forked from osmocom/wireshark
macOS: Enable PKCS #11 support when building with macos-setup.sh
Enable PKCS #11 support in macOS builds with macos-setup.sh (already supported on macOS via Homebrew and on all other OSes with GnuTLS 3.4 or greater) by installing p11-kit (and its dependency libtasn1) and building nettle and GnuTLS against it.
This commit is contained in:
John Thacker
Jörg Mayer
parent
e0403df086
commit
fe1f947540
|
|
@ -1236,11 +1236,11 @@ add_custom_target(dist
|
|||
)
|
||||
|
||||
if(GNUTLS_FOUND AND NOT GNUTLS_VERSION VERSION_LESS "3.4.0")
|
||||
# While all Linux and Windows builds have PKCS #11 support enabled,
|
||||
# macos-setup.sh explicitly disables it using --without-p11-kit.
|
||||
# Calculating public keys from PKCS #11 private keys requires GnuTLS
|
||||
# 3.4.0 or greater.
|
||||
#
|
||||
# Require at least GnuTLS 3.4.0 such that public keys can be calculated
|
||||
# from PKCS #11 private keys.
|
||||
# Check that the support is present in case GnuTLS was compiled
|
||||
# --without-p11-kit as macos-setup.sh did until recently.
|
||||
include(CheckSymbolExists)
|
||||
cmake_push_check_state()
|
||||
if(WIN32)
|
||||
|
|
|
|||
|
|
@ -150,6 +150,13 @@ if [ "$GNUTLS_VERSION" ]; then
|
|||
# And, in turn, Nettle requires GMP.
|
||||
#
|
||||
GMP_VERSION=6.2.1
|
||||
|
||||
#
|
||||
# And p11-kit
|
||||
P11KIT_VERSION=0.23.21
|
||||
|
||||
# Which requires libtasn1
|
||||
LIBTASN1_VERSION=4.16.0
|
||||
fi
|
||||
# Use 5.2.4, not 5.3, for now; lua_bitop.c hasn't been ported to 5.3
|
||||
# yet, and we need to check for compatibility issues (we'd want Lua
|
||||
|
|
@ -1120,6 +1127,90 @@ uninstall_gmp() {
|
|||
fi
|
||||
}
|
||||
|
||||
install_libtasn1() {
|
||||
if [ "$LIBTASN1_VERSION" -a ! -f libtasn1-$LIBTASN1_VERSION-done ] ; then
|
||||
echo "Downloading, building, and installing libtasn1:"
|
||||
[ -f libtasn1-$LIBTASN1_VERSION.tar.gz ] || curl -L -O https://ftpmirror.gnu.org/libtasn1/libtasn1-$LIBTASN1_VERSION.tar.gz || exit 1
|
||||
$no_build && echo "Skipping installation" && return
|
||||
gzcat libtasn1-$LIBTASN1_VERSION.tar.gz | tar xf - || exit 1
|
||||
cd libtasn1-$LIBTASN1_VERSION
|
||||
CFLAGS="$CFLAGS $VERSION_MIN_FLAGS $SDKFLAGS" CXXFLAGS="$CXXFLAGS $VERSION_MIN_FLAGS $SDKFLAGS" LDFLAGS="$LDFLAGS $VERSION_MIN_FLAGS $SDKFLAGS" ./configure || exit 1
|
||||
make $MAKE_BUILD_OPTS || exit 1
|
||||
$DO_MAKE_INSTALL || exit 1
|
||||
cd ..
|
||||
touch libtasn1-$LIBTASN1_VERSION-done
|
||||
fi
|
||||
}
|
||||
|
||||
uninstall_libtasn1() {
|
||||
if [ ! -z "$installed_libtasn1_version" ] ; then
|
||||
#
|
||||
# p11-kit depends on this, so uninstall it.
|
||||
#
|
||||
uninstall_p11_kit "$@"
|
||||
|
||||
echo "Uninstalling libtasn1:"
|
||||
cd nettle-$installed_libtasn1_version
|
||||
$DO_MAKE_UNINSTALL || exit 1
|
||||
make distclean || exit 1
|
||||
cd ..
|
||||
rm libtasn1-$installed_libtasn1_version-done
|
||||
|
||||
if [ "$#" -eq 1 -a "$1" = "-r" ] ; then
|
||||
#
|
||||
# Get rid of the previously downloaded and unpacked version.
|
||||
#
|
||||
rm -rf libtasn1-$installed_libtasn1_version
|
||||
rm -rf libtasn1-$installed_libtasn1_version.tar.gz
|
||||
fi
|
||||
|
||||
installed_libtasn1_version=""
|
||||
fi
|
||||
}
|
||||
|
||||
install_p11_kit() {
|
||||
if [ "$P11KIT_VERSION" -a ! -f p11-kit-$P11KIT_VERSION-done ] ; then
|
||||
echo "Downloading, building, and installing p11-kit:"
|
||||
[ -f p11-kit-$P11KIT_VERSION.tar.xz ] || curl -L -O https://github.com/p11-glue/p11-kit/releases/download/$P11KIT_VERSION/p11-kit-$P11KIT_VERSION.tar.xz || exit 1
|
||||
$no_build && echo "Skipping installation" && return
|
||||
xzcat p11-kit-$P11KIT_VERSION.tar.xz | tar xf - || exit 1
|
||||
cd p11-kit-$P11KIT_VERSION
|
||||
# Same hack for libffi missing pkg-config files as GLib
|
||||
includedir=`xcrun --show-sdk-path 2>/dev/null`/usr/include
|
||||
LIBFFI_CFLAGS="-I $includedir/ffi" LIBFFI_LIBS="-lffi" CFLAGS="$CFLAGS $VERSION_MIN_FLAGS $SDKFLAGS" CXXFLAGS="$CXXFLAGS $VERSION_MIN_FLAGS $SDKFLAGS" LDFLAGS="$LDFLAGS $VERSION_MIN_FLAGS $SDKFLAGS" ./configure --without-trust-paths || exit 1
|
||||
make $MAKE_BUILD_OPTS || exit 1
|
||||
$DO_MAKE_INSTALL || exit 1
|
||||
cd ..
|
||||
touch p11-kit-$P11KIT_VERSION-done
|
||||
fi
|
||||
}
|
||||
|
||||
uninstall_p11_kit() {
|
||||
if [ ! -z "$installed_p11_kit_version" ] ; then
|
||||
#
|
||||
# Nettle depends on this, so uninstall it.
|
||||
#
|
||||
uninstall_nettle "$@"
|
||||
|
||||
echo "Uninstalling p11-kit:"
|
||||
cd p11-kit-$installed_p11_kit_version
|
||||
$DO_MAKE_UNINSTALL || exit 1
|
||||
make distclean || exit 1
|
||||
cd ..
|
||||
rm p11-kit-$installed_p11_kit_version-done
|
||||
|
||||
if [ "$#" -eq 1 -a "$1" = "-r" ] ; then
|
||||
#
|
||||
# Get rid of the previously downloaded and unpacked version.
|
||||
#
|
||||
rm -rf p11-kit-$installed_p11_kit_version
|
||||
rm -rf p11-kit-$installed_p11_kit_version.tar.xz
|
||||
fi
|
||||
|
||||
installed_p11_kit_version=""
|
||||
fi
|
||||
}
|
||||
|
||||
install_nettle() {
|
||||
if [ "$NETTLE_VERSION" -a ! -f nettle-$NETTLE_VERSION-done ] ; then
|
||||
echo "Downloading, building, and installing Nettle:"
|
||||
|
|
@ -1127,7 +1218,7 @@ install_nettle() {
|
|||
$no_build && echo "Skipping installation" && return
|
||||
gzcat nettle-$NETTLE_VERSION.tar.gz | tar xf - || exit 1
|
||||
cd nettle-$NETTLE_VERSION
|
||||
CFLAGS="$CFLAGS $VERSION_MIN_FLAGS $SDKFLAGS" CXXFLAGS="$CXXFLAGS $VERSION_MIN_FLAGS $SDKFLAGS" LDFLAGS="$LDFLAGS $VERSION_MIN_FLAGS $SDKFLAGS" ./configure --with-libgcrypt --without-p11-kit || exit 1
|
||||
CFLAGS="$CFLAGS $VERSION_MIN_FLAGS $SDKFLAGS" CXXFLAGS="$CXXFLAGS $VERSION_MIN_FLAGS $SDKFLAGS" LDFLAGS="$LDFLAGS $VERSION_MIN_FLAGS $SDKFLAGS" ./configure || exit 1
|
||||
make $MAKE_BUILD_OPTS || exit 1
|
||||
$DO_MAKE_INSTALL || exit 1
|
||||
cd ..
