gnurl (libgnurl)

motivation rename using gotchas source downloads building reporting maintainer

libgnurl is a micro fork of libcurl. The goal of libgnurl is to support only HTTP and HTTPS (and only HTTP 1.x) with a single crypto backend (GnuTLS) to ensure a small footprint and uniform experience for developers regardless of how libcurl was compiled.

Nuestro principal caso de uso es para GNUnet y Taler, pero puede ser utilizado por otros, por eso notros estamos soltando el código para el público en general.

libgnurl is released under the same license as libcurl. Please read the README for instructions, as you must supply the correct options to configure to get a proper build of libgnurl.

Acerca de gnurl

Grandes partes de los siguientes 6 párrafos son antiguos y necesitan reescritura.

Documentación

cURL supports many crypto backends. GNUnet requires the use of GnuTLS, but other variants are used by some distributions. Supporting other crypto backends would again expose us to a wider array of security issues, may create licensing issues and most importantly introduce new bugs as some crypto backends are known to introduce subtle runtime issues. While it is possible to have two versions of libcurl installed on the same system, this is error-prone, especially as if we are linked against the wrong version, the bugs that arise might be rather subtle.

Para GNUnet también necesitamos una versión particularmente moderna de GnuTLS, por lo tanto, de todas formas sería necesario recompilar cURL para GNUnet; pero, ¿Qué es lo que sucede si alguien enlaza cURL hacia esta versión de GnuTLS? Bueno, primero se tendría que instalar GnuTLS a mano en el sistema. Luego, construimos cURL. cURL se construirá hacia ella sin problema, pero, el enlazador eventualmente se va a quejar terriblemente. La razón es que ese cURL también enlaza hacia otras muchas bibliotecas del sistema (gssapi, ldap, ssh2, rtmp, krb5, sasl2, ver la discusión arriba acerca protocolos ocultos), las cuales, al ser parte de la distribución, fueron enlazadas hacia una versión antigua de GnuTLS. Como resultado, el mismo binario estaría enlazado hacia dos diferentes versiones de GnuTLS. Normalmente eso es una receta para el desastre, por lo tanto, con el fin de evadir actualizar una docena de bibliotecas del sistema (y teniendo dos versiones de las mismas instaladas), es necesario deshabilitar todas aquellas funciones cURL que GNUnet no utiliza, las cuales son muchas. Para GNUnet, la mayoría de protocolos ocultos sostenidos por cURL son cercanos a código muerto, mayormente inofensivos, pero no útiles; sin embargo, mientras alguna aplicación podría usar una de esas funciones, las distribuciones son normalmente forzadas a habilitar todas esas funciones, entonces incluyendo cuestiones de seguridad que puedan surgir de ese código.

Para utilizar una versión de GnuTLS, una aproximación sensata es inhabilitar todas las funciones "opcionales" de cURL que arrastran bibliotecas del sistema que se enlazan hacia el GnuTLS antiguo. Eso funciona, solo que NO se debería instalar esa versión de libcurl en, por ejemplo, /usr o /usr/local, ya que eso podría romper otras partes del sistema que podrían depender de estas funciones que acabamos de inhabilitar. La versión de Libtool no ayuda aquí, ya que no está hecha para lidiar con bibliotecas que tienen funciones opcionales. Naturalmente, instalar cURL en algún otro lugar también es problemático, ya que entonces tendremos que ser muy cuidadosos de que el enlazador enlace GNUnet hacia la versión correcta. Note que nada de esto puede realmente ser arreglado trivialmente por los desarrolladores de cURL.

Rename to fix

How does forking fix it? Easy. First, we can get rid of all of the compatibility issues --- if you use libgnurl, you state that you don't need anything but HTTP/HTTPS. Those applications that need more, should stick with the original cURL. Those that do not, can choose to move to something simpler. As the library gets a new name, we do not have to worry about tons of packages breaking as soon as one rebuilds it. So renaming itself and saying that "libgnurl = libcurl with only HTTP/HTTPS support and GnuTLS" fixes 99%% of the problems that darkened my mood. Note that this pretty much CANNOT be done without a fork, as renaming is an essential part of the fix. Now, there might be creative solutions to achieve the same thing within the standard cURL build system, but this was deemed to be too much work when gnurl was originally started. The changes libgnurl makes to curl are miniscule and can easily be applied again and again whenever libcurl makes a new release.

