On Fri, Jul 26, 2013 at 01:26:56PM +0100, Daniel P. Berrange wrote: > On Thu, Jul 25, 2013 at 04:13:28PM -0600, Eric Blake wrote: > > https://bugzilla.redhat.com/show_bug.cgi?id=951637 > > > > Newer gnutls uses nettle, rather than gcrypt, which is a lot nicer > > regarding initialization. Yet we were unconditionally initializing > > gcrypt even when gnutls wouldn't be using it, and having two crypto > > libraries linked into libvirt.so is pointless. > > > > The ldd probe in configure borrows from our libnl-1 vs. libnl-3 code. > > > > * configure.ac (WITH_GNUTLS): Probe whether to add -lgcrypt, and > > define a witness WITH_GNUTLS_GCRYPT. > > * src/libvirt.c (virTLSMutexInit, virTLSMutexDestroy) > > (virTLSMutexLock, virTLSMutexUnlock, virTLSThreadImpl) > > (virGlobalInit): Honor the witness. > > * libvirt.spec.in (BuildRequires): Make gcrypt usage conditional, > > no longer needed in Fedora 19. > > > > Signed-off-by: Eric Blake <eblake@xxxxxxxxxx> > > --- > > > > Tested with 'ldd src/.libs/libvirt.so | grep -E "(gcry|net|tls)"': > > - on RHEL 6.4 and Fedora 18, pre- and post-patch remain unchanged > > (use of just libgnutls/libgcrypt) > > - on Fedora 19, pre-patch linked against libgnutls, libgcrypt, and > > libnettle, post-patch linked against just libgnutls and libnettle > > > > This should probably go in for 1.1.1, but it's not a build-breaker > > so it needs review. > > > > configure.ac | 27 +++++++++++++++++++++------ > > libvirt.spec.in | 2 ++ > > src/libvirt.c | 10 ++++++---- > > 3 files changed, 29 insertions(+), 10 deletions(-) > > > > diff --git a/configure.ac b/configure.ac > > index cc9942a..de209e2 100644 > > --- a/configure.ac > > +++ b/configure.ac > > @@ -1098,13 +1098,28 @@ if test "x$with_gnutls" != "xno"; then > > AC_MSG_ERROR([You must install the GnuTLS library in order to compile and run libvirt]) > > fi > > else > > - dnl Not all versions of gnutls include -lgcrypt, and so we add > > - dnl it explicitly for the calls to gcry_control/check_version > > - GNUTLS_LIBS="$GNUTLS_LIBS -lgcrypt" > > > > - dnl We're not using gcrypt deprecated features so define > > - dnl GCRYPT_NO_DEPRECATED to avoid deprecated warnings > > - GNUTLS_CFLAGS="$GNUTLS_CFLAGS -DGCRYPT_NO_DEPRECATED" > > + dnl If gnutls linked against -lgcrypt, then we must initialize gcrypt > > + dnl prior to using gnutls. Newer versions of gnutls use -lnettle, in > > + dnl which case we don't want to drag in gcrypt ourselves. > > + gnutls_ldd= > > + for dir in /usr/lib64 /usr/lib /usr/lib/*-linux-gnu*; do > > + if test -f $dir/libgnutls.so; then > > + gnutls_ldd=`(ldd $dir/libgnutls.so) 2>&1` > > + break > > + fi > > + done > > Not sure this approach to finding libgnutls.so is going to work > reliably. eg, we allow --with-gnutls=/some/dir to point to > say /usr/local, or /opt/gnutls. > > Also with pkg-config, the library can be located basically > anywhere in the filesystem > > Gnutls had a hard cutover point from gcrypt to nettle > in the 3.0.0 release. So could we just check the > GNUTLS_VERSION_MAJOR value >= 3 in the header ? Oh, actually we don't even need todo that. We can rely on pkgconfig PKG_CHECK_MODULES(GNUTLS, gnutls >= 3.0.0, [GNUTLS_FOUND=yes GNUTLS_NETTLE=0], [ GNUTLS_GCRYPT=1 PKG_CHECK_MODULES(GNUTLS, gnutls >= $GNUTLS_REQUIRED, [GNUTLS_FOUND=yes], [GNUTLS_FOUND=no])]) Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list