Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use libreSSL instead of openSSL #8

Merged
merged 2 commits into from
Oct 11, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 5 additions & 5 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -14,19 +14,19 @@ jobs:
strategy:
fail-fast: false
matrix:
zig-version: ["master", "0.13.0"]
zig-version: ["master"]
os: [ubuntu-latest]
build-options: ["-Ddisable-ssl -Ddisable-zlib -Ddisable-zstd"]
build-options: ["-Dssl=None -Ddisable-zlib -Ddisable-zstd", "-Dssl=OpenSSL", "-Dssl=LibreSSL"]
include:
- zig-version: "master"
- zig-version: "0.13.0"
os: ubuntu-latest
build-options: ""
build-options: "-Dssl=None -Ddisable-zlib -Ddisable-zstd"
#- zig-version: "master"
# os: macos-latest # Apple Silicon (M1)
# build-options: "-Ddisable-ssl"
- zig-version: "master"
os: macos-13 # Intel macOS
build-options: "-Ddisable-ssl"
build-options: "-Dssl=LibreSSL"

runs-on: ${{ matrix.os }}

Expand Down
45 changes: 32 additions & 13 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,25 +4,20 @@ Provides a package to be used by the zig package manager for C programs.

## Status

| Architecture \ OS | Linux | MacOS |
|:------------------|:------|-------------------|
| x86_64 | ✅ | ☑️ `-Ddisable-ssl` |
| arm 64 | __?__ | ☑️ `-Ddisable-ssl` |
| Architecture \ OS | Linux | MacOS |
|:------------------|:-----------|-------|
| x86_64 | ✅ | ✅ |
| arm 64 | (untested) | |

Optional dependencies used by default:
- openssl
- zlib
- zstd

| Refname | PostgreSQL version | Zig `0.12.x` | Zig `0.13.x` | Zig `0.14.0-dev` |
|----------|--------------------|--------------|--------------|------------------|
| `5.16.4` | `REL_16_4` | ✅ | ✅ | ✅ |
| Refname | PostgreSQL version | Zig `0.12.x` | Zig `0.13.x` | Zig `0.14.0-dev` |
|------------|--------------------|--------------|--------------|------------------|
| `5.16.4+1` | `REL_16_4` | ❌ | ✅ | ✅ |

## Use

Add the dependency in your `build.zig.zon` by running the following command:
```zig
zig fetch --save git+https://github.com/allyourcodebase/libpq#5.16.4
zig fetch --save git+https://github.com/allyourcodebase/libpq#5.16.4+1
```

Then, in your `build.zig`:
Expand All @@ -33,3 +28,27 @@ const libpq = postgres.artifact("pq");
// wherever needed:
exe.linkLibrary(libpq);
```

## Options

```
-Dssl=[enum] Choose which dependency to use for SSL. Defaults to LibreSSL
Supported Values:
OpenSSL
LibreSSL
None
-Ddisable-zlib=[bool] Remove zlib as a dependency
-Ddisable-zstd=[bool] Remove zstd as a dependency
```

## Bump dependencies

To update this project dependencies:

