From aa0f459be51c37e011abb62d640b6f4225cab181 Mon Sep 17 00:00:00 2001 From: stormshield-gt <143998166+stormshield-gt@users.noreply.github.com.> Date: Mon, 19 Aug 2024 16:31:17 +0200 Subject: [PATCH] Make usage of openSSL optional --- CHANGELOG.md | 10 ++++++++ README.md | 9 +++++++ pq-src/Cargo.toml | 1 + pq-src/additional_include/pg_config.h | 7 +++--- pq-src/build.rs | 35 ++++++++++++++++++++++----- pq-src/src/lib.rs | 1 + 6 files changed, 54 insertions(+), 9 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9fb6970..4de153e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,16 @@ for Rust libraries in [RFC #1105](https://github.com/rust-lang/rfcs/blob/master/ ## Unreleased +### Changed + +* `openssl` usage when compiling `libpq` is not opt-out under the `disable-openssl` feature flag. + To deactivate `openssl`, enable it: + ```toml + [dependencies] + pq-src = { version = "0.3.0", features = ["disable-openssl"]} + ``` + Note that the `openssl-sys` is still a dependency in that case but would most likely be discarded by the linker. + ## pq-sys [0.6.1] 2024-06-11 ### Changed diff --git a/README.md b/README.md index b7fe38f..3a382bf 100644 --- a/README.md +++ b/README.md @@ -35,11 +35,20 @@ If pkg-config is being used, it's configuration options will apply. * `buildtime_bindgen`: Run `bindgen` at build-time to generate bindings using installed headers. Not compatible with the `bundled` feature. * `bundled`: Build the bundled version of `libpq` from source. + If you want to build `libpq` from source but without enabling `openssl`, you + can add the `pq-src` crate with `disable-openssl` features to + your crate dependencies and not using the `bundled` feature of `pq-sys`. + This will disable TLS support in `libpq`, so that you cannot connect to database requiring `TLS` anymore. + ```toml + [dependencies] + pq-src = { version = "0.3.0", features = ["disable-openssl"] } + ``` To use a bundled version of `openssl`, add the `openssl-sys` crate with the `vendored` feature to your crate dependencies: ```toml [dependencies] openssl-sys = { version = "0.9.93", features = ["vendored"] } ``` + This will not try to find `openssl` on your system but build it from scratch. ## FAQ diff --git a/pq-src/Cargo.toml b/pq-src/Cargo.toml index b247d36..0c97315 100644 --- a/pq-src/Cargo.toml +++ b/pq-src/Cargo.toml @@ -31,3 +31,4 @@ cc = "1.0.83" [features] default = [] with-asan = [] +disable-openssl = [] diff --git a/pq-src/additional_include/pg_config.h b/pq-src/additional_include/pg_config.h index f89ff4d..a22b873 100644 --- a/pq-src/additional_include/pg_config.h +++ b/pq-src/additional_include/pg_config.h @@ -11,7 +11,11 @@ #define BLCKSZ 8192 /* Saved arguments from configure */ +#if defined USE_OPENSSL #define CONFIGURE_ARGS " '--with-openssl' '--without-readline'" +#else +#define CONFIGURE_ARGS " '--without-readline'" +#endif /* Define to the default TCP port number on which the server listens and to which clients will try to connect. This can be overridden at run-time, but @@ -212,9 +216,6 @@ /* Define to 1 if you have the ANSI C header files. */ #define STDC_HEADERS 1 -/* Define to 1 to build with OpenSSL support. (--with-ssl=openssl) */ -#define USE_OPENSSL 1 - /* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most significant byte first (like Motorola and SPARC, unlike Intel). */ #if defined AC_APPLE_UNIVERSAL_BUILD diff --git a/pq-src/build.rs b/pq-src/build.rs index 699291f..e41923b 100644 --- a/pq-src/build.rs +++ b/pq-src/build.rs @@ -79,11 +79,16 @@ const LIBCOMMON_BASE: &[&str] = &[ "restricted_token.c", "sprompt.c", "logging.c", +]; + +const LIBCOMMON_OPENSSL: &[&str] = &[ "cryptohash_openssl.c", "hmac_openssl.c", "protocol_openssl.c", ]; +const LIBCOMMON_NOT_OPENSSL: &[&str] = &["cryptohash.c", "hmac.c", "md5.c", "sha1.c", "sha2.c"]; + const LIBCOMMON_NOT_WINDOWS: &[&str] = &[]; const LIBCOMMON_WINDOWS: &[&str] = &["wchar.c"]; @@ -102,10 +107,10 @@ const LIBPQ_BASE: &[&str] = &[ "legacy-pqsignal.c", "libpq-events.c", "pqexpbuffer.c", - "fe-secure-common.c", - "fe-secure-openssl.c", ]; +const LIBPQ_OPENSSL: &[&str] = &["fe-secure-common.c", "fe-secure-openssl.c"]; + const LIBPQ_NOT_WINDOWS: &[&str] = &[]; const LIBPQ_WINDOWS: &[&str] = &["fe-secure.c", "pthread-win32.c", "win32.c"]; @@ -120,6 +125,7 @@ fn unimplemented() -> ! { fn main() { let target_os = env::var("CARGO_CFG_TARGET_OS").unwrap(); + let use_openssl = env::var("CARGO_FEATURE_DISABLE_OPENSSL").is_err(); println!("cargo:rerun-if-changed=additional_include"); let crate_dir = env!("CARGO_MANIFEST_DIR"); @@ -168,10 +174,9 @@ fn main() { format!("{path}src/include"), format!("{crate_dir}/additional_include"), temp_include.clone(), - env::var("DEP_OPENSSL_INCLUDE").unwrap().clone(), ][..]; - let includes = if target_os == "windows" { + let mut includes = if target_os == "windows" { let includes_windows = &[ format!("{path}/src/include/port/win32/"), format!("{path}/src/include/port/win32_msvc/"), @@ -181,6 +186,10 @@ fn main() { base_includes.to_vec() }; + if use_openssl { + includes.extend_from_slice(&[env::var("DEP_OPENSSL_INCLUDE").unwrap().clone()]); + } + basic_build .define("FRONTEND", None) .warnings(false) @@ -212,9 +221,23 @@ fn main() { _ => unimplemented(), }; + let (libcommon, libpq) = if use_openssl { + // Define to 1 to build with OpenSSL support. (--with-ssl=openssl) + basic_build.define("USE_OPENSSL", "1"); + ( + [LIBCOMMON_BASE, LIBCOMMON_OPENSSL].concat(), + [LIBPQ_BASE, LIBPQ_OPENSSL].concat(), + ) + } else { + ( + [LIBCOMMON_BASE, LIBCOMMON_NOT_OPENSSL].concat(), + LIBPQ_BASE.to_vec(), + ) + }; + let libports = LIBPORTS_BASE.iter().chain(libports_os); - let libcommon = LIBCOMMON_BASE.iter().chain(libcommon_os); - let libpq = LIBPQ_BASE.iter().chain(libpq_os); + let libcommon = libcommon.iter().chain(libcommon_os); + let libpq = libpq.iter().chain(libpq_os); basic_build .files( diff --git a/pq-src/src/lib.rs b/pq-src/src/lib.rs index 176961b..e32f046 100644 --- a/pq-src/src/lib.rs +++ b/pq-src/src/lib.rs @@ -1 +1,2 @@ +#[cfg(not(feature = "disable-openssl"))] extern crate openssl_sys;