From: Michael Tremer <michael.tremer@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: Question regarding package updates, applying patches, and building
Date: Mon, 08 Jan 2018 10:34:29 +0000 [thread overview]
Message-ID: <1515407669.3685.86.camel@ipfire.org> (raw)
In-Reply-To: <20180107144251.7cb5c7be.peter.mueller@link38.eu>
[-- Attachment #1: Type: text/plain, Size: 4395 bytes --]
Hi,
On Sun, 2018-01-07 at 14:42 +0100, Peter Müller wrote:
> Hello,
>
> while trying to update entire packages in IPFire (some
> of them are outdated) and to fix some bugs, I ran into
> a couple of questions:
>
> (a) How to update entire packages?
>
> As far as I understood, to every package belongs a file
> in lfs/[package_name], containing information about how
> to build, apply patches to it, and so on.
Yes.
> It seems like packages are downloaded from https://source.ipfire.org/ ,
> but it did not became clear to me how to upload a new
> version of a package to this server. Of course, the
> download URL can be changed manually, but that seems rather
> ugly to me.
We usually upload everything here manually since the official download mirrors
are always a bit slow and maintainers seem to move their packages around a lot
by moving them to an /old/ directory and then the URLs break. That's not fun.
So we need to create an LDAP account for you and then you can login to
git.ipfire.org and upload them to /pub/sources/...
> Unfortunately, I was unable to find a sort of tutorial
> in the wiki for this issue.
Indeed this isn't being documented.
> (b) How to apply patches to downloaded packages with changed filenames?
>
> As discussed in December (https://wiki.ipfire.org/devel/telco/2017-12-04),
> I am supposed to have a look at the DEFAULT cipher suite in
> OpenSSL.
>
> To change this value, the .tar.gz file needs to be downloaded
> and unpacked first. After that, the file "ssl/ssl.h" needs to be
> changed.
We NEVER change the original archives that we download from some project's
website. That makes it impossible to track what has been changed compared to the
official release. So, we use patches.
> The patch at src/patches/openssl-1.0.2h-weak-ciphers.patch does
> something similar:
>
> diff -Naur openssl-1.0.2h.org/ssl/ssl.h openssl-1.0.2h/ssl/ssl.h
> --- openssl-1.0.2h.org/ssl/ssl.h 2016-05-03 15:44:42.000000000 +0200
> +++ openssl-1.0.2h/ssl/ssl.h 2016-05-03 18:49:10.393302264 +0200
> @@ -338,7 +338,7 @@
> * The following cipher list is used by default. It also is substituted when
> * an application-defined cipher list string starts with 'DEFAULT'.
> */
> -# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!LOW:!aNULL:!eNULL:!SSLv2"
> +# define SSL_DEFAULT_CIPHER_LIST
> "ALL:!EXPORT:!LOW:!aNULL:!eNULL:!SSLv2:!RC2:!DES"
> /*
> * As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always
> * starts with a reasonable order, and all we have to do for DEFAULT is
>
> But where does the file openssl-[...].org came from?
That isn't a domain name. It is usually that I extract the archive like this:
tar xvfa openssl-1.0.2h.tar.gz
Then I move everything to a new directory that usually gets a ".org" or "-
vanilla" suffix. This is the original version as it comes from the upstream
project.
Then I extract the tarball again and modify my files.
And finally I just diff the changed directory against the original one like
this:
diff -Nur openssl-1.0.2h.org/ openssl-1.0.2h/
And that creates the patch.
For bigger changes I just check out their Git repository and create a new branch
based on the latest release. This is also handy when submitting the patches
upstream.
> (c) How to build the distribution partly?
>
> In the past, I handed in some patches to allow remote syslogging via
> TCP, too. After some struggles (settings are written by a C program, not
> the CGI file itself), I modified syslogdctrl.c, and the changes were shipped.
> (See https://bugzilla.ipfire.org/show_bug.cgi?id=11540 for details.)
>
> But since this program now crashes with a segfault on my machine (*sigh*),
> it seems like my patch contained some errors.
>
> However, building the entire distribution is somewhat time-consuming
> and not worth the effort for a probably small error. Is there any way
> of just building this C program, and omit the rest?
You have to build the entire distribution the first time. If you want to rebuild
a single package, you have to delete the log file for that package from the
logs/ directory and run "./make.sh build" again.
Hope this helps so far. If you have any more questions, please ask.
Best,
-Michael
>
>
> Thanks in advance!
>
> Best regards,
> Peter Müller
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
next prev parent reply other threads:[~2018-01-08 10:34 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-01-07 13:42 Peter Müller
2018-01-08 10:34 ` Michael Tremer [this message]
2018-06-17 8:37 ` Peter Müller
2018-06-17 13:24 ` Michael Tremer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1515407669.3685.86.camel@ipfire.org \
--to=michael.tremer@ipfire.org \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox