diff --git a/CMakeLists.txt b/CMakeLists.txt index 1aec189869e..9d9a5def427 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -1,5 +1,6 @@ project (ClickHouse) cmake_minimum_required (VERSION 3.3) +cmake_policy(SET CMP0023 NEW) set(CMAKE_MODULE_PATH ${CMAKE_MODULE_PATH} "${CMAKE_CURRENT_SOURCE_DIR}/cmake/Modules/") diff --git a/ci/jobs/quick-build/run.sh b/ci/jobs/quick-build/run.sh index 6a948c560ee..9e8fe9353d6 100755 --- a/ci/jobs/quick-build/run.sh +++ b/ci/jobs/quick-build/run.sh @@ -21,7 +21,7 @@ BUILD_TARGETS=clickhouse BUILD_TYPE=Debug ENABLE_EMBEDDED_COMPILER=0 -CMAKE_FLAGS="-D CMAKE_C_FLAGS_ADD=-g0 -D CMAKE_CXX_FLAGS_ADD=-g0 -D ENABLE_JEMALLOC=0 -D ENABLE_CAPNP=0 -D ENABLE_RDKAFKA=0 -D ENABLE_UNWIND=0 -D ENABLE_ICU=0 -D ENABLE_POCO_MONGODB=0 -D ENABLE_POCO_NETSSL=0 -D ENABLE_POCO_ODBC=0 -D ENABLE_ODBC=0 -D ENABLE_MYSQL=0" +CMAKE_FLAGS="-D CMAKE_C_FLAGS_ADD=-g0 -D CMAKE_CXX_FLAGS_ADD=-g0 -D ENABLE_JEMALLOC=0 -D ENABLE_CAPNP=0 -D ENABLE_RDKAFKA=0 -D ENABLE_UNWIND=0 -D ENABLE_ICU=0 -D ENABLE_POCO_MONGODB=0 -D ENABLE_POCO_NETSSL=0 -D ENABLE_POCO_ODBC=0 -D ENABLE_ODBC=0 -D ENABLE_MYSQL=0 -D ENABLE_SSL=0 -D ENABLE_POCO_NETSSL=0" [[ $(uname) == "FreeBSD" ]] && COMPILER_PACKAGE_VERSION=devel && export COMPILER_PATH=/usr/local/bin diff --git a/cmake/find_rdkafka.cmake b/cmake/find_rdkafka.cmake index ff3360baa74..3363c657f91 100644 --- a/cmake/find_rdkafka.cmake +++ b/cmake/find_rdkafka.cmake @@ -1,5 +1,5 @@ # Freebsd: contrib/cppkafka/include/cppkafka/detail/endianness.h:53:23: error: 'betoh16' was not declared in this scope -if (NOT ARCH_ARM AND NOT ARCH_32 AND NOT APPLE AND NOT OS_FREEBSD) +if (NOT ARCH_ARM AND NOT ARCH_32 AND NOT APPLE AND NOT OS_FREEBSD AND OPENSSL_FOUND) option (ENABLE_RDKAFKA "Enable kafka" ON) endif () diff --git a/cmake/find_ssl.cmake b/cmake/find_ssl.cmake index 4af11e033fe..6d65ccc66bf 100644 --- a/cmake/find_ssl.cmake +++ b/cmake/find_ssl.cmake @@ -1,7 +1,19 @@ +option (ENABLE_SSL "Enable ssl" ON) + +if (ENABLE_SSL) + if(NOT ARCH_32) option(USE_INTERNAL_SSL_LIBRARY "Set to FALSE to use system *ssl library instead of bundled" ${NOT_UNBUNDLED}) endif() +if(NOT EXISTS "${ClickHouse_SOURCE_DIR}/contrib/ssl/CMakeLists.txt") + if(USE_INTERNAL_SSL_LIBRARY) + message(WARNING "submodule contrib/ssl is missing. to fix try run: \n git submodule update --init --recursive") + endif() + set(USE_INTERNAL_SSL_LIBRARY 0) + set(MISSING_INTERNAL_SSL_LIBRARY 1) +endif() + set (OPENSSL_USE_STATIC_LIBS ${USE_STATIC_LIBRARIES}) if (NOT USE_INTERNAL_SSL_LIBRARY) @@ -28,7 +40,7 @@ if (NOT USE_INTERNAL_SSL_LIBRARY) endif () endif () -if (NOT OPENSSL_FOUND) +if (NOT OPENSSL_FOUND AND NOT MISSING_INTERNAL_SSL_LIBRARY) set (USE_INTERNAL_SSL_LIBRARY 1) set (OPENSSL_ROOT_DIR "${ClickHouse_SOURCE_DIR}/contrib/ssl") set (OPENSSL_INCLUDE_DIR "${OPENSSL_ROOT_DIR}/include") @@ -43,4 +55,11 @@ if (NOT OPENSSL_FOUND) set (OPENSSL_FOUND 1) endif () -message (STATUS "Using ssl=${OPENSSL_FOUND}: ${OPENSSL_INCLUDE_DIR} : ${OPENSSL_LIBRARIES}") +if(OPENSSL_FOUND) + # we need keep OPENSSL_FOUND for many libs in contrib + set(USE_SSL 1) +endif() + +endif () + +message (STATUS "Using ssl=${USE_SSL}: ${OPENSSL_INCLUDE_DIR} : ${OPENSSL_LIBRARIES}") diff --git a/contrib/CMakeLists.txt b/contrib/CMakeLists.txt index c3f8edc0b2d..636aaeb6bcc 100644 --- a/contrib/CMakeLists.txt +++ b/contrib/CMakeLists.txt @@ -125,13 +125,17 @@ endif () if (ENABLE_MYSQL AND USE_INTERNAL_MYSQL_LIBRARY) add_subdirectory (mariadb-connector-c-cmake) target_include_directories(mysqlclient BEFORE PRIVATE ${ZLIB_INCLUDE_DIR}) - target_include_directories(mysqlclient BEFORE PRIVATE ${OPENSSL_INCLUDE_DIR}) + if(OPENSSL_INCLUDE_DIR) + target_include_directories(mysqlclient BEFORE PRIVATE ${OPENSSL_INCLUDE_DIR}) + endif() endif () if (USE_INTERNAL_RDKAFKA_LIBRARY) add_subdirectory (librdkafka-cmake) target_include_directories(rdkafka BEFORE PRIVATE ${ZLIB_INCLUDE_DIR}) - target_include_directories(rdkafka BEFORE PRIVATE ${OPENSSL_INCLUDE_DIR}) + if(OPENSSL_INCLUDE_DIR) + target_include_directories(rdkafka BEFORE PRIVATE ${OPENSSL_INCLUDE_DIR}) + endif() endif () if (USE_RDKAFKA) diff --git a/contrib/libhdfs3-cmake/CMakeLists.txt b/contrib/libhdfs3-cmake/CMakeLists.txt index f651e55fb7b..0d075922f07 100644 --- a/contrib/libhdfs3-cmake/CMakeLists.txt +++ b/contrib/libhdfs3-cmake/CMakeLists.txt @@ -208,7 +208,8 @@ target_link_libraries(hdfs3 ${LIBXML2_LIBRARY}) # inherit from parent cmake target_include_directories(hdfs3 PRIVATE ${Boost_INCLUDE_DIRS}) target_include_directories(hdfs3 PRIVATE ${Protobuf_INCLUDE_DIR}) -target_include_directories(hdfs3 PRIVATE ${OPENSSL_INCLUDE_DIR}) - target_link_libraries(hdfs3 ${Protobuf_LIBRARY}) -target_link_libraries(hdfs3 ${OPENSSL_LIBRARIES}) +if(OPENSSL_INCLUDE_DIR AND OPENSSL_LIBRARIES) + target_include_directories(hdfs3 PRIVATE ${OPENSSL_INCLUDE_DIR}) + target_link_libraries(hdfs3 ${OPENSSL_LIBRARIES}) +endif() diff --git a/contrib/librdkafka-cmake/CMakeLists.txt b/contrib/librdkafka-cmake/CMakeLists.txt index 8cc49ce0c17..27e3a8cec05 100644 --- a/contrib/librdkafka-cmake/CMakeLists.txt +++ b/contrib/librdkafka-cmake/CMakeLists.txt @@ -58,4 +58,7 @@ add_library(rdkafka ${LINK_MODE} ${SRCS}) target_include_directories(rdkafka SYSTEM PUBLIC include) target_include_directories(rdkafka SYSTEM PUBLIC ${RDKAFKA_SOURCE_DIR}) # Because weird logic with "include_next" is used. target_include_directories(rdkafka SYSTEM PRIVATE ${ZSTD_INCLUDE_DIR}/common) # Because wrong path to "zstd_errors.h" is used. -target_link_libraries(rdkafka PUBLIC ${ZLIB_LIBRARIES} ${ZSTD_LIBRARY} ${LZ4_LIBRARY} ${OPENSSL_SSL_LIBRARY} ${OPENSSL_CRYPTO_LIBRARY}) +target_link_libraries(rdkafka PUBLIC ${ZLIB_LIBRARIES} ${ZSTD_LIBRARY} ${LZ4_LIBRARY}) +if(OPENSSL_SSL_LIBRARY AND OPENSSL_CRYPTO_LIBRARY) + target_link_libraries(rdkafka PUBLIC ${OPENSSL_SSL_LIBRARY} ${OPENSSL_CRYPTO_LIBRARY}) +endif() diff --git a/contrib/mariadb-connector-c-cmake/CMakeLists.txt b/contrib/mariadb-connector-c-cmake/CMakeLists.txt index 4c1184b3edb..9b095a2e15b 100644 --- a/contrib/mariadb-connector-c-cmake/CMakeLists.txt +++ b/contrib/mariadb-connector-c-cmake/CMakeLists.txt @@ -33,7 +33,6 @@ ${MARIADB_CLIENT_SOURCE_DIR}/libmariadb/ma_time.c ${MARIADB_CLIENT_SOURCE_DIR}/libmariadb/ma_tls.c #${MARIADB_CLIENT_SOURCE_DIR}/libmariadb/secure/gnutls.c #${MARIADB_CLIENT_SOURCE_DIR}/libmariadb/secure/ma_schannel.c -${MARIADB_CLIENT_SOURCE_DIR}/libmariadb/secure/openssl.c #${MARIADB_CLIENT_SOURCE_DIR}/libmariadb/secure/schannel.c #${MARIADB_CLIENT_SOURCE_DIR}/plugins/auth/auth_gssapi_client.c #${MARIADB_CLIENT_SOURCE_DIR}/plugins/auth/dialog.c @@ -55,12 +54,19 @@ ${MARIADB_CLIENT_SOURCE_DIR}/plugins/pvio/pvio_socket.c ${CMAKE_CURRENT_SOURCE_DIR}/linux_x86_64/libmariadb/ma_client_plugin.c ) +if(OPENSSL_LIBRARIES) + list(APPEND SRCS ${MARIADB_CLIENT_SOURCE_DIR}/libmariadb/secure/openssl.c) +endif() + add_library(mysqlclient STATIC ${SRCS}) -target_link_libraries(mysqlclient ${OPENSSL_LIBRARIES}) +if(OPENSSL_LIBRARIES) + target_link_libraries(mysqlclient ${OPENSSL_LIBRARIES}) + target_compile_definitions(mysqlclient PRIVATE -D HAVE_OPENSSL -D HAVE_TLS) +endif() target_include_directories(mysqlclient PUBLIC ${CMAKE_CURRENT_SOURCE_DIR}/linux_x86_64/include) target_include_directories(mysqlclient PUBLIC ${CMAKE_CURRENT_SOURCE_DIR}/common/include) target_include_directories(mysqlclient PUBLIC ${MARIADB_CLIENT_SOURCE_DIR}/include) -target_compile_definitions(mysqlclient PRIVATE -D THREAD -D HAVE_OPENSSL -D HAVE_TLS) +target_compile_definitions(mysqlclient PRIVATE -D THREAD) diff --git a/contrib/ssl b/contrib/ssl deleted file mode 160000 index ba8de796195..00000000000 --- a/contrib/ssl +++ /dev/null @@ -1 +0,0 @@ -Subproject commit ba8de796195ff9d8bb0249ce289b83226b848b77 diff --git a/dbms/CMakeLists.txt b/dbms/CMakeLists.txt index a07d658c4e6..444f0087b4a 100644 --- a/dbms/CMakeLists.txt +++ b/dbms/CMakeLists.txt @@ -309,7 +309,10 @@ if (USE_PARQUET) endif () endif () -target_link_libraries(dbms PRIVATE ${OPENSSL_CRYPTO_LIBRARY} Threads::Threads) +if(OPENSSL_CRYPTO_LIBRARY) + target_link_libraries(dbms PRIVATE ${OPENSSL_CRYPTO_LIBRARY}) +endif () +target_link_libraries(dbms PRIVATE Threads::Threads) target_include_directories (dbms SYSTEM BEFORE PRIVATE ${DIVIDE_INCLUDE_DIR}) target_include_directories (dbms SYSTEM BEFORE PRIVATE ${SPARCEHASH_INCLUDE_DIR}) diff --git a/dbms/src/Common/config.h.in b/dbms/src/Common/config.h.in index 63067fdf15e..0b31466d522 100644 --- a/dbms/src/Common/config.h.in +++ b/dbms/src/Common/config.h.in @@ -23,6 +23,7 @@ #cmakedefine01 USE_CPUID #cmakedefine01 USE_CPUINFO #cmakedefine01 USE_BROTLI +#cmakedefine01 USE_SSL #cmakedefine01 CLICKHOUSE_SPLIT_BINARY #cmakedefine01 LLVM_HAS_RTTI diff --git a/dbms/src/Common/tests/CMakeLists.txt b/dbms/src/Common/tests/CMakeLists.txt index b63f4a8e4df..5d995c17bf3 100644 --- a/dbms/src/Common/tests/CMakeLists.txt +++ b/dbms/src/Common/tests/CMakeLists.txt @@ -1,5 +1,8 @@ add_executable (hashes_test hashes_test.cpp) -target_link_libraries (hashes_test PRIVATE clickhouse_common_io ${OPENSSL_CRYPTO_LIBRARY} ${CITYHASH_LIBRARIES}) +target_link_libraries (hashes_test PRIVATE clickhouse_common_io ${CITYHASH_LIBRARIES}) +if(OPENSSL_CRYPTO_LIBRARY) + target_link_libraries (hashes_test PRIVATE ${OPENSSL_CRYPTO_LIBRARY}) +endif() add_executable (sip_hash sip_hash.cpp) target_link_libraries (sip_hash PRIVATE clickhouse_common_io) diff --git a/dbms/src/Common/tests/hashes_test.cpp b/dbms/src/Common/tests/hashes_test.cpp index 289cb5d9b74..8f687b55265 100644 --- a/dbms/src/Common/tests/hashes_test.cpp +++ b/dbms/src/Common/tests/hashes_test.cpp @@ -1,14 +1,14 @@ #include #include - #include -#include - #include - #include #include #include +#include +#if USE_SSL +# include +#endif int main(int, char **) @@ -108,6 +108,7 @@ int main(int, char **) << std::endl; } +#if USE_SSL { Stopwatch watch; @@ -129,6 +130,7 @@ int main(int, char **) << " (" << rows / watch.elapsedSeconds() << " rows/sec., " << bytes / 1000000.0 / watch.elapsedSeconds() << " MB/sec.)" << std::endl; } +#endif return 0; } diff --git a/dbms/src/Functions/CMakeLists.txt b/dbms/src/Functions/CMakeLists.txt index 6b4cfab15c1..b313b0c5a15 100644 --- a/dbms/src/Functions/CMakeLists.txt +++ b/dbms/src/Functions/CMakeLists.txt @@ -20,7 +20,11 @@ target_link_libraries(clickhouse_functions ${METROHASH_LIBRARIES} murmurhash ${BASE64_LIBRARY} - ${OPENSSL_CRYPTO_LIBRARY}) +) + +if (OPENSSL_CRYPTO_LIBRARY) + target_link_libraries(clickhouse_functions PUBLIC ${OPENSSL_CRYPTO_LIBRARY}) +endif() target_include_directories (clickhouse_functions SYSTEM BEFORE PUBLIC ${DIVIDE_INCLUDE_DIR} ${METROHASH_INCLUDE_DIR}) diff --git a/dbms/src/Functions/FunctionsHashing.cpp b/dbms/src/Functions/FunctionsHashing.cpp index a02a841e0b4..3f16d07f3df 100644 --- a/dbms/src/Functions/FunctionsHashing.cpp +++ b/dbms/src/Functions/FunctionsHashing.cpp @@ -8,11 +8,13 @@ namespace DB void registerFunctionsHashing(FunctionFactory & factory) { +#if USE_SSL factory.registerFunction(); factory.registerFunction(); factory.registerFunction(); factory.registerFunction(); factory.registerFunction(); +#endif factory.registerFunction(); factory.registerFunction(); factory.registerFunction(); diff --git a/dbms/src/Functions/FunctionsHashing.h b/dbms/src/Functions/FunctionsHashing.h index e756e8b79e7..6bd6213e110 100644 --- a/dbms/src/Functions/FunctionsHashing.h +++ b/dbms/src/Functions/FunctionsHashing.h @@ -1,7 +1,5 @@ #pragma once -#include -#include #include #include #include @@ -14,7 +12,12 @@ #include #if USE_XXHASH - #include // Y_IGNORE +# include // Y_IGNORE +#endif + +#if USE_SSL +# include +# include #endif #include @@ -94,7 +97,7 @@ struct IntHash64Impl } }; - +#if USE_SSL struct HalfMD5Impl { static constexpr auto name = "halfMD5"; @@ -183,6 +186,7 @@ struct SHA256Impl SHA256_Final(out_char_data, &ctx); } }; +#endif struct SipHash64Impl { @@ -1076,15 +1080,18 @@ private: struct NameIntHash32 { static constexpr auto name = "intHash32"; }; struct NameIntHash64 { static constexpr auto name = "intHash64"; }; - +#if USE_SSL using FunctionHalfMD5 = FunctionAnyHash; +#endif using FunctionSipHash64 = FunctionAnyHash; using FunctionIntHash32 = FunctionIntHash; using FunctionIntHash64 = FunctionIntHash; +#if USE_SSL using FunctionMD5 = FunctionStringHashFixedString; using FunctionSHA1 = FunctionStringHashFixedString; using FunctionSHA224 = FunctionStringHashFixedString; using FunctionSHA256 = FunctionStringHashFixedString; +#endif using FunctionSipHash128 = FunctionStringHashFixedString; using FunctionCityHash64 = FunctionAnyHash; using FunctionFarmHash64 = FunctionAnyHash; diff --git a/dbms/src/Interpreters/SecurityManager.cpp b/dbms/src/Interpreters/SecurityManager.cpp index e5dc40568b1..0ca14798b52 100644 --- a/dbms/src/Interpreters/SecurityManager.cpp +++ b/dbms/src/Interpreters/SecurityManager.cpp @@ -1,17 +1,17 @@ -#include - +#include "SecurityManager.h" #include #include #include - #include #include #include #include - -#include - #include +#include +#if USE_SSL +# include +#endif + namespace DB { @@ -25,6 +25,7 @@ namespace ErrorCodes extern const int WRONG_PASSWORD; extern const int IP_ADDRESS_NOT_ALLOWED; extern const int BAD_ARGUMENTS; + extern const int SUPPORT_IS_DISABLED; } using UserPtr = SecurityManager::UserPtr; @@ -68,6 +69,7 @@ UserPtr SecurityManager::authorizeAndGetUser( if (!it->second->password_sha256_hex.empty()) { +#if USE_SSL unsigned char hash[32]; SHA256_CTX ctx; @@ -86,6 +88,9 @@ UserPtr SecurityManager::authorizeAndGetUser( if (hash_hex != it->second->password_sha256_hex) on_wrong_password(); +#else + throw DB::Exception("Sha256 passwords support is disabled, because ClickHouse was built without SSL library", DB::ErrorCodes::SUPPORT_IS_DISABLED); +#endif } else if (password != it->second->password) { diff --git a/dbms/src/Interpreters/Users.cpp b/dbms/src/Interpreters/Users.cpp index 0ac4e4aff16..11ae604bcd6 100644 --- a/dbms/src/Interpreters/Users.cpp +++ b/dbms/src/Interpreters/Users.cpp @@ -1,5 +1,4 @@ #include - #include #include #include @@ -7,7 +6,6 @@ #include #include #include - #include #include #include @@ -16,12 +14,9 @@ #include #include #include - -#include - #include - #include +#include namespace DB diff --git a/dbms/src/Storages/System/StorageSystemBuildOptions.generated.cpp.in b/dbms/src/Storages/System/StorageSystemBuildOptions.generated.cpp.in index 83364bf8645..e2e4b397d0b 100644 --- a/dbms/src/Storages/System/StorageSystemBuildOptions.generated.cpp.in +++ b/dbms/src/Storages/System/StorageSystemBuildOptions.generated.cpp.in @@ -55,6 +55,7 @@ const char * auto_config_build[] "USE_PARQUET", "@USE_PARQUET@", "USE_PROTOBUF", "@USE_PROTOBUF@", "USE_BROTLI", "@USE_BROTLI@", + "USE_SSL", "@USE_SSL@", nullptr, nullptr }; diff --git a/libs/libmysqlxx/CMakeLists.txt b/libs/libmysqlxx/CMakeLists.txt index f5e49d584b6..d0c95312122 100644 --- a/libs/libmysqlxx/CMakeLists.txt +++ b/libs/libmysqlxx/CMakeLists.txt @@ -46,8 +46,13 @@ else () endif () endif () -target_link_libraries (mysqlxx common ${Poco_Util_LIBRARY} ${MYSQLCLIENT_LIBRARIES} ${Boost_SYSTEM_LIBRARY} ${OPENSSL_LIBRARIES} ${ZLIB_LIBRARIES} ${PLATFORM_LIBRARIES}) -if (NOT USE_INTERNAL_MYSQL_LIBRARY) +target_link_libraries(mysqlxx PUBLIC common ${Poco_Util_LIBRARY} PRIVATE ${MYSQLCLIENT_LIBRARIES} PUBLIC ${Boost_SYSTEM_LIBRARY} PRIVATE ${ZLIB_LIBRARIES}) +if(OPENSSL_LIBRARIES) + target_link_libraries(mysqlxx PRIVATE ${OPENSSL_LIBRARIES}) +endif() +target_link_libraries(mysqlxx PRIVATE ${PLATFORM_LIBRARIES}) + +if (NOT USE_INTERNAL_MYSQL_LIBRARY AND OPENSSL_INCLUDE_DIR) target_include_directories (mysqlxx SYSTEM PRIVATE ${OPENSSL_INCLUDE_DIR}) endif ()