diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 0000000000..4fb26b555e --- /dev/null +++ b/.gitmodules @@ -0,0 +1,3 @@ +[submodule "framework"] + path = framework + url = https://github.com/Mbed-TLS/mbedtls-framework diff --git a/.readthedocs.yaml b/.readthedocs.yaml index 72f126fa20..2b10f863f2 100644 --- a/.readthedocs.yaml +++ b/.readthedocs.yaml @@ -5,6 +5,11 @@ # Required version: 2 +# Include the framework submodule in the build +submodules: + include: + - framework + # Set the version of Python and other tools you might need build: os: ubuntu-20.04 diff --git a/CMakeLists.txt b/CMakeLists.txt index 179c3f6808..e37ca2cd3d 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -283,6 +283,11 @@ if(LIB_INSTALL_DIR) set(CMAKE_INSTALL_LIBDIR "${LIB_INSTALL_DIR}") endif() +if (NOT EXISTS "${CMAKE_CURRENT_SOURCE_DIR}/framework/CMakeLists.txt") + message(FATAL_ERROR "${CMAKE_CURRENT_SOURCE_DIR}/framework/CMakeLists.txt not found. Run `git submodule update --init` from the source tree to fetch the submodule contents.") +endif() +add_subdirectory(framework) + add_subdirectory(include) add_subdirectory(3rdparty) diff --git a/Makefile b/Makefile index 885948c112..47a3895b8a 100644 --- a/Makefile +++ b/Makefile @@ -2,6 +2,20 @@ DESTDIR=/usr/local PREFIX=mbedtls_ PERL ?= perl +ifneq (,$(filter-out lib library/%,$(or $(MAKECMDGOALS),all))) + ifeq (,$(wildcard framework/exported.make)) + # Use the define keyword to get a multi-line message. + # GNU make appends ". Stop.", so tweak the ending of our message accordingly. + define error_message +$(MBEDTLS_PATH)/framework/exported.make not found. +Run `git submodule update --init` to fetch the submodule contents. +This is a fatal error + endef + $(error $(error_message)) + endif + include framework/exported.make +endif + .SILENT: .PHONY: all no_test programs lib tests install uninstall clean test check lcov apidoc apidoc_clean diff --git a/README.md b/README.md index 2505d8fd9c..8bb0b60a40 100644 --- a/README.md +++ b/README.md @@ -54,6 +54,10 @@ You need the following tools to build the library with the provided makefiles: * Microsoft Visual Studio 2013 or later (if using Visual Studio). * Doxygen 1.8.11 or later (if building the documentation; slightly older versions should work). +### Git usage + +The `development` branch and the `mbedtls-3.6` long-term support branch of Mbed TLS use a [Git submodule](https://git-scm.com/book/en/v2/Git-Tools-Submodules#_cloning_submodules) ([framework](https://github.com/Mbed-TLS/mbedtls-framework)). This is not needed to merely compile the library at a release tag. This is not needed to consume a release archive (zip or tar). + ### Generated source files in the development branch The source code of Mbed TLS includes some files that are automatically generated by scripts and whose content depends only on the Mbed TLS source, not on the platform or on the library configuration. These files are not included in the development branch of Mbed TLS, but the generated files are included in official releases. This section explains how to generate the missing files in the development branch. diff --git a/framework b/framework new file mode 160000 index 0000000000..750634d3a5 --- /dev/null +++ b/framework @@ -0,0 +1 @@ +Subproject commit 750634d3a51eb9d61b59fd5d801546927c946588 diff --git a/library/Makefile b/library/Makefile index bef433505a..52d7944d59 100644 --- a/library/Makefile +++ b/library/Makefile @@ -1,3 +1,26 @@ +ifndef MBEDTLS_PATH +MBEDTLS_PATH := .. +endif + +GENERATED_FILES := \ + error.c version_features.c \ + ssl_debug_helpers_generated.c \ + psa_crypto_driver_wrappers.h \ + psa_crypto_driver_wrappers_no_static.c + +ifneq ($(GENERATED_FILES),$(wildcard $(GENERATED_FILES))) + ifeq (,$(wildcard $(MBEDTLS_PATH)/framework/exported.make)) + # Use the define keyword to get a multi-line message. + # GNU make appends ". Stop.", so tweak the ending of our message accordingly. + define error_message +$(MBEDTLS_PATH)/framework/exported.make not found. +Run `git submodule update --init` to fetch the submodule contents. +This is a fatal error + endef + $(error $(error_message)) + endif + include $(MBEDTLS_PATH)/framework/exported.make +endif # Also see "include/mbedtls/mbedtls_config.h" @@ -315,11 +338,6 @@ libmbedcrypto.dll: $(OBJS_CRYPTO) $(CC) $(LOCAL_CFLAGS) $(CFLAGS) -o $@ -c $< .PHONY: generated_files -GENERATED_FILES = \ - error.c version_features.c \ - ssl_debug_helpers_generated.c \ - psa_crypto_driver_wrappers.h \ - psa_crypto_driver_wrappers_no_static.c generated_files: $(GENERATED_FILES) # See root Makefile diff --git a/scripts/common.make b/scripts/common.make index 2714bcd327..9908a3c265 100644 --- a/scripts/common.make +++ b/scripts/common.make @@ -4,6 +4,18 @@ ifndef MBEDTLS_PATH MBEDTLS_PATH := .. endif +ifeq (,$(wildcard $(MBEDTLS_PATH)/framework/exported.make)) + # Use the define keyword to get a multi-line message. + # GNU make appends ". Stop.", so tweak the ending of our message accordingly. + define error_message +$(MBEDTLS_PATH)/framework/exported.make not found. +Run `git submodule update --init` to fetch the submodule contents. +This is a fatal error + endef + $(error $(error_message)) +endif +include $(MBEDTLS_PATH)/framework/exported.make + CFLAGS ?= -O2 WARNING_CFLAGS ?= -Wall -Wextra -Wformat=2 -Wno-format-nonliteral WARNING_CXXFLAGS ?= -Wall -Wextra -Wformat=2 -Wno-format-nonliteral diff --git a/tests/Makefile b/tests/Makefile index f82c267ac5..c2a0b84f07 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -208,6 +208,7 @@ define libtestdriver1_rewrite := s/\b(?=mbedtls_|psa_)/libtestdriver1_/g; endef +libtestdriver1.a: export MBEDTLS_PATH := $(patsubst ../..//%,/%,../../$(MBEDTLS_PATH)) libtestdriver1.a: # Copy the library and fake a 3rdparty Makefile include. rm -Rf ./libtestdriver1 diff --git a/tests/scripts/check_files.py b/tests/scripts/check_files.py index 4483f55737..d5a4b921e4 100755 --- a/tests/scripts/check_files.py +++ b/tests/scripts/check_files.py @@ -323,6 +323,7 @@ class TabIssueTracker(LineIssueTracker): ".make", ".pem", # some openssl dumps have tabs ".sln", + "/.gitmodules", "/Makefile", "/Makefile.inc", "/generate_visualc_files.pl", @@ -469,6 +470,7 @@ class IntegrityChecker: ] def setup_logger(self, log_file, level=logging.INFO): + """Log to log_file if provided, or to stderr if None.""" self.logger = logging.getLogger() self.logger.setLevel(level) if log_file: @@ -480,9 +482,19 @@ class IntegrityChecker: @staticmethod def collect_files(): + """Return the list of files to check. + + These are the regular files commited into Git. + """ bytes_output = subprocess.check_output(['git', 'ls-files', '-z']) bytes_filepaths = bytes_output.split(b'\0')[:-1] ascii_filepaths = map(lambda fp: fp.decode('ascii'), bytes_filepaths) + # Filter out directories. Normally Git doesn't list directories + # (it only knows about the files inside them), but there is + # at least one case where 'git ls-files' includes a directory: + # submodules. Just skip submodules (and any other directories). + ascii_filepaths = [fp for fp in ascii_filepaths + if os.path.isfile(fp)] # Prepend './' to files in the top-level directory so that # something like `'/Makefile' in fp` matches in the top-level # directory as well as in subdirectories. @@ -490,12 +502,17 @@ class IntegrityChecker: for fp in ascii_filepaths] def check_files(self): + """Check all files for all issues.""" for issue_to_check in self.issues_to_check: for filepath in self.collect_files(): if issue_to_check.should_check_file(filepath): issue_to_check.check_file_for_issue(filepath) def output_issues(self): + """Log the issues found and their locations. + + Return 1 if there were issues, 0 otherwise. + """ integrity_return_code = 0 for issue_to_check in self.issues_to_check: if issue_to_check.files_with_issues: