Patchwork [6/6] gnutls: bump to version 3.2.0

login
register
mail settings
Submitter Gustavo Zacarias
Date May 13, 2013, 4:40 p.m.
Message ID <1368463259-18958-6-git-send-email-gustavo@zacarias.com.ar>
Download mbox | patch
Permalink /patch/243447/
State Superseded
Headers show

Comments

Gustavo Zacarias - May 13, 2013, 4:40 p.m.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
---
 package/gnutls/Config.in                           | 15 ++++++
 ...gnutls-correct_rpl_gettimeofday_signature.patch | 58 ----------------------
 package/gnutls/gnutls.mk                           | 29 ++++++++---
 3 files changed, 38 insertions(+), 64 deletions(-)
 delete mode 100644 package/gnutls/gnutls-correct_rpl_gettimeofday_signature.patch
Arnout Vandecappelle - May 14, 2013, 10:36 p.m.
On 13/05/13 18:40, Gustavo Zacarias wrote:
> Signed-off-by: Gustavo Zacarias<gustavo@zacarias.com.ar>
> ---
>   package/gnutls/Config.in                           | 15 ++++++
>   ...gnutls-correct_rpl_gettimeofday_signature.patch | 58 ----------------------
>   package/gnutls/gnutls.mk                           | 29 ++++++++---
>   3 files changed, 38 insertions(+), 64 deletions(-)
>   delete mode 100644 package/gnutls/gnutls-correct_rpl_gettimeofday_signature.patch
>
> diff --git a/package/gnutls/Config.in b/package/gnutls/Config.in
> index 038b3fb..6c741a6 100644
> --- a/package/gnutls/Config.in
> +++ b/package/gnutls/Config.in
> @@ -1,6 +1,7 @@
>   config BR2_PACKAGE_GNUTLS
>   	bool "gnutls"
>   	select BR2_PACKAGE_NETTLE
> +	select BR2_PACKAGE_PCRE
>   	depends on BR2_USE_WCHAR
>   	help
>   	  GnuTLS is a secure communications library implementing the SSL
> @@ -8,6 +9,20 @@ config BR2_PACKAGE_GNUTLS
>
>   	http://www.gnutls.org
>
> +config BR2_PACKAGE_GNUTLS_PKCS11
> +	bool "PKCS#11 support"
> +	depends on !BR2_PREFER_STATIC_LIB
> +	depends on BR2_USE_MMU
> +	depends on BR2_PACKAGE_GNUTLS
> +	depends on BR2_TOOLCHAIN_HAS_THREADS
> +	select BR2_PACKAGE_LIBTASN1
> +	select BR2_PACKAGE_P11_KIT
> +	help
> +	  Enable PKCS#11 support in gnutls.
> +
> +comment "gnutls pkcs#11 support requires a toolchain with thread support"
> +	depends on BR2_PACKAGE_GNUTLS && !BR2_TOOLCHAIN_HAS_THREADS
> +

  Any reason why you want to add this config symbol, instead of just 
checking for BR2_PACKAGE_P11_KIT in the .mk file?

  Regards,
  Arnout
Gustavo Zacarias - May 14, 2013, 10:49 p.m.
On 05/14/2013 07:36 PM, Arnout Vandecappelle wrote:
>  Any reason why you want to add this config symbol, instead of just
> checking for BR2_PACKAGE_P11_KIT in the .mk file?

Other than it's usually an obscure option (probably not easy to infer
for people), not really.
Regards.
Arnout Vandecappelle - May 16, 2013, 6:17 a.m.
On 15/05/13 00:49, Gustavo Zacarias wrote:
> On 05/14/2013 07:36 PM, Arnout Vandecappelle wrote:
>>   Any reason why you want to add this config symbol, instead of just
>> checking for BR2_PACKAGE_P11_KIT in the .mk file?
>
> Other than it's usually an obscure option (probably not easy to infer
> for people), not really.

  I think it is time that we formalize a bit the rules for optional 
dependencies.

