[squid-dev] [PATCH] search for header files in well-known local directories

Amos Jeffries squid3 at treenet.co.nz
Mon Jan 4 05:38:25 UTC 2016


On 4/01/2016 12:14 a.m., Kinkie wrote:
> Hi,
>   the attached patch for configure.ac tries to locate local header
> files in system-local directories.
> It fixes the build on MacOS/MacPorts which places GnuTLS headers in
> /opt/local/include.
> The search is not performed if the builder predefines CPPFLAGS.
> 

-1. Do not do this. For several reasons:

** CPPFLAGS/CXXFLAGS is the variable for user definitions. AM_CXXFLAGS
is the one we should be editing - or in our configure logics
SQUID_CXXFLAGS is the one for automated flags.

However, even with that the /opt sub-directories are reserved for local
administrative use by FHS...

** These directories may contain a mix of alternatives for other
(non-GnuTLS) Squid dependencies that the builder does *not* want to link
against.

** Including library builds placed there by other user accounts that
could result in Squid binaries being injected with malicious code. It is
a rarity, but when dealing with /opt/* is within the security
vulnerabilities to account for.

The auto-conf design for using custom directories (such as these /opt
areas) is that the builder supplies the pth parameter
(--with-gnutls=/opt/local/gnutls) when such local customized installs
are to be used.

** the pkg-config lookup for GnuTLS should be automatically adding the
correct -I path lookup if the library is installed automatically in that
area.

** If this is a consistent location problem with the *normal* GnuTLS
package on MacOS we should have a specific check for it at the (one?)
path it is known to install under. Around line 1252 in configure.ac for
use when pkg-config fails or unavailable.

Amos



More information about the squid-dev mailing list