New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fixed pkcs11-register defaults on macOS and Windows #3053
base: master
Are you sure you want to change the base?
Conversation
f5a11a2
to
68940cf
Compare
fdb35e5
to
e59586d
Compare
The generated commandline files are causing problems with
@Jakuje , do you know how to circumvent this? |
I was fixing this manually in b21d01e#diff-b9804e986581c6f7b6926feede5d5abddf4af651138eca115894fef96632e309 Together with the typo that I managed to push also to upstream: https://savannah.gnu.org/bugs/?64743 I can try to fix also the cast in gengetopt, but given that this commit was first in 4 years since last release, I am not sure how active development is and when we can expect this to get pulled by distributions. I filled this here: https://savannah.gnu.org/bugs/index.php?65417 For the time being, I believe we should not regenerate the cmdline files as part of the build process (at least not for the goid that is having this issue). Side note: Once you do the detection of the Other option to avoid this issue might be not to use the |
Thanks for tracking this to the original source. In CI, we're currently not using I pushed a commit with the suggested workaround of using a short. |
One more thing. Once more regenerate the cmdline files during the build it is a question, whether the resulting files should be in git at all. Indeed, it helps to keep track of changes in the gengetopt tool (if there are some), but otherwise it will just cause these issues. If we add gengetopt as a dependency, we can generate them during the build (and during the If we want to keep them in git, I think we should not codespell and code style check them as there is really nothing the PR contributor could do about typos in them and formatting issues. Unfortunately, I do not see an option in https://github.com/yshui/git-clang-format-lint to exclude files (but that should not be an issue), but codespell has an exclude_file, which can contain the files to exclude so thats what https://github.com/codespell-project/actions-codespell?tab=readme-ov-file#parameter-exclude_file |
There is no easy way to get gengetopt on Windows - we would have to compile this ourselves. Yes, we are already doing this for OpenSSL and zlib, but those libraries are popular enough to have compiled binaries available somewhere. Basically, developer on-boarding would be a little more complicated on Windows. #2577 would fix that to some extent, but l currently don't have time to take a deeper look into this. |
The source code files for command line interface of pkcs11-register are switched to macOS/Windows defaults in case of adapting the configuration of the browsers. Setting up gengetopt as requirement in Linux is much easier. Also regenerates command line files for all other tools.
09c9794
to
4ad2952
Compare
@@ -17,6 +17,7 @@ BuildRequires: docbook-style-xsl | |||
BuildRequires: autoconf automake libtool gcc | |||
BuildRequires: bash-completion | |||
BuildRequires: zlib-devel | |||
BuildRequires: gengetopt |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this needed for the build from the dist tarball? If so, it might be a problem as we do not have the gengetopt in RHEL (only in EPEL).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You can build without gengetopt, but obviously OpenSC would not include egk-tool goid-tool opensc-asn1 pkcs11-register, opensc-notify and npa-tool.
4f6cdab
to
d2b4e45
Compare
dependant tools will only be created if gengetopt is available during build. On Windows, this requires generating the files via `make cmdline -C src/tools` in cygwin with gengetopt installed fixes missing distribution of pkcs11-register.ggo.in fixes CVCDIR and X509DIR defaults on Windows
d2b4e45
to
0e74297
Compare
Finally... after many hickups and corner cases, gengetopt is now an optional build dependency and we don't need to handle cmdline files in the source code distribution. |
AX_CHECK_COMPILE_FLAG([-Wshorten-64-to-32], [have_shorten_warning_option="yes"], [have_shorten_warning_option="no"]) | ||
AM_CONDITIONAL([HAVE_SHORTEN_WARNING_OPTION], [test "${have_shorten_warning_option}" = "yes"]) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think I mentioned this in some previous comments, given that we have this part of configure, can you remove it from the linux-strict build?
https://github.com/OpenSC/OpenSC/blob/master/.github/workflows/linux-strict.yml#L37
I think you can also remove the line following line altogether:
https://github.com/OpenSC/OpenSC/blob/master/.github/workflows/linux-strict.yml#L72
if ENABLE_GENGETOPT | ||
bin_PROGRAMS += egk-tool goid-tool opensc-asn1 pkcs11-register | ||
|
||
if ENABLE_NOTIFY | ||
bin_PROGRAMS += opensc-notify | ||
endif |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you move these two blocks below the if ENABLE_OPENSSL
to avoid closing and opening the ENABLE_OPENSSL
block before and after this?
@@ -101,51 +117,76 @@ dnie_tool_LDADD = $(OPTIONAL_OPENSSL_LIBS) | |||
gids_tool_SOURCES = gids-tool.c util.c | |||
gids_tool_LDADD = $(OPTIONAL_OPENSSL_LIBS) | |||
|
|||
npa_tool_SOURCES = npa-tool.c fread_to_eof.c util.c npa-tool-cmdline.c | |||
npa_tool_SOURCES = npa-tool.c fread_to_eof.c util.c | |||
nodist_npa_tool_SOURCES = npa-tool-cmdline.c |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
should this be nodist? I would say that we should generate these files during dist and include them in the release tarball, similarly as we include the configure
.
.appveyor.yml
Outdated
#- curl -sSf -o C:\cygwin64\setup-x86_64.exe https://cygwin.com/setup-x86_64.exe | ||
#- C:\cygwin64\setup-x86_64.exe -q -P gengetopt |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I see this was likely an attempt to install it through cygwin. Is it still needed or is is just an artifact of failed attempt to avoid people trying? I would propose to remove the commented out lines or added some explanation why it did not work.
.appveyor.yml
Outdated
- wget https://ftp.gnu.org/gnu/gengetopt/gengetopt-2.23.tar.xz | ||
- tar xJf gengetopt-2.23.tar.xz | ||
- cd gengetopt-2.23 | ||
- bash -c "exec 0</dev/null && ./configure --prefix=/ || cat config.log" | ||
- bash -c "exec 0</dev/null && make" | ||
- cd .. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looking at the above block, I see installation of other dependencies (openpace, zlib) is done in c:\
directly, which makes the paths slightly nicer. Whats the reason for installing the gengeopt in different path? Can the appveyor DownloadFile
be used (I assume it can do some caching)?
currently, this PR is designed to integrate gengetopt as mandatory build requirement. There is no other way to change default options based on the platform, I think. For example, if you generate a distribution tarball with cmdline files in it, they will contain the default values for your Linux machine. On macOS, we want different defaults when installing from the distribution tarball. |
We could do the following:
|
pkcs11-register command line defaults are based on the platform. On macOS/Windows, we don't want to register pkcs#11 modules to avoid conflict with the native API. For this to be effective, we need to build cmdline explicitly on those platforms.
Checklist