glib-networking: enable build with GnuTLS if PKCS#11 was disabled

If GnuTLS is built without PKCS#11 support then glib-networking will fail to build the tests. Backport a patch to fix this issue. (From OE-Core rev: 6fd615ec2350d190b52784a0596c09cdaafec4bf) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2026-04-26 00:32:12 +02:00 · 2023-08-31 11:02:42 +01:00
parent 1949790712
commit 1fd22a4cd8
2 changed files with 114 additions and 0 deletions
--- a/meta/recipes-core/glib-networking/glib-networking/0001-tls-tests-disable-PKCS-11-tests-if-not-available.patch
+++ b/meta/recipes-core/glib-networking/glib-networking/0001-tls-tests-disable-PKCS-11-tests-if-not-available.patch
@@ -0,0 +1,113 @@
+From 04728a5b73e870b4695c5e7ba42fa41c00471944 Mon Sep 17 00:00:00 2001
+From: Ross Burton <ross.burton@arm.com>
+Date: Fri, 12 May 2023 20:19:35 +0100
+Subject: [PATCH] tls/tests: disable PKCS#11 tests if not available
+
+GnuTLS can be built without PKCS#11, which means the symbols
+gnutls_pkcs11_init and gnutls_pkcs11_add_provider are not part of the
+library.
+
+If these symbols don't exist in GnuTLS then we can't add a mock pkcs#11
+provider for testing, and several tests which need the mock provider
+will fail.
+
+Solve this by checking for the symbols at build time and disabling the
+provider and tests which need it.
+
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+---
+ meson.build             |  4 ++++
+ tls/tests/certificate.c | 11 +++++++----
+ tls/tests/connection.c  |  4 +++-
+ 3 files changed, 14 insertions(+), 5 deletions(-)
+
+diff --git a/meson.build b/meson.build
+index 0fa9027..d2a023a 100644
+--- a/meson.build
+++ b/meson.build
+@@ -84,6 +84,10 @@ gnutls_dep = dependency('gnutls', version: '>= 3.7.4', required: get_option('gnu
+ 
+ if gnutls_dep.found()
+   backends += ['gnutls']
+  # test-specific, maybe move to tls/tests
+  if cc.has_function('gnutls_pkcs11_init', prefix: '#include <gnutls/pkcs11.h>', dependencies: gnutls_dep)
+    config_h.set10('HAVE_GNUTLS_PKCS11', true)
+  endif
+ endif
+ 
+ # *** Checks for OpenSSL    ***
+diff --git a/tls/tests/certificate.c b/tls/tests/certificate.c
+index e820ba1..dd2412b 100644
+--- a/tls/tests/certificate.c
+++ b/tls/tests/certificate.c
+@@ -24,6 +24,7 @@
+  * Author: Stef Walter <stefw@collabora.co.uk>
+  */
+ 
+#include "config.h"
+ #include "certificate.h"
+ 
+ #include <gio/gio.h>
+@@ -911,7 +912,7 @@ int
+ main (int   argc,
+       char *argv[])
+ {
+-#ifdef BACKEND_IS_GNUTLS
+#if defined(BACKEND_IS_GNUTLS) && HAVE_GNUTLS_PKCS11
+   char *module_path;
+ #endif
+ 
+@@ -921,7 +922,7 @@ main (int   argc,
+   g_setenv ("GIO_USE_TLS", BACKEND, TRUE);
+   g_assert_cmpint (g_ascii_strcasecmp (G_OBJECT_TYPE_NAME (g_tls_backend_get_default ()), "GTlsBackend" BACKEND), ==, 0);
+ 
+-#ifdef BACKEND_IS_GNUTLS
+#if defined(BACKEND_IS_GNUTLS) && HAVE_GNUTLS_PKCS11
+   module_path = g_test_build_filename (G_TEST_BUILT, "mock-pkcs11.so", NULL);
+   g_assert_true (g_file_test (module_path, G_FILE_TEST_EXISTS));
+ 
+@@ -942,12 +943,14 @@ main (int   argc,
+               setup_certificate, test_create_certificate_with_issuer, teardown_certificate);
+   g_test_add ("/tls/" BACKEND "/certificate/create-with-garbage-input", TestCertificate, NULL,
+               setup_certificate, test_create_certificate_with_garbage_input, teardown_certificate);
+-  g_test_add ("/tls/" BACKEND "/certificate/pkcs11", TestCertificate, NULL,
+-              setup_certificate, test_create_certificate_pkcs11, teardown_certificate);
+   g_test_add ("/tls/" BACKEND "/certificate/private-key", TestCertificate, NULL,
+               setup_certificate, test_private_key, teardown_certificate);
+#if HAVE_GNUTLS_PKCS11
+  g_test_add ("/tls/" BACKEND "/certificate/pkcs11", TestCertificate, NULL,
+              setup_certificate, test_create_certificate_pkcs11, teardown_certificate);
+   g_test_add ("/tls/" BACKEND "/certificate/private-key-pkcs11", TestCertificate, NULL,
+               setup_certificate, test_private_key_pkcs11, teardown_certificate);
+#endif
+ 
+   g_test_add_func ("/tls/" BACKEND "/certificate/create-chain", test_create_certificate_chain);
+   g_test_add_func ("/tls/" BACKEND "/certificate/create-no-chain", test_create_certificate_no_chain);
+diff --git a/tls/tests/connection.c b/tls/tests/connection.c
+index 17efe1b..62a7fbb 100644
+--- a/tls/tests/connection.c
+++ b/tls/tests/connection.c
+@@ -3376,7 +3376,7 @@ main (int   argc,
+ 
+   g_assert_true (g_ascii_strcasecmp (G_OBJECT_TYPE_NAME (g_tls_backend_get_default ()), "GTlsBackend" BACKEND) == 0);
+ 
+-#ifdef BACKEND_IS_GNUTLS
+#if defined(BACKEND_IS_GNUTLS) && HAVE_GNUTLS_PKCS11
+   module_path = g_test_build_filename (G_TEST_BUILT, "mock-pkcs11.so", NULL);
+   g_assert_true (g_file_test (module_path, G_FILE_TEST_EXISTS));
+ 
+@@ -3438,8 +3438,10 @@ main (int   argc,
+               setup_connection, test_client_auth_request_fail, teardown_connection);
+   g_test_add ("/tls/" BACKEND "/connection/client-auth-request-none", TestConnection, NULL,
+               setup_connection, test_client_auth_request_none, teardown_connection);
+#if HAVE_GNUTLS_PKCS11
+   g_test_add ("/tls/" BACKEND "/connection/client-auth-pkcs11", TestConnection, NULL,
+               setup_connection, test_client_auth_pkcs11_connection, teardown_connection);
+#endif
+   g_test_add ("/tls/" BACKEND "/connection/no-database", TestConnection, NULL,
+               setup_connection, test_connection_no_database, teardown_connection);
+   g_test_add ("/tls/" BACKEND "/connection/failed", TestConnection, NULL,
+-- 
+2.34.1
+
--- a/meta/recipes-core/glib-networking/glib-networking_2.76.1.bb
+++ b/meta/recipes-core/glib-networking/glib-networking_2.76.1.bb
@@ -30,6 +30,7 @@ inherit gnomebase gettext upstream-version-is-even gio-module-cache ptest-gnome

 SRC_URI += "file://run-ptest"
 SRC_URI += "file://eagain.patch"
+SRC_URI += "file://0001-tls-tests-disable-PKCS-11-tests-if-not-available.patch"

 FILES:${PN} += "\
                ${libdir}/gio/modules/libgio*.so \