Avoid overwriting tls headers in submodule mode

When crypto is embedded as a submodule and the cmake build system is used, it would previously overwrite some header files installed by tls. Most of them are harmless (since they should be identical), but config.h is a special case. tls's and crypto's config.h files differ widely in scope and overwriting the more general, bigger config.h file from tls with crypto's smaller one will make a lot of features unavailable in programs using tls. Let's just avoid overwriting any tls header in submodule mode. Note that this will not fix the potential issue that crypto might be using a different configuration than tls in the submodule case. Fixes Mbed-TLS/mbedtls#2965
Ionic · Jan 16, 2020 · de35f31 · de35f31
1 parent d27a884
commit de35f31
Showing 1 changed file with 13 additions and 0 deletions.
diff --git a/include/CMakeLists.txt b/include/CMakeLists.txt
@@ -5,6 +5,19 @@ if(INSTALL_MBEDTLS_HEADERS)
     file(GLOB headers "mbedtls/*.h")
     file(GLOB psa_headers "psa/*.h")
 
+    if(USE_CRYPTO_SUBMODULE)
+        # Don't overwrite mbedtls's header files!
+        # config.h is supposed to be automatically checked for compatibility
+        # in automatic builds, while the other files should not just be
+        # compatible, but also identical in theory.
+        # Practically, we don't check that in crypto but just assume that the
+        # submodule configuration is sane and trust tls's headers.
+        list(REMOVE_ITEM headers    "${CMAKE_CURRENT_SOURCE_DIR}/mbedtls/compat-1.3.h"
+                                    "${CMAKE_CURRENT_SOURCE_DIR}/mbedtls/config.h"
+                                    "${CMAKE_CURRENT_SOURCE_DIR}/mbedtls/error.h"
+                                    "${CMAKE_CURRENT_SOURCE_DIR}/mbedtls/version.h")
+    endif(USE_CRYPTO_SUBMODULE)
+
     install(FILES ${headers}
         DESTINATION include/mbedtls
         PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ)