[qtbase] Present feature preset to disable openssl

[geiseri]

Is your feature request related to a problem? Please describe.

I am shipping on windows so I can use the schannel TLS backend instead of the openssl backend. Right now no matter what the OpenSSL libraries are shipped since you cannot disable the openssl feature due to #35694. While not normally an issue I would prefer to not have OpenSSL libraries in the final package because it causes customers "automated vulnerability scans" to trip every few months. Currently I have a step to manually delete the files from the install root before it is packaged.

Proposed solution

This could be attacked one of three ways:

1. Remove OpenSSL as a default on Windows platform similar to securetransport on iOS. (Windows would always have schannel and Qt will autodetect that fact and compile it as long as nothing else disables it.)
2. Add a schannel feature flag that will disable OpenSSL and enable schannel similar to how the securetransport feature flag works. (At least would give developers an option to explicitly use one or the other. Not sure if they would ever want both.)
3. Provide a "negative" feature flag that would disable the openssl option (Not ideal since both could be defined, but would allow to disable other default features such as testilb and sql )

Describe alternatives you've considered

I just copied the port files locally and removed openssl.

Additional context

No response

[dg0yt]

you cannot disable the openssl feature due to #35694.

This is not right. You just have to be very explicit, and and there must be no reverse dependencies which prevent your choice.

Add a schannel feature flag that will disable OpenSSL ...
Provide a "negative" feature flag that would disable the openssl option ...

Features must be additive. Downstreams cannot take away what other downstream requested.

[geiseri]

This is not right. You just have to be very explicit, and and there must be no reverse dependencies which prevent your choice.

I am not sure I follow here. I am using manifest mode and adding qtactiveqt into the project, so that depends on qtbase as such it uses default features, and ignores my setting.

If features must be additive then it seems to me that "Option 1" would be the best bet since on Windows it would seem that OpenSSL would be redundant.

[geiseri]

Here is how I came to that conclusion:

PS C:\Users\geiseri\vcpkg> .\vcpkg.exe depend-info qtactiveqt
vcpkg-cmake:
vcpkg-cmake-config:
vcpkg-tool-meson:
zlib: vcpkg-cmake
brotli: vcpkg-cmake, vcpkg-cmake-config
bzip2[tool]: vcpkg-cmake
egl-registry:
libpng: vcpkg-cmake, vcpkg-cmake-config, zlib
pkgconf: vcpkg-tool-meson
vcpkg-cmake-get-vars: vcpkg-cmake
freetype[brotli, bzip2, zlib, png]: brotli, bzip2, libpng, vcpkg-cmake, vcpkg-cmake-config, zlib
lz4: vcpkg-cmake, vcpkg-cmake-config
opengl-registry: egl-registry
openssl: vcpkg-cmake, vcpkg-cmake-config, vcpkg-cmake-get-vars
vcpkg-pkgconfig-get-modules: pkgconf
double-conversion: vcpkg-cmake, vcpkg-cmake-config
harfbuzz[freetype]: freetype, vcpkg-tool-meson
icu[tools]:
libjpeg-turbo: vcpkg-cmake, vcpkg-cmake-config
libpq[lz4, openssl, zlib]: lz4, openssl, vcpkg-cmake-get-vars, vcpkg-pkgconfig-get-modules, zlib
opengl: opengl-registry
pcre2[platform-default-features, jit]: vcpkg-cmake, vcpkg-cmake-config
sqlite3[json1]: vcpkg-cmake, vcpkg-cmake-config
zstd: vcpkg-cmake, vcpkg-cmake-config
qtbase[brotli, concurrent, default-features, sql-sqlite, freetype, jpeg, dbus, gui, doubleconversion, harfbuzz, icu, network, opengl, openssl, pcre2, png, sql, sql-psql, testlib, thread, widgets, zstd]: brotli, double-conversion, freetype, harfbuzz, icu, libjpeg-turbo, libpng, libpq, opengl, openssl, pcre2, sqlite3, vcpkg-cmake, vcpkg-cmake-config, zlib, zstd
qtactiveqt: qtbase

Is that understanding incorrect?

[dg0yt]

I am using manifest mode and adding qtactiveqt into the project, so that depends on qtbase as such it uses default features, and ignores my setting.

Show your manifest.
The point of default-features is that they are enabled if you don't ask for something else.
Here, you would also need to add qtbase with "default-features": false to your manifest (aka top-level manifest). It is under your control.

