Bug#802596: Please provide wget-udeb (linked against pending libssl-udeb)
Package: wget
Version: 1.16.3-3
Severity: normal
Tags: patch
As I've discussed with Cyril during DebConf15, I'm interested in seeing https support in the Debian's debian-installer (it's already available in Ubuntu's).
In order to do this, we need to replace the version of wget provided by busybox, with a version of wget that includes SSL support.
As mentioned in #802591, wget in Debian links against gnutls, while it links against openssl in Ubuntu. I did the work to get a udeb out of gnutls, but the result is a) much larger than the equivalent from openssl b) linked against stuff that also has no udeb packages, which means both more work and even larger size.
I'm not aware of the reasons that pushed wget to move from openssl to gnutls back in 2011, although I suspect it was due to GPL incompatibility with one of the dependencies. However, since the udeb version is rather stripped out, the dependencies are easier to check. Dep by dep (as they come from the udeb package) license check:
* libc6-udeb (>= 2.19) -> LGPL
* libcrypto1.0.0-udeb (>= 1.0.1d) -> OpenSSL
* libpcre3-udeb (>= 1:8.35) -> BSD
* libssl1.0.0-udeb (>= 1.0.1d) -> OpenSSL
* libuuid1-udeb (>= 2.20.1) -> BSD
* zlib1g-udeb (>= 1:1.2.3.3.dfsg-1) -> BSD
Regarding libuuid1, it's part of the util-linux souce package which is mostly GPL, but the libuuid/ directory is BSD, I checked the source code and it's all BSD and doesn't link against any GPL code.
My proposal is then to link against the libssl udeb (pending in #802591) for the wget-udeb package, but leave the other wget as it is (linked against gnutls).
The work for this was done by Colin Watson for Ubuntu years ago, but was never applied in Debian. I have a patch that applies Ubuntu's changes to the current version in Debian, and I've verified that this (combined with the libssl udeb) makes wget in Debian's debian-installer support https.
I'm attaching the patch for adding the udeb, although it doesn't make sense to upload this until #802591 is fixed, but I wanted to get the ball rolling in case there are concerns.
--
diff -Nru wget-1.16.3/debian/changelog wget-1.16.3/debian/changelog
--- wget-1.16.3/debian/changelog 2015-06-20 19:02:34.000000000 +0200
+++ wget-1.16.3/debian/changelog 2015-10-20 15:12:09.000000000 +0200
@@ -1,3 +1,12 @@
+wget (1.16.3-4) unstable; urgency=medium
+
+ * Add udeb support, taken from the work done by Colin Watson for Ubuntu
+ in 1.10.2-2ubuntu2 and forward.
+ * Added dependency on libssl-dev for the udeb, as gnutls does not provide
+ a udeb package.
+
+ -- Margarita Manterola <marga@google.com> Tue, 20 Oct 2015 13:56:26 +0200
+
wget (1.16.3-3) unstable; urgency=medium
* changed libgnutls28-dev dependency to a versioned one to fix
diff -Nru wget-1.16.3/debian/control wget-1.16.3/debian/control
--- wget-1.16.3/debian/control 2015-06-16 10:24:52.000000000 +0200
+++ wget-1.16.3/debian/control 2015-10-21 14:47:42.000000000 +0200
@@ -2,7 +2,7 @@
Section: web
Priority: important
Maintainer: Noël Köthe <noel@debian.org>
-Build-Depends: debhelper (>> 9.0.0), gettext, texinfo, autotools-dev, libidn11-dev, uuid-dev, libpsl-dev, libpcre3-dev, libgnutls28-dev (>= 3.3.15-5)
+Build-Depends: debhelper (>> 9.0.0), gettext, texinfo, autotools-dev, libidn11-dev, uuid-dev, libpsl-dev, libpcre3-dev, libgnutls28-dev (>= 3.3.15-5), libssl-dev (>= 0.9.8k)
Standards-Version: 3.9.6
Homepage: https://www.gnu.org/software/wget/
@@ -32,3 +32,12 @@
Wget supports proxy servers; this can lighten the network load,
speed up retrieval, and provide access behind firewalls.
+Package: wget-udeb
+XC-Package-Type: udeb
+Architecture: any
+Section: debian-installer
+Priority: extra
+Depends: ${shlibs:Depends}
+Description: retrieves files from the web
+ This package provides wget.gnu binary as alternative to the limited
+ implementation in busybox (see for example ssl support).
diff -Nru wget-1.16.3/debian/rules wget-1.16.3/debian/rules
--- wget-1.16.3/debian/rules 2015-03-09 11:45:06.000000000 +0100
+++ wget-1.16.3/debian/rules 2015-10-21 14:48:00.000000000 +0200
@@ -17,11 +17,12 @@
include /usr/share/dpkg/buildflags.mk
CFLAGS += -DNO_SSLv2 -D_FILE_OFFSET_BITS=64 -g -Wall
-config.status:
+configure-stamp: configure-udeb-stamp
dh_testdir
cp /usr/share/misc/config.guess /usr/share/misc/config.sub .
# Add here commands to configure the package.
- CFLAGS="$(CFLAGS)" CPPFLAGS="$(CPPFLAGS)" LDFLAGS="$(LDFLAGS)" ./configure \
+ mkdir -p build
+ cd build && CFLAGS="$(CFLAGS)" CPPFLAGS="$(CPPFLAGS)" LDFLAGS="$(LDFLAGS)" ../configure \
--prefix=/usr \
--mandir=\$${prefix}/share/man \
--infodir=\$${prefix}/share/info \
@@ -32,27 +33,48 @@
touch configure-stamp
+configure-udeb-stamp:
+ dh_autotools-dev_updateconfig
+ mkdir -p build-udeb
+ cd build-udeb && CFLAGS="$(CFLAGS) -Os" CPPFLAGS="$(CPPFLAGS)" LDFLAGS="$(LDFLAGS)" ../configure \
+ --prefix=/usr \
+ --mandir=\$${prefix}/share/man \
+ --infodir=\$${prefix}/share/info \
+ --sysconfdir=/etc \
+ --enable-ipv6 \
+ --with-ssl=openssl \
+ --without-libpsl \
+ --disable-debug \
+ --disable-nls \
+ --disable-iri $(confflags)
+
+ touch configure-udeb-stamp
+
build: build-arch build-indep
-build-arch: build-stamp
+build-arch: build-stamp build-udeb-stamp
build-indep: build-stamp
-build-stamp: config.status
+build-stamp: configure-stamp
dh_testdir
# Add here commands to compile the package.
- $(MAKE)
+ cd build && $(MAKE)
#/usr/bin/docbook-to-man debian/wget.sgml > wget.1
cd po; make wget.pot
touch build-stamp
+build-udeb-stamp: configure-udeb-stamp
+ cd build-udeb && $(MAKE)
+ touch build-udeb-stamp
+
clean:
dh_testdir
dh_testroot
- rm -f build-stamp configure-stamp
+ rm -f build-stamp configure-stamp build-udeb-stamp configure-udeb-stamp
# Add here commands to clean up after the build process.
[ ! -f Makefile ] || $(MAKE) distclean
@@ -60,7 +82,7 @@
rm -f po/*.gmo po/wget.pot po/en@boldquot.po po/en@quot.po \
doc/wget.inf* doc/stamp-vti doc/version.texi \
doc/sample.wgetrc.munged_for_texi_inclusion
- rm -f config.guess config.sub
+ rm -rf config.sub config.guess build-udeb build
dh_prep
@@ -71,9 +93,12 @@
dh_installdirs
# Add here commands to install the package into debian/wget.
- $(MAKE) install DESTDIR=$(CURDIR)/debian/wget
+ cd build && $(MAKE) install DESTDIR=$(CURDIR)/debian/wget
rm -f $(CURDIR)/debian/wget/usr/share/info/dir
+ # udeb
+ mkdir -p debian/wget-udeb/usr/bin/
+ cp build-udeb/src/wget debian/wget-udeb/usr/bin/wget
# Build architecture-independent files here.
binary-indep: build install
Reply to: