From e01f7f2c6dccad7a950c1af4c31737a9628e809e Mon Sep 17 00:00:00 2001
From: Thomas Haller <thaller@redhat.com>
Date: Thu, 30 Aug 2018 08:30:19 +0200
Subject: [PATCH] build: enable building both crypto backends for tests

If the library is available, let's at least compile both
crypto backends.

That is helpful when developing on crypto backends, so that
one does not have to configure the build twice.

With autotools, the build is only run during `make check`.
Not for meson, but that is generally the case with our meson
setup, that it also builds tests during the regular build step.
---
 Makefile.am                               | 65 ++++++++++++++++-------
 configure.ac                              | 36 ++++++++++---
 libnm-core/meson.build                    | 29 +++++++++-
 meson.build                               | 13 +++--
 src/settings/plugins/ifcfg-rh/meson.build |  1 -
 5 files changed, 110 insertions(+), 34 deletions(-)

diff --git a/Makefile.am b/Makefile.am
index f61b4e5cb8..c1615108a1 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -620,14 +620,6 @@ dflt_cppflags_libnm_core = \
 	$(SANITIZER_LIB_CFLAGS) \
 	$(NULL)
 
-if WITH_GNUTLS
-dflt_cppflags_libnm_core += $(GNUTLS_CFLAGS)
-endif
-
-if WITH_NSS
-dflt_cppflags_libnm_core += $(NSS_CFLAGS)
-endif
-
 noinst_LTLIBRARIES += libnm-core/libnm-core.la
 
 GLIB_GENERATED += \
@@ -673,7 +665,6 @@ nodist_libnm_core_libnm_core_la_SOURCES = \
 	$(libnm_core_lib_c_mkenums)
 
 libnm_core_libnm_core_la_LIBADD = \
-	shared/libcsiphash.la \
 	$(GLIB_LIBS) \
 	$(UUID_LIBS) \
 	$(LIBUDEV_LIBS) \
@@ -683,16 +674,6 @@ libnm_core_libnm_core_la_LDFLAGS = \
 	$(CODE_COVERAGE_LDFLAGS) \
 	$(SANITIZER_LIB_LDFLAGS)
 
-if WITH_GNUTLS
-libnm_core_lib_c_real += libnm-core/nm-crypto-gnutls.c
-libnm_core_libnm_core_la_LIBADD += $(GNUTLS_LIBS)
-endif
-
-if WITH_NSS
-libnm_core_lib_c_real += libnm-core/nm-crypto-nss.c
-libnm_core_libnm_core_la_LIBADD += $(NSS_LIBS)
-endif
-
 EXTRA_DIST += \
 	libnm-core/nm-crypto-gnutls.c \
 	libnm-core/nm-crypto-nss.c \
@@ -718,6 +699,46 @@ dist_dependencies += \
 
 ###############################################################################
 
+if HAVE_CRYPTO_GNUTLS
+if WITH_GNUTLS
+libnm_crypto_lib = libnm-core/libnm-crypto-gnutls.la
+else
+check_ltlibraries += libnm-core/libnm-crypto-gnutls.la
+endif
+
+libnm_core_libnm_crypto_gnutls_la_SOURCES = libnm-core/nm-crypto-gnutls.c
+libnm_core_libnm_crypto_gnutls_la_CPPFLAGS = \
+	$(libnm_core_libnm_core_la_CPPFLAGS) \
+	$(GNUTLS_CFLAGS)
+libnm_core_libnm_crypto_gnutls_la_LDFLAGS = \
+	$(libnm_core_libnm_core_la_LDFLAGS)
+libnm_core_libnm_crypto_gnutls_la_LIBADD = \
+	$(libnm_core_libnm_core_la_LIBADD) \
+	$(GNUTLS_LIBS)
+endif
+
+if HAVE_CRYPTO_NSS
+if WITH_NSS
+libnm_crypto_lib = libnm-core/libnm-crypto-nss.la
+else
+check_ltlibraries += libnm-core/libnm-crypto-nss.la
+endif
+
+libnm_core_libnm_crypto_nss_la_SOURCES = libnm-core/nm-crypto-nss.c
+libnm_core_libnm_crypto_nss_la_CPPFLAGS = \
+	$(libnm_core_libnm_core_la_CPPFLAGS) \
+	$(NSS_CFLAGS)
+libnm_core_libnm_crypto_nss_la_LDFLAGS = \
+	$(libnm_core_libnm_core_la_LDFLAGS)
+libnm_core_libnm_crypto_nss_la_LIBADD = \
+	$(libnm_core_libnm_core_la_LIBADD) \
+	$(NSS_LIBS)
+endif
+
+noinst_LTLIBRARIES += $(libnm_crypto_lib)
+
+###############################################################################
+
 check_programs += \
 	libnm-core/tests/test-compare \
 	libnm-core/tests/test-crypto \
@@ -764,6 +785,8 @@ nodist_libnm_core_tests_test_general_SOURCES = \
 
