1 files changed, 312 insertions, 151 deletions
diff --git a/template/gnurl.html.j2 b/template/gnurl.html.j2
index 73d62c8b..a193ae4d 100644
--- a/template/gnurl.html.j2
+++ b/template/gnurl.html.j2
@@ -1,181 +1,342 @@
 {% extends "common/base.j2" %}
 {% block body_content %}
-<article class="container">
+  <article class="container">
-  <header>
+    <header>
-    <h1>gnurl (libgnurl)</h1>
+      <h1>gnurl (libgnurl)</h1>
-  </header>
+    </header>
-  <div class="container">
+    <div class="container">
-    <p>
+      <p>
-      {% trans %}
-      libgnurl is a micro fork of libcurl. The goal of libgnurl
-      is to support only HTTP and HTTPS (and only HTTP 1.x) with
-      a single crypto backend (GnuTLS) to ensure a small footprint
-      and uniform experience for developers regardless of how
-      libcurl was compiled.<br>
-      Our main usecase is for GNUnet, but it might be usable for
-      others, hence we're releasing the code
-      to the general public.<br>
-      libgnurl is released under the same
-      license as libcurl. Please read the README for instructions, as you
-      must supply the correct options to configure to get a proper build of
-      libgnurl.
-      {% endtrans %}
-    </p>
-    <h3>{{_("Motivation") }}</h3>
-    <p>
-      {% trans %}
-      cURL supports many crypto backends. GNUnet requires the use of
-      GnuTLS, but other variants are used by some distributions. Supporting
-      other crypto backends would again expose us to a wider array of
-      security issues, may create licensing issues and most importantly
-      introduce new bugs as some crypto backends are known to introduce
-      subtle runtime issues. While it is possible to have two versions of
-      libcurl installed on the same system, this is error-prone, especially
-      as if we are linked against the wrong version, the bugs that arise
-      might be rather subtle.
-      {% endtrans %}
-    </p>
-    <p>
        {% trans %}
-        For GNUnet, we also need a particularly modern version of
+          libgnurl is a micro fork of libcurl. The goal of libgnurl
-        GnuTLS. Thus, it would anyway be necessary to recompile cURL for
+          is to support only HTTP and HTTPS (and only HTTP 1.x) with
-        GNUnet. But what happens if one links cURL against this version of
+          a single crypto backend (GnuTLS) to ensure a small footprint
-        GnuTLS? Well, first one would install GnuTLS by hand in the
+          and uniform experience for developers regardless of how
-        system. Then, we build cURL. cURL will build against it just fine, but
+          libcurl was compiled.<br>
-        the linker will eventually complain bitterly. The reason is that cURL
+          Our main usecase is for GNUnet, but it might be usable for
-        also links against a bunch of other system libraries (gssapi, ldap,
+          others, hence we're releasing the code
-        ssh2, rtmp, krb5, sasl2, see discussion on obscure protocols above),
+          to the general public.<br>
-        which --- as they are part of the distribution --- were linked against
+          libgnurl is released under the same
-        an older version of GnuTLS. As a result, the same binary would be
+          license as libcurl. Please read the README for instructions, as you
-        linked against two different versions of GnuTLS. That is typically a
+          must supply the correct options to configure to get a proper build of
-        recipe for disaster. Thus, in order to avoid updating a dozen system
+          libgnurl.
-        libraries (and having two versions of those installed), it is
-        necessary to disable all of those cURL features that GNUnet does not
-        use, and there are many of those. For GNUnet, the more obscure
-        protocols supported by cURL are close to dead code --- mostly
-        harmless, but not useful. However, as some application may use one of
-        those features, distributions are typically forced to enable all of
-        those features, and thus including security issues that might arise
-        from that code.
        {% endtrans %}
      </p>
+      <h3>{{_("Motivation") }}</h3>
      <p>
        {% trans %}
-        So to use a modern version of GnuTLS, a sane approach is to disable
+          cURL supports many crypto backends. GNUnet requires the use of
-        all of the "optional" features of cURL that drag in system libraries
+          GnuTLS, but other variants are used by some distributions. Supporting
-        that link against the older GnuTLS. That works, except that one should
+          other crypto backends would again expose us to a wider array of
-        then NEVER install that version of libcurl in say /usr or /usr/local,
+          security issues, may create licensing issues and most importantly
-        as that may break other parts of the system that might depend on these
+          introduce new bugs as some crypto backends are known to introduce
-        features that we just disabled. Libtool versioning doesn't help here,
+          subtle runtime issues. While it is possible to have two versions of
-        as it is not intended to deal with libraries that have optional
+          libcurl installed on the same system, this is error-prone, especially
-        features. Naturally, installing cURL somewhere else is also
+          as if we are linked against the wrong version, the bugs that arise
-        problematic, as we now need to be really careful that the linker will
+          might be rather subtle.
-        link GNUnet against the right version. Note that none of this can
-        really be trivially fixed by the cURL developers.
