From unknown Fri Jun 20 18:10:30 2025 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) Content-Type: text/plain; charset=utf-8 From: bug#56867 <56867@debbugs.gnu.org> To: bug#56867 <56867@debbugs.gnu.org> Subject: Status: [PATCH] download: Do not wrap TLS port on GnuTLS >= 3.7.7. Reply-To: bug#56867 <56867@debbugs.gnu.org> Date: Sat, 21 Jun 2025 01:10:30 +0000 retitle 56867 [PATCH] download: Do not wrap TLS port on GnuTLS >=3D 3.7.7. reassign 56867 guix-patches submitter 56867 Ludovic Court=C3=A8s severity 56867 normal tag 56867 patch thanks From debbugs-submit-bounces@debbugs.gnu.org Mon Aug 01 05:08:10 2022 Received: (at submit) by debbugs.gnu.org; 1 Aug 2022 09:08:10 +0000 Received: from localhost ([127.0.0.1]:39255 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oIRPG-0001KS-0O for submit@debbugs.gnu.org; Mon, 01 Aug 2022 05:08:10 -0400 Received: from lists.gnu.org ([209.51.188.17]:45622) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oIRPD-0001KG-Gz for submit@debbugs.gnu.org; Mon, 01 Aug 2022 05:08:08 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:36778) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oIRPA-0002NF-4g; Mon, 01 Aug 2022 05:08:05 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:45638) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oIRP9-0007hv-N2; Mon, 01 Aug 2022 05:08:03 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:Date:Subject:To:From:in-reply-to: references; bh=HCoMK1K2ppAmZLSTpV80QUzxKhuvaQ+EdXehIf+i8C8=; b=gqxEA3cKoYZ014 +mvcpT1iSU9Z5bGFT4ns5yB8BtuKoUE3LtNXkf7bSFus9t++vTBrcvJLI5tp5AWsAArWG/7LF8Q3K Cwc+/8O+wC39iVEIHkKFPi0flQ05MsbAFh4l6ezH+MBQYO4fTWBn4LE1Sg3ja4gw1Vf5jX35TxmD+ F7BEOMXc0vaGXlpKHKFoKytdvFBS5TT/1L8GzVdEFdjPhI9sUzfe/jVyvvHtUKANnxgkT9Rzk8KxG PeRKj0Tz2r4itS1May2oEO3sfXxsf39ra9HGQE3HkxRBB+k75k2UCoOOmhjjSbcrQRsUZXXTbtb+3 85bid4gTzWza6oQVt4zw==; Received: from [193.50.110.235] (port=43010 helo=gnu.org) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1oIRP8-0007G3-Ia; Mon, 01 Aug 2022 05:08:03 -0400 From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= To: guix-patches@gnu.org Subject: [PATCH] download: Do not wrap TLS port on GnuTLS >= 3.7.7. Date: Mon, 1 Aug 2022 11:07:49 +0200 Message-Id: <20220801090749.11655-1-ludo@gnu.org> X-Mailer: git-send-email 2.37.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: submit Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= , guile-devel@gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) The custom input/output port wrapping the TLS session record port would introduce overhead, and it would also prevent its uses in a non-blocking context--e.g., with Fibers. The port close mechanism added in GnuTLS 3.7.7 allows us to get rid of that wrapper. * guix/build/download.scm (wrap-record-port-for-gnutls<3.7.7): New procedure, with code formerly in 'tls-wrap'. (tls-wrap): Check for 'set-session-record-port-close!' and use it when available; otherwise call 'wrap-record-port-for-gnutls<3.7.7'. --- guix/build/download.scm | 102 +++++++++++++++++++++------------------- 1 file changed, 54 insertions(+), 48 deletions(-) Hello! I'll land a similar change in Guile's (web client) module afterwards if there are no objections. Ludo'. diff --git a/guix/build/download.scm b/guix/build/download.scm index 41583e8143..de094890b3 100644 --- a/guix/build/download.scm +++ b/guix/build/download.scm @@ -245,6 +245,54 @@ (define (print-tls-certificate-error port key args default-printer) (set-exception-printer! 'tls-certificate-error print-tls-certificate-error) +(define (wrap-record-port-for-gnutls<3.7.7 record port) + "Return a port that wraps RECORD to ensure that closing it also closes PORT, +the actual socket port, and its file descriptor. Make sure it does not +introduce extra buffering (custom ports are buffered by default as of Guile +3.0.5). + +This wrapper is unnecessary with GnuTLS >= 3.7.7, which can automatically +close SESSION's file descriptor when RECORD is closed." + (define (read! bv start count) + (define read + (catch 'gnutls-error + (lambda () + (get-bytevector-n! record bv start count)) + (lambda (key err proc . rest) + ;; When responding to "Connection: close" requests, some servers + ;; close the connection abruptly after sending the response body, + ;; without doing a proper TLS connection termination. Treat it as + ;; EOF. This is fixed in GnuTLS 3.7.7. + (if (eq? err error/premature-termination) + the-eof-object + (apply throw key err proc rest))))) + + (if (eof-object? read) + 0 + read)) + (define (write! bv start count) + (put-bytevector record bv start count) + (force-output record) + count) + (define (get-position) + (port-position record)) + (define (set-position! new-position) + (set-port-position! record new-position)) + (define (close) + (unless (port-closed? port) + (close-port port)) + (unless (port-closed? record) + (close-port record))) + + (define (unbuffered port) + (setvbuf port 'none) + port) + + (unbuffered + (make-custom-binary-input/output-port "gnutls wrapped port" read! write! + get-position set-position! + close))) + (define* (tls-wrap port server #:key (verify-certificate? #t)) "Return PORT wrapped in a TLS connection to SERVER. SERVER must be a DNS host name without trailing dot." @@ -317,55 +365,13 @@ (define (log level str) (apply throw args)))) (let ((record (session-record-port session))) - (define (read! bv start count) - (define read - (catch 'gnutls-error - (lambda () - (get-bytevector-n! record bv start count)) - (lambda (key err proc . rest) - ;; When responding to "Connection: close" requests, some - ;; servers close the connection abruptly after sending the - ;; response body, without doing a proper TLS connection - ;; termination. Treat it as EOF. - (if (eq? err error/premature-termination) - the-eof-object - (apply throw key err proc rest))))) - - (if (eof-object? read) - 0 - read)) - (define (write! bv start count) - (put-bytevector record bv start count) - (force-output record) - count) - (define (get-position) - (port-position record)) - (define (set-position! new-position) - (set-port-position! record new-position)) - (define (close) - (unless (port-closed? port) - (close-port port)) - (unless (port-closed? record) - (close-port record))) - - (define (unbuffered port) - (setvbuf port 'none) - port) - (setvbuf record 'block) - - ;; Return a port that wraps RECORD to ensure that closing it also - ;; closes PORT, the actual socket port, and its file descriptor. - ;; Make sure it does not introduce extra buffering (custom ports - ;; are buffered by default as of Guile 3.0.5). - ;; XXX: This wrapper would be unnecessary if GnuTLS could - ;; automatically close SESSION's file descriptor when RECORD is - ;; closed, but that doesn't seem to be possible currently (as of - ;; 3.6.9). - (unbuffered - (make-custom-binary-input/output-port "gnutls wrapped port" read! write! - get-position set-position! - close))))) + (if (module-defined? (resolve-interface '(gnutls)) + 'set-session-record-port-close!) ;GnuTLS >= 3.7.7 + (let ((close-wrapped-port (lambda (_) (close-port port)))) + (set-session-record-port-close! record close-wrapped-port) + record) + (wrap-record-port-for-gnutls<3.7.7 record port))))) (define (ensure-uri uri-or-string) ;XXX: copied from (web http) (cond base-commit: ab59155c5a38dda7efaceb47c7528578fcf0def4 -- 2.37.1 From debbugs-submit-bounces@debbugs.gnu.org Mon Aug 01 05:15:54 2022 Received: (at 56867) by debbugs.gnu.org; 1 Aug 2022 09:15:54 +0000 Received: from localhost ([127.0.0.1]:39263 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oIRWk-0001bt-69 for submit@debbugs.gnu.org; Mon, 01 Aug 2022 05:15:54 -0400 Received: from eggs.gnu.org ([209.51.188.92]:54068) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oIRWf-0001bU-9O for 56867@debbugs.gnu.org; Mon, 01 Aug 2022 05:15:52 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:45750) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oIRWZ-0000iS-4P; Mon, 01 Aug 2022 05:15:43 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:In-Reply-To:Date:References:Subject:To: From; bh=cBiCP8ixfKX3LWkH+quyFgdxzeGCpsulLgT7aTOGpFk=; b=L5CHG+08NH7C0hU4lyS/ 7IKyKf2j+EIdRcuRPSBCxZ4uYy+3Qw/d6wecLEOz0Sv81s9ZF3tjv2DBVhRTO2SUCPvdDPzeI3fru d7bACji5krWqzLCzZycvFDac6JEicB/fLzNWkuQvuFiWUVHKnpVb+gkiyvLnUcFSphh8tyqBkRiSy mMvAW9Aui6b6thnQNqpHETkXbnMBs5rJzhE/C9y2BYKCke5n9h1tNCtXnd+XtQzjqakpp/PvKuPhN HPXU3o+W+7iI3S2Ig6b/hDDkpPwMEndC8Ei9RJspcNPLX606jzzW39QVzr/r3vVUapWBi3CyqRSpT n8aRjMpbunmHpQ==; Received: from [193.50.110.235] (port=44834 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oIRWJ-0001oF-IM; Mon, 01 Aug 2022 05:15:42 -0400 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: 56867@debbugs.gnu.org Subject: Re: bug#56867: [PATCH] download: Do not wrap TLS port on GnuTLS >= 3.7.7. References: <20220801090749.11655-1-ludo@gnu.org> Date: Mon, 01 Aug 2022 11:15:24 +0200 In-Reply-To: <20220801090749.11655-1-ludo@gnu.org> ("Ludovic =?utf-8?Q?Cou?= =?utf-8?Q?rt=C3=A8s=22's?= message of "Mon, 1 Aug 2022 11:07:49 +0200") Message-ID: <877d3s2ukz.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.1 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 56867 Cc: guile-devel@gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Ludovic Court=C3=A8s skribis: > The custom input/output port wrapping the TLS session record port would > introduce overhead, and it would also prevent its uses in a non-blocking > context--e.g., with Fibers. The port close mechanism added in GnuTLS > 3.7.7 allows us to get rid of that wrapper. And here=E2=80=99s the GnuTLS 3.7.7 package to test it; you need to make su= re to have 3.7.7 on your load path, for instance by running: ./pre-inst-env guix shell -D guix guile gnutls@3.7.7 Ludo=E2=80=99. --=-=-= Content-Type: text/x-patch Content-Disposition: inline diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index 1ee5400a9c..33c93b7a5b 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -329,6 +329,21 @@ (define-public gnutls (properties '((ftp-server . "ftp.gnutls.org") (ftp-directory . "/gcrypt/gnutls"))))) +(define-public gnutls-latest + (package + (inherit gnutls) + (version "3.7.7") + (source (origin + (method url-fetch) + (uri (string-append "mirror://gnupg/gnutls/v" + (version-major+minor version) + "/gnutls-" version ".tar.xz")) + (patches (search-patches "gnutls-skip-trust-store-test.patch" + "gnutls-cross.patch")) + (sha256 + (base32 + "01i1gl15k6qwvxmxx0by1mn9nlmcmym18wdpm7dn9awfsp8474dy")))))) + (define-public gnutls/guile-2.0 ;; GnuTLS for Guile 2.0. (package/inherit gnutls --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Mon Aug 01 05:56:07 2022 Received: (at 56867) by debbugs.gnu.org; 1 Aug 2022 09:56:07 +0000 Received: from localhost ([127.0.0.1]:39359 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oIS9e-0003Ff-Ke for submit@debbugs.gnu.org; Mon, 01 Aug 2022 05:56:07 -0400 Received: from andre.telenet-ops.be ([195.130.132.53]:46266) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oIS9c-0003FR-Ii for 56867@debbugs.gnu.org; Mon, 01 Aug 2022 05:56:05 -0400 Received: from [IPV6:2a02:1811:8c09:9d00:5dba:d409:33f7:a16] ([IPv6:2a02:1811:8c09:9d00:5dba:d409:33f7:a16]) by andre.telenet-ops.be with bizsmtp id 29w02800k20ykKC019w0q4; Mon, 01 Aug 2022 11:56:02 +0200 Message-ID: Date: Mon, 1 Aug 2022 11:56:00 +0200 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.11.0 Content-Language: en-US To: =?UTF-8?Q?Ludovic_Court=c3=a8s?= , 56867@debbugs.gnu.org References: <20220801090749.11655-1-ludo@gnu.org> From: Maxime Devos Subject: Re: [PATCH] download: Do not wrap TLS port on GnuTLS >= 3.7.7. In-Reply-To: <20220801090749.11655-1-ludo@gnu.org> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------w82uPD0lE4VKbmgUHHBw9Ff0" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r22; t=1659347762; bh=BsAu0ABUt+Aqw3BFDctMjtb+diwl+DJ59Ilttc4sm/I=; h=Date:To:Cc:References:From:Subject:In-Reply-To; b=W1AffBZ8RtujM2dhhlE9dHkm5+l7RRam4crz5+9D4g3gP0XuS80YOBf9dkWbFtJUA 27Vmoyx2dcKESyt/zG9S21Dotv3qb4bZQO2JVr9DUgXxgGvAUvQGH26cx1kJUQUF20 Jh2/baZnXxVp1aVxKkXDs+UnNIJAq6qgbtJl1+xJ1vJGMpX363U4Wrd1B693WlS/Y2 fcTJMA8E76u+4HOCXFt2aZzv6ttmaRgYxC/K1WjIlomrr/9RAJ7UzinbUNngNXRYZt Wd5SH9d2SDHcZGKXa5zz6MC3LLmiOsn1+6d7l5A86b7KOj0+Pc7KDNklLYMcO3fpJH 8P3YSBiU2PD5A== X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 56867 Cc: guile-devel@gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------w82uPD0lE4VKbmgUHHBw9Ff0 Content-Type: multipart/mixed; boundary="------------ZFSt9y2sxuEP9p0oVfwejHKD"; protected-headers="v1" From: Maxime Devos To: =?UTF-8?Q?Ludovic_Court=c3=a8s?= , 56867@debbugs.gnu.org Cc: guile-devel@gnu.org Message-ID: Subject: Re: [PATCH] download: Do not wrap TLS port on GnuTLS >= 3.7.7. References: <20220801090749.11655-1-ludo@gnu.org> In-Reply-To: <20220801090749.11655-1-ludo@gnu.org> --------------ZFSt9y2sxuEP9p0oVfwejHKD Content-Type: multipart/mixed; boundary="------------0mcfeZugLqeKIYjJoaxSGq73" --------------0mcfeZugLqeKIYjJoaxSGq73 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64 U29tZSBvYmplY3Rpb25zIG9uIGVycm9yIGhhbmRsaW5nIChJIGRvbid0IGtub3cgbXVjaCBh Ym91dCB0aGUgd3JhcHBpbmcpDQoNCk9uIDAxLTA4LTIwMjIgMTE6MDcsIEx1ZG92aWMgQ291 cnTDqHMgd3JvdGU6DQo+IFsuLi5dDQo+IEhlbGxvIQ0KPg0KPiBJJ2xsIGxhbmQgYSBzaW1p bGFyIGNoYW5nZSBpbiBHdWlsZSdzICh3ZWIgY2xpZW50KSBtb2R1bGUgYWZ0ZXJ3YXJkcw0K PiBpZiB0aGVyZSBhcmUgbm8gb2JqZWN0aW9ucy4NCj4NCj4gTHVkbycuDQo+DQo+IGRpZmYg LS1naXQgYS9ndWl4L2J1aWxkL2Rvd25sb2FkLnNjbSBiL2d1aXgvYnVpbGQvZG93bmxvYWQu c2NtDQo+IGluZGV4IDQxNTgzZTgxNDMuLmRlMDk0ODkwYjMgMTAwNjQ0DQo+IC0tLSBhL2d1 aXgvYnVpbGQvZG93bmxvYWQuc2NtDQo+ICsrKyBiL2d1aXgvYnVpbGQvZG93bmxvYWQuc2Nt DQo+IEBAIC0yNDUsNiArMjQ1LDU0IEBAIChkZWZpbmUgKHByaW50LXRscy1jZXJ0aWZpY2F0 ZS1lcnJvciBwb3J0IGtleSBhcmdzIGRlZmF1bHQtcHJpbnRlcikNCj4gICAoc2V0LWV4Y2Vw dGlvbi1wcmludGVyISAndGxzLWNlcnRpZmljYXRlLWVycm9yDQo+ICAgICAgICAgICAgICAg ICAgICAgICAgICAgcHJpbnQtdGxzLWNlcnRpZmljYXRlLWVycm9yKQ0KPiAgIA0KPiArKGRl ZmluZSAod3JhcC1yZWNvcmQtcG9ydC1mb3ItZ251dGxzPDMuNy43IHJlY29yZCBwb3J0KQ0K PiArICAiUmV0dXJuIGEgcG9ydCB0aGF0IHdyYXBzIFJFQ09SRCB0byBlbnN1cmUgdGhhdCBj bG9zaW5nIGl0IGFsc28gY2xvc2VzIFBPUlQsDQo+ICt0aGUgYWN0dWFsIHNvY2tldCBwb3J0 LCBhbmQgaXRzIGZpbGUgZGVzY3JpcHRvci4gIE1ha2Ugc3VyZSBpdCBkb2VzIG5vdA0KPiAr