Re: [bug #63431] --disable-ntlm ignored if nettle is present

bug-wget

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [bug #63431] --disable-ntlm ignored if nettle is present

From:	Tim Rühsen
Subject:	Re: [bug #63431] --disable-ntlm ignored if nettle is present
Date:	Sun, 11 Dec 2022 13:47:36 +0100
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.5.1

Hey Hannu,

thanks for explaining your needs. It indeed slipped through my attentionthat nettle is only needed for NTLM.


I just pushed a fix.

Regarding keeping wget a small as possible, let me suggest adding
  --with-gpgme-prefix=/ --disable-pcre --without-metalink --disable-opie

to your configure command line (given that you don't want any of thesefeatures).

So even if your build environment changes (e.g. makes metalink, gpgme orlibpcre available), you still won't use these features.


So only libz stays as a dynamic dependency:
$ ldd src/wget
        linux-vdso.so.1 (0x00007fff98925000)
        libz.so.1 => /lib/x86_64-linux-gnu/libz.so.1 (0x00007f36c7411000)
        libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f36c7230000)
        /lib64/ld-linux-x86-64.so.2 (0x00007f36c74bd000)

A stripped version of wget here has 327424 bytes (compiled with gcc -Os).

Regards, Tim

On 10.12.22 18:48, Hannu Nyman wrote:

Follow-up Comment #2, bug #63431 (project wget):

It seems that the patch does not quite fully fix things for us.

Our purpose is to keep the no-SSL version of wget small, and avoid unnecessary
features. (Context is OpenWrt, Linux for embedded routers with limited flash
storage space).

Our buildbot also builds nettle as an optional extra package (along hundreds
of others), so the wget compilation detects it in the build system, although
we have no intention of forcing wget users to also install the rarely needed
nettle.

With this new fix, I still similar error as earlier, that the presence of a
nettle library forces it to be linked with "-lnettle" when there is no SSL
feature. NTLM feature itself is shown disabled, but nettle is still forced
into the build as a library.


--localstatedir=/var --mandir=/usr/man --infodir=/usr/info --disable-nls
--disable-rpath --disable-iri --disable-pcre2 --with-included-libunistring
--without-libuuid --without-libpsl --disable-ntlm --without-ssl ; fi; )

configure: loading site script /Openwrt/e8450/include/site/aarch64
...
checking for zlib... yes
checking for nettle... yes
checking for INET6 protocol support... yes
...
   LDFlags:
-L/Openwrt/e8450/staging_dir/toolchain-aarch64_cortex-a53_gcc-11.3.0_musl/usr/lib
-L/Openwrt/e8450/staging_dir/toolchain-aarch64_cortex-a53_gcc-11.3.0_musl/lib
-znow -zrelro
   Libs:
-L/Openwrt/e8450/staging_dir/target-aarch64_cortex-a53_musl/usr/lib -lpcre
-L/Openwrt/e8450/staging_dir/target-aarch64_cortex-a53_musl/usr/lib -lnettle
-L/Openwrt/e8450/staging_dir/target-aarch64_cortex-a53_musl/usr/lib -lz
   SSL:               no
   Zlib:              yes
   PSL:               no
   PCRE:              yes, via libpcre
   Digest:            yes
   NTLM:              no
   OPIE:              yes
   POSIX xattr:       yes


The fix apparently turns NTLM off, but still causes the nettle library to be
included, although is only needed for the NTLM feature (to my understanding).

Likely line 644 in configure.ac gets applied.
https://git.savannah.gnu.org/cgit/wget.git/tree/configure.ac?id=485217d0ff8d0d17ea3815244b2bc2b747451e15#n644

In the earlier version of configure.ac, the inclusion of nettle was
conditional for "if test x"$ENABLE_NTLM" != xno" on line 639. Otherwise the
NETTLE_LIBS did not get applied on line 645:
https://git.savannah.gnu.org/cgit/wget.git/tree/configure.ac?id=c984cb316a790bf672b71d14d3b903921aacc00d#n635

Hopefully that behaviour can be restored.


For keeping the unnecessary nettle from being linked, I earlier authored the
following patch to fix the problem. My patch fully disables nettle detection
in the "disable-ntlm" case:

--- a/configure.ac
+++ b/configure.ac
@@ -630,6 +630,7 @@ then
      AC_DEFINE([ENABLE_NTLM], 1, [Define if you want the NTLM authorization
support compiled in.])
    fi
  else
+ if test x"$ENABLE_NTLM" != xno; then
    PKG_CHECK_MODULES([NETTLE], nettle, [
      HAVE_NETTLE=yes
      LIBS="$NETTLE_LIBS $LIBS"
@@ -651,6 +652,7 @@ else
      ENABLE_NTLM=yes
      AC_DEFINE([ENABLE_NTLM], 1, [Define if you want the NTLM authorization
support compiled in.])
    fi
+ fi
  fi

dnl **********************************************************************








     _______________________________________________________

Reply to this item at:

   <https://savannah.gnu.org/bugs/?63431>

_______________________________________________
Message sent via Savannah
https://savannah.gnu.org/

OpenPGP_signature
Description: OpenPGP digital signature

[Prev in Thread]

Current Thread

[Next in Thread]

[bug #63431] --disable-ntlm ignored if nettle is present, Tim Ruehsen, 2022/12/10
- [bug #63431] --disable-ntlm ignored if nettle is present, Hannu Nyman, 2022/12/10
  - Re: [bug #63431] --disable-ntlm ignored if nettle is present, Tim Rühsen <=

Prev by Date: [bug #63431] --disable-ntlm ignored if nettle is present
Next by Date: missing something to download mp3 files from host
Previous by thread: [bug #63431] --disable-ntlm ignored if nettle is present
Next by thread: missing something to download mp3 files from host
Index(es):
- Date
- Thread