        {% endtrans %}
      </p>
-      <h3>{{_("Rename to fix") }}</h3>
-    <p>
-    {% trans %}
-    How does forking fix it? Easy. First, we can get rid of all of the
-    compatibility issues --- if you use libgnurl, you state that you don't
-    need anything but HTTP/HTTPS. Those applications that need more,
-    should stick with the original cURL. Those that do not, can choose to
-    move to something simpler. As the library gets a new name, we do not
-    have to worry about tons of packages breaking as soon as one rebuilds
-    it. So renaming itself and saying that "libgnurl = libcurl with only
-    HTTP/HTTPS support and GnuTLS" fixes 99%% of the problems that darkened
-    my mood. Note that this pretty much CANNOT be done without a fork, as
-    renaming is an essential part of the fix. Now, there might be creative
-    solutions to achieve the same thing within the standard cURL build
-    system, but I'm not happy to wait for a decade for Daniel to review
-    the patches. The changes libgnurl makes to curl are miniscule and can
-    easily be applied again and again whenever libcurl makes a new
-    release.
-      {% endtrans %}
-    </p>
-    <h3>{{_("Using libgnurl") }}</h3>
-    <p>
-      {% trans %}
-      Projects that use cURL only for HTTP/HTTPS and that would work
-      with GnuTLS should be able to switch to libgnurl by changing
-      "-lcurl" to "-lgnurl". That's it. No changes to the source code
-      should be required,
-      as libgnurl strives for bug-for-bug compatibility with the
-      HTTP/HTTPS/GnuTLS subset of cURL.
-      We might add new features relating to this core subset if they
-      are proposed, but so far we have kept our changes minimal and
-      no additions to the original curl source have been written.
-      {% endtrans %}
-    </p>
-    <h4>{{_("Gotchas") }}</h4>
-    <p>
-      {% trans %}
-      libgnurl and gnurl are not intended to be used as a replacement
-      for curl for users. Since no conflicts in filenames should occur
-      you are not expected to remove curl to make use of gnurl and
-      viceversa.
-      {% endtrans %}
-    </p>
-  </div>
-  <div class="row container">
-    <div class="col-md">
-      <h3>{{ _("Source Code") }}</h3>
      <p>
        {% trans %}
-        You can get the Gnurl Git repository using:
+          For GNUnet, we also need a particularly modern version of
-        <!--
+          GnuTLS. Thus, it would anyway be necessary to recompile cURL for
-        https://bugs.gnunet.org/view.php?id=5483 !
+          GNUnet. But what happens if one links cURL against this version of
-        <code>git clone https://git.taler.net/gnurl.git</code>
+          GnuTLS? Well, first one would install GnuTLS by hand in the
-        -->
+          system. Then, we build cURL. cURL will build against it just fine, but
-        <code>git clone git://git.taler.net/gnurl.git</code>
+          the linker will eventually complain bitterly. The reason is that cURL
-        The versions are checked in as signed git tags.
+          also links against a bunch of other system libraries (gssapi, ldap,
+          ssh2, rtmp, krb5, sasl2, see discussion on obscure protocols above),
+          which --- as they are part of the distribution --- were linked against
+          an older version of GnuTLS. As a result, the same binary would be
+          linked against two different versions of GnuTLS. That is typically a
+          recipe for disaster. Thus, in order to avoid updating a dozen system
+          libraries (and having two versions of those installed), it is
+          necessary to disable all of those cURL features that GNUnet does not
+          use, and there are many of those. For GNUnet, the more obscure
+          protocols supported by cURL are close to dead code --- mostly
+          harmless, but not useful. However, as some application may use one of
+          those features, distributions are typically forced to enable all of
+          those features, and thus including security issues that might arise
+          from that code.
        {% endtrans %}
      </p>
-    </div>
-    <div class="col-md">
-      <h3>{{ _("Downloads") }}</h3>
      <p>
        {% trans %}
-        Releases are published on <a href="https://ftp.gnu.org/gnu/gnunet/">ftp.gnu.org/gnu/gnunet</a>.
+          So to use a modern version of GnuTLS, a sane approach is to disable
-        gnURL is available from within a variety of distributions and package managers.
+          all of the "optional" features of cURL that drag in system libraries
-        Package Managers which include gnurl are:
+          that link against the older GnuTLS. That works, except that one should
-        <a href="https://www.gnu.org/software/guix/">GNU Guix</a> (available as "gnurl"),
+          then NEVER install that version of libcurl in say /usr or /usr/local,
-        <a href="https://gentoo.org">Gentoo</a> through the collaborative ebuild collection
+          as that may break other parts of the system that might depend on these
-        <a href="https://git.gnunet.org/youbroketheinternet-overlay.git/">youbroketheinternet</a>,
+          features that we just disabled. Libtool versioning doesn't help here,
-        <a href="https://nixos.org/nix/">Nix</a>, and <a href="http://pkgsrc.org">pkgsrc</a>.
+          as it is not intended to deal with libraries that have optional
+          features. Naturally, installing cURL somewhere else is also
+          problematic, as we now need to be really careful that the linker will
+          link GNUnet against the right version. Note that none of this can
+          really be trivially fixed by the cURL developers.