aW50cm9kdWNlIGV4dHJhIGJ1ZmZlcmluZyAoY3VzdG9tIHBvcnRzIGFyZSBidWZmZXJlZCBi eSBkZWZhdWx0IGFzIG9mIEd1aWxlDQo+ICszLjAuNSkuDQo+ICsNCj4gK1RoaXMgd3JhcHBl ciBpcyB1bm5lY2Vzc2FyeSB3aXRoIEdudVRMUyA+PSAzLjcuNywgd2hpY2ggY2FuIGF1dG9t YXRpY2FsbHkNCj4gK2Nsb3NlIFNFU1NJT04ncyBmaWxlIGRlc2NyaXB0b3Igd2hlbiBSRUNP UkQgaXMgY2xvc2VkLiINCj4gKyAgKGRlZmluZSAocmVhZCEgYnYgc3RhcnQgY291bnQpDQo+ ICsgICAgKGRlZmluZSByZWFkDQo+ICsgICAgICAoY2F0Y2ggJ2dudXRscy1lcnJvcg0KPiAr ICAgICAgICAobGFtYmRhICgpDQo+ICsgICAgICAgICAgKGdldC1ieXRldmVjdG9yLW4hIHJl Y29yZCBidiBzdGFydCBjb3VudCkpDQo+ICsgICAgICAgIChsYW1iZGEgKGtleSBlcnIgcHJv YyAuIHJlc3QpDQo+ICsgICAgICAgICAgOzsgV2hlbiByZXNwb25kaW5nIHRvICJDb25uZWN0 aW9uOiBjbG9zZSIgcmVxdWVzdHMsIHNvbWUgc2VydmVycw0KPiArICAgICAgICAgIDs7IGNs b3NlIHRoZSBjb25uZWN0aW9uIGFicnVwdGx5IGFmdGVyIHNlbmRpbmcgdGhlIHJlc3BvbnNl IGJvZHksDQo+ICsgICAgICAgICAgOzsgd2l0aG91dCBkb2luZyBhIHByb3BlciBUTFMgY29u bmVjdGlvbiB0ZXJtaW5hdGlvbi4gIFRyZWF0IGl0IGFzDQo+ICsgICAgICAgICAgOzsgRU9G LiAgVGhpcyBpcyBmaXhlZCBpbiBHbnVUTFMgMy43LjcuDQo+ICsgICAgICAgICAgKGlmIChl cT8gZXJyIGVycm9yL3ByZW1hdHVyZS10ZXJtaW5hdGlvbikNCj4gKyAgICAgICAgICAgICAg dGhlLWVvZi1vYmplY3QNCj4gKyAgICAgICAgICAgICAgKGFwcGx5IHRocm93IGtleSBlcnIg cHJvYyByZXN0KSkpKSkNCg0KT2JqZWN0aW9uOiAnY2F0Y2gnIG1ha2VzIHRoZSBiYWNrdHJh Y2UgcGFydCBoYXBwZW5pbmcgaW5zaWRlIHRoZSANCidnZXQtYnl0ZXZlY3Rvci1uIScgZGlz YXBwZWFyLCBiZWNhdXNlIGl0IGlzIHVud2luZGluZywgYXMgaGFzIGJlZW4gDQpub3RlZCBh IGZldyB0aW1lcyAoaW4gZGlmZmVyZW50IGNvbnRleHRzKSBieSBBdHRpbGEgTGVuZHZhaSBh bmQgbWUuwqAgDQpNYXliZSB1c2UgJ2d1YXJkJyB3aXRoIGFuIGFwcHJvcHJpYXRlIGNvbmRp dGlvbiBpbnN0ZWFkPw0KDQo+ICsgICAgICAoaWYgKG1vZHVsZS1kZWZpbmVkPyAocmVzb2x2 ZS1pbnRlcmZhY2UgJyhnbnV0bHMpKQ0KPiArICAgICAgICAgICAgICAgICAgICAgICAgICAg J3NldC1zZXNzaW9uLXJlY29yZC1wb3J0LWNsb3NlISkgO0dudVRMUyA+PSAzLjcuNw0KDQpy ZXNvbHZlLW1vZHVsZSAoYW5kIHByZXN1bWFibHkgYWxzbyBzZXRzICM6ZW5zdXJlICN0IGJ5 IGRlZmF1bHQsIHdoaWNoIA0Kc29tZXRpbWVzIGNhdXNlcyAnbW9kdWxlIG5vdCBmb3VuZCcg bWVzc2FnZXMgdG8gYmUgcmVwbGFjZWQgYnkgJ3VuYm91bmQgDQp2YXJpYWJsZScsIHdoaWNo IEkgZG9uJ3QgdGhpbmsgaXMgdXNlZnVsIGJlaGF2aW91ciwgY2FuICM6ZW5zdXJlIGJlIHNl dCANCnRvICNmYWxzZT8NCg0KR3JlZXRpbmdzLA0KTWF4aW1lDQo= --------------0mcfeZugLqeKIYjJoaxSGq73 Content-Type: application/pgp-keys; name="OpenPGP_0x49E3EE22191725EE.asc" Content-Disposition: attachment; filename="OpenPGP_0x49E3EE22191725EE.asc" Content-Description: OpenPGP public key Content-Transfer-Encoding: quoted-printable -----BEGIN PGP PUBLIC KEY BLOCK----- xjMEX4ch6BYJKwYBBAHaRw8BAQdANPb/d6MrGnGi5HyvODCkBUJPRjiFQcRU5V+m xvMaAa/NL01heGltZSBEZXZvcyA8bWF4aW1lLmRldm9zQHN0dWRlbnQua3VsZXV2 ZW4uYmU+wpAEExYIADgWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCX4ch6AIbAwUL CQgHAwUVCgkICwUWAgMBAAIeAQIXgAAKCRBJ4+4iGRcl7japAQC3opZ2KGWzWmRc /gIWSu0AAcfMwyinFEEPa/QhUt2CogD/e2RdF4CYAgaRHJJmZ9WU7piKbLZ7llB4 LzgezVDHggzNJU1heGltZSBEZXZvcyA8bWF4aW1lZGV2b3NAdGVsZW5ldC5iZT7C kAQTFggAOBYhBMHzPuIMUo/bfdcBH0nj7iIZFyXuBQJf56ycAhsDBQsJCAcDBRUK CQgLBRYCAwEAAh4BAheAAAoJEEnj7iIZFyXujpQBAKV1SwDDl4f24rXciDlB9L8W ycZt30CgbewMSRQk4mvbAP9dFMbVVixYBd6C8cfhR+NsOBGiOJnQABlUmgNuqGFJ Dc44BF+HIegSCisGAQQBl1UBBQEBB0BOlzIWiJzgobMF6/cqwLaLk7jIcFSZ++c0 k9cCNT6YXwMBCAfCeAQYFggAIBYhBMHzPuIMUo/bfdcBH0nj7iIZFyXuBQJfhyHo AhsMAAoJEEnj7iIZFyXuMr0BAJc8cl5PGvVmVuSQVKjleNl4DK1/XAaPAYPe34AE fZJPAP9IqLCQhH/FeJanHqBP8gNdGNI2qn8RnnLVfRJgUjZ1BA=3D=3D =3DOVqp -----END PGP PUBLIC KEY BLOCK----- --------------0mcfeZugLqeKIYjJoaxSGq73-- --------------ZFSt9y2sxuEP9p0oVfwejHKD-- --------------w82uPD0lE4VKbmgUHHBw9Ff0 Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature" -----BEGIN PGP SIGNATURE----- wnsEABYIACMWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYuejMAUDAAAAAAAKCRBJ4+4iGRcl7s+m AP975IREXgu8j6N26uLd75uoI6zmhQhZ+NHX4zKMwAyFGgD+N3gVGFglxmfvVt30jVqSXk+g+Vpe Oo0vxOvOfN/rPgU= =ayjz -----END PGP SIGNATURE----- --------------w82uPD0lE4VKbmgUHHBw9Ff0-- From debbugs-submit-bounces@debbugs.gnu.org Tue Aug 02 03:59:36 2022 Received: (at 56867) by debbugs.gnu.org; 2 Aug 2022 07:59:36 +0000 Received: from localhost ([127.0.0.1]:42196 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oImoS-0002wI-Dt for submit@debbugs.gnu.org; Tue, 02 Aug 2022 03:59:36 -0400 Received: from eggs.gnu.org ([209.51.188.92]:47054) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oImoN-0002w0-K7 for 56867@debbugs.gnu.org; Tue, 02 Aug 2022 03:59:34 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:40078) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oImoH-00056E-6g; Tue, 02 Aug 2022 03:59:25 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:In-Reply-To:Date:References:Subject:To: From; bh=M/MRahan9GOHyklSBrHe0sq+kRwM7gSgmVZUpWZ1Gy4=; b=QhxJPeIfbaNT2CMI+VXx x4g3qTSzBmyOhjkkVbNPAy52wYmb0DxMWAleDqdDv51TICE/YtMGdS55flREfpN2xOgJgB2PUcvKd SlbkHUrvAlzVvuq9cpdITC6VdISHHTj2hWeoxJy+M4g4HjkrEkqyXrzSF+BJIq+GVfI900420rz4N OerxT0bkSER9K4zyxTwceAP2pwpB0kAY33DDpxHwXWhAZ8WRkKAckZtsGzVjDcxNNT8eh9N+C75Ln 4KIBs9+qWdcJuo67o2MriKVpwFQBgUEDBpE1wPGGTkyBGtg7k3XMpNacuMEVEWOxgElktt6AaAK6d iOhMqsDj0H+JcQ==; Received: from [193.50.110.235] (port=37018 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oImoG-0007dE-Qh; Tue, 02 Aug 2022 03:59:25 -0400 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Maxime Devos Subject: Re: [PATCH] download: Do not wrap TLS port on GnuTLS >= 3.7.7. References: <20220801090749.11655-1-ludo@gnu.org> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: Quintidi 15 Thermidor an 230 de la =?utf-8?Q?R=C3=A9?= =?utf-8?Q?volution=2C?= jour de la Brebis X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Tue, 02 Aug 2022 09:59:22 +0200 In-Reply-To: (Maxime Devos's message of "Mon, 1 Aug 2022 11:56:00 +0200") Message-ID: <87pmhjuld1.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 56867 Cc: 56867@debbugs.gnu.org, guile-devel@gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hi, Maxime Devos skribis: > On 01-08-2022 11:07, Ludovic Court=C3=A8s wrote: [...] >> + (define (read! bv start count) >> + (define read >> + (catch 'gnutls-error >> + (lambda () >> + (get-bytevector-n! record bv start count)) >> + (lambda (key err proc . rest) >> + ;; When responding to "Connection: close" requests, some serv= ers >> + ;; close the connection abruptly after sending the response b= ody, >> + ;; without doing a proper TLS connection termination. Treat = it as >> + ;; EOF. This is fixed in GnuTLS 3.7.7. >> + (if (eq? err error/premature-termination) >> + the-eof-object >> + (apply throw key err proc rest))))) > > Objection: 'catch' makes the backtrace part happening inside the > 'get-bytevector-n!' disappear, because it is unwinding, as has been > noted a few times (in different contexts) by Attila Lendvai and me.=C2=A0 > Maybe use 'guard' with an appropriate condition instead? This code was already there and has just been moved around. (It=E2=80=99s = also code that will no longer be used going forward.) >> + (if (module-defined? (resolve-interface '(gnutls)) >> + 'set-session-record-port-close!) ;GnuTLS >= =3D 3.7.7 > > resolve-module (and presumably also sets #:ensure #t by default, which > sometimes causes 'module not found' messages to be replaced by > 'unbound variable', which I don't think is useful behaviour, can > #:ensure be set to #false? This is unnecessary: see the =E2=80=98load-gnutls=E2=80=99 mechanism there.