From 5b2fd61868dfeeb60ec5252f86f46d6995a869b2 Mon Sep 17 00:00:00 2001
From: Nikita Karetnikov <nikita@karetnikov.org>
Date: Fri, 23 Nov 2012 23:00:50 +0100
Subject: [PATCH] distro: Add GNU Shishi.

* distro/packages/shishi.scm,
  distro/packages/patches/shishi-gets-undeclared.patch: New files.
* Makefile.am (MODULES): Add 'shishi.scm'.
  (dist_patch_DATA): Add 'shishi-gets-undeclared.patch'.
---
 Makefile.am                                   |  2 +
 .../patches/shishi-gets-undeclared.patch      | 71 +++++++++++++++++++
 distro/packages/shishi.scm                    | 69 ++++++++++++++++++
 3 files changed, 142 insertions(+)
 create mode 100644 distro/packages/patches/shishi-gets-undeclared.patch
 create mode 100644 distro/packages/shishi.scm

diff --git a/Makefile.am b/Makefile.am
index dbc507170c..ae70a2684d 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -72,6 +72,7 @@ MODULES =					\
   distro/packages/pth.scm			\
   distro/packages/readline.scm			\
   distro/packages/recutils.scm			\
+  distro/packages/shishi.scm			\
   distro/packages/system.scm			\
   distro/packages/texinfo.scm			\
   distro/packages/zile.scm
@@ -98,6 +99,7 @@ dist_patch_DATA =						\
   distro/packages/patches/findutils-absolute-paths.patch	\
   distro/packages/patches/perl-no-sys-dirs.patch		\
   distro/packages/patches/readline-link-ncurses.patch		\
+  distro/packages/patches/shishi-gets-undeclared.patch		\
   distro/packages/patches/tar-gets-undeclared.patch
 
 bootstrapdir = $(pkgdatadir)/bootstrap
diff --git a/distro/packages/patches/shishi-gets-undeclared.patch b/distro/packages/patches/shishi-gets-undeclared.patch
new file mode 100644
index 0000000000..a3d6d0cca2
--- /dev/null
+++ b/distro/packages/patches/shishi-gets-undeclared.patch
@@ -0,0 +1,71 @@
+This patch is needed to allow builds with newer versions of
+the GNU libc (2.16+).
+
+
+commit 66712c23388e93e5c518ebc8515140fa0c807348
+Author: Eric Blake <eblake@redhat.com>
+Date:   Thu Mar 29 13:30:41 2012 -0600
+
+    stdio: don't assume gets any more
+    
+    Gnulib intentionally does not have a gets module, and now that C11
+    and glibc have dropped it, we should be more proactive about warning
+    any user on a platform that still has a declaration of this dangerous
+    interface.
+    
+    * m4/stdio_h.m4 (gl_STDIO_H, gl_STDIO_H_DEFAULTS): Drop gets
+    support.
+    * modules/stdio (Makefile.am): Likewise.
+    * lib/stdio-read.c (gets): Likewise.
+    * tests/test-stdio-c++.cc: Likewise.
+    * m4/warn-on-use.m4 (gl_WARN_ON_USE_PREPARE): Fix comment.
+    * lib/stdio.in.h (gets): Make warning occur in more places.
+    * doc/posix-functions/gets.texi (gets): Update documentation.
+    Reported by Christer Solskogen.
+    
+    Signed-off-by: Eric Blake <eblake@redhat.com>
+
+diff --git a/gl/stdio.in.h b/gl/stdio.in.h
+index aa7b599..c377b6e 100644
+--- a/gl/stdio.in.h
++++ b/gl/stdio.in.h
+@@ -698,22 +698,11 @@ _GL_WARN_ON_USE (getline, "getline is unportable - "
+ # endif
+ #endif
+ 
+-#if @GNULIB_GETS@
+-# if @REPLACE_STDIO_READ_FUNCS@ && @GNULIB_STDIO_H_NONBLOCKING@
+-#  if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+-#   undef gets
+-#   define gets rpl_gets
+-#  endif
+-_GL_FUNCDECL_RPL (gets, char *, (char *s) _GL_ARG_NONNULL ((1)));
+-_GL_CXXALIAS_RPL (gets, char *, (char *s));
+-# else
+-_GL_CXXALIAS_SYS (gets, char *, (char *s));
+-#  undef gets
+-# endif
+-_GL_CXXALIASWARN (gets);
+ /* It is very rare that the developer ever has full control of stdin,
+-   so any use of gets warrants an unconditional warning.  Assume it is
+-   always declared, since it is required by C89.  */
++   so any use of gets warrants an unconditional warning; besides, C11
++   removed it.  */
++#undef gets
++#if HAVE_RAW_DECL_GETS
+ _GL_WARN_ON_USE (gets, "gets is a security hole - use fgets instead");
+ #endif
+ 
+@@ -1053,9 +1042,9 @@ _GL_WARN_ON_USE (snprintf, "snprintf is unportable - "
+ # endif
+ #endif
+ 
+-/* Some people would argue that sprintf should be handled like gets
+-   (for example, OpenBSD issues a link warning for both functions),
+-   since both can cause security holes due to buffer overruns.
++/* Some people would argue that all sprintf uses should be warned about
++   (for example, OpenBSD issues a link warning for it),
++   since it can cause security holes due to buffer overruns.
+    However, we believe that sprintf can be used safely, and is more
+    efficient than snprintf in those safe cases; and as proof of our
+    belief, we use sprintf in several gnulib modules.  So this header
diff --git a/distro/packages/shishi.scm b/distro/packages/shishi.scm
new file mode 100644
index 0000000000..3a71dc3c97
--- /dev/null
+++ b/distro/packages/shishi.scm
@@ -0,0 +1,69 @@
+;;; Guix --- Nix package management from Guile.         -*- coding: utf-8 -*-
+;;; Copyright (C) 2012 Nikita Karetnikov <nikita@karetnikov.org>
+;;; Copyright (C) 2012 Ludovic Courtès <ludo@gnu.org>
+;;;
+;;; This file is part of Guix.
+;;;
+;;; Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with Guix.  If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (distro packages shishi)
+  #:use-module (distro)
+  #:use-module (distro packages gnutls)
+  #:use-module (distro packages gnupg)
+  #:use-module (distro packages compression)
+  #:use-module (guix packages)
+  #:use-module (guix download)
+  #:use-module (guix build-system gnu))
+
+(define-public shishi
+  (package
+    (name "shishi")
+    (version "1.0.1")
+    (source
+     (origin
+      (method url-fetch)
+      (uri (string-append
+            "mirror://gnu/shishi/shishi-"
+            version
+            ".tar.gz"))
+      (sha256
+       (base32
+        "13c6w9rpaqb3am65nrn86byvmll5r78pld2vb0i68491vww4fzlx"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:make-flags
+       '("CPPFLAGS=-DMAX_ERROR_DESCRIPTION_SIZE=ASN1_MAX_ERROR_DESCRIPTION_SIZE")
+       #:patches (list (assoc-ref %build-inputs
+                                  "patch/gets"))))
+    (inputs
+     `(("gnutls" ,gnutls)
+       ("zlib" ,zlib)
+       ("libgcrypt" ,libgcrypt)
+       ("libtasn1" ,libtasn1)
+       ("patch/gets" ,(search-patch "shishi-gets-undeclared.patch"))))
+    (home-page "http://www.gnu.org/software/shishi/")
+    (synopsis
+     "GNU Shishi, free implementation of the Kerberos 5 network security system")
+    (description
+     " GNU Shishi is an implementation of the Kerberos 5 network
+  authentication system, as specified in RFC 4120.  Shishi can be
+  used to authenticate users in distributed systems.
+
+  Shishi contains a library (`libshishi') that can be used by
+  application developers to add support for Kerberos 5.  Shishi
+  contains a command line utility (1shishi') that is used by
+  users to acquire and manage tickets (and more).  The server
+  side, a Key Distribution Center, is implemented by `shishid'.
+")
+    (license "GPLv3+"))) ; some files are under GPLv2+