poky/meta/recipes-core/glib-networking/glib-networking/0001-tls-tests-disable-PKCS-11-tests-if-not-available.patch - openbmc/openbmc - Gitiles

 From 04728a5b73e870b4695c5e7ba42fa41c00471944 Mon Sep 17 00:00:00 2001
 From: Ross Burton <ross.burton@arm.com>
 Date: Fri, 12 May 2023 20:19:35 +0100
 Subject: [PATCH] tls/tests: disable PKCS#11 tests if not available

 GnuTLS can be built without PKCS#11, which means the symbols
 gnutls_pkcs11_init and gnutls_pkcs11_add_provider are not part of the
 library.

 If these symbols don't exist in GnuTLS then we can't add a mock pkcs#11
 provider for testing, and several tests which need the mock provider
 will fail.

 Solve this by checking for the symbols at build time and disabling the
 provider and tests which need it.

 Upstream-Status: Backport
 Signed-off-by: Ross Burton <ross.burton@arm.com>
 ---
  meson.build             |  4 ++++
  tls/tests/certificate.c | 11 +++++++----
  tls/tests/connection.c  |  4 +++-
  3 files changed, 14 insertions(+), 5 deletions(-)

 diff --git a/meson.build b/meson.build
 index 0fa9027..d2a023a 100644
 --- a/meson.build
 +++ b/meson.build
 @@ -84,6 +84,10 @@ gnutls_dep = dependency('gnutls', version: '>= 3.7.4', required: get_option('gnu

  if gnutls_dep.found()
    backends += ['gnutls']
 +  # test-specific, maybe move to tls/tests
 +  if cc.has_function('gnutls_pkcs11_init', prefix: '#include <gnutls/pkcs11.h>', dependencies: gnutls_dep)
 +    config_h.set10('HAVE_GNUTLS_PKCS11', true)
 +  endif
  endif

  # *** Checks for OpenSSL    ***
 diff --git a/tls/tests/certificate.c b/tls/tests/certificate.c
 index e820ba1..dd2412b 100644
 --- a/tls/tests/certificate.c
 +++ b/tls/tests/certificate.c
 @@ -24,6 +24,7 @@
   * Author: Stef Walter <stefw@collabora.co.uk>
   */

 +#include "config.h"
  #include "certificate.h"

  #include <gio/gio.h>
 @@ -911,7 +912,7 @@ int
  main (int   argc,
        char *argv[])
  {
 -#ifdef BACKEND_IS_GNUTLS
 +#if defined(BACKEND_IS_GNUTLS) && HAVE_GNUTLS_PKCS11
    char *module_path;
  #endif

 @@ -921,7 +922,7 @@ main (int   argc,
    g_setenv ("GIO_USE_TLS", BACKEND, TRUE);
    g_assert_cmpint (g_ascii_strcasecmp (G_OBJECT_TYPE_NAME (g_tls_backend_get_default ()), "GTlsBackend" BACKEND), ==, 0);

 -#ifdef BACKEND_IS_GNUTLS
 +#if defined(BACKEND_IS_GNUTLS) && HAVE_GNUTLS_PKCS11
    module_path = g_test_build_filename (G_TEST_BUILT, "mock-pkcs11.so", NULL);
    g_assert_true (g_file_test (module_path, G_FILE_TEST_EXISTS));

 @@ -942,12 +943,14 @@ main (int   argc,
                setup_certificate, test_create_certificate_with_issuer, teardown_certificate);
    g_test_add ("/tls/" BACKEND "/certificate/create-with-garbage-input", TestCertificate, NULL,
                setup_certificate, test_create_certificate_with_garbage_input, teardown_certificate);
 -  g_test_add ("/tls/" BACKEND "/certificate/pkcs11", TestCertificate, NULL,
 -              setup_certificate, test_create_certificate_pkcs11, teardown_certificate);
    g_test_add ("/tls/" BACKEND "/certificate/private-key", TestCertificate, NULL,
                setup_certificate, test_private_key, teardown_certificate);
 +#if HAVE_GNUTLS_PKCS11
 +  g_test_add ("/tls/" BACKEND "/certificate/pkcs11", TestCertificate, NULL,
 +              setup_certificate, test_create_certificate_pkcs11, teardown_certificate);
    g_test_add ("/tls/" BACKEND "/certificate/private-key-pkcs11", TestCertificate, NULL,
                setup_certificate, test_private_key_pkcs11, teardown_certificate);
 +#endif

    g_test_add_func ("/tls/" BACKEND "/certificate/create-chain", test_create_certificate_chain);
    g_test_add_func ("/tls/" BACKEND "/certificate/create-no-chain", test_create_certificate_no_chain);
 diff --git a/tls/tests/connection.c b/tls/tests/connection.c
 index 17efe1b..62a7fbb 100644
 --- a/tls/tests/connection.c
 +++ b/tls/tests/connection.c
 @@ -3376,7 +3376,7 @@ main (int   argc,

    g_assert_true (g_ascii_strcasecmp (G_OBJECT_TYPE_NAME (g_tls_backend_get_default ()), "GTlsBackend" BACKEND) == 0);

 -#ifdef BACKEND_IS_GNUTLS
 +#if defined(BACKEND_IS_GNUTLS) && HAVE_GNUTLS_PKCS11
    module_path = g_test_build_filename (G_TEST_BUILT, "mock-pkcs11.so", NULL);
    g_assert_true (g_file_test (module_path, G_FILE_TEST_EXISTS));

 @@ -3438,8 +3438,10 @@ main (int   argc,
                setup_connection, test_client_auth_request_fail, teardown_connection);
    g_test_add ("/tls/" BACKEND "/connection/client-auth-request-none", TestConnection, NULL,
                setup_connection, test_client_auth_request_none, teardown_connection);
 +#if HAVE_GNUTLS_PKCS11
    g_test_add ("/tls/" BACKEND "/connection/client-auth-pkcs11", TestConnection, NULL,
                setup_connection, test_client_auth_pkcs11_connection, teardown_connection);
 +#endif
    g_test_add ("/tls/" BACKEND "/connection/no-database", TestConnection, NULL,
                setup_connection, test_connection_no_database, teardown_connection);
    g_test_add ("/tls/" BACKEND "/connection/failed", TestConnection, NULL,
 --
 2.34.1
	From 04728a5b73e870b4695c5e7ba42fa41c00471944 Mon Sep 17 00:00:00 2001
	From: Ross Burton <ross.burton@arm.com>
	Date: Fri, 12 May 2023 20:19:35 +0100
	Subject: [PATCH] tls/tests: disable PKCS#11 tests if not available

	GnuTLS can be built without PKCS#11, which means the symbols
	gnutls_pkcs11_init and gnutls_pkcs11_add_provider are not part of the
	library.

	If these symbols don't exist in GnuTLS then we can't add a mock pkcs#11
	provider for testing, and several tests which need the mock provider
	will fail.

	Solve this by checking for the symbols at build time and disabling the
	provider and tests which need it.

	Upstream-Status: Backport
	Signed-off-by: Ross Burton <ross.burton@arm.com>
	---
	meson.build \| 4 ++++
	tls/tests/certificate.c \| 11 +++++++----
	tls/tests/connection.c \| 4 +++-
	3 files changed, 14 insertions(+), 5 deletions(-)

	diff --git a/meson.build b/meson.build
	index 0fa9027..d2a023a 100644
	--- a/meson.build
	+++ b/meson.build
	@@ -84,6 +84,10 @@ gnutls_dep = dependency('gnutls', version: '>= 3.7.4', required: get_option('gnu

	if gnutls_dep.found()
	backends += ['gnutls']
	+ # test-specific, maybe move to tls/tests
	+ if cc.has_function('gnutls_pkcs11_init', prefix: '#include <gnutls/pkcs11.h>', dependencies: gnutls_dep)
	+ config_h.set10('HAVE_GNUTLS_PKCS11', true)
	+ endif
	endif

	# * Checks for OpenSSL *
	diff --git a/tls/tests/certificate.c b/tls/tests/certificate.c
	index e820ba1..dd2412b 100644
	--- a/tls/tests/certificate.c
	+++ b/tls/tests/certificate.c
	@@ -24,6 +24,7 @@
	* Author: Stef Walter <stefw@collabora.co.uk>
	*/

	+#include "config.h"
	#include "certificate.h"

	#include <gio/gio.h>
	@@ -911,7 +912,7 @@ int
	main (int argc,
	char *argv[])
	{
	-#ifdef BACKEND_IS_GNUTLS
	+#if defined(BACKEND_IS_GNUTLS) && HAVE_GNUTLS_PKCS11
	char *module_path;
	#endif

	@@ -921,7 +922,7 @@ main (int argc,
	g_setenv ("GIO_USE_TLS", BACKEND, TRUE);
	g_assert_cmpint (g_ascii_strcasecmp (G_OBJECT_TYPE_NAME (g_tls_backend_get_default ()), "GTlsBackend" BACKEND), ==, 0);

	-#ifdef BACKEND_IS_GNUTLS
	+#if defined(BACKEND_IS_GNUTLS) && HAVE_GNUTLS_PKCS11
	module_path = g_test_build_filename (G_TEST_BUILT, "mock-pkcs11.so", NULL);
	g_assert_true (g_file_test (module_path, G_FILE_TEST_EXISTS));

	@@ -942,12 +943,14 @@ main (int argc,
	setup_certificate, test_create_certificate_with_issuer, teardown_certificate);
	g_test_add ("/tls/" BACKEND "/certificate/create-with-garbage-input", TestCertificate, NULL,
	setup_certificate, test_create_certificate_with_garbage_input, teardown_certificate);
	- g_test_add ("/tls/" BACKEND "/certificate/pkcs11", TestCertificate, NULL,
	- setup_certificate, test_create_certificate_pkcs11, teardown_certificate);
	g_test_add ("/tls/" BACKEND "/certificate/private-key", TestCertificate, NULL,
	setup_certificate, test_private_key, teardown_certificate);
	+#if HAVE_GNUTLS_PKCS11
	+ g_test_add ("/tls/" BACKEND "/certificate/pkcs11", TestCertificate, NULL,
	+ setup_certificate, test_create_certificate_pkcs11, teardown_certificate);
	g_test_add ("/tls/" BACKEND "/certificate/private-key-pkcs11", TestCertificate, NULL,
	setup_certificate, test_private_key_pkcs11, teardown_certificate);
	+#endif

	g_test_add_func ("/tls/" BACKEND "/certificate/create-chain", test_create_certificate_chain);
	g_test_add_func ("/tls/" BACKEND "/certificate/create-no-chain", test_create_certificate_no_chain);
	diff --git a/tls/tests/connection.c b/tls/tests/connection.c
	index 17efe1b..62a7fbb 100644
	--- a/tls/tests/connection.c
	+++ b/tls/tests/connection.c
	@@ -3376,7 +3376,7 @@ main (int argc,

	g_assert_true (g_ascii_strcasecmp (G_OBJECT_TYPE_NAME (g_tls_backend_get_default ()), "GTlsBackend" BACKEND) == 0);

	-#ifdef BACKEND_IS_GNUTLS
	+#if defined(BACKEND_IS_GNUTLS) && HAVE_GNUTLS_PKCS11
	module_path = g_test_build_filename (G_TEST_BUILT, "mock-pkcs11.so", NULL);
	g_assert_true (g_file_test (module_path, G_FILE_TEST_EXISTS));

	@@ -3438,8 +3438,10 @@ main (int argc,
	setup_connection, test_client_auth_request_fail, teardown_connection);
	g_test_add ("/tls/" BACKEND "/connection/client-auth-request-none", TestConnection, NULL,
	setup_connection, test_client_auth_request_none, teardown_connection);
	+#if HAVE_GNUTLS_PKCS11
	g_test_add ("/tls/" BACKEND "/connection/client-auth-pkcs11", TestConnection, NULL,
	setup_connection, test_client_auth_pkcs11_connection, teardown_connection);
	+#endif
	g_test_add ("/tls/" BACKEND "/connection/no-database", TestConnection, NULL,
	setup_connection, test_connection_no_database, teardown_connection);
	g_test_add ("/tls/" BACKEND "/connection/failed", TestConnection, NULL,
	--
	2.34.1