fix: restore missing --help in Configure, clean up output and show enabled/disabled flags, warn user of possible incorrect usage #22621

BMDan · 2023-11-03T22:49:10Z

In 081436b (from #11230), the ability to use --help as a flag to config and Configure was lost. The flag would be worth restoring on its own merits, but it's also needed to restore the accuracy of references to it on the Wiki.

This PR restores the ability to get --help. While we're at it, we also include a few helpful related features/fixes:

Add missing \n to the end of usage output to stderr.
The os/compiler list was a bit of a wall of text; it's now gently indented.
Available enable/disable flags are now shown along with their status (based on configured defaults and the args as parsed up to that point). This can help debug e.g. surprising disable_cascade behavior.
At some point, any flags not recognized by Configure started being passed to CFLAGS/CXXFLAGS. However, this can lead to confusion, since autoconf and friends use flag syntax (e.g. --with-zlib), whereas Configure uses bareword (with-zlib). Indeed, in this regard, the Wiki continues to be incorrect even after this PR is merged ("If you provide a [sic] option not known to configure or ask for help, then you get a brief help message", emphasis mine). As changed here, when the user passes an argument like --enable-zstd, if it would have been a valid Configure flag without the leading --, Configure will now issue a "NOTE" to the user on stderr.

A brief postscript: please remember when reviewing this patch that I bear no responsibility for the style of indentation chosen in this file, though I did my best to follow it faithfully.

Output of new version

$ ./config --help
Usage: Configure [no-<feature> ...] [enable-<feature> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]thread-pool] [[no-]default-thread-pool] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--config=FILE] [--help] os/compiler[:flags]

pick os/compiler from:
  BC-32 BS2000-OSD BSD-aarch64 BSD-armv4 BSD-generic32 BSD-generic64 BSD-ia64 
  BSD-nodef-generic32 BSD-nodef-generic64 BSD-nodef-ia64 BSD-nodef-sparc64 
  BSD-nodef-sparcv8 BSD-nodef-x86 BSD-nodef-x86-elf BSD-nodef-x86_64 BSD-ppc 
  BSD-ppc64 BSD-ppc64le BSD-riscv32 BSD-riscv64 BSD-sparc64 BSD-sparcv8 
  BSD-x86 BSD-x86-elf BSD-x86_64 Cygwin Cygwin-i386 Cygwin-i486 Cygwin-i586 
  Cygwin-i686 Cygwin-x86 Cygwin-x86_64 DJGPP MPE/iX-gcc OS390-Unix UEFI 
  UEFI-x86 UEFI-x86_64 UWIN VC-CE VC-CLANG-WIN64-CLANGASM-ARM VC-WIN32 
  VC-WIN32-ARM VC-WIN32-ARM-UWP VC-WIN32-HYBRIDCRT VC-WIN32-ONECORE 
  VC-WIN32-UWP VC-WIN64-ARM VC-WIN64-ARM-UWP VC-WIN64-CLANGASM-ARM VC-WIN64A 
  VC-WIN64A-HYBRIDCRT VC-WIN64A-ONECORE VC-WIN64A-UWP VC-WIN64A-masm VC-WIN64I 
  aix-cc aix-gcc aix64-cc aix64-gcc aix64-gcc-as android-arm android-arm64 
  android-armeabi android-mips android-mips64 android-x86 android-x86_64 
  android64 android64-aarch64 android64-mips64 android64-x86_64 bsdi-elf-gcc 
  cc darwin-i386 darwin-i386-cc darwin-ppc darwin-ppc-cc darwin64-arm64 
  darwin64-arm64-cc darwin64-ppc darwin64-ppc-cc darwin64-x86_64 
  darwin64-x86_64-cc gcc haiku-x86 haiku-x86_64 hpux-ia64-cc hpux-ia64-gcc 
  hpux-parisc-cc hpux-parisc-gcc hpux-parisc1_1-cc hpux-parisc1_1-gcc 
  hpux64-ia64-cc hpux64-ia64-gcc hpux64-parisc2-cc hpux64-parisc2-gcc 
  hurd-generic32 hurd-generic64 hurd-x86 hurd-x86_64 ios-cross ios-xcrun 
  ios64-cross ios64-xcrun iossimulator-arm64-xcrun iossimulator-i386-xcrun 
  iossimulator-x86_64-xcrun iossimulator-xcrun iphoneos-cross irix-mips3-cc 
  irix-mips3-gcc irix64-mips4-cc irix64-mips4-gcc linux-aarch64 
  linux-alpha-gcc linux-aout linux-arm64ilp32 linux-armv4 linux-c64xplus 
  linux-elf linux-generic32 linux-generic64 linux-ia64 linux-latomic 
  linux-mips32 linux-mips64 linux-ppc linux-ppc64 linux-ppc64le linux-sparcv8 
  linux-sparcv9 linux-x32 linux-x86 linux-x86-clang linux-x86-latomic 
  linux-x86_64 linux-x86_64-clang linux32-riscv32 linux32-s390x 
  linux64-loongarch64 linux64-mips64 linux64-riscv64 linux64-s390x 
  linux64-sparcv9 mingw mingw64 nonstop-nse nonstop-nse_64 nonstop-nse_64_put 
  nonstop-nse_g nonstop-nse_g_tandem nonstop-nse_put nonstop-nse_spt 
  nonstop-nse_spt_floss nonstop-nsv nonstop-nsx nonstop-nsx_64 
  nonstop-nsx_64_put nonstop-nsx_g nonstop-nsx_g_tandem nonstop-nsx_put 
  nonstop-nsx_spt nonstop-nsx_spt_floss sco5-cc sco5-gcc solaris-sparcv7-cc 
  solaris-sparcv7-gcc solaris-sparcv8-cc solaris-sparcv8-gcc 
  solaris-sparcv9-cc solaris-sparcv9-gcc solaris-x86-gcc solaris64-sparcv9-cc 
  solaris64-sparcv9-gcc solaris64-x86_64-cc solaris64-x86_64-gcc 
  tru64-alpha-cc tru64-alpha-gcc uClinux-dist uClinux-dist64 unixware-2.0 
  unixware-2.1 unixware-7 unixware-7-gcc vms-alpha vms-alpha-p32 vms-alpha-p64 
  vms-ia64 vms-ia64-p32 vms-ia64-p64 vms-x86_64 vms-x86_64-cross-ia64 vos-gcc 
  vxworks-mips vxworks-ppc405 vxworks-ppc60x vxworks-ppc750 
  vxworks-ppc750-debug vxworks-ppc860 vxworks-ppcgen vxworks-simlinux 
The following ENABLED and disabled flags are available:
  ACVP-TESTS AFALGENG APPS ARGON2 ARIA asan ASM ASYNC AUTOALGINIT AUTOERRINIT 
  AUTOLOAD-CONFIG BF BLAKE2 brotli brotli-dynamic buildtest-c++ BULK 
  CACHED-FETCH CAMELLIA CAPIENG CAST CHACHA CMAC CMP CMS COMP crypto-mdebug CT 
  DEFAULT-THREAD-POOL DEPRECATED DES devcryptoeng DGRAM DH DOCS DSA DSO DTLS 
  DTLS1 DTLS1-METHOD DTLS1_2 DTLS1_2-METHOD DYNAMIC-ENGINE EC EC2M 
  ec_nistp_64_gcc_128 ECDH ECDSA ECX egd ENGINE ERR external-tests FILENAMES 
  fips FIPS-SECURITYCHECKS fuzz-afl fuzz-libfuzzer GOST HTTP IDEA ktls LEGACY 
  LOADERENG MAKEDEPEND md2 MD4 MDC2 MODULE msan MULTIBLOCK NEXTPROTONEG OCB 
  OCSP PADLOCKENG PIC PINSHARED POLY1305 POSIX-IO PSK QUIC RC2 RC4 rc5 RDRAND 
  RFC3779 RMD160 SCRYPT sctp SECURE-MEMORY SEED SHARED SIPHASH SIV SM2 
  SM2-PRECOMP SM3 SM4 SOCK SRP SRTP SSE2 SSL SSL-TRACE ssl3 ssl3-method 
  STATIC-ENGINE STDIO TESTS tfo THREAD-POOL THREADS TLS TLS1 TLS1-METHOD 
  TLS1_1 TLS1_1-METHOD TLS1_2 TLS1_2-METHOD TLS1_3 trace TS ubsan UI-CONSOLE 
  unit-test UPLINK weak-ssl-ciphers WHIRLPOOL WINSTORE zlib zlib-dynamic zstd 
  zstd-dynamic

Output of new version with CLICOLOR enabled

Output of new version reflecting a disable_cascade argument having been applied

Output of new version related to feature/fix numbered 4, above:

User is warned when preceding a valid Configure parameter with --:

$ ./Configure --with-zlib
NOTE: Flag --with-zlib will be passed to compiler.  It looks similar to a Configure
      option, though.  If that is what you meant to do, drop the leading '--'.
Configuring OpenSSL version 3.3.0-dev for target linux-x86_64
Using os-specific seed configuration

Having multiple possible mistakes gives multiple warnings, even if correct bareword options are intermixed:

$ ./Configure sctp --with-zlib --with-trace
NOTE: Flag --with-zlib will be passed to compiler.  It looks similar to a Configure
      option, though.  If that is what you meant to do, drop the leading '--'.
NOTE: Flag --with-trace will be passed to compiler.  It looks similar to a Configure
      option, though.  If that is what you meant to do, drop the leading '--'.
Configuring OpenSSL version 3.3.0-dev for target linux-x86_64
Using os-specific seed configuration
^C
$ ./Configure --with-zlib sctp --with-trace 
NOTE: Flag --with-zlib will be passed to compiler.  It looks similar to a Configure
      option, though.  If that is what you meant to do, drop the leading '--'.
NOTE: Flag --with-trace will be passed to compiler.  It looks similar to a Configure
      option, though.  If that is what you meant to do, drop the leading '--'.
Configuring OpenSSL version 3.3.0-dev for target linux-x86_64
Using os-specific seed configuration
^C
$ ./Configure --with-zlib --with-trace sctp
NOTE: Flag --with-zlib will be passed to compiler.  It looks similar to a Configure
      option, though.  If that is what you meant to do, drop the leading '--'.
NOTE: Flag --with-trace will be passed to compiler.  It looks similar to a Configure
      option, though.  If that is what you meant to do, drop the leading '--'.
Configuring OpenSSL version 3.3.0-dev for target linux-x86_64
Using os-specific seed configuration

User is not warned when preceding a valid Configure parameter with -- if it is unambiguously not meant for Configure to consume:

$ ./Configure --with-zlib=/usr/local/lib
Configuring OpenSSL version 3.3.0-dev for target linux-x86_64
Using os-specific seed configuration

Specifying an unsupported option once again results in script faiilure as expected/documented:

$ ./Configure with-something-fake
Configuring OpenSSL version 3.3.0-dev for target with-something-fake
Using os-specific seed configuration
Usage: Configure [no-<feature> ...] [enable-<feature> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]thread-pool] [[no-]default-thread-pool] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--config=FILE] [--help] os/compiler[:flags]

pick os/compiler from:
  BC-32 BS2000-OSD BSD-aarch64 BSD-armv4 BSD-generic32 BSD-generic64 BSD-ia64 
<...>
$ echo $?
1

No warnings are issued for a passed option that does not match any Configure parameter:

$ ./Configure --with-something-fake
Configuring OpenSSL version 3.3.0-dev for target linux-x86_64
Using os-specific seed configuration
^C

CLA is signed.

nhorman · 2023-11-04T12:33:07Z

Looks like you need a rebasee, but otherwise, LGTM

BMDan · 2023-11-04T20:02:32Z

Looks like you need a rebasee, but otherwise, LGTM

Rebased, updated PR summary with more details, and fixed a bug that got in the way of displaying the status of flags affected by cascades.

hlandau

Looks good, other than some comments about the colour support.

Configure

hlandau · 2023-11-06T08:17:58Z

In the future it would also be nice to sort the long lists of flags, platforms, etc. into alphabetically sorted columns so that they can be read easily. It's almost impossible to read them as is.

But that should be done in a separate PR.

mattcaswell · 2023-11-06T08:48:35Z

This does not look like it qualifies for "CLA: trivial". Please can you submit a CLA for this:

https://www.openssl.org/policies/cla.html

openssl-machine · 2023-12-08T00:10:03Z

This PR has the label 'hold: cla required' and is stale: it has not been updated in 30 days. Note that this PR may be automatically closed in the future if no CLA is provided. For CLA help see https://www.openssl.org/policies/cla.html

BMDan · 2023-12-14T07:11:01Z

CLA has been signed; what do I need to do to refresh the CLA check?

t8m · 2023-12-14T09:36:17Z

Could you please use git commit --amend to amend the commit message to remove the CLA: trivial annotation? Then you do git push --force to force push the new commit.

openssl-machine · 2024-01-14T00:09:23Z

This PR has the label 'hold: cla required' and is stale: it has not been updated in 30 days. Note that this PR may be automatically closed in the future if no CLA is provided. For CLA help see https://www.openssl.org/policies/cla.html

openssl-machine · 2024-02-25T00:08:58Z

This PR is waiting for the creator to make requested changes but it has not been updated for 30 days. If you have made changes or commented to the reviewer please make sure you re-request a review (see icon in the 'reviewers' section).

