glib-networking: enable build with GnuTLS if PKCS#11 was disabled

If GnuTLS is built without PKCS#11 support then glib-networking will fail to build the tests. Backport a patch to fix this issue. (From OE-Core rev: 6fd615ec2350d190b52784a0596c09cdaafec4bf) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Ross Burton <ross.burton@arm.com> 2023-08-31 11:02:42 +0100
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2023-09-02 11:47:50 +0100
commit: 1fd22a4cd80567e832938323165aff070117d17a (patch)
tree: f538edaa6d759a5b9e5f147b8bdd1121b10c72ba
parent: 194979071242305649314809e94c4d4d61c3fc0b (diff)
download: poky-1fd22a4cd80567e832938323165aff070117d17a.tar.gz
2 files changed, 114 insertions, 0 deletions
diff --git a/meta/recipes-core/glib-networking/glib-networking/0001-tls-tests-disable-PKCS-11-tests-if-not-available.patch b/meta/recipes-core/glib-networking/glib-networking/0001-tls-tests-disable-PKCS-11-tests-if-not-available.patch
new file mode 100644
index 0000000000..7b003588c8
--- /dev/null
+++ b/meta/recipes-core/glib-networking/glib-networking/0001-tls-tests-disable-PKCS-11-tests-if-not-available.patch
@@ -0,0 +1,113 @@
+From 04728a5b73e870b4695c5e7ba42fa41c00471944 Mon Sep 17 00:00:00 2001
+From: Ross Burton <ross.burton@arm.com>
+Date: Fri, 12 May 2023 20:19:35 +0100
+Subject: [PATCH] tls/tests: disable PKCS#11 tests if not available
+GnuTLS can be built without PKCS#11, which means the symbols
+gnutls_pkcs11_init and gnutls_pkcs11_add_provider are not part of the
+library.
+If these symbols don't exist in GnuTLS then we can't add a mock pkcs#11
+provider for testing, and several tests which need the mock provider
+will fail.
+Solve this by checking for the symbols at build time and disabling the
+provider and tests which need it.
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+---
+ meson.build             |  4 ++++
+ tls/tests/certificate.c | 11 +++++++----
+ tls/tests/connection.c  |  4 +++-
+ 3 files changed, 14 insertions(+), 5 deletions(-)
+diff --git a/meson.build b/meson.build
+index 0fa9027..d2a023a 100644
+--- a/meson.build
+++ b/meson.build
+@@ -84,6 +84,10 @@ gnutls_dep = dependency('gnutls', version: '>= 3.7.4', required: get_option('gnu
+ 
+ if gnutls_dep.found()
+   backends += ['gnutls']
+  # test-specific, maybe move to tls/tests
+  if cc.has_function('gnutls_pkcs11_init', prefix: '#include <gnutls/pkcs11.h>', dependencies: gnutls_dep)
+    config_h.set10('HAVE_GNUTLS_PKCS11', true)
+  endif
+ endif
+ 
+ # *** Checks for OpenSSL    ***
+diff --git a/tls/tests/certificate.c b/tls/tests/certificate.c
+index e820ba1..dd2412b 100644
+--- a/tls/tests/certificate.c
+++ b/tls/tests/certificate.c
+@@ -24,6 +24,7 @@
+  * Author: Stef Walter <stefw@collabora.co.uk>
+  */
+ 
+#include "config.h"
+ #include "certificate.h"
+ 
+ #include <gio/gio.h>
+@@ -911,7 +912,7 @@ int
+ main (int   argc,
+       char *argv[])
+ {
+-#ifdef BACKEND_IS_GNUTLS
+#if defined(BACKEND_IS_GNUTLS) && HAVE_GNUTLS_PKCS11
+   char *module_path;
+ #endif
+ 
+@@ -921,7 +922,7 @@ main (int   argc,
+   g_setenv ("GIO_USE_TLS", BACKEND, TRUE);
+   g_assert_cmpint (g_ascii_strcasecmp (G_OBJECT_TYPE_NAME (g_tls_backend_get_default ()), "GTlsBackend" BACKEND), ==, 0);
+ 
+-#ifdef BACKEND_IS_GNUTLS
+#if defined(BACKEND_IS_GNUTLS) && HAVE_GNUTLS_PKCS11
