From 13c6497512c3784507ea5d210e340b9f2605630a Mon Sep 17 00:00:00 2001 From: Jan-Marek Glogowski Date: Mon, 3 Jan 2022 19:54:04 +0100 Subject: [PATCH] Split xmlsecurity components based on the config One non-obvious hunk is the dependency of GPG based on NSS. While it doesn't need NSS per-se, the signature validation code uses NSS functions. This is mainly an improvement / has the same origin then commit 1c6382b2564fbf19f8ee99e11021dff2ce19ed6f ("xmlsec: handle missing EqualDistinguishedNames"). Change-Id: I12416139e1e391822d878c61b4ed06f3a409c334 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/127913 Tested-by: Jenkins Reviewed-by: Jan-Marek Glogowski --- configure.ac | 5 +++-- xmlsecurity/Library_xmlsecurity.mk | 2 ++ xmlsecurity/Library_xsec_xmlsec.mk | 13 ++++++++++++- xmlsecurity/util/xmlsecurity.component | 1 + xmlsecurity/util/xmlsecurity.component.dds | 7 +++++++ xmlsecurity/util/xsec_xmlsec.component | 6 ++++++ xmlsecurity/util/xsec_xmlsec.component.gpg | 7 +++++++ xmlsecurity/util/xsec_xmlsec.component.nss | 7 +++++++ xmlsecurity/util/xsec_xmlsec.component.nss_mscrypt | 10 ++++++++++ 9 files changed, 55 insertions(+), 3 deletions(-) create mode 100644 xmlsecurity/util/xmlsecurity.component.dds create mode 100644 xmlsecurity/util/xsec_xmlsec.component.gpg create mode 100644 xmlsecurity/util/xsec_xmlsec.component.nss create mode 100644 xmlsecurity/util/xsec_xmlsec.component.nss_mscrypt diff --git a/configure.ac b/configure.ac index 50a954a4ddad..30ff0ea4ea2f 100644 --- a/configure.ac +++ b/configure.ac @@ -12346,7 +12346,8 @@ elif test "$enable_mpl_subset" = "yes"; then AC_MSG_RESULT([no (MPL only]) elif test "$enable_fuzzers" = "yes"; then AC_MSG_RESULT([no (oss-fuzz)]) -elif test "$_os" = "Linux" -o "$_os" = "Darwin" -o "$_os" = "WINNT" ; then +elif test \( \( "$_os" = "Linux" -o "$_os" = "Darwin" \) -a "$ENABLE_NSS" = TRUE \) -o "$_os" = "WINNT" ; then + AC_MSG_RESULT([yes]) dnl =================================================================== dnl Check for system gpgme dnl =================================================================== @@ -12422,7 +12423,7 @@ elif test "$_os" = "Linux" -o "$_os" = "Darwin" -o "$_os" = "WINNT" ; then fi fi else - AC_MSG_RESULT([no (unsupported OS)]) + AC_MSG_RESULT([no (unsupported OS or missing NSS)]) fi AC_SUBST(ENABLE_GPGMEPP) AC_SUBST(SYSTEM_GPGMEPP) diff --git a/xmlsecurity/Library_xmlsecurity.mk b/xmlsecurity/Library_xmlsecurity.mk index a4491134a08b..8507b4bab2e1 100644 --- a/xmlsecurity/Library_xmlsecurity.mk +++ b/xmlsecurity/Library_xmlsecurity.mk @@ -79,6 +79,8 @@ $(eval $(call gb_Library_add_exception_objects,xmlsecurity,\ xmlsecurity/source/helper/xmlsignaturehelper \ xmlsecurity/source/helper/xsecverify \ )) + +$(eval $(call gb_Library_add_componentimpl,xmlsecurity,dds)) endif $(eval $(call gb_Library_use_externals,xmlsecurity,\ diff --git a/xmlsecurity/Library_xsec_xmlsec.mk b/xmlsecurity/Library_xsec_xmlsec.mk index 25b679c7266e..615c3eba0032 100644 --- a/xmlsecurity/Library_xsec_xmlsec.mk +++ b/xmlsecurity/Library_xsec_xmlsec.mk @@ -11,6 +11,12 @@ $(eval $(call gb_Library_Library,xsec_xmlsec)) $(eval $(call gb_Library_set_componentfile,xsec_xmlsec,xmlsecurity/util/xsec_xmlsec,services)) +$(eval $(call gb_Library_add_componentimpls,xsec_xmlsec, \ + $(if $(ENABLE_GPGMEPP),gpg) \ + $(if $(or $(ENABLE_NSS),$(filter WNT,$(OS))),nss_mscrypt) \ + $(if $(ENABLE_NSS),nss) \ +)) + $(eval $(call gb_Library_set_include,xsec_xmlsec,\ $$(INCLUDE) \ -I$(SRCDIR)/xmlsecurity/inc \ @@ -126,13 +132,18 @@ else # !$(OS),WNT ifeq ($(SYSTEM_XMLSEC),) $(eval $(call gb_Library_add_libs,xsec_xmlsec,\ - $(call gb_UnpackedTarball_get_dir,xmlsec)/src/nss/.libs/libxmlsec1-nss.a \ $(call gb_UnpackedTarball_get_dir,xmlsec)/src/.libs/libxmlsec1.a \ )) endif ifeq ($(ENABLE_NSS),TRUE) +ifeq ($(SYSTEM_XMLSEC),) +$(eval $(call gb_Library_add_libs,xsec_xmlsec,\ + $(call gb_UnpackedTarball_get_dir,xmlsec)/src/nss/.libs/libxmlsec1-nss.a \ +)) +endif + $(eval $(call gb_Library_add_exception_objects,xsec_xmlsec,\ xmlsecurity/source/xmlsec/nss/ciphercontext \ xmlsecurity/source/xmlsec/nss/digestcontext \ diff --git a/xmlsecurity/util/xmlsecurity.component b/xmlsecurity/util/xmlsecurity.component index adb647f20491..7dfe91a0d964 100644 --- a/xmlsecurity/util/xmlsecurity.component +++ b/xmlsecurity/util/xmlsecurity.component @@ -26,5 +26,6 @@ + diff --git a/xmlsecurity/util/xmlsecurity.component.dds b/xmlsecurity/util/xmlsecurity.component.dds new file mode 100644 index 000000000000..5dc5f6765382 --- /dev/null +++ b/xmlsecurity/util/xmlsecurity.component.dds @@ -0,0 +1,7 @@ +# This file is part of the LibreOffice project. +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +com.sun.star.security.DocumentDigitalSignatures diff --git a/xmlsecurity/util/xsec_xmlsec.component b/xmlsecurity/util/xsec_xmlsec.component index d219dc6f9d71..f2b072949a98 100644 --- a/xmlsecurity/util/xsec_xmlsec.component +++ b/xmlsecurity/util/xsec_xmlsec.component @@ -22,18 +22,22 @@ + + + + @@ -46,9 +50,11 @@ + + diff --git a/xmlsecurity/util/xsec_xmlsec.component.gpg b/xmlsecurity/util/xsec_xmlsec.component.gpg new file mode 100644 index 000000000000..c770a555ba9a --- /dev/null +++ b/xmlsecurity/util/xsec_xmlsec.component.gpg @@ -0,0 +1,7 @@ +# This file is part of the LibreOffice project. +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +com.sun.star.xml.security.SEInitializer_Gpg diff --git a/xmlsecurity/util/xsec_xmlsec.component.nss b/xmlsecurity/util/xsec_xmlsec.component.nss new file mode 100644 index 000000000000..3ff9557b92c0 --- /dev/null +++ b/xmlsecurity/util/xsec_xmlsec.component.nss @@ -0,0 +1,7 @@ +# This file is part of the LibreOffice project. +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +com.sun.star.xml.crypto.NSSInitializer diff --git a/xmlsecurity/util/xsec_xmlsec.component.nss_mscrypt b/xmlsecurity/util/xsec_xmlsec.component.nss_mscrypt new file mode 100644 index 000000000000..c713c1e83f5c --- /dev/null +++ b/xmlsecurity/util/xsec_xmlsec.component.nss_mscrypt @@ -0,0 +1,10 @@ +# This file is part of the LibreOffice project. +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +com.sun.star.xml.crypto.SecurityEnvironment +com.sun.star.xml.crypto.SEInitializer +com.sun.star.xml.crypto.XMLSecurityContext +com.sun.star.xml.crypto.XMLSignature