[oe-commits] Martin Jansa : wget: enable gnutls support for SHR and fix gnutls in wget-1 .12

git version control git at git.openembedded.org
Sat Oct 30 15:11:22 UTC 2010 

Module: openembedded.git
Branch: master
Commit: b02ca204b3e418228e488597ce23a712737d9132
URL:    http://gitweb.openembedded.net/?p=openembedded.git&a=commit;h=b02ca204b3e418228e488597ce23a712737d9132

Author: Martin Jansa <Martin.Jansa at gmail.com>
Date:   Sat Oct 30 16:53:23 2010 +0200

wget: enable gnutls support for SHR and fix gnutls in wget-1.12

Signed-off-by: Martin Jansa <Martin.Jansa at gmail.com>

---

 recipes/wget/wget-1.12/gnutls.bzr.patch |  266 +++++++++++++++++++++++++++++++
 recipes/wget/wget.inc                   |    3 +
 recipes/wget/wget_1.12.bb               |    6 +-
 3 files changed, 273 insertions(+), 2 deletions(-)

diff --git a/recipes/wget/wget-1.12/gnutls.bzr.patch b/recipes/wget/wget-1.12/gnutls.bzr.patch
new file mode 100644
index 0000000..6f0c2eb
--- /dev/null
+++ b/recipes/wget/wget-1.12/gnutls.bzr.patch
@@ -0,0 +1,266 @@
+--- wget-1.12/src/gnutls.c	2009-09-22 04:59:33.000000000 +0200
++++ /OE/projects/wget/src/gnutls.c	2010-10-30 16:24:10.000000000 +0200
+@@ -1,6 +1,6 @@
+ /* SSL support via GnuTLS library.
+-   Copyright (C) 2005, 2006, 2007, 2008, 2009 Free Software Foundation,
+-   Inc.
++   Copyright (C) 2005, 2006, 2007, 2008, 2009, 2010 Free Software
++   Foundation, Inc.
+ 
+ This file is part of GNU Wget.
+ 
+@@ -37,6 +37,8 @@
+ #endif
+ #include <string.h>
+ #include <stdio.h>
++#include <dirent.h>
++#include <stdlib.h>
+ 
+ #include <gnutls/gnutls.h>
+ #include <gnutls/x509.h>
+@@ -46,6 +48,10 @@
+ #include "url.h"
+ #include "ssl.h"
+ 
++#ifdef WIN32
++# include "w32sock.h"
++#endif
++
+ /* Note: some of the functions private to this file have names that
+    begin with "wgnutls_" (e.g. wgnutls_read) so that they wouldn't be
+    confused with actual gnutls functions -- such as the gnutls_read
+@@ -56,15 +62,50 @@
+ bool
+ ssl_init ()
+ {
++  const char *ca_directory;
++  DIR *dir;
++
+   gnutls_global_init ();
+   gnutls_certificate_allocate_credentials (&credentials);
++
++  ca_directory = opt.ca_directory ? opt.ca_directory : "/etc/ssl/certs";
++
++  dir = opendir (ca_directory);
++  if (dir == NULL)
++    {
++      if (opt.ca_directory)
++        logprintf (LOG_NOTQUIET, _("ERROR: Cannot open directory %s.\n"),
++                   opt.ca_directory);
++    }
++  else
++    {
++      struct dirent *dent;
++      while ((dent = readdir (dir)) != NULL)
++        {
++          struct stat st;
++          char *ca_file;
++          asprintf (&ca_file, "%s/%s", ca_directory, dent->d_name);
++
++          stat (ca_file, &st);
++
++          if (S_ISREG (st.st_mode))
++            gnutls_certificate_set_x509_trust_file (credentials, ca_file,
++                                                    GNUTLS_X509_FMT_PEM);
++
++          free (ca_file);
++        }
++
++      closedir (dir);
++    }
++
+   if (opt.ca_cert)
+     gnutls_certificate_set_x509_trust_file (credentials, opt.ca_cert,
+                                             GNUTLS_X509_FMT_PEM);
+   return true;
+ }
+ 
+-struct wgnutls_transport_context {
++struct wgnutls_transport_context
++{
+   gnutls_session session;       /* GnuTLS session handle */
+   int last_error;               /* last error returned by read/write/... */
+ 
+@@ -73,7 +114,7 @@
+      is stored to PEEKBUF, and wgnutls_read checks that buffer before
+      actually reading.  */
+   char peekbuf[512];
+-  int peekstart, peeklen;
++  int peeklen;
+ };
+ 
+ #ifndef MIN
+@@ -83,19 +124,18 @@
+ static int
+ wgnutls_read (int fd, char *buf, int bufsize, void *arg)
+ {
+-  int ret;
++  int ret = 0;
+   struct wgnutls_transport_context *ctx = arg;
+ 
+   if (ctx->peeklen)
+     {
+       /* If we have any peek data, simply return that. */
+       int copysize = MIN (bufsize, ctx->peeklen);
+-      memcpy (buf, ctx->peekbuf + ctx->peekstart, copysize);
++      memcpy (buf, ctx->peekbuf, copysize);
+       ctx->peeklen -= copysize;
+       if (ctx->peeklen != 0)
+-        ctx->peekstart += copysize;
+-      else
+-        ctx->peekstart = 0;
++        memmove (ctx->peekbuf, ctx->peekbuf + copysize, ctx->peeklen);
++
+       return copysize;
+     }
+ 
+@@ -105,6 +145,7 @@
+ 
+   if (ret < 0)
+     ctx->last_error = ret;
++
+   return ret;
+ }
+ 
+@@ -124,31 +165,49 @@
+ static int
+ wgnutls_poll (int fd, double timeout, int wait_for, void *arg)
+ {
+-  return 1;
++  struct wgnutls_transport_context *ctx = arg;
++  return ctx->peeklen || gnutls_record_check_pending (ctx->session)
++    || select_fd (fd, timeout, wait_for);
+ }
+ 
+ static int
+ wgnutls_peek (int fd, char *buf, int bufsize, void *arg)
+ {
+-  int ret;
++  int ret = 0;
+   struct wgnutls_transport_context *ctx = arg;
+-
+-  /* We don't support peeks following peeks: the reader must drain all
+-     peeked data before the next peek.  */
+-  assert (ctx->peeklen == 0);
++  int offset = MIN (bufsize, ctx->peeklen);
+   if (bufsize > sizeof ctx->peekbuf)
+     bufsize = sizeof ctx->peekbuf;
+ 
+-  do
+-    ret = gnutls_record_recv (ctx->session, buf, bufsize);
+-  while (ret == GNUTLS_E_INTERRUPTED);
++  if (ctx->peeklen)
++    memcpy (buf, ctx->peekbuf, offset);
+ 
+-  if (ret >= 0)
++  if (bufsize > offset)
+     {
+-      memcpy (ctx->peekbuf, buf, ret);
+-      ctx->peeklen = ret;
++      do
++        {
++          ret = gnutls_record_recv (ctx->session, buf + offset,
++                                    bufsize - offset);
++        }
++      while (ret == GNUTLS_E_INTERRUPTED);
++
++      if (ret < 0)
++        {
++          if (offset)
++            ret = 0;
++          else
++            return ret;
++        }
++
++      if (ret > 0)
++        {
++          memcpy (ctx->peekbuf + offset, buf + offset,
++                  ret);
++          ctx->peeklen += ret;
++        }
+     }
+-  return ret;
++
++  return offset + ret;
+ }
+ 
+ static const char *
+@@ -165,23 +224,20 @@
+   /*gnutls_bye (ctx->session, GNUTLS_SHUT_RDWR);*/
+   gnutls_deinit (ctx->session);
+   xfree (ctx);
+-#ifndef WINDOWS
+   close (fd);
+-#else
+-  closesocket (fd);
+-#endif
+ }
+ 
+ /* gnutls_transport is the singleton that describes the SSL transport
+    methods provided by this file.  */
+ 
+-static struct transport_implementation wgnutls_transport = {
++static struct transport_implementation wgnutls_transport =
++{
+   wgnutls_read, wgnutls_write, wgnutls_poll,
+   wgnutls_peek, wgnutls_errstr, wgnutls_close
+ };
+ 
+ bool
+-ssl_connect (int fd)
++ssl_connect_wget (int fd)
+ {
+   static const int cert_type_priority[] = {
+     GNUTLS_CRT_X509, GNUTLS_CRT_OPENPGP, 0
+@@ -189,11 +245,42 @@
+   struct wgnutls_transport_context *ctx;
+   gnutls_session session;
+   int err;
++  int allowed_protocols[4] = {0, 0, 0, 0};
+   gnutls_init (&session, GNUTLS_CLIENT);
+   gnutls_set_default_priority (session);
+   gnutls_certificate_type_set_priority (session, cert_type_priority);
+   gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, credentials);
+-  gnutls_transport_set_ptr (session, (gnutls_transport_ptr) fd);
++#ifndef FD_TO_SOCKET
++# define FD_TO_SOCKET(X) (X)
++#endif
++  gnutls_transport_set_ptr (session, (gnutls_transport_ptr) FD_TO_SOCKET (fd));
++
++  err = 0;
++  switch (opt.secure_protocol)
++    {
++    case secure_protocol_auto:
++      break;
++    case secure_protocol_sslv2:
++    case secure_protocol_sslv3:
++      allowed_protocols[0] = GNUTLS_SSL3;
++      err = gnutls_protocol_set_priority (session, allowed_protocols);
++      break;
++    case secure_protocol_tlsv1:
++      allowed_protocols[0] = GNUTLS_TLS1_0;
++      allowed_protocols[1] = GNUTLS_TLS1_1;
++      allowed_protocols[2] = GNUTLS_TLS1_2;
++      err = gnutls_protocol_set_priority (session, allowed_protocols);
++      break;
++    default:
++      abort ();
++    }
++  if (err < 0)
++    {
++      logprintf (LOG_NOTQUIET, "GnuTLS: %s\n", gnutls_strerror (err));
++      gnutls_deinit (session);
++      return false;
++    }
++
+   err = gnutls_handshake (session);
+   if (err < 0)
+     {
+@@ -201,6 +288,7 @@
+       gnutls_deinit (session);
+       return false;
+     }
++
+   ctx = xnew0 (struct wgnutls_transport_context);
+   ctx->session = session;
+   fd_register_transport (fd, &wgnutls_transport, ctx);
diff --git a/recipes/wget/wget.inc b/recipes/wget/wget.inc
index 21aa936..15daafb 100644
--- a/recipes/wget/wget.inc
+++ b/recipes/wget/wget.inc
@@ -1,6 +1,7 @@
 DESCRIPTION = "A console URL download utility featuring HTTP, FTP, and more."
 SECTION = "console/network"
 DEPENDS = ""
+DEPENDS_shr = "gnutls"
 INC_PR = "r8"
 LICENSE = "GPL"
 
