Zen

Translation

For GNUnet, we also need a particularly modern version of GnuTLS. Thus, it would anyway be necessary to recompile cURL for GNUnet. But what happens if one links cURL against this version of GnuTLS? Well, first one would install GnuTLS by hand in the system. Then, we build cURL. cURL will build against it just fine, but the linker will eventually complain bitterly. The reason is that cURL also links against a bunch of other system libraries (gssapi, ldap, ssh2, rtmp, krb5, sasl2, see discussion on obscure protocols above), which --- as they are part of the distribution --- were linked against an older version of GnuTLS. As a result, the same binary would be linked against two different versions of GnuTLS. That is typically a recipe for disaster. Thus, in order to avoid updating a dozen system libraries (and having two versions of those installed), it is necessary to disable all of those cURL features that GNUnet does not use, and there are many of those. For GNUnet, the more obscure protocols supported by cURL are close to dead code --- mostly harmless, but not useful. However, as some application may use one of those features, distributions are typically forced to enable all of those features, and thus including security issues that might arise from that code.
498/12800 · 1280

Sign in to save the translation.

English Chinese (Traditional) Actions
Our main usecase is for GNUnet and Taler, but it might be usable for others, hence we're releasing the code to the general public.
我們的程式碼主要用於 GNUnet 和 Taler,但考慮到對其他人可能也有幫助,我們決定將程式碼公之於眾。
libgnurl is released under the same license as libcurl. Please read the README for instructions, as you must supply the correct options to configure to get a proper build of libgnurl.
libgnurl 與 libcurl 由相同的許可證所發行。由於您必須提供正確的選項來進行配置以獲取正確的 libgnurl 建構,請閱讀 README 以了解更多的相關指令。
About gnurl
關於 gnurl
Large parts of the following 6 paragraphs are old and need to be rewritten.
以下六個段落的大部分內容陳舊,需重新撰寫。
cURL supports many crypto backends. GNUnet requires the use of GnuTLS, but other variants are used by some distributions. Supporting other crypto backends would again expose us to a wider array of security issues, may create licensing issues and most importantly introduce new bugs as some crypto backends are known to introduce subtle runtime issues. While it is possible to have two versions of libcurl installed on the same system, this is error-prone, especially as if we are linked against the wrong version, the bugs that arise might be rather subtle.
cURL 支持許多加密後端。GNUnet 需要使用 GnuTLS,但某些發行版本使用其他變形。支持其他加密後端將再次使我們面臨更廣泛的安全問題,這可能會產生許可問題,最嚴重的是,已知某些加密後端會引入不易察覺的執行時期問題 (runtime issues) 而帶來新的錯誤。雖然可以在同一個系統上安裝兩個版本的 libcurl,但這很容易出錯,尤其是當我們鏈接到錯誤的版本時,出現的錯誤可能十分不易察覺。
For GNUnet, we also need a particularly modern version of GnuTLS. Thus, it would anyway be necessary to recompile cURL for GNUnet. But what happens if one links cURL against this version of GnuTLS? Well, first one would install GnuTLS by hand in the system. Then, we build cURL. cURL will build against it just fine, but the linker will eventually complain bitterly. The reason is that cURL also links against a bunch of other system libraries (gssapi, ldap, ssh2, rtmp, krb5, sasl2, see discussion on obscure protocols above), which --- as they are part of the distribution --- were linked against an older version of GnuTLS. As a result, the same binary would be linked against two different versions of GnuTLS. That is typically a recipe for disaster. Thus, in order to avoid updating a dozen system libraries (and having two versions of those installed), it is necessary to disable all of those cURL features that GNUnet does not use, and there are many of those. For GNUnet, the more obscure protocols supported by cURL are close to dead code --- mostly harmless, but not useful. However, as some application may use one of those features, distributions are typically forced to enable all of those features, and thus including security issues that might arise from that code.
