From 9044806c2adc6118399349c70a6c5746cedcc374 Mon Sep 17 00:00:00 2001 From: Steve Langasek Date: Sun, 3 Mar 2024 07:10:14 +0000 Subject: Support building without gnutls Once in a generation, it may be necessary to bootstrap apt in an environment where gnutls is not yet available. This makes gnutls support in apt optional. You may also want a configure flag to force gnutls to be required from outside the buildsystem (e.g. debian/rules). --- methods/CMakeLists.txt | 10 ++++++---- methods/connect.cc | 7 +++++-- methods/http.cc | 15 +++++++++++++++ 3 files changed, 26 insertions(+), 6 deletions(-) (limited to 'methods') diff --git a/methods/CMakeLists.txt b/methods/CMakeLists.txt index a5a360217..a94cb413d 100644 --- a/methods/CMakeLists.txt +++ b/methods/CMakeLists.txt @@ -15,13 +15,15 @@ add_executable(ftp ftp.cc $) add_executable(rred rred.cc) add_executable(rsh rsh.cc) -target_compile_definitions(connectlib PRIVATE ${GNUTLS_DEFINITIONS}) -target_include_directories(connectlib PRIVATE ${GNUTLS_INCLUDE_DIR}) +if (HAVE_GNUTLS) + target_compile_definitions(connectlib PRIVATE ${GNUTLS_DEFINITIONS}) + target_include_directories(connectlib PRIVATE ${GNUTLS_INCLUDE_DIR}) +endif() target_include_directories(http PRIVATE $<$:${SYSTEMD_INCLUDE_DIRS}>) # Additional libraries to link against for networked stuff -target_link_libraries(http ${GNUTLS_LIBRARIES} $<$:${SYSTEMD_LIBRARIES}>) -target_link_libraries(ftp ${GNUTLS_LIBRARIES}) +target_link_libraries(http $<$:${GNUTLS_LIBRARIES}> $<$:${SYSTEMD_LIBRARIES}>) +target_link_libraries(ftp $<$:${GNUTLS_LIBRARIES}>) target_link_libraries(rred apt-private) diff --git a/methods/connect.cc b/methods/connect.cc index 110f2fc75..f3e199d0a 100644 --- a/methods/connect.cc +++ b/methods/connect.cc @@ -19,8 +19,10 @@ #include #include +#ifdef HAVE_GNUTLS #include #include +#endif #include #include @@ -798,7 +800,8 @@ ResultState UnwrapSocks(std::string Host, int Port, URI Proxy, std::unique_ptr &Fd, return ResultState::SUCCESSFUL; } - /*}}}*/ +#endif /*}}}*/ diff --git a/methods/http.cc b/methods/http.cc index 9b4550664..0c4d82262 100644 --- a/methods/http.cc +++ b/methods/http.cc @@ -429,7 +429,9 @@ ResultState HttpServerState::Open() Out.Reset(); Persistent = true; +#ifdef HAVE_GNUTLS bool tls = (ServerName.Access == "https" || APT::String::Endswith(ServerName.Access, "+https")); +#endif // Determine the proxy setting // Used to run AutoDetectProxy(ServerName) here, but we now send a Proxy @@ -454,6 +456,7 @@ ResultState HttpServerState::Open() { char *result = getenv("http_proxy"); Proxy = result ? result : ""; +#ifdef HAVE_GNUTLS if (tls == true) { char *result = getenv("https_proxy"); @@ -462,6 +465,7 @@ ResultState HttpServerState::Open() Proxy = result; } } +#endif } } @@ -475,8 +479,13 @@ ResultState HttpServerState::Open() if (Proxy.empty() == false) Owner->AddProxyAuth(Proxy, ServerName); +#ifdef HAVE_GNUTLS auto const DefaultService = tls ? "https" : "http"; auto const DefaultPort = tls ? 443 : 80; +#else + auto const DefaultService = "http"; + auto const DefaultPort = 80; +#endif if (Proxy.Access == "socks5h") { auto result = Connect(Proxy.Host, Proxy.Port, "socks", 1080, ServerFd, TimeOut, Owner); @@ -510,12 +519,15 @@ ResultState HttpServerState::Open() Port = Proxy.Port; Host = Proxy.Host; +#ifdef HAVE_GNUTLS if (Proxy.Access == "https" && Port == 0) Port = 443; +#endif } auto result = Connect(Host, Port, DefaultService, DefaultPort, ServerFd, TimeOut, Owner); if (result != ResultState::SUCCESSFUL) return result; +#ifdef HAVE_GNUTLS if (Host == Proxy.Host && Proxy.Access == "https") { aptConfigWrapperForMethods ProxyConf{std::vector{"http", "https"}}; @@ -530,10 +542,13 @@ ResultState HttpServerState::Open() if (result != ResultState::SUCCESSFUL) return result; } +#endif } +#ifdef HAVE_GNUTLS if (tls) return UnwrapTLS(ServerName.Host, ServerFd, TimeOut, Owner, Owner); +#endif return ResultState::SUCCESSFUL; } -- cgit v1.2.3-70-g09d2