On 4/01/2016 12:14 a.m., Kinkie wrote: > Hi, > the attached patch for configure.ac tries to locate local header > files in system-local directories. > It fixes the build on MacOS/MacPorts which places GnuTLS headers in > /opt/local/include. > The search is not performed if the builder predefines CPPFLAGS. >
-1. Do not do this. For several reasons: ** CPPFLAGS/CXXFLAGS is the variable for user definitions. AM_CXXFLAGS is the one we should be editing - or in our configure logics SQUID_CXXFLAGS is the one for automated flags. However, even with that the /opt sub-directories are reserved for local administrative use by FHS... ** These directories may contain a mix of alternatives for other (non-GnuTLS) Squid dependencies that the builder does *not* want to link against. ** Including library builds placed there by other user accounts that could result in Squid binaries being injected with malicious code. It is a rarity, but when dealing with /opt/* is within the security vulnerabilities to account for. The auto-conf design for using custom directories (such as these /opt areas) is that the builder supplies the pth parameter (--with-gnutls=/opt/local/gnutls) when such local customized installs are to be used. ** the pkg-config lookup for GnuTLS should be automatically adding the correct -I path lookup if the library is installed automatically in that area. ** If this is a consistent location problem with the *normal* GnuTLS package on MacOS we should have a specific check for it at the (one?) path it is known to install under. Around line 1252 in configure.ac for use when pkg-config fails or unavailable. Amos _______________________________________________ squid-dev mailing list [email protected] http://lists.squid-cache.org/listinfo/squid-dev