= The idiom above is already used in a couple of places. Thanks for your feedback! Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Wed Aug 03 11:57:57 2022 Received: (at 56867-done) by debbugs.gnu.org; 3 Aug 2022 15:57:58 +0000 Received: from localhost ([127.0.0.1]:49805 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oJGkv-0006QT-Jm for submit@debbugs.gnu.org; Wed, 03 Aug 2022 11:57:57 -0400 Received: from eggs.gnu.org ([209.51.188.92]:49316) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oJGks-0006QG-0S for 56867-done@debbugs.gnu.org; Wed, 03 Aug 2022 11:57:55 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:48388) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oJGkm-0003zA-Py; Wed, 03 Aug 2022 11:57:48 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:In-Reply-To:Date:References:Subject:To: From; bh=AmCAckqpn7x6am8j3opihJE0KLOmiMKLJ5Y7+WCaL70=; b=R7jvl9G8FgLclKI9rpph LciU8lHB4F9MoufVXPFijN88OrSn4feMo7DfgNtKm4i5+n0nrniYE5ECQVJHTssCyKGyK86ZL17K2 PANz1f5gfBJVACAh81Qlt0SNu3RZ9bCM5boZvXpOFEP0x2e0X+gQfeZKXhm+sfKbKkOWVAYr4Juuq 9ziNWQ/+V14GejWjMwuYLt2o+0VfKE7fOshnkeQQPbaMMKOOCyReKvXVnjcLxaxrtxJbdzPUMUZyX sV6fQYrRqf2JPNNFYGVP/vNFJDIhd4q2KIYFJ5Z1U5X/P5GWJ4X8RQyeibZL3OHVtIHnq0IOc6uoL eyCMIDhnCf8VNg==; Received: from 91-160-117-201.subs.proxad.net ([91.160.117.201]:58690 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oJGkm-0004Al-DD; Wed, 03 Aug 2022 11:57:48 -0400 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: 56867-done@debbugs.gnu.org Subject: Re: bug#56867: [PATCH] download: Do not wrap TLS port on GnuTLS >= 3.7.7. References: <20220801090749.11655-1-ludo@gnu.org> Date: Wed, 03 Aug 2022 17:57:44 +0200 In-Reply-To: <20220801090749.11655-1-ludo@gnu.org> ("Ludovic =?utf-8?Q?Cou?= =?utf-8?Q?rt=C3=A8s=22's?= message of "Mon, 1 Aug 2022 11:07:49 +0200") Message-ID: <8735eds4jr.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 56867-done Cc: guile-devel@gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Ludovic Court=C3=A8s skribis: > The custom input/output port wrapping the TLS session record port would > introduce overhead, and it would also prevent its uses in a non-blocking > context--e.g., with Fibers. The port close mechanism added in GnuTLS > 3.7.7 allows us to get rid of that wrapper. > > * guix/build/download.scm (wrap-record-port-for-gnutls<3.7.7): New > procedure, with code formerly in 'tls-wrap'. > (tls-wrap): Check for 'set-session-record-port-close!' and use it when > available; otherwise call 'wrap-record-port-for-gnutls<3.7.7'. > --- > guix/build/download.scm | 102 +++++++++++++++++++++------------------- > 1 file changed, 54 insertions(+), 48 deletions(-) Pushed as Guix commit dd573ceea73295c7a872088ecd91e5f0fd74bf2b. Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Thu Aug 04 10:20:36 2022 Received: (at 56867) by debbugs.gnu.org; 4 Aug 2022 14:20:36 +0000 Received: from localhost ([127.0.0.1]:54189 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oJbi3-0001OB-Nr for submit@debbugs.gnu.org; Thu, 04 Aug 2022 10:20:36 -0400 Received: from eggs.gnu.org ([209.51.188.92]:52560) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oJbi1-0001Nq-VQ for 56867@debbugs.gnu.org; Thu, 04 Aug 2022 10:20:22 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:42100) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oJbhw-00052f-Ny; Thu, 04 Aug 2022 10:20:16 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:In-Reply-To:Date:References:Subject:To: From; bh=AJICttRZOaEGO+iSWH4Ghlg//5/JOxiOBH+4qG2JF6o=; b=EuarLm90E6finYUhMz2a 4ATot69akhOe6HId70PqwH9Pgbe4VmcPoBONGqh+eCVv+NHU7vDfp1HD8aq9yCn5tSpyg8VsAIfJM HdEQa7MCyLpW3SRJHGNTwQmo/WVCKDfKkUbfeZVLH/ji+4UhfCLxTyONU9eoMJHq8tbq35PQ+cCyZ IRe9VM+C11CjYlomY25pWN3Y7kzzZZhn/UWc+80ThaoXR4Vtq+a1lOrHGgm8kGjeK6LV+iRCOLjfA wCB81I0cxgU/QCfCjVU/j6G82Km+UIckfi9IZXbl7dnOlvY0J11eJ2gq/n8/FqVmsOR6CodGNAv2n QdFXPxByyF7iUQ==; Received: from [2001:660:6102:310:f6b5:dff0:8fea:f7c9] (port=42640 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oJbhw-0005iU-B2; Thu, 04 Aug 2022 10:20:16 -0400 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: 56867@debbugs.gnu.org Subject: Re: bug#56867: [PATCH] download: Do not wrap TLS port on GnuTLS >= 3.7.7. References: <20220801090749.11655-1-ludo@gnu.org> Date: Thu, 04 Aug 2022 16:20:12 +0200 In-Reply-To: <20220801090749.11655-1-ludo@gnu.org> ("Ludovic =?utf-8?Q?Cou?= =?utf-8?Q?rt=C3=A8s=22's?= message of "Mon, 1 Aug 2022 11:07:49 +0200") Message-ID: <87pmhgks4j.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.1 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 56867 Cc: guile-devel@gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Ludovic Court=C3=A8s skribis: > The custom input/output port wrapping the TLS session record port would > introduce overhead, and it would also prevent its uses in a non-blocking > context--e.g., with Fibers. The port close mechanism added in GnuTLS > 3.7.7 allows us to get rid of that wrapper. > > * guix/build/download.scm (wrap-record-port-for-gnutls<3.7.7): New > procedure, with code formerly in 'tls-wrap'. > (tls-wrap): Check for 'set-session-record-port-close!' and use it when > available; otherwise call 'wrap-record-port-for-gnutls<3.7.7'. I synchronized Guile's copy of this code: 317b06bf8 web: 'tls-wrap' retries handshake upon non-fatal errors. c01ca10b3 web: Do not wrap TLS port on GnuTLS >=3D 3.7.7. I realized that=E2=80=99s not enough to make it possible to use non-blocking ports though. First, I noticed that GnuTLS doesn=E2=80=99t implement =E2=80=98write_wait_= fd=E2=80=99, only =E2=80=98read_wait_fd=E2=80=99 (not sure how problematic that is): --8<---------------cut here---------------start------------->8--- scheme@(guile-user)> ,use(web client) scheme@(guile-user)> (define p (open-socket-for-uri "https://guix.gnu.org")) scheme@(guile-user)> ((@@ (ice-9 suspendable-ports) wait-for-writable) p) ice-9/boot-9.scm:1685:16: In procedure raise-exception: In procedure write_wait_fd: unimplemented Entering a new prompt. Type `,bt' for a backtrace or `,q' to continue. scheme@(guile-user) [1]> ,q scheme@(guile-user)> ,use(gnutls) scheme@(guile-user)> (gnutls-version) $1 =3D "3.7.7" scheme@(guile-user)> ((@@ (ice-9 suspendable-ports) wait-for-readable) p) $2 =3D 1 --8<---------------cut here---------------end--------------->8--- Second, =E2=80=98open-socket-for-uri=E2=80=99 creates a blocking socket and= uses that as the backing file descriptor of the TLS session. We=E2=80=99d need a way to pass flags for the =E2=80=98socket=E2=80=99 call= made by =E2=80=98open-socket-for-uri=E2=80=99 so we can pass O_NONBLOCK, maybe as s= how below: --=-=-= Content-Type: text/x-patch Content-Disposition: inline diff --git a/module/web/client.scm b/module/web/client.scm index a08c4203c..9273a45ad 100644 --- a/module/web/client.scm +++ b/module/web/client.scm @@ -320,7 +320,8 @@ host name without trailing dot." (read-response port)) (define* (open-socket-for-uri uri-or-string - #:key (verify-certificate? #t)) + #:key (verify-certificate? #t) + (flags 0)) "Return an open input/output port for a connection to URI-OR-STRING. When VERIFY-CERTIFICATE? is true, verify HTTPS server certificates." (define uri @@ -373,10 +374,18 @@ When VERIFY-CERTIFICATE? is true, verify HTTPS server certificates." (when (and https? (current-https-proxy)) (setup-http-tunnel s uri)) - (if https? - (tls-wrap s (uri-host uri) - #:verify-certificate? verify-certificate?) - s))) + (let ((port (if https? + (tls-wrap s (uri-host uri) + #:verify-certificate? verify-certificate?) + s))) + (unless (zero? flags) + ;; FLAGS might contain O_NONBLOCK. Thus, set it as a last step + ;; because 'handshake' otherwise throws an exception for + ;; GNUTLS_E_AGAIN. + (let ((initial-flags (fcntl s F_GETFL))) + (fcntl s F_SETFL (logior initial-flags flags)))) + + port))) (define (extend-request r k v . additional) (let ((r (set-field r (request-headers) --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable =E2=80=A6 which lets us do that: --8<---------------cut here---------------start------------->8--- scheme@(guile-user)> ,use(web client) scheme@(guile-user)> (define p (open-socket-for-uri "https://guix.gnu.org" = #:flags O_NONBLOCK)) scheme@(guile-user)> (http-get "https://guix.gnu.org" #:port p) --8<---------------cut here---------------end--------------->8--- Thoughts? Ludo=E2=80=99. --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Thu Aug 04 10:47:04 2022 Received: (at 56867) by debbugs.gnu.org; 4 Aug 2022 14:47:04 +0000 Received: from localhost ([127.0.0.1]:54309 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oJc7s-0004HI-D8 for submit@debbugs.gnu.org; Thu, 04 Aug 2022 10:47:04 -0400 Received: from mx.kolabnow.com ([212.103.80.155]:43026) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oJc7n-0004Gg-Dj; Thu, 04 Aug 2022 10:47:03 -0400 Received: from localhost (unknown [127.0.0.1]) by mx.kolabnow.com (Postfix) with ESMTP id A4EE4113F; Thu, 4 Aug 2022 16:46:53 +0200 (CEST) Authentication-Results: ext-mx-out002.mykolab.com (amavisd-new); dkim=pass (4096-bit key) reason="pass (just generated, assumed good)" header.d=kolabnow.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kolabnow.com; h= content-transfer-encoding:content-type:content-type:mime-version :message-id:date:date:in-reply-to:subject:subject:from:from :references:received:received:received; s=dkim20160331; t= 1659624413; x=1661438814; bh=EC4BgR3lwgUGxyeP8hTpn2p3G9+cSMQufcD Mf5MNVlg=; b=baw3HWdxPu8J5rqXYEaLiye2QXSCjOXiuCS1qhCyHYGnsm4Z254 1UWVAPpAS4vYgJrXPRAr4bxZWzo9z8+qtwCEUgwQyKDphgGmgvMwwd7WpDEc5hEQ ax1KaLQQNmh9eIuA0HrOaWhV9tCKtkpkMFckbPqZPhWyvdvcGrfmKFfuIyU4FYNm KPuDmbOAodMPWgB3Yl9Vg1beZTcz4xCIqnZfllt9TDzpk3SscfvGnfkTCf11zGkK mOfb8dDeI4WfaTK16H5MjtGbK5d2WIbfWyzP+8FhJlcsXMqm0MuKORDYmT7e+kKO hLOm7/LNYzh8rhocQR0q57SBBAGc01GTBBR1z11Lyp31qgg2htad/Z0jIgSq3ZV1 HdGtU86hPCfJGA3/iGeDe82K5F+C8XeqIZHOfprCO9P8pyTX5sEwDmmZA1tkwmbc J0etjNqdHhLd7Z1sDRftWp6ntE8okU+tHVgcx7FCWFjypqsp9cseKSMNwaOXZFd3 K/Q6xwGpHeMUWS7SJURLwneIQ6H5YBsTaBXxGdY8OtFJ2Cwxb8Nq0QYAZfiVn/n0 F1i+Qqjz1lxI4BJqjKlj5ifesOqcAL+DsbpTfDkQBfT1VVRuRqYJ6DfJ09eleYPX WOTtiMvcwaQiaNuIPGHMEIOyfFJH5sL+uFlhcDocueAx/FhQsYpchTsc= X-Virus-Scanned: amavisd-new at mykolab.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-10 required=5 tests=[BAYES_00=-1.9, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mx.kolabnow.com ([127.0.0.1]) by localhost (ext-mx-out002.mykolab.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G9b8L7OQkdJv; Thu, 4 Aug 2022 16:46:53 +0200 (CEST) Received: from int-mx003.mykolab.com (unknown [10.9.13.3]) by mx.kolabnow.com (Postfix) with ESMTPS id 765DD49E; Thu, 4 Aug 2022 16:46:52 +0200 (CEST) Received: from ext-subm002.mykolab.com (unknown [10.9.6.2]) by int-mx003.mykolab.com (Postfix) with ESMTPS id 31AFD33FF; Thu, 4 Aug 2022 16:46:52 +0200 (CEST) References: <20220801090749.11655-1-ludo@gnu.org> <87pmhgks4j.fsf@gnu.org> From: Thiago Jung Bauermann To: Ludovic =?utf-8?Q?Court=C3=A8s?= Subject: Re: [bug#56867] [PATCH] download: Do not wrap TLS port on GnuTLS >= 3.7.7. In-reply-to: <87pmhgks4j.fsf@gnu.org> Date: Thu, 04 Aug 2022 11:46:47 -0300 Message-ID: <87v8r86p7s.fsf@kolabnow.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 56867 Cc: 56005@debbugs.gnu.org, 56867@debbugs.gnu.org, guile-devel@gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Hello Ludo, I don't have any comment/insight on what you're doing in general, except about one of your points below: Ludovic Court=C3=A8s writes: > First, I noticed that GnuTLS doesn=E2=80=99t implement =E2=80=98write_wai= t_fd=E2=80=99, only > =E2=80=98read_wait_fd=E2=80=99 (not sure how problematic that is): > > scheme@(guile-user)> ,use(web client) > scheme@(guile-user)> (define p (open-socket-for-uri "https://guix.gnu.org= ")) > scheme@(guile-user)> ((@@ (ice-9 suspendable-ports) wait-for-writable) p) > ice-9/boot-9.scm:1685:16: In procedure raise-exception: > In procedure write_wait_fd: unimplemented > > Entering a new prompt. Type `,bt' for a backtrace or `,q' to continue. > scheme@(guile-user) [1]> ,q > scheme@(guile-user)> ,use(gnutls) > scheme@(guile-user)> (gnutls-version) > $1 =3D "3.7.7" > scheme@(guile-user)> ((@@ (ice-9 suspendable-ports) wait-for-readable) p) > $2 =3D 1 This occasionally causes problems when fetching substitutes, as can be seen in bug #56005 (during substitution: write_wait_fd: unimplemented). --=20 Thanks Thiago From debbugs-submit-bounces@debbugs.gnu.org Thu Aug 04 12:19:49 2022 Received: (at 56867) by debbugs.gnu.org; 4 Aug 2022 16:19:50 +0000 Received: from localhost ([127.0.0.1]:54483 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oJdZd-0000a8-Dl for submit@debbugs.gnu.org; Thu, 04 Aug 2022 12:19:49 -0400 Received: from eggs.gnu.org ([209.51.188.92]:52754) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oJdZa-0000Zk-5h; Thu, 04 Aug 2022 12:19:47 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:44718) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oJdZU-0007Kt-6L; Thu, 04 Aug 2022 12:19:40 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:In-Reply-To:Date:References:Subject:To: From; bh=DasnAarmzFpQUQWOaEtyrNbh3jpTTVyEnzKQXoS8DB0=; b=dHY2pLK/8ckd8h6bMSBT s0vNvxKfDmDX7H/VeZuKdwNuZjpdxvYnXxTqmAogrVpznTnWH7H47dwtsZKX1BCE0o6BtxsBqOC6e H9/2pf7Kdg8xQt6GOHtQXGqJDhTpzzWc5L91nVgGvfSRrnDoI5gogMaGsx+9W7srlqaHJ6yh3XSZ2 T6GREbcVH+Ds2mQQMcQs8cQDe85QTTyThcxXpJFXuZNQ7YGdO15IyyBJII8vvU7VZXK4hHr0xmIts AwOvi1LbInZEaz0g/luRUOR+zRbhQQ1j17G/jdoIzEZ/M9ukxjuChznRw4gwvbdYeNBOvN6QXAzsm 3NGt0uJJIcXtdg==; Received: from [193.50.111.124] (port=37600 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oJdZT-0006rR-AG; Thu, 04 Aug 2022 12:19:39 -0400 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Thiago Jung Bauermann Subject: Re: [bug#56867] [PATCH] download: Do not wrap TLS port on GnuTLS >= 3.7.7. References: <20220801090749.11655-1-ludo@gnu.org> <87pmhgks4j.fsf@gnu.org> <87v8r86p7s.fsf@kolabnow.com> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: Septidi 17 Thermidor an 230 de la =?utf-8?Q?R=C3=A9v?= =?utf-8?Q?olution=2C?