+   module_path = g_test_build_filename (G_TEST_BUILT, "mock-pkcs11.so", NULL);
+   g_assert_true (g_file_test (module_path, G_FILE_TEST_EXISTS));
+ 
+@@ -942,12 +943,14 @@ main (int   argc,
+               setup_certificate, test_create_certificate_with_issuer, teardown_certificate);
+   g_test_add ("/tls/" BACKEND "/certificate/create-with-garbage-input", TestCertificate, NULL,
+               setup_certificate, test_create_certificate_with_garbage_input, teardown_certificate);
+-  g_test_add ("/tls/" BACKEND "/certificate/pkcs11", TestCertificate, NULL,
+-              setup_certificate, test_create_certificate_pkcs11, teardown_certificate);
+   g_test_add ("/tls/" BACKEND "/certificate/private-key", TestCertificate, NULL,
+               setup_certificate, test_private_key, teardown_certificate);
+#if HAVE_GNUTLS_PKCS11
+  g_test_add ("/tls/" BACKEND "/certificate/pkcs11", TestCertificate, NULL,
+              setup_certificate, test_create_certificate_pkcs11, teardown_certificate);
+   g_test_add ("/tls/" BACKEND "/certificate/private-key-pkcs11", TestCertificate, NULL,
+               setup_certificate, test_private_key_pkcs11, teardown_certificate);
+#endif
+ 
+   g_test_add_func ("/tls/" BACKEND "/certificate/create-chain", test_create_certificate_chain);
+   g_test_add_func ("/tls/" BACKEND "/certificate/create-no-chain", test_create_certificate_no_chain);
+diff --git a/tls/tests/connection.c b/tls/tests/connection.c
+index 17efe1b..62a7fbb 100644
+--- a/tls/tests/connection.c
+++ b/tls/tests/connection.c
+@@ -3376,7 +3376,7 @@ main (int   argc,
+ 
+   g_assert_true (g_ascii_strcasecmp (G_OBJECT_TYPE_NAME (g_tls_backend_get_default ()), "GTlsBackend" BACKEND) == 0);
+ 
+-#ifdef BACKEND_IS_GNUTLS
+#if defined(BACKEND_IS_GNUTLS) && HAVE_GNUTLS_PKCS11
+   module_path = g_test_build_filename (G_TEST_BUILT, "mock-pkcs11.so", NULL);
+   g_assert_true (g_file_test (module_path, G_FILE_TEST_EXISTS));
+ 
+@@ -3438,8 +3438,10 @@ main (int   argc,
+               setup_connection, test_client_auth_request_fail, teardown_connection);
+   g_test_add ("/tls/" BACKEND "/connection/client-auth-request-none", TestConnection, NULL,
+               setup_connection, test_client_auth_request_none, teardown_connection);
+#if HAVE_GNUTLS_PKCS11
+   g_test_add ("/tls/" BACKEND "/connection/client-auth-pkcs11", TestConnection, NULL,
+               setup_connection, test_client_auth_pkcs11_connection, teardown_connection);
+#endif
+   g_test_add ("/tls/" BACKEND "/connection/no-database", TestConnection, NULL,
+               setup_connection, test_connection_no_database, teardown_connection);
+   g_test_add ("/tls/" BACKEND "/connection/failed", TestConnection, NULL,
+-- 
+2.34.1
diff --git a/meta/recipes-core/glib-networking/glib-networking_2.76.1.bb b/meta/recipes-core/glib-networking/glib-networking_2.76.1.bb
index 8e7290cdbb..66b6a78a53 100644
--- a/meta/recipes-core/glib-networking/glib-networking_2.76.1.bb
+++ b/meta/recipes-core/glib-networking/glib-networking_2.76.1.bb
@@ -30,6 +30,7 @@ inherit gnomebase gettext upstream-version-is-even gio-module-cache ptest-gnome
 SRC_URI += "file://run-ptest"
 SRC_URI += "file://eagain.patch"
+SRC_URI += "file://0001-tls-tests-disable-PKCS-11-tests-if-not-available.patch"
 FILES:${PN} += "\
                ${libdir}/gio/modules/libgio*.so \
