[libvirt] [PATCH] build: avoid -lgcrypt with newer gnutls

Daniel P. Berrange berrange at redhat.com
Fri Jul 26 12:26:56 UTC 2013 

On Thu, Jul 25, 2013 at 04:13:28PM -0600, Eric Blake wrote:
> https://bugzilla.redhat.com/show_bug.cgi?id=951637
> 
> Newer gnutls uses nettle, rather than gcrypt, which is a lot nicer
> regarding initialization.  Yet we were unconditionally initializing
> gcrypt even when gnutls wouldn't be using it, and having two crypto
> libraries linked into libvirt.so is pointless.
> 
> The ldd probe in configure borrows from our libnl-1 vs. libnl-3 code.
> 
> * configure.ac (WITH_GNUTLS): Probe whether to add -lgcrypt, and
> define a witness WITH_GNUTLS_GCRYPT.
> * src/libvirt.c (virTLSMutexInit, virTLSMutexDestroy)
> (virTLSMutexLock, virTLSMutexUnlock, virTLSThreadImpl)
> (virGlobalInit): Honor the witness.
> * libvirt.spec.in (BuildRequires): Make gcrypt usage conditional,
> no longer needed in Fedora 19.
> 
> Signed-off-by: Eric Blake <eblake at redhat.com>
> ---
> 
> Tested with 'ldd src/.libs/libvirt.so | grep -E "(gcry|net|tls)"':
> - on RHEL 6.4 and Fedora 18, pre- and post-patch remain unchanged
> (use of just libgnutls/libgcrypt)
> - on Fedora 19, pre-patch linked against libgnutls, libgcrypt, and
> libnettle, post-patch linked against just libgnutls and libnettle
> 
> This should probably go in for 1.1.1, but it's not a build-breaker
> so it needs review.
> 
>  configure.ac    | 27 +++++++++++++++++++++------
>  libvirt.spec.in |  2 ++
>  src/libvirt.c   | 10 ++++++----
>  3 files changed, 29 insertions(+), 10 deletions(-)
> 
> diff --git a/configure.ac b/configure.ac
> index cc9942a..de209e2 100644
> --- a/configure.ac
> +++ b/configure.ac
> @@ -1098,13 +1098,28 @@ if test "x$with_gnutls" != "xno"; then
>        AC_MSG_ERROR([You must install the GnuTLS library in order to compile and run libvirt])
>      fi
>    else
> -    dnl Not all versions of gnutls include -lgcrypt, and so we add
> -    dnl it explicitly for the calls to gcry_control/check_version
> -    GNUTLS_LIBS="$GNUTLS_LIBS -lgcrypt"
> 
> -    dnl We're not using gcrypt deprecated features so define
> -    dnl GCRYPT_NO_DEPRECATED to avoid deprecated warnings
> -    GNUTLS_CFLAGS="$GNUTLS_CFLAGS -DGCRYPT_NO_DEPRECATED"
> +    dnl If gnutls linked against -lgcrypt, then we must initialize gcrypt
> +    dnl prior to using gnutls.  Newer versions of gnutls use -lnettle, in
> +    dnl which case we don't want to drag in gcrypt ourselves.
> +    gnutls_ldd=
> +    for dir in /usr/lib64 /usr/lib /usr/lib/*-linux-gnu*; do
> +        if test -f $dir/libgnutls.so; then
> +            gnutls_ldd=`(ldd $dir/libgnutls.so) 2>&1`
> +            break
> +        fi
> +    done

Not sure this approach to finding libgnutls.so is going to work
reliably. eg, we allow  --with-gnutls=/some/dir to point to
say /usr/local, or /opt/gnutls.

Also with pkg-config, the library can be located basically
anywhere in the filesystem

Gnutls had a hard cutover point from gcrypt to nettle
in the 3.0.0 release. So could we just check the
GNUTLS_VERSION_MAJOR value >= 3 in the header ?


Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|

More information about the libvir-list mailing list