PS C:\Users\geiseri\vcpkg> .\vcpkg.exe depend-info qtactiveqt

depend-info used to be very restricted. My recent contributions, part of the next tool update, will allow a more elaborate request:

$ ./vcpkg.mine depend-info qtactiveqt qtbase[core] --host-triplet x64-windows
vcpkg-cmake: 
vcpkg-cmake-config: 
egl-registry: 
zlib: vcpkg-cmake
brotli: vcpkg-cmake, vcpkg-cmake-config
bzip2[tool]: vcpkg-cmake
libpng: vcpkg-cmake, vcpkg-cmake-config, zlib
opengl-registry: egl-registry
double-conversion: vcpkg-cmake, vcpkg-cmake-config
freetype[png, bzip2, zlib, brotli]: brotli, bzip2, libpng, vcpkg-cmake, vcpkg-cmake-config, zlib
opengl: opengl-registry
pcre2[platform-default-features, jit]: vcpkg-cmake, vcpkg-cmake-config
qtbase[thread, gui, widgets, freetype, doubleconversion]: double-conversion, freetype, opengl, pcre2, vcpkg-cmake, vcpkg-cmake-config, zlib
qtactiveqt: qtbase

In the meantime, you can try

vcpkg install --dry-run qtactiveqt qtbase[core] --host-triplet x64-windows

[geiseri]

Here is my current manifest:

{
  "name": "hive-windows-client",
  "version-string": "v1.3.5",
  "dependencies": [
    {
      "name": "qtbase",
      "default-features": false,
      "features": [
        "concurrent",
        "doubleconversion",
        "freetype",
        "gui",
        "harfbuzz",
        "icu",
        "jpeg",
        "network",
        "opengl",
        "pcre2",
        "png",
        "testlib",
        "thread",
        "widgets",
        "zstd"
      ]
    },
    "qtimageformats",
    "qtactiveqt",
    "qtsvg",
    "qtwebsockets",
    "atlmfc",
    "magic-enum",
    {
      "name": "spdlog",
      "features": [
        "wchar"
      ]
    },
    "cppwinrt",
    "fmt",
    "simonbrunel-qtpromise"
  ]
}

So if I run the vcpkg install with those deps I see:

PS C:\Users\geiseri\vcpkg> .\vcpkg.exe install --dry-run qtactiveqt qtbase[core] qtimageformats qtwebsockets qtsvg atlmfc magic-enum spdlog[wchar] cppwinrt fmt simonbrunel-qtpromise --host-triplet x64-windows
Computing installation plan...
The following packages will be built and installed:
  * atl:x64-windows@0
    atlmfc:x64-windows@0#3
  * brotli:[email protected]#1
  * bzip2[core,tool]:[email protected]#5
    cppwinrt:[email protected]
  * double-conversion:[email protected]
  * egl-registry:x64-windows@2024-01-25
    fmt:[email protected]#2
  * freeglut:[email protected]#1
  * freetype[brotli,bzip2,core,png,zlib]:[email protected]#1
  * harfbuzz[core,freetype]:[email protected]
  * icu[core,tools]:[email protected]#1
  * jasper[core,default-features,opengl]:[email protected]
  * libjpeg-turbo:[email protected]
  * liblzma:[email protected]
  * libpng:[email protected]
  * libpq[core,lz4,openssl,zlib]:[email protected]#1
  * libwebp[core,libwebpmux,nearlossless,simd,unicode]:[email protected]
  * lz4:[email protected]#1
    magic-enum:[email protected]
  * opengl:x64-windows@2022-12-04#3
  * opengl-registry:x64-windows@2024-02-10#1
  * openssl:[email protected]#2
  * pcre2[core,jit,platform-default-features]:[email protected]#2
  * pkgconf:[email protected]
    qtactiveqt:[email protected]
    qtbase[brotli,concurrent,core,dbus,default-features,doubleconversion,freetype,gui,harfbuzz,icu,jpeg,network,opengl,openssl,pcre2,png,sql,sql-psql,sql-sqlite,testlib,thread,widgets,zstd]:[email protected]#12
    qtimageformats[core,default-features,jasper,tiff,webp]:[email protected]#1
    qtsvg:[email protected]#1
    qtwebsockets:[email protected]#1
    simonbrunel-qtpromise:[email protected]
    spdlog[core,wchar]:[email protected]#1
  * sqlite3[core,json1]:[email protected]
  * tiff[core,jpeg,lzma,zip]:[email protected]#4
  * vcpkg-cmake:x64-windows@2023-05-04
  * vcpkg-cmake-config:x64-windows@2022-02-06#1
  * vcpkg-cmake-get-vars:x64-windows@2023-12-31
  * vcpkg-pkgconfig-get-modules:x64-windows@2023-09-06
  * vcpkg-tool-meson:[email protected]#2
  * zlib:[email protected]
  * zstd:[email protected]#2
Additional packages (*) will be modified to complete this operation.

So after some mucking around I discovered that simonbrunel-qtpromise is the offender.

If I understand correctly it would be because it has

  "dependencies": [
    "qtbase",
    {
      "name": "vcpkg-cmake",
      "host": true
    }
  ]

and not

  "dependencies": [
   {
      "name": "qtbase",
      "default-features": false
    {
      "name": "vcpkg-cmake",
      "host": true
    }
  ]

[dg0yt]

Indeed, simonbrunel-qtpromise is a port which prevents the choice. And it shouldn't.

[github-actions]

This is an automated message. Per our repo policy, stale issues get closed if there has been no activity in the past 180 days. The issue will be automatically closed in 14 days. If you wish to keep this issue open, please add a new comment.