        {% endtrans %}
      </p>
-    </div>
+      <h3>{{_("Rename to fix") }}</h3>
-  </div>
-  <div class="row container">
-    <div class="col-md">
-      <h3>{{ _("Reporting Bugs") }}</h3>
      <p>
        {% trans %}
-        You can report bugs on our bug tracker:
+          How does forking fix it? Easy. First, we can get rid of all of the
-        <a href="https://bugs.gnunet.org/">bugs.gnunet.org</a>. Alternatively
+          compatibility issues --- if you use libgnurl, you state that you don't
-        you can use our bug mailinglist, but we prefer to track bugs
+          need anything but HTTP/HTTPS. Those applications that need more,
-        on the bugtracker.
+          should stick with the original cURL. Those that do not, can choose to
+          move to something simpler. As the library gets a new name, we do not
+          have to worry about tons of packages breaking as soon as one rebuilds
+          it. So renaming itself and saying that "libgnurl = libcurl with only
+          HTTP/HTTPS support and GnuTLS" fixes 99%% of the problems that darkened
+          my mood. Note that this pretty much CANNOT be done without a fork, as
+          renaming is an essential part of the fix. Now, there might be creative
+          solutions to achieve the same thing within the standard cURL build
+          system, but I'm not happy to wait for a decade for Daniel to review
+          the patches. The changes libgnurl makes to curl are miniscule and can
+          easily be applied again and again whenever libcurl makes a new
+          release.
        {% endtrans %}
      </p>
-    </div>
+      <h3>{{_("Using libgnurl") }}</h3>
-    <div class="col-md">
+      <p>
-      <h3>{{ _("Maintainer and Cryptographic signatures") }}</h3>
+        {% trans %}
+          Projects that use cURL only for HTTP/HTTPS and that would work
+          with GnuTLS should be able to switch to libgnurl by changing
+          "-lcurl" to "-lgnurl". That's it. No changes to the source code
+          should be required,
+          as libgnurl strives for bug-for-bug compatibility with the
+          HTTP/HTTPS/GnuTLS subset of cURL.
+          We might add new features relating to this core subset if they
+          are proposed, but so far we have kept our changes minimal and
+          no additions to the original curl source have been written.
+        {% endtrans %}
+      </p>
+      <h4>{{_("Gotchas") }}</h4>
      <p>
        {% trans %}
-        gnurl/libgnurl is maintained by ng0.
+          libgnurl and gnurl are not intended to be used as a replacement
-        Releases are signed
+          for curl for users. Since no conflicts in filenames should occur
-        with the OpenPGP Key <b>A88C8ADD129828D7EAC02E52E22F9BBFEE348588</b>,
+          you are not expected to remove curl to make use of gnurl and
-        with the key fingerprint <b>A88C 8ADD 1298 28D7 EAC0  2E52 E22F 9BBF EE34 8588</b>.
+          viceversa.
        {% endtrans %}
      </p>
    </div>
-  </div>
-</article> <!-- /container -->
+    <div class="row container">
+      <div class="col-md">
+        <h3>{{ _("Source Code") }}</h3>
+        <p>
+          {% trans %}
+            You can get the gnurl git repository using:
+          {% endtrans %}
+        </p>
+        <ul>
+          <li>
+            <code>git clone https://git.taler.net/gnurl.git</code>
+          </li>
+          <li>
+            <code>git clone git://git.taler.net/gnurl.git</code>
+          </li>
+        </ul>
+        <p>
+          {% trans %}
+            The versions are checked in as (signed) git tags.
+          {% endtrans %}
+        </p>
+      </div>
+      <div class="col-md">
+        <h3>{{ _("Downloads") }}</h3>
+        <p>
+          {% trans %}
+            Releases are published on <a href="https://ftpmirror.gnu.org/gnu/gnunet/">ftpmirror.gnu.org/gnu/gnunet</a>.
+            gnurl is available from within a variety of distributions and package managers.
+            Package Managers which include gnurl are:
+            <a href="https://www.gnu.org/software/guix/">GNU Guix</a> (available as "gnurl"),
+            <a href="https://gentoo.org">Gentoo</a> through the collaborative ebuild collection
+            <a href="https://git.gnunet.org/youbroketheinternet-overlay.git/">youbroketheinternet</a>,
+            <a href="https://nixos.org/nix/">Nix</a>, and as www/gnurl in
+            <a href="https://pkgsrc.org">pkgsrc</a>.
+          {% endtrans %}
+        </p>
+      </div>
+    </div>
+    <div class="row container">
+      <div class="col-md">
+        <h3>{{ _("Building gnurl") }}</h3>
+        <p>
+          {% trans %}
+            We suggest to closely follow release announcements, as they
+            might indicate changes in how gnurl is to be build.
+            <br>
+            If your package manager provides a binary build or build
+            instructions to build gnurl from source automated and
+            integrated with your environment, we strongly suggest to use
+            this binary build.
+            <br>
+            There are two ways to build gnurl. The first one builds from
+            the most recent git tag, the second one uses the distributed
+            tarball. Distributors generally are supposed to build from
+            the tarball, but we describe both methods here. Both methods
+            are written with a NetBSD 9 userland in mind, substitute tools
+            as necessary.
+            <br>
+            You should <b>avoid</b> building gnurl from the tip of the
+            default git branch, as only tags are considered to be stable
+            and approved builds.
