[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [RFS] golang-mozilla-pkcs7


Hi,

On 11 July 2021 6:51:19 pm IST, Peymaneh Nejad <p.nejad@posteo.de> wrote:
>Hi Nilesh
>
>> Am 02.07.21 um 14:51 schrieb Nilesh Patra:
>>> On 02/07/21 12:04 PM, Peymaneh Nejad wrote:
>>>>
>>>> Another dependency for step-cli:
>>>>
>>>> https://salsa.debian.org/go-team/packages/golang-mozilla-pkcs7
>>>
>>> There's already github.com/fullsailor/pkcs7 of which the go.mozilla
>>> package is a fork.
>>> Is it impossible to replace the go.mozilla pkcs7 with the former in
>the
>>> package?
>>>
>>> If yes, that should be done. I do not see a lot of point (or any
>point) in 
>>> packaging
>>> forks unless very essential.
>>> As an example, it has been done here[1] so if you can do
>>> so, make some tweaks and check, that'd be good.
>>>
>>> If it does not work, maybe it'd be better to add missing
>>> functionalitites as a debian patch to  github.com/fullsailor/pkcs7
>>> provided it isn't too hard to maintain
>> 
>
>I looked into the diffs between the fullsailor/pkcs7 and the mozilla
>fork since 
>this is also a dependency of smallstep/certificates (another of caddys 
>dependencies).
>
>To sum up:
>4 of the 7 functions that are used have been modified directly or
>indirectly by 
>the fork. A complete overview of the changes is here[1]
>
>While some of the changes are rather easy to patch (like adding support
>for 
>another en-/decryption mode while staying backwards compatible) there
>are some 
>commits that change the functions themselves and I am not sure if I can
>grasp 
>the implications of the changes to the functionality of the package.
>
>Please have a look and let me know what you think

Looks like a rather huge delta, unfortunately. However, what I was asking for was not to see what's different between the fork and the original package.

What I wanted to ask and wanted you to test was:

1. Does smallstep/certificates (the package which you're targetting) work with fullsailor/pkcs7 instead of mozilla/pkcs7?

2. If it does not, will it be possible to apply some minimal patches to fullsailor/pkc7 to make it work?

If choice 1 works, change the import paths and done. If choice 2 works, simply patch the fullsailor/pkcs7 package a little and we are good to go.

If none of these work, I'd want to think of uploading the fork then.

>One consideration:
>If rather patching the discrepencies into one single debian package, I
>wonder if 
>it wouldn't be more sustainable to migrate other packages from the
>fullsailor 
>package to the mozilla fork: It looks more actively maintained and
>feature rich.
>It also seems easier to patch if nessessary: The fullsailor consists
>mainly of 
>one source file of 962 lineswhereas the mozilla fork splits the
>original code 
>into designated files like sign.go, encrypt.go etc each less than 500
>lines.

That also makes sense. We can add this one, and remove fullsailor/pkcs7 provided the maintainer agrees. But first I'd like if you could try the above suggestions to check.
Nilesh

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.
Reply to: