luc14n0/glib
1
0
Fork 0
mirror of https://gitlab.gnome.org/GNOME/glib.git synced 2025-02-23 10:42:11 +01:00
Code Issues Packages Projects Releases Wiki Activity
glib/meson.options
Colin Walters 3ef71255bb Add a gnutls backend for GHmac 
For RHEL we want apps to use FIPS-certified crypto libraries,
and HMAC apparently counts as "keyed" and hence needs to
be validated.

Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1630260
Replaces: https://gitlab.gnome.org/GNOME/glib/merge_requests/897

This is a build-time option that backs the GHmac API with GnuTLS.
Most distributors ship glib-networking built with GnuTLS, and
most apps use glib-networking, so this isn't a net-new library
in most cases.

=======================================================================

mcatanzaro note:

I've updated Colin's original patch with several enhancements:

Implement g_hmac_copy() using gnutls_hmac_copy(), which didn't exist
when Colin developed this patch.

Removed use of GSlice

Better error checking in g_hmac_new(). It is possible for
gnutls_hmac_init() to fail if running in FIPS mode and an MD5 digest is
requested. In this case, we should return NULL rather than returning a
broken GHmac with a NULL gnutls_hmac_hd_t. This was leading to a later
null pointer dereference inside gnutls_hmac_update(). Applications are
responsible for checking to ensure the return value of g_hmac_new() is
not NULL since it is annotated as nullable. Added documentation to
indicate this possibility.

Properly handle length -1 in g_hmac_update(). This means we've been
given a NUL-terminated string and should use strlen(). GnuTLS doesn't
accept -1, so let's call strlen() ourselves.

Crash the application with g_error() if gnutls_hmac() fails for any
reason. This is necessary because g_hmac_update() is not fallible, so we
have no way to indicate error. Crashing seems better than returning the
wrong result later when g_hmac_get_string() or g_hmac_get_digest() is
later called. (Those functions are also not fallible.) Fortunately, I
don't think this error should actually be hit in practice.

https://gitlab.gnome.org/GNOME/glib/-/merge_requests/903
2024-07-19 11:55:37 +01:00

157 lines
4.4 KiB
Plaintext
Raw Blame History

option('runtime_libdir',
type : 'string',
value : '',
description : 'install runtime libraries relative to libdir',
deprecated: true)
option('charsetalias_dir',
type : 'string',
value : '',
description : 'directory for charset.alias dir (default to \'libdir\' if unset)')
option('gio_module_dir',
type : 'string',
value : '',
description : 'load gio modules from this directory (default to \'libdir/gio/modules\' if unset)')
# FIXME: Deliberately not named runstatedir to avoid colliding with
# https://github.com/mesonbuild/meson/issues/4141; port to that when Meson
# supports it
option('runtime_dir',
type: 'string',
value: '',
description: 'Directory for transient runtime state [default: /run]')
option('selinux',
type : 'feature',
value : 'auto',
description : 'build with selinux support')
option('xattr',
type : 'boolean',
value : true,
description : 'build with xattr support')
option('libmount',
type : 'feature',
value : 'auto',
description : 'build with libmount support')
option('gnutls',
type : 'boolean',
value : false,
description : 'build with gnutls support')
option('man',
type : 'boolean',
value : false,
description : 'generate man pages (requires xsltproc)',
deprecated : 'man-pages')
option('man-pages',
type : 'feature',
value : 'auto',
description : 'generate man pages (requires rst2man)',
deprecated : { 'true': 'enabled', 'false': 'disabled' })
option('dtrace',
type : 'feature',
value : 'auto',
deprecated : { 'true': 'enabled', 'false': 'disabled' },
description : 'include tracing support for dtrace')
option('systemtap',
type : 'feature',
value : 'auto',
deprecated : { 'true': 'enabled', 'false': 'disabled' },
description : 'include tracing support for systemtap')
option('tapset_install_dir',
type : 'string',
value : '',
description : 'path where systemtap tapsets are installed')
option('sysprof',
type : 'feature',
value : 'auto',
description : 'include tracing support for sysprof')
option('documentation',
type : 'boolean',
value : false,
description : 'Build API reference and tools documentation')
option('gtk_doc',
type : 'boolean',
value : false,
description : 'use gtk-doc to build documentation',
deprecated : 'documentation')
option('bsymbolic_functions',
type : 'boolean',
value : true,
description : 'link with -Bsymbolic-functions if supported')
option('force_posix_threads',
type : 'boolean',
value : false,
description : 'Also use posix threads in case the platform defaults to another implementation (on Windows for example)')
option('tests',
type : 'boolean',
value : true,
description : 'build tests')
option('installed_tests',
type : 'boolean',
value : false,
description : 'enable installed tests')
option('nls',
type : 'feature',
value : 'auto',
yield: true,
description : 'Enable native language support (translations)')
option('oss_fuzz',
type : 'feature',
value : 'disabled',
description : 'Indicate oss-fuzz build environment')
option('glib_debug',
type : 'feature',
value : 'auto',
yield : true,
description : 'Enable GLib debug infrastructure (see docs/macros.txt)')
option('glib_assert',
type : 'boolean',
value : true,
yield : true,
description : 'Enable GLib assertion (see docs/macros.txt)')
option('glib_checks',
type : 'boolean',
value : true,
yield : true,
description : 'Enable GLib checks such as API guards (see docs/macros.txt)')
option('libelf',
type : 'feature',
value : 'auto',
description : 'Enable support for listing and extracting from ELF resource files with gresource tool')
option('multiarch',
type : 'boolean',
value : false,
description : 'Install some helper executables in per-architecture locations')
option('gir_dir_prefix',
type: 'string',
description: 'Intermediate prefix for gir installation under ${prefix}')
option('introspection',
type: 'feature',
value: 'auto',
description: 'Enable generating introspection data (requires gobject-introspection)')
Reference in New Issue View Git Blame Copy Permalink