author	Ross Burton <ross.burton@arm.com>	2023-08-31 11:02:42 +0100
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2023-09-02 11:47:50 +0100
commit	1fd22a4cd80567e832938323165aff070117d17a (patch)
tree	f538edaa6d759a5b9e5f147b8bdd1121b10c72ba
parent	194979071242305649314809e94c4d4d61c3fc0b (diff)
download	poky-1fd22a4cd80567e832938323165aff070117d17a.tar.gz

diff --git a/meta/recipes-core/glib-networking/glib-networking/0001-tls-tests-disable-PKCS-11-tests-if-not-available.patch b/meta/recipes-core/glib-networking/glib-networking/0001-tls-tests-disable-PKCS-11-tests-if-not-available.patch new file mode 100644 index 0000000000..7b003588c8 --- /dev/null +++ b/meta/recipes-core/glib-networking/glib-networking/0001-tls-tests-disable-PKCS-11-tests-if-not-available.patch
@@ -0,0 +1,113 @@
		1	From 04728a5b73e870b4695c5e7ba42fa41c00471944 Mon Sep 17 00:00:00 2001
		2	From: Ross Burton <ross.burton@arm.com>
		3	Date: Fri, 12 May 2023 20:19:35 +0100
		4	Subject: [PATCH] tls/tests: disable PKCS#11 tests if not available
		5
		6	GnuTLS can be built without PKCS#11, which means the symbols
		7	gnutls_pkcs11_init and gnutls_pkcs11_add_provider are not part of the
		8	library.
		9
		10	If these symbols don't exist in GnuTLS then we can't add a mock pkcs#11
		11	provider for testing, and several tests which need the mock provider
		12	will fail.
		13
		14	Solve this by checking for the symbols at build time and disabling the
		15	provider and tests which need it.
		16
		17	Upstream-Status: Backport
		18	Signed-off-by: Ross Burton <ross.burton@arm.com>
		19	---
		20	meson.build \| 4 ++++
		21	tls/tests/certificate.c \| 11 +++++++----
		22	tls/tests/connection.c \| 4 +++-
		23	3 files changed, 14 insertions(+), 5 deletions(-)
		24
		25	diff --git a/meson.build b/meson.build
		26	index 0fa9027..d2a023a 100644
		27	--- a/meson.build
		28	+++ b/meson.build
		29	@@ -84,6 +84,10 @@ gnutls_dep = dependency('gnutls', version: '>= 3.7.4', required: get_option('gnu
		30
		31	if gnutls_dep.found()
		32	backends += ['gnutls']
		33	+ # test-specific, maybe move to tls/tests
		34	+ if cc.has_function('gnutls_pkcs11_init', prefix: '#include <gnutls/pkcs11.h>', dependencies: gnutls_dep)
		35	+ config_h.set10('HAVE_GNUTLS_PKCS11', true)
		36	+ endif
		37	endif
		38
		39	# * Checks for OpenSSL *
		40	diff --git a/tls/tests/certificate.c b/tls/tests/certificate.c
		41	index e820ba1..dd2412b 100644
		42	--- a/tls/tests/certificate.c
		43	+++ b/tls/tests/certificate.c
		44	@@ -24,6 +24,7 @@
		45	* Author: Stef Walter <stefw@collabora.co.uk>
		46	*/
		47
		48	+#include "config.h"
		49	#include "certificate.h"
		50
		51	#include <gio/gio.h>
		52	@@ -911,7 +912,7 @@ int
		53	main (int argc,
		54	char *argv[])
		55	{
		56	-#ifdef BACKEND_IS_GNUTLS
		57	+#if defined(BACKEND_IS_GNUTLS) && HAVE_GNUTLS_PKCS11
		58	char *module_path;
		59	#endif
		60
		61	@@ -921,7 +922,7 @@ main (int argc,
		62	g_setenv ("GIO_USE_TLS", BACKEND, TRUE);
		63	g_assert_cmpint (g_ascii_strcasecmp (G_OBJECT_TYPE_NAME (g_tls_backend_get_default ()), "GTlsBackend" BACKEND), ==, 0);
		64
		65	-#ifdef BACKEND_IS_GNUTLS
		66	+#if defined(BACKEND_IS_GNUTLS) && HAVE_GNUTLS_PKCS11
		67	module_path = g_test_build_filename (G_TEST_BUILT, "mock-pkcs11.so", NULL);
		68	g_assert_true (g_file_test (module_path, G_FILE_TEST_EXISTS));
		69
		70	@@ -942,12 +943,14 @@ main (int argc,
		71	setup_certificate, test_create_certificate_with_issuer, teardown_certificate);
		72	g_test_add ("/tls/" BACKEND "/certificate/create-with-garbage-input", TestCertificate, NULL,
		73	setup_certificate, test_create_certificate_with_garbage_input, teardown_certificate);
		74	- g_test_add ("/tls/" BACKEND "/certificate/pkcs11", TestCertificate, NULL,
		75	- setup_certificate, test_create_certificate_pkcs11, teardown_certificate);
		76	g_test_add ("/tls/" BACKEND "/certificate/private-key", TestCertificate, NULL,
		77	setup_certificate, test_private_key, teardown_certificate);
		78	+#if HAVE_GNUTLS_PKCS11
		79	+ g_test_add ("/tls/" BACKEND "/certificate/pkcs11", TestCertificate, NULL,
		80	+ setup_certificate, test_create_certificate_pkcs11, teardown_certificate);
		81	g_test_add ("/tls/" BACKEND "/certificate/private-key-pkcs11", TestCertificate, NULL,
		82	setup_certificate, test_private_key_pkcs11, teardown_certificate);
		83	+#endif
		84
		85	g_test_add_func ("/tls/" BACKEND "/certificate/create-chain", test_create_certificate_chain);
		86	g_test_add_func ("/tls/" BACKEND "/certificate/create-no-chain", test_create_certificate_no_chain);
		87	diff --git a/tls/tests/connection.c b/tls/tests/connection.c
		88	index 17efe1b..62a7fbb 100644
		89	--- a/tls/tests/connection.c
		90	+++ b/tls/tests/connection.c
		91	@@ -3376,7 +3376,7 @@ main (int argc,
		92
		93	g_assert_true (g_ascii_strcasecmp (G_OBJECT_TYPE_NAME (g_tls_backend_get_default ()), "GTlsBackend" BACKEND) == 0);
		94
		95	-#ifdef BACKEND_IS_GNUTLS
		96	+#if defined(BACKEND_IS_GNUTLS) && HAVE_GNUTLS_PKCS11
		97	module_path = g_test_build_filename (G_TEST_BUILT, "mock-pkcs11.so", NULL);
		98	g_assert_true (g_file_test (module_path, G_FILE_TEST_EXISTS));
		99
		100	@@ -3438,8 +3438,10 @@ main (int argc,
		101	setup_connection, test_client_auth_request_fail, teardown_connection);
		102	g_test_add ("/tls/" BACKEND "/connection/client-auth-request-none", TestConnection, NULL,
		103	setup_connection, test_client_auth_request_none, teardown_connection);
		104	+#if HAVE_GNUTLS_PKCS11
		105	g_test_add ("/tls/" BACKEND "/connection/client-auth-pkcs11", TestConnection, NULL,
		106	setup_connection, test_client_auth_pkcs11_connection, teardown_connection);
		107	+#endif
		108	g_test_add ("/tls/" BACKEND "/connection/no-database", TestConnection, NULL,
		109	setup_connection, test_connection_no_database, teardown_connection);
		110	g_test_add ("/tls/" BACKEND "/connection/failed", TestConnection, NULL,
		111	--
		112	2.34.1
		113


diff --git a/meta/recipes-core/glib-networking/glib-networking_2.76.1.bb b/meta/recipes-core/glib-networking/glib-networking_2.76.1.bb index 8e7290cdbb..66b6a78a53 100644 --- a/meta/recipes-core/glib-networking/glib-networking_2.76.1.bb +++ b/meta/recipes-core/glib-networking/glib-networking_2.76.1.bb
@@ -30,6 +30,7 @@ inherit gnomebase gettext upstream-version-is-even gio-module-cache ptest-gnome
30		30
31	SRC_URI += "file://run-ptest"	31	SRC_URI += "file://run-ptest"
32	SRC_URI += "file://eagain.patch"	32	SRC_URI += "file://eagain.patch"
		33	SRC_URI += "file://0001-tls-tests-disable-PKCS-11-tests-if-not-available.patch"
33		34
34	FILES:${PN} += "\	35	FILES:${PN} += "\
35	${libdir}/gio/modules/libgio*.so \	36	${libdir}/gio/modules/libgio*.so \