From 466c4fbfd5ef9852e8ecb5668221b9fd4562bfe0 Mon Sep 17 00:00:00 2001 From: stormshield-gt <143998166+stormshield-gt@users.noreply.github.com.> Date: Mon, 19 Aug 2024 16:31:17 +0200 Subject: [PATCH] Make usage of openSSL optional --- CHANGELOG.md | 9 +++++++ README.md | 6 +++++ pq-src/Cargo.toml | 3 ++- pq-src/additional_include/pg_config.h | 7 +++--- pq-src/build.rs | 35 ++++++++++++++++++++++----- pq-src/src/lib.rs | 1 + 6 files changed, 51 insertions(+), 10 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9fb6970..822aa02 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,15 @@ for Rust libraries in [RFC #1105](https://github.com/rust-lang/rfcs/blob/master/ ## Unreleased +### Changed + +* The `bundled` feature of `pq-sys` no longer use openssl by default. + To activate `openssl` when compiling `libpq` from source, add `pq-src` with the `with-openssl` feature to your crate dependencies: + ```toml + [dependencies] + pq-src = { version = "0.3.0", features = ["with-openssl"] } + ``` + ## pq-sys [0.6.1] 2024-06-11 ### Changed diff --git a/README.md b/README.md index b7fe38f..71d85e9 100644 --- a/README.md +++ b/README.md @@ -35,6 +35,12 @@ If pkg-config is being used, it's configuration options will apply. * `buildtime_bindgen`: Run `bindgen` at build-time to generate bindings using installed headers. Not compatible with the `bundled` feature. * `bundled`: Build the bundled version of `libpq` from source. + Optionally you can also activate the usage of `openssl` within `libpq` by adding the `pq-src` crate with the `with-openssl` feature to + your crate dependencies: + ```toml + [dependencies] + pq-src = { version = "0.3.0", features = ["with-openssl"] } + ``` To use a bundled version of `openssl`, add the `openssl-sys` crate with the `vendored` feature to your crate dependencies: ```toml [dependencies] diff --git a/pq-src/Cargo.toml b/pq-src/Cargo.toml index b247d36..66666ae 100644 --- a/pq-src/Cargo.toml +++ b/pq-src/Cargo.toml @@ -23,7 +23,7 @@ categories = ["database", "external-ffi-bindings"] readme = "README.md" [dependencies] -openssl-sys = "0.9.93" +openssl-sys = { version = "0.9.93", optional = true} [build-dependencies] cc = "1.0.83" @@ -31,3 +31,4 @@ cc = "1.0.83" [features] default = [] with-asan = [] +with-openssl = ["dep:openssl-sys"] diff --git a/pq-src/additional_include/pg_config.h b/pq-src/additional_include/pg_config.h index f89ff4d..a22b873 100644 --- a/pq-src/additional_include/pg_config.h +++ b/pq-src/additional_include/pg_config.h @@ -11,7 +11,11 @@ #define BLCKSZ 8192 /* Saved arguments from configure */ +#if defined USE_OPENSSL #define CONFIGURE_ARGS " '--with-openssl' '--without-readline'" +#else +#define CONFIGURE_ARGS " '--without-readline'" +#endif /* Define to the default TCP port number on which the server listens and to which clients will try to connect. This can be overridden at run-time, but @@ -212,9 +216,6 @@ /* Define to 1 if you have the ANSI C header files. */ #define STDC_HEADERS 1 -/* Define to 1 to build with OpenSSL support. (--with-ssl=openssl) */ -#define USE_OPENSSL 1 - /* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most significant byte first (like Motorola and SPARC, unlike Intel). */ #if defined AC_APPLE_UNIVERSAL_BUILD diff --git a/pq-src/build.rs b/pq-src/build.rs index 699291f..a526735 100644 --- a/pq-src/build.rs +++ b/pq-src/build.rs @@ -79,11 +79,16 @@ const LIBCOMMON_BASE: &[&str] = &[ "restricted_token.c", "sprompt.c", "logging.c", +]; + +const LIBCOMMON_OPENSSL: &[&str] = &[ "cryptohash_openssl.c", "hmac_openssl.c", "protocol_openssl.c", ]; +const LIBCOMMON_NOT_OPENSSL: &[&str] = &["cryptohash.c", "hmac.c", "md5.c", "sha1.c", "sha2.c"]; + const LIBCOMMON_NOT_WINDOWS: &[&str] = &[]; const LIBCOMMON_WINDOWS: &[&str] = &["wchar.c"]; @@ -102,10 +107,10 @@ const LIBPQ_BASE: &[&str] = &[ "legacy-pqsignal.c", "libpq-events.c", "pqexpbuffer.c", - "fe-secure-common.c", - "fe-secure-openssl.c", ]; +const LIBPQ_OPENSSL: &[&str] = &["fe-secure-common.c", "fe-secure-openssl.c"]; + const LIBPQ_NOT_WINDOWS: &[&str] = &[]; const LIBPQ_WINDOWS: &[&str] = &["fe-secure.c", "pthread-win32.c", "win32.c"]; @@ -120,6 +125,7 @@ fn unimplemented() -> ! { fn main() { let target_os = env::var("CARGO_CFG_TARGET_OS").unwrap(); + let use_openssl = env::var("CARGO_FEATURE_WITH_OPENSSL").is_ok(); println!("cargo:rerun-if-changed=additional_include"); let crate_dir = env!("CARGO_MANIFEST_DIR"); @@ -168,10 +174,9 @@ fn main() { format!("{path}src/include"), format!("{crate_dir}/additional_include"), temp_include.clone(), - env::var("DEP_OPENSSL_INCLUDE").unwrap().clone(), ][..]; - let includes = if target_os == "windows" { + let mut includes = if target_os == "windows" { let includes_windows = &[ format!("{path}/src/include/port/win32/"), format!("{path}/src/include/port/win32_msvc/"), @@ -181,6 +186,10 @@ fn main() { base_includes.to_vec() }; + if use_openssl { + includes.extend_from_slice(&[env::var("DEP_OPENSSL_INCLUDE").unwrap().clone()]); + } + basic_build .define("FRONTEND", None) .warnings(false) @@ -212,9 +221,23 @@ fn main() { _ => unimplemented(), }; + let (libcommon, libpq) = if use_openssl { + // Define to 1 to build with OpenSSL support. (--with-ssl=openssl) + basic_build.define("USE_OPENSSL", "1"); + ( + [LIBCOMMON_BASE, LIBCOMMON_OPENSSL].concat(), + [LIBPQ_BASE, LIBPQ_OPENSSL].concat(), + ) + } else { + ( + [LIBCOMMON_BASE, LIBCOMMON_NOT_OPENSSL].concat(), + LIBPQ_BASE.to_vec(), + ) + }; + let libports = LIBPORTS_BASE.iter().chain(libports_os); - let libcommon = LIBCOMMON_BASE.iter().chain(libcommon_os); - let libpq = LIBPQ_BASE.iter().chain(libpq_os); + let libcommon = libcommon.iter().chain(libcommon_os); + let libpq = libpq.iter().chain(libpq_os); basic_build .files( diff --git a/pq-src/src/lib.rs b/pq-src/src/lib.rs index 176961b..957f9c3 100644 --- a/pq-src/src/lib.rs +++ b/pq-src/src/lib.rs @@ -1 +1,2 @@ +#[cfg(feature = "with-openssl")] extern crate openssl_sys;