From 9044806c2adc6118399349c70a6c5746cedcc374 Mon Sep 17 00:00:00 2001
From: Steve Langasek <steve.langasek@canonical.com>
Date: Sun, 3 Mar 2024 07:10:14 +0000
Subject: Support building without gnutls

Once in a generation, it may be necessary to bootstrap apt in an
environment where gnutls is not yet available.  This makes gnutls
support in apt optional.

You may also want a configure flag to force gnutls to be required from
outside the buildsystem (e.g. debian/rules).
---
 CMake/config.h.in      |  3 +++
 CMakeLists.txt         |  2 +-
 methods/CMakeLists.txt | 10 ++++++----
 methods/connect.cc     |  7 +++++--
 methods/http.cc        | 15 +++++++++++++++
 5 files changed, 30 insertions(+), 7 deletions(-)

diff --git a/CMake/config.h.in b/CMake/config.h.in
index 65f983fa9..607f9d5ae 100644
--- a/CMake/config.h.in
+++ b/CMake/config.h.in
@@ -5,6 +5,9 @@
 /* Define if we have the timegm() function */
 #cmakedefine HAVE_TIMEGM
 
+/* Define if we have the gnutls library for TLS */
+#cmakedefine HAVE_GNUTLS
+
 /* Define if we have the zlib library for gzip */
 #cmakedefine HAVE_ZLIB
 
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 9036b3df0..fdbf6dc7d 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -91,7 +91,7 @@ if (BERKELEY_FOUND)
   set(HAVE_BDB 1)
 endif()
 
-find_package(GnuTLS REQUIRED)
+find_package(GnuTLS)
 if (GNUTLS_FOUND)
   set(HAVE_GNUTLS 1)
 endif()
diff --git a/methods/CMakeLists.txt b/methods/CMakeLists.txt
index a5a360217..a94cb413d 100644
--- a/methods/CMakeLists.txt
+++ b/methods/CMakeLists.txt
@@ -15,13 +15,15 @@ add_executable(ftp ftp.cc $<TARGET_OBJECTS:connectlib>)
 add_executable(rred rred.cc)
 add_executable(rsh rsh.cc)
 
-target_compile_definitions(connectlib PRIVATE ${GNUTLS_DEFINITIONS})
-target_include_directories(connectlib PRIVATE ${GNUTLS_INCLUDE_DIR})
+if (HAVE_GNUTLS)
+  target_compile_definitions(connectlib PRIVATE ${GNUTLS_DEFINITIONS})
+  target_include_directories(connectlib PRIVATE ${GNUTLS_INCLUDE_DIR})
+endif()
 target_include_directories(http PRIVATE $<$<BOOL:${SYSTEMD_FOUND}>:${SYSTEMD_INCLUDE_DIRS}>)
 
 # Additional libraries to link against for networked stuff
-target_link_libraries(http ${GNUTLS_LIBRARIES} $<$<BOOL:${SYSTEMD_FOUND}>:${SYSTEMD_LIBRARIES}>)
-target_link_libraries(ftp ${GNUTLS_LIBRARIES})
+target_link_libraries(http $<$<BOOL:${GNUTLS_FOUND}>:${GNUTLS_LIBRARIES}> $<$<BOOL:${SYSTEMD_FOUND}>:${SYSTEMD_LIBRARIES}>)
+target_link_libraries(ftp $<$<BOOL:${GNUTLS_FOUND}>:${GNUTLS_LIBRARIES}>)
 
 target_link_libraries(rred apt-private)
 
diff --git a/methods/connect.cc b/methods/connect.cc
index 110f2fc75..f3e199d0a 100644
--- a/methods/connect.cc
+++ b/methods/connect.cc
@@ -19,8 +19,10 @@
 #include <apt-pkg/srvrec.h>
 #include <apt-pkg/strutl.h>
 
+#ifdef HAVE_GNUTLS
 #include <gnutls/gnutls.h>
 #include <gnutls/x509.h>
+#endif
 
 #include <cerrno>
 #include <cstdio>
@@ -798,7 +800,8 @@ ResultState UnwrapSocks(std::string Host, int Port, URI Proxy, std::unique_ptr<M
 
    return ResultState::SUCCESSFUL;
 }
-									/*}}}*/
+
+#ifdef HAVE_GNUTLS									/*}}}*/
 // UnwrapTLS - Handle TLS connections 					/*{{{*/
 // ---------------------------------------------------------------------
 /* Performs a TLS handshake on the socket */
@@ -1050,4 +1053,4 @@ ResultState UnwrapTLS(std::string const &Host, std::unique_ptr<MethodFd> &Fd,
 
    return ResultState::SUCCESSFUL;
 }
-									/*}}}*/
+#endif									/*}}}*/
diff --git a/methods/http.cc b/methods/http.cc
index 9b4550664..0c4d82262 100644
--- a/methods/http.cc
+++ b/methods/http.cc
@@ -429,7 +429,9 @@ ResultState HttpServerState::Open()
    Out.Reset();
    Persistent = true;
 
+#ifdef HAVE_GNUTLS
    bool tls = (ServerName.Access == "https" || APT::String::Endswith(ServerName.Access, "+https"));
+#endif
 
    // Determine the proxy setting
    // Used to run AutoDetectProxy(ServerName) here, but we now send a Proxy
@@ -454,6 +456,7 @@ ResultState HttpServerState::Open()
 	   {
 	      char *result = getenv("http_proxy");
 	      Proxy = result ? result : "";
+#ifdef HAVE_GNUTLS
 	      if (tls == true)
 	      {
 		 char *result = getenv("https_proxy");
@@ -462,6 +465,7 @@ ResultState HttpServerState::Open()
 		    Proxy = result;
 		 }
 	      }
+#endif
 	   }
    }
    
@@ -475,8 +479,13 @@ ResultState HttpServerState::Open()
    if (Proxy.empty() == false)
       Owner->AddProxyAuth(Proxy, ServerName);
 
+#ifdef HAVE_GNUTLS
    auto const DefaultService = tls ? "https" : "http";
    auto const DefaultPort = tls ? 443 : 80;
+#else
+   auto const DefaultService = "http";
+   auto const DefaultPort = 80;
+#endif
    if (Proxy.Access == "socks5h")
    {
       auto result = Connect(Proxy.Host, Proxy.Port, "socks", 1080, ServerFd, TimeOut, Owner);
@@ -510,12 +519,15 @@ ResultState HttpServerState::Open()
 	    Port = Proxy.Port;
 	 Host = Proxy.Host;
 
+#ifdef HAVE_GNUTLS
 	 if (Proxy.Access == "https" && Port == 0)
 	    Port = 443;
+#endif
       }
       auto result = Connect(Host, Port, DefaultService, DefaultPort, ServerFd, TimeOut, Owner);
       if (result != ResultState::SUCCESSFUL)
 	 return result;
+#ifdef HAVE_GNUTLS
       if (Host == Proxy.Host && Proxy.Access == "https")
       {
 	 aptConfigWrapperForMethods ProxyConf{std::vector<std::string>{"http", "https"}};
@@ -530,10 +542,13 @@ ResultState HttpServerState::Open()
 	 if (result != ResultState::SUCCESSFUL)
 	    return result;
       }
+#endif
    }
 
+#ifdef HAVE_GNUTLS
    if (tls)
       return UnwrapTLS(ServerName.Host, ServerFd, TimeOut, Owner, Owner);
+#endif
 
    return ResultState::SUCCESSFUL;
 }
-- 
cgit v1.2.3-70-g09d2