Usar libgnurl

Projects that use cURL only for HTTP/HTTPS and that would work with GnuTLS should be able to switch to libgnurl by changing "-lcurl" to "-lgnurl". That's it. No changes to the source code should be required, as libgnurl strives for bug-for-bug compatibility with the HTTP/HTTPS/GnuTLS subset of cURL. We might add new features relating to this core subset if they are proposed, but so far we have kept our changes minimal and no additions to the original curl source have been written.

Gotchas

libgnurl and gnurl are not intended to be used as a replacement for curl for users:
This does not mean there is no confidence in the work done with gnurl, it means that tools which expect curl or libcurl will not make use of a different named binary and library. If you know what you are doing, you should be able to use gnurl as part of your tooling in place of curl. We do not recommend to do so however, as the only usage it is tested for so far is as part of Taler's and GNunet's build-system.
Since no conflicts in filenames occur you are not expected to remove curl to make use of gnurl and viceversa.

Código fuente

You can get the gnurl git repository using:

  • git clone https://git.taler.net/gnurl.git
  • git clone git://git.taler.net/gnurl.git

The versions are checked in as (signed) git tags.

Descargas

Los lanzamientos son publicados en ftpmirror.gnu.org/gnu/gnunet. gnurl está disponible en una variedad de distribuciones y administradores de paquetes. Algunos administradores de paquetes que incluyen gnurl son: GNU Guix (disponible como "gnurl"), Gentoo a través de la colección ebuild colaborativa youbroketheinternet, Nix, y como www/gnurl in pkgsrc.

Construyendo gnurl

We suggest to closely follow release announcements, as they might indicate changes in how gnurl is to be build.
If your package manager provides a binary build or build instructions to build gnurl from source automated and integrated with your environment, we strongly suggest to use this binary build.
There are two ways to build gnurl. The first one builds from the most recent git tag, the second one uses the distributed tarball. Distributors generally are supposed to build from the tarball, but we describe both methods here. Both methods are written with a NetBSD 9 userland in mind, substitute tools as necessary.
You should avoid building gnurl from the tip of the default git branch, as only tags are considered to be stable and approved builds.

Building from the distributed tarball (prefered method)

If you want to verify the signature, install an OpenPGP compatible tool such as security/gnupgp2 (and set it up). Assuming you use pkgin:

  • pkgin update
  • pkgin install gnupg2

Fetch the signature key from keys.openpgp.org or via commandline with gnupg2.

Fetch the release, the signature, the checksum file as well as its signature:

  • ftp https://ftpmirror.gnu.org/gnu/gnunet/gnurl-7.65.3.tar.Z
  • ftp https://ftpmirror.gnu.org/gnu/gnunet/gnurl-7.65.3.tar.Z.sig
  • ftp https://ftpmirror.gnu.org/gnu.org/gnunet/gnurl-7.65.3.sum.txt
  • ftp https://ftpmirror.gnu.org/gnu.org/gnunet/gnurl-7.65.3.sum.txt.sig

verify the signatures, and verify the checksums against the checksums in the .sum.txt file.

unpack the tarball:

  • tar -zxf gnurl-7.65.3.tar.Z

Change into the directory

  • cd gnurl-7.65.3

Ahora puede reproducir

  • ./configure

directamente (lea configure-gnurl antes de hacerlo) o invocar

  • ./configure-gnurl

and pass additional parameters such as a custom PREFIX location. Further reference can be the www/gnurl Makefile. Ahora reproduzca

  • make
  • make check (esto es opcional)
  • make install

y eso es todo.

Building from a tagged git commit

Follow the steps above, but instead of downloading the tarball, clone the git tag you want to build from.

Reporte de Bugs

Usted puede reportar bugs o problemas en nuestro sistema de seguimiento de bugs: bugs.gnunet.org. De manera alternativa, usted puede usar nuestra lista de correos de bug, pero preferimos seguirlo en el sistema de seguimiento de bugs.

Mantenedor y firmas criptográficas

gnurl/libgnurl está buscando un nuevo mantenedor. Los lanzamientos tras la versión 7.69.1 y hasta la versión 7.72.0 se firmaron con la clave OpenPGP Key 0xD6B570842F7E7F8Dkeys.openpgp.org, con la huella digital de clave pública,6115 012D EA30 26F6 2A98 A556 D6B5 7084 2F7E 7F8D.