From 921c0675a25708d19e76aa8e3b48c4483a1a255d Mon Sep 17 00:00:00 2001 From: Brent Cook Date: Mon, 5 Apr 2021 02:32:35 -0500 Subject: Add '--enable-libtls-only' build option --- CMakeLists.txt | 11 +++++++++++ Makefile.am | 33 ++++++++++++++++++++++++++++++++- apps/ocspcheck/Makefile.am | 5 ++++- apps/openssl/CMakeLists.txt | 10 ---------- apps/openssl/Makefile.am | 36 +++++------------------------------- configure.ac | 23 ++++++++--------------- crypto/Makefile.am | 8 ++++++-- include/openssl/Makefile.am.tpl | 1 + m4/check-os-options.m4 | 18 ++++++++++++++---- ssl/Makefile.am | 4 ++++ update.sh | 10 ++++++---- 11 files changed, 91 insertions(+), 68 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index eca97b3..4183499 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -368,6 +368,17 @@ if(NOT MSVC) DESTINATION ${CMAKE_INSTALL_LIBDIR}) endif() +if(NOT "${OPENSSLDIR}" STREQUAL "") + set(CONF_DIR "${OPENSSLDIR}") +else() + set(CONF_DIR "${CMAKE_INSTALL_PREFIX}/etc/ssl") +endif() + +if(ENABLE_LIBRESSL_INSTALL) + install(FILES cert.pem openssl.cnf x509v3.cnf DESTINATION ${CONF_DIR}) + install(DIRECTORY DESTINATION ${CONF_DIR}/certs) +endif(ENABLE_LIBRESSL_INSTALL) + if(NOT TARGET uninstall) configure_file( "${CMAKE_CURRENT_SOURCE_DIR}/cmake_uninstall.cmake.in" diff --git a/Makefile.am b/Makefile.am index 6499f07..ed59df0 100644 --- a/Makefile.am +++ b/Makefile.am @@ -5,10 +5,41 @@ endif ACLOCAL_AMFLAGS = -I m4 pkgconfigdir = $(libdir)/pkgconfig -pkgconfig_DATA = libcrypto.pc libssl.pc libtls.pc openssl.pc +pkgconfig_DATA = libtls.pc +if !ENABLE_LIBTLS_ONLY +pkgconfig_DATA += libcrypto.pc libssl.pc openssl.pc +endif EXTRA_DIST = README.md README.windows VERSION config scripts EXTRA_DIST += CMakeLists.txt cmake_export_symbol.cmake cmake_uninstall.cmake.in FindLibreSSL.cmake +EXTRA_DIST += cert.pem openssl.cnf x509v3.cnf .PHONY: install_sw install_sw: install + +install-exec-hook: + @if [ "@OPENSSLDIR@x" != "x" ]; then \ + OPENSSLDIR="$(DESTDIR)@OPENSSLDIR@"; \ + else \ + OPENSSLDIR="$(DESTDIR)$(sysconfdir)/ssl"; \ + fi; \ + mkdir -p "$$OPENSSLDIR/certs"; \ + for i in cert.pem openssl.cnf x509v3.cnf; do \ + if [ ! -f "$$OPENSSLDIR/$i" ]; then \ + $(INSTALL) -m 644 "$(srcdir)/$$i" "$$OPENSSLDIR/$$i"; \ + else \ + echo " $$OPENSSLDIR/$$i already exists, install will not overwrite"; \ + fi \ + done + +uninstall-local: + @if [ "@OPENSSLDIR@x" != "x" ]; then \ + OPENSSLDIR="$(DESTDIR)@OPENSSLDIR@"; \ + else \ + OPENSSLDIR="$(DESTDIR)$(sysconfdir)/ssl"; \ + fi; \ + for i in cert.pem openssl.cnf x509v3.cnf; do \ + if cmp -s "$$OPENSSLDIR/$$i" "$(srcdir)/$$i"; then \ + rm -f "$$OPENSSLDIR/$$i"; \ + fi \ + done diff --git a/apps/ocspcheck/Makefile.am b/apps/ocspcheck/Makefile.am index e3f7971..71a73ea 100644 --- a/apps/ocspcheck/Makefile.am +++ b/apps/ocspcheck/Makefile.am @@ -1,8 +1,11 @@ include $(top_srcdir)/Makefile.am.common +if !ENABLE_LIBTLS_ONLY bin_PROGRAMS = ocspcheck - dist_man_MANS = ocspcheck.8 +else +noinst_PROGRAMS = ocspcheck +endif EXTRA_DIST = ocspcheck.8 EXTRA_DIST += CMakeLists.txt diff --git a/apps/openssl/CMakeLists.txt b/apps/openssl/CMakeLists.txt index 752f3ec..b9cd222 100644 --- a/apps/openssl/CMakeLists.txt +++ b/apps/openssl/CMakeLists.txt @@ -83,13 +83,3 @@ if(ENABLE_LIBRESSL_INSTALL) install(TARGETS openssl DESTINATION ${CMAKE_INSTALL_BINDIR}) install(FILES openssl.1 DESTINATION ${CMAKE_INSTALL_MANDIR}/man1) endif(ENABLE_LIBRESSL_INSTALL) - -if(NOT "${OPENSSLDIR}" STREQUAL "") - set(CONF_DIR "${OPENSSLDIR}") -else() - set(CONF_DIR "${CMAKE_INSTALL_PREFIX}/etc/ssl") -endif() -if(ENABLE_LIBRESSL_INSTALL) - install(FILES cert.pem openssl.cnf x509v3.cnf DESTINATION ${CONF_DIR}) - install(DIRECTORY DESTINATION ${CONF_DIR}/certs) -endif(ENABLE_LIBRESSL_INSTALL) diff --git a/apps/openssl/Makefile.am b/apps/openssl/Makefile.am index 0bd8ca4..b98e08d 100644 --- a/apps/openssl/Makefile.am +++ b/apps/openssl/Makefile.am @@ -1,8 +1,11 @@ include $(top_srcdir)/Makefile.am.common +if !ENABLE_LIBTLS_ONLY bin_PROGRAMS = openssl - dist_man_MANS = openssl.1 +else +noinst_PROGRAMS = openssl +endif openssl_LDADD = $(abs_top_builddir)/ssl/libssl.la openssl_LDADD += $(abs_top_builddir)/crypto/libcrypto.la @@ -92,34 +95,5 @@ noinst_HEADERS += testdsa.h noinst_HEADERS += testrsa.h noinst_HEADERS += timeouts.h -EXTRA_DIST = cert.pem -EXTRA_DIST += openssl.cnf -EXTRA_DIST += x509v3.cnf -EXTRA_DIST += CMakeLists.txt - -install-exec-hook: - @if [ "@OPENSSLDIR@x" != "x" ]; then \ - OPENSSLDIR="$(DESTDIR)@OPENSSLDIR@"; \ - else \ - OPENSSLDIR="$(DESTDIR)$(sysconfdir)/ssl"; \ - fi; \ - mkdir -p "$$OPENSSLDIR/certs"; \ - for i in cert.pem openssl.cnf x509v3.cnf; do \ - if [ ! -f "$$OPENSSLDIR/$i" ]; then \ - $(INSTALL) -m 644 "$(srcdir)/$$i" "$$OPENSSLDIR/$$i"; \ - else \ - echo " $$OPENSSLDIR/$$i already exists, install will not overwrite"; \ - fi \ - done +EXTRA_DIST = CMakeLists.txt -uninstall-local: - @if [ "@OPENSSLDIR@x" != "x" ]; then \ - OPENSSLDIR="$(DESTDIR)@OPENSSLDIR@"; \ - else \ - OPENSSLDIR="$(DESTDIR)$(sysconfdir)/ssl"; \ - fi; \ - for i in cert.pem openssl.cnf x509v3.cnf; do \ - if cmp -s "$$OPENSSLDIR/$$i" "$(srcdir)/$$i"; then \ - rm -f "$$OPENSSLDIR/$$i"; \ - fi \ - done diff --git a/configure.ac