meson: Make auto the default of the ssl option

The 'ssl' option is of type 'combo', but we add a choice 'auto' that
simulates the behavior of a feature option.  This way, openssl is used
automatically by default if present, but we retain the ability to
potentially select another ssl library.

Author: Nazir Bilal Yavuz <byavuz81@gmail.com>
Discussion: https://www.postgresql.org/message-id/flat/ad65ffd1-a9a7-fda1-59c6-f7dc763c3051%40enterprisedb.com
This commit is contained in:
Peter Eisentraut 2023-03-13 06:46:09 +01:00
parent 1f282c24e4
commit 6a3002715e
7 changed files with 76 additions and 55 deletions

View File

@ -181,7 +181,7 @@ task:
su postgres <<-EOF
meson setup \
--buildtype=debug \
-Dcassert=true -Dssl=openssl -Duuid=bsd -Dtcl_version=tcl86 -Ddtrace=auto \
-Dcassert=true -Duuid=bsd -Dtcl_version=tcl86 -Ddtrace=auto \
-DPG_TEST_EXTRA="$PG_TEST_EXTRA" \
-Dextra_lib_dirs=/usr/local/lib -Dextra_include_dirs=/usr/local/include/ \
build
@ -243,7 +243,6 @@ LINUX_CONFIGURE_FEATURES: &LINUX_CONFIGURE_FEATURES >-
LINUX_MESON_FEATURES: &LINUX_MESON_FEATURES >-
-Dllvm=enabled
-Dssl=openssl
-Duuid=e2fs
@ -497,7 +496,7 @@ task:
-Dextra_include_dirs=${brewpath}/include \
-Dextra_lib_dirs=${brewpath}/lib \
-Dcassert=true \
-Dssl=openssl -Duuid=e2fs -Ddtrace=auto \
-Duuid=e2fs -Ddtrace=auto \
-Dsegsize_blocks=6 \
-DPG_TEST_EXTRA="$PG_TEST_EXTRA" \
build
@ -568,7 +567,7 @@ task:
# Use /DEBUG:FASTLINK to avoid high memory usage during linking
configure_script: |
vcvarsall x64
meson setup --backend ninja --buildtype debug -Dc_link_args=/DEBUG:FASTLINK -Dcassert=true -Db_pch=true -Dssl=openssl -Dextra_lib_dirs=c:\openssl\1.1\lib -Dextra_include_dirs=c:\openssl\1.1\include -DTAR=%TAR% -DPG_TEST_EXTRA="%PG_TEST_EXTRA%" build
meson setup --backend ninja --buildtype debug -Dc_link_args=/DEBUG:FASTLINK -Dcassert=true -Db_pch=true -Dextra_lib_dirs=c:\openssl\1.1\lib -Dextra_include_dirs=c:\openssl\1.1\include -DTAR=%TAR% -DPG_TEST_EXTRA="%PG_TEST_EXTRA%" build
build_script: |
vcvarsall x64

View File

@ -2474,7 +2474,7 @@ ninja install
</varlistentry>
<varlistentry id="configure-with-ssl-meson">
<term><option>-Dssl=<replaceable>LIBRARY</replaceable></option>
<term><option>-Dssl={ auto | <replaceable>LIBRARY</replaceable> }</option>
<indexterm>
<primary>OpenSSL</primary>
<seealso>SSL</seealso>
@ -2488,7 +2488,7 @@ ninja install
<productname>OpenSSL</productname> package to be installed. Building
with this will check for the required header files and libraries to
make sure that your <productname>OpenSSL</productname> installation is
sufficient before proceeding. The default for this option is none.
sufficient before proceeding. The default for this option is auto.
</para>
</listitem>
</varlistentry>

