Open geiseri opened 5 months ago
dg0yt
commented
5 months ago you cannot disable the
opensslfeature due to #35694.
This is not right. You just have to be very explicit, and and there must be no reverse dependencies which prevent your choice.
Add a schannel feature flag that will disable OpenSSL ...
Provide a "negative" feature flag that would disable the openssl option ...
Features must be additive. Downstreams cannot take away what other downstream requested.
geiseri
commented
5 months ago This is not right. You just have to be very explicit, and and there must be no reverse dependencies which prevent your choice.
I am not sure I follow here. I am using manifest mode and adding qtactiveqt into the project, so that depends on qtbase as such it uses default features, and ignores my setting.
If features must be additive then it seems to me that "Option 1" would be the best bet since on Windows it would seem that OpenSSL would be redundant.
geiseri
commented
5 months ago Here is how I came to that conclusion:
PS C:\Users\geiseri\vcpkg> .\vcpkg.exe depend-info qtactiveqt
vcpkg-cmake:
vcpkg-cmake-config:
vcpkg-tool-meson:
zlib: vcpkg-cmake
brotli: vcpkg-cmake, vcpkg-cmake-config
bzip2[tool]: vcpkg-cmake
egl-registry:
libpng: vcpkg-cmake, vcpkg-cmake-config, zlib
pkgconf: vcpkg-tool-meson
vcpkg-cmake-get-vars: vcpkg-cmake
freetype[brotli, bzip2, zlib, png]: brotli, bzip2, libpng, vcpkg-cmake, vcpkg-cmake-config, zlib
lz4: vcpkg-cmake, vcpkg-cmake-config
opengl-registry: egl-registry
openssl: vcpkg-cmake, vcpkg-cmake-config, vcpkg-cmake-get-vars
vcpkg-pkgconfig-get-modules: pkgconf
double-conversion: vcpkg-cmake, vcpkg-cmake-config
harfbuzz[freetype]: freetype, vcpkg-tool-meson
icu[tools]:
libjpeg-turbo: vcpkg-cmake, vcpkg-cmake-config
libpq[lz4, openssl, zlib]: lz4, openssl, vcpkg-cmake-get-vars, vcpkg-pkgconfig-get-modules, zlib
opengl: opengl-registry
pcre2[platform-default-features, jit]: vcpkg-cmake, vcpkg-cmake-config
sqlite3[json1]: vcpkg-cmake, vcpkg-cmake-config
zstd: vcpkg-cmake, vcpkg-cmake-config
qtbase[brotli, concurrent, default-features, sql-sqlite, freetype, jpeg, dbus, gui, doubleconversion, harfbuzz, icu, network, opengl, openssl, pcre2, png, sql, sql-psql, testlib, thread, widgets, zstd]: brotli, double-conversion, freetype, harfbuzz, icu, libjpeg-turbo, libpng, libpq, opengl, openssl, pcre2, sqlite3, vcpkg-cmake, vcpkg-cmake-config, zlib, zstd
qtactiveqt: qtbaseIs that understanding incorrect?
dg0yt
commented
5 months ago I am using manifest mode and adding
qtactiveqtinto the project, so that depends onqtbaseas such it uses default features, and ignores my setting.
Show your manifest.
The point of default-features is that they are enabled if you don't ask for something else.
Here, you would also need to add qtbase with "default-features": false to your manifest (aka top-level manifest). It is under your control.
PS C:\Users\geiseri\vcpkg> .\vcpkg.exe depend-info qtactiveqt
depend-info used to be very restricted. My recent contributions, part of the next tool update, will allow a more elaborate request:
$ ./vcpkg.mine depend-info qtactiveqt qtbase[core] --host-triplet x64-windows
vcpkg-cmake:
vcpkg-cmake-config:
egl-registry:
zlib: vcpkg-cmake
brotli: vcpkg-cmake, vcpkg-cmake-config
bzip2[tool]: vcpkg-cmake
libpng: vcpkg-cmake, vcpkg-cmake-config, zlib
opengl-registry: egl-registry
double-conversion: vcpkg-cmake, vcpkg-cmake-config
freetype[png, bzip2, zlib, brotli]: brotli, bzip2, libpng, vcpkg-cmake, vcpkg-cmake-config, zlib
opengl: opengl-registry
pcre2[platform-default-features, jit]: vcpkg-cmake, vcpkg-cmake-config
qtbase[thread, gui, widgets, freetype, doubleconversion]: double-conversion, freetype, opengl, pcre2, vcpkg-cmake, vcpkg-cmake-config, zlib
qtactiveqt: qtbaseIn the meantime, you can try
vcpkg install --dry-run qtactiveqt qtbase[core] --host-triplet x64-windowsHere is my current manifest:
{
"name": "hive-windows-client",
"version-string": "v1.3.5",
"dependencies": [
{
"name": "qtbase",
"default-features": false,
"features": [
"concurrent",
"doubleconversion",
"freetype",
"gui",
"harfbuzz",
"icu",
"jpeg",
"network",
"opengl",
"pcre2",
"png",
"testlib",
"thread",
"widgets",
"zstd"
]
},
"qtimageformats",
"qtactiveqt",
"qtsvg",
"qtwebsockets",
"atlmfc",
"magic-enum",
{
"name": "spdlog",
"features": [
"wchar"
]
},
"cppwinrt",
"fmt",
"simonbrunel-qtpromise"
]
}So if I run the vcpkg install with those deps I see:
PS C:\Users\geiseri\vcpkg> .\vcpkg.exe install --dry-run qtactiveqt qtbase[core] qtimageformats qtwebsockets qtsvg atlmfc magic-enum spdlog[wchar] cppwinrt fmt simonbrunel-qtpromise --host-triplet x64-windows
Computing installation plan...
