-
Notifications
You must be signed in to change notification settings - Fork 2.6k
Modularize our TLS & hash detection #5055
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
Merged
Changes from all commits
Commits
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,126 @@ | ||
| # Select the backend to use | ||
|
|
||
| # We try to find any packages our backends might use | ||
| FIND_PACKAGE(OpenSSL) | ||
| FIND_PACKAGE(mbedTLS) | ||
| IF (CMAKE_SYSTEM_NAME MATCHES "Darwin") | ||
| FIND_PACKAGE(Security) | ||
| FIND_PACKAGE(CoreFoundation) | ||
| ENDIF() | ||
|
|
||
| # Auto-select TLS backend | ||
| IF (USE_HTTPS STREQUAL ON) | ||
| message(ON) | ||
| IF (SECURITY_FOUND) | ||
| IF (SECURITY_HAS_SSLCREATECONTEXT) | ||
| SET(HTTPS_BACKEND "SecureTransport") | ||
| ELSE() | ||
| MESSAGE("-- Security framework is too old, falling back to OpenSSL") | ||
| SET(HTTPS_BACKEND "OpenSSL") | ||
| ENDIF() | ||
| ELSEIF (WINHTTP) | ||
| SET(HTTPS_BACKEND "WinHTTP") | ||
| ELSEIF(OPENSSL_FOUND) | ||
| SET(HTTPS_BACKEND "OpenSSL") | ||
| ELSEIF(MBEDTLS_FOUND) | ||
| SET(HTTPS_BACKEND "mbedTLS") | ||
| ELSE() | ||
| MESSAGE(FATAL_ERROR "Unable to autodetect a usable HTTPS backend." | ||
| "Please pass the backend name explicitly (-DUSE_HTTPS=backend)") | ||
| ENDIF() | ||
| ELSEIF(USE_HTTPS) | ||
| message(expl) | ||
| # HTTPS backend was explicitly set | ||
| SET(HTTPS_BACKEND ${USE_HTTPS}) | ||
| ELSE() | ||
| SET(HTTPS_BACKEND NO) | ||
| ENDIF() | ||
|
|
||
| IF(HTTPS_BACKEND) | ||
| # Check that we can find what's required for the selected backend | ||
| IF (HTTPS_BACKEND STREQUAL "SecureTransport") | ||
| IF (NOT COREFOUNDATION_FOUND) | ||
| MESSAGE(FATAL_ERROR "Cannot use SecureTransport backend, CoreFoundation.framework not found") | ||
| ENDIF() | ||
| IF (NOT SECURITY_FOUND) | ||
| MESSAGE(FATAL_ERROR "Cannot use SecureTransport backend, Security.framework not found") | ||
| ENDIF() | ||
| IF (NOT SECURITY_HAS_SSLCREATECONTEXT) | ||
| MESSAGE(FATAL_ERROR "Cannot use SecureTransport backend, SSLCreateContext not supported") | ||
| ENDIF() | ||
|
|
||
| SET(GIT_SECURE_TRANSPORT 1) | ||
| LIST(APPEND LIBGIT2_SYSTEM_INCLUDES ${SECURITY_INCLUDE_DIR}) | ||
| LIST(APPEND LIBGIT2_LIBS ${COREFOUNDATION_LIBRARIES} ${SECURITY_LIBRARIES}) | ||
| LIST(APPEND LIBGIT2_PC_LIBS ${COREFOUNDATION_LDFLAGS} ${SECURITY_LDFLAGS}) | ||
| ELSEIF (HTTPS_BACKEND STREQUAL "OpenSSL") | ||
| IF (NOT OPENSSL_FOUND) | ||
| MESSAGE(FATAL_ERROR "Asked for OpenSSL TLS backend, but it wasn't found") | ||
| ENDIF() | ||
|
|
||
| SET(GIT_OPENSSL 1) | ||
| LIST(APPEND LIBGIT2_SYSTEM_INCLUDES ${OPENSSL_INCLUDE_DIR}) | ||
| LIST(APPEND LIBGIT2_LIBS ${OPENSSL_LIBRARIES}) | ||
| LIST(APPEND LIBGIT2_PC_LIBS ${OPENSSL_LDFLAGS}) | ||
| LIST(APPEND LIBGIT2_PC_REQUIRES "openssl") | ||
| ELSEIF(HTTPS_BACKEND STREQUAL "mbedTLS") | ||
| IF (NOT MBEDTLS_FOUND) | ||
| MESSAGE(FATAL_ERROR "Asked for mbedTLS backend, but it wasn't found") | ||
| ENDIF() | ||
|
|
||
| IF(NOT CERT_LOCATION) | ||
| MESSAGE("Auto-detecting default certificates location") | ||
| IF(CMAKE_SYSTEM_NAME MATCHES Darwin) | ||
| # Check for an Homebrew installation | ||
| SET(OPENSSL_CMD "/usr/local/opt/openssl/bin/openssl") | ||
| ELSE() | ||
| SET(OPENSSL_CMD "openssl") | ||
| ENDIF() | ||
| EXECUTE_PROCESS(COMMAND ${OPENSSL_CMD} version -d OUTPUT_VARIABLE OPENSSL_DIR OUTPUT_STRIP_TRAILING_WHITESPACE) | ||
| IF(OPENSSL_DIR) | ||
| STRING(REGEX REPLACE "^OPENSSLDIR: \"(.*)\"$" "\\1/" OPENSSL_DIR ${OPENSSL_DIR}) | ||
|
|
||
| SET(OPENSSL_CA_LOCATIONS | ||
| "ca-bundle.pem" # OpenSUSE Leap 42.1 | ||
| "cert.pem" # Ubuntu 14.04, FreeBSD | ||
| "certs/ca-certificates.crt" # Ubuntu 16.04 | ||
| "certs/ca.pem" # Debian 7 | ||
| ) | ||
| FOREACH(SUFFIX IN LISTS OPENSSL_CA_LOCATIONS) | ||
| SET(LOC "${OPENSSL_DIR}${SUFFIX}") | ||
| IF(NOT CERT_LOCATION AND EXISTS "${OPENSSL_DIR}${SUFFIX}") | ||
| SET(CERT_LOCATION ${LOC}) | ||
| ENDIF() | ||
| ENDFOREACH() | ||
| ELSE() | ||
| MESSAGE("Unable to find OpenSSL executable. Please provide default certificate location via CERT_LOCATION") | ||
| ENDIF() | ||
| ENDIF() | ||
|
|
||
| IF(CERT_LOCATION) | ||
| IF(NOT EXISTS ${CERT_LOCATION}) | ||
| MESSAGE(FATAL_ERROR "Cannot use CERT_LOCATION=${CERT_LOCATION} as it doesn't exist") | ||
| ENDIF() | ||
| ADD_FEATURE_INFO(CERT_LOCATION ON "using certificates from ${CERT_LOCATION}") | ||
| ADD_DEFINITIONS(-DGIT_DEFAULT_CERT_LOCATION="${CERT_LOCATION}") | ||
| ENDIF() | ||
|
|
||
| SET(GIT_MBEDTLS 1) | ||
| LIST(APPEND LIBGIT2_SYSTEM_INCLUDES ${MBEDTLS_INCLUDE_DIR}) | ||
| LIST(APPEND LIBGIT2_LIBS ${MBEDTLS_LIBRARIES}) | ||
| # mbedTLS has no pkgconfig file, hence we can't require it | ||
| # https://github.com/ARMmbed/mbedtls/issues/228 | ||
| # For now, pass its link flags as our own | ||
| LIST(APPEND LIBGIT2_PC_LIBS ${MBEDTLS_LIBRARIES}) | ||
| ELSEIF (HTTPS_BACKEND STREQUAL "WinHTTP") | ||
| # WinHTTP setup was handled in the WinHTTP-specific block above | ||
| ELSE() | ||
| MESSAGE(FATAL_ERROR "Asked for backend ${HTTPS_BACKEND} but it wasn't found") | ||
| ENDIF() | ||
|
|
||
| SET(GIT_HTTPS 1) | ||
| ADD_FEATURE_INFO(HTTPS GIT_HTTPS "using ${HTTPS_BACKEND}") | ||
| ELSE() | ||
| SET(GIT_HTTPS 0) | ||
| ADD_FEATURE_INFO(HTTPS NO "") | ||
| ENDIF() |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,64 @@ | ||
| # Select a hash backend | ||
|
|
||
| # USE_SHA1=CollisionDetection(ON)/HTTPS/Generic/OFF | ||
|
|
||
| IF(USE_SHA1 STREQUAL ON OR USE_SHA1 STREQUAL "CollisionDetection") | ||
| SET(SHA1_BACKEND "CollisionDetection") | ||
| ELSEIF(USE_SHA1 STREQUAL "HTTPS") | ||
