diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 8d7abfb..867638d 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -14,7 +14,7 @@ jobs: fail-fast: false matrix: os: [ubuntu-latest, macos-13, macos-14, windows-2019] - features: [default, bundled, buildtime_bindgen] + features: [default, bundled, bundled_without_openssl, buildtime_bindgen] runs-on: ${{ matrix.os }} steps: - name: Checkout sources @@ -44,7 +44,7 @@ jobs: sudo service postgresql restart && sleep 3 - name: Install postgres (MacOS) - if: matrix.os == 'macos-13' && matrix.features != 'bundled' + if: matrix.os == 'macos-13' && matrix.features != 'bundled' && matrix.features != 'bundled_without_openssl' run: | brew install postgresql brew services start postgresql@14 @@ -52,7 +52,7 @@ jobs: createuser -s postgres - name: Install postgres (MacOS M1) - if: matrix.os == 'macos-14' && matrix.features != 'bundled' + if: matrix.os == 'macos-14' && matrix.features != 'bundled' && matrix.features != 'bundled_without_openssl' run: | brew install postgresql brew services start postgresql@14 @@ -60,7 +60,7 @@ jobs: createuser -s postgres - name: Install postgres (Windows) - if: runner.os == 'Windows' && matrix.features != 'bundled' + if: runner.os == 'Windows' && matrix.features != 'bundled' && matrix.features != 'bundled_without_openssl' shell: bash run: | choco install postgresql12 --force --params '/Password:root' @@ -74,6 +74,18 @@ jobs: echo "VCPKG_ROOT=$env:VCPKG_INSTALLATION_ROOT" | Out-File -FilePath $env:GITHUB_ENV vcpkg install openssl:x64-windows-static-md + - name: Remove openssl (Linux, bundled_without_openssl) + if: runner.os == 'Linux' && matrix.features == 'bundled_without_openssl' + run: sudo apt-get remove -y libssl-dev + + - name: Remove openssl (MacOS, bundled_without_openssl) + if: matrix.os == 'macos-13' && matrix.features == 'bundled_without_openssl' + run: brew uninstall openssl@1.1 + + - name: Remove openssl (MacOS M1, bundled_without_openssl) + if: matrix.os == 'macos-14' && matrix.features == 'bundled_without_openssl' + run: brew uninstall openssl@1.1 + - name: Install rust toolchain uses: dtolnay/rust-toolchain@stable diff --git a/CHANGELOG.md b/CHANGELOG.md index 9fb6970..8a39400 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,15 @@ for Rust libraries in [RFC #1105](https://github.com/rust-lang/rfcs/blob/master/ ## Unreleased +### Changed + +* `openssl` usage can now be disabled with the `bundled_without_openssl` feature of `pq-sys`. + To deactivate `openssl`, enable it: + ```toml + [dependencies] + pq-sys = { version = "0.3.0", features = ["bundled_without_openssl"]} + ``` + ## pq-sys [0.6.1] 2024-06-11 ### Changed diff --git a/Cargo.toml b/Cargo.toml index 85412de..0c29352 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -14,7 +14,7 @@ members = ["pq-src"] name = "pq_sys" [dependencies] -pq-src = { path = "pq-src", version = ">=0.2, <0.4", optional = true } +pq-src = { path = "pq-src", version = ">=0.2, <0.4", optional = true , default-features = false } [build-dependencies] pkg-config = { version = "0.3.0", optional = true } @@ -25,5 +25,6 @@ vcpkg = "0.2.6" [features] default = [] -bundled = ["pq-src"] +bundled = ["bundled_without_openssl", "pq-src/with-openssl"] +bundled_without_openssl = ["dep:pq-src"] buildtime_bindgen = ["dep:bindgen"] diff --git a/README.md b/README.md index b7fe38f..57007e4 100644 --- a/README.md +++ b/README.md @@ -34,12 +34,13 @@ If pkg-config is being used, it's configuration options will apply. ### Features * `buildtime_bindgen`: Run `bindgen` at build-time to generate bindings using installed headers. Not compatible with the `bundled` feature. -* `bundled`: Build the bundled version of `libpq` from source. - To use a bundled version of `openssl`, add the `openssl-sys` crate with the `vendored` feature to your crate dependencies: +* `bundled`: Build the bundled version of `libpq` from source. It will look for `openssl` installed on your system. + To use a bundled version of `openssl`, add the `openssl-sys` crate with the vendored feature to your crate dependencies: ```toml [dependencies] openssl-sys = { version = "0.9.93", features = ["vendored"] } ``` +* `bundled_without_openssl`: Build the bundled version of `libpq` from source without `openssl`. This disables the TLS support in `libpq`, so that you cannot connect to a database requiring TLS anymore. ## FAQ diff --git a/build.rs b/build.rs index 669353f..cbc4ea8 100644 --- a/build.rs +++ b/build.rs @@ -80,10 +80,12 @@ impl Display for LinkingOptions { } fn main() { - if cfg!(feature = "bundled") && cfg!(feature = "buildtime_bindgen") { + if (cfg!(feature = "bundled") || cfg!(feature = "bundled_without_openssl")) + && cfg!