xenbits.xensource.com Git - libvirt.git/commit

author	Eric Blake <eblake@redhat.com>
	Thu, 25 Jul 2013 22:03:17 +0000 (16:03 -0600)
committer	Eric Blake <eblake@redhat.com>
	Mon, 12 Aug 2013 15:58:48 +0000 (09:58 -0600)
commit	6094b1ff1992e6c7c7b17a2e1a3ddbf29f7f6591
tree	006dfd77da0b0240bc22debe7831e25775a55b15	tree
parent	ce01ec42b2b28fe7f4f3235c3fb84d60752027ce	commit \| diff

build: avoid -lgcrypt with newer gnutls

https://bugzilla.redhat.com/show_bug.cgi?id=951637

Newer gnutls uses nettle, rather than gcrypt, which is a lot nicer
regarding initialization. Yet we were unconditionally initializing
gcrypt even when gnutls wouldn't be using it, and having two crypto
libraries linked into libvirt.so is pointless, but mostly harmless
(it doesn't crash, but does interfere with certification efforts).

There are three distinct version ranges to worry about when
determining which crypto lib gnutls uses, per these gnutls mails:
2.12: http://lists.gnu.org/archive/html/gnutls-devel/2011-03/msg00034.html
3.0: http://lists.gnu.org/archive/html/gnutls-devel/2011-07/msg00035.html

If pkg-config can prove version numbers and/or list the crypto
library used for static linking, we have our proof; if not, it
is safer (even if pointless) to continue to use gcrypt ourselves.

* configure.ac (WITH_GNUTLS): Probe whether to add -lgcrypt, and
define a witness WITH_GNUTLS_GCRYPT.
* src/libvirt.c (virTLSMutexInit, virTLSMutexDestroy)
(virTLSMutexLock, virTLSMutexUnlock, virTLSThreadImpl)
(virGlobalInit): Honor the witness.
* libvirt.spec.in (BuildRequires): Make gcrypt usage conditional,
no longer needed in Fedora 19.

Signed-off-by: Eric Blake <eblake@redhat.com>

configure.ac		diff \| blob \| blame \| history
libvirt.spec.in		diff \| blob \| blame \| history
src/libvirt.c		diff \| blob \| blame \| history