diff options
author | Etienne Samson <samson.etienne@gmail.com> | 2019-06-13 16:48:35 +0200 |
---|---|---|
committer | Etienne Samson <samson.etienne@gmail.com> | 2019-06-14 12:07:00 +0200 |
commit | 94fc83b6d7f179190142b91abd0d22240aced0c1 (patch) | |
tree | 3737f1a6f4340e8e96391f2f9862136ca122c60c /cmake | |
parent | 231ccbeb1df01715646c788b6316046dfecda4c7 (diff) | |
download | libgit2-94fc83b6d7f179190142b91abd0d22240aced0c1.tar.gz |
cmake: Modulize our TLS & hash detection
The interactions between `USE_HTTPS` and `SHA1_BACKEND` have been
streamlined. Previously we would have accepted not quite working
configurations (like, `-DUSE_HTTPS=OFF -DSHA1_BACKEND=OpenSSL`) and, as
the OpenSSL detection only ran with `USE_HTTPS`, the link would fail.
The detection was moved to a new `USE_SHA1`, modeled after `USE_HTTPS`,
which takes the values "CollisionDetection/Backend/Generic", to better
match how the "hashing backend" is selected, the default (ON) being
"CollisionDetection".
Note that, as `SHA1_BACKEND` is still used internally, you might need to
check what customization you're using it for.
Diffstat (limited to 'cmake')
-rw-r--r-- | cmake/Modules/SelectHTTPSBackend.cmake | 126 | ||||
-rw-r--r-- | cmake/Modules/SelectHashes.cmake | 64 |
2 files changed, 190 insertions, 0 deletions
diff --git a/cmake/Modules/SelectHTTPSBackend.cmake b/cmake/Modules/SelectHTTPSBackend.cmake new file mode 100644 index 000000000..a97ebe320 --- /dev/null +++ b/cmake/Modules/SelectHTTPSBackend.cmake @@ -0,0 +1,126 @@ +# Select the backend to use + +# We try to find any packages our backends might use +FIND_PACKAGE(OpenSSL) +FIND_PACKAGE(mbedTLS) +IF (CMAKE_SYSTEM_NAME MATCHES "Darwin") + FIND_PACKAGE(Security) + FIND_PACKAGE(CoreFoundation) +ENDIF() + +# Auto-select TLS backend +IF (USE_HTTPS STREQUAL ON) + message(ON) + IF (SECURITY_FOUND) + IF (SECURITY_HAS_SSLCREATECONTEXT) + SET(HTTPS_BACKEND "SecureTransport") + ELSE() + MESSAGE("-- Security framework is too old, falling back to OpenSSL") + SET(HTTPS_BACKEND "OpenSSL") + ENDIF() + ELSEIF (WINHTTP) + SET(HTTPS_BACKEND "WinHTTP") + ELSEIF(OPENSSL_FOUND) + SET(HTTPS_BACKEND "OpenSSL") + ELSEIF(MBEDTLS_FOUND) + SET(HTTPS_BACKEND "mbedTLS") + ELSE() + MESSAGE(FATAL_ERROR "Unable to autodetect a usable HTTPS backend." + "Please pass the backend name explicitly (-DUSE_HTTPS=backend)") + ENDIF() +ELSEIF(USE_HTTPS) + message(expl) + # HTTPS backend was explicitly set + SET(HTTPS_BACKEND ${USE_HTTPS}) +ELSE() + SET(HTTPS_BACKEND NO) +ENDIF() + +IF(HTTPS_BACKEND) + # Check that we can find what's required for the selected backend + IF (HTTPS_BACKEND STREQUAL "SecureTransport") + IF (NOT COREFOUNDATION_FOUND) + MESSAGE(FATAL_ERROR "Cannot use SecureTransport backend, CoreFoundation.framework not found") + ENDIF() + IF (NOT SECURITY_FOUND) + MESSAGE(FATAL_ERROR "Cannot use SecureTransport backend, Security.framework not found") + ENDIF() + IF (NOT SECURITY_HAS_SSLCREATECONTEXT) + MESSAGE(FATAL_ERROR "Cannot use SecureTransport backend, SSLCreateContext not supported") + ENDIF() + + SET(GIT_SECURE_TRANSPORT 1) + LIST(APPEND LIBGIT2_SYSTEM_INCLUDES ${SECURITY_INCLUDE_DIR}) + LIST(APPEND LIBGIT2_LIBS ${COREFOUNDATION_LIBRARIES} ${SECURITY_LIBRARIES}) + LIST(APPEND LIBGIT2_PC_LIBS ${COREFOUNDATION_LDFLAGS} ${SECURITY_LDFLAGS}) + ELSEIF (HTTPS_BACKEND STREQUAL "OpenSSL") + IF (NOT OPENSSL_FOUND) + MESSAGE(FATAL_ERROR "Asked for OpenSSL TLS backend, but it wasn't found") + ENDIF() + + SET(GIT_OPENSSL 1) + LIST(APPEND LIBGIT2_SYSTEM_INCLUDES ${OPENSSL_INCLUDE_DIR}) + LIST(APPEND LIBGIT2_LIBS ${OPENSSL_LIBRARIES}) + LIST(APPEND LIBGIT2_PC_LIBS ${OPENSSL_LDFLAGS}) + LIST(APPEND LIBGIT2_PC_REQUIRES "openssl") + ELSEIF(HTTPS_BACKEND STREQUAL "mbedTLS") + IF (NOT MBEDTLS_FOUND) + MESSAGE(FATAL_ERROR "Asked for mbedTLS backend, but it wasn't found") + ENDIF() + + IF(NOT CERT_LOCATION) + MESSAGE("Auto-detecting default certificates location") + IF(CMAKE_SYSTEM_NAME MATCHES Darwin) + # Check for an Homebrew installation + SET(OPENSSL_CMD "/usr/local/opt/openssl/bin/openssl") + ELSE() + SET(OPENSSL_CMD "openssl") + ENDIF() + EXECUTE_PROCESS(COMMAND ${OPENSSL_CMD} version -d OUTPUT_VARIABLE OPENSSL_DIR OUTPUT_STRIP_TRAILING_WHITESPACE) + IF(OPENSSL_DIR) + STRING(REGEX REPLACE "^OPENSSLDIR: \"(.*)\"$" "\\1/" OPENSSL_DIR ${OPENSSL_DIR}) + + SET(OPENSSL_CA_LOCATIONS + "ca-bundle.pem" # OpenSUSE Leap 42.1 + "cert.pem" # Ubuntu 14.04, FreeBSD + "certs/ca-certificates.crt" # Ubuntu 16.04 + "certs/ca.pem" # Debian 7 + ) + FOREACH(SUFFIX IN LISTS OPENSSL_CA_LOCATIONS) + SET(LOC "${OPENSSL_DIR}${SUFFIX}") + IF(NOT CERT_LOCATION AND EXISTS "${OPENSSL_DIR}${SUFFIX}") + SET(CERT_LOCATION ${LOC}) + ENDIF() + ENDFOREACH() + ELSE() + MESSAGE("Unable to find OpenSSL executable. Please provide default certificate location via CERT_LOCATION") + ENDIF() + ENDIF() + + IF(CERT_LOCATION) + IF(NOT EXISTS ${CERT_LOCATION}) + MESSAGE(FATAL_ERROR "Cannot use CERT_LOCATION=${CERT_LOCATION} as it doesn't exist") + ENDIF() + ADD_FEATURE_INFO(CERT_LOCATION ON "using certificates from ${CERT_LOCATION}") + ADD_DEFINITIONS(-DGIT_DEFAULT_CERT_LOCATION="${CERT_LOCATION}") + ENDIF() + + SET(GIT_MBEDTLS 1) + LIST(APPEND LIBGIT2_SYSTEM_INCLUDES ${MBEDTLS_INCLUDE_DIR}) + LIST(APPEND LIBGIT2_LIBS ${MBEDTLS_LIBRARIES}) + # mbedTLS has no pkgconfig file, hence we can't require it + # https://github.com/ARMmbed/mbedtls/issues/228 + # For now, pass its link flags as our own + LIST(APPEND LIBGIT2_PC_LIBS ${MBEDTLS_LIBRARIES}) + ELSEIF (HTTPS_BACKEND STREQUAL "WinHTTP") + # WinHTTP setup was