mbed TLS package

mbed TLS package

[Andy Li]

Hi,

This is Andy, a member of the Haxe Foundation, which is the
organization behind the Haxe programming language [1].

I would like to maintain a Cygwin package for Haxe. There are some
dependencies not packaged for cygwin, so I am going to package and
maintain them as well.

The first one I worked on is mbed TLS [2], and the cygport file I
created can be found at:
https://github.com/andyli/cygwinports-mbedtls

It would be great if you can review and let me know if it is up to
standard for inclusion in the cygwin.com archive. Please bear with me
if there is any silly mistake since this is my first time packaging
for Cygwin.
FYI, here are the Debian and Fedora packages:
 * https://anonscm.debian.org/cgit/collab-maint/mbedtls.git/tree/debian
 * http://pkgs.fedoraproject.org/cgit/rpms/mbedtls.git/tree/mbedtls.spec

Best regards,
Andy

[1]: https://haxe.org/
[2]: https://tls.mbed.org/

Re: mbed TLS package

[Marco Atzeri]

On 28/04/2017 07:32, Andy Li wrote:
> Hi,
>
> This is Andy, a member of the Haxe Foundation, which is the
> organization behind the Haxe programming language [1].
>
> I would like to maintain a Cygwin package for Haxe. There are some
> dependencies not packaged for cygwin, so I am going to package and
> maintain them as well.
>
> The first one I worked on is mbed TLS [2], and the cygport file I
> created can be found at:
> https://github.com/andyli/cygwinports-mbedtls
>
> It would be great if you can review and let me know if it is up to
> standard for inclusion in the cygwin.com archive. Please bear with me
> if there is any silly mistake since this is my first time packaging
> for Cygwin.
> FYI, here are the Debian and Fedora packages:
>  * https://anonscm.debian.org/cgit/collab-maint/mbedtls.git/tree/debian
>  * http://pkgs.fedoraproject.org/cgit/rpms/mbedtls.git/tree/mbedtls.spec
>
> Best regards,
> Andy
>
> [1]: https://haxe.org/
> [2]: https://tls.mbed.org/
>

Hi Andy,

the shared library are in the wrong place:

 >>> libmbedcrypto0-2.4.2-1.tar.xz
usr/lib/cygmbedcrypto-0.dll

 >>> libmbedtls10-2.4.2-1.tar.xz
usr/lib/cygmbedtls-10.dll

 >>> libmbedx509-0-2.4.2-1.tar.xz
usr/lib/cygmbedx509-0.dll

On cygwin the shared lib are in /usr/bin .

On my build, documentation was rebuilt and most of the
source was changed:

 >>> Creating source patches
  apidoc/aes_8h.html                                            |  813
  apidoc/aes_8h__dep__incl.map                                  |    5

  apidoc/xtea_8h__incl.md5                                      |    1
  apidoc/xtea_8h_source.html                                    |   64
  566 files changed, 150300 insertions(+)


use DIFF_EXCLUDES="apidoc/*" to avoid to include a source patch file.


in the list of binaries, I see some that look as test programs;
may be they should not be installed ?

         usr/bin/aescrypt2.exe
    ->   usr/bin/benchmark.exe
         usr/bin/cert_app.exe
         usr/bin/cert_req.exe
         usr/bin/cert_write.exe
         usr/bin/crl_app.exe
         usr/bin/crypt_and_hash.exe
         usr/bin/dh_client.exe
         usr/bin/dh_genprime.exe
         usr/bin/dh_server.exe
         usr/bin/dtls_client.exe
         usr/bin/dtls_server.exe
         usr/bin/generic_sum.exe
         usr/bin/gen_entropy.exe
         usr/bin/gen_key.exe
         usr/bin/gen_random_ctr_drbg.exe
         usr/bin/gen_random_havege.exe
    ->   usr/bin/hello.exe
         usr/bin/key_app.exe
         usr/bin/mini_client.exe
         usr/bin/mpi_demo.exe
         usr/bin/pem2der.exe
         usr/bin/pk_decrypt.exe
         usr/bin/pk_encrypt.exe
         usr/bin/pk_sign.exe
         usr/bin/pk_verify.exe
         usr/bin/req_app.exe
         usr/bin/rsa_decrypt.exe
         usr/bin/rsa_encrypt.exe
         usr/bin/rsa_genkey.exe
         usr/bin/rsa_sign.exe
         usr/bin/rsa_verify.exe
     ->  usr/bin/selftest.exe
         usr/bin/ssl_cert_test.exe
         usr/bin/ssl_client1.exe
         usr/bin/ssl_client2.exe
         usr/bin/ssl_fork_server.exe
         usr/bin/ssl_mail_client.exe
         usr/bin/ssl_pthread_server.exe
         usr/bin/ssl_server.exe
         usr/bin/strerror.exe
         usr/bin/udp_proxy.exe

