On Wed, Feb 10, 2016 at 2:43 AM, Efraim Flashner <efr...@flashner.co.il> wrote: > On Tue, 09 Feb 2016 20:56:59 -0600 > Christopher W Carpenter <mordo...@mordocai.net> wrote: > >> Talked about this on IRC davexunit, but there appears to be a circular >> dependency >> issue with gnutls and pkg-config now that pkg-config needs to be >> downloaded via https. >> > [snip] >> >> davexunit on #guix mentioned that this may need to be solved using a >> minimal build of gnutls that doesn't require pkg-config for https >> downloads but i'm a bit out of my depth here so I'm just reporting :). >> >> I am happy to do some grunt work once the project decides what direction >> to go. >> >> Thanks, >> Christopher Carpenter >> > > Another option is to try to build gnutls without pkg-config and as part of > the configure phase manually tell it where to find the dependencies. IIRC we > do that with some of the less complicated lower level packages.
The bigger problem to be aware of is this: No package in the gnutls dependency graph may have its source code downloaded over HTTPS. Even if we hack around this for pkg-config, I'm sure it will bite us again when another upstream starts enforcing HTTPS. So, what can we do here? - Dave