對於 GNUnet,我們還需要一個特定現代版本的 GnuTLS 。因此,無論如何都需要為 GNUnet 再次編譯 cURL。但是,如果將 cURL 鏈接到此版本的 GnuTLS 會發生什麼事?首先,GnuTLS 需要被手動安裝在系統中。接著,我們需要構建 cURL。cURL 會順利地構建,但鏈接器最終會"抱怨"。鏈接器會"抱怨"是因為 cURL 還鏈接了許多其他系統庫 (gssapi, ldap, ssh2, rtmp, krb5, sasl2, 請參閱上方關於 obscure protocols 的討論)。由於這些系統庫是分發的一部分,他們與舊版的GnuTLS 有鏈接。因此,同一個二進製文件將鏈接到兩個不同版本的 GnuTLS。這通常是災難的"秘訣"。因此,為了避免更新十幾個系統庫(並安裝兩個版本),禁用 GNUnet 不使用的(為數眾多的)所有 cURL 功能是有必要的。對於 GNUnet 來說,cURL 支持的更隱晦的協議接近死代碼——大多是無害的,但也沒有用。然而,由於某些應用程序可能會使用其中一項功能,分發版通常會被迫啟用所有這些功能,從而包括可能由該代碼引起的安全問題。
So to use a modern version of GnuTLS, a sane approach is to disable all of the "optional" features of cURL that drag in system libraries that link against the older GnuTLS. That works, except that one should then NEVER install that version of libcurl in say /usr or /usr/local, as that may break other parts of the system that might depend on these features that we just disabled. Libtool versioning doesn't help here, as it is not intended to deal with libraries that have optional features. Naturally, installing cURL somewhere else is also problematic, as we now need to be really careful that the linker will link GNUnet against the right version. Note that none of this can really be trivially fixed by the cURL developers.
因此,要使用現代版本的 GnuTLS,一個明智的方法是禁用 cURL 的所有"可選 (optional)"功能,這些功能將鏈接部份連接到舊的 GnuTLS 程式庫中。這是可以運行的,但是使用者"永遠"不應該在 /usr 或 /usr/local 中安裝那個版本的 libcurl,因為這可能會破壞系統的其他部分,而這些部分可能依賴於我們剛剛禁用的功能。Libtool版本控制在這裡沒有幫助,因為 Libtool 版本控制的原意並非處理具有可選功能的程式庫。理所當然地,在其他地方安裝 cURL 也會造成問題,因為我們現在必須非常小心,鏈接器會將 GNUnet 部份連接到正確的版本。請注意,cURL 開發人員無法輕鬆地解決這些問題。
Rename to fix
重命名以修復
How does forking fix it? Easy. First, we can get rid of all of the compatibility issues --- if you use libgnurl, you state that you don't need anything but HTTP/HTTPS. Those applications that need more, should stick with the original cURL. Those that do not, can choose to move to something simpler. As the library gets a new name, we do not have to worry about tons of packages breaking as soon as one rebuilds it. So renaming itself and saying that "libgnurl = libcurl with only HTTP/HTTPS support and GnuTLS" fixes 99%% of the problems that darkened my mood. Note that this pretty much CANNOT be done without a fork, as renaming is an essential part of the fix. Now, there might be creative solutions to achieve the same thing within the standard cURL build system, but this was deemed to be too much work when gnurl was originally started. The changes libgnurl makes to curl are miniscule and can easily be applied again and again whenever libcurl makes a new release.
分叉 (forking ) 是如何解決此問題的?答案很簡單。首先,我們可以擺脫所有的兼容性問題——如果你使用 libgnurl,您聲明除了 HTTP/HTTPS 以外,您不需要任何東西。那些需要更多東西的應用程式應該持續使用原始的cURL。那些不需要的,則可以轉而選擇更簡單的東西。由於程式庫有了一個新名稱,我們不必擔心一旦重建此程式庫就會損壞大量套件的問題。所以將其重命名並表示 "libgnurl = libcurl with only HTTP/HTTPS support and GnuTLS" 修復了 99%% 的問題使讓我情緒黯淡。請注意,如果沒有 fork,這幾乎"無法"完成,因為重命名為修復過程中很重要的一部分。現在,在標準的 cURL 構建系統中可能會有創意的解決方案來實現同樣的事情,但是這在 gnurl 最初被啟動時被認為是太多工作了。
Using libgnurl
使用 libgnurl
Projects that use cURL only for HTTP/HTTPS and that would work with GnuTLS should be able to switch to libgnurl by changing "-lcurl" to "-lgnurl". That's it. No changes to the source code should be required, as libgnurl strives for bug-for-bug compatibility with the HTTP/HTTPS/GnuTLS subset of cURL. We might add new features relating to this core subset if they are proposed, but so far we have kept our changes minimal and no additions to the original curl source have been written.
僅將 cURL 用於 HTTP/HTTPS 並且可以與 GnuTLS 一起使用的專案應該能夠通過將"-lcurl"更改為"-lgnurl"來切換到 libgnurl。就是這樣。不需要更改原始碼,因為 libgnurl 力求與 cURL 的 HTTP/HTTPS/GnuTLS 子集錯誤對錯誤相容 (bug-for-bug compatibility)。如果有人提議,我們可能會添加與此核心子集相關的新功能,但到目前為止,我們將更改保持在最低限度,並且沒有添加新功能到原始的 curl source 中。

