Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 79161 - libsoup-2.2.1 won't build after gnutls-1.1.23 upgrade
Summary: libsoup-2.2.1 won't build after gnutls-1.1.23 upgrade
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: New packages (show other bugs)
Hardware: All All
: High normal (vote)
Assignee: Crypto team [DISABLED]
URL: http://bugzilla.ximian.com/show_bug.c...
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2005-01-22 17:01 UTC by Scott Taylor (RETIRED)
Modified: 2005-02-18 15:07 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Scott Taylor (RETIRED) gentoo-dev 2005-01-22 17:01:49 UTC 
soup-gnutls.c: In function `verify_certificate':
soup-gnutls.c:64: error: `GNUTLS_CERT_NOT_TRUSTED' undeclared (first use in this function)
soup-gnutls.c:64: error: (Each undeclared identifier is reported only once
soup-gnutls.c:64: error: for each function it appears in.)
make[3]: *** [soup-gnutls.lo] Error 1

gnutls-1.1.23 only mentions that name in the changelog:
2003-11-01  Nikos Mavrogiannopoulos <nmav@gnutls.org>
        * GNUTLS_CERT_NOT_TRUSTED was replaced by GNUTLS_CERT_INVALID, to
          avoid having two flags for the same thing.

gnutls-1.0.23 did define it:
./includes/gnutls/compat8.h:#define GNUTLS_CERT_NOT_TRUSTED GNUTLS_CERT_INVALID

I plan to nuke the GNUTLS_CERT_NOT_TRUSTED mention from libsoup, as its pretty
much not needed, and breaks building with the new gnutls.
Comment 1 Scott Taylor (RETIRED) gentoo-dev 2005-01-22 17:31:37 UTC 
fixed in cvs.

has_version ">=net-libs/gnutls-1.1.23" && sed -e's|GNUTLS_CERT_NOT_TRUSTED|0|g' -i ${S}/libsoup/soup-gnutls.c
Comment 2 foser (RETIRED) gentoo-dev 2005-02-09 14:28:46 UTC 
swtaylor, you are aware that your fix is breaking in 2 ways ?

1. it sets the def to 0, while it just should be reset to GNUTLS_CERT_INVALID (dunno why you choose to not do the obvious thing?)
2. it might break ABI compatability, if someone compiled this with an old enough version of gnutls and only later on upgrades gnutls there's the chance of a symbol missing. You should just always apply the patch (given that GNUTLS_CERT_INVALID has been around long enough).
Comment 3 Daniel Black (RETIRED) gentoo-dev 2005-02-10 03:36:00 UTC 
1. yes - doubly bad because GNUTLS_CERT_INVALID=2 - fixed now cause it was real bad(tm)
2. unlikely. There has been two API changes from 1.0.23 to 1.2.0. Users would of had to do a revdev-rebuild after the last upgrade.

Also:

In gnutls-1.0.23 and gnutls-1.0.17, GNUTLS_CERT_INVALID is a #defines of GNUTLS_CERT_INVALID. They are set at compile time shouldn't be a problem.

fgrep -r GNUTLS_CERT_INVALID 
./usr/include/gnutls/gnutls.h:  GNUTLS_CERT_INVALID=2, /* will be set if the certificate
./usr/include/gnutls/compat8.h:#define GNUTLS_CERT_NOT_TRUSTED GNUTLS_CERT_INVALID

Fixed sed to: sed -e's|GNUTLS_CERT_NOT_TRUSTED|GNUTLS_CERT_INVALID|g'

This has been upstream for a while.

Any other issues?
Comment 4 foser (RETIRED) gentoo-dev 2005-02-10 06:00:06 UTC 
point 2 might be unlikely (i already phrased it conservative in my initial comment), but with the amount of users & resulting setups we have, why take the chance ? The dep at least (the only form of control) is not exclusive enough.
Comment 5 Daniel Black (RETIRED) gentoo-dev 2005-02-17 04:51:04 UTC 
libsoup depend on >=app-crypt/gnutls-1.0.17?
Comment 6 foser (RETIRED) gentoo-dev 2005-02-18 06:32:46 UTC 
hypothetical case (should be >=1.1.23 if you apply the patch conditionally, but that doesn't make sense). Just always apply the patch, the conditional is unneeded & a possible source of ABI problems later on.
Comment 7 Daniel Black (RETIRED) gentoo-dev 2005-02-18 15:07:10 UTC 
changed to use patch from upstream unconditionally.