Hello, while updating gnupg, I stumbled over an empty log file (log/gunpg-1.4.23). However, it seems to compile successfully. What is this supposed to mean? Thanks, and best regards, Peter Müller > Hi, > > On Sun, 2018-01-07 at 14:42 +0100, Peter Müller wrote: >> Hello, >> >> while trying to update entire packages in IPFire (some >> of them are outdated) and to fix some bugs, I ran into >> a couple of questions: >> >> (a) How to update entire packages? >> >> As far as I understood, to every package belongs a file >> in lfs/[package_name], containing information about how >> to build, apply patches to it, and so on. > > Yes. > >> It seems like packages are downloaded from https://source.ipfire.org/ , >> but it did not became clear to me how to upload a new >> version of a package to this server. Of course, the >> download URL can be changed manually, but that seems rather >> ugly to me. > > We usually upload everything here manually since the official download mirrors > are always a bit slow and maintainers seem to move their packages around a lot > by moving them to an /old/ directory and then the URLs break. That's not fun. > > So we need to create an LDAP account for you and then you can login to > git.ipfire.org and upload them to /pub/sources/... > >> Unfortunately, I was unable to find a sort of tutorial >> in the wiki for this issue. > > Indeed this isn't being documented. > >> (b) How to apply patches to downloaded packages with changed filenames? >> >> As discussed in December (https://wiki.ipfire.org/devel/telco/2017-12-04), >> I am supposed to have a look at the DEFAULT cipher suite in >> OpenSSL. >> >> To change this value, the .tar.gz file needs to be downloaded >> and unpacked first. After that, the file "ssl/ssl.h" needs to be >> changed. > > We NEVER change the original archives that we download from some project's > website. That makes it impossible to track what has been changed compared to the > official release. So, we use patches. > >> The patch at src/patches/openssl-1.0.2h-weak-ciphers.patch does >> something similar: >> >> diff -Naur openssl-1.0.2h.org/ssl/ssl.h openssl-1.0.2h/ssl/ssl.h >> --- openssl-1.0.2h.org/ssl/ssl.h 2016-05-03 15:44:42.000000000 +0200 >> +++ openssl-1.0.2h/ssl/ssl.h 2016-05-03 18:49:10.393302264 +0200 >> @@ -338,7 +338,7 @@ >> * The following cipher list is used by default. It also is substituted when >> * an application-defined cipher list string starts with 'DEFAULT'. >> */ >> -# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!LOW:!aNULL:!eNULL:!SSLv2" >> +# define SSL_DEFAULT_CIPHER_LIST >> "ALL:!EXPORT:!LOW:!aNULL:!eNULL:!SSLv2:!RC2:!DES" >> /* >> * As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always >> * starts with a reasonable order, and all we have to do for DEFAULT is >> >> But where does the file openssl-[...].org came from? > > That isn't a domain name. It is usually that I extract the archive like this: > > tar xvfa openssl-1.0.2h.tar.gz > > Then I move everything to a new directory that usually gets a ".org" or "- > vanilla" suffix. This is the original version as it comes from the upstream > project. > > Then I extract the tarball again and modify my files. > > And finally I just diff the changed directory against the original one like > this: > > diff -Nur openssl-1.0.2h.org/ openssl-1.0.2h/ > > And that creates the patch. > > For bigger changes I just check out their Git repository and create a new branch > based on the latest release. This is also handy when submitting the patches > upstream. > >> (c) How to build the distribution partly? >> >> In the past, I handed in some patches to allow remote syslogging via >> TCP, too. After some struggles (settings are written by a C program, not >> the CGI file itself), I modified syslogdctrl.c, and the changes were shipped. >> (See https://bugzilla.ipfire.org/show_bug.cgi?id=11540 for details.) >> >> But since this program now crashes with a segfault on my machine (*sigh*), >> it seems like my patch contained some errors. >> >> However, building the entire distribution is somewhat time-consuming >> and not worth the effort for a probably small error. Is there any way >> of just building this C program, and omit the rest? > > You have to build the entire distribution the first time. If you want to rebuild > a single package, you have to delete the log file for that package from the > logs/ directory and run "./make.sh build" again. > > Hope this helps so far. If you have any more questions, please ask. > > Best, > -Michael > >> >> >> Thanks in advance! >> >> Best regards, >> Peter Müller -- "We don't care. We don't have to. We're the Phone Company."