```bash
zig fetch --save=upstream git+https://github.com/postgres/postgres#REL_16_4
zig fetch --save git+https://github.com/allyourcodebase/openssl#3.3.0
zig fetch --save git+https://github.com/allyourcodebase/libressl#3.9.2+1
zig fetch --save git+https://github.com/allyourcodebase/zlib#1.3.1
zig fetch --save git+https://github.com/allyourcodebase/zstd#1.5.6-1
```
64 changes: 42 additions & 22 deletions build.zig
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,8 @@ const std = @import("std");
const version = .{ .major = 16, .minor = 4 };
const libpq_path = "src/interfaces/libpq";

const ssl_type = enum { OpenSSL, LibreSSL, None };

pub fn build(b: *std.Build) !void {
const target = b.standardTargetOptions(.{});
const optimize = b.standardOptimizeOption(.{});
Expand All @@ -14,7 +16,7 @@ pub fn build(b: *std.Build) !void {
else => return error.OsNotSupported,
};

const disable_ssl = b.option(bool, "disable-ssl", "Remove OpenSSL as a dependency and disallow encrypted communications") orelse false;
const ssl_option = b.option(ssl_type, "ssl", "Choose which dependency to use for SSL among OpenSSL, LibreSSL and None. Defaults to LibreSSL") orelse .LibreSSL;
const disable_zlib = b.option(bool, "disable-zlib", "Remove zlib as a dependency") orelse false;
const disable_zstd = b.option(bool, "disable-zstd", "Remove zstd as a dependency") orelse false;

Expand Down Expand Up @@ -70,11 +72,45 @@ pub fn build(b: *std.Build) !void {
lib.installConfigHeader(header);
}

if (!disable_ssl) {
if (b.lazyDependency("openssl", .{ .target = target, .optimize = optimize })) |openssl_dep| {
const openssl = openssl_dep.artifact("openssl");
lib.linkLibrary(openssl);
}
var use_openssl: ?u8 = null;
var use_ssl: ?u8 = null;

switch (ssl_option) {
.OpenSSL => {
use_ssl = 1;
use_openssl = 1;
if (b.lazyDependency("openssl", .{ .target = target, .optimize = optimize })) |openssl_dep| {
const openssl = openssl_dep.artifact("openssl");
lib.linkLibrary(openssl);
}
},
.LibreSSL => {
use_ssl = 1;
if (b.lazyDependency("libressl", .{ .target = target, .optimize = optimize })) |libressl_dep| {
const libressl = libressl_dep.artifact("ssl");
lib.linkLibrary(libressl);
}
},
.None => {},
}

pg_config.addValues(.{
.USE_OPENSSL = use_ssl,
.OPENSSL_API_COMPAT = .@"0x10001000L",
.HAVE_LIBCRYPTO = use_ssl,
.HAVE_LIBSSL = use_ssl,
.HAVE_OPENSSL_INIT_SSL = use_ssl,
.HAVE_SSL_CTX_SET_CERT_CB = use_openssl,
.HAVE_SSL_CTX_SET_NUM_TICKETS = use_ssl,
.HAVE_X509_GET_SIGNATURE_INFO = use_openssl,
.HAVE_X509_GET_SIGNATURE_NID = use_ssl,
.HAVE_BIO_METH_NEW = use_ssl,
.HAVE_HMAC_CTX_FREE = use_ssl,
.HAVE_HMAC_CTX_NEW = use_ssl,
.HAVE_ASN1_STRING_GET0_DATA = use_ssl,
});

if (ssl_option != .None) {
lib.addCSourceFiles(.{
.root = upstream.path(libpq_path),
.files = &.{
Expand Down Expand Up @@ -105,22 +141,6 @@ pub fn build(b: *std.Build) !void {
.flags = &CFLAGS,
});
}
const usessl: ?u8 = if (disable_ssl) null else 1;
pg_config.addValues(.{
.USE_OPENSSL = usessl,
.OPENSSL_API_COMPAT = .@"0x10001000L",
.HAVE_LIBCRYPTO = usessl,
.HAVE_LIBSSL = usessl,
.HAVE_OPENSSL_INIT_SSL = usessl,
.HAVE_SSL_CTX_SET_CERT_CB = usessl,
.HAVE_SSL_CTX_SET_NUM_TICKETS = usessl,
.HAVE_X509_GET_SIGNATURE_INFO = usessl,
.HAVE_X509_GET_SIGNATURE_NID = usessl,
.HAVE_BIO_METH_NEW = usessl,
.HAVE_HMAC_CTX_FREE = usessl,
.HAVE_HMAC_CTX_NEW = usessl,
.HAVE_ASN1_STRING_GET0_DATA = usessl,
});

if (!disable_zlib) {
if (b.lazyDependency("zlib", .{ .target = target, .optimize = optimize })) |zlib_dep| {
Expand Down
7 changes: 6 additions & 1 deletion build.zig.zon
Original file line number Diff line number Diff line change
Expand Up @@ -11,13 +11,18 @@
.hash = "12200078346510dd1010ac11cf1d46b0e51cda1b3c80f3b2fb375194f52f70cbf0a0",
.lazy = true,
},
.libressl = .{
.url = "git+https://github.com/allyourcodebase/libressl?ref=3.9.2+1#02abfefee4e4eda28ce53c637b3c0d204ace8a6d",
.hash = "12201f5cc06c88f191696106723797449baacb6ea38b07b6cf31c18c0382a6bea33e",
.lazy = true,
},
.zlib = .{
.url = "git+https://github.com/allyourcodebase/zlib?ref=1.3.1#0918e87b7629b9c6a50a08edd0ce30d849758faf",
.hash = "122034ab2a12adf8016ffa76e48b4be3245ffd305193edba4d83058adbcfa749c107",
.lazy = true,
},
.zstd = .{
.url = "git+https://github.com/allyourcodebase/zstd.git?ref=1.5.6-1#3247ffbcbc31f014027a5776a25c4261054e9fe9",
.url = "git+https://github.com/allyourcodebase/zstd?ref=1.5.6-1#3247ffbcbc31f014027a5776a25c4261054e9fe9",
.hash = "12200dbfe91946451bab186f584edbec9f9f7fdbcf818ad984b7182fea655b3c10e3",
.lazy = true,
},
Expand Down