libpakfire: Drop dependency on libgcrypt

This library was chosen as a lightweight and more easy to use
alternative to OpenSSL.

Unfortunately it does not seem to be up to standard in terms of
reliability, performance and most importantly security.

Therefore we are using OpenSSL which is the de-facto standard library,
well-audited and has a transparent development process.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/Makefile.am b/Makefile.am
index 59af964b5920a38b18f94e5ebecf910b7ea087a0..02d1e4c901232f4d0fcab688412757e975e02847 100644 (file)
--- a/Makefile.am
+++ b/Makefile.am
@@ -325,7 +325,6 @@ pkginclude_HEADERS += \
 libpakfire_la_CFLAGS = \
        $(AM_CFLAGS) \
        -fvisibility=hidden \
-       $(LIBGCRYPT_CFLAGS) \
        $(OPENSSL_CFLAGS) \
        $(SQLITE3_CFLAGS)
 
@@ -344,7 +343,6 @@ libpakfire_la_LIBADD = \
        libpakfire-parser.la \
        $(ARCHIVE_LIBS) \
        $(GPGME_LIBS) \
-       $(LIBGCRYPT_LIBS) \
        $(LZMA_LIBS) \
        $(OPENSSL_LIBS) \
        $(SOLV_LIBS) \

diff --git a/configure.ac b/configure.ac
index bcf148a0809353f7a9ad009c30d07e82bee13cdd..87b686bbee88fc9bb0f9afaac902718dc9adc32b 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -179,7 +179,6 @@ PKG_CHECK_MODULES([LZMA], [liblzma])
 PKG_CHECK_MODULES([OPENSSL], [openssl >= 1.1.1])
 PKG_CHECK_MODULES([SQLITE3], [sqlite3])
 
-AM_PATH_LIBGCRYPT([1.8.0], [], [AC_MSG_ERROR([*** libgcrypt not found])])
 AM_PATH_GPGME([1.6.0], [], [AC_MSG_ERROR([*** GPGME not found])])
 
 AC_ARG_WITH([systemdsystemunitdir],

diff --git a/src/libpakfire/include/pakfire/util.h b/src/libpakfire/include/pakfire/util.h
index 83c62af01acba979ecf616bd688121a7ebd9bbda..100971acba24bba74c7d663ef3256ffe3263b588 100644 (file)
--- a/src/libpakfire/include/pakfire/util.h
+++ b/src/libpakfire/include/pakfire/util.h
@@ -56,8 +56,6 @@ char* pakfire_remove_trailing_newline(char* str);
 
 const char* pakfire_action_type_string(pakfire_action_type_t type);
 
-void init_libgcrypt();
-
 int pakfire_read_file_into_buffer(FILE* f, char** buffer, size_t* len);
 
 size_t pakfire_string_to_size(const char* s);

diff --git a/src/libpakfire/util.c b/src/libpakfire/util.c
index c5f8e648ccee0eb310aacedf443f2e6d998afa75..8abcffdb1d261a7b45cbf9e1646cc878485e8e78 100644 (file)
--- a/src/libpakfire/util.c
+++ b/src/libpakfire/util.c
@@ -30,8 +30,6 @@
 #include <time.h>
 #include <unistd.h>
 
-#include <gcrypt.h>
-
 #include <pakfire/constants.h>
 #include <pakfire/logging.h>
 #include <pakfire/private.h>
@@ -281,25 +279,6 @@ char* pakfire_remove_trailing_newline(char* str) {
        return str;
 }
 
-void init_libgcrypt() {
-       // Only execute this once
-       static int libgcrypt_initialized = 0;
-       if (libgcrypt_initialized++)
-               return;
-
-       const char* version = gcry_check_version(NULL);
-       if (!version) {
-               fprintf(stderr, "Could not initialize libgcrypt\n");
-               exit(1);
-       }
-
-       // Disable secure memory
-       gcry_control(GCRYCTL_DISABLE_SECMEM, 0);
-
-       // Tell libgcrypt that initialization has completed
-       gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0);
-}
-
 PAKFIRE_EXPORT const char* pakfire_action_type_string(pakfire_action_type_t type) {
        switch (type) {
                case PAKFIRE_ACTION_NOOP: