From unknown Tue Jun 17 22:27:23 2025 X-Loop: help-debbugs@gnu.org Subject: bug#49530: pycryptodome bundles libtomcrypt, fonts, JavaScript and CSS Resent-From: Maxime Devos Original-Sender: "Debbugs-submit" Resent-CC: 0x2d@disroot.org, bug-guix@gnu.org Resent-Date: Sun, 11 Jul 2021 21:20:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 49530 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: 49530@debbugs.gnu.org Cc: slg <0x2d@disroot.org> X-Debbugs-Original-To: bug-guix@gnu.org X-Debbugs-Original-Xcc: slg <0x2d@disroot.org> Received: via spool by submit@debbugs.gnu.org id=B.162603834516187 (code B ref -1); Sun, 11 Jul 2021 21:20:02 +0000 Received: (at submit) by debbugs.gnu.org; 11 Jul 2021 21:19:05 +0000 Received: from localhost ([127.0.0.1]:35902 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1m2gqu-0004D1-ON for submit@debbugs.gnu.org; Sun, 11 Jul 2021 17:19:04 -0400 Received: from lists.gnu.org ([209.51.188.17]:44680) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1m2gqq-0004Ca-MQ for submit@debbugs.gnu.org; Sun, 11 Jul 2021 17:19:04 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:57094) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1m2gqq-0005n2-5Q for bug-guix@gnu.org; Sun, 11 Jul 2021 17:19:00 -0400 Received: from albert.telenet-ops.be ([2a02:1800:110:4::f00:1a]:50142) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1m2gqn-0004Cd-S4 for bug-guix@gnu.org; Sun, 11 Jul 2021 17:18:59 -0400 Received: from butterfly.local ([213.132.138.115]) by albert.telenet-ops.be with bizsmtp id TxJt2500D2VaLWD06xJupU; Sun, 11 Jul 2021 23:18:54 +0200 Message-ID: From: Maxime Devos Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-Q13TMatb0u1LwnF5gzDt" Date: Sun, 11 Jul 2021 23:17:03 +0200 MIME-Version: 1.0 User-Agent: Evolution 3.34.2 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r21; t=1626038334; bh=CA8j2ttpYjM/hl6Z1mwsF2txe1U/cBWHeAdNPUaPp2o=; h=Subject:From:To:Date; b=kYu3TGYPW6+fCreY9oA0omMYzj2t0LPum8G6xK9U1JpcrKDJoOJJpbVUPtXo1sROm qa39xV7ydnj6DrWtCi2mVKIYQd0RJOaOpoPTr7EmIts5DOeM1WE7Wv2d2z+eWDvxge 2xdaSaaAzh+dGfJq3ITECaXqailheKOYyqT9y+Z9HJOyZ/ufc0TsPaa95c/j9Hhtps uRrHRWSncY45Am+Yu1oW7sffmYZgVx3fc+Z6qZpndtCKmYVWJm05UOt5ICc3jR+sMP LZJdtgEhShtrZO9gFymV3iimboKHZOfSLTQlgREqYK+qO+3LwYx+80CmS0mh0GVkF2 nwwepKsXAFl0Q== Received-SPF: pass client-ip=2a02:1800:110:4::f00:1a; envelope-from=maximedevos@telenet.be; helo=albert.telenet-ops.be X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.3 (--) --=-Q13TMatb0u1LwnF5gzDt Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Debbugs-CC: slg <0x2d@disroot.org> Hi guix, In the context of ;, I looked at the source code of pycryptodome, version 3.10.1. It bundles some fonts, javascript, CSS, and libtomcrypt. That's not the version packaged in guix, but presumably version 3.9.9 has the same issues as well. More specifically, the following things are bundled: Doc/sphinx_rtd_theme/static/js/theme.js: Minified javascript code. It starts with /* sphinx_rtd_theme version 0.4.0 | MIT license */ Doc/sphinx_rtd_theme/static/js/modernizr.min.js: Likewise, and starts with /* Modernizr 2.6.2 (Custom Build) | MIT & BSD */ Doc/sphinx_rtd_theme/static/fonts: Various fonts (=E2=80=98font awesome=E2=80=99, =E2=80=98roboto slab=E2=80=99, =E2=80=98la= to=E2=80=99, =E2=80=98inconsolata=E2=80=99). Doc/sphinx_rtd_theme/static/css: Minified CSS. One file starts with /* sphinx_rtd_theme version 0.4.0 | MIT license */, the other is of unknon origin. There are also 'css.map' files. I don't know what these are. src/libtom: Bundled headers from 'libtomcrypt'. Curiously, I don't see corresponding '.c' files. Greetings, Maxime. --=-Q13TMatb0u1LwnF5gzDt Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- iI0EABYKADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYOtfwhccbWF4aW1lZGV2 b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7mDbAQDB83SvZKTkzTF5ZP25qMSpD+Lo wLEdsboLXrVtDyylGwD+L/l0FVePn2Tj4GIf0K23DH6GB2M3+Hdsli6JvzFtBwg= =GVxC -----END PGP SIGNATURE----- --=-Q13TMatb0u1LwnF5gzDt-- From unknown Tue Jun 17 22:27:23 2025 X-Loop: help-debbugs@gnu.org Subject: bug#49530: pycryptodome bundles libtomcrypt, fonts, JavaScript and CSS Resent-From: Leo Famulari Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Sun, 11 Jul 2021 23:09:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 49530 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Maxime Devos Cc: 49530@debbugs.gnu.org, slg <0x2d@disroot.org> Received: via spool by 49530-submit@debbugs.gnu.org id=B49530.162604489026228 (code B ref 49530); Sun, 11 Jul 2021 23:09:02 +0000 Received: (at 49530) by debbugs.gnu.org; 11 Jul 2021 23:08:10 +0000 Received: from localhost ([127.0.0.1]:36047 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1m2iYR-0006ov-FF for submit@debbugs.gnu.org; Sun, 11 Jul 2021 19:08:10 -0400 Received: from out4-smtp.messagingengine.com ([66.111.4.28]:56191) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1m2iYN-0006oN-3H for 49530@debbugs.gnu.org; Sun, 11 Jul 2021 19:08:06 -0400 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id D6E5C5C0106; Sun, 11 Jul 2021 19:07:55 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute4.internal (MEProxy); Sun, 11 Jul 2021 19:07:55 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=mesmtp; bh=1RXIOVtDH7JLgvSnVBYNQLjY ln9bBZ/V7ra8T6PqR0o=; b=Sgv8AWTBgyxIgrUvT1ivhOvv/qEfJ+6LLybChXfE LgURPdU+CkDB3CO26TGaUdYo2c8e+cvULZUVoR/UAjumqOPI96udKqFqasvFDxRF ypB3xGysw3v3VGcqjuhayb0A8wpCF/+2KYIOHY2xGw62rIi+HrJrzvCHOv7MhXuE gIc= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; bh=1RXIOV tDH7JLgvSnVBYNQLjYln9bBZ/V7ra8T6PqR0o=; b=dGtJKTqfIqB3eztNl4dpGM 320HL5BcjIm11rAsl7k1wntaPov21LEChouNk8xk7j7IF9RJ0WYbIUXFjQoE+8Cl 19ANviMITOEvE+G8UYtJyBULVUyYHcwfqn74xvdOBk/xgExjbkM4CBM2mkXQ1gPt anjbpAWSGDoPyeScWHA5NmqKOO1H+zpjyMK95pUEMT76t9/6a3VrlqTskZWWLZBf YUIKsjM86z1UBSbDmqkJJ5BRAxlfvMORfjkB0GJiMXMi1/ovPJROQHJYqZDAOTzR DT87MOpzJPI8oRd8gLOTnffYO/AGG2VodEKVpFILi5MJKUDRxZjn/L7oklqvYvwg == X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvtddruddugddujecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenuc fjughrpeffhffvuffkfhggtggujgesthdtredttddtvdenucfhrhhomhepnfgvohcuhfgr mhhulhgrrhhiuceolhgvohesfhgrmhhulhgrrhhirdhnrghmvgeqnecuggftrfgrthhtvg hrnhepueekkedtffdvtddugeejgedtvefhueefiedvjeeitdeigedtveejvdejheffvefg necuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomheplhgvoh esfhgrmhhulhgrrhhirdhnrghmvg X-ME-Proxy: Received: by mail.messagingengine.com (Postfix) with ESMTPA; Sun, 11 Jul 2021 19:07:54 -0400 (EDT) Date: Sun, 11 Jul 2021 19:07:52 -0400 From: Leo Famulari Message-ID: References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) On Sun, Jul 11, 2021 at 11:17:03PM +0200, Maxime Devos wrote: > src/libtom: Bundled headers from 'libtomcrypt'. Curiously, I