diff options
Diffstat (limited to 'gnurl.html.j2')
-rw-r--r-- | gnurl.html.j2 | 188 |
1 files changed, 188 insertions, 0 deletions
diff --git a/gnurl.html.j2 b/gnurl.html.j2 new file mode 100644 index 00000000..ed73b57e --- /dev/null +++ b/gnurl.html.j2 | |||
@@ -0,0 +1,188 @@ | |||
1 | {% extends "common/base.j2" %} | ||
2 | {% block body_content %} | ||
3 | <div class="container-fluid"> | ||
4 | <div class="container text-center"> | ||
5 | <h1>{{ _("gnurl / libgnurl") }}</h1> | ||
6 | <p> | ||
7 | {% trans %} | ||
8 | libgnurl is a fork of libcurl, which is mostly for GNUnet but it might | ||
9 | be usable for others, hence we're releasing the code on this website | ||
10 | to the general public. Please read the README for instructions, as you | ||
11 | must supply the correct options to configure to get a proper build of | ||
12 | libgnurl. In addition to the source as a TAR, we also offer the | ||
13 | changes we made against libcurl's Git repository to create | ||
14 | libgnurl. In the following, I will explain the motiviations behind | ||
15 | this fork. | ||
16 | {% endtrans %} | ||
17 | </p> | ||
18 | <h3>{{_("Motivation") }}</h3> | ||
19 | <p> | ||
20 | {% trans %} | ||
21 | cURL supports a bunch of crypto backends. GNUnet requires the use of | ||
22 | GnuTLS, but other variants are used by some distributions. Supporting | ||
23 | other crypto backends would again expose us to a wider array of | ||
24 | security issues, may create licensing issues and most importantly | ||
25 | introduce new bugs as some crypto backends are known to introduce | ||
26 | subtle runtime issues. While it is possible to have two versions of | ||
27 | libcurl installed on the same system, this is error-prone, especially | ||
28 | as if we are linked against the wrong version, the bugs that arise | ||
29 | might be rather subtle. | ||
30 | {% endtrans %} | ||
31 | </p> | ||
32 | <p> | ||
33 | {% trans %} | ||
34 | For GNUnet, we also need a particularly modern version of | ||
35 | GnuTLS. Thus, it would anyway be necessary to recompile cURL for | ||
36 | GNUnet. But what happens if one links cURL against this version of | ||
37 | GnuTLS? Well, first one would install GnuTLS by hand in the | ||
38 | system. Then, we build cURL. cURL will build against it just fine, but | ||
39 | the linker will eventually complain bitterly. The reason is that cURL | ||
40 | also links against a bunch of other system libraries (gssapi, ldap, | ||
41 | ssh2, rtmp, krb5, sasl2, see discussion on obscure protocols above), | ||
42 | which --- as they are part of the distribution --- were linked against | ||
43 | an older version of GnuTLS. As a result, the same binary would be | ||
44 | linked against two different versions of GnuTLS. That is typically a | ||
45 | recipe for disaster. Thus, in order to avoid updating a dozen system | ||
46 | libraries (and having two versions of those installed), it is | ||
47 | necessary to disable all of those cURL features that GNUnet does not | ||
48 | use, and there are many of those. For GNUnet, the more obscure | ||
49 | protocols supported by cURL are close to dead code --- mostly | ||
50 | harmless, but not useful. However, as some application may use one of | ||
51 | those features, distributions are typically forced to enable all of | ||
52 | those features, and thus including security issues that might arise | ||
53 | from that code. | ||
54 | {% endtrans %} | ||
55 | </p> | ||
56 | <p> | ||
57 | {% trans %} | ||
58 | So to use a modern version of GnuTLS, a sane approach is to disable | ||
59 | all of the "optional" features of cURL that drag in system libraries | ||
60 | that link against the older GnuTLS. That works, except that one should | ||
61 | then NEVER install that version of libcurl in say /usr or /usr/local, | ||
62 | as that may break other parts of the system that might depend on these | ||
63 | features that we just disabled. Libtool versioning doesn't help here, | ||
64 | as it is not intended to deal with libraries that have optional | ||
65 | features. Naturally, installing cURL somewhere else is also | ||
66 | problematic, as we now need to be really careful that the linker will | ||
67 | link GNUnet against the right version. Note that none of this can | ||
68 | really be trivially fixed by the cURL developers. | ||
69 | {% endtrans %} | ||
70 | </p> | ||
71 | <h3>{{_("Rename to fix") }}</h3> | ||
72 | <p> | ||
73 | {% trans %} | ||
74 | At this point, developers that don't want to rebuild an entire | ||
75 | distribution from scratch get grumpy. Grumpy developers do silly | ||
76 | things, like forking code to fix it. I called the fork gnurl (to be | ||
77 | pronounced with a grumpy voice and an emphasis on the R) as it is bits | ||
78 | of cURL, a bit more GNUish, for GnuNet, and gnurl can be pronounced to | ||
79 | indicate the grumpy origins. | ||
80 | {% endtrans %} | ||
81 | </p> | ||
82 | <p> | ||
83 | {% trans %} | ||
84 | How does forking fix it? Easy. First, we can get rid of all of the | ||
85 | compatibility issues --- if you use libgnurl, you state that you don't | ||
86 | need anything but HTTP/HTTPS. Those applications that need more, | ||
87 | should stick with the original cURL. Those that do not, can choose to | ||
88 | move to something simpler. As the library gets a new name, we do not | ||
89 | have to worry about tons of packages breaking as soon as one rebuilds | ||
90 | it. So renaming itself and saying that "libgnurl = libcurl with only | ||
91 | HTTP/HTTPS support and GnuTLS" fixes 99% of the problems that darkened | ||
92 | my mood. Note that this pretty much CANNOT be done without a fork, as | ||
93 | renaming is an essential part of the fix. Now, there might be creative | ||
94 | solutions to achieve the same thing within the standard cURL build | ||
95 | system, but I'm not happy to wait for a decade for Daniel to review | ||
96 | the patches. The changes libgnurl makes to curl are miniscule and can | ||
97 | easily be applied again and again whenever libcurl makes a new | ||
98 | release. | ||
99 | {% endtrans %} | ||
100 | </p> | ||
101 | <h3>{{_("Summary") }}</h3> | ||
102 | <p> | ||
103 | {% trans %} | ||
104 | At this point, developers that don't want to rebuild an entire | ||
105 | distribution from scratch get grumpy. Grumpy developers do silly | ||
106 | things, like forking code to fix it. I called the fork gnurl (to be | ||
107 | pronounced with a grumpy voice and an emphasis on the R) as it is bits | ||
108 | of cURL, a bit more GNUish, for GnuNet, and gnurl can be pronounced to | ||
109 | indicate the grumpy origins. | ||
110 | {% endtrans %} | ||
111 | </p> | ||
112 | <h3>{{_("Using libgnurl") }}</h3> | ||
113 | <p> | ||
114 | {% trans %} | ||
115 | Projects that use cURL only for HTTP/HTTPS and that would work | ||
116 | with GnuTLS should be able to switch to libgnurl by changing | ||
117 | "-lcurl" to "-lgnurl". That's it. No changes to the source code | ||
118 | should be required. Continue to read the cURL documentation --- | ||
119 | as libgnurl strives for bug-for-bug compatibility with the | ||
120 | HTTP/HTTPS/GnuTLS subset of cURL. However, we're happy to add | ||
121 | new features relating to this core subset and might be easier to | ||
122 | convince than the cURL developers. | ||
123 | {% endtrans %} | ||
124 | </p> | ||
125 | <p> | ||
126 | {% trans %} | ||
127 | libgnurl and gnurl are not intended to be used as a replacement | ||
128 | for curl for users. Since no conflicts in filenames should occur | ||
129 | you are not expected to remove curl to make use of gnurl and | ||
130 | viceversa. | ||
131 | {% endtrans %} | ||
132 | </p> | ||
133 | </div> | ||
134 | </div> | ||
135 | |||
136 | <div class="container adorn_h3_bracket"> | ||
137 | <div class="row"> | ||
138 | <div class="col-lg-6"> | ||
139 | <h3>{{ _("Source Code") }}</h3> | ||
140 | <p> | ||
141 | {% trans %} | ||
142 | You can get the Gnurl Git repository using: | ||
143 | git clone https://git.taler.net/gnurl.git/ | ||
144 | The versions are checked in as signed git tags. | ||
145 | {% endtrans %} | ||
146 | </p> | ||
147 | </div> | ||
148 | <div class="col-lg-6"> | ||
149 | <h3>{{ _("Downloads") }}</h3> | ||
150 | <p> | ||
151 | {% trans %} | ||
152 | Releases are published on <a href="https://ftp.gnu.org/gnu/gnunet/">ftp.gnu.org/gnu/gnunet</a>. | ||
153 | gnURL is available from within a variety of distributions and package managers. | ||
154 | To some extent officially supported and maintained is gnURL within GNU Guix, the package manager (available as "gnurl"), | ||
155 | as well as the collaborative Gentoo ebuild collection (<a href="https://overlays.gentoo.org">overlay</a>) | ||
156 | <a href="https://gnunet.org/git/youbroketheinternet-overlay.git/">youbroketheinternet</a>. | ||
157 | {% endtrans %} | ||
158 | </p> | ||
159 | </div> | ||
160 | </div> | ||
161 | <div class="row"> | ||
162 | <div class="col-lg-6"> | ||
163 | <h3>{{ _("Reporting Bugs") }}</h3> | ||
164 | <p> | ||
165 | {% trans %} | ||
166 | You can report bugs on our bug tracker: | ||
167 | <a href="https://gnunet.org/bugs/">gnunet.org/bugs</a>. Alternatively | ||
168 | you can use our bug mailinglist, but we prefer to track bugs | ||
169 | on the bugtracker. | ||
170 | {% endtrans %} | ||
171 | </p> | ||
172 | </div> | ||
173 | <div class="col-lg-6"> | ||
174 | <h3>{{ _("Maintainer and Cryptographic signatures") }}</h3> | ||
175 | <p> | ||
176 | {% trans %} | ||
177 | libgnurl is maintained by Nils Gillmann. | ||
178 | Releases are signed | ||
179 | with the OpenPG Key <b>A88C8ADD129828D7EAC02E52E22F9BBFEE348588</b>, | ||
180 | with the key fingerprint <b>A88C 8ADD 1298 28D7 EAC0 2E52 E22F 9BBF EE34 8588</b>. | ||
181 | {% endtrans %} | ||
182 | </p> | ||
183 | </div> | ||
184 | </div> | ||
185 | </div> | ||
186 | |||
187 | </div> <!-- /container --> | ||
188 | {% endblock body_content %} | ||