0001-Make-finding-openssl-program-a-configure-or-meson-op.patch

text/plain

Filename: 0001-Make-finding-openssl-program-a-configure-or-meson-op.patch
Type: text/plain
Part: 0
Message: Make finding openssl program a configure or meson option

Patch

Format: format-patch
Series: patch 0001
Subject: Make finding openssl program a configure or meson option
File+
configure 55 0
configure.ac 1 0
meson.build 1 0
meson_options.txt 3 0
src/Makefile.global.in 1 0
src/test/ldap/Makefile 1 0
src/test/ldap/meson.build 4 1
src/test/ldap/t/001_auth.pl 5 3
src/test/modules/ssl_passphrase_callback/Makefile 2 2
src/test/modules/ssl_passphrase_callback/meson.build 0 2
src/test/ssl/Makefile 1 1
src/test/ssl/meson.build 4 1
src/test/ssl/sslfiles.mk 17 17
src/test/ssl/t/001_ssltests.pl 1 1
From 70a115310a4f130751c0f3b4fcee69a9f29a2c3e Mon Sep 17 00:00:00 2001
From: Peter Eisentraut <peter@eisentraut.org>
Date: Tue, 11 Oct 2022 17:04:42 +0200
Subject: [PATCH] Make finding openssl program a configure or meson option

---
 configure                                     | 55 +++++++++++++++++++
 configure.ac                                  |  1 +
 meson.build                                   |  1 +
 meson_options.txt                             |  3 +
 src/Makefile.global.in                        |  1 +
 src/test/ldap/Makefile                        |  1 +
 src/test/ldap/meson.build                     |  5 +-
 src/test/ldap/t/001_auth.pl                   |  8 ++-
 .../modules/ssl_passphrase_callback/Makefile  |  4 +-
 .../ssl_passphrase_callback/meson.build       |  2 -
 src/test/ssl/Makefile                         |  2 +-
 src/test/ssl/meson.build                      |  5 +-
 src/test/ssl/sslfiles.mk                      | 34 ++++++------
 src/test/ssl/t/001_ssltests.pl                |  2 +-
 14 files changed, 96 insertions(+), 28 deletions(-)

diff --git a/configure b/configure
index e04ee9fb4166..dd0802844a4a 100755
--- a/configure
+++ b/configure
@@ -648,6 +648,7 @@ PG_CRC32C_OBJS
 CFLAGS_ARMV8_CRC32C
 CFLAGS_SSE42
 LIBOBJS
+OPENSSL
 ZSTD
 LZ4
 UUID_LIBS
@@ -14023,6 +14024,60 @@ done
 
 fi
 
+if test -z "$OPENSSL"; then
+  for ac_prog in openssl
+do
+  # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_path_OPENSSL+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  case $OPENSSL in
+  [\\/]* | ?:[\\/]*)
+  ac_cv_path_OPENSSL="$OPENSSL" # Let the user override the test with a path.
+  ;;
+  *)
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+    ac_cv_path_OPENSSL="$as_dir/$ac_word$ac_exec_ext"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+  ;;
+esac
+fi
+OPENSSL=$ac_cv_path_OPENSSL
+if test -n "$OPENSSL"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $OPENSSL" >&5
+$as_echo "$OPENSSL" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+  test -n "$OPENSSL" && break
+done
+
+else
+  # Report the value of OPENSSL in configure's output in all cases.
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for OPENSSL" >&5
+$as_echo_n "checking for OPENSSL... " >&6; }
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $OPENSSL" >&5
+$as_echo "$OPENSSL" >&6; }
+fi
+
 if test "$with_ssl" = openssl ; then
   ac_fn_c_check_header_mongrel "$LINENO" "openssl/ssl.h" "ac_cv_header_openssl_ssl_h" "$ac_includes_default"
 if test "x$ac_cv_header_openssl_ssl_h" = xyes; then :
diff --git a/configure.ac b/configure.ac
index f146c8301ae1..2b11d5016684 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1539,6 +1539,7 @@ if test "$with_gssapi" = yes ; then
 	[AC_CHECK_HEADERS(gssapi.h, [], [AC_MSG_ERROR([gssapi.h header file is required for GSSAPI])])])
 fi
 
+PGAC_PATH_PROGS(OPENSSL, openssl)
 if test "$with_ssl" = openssl ; then
   AC_CHECK_HEADER(openssl/ssl.h, [], [AC_MSG_ERROR([header file <openssl/ssl.h> is required for OpenSSL])])
   AC_CHECK_HEADER(openssl/err.h, [], [AC_MSG_ERROR([header file <openssl/err.h> is required for OpenSSL])])
diff --git a/meson.build b/meson.build
index 925db70c9d56..b124446277c0 100644
--- a/meson.build
+++ b/meson.build
@@ -324,6 +324,7 @@ tar = find_program(get_option('TAR'), native: true)
 gzip = find_program(get_option('GZIP'), native: true)
 program_lz4 = find_program(get_option('LZ4'), native: true, required: false)
 touch = find_program('touch', native: true)
+openssl = find_program(get_option('OPENSSL'), native: true, required: false)
 program_zstd = find_program(get_option('ZSTD'), native: true, required: false)
 dtrace = find_program(get_option('DTRACE'), native: true, required: get_option('dtrace'))
 missing = find_program('config/missing', native: true)
diff --git a/meson_options.txt b/meson_options.txt
index b629cd8d6890..c7ea57994dc7 100644
--- a/meson_options.txt
+++ b/meson_options.txt
@@ -157,6 +157,9 @@ option('GZIP', type : 'string', value: 'gzip',
 option('LZ4', type : 'string', value: 'lz4',
   description: 'path to lz4 binary')
 
+option('OPENSSL', type : 'string', value: 'openssl',
+  description: 'path to openssl binary')
+
 option('PERL', type : 'string', value: 'perl',
   description: 'path to perl binary')
 
diff --git a/src/Makefile.global.in b/src/Makefile.global.in
index 99889167e18b..e96bedd4e7b9 100644
--- a/src/Makefile.global.in
+++ b/src/Makefile.global.in
@@ -343,6 +343,7 @@ LN_S	= @LN_S@
 MSGFMT  = @MSGFMT@
 MSGFMT_FLAGS = @MSGFMT_FLAGS@
 MSGMERGE = @MSGMERGE@
+OPENSSL	= @OPENSSL@
 PYTHON	= @PYTHON@
 TAR	= @TAR@
 XGETTEXT = @XGETTEXT@
diff --git a/src/test/ldap/Makefile b/src/test/ldap/Makefile
index e5fa3d86104c..b1e4a7be677c 100644
--- a/src/test/ldap/Makefile
+++ b/src/test/ldap/Makefile
@@ -14,6 +14,7 @@ top_builddir = ../../..
 include $(top_builddir)/src/Makefile.global
 
 export with_ldap
+export OPENSSL
 
 check:
 	$(prove_check)
diff --git a/src/test/ldap/meson.build b/src/test/ldap/meson.build
index 2211bd5e3ecf..020f6e7f087b 100644
--- a/src/test/ldap/meson.build
+++ b/src/test/ldap/meson.build
@@ -6,6 +6,9 @@ tests += {
     'tests': [
       't/001_auth.pl',
     ],
-    'env': {'with_ldap': ldap.found() ? 'yes' : 'no'},
+    'env': {
+      'with_ldap': ldap.found() ? 'yes' : 'no',
+      'OPENSSL': openssl.path(),
+    },
   },
 }
diff --git a/src/test/ldap/t/001_auth.pl b/src/test/ldap/t/001_auth.pl
index 2f064f694406..fd90832b755a 100644
--- a/src/test/ldap/t/001_auth.pl
+++ b/src/test/ldap/t/001_auth.pl
@@ -113,13 +113,15 @@
 mkdir $ldap_datadir or die;
 mkdir $slapd_certs  or die;
 
-system_or_bail "openssl", "req", "-new", "-nodes", "-keyout",
+my $openssl = $ENV{OPENSSL};
+
+system_or_bail $openssl, "req", "-new", "-nodes", "-keyout",
   "$slapd_certs/ca.key", "-x509", "-out", "$slapd_certs/ca.crt", "-subj",
   "/CN=CA";
-system_or_bail "openssl", "req", "-new", "-nodes", "-keyout",
+system_or_bail $openssl, "req", "-new", "-nodes", "-keyout",
   "$slapd_certs/server.key", "-out", "$slapd_certs/server.csr", "-subj",
   "/CN=server";
-system_or_bail "openssl", "x509", "-req", "-in", "$slapd_certs/server.csr",
+system_or_bail $openssl, "x509", "-req", "-in", "$slapd_certs/server.csr",
   "-CA", "$slapd_certs/ca.crt", "-CAkey", "$slapd_certs/ca.key",
   "-CAcreateserial", "-out", "$slapd_certs/server.crt";
 
diff --git a/src/test/modules/ssl_passphrase_callback/Makefile b/src/test/modules/ssl_passphrase_callback/Makefile
index a34d7ea46a3c..922f0ee07864 100644
--- a/src/test/modules/ssl_passphrase_callback/Makefile
+++ b/src/test/modules/ssl_passphrase_callback/Makefile
@@ -31,9 +31,9 @@ PASS = FooBaR1
 .PHONY: ssl-files ssl-files-clean
 
