsftpd-"
+ version "-"
+ revision
".el8.src.cpio"))
+ (chdir (string-append "./vsftpd-" version "-"
+ revision ".el8.src.cpio"))
+ (invoke "cpio" "-idmv" (string-append
"--file=./vsftpd-"
+ version "-"
+ revision
".el8.src.cpio"))
+ (invoke "tar" "xvf" (string-append "./vsftpd-"
version ".tar.gz"))
+ (let ((patches
+
'("0001-Don-t-use-the-provided-script-to-locate-libraries.patch"
+ "0002-Enable-build-with-SSL.patch"
+ "0003-Enable-build-with-TCP-Wrapper.patch"
+
"0004-Use-etc-vsftpd-dir-for-config-files-instead-of-etc.patch"
+
"0005-Use-hostname-when-calling-PAM-authentication-module.patch"
+
"0006-Close-stdin-out-err-before-listening-for-incoming-co.patch"
+ "0007-Make-filename-filters-smarter.patch"
+ "0008-Write-denied-logins-into-the-log.patch"
+
"0009-Trim-whitespaces-when-reading-configuration.patch"
+ "0010-Improve-daemonizing.patch"
+ "0011-Fix-listing-with-more-than-one-star.patch"
+
"0012-Replace-syscall-__NR_clone-.-with-clone.patch"
+ "0013-Extend-man-pages-with-systemd-info.patch"
+
"0014-Add-support-for-square-brackets-in-ls.patch"
+ "0015-Listen-on-IPv6-by-default.patch"
+
"0016-Increase-VSFTP_AS_LIMIT-from-200UL-to-400UL.patch"
+
"0017-Fix-an-issue-with-timestamps-during-DST.patch"
+
"0018-Change-the-default-log-file-in-configuration.patch"
+
"0019-Introduce-reverse_lookup_enable-option.patch"
+
"0020-Use-unsigned-int-for-uid-and-gid-representation.patch"
+
"0021-Introduce-support-for-DHE-based-cipher-suites.patch"
+
"0022-Introduce-support-for-EDDHE-based-cipher-suites.patch"
+
"0023-Add-documentation-for-isolate_-options.-Correct-defa.patch"
+ "0024-Introduce-new-return-value-450.patch"
+ "0025-Improve-local_max_rate-option.patch"
+ "0026-Prevent-hanging-in-SIGCHLD-handler.patch"
+ "0027-Delete-files-when-upload-fails.patch"
+ "0028-Fix-man-page-rendering.patch"
+ "0029-Fix-segfault-in-config-file-parser.patch"
+
"0030-Fix-logging-into-syslog-when-enabled-in-config.patch"
+
"0031-Fix-question-mark-wildcard-withing-a-file-name.patch"
+
"0032-Propagate-errors-from-nfs-with-quota-to-client.patch"
+
"0033-Introduce-TLSv1.1-and-TLSv1.2-options.patch"
+
"0034-Turn-off-seccomp-sandbox-because-it-is-too-strict.patch"
+
"0035-Modify-DH-enablement-patch-to-build-with-OpenSSL-1.1.patch"
+ "0036-Redefine-VSFTP_COMMAND_FD-to-1.patch"
+
"0037-Document-the-relationship-of-text_userdb_names-and-c.patch"
+
"0038-Document-allow_writeable_chroot-in-the-man-page.patch"
+
"0039-Improve-documentation-of-ASCII-mode-in-the-man-page.patch"
+ "0040-Use-system-wide-crypto-policy.patch"
+
"0041-Document-the-new-default-for-ssl_ciphers-in-the-man-.patch"
+
"0042-When-handling-FEAT-command-check-ssl_tlsv1_1-and-ssl.patch"
+ "0043-Enable-only-TLSv1.2-by-default.patch"
+
"0044-Disable-anonymous_enable-in-default-config-file.patch"
+
"0045-Expand-explanation-of-ascii_-options-behaviour-in-ma.patch"
+
"0046-vsftpd.conf-Refer-to-the-man-page-regarding-the-asci.patch"
+ "0047-Disable-tcp_wrappers-support.patch"
+
"0048-Fix-default-value-of-strict_ssl_read_eof-in-man-page.patch"
+
"0049-Add-new-filename-generation-algorithm-for-STOU-comma.patch"
+ "0050-Don-t-link-with-libnsl.patch"
+
