diff options
author | Miklos Vajna <vmiklos@collabora.co.uk> | 2017-06-21 21:59:11 +0200 |
---|---|---|
committer | Rene Engelhard <rene@debian.org> | 2017-07-04 19:23:18 +0200 |
commit | 0d3f1a50d7bea8a1709e8ba065116d22547e48a4 (patch) | |
tree | 56bcbae10a6485d2d74e248f8f55e12c601b1801 | |
parent | c349af53490d5e883ec791fb743092243c7ad46e (diff) |
xmlsecurity: implement support for building against system-xmlsec
The only remaining difference is that in the system-xmlsec case we work
with the default key manager, not with the one that's only added by our
xmlsec patches.
This works for me for the uses I know of (see
<https://lists.freedesktop.org/archives/libreoffice/2017-February/076947.html>
for the motivation): signing and verifying of different signatures (bad
signature, good with non-trusted CA, good with trusted CA) with
software-based certificates all behave as expected.
Change-Id: If3f3e2b8373ab7397db3f98070a5a2ce51fa7c06
Reviewed-on: https://gerrit.libreoffice.org/39075
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-on: https://gerrit.libreoffice.org/39274
Reviewed-by: Michael Stahl <mstahl@redhat.com>
Reviewed-by: Rene Engelhard <rene@debian.org>
Tested-by: Rene Engelhard <rene@debian.org>
-rw-r--r-- | Repository.mk | 1 | ||||
-rw-r--r-- | RepositoryExternal.mk | 28 | ||||
-rw-r--r-- | config_host.mk.in | 3 | ||||
-rw-r--r-- | configure.ac | 5 | ||||
-rw-r--r-- | external/Module_external.mk | 2 | ||||
-rw-r--r-- | xmlsecurity/Library_xsec_xmlsec.mk | 8 | ||||
-rw-r--r-- | xmlsecurity/inc/xmlsec-wrapper.h | 2 | ||||
-rw-r--r-- | xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx | 9 |
8 files changed, 55 insertions, 3 deletions
diff --git a/Repository.mk b/Repository.mk index 8df60d4d7a51..184f5661ee10 100644 --- a/Repository.mk +++ b/Repository.mk @@ -933,7 +933,6 @@ $(eval $(call gb_Helper_register_packages_for_install,ooo,\ wizards_basicsrvtools \ wizards_basicsrvtutorials \ wizards_basicusr \ - xmlsec \ $(if $(ENABLE_HEADLESS),, \ chart2_opengl_shader \ ) \ diff --git a/RepositoryExternal.mk b/RepositoryExternal.mk index eb0b3e2c9d40..8ce8555a7233 100644 --- a/RepositoryExternal.mk +++ b/RepositoryExternal.mk @@ -921,6 +921,34 @@ endef endif # SYSTEM_LIBXSLT +ifneq ($(SYSTEM_XMLSEC),) + +define gb_LinkTarget__use_xmlsec +$(call gb_LinkTarget_add_defs,$(1),\ + -DSYSTEM_XMLSEC \ +) +$(call gb_LinkTarget_set_include,$(1),\ + $$(INCLUDE) \ + $(XMLSEC_CFLAGS) \ +) +$(call gb_LinkTarget_add_libs,$(1),$(XMLSEC_LIBS)) + +endef + +gb_ExternalProject__use_xmlsec:= + +else # !SYSTEM_XMLSEC + +$(eval $(call gb_Helper_register_packages_for_install,ooo,\ + xmlsec \ +)) + +define gb_LinkTarget__use_xmlsec + +endef + +endif # SYSTEM_XMLSEC + ifneq ($(SYSTEM_LIBLANGTAG),) define gb_LinkTarget__use_liblangtag diff --git a/config_host.mk.in b/config_host.mk.in index 880895e3c00f..60e1f781b377 100644 --- a/config_host.mk.in +++ b/config_host.mk.in @@ -561,6 +561,7 @@ export SYSTEM_VISIO=@SYSTEM_VISIO@ export SYSTEM_WPD=@SYSTEM_WPD@ export SYSTEM_WPG=@SYSTEM_WPG@ export SYSTEM_WPS=@SYSTEM_WPS@ +export SYSTEM_XMLSEC=@SYSTEM_XMLSEC@ export SYSTEM_ZLIB=@SYSTEM_ZLIB@ export SYSTEM_ZMF=@SYSTEM_ZMF@ export TARFILE_LOCATION=@TARFILE_LOCATION@ @@ -617,6 +618,8 @@ export XCODE_ARCHS=@XCODE_ARCHS@ export XCODEBUILD_SDK=@XCODEBUILD_SDK@ export XINERAMA_LINK=@XINERAMA_LINK@ export XMLLINT=@XMLLINT@ +export XMLSEC_CFLAGS=$(gb_SPACE)@XMLSEC_CFLAGS@ +export XMLSEC_LIBS=$(gb_SPACE)@XMLSEC_LIBS@ export XRANDR_CFLAGS=$(gb_SPACE)@XRANDR_CFLAGS@ export XRANDR_LIBS=$(gb_SPACE)@XRANDR_LIBS@ export XRENDER_CFLAGS=$(gb_SPACE)@XRENDER_CFLAGS@ diff --git a/configure.ac b/configure.ac index 34610c473bb3..456c553f6c79 100644 --- a/configure.ac +++ b/configure.ac @@ -7821,6 +7821,11 @@ dnl Check for