On Fri, Jul 10, 2026 at 09:51:12AM +0200, Luc Michel wrote:
> c4b3d0074 removed the check that nettle or gcrypt were explicitly
> requested as the crypto library to use, breaking the --enable-nettle and
> --enable-gcrypt options. Re-add the check.
>
> Fixes: c4b3d0074 (crypto: bump min gnutls to 3.7.5)
> Signed-off-by: Luc Michel <luc.michel@amd.com>
> ---
> meson.build | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/meson.build b/meson.build
> index 164328ded83..475c5922030 100644
> --- a/meson.build
> +++ b/meson.build
> @@ -1809,10 +1809,15 @@ crypto_sm3 = not_found
>
> if get_option('nettle').enabled() and get_option('gcrypt').enabled()
> error('Only one of gcrypt & nettle can be enabled')
> endif
>
> +# Explicit nettle/gcrypt request, so ignore gnutls for crypto
> +if get_option('nettle').enabled() or get_option('gcrypt').enabled()
> + gnutls = not_found
> +endif
> +
> if not gnutls.found()
This is not sufficient - if --enable-nettle is given this logic
will fully disable all use of gnutls. We need to retain the use
of nettle for TLS APIs, but exclude it for crypto APIs.
IOW, we need to revert more of c4b3d0074 - can you also bring
back the lines that set the 'gnutls_crypto' variable, so we
can disable gnutls for crypto only, not TLS>
> if (not get_option('gcrypt').auto() or have_system) and not get_option('nettle').enabled()
> gcrypt = dependency('libgcrypt', version: '>=1.9.4',
> required: get_option('gcrypt'))
> # Debian has removed -lgpg-error from libgcrypt-config
> --
> 2.53.0
>
With regards,
Daniel
--
|: https://berrange.com ~~ https://hachyderm.io/@berrange :|
|: https://libvirt.org ~~ https://entangle-photo.org :|
|: https://pixelfed.art/berrange ~~ https://fstop138.berrange.com :|