On Tue, Jun 08, 2021 at 12:45:51PM -0700, Richard Henderson wrote:
On 6/8/21 4:22 AM, Paolo Bonzini wrote:
+pam = not_found
+if not get_option('auth_pam').auto() or have_system
+ pam = cc.find_library('pam', has_headers: ['security/pam_appl.h'],
The condition doesn't look right.
Why are we looking for pam if --disable-pam-auth?
Surely
if not get_option('auth_pam').disabled() and have_system
This isn't entirely obvious at first glance, but the line after
the one you quote with the 'required' param makes it "do the
right thing (tm)".
The 'auth_pam' option is a tri-state taking 'enabled', 'disabled'
and 'auto', with 'auto' being the default state. When a tri-state
value is passed as the value of the 'required' parameter, then
required==enabled is interpreted as 'required=true'
required==auto is interpreted as 'required=false'
required==disabled means the entire call is a no-op
So this logic:
if not get_option('auth_pam').auto() or have_system
pam = cc.find_library('pam', has_headers: ['security/pam_appl.h'],
required: get_option('auth_pam'),
...)
Means
=> If 'auto' is set, then only look for the library if we're
building system emulators. In this case 'required:' will
evaluate to 'false', and so we'll gracefully degrade
if the library is missing.