system expat dnl =================================================================== libo_CHECK_SYSTEM_MODULE([expat], [EXPAT], [expat]) +dnl =================================================================== +dnl Check for system xmlsec +dnl =================================================================== +libo_CHECK_SYSTEM_MODULE([xmlsec], [XMLSEC], [xmlsec1-nss >= 1.2.24]) + AC_MSG_CHECKING([whether to enable Embedded OpenType support]) if test "$_os" != "WINNT" -a "$_os" != "Darwin" -a "$enable_eot" = "yes"; then ENABLE_EOT="TRUE" diff --git a/external/Module_external.mk b/external/Module_external.mk index 2de9c095feab..2f5373535f78 100644 --- a/external/Module_external.mk +++ b/external/Module_external.mk @@ -14,7 +14,7 @@ $(eval $(call gb_Module_add_moduledir,external,msc-externals)) endif $(eval $(call gb_Module_add_moduledirs,external,\ - $(if $(filter-out IOS,$(OS)),libxmlsec) \ + $(if $(filter-out IOS,$(OS)),$(call gb_Helper_optional,XMLSEC,libxmlsec)) \ $(call gb_Helper_optional,ABW,libabw) \ $(call gb_Helper_optional,APACHE_COMMONS,apache-commons) \ $(call gb_Helper_optional,APR,apr) \ diff --git a/xmlsecurity/Library_xsec_xmlsec.mk b/xmlsecurity/Library_xsec_xmlsec.mk index 639fe55f5add..5c3e20a9b970 100644 --- a/xmlsecurity/Library_xsec_xmlsec.mk +++ b/xmlsecurity/Library_xsec_xmlsec.mk @@ -46,12 +46,16 @@ $(eval $(call gb_Library_use_libraries,xsec_xmlsec,\ xo \ )) +ifeq ($(SYSTEM_XMLSEC),) $(eval $(call gb_Library_use_packages,xsec_xmlsec,\ xmlsec \ )) +endif + $(eval $(call gb_Library_use_externals,xsec_xmlsec,\ boost_headers \ libxml2 \ + xmlsec \ nss3 \ )) ifneq ($(filter-out WNT MACOSX ANDROID IOS,$(OS)),) @@ -130,12 +134,16 @@ $(eval $(call gb_Library_add_libs,xsec_xmlsec,\ $(call gb_UnpackedTarball_get_dir,xmlsec)/src/.libs/libxmlsec1.a \ )) else + +ifeq ($(SYSTEM_XMLSEC),) $(eval $(call gb_Library_add_libs,xsec_xmlsec,\ $(call gb_UnpackedTarball_get_dir,xmlsec)/src/nss/.libs/libxmlsec1-nss.a \ $(call gb_UnpackedTarball_get_dir,xmlsec)/src/.libs/libxmlsec1.a \ )) endif +endif + $(eval $(call gb_Library_use_externals,xsec_xmlsec,\ plc4 \ )) diff --git a/xmlsecurity/inc/xmlsec-wrapper.h b/xmlsecurity/inc/xmlsec-wrapper.h index 4a8a6554311b..6047d516a9ce 100644 --- a/xmlsecurity/inc/xmlsec-wrapper.h +++ b/xmlsecurity/inc/xmlsec-wrapper.h @@ -25,7 +25,7 @@ #include <sal/types.h> // Cf. xmlsec's configure.in (but which isn't used for MSVC): -#if !defined _MSC_VER && SAL_TYPES_SIZEOFPOINTER != 4 +#if !defined _MSC_VER && SAL_TYPES_SIZEOFPOINTER != 4 && !defined SYSTEM_XMLSEC #define XMLSEC_NO_SIZE_T #endif diff --git a/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx b/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx index a5b29017d180..5273c1c444d3 100644 --- a/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx +++ b/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx @@ -897,6 +897,7 @@ xmlSecKeysMngrPtr SecurityEnvironment_NssImpl::createKeysManager() { for (CIT_SLOTS islots = m_Slots.begin();islots != m_Slots.end(); ++islots, ++count) slots[count] = *islots; +#ifndef SYSTEM_XMLSEC xmlSecKeysMngrPtr pKeysMngr = xmlSecNssAppliedKeysMngrCreate(slots, cSlots, m_pHandler ) ; if( pKeysMngr == nullptr ) throw RuntimeException() ; @@ -930,6 +931,14 @@ xmlSecKeysMngrPtr SecurityEnvironment_NssImpl::createKeysManager() { throw RuntimeException() ; } } +#else // SYSTEM_XMLSEC + xmlSecKeysMngrPtr pKeysMngr = xmlSecKeysMngrCreate(); + if (!pKeysMngr) + throw RuntimeException(); + + if (xmlSecNssAppDefaultKeysMngrInit(pKeysMngr) < 0) + throw RuntimeException(); +#endif // SYSTEM_XMLSEC // Adopt the private key of the signing certificate, if it has any. if (auto pCertificate = dynamic_cast<X509Certificate_NssImpl*>(m_xSigningCertificate.get())) |