vitalif
/
mirror_qemu
mirror of https://github.com/proxmox/mirror_qemu
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

configure, meson: convert crypto detection to meson 

Reviewed-by: Richard Henderson <richard.henderson@liaro.org>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
master
Paolo Bonzini 2021-06-03 11:15:26 +02:00
parent 4c1f23cfb8
commit 5761251138
5 changed files with 90 additions and 232 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

188
configure vendored
View File

@ -404,10 +404,9 @@ seccomp="auto"
glusterfs="auto"
gtk="auto"
tls_priority="NORMAL"
gnutls="$default_feature"
nettle="$default_feature"
gcrypt="$default_feature"
qemu_private_xts="yes"
gnutls="auto"
nettle="auto"
gcrypt="auto"
auth_pam="$default_feature"
vte="$default_feature"
virglrenderer="$default_feature"
@ -1372,17 +1371,17 @@ for opt do
;;
--tls-priority=*) tls_priority="$optarg"
;;
--disable-gnutls) gnutls="no"
--disable-gnutls) gnutls="disabled"
;;
--enable-gnutls) gnutls="yes"
--enable-gnutls) gnutls="enabled"
;;
--disable-nettle) nettle="no"
--disable-nettle) nettle="disabled"
;;
--enable-nettle) nettle="yes"
--enable-nettle) nettle="enabled"
;;
--disable-gcrypt) gcrypt="no"
--disable-gcrypt) gcrypt="disabled"
;;
--enable-gcrypt) gcrypt="yes"
--enable-gcrypt) gcrypt="enabled"
;;
--disable-auth-pam) auth_pam="no"
;;
@ -2800,156 +2799,6 @@ EOF
fi
fi
##########################################
# GNUTLS probe
if test "$gnutls" != "no"; then
pass="no"
if $pkg_config --exists "gnutls >= 3.5.18"; then
gnutls_cflags=$($pkg_config --cflags gnutls)
gnutls_libs=$($pkg_config --libs gnutls)
# Packaging for the static libraries is not always correct.
# At least ubuntu 18.04 ships only shared libraries.
write_c_skeleton
if compile_prog "" "$gnutls_libs" ; then
pass="yes"
fi
fi
if test "$pass" = "no" && test "$gnutls" = "yes"; then
feature_not_found "gnutls" "Install gnutls devel >= 3.1.18"
else
gnutls="$pass"
fi
fi
# If user didn't give a --disable/enable-gcrypt flag,
# then mark as disabled if user requested nettle
# explicitly
if test -z "$gcrypt"
then
if test "$nettle" = "yes"
then
gcrypt="no"
fi
fi
# If user didn't give a --disable/enable-nettle flag,
# then mark as disabled if user requested gcrypt
# explicitly
if test -z "$nettle"
then
if test "$gcrypt" = "yes"
then
nettle="no"
fi
fi
has_libgcrypt() {
if ! has "libgcrypt-config"
then
return 1
fi
if test -n "$cross_prefix"
then
host=$(libgcrypt-config --host)
if test "$host-" != $cross_prefix
then
return 1
fi
fi
maj=`libgcrypt-config --version | awk -F . '{print $1}'`
min=`libgcrypt-config --version | awk -F . '{print $2}'`
if test $maj != 1 || test $min -lt 8
then
return 1
fi
return 0
}
if test "$nettle" != "no"; then
pass="no"
if $pkg_config --exists "nettle >= 3.4"; then
nettle_cflags=$($pkg_config --cflags nettle)
nettle_libs=$($pkg_config --libs nettle)
# Link test to make sure the given libraries work (e.g for static).
write_c_skeleton
if compile_prog "" "$nettle_libs" ; then
if test -z "$gcrypt"; then
gcrypt="no"
fi
pass="yes"
fi
fi
if test "$pass" = "yes"
then
cat > $TMPC << EOF
#include <nettle/xts.h>
int main(void) {
return 0;
}
EOF
if compile_prog "$nettle_cflags" "$nettle_libs" ; then
qemu_private_xts=no
fi
fi
if test "$pass" = "no" && test "$nettle" = "yes"; then
feature_not_found "nettle" "Install nettle devel >= 2.7.1"
else
nettle="$pass"
fi
fi
if test "$gcrypt" != "no"; then
pass="no"
if has_libgcrypt; then
gcrypt_cflags=$(libgcrypt-config --cflags)
gcrypt_libs=$(libgcrypt-config --libs)
# Debian has removed -lgpg-error from libgcrypt-config
# as it "spreads unnecessary dependencies" which in
# turn breaks static builds...
if test "$static" = "yes"
then
gcrypt_libs="$gcrypt_libs -lgpg-error"
fi
# Link test to make sure the given libraries work (e.g for static).
write_c_skeleton
if compile_prog "" "$gcrypt_libs" ; then
pass="yes"
fi
fi
if test "$pass" = "yes"; then
gcrypt="yes"
cat > $TMPC << EOF
#include <gcrypt.h>
int main(void) {
gcry_cipher_hd_t handle;
gcry_cipher_open(&handle, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_XTS, 0);
return 0;
}
EOF
if compile_prog "$gcrypt_cflags" "$gcrypt_libs" ; then
qemu_private_xts=no
fi
elif test "$gcrypt" = "yes"; then
feature_not_found "gcrypt" "Install gcrypt devel >= 1.5.0"
else
gcrypt="no"
fi
fi
if test "$gcrypt" = "yes" && test "$nettle" = "yes"
then
error_exit "Only one of gcrypt & nettle can be enabled"
fi
##########################################
# libtasn1 - only for the TLS creds/session test suite
@ -5705,24 +5554,6 @@ if test "$gdbus_codegen" != "" ; then
echo "GDBUS_CODEGEN=$gdbus_codegen" >> $config_host_mak
fi
echo "CONFIG_TLS_PRIORITY=\"$tls_priority\"" >> $config_host_mak
if test "$gnutls" = "yes" ; then
echo "CONFIG_GNUTLS=y" >> $config_host_mak
echo "GNUTLS_CFLAGS=$gnutls_cflags" >> $config_host_mak
echo "GNUTLS_LIBS=$gnutls_libs" >> $config_host_mak
fi
if test "$gcrypt" = "yes" ; then
echo "CONFIG_GCRYPT=y" >> $config_host_mak
echo "GCRYPT_CFLAGS=$gcrypt_cflags" >> $config_host_mak
echo "GCRYPT_LIBS=$gcrypt_libs" >> $config_host_mak
fi
if test "$nettle" = "yes" ; then
echo "CONFIG_NETTLE=y" >> $config_host_mak
echo "NETTLE_CFLAGS=$nettle_cflags" >> $config_host_mak
echo "NETTLE_LIBS=$nettle_libs" >> $config_host_mak
fi
if test "$qemu_private_xts" = "yes" ; then
echo "CONFIG_QEMU_PRIVATE_XTS=y" >> $config_host_mak
fi
if test "$tasn1" = "yes" ; then
echo "CONFIG_TASN1=y" >> $config_host_mak
fi
@ -6439,6 +6270,7 @@ if test "$skip_meson" = no; then
-Dcurl=$curl -Dglusterfs=$glusterfs -Dbzip2=$bzip2 -Dlibiscsi=$libiscsi \
-Dlibnfs=$libnfs -Diconv=$iconv -Dcurses=$curses -Dlibudev=$libudev\
-Drbd=$rbd -Dlzo=$lzo -Dsnappy=$snappy -Dlzfse=$lzfse \
-Dgnutls=$gnutls -Dnettle=$nettle -Dgcrypt=$gcrypt \
-Dzstd=$zstd -Dseccomp=$seccomp -Dvirtfs=$virtfs -Dcap_ng=$cap_ng \
-Dattr=$attr -Ddefault_devices=$default_devices \
-Ddocs=$docs -Dsphinx_build=$sphinx_build -Dinstall_blobs=$blobs \