+          {% endtrans %}
+        </p>
+        <h4>{{ _("Building from the distributed tarball (prefered method)") }}</h4>
+        <p>
+          {% trans %}
+            If you want to verify the signature, install an OpenPGP compatible tool such
+            as security/gnupgp2 (and set it up). Assuming you use pkgin:
+          {% endtrans %}
+        </p>
+        <ul>
+          <li>
+            pkgin update
+          </li>
+          <li>
+            pkgin install gnupg2
+          </li>
+        </ul>
+        <p>
+          {% trans %}
+            Fetch the signature key from
+          {% endtrans %}
+          <a href="https://keys.openpgp.org/search?q=ng0%40n0.is">keys.openpgp.org</a>
+          {% trans %}
+            or via commandline with gnupg2.
+          {% endtrans %}
+        </p>
+        <p>
+          {% trans %}
+            Fetch the release, the signature, the checksum file as well as its signature:
+          {% endtrans %}
+        </p>
+        <ul>
+          <li>
+            ftp https://ftpmirror.gnu.org/gnu/gnunet/gnurl-7.65.3.tar.Z
+          </li>
+          <li>
+            ftp https://ftpmirror.gnu.org/gnu/gnunet/gnurl-7.65.3.tar.Z.sig
+          </li>
+          <li>
+            ftp https://ftpmirror.gnu.org/gnu.org/gnunet/gnurl-7.65.3.sum.txt
+          </li>
+          <li>
+            ftp https://ftpmirror.gnu.org/gnu.org/gnunet/gnurl-7.65.3.sum.txt.sig
+          </li>
+        </ul>
+        <p>
+          {% trans %}
+            verify the signatures, and verify the checksums against the
+            checksums in the .sum.txt file.
+          {% endtrans %}
+        </p>
+        <p>
+          {% trans %}
+            unpack the tarball:
+          {% endtrans %}
+        </p>
+        <ul>
+          <li>
+            tar -zxf gnurl-7.65.3.tar.Z
+          </li>
+        </ul>
+        <p>
+          {% trans %}
+            Change into the directory
+          {% endtrans %}
+        </p>
+        <ul>
+          <li>
+            cd gnurl-7.65.3
+          </li>
+        </ul>
+        <p>
+          {% trans %}
+            Now you can either run
+          {% endtrans %}
+        </p>
+        <ul>
+          <li>
+            ./configure
+          </li>
+        </ul>
+        <p>
+          {% trans %}
+            directly (and read configure-gnurl before you do so) or invoke
+          {% endtrans %}
+        </p>
+        <ul>
+          <li>
+            ./configure-gnurl
+          </li>
+        </ul>
+        <p>
+          {% trans %}
+            and pass additional parameters such as a custom PREFIX location.
+            Further reference can be the
+          {% endtrans %}
+          <a href="http://pkgsrc.se/www/gnurl">www/gnurl</a> Makefile.
+          {% trans %}
+            Now run
+          {% endtrans %}
+        </p>
+        <ul>
+          <li>
+            make
+          </li>
+          <li>
+            make check
+            {% trans %}
+              (this is optional)
+            {% endtrans %}
+          </li>
+          <li>
+            make install
+          </li>
+        </ul>
+        <p>
+          {% trans %}
+            and you are done.
+          {% endtrans %}
+        </p>
+        <h4>{{ _("Building from a tagged git commit") }}</h4>
+        <p>
+          {% trans %}
+            Follow the steps above, but instead of downloading the tarball,
+            clone the git tag you want to build from.
+          {% endtrans %}
+        </p>
+      </div>
+    </div>
+    <div class="row container">
+      <div class="col-md">
+        <h3>{{ _("Reporting Bugs") }}</h3>
+        <p>
+          {% trans %}
+            You can report bugs on our bug tracker:
+            <a href="https://bugs.gnunet.org/">bugs.gnunet.org</a>. Alternatively
+            you can use our bug mailinglist, but we prefer to track bugs
+            on the bugtracker.
+          {% endtrans %}
+        </p>
+      </div>
+      <div class="col-md">
+        <h3>{{ _("Maintainer and Cryptographic signatures") }}</h3>
+        <p>
+          {% trans %}
+            gnurl/libgnurl is maintained by ng0.
+            Releases are signed
+            with the OpenPGP Key <b>A88C8ADD129828D7EAC02E52E22F9BBFEE348588</b>,
+            with the key fingerprint <b>A88C 8ADD 1298 28D7 EAC0  2E52 E22F 9BBF EE34 8588</b>.
+          {% endtrans %}
+        </p>
+      </div>
+    </div>
+  </article> <!-- /container -->
 {% endblock body_content %}

diff --git a/template/gnurl.html.j2 b/template/gnurl.html.j2 index 73d62c8b..a193ae4d 100644 --- a/template/gnurl.html.j2 +++ b/template/gnurl.html.j2
@@ -1,181 +1,342 @@
1	{% extends "common/base.j2" %}	1	{% extends "common/base.j2" %}
2	{% block body_content %}	2	{% block body_content %}
3	<article class="container">	3	<article class="container">
4		4
5	<header>	5	<header>
6	<h1>gnurl (libgnurl)</h1>	6	<h1>gnurl (libgnurl)</h1>
7	</header>	7	</header>
8		8
9	<div class="container">	9	<div class="container">
10	<p>	10	<p>
11	{% trans %}
12	libgnurl is a micro fork of libcurl. The goal of libgnurl
13	is to support only HTTP and HTTPS (and only HTTP 1.x) with
14	a single crypto backend (GnuTLS) to ensure a small footprint
15	and uniform experience for developers regardless of how
16	libcurl was compiled.<br>
17	Our main usecase is for GNUnet, but it might be usable for
18	others, hence we're releasing the code
19	to the general public.<br>
20	libgnurl is released under the same
21	license as libcurl. Please read the README for instructions, as you
22	must supply the correct options to configure to get a proper build of
23	libgnurl.
24	{% endtrans %}
25	</p>
26	<h3>{{_("Motivation") }}</h3>
27	<p>
28	{% trans %}
29	cURL supports many crypto backends. GNUnet requires the use of
30	GnuTLS, but other variants are used by some distributions. Supporting
31	other crypto backends would again expose us to a wider array of
32	security issues, may create licensing issues and most importantly
33	introduce new bugs as some crypto backends are known to introduce
34	subtle runtime issues. While it is possible to have two versions of
35	libcurl installed on the same system, this is error-prone, especially
36	as if we are linked against the wrong version, the bugs that arise
37	might be rather subtle.
38	{% endtrans %}
39	</p>
40	<p>
41	{% trans %}	11	{% trans %}
42	For GNUnet, we also need a particularly modern version of	12	libgnurl is a micro fork of libcurl. The goal of libgnurl
43	GnuTLS. Thus, it would anyway be necessary to recompile cURL for	13	is to support only HTTP and HTTPS (and only HTTP 1.x) with
44	GNUnet. But what happens if one links cURL against this version of	14	a single crypto backend (GnuTLS) to ensure a small footprint
45	GnuTLS? Well, first one would install GnuTLS by hand in the	15	and uniform experience for developers regardless of how
46	system. Then, we build cURL. cURL will build against it just fine, but	16	libcurl was compiled.<br>
47	the linker will eventually complain bitterly. The reason is that cURL	17	Our main usecase is for GNUnet, but it might be usable for
48	also links against a bunch of other system libraries (gssapi, ldap,	18	others, hence we're releasing the code
49	ssh2, rtmp, krb5, sasl2, see discussion on obscure protocols above),	19	to the general public.<br>
50	which --- as they are part of the distribution --- were linked against	20	libgnurl is released under the same
51	an older version of GnuTLS. As a result, the same binary would be	21	license as libcurl. Please read the README for instructions, as you
52	linked against two different versions of GnuTLS. That is typically a	22	must supply the correct options to configure to get a proper build of
53	recipe for disaster. Thus, in order to avoid updating a dozen system	23	libgnurl.
54	libraries (and having two versions of those installed), it is
55	necessary to disable all of those cURL features that GNUnet does not
56	use, and there are many of those. For GNUnet, the more obscure
57	protocols supported by cURL are close to dead code --- mostly
58	harmless, but not useful. However, as some application may use one of
59	those features, distributions are typically forced to enable all of
60	those features, and thus including security issues that might arise
61	from that code.
62	{% endtrans %}	24	{% endtrans %}
63	</p>	25	</p>
		26	<h3>{{_("Motivation") }}</h3>
64	<p>	27	<p>
65	{% trans %}	28	{% trans %}
66	So to use a modern version of GnuTLS, a sane approach is to disable	29	cURL supports many crypto backends. GNUnet requires the use of
67	all of the "optional" features of cURL that drag in system libraries	30	GnuTLS, but other variants are used by some distributions. Supporting
68	that link against the older GnuTLS. That works, except that one should	31	other crypto backends would again expose us to a wider array of
69	then NEVER install that version of libcurl in say /usr or /usr/local,	32	security issues, may create licensing issues and most importantly
70	as that may break other parts of the system that might depend on these	33	introduce new bugs as some crypto backends are known to introduce
71	features that we just disabled. Libtool versioning doesn't help here,	34	subtle runtime issues. While it is possible to have two versions of
72	as it is not intended to deal with libraries that have optional	35	libcurl installed on the same system, this is error-prone, especially
73	features. Naturally, installing cURL somewhere else is also	36	as if we are linked against the wrong version, the bugs that arise
74	problematic, as we now need to be really careful that the linker will	37	might be rather subtle.
75	link GNUnet against the right version. Note that none of this can
76	really be trivially fixed by the cURL developers.
77	{% endtrans %}	38	{% endtrans %}
78	</p>	39	</p>
79	<h3>{{_("Rename to fix") }}</h3>
80	<p>
81	{% trans %}
82	How does forking fix it? Easy. First, we can get rid of all of the
83	compatibility issues --- if you use libgnurl, you state that you don't
84	need anything but HTTP/HTTPS. Those applications that need more,
85	should stick with the original cURL. Those that do not, can choose to
86	move to something simpler. As the library gets a new name, we do not
87	have to worry about tons of packages breaking as soon as one rebuilds
88	it. So renaming itself and saying that "libgnurl = libcurl with only
89	HTTP/HTTPS support and GnuTLS" fixes 99%% of the problems that darkened
90	my mood. Note that this pretty much CANNOT be done without a fork, as
91	renaming is an essential part of the fix. Now, there might be creative
92	solutions to achieve the same thing within the standard cURL build
93	system, but I'm not happy to wait for a decade for Daniel to review
94	the patches. The changes libgnurl makes to curl are miniscule and can
95	easily be applied again and again whenever libcurl makes a new
96	release.
97	{% endtrans %}
98	</p>
99	<h3>{{_("Using libgnurl") }}</h3>
100	<p>
101	{% trans %}
102	Projects that use cURL only for HTTP/HTTPS and that would work
103	with GnuTLS should be able to switch to libgnurl by changing
104	"-lcurl" to "-lgnurl". That's it. No changes to the source code
105	should be required,
106	as libgnurl strives for bug-for-bug compatibility with the
107	HTTP/HTTPS/GnuTLS subset of cURL.
108	We might add new features relating to this core subset if they
109	are proposed, but so far we have kept our changes minimal and
110	no additions to the original curl source have been written.
111	{% endtrans %}
112	</p>
113	<h4>{{_("Gotchas") }}</h4>
114	<p>
115	{% trans %}
116	libgnurl and gnurl are not intended to be used as a replacement
117	for curl for users. Since no conflicts in filenames should occur
118	you are not expected to remove curl to make use of gnurl and
119	viceversa.
120	{% endtrans %}
121	</p>
122	</div>
123
124	<div class="row container">
125	<div class="col-md">
126	<h3>{{ _("Source Code") }}</h3>
127	<p>	40	<p>
128	{% trans %}	41	{% trans %}
129	You can get the Gnurl Git repository using:	42	For GNUnet, we also need a particularly modern version of
130	<!--	43	GnuTLS. Thus, it would anyway be necessary to recompile cURL for
131	https://bugs.gnunet.org/view.php?id=5483 !	44	GNUnet. But what happens if one links cURL against this version of
132	<code>git clone https://git.taler.net/gnurl.git</code>	45	GnuTLS? Well, first one would install GnuTLS by hand in the
133	-->	46	system. Then, we build cURL. cURL will build against it just fine, but
134	<code>git clone git://git.taler.net/gnurl.git</code>	47	the linker will eventually complain bitterly. The reason is that cURL
135	The versions are checked in as signed git tags.	48	also links against a bunch of other system libraries (gssapi, ldap,
		49	ssh2, rtmp, krb5, sasl2, see discussion on obscure protocols above),
		50	which --- as they are part of the distribution --- were linked against
		51	an older version of GnuTLS. As a result, the same binary would be
		52	linked against two different versions of GnuTLS. That is typically a
		53	recipe for disaster. Thus, in order to avoid updating a dozen system
		54	libraries (and having two versions of those installed), it is
		55	necessary to disable all of those cURL features that GNUnet does not
		56	use, and there are many of those. For GNUnet, the more obscure
		57	protocols supported by cURL are close to dead code --- mostly
		58	harmless, but not useful. However, as some application may use one of
		59	those features, distributions are typically forced to enable all of
		60	those features, and thus including security issues that might arise
		61	from that code.
136	{% endtrans %}	62	{% endtrans %}
137	</p>	63	</p>
138	</div>
139	<div class="col-md">
140	<h3>{{ _("Downloads") }}</h3>
141	<p>	64	<p>
142	{% trans %}	65	{% trans %}
143	Releases are published on <a href="https://ftp.gnu.org/gnu/gnunet/">ftp.gnu.org/gnu/gnunet</a>.	66	So to use a modern version of GnuTLS, a sane approach is to disable
144	gnURL is available from within a variety of distributions and package managers.	67	all of the "optional" features of cURL that drag in system libraries
145	Package Managers which include gnurl are:	68	that link against the older GnuTLS. That works, except that one should
146	<a href="https://www.gnu.org/software/guix/">GNU Guix</a> (available as "gnurl"),	69	then NEVER install that version of libcurl in say /usr or /usr/local,
147	<a href="https://gentoo.org">Gentoo</a> through the collaborative ebuild collection	70	as that may break other parts of the system that might depend on these
148	<a href="https://git.gnunet.org/youbroketheinternet-overlay.git/">youbroketheinternet</a>,	71	features that we just disabled. Libtool versioning doesn't help here,
149	<a href="https://nixos.org/nix/">Nix</a>, and <a href="http://pkgsrc.org">pkgsrc</a>.	72	as it is not intended to deal with libraries that have optional
		73	features. Naturally, installing cURL somewhere else is also
		74	problematic, as we now need to be really careful that the linker will
		75	link GNUnet against the right version. Note that none of this can
		76	really be trivially fixed by the cURL developers.
150	{% endtrans %}	77	{% endtrans %}
151	</p>	78	</p>
152	</div>	79	<h3>{{_("Rename to fix") }}</h3>
153	</div>
154
155	<div class="row container">
156	<div class="col-md">
157	<h3>{{ _("Reporting Bugs") }}</h3>
158	<p>	80	<p>
159	{% trans %}	81	{% trans %}
160	You can report bugs on our bug tracker:	82	How does forking fix it? Easy. First, we can get rid of all of the
161	<a href="https://bugs.gnunet.org/">bugs.gnunet.org</a>. Alternatively	83	compatibility issues --- if you use libgnurl, you state that you don't
162	you can use our bug mailinglist, but we prefer to track bugs	84	need anything but HTTP/HTTPS. Those applications that need more,
163	on the bugtracker.	85	should stick with the original cURL. Those that do not, can choose to
		86	move to something simpler. As the library gets a new name, we do not
		87	have to worry about tons of packages breaking as soon as one rebuilds
		88	it. So renaming itself and saying that "libgnurl = libcurl with only
		89	HTTP/HTTPS support and GnuTLS" fixes 99%% of the problems that darkened
		90	my mood. Note that this pretty much CANNOT be done without a fork, as
		91	renaming is an essential part of the fix. Now, there might be creative
		92	solutions to achieve the same thing within the standard cURL build
		93	system, but I'm not happy to wait for a decade for Daniel to review
		94	the patches. The changes libgnurl makes to curl are miniscule and can
		95	easily be applied again and again whenever libcurl makes a new
		96	release.
164	{% endtrans %}	97	{% endtrans %}
165	</p>	98	</p>
166	</div>	99	<h3>{{_("Using libgnurl") }}</h3>
167	<div class="col-md">	100	<p>
168	<h3>{{ _("Maintainer and Cryptographic signatures") }}</h3>	101	{% trans %}
		102	Projects that use cURL only for HTTP/HTTPS and that would work
		103	with GnuTLS should be able to switch to libgnurl by changing
		104	"-lcurl" to "-lgnurl". That's it. No changes to the source code
		105	should be required,
		106	as libgnurl strives for bug-for-bug compatibility with the
		107	HTTP/HTTPS/GnuTLS subset of cURL.
		108	We might add new features relating to this core subset if they
		109	are proposed, but so far we have kept our changes minimal and
		110	no additions to the original curl source have been written.
		111	{% endtrans %}
		112	</p>
		113	<h4>{{_("Gotchas") }}</h4>
169	<p>	114	<p>
170	{% trans %}	115	{% trans %}
171	gnurl/libgnurl is maintained by ng0.	116	libgnurl and gnurl are not intended to be used as a replacement
172	Releases are signed	117	for curl for users. Since no conflicts in filenames should occur
173	with the OpenPGP Key <b>A88C8ADD129828D7EAC02E52E22F9BBFEE348588</b>,	118	you are not expected to remove curl to make use of gnurl and
174	with the key fingerprint <b>A88C 8ADD 1298 28D7 EAC0 2E52 E22F 9BBF EE34 8588</b>.	119	viceversa.
175	{% endtrans %}	120	{% endtrans %}
176	</p>	121	</p>
177	</div>	122	</div>
178	</div>
179		123
180	</article> <!-- /container -->	124	<div class="row container">
		125	<div class="col-md">
		126	<h3>{{ _("Source Code") }}</h3>
		127	<p>
		128	{% trans %}
		129	You can get the gnurl git repository using:
		130	{% endtrans %}
		131	</p>
		132	<ul>
		133	<li>
		134	<code>git clone https://git.taler.net/gnurl.git</code>
		135	</li>
		136	<li>
		137	<code>git clone git://git.taler.net/gnurl.git</code>
		138	</li>
		139	</ul>
		140	<p>
		141	{% trans %}
		142	The versions are checked in as (signed) git tags.
		143	{% endtrans %}
		144	</p>
		145	</div>
		146	<div class="col-md">
		147	<h3>{{ _("Downloads") }}</h3>
		148	<p>
		149	{% trans %}
		150	Releases are published on <a href="https://ftpmirror.gnu.org/gnu/gnunet/">ftpmirror.gnu.org/gnu/gnunet</a>.
		151	gnurl is available from within a variety of distributions and package managers.
		152	Package Managers which include gnurl are:
		153	<a href="https://www.gnu.org/software/guix/">GNU Guix</a> (available as "gnurl"),
		154	<a href="https://gentoo.org">Gentoo</a> through the collaborative ebuild collection
		155	<a href="https://git.gnunet.org/youbroketheinternet-overlay.git/">youbroketheinternet</a>,
		156	<a href="https://nixos.org/nix/">Nix</a>, and as www/gnurl in
		157	<a href="https://pkgsrc.org">pkgsrc</a>.
		158	{% endtrans %}
		159	</p>
		160	</div>
		161	</div>
		162
		163	<div class="row container">
		164	<div class="col-md">
		165	<h3>{{ _("Building gnurl") }}</h3>
		166	<p>
		167	{% trans %}
		168	We suggest to closely follow release announcements, as they
		169	might indicate changes in how gnurl is to be build.
		170	<br>
		171	If your package manager provides a binary build or build
		172	instructions to build gnurl from source automated and
		173	integrated with your environment, we strongly suggest to use
		174	this binary build.
		175	<br>
		176	There are two ways to build gnurl. The first one builds from
		177	the most recent git tag, the second one uses the distributed
		178	tarball. Distributors generally are supposed to build from
		179	the tarball, but we describe both methods here. Both methods
		180	are written with a NetBSD 9 userland in mind, substitute tools
		181	as necessary.
		182	<br>
		183	You should <b>avoid</b> building gnurl from the tip of the
		184	default git branch, as only tags are considered to be stable
		185	and approved builds.
		186	{% endtrans %}
		187	</p>
		188	<h4>{{ _("Building from the distributed tarball (prefered method)") }}</h4>
		189	<p>
		190	{% trans %}
		191	If you want to verify the signature, install an OpenPGP compatible tool such
		192	as security/gnupgp2 (and set it up). Assuming you use pkgin:
		193	{% endtrans %}
		194	</p>
		195	<ul>
		196	<li>
		197	pkgin update
		198	</li>
		199	<li>
		200	pkgin install gnupg2
		201	</li>
		202	</ul>
		203	<p>
		204	{% trans %}
		205	Fetch the signature key from
		206	{% endtrans %}
		207	<a href="https://keys.openpgp.org/search?q=ng0%40n0.is">keys.openpgp.org</a>
		208	{% trans %}
		209	or via commandline with gnupg2.
		210	{% endtrans %}
		211	</p>
		212	<p>
		213	{% trans %}
		214	Fetch the release, the signature, the checksum file as well as its signature:
		215	{% endtrans %}
		216	</p>
		217	<ul>
		218	<li>
		219	ftp https://ftpmirror.gnu.org/gnu/gnunet/gnurl-7.65.3.tar.Z
		220	</li>
		221	<li>
		222	ftp https://ftpmirror.gnu.org/gnu/gnunet/gnurl-7.65.3.tar.Z.sig
		223	</li>
		224	<li>
		225	ftp https://ftpmirror.gnu.org/gnu.org/gnunet/gnurl-7.65.3.sum.txt
		226	</li>
		227	<li>
		228	ftp https://ftpmirror.gnu.org/gnu.org/gnunet/gnurl-7.65.3.sum.txt.sig
		229	</li>
		230	</ul>
		231	<p>
		232	{% trans %}
		233	verify the signatures, and verify the checksums against the
		234	checksums in the .sum.txt file.
		235	{% endtrans %}
		236	</p>
		237	<p>
		238	{% trans %}
		239	unpack the tarball:
		240	{% endtrans %}
		241	</p>
		242	<ul>
		243	<li>
		244	tar -zxf gnurl-7.65.3.tar.Z
		245	</li>
		246	</ul>
		247	<p>
		248	{% trans %}
		249	Change into the directory
		250	{% endtrans %}
		251	</p>
		252	<ul>
		253	<li>
		254	cd gnurl-7.65.3
		255	</li>
		256	</ul>
		257	<p>
		258	{% trans %}
		259	Now you can either run
		260	{% endtrans %}
		261	</p>
		262	<ul>
		263	<li>
		264	./configure
		265	</li>
		266	</ul>
		267	<p>
		268	{% trans %}
		269	directly (and read configure-gnurl before you do so) or invoke
		270	{% endtrans %}
		271	</p>
		272	<ul>
		273	<li>
		274	./configure-gnurl
		275	</li>
		276	</ul>
		277	<p>
		278	{% trans %}
		279	and pass additional parameters such as a custom PREFIX location.
		280	Further reference can be the
		281	{% endtrans %}
		282	<a href="http://pkgsrc.se/www/gnurl">www/gnurl</a> Makefile.
		283	{% trans %}
		284	Now run
		285	{% endtrans %}
		286	</p>
		287	<ul>
		288	<li>
		289	make
		290	</li>
		291	<li>
		292	make check
		293	{% trans %}
		294	(this is optional)
		295	{% endtrans %}
		296	</li>
		297	<li>
		298	make install
		299	</li>
		300	</ul>
		301	<p>
		302	{% trans %}
		303	and you are done.
		304	{% endtrans %}
		305	</p>
		306	<h4>{{ _("Building from a tagged git commit") }}</h4>
		307	<p>
		308	{% trans %}
		309	Follow the steps above, but instead of downloading the tarball,
		310	clone the git tag you want to build from.
		311	{% endtrans %}
		312	</p>
		313	</div>
		314	</div>
		315
		316	<div class="row container">
		317	<div class="col-md">
		318	<h3>{{ _("Reporting Bugs") }}</h3>
		319	<p>
		320	{% trans %}
		321	You can report bugs on our bug tracker:
		322	<a href="https://bugs.gnunet.org/">bugs.gnunet.org</a>. Alternatively
		323	you can use our bug mailinglist, but we prefer to track bugs
		324	on the bugtracker.
		325	{% endtrans %}
		326	</p>
		327	</div>
		328	<div class="col-md">
		329	<h3>{{ _("Maintainer and Cryptographic signatures") }}</h3>
		330	<p>
		331	{% trans %}
		332	gnurl/libgnurl is maintained by ng0.
		333	Releases are signed
		334	with the OpenPGP Key <b>A88C8ADD129828D7EAC02E52E22F9BBFEE348588</b>,
		335	with the key fingerprint <b>A88C 8ADD 1298 28D7 EAC0 2E52 E22F 9BBF EE34 8588</b>.
		336	{% endtrans %}
		337	</p>
		338	</div>
		339	</div>
		340
		341	</article> <!-- /container -->
181	{% endblock body_content %}	342	{% endblock body_content %}