| message("Checking HTTPS backend… ${HTTPS_BACKEND}") | ||
| IF(HTTPS_BACKEND STREQUAL "SecureTransport") | ||
| SET(SHA1_BACKEND "CommonCrypto") | ||
| ELSEIF(HTTPS_BACKEND STREQUAL "WinHTTP") | ||
| SET(SHA1_BACKEND "Win32") | ||
| ELSEIF(HTTPS_BACKEND) | ||
| SET(SHA1_BACKEND ${HTTPS_BACKEND}) | ||
| ELSE() | ||
| ENDIF() | ||
| IF(NOT HTTPS_BACKEND) | ||
| SET(SHA1_BACKEND "CollisionDetection") | ||
| ENDIF() | ||
| message(STATUS "Using SHA1 backend ${SHA1_BACKEND}") | ||
| ELSEIF(USE_SHA1 STREQUAL "Generic") | ||
| SET(SHA1_BACKEND "Generic") | ||
| # ELSEIF(NOT USE_SHA1) | ||
| ELSE() | ||
| MESSAGE(FATAL_ERROR "Invalid value for USE_SHA1: ${USE_SHA1}") | ||
| ENDIF() | ||
|
|
||
| IF(SHA1_BACKEND STREQUAL "CollisionDetection") | ||
| SET(GIT_SHA1_COLLISIONDETECT 1) | ||
| ADD_DEFINITIONS(-DSHA1DC_NO_STANDARD_INCLUDES=1) | ||
| ADD_DEFINITIONS(-DSHA1DC_CUSTOM_INCLUDE_SHA1_C=\"common.h\") | ||
| ADD_DEFINITIONS(-DSHA1DC_CUSTOM_INCLUDE_UBC_CHECK_C=\"common.h\") | ||
| FILE(GLOB SRC_SHA1 hash/hash_collisiondetect.c hash/sha1dc/*) | ||
| ELSEIF(SHA1_BACKEND STREQUAL "OpenSSL") | ||
| # OPENSSL_FOUND should already be set, we're checking HTTPS_BACKEND | ||
|
|
||
| SET(GIT_SHA1_OPENSSL 1) | ||
| IF(CMAKE_SYSTEM_NAME MATCHES "FreeBSD") | ||
| LIST(APPEND LIBGIT2_PC_LIBS "-lssl") | ||
| ELSE() | ||
| LIST(APPEND LIBGIT2_PC_REQUIRES "openssl") | ||
| ENDIF() | ||
| ELSEIF(SHA1_BACKEND STREQUAL "CommonCrypto") | ||
| SET(GIT_SHA1_COMMON_CRYPTO 1) | ||
| ELSEIF(SHA1_BACKEND STREQUAL "mbedTLS") | ||
| SET(GIT_SHA1_MBEDTLS 1) | ||
| FILE(GLOB SRC_SHA1 hash/hash_mbedtls.c) | ||
| LIST(APPEND LIBGIT2_SYSTEM_INCLUDES ${MBEDTLS_INCLUDE_DIR}) | ||
| LIST(APPEND LIBGIT2_LIBS ${MBEDTLS_LIBRARIES}) | ||
| # mbedTLS has no pkgconfig file, hence we can't require it | ||
| # https://github.com/ARMmbed/mbedtls/issues/228 | ||
| # For now, pass its link flags as our own | ||
| LIST(APPEND LIBGIT2_PC_LIBS ${MBEDTLS_LIBRARIES}) | ||
| ELSEIF(SHA1_BACKEND STREQUAL "Win32") | ||
| SET(GIT_SHA1_WIN32 1) | ||
| FILE(GLOB SRC_SHA1 hash/hash_win32.c) | ||
| ELSEIF(SHA1_BACKEND STREQUAL "Generic") | ||
| FILE(GLOB SRC_SHA1 hash/hash_generic.c) | ||
| # ELSEIF(NOT USE_SHA1) | ||
| ELSE() | ||
| MESSAGE(FATAL_ERROR "Asked for unknown SHA1 backend: ${SHA1_BACKEND}") | ||
| ENDIF() | ||
|
|
||
| ADD_FEATURE_INFO(SHA ON "using ${SHA1_BACKEND}") | ||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd wager we should prepare for the SHA256 transition and call this
SelectSHA1or something like thatThere was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I was planning to just stash whatever build support we need for hashes in that file as needed, hence the generic name. It could be easily morphed into a function/loop over hashes or something else.