  To be honest, I would prefer explicit config options for optional 
dependencies, because it's not easy for users to realize they can select 
the additional library. However, that buts an unrealistic (maintenance) 
overhead on the Config.in files.

  So as a second-best option, I would say that the optional dependencies 
should be mentioned in the package help text. It's still not easy on the 
user, because s/he needs to know how to read the help text and how to 
search for the relevant package. It's also still a bit of a maintenance 
burden because the help text has to be updated when optional dependencies 
are added/removed. But I guess it's a reasonable compromise.

  With that, I think our informal guideline of adding config options only 
for obscure libraries becomes less of a necessity, and we can make it a 
rule to never add config options for optional dependencies.

  What do you think?

  Regards,
  Arnout
Thomas Petazzoni - May 16, 2013, 8:50 a.m.
Dear Arnout Vandecappelle,

On Thu, 16 May 2013 08:17:43 +0200, Arnout Vandecappelle wrote:

>   I think it is time that we formalize a bit the rules for optional 
> dependencies.
> 
>   To be honest, I would prefer explicit config options for optional 
> dependencies, because it's not easy for users to realize they can select 
> the additional library. However, that buts an unrealistic (maintenance) 
> overhead on the Config.in files.
> 
>   So as a second-best option, I would say that the optional dependencies 
> should be mentioned in the package help text. It's still not easy on the 
> user, because s/he needs to know how to read the help text and how to 
> search for the relevant package. It's also still a bit of a maintenance 
> burden because the help text has to be updated when optional dependencies 
> are added/removed. But I guess it's a reasonable compromise.

Is this really useful? Isn't the <package>.mk file already explicit
enough about this? I'm pretty sure help texts will get out of sync, and
I'm not sure there's really a point in duplicating the information that
the <package>.mk already provides.

>   With that, I think our informal guideline of adding config options only 
> for obscure libraries becomes less of a necessity, and we can make it a 
> rule to never add config options for optional dependencies.
> 
>   What do you think?

Hum, I'm not sure to understand the current informal guideline as
"adding config options only for obscure libraries".

For features of the package that are not related to a dependency
(enabling debugging, or some other completely internal feature), there
is no other choice than adding a config option.

When there is a dependency, I guess the current rule is a matter of
appreciating whether or not it sounds logical to automatically enable
SSL support when OpenSSL is available, or whether having library foo in
the system immediately indicates that you want support for foo
everywhere. I'm not sure there is a way of having a solution that suits
all cases, without examining each specific case, and having an
appreciation of which choice makes the most sense.

For example, even enabling SSL automatically when OpenSSL is available
is something that could be discussed. It's not because I need SSL for
OpenSSH that I necessarily want my lighttpd web server to gain SSL
support (well, ok, granted, in this specific case, lighttpd has a
sub-option to enable or disable SSL support...). But it makes sense to
have this automatic, and leave it as a user customization if really
it's very important to disable SSL support on a per-package basis.

The drawback of the current solution, is that it is causing some
confusion on what should be done, and how to appreciate the border-line
cases. I unfortunately don't have much ideas here to improve this
situation.

Best regards,

Thomas

Patch

diff --git a/package/gnutls/Config.in b/package/gnutls/Config.in
index 038b3fb..6c741a6 100644
--- a/package/gnutls/Config.in
+++ b/package/gnutls/Config.in
@@ -1,6 +1,7 @@ 
 config BR2_PACKAGE_GNUTLS
 	bool "gnutls"
 	select BR2_PACKAGE_NETTLE
+	select BR2_PACKAGE_PCRE
 	depends on BR2_USE_WCHAR
 	help
 	  GnuTLS is a secure communications library implementing the SSL
@@ -8,6 +9,20 @@  config BR2_PACKAGE_GNUTLS
 
 	  http://www.gnutls.org
 
+config BR2_PACKAGE_GNUTLS_PKCS11
+	bool "PKCS#11 support"
+	depends on !BR2_PREFER_STATIC_LIB
+	depends on BR2_USE_MMU
+	depends on BR2_PACKAGE_GNUTLS
+	depends on BR2_TOOLCHAIN_HAS_THREADS
+	select BR2_PACKAGE_LIBTASN1
+	select BR2_PACKAGE_P11_KIT
+	help
+	  Enable PKCS#11 support in gnutls.
+
+comment "gnutls pkcs#11 support requires a toolchain with thread support"
+	depends on BR2_PACKAGE_GNUTLS && !BR2_TOOLCHAIN_HAS_THREADS
+
 config BR2_PACKAGE_GNUTLS_TOOLS
 	bool "install tools"
 	depends on BR2_PACKAGE_GNUTLS
diff --git a/package/gnutls/gnutls-correct_rpl_gettimeofday_signature.patch b/package/gnutls/gnutls-correct_rpl_gettimeofday_signature.patch
deleted file mode 100644
index 9188708..0000000
--- a/package/gnutls/gnutls-correct_rpl_gettimeofday_signature.patch
+++ /dev/null
@@ -1,58 +0,0 @@ 
-[PATCH] fix build on uClibc
-
-Currently we fail on uclibc like below
-
-| In file included from /home/kraj/work/angstrom/sources/openembedded-core/build/tmp-uclibc/sysroots/qemuarm/usr/include/sys/procfs.h:32:0,
-|                  from /home/kraj/work/angstrom/sources/openembedded-core/build/tmp-uclibc/sysroots/qemuarm/usr/include/sys/ucontext.h:26,
-|                  from /home/kraj/work/angstrom/sources/openembedded-core/build/tmp-uclibc/sysroots/qemuarm/usr/include/signal.h:392,
-|                  from ../../gl/signal.h:52,
-|                  from ../../gl/sys/select.h:58,
-|                  from /home/kraj/work/angstrom/sources/openembedded-core/build/tmp-uclibc/sysroots/qemuarm/usr/include/sys/types.h:220,
-|                  from ../../gl/sys/types.h:28,
-|                  from ../../lib/includes/gnutls/gnutls.h:46,
-|                  from ex-cxx.cpp:3:
-| ../../gl/sys/time.h:396:66: error: conflicting declaration 'void* restrict'
-| ../../gl/sys/time.h:396:50: error: 'restrict' has a previous declaration as 'timeval* restrict'
-| make[4]: *** [ex-cxx.o] Error 1
-| make[4]: *** Waiting for unfinished jobs....
-
-
-GCC detects that we call 'restrict' as param name in function
-signatures and complains since both params are called 'restrict'
-therefore we use __restrict to denote the C99 keywork
-
-This only happens of uclibc since this code is not excercised with
-eglibc otherwise we will have same issue there too
-
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
-Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
-
-Index: gnutls-2.12.14/gl/sys_time.in.h
-===================================================================
---- gnutls-2.12.14.orig/gl/sys_time.in.h	2012-01-15 10:54:39.517285351 -0800
-+++ gnutls-2.12.14/gl/sys_time.in.h	2012-01-15 10:59:23.773299108 -0800
-@@ -82,20 +82,20 @@
- #    define gettimeofday rpl_gettimeofday
- #   endif
- _GL_FUNCDECL_RPL (gettimeofday, int,
--                  (struct timeval *restrict, void *restrict)
-+                  (struct timeval *__restrict, void *__restrict)
-                   _GL_ARG_NONNULL ((1)));
- _GL_CXXALIAS_RPL (gettimeofday, int,
--                  (struct timeval *restrict, void *restrict));
-+                  (struct timeval *__restrict, void *__restrict));
- #  else
- #   if !@HAVE_GETTIMEOFDAY@
- _GL_FUNCDECL_SYS (gettimeofday, int,
--                  (struct timeval *restrict, void *restrict)
-+                  (struct timeval *__restrict, void *__restrict)
-                   _GL_ARG_NONNULL ((1)));
- #   endif
- /* Need to cast, because on glibc systems, by default, the second argument is
-                                                   struct timezone *.  */
- _GL_CXXALIAS_SYS_CAST (gettimeofday, int,
--                       (struct timeval *restrict, void *restrict));
-+                       (struct timeval *__restrict, void *__restrict));
- #  endif
- _GL_CXXALIASWARN (gettimeofday);
- # elif defined GNULIB_POSIXCHECK
diff --git a/package/gnutls/gnutls.mk b/package/gnutls/gnutls.mk
index 610a5a2..45ddea8 100644
--- a/package/gnutls/gnutls.mk
+++ b/package/gnutls/gnutls.mk
@@ -4,22 +4,39 @@ 
 #
 #############################################################
 