b/configure.ac index 3aca617..fdf72ee 100644 --- a/configure.ac +++ b/configure.ac @@ -110,9 +110,6 @@ AM_CONDITIONAL([HOST_ASM_MASM_X86_64], AM_CONDITIONAL([HOST_ASM_MINGW64_X86_64], [test "x$HOST_ABI" = "xmingw64" -a "$host_cpu" = "x86_64" -a "x$enable_asm" != "xno"]) -# Check if time_t is sized correctly -AC_CHECK_SIZEOF([time_t], [time.h]) - AC_CONFIG_FILES([ Makefile include/Makefile @@ -132,18 +129,14 @@ AC_CONFIG_FILES([ openssl.pc ]) -AM_CONDITIONAL([SMALL_TIME_T], [test "$ac_cv_sizeof_time_t" = "4"]) -if test "$ac_cv_sizeof_time_t" = "4"; then - AC_DEFINE([SMALL_TIME_T]) - echo " ** Warning, this system is unable to represent times past 2038" - echo " ** It will behave incorrectly when handling valid RFC5280 dates" - - if test "$host_os" = "mingw32" ; then - echo " **" - echo " ** You can solve this by adjusting the build flags in your" - echo " ** mingw-w64 toolchain. Refer to README.windows for details." - fi -fi +AC_ARG_ENABLE([nc], + AS_HELP_STRING([--enable-nc], [Enable installing TLS-enabled nc(1)])) +AM_CONDITIONAL([ENABLE_NC], [test "x$enable_nc" = xyes]) +AM_CONDITIONAL([BUILD_NC], [test x$BUILD_NC = xyes -o "x$enable_nc" = xyes]) + +AC_ARG_ENABLE([libtls-only], + AS_HELP_STRING([--enable-libtls-only], [Enable installing libtls only])) +AM_CONDITIONAL([ENABLE_LIBTLS_ONLY], [test "x$enable_libtls_only" = xyes]) AC_REQUIRE_AUX_FILE([tap-driver.sh]) diff --git a/crypto/Makefile.am b/crypto/Makefile.am index e32ca96..8552a4d 100644 --- a/crypto/Makefile.am +++ b/crypto/Makefile.am @@ -9,7 +9,13 @@ AM_CPPFLAGS += -I$(top_srcdir)/crypto/evp AM_CPPFLAGS += -I$(top_srcdir)/crypto/modes AM_CPPFLAGS += -I$(top_srcdir)/crypto +noinst_LTLIBRARIES = libcompat.la + +if ENABLE_LIBTLS_ONLY +noinst_LTLIBRARIES += libcrypto.la +else lib_LTLIBRARIES = libcrypto.la +endif EXTRA_DIST = VERSION EXTRA_DIST += CMakeLists.txt @@ -126,8 +132,6 @@ else libcrypto_la_CPPFLAGS += -DOPENSSLDIR=\"$(sysconfdir)/ssl\" endif -noinst_LTLIBRARIES = libcompat.la - # compatibility functions that need to be built without optimizations if !HAVE_EXPLICIT_BZERO noinst_LTLIBRARIES += libcompatnoopt.la diff --git a/include/openssl/Makefile.am.tpl b/include/openssl/Makefile.am.tpl index 1375956..1bea34d 100644 --- a/include/openssl/Makefile.am.tpl +++ b/include/openssl/Makefile.am.tpl @@ -1,5 +1,6 @@ include $(top_srcdir)/Makefile.am.common +if !ENABLE_LIBTLS_ONLY opensslincludedir=$(includedir)/openssl opensslinclude_HEADERS = diff --git a/m4/check-os-options.m4 b/m4/check-os-options.m4 index c014efb..644bf71 100644 --- a/m4/check-os-options.m4 +++ b/m4/check-os-options.m4 @@ -123,10 +123,20 @@ char buf[1]; getentropy(buf, 1); *) ;; esac -AC_ARG_ENABLE([nc], - AS_HELP_STRING([--enable-nc], [Enable installing TLS-enabled nc(1)])) -AM_CONDITIONAL([ENABLE_NC], [test "x$enable_nc" = xyes]) -AM_CONDITIONAL([BUILD_NC], [test x$BUILD_NC = xyes -o "x$enable_nc" = xyes]) +# Check if time_t is sized correctly +AC_CHECK_SIZEOF([time_t], [time.h]) +AM_CONDITIONAL([SMALL_TIME_T], [test "$ac_cv_sizeof_time_t" = "4"]) +if test "$ac_cv_sizeof_time_t" = "4"; then + AC_DEFINE([SMALL_TIME_T]) + echo " ** Warning, this system is unable to represent times past 2038" + echo " ** It will behave incorrectly when handling valid RFC5280 dates" + + if test "$host_os" = "mingw32" ; then + echo " **" + echo " ** You can solve this by adjusting the build flags in your" + echo " ** mingw-w64 toolchain. Refer to README.windows for details." + fi +fi AM_CONDITIONAL([HOST_AIX], [test x$HOST_OS = xaix]) AM_CONDITIONAL([HOST_CYGWIN], [test x$HOST_OS = xcygwin]) diff --git a/ssl/Makefile.am b/ssl/Makefile.am index 85b932e..7f4c164 100644 --- a/ssl/Makefile.am +++ b/ssl/Makefile.am @@ -1,6 +1,10 @@ include $(top_srcdir)/Makefile.am.common +if ENABLE_LIBTLS_ONLY +noinst_LTLIBRARIES = libssl.la +else lib_LTLIBRARIES = libssl.la +endif EXTRA_DIST = VERSION EXTRA_DIST += CMakeLists.txt diff --git a/update.sh b/update.sh index 22048ea..fe91b51 100755 --- a/update.sh +++ b/update.sh @@ -265,9 +265,9 @@ done echo "copying openssl(1) source" $CP $bin_src/openssl/openssl.1 apps/openssl $CP_LIBC $libc_src/stdlib/strtonum.c apps/openssl/compat -$CP $libcrypto_src/cert.pem apps/openssl -$CP $libcrypto_src/openssl.cnf apps/openssl -$CP $libcrypto_src/x509v3.cnf apps/openssl +$CP $libcrypto_src/cert.pem . +$CP $libcrypto_src/openssl.cnf . +$CP $libcrypto_src/x509v3.cnf . for i in `awk '/SOURCES|HEADERS|MANS/ { print $3 }' apps/openssl/Makefile.am` ; do if [ -e $bin_src/openssl/$i ]; then $CP $bin_src/openssl/$i apps/openssl @@ -327,6 +327,7 @@ chmod 755 tests/testssl for i in `ls -1 *.h|sort`; do echo "opensslinclude_HEADERS += $i" >> Makefile.am done + echo endif >> Makefile.am ) add_man_links() { @@ -362,9 +363,9 @@ done # copy manpages echo "copying manpages" echo EXTRA_DIST = CMakeLists.txt > man/Makefile.am +echo "if !ENABLE_LIBTLS_ONLY" >> man/Makefile.am echo dist_man3_MANS = >> man/Makefile.am echo dist_man5_MANS = >> man/Makefile.am - (cd man for i in `ls -1 $libssl_src/man/*.3 | sort`; do NAME=`basename "$i"` @@ -391,3 +392,4 @@ echo dist_man5_MANS = >> man/Makefile.am done ) add_man_links . man/Makefile.am +echo endif >> man/Makefile.am -- cgit v1.2.3-55-g6feb