| Message ID | 20240502081144.86599-1-philmd@linaro.org |
|---|---|
| State | New |
| Headers | show |
| Series | crypto: Allow building with GnuTLS but without Libtasn1 | expand |
On 2/5/24 10:11, Philippe Mathieu-Daudé wrote: > We only use Libtasn1 in unit tests. As noted in commit d47b83b118 > ("tests: add migration tests of TLS with x509 credentials"), having > GnuTLS without Libtasn1 is a valid configuration, so do not require > Libtasn1, to avoid: > > Dependency gnutls found: YES 3.7.1 (cached) > Run-time dependency libtasn1 found: NO (tried pkgconfig) > > ../meson.build:1914:10: ERROR: Dependency "libtasn1" not found, tried pkgconfig > > Restrict the unit test pkix_asn1_tab[] variable to CONFIG_TASN1. Otherwise we get: In file included from tests/unit/crypto-tls-psk-helpers.c:23: tests/unit/crypto-tls-x509-helpers.h:26:10: fatal error: libtasn1.h: No such file or directory 26 | #include <libtasn1.h> | ^~~~~~~~~~~~ compilation terminated. > Fixes: ba7ed407e6 ("configure, meson: convert libtasn1 detection to meson") > Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> > --- > meson.build | 1 + > tests/unit/crypto-tls-x509-helpers.h | 4 +++- > 2 files changed, 4 insertions(+), 1 deletion(-) > > diff --git a/meson.build b/meson.build > index 5db2dbc12e..837a2bdb56 100644 > --- a/meson.build > +++ b/meson.build > @@ -1912,6 +1912,7 @@ endif > tasn1 = not_found > if gnutls.found() > tasn1 = dependency('libtasn1', > + required: false, > method: 'pkg-config') > endif > keyutils = not_found > diff --git a/tests/unit/crypto-tls-x509-helpers.h b/tests/unit/crypto-tls-x509-helpers.h > index 247e7160eb..bddf00d392 100644 > --- a/tests/unit/crypto-tls-x509-helpers.h > +++ b/tests/unit/crypto-tls-x509-helpers.h > @@ -23,7 +23,6 @@ > > #include <gnutls/gnutls.h> > #include <gnutls/x509.h> > -#include <libtasn1.h> > > > #define QCRYPTO_TLS_TEST_CLIENT_NAME "ACME QEMU Client" > @@ -171,6 +170,9 @@ void test_tls_cleanup(const char *keyfile); > }; \ > test_tls_generate_cert(&varname, cavarname.crt) > > +#ifdef CONFIG_TASN1 > +#include <libtasn1.h> > extern const asn1_static_node pkix_asn1_tab[]; > +#endif > > #endif
On Thu, May 02, 2024 at 10:22:02AM +0200, Philippe Mathieu-Daudé wrote: > On 2/5/24 10:11, Philippe Mathieu-Daudé wrote: > > We only use Libtasn1 in unit tests. As noted in commit d47b83b118 > > ("tests: add migration tests of TLS with x509 credentials"), having > > GnuTLS without Libtasn1 is a valid configuration, so do not require > > Libtasn1, to avoid: > > > > Dependency gnutls found: YES 3.7.1 (cached) > > Run-time dependency libtasn1 found: NO (tried pkgconfig) > > > > ../meson.build:1914:10: ERROR: Dependency "libtasn1" not found, tried pkgconfig > > > > Restrict the unit test pkix_asn1_tab[] variable to CONFIG_TASN1. > > Otherwise we get: > > In file included from tests/unit/crypto-tls-psk-helpers.c:23: > tests/unit/crypto-tls-x509-helpers.h:26:10: fatal error: > libtasn1.h: No such file or directory > 26 | #include <libtasn1.h> > | ^~~~~~~~~~~~ > compilation terminated. I'd say that crypto-tls-psk-helpers.c shouldn't be including crypto-tls-x509-helpers.h at all, as PSK auth does not depend on X509 code With regards, Daniel
On 2/5/24 10:26, Daniel P. Berrangé wrote: > On Thu, May 02, 2024 at 10:22:02AM +0200, Philippe Mathieu-Daudé wrote: >> On 2/5/24 10:11, Philippe Mathieu-Daudé wrote: >>> We only use Libtasn1 in unit tests. As noted in commit d47b83b118 >>> ("tests: add migration tests of TLS with x509 credentials"), having >>> GnuTLS without Libtasn1 is a valid configuration, so do not require >>> Libtasn1, to avoid: >>> >>> Dependency gnutls found: YES 3.7.1 (cached) >>> Run-time dependency libtasn1 found: NO (tried pkgconfig) >>> >>> ../meson.build:1914:10: ERROR: Dependency "libtasn1" not found, tried pkgconfig >>> >>> Restrict the unit test pkix_asn1_tab[] variable to CONFIG_TASN1. >> >> Otherwise we get: >> >> In file included from tests/unit/crypto-tls-psk-helpers.c:23: >> tests/unit/crypto-tls-x509-helpers.h:26:10: fatal error: >> libtasn1.h: No such file or directory >> 26 | #include <libtasn1.h> >> | ^~~~~~~~~~~~ >> compilation terminated. > > I'd say that crypto-tls-psk-helpers.c shouldn't be including > crypto-tls-x509-helpers.h at all, as PSK auth does not depend > on X509 code I agree, I tried the "less code churn" path first :)
On 2/5/24 11:26, Philippe Mathieu-Daudé wrote: > On 2/5/24 10:26, Daniel P. Berrangé wrote: >> On Thu, May 02, 2024 at 10:22:02AM +0200, Philippe Mathieu-Daudé wrote: >>> On 2/5/24 10:11, Philippe Mathieu-Daudé wrote: >>>> We only use Libtasn1 in unit tests. As noted in commit d47b83b118 >>>> ("tests: add migration tests of TLS with x509 credentials"), having >>>> GnuTLS without Libtasn1 is a valid configuration, so do not require >>>> Libtasn1, to avoid: >>>> >>>> Dependency gnutls found: YES 3.7.1 (cached) >>>> Run-time dependency libtasn1 found: NO (tried pkgconfig) >>>> >>>> ../meson.build:1914:10: ERROR: Dependency "libtasn1" not found, >>>> tried pkgconfig >>>> >>>> Restrict the unit test pkix_asn1_tab[] variable to CONFIG_TASN1. >>> >>> Otherwise we get: >>> >>> In file included from tests/unit/crypto-tls-psk-helpers.c:23: >>> tests/unit/crypto-tls-x509-helpers.h:26:10: fatal error: >>> libtasn1.h: No such file or directory >>> 26 | #include <libtasn1.h> >>> | ^~~~~~~~~~~~ >>> compilation terminated. >> >> I'd say that crypto-tls-psk-helpers.c shouldn't be including >> crypto-tls-x509-helpers.h at all, as PSK auth does not depend >> on X509 code > > I agree, I tried the "less code churn" path first :) test_tls_init() calls asn1_array2tree(), test_tls_cleanup() calls asn1_delete_structure() and test_tls_generate_cert() calls: asn1_create_element(pkix_asn1, "PKIX1.BasicConstraints", ... asn1_write_value(ext, "cA", ... asn1_write_value(ext, "pathLenConstraint", ...
diff --git a/meson.build b/meson.build index 5db2dbc12e..837a2bdb56 100644 --- a/meson.build +++ b/meson.build @@ -1912,6 +1912,7 @@ endif tasn1 = not_found if gnutls.found() tasn1 = dependency('libtasn1', + required: false, method: 'pkg-config') endif keyutils = not_found diff --git a/tests/unit/crypto-tls-x509-helpers.h b/tests/unit/crypto-tls-x509-helpers.h index 247e7160eb..bddf00d392 100644 --- a/tests/unit/crypto-tls-x509-helpers.h +++ b/tests/unit/crypto-tls-x509-helpers.h @@ -23,7 +23,6 @@ #include <gnutls/gnutls.h> #include <gnutls/x509.h> -#include <libtasn1.h> #define QCRYPTO_TLS_TEST_CLIENT_NAME "ACME QEMU Client" @@ -171,6 +170,9 @@ void test_tls_cleanup(const char *keyfile); }; \ test_tls_generate_cert(&varname, cavarname.crt) +#ifdef CONFIG_TASN1 +#include <libtasn1.h> extern const asn1_static_node pkix_asn1_tab[]; +#endif #endif
We only use Libtasn1 in unit tests. As noted in commit d47b83b118 ("tests: add migration tests of TLS with x509 credentials"), having GnuTLS without Libtasn1 is a valid configuration, so do not require Libtasn1, to avoid: Dependency gnutls found: YES 3.7.1 (cached) Run-time dependency libtasn1 found: NO (tried pkgconfig) ../meson.build:1914:10: ERROR: Dependency "libtasn1" not found, tried pkgconfig Restrict the unit test pkix_asn1_tab[] variable to CONFIG_TASN1. Fixes: ba7ed407e6 ("configure, meson: convert libtasn1 detection to meson") Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> --- meson.build | 1 + tests/unit/crypto-tls-x509-helpers.h | 4 +++- 2 files changed, 4 insertions(+), 1 deletion(-)