From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Re: Question regarding package updates, applying patches, and building Date: Mon, 08 Jan 2018 10:34:29 +0000 Message-ID: <1515407669.3685.86.camel@ipfire.org> In-Reply-To: <20180107144251.7cb5c7be.peter.mueller@link38.eu> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============0690389680127848624==" List-Id: --===============0690389680127848624== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hi, On Sun, 2018-01-07 at 14:42 +0100, Peter M=C3=BCller wrote: > Hello, >=20 > while trying to update entire packages in IPFire (some > of them are outdated) and to fix some bugs, I ran into > a couple of questions: >=20 > (a) How to update entire packages? >=20 > As far as I understood, to every package belongs a file > in lfs/[package_name], containing information about how > to build, apply patches to it, and so on. Yes. > It seems like packages are downloaded from https://source.ipfire.org/ , > but it did not became clear to me how to upload a new > version of a package to this server. Of course, the > download URL can be changed manually, but that seems rather > ugly to me. We usually upload everything here manually since the official download mirrors are always a bit slow and maintainers seem to move their packages around a lot by moving them to an /old/ directory and then the URLs break. That's not fun. So we need to create an LDAP account for you and then you can login to git.ipfire.org and upload them to /pub/sources/... > Unfortunately, I was unable to find a sort of tutorial > in the wiki for this issue. Indeed this isn't being documented. > (b) How to apply patches to downloaded packages with changed filenames? >=20 > As discussed in December (https://wiki.ipfire.org/devel/telco/2017-12-04), > I am supposed to have a look at the DEFAULT cipher suite in > OpenSSL. >=20 > To change this value, the .tar.gz file needs to be downloaded > and unpacked first. After that, the file "ssl/ssl.h" needs to be > changed. We NEVER change the original archives that we download from some project's website. That makes it impossible to track what has been changed compared to = the official release. So, we use patches. > The patch at src/patches/openssl-1.0.2h-weak-ciphers.patch does > something similar: >=20 > diff -Naur openssl-1.0.2h.org/ssl/ssl.h openssl-1.0.2h/ssl/ssl.h > --- openssl-1.0.2h.org/ssl/ssl.h 2016-05-03 15:44:42.000000000 +0200 > +++ openssl-1.0.2h/ssl/ssl.h 2016-05-03 18:49:10.393302264 +0200 > @@ -338,7 +338,7 @@ > * The following cipher list is used by default. It also is substituted wh= en > * an application-defined cipher list string starts with 'DEFAULT'. > */ > -# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!LOW:!aNULL:!eNULL:!SSLv2" > +# define SSL_DEFAULT_CIPHER_LIST > "ALL:!EXPORT:!LOW:!aNULL:!eNULL:!SSLv2:!RC2:!DES" > /* > * As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always > * starts with a reasonable order, and all we have to do for DEFAULT is >=20 > But where does the file openssl-[...].org came from? That isn't a domain name. It is usually that I extract the archive like this: tar xvfa openssl-1.0.2h.tar.gz Then I move everything to a new directory that usually gets a ".org" or "- vanilla" suffix. This is the original version as it comes from the upstream project. Then I extract the tarball again and modify my files. And finally I just diff the changed directory against the original one like this: diff -Nur openssl-1.0.2h.org/ openssl-1.0.2h/ And that creates the patch. For bigger changes I just check out their Git repository and create a new bra= nch based on the latest release. This is also handy when submitting the patches upstream. > (c) How to build the distribution partly? >=20 > In the past, I handed in some patches to allow remote syslogging via > TCP, too. After some struggles (settings are written by a C program, not > the CGI file itself), I modified syslogdctrl.c, and the changes were shippe= d. > (See https://bugzilla.ipfire.org/show_bug.cgi?id=3D11540 for details.) >=20 > But since this program now crashes with a segfault on my machine (*sigh*), > it seems like my patch contained some errors. >=20 > However, building the entire distribution is somewhat time-consuming > and not worth the effort for a probably small error. Is there any way > of just building this C program, and omit the rest? You have to build the entire distribution the first time. If you want to rebu= ild a single package, you have to delete the log file for that package from the logs/ directory and run "./make.sh build" again. Hope this helps so far. If you have any more questions, please ask. Best, -Michael >=20 >=20 > Thanks in advance! >=20 > Best regards, > Peter M=C3=BCller --===============0690389680127848624== Content-Type: application/pgp-signature Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="signature.asc" MIME-Version: 1.0 LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0KCmlRSXpCQUFCQ2dBZEZpRUU1L3JXNWwzR0dl Mnlwa3R4Z0hudy8yK1FDUWNGQWxwVFNUVUFDZ2tRZ0hudy8yK1EKQ1FlMmZRLy9TaXd0NTRRdVdZ TWVmalo3RWYyMDVLNDZLTThSeWRERXMzS1ZxeWtLZjdnRjNOVlliVFZWNm51aQpwQ0VPVGVFejBr a3VvNWF0aUU5Y0xzSFl3bG9IOVRwSTJ4V2pvdzllUE9QZllMYW1tY2tHNHQzOVlkZDlDTkVvCjl5 ZGprTFlSS3ZRZmhnR1RRdjV4YlJJMHcvVWt1Qmk1clFGZXJLU3hOVTNQcUl1TlZPSjBLb0tMemlT cVprbWQKUXFNSjl4M0xXbHJoWUcyNjZoZGhpWWdYeUpUY3cwbDlxVks4K2sxRU9pR2RBS1QwWFJG d2o0K09xdEE0Vzh6dApQdm9WVWsrd3B4T2ptNkV3VFRGMzloNldyZXgyYnQreEs2bmFXZ0dZenRu OGZuMkxhR3piZ3FBSndtSDZESW5QCmRObEs1eVVMTUlVb2VhTE9IL3AzTjVIcXVKZDVuc3hTZEo1 UWFqa1NrTGxRb3dleE5OY01aRW85OFpFVkVveVgKRktFNFh3TDZ5aDMyRXF1OTFXUjhxblN3OHps T1dLbXF6Z1ZMcXBERkx4MlZIK3lnbTV3b2dhc1FQcmt1NkMxWQplRFdiMElBT1QxUG1OK0JLUWJZ T1lwL1Y2MjFxOTdsa1MzWmtuOHhvZGtNdjNqUGFJVFVNWWZhNnFYTHJVcHJ6CmFhVlVpa3pPSytx bC9Tb05nMlI0czFkSnNSbENtUnlmVE5YQVA3ME9HZ0tBZStSWFQ5WlE5YjkzUmdaUVhhZ0oKUWl1 TUJ6N3ZJWUhYSkx3U1pSeG1Fcy9Xc3M5d0Y5SnVlVnY2aWEzRFVLSENUZFBTbThETTNoTDg3TDBj Ni9aNwpHRnB2Y0lEazEvR1pQS2sxL2pObmtHUVJ3N09ad2lnS2ZiWklkWlIxR2wvR0NOTGN3RGc9 Cj1ZUUZxCi0tLS0tRU5EIFBHUCBTSUdOQVRVUkUtLS0tLQo= --===============0690389680127848624==--