- move dependency properties (libs, libdirs, C flags, header dirs,
pkg-config module names) from global lists to imported target
`INTERFACE` properties. Rework FInd modules to return their results
like this and update the libssh2 build process to use it. It makes
Find modules re-usable from the cmake-config script by libssh2
consumers, to integrate with libssh2 dependencies.
- define libssh2 dependencies as "imported targets" by the name:
`libssh2::<depname>`, e.g. `libssh2::libgcrypt`.
- cmake-config: add fall-back logic for CMake without
CMP0099 (v3.17 2020-03-20) to set lib directories.
- generate `libssh2.pc` based on imported target properties (instead of
global lists).
- add target property dump debug function.
- ci/GHA: also test cmake integration on macOS.
Follow-up to 96d7f404e7#1534Closes#1535
CMake:
- Find*: set `<modulename>_FOUND` for compatibility when found via
`pkg-config`. E.g. `MbedTLS_FOUND`.
`find_package_handle_standard_args()` sets both `<MODULENAME>_FOUND`
and `<Modulename>_FOUND` when detecting the dependency. Some CMake
code relies on this and 3rd-party code may rely on it too. Make sure
to set the latter variant when detecting the dependency via
`pkg-config`, where we don't call
`find_package_handle_standard_args()`.
CMake sets these variable to `TRUE` (not `ON` or `1`). Replicate this
for compatibility.
- libssh2-config.cmake: inherit default `LIBSSH2_USE_PKGCONFIG`.
Follow-up to a3aa6b4ca8#1525
- document variables consumed by `libssh2-config.cmake.in`.
- `libssh2-config.cmake`: fix to link to non-OpenSSL crypto backends.
This is most likely not how this is supposed to be done, but better
than failing.
What's the canonical way to do this, and how OpenSSL and zlib does it
is yet to be figured out.
- use `ZLIB::ZLIB` to reference zlib.
- use `IN ITEMS` where missed.
- harmonize variable dump output formats.
CMake `find_package` integration tests:
- extend to all crypto backends (was: OpenSSL).
- show libssh2 variables set by `find_package()`.
- stop building examples and tests for the consumed package.
For performance.
- enable zlib, for coverage.
- be verbose when building the test targets.
ci/GHA:
- add packaged mbedTLS (2.x) build to Linux matrix.
- alphasort some tests.
Follow-up to d9c2e550ca#1460
Follow-up to 82b09f9b3a#1322Closes#1534
- add Linux jobs with old OpenSSL versions: 1.1.1, 1.1.0, 1.0.2, with
tests.
(Meaning we test these again after losing them in AppVeyor CI)
- add LibreSSL Linux job with tests.
- cache most dependency packages built from source.
(exception: wolfSSL, which would have added too much complexity
due to the multiple versions, and it's fast to build anyway.)
- change source tarball sources to GitHub for better stability and
performance.
- move dependency versions to the env.
- set `persist-credentials: false` for checkout steps for security.
- pin actions to hash for security.
- checkout repo later, right before use.
- skip building BoringSSL tests to finish quicker.
- set `fail-fast: false` in the BSD build matrix.
- cmake: move UWP workaround from GHA to `CMakeLists.txt`, making it
available for everyone.
- list installed packages in OpenBSD job.
- bump BoringSSL, mbedTLS, wolfSSL, OpenSSL.
- bump cross-platform-actions to v0.26.
- bump docker/build-push-action to v6.
- bump actions/upload-artifact to v4.
- bump NetBSD to 10.1.
- drop `--quiet 2` `apt-get` option to keep useful output.
- drop `--no-install-suggests --no-install-recommends` `apt-get`
options. They are the defaults with the `ubuntu-24.04` image.
- tidy up quotes.
Cherry-picked from #1484Closes#1528
- show platform flags (via curl).
- add `LIBSSH2_USE_PKGCONFIG` option to control whether to use
`pkg-config` to find dependencies.
- set `.pc` names withing the Find modules.
- add `mbedcrypto` to `libssh2.pc` only when detected via `pkg-config`.
Workaround for older mbedtls versions and non-CMake mbedTLS builds
(as of mbedTLS 3.6.2) that don't emit an `mbedcrypto.pc` file.
- set header paths relative to the project root (tidy-up).
- use `-isystem` for crypto backend and zlib header paths.
To match autotools.
- sync header path order with autotools.
- rename local variables to underscore-lowercase.
- minor tidy-ups.
Cherry-picked from #1484Closes#1525
- cmake: add support to build ossfuzz.
Enable with `-DBUILD_OSSFUZZ=ON`.
Also supports `-DLIB_FUZZING_ENGINE=` like autotools does.
- check for `__clang__` when suppressing warnings in source. Necessary
for clang-cl, which set `__clang__`, but doesn't set `__GNU__`.
- cmake: optimize out 4 picky warning option detections with gcc.
- cmake: bring `-pedantic-error`, `-Wall` use closer to curl's.
- cmake: set `-Wno-language-extension-token` for clang-cl.
- cmake: escape only the necessary `-W` options for clang-cl.
- cmake: apply picky warnings to C++.
- cmake: replace `unset(VAR)` with `set(VAR "")` for init.
- cmake: prefer dash-style MSVC options.
- cmake: simplify `MATCHES` expression.
- cmake: formatting/whitespace.
- ci/GHA: bump `actions/upload-artifact` to v4
Closes#1524
Building 3 tests require static libssh2 lib. Some may prefer not to
create the static lib, yet prefer to build all tests, including those
3 that require it.
Detect such intent by looking for an explicit `BUILD_TESTING=ON` and
`BUILD_STATIC_LIBS=OFF`, then build the static lib anyway but without
installing it.
Reported-by: Eli Schwartz
Fixes#1450Closes#1469
- sync code between Find modules.
- wolfssl: replace `pkg-config` hints with native detection.
- libgcrypt, mbedtls: add `pkg-config`-based native detection.
- libgcrypt: add version detection.
- limit `pkg-config` use for `UNIX`, vcpkg, and non-cross MinGW builds,
and builds with no manual customization via `*_INCLUDE_DIR` or
`*_LIBRARY`.
- replace and sync Find module header comments.
- ci: delete manual mbedTLS config that's now redundant.
Based on similar work done in curl.
Second attempt at #1420Closes#1445
Generate `LIBSSH2_PC_LIBS_PRIVATE` from `LIBSSH2_LIBS`.
Also add extra libdirs (`-L`) to `Libs` and `Libs.private`.
Logic copied from curl.
Closes#1466
The wolfSSL OpenSSL headers reside in `wolfssl/openssl/*.h`.
Before this patch the wolfSSL OpenSSL compatibilty header includes were
shared with the native OpenSSL codepath, and used `openssl/*h`. For
wolfSSL builds this required a hack to append the
`<wolfssl-prefix>/wolfssl` directory to the header search path, to find
the headers.
This patch changes the source to use the correct header references,
allowing to drop the header path hack.
Also fix to use the correct variable to set up the header path in CMake:
`WOLFSSL_INCLUDE_DIRS` (was: `WOLFSSL_INCLUDE_DIR`, without the `S`)
Closes#1439
The WinCNG backend currently only supports DSA and RSA. This PR
adds ECDSA support for host and user authentication.
* Disable WinCNG ECDSA support by default to maintain backward
compatibility for projects that target versions below Windows 10.
* Add cmake option `ENABLE_ECDSA_WINCNG` to guard ECDSA support.
* Update AppVeyor job matrix to only enable ECDSA on Server 2016+
* Use the imported target of FindOpenSSL module
* Build libssh2 before test runner
* Use find_package() in the CMake config file
* Use find_dependency() rather than find_package()
* Install CMake module files and use them in the config file
* Use elseif() to choose the crypto backend
The following APIs have been deprecated for over 10 years and
use `LIBSSH2_NO_DEPRECATED` to mark them as deprecated:
libssh2_session_startup()
libssh2_banner_set()
libssh2_channel_receive_window_adjust()
libssh2_channel_handle_extended_data()
libssh2_scp_recv()
Add these options to disable them:
- autotools: `--disable-deprecated`
- cmake: `-DLIBSSH2_NO_DEPRECATED=ON`
- `CPPFLAGS`: `-DLIBSSH2_NO_DEPRECATED`
Fixes#1259
Replaces #1260
Co-authored-by: Viktor Szakats
Closes#1267
Disable these warnings specifically for the mbedTLS public headers
and leave it on for the the rest of the code. This also fixes this
issue for autotools. Previous solution was globally disabling this
warning for the whole code when using mbedTLS and only with CMake.
Follow-up to 7ecc309cd1#1224Closes#1226
Enable more picky compiler warnings. I've found these options in the
nghttp3 project when implementing the CMake quick picky warning
functionality for it.
Fix issues found along the way:
- wincng, mbedtls: delete duplicate function declarations.
Most of this was due to re-#defining crypto functions to
crypto-backend specific implementations These redefines also remapped
the declarations in `crypto.h`, making the backend-specific
declarations duplicates.
This patch deletes the backend-specific declarations.
- wincng mapped two crypto functions to the same local function.
Also causing double declarations.
Fix this by adding two disctinct wrappers and moving
the common function to a static one.
- delete unreachable `break;` statements.
- kex: disable macros when unused.
- agent: disable unused constants.
- mbedtls: disable double declaration warnings because public mbedTLS
headers trigger it. (with function `psa_set_key_domain_parameters`)
- crypto.h: formatting.
Ref: a70edb08e9/cmake/PickyWarningsC.cmakeCloses#1224
- quote text literals to improve readability.