handled in the WinHTTP-specific block above + ELSE() + MESSAGE(FATAL_ERROR "Asked for backend ${HTTPS_BACKEND} but it wasn't found") + ENDIF() + + SET(GIT_HTTPS 1) + ADD_FEATURE_INFO(HTTPS GIT_HTTPS "using ${HTTPS_BACKEND}") +ELSE() + SET(GIT_HTTPS 0) + ADD_FEATURE_INFO(HTTPS NO "") +ENDIF() diff --git a/cmake/Modules/SelectHashes.cmake b/cmake/Modules/SelectHashes.cmake new file mode 100644 index 000000000..450e2bddb --- /dev/null +++ b/cmake/Modules/SelectHashes.cmake @@ -0,0 +1,64 @@ +# Select a hash backend + +# USE_SHA1=CollisionDetection(ON)/HTTPS/Generic/OFF + +IF(USE_SHA1 STREQUAL ON OR USE_SHA1 STREQUAL "CollisionDetection") + SET(SHA1_BACKEND "CollisionDetection") +ELSEIF(USE_SHA1 STREQUAL "HTTPS") + message("Checking HTTPS backend… ${HTTPS_BACKEND}") + IF(HTTPS_BACKEND STREQUAL "SecureTransport") + SET(SHA1_BACKEND "CommonCrypto") + ELSEIF(HTTPS_BACKEND STREQUAL "WinHTTP") + SET(SHA1_BACKEND "Win32") + ELSEIF(HTTPS_BACKEND) + SET(SHA1_BACKEND ${HTTPS_BACKEND}) + ELSE() + ENDIF() + IF(NOT HTTPS_BACKEND) + SET(SHA1_BACKEND "CollisionDetection") + ENDIF() + message(STATUS "Using SHA1 backend ${SHA1_BACKEND}") +ELSEIF(USE_SHA1 STREQUAL "Generic") + SET(SHA1_BACKEND "Generic") +# ELSEIF(NOT USE_SHA1) +ELSE() + MESSAGE(FATAL_ERROR "Invalid value for USE_SHA1: ${USE_SHA1}") +ENDIF() + +IF(SHA1_BACKEND STREQUAL "CollisionDetection") + SET(GIT_SHA1_COLLISIONDETECT 1) + ADD_DEFINITIONS(-DSHA1DC_NO_STANDARD_INCLUDES=1) + ADD_DEFINITIONS(-DSHA1DC_CUSTOM_INCLUDE_SHA1_C=\"common.h\") + ADD_DEFINITIONS(-DSHA1DC_CUSTOM_INCLUDE_UBC_CHECK_C=\"common.h\") + FILE(GLOB SRC_SHA1 hash/hash_collisiondetect.c hash/sha1dc/*) +ELSEIF(SHA1_BACKEND STREQUAL "OpenSSL") + # OPENSSL_FOUND should already be set, we're checking HTTPS_BACKEND + + SET(GIT_SHA1_OPENSSL 1) + IF(CMAKE_SYSTEM_NAME MATCHES "FreeBSD") + LIST(APPEND LIBGIT2_PC_LIBS "-lssl") + ELSE() + LIST(APPEND LIBGIT2_PC_REQUIRES "openssl") + ENDIF() +ELSEIF(SHA1_BACKEND STREQUAL "CommonCrypto") + SET(GIT_SHA1_COMMON_CRYPTO 1) +ELSEIF(SHA1_BACKEND STREQUAL "mbedTLS") + SET(GIT_SHA1_MBEDTLS 1) + FILE(GLOB SRC_SHA1 hash/hash_mbedtls.c) + LIST(APPEND LIBGIT2_SYSTEM_INCLUDES ${MBEDTLS_INCLUDE_DIR}) + LIST(APPEND LIBGIT2_LIBS ${MBEDTLS_LIBRARIES}) + # mbedTLS has no pkgconfig file, hence we can't require it + # https://github.com/ARMmbed/mbedtls/issues/228 + # For now, pass its link flags as our own + LIST(APPEND LIBGIT2_PC_LIBS ${MBEDTLS_LIBRARIES}) +ELSEIF(SHA1_BACKEND STREQUAL "Win32") + SET(GIT_SHA1_WIN32 1) + FILE(GLOB SRC_SHA1 hash/hash_win32.c) +ELSEIF(SHA1_BACKEND STREQUAL "Generic") + FILE(GLOB SRC_SHA1 hash/hash_generic.c) +# ELSEIF(NOT USE_SHA1) +ELSE() + MESSAGE(FATAL_ERROR "Asked for unknown SHA1 backend: ${SHA1_BACKEND}") +ENDIF() + +ADD_FEATURE_INFO(SHA ON "using ${SHA1_BACKEND}") |