I have the impression that neither debian nor fedora install
any of the programs

https://apps.fedoraproject.org/packages/mbedtls/

Re: mbed TLS package

[Tony Kelman]

> the shared library are in the wrong place:
>
> >>> libmbedcrypto0-2.4.2-1.tar.xz
> usr/lib/cygmbedcrypto-0.dll
>
> >>> libmbedtls10-2.4.2-1.tar.xz
> usr/lib/cygmbedtls-10.dll
>
> >>> libmbedx509-0-2.4.2-1.tar.xz
> usr/lib/cygmbedx509-0.dll
>
> On cygwin the shared lib are in /usr/bin .

I opened https://github.com/ARMmbed/mbedtls/issues/574 with upstream 8
months ago offering to fix this for them but they haven't responded
in any useful way.

-Tony

Re: mbed TLS package

[Andy Li]

Thanks for the review!
I've just updated the cygport file as suggested:

 * moved the dll files to /usr/bin
 * use DIFF_EXCLUDES to exclude the source changes during building
apidoc and tests
 * do not build/install the programs, which are indeed just demos
according to https://github.com/ARMmbed/mbedtls#example-programs

Let me know if there is anything that can improve :)

Best regards,
Andy

On Sat, Apr 29, 2017 at 5:14 AM, Marco Atzeri <marco.atzeri@gmail.com> wrote:
> On 28/04/2017 07:32, Andy Li wrote:
>>
>> Hi,
>>
>> This is Andy, a member of the Haxe Foundation, which is the
>> organization behind the Haxe programming language [1].
>>
>> I would like to maintain a Cygwin package for Haxe. There are some
>> dependencies not packaged for cygwin, so I am going to package and
>> maintain them as well.
>>
>> The first one I worked on is mbed TLS [2], and the cygport file I
>> created can be found at:
>> https://github.com/andyli/cygwinports-mbedtls
>>
>> It would be great if you can review and let me know if it is up to
>> standard for inclusion in the cygwin.com archive. Please bear with me
>> if there is any silly mistake since this is my first time packaging
>> for Cygwin.
>> FYI, here are the Debian and Fedora packages:
>>  * https://anonscm.debian.org/cgit/collab-maint/mbedtls.git/tree/debian
>>  * http://pkgs.fedoraproject.org/cgit/rpms/mbedtls.git/tree/mbedtls.spec
>>
>> Best regards,
>> Andy
>>
>> [1]: https://haxe.org/
>> [2]: https://tls.mbed.org/
>>
>
> Hi Andy,
>
> the shared library are in the wrong place:
>
>>>> libmbedcrypto0-2.4.2-1.tar.xz
> usr/lib/cygmbedcrypto-0.dll
>
>>>> libmbedtls10-2.4.2-1.tar.xz
> usr/lib/cygmbedtls-10.dll
>
>>>> libmbedx509-0-2.4.2-1.tar.xz
> usr/lib/cygmbedx509-0.dll
>
> On cygwin the shared lib are in /usr/bin .
>
> On my build, documentation was rebuilt and most of the
> source was changed:
>
>>>> Creating source patches
>  apidoc/aes_8h.html                                            |  813
>  apidoc/aes_8h__dep__incl.map                                  |    5
>
>  apidoc/xtea_8h__incl.md5                                      |    1
>  apidoc/xtea_8h_source.html                                    |   64
>  566 files changed, 150300 insertions(+)
>
>
> use DIFF_EXCLUDES="apidoc/*" to avoid to include a source patch file.
>
>
> in the list of binaries, I see some that look as test programs;
> may be they should not be installed ?
>
>         usr/bin/aescrypt2.exe
>    ->   usr/bin/benchmark.exe
>         usr/bin/cert_app.exe
>         usr/bin/cert_req.exe
>         usr/bin/cert_write.exe
>         usr/bin/crl_app.exe
>         usr/bin/crypt_and_hash.exe
>         usr/bin/dh_client.exe
>         usr/bin/dh_genprime.exe
>         usr/bin/dh_server.exe
>         usr/bin/dtls_client.exe
>         usr/bin/dtls_server.exe
>         usr/bin/generic_sum.exe
>         usr/bin/gen_entropy.exe
>         usr/bin/gen_key.exe
>         usr/bin/gen_random_ctr_drbg.exe
>         usr/bin/gen_random_havege.exe
>    ->   usr/bin/hello.exe
>         usr/bin/key_app.exe
>         usr/bin/mini_client.exe
>         usr/bin/mpi_demo.exe
>         usr/bin/pem2der.exe
>         usr/bin/pk_decrypt.exe
>         usr/bin/pk_encrypt.exe
>         usr/bin/pk_sign.exe
>         usr/bin/pk_verify.exe
>         usr/bin/req_app.exe
>         usr/bin/rsa_decrypt.exe
>         usr/bin/rsa_encrypt.exe
>         usr/bin/rsa_genkey.exe
>         usr/bin/rsa_sign.exe
>         usr/bin/rsa_verify.exe
>     ->  usr/bin/selftest.exe
>         usr/bin/ssl_cert_test.exe
>         usr/bin/ssl_client1.exe
>         usr/bin/ssl_client2.exe
>         usr/bin/ssl_fork_server.exe
>         usr/bin/ssl_mail_client.exe
>         usr/bin/ssl_pthread_server.exe
>         usr/bin/ssl_server.exe
>         usr/bin/strerror.exe
>         usr/bin/udp_proxy.exe
>
> I have the impression that neither debian nor fedora install
> any of the programs
>
> https://apps.fedoraproject.org/packages/mbedtls/
>
>

