Add libjwt to third-party

The current STIR/SHAKEN implementation is not currently usable due to encryption issues. Rather than trying to futz with OpenSSL and the the current code, we can take advantage of the existing capabilities of libjwt but we first need to add it to the third-party infrastructure already in place for jansson and pjproject. A few tweaks were also made to the third-party infrastructure as a whole. The jansson "dest" install directory was renamed "dist" to better match convention, and the third-party Makefile was updated to clean all product directories not just the ones currently in use. Resolves: #349
2025-09-03 11:25:35 +00:00 · 2023-09-21 11:12:31 -06:00
parent b47200ddf0
commit 15ef050d0a
18 changed files with 565 additions and 52 deletions
--- a/third-party/libjwt/.gitignore
+++ b/third-party/libjwt/.gitignore
@@ -0,0 +1,4 @@
+source/
+dist/
+**.gz
+.rebuild_needed
--- a/third-party/libjwt/Makefile
+++ b/third-party/libjwt/Makefile
@@ -0,0 +1,124 @@
+.PHONY: all install clean distclean configure
+
+.NOTPARALLEL:
+
+include ../versions.mak
+export LIBJWT_DIR := $(shell pwd -P)
+JANSSON_DIR := $(shell realpath $(LIBJWT_DIR)/../jansson)
+
+SPECIAL_TARGETS :=
+
+ifneq ($(findstring configure,$(MAKECMDGOALS)),)
+# Run from $(ASTTOPDIR)/configure
+    SPECIAL_TARGETS += configure
+endif
+
+ifeq ($(findstring clean,$(MAKECMDGOALS)),clean)
+# clean or distclean
+    SPECIAL_TARGETS += clean
+endif
+
+ifeq ($(findstring uninstall,$(MAKECMDGOALS)),uninstall)
+    SPECIAL_TARGETS += uninstall
+endif
+
+
+ifneq ($(wildcard ../../makeopts),)
+    include ../../makeopts
+endif
+
+ifeq ($(SPECIAL_TARGETS),)
+# Run locally or from $(ASTTOPDIR)/Makefile.  All include files should be present
+    ifeq ($(wildcard ../../makeopts),)
+        $(error ASTTOPDIR/configure hasn't been run)
+    endif
+
+    ifeq ($(LIBJWT_BUNDLED),yes)
+        ifneq ($(wildcard ../../menuselect.makeopts),)
+            include ../../menuselect.makeopts
+        else
+            $(warning ASTTOPDIR/menuselect hasn't been run yet.  Can't find debug options.)
+        endif
+
+        all: dist/usr/lib/libjwt.a
+    else
+        all:
+    endif
+endif
+
+include ../../Makefile.rules
+include ../Makefile.rules
+include Makefile.rules
+
+OPTIMIZE_CFLAGS = -g3
+ifeq ($(findstring DONT_OPTIMIZE,$(MENUSELECT_CFLAGS)),)
+    OPTIMIZE_CFLAGS += $(OPTIMIZE)
+endif
+
+ECHO_PREFIX := $(ECHO_PREFIX) echo '[libjwt] '
+SHELL_ECHO_PREFIX := echo '[libjwt] '
+
+dist/usr/lib/libjwt.a: source/config.status
+	$(ECHO_PREFIX) Building bundled libjwt.
+	$(CMD_PREFIX) (cd source; make $(REALLY_QUIET))
+	$(CMD_PREFIX) (cd source; make install DESTDIR=$(LIBJWT_DIR)/dist $(REALLY_QUIET))
+ifeq ($(JANSSON_BUNDLED),yes)
+# Modules that need to use json manipulation functions will do
+# so through the ast_json wrappers which cause the main asterisk
+# executable to link to either the system implementation of jansson
+# or the bundled jansson.  libjwt also needs to call jansson functions
+# directly and if we're not using the bundled version of jansson,
+# this works fine bcause the dynamic linker can get the symbols
+# directly from the system-installed version of jansson when the
+# module using libjwt loads. If we're using bundled jansson however,
+# those symbols exist only in the main asterisk executable and a
+# library can't resolve against them. The result is that a module
+# making jwt_ calls will fail to load at runtime with unresolved
+# json_ symbols.  To address this, we create a combined library
+# containing both bundled libjwt and bundled jansson so a module
+# will have all symbols resolved correctly.
+	$(CMD_PREFIX) mv dist/usr/lib/libjwt.a dist/usr/lib/libjwt_orig.a
+	$(CMD_PREFIX) cd dist/usr/lib ; $(AR) -rcsT libjwt.a libjwt_orig.a \
+		$(JANSSON_DIR)/dist/usr/lib/libjansson.a
+endif
+
+.DELETE_ON_ERROR:
+
+$(DOWNLOAD_DIR)/$(TARBALL_FILE): ../versions.mak
+	$(CMD_PREFIX) ($(TARBALL_EXISTS) && $(TARBALL_VERIFY) && touch $@) || (rm -rf $@ ;\
+	$(TARBALL_DOWNLOAD)) || (rm -rf $@ ;\
+	$(SHELL_ECHO_PREFIX) Retrying download ; $(TARBALL_DOWNLOAD))
+
+source/.unpacked: $(DOWNLOAD_DIR)/$(TARBALL_FILE)
+	$(CMD_PREFIX) $(TARBALL_VERIFY) || (rm -rf $@ ;\
+	$(SHELL_ECHO_PREFIX) Retrying download ; $(TARBALL_DOWNLOAD))
+	$(ECHO_PREFIX) Unpacking $<
+	-@rm -rf source libjwt-*/ >/dev/null 2>&1
+	$(CMD_PREFIX) $(TAR) -xf $<
+	@mv libjwt-$(LIBJWT_VERSION) source
+	$(ECHO_PREFIX) Applying patches "$(realpath patches)" "$(realpath .)/source"
+	$(CMD_PREFIX) ../apply_patches $(QUIET_CONFIGURE) "$(realpath patches)" "$(realpath .)/source"
+	-@touch source/.unpacked
+
+.rebuild_needed: $(wildcard ../../.lastclean)
+	$(ECHO_PREFIX) Rebuilding
+	$(CMD_PREFIX) $(MAKE) clean $(REALLY_QUIET)
+
+source/config.status: source/.unpacked Makefile.rules .rebuild_needed
+	$(ECHO_PREFIX) Configuring
+	$(CMD_PREFIX) (cd source ; ./configure $(QUIET_CONFIGURE) $(LIBJWT_CONFIG_OPTS) --disable-shared \
+		--enable-static --prefix=/usr --libdir=/usr/lib CFLAGS="$(OPTIMIZE_CFLAGS) -fPIC")
+
+configure: source/config.status
+
+install:
+uninstall:
+
+clean:
+	$(ECHO_PREFIX) Cleaning
+	+-$(CMD_PREFIX) rm -rf dist
+	+-$(CMD_PREFIX) test -d source && $(SUBMAKE) -C source clean $(REALLY_QUIET) || :
+
+distclean:
+	$(ECHO_PREFIX) Distcleaning
+	-$(CMD_PREFIX) rm -rf dist source libjwt-*.tar.gz .rebuild_needed
--- a/third-party/libjwt/Makefile.rules
+++ b/third-party/libjwt/Makefile.rules
@@ -0,0 +1,9 @@
+
+PACKAGE_URL ?= https://raw.githubusercontent.com/asterisk/third-party/master/libjwt/$(LIBJWT_VERSION)
+TARBALL_FILE = libjwt-$(LIBJWT_VERSION).tar.gz
+
+# LIBJWT_CONFIGURE_OPTS could come from the command line or could be
+# set/modified by configure.m4 if the build or host tuples aren't the same
+# as the current build environment (cross-compile).
+
+LIBJWT_CONFIG_OPTS = --disable-doxygen-doc --disable-doxygen-dot --without-examples $(LIBJWT_CONFIGURE_OPTS)
--- a/third-party/libjwt/configure.m4
+++ b/third-party/libjwt/configure.m4
@@ -0,0 +1,95 @@
+#
+# If this file is changed, be sure to run ASTTOPDIR/bootstrap.sh
+# before committing.
+#
+
+AC_DEFUN([_LIBJWT_CONFIGURE],
+[
+	if test "${ac_mandatory_list#*LIBJWT*}" != "$ac_mandatory_list" ; then
+		AC_MSG_ERROR(--with-libjwt and --with-libjwt-bundled can't both be specified)
+	fi
+
+	ac_mandatory_list="$ac_mandatory_list LIBJWT"
+	LIBJWT_DIR="${ac_pwd}/third-party/libjwt"
+
+	AC_MSG_CHECKING(for embedded libjwt (may have to download))
+	AC_MSG_RESULT(configuring)
+
+	if test "x${DOWNLOAD_TO_STDOUT}" = "x" ; then
+		AC_MSG_ERROR(A download utility (wget, curl, or fetch) is required to download bundled libjwt)
+	fi
+	if test "${GZIP}" = ":" ; then
+		AC_MSG_ERROR(gzip is required to extract the libjwt tar file)
+	fi
+	if test "${TAR}" = ":" ; then
+		AC_MSG_ERROR(tar is required to extract the libjwt tar file)
+	fi
+	if test "${PATCH}" = ":" ; then
+		AC_MSG_ERROR(patch is required to configure bundled libjwt)
+	fi
+	if test "${SED}" = ":" ; then
+		AC_MSG_ERROR(sed is required to configure bundled libjwt)
+	fi
+	if test "${NM}" = ":" ; then
+		AC_MSG_ERROR(nm is required to build bundled libjwt)
+	fi
+	if test "${MD5}" = ":" ; then
+		AC_MSG_ERROR(md5sum is required to build bundled libjwt)
+	fi
+	if test "${CAT}" = ":" ; then
+		AC_MSG_ERROR(cat is required to build bundled libjwt)
+	fi
+	if test "${CUT}" = ":" ; then
+		AC_MSG_ERROR(cut is required to build bundled libjwt)
+	fi
+	if test "${GREP}" = ":" ; then
+		AC_MSG_ERROR(grep is required to build bundled libjwt)
+	fi
+
+	AC_ARG_VAR([LIBJWT_CONFIGURE_OPTS],[Additional configure options to pass to bundled libjwt])
+	this_host=$(./config.sub $(./config.guess))
+	if test "$build" != "$this_host" ; then
+		LIBJWT_CONFIGURE_OPTS+=" --build=$build_alias"
+	fi
+	if test "$host" != "$this_host" ; then
+		LIBJWT_CONFIGURE_OPTS+=" --host=$host_alias"
+	fi
+
+	export TAR PATCH SED NM EXTERNALS_CACHE_DIR AST_DOWNLOAD_CACHE DOWNLOAD_TO_STDOUT DOWNLOAD_TIMEOUT DOWNLOAD MD5 CAT CUT GREP
+	export NOISY_BUILD
+	export JANSSON_CFLAGS
+	export JANSSON_LIBS="${JANSSON_LIB}"
+	${GNU_MAKE} --quiet --no-print-directory -C ${LIBJWT_DIR} \
+		LIBJWT_CONFIGURE_OPTS="$LIBJWT_CONFIGURE_OPTS" \
+		EXTERNALS_CACHE_DIR="${EXTERNALS_CACHE_DIR:-${AST_DOWNLOAD_CACHE}}" \
+		configure
+	if test $? -ne 0 ; then
+		AC_MSG_RESULT(failed)
+		AC_MSG_NOTICE(Unable to configure ${LIBJWT_DIR})
+		AC_MSG_ERROR(Re-run the ./configure command with 'NOISY_BUILD=yes' appended to see error details.)
+	fi
+
+	AC_MSG_CHECKING(for bundled libjwt)
+
+	LIBJWT_INCLUDE=-I${LIBJWT_DIR}/dist/usr/include
+	LIBJWT_CFLAGS="$LIBJWT_INCLUDE"
+	LIBJWT_LIB="-L${LIBJWT_DIR}/dist/usr/lib -ljwt"
+	PBX_LIBJWT=1
+
+	# We haven't run install yet
+
+	AC_SUBST([LIBJWT_BUNDLED])
+	AC_SUBST([PBX_LIBJWT])
+	AC_SUBST([LIBJWT_LIB])
+	AC_SUBST([LIBJWT_INCLUDE])
+	AC_MSG_RESULT(yes)
+	AC_DEFINE([HAVE_LIBJWT_BUNDLED], 1, [Define if your system has LIBJWT_BUNDLED])
+])
+
+AC_DEFUN([LIBJWT_CONFIGURE],
+[
+	if test "$LIBJWT_BUNDLED" = "yes" ; then
+		_LIBJWT_CONFIGURE()
+	fi
+])
+
--- a/third-party/libjwt/libjwt-1.15.3.tar.gz.md5
+++ b/third-party/libjwt/libjwt-1.15.3.tar.gz.md5
@@ -0,0 +1 @@
+f417ef3fe6ee14c0befd86e6836dc4c9  libjwt-1.15.3.tar.gz
--- a/third-party/libjwt/patches/README
+++ b/third-party/libjwt/patches/README
@@ -0,0 +1,4 @@
+Patches should be added here once merged to the upstream libjwt project at
+https://github.com/benmcollins/libjwt.  Patch filenames should be generated by
+running 'git format-patch ...' from the libjwt repository, then
+copying the required patches to this folder.
				`@@ -0,0 +1 @@`
				`f417ef3fe6ee14c0befd86e6836dc4c9 libjwt-1.15.3.tar.gz`