 ssl-files:
-	openssl req -new -x509 -days 10000 -nodes -out server.crt \
+	$(OPENSSL) req -new -x509 -days 10000 -nodes -out server.crt \
 		-keyout server.ckey -subj "/CN=localhost"
-	openssl rsa -aes256 -in server.ckey -out server.key -passout pass:$(PASS)
+	$(OPENSSL) rsa -aes256 -in server.ckey -out server.key -passout pass:$(PASS)
 	rm server.ckey
 
 ssl-files-clean:
diff --git a/src/test/modules/ssl_passphrase_callback/meson.build b/src/test/modules/ssl_passphrase_callback/meson.build
index a9eb4c564dae..1c9f009af373 100644
--- a/src/test/modules/ssl_passphrase_callback/meson.build
+++ b/src/test/modules/ssl_passphrase_callback/meson.build
@@ -25,8 +25,6 @@ testprep_targets += ssl_passphrase_callback
 # Targets to generate or remove the ssl certificate and key. Need to be copied
 # to the source afterwards. Normally not needed.
 
-openssl = find_program('openssl', native: true, required: false)
-
 if openssl.found()
   cert = custom_target('server.crt',
     output: ['server.crt', 'server.ckey'],
diff --git a/src/test/ssl/Makefile b/src/test/ssl/Makefile
index 12b02eb422bf..2885c7c26932 100644
--- a/src/test/ssl/Makefile
+++ b/src/test/ssl/Makefile
@@ -15,7 +15,7 @@ subdir = src/test/ssl
 top_builddir = ../../..
 include $(top_builddir)/src/Makefile.global
 
-export with_ssl
+export OPENSSL with_ssl
 
 # The sslfiles targets are separated into their own file due to interactions
 # with settings in Makefile.global.
diff --git a/src/test/ssl/meson.build b/src/test/ssl/meson.build
index e2f021d884a3..1e02bf9ed0c5 100644
--- a/src/test/ssl/meson.build
+++ b/src/test/ssl/meson.build
@@ -3,7 +3,10 @@ tests += {
   'sd': meson.current_source_dir(),
   'bd': meson.current_build_dir(),
   'tap': {
-    'env': {'with_ssl': get_option('ssl')},
+    'env': {
+      'with_ssl': get_option('ssl'),
+      'OPENSSL': openssl.path(),
+    },
     'tests': [
       't/001_ssltests.pl',
       't/002_scram.pl',
diff --git a/src/test/ssl/sslfiles.mk b/src/test/ssl/sslfiles.mk
index a843a21d42e9..54ada01d4661 100644
--- a/src/test/ssl/sslfiles.mk
+++ b/src/test/ssl/sslfiles.mk
@@ -84,7 +84,7 @@ sslfiles: $(SSLFILES) $(SSLDIRS)
 
 # Root CA is self-signed.
 ssl/root_ca.crt: ssl/root_ca.key conf/root_ca.config
-	openssl req -new -x509 -config conf/root_ca.config -days 10000 -key $< -out $@
+	$(OPENSSL) req -new -x509 -config conf/root_ca.config -days 10000 -key $< -out $@
 
 #
 # Special-case keys
@@ -94,20 +94,20 @@ ssl/root_ca.crt: ssl/root_ca.key conf/root_ca.config
 
 # Password-protected version of server-cn-only.key
 ssl/server-password.key: ssl/server-cn-only.key
-	openssl rsa -aes256 -in $< -out $@ -passout 'pass:secret1'
+	$(OPENSSL) rsa -aes256 -in $< -out $@ -passout 'pass:secret1'
 
 # DER-encoded version of client.key
 ssl/client-der.key: ssl/client.key
-	openssl rsa -in $< -outform DER -out $@
+	$(OPENSSL) rsa -in $< -outform DER -out $@
 
 # Convert client.key to encrypted PEM (X.509 text) and DER (X.509 ASN.1)
 # formats to test libpq's support for the sslpassword= option.
 ssl/client-encrypted-pem.key: ssl/client.key
-	openssl rsa -in $< -outform PEM -aes128 -passout 'pass:dUmmyP^#+' -out $@
+	$(OPENSSL) rsa -in $< -outform PEM -aes128 -passout 'pass:dUmmyP^#+' -out $@
 # TODO Explicitly choosing -aes128 generates a key unusable to PostgreSQL with
 # OpenSSL 3.0.0, so fall back on the default for now.
 ssl/client-encrypted-der.key: ssl/client.key
-	openssl rsa -in $< -outform DER -passout 'pass:dUmmyP^#+' -out $@
+	$(OPENSSL) rsa -in $< -outform DER -passout 'pass:dUmmyP^#+' -out $@
 
 #
 # Combined files
@@ -145,7 +145,7 @@ $(COMBINATIONS):
 #
 
 $(STANDARD_KEYS):
-	openssl genrsa -out $@ 2048
+	$(OPENSSL) genrsa -out $@ 2048
 	chmod 0600 $@
 
 #
@@ -165,18 +165,18 @@ client_ca_state_files := ssl/client_ca-certindex ssl/client_ca-certindex.attr ss
 # parallel processes, so we must mark the entire Makefile .NOTPARALLEL.
 .NOTPARALLEL:
 $(CA_CERTS): ssl/%.crt: ssl/%.csr conf/%.config conf/cas.config ssl/root_ca.crt | ssl/new_certs_dir $(root_ca_state_files)
-	openssl ca -batch -config conf/cas.config -name root_ca   -notext -in $< -out $@
+	$(OPENSSL) ca -batch -config conf/cas.config -name root_ca   -notext -in $< -out $@
 
 $(SERVER_CERTS): ssl/%.crt: ssl/%.csr conf/%.config conf/cas.config ssl/server_ca.crt | ssl/new_certs_dir $(server_ca_state_files)
-	openssl ca -batch -config conf/cas.config -name server_ca -notext -in $< -out $@
+	$(OPENSSL) ca -batch -config conf/cas.config -name server_ca -notext -in $< -out $@
 
 $(CLIENT_CERTS): ssl/%.crt: ssl/%.csr conf/%.config conf/cas.config ssl/client_ca.crt | ssl/new_certs_dir $(client_ca_state_files)
-	openssl ca -batch -config conf/cas.config -name client_ca -notext -in $< -out $@
+	$(OPENSSL) ca -batch -config conf/cas.config -name client_ca -notext -in $< -out $@
 
 # The CSRs don't need to persist after a build.
 .INTERMEDIATE: $(CERTIFICATES:%=ssl/%.csr)
 ssl/%.csr: ssl/%.key conf/%.config
-	openssl req -new -utf8 -key $< -out $@ -config conf/$*.config
+	$(OPENSSL) req -new -utf8 -key $< -out $@ -config conf/$*.config
 
 #
 # CA State
@@ -210,16 +210,16 @@ ssl/%.srl:
 #
 
 ssl/root.crl: ssl/root_ca.crt | $(root_ca_state_files)
-	openssl ca -config conf/cas.config -name root_ca   -gencrl -out $@
+	$(OPENSSL) ca -config conf/cas.config -name root_ca   -gencrl -out $@
 
 ssl/server.crl: ssl/server-revoked.crt ssl/server_ca.crt | $(server_ca_state_files)
-	openssl ca -config conf/cas.config -name server_ca -revoke $<
-	openssl ca -config conf/cas.config -name server_ca -gencrl -out $@
+	$(OPENSSL) ca -config conf/cas.config -name server_ca -revoke $<
+	$(OPENSSL) ca -config conf/cas.config -name server_ca -gencrl -out $@
 
 ssl/client.crl: ssl/client-revoked.crt ssl/client-revoked-utf8.crt ssl/client_ca.crt | $(client_ca_state_files)
-	openssl ca -config conf/cas.config -name client_ca -revoke ssl/client-revoked.crt
-	openssl ca -config conf/cas.config -name client_ca -revoke ssl/client-revoked-utf8.crt
-	openssl ca -config conf/cas.config -name client_ca -gencrl -out $@
+	$(OPENSSL) ca -config conf/cas.config -name client_ca -revoke ssl/client-revoked.crt
+	$(OPENSSL) ca -config conf/cas.config -name client_ca -revoke ssl/client-revoked-utf8.crt
+	$(OPENSSL) ca -config conf/cas.config -name client_ca -gencrl -out $@
 
 #
 # CRL hash directories
@@ -230,7 +230,7 @@ ssl/root+client-crldir: ssl/client.crl ssl/root.crl
 ssl/server-crldir: ssl/server.crl
 ssl/client-crldir: ssl/client.crl
 
-crlhashfile = $(shell openssl crl -hash -noout -in $(1)).r0
+crlhashfile = $(shell $(OPENSSL) crl -hash -noout -in $(1)).r0
 
 ssl/%-crldir:
 	mkdir -p $@
diff --git a/src/test/ssl/t/001_ssltests.pl b/src/test/ssl/t/001_ssltests.pl
index efe5634fff26..36d28fd766a8 100644
--- a/src/test/ssl/t/001_ssltests.pl
+++ b/src/test/ssl/t/001_ssltests.pl
@@ -611,7 +611,7 @@ sub switch_server_cert
 
 # pg_stat_ssl
 
-my $serialno = `openssl x509 -serial -noout -in ssl/client.crt`;
+my $serialno = `$ENV{OPENSSL} x509 -serial -noout -in ssl/client.crt`;
 if ($? == 0)
 {
 	# OpenSSL prints serial numbers in hexadecimal and converting the serial
-- 
2.37.3