Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 1000622
Summary: | Upgrade lua-sec to support prosody 0.9 | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Matěj Cepl <mcepl> | ||||||||
Component: | lua-sec | Assignee: | Johan Cwiklinski <fedora> | ||||||||
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||||||
Severity: | unspecified | Docs Contact: | |||||||||
Priority: | unspecified | ||||||||||
Version: | rawhide | CC: | fedora, greg, i, jkaluza, mcepl, mcepl, mwild1, Neustradamus, redhat-bugzilla, tmraz | ||||||||
Target Milestone: | --- | ||||||||||
Target Release: | --- | ||||||||||
Hardware: | Unspecified | ||||||||||
OS: | Unspecified | ||||||||||
Whiteboard: | |||||||||||
Fixed In Version: | lua-sec-0.5-3.fc20 | Doc Type: | Bug Fix | ||||||||
Doc Text: | Story Points: | --- | |||||||||
Clone Of: | Environment: | ||||||||||
Last Closed: | 2014-07-18 05:50:43 UTC | Type: | Bug | ||||||||
Regression: | --- | Mount Type: | --- | ||||||||
Documentation: | --- | CRM: | |||||||||
Verified Versions: | Category: | --- | |||||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||||
Embargoed: | |||||||||||
Bug Depends On: | |||||||||||
Bug Blocks: | 999953 | ||||||||||
Attachments: |
|
Description
Matěj Cepl
2013-08-23 21:13:49 UTC
Maybe I was a bit wrong on #999953, there were some recent commits on lua-sec upstream: https://github.com/brunoos/luasec/commits/master I'll be happy to update the package if that is relevant... But I do not know if it is. I cannot find if prosody changes has been proposed on lua-sec upstream, I did not have time to take a look a this for now (I should have more free time next week). Maybe should I package the latest github lua-sec version for rawhide (probably not for now)? I'll also try to make a diff between prosody's version and official one to see if changes were proposed or not. It is not a good point lua-sec partially forks lua-socket, a pull request has already been proposed, waiting for upstream decision: https://github.com/brunoos/luasec/pull/5 I can try to include that patch in the package, but as it's not yet validated upstream, I'm really not sure it would be a good idea. Hi, Prosody developer here. For the record, Prosody 0.9 works absolutely fine with older LuaSec (and LuaSocket) versions, it just means the new features will not be available. You may want to add a note about this in the default config around the s2s_secure_auth (enabling which will cause issues if certificate verification is not available) if you package 0.9 without a newer LuaSec. Bruno pulled all our changes into https://github.com/brunoos/luasec/ recently, and it enables certificate verification in Prosody 0.9 (it is also backwards-compatible with Prosody 0.8, if that helps). There has been no source release yet, neither beta nor rc. The lack of a source release and delay in merging our code was the only reason for our "fork", and I expected it to become redundant as soon as the merge and release of the official LuaSec completed. (In reply to Matthew Wild (MattJ) from comment #2) > Bruno pulled all our changes into https://github.com/brunoos/luasec/ > recently, and it enables certificate verification in Prosody 0.9 (it is also > backwards-compatible with Prosody 0.8, if that helps). There has been no > source release yet, neither beta nor rc. There is no problem for Fedora packages to package checkout out of git. I will prepare a scratch build of such package. Packaging a git snapshot is indeed not a problem. @Matthew: thank you for the details. @Matěj, please keep me in touch :) Created attachment 789947 [details] suggested patch (In reply to Johan Cwiklinski from comment #4) > @Matěj, please keep me in touch :) This should work, but it doesn't (http://koji.fedoraproject.org/koji/taskinfo?taskID=5850113 and particularly http://kojipkgs.fedoraproject.org//work/tasks/113/5850113/build.log). I am afraid we are missing EC ciphers in Fedora OpenSSL packages and it shows here. Adding an OpenSSL maintainer to the bug to help us here. Not much to add here - lua-sec must be able to build with OpenSSL that is built without EC crypto support. Created attachment 795220 [details]
build.log
Just so it doesn't expire together with the scratch build.
Created attachment 795332 [details]
Adapted suggested patch
Handle missing EC support in Fedora's somehow more (than others) crippled OpenSSL
Even this patch solves the OpenSSL stuff, it still does not make lua-sec fully
building: "ssl.c:22:26: fatal error: luasocket/io.h: No such file or directory"
will be the next failure, which is IMHO not OpenSSL related at all.
Uah! As far as I get, lua-sec bundles lua-socket on the source code level in the directory src/luasocket. This is triggered via -DWITH_LUASOCKET in Makefile. Matěj, Johan - how is this going to continue? Any ideas regarding bundled lua-socket? Talked with Prosody upstream, luasec-0.5 is OK for Prosody. I'm updating to luasec-0.5 in Fedora rawhide and will update in F20 after a while too. I'm also building lua-sec-compat package which is built against compat-lua. This will allow using lua-sec in luajit and fix Prosody in Fedora eventually :). http://pkgs.fedoraproject.org/cgit/lua-sec.git/commit/?id=0135cebba097c9a81792aac468d4859066e965ec lua-sec-0.5-3.fc20 has been submitted as an update for Fedora 20. https://admin.fedoraproject.org/updates/lua-sec-0.5-3.fc20 lua-sec-0.5-3.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report. |