From d259e347e6e3a630acfc1a811709ca05e5d3b92e Mon Sep 17 00:00:00 2001 From: Chris Kay Date: Thu, 25 Mar 2021 16:03:25 +0000 Subject: [PATCH] Add CMake package config file This change enables automatic detection and consumption of Mbed TLS library targets from within other CMake projects. By generating an `MbedTLSConfig.cmake` file, consuming projects receive a more complete view of these targets, allowing them to be used as dependencies which properly inherit the transitive dependencies of the libraries. This is fairly fragile, as it seems Mbed TLS's libraries do not appear to properly model their dependencies on other targets, including third-party dependencies. It is, however, sufficient for building and linking the compiled Mbed TLS libraries when there are no third-party dependencies involved. Further work is needed for more complex use-cases, but this will likely meet the needs of most projects. Resolves #298. Probably useful for #2857. Signed-off-by: Chris Kay --- 3rdparty/CMakeLists.txt | 12 ----- 3rdparty/everest/CMakeLists.txt | 31 ++++++----- CMakeLists.txt | 37 ++++++++++++- ChangeLog.d/add-cmake-package-config.txt | 2 + README.md | 27 ++++++++++ cmake/MbedTLSConfig.cmake.in | 3 ++ library/CMakeLists.txt | 27 ++++++---- programs/test/cmake_package/.gitignore | 3 ++ programs/test/cmake_package/CMakeLists.txt | 36 +++++++++++++ programs/test/cmake_package/cmake_package.c | 53 ++++++++++++++++++ .../test/cmake_package_install/.gitignore | 3 ++ .../test/cmake_package_install/CMakeLists.txt | 39 ++++++++++++++ .../cmake_package_install.c | 54 +++++++++++++++++++ tests/scripts/all.sh | 38 ++++++++++++- 14 files changed, 324 insertions(+), 41 deletions(-) create mode 100644 ChangeLog.d/add-cmake-package-config.txt create mode 100644 cmake/MbedTLSConfig.cmake.in create mode 100644 programs/test/cmake_package/.gitignore create mode 100644 programs/test/cmake_package/CMakeLists.txt create mode 100644 programs/test/cmake_package/cmake_package.c create mode 100644 programs/test/cmake_package_install/.gitignore create mode 100644 programs/test/cmake_package_install/CMakeLists.txt create mode 100644 programs/test/cmake_package_install/cmake_package_install.c diff --git a/3rdparty/CMakeLists.txt b/3rdparty/CMakeLists.txt index 18945e52e..fbd0470de 100644 --- a/3rdparty/CMakeLists.txt +++ b/3rdparty/CMakeLists.txt @@ -1,17 +1,5 @@ -list (APPEND thirdparty_src) -list (APPEND thirdparty_lib) -list (APPEND thirdparty_inc_public) -list (APPEND thirdparty_inc) -list (APPEND thirdparty_def) - execute_process(COMMAND ${MBEDTLS_PYTHON_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/config.py -f ${CMAKE_CURRENT_SOURCE_DIR}/../include/mbedtls/config.h get MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED RESULT_VARIABLE result) if(${result} EQUAL 0) add_subdirectory(everest) endif() - -set(thirdparty_src ${thirdparty_src} PARENT_SCOPE) -set(thirdparty_lib ${thirdparty_lib} PARENT_SCOPE) -set(thirdparty_inc_public ${thirdparty_inc_public} PARENT_SCOPE) -set(thirdparty_inc ${thirdparty_inc} PARENT_SCOPE) -set(thirdparty_def ${thirdparty_def} PARENT_SCOPE) diff --git a/3rdparty/everest/CMakeLists.txt b/3rdparty/everest/CMakeLists.txt index d81d995f1..ff9da7af7 100644 --- a/3rdparty/everest/CMakeLists.txt +++ b/3rdparty/everest/CMakeLists.txt @@ -1,16 +1,15 @@ -list (APPEND everest_src) -list (APPEND everest_inc_public) -list (APPEND everest_inc) -list (APPEND everest_def) +add_library(everest + library/everest.c + library/x25519.c + library/Hacl_Curve25519_joined.c) -set(everest_src - ${CMAKE_CURRENT_SOURCE_DIR}/library/everest.c - ${CMAKE_CURRENT_SOURCE_DIR}/library/x25519.c - ${CMAKE_CURRENT_SOURCE_DIR}/library/Hacl_Curve25519_joined.c -) - -list(APPEND everest_inc_public ${CMAKE_CURRENT_SOURCE_DIR}/include) -list(APPEND everest_inc ${CMAKE_CURRENT_SOURCE_DIR}/include/everest ${CMAKE_CURRENT_SOURCE_DIR}/include/everest/kremlib) +target_include_directories(everest + PUBLIC $ + $ + $ + PRIVATE include/everest + include/everest/kremlib + ${MBEDTLS_DIR}/library/) if(INSTALL_MBEDTLS_HEADERS) @@ -22,7 +21,7 @@ if(INSTALL_MBEDTLS_HEADERS) endif(INSTALL_MBEDTLS_HEADERS) -set(thirdparty_src ${thirdparty_src} ${everest_src} PARENT_SCOPE) -set(thirdparty_inc_public ${thirdparty_inc_public} ${everest_inc_public} PARENT_SCOPE) -set(thirdparty_inc ${thirdparty_inc} ${everest_inc} PARENT_SCOPE) -set(thirdparty_def ${thirdparty_def} ${everest_def} PARENT_SCOPE) +install(TARGETS everest + EXPORT MbedTLSTargets + DESTINATION ${LIB_INSTALL_DIR} + PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ) diff --git a/CMakeLists.txt b/CMakeLists.txt index f648f2299..4630eab05 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -18,6 +18,8 @@ cmake_minimum_required(VERSION 2.8.12) +include(CMakePackageConfigHelpers) + # https://cmake.org/cmake/help/latest/policy/CMP0011.html # Setting this policy is required in CMake >= 3.18.0, otherwise a warning is generated. The OLD # policy setting is deprecated, and will be removed in future versions. @@ -221,7 +223,6 @@ endif() add_subdirectory(include) add_subdirectory(3rdparty) -list(APPEND libs ${thirdparty_lib}) add_subdirectory(library) @@ -300,3 +301,37 @@ if(ENABLE_TESTING) ${CMAKE_CURRENT_BINARY_DIR}/DartConfiguration.tcl COPYONLY) endif() endif() + +configure_package_config_file( + "cmake/MbedTLSConfig.cmake.in" + "cmake/MbedTLSConfig.cmake" + INSTALL_DESTINATION "cmake") + +write_basic_package_version_file( + "cmake/MbedTLSConfigVersion.cmake" + COMPATIBILITY SameMajorVersion + VERSION 2.26.0) + +install( + FILES "${CMAKE_CURRENT_BINARY_DIR}/cmake/MbedTLSConfig.cmake" + "${CMAKE_CURRENT_BINARY_DIR}/cmake/MbedTLSConfigVersion.cmake" + DESTINATION "cmake") + +export( + EXPORT MbedTLSTargets + NAMESPACE MbedTLS:: + FILE "cmake/MbedTLSTargets.cmake") + +install( + EXPORT MbedTLSTargets + NAMESPACE MbedTLS:: + DESTINATION "cmake" + FILE "MbedTLSTargets.cmake") + +if(CMAKE_VERSION VERSION_GREATER 3.14) + # Do not export the package by default + cmake_policy(SET CMP0090 NEW) + + # Make this package visible to the system + export(PACKAGE MbedTLS) +endif() diff --git a/ChangeLog.d/add-cmake-package-config.txt b/ChangeLog.d/add-cmake-package-config.txt new file mode 100644 index 000000000..3b738169b --- /dev/null +++ b/ChangeLog.d/add-cmake-package-config.txt @@ -0,0 +1,2 @@ +Changes + * Add CMake package config generation for CMake projects consuming Mbed TLS. diff --git a/README.md b/README.md index 3f41a0d76..fdaab0a5e 100644 --- a/README.md +++ b/README.md @@ -181,6 +181,33 @@ Regarding variables, also note that if you set CFLAGS when invoking cmake, your value of CFLAGS doesn't override the content provided by cmake (depending on the build mode as seen above), it's merely prepended to it. +#### Consuming Mbed TLS + +Mbed TLS provides a package config file for consumption as a dependency in other +CMake projects. You can include Mbed TLS's CMake targets yourself with: + + find_package(MbedTLS) + +If prompted, set `MbedTLS_DIR` to `${YOUR_MBEDTLS_INSTALL_DIR}/cmake`. This +creates the following targets: + +- `MbedTLS::mbedcrypto` (Crypto library) +- `MbedTLS::mbedtls` (TLS library) +- `MbedTLS::mbedx509` (X509 library) + +You can then use these directly through `target_link_libraries()`: + + add_executable(xyz) + + target_link_libraries(xyz + PUBLIC MbedTLS::mbedtls + MbedTLS::mbedcrypto + MbedTLS::mbedx509) + +This will link the Mbed TLS libraries to your library or application, and add +its include directories to your target (transitively, in the case of `PUBLIC` or +`INTERFACE` link libraries). + #### Mbed TLS as a subproject Mbed TLS supports being built as a CMake subproject. One can diff --git a/cmake/MbedTLSConfig.cmake.in b/cmake/MbedTLSConfig.cmake.in new file mode 100644 index 000000000..b65bbaba5 --- /dev/null +++ b/cmake/MbedTLSConfig.cmake.in @@ -0,0 +1,3 @@ +@PACKAGE_INIT@ + +include("${CMAKE_CURRENT_LIST_DIR}/MbedTLSTargets.cmake") diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index f31820a2f..def54a950 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -87,8 +87,6 @@ set(src_crypto xtea.c ) -list(APPEND src_crypto ${thirdparty_src}) - set(src_x509 x509.c x509_create.c @@ -180,6 +178,10 @@ if(USE_STATIC_MBEDTLS_LIBRARY) set_target_properties(${mbedcrypto_static_target} PROPERTIES OUTPUT_NAME mbedcrypto) target_link_libraries(${mbedcrypto_static_target} PUBLIC ${libs}) + if(TARGET everest) + target_link_libraries(${mbedcrypto_static_target} PUBLIC everest) + endif() + add_library(${mbedx509_static_target} STATIC ${src_x509}) set_target_properties(${mbedx509_static_target} PROPERTIES OUTPUT_NAME mbedx509) target_link_libraries(${mbedx509_static_target} PUBLIC ${libs} ${mbedcrypto_static_target}) @@ -194,6 +196,10 @@ if(USE_SHARED_MBEDTLS_LIBRARY) set_target_properties(${mbedcrypto_target} PROPERTIES VERSION 2.26.0 SOVERSION 6) target_link_libraries(${mbedcrypto_target} PUBLIC ${libs}) + if(TARGET everest) + target_link_libraries(${mbedcrypto_target} PUBLIC everest) + endif() + add_library(${mbedx509_target} SHARED ${src_x509}) set_target_properties(${mbedx509_target} PROPERTIES VERSION 2.26.0 SOVERSION 1) target_link_libraries(${mbedx509_target} PUBLIC ${libs} ${mbedcrypto_target}) @@ -210,15 +216,14 @@ foreach(target IN LISTS target_libraries) # /library needs to be listed explicitly when building .c files outside # of /library (which currently means: under /3rdparty). target_include_directories(${target} - PUBLIC ${MBEDTLS_DIR}/include/ - PUBLIC ${thirdparty_inc_public} - PRIVATE ${MBEDTLS_DIR}/library/ - PRIVATE ${thirdparty_inc}) - target_compile_definitions(${target} - PRIVATE ${thirdparty_def}) - install(TARGETS ${target} - DESTINATION ${LIB_INSTALL_DIR} - PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ) + PUBLIC $ + $ + PRIVATE ${MBEDTLS_DIR}/library/) + install( + TARGETS ${target} + EXPORT MbedTLSTargets + DESTINATION ${LIB_INSTALL_DIR} + PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ) endforeach(target) set(lib_target "${MBEDTLS_TARGET_PREFIX}lib") diff --git a/programs/test/cmake_package/.gitignore b/programs/test/cmake_package/.gitignore new file mode 100644 index 000000000..9ae6b59c4 --- /dev/null +++ b/programs/test/cmake_package/.gitignore @@ -0,0 +1,3 @@ +build +Makefile +cmake_package diff --git a/programs/test/cmake_package/CMakeLists.txt b/programs/test/cmake_package/CMakeLists.txt new file mode 100644 index 000000000..518d2e94f --- /dev/null +++ b/programs/test/cmake_package/CMakeLists.txt @@ -0,0 +1,36 @@ +cmake_minimum_required(VERSION 