@@ -11,6 +12,8 @@ inherit autotools gettext
 # Disable checking for SSL since that searches the system paths
 EXTRA_OECONF = "--enable-ipv6 --without-ssl"
 
+# Enable SSL it's usefull
+EXTRA_OECONF_shr = "--enable-ipv6 --with-ssl=gnutls"
 # The unslung kernel does not support ipv6
 EXTRA_OECONF_unslung = "--without-ssl"
 # SlugOS kernels do not support ipv6. Can be loaded as a module.
diff --git a/recipes/wget/wget_1.12.bb b/recipes/wget/wget_1.12.bb
index a353f63..4ce3c2d 100644
--- a/recipes/wget/wget_1.12.bb
+++ b/recipes/wget/wget_1.12.bb
@@ -1,6 +1,8 @@
-PR="${INC_PR}.0"
+PR = "${INC_PR}.1"
 
-SRC_URI = "${GNU_MIRROR}/wget/wget-${PV}.tar.gz"
+SRC_URI = "${GNU_MIRROR}/wget/wget-${PV}.tar.gz \
+           file://gnutls.bzr.patch \
+"
 
 SRC_URI[md5sum] = "141461b9c04e454dc8933c9d1f2abf83"
 SRC_URI[sha256sum] = "7578ed0974e12caa71120581fa3962ee5a69f7175ddc3d6a6db0ecdcba65b572"

More information about the Openembedded-commits mailing list