Bitmessage/PyBitmessage-2024-12-05
Archived
2
0
Fork 0
Code Issues 168 Pull Requests 53 Actions Packages Projects Releases 5 Wiki Activity

Clarification on backport of pyelliptic requested + external dependency unbundling #886

New Issue
Open
opened 2016-07-16 16:04:19 +02:00 by ghost · 8 comments
ghost commented 2016-07-16 16:04:19 +02:00 (Migrated from github.com)
Copy Link

As I work for a GNU system which unbundles where possible, I'd like to get some more
clarification on the backporting of pyelliptic you do. Can you explain your changes or point
out in the code which changes are made?

At your choice, could you even move the external dependencies
into git-submodules (other repositories) so it can be up to package
maintainers to pull them in?

This would improve the work of us package maintainers in cutting down the lines of code, especially for package systems like GNU Guix or systems like Gentoo.
https://wiki.gentoo.org/wiki/Why_not_bundle_dependencies
http://dustycloud.org/misc/talks/guix/chicagolug_2015/guix_talk.html (could include reasons and understanding, there are very likely more insights in https://www.gnu.org/software/guix/help/#papers and https://www.gnu.org/software/guix/help/#talks (same page))

As I work for a GNU system which unbundles where possible, I'd like to get some more clarification on the backporting of pyelliptic you do. Can you explain your changes or point out in the code which changes are made? At your choice, could you even move the external dependencies into git-submodules (other repositories) so it can be up to package maintainers to pull them in? This would improve the work of us package maintainers in cutting down the lines of code, especially for package systems like GNU Guix or systems like Gentoo. https://wiki.gentoo.org/wiki/Why_not_bundle_dependencies http://dustycloud.org/misc/talks/guix/chicagolug_2015/guix_talk.html (could include reasons and understanding, there are very likely more insights in https://www.gnu.org/software/guix/help/#papers and https://www.gnu.org/software/guix/help/#talks (same page))
PeterSurda commented 2016-07-16 22:18:56 +02:00 (Migrated from github.com)
Copy Link

I don't know what the difference is, you'd have to diff it yourself. You could contact Atheros and ask him.

I don't know what the difference is, you'd have to diff it yourself. You could contact Atheros and ask him.
ghost commented 2016-07-16 23:00:54 +02:00 (Migrated from github.com)
Copy Link

Thanks for the reply, Peter. I'll just CC @Atheros1 here as I find the github bugtracker not ideal.

But, this is not the only purpose of this issue, the second being bundled dependencies.

Thanks for the reply, Peter. I'll just CC @Atheros1 here as I find the github bugtracker not ideal. But, this is not the only purpose of this issue, the second being bundled dependencies.
bmng-dev commented 2016-07-17 13:51:32 +02:00 (Migrated from github.com)
Copy Link

Newer versions of PyElliptic break the Bitmessage protocol. Bitmessage still uses ECDSA-with-SHA1 signatures and length prefixed coordinate representation for ephemeral public keys while recent versions of PyElliptic only use ECDSA-with-SHA2 signatures and uncompressed point compression form representation for ephemeral public keys. The bundled PyElliptic has an improved OpenSSL library locator.

The bundled Socksipy has been modified to support Tor's SOCKS Extensions.

Newer versions of PyElliptic break the Bitmessage protocol. Bitmessage still uses ECDSA-with-SHA1 signatures and length prefixed coordinate representation for ephemeral public keys while recent versions of PyElliptic only use ECDSA-with-SHA2 signatures and uncompressed point compression form representation for ephemeral public keys. The bundled PyElliptic has an improved OpenSSL library locator. The bundled Socksipy has been modified to support Tor's SOCKS Extensions.
rekado commented 2016-07-17 21:27:25 +02:00 (Migrated from github.com)
Copy Link

Do you plan to send your improvements to the respective upstream projects?

Do you plan to send your improvements to the respective upstream projects?
bmng-dev commented 2016-07-19 06:23:55 +02:00 (Migrated from github.com)
Copy Link

Me personally? No, I didn't make the modifications.

Me personally? No, I didn't make the modifications.
PeterSurda commented 2016-07-19 14:09:11 +02:00 (Migrated from github.com)
Copy Link

I modified the socksipy, I added support for the RESOLVE extension used by Tor. This is used for improving bootstrapping. I can try to push it upstream.

PyElliptic was probably modified by Atheros (I wasn't involved in the development at that time so I don't know).

I modified the socksipy, I added support for the RESOLVE extension used by Tor. This is used for improving bootstrapping. I can try to push it upstream. PyElliptic was probably modified by Atheros (I wasn't involved in the development at that time so I don't know).
PeterSurda commented 2017-02-26 12:20:15 +01:00 (Migrated from github.com)
Copy Link

Also recently me and one other developer modified the bundled pyelliptic to support OpenSSL 1.1.x and LibreSSL (the old code does support LibreSSL, but if you want to add OpenSSL 1.1.x support you also have to distinguish between OpenSSL and LibreSSL). I'll see if it can be pushed upstream, but it's not a high priority and the upstream seems abandoned.

I'll refactor socksify into an asyncore class in the future, so the socksipy dependecy can be removed altogether.

Also recently me and one other developer modified the bundled pyelliptic to support OpenSSL 1.1.x and LibreSSL (the old code does support LibreSSL, but if you want to add OpenSSL 1.1.x support you also have to distinguish between OpenSSL and LibreSSL). I'll see if it can be pushed upstream, but it's not a high priority and the upstream seems abandoned. I'll refactor socksify into an asyncore class in the future, so the socksipy dependecy can be removed altogether.
g1itch commented 2017-03-02 17:54:55 +01:00 (Migrated from github.com)
Copy Link

Concerning socksocket.resolve() there is an issue in the upstream PySocks project. I think you can cooperate.

Concerning `socksocket.resolve()` there is [an issue](/Anorov/PySocks/issues/22) in the upstream PySocks project. I think you can cooperate.
This repo is archived. You cannot comment on issues.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels   
bug

Something isn't working as it's supposed to

  
build

Related to building or build system

  
dependencies

Pull requests that update a dependency file

  
developers

The issue is relevant mainly for developers rather than users

  
documentation

   
duplicate

   
enhancement

New feature

  
formatting

Code or UI text formatting

  
invalid

   
legal

   
mobile

Frontend for mobile devices (kivy)

  
obsolete

   
packaging

   
performance

   
protocol

Protocol change

  
question

   
refactoring

   
regression

Some issue, fixed in the past, appears again

  
security

   
test

   
translation

   
usability

   
wontfix
No Label
bug
build
dependencies
developers
documentation
duplicate
enhancement
formatting
invalid
legal
mobile
obsolete
packaging
performance
protocol
question
refactoring
regression
security
test
translation
usability
wontfix
Milestone
Clear milestone
No items
No Milestone
v0.6.4
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
1 Participants
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: Bitmessage/PyBitmessage-2024-12-05#886
No description provided.
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?