View File

@ -43,6 +43,7 @@ cc = meson.get_compiler('c')
not_found_dep = dependency('', required: false)
thread_dep = dependency('threads')
auto_features = get_option('auto_features')
@ -1171,7 +1172,16 @@ cdata.set('USE_SYSTEMD', systemd.found() ? 1 : false)
# Library: SSL
###############################################################
if get_option('ssl') == 'openssl'
ssl = not_found_dep
ssl_library = 'none'
sslopt = get_option('ssl')
if sslopt == 'auto' and auto_features.disabled()
sslopt = 'none'
endif
if sslopt in ['auto', 'openssl']
openssl_required = (sslopt == 'openssl')
# Try to find openssl via pkg-config et al, if that doesn't work
# (e.g. because it's provided as part of the OS, like on FreeBSD), look for
@ -1193,58 +1203,70 @@ if get_option('ssl') == 'openssl'
ssl = declare_dependency(dependencies: ssl_int,
include_directories: postgres_inc)
else
cc.has_header('openssl/ssl.h', args: test_c_args, dependencies: ssl, required: true)
cc.has_header('openssl/err.h', args: test_c_args, dependencies: ssl, required: true)
elif cc.has_header('openssl/ssl.h', args: test_c_args, dependencies: ssl, required: openssl_required) and \
cc.has_header('openssl/err.h', args: test_c_args, dependencies: ssl, required: openssl_required)
ssl_int = [ssl]
endif
check_funcs = [
['CRYPTO_new_ex_data', {'required': true}],
['SSL_new', {'required': true}],
if ssl.found()
check_funcs = [
['CRYPTO_new_ex_data', {'required': true}],
['SSL_new', {'required': true}],
# Function introduced in OpenSSL 1.0.2.
['X509_get_signature_nid'],
# Function introduced in OpenSSL 1.0.2.
['X509_get_signature_nid'],
# Functions introduced in OpenSSL 1.1.0. We used to check for
# OPENSSL_VERSION_NUMBER, but that didn't work with 1.1.0, because LibreSSL
# defines OPENSSL_VERSION_NUMBER to claim version 2.0.0, even though it
# doesn't have these OpenSSL 1.1.0 functions. So check for individual
# functions.
['OPENSSL_init_ssl'],
['BIO_get_data'],
['BIO_meth_new'],
['ASN1_STRING_get0_data'],
['HMAC_CTX_new'],
['HMAC_CTX_free'],
# Functions introduced in OpenSSL 1.1.0. We used to check for
# OPENSSL_VERSION_NUMBER, but that didn't work with 1.1.0, because LibreSSL
# defines OPENSSL_VERSION_NUMBER to claim version 2.0.0, even though it
# doesn't have these OpenSSL 1.1.0 functions. So check for individual
# functions.
['OPENSSL_init_ssl'],
['BIO_get_data'],
['BIO_meth_new'],
['ASN1_STRING_get0_data'],
['HMAC_CTX_new'],
['HMAC_CTX_free'],
# OpenSSL versions before 1.1.0 required setting callback functions, for
# thread-safety. In 1.1.0, it's no longer required, and CRYPTO_lock()
# function was removed.
['CRYPTO_lock'],
# OpenSSL versions before 1.1.0 required setting callback functions, for
# thread-safety. In 1.1.0, it's no longer required, and CRYPTO_lock()
# function was removed.
['CRYPTO_lock'],
# Function introduced in OpenSSL 1.1.1
['X509_get_signature_info'],
]
# Function introduced in OpenSSL 1.1.1
['X509_get_signature_info'],
]
foreach c : check_funcs
func = c.get(0)
val = cc.has_function(func, args: test_c_args, dependencies: ssl_int)
required = c.get(1, {}).get('required', false)
if required and not val
error('openssl function @0@ is required'.format(func))
elif not required
cdata.set('HAVE_' + func.to_upper(), val ? 1 : false)
are_openssl_funcs_complete = true
foreach c : check_funcs
func = c.get(0)
val = cc.has_function(func, args: test_c_args, dependencies: ssl_int)
required = c.get(1, {}).get('required', false)
if required and not val
are_openssl_funcs_complete = false
if openssl_required
error('openssl function @0@ is required'.format(func))
endif
break
elif not required
cdata.set('HAVE_' + func.to_upper(), val ? 1 : false)
endif
endforeach
if are_openssl_funcs_complete
cdata.set('USE_OPENSSL', 1,
description: 'Define to 1 to build with OpenSSL support. (-Dssl=openssl)')
cdata.set('OPENSSL_API_COMPAT', '0x10001000L',
description: '''Define to the OpenSSL API version in use. This avoids deprecation warnings from newer OpenSSL versions.''')
ssl_library = 'openssl'
else
ssl = not_found_dep
endif
endforeach
endif
endif
cdata.set('USE_OPENSSL', 1,
description: 'Define to 1 to build with OpenSSL support. (-Dssl=openssl)')
cdata.set('OPENSSL_API_COMPAT', '0x10001000L',
description: '''Define to the OpenSSL API version in use. This avoids deprecation warnings from newer OpenSSL versions.''')
else
ssl = not_found_dep
if sslopt == 'auto' and auto_features.enabled() and not ssl.found()
error('no SSL library found')
endif
@ -3266,13 +3288,13 @@ if meson.version().version_compare('>=0.57')
'llvm': llvm,
'lz4': lz4,
'nls': libintl,
'openssl': ssl,
'pam': pam,
'plperl': perl_dep,
'plpython': python3_dep,
'pltcl': tcl_dep,
'readline': readline,
'selinux': selinux,
'ssl': ssl,
'systemd': systemd,
'uuid': uuid,
'zlib': zlib,

View File

@ -130,8 +130,8 @@ option('readline', type : 'feature', value : 'auto',
option('selinux', type : 'feature', value : 'disabled',
description: 'build with SELinux support')
option('ssl', type : 'combo', choices : ['none', 'openssl'],
value : 'none',
option('ssl', type : 'combo', choices : ['auto', 'none', 'openssl'],
value : 'auto',
description: 'use LIB for SSL/TLS support (openssl)')
option('systemd', type : 'feature', value: 'auto',

View File

@ -117,7 +117,7 @@ tests += {
't/001_uri.pl',
't/002_api.pl',
],
'env': {'with_ssl': get_option('ssl')},
'env': {'with_ssl': ssl_library},
},
}

View File

@ -66,7 +66,7 @@ pgxs_kv = {
'SUN_STUDIO_CC': 'no', # not supported so far
# want the chosen option, rather than the library
'with_ssl' : get_option('ssl'),
'with_ssl' : ssl_library,
'with_uuid': uuidopt,
'default_port': get_option('pgport'),

View File

@ -6,7 +6,7 @@ tests += {
'bd': meson.current_build_dir(),
'tap': {
'env': {
'with_ssl': get_option('ssl'),
'with_ssl': ssl_library,
'OPENSSL': openssl.path(),
},
'tests': [