contrib: deactivate getentropy for macOS

getentropy function as been added to MacOS 10.12 and iOS 10. During GnuTLS compilation, the function can be detected in the new 10.12 SDK, but at runtime it fails to find the appropriate method on the system. It means that we can produce packages that won't work on some OS versions. For precaution this commit patches GnuTLS to stop trying to enable this function on all macOS versions. It also removes another patch in GnuTLS for OSX that wasn't used anymore Change-Id: I3af8b111f65e38d2d01da600c899d5717e82d8e9 Tuleap: #911

contrib: deactivate getentropy for macOS
4f448e13 · Alexandre Lision · Alexandre Lision · 50addb39 · 4f448e13 · 50addb39
Commit 4f448e13 authored 8 years ago by Alexandre Lision Committed by Alexandre Lision 8 years ago
--- a/contrib/src/gnutls/gnutls-disable-getentropy-osx.patch
+++ b/contrib/src/gnutls/gnutls-disable-getentropy-osx.patch
+From f200037c244cd355310d0bde1d0699abda82b71d Mon Sep 17 00:00:00 2001
+From: Alexandre Lision <alexandre.lision@gmail.com>
+Date: Thu, 22 Sep 2016 20:07:58 +0200
+Subject: [PATCH] disable getentropy
+
+---
+ configure.ac | 22 +++++++++++++---------
+ 1 file changed, 13 insertions(+), 9 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index c690adf..808e779 100644
+--- a/configure.ac
+++ b/configure.ac
+@@ -175,15 +175,19 @@ AC_LINK_IFELSE([AC_LANG_PROGRAM([
+ 		   enable_getrandom=getrandom],
+ 		  [AC_MSG_RESULT(no)])
+ 
+-AC_MSG_CHECKING([for getentropy])
+-AC_LINK_IFELSE([AC_LANG_PROGRAM([
+-	   #include <unistd.h>],[
+-		   getentropy(0, 0);
+-		  ])],
+-		  [AC_MSG_RESULT(yes)
+-		   AC_DEFINE([HAVE_GETENTROPY], 1, [Enable the OpenBSD getentropy function])
+-		   enable_getrandom=getentropy],
+-		  [AC_MSG_RESULT(no)])
+if test "$have_macosx" = yes; then
+    AC_MSG_CHECKING([entropy disabled for OSX])
+else
+    AC_MSG_CHECKING([for getentropy])
+    AC_LINK_IFELSE([AC_LANG_PROGRAM([
+        #include <unistd.h>],[
+            getentropy(0, 0);
+        ])],
+        [AC_MSG_RESULT(yes)
+        AC_DEFINE([HAVE_GETENTROPY], 1, [Enable the OpenBSD getentropy function])
+            enable_getrandom=getentropy],
+        [AC_MSG_RESULT(no)])
+fi
+ 
+ dnl Try the hooks.m4
+ LIBGNUTLS_HOOKS
+-- 
+2.9.3
+
--- a/contrib/src/gnutls/gnutls-pkgconfig-osx.patch
+++ b/contrib/src/gnutls/gnutls-pkgconfig-osx.patch
--- a/m4/intlmacosx.m4.orig	2014-06-25 17:40:22.000000000 -0400
-+++ b/m4/intlmacosx.m4	2014-06-25 17:40:29.000000000 -0400
-@@ -43,9 +43,25 @@
-     AC_DEFINE([HAVE_CFLOCALECOPYCURRENT], [1],
-       [Define to 1 if you have the MacOS X function CFLocaleCopyCurrent in the CoreFoundation framework.])
-   fi
-+  AC_CACHE_CHECK([for SecTrustCopyAnchorCertificates],
-+    [SecTrustCopyAnchorCertificates],
-+    [gt_save_LIBS="$LIBS"
-+     LIBS="$LIBS -Wl,-framework -Wl,Security"
-+     AC_TRY_LINK([#include <Security/SecTrust.h>],
-+       [SecTrustCopyAnchorCertificates(NULL)],
-+       [gt_cv_func_SecTrustCopyAnchorCertificates=yes],
-+       [gt_cv_func_SecTrustCopyAnchorCertificates=no])
-+     LIBS="$gt_save_LIBS"])
-+  if test $gt_cv_func_SecTrustCopyAnchorCertificates = yes; then
-+    AC_DEFINE([HAVE_SecTrustCopyAnchorCertificates], [1],
-+      [Define to 1 if you have the MacOS X function SecTrustCopyAnchorCertificates in the Security framework.])
-+  fi
-   INTL_MACOSX_LIBS=
-   if test $gt_cv_func_CFPreferencesCopyAppValue = yes || test $gt_cv_func_CFLocaleCopyCurrent = yes; then
-    INTL_MACOSX_LIBS="-Wl,-framework -Wl,CoreFoundation"
-+    INTL_MACOSX_LIBS+="-Wl,-framework -Wl,CoreFoundation "
-+  fi
-+  if test $gt_cv_func_SecTrustCopyAnchorCertificates = yes; then
-+    INTL_MACOSX_LIBS+="-Wl,-framework -Wl,Security "
-   fi
-   AC_SUBST([INTL_MACOSX_LIBS])
- ])
-
--- a/lib/gnutls.pc.in.orig	2014-06-25 17:42:26.000000000 -0400
-+++ b/lib/gnutls.pc.in	2014-06-25 17:42:35.000000000 -0400
-@@ -19,6 +19,6 @@
- Version: @VERSION@
- Libs: -L${libdir} -lgnutls
-Libs.private: @LTLIBZ@ @LTLIBINTL@ @LIBSOCKET@ @LTLIBPTHREAD@ @LTLIBICONV@ @P11_KIT_LIBS@ @LIB_SELECT@ @TSS_LIBS@ @GMP_LIBS@
-+Libs.private: @LTLIBZ@ @LTLIBINTL@ @LIBSOCKET@ @LTLIBPTHREAD@ @LTLIBICONV@ @P11_KIT_LIBS@ @LIB_SELECT@ @TSS_LIBS@ @GMP_LIBS@ @INTL_MACOSX_LIBS@
- @GNUTLS_REQUIRES_PRIVATE@
- Cflags: -I${includedir}
-
--- a/libdane/gnutls-dane.pc.in.orig	2014-06-25 17:57:29.000000000 -0400
-+++ b/libdane/gnutls-dane.pc.in	2014-06-25 17:57:39.000000000 -0400
-@@ -19,7 +19,7 @@
- Description: DANE security library for the GNU system
- URL: http://www.gnu.org/software/gnutls/
- Version: @VERSION@
-Libs: -L${libdir} -lgnutls-dane
-+Libs: -L${libdir} -lgnutls-dane @INTL_MACOSX_LIBS@
- Libs.private: @UNBOUND_LIBS@
- Requires.private: gnutls
- Cflags: -I${includedir}
--- a/contrib/src/gnutls/rules.mak
+++ b/contrib/src/gnutls/rules.mak
@@ -24,9 +24,9 @@ endif
 ifdef HAVE_ANDROID
 	$(APPLY) $(SRC)/gnutls/no-create-time-h.patch
 endif
-#ifdef HAVE_MACOSX
-#	$(APPLY) $(SRC)/gnutls/gnutls-pkgconfig-osx.patch
-#endif
+ifdef HAVE_MACOSX
+	$(APPLY) $(SRC)/gnutls/gnutls-disable-getentropy-osx.patch
+endif
 	$(APPLY) $(SRC)/gnutls/gnutls-no-egd.patch
 	$(APPLY) $(SRC)/gnutls/read-file-limits.h.patch
 ifndef HAVE_IOS