From 7443b0fbeb11f59539be6d374d5a1483c2edf13c Mon Sep 17 00:00:00 2001
From: Mohammad Akhlaghi <mohammad@akhlaghi.org>
Date: Tue, 15 Jan 2019 13:25:13 +0000
Subject: Many network-related libraries ignored in Wget and cURL

Wget and cURL depend on many network related libraries by default and if
they are present on the host operating system, they will be linked
with. This causes problems for the pipeline when these libraries are
updated on the host system.

With this commit, I went through the configure time options of both Wget
and cURL and removed any library that didn't seem related to merely
downloading of files (possibly with SSL, because we do build OpenSSL in the
pipeline).

Also, I noticed a new version of cURL has come, so that is also updated.
---
 reproduce/config/pipeline/dependency-versions.mk |  2 +-
 reproduce/src/make/dependencies-basic.mk         | 24 ++++++++++++++++----
 reproduce/src/make/dependencies.mk               | 29 ++++++++++++++++++++----
 3 files changed, 45 insertions(+), 10 deletions(-)

diff --git a/reproduce/config/pipeline/dependency-versions.mk b/reproduce/config/pipeline/dependency-versions.mk
index 6fbdaf7..7cd6fc9 100644
--- a/reproduce/config/pipeline/dependency-versions.mk
+++ b/reproduce/config/pipeline/dependency-versions.mk
@@ -35,7 +35,7 @@ xz-version          = 5.2.4
 
 # Libraries
 cfitsio-version     = 3.45
-curl-version        = 7.62.0
+curl-version        = 7.63.0
 gsl-version         = 2.5
 libjpeg-version     = v9b
 libtiff-version     = 4.0.10
diff --git a/reproduce/src/make/dependencies-basic.mk b/reproduce/src/make/dependencies-basic.mk
index 0c20f15..11017d1 100644
--- a/reproduce/src/make/dependencies-basic.mk
+++ b/reproduce/src/make/dependencies-basic.mk
@@ -514,14 +514,28 @@ $(ilidir)/openssl: $(tdir)/openssl-$(openssl-version).tar.gz         \
 #
 # Also note that since Wget needs to load outside libraries dynamically, it
 # gives a segmentation fault when built statically.
+#
+# There are many network related libraries that we are currently not
+# building as part of this pipeline. So to avoid too much dependency on the
+# host system (especially a crash when these libraries are updated on the
+# host), they are disabled here.
 $(ibdir)/wget: $(tdir)/wget-$(wget-version).tar.lz \
 	       $(ibdir)/pkg-config                 \
                $(ilidir)/openssl
-	libs="-pthread";                                                 \
-	if [ x$(needs_ldl) = xyes ]; then libs="$$libs -ldl"; fi;        \
-	$(call gbuild, $<, wget-$(wget-version), ,                       \
-                       LIBS="$$LIBS $$libs" --with-ssl=openssl           \
-	               --with-openssl=yes --with-libssl-prefix=$(idir))
+	libs="-pthread";                                          \
+	if [ x$(needs_ldl) = xyes ]; then libs="$$libs -ldl"; fi; \
+	$(call gbuild, $<, wget-$(wget-version), ,                \
+	               LIBS="$$LIBS $$libs"                       \
+	               --with-libssl-prefix=$(idir)               \
+	               --with-ssl=openssl                         \
+	               --with-openssl=yes                         \
+	               --without-metalink                         \
+	               --without-libuuid                          \
+	               --without-libpsl                           \
+	               --without-libidn                           \
+	               --disable-pcre2                            \
+	               --disable-pcre                             \
+	               --disable-iri )
 
 
 
diff --git a/reproduce/src/make/dependencies.mk b/reproduce/src/make/dependencies.mk
index 7cf6d42..bfe461b 100644
--- a/reproduce/src/make/dependencies.mk
+++ b/reproduce/src/make/dependencies.mk
@@ -299,12 +299,33 @@ $(ibdir)/cmake: $(tdir)/cmake-$(cmake-version).tar.gz \
 # have easiy ways to explicity tell them to also link with libcurl's
 # dependencies (libssl, libcrypto, and libz). So we won't force curl to
 # only be static.
+#
+# cURL (and its library, which is needed by several programs here) can
+# optionally link with many different network-related libraries on the host
+# system that we are not yet building in the pipeline. Many of these are
+# not relevant to most science projects, so we are explicitly using
+# `--without-XXX' or `--disable-XXX' so cURL doesn't link with them. Note
+# that if it does link with them, the pipeline will crash when the library
+# is updated/changed by the host, and the whole purpose of this pipeline is
+# avoid dependency on the host as much as possible.
 $(ibdir)/curl: $(tdir)/curl-$(curl-version).tar.gz
 	$(call gbuild, $<, curl-$(curl-version), ,       \
-                       --with-zlib=$(ildir)              \
-                       --with-ssl=$(idir)                \
-                       --without-brotli                  \
-                       LIBS="-pthread" )
+	               LIBS="-pthread"                   \
+	               --with-zlib=$(ildir)              \
+	               --with-ssl=$(idir)                \
+	               --without-mesalink                \
+	               --with-ca-fallback                \
+	               --without-librtmp                 \
+	               --without-libidn2                 \
+	               --without-wolfssl                 \
+	               --without-brotli                  \
+	               --without-gnutls                  \
+	               --without-cyassl                  \
+	               --without-libpsl                  \
+	               --without-axtls                   \
+	               --disable-ldaps                   \
+	               --disable-ldap                    \
+	               --without-nss )
 
 # On Mac OS, libtool does different things, so to avoid confusion, we'll
 # prefix GNU's libtool executables with `glibtool'.
-- 
cgit v1.2.1