diff options
-rw-r--r-- | Modules/ExternalProject.cmake | 58 | ||||
-rw-r--r-- | Modules/ExternalProject/gitclone.cmake.in | 6 | ||||
-rw-r--r-- | Modules/ExternalProject/gitupdate.cmake.in | 4 |
3 files changed, 54 insertions, 14 deletions
diff --git a/Modules/ExternalProject.cmake b/Modules/ExternalProject.cmake index bac126c..574b339 100644 --- a/Modules/ExternalProject.cmake +++ b/Modules/ExternalProject.cmake @@ -232,7 +232,12 @@ External Project Definition measure. .. versionchanged:: 3.6 - This option also applies to ``git clone`` invocations. + This option also applies to ``git clone`` invocations, although the + default behavior is different. If ``TLS_VERIFY`` is not given and + :variable:`CMAKE_TLS_VERIFY` is not set, the behavior will be + determined by git's defaults. Normally, the ``sslVerify`` git + config setting defaults to true, but the user may have overridden + this at a global level. ``TLS_CAINFO <file>`` Specify a custom certificate authority file to use if ``TLS_VERIFY`` @@ -1328,6 +1333,8 @@ function(_ep_write_gitclone_script message(FATAL_ERROR "Tag for git checkout should not be empty.") endif() + set(git_submodules_config_options "") + if(GIT_VERSION_STRING VERSION_LESS 2.20 OR 2.21 VERSION_LESS_EQUAL GIT_VERSION_STRING) set(git_clone_options "--no-checkout") @@ -1350,18 +1357,26 @@ function(_ep_write_gitclone_script if(NOT ${git_remote_name} STREQUAL "origin") list(APPEND git_clone_options --origin \"${git_remote_name}\") endif() + if(NOT "x${tls_verify}" STREQUAL "x") + # The clone config option is sticky, it will apply to all subsequent git + # update operations. The submodules config option is not sticky, because + # git doesn't provide any way to do that. Thus, we will have to pass the + # same config option in the update step too for submodules, but not for + # the main git repo. + if(tls_verify) + # Default git behavior is "true", but the user might have changed the + # global default to "false". Since TLS_VERIFY was given, ensure we honor + # the specified setting regardless of what the global default might be. + list(APPEND git_clone_options -c http.sslVerify=true) + set(git_submodules_config_options -c http.sslVerify=true) + else() + list(APPEND git_clone_options -c http.sslVerify=false) + set(git_submodules_config_options -c http.sslVerify=false) + endif() + endif() string (REPLACE ";" " " git_clone_options "${git_clone_options}") - set(git_options) - # disable cert checking if explicitly told not to do it - if(NOT "x${tls_verify}" STREQUAL "x" AND NOT tls_verify) - set(git_options - -c http.sslVerify=false - ) - endif() - string (REPLACE ";" " " git_options "${git_options}") - configure_file( ${CMAKE_CURRENT_FUNCTION_LIST_DIR}/ExternalProject/gitclone.cmake.in ${script_filename} @@ -1404,6 +1419,7 @@ function(_ep_write_gitupdate_script git_repository work_dir git_update_strategy + tls_verify ) if("${git_tag}" STREQUAL "") @@ -1418,6 +1434,22 @@ function(_ep_write_gitupdate_script list(APPEND git_stash_save_options --all) endif() + set(git_submodules_config_options "") + if(NOT "x${tls_verify}" STREQUAL "x") + # The submodules config option is not sticky, git doesn't provide any way + # to do that. We have to pass this config option for the update step too. + # We don't need to set it for the non-submodule update because it gets + # recorded as part of the clone operation in a sticky manner. + if(tls_verify) + # Default git behavior is "true", but the user might have changed the + # global default to "false". Since TLS_VERIFY was given, ensure we honor + # the specified setting regardless of what the global default might be. + set(git_submodules_config_options -c http.sslVerify=true) + else() + set(git_submodules_config_options -c http.sslVerify=false) + endif() + endif() + configure_file( "${CMAKE_CURRENT_FUNCTION_LIST_DIR}/ExternalProject/gitupdate.cmake.in" "${script_filename}" @@ -3356,6 +3388,11 @@ function(_ep_add_update_command name) _ep_get_git_submodules_recurse(git_submodules_recurse) + get_property(tls_verify TARGET ${name} PROPERTY _EP_TLS_VERIFY) + if("x${tls_verify}" STREQUAL "x" AND DEFINED CMAKE_TLS_VERIFY) + set(tls_verify "${CMAKE_TLS_VERIFY}") + endif() + set(update_script "${tmp_dir}/${name}-gitupdate.cmake") list(APPEND file_deps ${update_script}) _ep_write_gitupdate_script( @@ -3369,6 +3406,7 @@ function(_ep_add_update_command name) "${git_repository}" "${work_dir}" "${git_update_strategy}" + "${tls_verify}" ) set(cmd ${CMAKE_COMMAND} -Dcan_fetch=YES -P ${update_script}) set(cmd_disconnected ${CMAKE_COMMAND} -Dcan_fetch=NO -P ${update_script}) diff --git a/Modules/ExternalProject/gitclone.cmake.in b/Modules/ExternalProject/gitclone.cmake.in index 3312171..94b329a 100644 --- a/Modules/ExternalProject/gitclone.cmake.in +++ b/Modules/ExternalProject/gitclone.cmake.in @@ -25,7 +25,7 @@ set(error_code 1) set(number_of_tries 0) while(error_code AND number_of_tries LESS 3) execute_process( - COMMAND "@git_EXECUTABLE@" @git_options@ + COMMAND "@git_EXECUTABLE@" clone @git_clone_options@ "@git_repository@" "@src_name@" WORKING_DIRECTORY "@work_dir@" RESULT_VARIABLE error_code @@ -40,7 +40,7 @@ if(error_code) endif() execute_process( - COMMAND "@git_EXECUTABLE@" @git_options@ + COMMAND "@git_EXECUTABLE@" checkout "@git_tag@" @git_checkout_explicit--@ WORKING_DIRECTORY "@work_dir@/@src_name@" RESULT_VARIABLE error_code @@ -52,7 +52,7 @@ endif() set(init_submodules @init_submodules@) if(init_submodules) execute_process( - COMMAND "@git_EXECUTABLE@" @git_options@ + COMMAND "@git_EXECUTABLE@" @git_submodules_config_options@ submodule update @git_submodules_recurse@ --init @git_submodules@ WORKING_DIRECTORY "@work_dir@/@src_name@" RESULT_VARIABLE error_code diff --git a/Modules/ExternalProject/gitupdate.cmake.in b/Modules/ExternalProject/gitupdate.cmake.in index eb3cda7..171aa7b 100644 --- a/Modules/ExternalProject/gitupdate.cmake.in +++ b/Modules/ExternalProject/gitupdate.cmake.in @@ -283,7 +283,9 @@ endif() set(init_submodules "@init_submodules@") if(init_submodules) execute_process( - COMMAND "@git_EXECUTABLE@" --git-dir=.git submodule update @git_submodules_recurse@ --init @git_submodules@ + COMMAND "@git_EXECUTABLE@" + --git-dir=.git @git_submodules_config_options@ + submodule update @git_submodules_recurse@ --init @git_submodules@ WORKING_DIRECTORY "@work_dir@" COMMAND_ERROR_IS_FATAL ANY ) |