From mboxrd@z Thu Jan 1 00:00:00 1970 From: Peter =?utf-8?q?M=C3=BCller?= To: development@lists.ipfire.org Subject: Re: Question regarding package updates, applying patches, and building Date: Sun, 17 Jun 2018 10:37:49 +0200 Message-ID: In-Reply-To: <1515407669.3685.86.camel@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============5631858186931729954==" List-Id: --===============5631858186931729954== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hello, while updating gnupg, I stumbled over an empty log file (log/gunpg-1.4.23). However, it seems to compile successfully. What is this supposed to mean? Thanks, and best regards, Peter M=C3=BCller > Hi, >=20 > On Sun, 2018-01-07 at 14:42 +0100, Peter M=C3=BCller wrote: >> Hello, >> >> while trying to update entire packages in IPFire (some >> of them are outdated) and to fix some bugs, I ran into >> a couple of questions: >> >> (a) How to update entire packages? >> >> As far as I understood, to every package belongs a file >> in lfs/[package_name], containing information about how >> to build, apply patches to it, and so on. >=20 > Yes. >=20 >> It seems like packages are downloaded from https://source.ipfire.org/ , >> but it did not became clear to me how to upload a new >> version of a package to this server. Of course, the >> download URL can be changed manually, but that seems rather >> ugly to me. >=20 > We usually upload everything here manually since the official download mirr= ors > are always a bit slow and maintainers seem to move their packages around a = lot > by moving them to an /old/ directory and then the URLs break. That's not fu= n. >=20 > So we need to create an LDAP account for you and then you can login to > git.ipfire.org and upload them to /pub/sources/... >=20 >> Unfortunately, I was unable to find a sort of tutorial >> in the wiki for this issue. >=20 > Indeed this isn't being documented. >=20 >> (b) How to apply patches to downloaded packages with changed filenames? >> >> As discussed in December (https://wiki.ipfire.org/devel/telco/2017-12-04), >> I am supposed to have a look at the DEFAULT cipher suite in >> OpenSSL. >> >> To change this value, the .tar.gz file needs to be downloaded >> and unpacked first. After that, the file "ssl/ssl.h" needs to be >> changed. >=20 > We NEVER change the original archives that we download from some project's > website. That makes it impossible to track what has been changed compared t= o the > official release. So, we use patches. >=20 >> The patch at src/patches/openssl-1.0.2h-weak-ciphers.patch does >> something similar: >> >> diff -Naur openssl-1.0.2h.org/ssl/ssl.h openssl-1.0.2h/ssl/ssl.h >> --- openssl-1.0.2h.org/ssl/ssl.h 2016-05-03 15:44:42.000000000 +0200 >> +++ openssl-1.0.2h/ssl/ssl.h 2016-05-03 18:49:10.393302264 +0200 >> @@ -338,7 +338,7 @@ >> * The following cipher list is used by default. It also is substituted w= hen >> * an application-defined cipher list string starts with 'DEFAULT'. >> */ >> -# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!LOW:!aNULL:!eNULL:!SSLv2" >> +# define SSL_DEFAULT_CIPHER_LIST >> "ALL:!EXPORT:!LOW:!aNULL:!eNULL:!SSLv2:!RC2:!DES" >> /* >> * As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always >> * starts with a reasonable order, and all we have to do for DEFAULT is >> >> But where does the file openssl-[...].org came from? >=20 > That isn't a domain name. It is usually that I extract the archive like thi= s: >=20 > tar xvfa openssl-1.0.2h.tar.gz >=20 > Then I move everything to a new directory that usually gets a ".org" or "- > vanilla" suffix. This is the original version as it comes from the upstream > project. >=20 > Then I extract the tarball again and modify my files. >=20 > And finally I just diff the changed directory against the original one like > this: >=20 > diff -Nur openssl-1.0.2h.org/ openssl-1.0.2h/ >=20 > And that creates the patch. >=20 > For bigger changes I just check out their Git repository and create a new b= ranch > based on the latest release. This is also handy when submitting the patches > upstream. >=20 >> (c) How to build the distribution partly? >> >> In the past, I handed in some patches to allow remote syslogging via >> TCP, too. After some struggles (settings are written by a C program, not >> the CGI file itself), I modified syslogdctrl.c, and the changes were shipp= ed. >> (See https://bugzilla.ipfire.org/show_bug.cgi?id=3D11540 for details.) >> >> But since this program now crashes with a segfault on my machine (*sigh*), >> it seems like my patch contained some errors. >> >> However, building the entire distribution is somewhat time-consuming >> and not worth the effort for a probably small error. Is there any way >> of just building this C program, and omit the rest? >=20 > You have to build the entire distribution the first time. If you want to re= build > a single package, you have to delete the log file for that package from the > logs/ directory and run "./make.sh build" again. >=20 > Hope this helps so far. If you have any more questions, please ask. >=20 > Best, > -Michael >=20 >> >> >> Thanks in advance! >> >> Best regards, >> Peter M=C3=BCller --=20 "We don't care. We don't have to. We're the Phone Company." --===============5631858186931729954== Content-Type: application/pgp-signature Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="signature.asc" MIME-Version: 1.0 LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0KCmlRSXpCQUVCQ2dBZEZpRUV2UDRTaUdoRVlE SnlyUkxrMlVqeUQzMTduMmdGQWxzbUhkMEFDZ2tRMlVqeUQzMTcKbjJndzJoQUFoQUxiM29zaUFK QURrckRPaGwvZnR1ZmxuN0hQTU1ZN3NBUHRKUVdQbHM3eHZLYlFmS29IT0NUOQo0K0FYUDNJUzJs TDM4VGdYMnJ2aUNYYU8zZ003YXBLSzlmdUV2clFIYTRQT2laeDE2eCszcVhJL0w3RUNQM3F6CjV5 aC80YVl1dFZjcUV3bVdubDQ2Nk9CK3JLZ2hBOWRMOWZSTmdvYVowQ1BqaHN1c1pReDVHMGJhaXRF dDJuQUwKMzI3RDdxRHh2TkhiZG9vcy8zQWNaWTNaV2VsWDlQdkhpWmwrYVo2TGFDQXVFUElpU2hN Yng4d25icmpWdHY5ZwpiTWg1eGVpYWhOY3VmUWpJMlpYVXZ1Vm5KdTRjc3licnVud2hOakZ3ZnJ6 RU1qTHlNdGdUeFJmdkZHejJnNXQ4CmdLYWtkU0Zpbko2RndrUlJOWG9mL1lWdmxjQitBQk1TMjVY TU5LbDN5dW9TZWVrSURwUlpLdDBQUUdiQ09hSXUKU2FaT3FmcDBRSk8vUTNQUEl3SXRiYkxhNGR0 NFd5eStNTDNJMlBOT1ZGN2xwdWZ0UitPQlJyNTRQUmNmL245egpWVUoxNC9qT2p0TkYzSjNQdjg4 VmF0UDhlWWlkYUdPazN2NG9DSU0zdFQ2aGJwMHJidlVUYVBtS0syWk5mSEFSCjVQUVRQamh0bDMr WXNURzVOT1pad0NoSUdWT1FCYUswcE5LU2FvY3ByNHZzVkVxR0ZOeXZJUnNzVk1Wc3B1UVgKU2dJ YVRldytETFlMVTRvSDAzcUV4RGRBMFMwbElwV0hJU0pRV3YrdTlPTnJJcE4rOG1QSExMQ2pYUWZG ZEgveQplN0trQVVHbXFJQmpMSE1PYmhwUjh1L2FmT0tCNVB5TTRTVTVhMEl1YWxZVzB6ZVRZSlE9 Cj1WUEFJCi0tLS0tRU5EIFBHUCBTSUdOQVRVUkUtLS0tLQo= --===============5631858186931729954==--