Merge pull request libgit2#6924 from libgit2/ethomson/cmake_deps

Improve dependency selection in CMake

Author: ethomson

.github/workflows/main.yml

@@ -42,7 +42,7 @@ jobs:
             name: noble
           env:
             CC: clang
-            CMAKE_OPTIONS: -DUSE_HTTPS=mbedTLS -DUSE_SHA1=HTTPS -DREGEX_BACKEND=pcre -DDEPRECATE_HARD=ON -DUSE_LEAK_CHECKER=valgrind -DUSE_GSSAPI=ON -DUSE_SSH=exec
+            CMAKE_OPTIONS: -DUSE_HTTPS=mbedTLS -DUSE_SHA1=HTTPS -DREGEX_BACKEND=pcre -DDEPRECATE_HARD=ON -DUSE_LEAK_CHECKER=valgrind -DUSE_GSSAPI=ON -DUSE_SSH=exec -DUSE_HTTP_PARSER=http-parser
             CMAKE_GENERATOR: Ninja
         - name: "Linux (Xenial, GCC, OpenSSL, OpenSSH)"
           id: xenial-gcc-openssl

CMakeLists.txt

@@ -30,14 +30,14 @@ option(USE_THREADS             "Use threads for parallel processing when possibl
 option(USE_NSEC                "Support nanosecond precision file mtimes and ctimes"    ON)
 
 # Backend selection
-option(USE_SSH                 "Enable SSH support. Can be set to a specific backend" OFF)
-option(USE_HTTPS               "Enable HTTPS support. Can be set to a specific backend" ON)
-option(USE_SHA1                "Enable SHA1. Can be set to CollisionDetection(ON)/HTTPS" ON)
-option(USE_SHA256              "Enable SHA256. Can be set to HTTPS/Builtin" ON)
-option(USE_GSSAPI              "Link with libgssapi for SPNEGO auth"      OFF)
-   set(USE_HTTP_PARSER         "" CACHE STRING "Specifies the HTTP Parser implementation; either system or builtin.")
+   set(USE_SSH                 "" CACHE STRING "Enables SSH support and optionally selects provider. One of ON, OFF, or a specific provider: libssh2 or exec. (Defaults to OFF.)")
+   set(USE_HTTPS               "" CACHE STRING "Enable HTTPS support and optionally selects the provider. One of ON, OFF, or a specific provider: OpenSSL, OpenSSL-FIPS, OpenSSL-Dynamic, mbedTLS, SecureTransport, Schannel, or WinHTTP. (Defaults to ON.)")
+   set(USE_SHA1                "" CACHE STRING "Selects SHA1 provider. One of CollisionDetection, HTTPS, or a specific provider. (Defaults to CollisionDetection.)")
+   set(USE_SHA256              "" CACHE STRING "Selects SHA256 provider. One of Builtin, HTTPS, or a specific provider. (Defaults to HTTPS.)")
+option(USE_GSSAPI              "Enable SPNEGO authentication using GSSAPI" OFF)
+   set(USE_HTTP_PARSER         "" CACHE STRING "Selects HTTP Parser support: http-parser, llhttp, or builtin. (Defaults to builtin.)")
 #  set(USE_XDIFF               "" CACHE STRING "Specifies the xdiff implementation; either system or builtin.")
-   set(REGEX_BACKEND           "" CACHE STRING "Regular expression implementation. One of regcomp_l, pcre2, pcre, regcomp, or builtin.")
+   set(REGEX_BACKEND           "" CACHE STRING "Selects regex provider. One of regcomp_l, pcre2, pcre, regcomp, or builtin.")
 option(USE_BUNDLED_ZLIB        "Use the bundled version of zlib. Can be set to one of Bundled(ON)/Chromium. The Chromium option requires a x86_64 processor with SSE4.2 and CLMUL" OFF)
 
 # Debugging options
@@ -64,7 +64,7 @@ option(ENABLE_WERROR           "Enable compilation with -Werror"
 
 if(UNIX)
 	# NTLM client requires crypto libraries from the system HTTPS stack
-	if(NOT USE_HTTPS)
+	if(USE_HTTPS STREQUAL "OFF")
 		option(USE_NTLMCLIENT  "Enable NTLM support on Unix."                  OFF)
 	else()
 		option(USE_NTLMCLIENT  "Enable NTLM support on Unix."                   ON)

README.md

@@ -265,29 +265,39 @@ Build options:
 
 Dependency options:
 
-* `USE_SSH=type`: enables SSH support; `type` can be set to `libssh2`
-  or `exec` (which will execute an external OpenSSH command)
-* `USE_HTTPS=type`: enables HTTPS support; `type` can be set to
-  `OpenSSL`, `mbedTLS`, `SecureTransport`, `Schannel`, or `WinHTTP`;
-  the default is `SecureTransport` on macOS, `WinHTTP` on Windows, and
-  whichever of `OpenSSL` or `mbedTLS` is detected on other platforms.
+* `USE_SSH=type`: enables SSH support and optionally selects the provider;
+  `type` can be set to `libssh2` or `exec` (which will execute an external
+  OpenSSH command). `ON` implies `libssh2`; defaults to `OFF`.
+* `USE_HTTPS=type`: enables HTTPS support and optionally selects the
+  provider; `type` can be set to `OpenSSL`, `OpenSSL-Dynamic` (to not
+  link against OpenSSL, but load it dynamically), `SecureTransport`,
+  `Schannel` or `WinHTTP`; the default is `SecureTransport` on macOS,
+  `WinHTTP` on Windows, and whichever of `OpenSSL` or `mbedTLS` is
+  detected on other platforms. Defaults to `ON`.
 * `USE_SHA1=type`: selects the SHA1 mechanism to use; `type` can be set
-  to `CollisionDetection` (default), or `HTTPS` to use the HTTPS
-  driver specified above as the hashing provider.
+  to `CollisionDetection`, `HTTPS` to use the system or HTTPS provider,
+  or one of `OpenSSL`, `OpenSSL-Dynamic`, `OpenSSL-FIPS` (to use FIPS
+  compliant routines in OpenSSL), `CommonCrypto`, or `Schannel`.
+  Defaults to `CollisionDetection`. This option is retained for
+  backward compatibility and should not be changed.
 * `USE_SHA256=type`: selects the SHA256 mechanism to use; `type` can be
-  set to `HTTPS` (default) to use the HTTPS driver specified above as
-  the hashing provider, or `Builtin`.
+  set to `HTTPS` to use the system or HTTPS driver, `builtin`, or one of
+  `OpenSSL`, `OpenSSL-Dynamic`, `OpenSSL-FIPS` (to use FIPS compliant
+  routines in OpenSSL), `CommonCrypto`, or `Schannel`. Defaults to `HTTPS`.
 * `USE_GSSAPI=<on/off>`: enables GSSAPI for SPNEGO authentication on
-  Unix
+  Unix. Defaults to `OFF`.
 * `USE_HTTP_PARSER=type`: selects the HTTP Parser; either `http-parser`
   for an external
   [`http-parser`](https://github.com/nodejs/http-parser) dependency,
   `llhttp` for an external [`llhttp`](https://github.com/nodejs/llhttp)
-  dependency, or `builtin`
+  dependency, or `builtin`. Defaults to `builtin`.
 * `REGEX_BACKEND=type`: selects the regular expression backend to use;
-  one of `regcomp_l`, `pcre2`, `pcre`, `regcomp`, or `builtin`.
-* `USE_BUNDLED_ZLIB=type`: selects the zlib dependency to use; one of
-  `bundled` or `Chromium`.
+  one of `regcomp_l`, `pcre2`, `pcre`, `regcomp`, or `builtin`. The
+  default is to use `regcomp_l` where available, PCRE if found, otherwise,
+  to use the builtin.
+* `USE_BUNDLED_ZLIB=type`: selects the bundled zlib; either `ON` or `OFF`.
+  Defaults to using the system zlib if available, falling back to the
+  bundled zlib.
 