(exceptions: `FILES` items, `add_subdirectory` names, `find_package`
names, literal target names, version numbers, 0/1, built-in CMake
values and CMake keywords, list items in `cmake/max_warnings.cmake`)
- quote standalone variables that could break syntax on empty values.
- replace `libssh2_SOURCE_DIR` with `PROJECT_SOURCE_DIR`.
- add missing mode to `message()` call.
- `TRUE`/`FALSE` → `ON`/`OFF`.
- add missing default value `OFF` to `option()` for clarity.
- unfold some lines.
- `INSTALL_CMAKE.md` fixes and updates. Show defaults.
Closes#1166
Former solution was appending an empty element to the array if
`CMAKE_MODULE_PATH` was originally empty. The new syntax doesn't have
this side-effect.
There is no known issue caused by this. Fixing it for good measure.
Closes#1157
This caused a CMake error instead of our custom error when manually
selecting the `WinCNG` crypto-backend for a non-Windows target.
Also cleanup `STREQUAL` checks to use variable name without `${}` on
the left side and quoted string literals on the right.
Closes#1151
We mistakently added transitive zlib to `Requires.private` before, then
removed it. This patch re-adds zlib, but this time to `Libs.private`,
which is listing raw libs and should include transitive libs as well.
Also add zlib when used as a direct dependency when zlib compression
support is enabled.
Follow-up to ef538069a6Closes#1131
Fixes the warning below, which appeared in CMake v3.27.0:
```
CMake Deprecation Warning at CMakeLists.txt:39 (cmake_minimum_required):
Compatibility with CMake < 3.5 will be removed from a future version of
CMake.
Update the VERSION argument <min> value or use a ...<max> suffix to tell
CMake that the project does not need compatibility with older versions.
```
Bump straight up to v3.7.0 to sync up with the curl project:
2900c29218/CMakeLists.txt (L64)
CMake release dates:
v3.7.0 2016-11-11
v3.5.0 2016-03-08
v3.1.0 2014-12-17
Closes#1126
- prefix with `LIBSSH2_PC_`
- match with the names of `pkg-config` values.
- use the same names in autotools and CMake scripts.
- use `LIBSSH2_VERSION` for the version number in autotools scripts,
to match the name used in CMake.
Closes#1125
- autotools was using `libwolfssl`. CMake left it empty. wolfSSL
provides `wolfssl.pc`. This patch sets `Requires.private: wolfssl`
with both build tools.
- add `libgcrypt` to `Requires.private` with both autotools and CMake.
Ref:
e76e88eef7/src/libgcrypt.pc.in
Present since 2005-04-22:
32bf3f13e8
Released in v1.3.0 2007-05-04:
https://github.com/gpg/libgcrypt/releases/tag/libgcrypt-1.3.0
- also stop adding transitive `zlib` deps to `Requires.private`.
The referenced crypto package is adding it as nedded.
This makes deduplication of the list redundant, so stop doing it.
Follow-up to 2fc3679007
(`libssh2.pc` not tested as a project dependency.)
Closes#1123
- dedupe `Requires.private` in `libssh2.pc`.
`zlib` could appear on the list twice:
```
Requires.private: libssl,libcrypto,zlib,zlib
```
According to CMake docs `list(REMOVE_DUPLICATES ...)`, is supported by
our minimum required CMake version (and by earlier ones even):
https://cmake.org/cmake/help/v3.1/command/list.html#remove-duplicates
- move `cmake_minimum_required()` to the top.
- move `set(CMAKE_MODULE_PATH)` to the top.
- delete duplicate `set(CMAKE_MODULE_PATH)`.
- replace `CMAKE_CURRENT_SOURCE_DIR` with `PROJECT_SOURCE_DIR` in root
`CMakeLists.txt` for robustness.
- replace `gcovr` option with long-form for readability/consistency.
- rename `GCOV_OPTIONS` to `GCOV_CFLAGS`. These are C options we enable
when using gcov, not gcov tooling options.
Closes#1122
- All files have prominent copyright and SPDX identifier
- If not embedded in the file, in the .reuse/dep5 file
- All used licenses are in LICENSES/ (not shipped in tarballs)
- A new REUSE CI job verify that all files are OK
Assisted-by: Viktor Szakats
Closes#1084
Also:
- uppercase `(C)`.
- add missing 'All rights reserved.' lines.
- drop duplicate 'Author' lines.
- add copyright headers where missing.
- enable copyright header check in checksrc.
Reasons for deleting years (copied as-is from curl):
- they are mostly pointless in all major jurisdictions
- many big corporations and projects already don't use them
- saves us from pointless churn
- git keeps history for us
- the year range is kept in COPYING
Closes#1082
`list(PREPEND)` requires CMake v3.15, our minimum is v3.1. `APPEND`
should work fine for headers anyway.
Also fix a wrongly placed comment.
Ref: https://cmake.org/cmake/help/latest/command/list.html#prepend
Regression from 1e3319a167d2f32d295603167486e9e88af9bb4e
Closes#1043