"0051-Improve-documentation-of-better_stou-in-the-man-page.patch"
+ "0052-Fix-rDNS-with-IPv6.patch"
+ "0053-Always-do-chdir-after-chroot.patch"
+
"0054-vsf_sysutil_rcvtimeo-Check-return-value-of-setsockop.patch"
+
"0055-vsf_sysutil_get_tz-Check-the-return-value-of-syscall.patch"
+ "0056-Log-die-calls-to-syslog.patch"
+
"0057-Improve-error-message-when-max-number-of-bind-attemp.patch"
+
"0058-Make-the-max-number-of-bind-retries-tunable.patch"
+
"0059-Fix-SEGFAULT-when-running-in-a-container-as-PID-1.patch"
+
"0001-Move-closing-standard-FDs-after-listen.patch"
+ "0002-Prevent-recursion-in-bug.patch"
+
"0001-Set-s_uwtmp_inserted-only-after-record-insertion-rem.patch"
+
"0002-Repeat-pututxline-if-it-fails-with-EINTR.patch"
+
"0003-Repeat-pututxline-until-it-succeeds-if-it-fails-with.patch"
+ "0001-Fix-timestamp-handling-in-MDTM.patch"
+
"0001-Remove-a-hint-about-the-ftp_home_dir-SELinux-boolean.patch")))
+ (map (lambda (x) (invoke "mv" (string-append "./"
x)
+ (string-append "vsftpd-"
version "/")))
+ patches)
+ (chdir (string-append "./vsftpd-" version))
+ (invoke "git" "init" ".")
+ (invoke "git" "config" "user.email"
"you <at> example.com")
+ (invoke "git" "config" "user.name" "Your Name" )
+ (invoke "git" "add" ".")
+ (invoke "git" "commit" "-m" "first")
+ (map (lambda (x) (invoke "git" "am" (string-append
"./" x))) patches)
+ (map (lambda (x) (invoke "rm" (string-append "./"
x))) patches)
+ (invoke "rm" "-rf" "./.git")
+ (chdir "../")
+ (invoke "mv" (string-append "./vsftpd-" version)
"../")
+ (chdir "../")
+ (invoke "rm" "-rf" (string-append "./vsftpd-"
version "-"
+ revision
".el8.src.cpio"))
+ (chdir (string-append "./vsftpd-" version)))
+ #t)))
+ (add-before 'install 'mkdir
+ (lambda* (#:key outputs #:allow-other-keys)
+ (let ((out (assoc-ref outputs "out")))
+ (mkdir-p out)
+ (mkdir (string-append out "/sbin"))
+ (mkdir (string-append out "/man"))
+ (mkdir (string-append out "/man/man5"))
+ (mkdir (string-append out "/man/man8"))
+ #t)))
+ (delete 'configure))))
+ (native-inputs `(("openssl" ,openssl)
+ ("linux-pam" ,linux-pam)
+ ("p7zip" ,p7zip)
+ ("cpio" ,cpio)
+ ("git" ,git-minimal)
+ ("libcap" ,libcap)))
+ (synopsis "Share files securely over FTP or FTPS")
+ (description "@command{vsftpd} is a daemon that listens on a TCP
socket
for clients and gives them access to local files via File Transfer
Protocol.")
- (home-page "https://security.appspot.com/vsftpd.html")
- (license gpl2)))
+ (home-page "https://security.appspot.com/vsftpd.html")
+ (license gpl2))))
--
2.30.2
+ (lambda* (#:key outputs #:allow-other-keys)
+ (let ((out (assoc-ref outputs "out")))
+ (mkdir-p out)
+ (mkdir (string-append out "/sbin"))
+ (mkdir (string-append out "/man"))
+ (mkdir (string-append out "/man/man5"))
+ (mkdir (string-append out "/man/man8"))
+ #t)))
+ (delete 'configure))))
+ (native-inputs `(("openssl" ,openssl)
+ ("linux-pam" ,linux-pam)
+ ("p7zip" ,p7zip)
+ ("cpio" ,cpio)
+ ("git" ,git-minimal)
+ ("libcap" ,libcap)))
+ (synopsis "Share files securely over FTP or FTPS")
+ (description "@command{vsftpd} is a daemon that listens on a TCP
socket
for clients and gives them access to local files via File Transfer
Protocol.")
- (home-page "https://security.appspot.com/vsftpd.html")
- (license gpl2)))
+ (home-page "https://security.appspot.com/vsftpd.html")
+ (license gpl2))))
--
2.30.2
[0001-gnu-vsftpd-Use-CentOS-version-and-patches.patch (text/x-diff, attachment)]
guix-patches <at> gnu.org:bug#47495; Package guix-patches.
(Tue, 30 Mar 2021 15:33:02 GMT) Full text and rfc822 format available.Message #11 received at 47495 <at> debbugs.gnu.org (full text, mbox):
From: Tobias Geerinckx-Rice <me <at> tobias.gr> To: david larsson <david.larsson <at> selfhosted.xyz> Cc: 47495 <at> debbugs.gnu.org, Guix-patches <guix-patches-bounces+david.larsson=selfhosted.xyz <at> gnu.org>, guix-patches <at> gnu.org Subject: Re: [bug#47495] [PATCH] gnu: vsftpd: Use CentOS version and patches. Date: Tue, 30 Mar 2021 17:32:20 +0200
[Message part 1 (text/plain, inline)]
David,
david larsson writes:
> Hi,
> the attached patch updates vsftpd so it can use tlsv1.2 etc.
Wow. Thanks!
As indicated on IRC I've made some changes to the patch, mainly to
avoid hard-coding all patches. The result is attached. Let me
know what you think.
Further random comments below:
> From: methuselah-0 <david.larsson <at> selfhosted.xyz>
> Date: Tue, 30 Mar 2021 11:18:09 +0200
> Subject: [PATCH] gnu: vsftpd: Use CentOS version and patches.
>
> * gnu/packages/ftp.scm (vftpd): Use CentOS version and
> patches.
^^^^
This is what happens when you copy commit messages from git and
paste them right back in :-) In that case, remove the four
leading spaces.
> + (let ((version "3.0.3")
I renamed this to UPSTREAM-VERSION, so we can show a more specific
VERSION field in the Guix UI. What we offer isn't ‘3.0.3’ any
more.
> + (revision "32")
I subjectively added ‘.el8’ here, mainly to factor it out below.
Neither of us knows what it means, though...
> + (add-after 'unpack 'patch-installation-directory
> + (lambda* (#:key outputs #:allow-other-keys)
> + (substitute* "Makefile"
> + (("/usr") (assoc-ref outputs "out")))
> + #t))
Moved below the redefined 'unpack phase for clarity.
> + (replace 'unpack
> + (lambda* (#:key source #:allow-other-keys)
> + (let ((version "3.0.3")
> + (revision "32")
> + (centos-version "8.3.2011"))
OK, so, as mentioned on IRC this can be avoided by quasiquoting
<arguments> (as it already was, here) and using ,version instead.
Quoting is probably the most confusing-yet-basic concept in
Scheme.
> +
> + (invoke "7z" "e" source (string-append "-o"
> "./vsftpd-"
> +
> version "-"
> +
> revision
> ".el8.src.cpio"))
> + (chdir (string-append "./vsftpd-" version
> "-"
> + revision
> ".el8.src.cpio"))
> + (invoke "cpio" "-idmv" (string-append
> "--file=./vsftpd-"
> +
> version "-"
> +
> revision
> ".el8.src.cpio"))
> + (invoke "tar" "xvf" (string-append
> "./vsftpd-"
> version ".tar.gz"))
This dance had a few steps too many IMO, so I simplified it. It's
OK to keep the unpacked steps around during the (short) build
process; they are tiny by today's standards.
> + (let ((patches
I understand the reason for this: the patches need to be applied
in this order, or patching will appear to succeed but result in
unbuildable source. A simple FIND-FILES is right out.
However, since the order is specified in vsftpd.spec, it's safer,
shorter, and simply more fun to parse it ourselves.
> + (chdir (string-append "./vsftpd-"
> version))
> + (invoke "git" "init" ".")
> + (invoke "git" "config" "user.email"
> "you <at> example.com")
> + (invoke "git" "config" "user.name" "Your
> Name" )
> + (invoke "git" "add" ".")
> + (invoke "git" "commit" "-m" "first")
> + (map (lambda (x) (invoke "git" "am"
> (string-append
> "./" x))) patches)
> + (map (lambda (x) (invoke "rm"
> (string-append "./"
> x))) patches)
> + (invoke "rm" "-rf" "./.git")
> + (chdir "../")
> + (invoke "mv" (string-append "./vsftpd-"
> version)
> "../")
> + (chdir "../")
> + (invoke "rm" "-rf" (string-append
> "./vsftpd-"
> version "-"
> + revision
> ".el8.src.cpio"))
> + (chdir (string-append "./vsftpd-"
> version)))
You lost me here. Why all the git? I removed all mention of git
from the package, since it didn't seem necessary, but please
correct me if needful.
> + #t)))
Whilst Guix on master still complains about ‘missing’ #Ts, they
are a moribund relic and I've secretly started forgetting the odd
#t on master already...
> + (native-inputs `(("openssl" ,openssl)
> + ("linux-pam" ,linux-pam)
> + ("p7zip" ,p7zip)
> + ("cpio" ,cpio)
> + ("git" ,git-minimal)
> + ("libcap" ,libcap)))
These are *all* new, correct? I removed git and added them all to
the commit message (check it out).
Thanks again for your work!
T G-R
[0001-gnu-vsftpd-Use-CentOS-version-and-patches.patch (text/x-patch, inline)]
From 43ca5cf141a61120cf9b02d26394109be75e679f Mon Sep 17 00:00:00 2001
From: methuselah-0 <david.larsson <at> selfhosted.xyz>
Date: Tue, 30 Mar 2021 11:18:09 +0200
Subject: [PATCH] gnu: vsftpd: Use CentOS version and patches.
* gnu/packages/ftp.scm (vftpd)[source]: Use CentOS source RPM.
[arguments]: Adapt the 'unpack phase, and apply CentOS patches in a new
'apply-CentOS-patches phase.
[native-inputs]: Add openssl, linux-pam, libcap, p7zip, and cpio.
---
gnu/packages/ftp.scm | 116 +++++++++++++++++++++++++++++--------------
1 file changed, 80 insertions(+), 36 deletions(-)
diff --git a/gnu/packages/ftp.scm b/gnu/packages/ftp.scm
index b178063556..f3d3c68e5e 100644
--- a/gnu/packages/ftp.scm
+++ b/gnu/packages/ftp.scm
@@ -2,8 +2,9 @@
;;; Copyright © 2014, 2015, 2018 Ludovic Courtès <ludo <at> gnu.org>
;;; Copyright © 2015 Andreas Enge <andreas <at> enge.fr>
;;; Copyright © 2015 Mark H Weaver <mhw <at> netris.org>
-;;; Copyright © 2016, 2017, 2018, 2019, 2020 Tobias Geerinckx-Rice <me <at> tobias.gr>
+;;; Copyright © 2016–2021 Tobias Geerinckx-Rice <me <at> tobias.gr>
;;; Copyright © 2017 Rene Saavedra <rennes <at> openmailbox.org>
+;;; Copyright © 2021 David Larsson <david.larsson <at> selfhosted.xyz>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -28,12 +29,14 @@
#:use-module (gnu packages)
#:use-module (gnu packages autotools)
#:use-module (gnu packages check)
+ #:use-module (gnu packages cpio)
#:use-module (gnu packages compression)
#:use-module (gnu packages freedesktop)
#:use-module (gnu packages gettext)
#:use-module (gnu packages glib)
#:use-module (gnu packages gtk)
#:use-module (gnu packages libidn)
+ #:use-module (gnu packages linux)
#:use-module (gnu packages ncurses)
#:use-module (gnu packages nettle)
#:use-module (gnu packages pkg-config)
@@ -251,40 +254,81 @@ directory comparison and more.")
(properties '((upstream-name . "FileZilla")))))
(define-public vsftpd
- (package
- (name "vsftpd")
- (version "3.0.3")
- (source (origin
- (method url-fetch)
- (uri (string-append "https://security.appspot.com/downloads/"
- name "-" version ".tar.gz"))
- (sha256
- (base32
- "1xsyjn68k3fgm2incpb3lz2nikffl9by2safp994i272wvv2nkcx"))))
- (build-system gnu-build-system)
- (arguments
- `(#:make-flags '("LDFLAGS=-lcrypt")
- #:tests? #f ; No tests exist.
- #:phases
- (modify-phases %standard-phases
- (add-after 'unpack 'patch-installation-directory
- (lambda* (#:key outputs #:allow-other-keys)
- (substitute* "Makefile"
- (("/usr") (assoc-ref outputs "out")))
- #t))
- (add-before 'install 'mkdir
- (lambda* (#:key outputs #:allow-other-keys)
- (let ((out (assoc-ref outputs "out")))
- (mkdir-p out)
- (mkdir (string-append out "/sbin"))
- (mkdir (string-append out "/man"))
- (mkdir (string-append out "/man/man5"))
- (mkdir (string-append out "/man/man8"))
- #t)))
- (delete 'configure))))
- (synopsis "vsftpd FTP daemon")
- (description "@command{vsftpd} is a daemon that listens on a TCP socket
+ ;; Use a significantly patched CentOS variant supporting TLSv1.2, ‘email
+ ;; passwords’, and XXX davidl: anything else?
+ (let ((upstream-version "3.0.3")
+ (centos-version "8.3.2011")
+ (revision "32.el8"))
+ (package
+ (name "vsftpd")
+ (version (string-append upstream-version "." revision))
+ (source
+ (origin
+ (method url-fetch)
+ (uri (string-append
+ "https://vault.centos.org/centos/" centos-version
+ "/AppStream/Source/SPackages/vsftpd-" upstream-version "-"
+ revision ".src.rpm"))
+ (sha256
+ (base32 "1xl0kqcismf82hl99klqbvvpylpyk1yr1qjy5hd8f80cj4lyl0f4"))))
+ (build-system gnu-build-system)
+ (arguments
+ `(#:make-flags '("LDFLAGS=-lcrypt -lssl -pie")
+ #:tests? #f ; no tests exist
+ #:phases
+ (modify-phases %standard-phases
+ (replace 'unpack
+ (lambda* (#:key source #:allow-other-keys)
+ (invoke "7z" "e" source "-ocpio")
+ (invoke "cpio" "-idmv"
+ (string-append "--file=cpio/vsftpd-"
+ ,upstream-version "-" ,revision
+ ".src.cpio"))
+ (invoke "tar" "xvf"
+ (string-append "vsftpd-" ,upstream-version ".tar.gz"))
+ (chdir (string-append "vsftpd-" ,upstream-version))))
+ (add-after 'unpack 'apply-CentOS-patches
+ ;; Apply all patches as enumerated in vsftpd.spec, in order:
+ ;; simply using FIND-FILES would silently corrupt the result.
+ (lambda _
+ (call-with-input-file "../vsftpd.spec"
+ (lambda (port)
+ (use-modules (ice-9 rdelim))
+ (let loop ()
+ (let ((line (read-line port)))
+ (unless (eof-object? line)
+ (when (string-prefix? "Patch" line)
+ (let* ((space (string-rindex line #\space))
+ (patch (string-drop line (+ 1 space))))
+ (invoke "patch" "-Np1"
+ "-i" (string-append "../" patch))))
+ (loop))))))))
+ (add-after 'unpack 'patch-installation-directory
+ (lambda* (#:key outputs #:allow-other-keys)
+ (substitute* "Makefile"
+ (("/usr") (assoc-ref outputs "out")))
+ #t))
+ (add-before 'install 'mkdir
+ (lambda* (#:key outputs #:allow-other-keys)
+ (let ((out (assoc-ref outputs "out")))
+ (mkdir-p out)
+ (mkdir (string-append out "/sbin"))
+ (mkdir (string-append out "/man"))
+ (mkdir (string-append out "/man/man5"))
+ (mkdir (string-append out "/man/man8"))
+ #t)))
+ (delete 'configure))))
+ (native-inputs
+ `(("openssl" ,openssl)
+ ("linux-pam" ,linux-pam)
+ ("libcap" ,libcap)
+
+ ;; Used to unpack the source RPM.
+ ("p7zip" ,p7zip)
+ ("cpio" ,cpio)))
+ (home-page "https://security.appspot.com/vsftpd.html")
+ (synopsis "Share files securely over FTP or FTPS")
+ (description "@command{vsftpd} is a daemon that listens on a TCP socket
for clients and gives them access to local files via File Transfer
Protocol.")
- (home-page "https://security.appspot.com/vsftpd.html")
- (license gpl2)))
+ (license gpl2))))
--
2.30.1
guix-patches <at> gnu.org:bug#47495; Package guix-patches.