41
crypto/meson.build
View File

@ -22,48 +22,31 @@ crypto_ss.add(files(
'tlssession.c',
))
if 'CONFIG_NETTLE' in config_host
crypto_ss.add(files('hash-nettle.c', 'hmac-nettle.c', 'pbkdf-nettle.c'))
elif 'CONFIG_GCRYPT' in config_host
crypto_ss.add(files('hash-gcrypt.c', 'pbkdf-gcrypt.c'))
crypto_ss.add(files('hmac-gcrypt.c'))
if nettle.found()
crypto_ss.add(nettle, files('hash-nettle.c', 'hmac-nettle.c', 'pbkdf-nettle.c'))
elif gcrypt.found()
crypto_ss.add(gcrypt, files('hash-gcrypt.c', 'hmac-gcrypt.c', 'pbkdf-gcrypt.c'))
else
crypto_ss.add(files('hash-glib.c', 'hmac-glib.c', 'pbkdf-stub.c'))
endif
if xts == 'private'
crypto_ss.add(files('xts.c'))
endif
crypto_ss.add(when: 'CONFIG_SECRET_KEYRING', if_true: files('secret_keyring.c'))
crypto_ss.add(when: 'CONFIG_QEMU_PRIVATE_XTS', if_true: files('xts.c'))
crypto_ss.add(when: 'CONFIG_AF_ALG', if_true: files('afalg.c', 'cipher-afalg.c', 'hash-afalg.c'))
crypto_ss.add(when: 'CONFIG_GNUTLS', if_true: files('tls-cipher-suites.c'))
if 'CONFIG_NETTLE' in config_host
crypto_ss.add(nettle)
elif 'CONFIG_GCRYPT' in config_host
crypto_ss.add(gcrypt)
endif
if 'CONFIG_GNUTLS' in config_host
crypto_ss.add(gnutls)
endif
crypto_ss.add(when: gnutls, if_true: files('tls-cipher-suites.c'))
util_ss.add(files('aes.c'))
util_ss.add(files('init.c'))
if 'CONFIG_GCRYPT' in config_host
util_ss.add(files('random-gcrypt.c'))
elif 'CONFIG_GNUTLS' in config_host
util_ss.add(files('random-gnutls.c'))
if gcrypt.found()
util_ss.add(gcrypt, files('random-gcrypt.c'))
elif gnutls.found()
util_ss.add(gnutls, files('random-gnutls.c'))
elif 'CONFIG_RNG_NONE' in config_host
util_ss.add(files('random-none.c'))
else
util_ss.add(files('random-platform.c'))
endif
if 'CONFIG_GCRYPT' in config_host
util_ss.add(gcrypt)
endif
if 'CONFIG_GNUTLS' in config_host
util_ss.add(gnutls)
endif

81
meson.build
View File

@ -320,21 +320,6 @@ urcubp = not_found
if 'CONFIG_TRACE_UST' in config_host
urcubp = declare_dependency(link_args: config_host['URCU_BP_LIBS'].split())
endif
gcrypt = not_found
if 'CONFIG_GCRYPT' in config_host
gcrypt = declare_dependency(compile_args: config_host['GCRYPT_CFLAGS'].split(),
link_args: config_host['GCRYPT_LIBS'].split())
endif
nettle = not_found
if 'CONFIG_NETTLE' in config_host
nettle = declare_dependency(compile_args: config_host['NETTLE_CFLAGS'].split(),
link_args: config_host['NETTLE_LIBS'].split())
endif
gnutls = not_found
if 'CONFIG_GNUTLS' in config_host
gnutls = declare_dependency(compile_args: config_host['GNUTLS_CFLAGS'].split(),
link_args: config_host['GNUTLS_LIBS'].split())
endif
pixman = not_found
if have_system or have_tools
pixman = dependency('pixman-1', required: have_system, version:'>=0.21.8',
@ -829,6 +814,54 @@ if 'CONFIG_OPENGL' in config_host
link_args: config_host['OPENGL_LIBS'].split())
endif
gnutls = not_found
if not get_option('gnutls').auto() or have_system
gnutls = dependency('gnutls', version: '>=3.5.18',
method: 'pkg-config',
required: get_option('gnutls'),
kwargs: static_kwargs)
endif
# Nettle has priority over gcrypt
gcrypt = not_found
