mirror of https://github.com/postgres/postgres
meson: Make auto the default of the ssl option
The 'ssl' option is of type 'combo', but we add a choice 'auto' that simulates the behavior of a feature option. This way, openssl is used automatically by default if present, but we retain the ability to potentially select another ssl library. Author: Nazir Bilal Yavuz <byavuz81@gmail.com> Discussion: https://www.postgresql.org/message-id/flat/ad65ffd1-a9a7-fda1-59c6-f7dc763c3051%40enterprisedb.com
This commit is contained in:
parent
1f282c24e4
commit
6a3002715e
|
@ -181,7 +181,7 @@ task:
|
|||
su postgres <<-EOF
|
||||
meson setup \
|
||||
--buildtype=debug \
|
||||
-Dcassert=true -Dssl=openssl -Duuid=bsd -Dtcl_version=tcl86 -Ddtrace=auto \
|
||||
-Dcassert=true -Duuid=bsd -Dtcl_version=tcl86 -Ddtrace=auto \
|
||||
-DPG_TEST_EXTRA="$PG_TEST_EXTRA" \
|
||||
-Dextra_lib_dirs=/usr/local/lib -Dextra_include_dirs=/usr/local/include/ \
|
||||
build
|
||||
|
@ -243,7 +243,6 @@ LINUX_CONFIGURE_FEATURES: &LINUX_CONFIGURE_FEATURES >-
|
|||
|
||||
LINUX_MESON_FEATURES: &LINUX_MESON_FEATURES >-
|
||||
-Dllvm=enabled
|
||||
-Dssl=openssl
|
||||
-Duuid=e2fs
|
||||
|
||||
|
||||
|
@ -497,7 +496,7 @@ task:
|
|||
-Dextra_include_dirs=${brewpath}/include \
|
||||
-Dextra_lib_dirs=${brewpath}/lib \
|
||||
-Dcassert=true \
|
||||
-Dssl=openssl -Duuid=e2fs -Ddtrace=auto \
|
||||
-Duuid=e2fs -Ddtrace=auto \
|
||||
-Dsegsize_blocks=6 \
|
||||
-DPG_TEST_EXTRA="$PG_TEST_EXTRA" \
|
||||
build
|
||||
|
@ -568,7 +567,7 @@ task:
|
|||
# Use /DEBUG:FASTLINK to avoid high memory usage during linking
|
||||
configure_script: |
|
||||
vcvarsall x64
|
||||
meson setup --backend ninja --buildtype debug -Dc_link_args=/DEBUG:FASTLINK -Dcassert=true -Db_pch=true -Dssl=openssl -Dextra_lib_dirs=c:\openssl\1.1\lib -Dextra_include_dirs=c:\openssl\1.1\include -DTAR=%TAR% -DPG_TEST_EXTRA="%PG_TEST_EXTRA%" build
|
||||
meson setup --backend ninja --buildtype debug -Dc_link_args=/DEBUG:FASTLINK -Dcassert=true -Db_pch=true -Dextra_lib_dirs=c:\openssl\1.1\lib -Dextra_include_dirs=c:\openssl\1.1\include -DTAR=%TAR% -DPG_TEST_EXTRA="%PG_TEST_EXTRA%" build
|
||||
|
||||
build_script: |
|
||||
vcvarsall x64
|
||||
|
|
|
@ -2474,7 +2474,7 @@ ninja install
|
|||
</varlistentry>
|
||||
|
||||
<varlistentry id="configure-with-ssl-meson">
|
||||
<term><option>-Dssl=<replaceable>LIBRARY</replaceable></option>
|
||||
<term><option>-Dssl={ auto | <replaceable>LIBRARY</replaceable> }</option>
|
||||
<indexterm>
|
||||
<primary>OpenSSL</primary>
|
||||
<seealso>SSL</seealso>
|
||||
|
@ -2488,7 +2488,7 @@ ninja install
|
|||
<productname>OpenSSL</productname> package to be installed. Building
|
||||
with this will check for the required header files and libraries to
|
||||
make sure that your <productname>OpenSSL</productname> installation is
|
||||
sufficient before proceeding. The default for this option is none.