 Locating Dependencies
 ---------------------

ci/docker/noble

@@ -4,20 +4,22 @@ FROM ${BASE} AS apt
 RUN apt-get update && \
     DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
         bzip2 \
-        clang \
+	clang \
+        clang-18 \
         cmake \
         curl \
         gcc \
         git \
         krb5-user \
-        libclang-rt-17-dev \
+        libclang-rt-18-dev \
         libcurl4-gnutls-dev \
         libgcrypt20-dev \
+        libhttp-parser-dev \
         libkrb5-dev \
         libpcre3-dev \
         libssl-dev \
         libz-dev \
-        llvm-17 \
+        llvm-18 \
         make \
         ninja-build \
         openjdk-8-jre-headless \
@@ -40,10 +42,10 @@ RUN cd /tmp && \
     scripts/config.pl set MBEDTLS_MD4_C 1 && \
     mkdir build build-msan && \
     cd build && \
-    CC=clang-17 CFLAGS="-fPIC" cmake -G Ninja -DENABLE_PROGRAMS=OFF -DENABLE_TESTING=OFF -DUSE_SHARED_MBEDTLS_LIBRARY=ON -DUSE_STATIC_MBEDTLS_LIBRARY=OFF -DCMAKE_BUILD_TYPE=Debug -DCMAKE_PREFIX_PATH=/usr/local -DCMAKE_INSTALL_PREFIX=/usr/local .. && \
+    CC=clang-18 CFLAGS="-fPIC" cmake -G Ninja -DENABLE_PROGRAMS=OFF -DENABLE_TESTING=OFF -DUSE_SHARED_MBEDTLS_LIBRARY=ON -DUSE_STATIC_MBEDTLS_LIBRARY=OFF -DCMAKE_BUILD_TYPE=Debug -DCMAKE_PREFIX_PATH=/usr/local -DCMAKE_INSTALL_PREFIX=/usr/local .. && \
     ninja install && \
     cd ../build-msan && \
-    CC=clang-17 CFLAGS="-fPIC" cmake -G Ninja -DENABLE_PROGRAMS=OFF -DENABLE_TESTING=OFF -DUSE_SHARED_MBEDTLS_LIBRARY=ON -DUSE_STATIC_MBEDTLS_LIBRARY=OFF -DCMAKE_BUILD_TYPE=MemSanDbg -DCMAKE_INSTALL_PREFIX=/usr/local/msan .. && \
+    CC=clang-18 CFLAGS="-fPIC" cmake -G Ninja -DENABLE_PROGRAMS=OFF -DENABLE_TESTING=OFF -DUSE_SHARED_MBEDTLS_LIBRARY=ON -DUSE_STATIC_MBEDTLS_LIBRARY=OFF -DCMAKE_BUILD_TYPE=MemSanDbg -DCMAKE_INSTALL_PREFIX=/usr/local/msan .. && \
     ninja install && \
     cd .. && \
     rm -rf mbedtls-mbedtls-2.28.6
@@ -54,24 +56,24 @@ RUN cd /tmp && \
     cd libssh2-1.11.0 && \
     mkdir build build-msan && \
     cd build && \
-    CC=clang-17 CFLAGS="-fPIC" cmake -G Ninja -DBUILD_SHARED_LIBS=ON -DCMAKE_PREFIX_PATH=/usr/local -DCMAKE_INSTALL_PREFIX=/usr/local .. && \
+    CC=clang-18 CFLAGS="-fPIC" cmake -G Ninja -DBUILD_SHARED_LIBS=ON -DCMAKE_PREFIX_PATH=/usr/local -DCMAKE_INSTALL_PREFIX=/usr/local .. && \
     ninja install && \
     cd ../build-msan && \
-    CC=clang-17 CFLAGS="-fPIC -fsanitize=memory -fno-optimize-sibling-calls -fsanitize-memory-track-origins=2 -fno-omit-frame-pointer" LDFLAGS="-fsanitize=memory" cmake -G Ninja -DBUILD_SHARED_LIBS=ON -DCRYPTO_BACKEND=mbedTLS -DCMAKE_PREFIX_PATH=/usr/local/msan -DCMAKE_INSTALL_PREFIX=/usr/local/msan .. && \
+    CC=clang-18 CFLAGS="-fPIC -fsanitize=memory -fno-optimize-sibling-calls -fsanitize-memory-track-origins=2 -fno-omit-frame-pointer" LDFLAGS="-fsanitize=memory" cmake -G Ninja -DBUILD_SHARED_LIBS=ON -DCRYPTO_BACKEND=mbedTLS -DCMAKE_PREFIX_PATH=/usr/local/msan -DCMAKE_INSTALL_PREFIX=/usr/local/msan .. && \
     ninja install && \
     cd .. && \
     rm -rf libssh2-1.11.0
 
