[Cmake-commits] CMake branch, next, updated. v2.8.9-491-g35bd47b
Brad King
brad.king at kitware.com
Tue Sep 11 15:35:22 EDT 2012
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "CMake".
The branch, next has been updated
via 35bd47bd36b7baad3690804792982bc89226e40c (commit)
via 4bcd84e65ad2f792c549989b9d773191ad75e5eb (commit)
via e1c89f08bb78127e20383bffb3d28dfccbe816a0 (commit)
from 17139b90f7c0889496bbb4affcc39b40697f664a (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
http://cmake.org/gitweb?p=cmake.git;a=commitdiff;h=35bd47bd36b7baad3690804792982bc89226e40c
commit 35bd47bd36b7baad3690804792982bc89226e40c
Merge: 17139b9 4bcd84e
Author: Brad King <brad.king at kitware.com>
AuthorDate: Tue Sep 11 15:35:21 2012 -0400
Commit: CMake Topic Stage <kwrobot at kitware.com>
CommitDate: Tue Sep 11 15:35:21 2012 -0400
Merge topic 'file-download-verify' into next
4bcd84e Utilities/Release: Enable CMAKE_USE_OPENSSL in nightly binaries
e1c89f0 file(DOWNLOAD): Add options for SSL
http://cmake.org/gitweb?p=cmake.git;a=commitdiff;h=4bcd84e65ad2f792c549989b9d773191ad75e5eb
commit 4bcd84e65ad2f792c549989b9d773191ad75e5eb
Author: Bill Hoffman <bill.hoffman at kitware.com>
AuthorDate: Fri Sep 7 15:30:19 2012 -0400
Commit: Brad King <brad.king at kitware.com>
CommitDate: Tue Sep 11 15:35:09 2012 -0400
Utilities/Release: Enable CMAKE_USE_OPENSSL in nightly binaries
diff --git a/Utilities/Release/dash2win64_release.cmake b/Utilities/Release/dash2win64_release.cmake
index fb82de0..6d1ac76 100644
--- a/Utilities/Release/dash2win64_release.cmake
+++ b/Utilities/Release/dash2win64_release.cmake
@@ -8,6 +8,7 @@ set(CPACK_SOURCE_GENERATORS "ZIP")
set(MAKE_PROGRAM "make")
set(MAKE "${MAKE_PROGRAM} -j8")
set(INITIAL_CACHE "CMAKE_BUILD_TYPE:STRING=Release
+CMAKE_USE_OPENSSL:BOOL=ON
CMAKE_SKIP_BOOTSTRAP_TEST:STRING=TRUE
CMAKE_Fortran_COMPILER:FILEPATH=FALSE
CMAKE_GENERATOR:INTERNAL=Unix Makefiles
diff --git a/Utilities/Release/dashmacmini2_release.cmake b/Utilities/Release/dashmacmini2_release.cmake
index 3e6b049..5e57a70 100644
--- a/Utilities/Release/dashmacmini2_release.cmake
+++ b/Utilities/Release/dashmacmini2_release.cmake
@@ -9,6 +9,10 @@ set(CPACK_BINARY_GENERATORS "PackageMaker TGZ TZ")
set(INITIAL_CACHE "
CMAKE_BUILD_TYPE:STRING=Release
CMAKE_OSX_ARCHITECTURES:STRING=ppc;i386
+CMAKE_USE_OPENSSL:BOOL=ON
+OPENSSL_CRYPTO_LIBRARY:FILEPATH=/Users/kitware/openssl-1.0.1c-install/lib/libcrypto.a