2.8.12) + +# +# Simulate configuring and building Mbed TLS as the user might do it. We'll +# skip installing it, and use the build directory directly instead. +# + +set(MbedTLS_SOURCE_DIR "${CMAKE_CURRENT_SOURCE_DIR}/../../..") +set(MbedTLS_BINARY_DIR "${CMAKE_CURRENT_BINARY_DIR}/mbedtls") + +execute_process( + COMMAND "${CMAKE_COMMAND}" + "-H${MbedTLS_SOURCE_DIR}" + "-B${MbedTLS_BINARY_DIR}" + "-DENABLE_PROGRAMS=NO" + "-DENABLE_TESTING=NO") + +execute_process( + COMMAND "${CMAKE_COMMAND}" + --build "${MbedTLS_BINARY_DIR}") + +# +# Locate the package. +# + +set(MbedTLS_DIR "${MbedTLS_BINARY_DIR}/cmake") +find_package(MbedTLS REQUIRED) + +# +# At this point, the Mbed TLS targets should have been imported, and we can now +# link to them from our own program. +# + +add_executable(cmake_package cmake_package.c) +target_link_libraries(cmake_package + MbedTLS::mbedcrypto MbedTLS::mbedtls MbedTLS::mbedx509) diff --git a/programs/test/cmake_package/cmake_package.c b/programs/test/cmake_package/cmake_package.c new file mode 100644 index 000000000..3f993a07b --- /dev/null +++ b/programs/test/cmake_package/cmake_package.c @@ -0,0 +1,53 @@ +/* + * Simple program to test that Mbed TLS builds correctly as a CMake package. + * + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#if defined(MBEDTLS_PLATFORM_C) +#include "mbedtls/platform.h" +#else +#include +#include +#define mbedtls_fprintf fprintf +#define mbedtls_printf printf +#define mbedtls_exit exit +#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS +#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE +#endif /* MBEDTLS_PLATFORM_C */ + +#include "mbedtls/version.h" + +/* The main reason to build this is for testing the CMake build, so the program + * doesn't need to do very much. It calls a single library function to ensure + * linkage works, but that is all. */ +int main() +{ + /* This version string is 18 bytes long, as advised by version.h. */ + char version[18]; + + mbedtls_version_get_string_full( version ); + + mbedtls_printf( "Built against %s\n", version ); + + return( 0 ); +} diff --git a/programs/test/cmake_package_install/.gitignore b/programs/test/cmake_package_install/.gitignore new file mode 100644 index 000000000..b9b828288 --- /dev/null +++ b/programs/test/cmake_package_install/.gitignore @@ -0,0 +1,3 @@ +build +Makefile +cmake_package_install diff --git a/programs/test/cmake_package_install/CMakeLists.txt b/programs/test/cmake_package_install/CMakeLists.txt new file mode 100644 index 000000000..711a1e506 --- /dev/null +++ b/programs/test/cmake_package_install/CMakeLists.txt @@ -0,0 +1,39 @@ +cmake_minimum_required(VERSION 2.8.12) + +# +# Simulate configuring and building Mbed TLS as the user might do it. We'll +# install into a directory inside our own build directory. +# + +set(MbedTLS_SOURCE_DIR "${CMAKE_CURRENT_SOURCE_DIR}/../../..") +set(MbedTLS_INSTALL_DIR "${CMAKE_CURRENT_BINARY_DIR}/mbedtls") +set(MbedTLS_BINARY_DIR "${MbedTLS_INSTALL_DIR}${CMAKE_FILES_DIRECTORY}") + +execute_process( + COMMAND "${CMAKE_COMMAND}" + "-H${MbedTLS_SOURCE_DIR}" + "-B${MbedTLS_BINARY_DIR}" + "-DENABLE_PROGRAMS=NO" + "-DENABLE_TESTING=NO" + "-DCMAKE_INSTALL_PREFIX=${MbedTLS_INSTALL_DIR}") + +execute_process( + COMMAND "${CMAKE_COMMAND}" + --build "${MbedTLS_BINARY_DIR}" + --target install) + +# +# Locate the package. +# + +set(MbedTLS_DIR "${MbedTLS_INSTALL_DIR}/cmake") +find_package(MbedTLS REQUIRED) + +# +# At this point, the Mbed TLS targets should have been imported, and we can now +# link to them from our own program. +# + +add_executable(cmake_package_install cmake_package_install.c) +target_link_libraries(cmake_package_install + MbedTLS::mbedcrypto MbedTLS::mbedtls MbedTLS::mbedx509) diff --git a/programs/test/cmake_package_install/cmake_package_install.c b/programs/test/cmake_package_install/cmake_package_install.c new file mode 100644 index 000000000..1ae0b8471 --- /dev/null +++ b/programs/test/cmake_package_install/cmake_package_install.c @@ -0,0 +1,54 @@ +/* + * Simple program to test that Mbed TLS builds correctly as an installable CMake + * package. + * + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#if defined(MBEDTLS_PLATFORM_C) +#include "mbedtls/platform.h" +#else +#include +#include +#define mbedtls_fprintf fprintf +#define mbedtls_printf printf +#define mbedtls_exit exit +#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS +#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE +#endif /* MBEDTLS_PLATFORM_C */ + +#include "mbedtls/version.h" + +/* The main reason to build this is for testing the CMake build, so the program + * doesn't need to do very much. It calls a single library function to ensure + * linkage works, but that is all. */ +int main() +{ + /* This version string is 18 bytes long, as advised by version.h. */ + char version[18]; + + mbedtls_version_get_string_full( version ); + + mbedtls_printf( "Built against %s\n", version ); + + return( 0 ); +} diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index ab8500b94..c14021d50 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -273,7 +273,7 @@ cleanup() -iname CMakeFiles -exec rm -rf {} \+ -o \ \( -iname cmake_install.cmake -o \ -iname CTestTestfile.cmake -o \ - -iname CMakeCache.txt \) -exec rm {} \+ + -iname CMakeCache.txt \) -exec rm -f {} \+ # Recover files overwritten by in-tree CMake builds rm -f include/Makefile include/mbedtls/Makefile programs/*/Makefile git update-index --no-skip-worktree Makefile library/Makefile programs/Makefile tests/Makefile programs/fuzz/Makefile @@ -284,6 +284,16 @@ cleanup() rm -f programs/test/cmake_subproject/Makefile rm -f programs/test/cmake_subproject/cmake_subproject + # Remove any artifacts from the component_test_cmake_as_package test. + rm -rf programs/test/cmake_package/build + rm -f programs/test/cmake_package/Makefile + rm -f programs/test/cmake_package/cmake_package + + # Remove any artifacts from the component_test_cmake_as_installed_package test. + rm -rf programs/test/cmake_package_install/build + rm -f programs/test/cmake_package_install/Makefile + rm -f programs/test/cmake_package_install/cmake_package_install + if [ -f "$CONFIG_BAK" ]; then mv "$CONFIG_BAK" "$CONFIG_H" fi @@ -2609,6 +2619,32 @@ component_test_cmake_as_subdirectory () { unset MBEDTLS_ROOT_DIR } +component_test_cmake_as_package () { + msg "build: cmake 'as-package' build" + MBEDTLS_ROOT_DIR="$PWD" + + cd programs/test/cmake_package + cmake . + make + if_build_succeeded ./cmake_package + + cd "$MBEDTLS_ROOT_DIR" + unset MBEDTLS_ROOT_DIR +} + +component_test_cmake_as_package_install () { + msg "build: cmake 'as-installed-package' build" + MBEDTLS_ROOT_DIR="$PWD" + + cd programs/test/cmake_package_install + cmake . + make + if_build_succeeded ./cmake_package_install + + cd "$MBEDTLS_ROOT_DIR" + unset MBEDTLS_ROOT_DIR +} + component_test_zeroize () { # Test that the function mbedtls_platform_zeroize() is not optimized away by # different combinations of compilers and optimization flags by using an