don't see > corresponding '.c' files. Libtomcrypt is commonly embedded into other programs. For example, our Dropbear package contained a modified copy of it for a long time, until commit f72ff06ef8a83a78ad625fe50ee5bb618ea4f37c. It may be that it can be used as a "headers only" library. From unknown Tue Jun 17 22:27:23 2025 X-Loop: help-debbugs@gnu.org Subject: bug#49530: pycryptodome bundles libtomcrypt, fonts, JavaScript and CSS Resent-From: Maxime Devos Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Wed, 14 Jul 2021 10:02:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 49530 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Leo Famulari Cc: 49530@debbugs.gnu.org, slg <0x2d@disroot.org> Received: via spool by 49530-submit@debbugs.gnu.org id=B49530.16262568738514 (code B ref 49530); Wed, 14 Jul 2021 10:02:02 +0000 Received: (at 49530) by debbugs.gnu.org; 14 Jul 2021 10:01:13 +0000 Received: from localhost ([127.0.0.1]:42996 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1m3bhY-0002Cw-T0 for submit@debbugs.gnu.org; Wed, 14 Jul 2021 06:01:13 -0400 Received: from andre.telenet-ops.be ([195.130.132.53]:36536) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1m3bhW-00029F-2r for 49530@debbugs.gnu.org; Wed, 14 Jul 2021 06:01:12 -0400 Received: from butterfly.local ([188.188.219.228]) by andre.telenet-ops.be with bizsmtp id Uy162500W4wFxCU01y175A; Wed, 14 Jul 2021 12:01:08 +0200 Message-ID: <5688ca3f46593b1ed9af0b61eb76e870b86e9611.camel@telenet.be> From: Maxime Devos Date: Wed, 14 Jul 2021 12:01:01 +0200 In-Reply-To: References: Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-Bjh6x2TEh+1/4oJMRFt+" User-Agent: Evolution 3.34.2 MIME-Version: 1.0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r21; t=1626256868; bh=D9YTkeZpdCQXPImZeJPr12Fm2+6cY1pQYjS2MG+ffio=; h=Subject:From:To:Cc:Date:In-Reply-To:References; b=RWp7UHPAgAxeG45EaUEuOrK/kT799FfRrwdKRX9j1fcxOUNcgE4qiVTocIhVMD+Zs yReOUHp3oD0r3foAZxfi5bhYTXhnQ5VEvMhmJ9c/0vThyBHxRVtDhBkQOjgKXiCig2 sZ/xkbIxjJFo0ajcXgHEudryTJErJhtMFi+yzebaTfuZyDMn5goH22VNPKcYrCYdX7 o/iNUoZ/7CKyikY+eocDHdev6KkqtM/8T2ynjH0ye6pqKbE5BmeVgpEmrAzkVU9wcj kafSKJ4shAcEEcijZXQ4Hpxm2yFWaN6xuWvh3Z1mjy1GR11aalX3UXtT9PBG29GK7m vn9mJ5BiZ6KAg== X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) --=-Bjh6x2TEh+1/4oJMRFt+ Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Leo Famulari schreef op zo 11-07-2021 om 19:07 [-0400]: > On Sun, Jul 11, 2021 at 11:17:03PM +0200, Maxime Devos wrote: > > src/libtom: Bundled headers from 'libtomcrypt'. Curiously, I don't see > > corresponding '.c' files. >=20 > Libtomcrypt is commonly embedded into other programs. For example, our > Dropbear package contained a modified copy of it for a long time, until > commit f72ff06ef8a83a78ad625fe50ee5bb618ea4f37c. >=20 > It may be that it can be used as a "headers only" library. It turns out there is a C file after all: tomcrypt_des.c. I sent a patch (https://issues.guix.gnu.org/49543) to unbundle it and the headers. Greetings, Maxime. --=-Bjh6x2TEh+1/4oJMRFt+ Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- iIwEABYKADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYO613RccbWF4aW1lZGV2 b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7irlAPY3UtdKrIF5sN4MyqY3toMXMWUo ZjKSmpI1ilj/NrNCAQCPMnHMzXbbuUVrMlp7Za5yF+CXEVB7cvBMMYcZEz+9AQ== =Fme0 -----END PGP SIGNATURE----- --=-Bjh6x2TEh+1/4oJMRFt+--