 FROM libssh2 AS valgrind
 RUN cd /tmp && \
-    curl --insecure --location --silent --show-error https://sourceware.org/pub/valgrind/valgrind-3.22.0.tar.bz2 | \
+    curl --insecure --location --silent --show-error https://sourceware.org/pub/valgrind/valgrind-3.23.0.tar.bz2 | \
         tar -xj && \
-    cd valgrind-3.22.0 && \
-    CC=clang-17 ./configure && \
+    cd valgrind-3.23.0 && \
+    CC=clang-18 ./configure && \
     make MAKEFLAGS="-j -l$(grep -c ^processor /proc/cpuinfo)" && \
     make install && \
     cd .. && \
-    rm -rf valgrind-3.22.0
+    rm -rf valgrind-3.23.0
 
 FROM valgrind AS adduser
 ARG UID=""

ci/docker/xenial

@@ -7,13 +7,13 @@ RUN apt-get update && \
         clang \
         cmake \
         curl \
-	gettext \
+        gettext \
         gcc \
         krb5-user \
         libcurl4-gnutls-dev \
-	libexpat1-dev \
+        libexpat1-dev \
         libgcrypt20-dev \
-	libintl-perl \
+        libintl-perl \
         libkrb5-dev \
         libpcre3-dev \
         libssl-dev \

cmake/FindHTTPParser.cmake cmake/FindHTTP_Parser.cmakecmake/FindHTTPParser.cmake renamed to cmake/FindHTTP_Parser.cmake

@@ -1,6 +1,6 @@
 # Optional external dependency: http-parser
-if(USE_HTTP_PARSER STREQUAL "http-parser")
-	find_package(HTTPParser)
+if(USE_HTTP_PARSER STREQUAL "http-parser" OR USE_HTTP_PARSER STREQUAL "system")
+	find_package(HTTP_Parser)
 
 	if(HTTP_PARSER_FOUND AND HTTP_PARSER_VERSION_MAJOR EQUAL 2)
 		list(APPEND LIBGIT2_SYSTEM_INCLUDES ${HTTP_PARSER_INCLUDE_DIRS})
@@ -23,10 +23,12 @@ elseif(USE_HTTP_PARSER STREQUAL "llhttp")
 	else()
 		message(FATAL_ERROR "llhttp support was requested but not found")
 	endif()
-else()
+elseif(USE_HTTP_PARSER STREQUAL "" OR USE_HTTP_PARSER STREQUAL "builtin")
 	add_subdirectory("${PROJECT_SOURCE_DIR}/deps/llhttp" "${PROJECT_BINARY_DIR}/deps/llhttp")
 	list(APPEND LIBGIT2_DEPENDENCY_INCLUDES "${PROJECT_SOURCE_DIR}/deps/llhttp")
 	list(APPEND LIBGIT2_DEPENDENCY_OBJECTS "$<TARGET_OBJECTS:llhttp>")
 	set(GIT_HTTPPARSER_BUILTIN 1)
 	add_feature_info(http-parser ON "using bundled parser")
+else()
+	message(FATAL_ERROR "unknown http-parser: ${USE_HTTP_PARSER}")
 endif()

cmake/SelectHTTPParser.cmake

@@ -8,9 +8,14 @@ if(CMAKE_SYSTEM_NAME MATCHES "Darwin" OR CMAKE_SYSTEM_NAME MATCHES "iOS")
 	find_package(CoreFoundation)
 endif()
 
+if(USE_HTTPS STREQUAL "")
+	set(USE_HTTPS ON)
+endif()
+
+sanitizebool(USE_HTTPS)
+
 if(USE_HTTPS)
 	# Auto-select TLS backend
-	sanitizebool(USE_HTTPS)
 	if(USE_HTTPS STREQUAL ON)
 		if(SECURITY_FOUND)
 			if(SECURITY_HAS_SSLCREATECONTEXT)
@@ -136,12 +141,12 @@ if(USE_HTTPS)
 		set(GIT_OPENSSL_DYNAMIC 1)
 		list(APPEND LIBGIT2_SYSTEM_LIBS dl)
 	else()
-		message(FATAL_ERROR "Asked for backend ${USE_HTTPS} but it wasn't found")
+		message(FATAL_ERROR "unknown HTTPS backend: ${USE_HTTPS}")
 	endif()
 
 	set(GIT_HTTPS 1)
 	add_feature_info(HTTPS GIT_HTTPS "using ${USE_HTTPS}")
 else()
 	set(GIT_HTTPS 0)
-	add_feature_info(HTTPS NO "")
+	add_feature_info(HTTPS NO "HTTPS support is disabled")
 endif()

cmake/SelectHTTPSBackend.cmake

@@ -2,13 +2,12 @@
 
 include(SanitizeBool)
 
-# USE_SHA1=CollisionDetection(ON)/HTTPS/Generic/OFF
 sanitizebool(USE_SHA1)
 sanitizebool(USE_SHA256)
 
 # sha1
 
-if(USE_SHA1 STREQUAL ON)
+if(USE_SHA1 STREQUAL "" OR USE_SHA1 STREQUAL ON)
 	SET(USE_SHA1 "CollisionDetection")
 elseif(USE_SHA1 STREQUAL "HTTPS")
 	if(USE_HTTPS STREQUAL "SecureTransport")
@@ -20,7 +19,7 @@ elseif(USE_SHA1 STREQUAL "HTTPS")
 	elseif(USE_HTTPS)
 		set(USE_SHA1 ${USE_HTTPS})
 	else()
-		set(USE_SHA1 "CollisionDetection")
+		message(FATAL_ERROR "asked for HTTPS SHA1 backend but HTTPS is not enabled")
 	endif()
 endif()
 
@@ -41,15 +40,21 @@ elseif(USE_SHA1 STREQUAL "mbedTLS")
 elseif(USE_SHA1 STREQUAL "Win32")
 	set(GIT_SHA1_WIN32 1)
 else()
-	message(FATAL_ERROR "Asked for unknown SHA1 backend: ${USE_SHA1}")
+	message(FATAL_ERROR "asked for unknown SHA1 backend: ${USE_SHA1}")
 endif()
 
 # sha256
 
-if(USE_SHA256 STREQUAL ON AND USE_HTTPS)
-	SET(USE_SHA256 "HTTPS")
-elseif(USE_SHA256 STREQUAL ON)
-	SET(USE_SHA256 "Builtin")
+if(USE_SHA256 STREQUAL "" OR USE_SHA256 STREQUAL ON)
+	if(USE_HTTPS)
+		SET(USE_SHA256 "HTTPS")
+	else()
+		SET(USE_SHA256 "builtin")
+	endif()
+endif()
+
+if(USE_SHA256 STREQUAL "Builtin")
+	set(USE_SHA256 "builtin")
 endif()
 
 if(USE_SHA256 STREQUAL "HTTPS")
@@ -64,7 +69,7 @@ if(USE_SHA256 STREQUAL "HTTPS")
 	endif()
 endif()
 
-if(USE_SHA256 STREQUAL "Builtin")
+if(USE_SHA256 STREQUAL "builtin")
 	set(GIT_SHA256_BUILTIN 1)
 elseif(USE_SHA256 STREQUAL "OpenSSL")
 	set(GIT_SHA256_OPENSSL 1)
@@ -81,7 +86,7 @@ elseif(USE_SHA256 STREQUAL "mbedTLS")
 elseif(USE_SHA256 STREQUAL "Win32")
 	set(GIT_SHA256_WIN32 1)
 else()
-	message(FATAL_ERROR "Asked for unknown SHA256 backend: ${USE_SHA256}")
+	message(FATAL_ERROR "asked for unknown SHA256 backend: ${USE_SHA256}")
 endif()
 
 # add library requirements

cmake/SelectHashes.cmake

@@ -39,6 +39,8 @@ elseif(USE_SSH STREQUAL ON OR USE_SSH STREQUAL "libssh2")
 	set(GIT_SSH 1)
 	set(GIT_SSH_LIBSSH2 1)
 	add_feature_info(SSH ON "using libssh2")
-else()
+elseif(USE_SSH STREQUAL OFF OR USE_SSH STREQUAL "")
 	add_feature_info(SSH OFF "SSH transport support")
+else()
+	message(FATAL_ERROR "unknown SSH option: ${USE_HTTP_PARSER}")
 endif()