Re: mbed TLS package

[Marco Atzeri]

On 29/04/2017 09:26, Andy Li wrote:
> Thanks for the review!

please no TOFU
https://cygwin.com/acronyms/#TOFU

(I know it is common use in company mails, but we prefer a clean reply)

> I've just updated the cygport file as suggested:
>
>  * moved the dll files to /usr/bin
>  * use DIFF_EXCLUDES to exclude the source changes during building
> apidoc and tests
>  * do not build/install the programs, which are indeed just demos
> according to https://github.com/ARMmbed/mbedtls#example-programs
>
> Let me know if there is anything that can improve :)
>
> Best regards,
> Andy

GTG for me.

Please follow https://cygwin.com/package-upload.html
for next step.

Only one test is failing on both architecture,
but is not a blocking point

$ PATH=/pub/temp/mbedtls-2.4.2-1.x86_64/build/library:$PATH 
./test_suite_timing.exe -v
Timing selftest ................................................... 
TIMING tests note: will take some time!
   TIMING test #1 (set_alarm / get_timer): passed
   TIMING test #2 (set/get_delay        ): failed
FAILED
   mbedtls_timing_self_test( 1 ) == 0
   at line 13, 
/cygdrive/e/cyg_pub/temp/mbedtls-2.4.2-1.x86_64/src/mbedtls-2.4.2/tests/suites/test_suite_timing.function

----------------------------------------------------------------------------

FAILED (0 / 1 tests (0 skipped))


Regards
Marco

Re: mbed TLS package

[Andy Li]

> please no TOFU
> https://cygwin.com/acronyms/#TOFU

Noted. Sorry about that!

> Only one test is failing on both architecture,
> but is not a blocking point
>
> $ PATH=/pub/temp/mbedtls-2.4.2-1.x86_64/build/library:$PATH
> ./test_suite_timing.exe -v
> Timing selftest ................................................... TIMING
> tests note: will take some time!
>   TIMING test #1 (set_alarm / get_timer): passed
>   TIMING test #2 (set/get_delay        ): failed
> FAILED
>   mbedtls_timing_self_test( 1 ) == 0
>   at line 13,
> /cygdrive/e/cyg_pub/temp/mbedtls-2.4.2-1.x86_64/src/mbedtls-2.4.2/tests/suites/test_suite_timing.function
>
> ----------------------------------------------------------------------------
>
> FAILED (0 / 1 tests (0 skipped))

Strangely, the test passed on my 2 machines, with 32-bit and 64-bit Cygwin...
Not sure what's the cause of this.


Best regards,
Andy

Re: mbed TLS package

[Marco Atzeri]

On 29/04/2017 11:20, Andy Li wrote:
>> please no TOFU
>> https://cygwin.com/acronyms/#TOFU
>
> Noted. Sorry about that!
>
>> Only one test is failing on both architecture,
>> but is not a blocking point
>>
>> $ PATH=/pub/temp/mbedtls-2.4.2-1.x86_64/build/library:$PATH
>> ./test_suite_timing.exe -v
>> Timing selftest ................................................... TIMING
>> tests note: will take some time!
>>   TIMING test #1 (set_alarm / get_timer): passed
>>   TIMING test #2 (set/get_delay        ): failed
>> FAILED
>>   mbedtls_timing_self_test( 1 ) == 0
>>   at line 13,
>> /cygdrive/e/cyg_pub/temp/mbedtls-2.4.2-1.x86_64/src/mbedtls-2.4.2/tests/suites/test_suite_timing.function
>>
>> ----------------------------------------------------------------------------
>>
>> FAILED (0 / 1 tests (0 skipped))
>
> Strangely, the test passed on my 2 machines, with 32-bit and 64-bit Cygwin...
> Not sure what's the cause of this.

Nice, so it is likely my machine BLODA

>
>
> Best regards,
> Andy
>

Re: mbed TLS package

[Andy Li]

I've just tried to upload the package, and calm notified me about the
errors as follows:

> ERROR: package 'libmbedtls10' version '2.4.2-1' requires nonexistent package 'libmbedx509'
> ERROR: package 'mbedtls-devel' version '2.4.2-1' requires nonexistent package 'libmbedx509'
> ERROR: error while validating merged x86 packages for Andy Li
> SUMMARY: 3 ERROR(s)

Maybe it's because of "libmbedx509" having a number at the end of its
name, incorrectly interpreted as its version number (0)?
Its package name is "libmbedx509-0".

Any tips to fix it is appreciated.

Best regards,
Andy

Re: mbed TLS package

[Jon Turney]

On 29/04/2017 12:10, Andy Li wrote:
> I've just tried to upload the package, and calm notified me about the
> errors as follows:
>
>> ERROR: package 'libmbedtls10' version '2.4.2-1' requires nonexistent package 'libmbedx509'
>> ERROR: package 'mbedtls-devel' version '2.4.2-1' requires nonexistent package 'libmbedx509'
>> ERROR: error while validating merged x86 packages for Andy Li
>> SUMMARY: 3 ERROR(s)
>
> Maybe it's because of "libmbedx509" having a number at the end of its
> name, incorrectly interpreted as its version number (0)?
> Its package name is "libmbedx509-0".

Using a package name containing a hyphen followed by a digit isn't 
actually forbidden currently, but perhaps should be.  It introduces an 
ambiguity about where the version starts.

This seems to tickle a bug somewhere in cygport as it doesn't generate 
the requires: correctly

It would be much better if cygport just said "no" when you tried to use 
a package name with a hyphen followed by a digit.

> Any tips to fix it is appreciated.

Name the package 'libmbedx509_0'

See [1], which we generally follow:

"If the base package name ends with a digit, a single underscore ("_") 
MUST be appended to the name, and the version MUST be appended to that, 
in order to avoid confusion over where the name ends and the version 
begins."

[1] 
https://fedoraproject.org/wiki/Packaging:Naming?rd=Packaging:NamingGuidelines#MultiplePackages

Re: mbed TLS package

[Andy Li]

> Using a package name containing a hyphen followed by a digit isn't actually
> forbidden currently, but perhaps should be.  It introduces an ambiguity
> about where the version starts.
>
> This seems to tickle a bug somewhere in cygport as it doesn't generate the
> requires: correctly
>
> It would be much better if cygport just said "no" when you tried to use a
> package name with a hyphen followed by a digit.

I've just reported that to cygport at
https://github.com/cygwinports/cygport/issues/2.


> Name the package 'libmbedx509_0'

Renamed and uploaded successfully. Thanks!

Best regards,
Andy