Re: [bug #63431] --disable-ntlm ignored if nettle is present

2022-12-11 Thread Tim Rühsen 

Hey Hannu,

thanks for explaining your needs. It indeed slipped through my attention 
that nettle is only needed for NTLM.


I just pushed a fix.

Regarding keeping wget a small as possible, let me suggest adding
  --with-gpgme-prefix=/ --disable-pcre --without-metalink --disable-opie
to your configure command line (given that you don't want any of these 
features).


So even if your build environment changes (e.g. makes metalink, gpgme or 
libpcre available), you still won't use these features.


So only libz stays as a dynamic dependency:
$ ldd src/wget
linux-vdso.so.1 (0x7fff98925000)
libz.so.1 => /lib/x86_64-linux-gnu/libz.so.1 (0x7f36c7411000)
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x7f36c723)
/lib64/ld-linux-x86-64.so.2 (0x7f36c74bd000)

A stripped version of wget here has 327424 bytes (compiled with gcc -Os).

Regards, Tim

On 10.12.22 18:48, Hannu Nyman wrote:

Follow-up Comment #2, bug #63431 (project wget):

It seems that the patch does not quite fully fix things for us.

Our purpose is to keep the no-SSL version of wget small, and avoid unnecessary
features. (Context is OpenWrt, Linux for embedded routers with limited flash
storage space).

Our buildbot also builds nettle as an optional extra package (along hundreds
of others), so the wget compilation detects it in the build system, although
we have no intention of forcing wget users to also install the rarely needed
nettle.

With this new fix, I still similar error as earlier, that the presence of a
nettle library forces it to be linked with "-lnettle" when there is no SSL
feature. NTLM feature itself is shown disabled, but nettle is still forced
into the build as a library.


--localstatedir=/var --mandir=/usr/man --infodir=/usr/info --disable-nls
--disable-rpath --disable-iri --disable-pcre2 --with-included-libunistring
--without-libuuid --without-libpsl --disable-ntlm --without-ssl ; fi; )

configure: loading site script /Openwrt/e8450/include/site/aarch64
...
checking for zlib... yes
checking for nettle... yes
checking for INET6 protocol support... yes
...
   LDFlags:
-L/Openwrt/e8450/staging_dir/toolchain-aarch64_cortex-a53_gcc-11.3.0_musl/usr/lib
-L/Openwrt/e8450/staging_dir/toolchain-aarch64_cortex-a53_gcc-11.3.0_musl/lib
-znow -zrelro
   Libs:
-L/Openwrt/e8450/staging_dir/target-aarch64_cortex-a53_musl/usr/lib -lpcre
-L/Openwrt/e8450/staging_dir/target-aarch64_cortex-a53_musl/usr/lib -lnettle
-L/Openwrt/e8450/staging_dir/target-aarch64_cortex-a53_musl/usr/lib -lz
   SSL:   no
   Zlib:  yes
   PSL:   no
   PCRE:  yes, via libpcre
   Digest:yes
   NTLM:  no
   OPIE:  yes
   POSIX xattr:   yes


The fix apparently turns NTLM off, but still causes the nettle library to be
included, although is only needed for the NTLM feature (to my understanding).

Likely line 644 in configure.ac gets applied.
https://git.savannah.gnu.org/cgit/wget.git/tree/configure.ac?id=485217d0ff8d0d17ea3815244b2bc2b747451e15#n644

In the earlier version of configure.ac, the inclusion of nettle was
conditional for "if test x"$ENABLE_NTLM" != xno" on line 639. Otherwise the
NETTLE_LIBS did not get applied on line 645:
https://git.savannah.gnu.org/cgit/wget.git/tree/configure.ac?id=c984cb316a790bf672b71d14d3b903921aacc00d#n635

Hopefully that behaviour can be restored.


For keeping the unnecessary nettle from being linked, I earlier authored the
following patch to fix the problem. My patch fully disables nettle detection
in the "disable-ntlm" case:

--- a/configure.ac
+++ b/configure.ac
@@ -630,6 +630,7 @@ then
  AC_DEFINE([ENABLE_NTLM], 1, [Define if you want the NTLM authorization
support compiled in.])
fi
  else
+ if test x"$ENABLE_NTLM" != xno; then
PKG_CHECK_MODULES([NETTLE], nettle, [
  HAVE_NETTLE=yes
  LIBS="$NETTLE_LIBS $LIBS"
@@ -651,6 +652,7 @@ else
  ENABLE_NTLM=yes
  AC_DEFINE([ENABLE_NTLM], 1, [Define if you want the NTLM authorization
support compiled in.])
fi
+ fi
  fi
  
  dnl **








 ___

Reply to this item at:

   

___
Message sent via Savannah
https://savannah.gnu.org/



OpenPGP_signature
Description: OpenPGP digital signature

[bug #63431] --disable-ntlm ignored if nettle is present

2022-12-10 Thread Hannu Nyman 
Follow-up Comment #2, bug #63431 (project wget):

It seems that the patch does not quite fully fix things for us. 

Our purpose is to keep the no-SSL version of wget small, and avoid unnecessary
features. (Context is OpenWrt, Linux for embedded routers with limited flash
storage space). 

Our buildbot also builds nettle as an optional extra package (along hundreds
of others), so the wget compilation detects it in the build system, although
we have no intention of forcing wget users to also install the rarely needed
nettle.

With this new fix, I still similar error as earlier, that the presence of a
nettle library forces it to be linked with "-lnettle" when there is no SSL
feature. NTLM feature itself is shown disabled, but nettle is still forced
into the build as a library.


--localstatedir=/var --mandir=/usr/man --infodir=/usr/info --disable-nls 
--disable-rpath --disable-iri --disable-pcre2 --with-included-libunistring
--without-libuuid --without-libpsl --disable-ntlm --without-ssl ; fi; )

configure: loading site script /Openwrt/e8450/include/site/aarch64
...
checking for zlib... yes
checking for nettle... yes
checking for INET6 protocol support... yes
...
  LDFlags:  
-L/Openwrt/e8450/staging_dir/toolchain-aarch64_cortex-a53_gcc-11.3.0_musl/usr/lib
-L/Openwrt/e8450/staging_dir/toolchain-aarch64_cortex-a53_gcc-11.3.0_musl/lib
-znow -zrelro 
  Libs: 
-L/Openwrt/e8450/staging_dir/target-aarch64_cortex-a53_musl/usr/lib -lpcre 
-L/Openwrt/e8450/staging_dir/target-aarch64_cortex-a53_musl/usr/lib -lnettle 
-L/Openwrt/e8450/staging_dir/target-aarch64_cortex-a53_musl/usr/lib -lz  
  SSL:   no
  Zlib:  yes
  PSL:   no
  PCRE:  yes, via libpcre
  Digest:yes
  NTLM:  no
  OPIE:  yes
  POSIX xattr:   yes


The fix apparently turns NTLM off, but still causes the nettle library to be
included, although is only needed for the NTLM feature (to my understanding).

Likely line 644 in configure.ac gets applied.
https://git.savannah.gnu.org/cgit/wget.git/tree/configure.ac?id=485217d0ff8d0d17ea3815244b2bc2b747451e15#n644

In the earlier version of configure.ac, the inclusion of nettle was
conditional for "if test x"$ENABLE_NTLM" != xno" on line 639. Otherwise the
NETTLE_LIBS did not get applied on line 645:
https://git.savannah.gnu.org/cgit/wget.git/tree/configure.ac?id=c984cb316a790bf672b71d14d3b903921aacc00d#n635

Hopefully that behaviour can be restored.


For keeping the unnecessary nettle from being linked, I earlier authored the
following patch to fix the problem. My patch fully disables nettle detection
in the "disable-ntlm" case:

--- a/configure.ac
+++ b/configure.ac
@@ -630,6 +630,7 @@ then
 AC_DEFINE([ENABLE_NTLM], 1, [Define if you want the NTLM authorization
support compiled in.])
   fi
 else
+ if test x"$ENABLE_NTLM" != xno; then
   PKG_CHECK_MODULES([NETTLE], nettle, [
 HAVE_NETTLE=yes
 LIBS="$NETTLE_LIBS $LIBS"
@@ -651,6 +652,7 @@ else
 ENABLE_NTLM=yes
 AC_DEFINE([ENABLE_NTLM], 1, [Define if you want the NTLM authorization
support compiled in.])
   fi
+ fi
 fi
 
 dnl **







___

Reply to this item at:

  

___
Message sent via Savannah
https://savannah.gnu.org/

[bug #63431] --disable-ntlm ignored if nettle is present

2022-12-10 Thread Tim Ruehsen 
Update of bug #63431 (project wget):

  Status:None => Fixed  
 Assigned to:None => rockdaboot 
 Open/Closed:Open => Closed 
   Fixed Release:None => trunk  

___

Follow-up Comment #1:

Thanks for the report.


___

Reply to this item at:

  

___
Message sent via Savannah
https://savannah.gnu.org/

[bug #63431] --disable-ntlm ignored if nettle is present

2022-11-27 Thread Hannu Nyman 
URL:
  

 Summary: --disable-ntlm ignored if nettle is present
 Project: GNU Wget
   Submitter: hnyman
   Submitted: Mon 28 Nov 2022 12:35:53 AM EET
Category: Build/Install
Severity: 3 - Normal
Priority: 5 - Normal
  Status: None
 Privacy: Public
 Assigned to: None
 Originator Name: 
Originator Email: 
 Open/Closed: Open
 Release: None
 Discussion Lock: Any
Operating System: None
 Reproducibility: Every Time
   Fixed Release: None
 Planned Release: None
  Regression: Yes
   Work Required: None
  Patch Included: None


___

Follow-up Comments:


---
Date: Mon 28 Nov 2022 12:35:53 AM EET By: Hannu Nyman 
Apparently with 1.21.3, the NTLM feature can't be disabled if the nettle
library is detected to be present. 

I suspect that commit a24e67e239e changed things so that the presence of
nettle overrides the user's explicit selection of disabling NTLM.

https://git.savannah.gnu.org/cgit/wget.git/commit/?h=v1.21.3=a24e67e239ef949cc77a4c4e5a0beb703026a296

With the previous 1.21.2, the --disable-ntlm option worked ok, and the NTLM
feature could be disabled even if the nettle library is present.


Extract from the configure step from the build log:
...
--localstatedir=/var --mandir=/usr/man --infodir=/usr/info --disable-nls 
--disable-rpath --disable-iri --disable-pcre2 --with-included-libunistring
--without-libuuid --without-libpsl --disable-ntlm --without-ssl ; fi; )
configure: loading site script /Openwrt/e8450/include/site/aarch64
configure: configuring for GNU Wget 1.21.3
...
checking pkg-config is at least version 0.9.0... yes
checking for ZLIB... yes
checking for NETTLE... yes
checking for INET6 protocol support... yes
...
config.status: creating gnulib_po/Makefile
configure: Summary of build options:

  Version:   1.21.3
  Host OS:   linux-gnu
  Install prefix:/usr
  Compiler:  aarch64-openwrt-linux-musl-gcc
  CFlags:... 
  Libs: 
-L/Openwrt/e8450/staging_dir/target-aarch64_cortex-a53_musl/usr/lib -lpcre 
-L/Openwrt/e8450/staging_dir/target-aarch64_cortex-a53_musl/usr/lib -lnettle 
-L/Openwrt/e8450/staging_dir/target-aarch64_cortex-a53_musl/usr/lib -lz  
  SSL:   no
  Zlib:  yes
  PSL:   no
  PCRE:  yes, via libpcre
  Digest:yes
  NTLM:  yes
  OPIE:  yes
  POSIX xattr:   yes
...








___

Reply to this item at:

  

___
Message sent via Savannah
https://savannah.gnu.org/