+OPENSSL_INCLUDE_DIR:PATH=/Users/kitware/openssl-1.0.1c-install/include
+OPENSSL_SSL_LIBRARY:FILEPATH=/Users/kitware/openssl-1.0.1c-install/lib/libssl.a
CMAKE_SKIP_BOOTSTRAP_TEST:STRING=TRUE
CPACK_SYSTEM_NAME:STRING=Darwin-universal
BUILD_QtDialog:BOOL=TRUE
diff --git a/Utilities/Release/dashmacmini5_release.cmake b/Utilities/Release/dashmacmini5_release.cmake
index bd93a87..36b0952 100644
--- a/Utilities/Release/dashmacmini5_release.cmake
+++ b/Utilities/Release/dashmacmini5_release.cmake
@@ -8,6 +8,10 @@ set(MAKE "${MAKE_PROGRAM} -j5")
set(CPACK_BINARY_GENERATORS "PackageMaker TGZ TZ")
set(CPACK_SOURCE_GENERATORS "TGZ TZ")
set(INITIAL_CACHE "
+CMAKE_USE_OPENSSL:BOOL=ON
+OPENSSL_CRYPTO_LIBRARY:FILEPATH=/Users/kitware/openssl-1.0.1c-install/lib/libcrypto.a
+OPENSSL_INCLUDE_DIR:PATH=/Users/kitware/openssl-1.0.1c-install/include
+OPENSSL_SSL_LIBRARY:FILEPATH=/Users/kitware/openssl-1.0.1c-install/lib/libssl.a
CMAKE_BUILD_TYPE:STRING=Release
CMAKE_OSX_ARCHITECTURES:STRING=x86_64;i386
CMAKE_OSX_DEPLOYMENT_TARGET:STRING=10.5
diff --git a/Utilities/Release/magrathea_release.cmake b/Utilities/Release/magrathea_release.cmake
index 60c1a88..4783fda 100644
--- a/Utilities/Release/magrathea_release.cmake
+++ b/Utilities/Release/magrathea_release.cmake
@@ -10,6 +10,10 @@ CMAKE_BUILD_TYPE:STRING=Release
CURSES_LIBRARY:FILEPATH=/usr/i686-gcc-332s/lib/libncurses.a
CURSES_INCLUDE_PATH:PATH=/usr/i686-gcc-332s/include/ncurses
FORM_LIBRARY:FILEPATH=/usr/i686-gcc-332s/lib/libform.a
+CMAKE_USE_OPENSSL:BOOL=ON
+OPENSSL_CRYPTO_LIBRARY:FILEPATH=/home/kitware/openssl-1.0.1c-install/lib/libcrypto.a
+OPENSSL_INCLUDE_DIR:PATH=/home/kitware/openssl-1.0.1c-install/include
+OPENSSL_SSL_LIBRARY:FILEPATH=/home/kitware/openssl-1.0.1c-install/lib/libssl.a
CPACK_SYSTEM_NAME:STRING=Linux-i386
BUILD_QtDialog:BOOL:=TRUE
QT_QMAKE_EXECUTABLE:FILEPATH=/home/kitware/qt-4.43-install/bin/qmake
http://cmake.org/gitweb?p=cmake.git;a=commitdiff;h=e1c89f08bb78127e20383bffb3d28dfccbe816a0
commit e1c89f08bb78127e20383bffb3d28dfccbe816a0
Author: Bill Hoffman <bill.hoffman at kitware.com>
AuthorDate: Tue Aug 21 18:41:24 2012 -0400
Commit: Brad King <brad.king at kitware.com>
CommitDate: Tue Sep 11 15:34:54 2012 -0400
file(DOWNLOAD): Add options for SSL
Add the ability to request that downloads disable or enable Certificate
Authority checking with https ssl downloads. When the option to verify
the servers CA is disabled, one may verify download contents with SHA
hashes.
diff --git a/Source/cmFileCommand.cxx b/Source/cmFileCommand.cxx
index b0c1070..bb12980 100644
--- a/Source/cmFileCommand.cxx
+++ b/Source/cmFileCommand.cxx
@@ -2667,6 +2667,9 @@ cmFileCommand::HandleDownloadCommand(std::vector<std::string> const& args)
long inactivity_timeout = 0;
std::string verboseLog;
std::string statusVar;
+ std::string caFile;
+ bool checkSSL = false;
+ bool verifySSL = false;
std::string expectedHash;
std::string hashMatchMSG;
cmsys::auto_ptr<cmCryptoHash> hash;
@@ -2720,6 +2723,33 @@ cmFileCommand::HandleDownloadCommand(std::vector<std::string> const& args)
}
statusVar = *i;
}
+ else if(*i == "SSL_VERIFY")
+ {
+ ++i;
+ if(i != args.end())
+ {
+ verifySSL = cmSystemTools::IsOn(i->c_str());
+ checkSSL = true;
+ }
+ else
+ {
+ this->SetError("SSL_VERIFY missing bool value.");
+ return false;
+ }
+ }
+ else if(*i == "SSL_CAINFO_FILE")
+ {
+ ++i;
+ if(i != args.end())
+ {
+ caFile = *i;
+ }
+ else
+ {
+ this->SetError("SSL_CAFILE missing file value.");
+ return false;
+ }
+ }
else if(*i == "EXPECTED_MD5")
{
++i;
@@ -2835,6 +2865,43 @@ cmFileCommand::HandleDownloadCommand(std::vector<std::string> const& args)
cmFileCommandCurlDebugCallback);
check_curl_result(res, "DOWNLOAD cannot set debug function: ");
+ // check to see if SSL verification is requested
+ const char* verifyValue =
+ this->Makefile->GetDefinition("CMAKE_CURLOPT_SSL_VERIFYPEER");
+ // if there is a cmake variable or if the command has SSL_VERIFY requested
+ if(verifyValue || checkSSL)
+ {
+ // the args to the command come first
+ bool verify = verifySSL;
+ if(!verify && verifyValue)
+ {
+ verify = cmSystemTools::IsOn(verifyValue);
+ }
+ if(verify)
+ {
+ res = ::curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 1);
+ check_curl_result(res, "Unable to set SSL Verify on: ");
+ }
+ else
+ {
+ res = ::curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0);
+ check_curl_result(res, "Unable to set SSL Verify off: ");
+ }
+ }
+ // check to see if a CAINFO file has been specified
+ const char* cainfo =
+ this->Makefile->GetDefinition("CMAKE_CURLOPT_CAINFO_FILE");
+ // command arg comes first
+ if(caFile.size())
+ {
+ cainfo = caFile.c_str();
+ }
+ if(cainfo)
+ {
+ res = ::curl_easy_setopt(curl, CURLOPT_CAINFO, cainfo);
+ check_curl_result(res, "Unable to set SSL Verify CAINFO: ");
+ }
+
cmFileCommandVectorOfChar chunkDebug;
res = ::curl_easy_setopt(curl, CURLOPT_WRITEDATA, (void *)&fout);
diff --git a/Source/cmFileCommand.h b/Source/cmFileCommand.h
index ca2bdfd..413e2f4 100644
--- a/Source/cmFileCommand.h
+++ b/Source/cmFileCommand.h
@@ -84,7 +84,8 @@ public:
" file(DOWNLOAD url file [INACTIVITY_TIMEOUT timeout]\n"
" [TIMEOUT timeout] [STATUS status] [LOG log] [SHOW_PROGRESS]\n"
" [EXPECTED_HASH MD5|SHA1|SHA224|SHA256|SHA384|SHA512 hash]\n"
- " [EXPECTED_MD5 sum])\n"
+ " [EXPECTED_MD5 sum]\n"
+ " [SSL_VERIFY on|off] [SSL_CAINFO_FILE file])\n"
" file(UPLOAD filename url [INACTIVITY_TIMEOUT timeout]\n"
" [TIMEOUT timeout] [STATUS status] [LOG log] [SHOW_PROGRESS])\n"
"WRITE will write a message into a file called 'filename'. It "
@@ -175,6 +176,14 @@ public:
"(EXPECTED_MD5 is short-hand for EXPECTED_HASH MD5.) "
"If SHOW_PROGRESS is specified, progress information will be printed "
"as status messages until the operation is complete. "
+ "For https URLs CMake must be built with OpenSSL. "
+ "SSL certificates are not checked by default. "
+ "Set SSL_VERIFY to ON to check certificates and/or use "
+ "EXPECTED_HASH to verify downloaded content. "
+ "Set SSL_CAINFO_FILE to specify a custom Certificate Authority file. "
+ "If either SSL option is not given CMake will check variables "
+ "CMAKE_CURLOPT_SSL_VERIFYPEER and CMAKE_CURLOPT_CAINFO_FILE, "
+ "respectively."
"\n"
"UPLOAD will upload the given file to the given URL. "
"If LOG var is specified a log of the upload will be put in var. "
-----------------------------------------------------------------------
Summary of changes:
hooks/post-receive
--
CMake
More information about the Cmake-commits
mailing list