(Tue, 30 Mar 2021 15:34:02 GMT) Full text and rfc822 format available.guix-patches <at> gnu.org:bug#47495; Package guix-patches.
(Tue, 30 Mar 2021 15:35:02 GMT) Full text and rfc822 format available.Message #17 received at submit <at> debbugs.gnu.org (full text, mbox):
From: Tobias Geerinckx-Rice <me <at> tobias.gr> To: david larsson <david.larsson <at> selfhosted.xyz> Cc: 47495 <at> debbugs.gnu.org, Guix-patches <guix-patches-bounces+david.larsson=selfhosted.xyz <at> gnu.org>, guix-patches <at> gnu.org Subject: Re: [bug#47495] [PATCH] gnu: vsftpd: Use CentOS version and patches. Date: Tue, 30 Mar 2021 17:34:32 +0200
Tobias Geerinckx-Rice forgot to write: > I've also added a copyright line for you. Kind regards, T G-R
guix-patches <at> gnu.org:bug#47495; Package guix-patches.
(Tue, 30 Mar 2021 15:35:03 GMT) Full text and rfc822 format available.guix-patches <at> gnu.org:bug#47495; Package guix-patches.
(Tue, 30 Mar 2021 18:40:01 GMT) Full text and rfc822 format available.Message #23 received at submit <at> debbugs.gnu.org (full text, mbox):
From: david larsson <david.larsson <at> selfhosted.xyz> To: Tobias Geerinckx-Rice <me <at> tobias.gr> Cc: 47495 <at> debbugs.gnu.org, Guix-patches <guix-patches-bounces+david.larsson=selfhosted.xyz <at> gnu.org>, guix-patches <at> gnu.org Subject: Re: [bug#47495] [PATCH] gnu: vsftpd: Use CentOS version and patches. Date: Tue, 30 Mar 2021 20:38:58 +0200
On 2021-03-30 17:32, Tobias Geerinckx-Rice wrote:
> As indicated on IRC I've made some changes to the patch, mainly to
> avoid hard-coding all patches. The result is attached. Let me know
> what you think.
It looks great! Especially nice to see that you separated the patch and
unpack phases - it looks much better now.
>>
>> * gnu/packages/ftp.scm (vftpd): Use CentOS version and
>> patches.
> ^^^^
>
> This is what happens when you copy commit messages from git and paste
> them right back in :-) In that case, remove the four leading spaces.
Yep, thats what I did :-) will fix next time!
Reg. why to use the significantly patched CentOS variant (asked in your
updated patch's comments): the email passwords thing was a mistake to
mention by me in IRC - that feature was probably already there -
however, the tlsv1.2 was the main reason for switching to the CentOS
version - other features added by the whole patch-set I don't know much
about except from glancing over them and it looks mostly like bug and
security fixes to me.
>
>> + (let ((version "3.0.3")
>
> I renamed this to UPSTREAM-VERSION, so we can show a more specific
> VERSION field in the Guix UI. What we offer isn't ‘3.0.3’ any more.
Ok, I think I understand.
>> + (revision "32")
>
> I subjectively added ‘.el8’ here, mainly to factor it out below.
> Neither of us knows what it means, though...
That is fine with me.
>
>> + (add-after 'unpack 'patch-installation-directory
>> + (lambda* (#:key outputs #:allow-other-keys)
>> + (substitute* "Makefile"
>> + (("/usr") (assoc-ref outputs "out")))
>> + #t))
>
> Moved below the redefined 'unpack phase for clarity.
Great! I had in mind to do the same myself, but didn't due to a
combination of a lack of Guile/Guix coding skills and time.
>> + (replace 'unpack
>> + (lambda* (#:key source #:allow-other-keys)
>> + (let ((version "3.0.3")
>> + (revision "32")
>> + (centos-version "8.3.2011"))
>
> OK, so, as mentioned on IRC this can be avoided by quasiquoting
> <arguments> (as it already was, here) and using ,version instead.
>
> Quoting is probably the most confusing-yet-basic concept in Scheme.
Looks good to me! I am actually quite familiar with unquoting, including
g-exp unquoting things, and I somehow missed that I was in a quasiquote
context from after "arguments"... I intend to improve!
