From: Ross Burton <[email protected]> If GnuTLS is built without PKCS#11 support then glib-networking will fail to build the tests. Backport a patch to fix this issue.
Signed-off-by: Ross Burton <[email protected]> --- ...sable-PKCS-11-tests-if-not-available.patch | 113 ++++++++++++++++++ .../glib-networking/glib-networking_2.76.1.bb | 1 + 2 files changed, 114 insertions(+) create mode 100644 meta/recipes-core/glib-networking/glib-networking/0001-tls-tests-disable-PKCS-11-tests-if-not-available.patch diff --git a/meta/recipes-core/glib-networking/glib-networking/0001-tls-tests-disable-PKCS-11-tests-if-not-available.patch b/meta/recipes-core/glib-networking/glib-networking/0001-tls-tests-disable-PKCS-11-tests-if-not-available.patch new file mode 100644 index 00000000000..7b003588c88 --- /dev/null +++ b/meta/recipes-core/glib-networking/glib-networking/0001-tls-tests-disable-PKCS-11-tests-if-not-available.patch @@ -0,0 +1,113 @@ +From 04728a5b73e870b4695c5e7ba42fa41c00471944 Mon Sep 17 00:00:00 2001 +From: Ross Burton <[email protected]> +Date: Fri, 12 May 2023 20:19:35 +0100 +Subject: [PATCH] tls/tests: disable PKCS#11 tests if not available + +GnuTLS can be built without PKCS#11, which means the symbols +gnutls_pkcs11_init and gnutls_pkcs11_add_provider are not part of the +library. + +If these symbols don't exist in GnuTLS then we can't add a mock pkcs#11 +provider for testing, and several tests which need the mock provider +will fail. + +Solve this by checking for the symbols at build time and disabling the +provider and tests which need it. + +Upstream-Status: Backport +Signed-off-by: Ross Burton <[email protected]> +--- + meson.build | 4 ++++ + tls/tests/certificate.c | 11 +++++++---- + tls/tests/connection.c | 4 +++- + 3 files changed, 14 insertions(+), 5 deletions(-) + +diff --git a/meson.build b/meson.build +index 0fa9027..d2a023a 100644 +--- a/meson.build ++++ b/meson.build +@@ -84,6 +84,10 @@ gnutls_dep = dependency('gnutls', version: '>= 3.7.4', required: get_option('gnu + + if gnutls_dep.found() + backends += ['gnutls'] ++ # test-specific, maybe move to tls/tests ++ if cc.has_function('gnutls_pkcs11_init', prefix: '#include <gnutls/pkcs11.h>', dependencies: gnutls_dep) ++ config_h.set10('HAVE_GNUTLS_PKCS11', true) ++ endif + endif + + # *** Checks for OpenSSL *** +diff --git a/tls/tests/certificate.c b/tls/tests/certificate.c +index e820ba1..dd2412b 100644 +--- a/tls/tests/certificate.c ++++ b/tls/tests/certificate.c +@@ -24,6 +24,7 @@ + * Author: Stef Walter <[email protected]> + */ + ++#include "config.h" + #include "certificate.h" + + #include <gio/gio.h> +@@ -911,7 +912,7 @@ int + main (int argc, + char *argv[]) + { +-#ifdef BACKEND_IS_GNUTLS ++#if defined(BACKEND_IS_GNUTLS) && HAVE_GNUTLS_PKCS11 + char *module_path; + #endif + +@@ -921,7 +922,7 @@ main (int argc, + g_setenv ("GIO_USE_TLS", BACKEND, TRUE); + g_assert_cmpint (g_ascii_strcasecmp (G_OBJECT_TYPE_NAME (g_tls_backend_get_default ()), "GTlsBackend" BACKEND), ==, 0); + +-#ifdef BACKEND_IS_GNUTLS ++#if defined(BACKEND_IS_GNUTLS) && HAVE_GNUTLS_PKCS11 + module_path = g_test_build_filename (G_TEST_BUILT, "mock-pkcs11.so", NULL); + g_assert_true (g_file_test (module_path, G_FILE_TEST_EXISTS)); + +@@ -942,12 +943,14 @@ main (int argc, + setup_certificate, test_create_certificate_with_issuer, teardown_certificate); + g_test_add ("/tls/" BACKEND "/certificate/create-with-garbage-input", TestCertificate, NULL, + setup_certificate, test_create_certificate_with_garbage_input, teardown_certificate); +- g_test_add ("/tls/" BACKEND "/certificate/pkcs11", TestCertificate, NULL, +- setup_certificate, test_create_certificate_pkcs11, teardown_certificate); + g_test_add ("/tls/" BACKEND "/certificate/private-key", TestCertificate, NULL, + setup_certificate, test_private_key, teardown_certificate); ++#if HAVE_GNUTLS_PKCS11 ++ g_test_add ("/tls/" BACKEND "/certificate/pkcs11", TestCertificate, NULL, ++ setup_certificate, test_create_certificate_pkcs11, teardown_certificate); + g_test_add ("/tls/" BACKEND "/certificate/private-key-pkcs11", TestCertificate, NULL, + setup_certificate, test_private_key_pkcs11, teardown_certificate); ++#endif + + g_test_add_func ("/tls/" BACKEND "/certificate/create-chain", test_create_certificate_chain); + g_test_add_func ("/tls/" BACKEND "/certificate/create-no-chain", test_create_certificate_no_chain); +diff --git a/tls/tests/connection.c b/tls/tests/connection.c +index 17efe1b..62a7fbb 100644 +--- a/tls/tests/connection.c ++++ b/tls/tests/connection.c +@@ -3376,7 +3376,7 @@ main (int argc, + + g_assert_true (g_ascii_strcasecmp (G_OBJECT_TYPE_NAME (g_tls_backend_get_default ()), "GTlsBackend" BACKEND) == 0); + +-#ifdef BACKEND_IS_GNUTLS ++#if defined(BACKEND_IS_GNUTLS) && HAVE_GNUTLS_PKCS11 + module_path = g_test_build_filename (G_TEST_BUILT, "mock-pkcs11.so", NULL); + g_assert_true (g_file_test (module_path, G_FILE_TEST_EXISTS)); + +@@ -3438,8 +3438,10 @@ main (int argc, + setup_connection, test_client_auth_request_fail, teardown_connection); + g_test_add ("/tls/" BACKEND "/connection/client-auth-request-none", TestConnection, NULL, + setup_connection, test_client_auth_request_none, teardown_connection); ++#if HAVE_GNUTLS_PKCS11 + g_test_add ("/tls/" BACKEND "/connection/client-auth-pkcs11", TestConnection, NULL, + setup_connection, test_client_auth_pkcs11_connection, teardown_connection); ++#endif + g_test_add ("/tls/" BACKEND "/connection/no-database", TestConnection, NULL, + setup_connection, test_connection_no_database, teardown_connection); + g_test_add ("/tls/" BACKEND "/connection/failed", TestConnection, NULL, +-- +2.34.1 + diff --git a/meta/recipes-core/glib-networking/glib-networking_2.76.1.bb b/meta/recipes-core/glib-networking/glib-networking_2.76.1.bb index 8e7290cdbb1..66b6a78a531 100644 --- a/meta/recipes-core/glib-networking/glib-networking_2.76.1.bb +++ b/meta/recipes-core/glib-networking/glib-networking_2.76.1.bb @@ -30,6 +30,7 @@ inherit gnomebase gettext upstream-version-is-even gio-module-cache ptest-gnome SRC_URI += "file://run-ptest" SRC_URI += "file://eagain.patch" +SRC_URI += "file://0001-tls-tests-disable-PKCS-11-tests-if-not-available.patch" FILES:${PN} += "\ ${libdir}/gio/modules/libgio*.so \ -- 2.34.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#186967): https://lists.openembedded.org/g/openembedded-core/message/186967 Mute This Topic: https://lists.openembedded.org/mt/101070627/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
