NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
24a13885d6
kumquat-buildroot/package/gnutls/gnutls.mk
Trent Piepho 379306e8f2 package/gnutls: give library a default trust location 
Gnutls is building with no default location to look for CA certs.  Since
there are buildroot packages to provide these, configure it to use them
by default.

Configure gnutls to find them using the bundle file which contains all
certs, rather than looking in the cert directory.  When gnutls is told
to use the directory, it loads *every* file in it.  This means it loads
the bundle with all certs, then loads each cert a second time using the
individual pem files, and then loads them all the third time via the
hash symlinks to the pem files.

When p11-kit is enabled, use its trust module instead of the bundle
file.  p11-kit can be configured to use the bundle (the default), but it
can do other things too, such as integrate with the "trust" command for
adding and removing trust anchors.

Signed-off-by: Trent Piepho <tpiepho@impinj.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-12-03 21:25:58 +01:00

106 lines
3.3 KiB
Makefile
Raw Blame History

################################################################################
#
# gnutls
#
################################################################################
GNUTLS_VERSION_MAJOR = 3.5
GNUTLS_VERSION = $(GNUTLS_VERSION_MAJOR).19
GNUTLS_SOURCE = gnutls-$(GNUTLS_VERSION).tar.xz
GNUTLS_SITE = https://www.gnupg.org/ftp/gcrypt/gnutls/v$(GNUTLS_VERSION_MAJOR)
GNUTLS_LICENSE = LGPL-2.1+ (core library), GPL-3.0+ (gnutls-openssl library)
GNUTLS_LICENSE_FILES = doc/COPYING doc/COPYING.LESSER
GNUTLS_DEPENDENCIES = host-pkgconf libtasn1 nettle pcre
GNUTLS_CONF_OPTS = \
--disable-doc \
--disable-guile \
--disable-libdane \
--disable-rpath \
--enable-local-libopts \
--enable-openssl-compatibility \
--with-libnettle-prefix=$(STAGING_DIR)/usr \
--with-librt-prefix=$(STAGING_DIR) \
--without-tpm \
$(if $(BR2_PACKAGE_GNUTLS_TOOLS),--enable-tools,--disable-tools)
GNUTLS_CONF_ENV = gl_cv_socket_ipv6=yes \
ac_cv_header_wchar_h=$(if $(BR2_USE_WCHAR),yes,no) \
gt_cv_c_wchar_t=$(if $(BR2_USE_WCHAR),yes,no) \
gt_cv_c_wint_t=$(if $(BR2_USE_WCHAR),yes,no) \
gl_cv_func_gettimeofday_clobber=no
GNUTLS_INSTALL_STAGING = YES
# libpthread and libz autodetection poison the linkpath
GNUTLS_CONF_OPTS += $(if $(BR2_TOOLCHAIN_HAS_THREADS),--with-libpthread-prefix=$(STAGING_DIR)/usr)
GNUTLS_CONF_OPTS += $(if $(BR2_PACKAGE_ZLIB),--with-libz-prefix=$(STAGING_DIR)/usr)
# gnutls needs libregex, but pcre can be used too
# The check isn't cross-compile friendly
GNUTLS_CONF_ENV += libopts_cv_with_libregex=yes
GNUTLS_CONF_OPTS += \
--with-regex-header=pcreposix.h \
--with-libregex-cflags="`$(PKG_CONFIG_HOST_BINARY) libpcreposix --cflags`" \
--with-libregex-libs="`$(PKG_CONFIG_HOST_BINARY) libpcreposix --libs`"
# Consider crywrap as part of tools because it needs WCHAR, and it's so too
ifeq ($(BR2_PACKAGE_GNUTLS_TOOLS),)
GNUTLS_CONF_OPTS += --disable-crywrap
endif
# Prerequisite for crywrap
ifeq ($(BR2_PACKAGE_ARGP_STANDALONE),y)
GNUTLS_CONF_ENV += LIBS="-largp"
GNUTLS_DEPENDENCIES += argp-standalone
endif
# libidn support for nommu must exclude the crywrap wrapper (uses fork)
GNUTLS_CONF_OPTS += $(if $(BR2_USE_MMU),,--disable-crywrap)
ifeq ($(BR2_PACKAGE_CRYPTODEV_LINUX),y)
GNUTLS_CONF_OPTS += --enable-cryptodev
GNUTLS_DEPENDENCIES += cryptodev-linux
endif
ifeq ($(BR2_PACKAGE_LIBIDN),y)
GNUTLS_CONF_OPTS += --with-idn
GNUTLS_DEPENDENCIES += libidn
else
GNUTLS_CONF_OPTS += --without-idn
endif
ifeq ($(BR2_PACKAGE_LIBIDN2),y)
GNUTLS_CONF_OPTS += --with-libidn2
GNUTLS_DEPENDENCIES += libidn2
else
GNUTLS_CONF_OPTS += --without-libidn2
endif
ifeq ($(BR2_PACKAGE_P11_KIT),y)
GNUTLS_CONF_OPTS += --with-p11-kit
GNUTLS_DEPENDENCIES += p11-kit
else
GNUTLS_CONF_OPTS += --without-p11-kit
endif
ifeq ($(BR2_PACKAGE_LIBUNISTRING),y)
GNUTLS_CONF_OPTS += --with-libunistring-prefix=$(STAGING_DIR)/usr
GNUTLS_DEPENDENCIES += libunistring
else
GNUTLS_CONF_OPTS += --with-included-unistring
endif
ifeq ($(BR2_PACKAGE_ZLIB),y)
GNUTLS_CONF_OPTS += --with-zlib
GNUTLS_DEPENDENCIES += zlib
else
GNUTLS_CONF_OPTS += --without-zlib
endif
# Provide a default CA cert location
ifeq ($(BR2_PACKAGE_P11_KIT),y)
GNUTLS_CONF_OPTS += --with-default-trust-store-pkcs11=pkcs11:model=p11-kit-trust
else ifeq ($(BR2_PACKAGE_CA_CERTIFICATES),y)
GNUTLS_CONF_OPTS += --with-default-trust-store-file=/etc/ssl/certs/ca-certificates.crt
endif
$(eval $(autotools-package))
Reference in New Issue View Git Blame Copy Permalink