(feature = "buildtime_bindgen") + { panic!("Combining the `bundled` and `builtime_bindgen` feature is not supported"); } - if cfg!(feature = "bundled") { + if cfg!(feature = "bundled") || cfg!(feature = "bundled_without_openssl") { // everything else is handled // by pq-src return; diff --git a/pq-src/Cargo.toml b/pq-src/Cargo.toml index b247d36..aa5c660 100644 --- a/pq-src/Cargo.toml +++ b/pq-src/Cargo.toml @@ -23,11 +23,12 @@ categories = ["database", "external-ffi-bindings"] readme = "README.md" [dependencies] -openssl-sys = "0.9.93" +openssl-sys = { version = "0.9.93", optional = true } [build-dependencies] cc = "1.0.83" [features] -default = [] +default = ["with-openssl"] with-asan = [] +with-openssl = ["dep:openssl-sys"] diff --git a/pq-src/additional_include/pg_config.h b/pq-src/additional_include/pg_config.h index f89ff4d..a22b873 100644 --- a/pq-src/additional_include/pg_config.h +++ b/pq-src/additional_include/pg_config.h @@ -11,7 +11,11 @@ #define BLCKSZ 8192 /* Saved arguments from configure */ +#if defined USE_OPENSSL #define CONFIGURE_ARGS " '--with-openssl' '--without-readline'" +#else +#define CONFIGURE_ARGS " '--without-readline'" +#endif /* Define to the default TCP port number on which the server listens and to which clients will try to connect. This can be overridden at run-time, but @@ -212,9 +216,6 @@ /* Define to 1 if you have the ANSI C header files. */ #define STDC_HEADERS 1 -/* Define to 1 to build with OpenSSL support. (--with-ssl=openssl) */ -#define USE_OPENSSL 1 - /* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most significant byte first (like Motorola and SPARC, unlike Intel). */ #if defined AC_APPLE_UNIVERSAL_BUILD diff --git a/pq-src/build.rs b/pq-src/build.rs index 699291f..591b929 100644 --- a/pq-src/build.rs +++ b/pq-src/build.rs @@ -79,11 +79,16 @@ const LIBCOMMON_BASE: &[&str] = &[ "restricted_token.c", "sprompt.c", "logging.c", +]; + +const LIBCOMMON_OPENSSL: &[&str] = &[ "cryptohash_openssl.c", "hmac_openssl.c", "protocol_openssl.c", ]; +const LIBCOMMON_NOT_OPENSSL: &[&str] = &["cryptohash.c", "hmac.c", "md5.c", "sha1.c", "sha2.c"]; + const LIBCOMMON_NOT_WINDOWS: &[&str] = &[]; const LIBCOMMON_WINDOWS: &[&str] = &["wchar.c"]; @@ -102,10 +107,10 @@ const LIBPQ_BASE: &[&str] = &[ "legacy-pqsignal.c", "libpq-events.c", "pqexpbuffer.c", - "fe-secure-common.c", - "fe-secure-openssl.c", ]; +const LIBPQ_OPENSSL: &[&str] = &["fe-secure-common.c", "fe-secure-openssl.c"]; + const LIBPQ_NOT_WINDOWS: &[&str] = &[]; const LIBPQ_WINDOWS: &[&str] = &["fe-secure.c", "pthread-win32.c", "win32.c"]; @@ -120,6 +125,7 @@ fn unimplemented() -> ! { fn main() { let target_os = env::var("CARGO_CFG_TARGET_OS").unwrap(); + let use_openssl = env::var("CARGO_FEATURE_WITH_OPENSSL").is_ok(); println!("cargo:rerun-if-changed=additional_include"); let crate_dir = env!("CARGO_MANIFEST_DIR"); @@ -168,10 +174,9 @@ fn main() { format!("{path}src/include"), format!("{crate_dir}/additional_include"), temp_include.clone(), - env::var("DEP_OPENSSL_INCLUDE").unwrap().clone(), ][..]; - let includes = if target_os == "windows" { + let mut includes = if target_os == "windows" { let includes_windows = &[ format!("{path}/src/include/port/win32/"), format!("{path}/src/include/port/win32_msvc/"), @@ -181,6 +186,10 @@ fn main() { base_includes.to_vec() }; + if use_openssl { + includes.push(env::var("DEP_OPENSSL_INCLUDE").unwrap()); + } + basic_build .define("FRONTEND", None) .warnings(false) @@ -212,9 +221,23 @@ fn main() { _ => unimplemented(), }; + let (libcommon, libpq) = if use_openssl { + // Define to 1 to build with OpenSSL support. (--with-ssl=openssl) + basic_build.define("USE_OPENSSL", "1"); + ( + [LIBCOMMON_BASE, LIBCOMMON_OPENSSL].concat(), + [LIBPQ_BASE, LIBPQ_OPENSSL].concat(), + ) + } else { + ( + [LIBCOMMON_BASE, LIBCOMMON_NOT_OPENSSL].concat(), + LIBPQ_BASE.to_vec(), + ) + }; + let libports = LIBPORTS_BASE.iter().chain(libports_os); - let libcommon = LIBCOMMON_BASE.iter().chain(libcommon_os); - let libpq = LIBPQ_BASE.iter().chain(libpq_os); + let libcommon = libcommon.iter().chain(libcommon_os); + let libpq = libpq.iter().chain(libpq_os); basic_build .files( diff --git a/pq-src/src/lib.rs b/pq-src/src/lib.rs index 176961b..957f9c3 100644 --- a/pq-src/src/lib.rs +++ b/pq-src/src/lib.rs @@ -1 +1,2 @@ +#[cfg(feature = "with-openssl")] extern crate openssl_sys; diff --git a/tests/smoke.rs b/tests/smoke.rs index 72e703a..83cb468 100644 --- a/tests/smoke.rs +++ b/tests/smoke.rs @@ -1,7 +1,9 @@ extern crate pq_sys; +#[cfg(not(feature = "bundled_without_openssl"))] #[test] -fn test_ssl_init() -{ - unsafe{pq_sys::PQinitSSL(1);} -} \ No newline at end of file +fn test_ssl_init() { + unsafe { + pq_sys::PQinitSSL(1); + } +}