Add '--enable-libtls-only' build option

alyssais · Apr 7, 2021 · 921c067 · 921c067
1 parent 141f752
commit 921c067
Show file tree

Hide file tree

Showing 11 changed files with 91 additions and 68 deletions.
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -368,6 +368,17 @@ if(NOT MSVC)
 		DESTINATION ${CMAKE_INSTALL_LIBDIR})
 endif()
 
+if(NOT "${OPENSSLDIR}" STREQUAL "")
+	set(CONF_DIR "${OPENSSLDIR}")
+else()
+	set(CONF_DIR "${CMAKE_INSTALL_PREFIX}/etc/ssl")
+endif()
+
+if(ENABLE_LIBRESSL_INSTALL)
+	install(FILES cert.pem openssl.cnf x509v3.cnf DESTINATION ${CONF_DIR})
+	install(DIRECTORY DESTINATION ${CONF_DIR}/certs)
+endif(ENABLE_LIBRESSL_INSTALL)
+
 if(NOT TARGET uninstall)
 	configure_file(
 		"${CMAKE_CURRENT_SOURCE_DIR}/cmake_uninstall.cmake.in"

diff --git a/Makefile.am b/Makefile.am
@@ -5,10 +5,41 @@ endif
 ACLOCAL_AMFLAGS = -I m4
 
 pkgconfigdir = $(libdir)/pkgconfig
-pkgconfig_DATA = libcrypto.pc libssl.pc libtls.pc openssl.pc
+pkgconfig_DATA = libtls.pc
+if !ENABLE_LIBTLS_ONLY
+pkgconfig_DATA += libcrypto.pc libssl.pc openssl.pc
+endif
 
 EXTRA_DIST = README.md README.windows VERSION config scripts
 EXTRA_DIST += CMakeLists.txt cmake_export_symbol.cmake cmake_uninstall.cmake.in FindLibreSSL.cmake
+EXTRA_DIST += cert.pem openssl.cnf x509v3.cnf
 
 .PHONY: install_sw
 install_sw: install
+
+install-exec-hook:
+	@if [ "@OPENSSLDIR@x" != "x" ]; then \
+		OPENSSLDIR="$(DESTDIR)@OPENSSLDIR@"; \
+	else \
+		OPENSSLDIR="$(DESTDIR)$(sysconfdir)/ssl"; \
+	fi; \
+	mkdir -p "$$OPENSSLDIR/certs"; \
+	for i in cert.pem openssl.cnf x509v3.cnf; do \
+		if [ ! -f "$$OPENSSLDIR/$i" ]; then \
+			$(INSTALL) -m 644 "$(srcdir)/$$i" "$$OPENSSLDIR/$$i"; \
+		else \
+			echo " $$OPENSSLDIR/$$i already exists, install will not overwrite"; \
+		fi \
+	done
+
+uninstall-local:
+	@if [ "@OPENSSLDIR@x" != "x" ]; then \
+		OPENSSLDIR="$(DESTDIR)@OPENSSLDIR@"; \
+	else \
+		OPENSSLDIR="$(DESTDIR)$(sysconfdir)/ssl"; \
+	fi; \
+	for i in cert.pem openssl.cnf x509v3.cnf; do \
+		if cmp -s "$$OPENSSLDIR/$$i" "$(srcdir)/$$i"; then \
+			rm -f "$$OPENSSLDIR/$$i"; \
+		fi \
+	done
diff --git a/apps/ocspcheck/Makefile.am b/apps/ocspcheck/Makefile.am
@@ -1,8 +1,11 @@
 include $(top_srcdir)/Makefile.am.common
 
+if !ENABLE_LIBTLS_ONLY
 bin_PROGRAMS = ocspcheck
-
 dist_man_MANS = ocspcheck.8
+else
+noinst_PROGRAMS = ocspcheck
+endif
 
 EXTRA_DIST = ocspcheck.8
 EXTRA_DIST += CMakeLists.txt

diff --git a/apps/openssl/CMakeLists.txt b/apps/openssl/CMakeLists.txt
@@ -83,13 +83,3 @@ if(ENABLE_LIBRESSL_INSTALL)
 	install(TARGETS openssl DESTINATION ${CMAKE_INSTALL_BINDIR})
 	install(FILES openssl.1 DESTINATION ${CMAKE_INSTALL_MANDIR}/man1)
 endif(ENABLE_LIBRESSL_INSTALL)
-
-if(NOT "${OPENSSLDIR}" STREQUAL "")
-	set(CONF_DIR "${OPENSSLDIR}")
-else()
-	set(CONF_DIR "${CMAKE_INSTALL_PREFIX}/etc/ssl")
-endif()
-if(ENABLE_LIBRESSL_INSTALL)
-	install(FILES cert.pem openssl.cnf x509v3.cnf DESTINATION ${CONF_DIR})
-	install(DIRECTORY DESTINATION ${CONF_DIR}/certs)
-endif(ENABLE_LIBRESSL_INSTALL)
diff --git a/apps/openssl/Makefile.am b/apps/openssl/Makefile.am
@@ -1,8 +1,11 @@
 include $(top_srcdir)/Makefile.am.common
 
+if !ENABLE_LIBTLS_ONLY
 bin_PROGRAMS = openssl
-
 dist_man_MANS = openssl.1
+else
+noinst_PROGRAMS = openssl
+endif
 
 openssl_LDADD = $(abs_top_builddir)/ssl/libssl.la
 openssl_LDADD += $(abs_top_builddir)/crypto/libcrypto.la
@@ -92,34 +95,5 @@ noinst_HEADERS += testdsa.h
 noinst_HEADERS += testrsa.h
 noinst_HEADERS += timeouts.h
 
-EXTRA_DIST = cert.pem
-EXTRA_DIST += openssl.cnf
-EXTRA_DIST += x509v3.cnf
-EXTRA_DIST += CMakeLists.txt
-
-install-exec-hook:
-	@if [ "@OPENSSLDIR@x" != "x" ]; then \
-		OPENSSLDIR="$(DESTDIR)@OPENSSLDIR@"; \
-	else \
-		OPENSSLDIR="$(DESTDIR)$(sysconfdir)/ssl"; \
-	fi; \
-	mkdir -p "$$OPENSSLDIR/certs"; \
-	for i in cert.pem openssl.cnf x509v3.cnf; do \
-		if [ ! -f "$$OPENSSLDIR/$i" ]; then \
-			$(INSTALL) -m 644 "$(srcdir)/$$i" "$$OPENSSLDIR/$$i"; \
-		else \
-			echo " $$OPENSSLDIR/$$i already exists, install will not overwrite"; \
-		fi \
-	done
+EXTRA_DIST = CMakeLists.txt
 
-uninstall-local:
-	@if [ "@OPENSSLDIR@x" != "x" ]; then \
-		OPENSSLDIR="$(DESTDIR)@OPENSSLDIR@"; \
-	else \
-		OPENSSLDIR="$(DESTDIR)$(sysconfdir)/ssl"; \
-	fi; \
-	for i in cert.pem openssl.cnf x509v3.cnf; do \
-		if cmp -s "$$OPENSSLDIR/$$i" "$(srcdir)/$$i"; then \
-			rm -f "$$OPENSSLDIR/$$i"; \
-		fi \
-	done
diff --git a/configure.ac b/configure.ac
@@ -110,9 +110,6 @@ AM_CONDITIONAL([HOST_ASM_MASM_X86_64],
 AM_CONDITIONAL([HOST_ASM_MINGW64_X86_64],
     [test "x$HOST_ABI" = "xmingw64" -a "$host_cpu" = "x86_64" -a "x$enable_asm" != "xno"])
 
-# Check if time_t is sized correctly
-AC_CHECK_SIZEOF([time_t], [time.h])
-
 AC_CONFIG_FILES([
 	Makefile
 	include/Makefile
@@ -132,18 +129,14 @@ AC_CONFIG_FILES([
 	openssl.pc
 ])
 
-AM_CONDITIONAL([SMALL_TIME_T], [test "$ac_cv_sizeof_time_t" = "4"])
-if test "$ac_cv_sizeof_time_t" = "4"; then
-    AC_DEFINE([SMALL_TIME_T])
-    echo " ** Warning, this system is unable to represent times past 2038"
-    echo " ** It will behave incorrectly when handling valid RFC5280 dates"
-
-    if test "$host_os" = "mingw32" ; then
-        echo " **"
-        echo " ** You can solve this by adjusting the build flags in your"
-        echo " ** mingw-w64 toolchain. Refer to README.windows for details."
-    fi
-fi
+AC_ARG_ENABLE([nc],
+	AS_HELP_STRING([--enable-nc], [Enable installing TLS-enabled nc(1)]))
+AM_CONDITIONAL([ENABLE_NC], [test "x$enable_nc" = xyes])
+AM_CONDITIONAL([BUILD_NC],  [test x$BUILD_NC = xyes -o "x$enable_nc" = xyes])
+
+AC_ARG_ENABLE([libtls-only],
+	AS_HELP_STRING([--enable-libtls-only], [Enable installing libtls only]))
+AM_CONDITIONAL([ENABLE_LIBTLS_ONLY], [test "x$enable_libtls_only" = xyes])
 
 AC_REQUIRE_AUX_FILE([tap-driver.sh])
 

diff --git a/crypto/Makefile.am b/crypto/Makefile.am
@@ -9,7 +9,13 @@ AM_CPPFLAGS += -I$(top_srcdir)/crypto/evp
 AM_CPPFLAGS += -I$(top_srcdir)/crypto/modes
 AM_CPPFLAGS += -I$(top_srcdir)/crypto
 
+noinst_LTLIBRARIES = libcompat.la
+
+if ENABLE_LIBTLS_ONLY
+noinst_LTLIBRARIES += libcrypto.la
+else
 lib_LTLIBRARIES = libcrypto.la
+endif
 
 EXTRA_DIST = VERSION
 EXTRA_DIST += CMakeLists.txt
@@ -126,8 +132,6 @@ else
 libcrypto_la_CPPFLAGS += -DOPENSSLDIR=\"$(sysconfdir)/ssl\"
 endif
 
-noinst_LTLIBRARIES = libcompat.la
-
 # compatibility functions that need to be built without optimizations
 if !HAVE_EXPLICIT_BZERO
 noinst_LTLIBRARIES += libcompatnoopt.la

diff --git a/include/openssl/Makefile.am.tpl b/include/openssl/Makefile.am.tpl
@@ -1,5 +1,6 @@
 include $(top_srcdir)/Makefile.am.common
 
+if !ENABLE_LIBTLS_ONLY
 opensslincludedir=$(includedir)/openssl
 
 opensslinclude_HEADERS =
diff --git a/m4/check-os-options.m4 b/m4/check-os-options.m4
@@ -123,10 +123,20 @@ char buf[1]; getentropy(buf, 1);
 	*) ;;
 esac
 
-AC_ARG_ENABLE([nc],
-	AS_HELP_STRING([--enable-nc], [Enable installing TLS-enabled nc(1)]))
-AM_CONDITIONAL([ENABLE_NC], [test "x$enable_nc" = xyes])
-AM_CONDITIONAL([BUILD_NC],  [test x$BUILD_NC = xyes -o "x$enable_nc" = xyes])
+# Check if time_t is sized correctly
+AC_CHECK_SIZEOF([time_t], [time.h])
+AM_CONDITIONAL([SMALL_TIME_T], [test "$ac_cv_sizeof_time_t" = "4"])
+if test "$ac_cv_sizeof_time_t" = "4"; then
+    AC_DEFINE([SMALL_TIME_T])
+    echo " ** Warning, this system is unable to represent times past 2038"
+    echo " ** It will behave incorrectly when handling valid RFC5280 dates"
+
+    if test "$host_os" = "mingw32" ; then
+        echo " **"
+        echo " ** You can solve this by adjusting the build flags in your"
+        echo " ** mingw-w64 toolchain. Refer to README.windows for details."
+    fi
+fi
 
 AM_CONDITIONAL([HOST_AIX],     [test x$HOST_OS = xaix])
 AM_CONDITIONAL([HOST_CYGWIN],  [test x$HOST_OS = xcygwin])

diff --git a/ssl/Makefile.am b/ssl/Makefile.am
@@ -1,6 +1,10 @@
 include $(top_srcdir)/Makefile.am.common
 
+if ENABLE_LIBTLS_ONLY
+noinst_LTLIBRARIES = libssl.la
+else
 lib_LTLIBRARIES = libssl.la
+endif
 
 EXTRA_DIST = VERSION
 EXTRA_DIST += CMakeLists.txt

diff --git a/update.sh b/update.sh
@@ -265,9 +265,9 @@ done
 echo "copying openssl(1) source"
 $CP $bin_src/openssl/openssl.1 apps/openssl
 $CP_LIBC $libc_src/stdlib/strtonum.c apps/openssl/compat
-$CP $libcrypto_src/cert.pem apps/openssl
-$CP $libcrypto_src/openssl.cnf apps/openssl
-$CP $libcrypto_src/x509v3.cnf apps/openssl
+$CP $libcrypto_src/cert.pem .
+$CP $libcrypto_src/openssl.cnf .
+$CP $libcrypto_src/x509v3.cnf .
 for i in `awk '/SOURCES|HEADERS|MANS/ { print $3 }' apps/openssl/Makefile.am` ; do
 	if [ -e $bin_src/openssl/$i ]; then
 		$CP $bin_src/openssl/$i apps/openssl
@@ -327,6 +327,7 @@ chmod 755 tests/testssl
 	for i in `ls -1 *.h|sort`; do
 		echo "opensslinclude_HEADERS += $i" >> Makefile.am
 	done
+	echo endif >> Makefile.am
 )
 
 add_man_links() {
@@ -362,9 +363,9 @@ done
 # copy manpages
 echo "copying manpages"
 echo EXTRA_DIST = CMakeLists.txt > man/Makefile.am
+echo "if !ENABLE_LIBTLS_ONLY" >> man/Makefile.am
 echo dist_man3_MANS = >> man/Makefile.am
 echo dist_man5_MANS = >> man/Makefile.am
-
 (cd man
 	for i in `ls -1 $libssl_src/man/*.3 | sort`; do
 		NAME=`basename "$i"`
@@ -391,3 +392,4 @@ echo dist_man5_MANS = >> man/Makefile.am
 	done
 )
 add_man_links . man/Makefile.am
+echo endif >> man/Makefile.am