Re: [PATCH] glib-networking: build with gnutls support

Khem Raj

On Sun, Apr 10, 2022 at 10:46 PM Markus Volk <f_l_k@...> wrote:

Am 11.04.22 um 06:25 schrieb Andre McCurdy:

On Sun, Apr 10, 2022 at 10:29 AM Markus Volk <f_l_k@...> wrote:

this fixes authentication issues with geary and tls connection

Signed-off-by: Markus Volk <f_l_k@...>
meta/recipes-core/glib-networking/ | 2 +-
meta/recipes-support/gnutls/ | 2 +-
meta/recipes-support/p11-kit/ | 4 ++--
3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/meta/recipes-core/glib-networking/ b/meta/recipes-core/glib-networking/
index d578f17aa5..73827b0a85 100644
--- a/meta/recipes-core/glib-networking/
+++ b/meta/recipes-core/glib-networking/
@@ -11,7 +11,7 @@ DEPENDS = "glib-2.0"

SRC_URI[archive.sha256sum] = "100aaebb369285041de52da422b6b716789d5e4d7549a3a71ba587b932e0823b"

-PACKAGECONFIG ??= "openssl ${@bb.utils.contains('PTEST_ENABLED', '1', 'tests', '', d)}"
+PACKAGECONFIG ??= "openssl gnutls ${@bb.utils.contains('PTEST_ENABLED', '1', 'tests', '', d)}"

This should either be gnutls or openssl, not both. But aside from
that, gnutls brings (L)GPLv3 issues and therefore should not be
enabled by default.

In a perfect world, I would say you are right. There should not even exist more than one implementation.

In reality, at least for now, geary is broken with openssl.

As for your concern about gplv3 issues. As far as I know, the core of gnutls is under LGPL-2.1. Only installation of gnutls-bin or gnutls-openssl should introduce GPL-3.0.
It's the dependencies that you have to count as well in order to link
with libgnutls in a program.
libgnutls requires nettle which requires GMP. GMP (>= 6.0.0) is dual licensed
LGPLv3+ or GPLv2+. Starting with 3.5.7 libunistring is required too. It also
is dual licensed LGPLv3+ or GPLv2+

I'm more like thinking "better to have more mainstays, so you dont fall if you loose one". But i'm not strict with my opinion. This change can also be done with bbappends.

Are you saying that some glib-networking functionality works when
using gnutls but does not work when using openssl? If so, is it a
known limitation? Or a bug? If a bug, has it been reported upstream?
The commit message should explain those kinds of details.

It completely stopped working with openssl. This happened about two weeks ago, possibly because of the latest openssl update.
I think it would be nice to check with upstream if that's intentional
or perhaps open a bug with upstream to report the problem.

Join { to automatically receive all group messages.