Hi Martin,
thank you for taking a look at the patches so quickly!
On Fri, Oct 10, 2025 at 09:07:50AM +0200, Martin Schanzenbach wrote:
> Hello,
>
> thank you for the patches.
> I have not gotten around applying the patches that look fine yet, but I
> can already tell that this problem needs to be fixed in other ways.
>
> There is a reason the GNUTLS check cannot be done in the preprocessor:
> THe define will always be there, it needs to be checked _at runtime_
> against which TLS backend curl is linked.
I also noticed that, and it looks like there isn't a way to detect the
available SSL libraries libcurl was built against at compile time --
imho a fundamental flaw in libcurl, but what can we do...
>
> Now, some OSes have a libcurl-gnutls (I think debian does), but not all
> of them. Some link libcurl against gnutls.
> So this patch will also not work as expected.
>
> I also do not understand how moving the runtime check to the
> preprocessor is any different in a cross-compile scenario. If your
> environment is cross-compiling, the runtime check should work as
> expected.
In a cross-compile environment the compiled binaries cannot be executed
on the build host. There might be exceptions to this rule, eg. by using
QEMU, but you can't expect the build host to also have a static qemu-user
binary for each and every target architecture. And some aren't available
at all (eg. ARC or Xtensa).
tl;dr: Not every architecture for which we got a compiler also has
complete and working support in QEMU.
Hence, if possible it makes a lot of sense to use compile-time testing,
because if the compiler works then this kind of testing will also work.
OpenWrt manages without run-time testing during build and we end up with
a quite complete Linux distribution ranging from very small embedded
targets with 64MB of RAM and 8MB of flash up to supporting various
more advanced SoCs with built-in GPUs and typically paired with
gigabytes of RAM (and there you get a WPEWebKit-based browser and all
the multimedia support you'd expect on such platforms). Imho if none of
the thousands of packages in OpenWrt need QEMU during build and
everybody manages with compile-time testing, then GNUnet should also be
able to achieve that.
>
> I do understand the problem, and maybe we can simply have a runtime
> check in the binaries.
Yes, imho that would be the best. Maybe even using dlopen to grab the
right libcurl implementation (libcurl vs. libcurl-gnutls) at run-time,
that'd be gold :)
A more trivial solution can be allow overriding the test result using
a meson option. Or simply skipping the runtime test if libcurl-gnutls
is found, assuming that lbicurl-gnutls does support gnuTLS as the
name would suggest.
Cheers
Daniel
>
> BR
> Martin
>
> On Fri, 2025-10-10 at 02:13 +0100, Daniel Golle wrote:
> > Instead of only checking if cURL is built against gnuTLS, also test
> > of
> > there is a dedicated libcurl-gnutls library and favor using it.
> > ---
> > meson.build | 67 +++++++++++++++++++++++++++++++++++++++++----------
> > --
> > 1 file changed, 52 insertions(+), 15 deletions(-)
> >
> > diff --git a/meson.build b/meson.build
> > index 7f7856b03..3ee4dd890 100644
> > --- a/meson.build
> > +++ b/meson.build
> > @@ -189,10 +189,17 @@ if not sqlite_dep.found()
> > error('Sqlite version >= 3.35.0 requried')
> > endif
> > endif
> > -curl_dep = dependency('libcurl', version: '>=7.85.0', required:
> > false)
> > -if not curl_dep.found()
> > - curl_dep = cc.find_library('curl', required: true)
> > - curl_version_check = '''#include <curl/curl.h>
> > +
> > +curl_gnutls_dep = dependency(
> > + 'libcurl-gnutls',
> > + version: '>=7.85.0',
> > + required: false,
> > +)
> > +if not curl_gnutls_dep.found()
> > + curl_gnutls_dep = cc.find_library('curl-gnutls', required:
> > false)
> > +endif
> > +
> > +curl_version_check = '''#include <curl/curl.h>
> > int main(int argc, char **argv) {
> > #if LIBCURL_VERSION_NUM < 0x075500
> > #error "cURL version >= 7.85.0 required"
> > @@ -200,12 +207,34 @@ if not curl_dep.found()
> > return 0;
> > }
> > '''
> > - if not cc.compiles(
> > - curl_version_check,
> > - name: 'cURL version check',
> > - dependencies: curl_dep,
> > - )
> > - error('cURL version >=7.85.0 required')
> > +
> > +# If libcurl-gnutls found, use it and we know it has gnutls support
> > +curl_is_gnutls = false
> > +if curl_gnutls_dep.found()
> > + curl_dep = curl_gnutls_dep
> > + curl_is_gnutls = true
> > + # Check version for libcurl-gnutls if it was found via
> > find_library
> > + if curl_gnutls_dep.type_name() != 'pkgconfig'
> > + if not cc.compiles(
> > + curl_version_check,
> > + name: 'cURL-gnutls version check',
> > + dependencies: curl_dep,
> > + )
> > + error('libcurl-gnutls version >=7.85.0 required')
> > + endif
> > + endif
> > +else
> > + # Fall back to regular libcurl
> > + curl_dep = dependency('libcurl', version: '>=7.85.0', required:
> > false)
> > + if not curl_dep.found()
> > + curl_dep = cc.find_library('curl', required: true)
> > + if not cc.compiles(
> > + curl_version_check,
> > + name: 'cURL version check',
> > + dependencies: curl_dep,
> > + )
> > + error('cURL version >=7.85.0 required')
> > + endif
> > endif
> > endif
> > zlib_dep = dependency('zlib', required: false)
> > @@ -487,11 +516,19 @@ curl_ssl_check = '''#include <curl/curl.h>
> > }
> > '''
> >
> > -curl_gnutls_available = cc.compiles(
> > - curl_ssl_check,
> > - name: 'cURL gnutls check',
> > - dependencies: curl_dep,
> > -)
> > +# Check if we found libcurl-gnutls (has gnutls support by
> > definition)
> > +curl_gnutls_available = false
> > +if curl_is_gnutls
> > + curl_gnutls_available = true
> > +else
> > + # Fall back to compile-time check for regular libcurl with
> > gnutls support
> > + curl_gnutls_available = cc.compiles(
> > + curl_ssl_check,
> > + name: 'cURL gnutls check',
> > + dependencies: curl_dep,
> > + )
> > +endif
> > +
> > private_config.set('curl_gnutls', 0)
> > if curl_gnutls_available
> > private_config.set('curl_gnutls', 1)