= jour du Lin X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Thu, 04 Aug 2022 18:19:37 +0200 In-Reply-To: <87v8r86p7s.fsf@kolabnow.com> (Thiago Jung Bauermann's message of "Thu, 04 Aug 2022 11:46:47 -0300") Message-ID: <87iln8kmli.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 56867 Cc: 56005@debbugs.gnu.org, 56867@debbugs.gnu.org, guile-devel@gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hi, Thiago Jung Bauermann skribis: > Ludovic Court=C3=A8s writes: > >> First, I noticed that GnuTLS doesn=E2=80=99t implement =E2=80=98write_wa= it_fd=E2=80=99, only >> =E2=80=98read_wait_fd=E2=80=99 (not sure how problematic that is): >> >> scheme@(guile-user)> ,use(web client) >> scheme@(guile-user)> (define p (open-socket-for-uri "https://guix.gnu.or= g")) >> scheme@(guile-user)> ((@@ (ice-9 suspendable-ports) wait-for-writable) p) >> ice-9/boot-9.scm:1685:16: In procedure raise-exception: >> In procedure write_wait_fd: unimplemented >> >> Entering a new prompt. Type `,bt' for a backtrace or `,q' to continue. >> scheme@(guile-user) [1]> ,q >> scheme@(guile-user)> ,use(gnutls) >> scheme@(guile-user)> (gnutls-version) >> $1 =3D "3.7.7" >> scheme@(guile-user)> ((@@ (ice-9 suspendable-ports) wait-for-readable) p) >> $2 =3D 1 > > This occasionally causes problems when fetching substitutes, as can be > seen in bug #56005 (during substitution: write_wait_fd: unimplemented). Oh, I have not seen it but it=E2=80=99s weird: (guix scripts substitute) do= esn=E2=80=99t use O_NONBLOCK sockets, so I don=E2=80=99t get how it can hit that. Needs investigation=E2=80=A6 Thanks, Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Thu Aug 04 15:37:58 2022 Received: (at 56867) by debbugs.gnu.org; 4 Aug 2022 19:37:58 +0000 Received: from localhost ([127.0.0.1]:55053 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oJgfO-0004ES-Cl for submit@debbugs.gnu.org; Thu, 04 Aug 2022 15:37:58 -0400 Received: from xavier.telenet-ops.be ([195.130.132.52]:33876) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oJgfH-0004EE-T4 for 56867@debbugs.gnu.org; Thu, 04 Aug 2022 15:37:56 -0400 Received: from [IPV6:2a02:1811:8c09:9d00:5dba:d409:33f7:a16] ([IPv6:2a02:1811:8c09:9d00:5dba:d409:33f7:a16]) by xavier.telenet-ops.be with bizsmtp id 3Xdk2800A20ykKC01Xdkhh; Thu, 04 Aug 2022 21:37:50 +0200 Message-ID: Date: Thu, 4 Aug 2022 21:37:44 +0200 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.11.0 Content-Language: en-US To: =?UTF-8?Q?Ludovic_Court=c3=a8s?= References: <20220801090749.11655-1-ludo@gnu.org> <87pmhjuld1.fsf@gnu.org> From: Maxime Devos Subject: Re: [PATCH] download: Do not wrap TLS port on GnuTLS >= 3.7.7. In-Reply-To: <87pmhjuld1.fsf@gnu.org> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------9BJQHS2mScLzR4udVfmHGkK0" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r22; t=1659641870; bh=X4kocjzfsGiudZ5cXpDd55gcikSJCnt1Bi4Ryj4NEZI=; h=Date:To:Cc:References:From:Subject:In-Reply-To; b=G438wH5S1ce6Dbpi7OZLbZI7eS0VqdAagmJQQ77cC+wFyc/st+pAspBFFTzaJhoS5 vAPVbQeKNGxr8jZkUk9fvoemkMMZrrEFtdknyTGaDfxDALHiVNg5ekmkHTDnNWYXLo +Co558bmXpEnUmIj4aL3Fza3c4yd7oWfio0sYMV6HFktUvEqWVGvzgO8kLbNus6ozt +sTlIoh1Rnql2kbnCTz6oC4lMhlFNiYC2n4phrLLPAQONDUJtZUiu04FF2Wzxd+kMn OYpg4TcIfr40huj6E5M0UvEZzmhyf38cTcyRjMRO62ItfAmwk5sGDnCy5KGTdfIM5F +qxOpZ5h8/lLg== X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 56867 Cc: 56867@debbugs.gnu.org, guile-devel@gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------9BJQHS2mScLzR4udVfmHGkK0 Content-Type: multipart/mixed; boundary="------------wg4N7fLMqIXfytiDmw6Tj4Nn"; protected-headers="v1" From: Maxime Devos To: =?UTF-8?Q?Ludovic_Court=c3=a8s?= Cc: 56867@debbugs.gnu.org, guile-devel@gnu.org Message-ID: Subject: Re: [PATCH] download: Do not wrap TLS port on GnuTLS >= 3.7.7. References: <20220801090749.11655-1-ludo@gnu.org> <87pmhjuld1.fsf@gnu.org> In-Reply-To: <87pmhjuld1.fsf@gnu.org> --------------wg4N7fLMqIXfytiDmw6Tj4Nn Content-Type: multipart/mixed; boundary="------------shy7FN0PbyPxty9lzyvzsxwO" --------------shy7FN0PbyPxty9lzyvzsxwO Content-Type: multipart/alternative; boundary="------------6Y8COa7uL9jlo8AbJfZVbDEq" --------------6Y8COa7uL9jlo8AbJfZVbDEq Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64 DQpPbiAwMi0wOC0yMDIyIDA5OjU5LCBMdWRvdmljIENvdXJ0w6hzIHdyb3RlOg0KPj4+ICsg ICAgICAoaWYgKG1vZHVsZS1kZWZpbmVkPyAocmVzb2x2ZS1pbnRlcmZhY2UgJyhnbnV0bHMp KQ0KPj4+ICsgICAgICAgICAgICAgICAgICAgICAgICAgICAnc2V0LXNlc3Npb24tcmVjb3Jk LXBvcnQtY2xvc2UhKSA7R251VExTID49IDMuNy43DQo+PiByZXNvbHZlLW1vZHVsZSAoYW5k IHByZXN1bWFibHkgYWxzbyBzZXRzICM6ZW5zdXJlICN0IGJ5IGRlZmF1bHQsIHdoaWNoDQo+ PiBzb21ldGltZXMgY2F1c2VzICdtb2R1bGUgbm90IGZvdW5kJyBtZXNzYWdlcyB0byBiZSBy ZXBsYWNlZCBieQ0KPj4gJ3VuYm91bmQgdmFyaWFibGUnLCB3aGljaCBJIGRvbid0IHRoaW5r IGlzIHVzZWZ1bCBiZWhhdmlvdXIsIGNhbg0KPj4gIzplbnN1cmUgYmUgc2V0IHRvICNmYWxz ZT8NCj4gVGhpcyBpcyB1bm5lY2Vzc2FyeTogc2VlIHRoZSDigJhsb2FkLWdudXRsc+KAmSBt ZWNoYW5pc20gdGhlcmUuICBUaGUgaWRpb20NCj4gYWJvdmUgaXMgYWxyZWFkeSB1c2VkIGlu IGEgY291cGxlIG9mIHBsYWNlcy4NCg0KSSBoYXZlIGxvb2tlZCBhdCB0aGUgJ2xvYWQtZ251 dGxzJyBwcm9jZWR1cmUsIGJ1dCBJIGRvIG5vdCBzZWUgaG93IGl0IA0KYXZvaWRzIHRoZSBp c3N1ZSBJIG1lbnRpb25lZCAoKikuDQoNCkkgaGF2ZSBhbHNvIHNlZW4gdGhpcyBpZGlvbSAo cmVzb2x2ZS1pbnRlcmZhY2UgYW5kIGZyaWVuZHMgd2l0aCAjOmVuc3VyZSANCiN0KSBiZWZv cmUsIGluIG90aGVyIHBsYWNlcywgYnV0IHRoYXQgZG9lc24ndCBtYWtlIHRoZSBpZGlvbSBj b3JyZWN0IC0tIA0KaW4gZmFjdCwgX2JlY2F1c2VfIEkndmUgc2VlbiB0aGUgaWRpb20gZWxz ZXdoZXJlIGNhdXNpbmcgcHJvYmxlbXMsIEkgDQpyZWNvbW1lbmQgYXZvaWRpbmcgdGhlIHNh bWUgbWlzdGFrZSBoZXJlIChhbmQgcHJlZmVyYWJseSBhbHNvIA0KZWxpbWluYXRpbmcgaXQg ZWxzZXdoZXJlKS4NCg0KTW9yZSBnZW5lcmFsbHksIHRoZSBzZWNvbmQgc2VudGVuY2UgaXMg YSBsb2dpY2FsIGZhbGxhY3ksIGEgdmFyaWFudCBvZiANCiJhZCBwb3B1bHVtIiAtLSB0aGUg cHJldmFsZW5jeSBvZiBhIG1pc3Rha2UgZG9lcyBub3QgbWFrZSBpdCBjb3JyZWN0IGFuZCAN CmRvZXMgbm90IGludmFsaWRhdGUgZXZpZGVuY2Ugb2YgaXQgYmVpbmcgYSBtaXN0YWtlLg0K DQpUbyBiZSBjbGVhciwgSSBhbSBub3QgcmVmZXJyaW5nIHRvIHRoZSBleGlzdGVuY2UvYWJz ZW5jZSBvZiBjb21waWxhdGlvbiANCmVycm9ycyB3aGVuIGNvbXBpbGluZyB0aGUgR3VpeCBw YWNrYWdlIHdpdGhvdXQgZ251dGxzIGluIHRoZSBidWlsZCANCmVudmlyb25tZW50LCBidXQg dG8gdGhlIGNvbmZ1c2luZyBfY29udGVudHNfIG9mIHRoZSBlcnJvciBtZXNzYWdlIGFuZCAN CnRoZSBvZGQgc2VtYW50aWNzIG9mICM6ZW5zdXJlICN0LCBhbmQgbm90IG9ubHkgYXQgY29t cGlsYXRpb24gdGltZSBidXQgDQphbHNvIGF0IHJ1bnRpbWUuDQoNCigqKSBUaGUgYXV0b2xv YWRpbmcgb2YgZ251dGxzIGluIGxvYWQtZ251dGxzIGF2b2lkcyBjb21waWxhdGlvbiBlcnJv cnMgDQp3aGVuIGdudXRscyBpcyBhYnNlbnQsIGJ1dCBieSB0aGUgd2F5IGl0IGRvZXMgaXQs IGl0IGNhdXNlcyB0aGUgbW9kdWxlIA0KdG8gYmUgcmVnaXN0ZXJlZCBhcyAnaXQgZXhpc3Rz JyBldmVuIHdoZW4gaXQgZG9lc24ndCwgc28gdGhlIGluZm9ybWF0aW9uIA0KaW4gdGhlIG1v ZHVsZSBzeXN0ZW0gb2YgR3VpeCBiZWNvbWVzIGluY29ycmVjdC4NCg0KR3JlZXRpbmdzLA0K TWF4aW1lLg0KDQo= --------------6Y8COa7uL9jlo8AbJfZVbDEq Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable


On 02-08-2022 09:59, Ludovic Court=C3=A8= s wrote:
+      (if (module-defin=
ed? (resolve-interface '(gnutls))
+                           'set-session-record-port-close!) ;GnuTLS >=
=3D 3.7.7

resolve-module (and presum=
ably also sets #:ensure #t by default, which
sometimes causes 'module not found' messages to be replaced by
'unbound variable', which I don't think is useful behaviour, can
#:ensure be set to #false?