 libnm_core_tests_ldadd = \
 	libnm-core/libnm-core.la \
+	shared/libcsiphash.la \
+	$(libnm_crypto_lib) \
 	$(GLIB_LIBS)
 
 libnm_core_tests_ldflags = \
@@ -968,6 +991,8 @@ libnm_libnm_utils_la_SOURCES = \
 
 libnm_libnm_utils_la_LIBADD = \
 	libnm-core/libnm-core.la \
+	shared/libcsiphash.la \
+	$(libnm_crypto_lib) \
 	introspection/libnmdbus.la \
 	$(GLIB_LIBS)
 
@@ -1593,6 +1618,8 @@ endif
 
 src_libNetworkManagerBase_la_LIBADD = \
 	libnm-core/libnm-core.la \
+	shared/libcsiphash.la \
+	$(libnm_crypto_lib) \
 	$(GLIB_LIBS) \
 	$(SYSTEMD_JOURNAL_LIBS) \
 	$(LIBUDEV_LIBS) \
diff --git a/configure.ac b/configure.ac
index ea1c43f12f..62c7e0392e 100644
--- a/configure.ac
+++ b/configure.ac
@@ -668,21 +668,41 @@ else
 fi
 AC_SUBST(NM_MODIFY_SYSTEM_POLICY)
 
+PKG_CHECK_MODULES(GNUTLS, [gnutls >= 2.12], [have_crypto_gnutls=yes], [have_crypto_gnutls=no])
+PKG_CHECK_MODULES(NSS, [nss], [have_crypto_nss=yes], [have_crypto_nss=yes])
+if test "${have_crypto_nss}" = "yes"; then
+	# Work around a pkg-config bug (fdo #29801) where exists != usable
+	FOO=`$PKG_CONFIG --cflags --libs nss`
+	if test x"$?" != "x0"; then
+		have_crypto_nss=no
+	fi
+fi
+AM_CONDITIONAL(HAVE_CRYPTO_GNUTLS, test "${have_crypto_gnutls}" = 'yes')
+AM_CONDITIONAL(HAVE_CRYPTO_NSS, test "${have_crypto_nss}" = 'yes')
+if test "${have_crypto_gnutls}" = 'yes'; then
+	AC_DEFINE(HAVE_CRYPTO_GNUTLS, 1, [Define if you have gnutls support])
+else
+	AC_DEFINE(HAVE_CRYPTO_GNUTLS, 0, [Define if you have gnutls support])
+fi
+if test "${have_crypto_nss}" = 'yes'; then
+	AC_DEFINE(HAVE_CRYPTO_NSS, 1, [Define if you have nss support])
+else
+	AC_DEFINE(HAVE_CRYPTO_NSS, 0, [Define if you have nss support])
+fi
+
 AC_ARG_WITH(crypto,
             AS_HELP_STRING([--with-crypto=nss|gnutls],
                            [Cryptography library to use for certificate and key operations]),
             with_crypto=$withval,
             with_crypto=nss)
 if test "$with_crypto" = 'nss'; then
-	PKG_CHECK_MODULES(NSS, [nss])
-
-	# Work around a pkg-config bug (fdo #29801) where exists != usable
-	FOO=`$PKG_CONFIG --cflags --libs nss`
-	if test x"$?" != "x0"; then
-		AC_MSG_ERROR([No usable NSS found])
+	if test "${have_crypto_nss}" != "yes"; then
+		AC_MSG_ERROR([No usable NSS found for --with-crypto=nss])
 	fi
 elif test "$with_crypto" = 'gnutls'; then
-	PKG_CHECK_MODULES(GNUTLS, [gnutls >= 2.12])
+	if test "${have_crypto_gnutls}" != "yes"; then
+		AC_MSG_ERROR([No usable gnutls found for --with-crypto=gnutls])
+	fi
 else
 	AC_MSG_ERROR([Please choose either 'nss' or 'gnutls' for certificate and crypto operations])
 fi
@@ -1385,7 +1405,7 @@ echo "  code coverage: $enable_code_coverage"
 echo "  LTO: $enable_lto"
 echo "  linker garbage collection: $enable_ld_gc"
 echo "  JSON validation for libnm: $enable_json_validation"
-echo "  crypto: $with_crypto"
+echo "  crypto: $with_crypto (have-gnutls: $have_crypto_gnutls, have-nss: $have_crypto_nss)"
 echo "  sanitizers: $sanitizers"
 echo "  Mozilla Public Suffix List: $with_libpsl"
 echo
diff --git a/libnm-core/meson.build b/libnm-core/meson.build
index 5596ab5716..eb6fcce94b 100644
--- a/libnm-core/meson.build
+++ b/libnm-core/meson.build
@@ -108,7 +108,6 @@ libnm_core_settings_sources = files(
 
 libnm_core_sources = libnm_core_settings_sources + files(
   'nm-crypto.c',
-  'nm-crypto-' + crypto + '.c',
   'nm-connection.c',
   'nm-dbus-utils.c',
   'nm-errors.c',
@@ -136,7 +135,6 @@ libnm_core_enum = gnome.mkenums(
 )
 
 deps = [
-  crypto_dep,
   dl_dep,
   libudev_dep,
   shared_dep,
@@ -154,6 +152,32 @@ if enable_json_validation
   deps += jansson_dep
 endif
 
+if (crypto_gnutls_dep.found())
+  libnm_crypto_gnutls = static_library(
+    'nm-crypto-gnutls',
+    sources: [ 'nm-crypto-gnutls.c' ],
+    dependencies: deps + [ crypto_gnutls_dep ],
+    c_args: cflags
+  )
+endif
+
+if (crypto_nss_dep.found())
+  libnm_crypto_nss = static_library(
+    'nm-crypto-nss',
+    sources: [ 'nm-crypto-nss.c' ],
+    dependencies: deps + [ crypto_nss_dep ],
+    c_args: cflags
+  )
+endif
+
+if crypto == 'gnutls'
+  libnm_crypto = libnm_crypto_gnutls
+elif crypto == 'nss'
+  libnm_crypto = libnm_crypto_nss
+else
+  error('bug')
+endif
+
 libnm_core_sources_all =  libnm_core_sources
 libnm_core_sources_all += libnm_core_enum
 libnm_core_sources_all += shared_nm_meta_setting_c
@@ -165,6 +189,7 @@ libnm_core = static_library(
   'nm-core',
   sources: libnm_core_sources_all,
   dependencies: deps,
+  link_with: libnm_crypto,
   c_args: cflags
 )
 
diff --git a/meson.build b/meson.build
index 4695efb2a2..44a7ee7ff5 100644
--- a/meson.build
+++ b/meson.build
@@ -470,12 +470,16 @@ if enable_polkit_agent
 endif
 config_h.set10('WITH_POLKIT_AGENT', enable_polkit_agent)
 
-# crypto
+crypto_gnutls_dep = dependency('gnutls', version: '>= 2.12', required: false)
+crypto_nss_dep = dependency('nss', required: false)
+
 crypto = get_option('crypto')
 if crypto == 'nss'
-  crypto_dep = dependency('nss')
+  assert(crypto_nss_dep.found(), 'Requires gnutls crypto support')
+elif crypto == 'gnutls'
+  assert(crypto_gnutls_dep.found(), 'Requires gnutls crypto support')
 else
-  crypto_dep = dependency('gnutls', version: '>= 2.12')
+  error('bug')
 endif
 
 dbus_conf_dir = get_option('dbus_conf_dir')
@@ -1022,7 +1026,8 @@ output += '\n'
 output += '  code coverage: ' + get_option('b_coverage').to_string() + '\n'
 output += '  LTO: ' + get_option('b_lto').to_string() + '\n'
 output += '  Linker garbage collection: ' + enable_ld_gc.to_string() + '\n'
-output += '  JSON validation for libnm: ' + enable_json_validation.to_string () + '\n'
+output += '  JSON validation for libnm: ' + enable_json_validation.to_string() + '\n'
+output += '  crypto: ' + crypto + ' (have-gnutls: ' + crypto_gnutls_dep.found().to_string() + ', have-nss: ' + crypto_nss_dep.found().to_string() + ')\n'
 output += '  sanitizers: ' + get_option('b_sanitize') + '\n'
 output += '  Mozilla Public Suffix List: ' + enable_libpsl.to_string() + '\n'
 message(output)
diff --git a/src/settings/plugins/ifcfg-rh/meson.build b/src/settings/plugins/ifcfg-rh/meson.build
index 00892c22f4..5d9689a52c 100644
--- a/src/settings/plugins/ifcfg-rh/meson.build
+++ b/src/settings/plugins/ifcfg-rh/meson.build
@@ -27,7 +27,6 @@ sources = files(
 )
 
 deps = [
-  crypto_dep,
   nm_dep
 ]