-GNUTLS_VERSION = 3.1.9
+GNUTLS_VERSION = 3.2.0
 GNUTLS_SOURCE = gnutls-$(GNUTLS_VERSION).tar.xz
-GNUTLS_SITE = ftp://ftp.gnutls.org/gcrypt/gnutls/v3.1
-GNUTLS_LICENSE = GPLv3+ LGPLv3
+GNUTLS_SITE = ftp://ftp.gnutls.org/gcrypt/gnutls/v3.2
+GNUTLS_LICENSE = GPLv3+ LGPLv2.1+
 GNUTLS_LICENSE_FILES = COPYING COPYING.LESSER
-GNUTLS_DEPENDENCIES = host-pkgconf nettle $(if $(BR2_PACKAGE_ZLIB),zlib)
-GNUTLS_CONF_OPT = --with-libnettle-prefix=$(STAGING_DIR)/usr --disable-rpath
+GNUTLS_DEPENDENCIES = host-pkgconf nettle pcre \
+	$(if $(BR2_PACKAGE_GNUTLS_PKCS11),p11-kit) \
+	$(if $(BR2_PACKAGE_LIBIDN),libidn) \
+	$(if $(BR2_PACKAGE_LIBTASN1),libtasn1) \
+	$(if $(BR2_PACKAGE_ZLIB),zlib)
+GNUTLS_CONF_OPT = --with-libnettle-prefix=$(STAGING_DIR)/usr --disable-rpath \
+	--disable-doc --disable-guile
 GNUTLS_CONF_ENV = gl_cv_socket_ipv6=$(if $(BR2_INET_IPV6),yes,no) \
 	ac_cv_header_wchar_h=$(if $(BR2_USE_WCHAR),yes,no) \
 	gt_cv_c_wchar_t=$(if $(BR2_USE_WCHAR),yes,no) \
-	gt_cv_c_wint_t=$(if $(BR2_USE_WCHAR),yes,no)
+	gt_cv_c_wint_t=$(if $(BR2_USE_WCHAR),yes,no) \
+	gl_cv_func_gettimeofday_clobber=no
 GNUTLS_INSTALL_STAGING = YES
 
 # libpthread autodetection poisons the linkpath
 GNUTLS_CONF_OPT += $(if $(BR2_TOOLCHAIN_HAS_THREADS),--with-libpthread-prefix=$(STAGING_DIR)/usr)
 
+# gnutls needs libregex, but pcre can be used too
+# The check isn't cross-compile friendly
+define GNUTLS_LIBREGEX_CHECK_FIX
+	$(SED) 's/libopts_cv_with_libregex=no/libopts_cv_with_libregex=yes/g;'\
+		$(@D)/configure
+endef
+GNUTLS_PRE_CONFIGURE_HOOKS += GNUTLS_LIBREGEX_CHECK_FIX
+GNUTLS_CONF_OPT += --with-regex-header=pcreposix.h \
+	--with-libregex-cflags="`$(PKG_CONFIG_HOST_BINARY) libpcreposix --cflags`" \
+	--with-libregex-libs="`$(PKG_CONFIG_HOST_BINARY) libpcreposix --libs`"
+
 # libidn support for nommu must exclude the crywrap wrapper (uses fork)
 GNUTLS_CONF_OPT += $(if $(BR2_USE_MMU),,--disable-crywrap)
 GNUTLS_DEPENDENCIES += $(if $(BR2_PACKAGE_LIBIDN),libidn)