>
>> +
>> + (invoke "7z" "e" source (string-append "-o"
>> "./vsftpd-"
>> + version "-"
>> + revision ".el8.src.cpio"))
>> + (chdir (string-append "./vsftpd-" version "-"
>> + revision ".el8.src.cpio"))
>> + (invoke "cpio" "-idmv" (string-append
>> "--file=./vsftpd-"
>> + version "-"
>> + revision ".el8.src.cpio"))
>> + (invoke "tar" "xvf" (string-append "./vsftpd-"
>> version ".tar.gz"))
>
> This dance had a few steps too many IMO, so I simplified it. It's OK
> to keep the unpacked steps around during the (short) build process;
> they are tiny by today's standards.
Agreed. I was not very happy with this myself. Thanks for fixing!
>
>> + (let ((patches
>
> I understand the reason for this: the patches need to be applied in
> this order, or patching will appear to succeed but result in
> unbuildable source. A simple FIND-FILES is right out.
>
> However, since the order is specified in vsftpd.spec, it's safer,
> shorter, and simply more fun to parse it ourselves.
>
>> + (chdir (string-append "./vsftpd-" version))
>> + (invoke "git" "init" ".")
>> + (invoke "git" "config" "user.email"
>> "you <at> example.com")
>> + (invoke "git" "config" "user.name" "Your Name" )
>> + (invoke "git" "add" ".")
>> + (invoke "git" "commit" "-m" "first")
>> + (map (lambda (x) (invoke "git" "am"
>> (string-append "./" x))) patches)
>> + (map (lambda (x) (invoke "rm" (string-append
>> "./" x))) patches)
>> + (invoke "rm" "-rf" "./.git")
>> + (chdir "../")
>> + (invoke "mv" (string-append "./vsftpd-" version)
>> "../")
>> + (chdir "../")
>> + (invoke "rm" "-rf" (string-append "./vsftpd-"
>> version "-"
>> + revision
>> ".el8.src.cpio"))
>> + (chdir (string-append "./vsftpd-" version)))
>
> You lost me here. Why all the git? I removed all mention of git from
> the package, since it didn't seem necessary, but please correct me if
> needful.
I am, or was, simply unfamiliar with the simplicity of just using
"patch". I tried git am which failed and reported errors that was solved
by the additional git commands. Your replacement is exactly what I need
to learn more about, and looks great, thanks!
>
>> + (native-inputs `(("openssl" ,openssl)
>> + ("linux-pam" ,linux-pam)
>> + ("p7zip" ,p7zip)
>> + ("cpio" ,cpio)
>> + ("git" ,git-minimal)
>> + ("libcap" ,libcap)))
>
> These are *all* new, correct? I removed git and added them all to the
> commit message (check it out).
Yep!
>
> Thanks again for your work!
>
> T G-R
Well..., thank you for your work! You made this patch a lot better! :-)
Best regards,
David Larsson
guix-patches <at> gnu.org:bug#47495; Package guix-patches.
(Tue, 30 Mar 2021 18:40:02 GMT) Full text and rfc822 format available.Tobias Geerinckx-Rice <me <at> tobias.gr>:david larsson <david.larsson <at> selfhosted.xyz>:Message #31 received at 47495-done <at> debbugs.gnu.org (full text, mbox):
From: Tobias Geerinckx-Rice <me <at> tobias.gr> To: david larsson <david.larsson <at> selfhosted.xyz> Cc: 47495-done <at> debbugs.gnu.org Subject: Re: [bug#47495] [PATCH] gnu: vsftpd: Use CentOS version and patches. Date: Tue, 30 Mar 2021 21:41:56 +0200
David,
> + (native-inputs `(("openssl" ,openssl)
Not sure how I missed this -- actually I do, considering the three
empty champagne bottles now adorning our wall -- but the first
three should be regular inputs, not native, as they are legitimate
references of the resulting package ($ guix gc --references).
Native inputs run only during the build. The distinction matters
during cross-compilation, when the build-time native-inputs may be
a different (say, x86_64) architecture from the output package and
its inputs (both identical: say, aarch64).
> It looks great! Especially nice to see that you separated the
> patch
> and unpack phases - it looks much better now.
Thank you :-) Pushed as 634d9845a6b4e362f32ba369ae42851719455ba3.
Kind regards,
T G-R
Debbugs Internal Request <help-debbugs <at> gnu.org>
to internal_control <at> debbugs.gnu.org.
(Wed, 28 Apr 2021 11:24:06 GMT) Full text and rfc822 format available.
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.