|
||||
|
|
@ -1188,7 +1279,7 @@ install_gnutls() {
|
|||
bzcat gnutls-$GNUTLS_VERSION.tar.bz2 | tar xf - || exit 1
|
||||
fi
|
||||
cd gnutls-$GNUTLS_VERSION
|
||||
CFLAGS="$CFLAGS $VERSION_MIN_FLAGS $SDKFLAGS" CXXFLAGS="$CXXFLAGS $VERSION_MIN_FLAGS $SDKFLAGS" LDFLAGS="$LDFLAGS $VERSION_MIN_FLAGS $SDKFLAGS" ./configure --with-included-libtasn1 --with-included-unistring --without-p11-kit --disable-guile || exit 1
|
||||
CFLAGS="$CFLAGS $VERSION_MIN_FLAGS $SDKFLAGS" CXXFLAGS="$CXXFLAGS $VERSION_MIN_FLAGS $SDKFLAGS" LDFLAGS="$LDFLAGS $VERSION_MIN_FLAGS $SDKFLAGS" ./configure --with-included-unistring --disable-guile || exit 1
|
||||
make $MAKE_BUILD_OPTS || exit 1
|
||||
$DO_MAKE_INSTALL || exit 1
|
||||
cd ..
|
||||
|
|
@ -2249,6 +2340,28 @@ install_all() {
|
|||
uninstall_gmp -r
|
||||
fi
|
||||
|
||||
if [ ! -z "$installed_p11_kit_version" -a \
|
||||
"$installed_p11_kit_version" != "$P11KIT_VERSION" ] ; then
|
||||
echo "Installed p11-kit version is $installed_p11_kit_version"
|
||||
if [ -z "$P11KIT_VERSION" ] ; then
|
||||
echo "p11-kit is not requested"
|
||||
else
|
||||
echo "Requested p11-kit version is $P11KIT_VERSION"
|
||||
fi
|
||||
uninstall_p11_kit -r
|
||||
fi
|
||||
|
||||
if [ ! -z "$installed_libtasn1_version" -a \
|
||||
"$installed_libtasn1_version" != "$LIBTASN1_VERSION" ] ; then
|
||||
echo "Installed libtasn1 version is $installed_libtasn1_version"
|
||||
if [ -z "$LIBTASN1_VERSION" ] ; then
|
||||
echo "libtasn1 is not requested"
|
||||
else
|
||||
echo "Requested libtasn1 version is $LIBTASN1_VERSION"
|
||||
fi
|
||||
uninstall_libtasn1 -r
|
||||
fi
|
||||
|
||||
if [ ! -z "$installed_libgcrypt_version" -a \
|
||||
"$installed_libgcrypt_version" != "$LIBGCRYPT_VERSION" ] ; then
|
||||
echo "Installed libgcrypt version is $installed_libgcrypt_version"
|
||||
|
|
@ -2551,6 +2664,10 @@ install_all() {
|
|||
|
||||
install_gmp
|
||||
|
||||
install_libtasn1
|
||||
|
||||
install_p11_kit
|
||||
|
||||
install_nettle
|
||||
|
||||
install_gnutls
|
||||
|
|
@ -2654,6 +2771,10 @@ uninstall_all() {
|
|||
|
||||
uninstall_nettle
|
||||
|
||||
uninstall_p11_kit
|
||||
|
||||
uninstall_libtasn1
|
||||
|
||||
uninstall_gmp
|
||||
|
||||
uninstall_libgcrypt
|
||||
|
|
@ -2814,6 +2935,8 @@ then
|
|||
installed_libgpg_error_version=`ls libgpg-error-*-done 2>/dev/null | sed 's/libgpg-error-\(.*\)-done/\1/'`
|
||||
installed_libgcrypt_version=`ls libgcrypt-*-done 2>/dev/null | sed 's/libgcrypt-\(.*\)-done/\1/'`
|
||||
installed_gmp_version=`ls gmp-*-done 2>/dev/null | sed 's/gmp-\(.*\)-done/\1/'`
|
||||
installed_libtasn1_version=`ls libtasn1-*-done 2>/dev/null | sed 's/libtasn1-\(.*\)-done/\1/'`
|
||||
installed_p11_kit_version=`ls p11-kit-*-done 2>/dev/null | sed 's/p11-kit-\(.*\)-done/\1/'`
|
||||
installed_nettle_version=`ls nettle-*-done 2>/dev/null | sed 's/nettle-\(.*\)-done/\1/'`
|
||||
installed_gnutls_version=`ls gnutls-*-done 2>/dev/null | sed 's/gnutls-\(.*\)-done/\1/'`
|
||||
installed_lua_version=`ls lua-*-done 2>/dev/null | sed 's/lua-\(.*\)-done/\1/'`
|
||||
|
|
|
|||
Loading…
Reference in New Issue