Re: Wget bootstrapping problem
On 05.05.20 03:14, Bruno Haible wrote: > Paul Eggert wrote: >>> We could switch the order such that Wget is the default and rsync is used >>> as a >>> fallback >> >> That sounds better than reverting, no? Perhaps you could propose a patch. > > No. From the point of security, "wget as default and rsync as fallback" is > just as bad as "rsync always". Why? [1] Look at the SSLv3 / TLSv1.0 history. > People believed that "SSLv3 is insecure, but since it's only used as a > fallback, it doesn't matter". Until someone discovered a way to trick the > fallback to be activated always [2]... > > rsync is not secure. We should not enable it again. > > Regarding the bootstrapping problem, why not build wget in two steps: > 1. Bootstrap with no PO files. This produces a non-internationalized wget > binary. > 2. Bootstrap again, using the wget binary from step 1 to fetch the PO files. > > The 'bootstrap' script has an option '--skip-po'. The gnulib-tool script > should behave the same way if you don't pass the --po-base=... option to it. > > If necessary, we can add another option to gnulib-tool to avoid fetching PO > files and/or to avoid the use of wget. I fully agree with Bruno. We could also check for an existing wget in bootstrap.conf and set SKIP_PO=1 if not found. While it 'just works' it also disguises the real problem and the user might get something unexpected (non-internationalized wget). Regards, Tim > > Bruno > > [1] https://en.wikipedia.org/wiki/Downgrade_attack > [2] https://en.wikipedia.org/wiki/POODLE > > signature.asc Description: OpenPGP digital signature
Re: Wget bootstrapping problem
> We could also check for an existing wget in bootstrap.conf and set > SKIP_PO=1 if not found. While it 'just works' it also disguises the real > problem and the user might get something unexpected > (non-internationalized wget). Alternatively, you could change the build system so that - 'make' recurses into the 'po/' directory only after 'src/', - Fetching the PO files is done through po/Makefile, not bootstrap, - po/Makefile uses src/wget, if not cross-compiling, instead of wget from $PATH. Bruno
Re: Wget bootstrapping problem
On Wed, May 6, 2020 at 4:22 AM Tim Rühsen wrote: > > On 05.05.20 03:14, Bruno Haible wrote: > > Paul Eggert wrote: > >>> We could switch the order such that Wget is the default and rsync is used > >>> as a > >>> fallback > >> > >> That sounds better than reverting, no? Perhaps you could propose a patch. > > > > No. From the point of security, "wget as default and rsync as fallback" is > > just as bad as "rsync always". Why? [1] Look at the SSLv3 / TLSv1.0 history. > > People believed that "SSLv3 is insecure, but since it's only used as a > > fallback, it doesn't matter". Until someone discovered a way to trick the > > fallback to be activated always [2]... > > > > rsync is not secure. We should not enable it again. > > > > Regarding the bootstrapping problem, why not build wget in two steps: > > 1. Bootstrap with no PO files. This produces a non-internationalized wget > > binary. > > 2. Bootstrap again, using the wget binary from step 1 to fetch the PO > > files. > > > > The 'bootstrap' script has an option '--skip-po'. The gnulib-tool script > > should behave the same way if you don't pass the --po-base=... option to it. > > > > If necessary, we can add another option to gnulib-tool to avoid fetching PO > > files and/or to avoid the use of wget. > > I fully agree