From ec3dfe68934d4bacc5604ae7b601ab72e1fccc2f Mon Sep 17 00:00:00 2001 From: Pierre Ossman Date: Fri, 17 Oct 2014 10:36:58 +0200 Subject: [PATCH] Clean up GnuTLS linking and instructions GnuTLS can have different crypto backends, and it is rarely gcrypt these days. So we should not be including that unconditionally, and should not be pointing people at it either. Also remove the section about Win32 binaries as those are out of date and probably insecure. Lastly remove the section about static builds as it is a general issue and in no way complete with just the GnuTLS portions. --- BUILDING.txt | 83 +------------------------------ CMakeLists.txt | 13 ----- cmake/Modules/FindGcrypt.cmake | 36 -------------- cmake/Modules/FindGpg_Error.cmake | 36 -------------- 4 files changed, 1 insertion(+), 167 deletions(-) delete mode 100644 cmake/Modules/FindGcrypt.cmake delete mode 100644 cmake/Modules/FindGpg_Error.cmake diff --git a/BUILDING.txt b/BUILDING.txt index 897a51a3..4ffcb726 100644 --- a/BUILDING.txt +++ b/BUILDING.txt @@ -14,7 +14,7 @@ Build Requirements (All Systems) * See "Building FLTK" below. -- If building TLS support: - * GnuTLS and its dependencies (libgcrypt, libtasn1, libgpg-error) + * GnuTLS -- If building native language support (NLS): * Gnu gettext 0.14.4 or later @@ -390,87 +390,6 @@ to the CMake command line would link TigerVNC against the static versions of libiconv and libintl included in the MinGW Developer Toolkit. -=============================================== -Building Transport Layer Security (TLS) support -=============================================== - -VeNCrypt (the TigerVNC security and authentication extensions) can be built -with TLS support, which provides built-in encryption for VNC sessions. This -requires GnuTLS, which is readily available in many Linux distributions but not -as readily available in binary form on other types of systems. This section -describes the issues associated with building a version of TigerVNC with TLS -support and how to work around those issues. - - -Unix/Mac --------- - -In general, if you are building on a Unix-ish platform that has the GnuTLS -libraries and include files installed in the standard system locations, then -the TigerVNC build system should detect the system version of GnuTLS -automatically and link against it. However, this produces a version of -TigerVNC that depends on the GnuTLS dynamic libraries, and thus the TigerVNC -binaries are not portable. - -To build a fully portable, cross-compatible version of TigerVNC with TLS -support, it is necessary to link against the GnuTLS static library (as well -as the static libraries of its dependencies.) If you are lucky enough, then -your O/S distribution may include pre-packaged versions of these static -libraries. Otherwise, it will be necessary to build GnuTLS, libgcrypt, -libtasn1, and libgpg-error from source. - -You can manipulate the GNUTLS_INCLUDE_DIR and GNUTLS_LIBRARY CMake variables to -build TigerVNC against a custom build of GnuTLS that is installed in a -non-system directory. For instance, adding - - -DGNUTLS_INCLUDE_DIR=/opt/gnutls/include \ - -DGNUTLS_LIBRARY='/opt/gnutls/lib/libgnutls.a;/opt/gnutls/lib/libgcrypt.a;/opt/gnutls/lib/libgpg-error.a;/opt/gnutls/lib/libtasn1.a' \ - -DUSE_INCLUDED_ZLIB=1 - -to the CMake or 'build-xorg build' command line will cause TigerVNC to be -statically linked against a custom installation of GnuTLS that resides under -/opt/gnutls. GnuTLS depends on zlib, so specifying -DUSE_INCLUDED_ZLIB=1 will -satisfy that dependency using TigerVNC's in-tree version of zlib, which -prevents TigerVNC from depending on the libz dynamic library. - - -MinGW ------ - -An installer containing the GnuTLS header files, as well as static and dynamic -link libraries for 32-bit MinGW, can be downloaded from the following site: - -http://josefsson.org/gnutls4win/ - -As of this writing, GnuTLS cannot be built cleanly with MinGW64 due to the fact -that portions of the code assume an LP64 data model (Windows uses LLP64.) -Thus, it is not possible at this time to produce a Win64 version of TigerVNC -with TLS support. - -Whether you use the above installer or build GnuTLS from source, make sure that -you install the libraries and headers into a pathname that doesn't contain -spaces (the installer will try to install under c:\Program Files unless you -tell it otherwise.) If the GnuTLS include path contains spaces, then the MinGW -resource compiler will barf when you try to build TigerVNC. - -You can manipulate the GNUTLS_INCLUDE_DIR and GNUTLS_LIBRARY CMake variables to -specify the directory under which you installed GnuTLS. For instance, adding - - -DGNUTLS_INCLUDE_DIR=/c/gnutls/include \ - -DGNUTLS_LIBRARY=/c/gnutls/lib/libgnutls.dll.a - -to the CMake command line when using MinGW will cause TigerVNC to be linked -against GnuTLS DLLs that are installed under c:\gnutls. - -Adding - - -DGNUTLS_INCLUDE_DIR=/c/gnutls/include \ - -DGNUTLS_LIBRARY='/c/gnutls/lib/libgnutls.a;/c/gnutls/lib/libgcrypt.a;/c/gnutls/lib/libtasn1.a;/c/gnutls/lib/libgpg-error.a' - -to the CMake command line will cause TigerVNC to be statically linked against -GnuTLS libraries that are installed under c:\gnutls. - - =================== Installing TigerVNC =================== diff --git a/CMakeLists.txt b/CMakeLists.txt index 24e923e3..5e600a26 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -310,20 +310,8 @@ endif() option(ENABLE_GNUTLS "Enable protocol encryption and advanced authentication" ON) if(ENABLE_GNUTLS) find_package(GnuTLS) - find_package(Gcrypt) - find_package(Gpg_Error) if (GNUTLS_FOUND) include_directories(${GNUTLS_INCLUDE_DIR}) - if (GCRYPT_FOUND) - include_directories(${GCRYPT_INCLUDE_DIR}) - set(GNUTLS_LIBRARIES ${GNUTLS_LIBRARIES};${GCRYPT_LIBRARIES}) - set(CMAKE_REQUIRED_LIBRARIES ${CMAKE_REQUIRED_LIBRARIES} ${GCRYPT_LIBRARIES}) - if (GPG_ERROR_FOUND) - include_directories(${GPG_ERROR_INCLUDE_DIR}) - set(GNUTLS_LIBRARIES ${GNUTLS_LIBRARIES};${GPG_ERROR_LIBRARIES}) - set(CMAKE_REQUIRED_LIBRARIES ${CMAKE_REQUIRED_LIBRARIES} ${GPG_ERROR_LIBRARIES}) - endif() - endif() add_definitions("-DHAVE_GNUTLS") add_definitions(${GNUTLS_DEFINITIONS}) @@ -332,7 +320,6 @@ if(ENABLE_GNUTLS) set(CMAKE_EXTRA_INCLUDE_FILES gnutls/gnutls.h) set(CMAKE_REQUIRED_LIBRARIES ${GNUTLS_LIBRARIES}) if(WIN32) - set(CMAKE_EXTRA_INCLUDE_FILES gcrypt.h ${CMAKE_EXTRA_INCLUDE_FILES}) set(CMAKE_REQUIRED_LIBRARIES ${CMAKE_REQUIRED_LIBRARIES} ws2_32 user32) endif() if(ZLIB_FOUND) diff --git a/cmake/Modules/FindGcrypt.cmake b/cmake/Modules/FindGcrypt.cmake deleted file mode 100644 index 2158081a..00000000 --- a/cmake/Modules/FindGcrypt.cmake +++ /dev/null @@ -1,36 +0,0 @@ -# - Find gcrypt -# Find the native GCRYPT includes and library -# -# GCRYPT_FOUND - True if gcrypt found. -# GCRYPT_INCLUDE_DIR - where to find gcrypt.h, etc. -# GCRYPT_LIBRARIES - List of libraries when using gcrypt. - -if (GCRYPT_INCLUDE_DIR AND GCRYPT_LIBRARIES) - set(GCRYPT_FIND_QUIETLY TRUE) -endif (GCRYPT_INCLUDE_DIR AND GCRYPT_LIBRARIES) - -# Include dir -find_path(GCRYPT_INCLUDE_DIR - NAMES - gcrypt.h -) - -# Library -find_library(GCRYPT_LIBRARY - NAMES gcrypt -) - -# handle the QUIETLY and REQUIRED arguments and set GCRYPT_FOUND to TRUE if -# all listed variables are TRUE -INCLUDE(FindPackageHandleStandardArgs) -FIND_PACKAGE_HANDLE_STANDARD_ARGS(GCRYPT DEFAULT_MSG GCRYPT_LIBRARY GCRYPT_INCLUDE_DIR) - -IF(GCRYPT_FOUND) - SET( GCRYPT_LIBRARIES ${GCRYPT_LIBRARY} ) -ELSE(GCRYPT_FOUND) - SET( GCRYPT_LIBRARIES ) -ENDIF(GCRYPT_FOUND) - -# Lastly make it so that the GCRYPT_LIBRARY and GCRYPT_INCLUDE_DIR variables -# only show up under the advanced options in the gui cmake applications. -MARK_AS_ADVANCED( GCRYPT_LIBRARY GCRYPT_INCLUDE_DIR ) diff --git a/cmake/Modules/FindGpg_Error.cmake b/cmake/Modules/FindGpg_Error.cmake deleted file mode 100644 index 2f1d3725..00000000 --- a/cmake/Modules/FindGpg_Error.cmake +++ /dev/null @@ -1,36 +0,0 @@ -# - Find gpg-error -# Find the native GPG_ERROR includes and library -# -# GPG_ERROR_FOUND - True if gpg-error found. -# GPG_ERROR_INCLUDE_DIR - where to find gpg-error.h, etc. -# GPG_ERROR_LIBRARIES - List of libraries when using gpg-error. - -if (GPG_ERROR_INCLUDE_DIR AND GPG_ERROR_LIBRARIES) - set(GPG_ERROR_FIND_QUIETLY TRUE) -endif (GPG_ERROR_INCLUDE_DIR AND GPG_ERROR_LIBRARIES) - -# Include dir -find_path(GPG_ERROR_INCLUDE_DIR - NAMES - gpg-error.h -) - -# Library -find_library(GPG_ERROR_LIBRARY - NAMES gpg-error -) - -# handle the QUIETLY and REQUIRED arguments and set GPG_ERROR_FOUND to TRUE if -# all listed variables are TRUE -INCLUDE(FindPackageHandleStandardArgs) -FIND_PACKAGE_HANDLE_STANDARD_ARGS(GPG_ERROR DEFAULT_MSG GPG_ERROR_LIBRARY GPG_ERROR_INCLUDE_DIR) - -IF(GPG_ERROR_FOUND) - SET( GPG_ERROR_LIBRARIES ${GPG_ERROR_LIBRARY} ) -ELSE(GPG_ERROR_FOUND) - SET( GPG_ERROR_LIBRARIES ) -ENDIF(GPG_ERROR_FOUND) - -# Lastly make it so that the GPG_ERROR_LIBRARY and GPG_ERROR_INCLUDE_DIR variables -# only show up under the advanced options in the gui cmake applications. -MARK_AS_ADVANCED( GPG_ERROR_LIBRARY GPG_ERROR_INCLUDE_DIR ) -- 2.39.5