Loading…

User avatar Ting-Yi

Translation added

  1. GNUnet
  2. Website
  3. Chinese (Traditional)
For GNUnet, we also need a particularly modern version of GnuTLS. Thus, it would anyway be necessary to recompile cURL for GNUnet. But what happens if one links cURL against this version of GnuTLS? Well, first one would install GnuTLS by hand in the system. Then, we build cURL. cURL will build against it just fine, but the linker will eventually complain bitterly. The reason is that cURL also links against a bunch of other system libraries (gssapi, ldap, ssh2, rtmp, krb5, sasl2, see discussion on obscure protocols above), which --- as they are part of the distribution --- were linked against an older version of GnuTLS. As a result, the same binary would be linked against two different versions of GnuTLS. That is typically a recipe for disaster. Thus, in order to avoid updating a dozen system libraries (and having two versions of those installed), it is necessary to disable all of those cURL features that GNUnet does not use, and there are many of those. For GNUnet, the more obscure protocols supported by cURL are close to dead code --- mostly harmless, but not useful. However, as some application may use one of those features, distributions are typically forced to enable all of those features, and thus including security issues that might arise from that code.
對於 GNUnet,我們還需要一個特定現代版本的 GnuTLS 。因此,無論如何都需要為 GNUnet 再次編譯 cURL。但是,如果將 cURL 鏈接到此版本的 GnuTLS 會發生什麼事?首先,GnuTLS 需要被手動安裝在系統中。接著,我們需要構建 cURL。cURL 會順利地構建,但鏈接器最終會"抱怨"。鏈接器會"抱怨"是因為 cURL 還鏈接了許多其他系統庫 (gssapi, ldap, ssh2, rtmp, krb5, sasl2, 請參閱上方關於 obscure protocols 的討論)。由於這些系統庫是分發的一部分,他們與舊版的GnuTLS 有鏈接。因此,同一個二進製文件將鏈接到兩個不同版本的 GnuTLS。這通常是災難的"秘訣"。因此,為了避免更新十幾個系統庫(並安裝兩個版本),禁用 GNUnet 不使用的(為數眾多的)所有 cURL 功能是有必要的。對於 GNUnet 來說,cURL 支持的更隱晦的協議接近死代碼——大多是無害的,但也沒有用。然而,由於某些應用程序可能會使用其中一項功能,分發版通常會被迫啟用所有這些功能,從而包括可能由該代碼引起的安全問題。
3 years ago
Browse all string changes

Things to check

Consecutive duplicated words

Text contains the same word twice in a row: cURL

Reset

Glossary

English Chinese (Traditional)
No related strings found in the glossary.

String information

Source string location
template/gnurl.html.j2:76
String age
3 years ago
Last updated
4 months ago
Source string age
3 years ago
Translation file
locale/zh_Hant/LC_MESSAGES/messages.po, string 259