From patchwork Thu Aug 31 10:02:42 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ross Burton X-Patchwork-Id: 29764 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 511C5C83F32 for ; Thu, 31 Aug 2023 10:02:55 +0000 (UTC) Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web10.13398.1693476166032881384 for ; Thu, 31 Aug 2023 03:02:46 -0700 Authentication-Results: mx.groups.io; dkim=none (message not signed); spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: ross.burton@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id D0821C15; Thu, 31 Aug 2023 03:03:24 -0700 (PDT) Received: from oss-tx204.lab.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.121.207.14]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id DBF263F64C; Thu, 31 Aug 2023 03:02:44 -0700 (PDT) From: ross.burton@arm.com To: openembedded-core@lists.openembedded.org Cc: nd@arm.com Subject: [PATCH 1/2] glib-networking: enable build with GnuTLS if PKCS#11 was disabled Date: Thu, 31 Aug 2023 11:02:42 +0100 Message-Id: <20230831100243.3946833-1-ross.burton@arm.com> X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 31 Aug 2023 10:02:55 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/186967 From: Ross Burton If GnuTLS is built without PKCS#11 support then glib-networking will fail to build the tests. Backport a patch to fix this issue. Signed-off-by: Ross Burton --- ...sable-PKCS-11-tests-if-not-available.patch | 113 ++++++++++++++++++ .../glib-networking/glib-networking_2.76.1.bb | 1 + 2 files changed, 114 insertions(+) create mode 100644 meta/recipes-core/glib-networking/glib-networking/0001-tls-tests-disable-PKCS-11-tests-if-not-available.patch diff --git a/meta/recipes-core/glib-networking/glib-networking/0001-tls-tests-disable-PKCS-11-tests-if-not-available.patch b/meta/recipes-core/glib-networking/glib-networking/0001-tls-tests-disable-PKCS-11-tests-if-not-available.patch new file mode 100644 index 00000000000..7b003588c88 --- /dev/null +++ b/meta/recipes-core/glib-networking/glib-networking/0001-tls-tests-disable-PKCS-11-tests-if-not-available.patch @@ -0,0 +1,113 @@ +From 04728a5b73e870b4695c5e7ba42fa41c00471944 Mon Sep 17 00:00:00 2001 +From: Ross Burton +Date: Fri, 12 May 2023 20:19:35 +0100 +Subject: [PATCH] tls/tests: disable PKCS#11 tests if not available + +GnuTLS can be built without PKCS#11, which means the symbols +gnutls_pkcs11_init and gnutls_pkcs11_add_provider are not part of the +library. + +If these symbols don't exist in GnuTLS then we can't add a mock pkcs#11 +provider for testing, and several tests which need the mock provider +will fail. + +Solve this by checking for the symbols at build time and disabling the +provider and tests which need it. + +Upstream-Status: Backport +Signed-off-by: Ross Burton +--- + meson.build | 4 ++++ + tls/tests/certificate.c | 11 +++++++---- + tls/tests/connection.c | 4 +++- + 3 files changed, 14 insertions(+), 5 deletions(-) + +diff --git a/meson.build b/meson.build +index 0fa9027..d2a023a 100644 +--- a/meson.build ++++ b/meson.build +@@ -84,6 +84,10 @@ gnutls_dep = dependency('gnutls', version: '>= 3.7.4', required: get_option('gnu + + if gnutls_dep.found() + backends += ['gnutls'] ++ # test-specific, maybe move to tls/tests ++ if cc.has_function('gnutls_pkcs11_init', prefix: '#include ', dependencies: gnutls_dep) ++ config_h.set10('HAVE_GNUTLS_PKCS11', true) ++ endif + endif + + # *** Checks for OpenSSL *** +diff --git a/tls/tests/certificate.c b/tls/tests/certificate.c +index e820ba1..dd2412b 100644 +--- a/tls/tests/certificate.c ++++ b/tls/tests/certificate.c +@@ -24,6 +24,7 @@ + * Author: Stef Walter + */ + ++#include "config.h" + #include "certificate.h" + + #include +@@ -911,7 +912,7 @@ int + main (int argc, + char *argv[]) + { +-#ifdef BACKEND_IS_GNUTLS ++#if defined(BACKEND_IS_GNUTLS) && HAVE_GNUTLS_PKCS11 + char *module_path; + #endif + +@@ -921,7 +922,7 @@ main (int argc, + g_setenv ("GIO_USE_TLS", BACKEND, TRUE); + g_assert_cmpint (g_ascii_strcasecmp (G_OBJECT_TYPE_NAME (g_tls_backend_get_default ()), "GTlsBackend" BACKEND), ==, 0); + +-#ifdef BACKEND_IS_GNUTLS ++#if defined(BACKEND_IS_GNUTLS) && HAVE_GNUTLS_PKCS11 + module_path = g_test_build_filename (G_TEST_BUILT, "mock-pkcs11.so", NULL); + g_assert_true (g_file_test (module_path, G_FILE_TEST_EXISTS)); + +@@ -942,12 +943,14 @@ main (int argc, + setup_certificate, test_create_certificate_with_issuer, teardown_certificate); + g_test_add ("/tls/" BACKEND "/certificate/create-with-garbage-input", TestCertificate, NULL, + setup_certificate, test_create_certificate_with_garbage_input, teardown_certificate); +- g_test_add ("/tls/" BACKEND "/certificate/pkcs11", TestCertificate, NULL, +- setup_certificate, test_create_certificate_pkcs11, teardown_certificate); + g_test_add ("/tls/" BACKEND "/certificate/private-key", TestCertificate, NULL, + setup_certificate, test_private_key, teardown_certificate); ++#if HAVE_GNUTLS_PKCS11 ++ g_test_add ("/tls/" BACKEND "/certificate/pkcs11", TestCertificate, NULL, ++ setup_certificate, test_create_certificate_pkcs11, teardown_certificate); + g_test_add ("/tls/" BACKEND "/certificate/private-key-pkcs11", TestCertificate, NULL, + setup_certificate, test_private_key_pkcs11, teardown_certificate); ++#endif + + g_test_add_func ("/tls/" BACKEND "/certificate/create-chain", test_create_certificate_chain); + g_test_add_func ("/tls/" BACKEND "/certificate/create-no-chain", test_create_certificate_no_chain); +diff --git a/tls/tests/connection.c b/tls/tests/connection.c +index 17efe1b..62a7fbb 100644 +--- a/tls/tests/connection.c ++++ b/tls/tests/connection.c +@@ -3376,7 +3376,7 @@ main (int argc, + + g_assert_true (g_ascii_strcasecmp (G_OBJECT_TYPE_NAME (g_tls_backend_get_default ()), "GTlsBackend" BACKEND) == 0); + +-#ifdef BACKEND_IS_GNUTLS ++#if defined(BACKEND_IS_GNUTLS) && HAVE_GNUTLS_PKCS11 + module_path = g_test_build_filename (G_TEST_BUILT, "mock-pkcs11.so", NULL); + g_assert_true (g_file_test (module_path, G_FILE_TEST_EXISTS)); + +@@ -3438,8 +3438,10 @@ main (int argc, + setup_connection, test_client_auth_request_fail, teardown_connection); + g_test_add ("/tls/" BACKEND "/connection/client-auth-request-none", TestConnection, NULL, + setup_connection, test_client_auth_request_none, teardown_connection); ++#if HAVE_GNUTLS_PKCS11 + g_test_add ("/tls/" BACKEND "/connection/client-auth-pkcs11", TestConnection, NULL, + setup_connection, test_client_auth_pkcs11_connection, teardown_connection); ++#endif + g_test_add ("/tls/" BACKEND "/connection/no-database", TestConnection, NULL, + setup_connection, test_connection_no_database, teardown_connection); + g_test_add ("/tls/" BACKEND "/connection/failed", TestConnection, NULL, +-- +2.34.1 + diff --git a/meta/recipes-core/glib-networking/glib-networking_2.76.1.bb b/meta/recipes-core/glib-networking/glib-networking_2.76.1.bb index 8e7290cdbb1..66b6a78a531 100644 --- a/meta/recipes-core/glib-networking/glib-networking_2.76.1.bb +++ b/meta/recipes-core/glib-networking/glib-networking_2.76.1.bb @@ -30,6 +30,7 @@ inherit gnomebase gettext upstream-version-is-even gio-module-cache ptest-gnome SRC_URI += "file://run-ptest" SRC_URI += "file://eagain.patch" +SRC_URI += "file://0001-tls-tests-disable-PKCS-11-tests-if-not-available.patch" FILES:${PN} += "\ ${libdir}/gio/modules/libgio*.so \ From patchwork Thu Aug 31 10:02:43 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ross Burton X-Patchwork-Id: 29763 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 43DBCC83F10 for ; Thu, 31 Aug 2023 10:02:55 +0000 (UTC) Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web11.13347.1693476166410075631 for ; Thu, 31 Aug 2023 03:02:46 -0700 Authentication-Results: mx.groups.io; dkim=none (message not signed); spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: ross.burton@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 8F8FEFEC; Thu, 31 Aug 2023 03:03:25 -0700 (PDT) Received: from oss-tx204.lab.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.121.207.14]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 9C1F73F64C; Thu, 31 Aug 2023 03:02:45 -0700 (PDT) From: ross.burton@arm.com To: openembedded-core@lists.openembedded.org Cc: nd@arm.com Subject: [PATCH 2/2] glib-networking: use gnutls backend for TLS sockets Date: Thu, 31 Aug 2023 11:02:43 +0100 Message-Id: <20230831100243.3946833-2-ross.burton@arm.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230831100243.3946833-1-ross.burton@arm.com> References: <20230831100243.3946833-1-ross.burton@arm.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 31 Aug 2023 10:02:55 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/186968 From: Ross Burton As per upstream: There are hacks in half the tests where this backend doesn't return the expected error code or doesn't work as expected. I do hope to enable this backend by default in the future. For now, it's not there yet. https://gitlab.gnome.org/GNOME/glib-networking/-/commit/8e1d80c1e0fc52d17d08a21946fa4a86ec30e1db Signed-off-by: Ross Burton --- meta/recipes-core/glib-networking/glib-networking_2.76.1.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-core/glib-networking/glib-networking_2.76.1.bb b/meta/recipes-core/glib-networking/glib-networking_2.76.1.bb index 66b6a78a531..ed1625617e6 100644 --- a/meta/recipes-core/glib-networking/glib-networking_2.76.1.bb +++ b/meta/recipes-core/glib-networking/glib-networking_2.76.1.bb @@ -16,7 +16,7 @@ DEPENDS = "glib-2.0-native glib-2.0" SRC_URI[archive.sha256sum] = "5c698a9994dde51efdfb1026a56698a221d6250e89dc50ebcddda7b81480a42b" -PACKAGECONFIG ??= "openssl environment ${@bb.utils.contains('PTEST_ENABLED', '1', 'tests', '', d)}" +PACKAGECONFIG ??= "gnutls environment ${@bb.utils.contains('PTEST_ENABLED', '1', 'tests', '', d)}" PACKAGECONFIG[gnutls] = "-Dgnutls=enabled,-Dgnutls=disabled,gnutls" PACKAGECONFIG[openssl] = "-Dopenssl=enabled,-Dopenssl=disabled,openssl"