Re: perl-CryptX package
Hi Denis, On 25/04/16 20:24, Denis Fateyev wrote: Hello Paul, On Mon, Apr 25, 2016 at 4:45 PM, Paul Howarth mailto:p...@city-fan.org>> wrote: Hi Dennis, On 22/11/15 15:28, Denis Fateyev wrote: On Sun, Nov 22, 2015 at 5:20 PM, Paul Howarth mailto:p...@city-fan.org>> wrote: As a data point of interest, I unbundled libtomcrypt from python-crypto when it became possible: https://bugzilla.redhat.com/show_bug.cgi?id=1087557 Paul. Thanks for the answer. Under these circumstances I should consider to unbundle it too. By the way, the last official "libtomcrypt" release happened more than 5 years ago. There was no new official release since that and it's a bit of problem due a lot of historical code and changes were made after that (hundreds of commits). I'll try to contact libtom people on Github, maybe they will bother to prepare a new release. Did you make any progress with the perl-CryptX packaging? It has now become a dependency of perl-Net-SSH-Perl, so I'd like to see it in Fedora. Not really, since I had to unbundle "libtomcrypt" and "libtommath" first as mentioned above, and it takes some time which I don't have right now. CryptX won't go well with the "libtomcrypt" packaged in Fedora, since the packaged version is too aged. Before updating "libtomcrypt" we also have to update "libtommath" [1] and "tomsfastmath" [2]. The "libtommath" update has been tested for Fedora pretty well [3] and can be updated easily, but as for other two more work on preparing new versions, testing and packaging is required. Considering all of this, the "proper" unbundled CryptX version cannot be prepared right now, although we can solve dependencies step by step. As for the plans, next month I'm going to start testing "tomsfastmath" in order to help with preparing a new release. After that, the same way with "libtomcrypt", and then CryptX. I talked to Karel, the CryptX's author, and we agreed that a configure switch which allows to use "libtomcrypt" system library would be useful, so in perspective the unbundling process should be even less problematic. Thanks, [1] https://github.com/libtom/libtommath [2] https://github.com/libtom/tomsfastmath [3] https://github.com/libtom/libtommath/issues/35 Given the relaxation in library bundling rules for Fedora now, is a perl-CryptX package now viable? Paul. ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
Re: perl-CryptX package
Hello Paul, On Mon, Apr 25, 2016 at 4:45 PM, Paul Howarth wrote: > Hi Dennis, > > On 22/11/15 15:28, Denis Fateyev wrote: > >> On Sun, Nov 22, 2015 at 5:20 PM, Paul Howarth wrote: >> >> >>> As a data point of interest, I unbundled libtomcrypt from python-crypto >>> when it became possible: >>> >>> https://bugzilla.redhat.com/show_bug.cgi?id=1087557 >>> >>> Paul. >>> >>> >> Thanks for the answer. Under these circumstances I should consider to >> unbundle it too. >> >> By the way, the last official "libtomcrypt" release happened more than 5 >> years ago. There was no new official release since that and it's a bit of >> problem due a lot of historical code and changes were made after that >> (hundreds of commits). I'll try to contact libtom people on Github, maybe >> they will bother to prepare a new release. >> > > Did you make any progress with the perl-CryptX packaging? It has now > become a dependency of perl-Net-SSH-Perl, so I'd like to see it in Fedora. > Not really, since I had to unbundle "libtomcrypt" and "libtommath" first as mentioned above, and it takes some time which I don't have right now. CryptX won't go well with the "libtomcrypt" packaged in Fedora, since the packaged version is too aged. Before updating "libtomcrypt" we also have to update "libtommath" [1] and "tomsfastmath" [2]. The "libtommath" update has been tested for Fedora pretty well [3] and can be updated easily, but as for other two more work on preparing new versions, testing and packaging is required. Considering all of this, the "proper" unbundled CryptX version cannot be prepared right now, although we can solve dependencies step by step. As for the plans, next month I'm going to start testing "tomsfastmath" in order to help with preparing a new release. After that, the same way with "libtomcrypt", and then CryptX. I talked to Karel, the CryptX's author, and we agreed that a configure switch which allows to use "libtomcrypt" system library would be useful, so in perspective the unbundling process should be even less problematic. Thanks, [1] https://github.com/libtom/libtommath [2] https://github.com/libtom/tomsfastmath [3] https://github.com/libtom/libtommath/issues/35 -- wbr, Denis. -- Fedora Extras Perl SIG http://www.fedoraproject.org/wiki/Extras/SIGs/Perl perl-devel mailing list perl-devel@lists.fedoraproject.org http://lists.fedoraproject.org/admin/lists/perl-devel@lists.fedoraproject.org
Re: perl-CryptX package
Hi Dennis, On 22/11/15 15:28, Denis Fateyev wrote: On Sun, Nov 22, 2015 at 5:20 PM, Paul Howarth wrote: As a data point of interest, I unbundled libtomcrypt from python-crypto when it became possible: https://bugzilla.redhat.com/show_bug.cgi?id=1087557 Paul. Thanks for the answer. Under these circumstances I should consider to unbundle it too. By the way, the last official "libtomcrypt" release happened more than 5 years ago. There was no new official release since that and it's a bit of problem due a lot of historical code and changes were made after that (hundreds of commits). I'll try to contact libtom people on Github, maybe they will bother to prepare a new release. Did you make any progress with the perl-CryptX packaging? It has now become a dependency of perl-Net-SSH-Perl, so I'd like to see it in Fedora. Paul. -- Fedora Extras Perl SIG http://www.fedoraproject.org/wiki/Extras/SIGs/Perl perl-devel mailing list perl-devel@lists.fedoraproject.org http://lists.fedoraproject.org/admin/lists/perl-devel@lists.fedoraproject.org
Re: perl-CryptX package
On Sat, Nov 21, 2015 at 03:25:00AM +0600, Denis Fateyev wrote: > I'm going to package CryptX Perl module [1] soon. > > The only concern is that it contains a lot of XS-based code of ciphers and > hashes that can be probably considered as bundled. Mostly the used > routines, including sha1, sha2 and md5 implementations, are based on > LibTomCrypt library [2, 3]. > > Neither this library components nor all algo related are mentioned in > Bundled library policies [4]. So the question is: should we threat this > very case as bundled libs presence? Are there any objections against this > module to be packaged "as is", in its current state? > I really recommend to unbundle. Especially when it's about cryptography. If you could not, than you wold have go through all the bundling procedures. Currently, the bundling guidelines are removed. Latest draft proposes packagers will be free to bundle if upstream does not support building against system libraries. But before doing that, Fedora Packaging Comittee will have to acknowldge the "Provides: bundle(SYMBOL)". -- Petr signature.asc Description: PGP signature -- Fedora Extras Perl SIG http://www.fedoraproject.org/wiki/Extras/SIGs/Perl perl-devel mailing list perl-devel@lists.fedoraproject.org http://lists.fedoraproject.org/admin/lists/perl-devel@lists.fedoraproject.org
Re: perl-CryptX package
On Sun, Nov 22, 2015 at 5:20 PM, Paul Howarth wrote: > > As a data point of interest, I unbundled libtomcrypt from python-crypto > when it became possible: > > https://bugzilla.redhat.com/show_bug.cgi?id=1087557 > > Paul. > Thanks for the answer. Under these circumstances I should consider to unbundle it too. By the way, the last official "libtomcrypt" release happened more than 5 years ago. There was no new official release since that and it's a bit of problem due a lot of historical code and changes were made after that (hundreds of commits). I'll try to contact libtom people on Github, maybe they will bother to prepare a new release. -- wbr, Denis. -- Fedora Extras Perl SIG http://www.fedoraproject.org/wiki/Extras/SIGs/Perl perl-devel mailing list perl-devel@lists.fedoraproject.org http://lists.fedoraproject.org/admin/lists/perl-devel@lists.fedoraproject.org
Re: perl-CryptX package
On Sat, 21 Nov 2015 03:25:00 +0600 Denis Fateyev wrote: > Hello there, > > I'm going to package CryptX Perl module [1] soon. > > The only concern is that it contains a lot of XS-based code of > ciphers and hashes that can be probably considered as bundled. Mostly > the used routines, including sha1, sha2 and md5 implementations, are > based on LibTomCrypt library [2, 3]. > > Neither this library components nor all algo related are mentioned in > Bundled library policies [4]. So the question is: should we threat > this very case as bundled libs presence? Are there any objections > against this module to be packaged "as is", in its current state? > > Thanks, > > [1] https://metacpan.org/pod/CryptX > > [2] http://www.libtom.net > > [3] https://github.com/libtom/libtomcrypt > > [4] > https://fedoraproject.org/w/index.php?title=Packaging:No_Bundled_Libraries&oldid=406058 As a data point of interest, I unbundled libtomcrypt from python-crypto when it became possible: https://bugzilla.redhat.com/show_bug.cgi?id=1087557 Paul. -- Fedora Extras Perl SIG http://www.fedoraproject.org/wiki/Extras/SIGs/Perl perl-devel mailing list perl-devel@lists.fedoraproject.org http://lists.fedoraproject.org/admin/lists/perl-devel@lists.fedoraproject.org
perl-CryptX package
Hello there, I'm going to package CryptX Perl module [1] soon. The only concern is that it contains a lot of XS-based code of ciphers and hashes that can be probably considered as bundled. Mostly the used routines, including sha1, sha2 and md5 implementations, are based on LibTomCrypt library [2, 3]. Neither this library components nor all algo related are mentioned in Bundled library policies [4]. So the question is: should we threat this very case as bundled libs presence? Are there any objections against this module to be packaged "as is", in its current state? Thanks, [1] https://metacpan.org/pod/CryptX [2] http://www.libtom.net [3] https://github.com/libtom/libtomcrypt [4] https://fedoraproject.org/w/index.php?title=Packaging:No_Bundled_Libraries&oldid=406058 -- wbr, Denis. -- Fedora Extras Perl SIG http://www.fedoraproject.org/wiki/Extras/SIGs/Perl perl-devel mailing list perl-devel@lists.fedoraproject.org http://lists.fedoraproject.org/admin/lists/perl-devel@lists.fedoraproject.org
