OpenSSL compatible ./config wrapper

[technion]

OpenSSL, for some reason, uses the ./config command to prepare its installation. This script is called directly by at least one application.

I have operated Nginx 1.7.5 linked statically against Libressl-portable on CentOS 6.5, and this is the one issue that currently needs patching out as part of that process.

By adding the thin wrapper included in this PR, libressl-portable becomes truly "drop-in" for this scenario and, I would imagine, many others.

[busterb]

I presume there are other 'no-*' arguments that come along for the ride in this script, that are ignored by ./configure. Is this an issue?

Could you rework it is a whitelist than a blacklist, so only options that actually do something get passed (for other users of the script). Otherwise, you may be playing sed whack-a-mole.

[technion]

Thanks for this feedback.

There are definitely no other commands "ignored" - the reason for the 'sed' is that ./configure just fails and dies when it sees input it doesn't like, like 'no-shared' (therefore, for anything that compiles, it's not an issue).

The ./config script accepts --prefix which I've had it pass directly onto ./configure to set the directory correctly.

I can't imagine what, other than --prefix, would ever be a wanted option in the whitelist, but I took this path because it felt safer at the time. I'm noting a lot of the options, like "no-srp" and "no-ssl3" would clearly be useless against LibreSSL, so I'll work on a whitelist edition.

[technion]

I've written a whitelist based model. Here's an example call based on as many commands as I could find on the OpenSSL wiki:

$ ./config --prefix=/tmp/install no-threads no-shared -DOPENSSL_NO_HEARTBEATS no-idea

It shows in the config.log with:
Invocation command line was
$ ./configure --prefix=/tmp/install

And the Makefile contains this:
Makefile:CFLAGS = -DOPENSSL_NO_HEARTBEATS

I'm fully aware OPENSSL_NO_HEARTBEATS should refer to non-existent code in LibreSSL, but that was the only define I found in the wiki and I'm aware there are hundreds.

[technion]

After this extra commit, the same command produces this in config.log:
$ ./configure --enable-shared=no --prefix=/tmp/install

[busterb]

Cool. I like the idea, but those regexes seem to be the wrong tool for the job. The --prefix regex doesn't actually work with OpenBSD's sed, and might not support paths with spaces. I think we should also mask any passed CFLAGS definitions, since those are unlikely to have the expected effect in LibreSSL compared to OpenSSL.

How about something like this, which does not require any external commands, and adds support for no-asm as well. If it works for you, I could commit this.

#!/bin/sh
ARGS=""
for var in "$@"; do
    case $var in
        no-shared ) ARGS="$ARGS --disable-shared";;
        no-asm    ) ARGS="$ARGS --disable-asm";;
        --prefix* ) ARGS="$ARGS $var";;
    esac
done

./configure $ARGS

[technion]

Hi Busterb,

No problems, that would totally work also, it would be great if that got committed.

Frankly, the sed had already hit a point where, from a code point of view, I kept verging on rewriting in Perl, but didn't want to introduce that into the codebase.

[technion]

I've tested the script given and can confirm it produces a correct config.log, containing:

$ ./configure --enable-shared=no --prefix=/tmp/install

I've rebased to this, and confirmed that "make test" passes based on the above configuration call.

[busterb]

Thank you, 1c55919