From a5d960f3697c7c7203a172cb4ee646804a19188c Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Sun, 3 Aug 2025 15:55:06 +0200 Subject: [PATCH 1/3] run aclocal before autoconf, explicitly install pkgconf --- .github/workflows/build-test.yml | 8 ++++---- .readthedocs.yaml | 3 ++- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/.github/workflows/build-test.yml b/.github/workflows/build-test.yml index 2a44e0f15..4d610ff22 100644 --- a/.github/workflows/build-test.yml +++ b/.github/workflows/build-test.yml @@ -11,14 +11,14 @@ jobs: - os: ubuntu-24.04 cc: gcc cflags: -g2 -O0 -fsanitize=address,undefined,leak -fno-sanitize-recover=all - packages: autoconf automake libtool make libevent-dev libssl-dev flex bison libfstrm-dev protobuf-c-compiler libprotobuf-c-dev + packages: autoconf automake libtool pkgconf make libevent-dev libssl-dev flex bison libfstrm-dev protobuf-c-compiler libprotobuf-c-dev - os: ubuntu-24.04 cc: clang cflags: -g2 -O0 -fsanitize=address,undefined,leak -fno-sanitize-recover=all - packages: autoconf automake libtool make libevent-dev libssl-dev flex bison libfstrm-dev protobuf-c-compiler libprotobuf-c-dev + packages: autoconf automake libtool pkgconf make libevent-dev libssl-dev flex bison libfstrm-dev protobuf-c-compiler libprotobuf-c-dev - os: macos-15 cflags: -g2 -O0 -fsanitize=address,undefined -fno-sanitize-recover=all - packages: autoconf automake libtool flex bison fstrm protobuf-c + packages: autoconf automake libtool pkgconf flex bison fstrm protobuf-c # The libevent and openssl packages are already installed. steps: - uses: actions/checkout@v4 @@ -46,7 +46,7 @@ jobs: CFLAGS: ${{matrix.cflags}} run: | set -e -x - autoconf && autoheader + aclocal && autoconf && autoheader (cd simdzone && autoconf && autoheader) libtoolize -c -i || glibtoolize -c -i if test "${{runner.os}}" = 'macOS'; then diff --git a/.readthedocs.yaml b/.readthedocs.yaml index 487ceb277..ade8dcc6c 100644 --- a/.readthedocs.yaml +++ b/.readthedocs.yaml @@ -6,6 +6,7 @@ build: - autoconf - automake - libtool + - pkgconf - make - libevent-dev - libssl-dev @@ -20,7 +21,7 @@ build: jobs: pre_build: - | - autoconf && autoheader + aclocal && autoconf && autoheader libtoolize -c -i ./configure --with-libevent=yes --with-libssl=yes make html From 89d9112ab2e28010e8f3b7bbba69a7c0027f73e7 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Sun, 3 Aug 2025 15:31:33 +0200 Subject: [PATCH 2/3] configure.ac: use pkg-config for OpenSSL Incidentally support for it got added in OpenSSL 0.9.7 which is already required. https://github.com/openssl/openssl/releases/tag/OpenSSL_0_9_7 > Support for pkg-config. --- configure.ac | 120 +++++++-------------------------------------------- 1 file changed, 15 insertions(+), 105 deletions(-) diff --git a/configure.ac b/configure.ac index 567286cc7..3f9d4de4f 100644 --- a/configure.ac +++ b/configure.ac @@ -180,6 +180,8 @@ AC_PROG_YACC AC_PROG_LN_S AC_PROG_INSTALL +PKG_PROG_PKG_CONFIG + if test "$LEX" != ":" -a "$LEX" != ""; then # Solaris provides anemic tools, and they don't offer GNU extensions like # 'flex -i'. Solaris also does not offer GNU replacements in /usr/gnu/bin. @@ -354,78 +356,6 @@ AC_CHECK_CTIME_R # Checks for libraries. -# Check for SSL, original taken from -# http://www.gnu.org/software/ac-archive/htmldoc/check_ssl.html and -# modified for NSD. -AC_DEFUN([CHECK_SSL], [ - AC_ARG_WITH(ssl, AS_HELP_STRING([--with-ssl=pathname],[enable SSL (will check /usr/local/ssl - /usr/lib/ssl /usr/ssl /usr/pkg /usr/sfw /usr/local /usr /usr/local/opt/openssl)]),[ - ],[ - withval="yes" - ]) - if test x_$withval != x_no; then - AC_MSG_CHECKING(for SSL) - if test -n "$withval"; then - dnl look for openssl install with different version, eg. - dnl in /usr/include/openssl11/openssl/ssl.h - dnl and /usr/lib64/openssl11/libssl.so - dnl with the --with-ssl=/usr/include/openssl11 - if test ! -f "$withval/include/openssl/ssl.h" -a -f "$withval/openssl/ssl.h"; then - ssldir="$withval" - found_ssl="yes" - withval="" - ssldir_include="$ssldir" - CPPFLAGS="$CPPFLAGS -I$ssldir_include"; - dnl find the libdir - ssldir_lib=`echo $ssldir | sed -e 's/include/lib/'` - if test -f "$ssldir_lib/libssl.a" -o -f "$ssldir_lib/libssl.so"; then - : # found here - else - ssldir_lib=`echo $ssldir | sed -e 's/include/lib64/'` - if test -f "$ssldir_lib/libssl.a" -o -f "$ssldir_lib/libssl.so"; then - : # found here - else - AC_MSG_ERROR([Could not find openssl lib file, $ssldir_lib/libssl.[so,a], pass like "/usr/local" or "/usr/include/openssl11"]) - fi - fi - fi - fi - if test x_$withval = x_ -o x_$withval = x_yes; then - withval="/usr/local/ssl /usr/lib/ssl /usr/ssl /usr/pkg /usr/sfw /usr/local /usr /usr/local/opt/openssl" - fi - for dir in $withval; do - ssldir="$dir" - if test -f "$dir/include/openssl/ssl.h"; then - found_ssl="yes"; - if test x_$ssldir != x_/usr; then - CPPFLAGS="$CPPFLAGS -I$ssldir/include"; - fi - ssldir_include="$ssldir/include" - if test ! -d "$ssldir/lib" -a -d "$ssldir/lib64"; then - ssldir_lib="$ssldir/lib64" - else - ssldir_lib="$ssldir/lib" - fi - break; - fi - done - if test x_$found_ssl != x_yes; then - AC_MSG_ERROR([Cannot find the SSL libraries in $withval]) - else - AC_MSG_RESULT([found in $ssldir]) - HAVE_SSL=yes - AC_DEFINE_UNQUOTED([HAVE_SSL], [], [Define if you have the SSL libraries installed.]) - if test x_$ssldir != x_/usr; then - LDFLAGS="$LDFLAGS -L$ssldir_lib"; - fi - if test x_$ssldir = x_/usr/sfw; then - LDFLAGS="$LDFLAGS -R$ssldir_lib"; - fi - fi - AC_SUBST(HAVE_SSL) - fi -])dnl - # check for libevent AC_ARG_WITH(libevent, AS_HELP_STRING([--with-libevent=pathname],[use libevent (will check /usr/local /opt/local /usr/lib /usr/pkg /usr/sfw /usr /usr/local/opt/libevent or you can specify an explicit path), useful when the zone count is high.]), [ ],[ withval="yes" ]) @@ -1025,40 +955,22 @@ esac AC_SUBST(ratelimit_default) # we need SSL for TSIG (and maybe also for NSEC3). -CHECK_SSL -if test x$HAVE_SSL = x"yes"; then - ACX_LIB_SSL - # remove space after -ldl if there. - LIBS=`echo "$LIBS" | sed -e 's/ $//'` +AC_ARG_WITH([ssl], AS_HELP_STRING([--with-ssl], [enable SSL])) +AS_IF([test "x$with_ssl" != "xno"], [ + PKG_CHECK_MODULES([SSL], [openssl >= 0.9.7], [ + CPPFLAGS="$CPPFLAGS $SSL_CFLAGS" + HAVE_SSL=yes + ]) + AC_SUBST(HAVE_SSL) + AC_SUBST(SSL_CFLAGS) + AC_SUBST(SSL_LIBS) + AC_DEFINE_UNQUOTED([HAVE_SSL], [], [Define if you have the SSL libraries installed.]) +]) - # Check for -pthread +if test x$HAVE_SSL = x"yes"; then BAKLIBS="$LIBS" - LIBS="-lcrypto $LIBS" - AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[ - int EVP_sha256(void); - (void)EVP_sha256(); - ]])],[],[ - dnl so link fails for EVP_sha256, try with -pthread. - BAKCFLAGS="$CFLAGS" - CFLAGS="$CFLAGS -pthread" - AC_MSG_CHECKING([if libcrypto needs -pthread]) - AC_TRY_LINK_FUNC([EVP_sha256], [ - AC_MSG_RESULT([yes]) - ] , [ - AC_MSG_RESULT([no]) - dnl restore the nonpthread value - CFLAGS="$BAKCFLAGS" - ]) - ]) - LIBS="$BAKLIBS" + LIBS="$SSL_LIBS $LIBS" - if test -n "$ssldir"; then - AC_CHECK_LIB(crypto, EVP_sha256,, [ - AC_MSG_ERROR([OpenSSL found in $ssldir, but version 0.9.7 or higher is required]) - ]) - fi - SSL_LIBS="-lssl" - AC_SUBST(SSL_LIBS) AC_CHECK_HEADERS([openssl/ssl.h openssl/err.h openssl/rand.h openssl/ocsp.h openssl/core_names.h openssl/x509v3.h],,, [AC_INCLUDES_DEFAULT]) AC_CHECK_FUNCS([HMAC_CTX_reset HMAC_CTX_new EVP_cleanup ERR_load_crypto_strings OPENSSL_init_crypto CRYPTO_memcmp EC_KEY_new_by_curve_name EVP_MAC_CTX_new EVP_MAC_CTX_set_params EVP_MAC_CTX_get_mac_size SHA1_Init ASN1_STRING_get0_data EVP_PKEY_get0_type_name]) if test "$ac_cv_func_SHA1_Init" = "yes"; then @@ -1093,8 +1005,6 @@ AC_INCLUDES_DEFAULT [AC_DEFINE([HAVE_TLS_1_3], [1], [Define if TLS 1.3 is supported by OpenSSL])], [AC_MSG_WARN([No TLS 1.3, therefore XFR-over-TLS is disabled])], [[#include ]]) - BAKLIBS="$LIBS" - LIBS="-lssl $LIBS" AC_CHECK_FUNCS([OPENSSL_init_ssl SSL_get1_peer_certificate SSL_CTX_set_security_level ERR_load_SSL_strings]) if test "$ac_cv_func_ERR_load_SSL_strings" = "yes"; then ACX_FUNC_DEPRECATED([ERR_load_SSL_strings], [(void)ERR_load_SSL_strings();], [ From 96754f80a6b44e1ade42751b992859cf7173d20f Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Sun, 3 Aug 2025 15:33:00 +0200 Subject: [PATCH 3/3] acx_nlnetlabs.m4: cleanup now unused functions for OpenSSL --- acx_nlnetlabs.m4 | 218 ----------------------------------------------- 1 file changed, 218 deletions(-) diff --git a/acx_nlnetlabs.m4 b/acx_nlnetlabs.m4 index 6a01dc5a4..5789abc88 100644 --- a/acx_nlnetlabs.m4 +++ b/acx_nlnetlabs.m4 @@ -80,10 +80,6 @@ # ACX_TYPE_IN_ADDR_T - in_addr_t type. # ACX_TYPE_IN_PORT_T - in_port_t type. # ACX_ARG_RPATH - add --disable-rpath option. -# ACX_WITH_SSL - add --with-ssl option, link -lcrypto. -# ACX_WITH_SSL_OPTIONAL - add --with-ssl option, link -lcrypto, -# where --without-ssl is also accepted -# ACX_LIB_SSL - setup to link -lssl. # ACX_SYS_LARGEFILE - improved sys_largefile, fseeko, >2G files. # ACX_CHECK_GETADDRINFO_WITH_INCLUDES - find getaddrinfo, portably. # ACX_FUNC_DEPRECATED - see if func is deprecated. @@ -649,220 +645,6 @@ AC_DEFUN([ACX_RUNTIME_PATH_ADD], [ fi ]) -dnl Common code for both ACX_WITH_SSL and ACX_WITH_SSL_OPTIONAL -dnl Takes one argument; the withval checked in those 2 functions -dnl sets up the environment for the given openssl path -AC_DEFUN([ACX_SSL_CHECKS], [ - withval=$1 - if test x_$withval != x_no; then - AC_MSG_CHECKING(for SSL) - if test -n "$withval"; then - dnl look for openssl install with different version, eg. - dnl in /usr/include/openssl11/openssl/ssl.h - dnl and /usr/lib64/openssl11/libssl.so - dnl with the --with-ssl=/usr/include/openssl11 - if test ! -f "$withval/include/openssl/ssl.h" -a -f "$withval/openssl/ssl.h"; then - ssldir="$withval" - found_ssl="yes" - withval="" - ssldir_include="$ssldir" - dnl find the libdir - ssldir_lib=`echo $ssldir | sed -e 's/include/lib/'` - if test -f "$ssldir_lib/libssl.a" -o -f "$ssldir_lib/libssl.so"; then - : # found here - else - ssldir_lib=`echo $ssldir | sed -e 's/include/lib64/'` - if test -f "$ssldir_lib/libssl.a" -o -f "$ssldir_lib/libssl.so"; then - : # found here - else - AC_MSG_ERROR([Could not find openssl lib file, $ssldir_lib/libssl.[so,a], pass like "/usr/local" or "/usr/include/openssl11"]) - fi - fi - fi - fi - if test x_$withval = x_ -o x_$withval = x_yes; then - withval="/usr/local/ssl /usr/lib/ssl /usr/ssl /usr/pkg /usr/local /opt/local /usr/sfw /usr" - fi - for dir in $withval; do - ssldir="$dir" - if test -f "$dir/include/openssl/ssl.h"; then - found_ssl="yes" - ssldir_include="$ssldir/include" - if test ! -d "$ssldir/lib" -a -d "$ssldir/lib64"; then - ssldir_lib="$ssldir/lib64" - else - ssldir_lib="$ssldir/lib" - fi - break; - fi - done - if test x_$found_ssl != x_yes; then - AC_MSG_ERROR(Cannot find the SSL libraries in $withval) - else - AC_MSG_RESULT(found in $ssldir) - AC_DEFINE_UNQUOTED([HAVE_SSL], [], [Define if you have the SSL libraries installed.]) - HAVE_SSL=yes - dnl assume /usr is already in the include, lib and dynlib paths. - if test "$ssldir" != "/usr"; then - CPPFLAGS="$CPPFLAGS -I$ssldir_include" - LIBSSL_CPPFLAGS="$LIBSSL_CPPFLAGS -I$ssldir_include" - LDFLAGS="$LDFLAGS -L$ssldir_lib" - LIBSSL_LDFLAGS="$LIBSSL_LDFLAGS -L$ssldir_lib" - ACX_RUNTIME_PATH_ADD([$ssldir_lib]) - fi - - AC_MSG_CHECKING([for EVP_sha256 in -lcrypto]) - LIBS="$LIBS -lcrypto" - LIBSSL_LIBS="$LIBSSL_LIBS -lcrypto" - AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[ - int EVP_sha256(void); - (void)EVP_sha256(); - ]])],[ - AC_MSG_RESULT(yes) - AC_DEFINE([HAVE_EVP_SHA256], 1, - [If you have EVP_sha256]) - ],[ - AC_MSG_RESULT(no) - # check if -lwsock32 or -lgdi32 are needed. - BAKLIBS="$LIBS" - BAKSSLLIBS="$LIBSSL_LIBS" - LIBS="$LIBS -lgdi32 -lws2_32" - LIBSSL_LIBS="$LIBSSL_LIBS -lgdi32 -lws2_32" - AC_MSG_CHECKING([if -lcrypto needs -lgdi32]) - AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[ - int EVP_sha256(void); - (void)EVP_sha256(); - ]])],[ - AC_DEFINE([HAVE_EVP_SHA256], 1, - [If you have EVP_sha256]) - AC_MSG_RESULT(yes) - ],[ - AC_MSG_RESULT(no) - LIBS="$BAKLIBS" - LIBSSL_LIBS="$BAKSSLLIBS" - - LIBS="$LIBS -lgdi32 -lws2_32 -lcrypt32" - LIBSSL_LIBS="$LIBSSL_LIBS -lgdi32 -lws2_32 -lcrypt32" - AC_MSG_CHECKING([if -lcrypto needs -lgdi32 -lws2_32 -lcrypt32]) - AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[ - int EVP_sha256(void); - (void)EVP_sha256(); - ]])],[ - AC_DEFINE([HAVE_EVP_SHA256], 1, - [If you have EVP_sha256]) - AC_MSG_RESULT(yes) - ],[ - AC_MSG_RESULT(no) - LIBS="$BAKLIBS" - LIBSSL_LIBS="$BAKSSLLIBS" - - LIBS="$LIBS -lgdi32 -lws2_32 -lcrypt32 -l:libssp.a" - LIBSSL_LIBS="$LIBSSL_LIBS -lgdi32 -lws2_32 -lcrypt32 -l:libssp.a" - AC_MSG_CHECKING([if -lcrypto needs -lgdi32 -lws2_32 -lcrypt32 -l:libssp.a]) - AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[ - int EVP_sha256(void); - (void)EVP_sha256(); - ]])],[ - AC_DEFINE([HAVE_EVP_SHA256], 1, - [If you have EVP_sha256]) - AC_MSG_RESULT(yes) - ],[ - AC_MSG_RESULT(no) - LIBS="$BAKLIBS" - LIBSSL_LIBS="$BAKSSLLIBS" - - LIBS="$LIBS -ldl" - LIBSSL_LIBS="$LIBSSL_LIBS -ldl" - AC_MSG_CHECKING([if -lcrypto needs -ldl]) - AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[ - int EVP_sha256(void); - (void)EVP_sha256(); - ]])],[ - AC_DEFINE([HAVE_EVP_SHA256], 1, - [If you have EVP_sha256]) - AC_MSG_RESULT(yes) - ],[ - AC_MSG_RESULT(no) - LIBS="$BAKLIBS" - LIBSSL_LIBS="$BAKSSLLIBS" - LIBS="$LIBS -ldl -pthread" - LIBSSL_LIBS="$LIBSSL_LIBS -ldl -pthread" - AC_MSG_CHECKING([if -lcrypto needs -ldl -pthread]) - AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[ - int EVP_sha256(void); - (void)EVP_sha256(); - ]])],[ - AC_DEFINE([HAVE_EVP_SHA256], 1, - [If you have EVP_sha256]) - AC_MSG_RESULT(yes) - ],[ - AC_MSG_RESULT(no) - AC_MSG_ERROR([OpenSSL found in $ssldir, but version 0.9.7 or higher is required]) - ]) - ]) - ]) - ]) - ]) - ]) - fi - AC_SUBST(HAVE_SSL) - AC_SUBST(RUNTIME_PATH) - fi -AC_CHECK_HEADERS([openssl/ssl.h],,, [AC_INCLUDES_DEFAULT]) -AC_CHECK_HEADERS([openssl/err.h],,, [AC_INCLUDES_DEFAULT]) -AC_CHECK_HEADERS([openssl/rand.h],,, [AC_INCLUDES_DEFAULT]) -])dnl End of ACX_SSL_CHECKS - -dnl Check for SSL, where SSL is mandatory -dnl Adds --with-ssl option, searches for openssl and defines HAVE_SSL if found -dnl Setup of CPPFLAGS, CFLAGS. Adds -lcrypto to LIBS. -dnl Checks main header files of SSL. -dnl -AC_DEFUN([ACX_WITH_SSL], -[ -AC_ARG_WITH(ssl, AS_HELP_STRING([--with-ssl=pathname],[enable SSL (will check /usr/local/ssl - /usr/lib/ssl /usr/ssl /usr/pkg /usr/local /opt/local /usr/sfw /usr or specify like /usr/include/openssl11)]),[ - ],[ - withval="yes" - ]) - if test x_$withval = x_no; then - AC_MSG_ERROR([Need SSL library to do digital signature cryptography]) - fi - ACX_SSL_CHECKS($withval) -])dnl End of ACX_WITH_SSL - -dnl Check for SSL, where ssl is optional (--without-ssl is allowed) -dnl Adds --with-ssl option, searches for openssl and defines HAVE_SSL if found -dnl Setup of CPPFLAGS, CFLAGS. Adds -lcrypto to LIBS. -dnl Checks main header files of SSL. -dnl -AC_DEFUN([ACX_WITH_SSL_OPTIONAL], -[ -AC_ARG_WITH(ssl, AS_HELP_STRING([--with-ssl=pathname],[enable SSL (will check /usr/local/ssl - /usr/lib/ssl /usr/ssl /usr/pkg /usr/local /opt/local /usr/sfw /usr or specify like /usr/include/openssl11)]),[ - ],[ - withval="yes" - ]) - ACX_SSL_CHECKS($withval) -])dnl End of ACX_WITH_SSL_OPTIONAL - -dnl Setup to use -lssl -dnl To use -lcrypto, use the ACX_WITH_SSL setup (before this one). -AC_DEFUN([ACX_LIB_SSL], -[ -# check if libssl needs libdl -BAKLIBS="$LIBS" -LIBS="-lssl $LIBS" -AC_MSG_CHECKING([if libssl needs libdl]) -AC_TRY_LINK_FUNC([SSL_CTX_new], [ - AC_MSG_RESULT([no]) - LIBS="$BAKLIBS" -] , [ - AC_MSG_RESULT([yes]) - LIBS="$BAKLIBS" - AC_SEARCH_LIBS([dlopen], [dl]) -]) ])dnl End of ACX_LIB_SSL - dnl Setup to use very large files (>2Gb). dnl setups fseeko and its own AC_DEFUN([ACX_SYS_LARGEFILE],