The following packages will be built and installed:
* atl:x64-windows@0
atlmfc:x64-windows@0#3
* brotli:x64-windows@1.1.0#1
* bzip2[core,tool]:x64-windows@1.0.8#5
cppwinrt:x64-windows@2.0.240111.5
* double-conversion:x64-windows@3.3.0
* egl-registry:x64-windows@2024-01-25
fmt:x64-windows@10.2.1#2
* freeglut:x64-windows@3.4.0#1
* freetype[brotli,bzip2,core,png,zlib]:x64-windows@2.13.2#1
* harfbuzz[core,freetype]:x64-windows@8.4.0
* icu[core,tools]:x64-windows@74.2#1
* jasper[core,default-features,opengl]:x64-windows@4.2.1
* libjpeg-turbo:x64-windows@3.0.2
* liblzma:x64-windows@5.4.4
* libpng:x64-windows@1.6.43
* libpq[core,lz4,openssl,zlib]:x64-windows@16.2#1
* libwebp[core,libwebpmux,nearlossless,simd,unicode]:x64-windows@1.3.2
* lz4:x64-windows@1.9.4#1
magic-enum:x64-windows@0.9.5
* opengl:x64-windows@2022-12-04#3
* opengl-registry:x64-windows@2024-02-10#1
* openssl:x64-windows@3.2.1#2
* pcre2[core,jit,platform-default-features]:x64-windows@10.42#2
* pkgconf:x64-windows@2.2.0
qtactiveqt:x64-windows@6.6.1
qtbase[brotli,concurrent,core,dbus,default-features,doubleconversion,freetype,gui,harfbuzz,icu,jpeg,network,opengl,openssl,pcre2,png,sql,sql-psql,sql-sqlite,testlib,thread,widgets,zstd]:x64-windows@6.6.1#12
qtimageformats[core,default-features,jasper,tiff,webp]:x64-windows@6.6.1#1
qtsvg:x64-windows@6.6.1#1
qtwebsockets:x64-windows@6.6.1#1
simonbrunel-qtpromise:x64-windows@0.7.0
spdlog[core,wchar]:x64-windows@1.13.0#1
* sqlite3[core,json1]:x64-windows@3.45.2
* tiff[core,jpeg,lzma,zip]:x64-windows@4.6.0#4
* vcpkg-cmake:x64-windows@2023-05-04
* vcpkg-cmake-config:x64-windows@2022-02-06#1
* vcpkg-cmake-get-vars:x64-windows@2023-12-31
* vcpkg-pkgconfig-get-modules:x64-windows@2023-09-06
* vcpkg-tool-meson:x64-windows@1.3.2#2
* zlib:x64-windows@1.3.1
* zstd:x64-windows@1.5.5#2
Additional packages (*) will be modified to complete this operation.So after some mucking around I discovered that simonbrunel-qtpromise is the offender.
If I understand correctly it would be because it has
"dependencies": [
"qtbase",
{
"name": "vcpkg-cmake",
"host": true
}
]and not
"dependencies": [
{
"name": "qtbase",
"default-features": false
{
"name": "vcpkg-cmake",
"host": true
}
]Indeed, simonbrunel-qtpromise is a port which prevents the choice. And it shouldn't.
Is your feature request related to a problem? Please describe.
I am shipping on windows so I can use the
schannelTLS backend instead of theopensslbackend. Right now no matter what the OpenSSL libraries are shipped since you cannot disable theopensslfeature due to #35694. While not normally an issue I would prefer to not have OpenSSL libraries in the final package because it causes customers "automated vulnerability scans" to trip every few months. Currently I have a step to manually delete the files from the install root before it is packaged.Proposed solution
This could be attacked one of three ways:
securetransporton iOS. (Windows would always have schannel and Qt will autodetect that fact and compile it as long as nothing else disables it.)schannelfeature flag that will disable OpenSSL and enableschannelsimilar to how thesecuretransportfeature flag works. (At least would give developers an option to explicitly use one or the other. Not sure if they would ever want both.)testilbandsql)Describe alternatives you've considered
I just copied the port files locally and removed openssl.
Additional context
No response