nettle = not_found
xts = 'private'
if get_option('nettle').enabled() and get_option('gcrypt').enabled()
error('Only one of gcrypt & nettle can be enabled')
elif (not get_option('nettle').auto() or have_system) and not get_option('gcrypt').enabled()
nettle = dependency('nettle', version: '>=3.4',
method: 'pkg-config',
required: get_option('nettle'),
kwargs: static_kwargs)
if nettle.found() and cc.has_header('nettle/xts.h', dependencies: nettle)
xts = 'nettle'
endif
endif
if (not get_option('gcrypt').auto() or have_system) and not nettle.found()
gcrypt = dependency('libgcrypt', version: '>=1.5',
method: 'config-tool',
required: get_option('gcrypt'),
kwargs: static_kwargs)
if gcrypt.found() and cc.compiles('''
#include <gcrypt.h>
int main(void) {
gcry_cipher_hd_t handle;
gcry_cipher_open(&handle, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_XTS, 0);
return 0;
}
''', dependencies: gcrypt)
xts = 'gcrypt'
endif
# Debian has removed -lgpg-error from libgcrypt-config
# as it "spreads unnecessary dependencies" which in
# turn breaks static builds...
if gcrypt.found() and enable_static
gcrypt = declare_dependency(dependencies: [
gcrypt,
cc.find_library('gpg-error', required: true, kwargs: static_kwargs)])
endif
endif
gtk = not_found
gtkx11 = not_found
if not get_option('gtk').auto() or (have_system and not cocoa.found())
@ -1165,6 +1198,10 @@ config_host_data.set('CONFIG_VIRTFS', have_virtfs)
config_host_data.set('CONFIG_XKBCOMMON', xkbcommon.found())
config_host_data.set('CONFIG_KEYUTILS', keyutils.found())
config_host_data.set('CONFIG_GETTID', has_gettid)
config_host_data.set('CONFIG_GNUTLS', gnutls.found())
config_host_data.set('CONFIG_GCRYPT', gcrypt.found())
config_host_data.set('CONFIG_NETTLE', nettle.found())
config_host_data.set('CONFIG_QEMU_PRIVATE_XTS', xts == 'private')
config_host_data.set('CONFIG_MALLOC_TRIM', has_malloc_trim)
config_host_data.set('CONFIG_STATX', has_statx)
config_host_data.set('CONFIG_ZSTD', zstd.found())
@ -2659,16 +2696,16 @@ summary(summary_info, bool_yn: true, section: 'Block layer support')
# Crypto
summary_info = {}
summary_info += {'TLS priority': config_host['CONFIG_TLS_PRIORITY']}
summary_info += {'GNUTLS support': config_host.has_key('CONFIG_GNUTLS')}
summary_info += {'GNUTLS support': gnutls.found()}
# TODO: add back version
summary_info += {'libgcrypt': config_host.has_key('CONFIG_GCRYPT')}
if config_host.has_key('CONFIG_GCRYPT')
summary_info += {' XTS': not config_host.has_key('CONFIG_QEMU_PRIVATE_XTS')}
summary_info += {'libgcrypt': gcrypt.found()}
if gcrypt.found()
summary_info += {' XTS': xts != 'private'}
endif
# TODO: add back version
summary_info += {'nettle': config_host.has_key('CONFIG_NETTLE')}
if config_host.has_key('CONFIG_NETTLE')
summary_info += {' XTS': not config_host.has_key('CONFIG_QEMU_PRIVATE_XTS')}
summary_info += {'nettle': nettle.found()}
if nettle.found()
summary_info += {' XTS': xts != 'private'}
endif
summary_info += {'crypto afalg': config_host.has_key('CONFIG_AF_ALG')}
summary_info += {'rng-none': config_host.has_key('CONFIG_RNG_NONE')}

6
meson_options.txt
View File

@ -76,6 +76,12 @@ option('iconv', type : 'feature', value : 'auto',
description: 'Font glyph conversion support')
option('curses', type : 'feature', value : 'auto',
description: 'curses UI')
option('gnutls', type : 'feature', value : 'auto',
description: 'GNUTLS cryptography support')
option('nettle', type : 'feature', value : 'auto',
description: 'nettle cryptography support')
option('gcrypt', type : 'feature', value : 'auto',
description: 'libgcrypt cryptography support')
option('libudev', type : 'feature', value : 'auto',
description: 'Use libudev to enumerate host devices')
option('lzfse', type : 'feature', value : 'auto',

6
tests/unit/meson.build
View File

@ -83,7 +83,7 @@ if have_block
'test-crypto-afsplit': [io],
'test-crypto-block': [io],
}
if 'CONFIG_GNUTLS' in config_host and \
if gnutls.found() and \
'CONFIG_TASN1' in config_host and \
'CONFIG_POSIX' in config_host
tests += {
@ -97,7 +97,7 @@ if have_block
if 'CONFIG_AUTH_PAM' in config_host
tests += {'test-authz-pam': [authz]}
endif
if 'CONFIG_QEMU_PRIVATE_XTS' in config_host
if xts == 'private'
tests += {'test-crypto-xts': [crypto, io]}
endif
if 'CONFIG_POSIX' in config_host
@ -106,7 +106,7 @@ if have_block
if 'CONFIG_REPLICATION' in config_host
tests += {'test-replication': [testblock]}
endif
if 'CONFIG_NETTLE' in config_host or 'CONFIG_GCRYPT' in config_host
if nettle.found() or gcrypt.found()
tests += {'test-crypto-pbkdf': [io]}
endif
if 'CONFIG_EPOLL_CREATE1' in config_host