with Bruno. > > We could also check for an existing wget in bootstrap.conf and set > SKIP_PO=1 if not found. While it 'just works' it also disguises the real > problem and the user might get something unexpected > (non-internationalized wget). How about a --disable-translation configure option similar to --disable-docs. That should get you over the bootsrap hurdle. But it assumes you have a adequate Unistring and OpenSSL. (From experience with some older systems and ransomware systems, I've found the minimum components needed to build Wget are Unistring and OpenSSL: https://github.com/noloader/Build-Scripts/tree/master/bootstrap). Jeff
argp-version-etc broken on OpenIndiana
Hello there! I just tried to build Inetutils with a freshly updated Gnulib source, doing so for the first time in perhaps three weeks on my regular OpenIndiana system with gcc-4.3.3. To my surprice Gnulib source wreeks havoc on the file `argp-version-etc'. A build log is attached. My guess is that `ctype_iso.h' is the point of failure, but also `version-etc.h' afronts as a strong candidate. On behalf of the GNU Inetutils Project, Mats Erik Andersson make: Entering directory `/tmp/bygg' make all-recursive make[1]: Entering directory `/tmp/bygg' Making all in lib make[2]: Entering directory `/tmp/bygg/lib' GENalloca.h GENarpa/inet.h GENdirent.h GENfcntl.h GENgetopt.h GENgetopt-cdefs.h GENglob.h GENinttypes.h GENlanginfo.h GENlimits.h GENlocale.h GENnetdb.h GENpoll.h GENpty.h GENsignal.h GENstdalign.h GENstddef.h GENstdint.h GENstdio.h GENstdlib.h GENstring.h GENstrings.h GENsys/ioctl.h GENsys/select.h GENsys/socket.h GENsys/stat.h GENsys/time.h GENsys/types.h GENsys/uio.h GENtermios.h GENtime.h GENunistd.h GENwchar.h GENwctype.h make all-recursive make[3]: Entering directory `/tmp/bygg/lib' make[4]: Entering directory `/tmp/bygg/lib' CC argp-ba.o CC argp-eexst.o CC argp-fmtstream.o CC argp-fs-xinl.o CC argp-help.o CC argp-parse.o CC argp-pin.o CC argp-pv.o CC argp-pvh.o CC argp-xinl.o CC argp-version-etc.o In file included from /tmp/iu-master/lib/argp-version-etc.c:18: /tmp/iu-master/lib/version-etc.h: In function 'version_etc': /tmp/iu-master/lib/version-etc.h:73: error: expected declaration specifiers before '_GL_ATTRIBUTE_SENTINEL' /tmp/iu-master/lib/version-etc.h:76: error: storage class specified for parameter 'emit_bug_reporting_address' In file included from /usr/include/ctype.h:36, from /tmp/iu-master/lib/argp.h:23, from /tmp/iu-master/lib/argp-version-etc.c:19: /usr/include/iso/ctype_iso.h:81: error: storage class specified for parameter 'isalnum' /usr/include/iso/ctype_iso.h:82: error: storage class specified for parameter 'isalpha' /usr/include/iso/ctype_iso.h:83: error: storage class specified for parameter 'iscntrl' /usr/include/iso/ctype_iso.h:84: error: storage class specified for parameter 'isdigit' /usr/include/iso/ctype_iso.h:85: error: storage class specified for parameter 'isgraph' /usr/include/iso/ctype_iso.h:86: error: storage class specified for parameter 'islower' /usr/include/iso/ctype_iso.h:87: error: storage class specified for parameter 'isprint' /usr/include/iso/ctype_iso.h:88: error: storage class specified for parameter 'ispunct' /usr/include/iso/ctype_iso.h:89: error: storage class specified for parameter 'isspace' /usr/include/iso/ctype_iso.h:90: error: storage class specified for parameter 'isupper' /usr/include/iso/ctype_iso.h:91: error: storage class specified for parameter 'isxdigit' /usr/include/iso/ctype_iso.h:99: error: storage class specified for parameter 'tolower' /usr/include/iso/ctype_iso.h:100: error: storage class specified for parameter 'toupper' /usr/include/iso/ctype_iso.h:106: error: storage class specified for parameter '__ctype' /usr/include/iso/ctype_iso.h:107: error: storage class specified for parameter '__ctype_mask' /usr/include/iso/ctype_iso.h:108: error: storage class specified for parameter '__trans_upper' /usr/include/iso/ctype_iso.h:109: error: storage class specified for parameter '__trans_lower' In file included from /usr/include/ctype.h:37, from /tmp/iu-master/lib/argp.h:23, from /tmp/iu-master/lib/argp-version-etc.c:19: /usr/include/iso/ctype_c99.h:59: error: storage class specified for parameter 'isblank' In file included from /tmp/iu-master/lib/argp.h:23, from /tmp/iu-master/lib/argp-version-etc.c:19: /usr/include/ctype.h:69: error: storage class specified for parameter 'isascii' /usr/include/ctype.h:70: error: storage class specified for parameter 'toascii' /usr/include/ctype.h:71: error: storage class specified for parameter '_tolower' /usr/include/ctype.h:72: error: storage class specified for parameter '_toupper' In file included from ./getopt.h:34, from /tmp/iu-master/lib/argp.h:24, from /tmp/iu-master/lib/argp-version-etc.c:19: /usr/include/getopt.h:62: error: storage class specified for parameter 'optarg' /usr/include/getopt.h:63: error: storage class specified for parameter 'opterr' /usr/include/getopt.h:64: error: storage class specified for parameter 'optind' /usr/include/getopt.h:65: error: storage class specified for parameter 'optopt' /usr/include/getopt.h:72: error: storage class specified for parameter 'getopt_long' /usr/include/getopt.h:74: error: storage class specified for parameter 'getopt_long_only' /usr/includ
Re: argp-version-etc broken on OpenIndiana
Hello again, looking at Hydra/Nixos, the autobuild system failed due to commit c08f85d made three days ago to gnulib, and it has not recovered since then. This seems to correspond to my report. Regards, Mats E Andersson [1] http://hydra.nixos.org/jobset/gnu/inetutils-master
Re: argp-version-etc broken on OpenIndiana
Ah, I missed a use of that attribute within Gnulib when installing the recent changes for __has_attribute. I installed the attached patch to fix it, and the followup two patches (also attached) to fix some style nits I noticed while fixing the bug. Thanks for reporting it. >From 63dcb4d03efd09db847635daaa34d5a907f5be2c Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Wed, 6 May 2020 15:51:10 -0700 Subject: [PATCH 1/3] Fix version-etc glitch on OpenIndiana Problem reported by Mats Erik Andersson in: https://lists.gnu.org/r/bug-gnulib/2020-05/msg00067.html * lib/version-etc.h (_GL_ATTRIBUTE_SENTINEL): Remove defn that now clashes with gnulib-common.h. All uses changed. --- ChangeLog | 8 lib/version-etc.h | 11 +-- 2 files changed, 9 insertions(+), 10 deletions(-) diff --git a/ChangeLog b/ChangeLog index 693671e46..bd7219102 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,11 @@ +2020-05-06 Paul Eggert + + Fix version-etc glitch on OpenIndiana + Problem reported by Mats Erik Andersson in: + https://lists.gnu.org/r/bug-gnulib/2020-05/msg00067.html + * lib/version-etc.h (_GL_ATTRIBUTE_SENTINEL): Remove defn + that now clashes with gnulib-common.h. All uses changed. + 2020-05-03 Paul Eggert attribute: new module diff --git a/lib/version-etc.h b/lib/version-etc.h index 73cad566d..813084c3d 100644 --- a/lib/version-etc.h +++ b/lib/version-etc.h @@ -22,15 +22,6 @@ # include # include -/* The 'sentinel' attribute was added in gcc 4.0. */ -#ifndef _GL_ATTRIBUTE_SENTINEL -# if 4 <= __GNUC__ -# define _GL_ATTRIBUTE_SENTINEL __attribute__ ((__sentinel__)) -# else -# define _GL_ATTRIBUTE_SENTINEL /* empty */ -# endif -#endif - extern const char version_etc_copyright[]; /* The three functions below display the --version information in the @@ -70,7 +61,7 @@ extern void version_etc (FILE *stream, const char *command_name, const char *package, const char *version, /* const char *author1, ..., NULL */ ...) - _GL_ATTRIBUTE_SENTINEL; + _GL_ATTRIBUTE_SENTINEL (); /* Display the usual "Report bugs to" stanza. */ extern void emit_bug_reporting_address (void); -- 2.17.1 >From 2f06af8d695c4ccc33840797d646f1ec94ce804c Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Wed, 6 May 2020 15:51:32 -0700 Subject: [PATCH 2/3] * lib/attribute.h: Minor style fixes. --- ChangeLog | 2 ++ lib/attribute.h | 12 ++-- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/ChangeLog b/ChangeLog index bd7219102..e2b1bfb56 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,7 @@ 2020-05-06 Paul Eggert + * lib/attribute.h: Minor style fixes. + Fix version-etc glitch on OpenIndiana Problem reported by Mats Erik Andersson in: https://lists.gnu.org/r/bug-gnulib/2020-05/msg00067.html diff --git a/lib/attribute.h b/lib/attribute.h index bb7c550f1..a4e12dfc6 100644 --- a/lib/attribute.h +++ b/lib/attribute.h @@ -33,26 +33,26 @@ /* Selected GCC attributes; see: https://gcc.gnu.org/onlinedocs/gcc/Common-Function-Attributes.html These names begin with 'ATTRIBUTE_' to avoid name clashes. */ -#define ATTRIBUTE_ALLOC_SIZE(args) _GL_ATTRIBUTE_ALLOC_SIZE(args) +#define ATTRIBUTE_ALLOC_SIZE(args) _GL_ATTRIBUTE_ALLOC_SIZE (args) #define ATTRIBUTE_ALWAYS_INLINE _GL_ATTRIBUTE_ALWAYS_INLINE #define ATTRIBUTE_ARTIFICIAL _GL_ATTRIBUTE_ARTIFICIAL #define ATTRIBUTE_COLD _GL_ATTRIBUTE_COLD #define ATTRIBUTE_CONST _GL_ATTRIBUTE_CONST #define ATTRIBUTE_DEPRECATED _GL_ATTRIBUTE_DEPRECATED -#define ATTRIBUTE_ERROR(msg) _GL_ATTRIBUTE_ERROR(msg) +#define ATTRIBUTE_ERROR(msg) _GL_ATTRIBUTE_ERROR (msg) #define ATTRIBUTE_EXTERNALLY_VISIBLE _GL_ATTRIBUTE_EXTERNALLY_VISIBLE -#define ATTRIBUTE_FORMAT(spec) _GL_ATTRIBUTE_FORMAT(spec) +#define ATTRIBUTE_FORMAT(spec) _GL_ATTRIBUTE_FORMAT (spec) #define ATTRIBUTE_LEAF _GL_ATTRIBUTE_LEAF #define ATTRIBUTE_MAY_ALIAS _GL_ATTRIBUTE_MAY_ALIAS #define ATTRIBUTE_MALLOC _GL_ATTRIBUTE_MALLOC #define ATTRIBUTE_NOINLINE _GL_ATTRIBUTE_NOINLINE -#define ATTRIBUTE_NONNULL(args) _GL_ATTRIBUTE_NONNULL(args) +#define ATTRIBUTE_NONNULL(args) _GL_ATTRIBUTE_NONNULL (args) #define ATTRIBUTE_NONSTRING _GL_ATTRIBUTE_NONSTRING #define ATTRIBUTE_NOTHROW _GL_ATTRIBUTE_NOTHROW #define ATTRIBUTE_PACKED _GL_ATTRIBUTE_PACKED #define ATTRIBUTE_PURE _GL_ATTRIBUTE_PURE #define ATTRIBUTE_RETURNS_NONNULL _GL_ATTRIBUTE_RETURNS_NONNULL -#define ATTRIBUTE_SENTINEL(pos) _GL_ATTRIBUTE_SENTINEL(pos) -#define ATTRIBUTE_WARNING(msg) _GL_ATTRIBUTE_WARNING(msg) +#define ATTRIBUTE_SENTINEL(pos) _GL_ATTRIBUTE_SENTINEL (pos) +#define ATTRIBUTE_WARNING(msg) _GL_ATTRIBUTE_WARNING (msg) #endif /* _GL_ATTRIBUTE_H */ -- 2.17.1 >From 2e3f0c910896a52ce0944bd04d4da3413682cf1f Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Wed, 6 May 2020 15:51:49 -0700 Subject: [PATCH 3/3] * m4/gnulib-common.m4 (gl_COMMON_BODY): Minor style fixes. --- ChangeLog | 2 ++ m4/gnulib-common.m4 |