|
||||
sufficient before proceeding. The default for this option is auto.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
|
110
meson.build
110
meson.build
|
@ -43,6 +43,7 @@ cc = meson.get_compiler('c')
|
|||
|
||||
not_found_dep = dependency('', required: false)
|
||||
thread_dep = dependency('threads')
|
||||
auto_features = get_option('auto_features')
|
||||
|
||||
|
||||
|
||||
|
@ -1171,7 +1172,16 @@ cdata.set('USE_SYSTEMD', systemd.found() ? 1 : false)
|
|||
# Library: SSL
|
||||
###############################################################
|
||||
|
||||
if get_option('ssl') == 'openssl'
|
||||
ssl = not_found_dep
|
||||
ssl_library = 'none'
|
||||
sslopt = get_option('ssl')
|
||||
|
||||
if sslopt == 'auto' and auto_features.disabled()
|
||||
sslopt = 'none'
|
||||
endif
|
||||
|
||||
if sslopt in ['auto', 'openssl']
|
||||
openssl_required = (sslopt == 'openssl')
|
||||
|
||||
# Try to find openssl via pkg-config et al, if that doesn't work
|
||||
# (e.g. because it's provided as part of the OS, like on FreeBSD), look for
|
||||
|
@ -1193,58 +1203,70 @@ if get_option('ssl') == 'openssl'
|
|||
|
||||
ssl = declare_dependency(dependencies: ssl_int,
|
||||
include_directories: postgres_inc)
|
||||
else
|
||||
cc.has_header('openssl/ssl.h', args: test_c_args, dependencies: ssl, required: true)
|
||||
cc.has_header('openssl/err.h', args: test_c_args, dependencies: ssl, required: true)
|
||||
|
||||
elif cc.has_header('openssl/ssl.h', args: test_c_args, dependencies: ssl, required: openssl_required) and \
|
||||
cc.has_header('openssl/err.h', args: test_c_args, dependencies: ssl, required: openssl_required)
|
||||
ssl_int = [ssl]
|
||||
endif
|
||||
|
||||
check_funcs = [
|
||||
['CRYPTO_new_ex_data', {'required': true}],
|
||||
['SSL_new', {'required': true}],
|
||||
if ssl.found()
|
||||
check_funcs = [
|
||||
['CRYPTO_new_ex_data', {'required': true}],
|
||||
['SSL_new', {'required': true}],
|
||||
|
||||
# Function introduced in OpenSSL 1.0.2.
|
||||
['X509_get_signature_nid'],
|
||||
# Function introduced in OpenSSL 1.0.2.
|
||||
['X509_get_signature_nid'],
|
||||
|
||||
# Functions introduced in OpenSSL 1.1.0. We used to check for
|
||||
# OPENSSL_VERSION_NUMBER, but that didn't work with 1.1.0, because LibreSSL
|
||||
# defines OPENSSL_VERSION_NUMBER to claim version 2.0.0, even though it
|
||||
# doesn't have these OpenSSL 1.1.0 functions. So check for individual
|
||||
# functions.
|
||||
['OPENSSL_init_ssl'],
|
||||
['BIO_get_data'],
|
||||
['BIO_meth_new'],
|
||||
['ASN1_STRING_get0_data'],
|
||||
['HMAC_CTX_new'],
|
||||
['HMAC_CTX_free'],
|
||||
# Functions introduced in OpenSSL 1.1.0. We used to check for
|
||||
# OPENSSL_VERSION_NUMBER, but that didn't work with 1.1.0, because LibreSSL
|
||||
# defines OPENSSL_VERSION_NUMBER to claim version 2.0.0, even though it
|
||||
# doesn't have these OpenSSL 1.1.0 functions. So check for individual
|
||||
# functions.
|
||||
['OPENSSL_init_ssl'],
|
||||
['BIO_get_data'],
|
||||
['BIO_meth_new'],
|
||||
['ASN1_STRING_get0_data'],
|
||||
['HMAC_CTX_new'],
|
||||
['HMAC_CTX_free'],
|
||||
|
||||
# OpenSSL versions before 1.1.0 required setting callback functions, for
|
||||
# thread-safety. In 1.1.0, it's no longer required, and CRYPTO_lock()
|
||||
# function was removed.
|
||||
['CRYPTO_lock'],
|
||||
# OpenSSL versions before 1.1.0 required setting callback functions, for
|
||||
# thread-safety. In 1.1.0, it's no longer required, and CRYPTO_lock()
|
||||
# function was removed.
|
||||
['CRYPTO_lock'],
|
||||
|
||||
# Function introduced in OpenSSL 1.1.1
|
||||
['X509_get_signature_info'],
|
||||
]
|
||||
# Function introduced in OpenSSL 1.1.1
|
||||
['X509_get_signature_info'],
|
||||
]
|
||||
|
||||
foreach c : check_funcs
|
||||
func = c.get(0)
|
||||
val = cc.has_function(func, args: test_c_args, dependencies: ssl_int)
|
||||
required = c.get(1, {}).get('required', false)
|
||||
if required and not val
|
||||
error('openssl function @0@ is required'.format(func))
|
||||
elif not required
|
||||
cdata.set('HAVE_' + func.to_upper(), val ? 1 : false)
|
||||
are_openssl_funcs_complete = true
|
||||
foreach c : check_funcs
|
||||
func = c.get(0)
|
||||
val = cc.has_function(func, args: test_c_args, dependencies: ssl_int)
|
||||
required = c.get(1, {}).get('required', false)
|
||||
if required and not val
|
||||
are_openssl_funcs_complete = false
|
||||
if openssl_required
|
||||
error('openssl function @0@ is required'.format(func))
|
||||
endif
|
||||
break
|
||||
elif not required
|
||||
cdata.set('HAVE_' + func.to_upper(), val ? 1 : false)
|
||||
endif
|
||||
endforeach
|
||||
|
||||
if are_openssl_funcs_complete
|
||||
cdata.set('USE_OPENSSL', 1,
|
||||
description: 'Define to 1 to build with OpenSSL support. (-Dssl=openssl)')
|
||||
cdata.set('OPENSSL_API_COMPAT', '0x10001000L',
|
||||
description: '''Define to the OpenSSL API version in use. This avoids deprecation warnings from newer OpenSSL versions.''')
|
||||
ssl_library = 'openssl'
|
||||
else
|
||||
ssl = not_found_dep
|
||||
endif
|
||||
endforeach
|
||||
endif
|
||||
endif
|
||||
|
||||
cdata.set('USE_OPENSSL', 1,
|
||||
description: 'Define to 1 to build with OpenSSL support. (-Dssl=openssl)')
|
||||
cdata.set('OPENSSL_API_COMPAT', '0x10001000L',
|
||||
description: '''Define to the OpenSSL API version in use. This avoids deprecation warnings from newer OpenSSL versions.''')
|
||||
else
|
||||
ssl = not_found_dep
|
||||
if sslopt == 'auto' and auto_features.enabled() and not ssl.found()
|
||||
error('no SSL library found')
|
||||
endif
|
||||
|
||||
|
||||
|
@ -3266,13 +3288,13 @@ if meson.version().version_compare('>=0.57')
|
|||
'llvm': llvm,
|
||||
'lz4': lz4,
|
||||
'nls': libintl,
|
||||
'openssl': ssl,
|
||||
'pam': pam,
|
||||
'plperl': perl_dep,
|
||||
'plpython': python3_dep,
|
||||
'pltcl': tcl_dep,
|
||||
'readline': readline,
|
||||
'selinux': selinux,
|
||||
'ssl': ssl,
|
||||
'systemd': systemd,
|
||||
'uuid': uuid,
|
||||
'zlib': zlib,
|
||||
|
|
|
@ -130,8 +130,8 @@ option('readline', type : 'feature', value : 'auto',
|
|||
option('selinux', type : 'feature', value : 'disabled',
|
||||
description: 'build with SELinux support')
|
||||
|
||||
option('ssl', type : 'combo', choices : ['none', 'openssl'],
|
||||
value : 'none',
|
||||
option('ssl', type : 'combo', choices : ['auto', 'none', 'openssl'],
|
||||
value : 'auto',
|
||||
description: 'use LIB for SSL/TLS support (openssl)')
|
||||
|
||||
option('systemd', type : 'feature', value: 'auto',
|
||||
|
|
|
@ -117,7 +117,7 @@ tests += {
|
|||
't/001_uri.pl',
|
||||
't/002_api.pl',
|
||||
],
|
||||
'env': {'with_ssl': get_option('ssl')},
|
||||
'env': {'with_ssl': ssl_library},
|
||||
},
|
||||
}
|
||||
|
||||
|
|
|
@ -66,7 +66,7 @@ pgxs_kv = {
|
|||
'SUN_STUDIO_CC': 'no', # not supported so far
|
||||
|
||||
# want the chosen option, rather than the library
|
||||
'with_ssl' : get_option('ssl'),
|
||||
'with_ssl' : ssl_library,
|
||||
'with_uuid': uuidopt,
|
||||
|
||||
'default_port': get_option('pgport'),
|
||||
|
|
|
@ -6,7 +6,7 @@ tests += {
|
|||
'bd': meson.current_build_dir(),
|
||||
'tap': {
|
||||
'env': {
|
||||
'with_ssl': get_option('ssl'),
|
||||
'with_ssl': ssl_library,
|
||||
'OPENSSL': openssl.path(),
|
||||
},
|
||||
'tests': [
|
||||
|
|
Loading…
Reference in New Issue