This is unnecessary: see the=
 =E2=80=98load-gnutls=E2=80=99 mechanism there.  The idiom
above is already used in a couple of places.

I have looked at the 'load-gnutls' procedure, but I do not see how it avoids the issue I mentioned (*).

I have also seen this idiom (resolve-interface and friends with #:ensure #t) before, in other places, but that doesn't make the idiom correct -- in fact, _because_ I've seen the idiom elsewhere causing problems, I recommend avoiding the same mistake here (and preferably also eliminating it elsewhere).

More generally, the second sentence is a logical fallacy, a variant of "ad populum" -- the prevalency of a mistake does not make it correct and does not invalidate evidence of it being a mistake.

To be clear, I am not referring to the existence/absence of compilation errors when compiling the Guix package without gnutls in the build environment, but to the confusing _contents_ of the error message and the odd semantics of #:ensure #t, and not only at compilation time but also at runtime.

(*) The autoloading of gnutls in load-gnutls avoids compilation errors when gnutls is absent, but by the way it does it, it causes the module to be registered as 'it exists' even when it doesn't, so the information in the module system of Guix becomes incorrect.<= br>

Greetings,
Maxime.

--------------6Y8COa7uL9jlo8AbJfZVbDEq-- --------------shy7FN0PbyPxty9lzyvzsxwO Content-Type: application/pgp-keys; name="OpenPGP_0x49E3EE22191725EE.asc" Content-Disposition: attachment; filename="OpenPGP_0x49E3EE22191725EE.asc" Content-Description: OpenPGP public key Content-Transfer-Encoding: quoted-printable -----BEGIN PGP PUBLIC KEY BLOCK----- xjMEX4ch6BYJKwYBBAHaRw8BAQdANPb/d6MrGnGi5HyvODCkBUJPRjiFQcRU5V+m xvMaAa/NL01heGltZSBEZXZvcyA8bWF4aW1lLmRldm9zQHN0dWRlbnQua3VsZXV2 ZW4uYmU+wpAEExYIADgWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCX4ch6AIbAwUL CQgHAwUVCgkICwUWAgMBAAIeAQIXgAAKCRBJ4+4iGRcl7japAQC3opZ2KGWzWmRc /gIWSu0AAcfMwyinFEEPa/QhUt2CogD/e2RdF4CYAgaRHJJmZ9WU7piKbLZ7llB4 LzgezVDHggzNJU1heGltZSBEZXZvcyA8bWF4aW1lZGV2b3NAdGVsZW5ldC5iZT7C kAQTFggAOBYhBMHzPuIMUo/bfdcBH0nj7iIZFyXuBQJf56ycAhsDBQsJCAcDBRUK CQgLBRYCAwEAAh4BAheAAAoJEEnj7iIZFyXujpQBAKV1SwDDl4f24rXciDlB9L8W ycZt30CgbewMSRQk4mvbAP9dFMbVVixYBd6C8cfhR+NsOBGiOJnQABlUmgNuqGFJ Dc44BF+HIegSCisGAQQBl1UBBQEBB0BOlzIWiJzgobMF6/cqwLaLk7jIcFSZ++c0 k9cCNT6YXwMBCAfCeAQYFggAIBYhBMHzPuIMUo/bfdcBH0nj7iIZFyXuBQJfhyHo AhsMAAoJEEnj7iIZFyXuMr0BAJc8cl5PGvVmVuSQVKjleNl4DK1/XAaPAYPe34AE fZJPAP9IqLCQhH/FeJanHqBP8gNdGNI2qn8RnnLVfRJgUjZ1BA=3D=3D =3DOVqp -----END PGP PUBLIC KEY BLOCK----- --------------shy7FN0PbyPxty9lzyvzsxwO-- --------------wg4N7fLMqIXfytiDmw6Tj4Nn-- --------------9BJQHS2mScLzR4udVfmHGkK0 Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature" -----BEGIN PGP SIGNATURE----- wnsEABYIACMWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYuwgCAUDAAAAAAAKCRBJ4+4iGRcl7rxB AQDbKaNyf0g45ofg0A5XatnAdVfY6p/O2ekykeA1q1seggEAwQ4vWalQmOIKUBBNhMvxEUWrZLS9 ir33T/PnoeYGEAk= =Iu2N -----END PGP SIGNATURE----- --------------9BJQHS2mScLzR4udVfmHGkK0-- From debbugs-submit-bounces@debbugs.gnu.org Fri Aug 05 04:32:15 2022 Received: (at 56867) by debbugs.gnu.org; 5 Aug 2022 08:32:16 +0000 Received: from localhost ([127.0.0.1]:56091 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oJskh-00065a-HU for submit@debbugs.gnu.org; Fri, 05 Aug 2022 04:32:15 -0400 Received: from eggs.gnu.org ([209.51.188.92]:53124) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oJskc-00065H-PZ for 56867@debbugs.gnu.org; Fri, 05 Aug 2022 04:32:14 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:33864) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oJskW-0007Oc-Jx; Fri, 05 Aug 2022 04:32:04 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:In-Reply-To:Date:References:Subject:To: From; bh=fGDz28zEFuqRmW7TgnfRI6AcHBg/aKDvaQ+j2NRHYlo=; b=oMIUzWDBYQoIL6CoCCI2 KBNDu1O0Kug4QGBQXqcyRwRPH29etnHwc672Zt/gOXRb71JchgznV2LDFVp9AMxzxM/VvrvsFKXrl hdElyVTch+51DB4R52u2za/h9hczJkp7xxokJNqvbqaFpR9O2sF14d66EL3/cELngrcBHxfrIHUCh 3S7bOCLjTdqjQejriiYi82Ub4uC2AHbthNbttJLfd7Ym6h6N3NH/nZxybBu8nc09C6gOxDfj/lkq0 I+9xzjBeOh2jUtBN1BSfsyZxJcX8T/Bt/J+1CxeyPIHZqgBrvJapSeqxbUM96U0K3wwAK5lnk9tzt +AqRwf6awSZWDg==; Received: from [2001:660:6102:320:e120:2c8f:8909:cdfe] (port=46964 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oJskT-00018K-PQ; Fri, 05 Aug 2022 04:32:04 -0400 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Maxime Devos Subject: Re: [PATCH] download: Do not wrap TLS port on GnuTLS >= 3.7.7. References: <20220801090749.11655-1-ludo@gnu.org> <87pmhjuld1.fsf@gnu.org> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: Octidi 18 Thermidor an 230 de la =?utf-8?Q?R=C3=A9vo?= =?utf-8?Q?lution=2C?= jour de l'Amande X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Fri, 05 Aug 2022 10:31:58 +0200 In-Reply-To: (Maxime Devos's message of "Thu, 4 Aug 2022 21:37:44 +0200") Message-ID: <877d3njdkx.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 56867 Cc: 56867@debbugs.gnu.org, guile-devel@gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hi, Maxime Devos skribis: > On 02-08-2022 09:59, Ludovic Court=C3=A8s wrote: >>>> + (if (module-defined? (resolve-interface '(gnutls)) >>>> + 'set-session-record-port-close!) ;GnuTLS >= =3D 3.7.7 >>> resolve-module (and presumably also sets #:ensure #t by default, which >>> sometimes causes 'module not found' messages to be replaced by >>> 'unbound variable', which I don't think is useful behaviour, can >>> #:ensure be set to #false? >> This is unnecessary: see the =E2=80=98load-gnutls=E2=80=99 mechanism the= re. The idiom >> above is already used in a couple of places. > > I have looked at the 'load-gnutls' procedure, but I do not see how it > avoids the issue I mentioned (*). [...] > (*) The autoloading of gnutls in load-gnutls avoids compilation errors > when gnutls is absent, but by the way it does it, it causes the module > to be registered as 'it exists' even when it doesn't, so the > information in the module system of Guix becomes incorrect. I understand what you=E2=80=99re saying (I=E2=80=99m quite familiar with Gu= ile=E2=80=99s module system :-) and I do agree that #:ensure #t can lead to bad surprises), but I don=E2=80=99t think this is correct: --8<---------------cut here---------------start------------->8--- scheme@(guile-user)> (resolve-interface '(xxx)) ice-9/boot-9.scm:1685:16: In procedure raise-exception: no code for module (xxx) Entering a new prompt. Type `,bt' for a backtrace or `,q' to continue. scheme@(guile-user) [1]> ,q scheme@(guile-user)> (resolve-module '(xxx) #f #:ensure #f) $1 =3D #f --8<---------------cut here---------------end--------------->8--- This is because =E2=80=98resolve-interface=E2=80=99 does (resolve-module = =E2=80=A6 #:ensure #f). Does that make sense? Thanks, Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Fri Aug 05 06:17:43 2022 Received: (at 56867) by debbugs.gnu.org; 5 Aug 2022 10:17:43 +0000 Received: from localhost ([127.0.0.1]:56314 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oJuOl-0000Va-Hy for submit@debbugs.gnu.org; Fri, 05 Aug 2022 06:17:43 -0400 Received: from laurent.telenet-ops.be ([195.130.137.89]:46262) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oJuOh-0000VO-DF for 56867@debbugs.gnu.org; Fri, 05 Aug 2022 06:17:41 -0400 Received: from [192.168.247.79] ([213.119.230.10]) by laurent.telenet-ops.be with bizsmtp id 3mHc2800A0E6evH01mHd3w; Fri, 05 Aug 2022 12:17:38 +0200 Message-ID: Date: Fri, 5 Aug 2022 12:17:36 +0200 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.11.0 Subject: Re: [PATCH] download: Do not wrap TLS port on GnuTLS >= 3.7.7. Content-Language: en-US To: =?UTF-8?Q?Ludovic_Court=c3=a8s?= References: <20220801090749.11655-1-ludo@gnu.org> <87pmhjuld1.fsf@gnu.org> <877d3njdkx.fsf@gnu.org> From: Maxime Devos In-Reply-To: <877d3njdkx.fsf@gnu.org> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------ogmJh0PPVsip200tKQGp0L4j" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r22; t=1659694658; bh=xK1jiLyMmyzN7oXzRoKugCKKK3ImONjTKmUlAVP6fbQ=; h=Date:Subject:To:Cc:References:From:In-Reply-To; b=mZcdCZrvcrhzaoUzqZ7MooEAG21LfgFfo6S+0Kf24ltnKKz+HCgFt6yAShJGlDqTp 8Xk9D5E+CgXYWQKaOr4qkjbChBW/3c0NSA6qIwOCf2cmJVfuxRva2x99DR/aRIsLZ9 czZ8Omi1ImVFl56shaRqimg2q5OKwlvqssvRVvzsEnyGONfUPx7h6CtWgnRvQMuZ4L VT59tRh8qy8AFBgdO6nEi+uzC/k2sHz822UFHeaRt7W2fmzhfriNMK34mASwNwVjRn ee3uZBXNjAH6tkpwFf/GXMUG2/8FNfMj+RM78B/cSm27ZFcQMaLzwShD4iK5Axo9Nh sopKsbyrpU30A== X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 56867 Cc: 56867@debbugs.gnu.org, guile-devel@gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------ogmJh0PPVsip200tKQGp0L4j Content-Type: multipart/mixed; boundary="------------5AOac2LALczU8Wq6rkXfmI7Y"; protected-headers="v1" From: Maxime Devos To: =?UTF-8?Q?Ludovic_Court=c3=a8s?= Cc: 56867@debbugs.gnu.org, guile-devel@gnu.org Message-ID: Subject: Re: [PATCH] download: Do not wrap TLS port on GnuTLS >= 3.7.7. References: <20220801090749.11655-1-ludo@gnu.org> <87pmhjuld1.fsf@gnu.org> <877d3njdkx.fsf@gnu.org> In-Reply-To: <877d3njdkx.fsf@gnu.org> --------------5AOac2LALczU8Wq6rkXfmI7Y Content-Type: multipart/mixed; boundary="------------Mxw7BVY3qcZd49pY46kfLzLE" --------------Mxw7BVY3qcZd49pY46kfLzLE Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64 DQpPbiAwNS0wOC0yMDIyIDEwOjMxLCBMdWRvdmljIENvdXJ0w6hzIHdyb3RlOg0KPiBJIHVu ZGVyc3RhbmQgd2hhdCB5b3XigJlyZSBzYXlpbmcgKEnigJltIHF1aXRlIGZhbWlsaWFyIHdp dGggR3VpbGXigJlzIG1vZHVsZQ0KPiBzeXN0ZW0gOi0pIGFuZCBJIGRvIGFncmVlIHRoYXQg IzplbnN1cmUgI3QgY2FuIGxlYWQgdG8gYmFkIHN1cnByaXNlcyksDQo+IGJ1dCBJIGRvbuKA mXQgdGhpbmsgdGhpcyBpcyBjb3JyZWN0Og0KPg0KPiAtLTg8LS0tLS0tLS0tLS0tLS0tY3V0 IGhlcmUtLS0tLS0tLS0tLS0tLS1zdGFydC0tLS0tLS0tLS0tLS0+OC0tLQ0KPiBzY2hlbWVA KGd1aWxlLXVzZXIpPiAocmVzb2x2ZS1pbnRlcmZhY2UgJyh4eHgpKQ0KPiBpY2UtOS9ib290 LTkuc2NtOjE2ODU6MTY6IEluIHByb2NlZHVyZSByYWlzZS1leGNlcHRpb246DQo+IG5vIGNv ZGUgZm9yIG1vZHVsZSAoeHh4KQ0KPg0KPiBFbnRlcmluZyBhIG5ldyBwcm9tcHQuICBUeXBl IGAsYnQnIGZvciBhIGJhY2t0cmFjZSBvciBgLHEnIHRvIGNvbnRpbnVlLg0KPiBzY2hlbWVA KGd1aWxlLXVzZXIpIFsxXT4gLHENCj4gc2NoZW1lQChndWlsZS11c2VyKT4gKHJlc29sdmUt bW9kdWxlICcoeHh4KSAjZiAjOmVuc3VyZSAjZikNCj4gJDEgPSAjZg0KPiAtLTg8LS0tLS0t LS0tLS0tLS0tY3V0IGhlcmUtLS0tLS0tLS0tLS0tLS1lbmQtLS0tLS0tLS0tLS0tLS0+OC0t LQ0KPg0KPiBUaGlzIGlzIGJlY2F1c2Ug4oCYcmVzb2x2ZS1pbnRlcmZhY2XigJkgZG9lcyAo cmVzb2x2ZS1tb2R1bGUg4oCmICM6ZW5zdXJlICNmKS4NCj4NCj4gRG9lcyB0aGF0IG1ha2Ug c2Vuc2U/DQoNCk9vcHMsIEkgdGhvdWdodCB0aGUgIzplbnN1cmUgI2Ygd2FzIHVuaXZlcnNh bCB0byBhbGwgdGhlIHJlc29sdmUtLi4uIA0KaW50ZXJmYWNlcywgYnV0IGFwcGFyZW50bHkg bm90IGZvciByZXNvbGUtaW50ZXJmYWNlISBJbiB0aGF0IGNhc2UsIG5vIA0KcHJvYmxlbSwg dGhvdWdoIEknZCBsaWtlIHRvIGV2ZW50dWFsbHkgbWFrZSBzb21lIGNoYW5nZXMgdG8gdGhl IEd1aWxlIA0KZG9jcyBmb3IgY2xhcml0eSAoYW5kIG1heWJlIGNoYW5nZSB0aGUgZGVmYXVs dCAjOmVuc3VyZSAjdCAtPiAjZikNCg0KR3JlZXRpbmdzLA0KTWF4aW1lLg0KDQoNCg== --------------Mxw7BVY3qcZd49pY46kfLzLE Content-Type: application/pgp-keys; name="OpenPGP_0x49E3EE22191725EE.asc" Content-Disposition: attachment; filename="OpenPGP_0x49E3EE22191725EE.asc" Content-Description: OpenPGP public key Content-Transfer-Encoding: quoted-printable -----BEGIN PGP PUBLIC KEY BLOCK----- xjMEX4ch6BYJKwYBBAHaRw8BAQdANPb/d6MrGnGi5HyvODCkBUJPRjiFQcRU5V+m xvMaAa/NL01heGltZSBEZXZvcyA8bWF4aW1lLmRldm9zQHN0dWRlbnQua3VsZXV2 ZW4uYmU+wpAEExYIADgWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCX4ch6AIbAwUL CQgHAwUVCgkICwUWAgMBAAIeAQIXgAAKCRBJ4+4iGRcl7japAQC3opZ2KGWzWmRc /gIWSu0AAcfMwyinFEEPa/QhUt2CogD/e2RdF4CYAgaRHJJmZ9WU7piKbLZ7llB4 LzgezVDHggzNJU1heGltZSBEZXZvcyA8bWF4aW1lZGV2b3NAdGVsZW5ldC5iZT7C kAQTFggAOBYhBMHzPuIMUo/bfdcBH0nj7iIZFyXuBQJf56ycAhsDBQsJCAcDBRUK CQgLBRYCAwEAAh4BAheAAAoJEEnj7iIZFyXujpQBAKV1SwDDl4f24rXciDlB9L8W ycZt30CgbewMSRQk4mvbAP9dFMbVVixYBd6C8cfhR+NsOBGiOJnQABlUmgNuqGFJ Dc44BF+HIegSCisGAQQBl1UBBQEBB0BOlzIWiJzgobMF6/cqwLaLk7jIcFSZ++c0 k9cCNT6YXwMBCAfCeAQYFggAIBYhBMHzPuIMUo/bfdcBH0nj7iIZFyXuBQJfhyHo AhsMAAoJEEnj7iIZFyXuMr0BAJc8cl5PGvVmVuSQVKjleNl4DK1/XAaPAYPe34AE fZJPAP9IqLCQhH/FeJanHqBP8gNdGNI2qn8RnnLVfRJgUjZ1BA=3D=3D =3DOVqp -----END PGP PUBLIC KEY BLOCK----- --------------Mxw7BVY3qcZd49pY46kfLzLE-- --------------5AOac2LALczU8Wq6rkXfmI7Y-- --------------ogmJh0PPVsip200tKQGp0L4j Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature" -----BEGIN PGP SIGNATURE----- wnsEABYIACMWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYuzuQAUDAAAAAAAKCRBJ4+4iGRcl7ldL AP9nymYKtTBbxka89ak5FoNdroXaZ3DmylVDiO3OyQLXtwEArntcC4nWLiHTZdLfSPcokVHOhjWA VS8IeNJGdDUNigU= =B61j -----END PGP SIGNATURE----- --------------ogmJh0PPVsip200tKQGp0L4j-- From unknown Fri Jun 20 18:10:30 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Fri, 02 Sep 2022 11:24:12 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator