diff options
author | Steve Langasek <steve.langasek@canonical.com> | 2024-03-03 07:10:14 +0000 |
---|---|---|
committer | Steve Langasek <steve.langasek@canonical.com> | 2024-03-03 07:23:51 +0000 |
commit | 9044806c2adc6118399349c70a6c5746cedcc374 (patch) | |
tree | 5f943ccc04d4b8021200085610f079ce1e6ecba8 | |
parent | 09092ad336e9f8a64ee59794fdc301a74238fe1c (diff) |
Support building without gnutls
Once in a generation, it may be necessary to bootstrap apt in an
environment where gnutls is not yet available. This makes gnutls
support in apt optional.
You may also want a configure flag to force gnutls to be required from
outside the buildsystem (e.g. debian/rules).
-rw-r--r-- | CMake/config.h.in | 3 | ||||
-rw-r--r-- | CMakeLists.txt | 2 | ||||
-rw-r--r-- | methods/CMakeLists.txt | 10 | ||||
-rw-r--r-- | methods/connect.cc | 7 | ||||
-rw-r--r-- | methods/http.cc | 15 |
5 files changed, 30 insertions, 7 deletions
diff --git a/CMake/config.h.in b/CMake/config.h.in index 65f983fa9..607f9d5ae 100644 --- a/CMake/config.h.in +++ b/CMake/config.h.in @@ -5,6 +5,9 @@ /* Define if we have the timegm() function */ #cmakedefine HAVE_TIMEGM +/* Define if we have the gnutls library for TLS */ +#cmakedefine HAVE_GNUTLS + /* Define if we have the zlib library for gzip */ #cmakedefine HAVE_ZLIB diff --git a/CMakeLists.txt b/CMakeLists.txt index 9036b3df0..fdbf6dc7d 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -91,7 +91,7 @@ if (BERKELEY_FOUND) set(HAVE_BDB 1) endif() -find_package(GnuTLS REQUIRED) +find_package(GnuTLS) if (GNUTLS_FOUND) set(HAVE_GNUTLS 1) endif() diff --git a/methods/CMakeLists.txt b/methods/CMakeLists.txt index a5a360217..a94cb413d 100644 --- a/methods/CMakeLists.txt +++ b/methods/CMakeLists.txt @@ -15,13 +15,15 @@ add_executable(ftp ftp.cc $<TARGET_OBJECTS:connectlib>) add_executable(rred rred.cc) add_executable(rsh rsh.cc) -target_compile_definitions(connectlib PRIVATE ${GNUTLS_DEFINITIONS}) -target_include_directories(connectlib PRIVATE ${GNUTLS_INCLUDE_DIR}) +if (HAVE_GNUTLS) + target_compile_definitions(connectlib PRIVATE ${GNUTLS_DEFINITIONS}) + target_include_directories(connectlib PRIVATE ${GNUTLS_INCLUDE_DIR}) +endif() target_include_directories(http PRIVATE $<$<BOOL:${SYSTEMD_FOUND}>:${SYSTEMD_INCLUDE_DIRS}>) # Additional libraries to link against for networked stuff -target_link_libraries(http ${GNUTLS_LIBRARIES} $<$<BOOL:${SYSTEMD_FOUND}>:${SYSTEMD_LIBRARIES}>) -target_link_libraries(ftp ${GNUTLS_LIBRARIES}) +target_link_libraries(http $<$<BOOL:${GNUTLS_FOUND}>:${GNUTLS_LIBRARIES}> $<$<BOOL:${SYSTEMD_FOUND}>:${SYSTEMD_LIBRARIES}>) +target_link_libraries(ftp $<$<BOOL:${GNUTLS_FOUND}>:${GNUTLS_LIBRARIES}>) target_link_libraries(rred apt-private) diff --git a/methods/connect.cc b/methods/connect.cc index 110f2fc75..f3e199d0a 100644 --- a/methods/connect.cc +++ b/methods/connect.cc @@ -19,8 +19,10 @@ #include <apt-pkg/srvrec.h> #include <apt-pkg/strutl.h> +#ifdef HAVE_GNUTLS #include <gnutls/gnutls.h> #include <gnutls/x509.h> +#endif #include <cerrno> #include <cstdio> @@ -798,7 +800,8 @@ ResultState UnwrapSocks(std::string Host, int Port, URI Proxy, std::unique_ptr<M return ResultState::SUCCESSFUL; } - /*}}}*/ + +#ifdef HAVE_GNUTLS /*}}}*/ // UnwrapTLS - Handle TLS connections /*{{{*/ // --------------------------------------------------------------------- /* Performs a TLS handshake on the socket */ @@ -1050,4 +1053,4 @@ ResultState UnwrapTLS(std::string const &Host, std::unique_ptr<MethodFd> &Fd, return ResultState::SUCCESSFUL; } - /*}}}*/ +#endif /*}}}*/ diff --git a/methods/http.cc b/methods/http.cc index 9b4550664..0c4d82262 100644 --- a/methods/http.cc +++ b/methods/http.cc @@ -429,7 +429,9 @@ ResultState HttpServerState::Open() Out.Reset(); Persistent = true; +#ifdef HAVE_GNUTLS bool tls = (ServerName.Access == "https" || APT::String::Endswith(ServerName.Access, "+https")); +#endif // Determine the proxy setting // Used to run AutoDetectProxy(ServerName) here, but we now send a Proxy @@ -454,6 +456,7 @@ ResultState HttpServerState::Open() { char *result = getenv("http_proxy"); Proxy = result ? result : ""; +#ifdef HAVE_GNUTLS if (tls == true) { char *result = getenv("https_proxy"); @@ -462,6 +465,7 @@ ResultState HttpServerState::Open() Proxy = result; } } +#endif } } @@ -475,8 +479,13 @@ ResultState HttpServerState::Open() if (Proxy.empty() == false) Owner->AddProxyAuth(Proxy, ServerName); +#ifdef HAVE_GNUTLS auto const DefaultService = tls ? "https" : "http"; auto const DefaultPort = tls ? 443 : 80; +#else + auto const DefaultService = "http"; + auto const DefaultPort = 80; +#endif if (Proxy.Access == "socks5h") { auto result = Connect(Proxy.Host, Proxy.Port, "socks", 1080, ServerFd, TimeOut, Owner); @@ -510,12 +519,15 @@ ResultState HttpServerState::Open() Port = Proxy.Port; Host = Proxy.Host; +#ifdef HAVE_GNUTLS if (Proxy.Access == "https" && Port == 0) Port = 443; +#endif } auto result = Connect(Host, Port, DefaultService, DefaultPort, ServerFd, TimeOut, Owner); if (result != ResultState::SUCCESSFUL) return result; +#ifdef HAVE_GNUTLS if (Host == Proxy.Host && Proxy.Access == "https") { aptConfigWrapperForMethods ProxyConf{std::vector<std::string>{"http", "https"}}; @@ -530,10 +542,13 @@ ResultState HttpServerState::Open() if (result != ResultState::SUCCESSFUL) return result; } +#endif } +#ifdef HAVE_GNUTLS if (tls) return UnwrapTLS(ServerName.Host, ServerFd, TimeOut, Owner, Owner); +#endif return ResultState::SUCCESSFUL; } |