BMDan · 2024-03-10T07:55:45Z

@hlandau do you have a moment to take a look at the changes I've made, please?

BMDan · 2024-03-15T22:42:41Z

Gentle ping; @hlandau or @t8m ?

BMDan · 2024-04-07T09:47:25Z

One more gentle prod: @t8m or @levitte, any thoughts?

openssl-machine · 2024-05-08T00:09:11Z

This PR is in a state where it requires action by @openssl/otc but the last update was 30 days ago

openssl-machine · 2024-06-08T00:09:04Z

This PR is in a state where it requires action by @openssl/otc but the last update was 30 days ago

openssl-machine · 2024-07-09T00:08:22Z

This PR is in a state where it requires action by @openssl/otc but the last update was 61 days ago

openssl-machine · 2024-08-08T08:01:38Z

This PR is in a state where it requires action by @openssl/otc but the last update was 91 days ago

openssl-machine · 2024-09-08T00:08:29Z

This PR is in a state where it requires action by @openssl/otc but the last update was 122 days ago

openssl-machine · 2024-10-10T00:08:45Z

This PR is in a state where it requires action by @openssl/committers but the last update was 30 days ago

vdukhovni

LGTM with nits

Configure

openssl-machine · 2024-11-10T00:08:33Z

This PR is in a state where it requires action by @openssl/committers but the last update was 30 days ago

openssl-machine · 2024-12-11T00:08:41Z

This PR is in a state where it requires action by @openssl/committers but the last update was 61 days ago

openssl-machine · 2025-01-11T00:08:56Z

This PR is in a state where it requires action by @openssl/committers but the last update was 92 days ago

openssl-machine · 2025-02-11T00:08:38Z

This PR is in a state where it requires action by @openssl/committers but the last update was 123 days ago

Co-authored-by: Viktor Dukhovni <viktor1ghub@dukhovni.org>

BMDan · 2025-03-11T17:48:09Z

👋 @vdukhovni or @t8m ?

openssl-machine · 2025-04-11T00:09:01Z

This PR is in a state where it requires action by @openssl/committers but the last update was 30 days ago

mattcaswell

Looks good

mattcaswell · 2025-04-11T09:02:52Z

Configure

+                if (not exists $disabled{$i})
+                        {
+                        $this_color=$en_color;
+                        $i = uc $i;


Not sure I really like the upper casing here. Traditionally these things have always been written lowercase.

ping @BMDan

Both uppercasing and color are used to indicate which options are enabled or disabled. There are two circumstances where color alone wouldn't suffice: if color's not available and/or enabled for the terminal—which we could usually programmatically detect—or if the user is unable to distinguish between colors—which we cannot.

I can certainly leave out the uppercasing logic, but that leaves color as the only mechanism by means of which this information will be communicated to the user.

Which approach would you prefer?

ping @mattcaswell @t8m

I'm ok to leave it as is

openssl-machine · 2025-05-12T00:09:07Z

This PR is in a state where it requires action by @openssl/committers but the last update was 30 days ago

openssl-machine · 2025-06-12T00:09:31Z

This PR is in a state where it requires action by @openssl/committers but the last update was 61 days ago

BMDan · 2025-07-04T00:03:20Z

👋 @mattcaswell @t8m @vdukhovni 🙏

mattcaswell · 2025-07-04T07:42:51Z

Configure

+                if (not exists $disabled{$i})
+                        {
+                        $this_color=$en_color;
+                        $i = uc $i;


I'm ok to leave it as is

BMDan force-pushed the fix/restore-missing-Configure-help branch from 2ac50a3 to e1f6a61 Compare November 4, 2023 20:01

hlandau requested changes Nov 6, 2023

View reviewed changes

Configure Show resolved Hide resolved

mattcaswell added the hold: cla required The contributor needs to submit a license agreement label Nov 6, 2023

github-actions bot added the severity: fips change The pull request changes FIPS provider sources label Nov 6, 2023

t8m added the cla: trivial One of the commits is marked as 'CLA: trivial' label Nov 7, 2023

t8m closed this Dec 14, 2023

t8m reopened this Dec 14, 2023

openssl-machine removed the hold: cla required The contributor needs to submit a license agreement label Dec 14, 2023

t8m added the hold: cla required The contributor needs to submit a license agreement label Dec 14, 2023

github-actions bot removed the severity: fips change The pull request changes FIPS provider sources label Dec 14, 2023

BMDan added 2 commits January 25, 2024 12:20

fix: restore missing --help in Configure

8adf931

fix: Apply cascade-disables before showing status

2c05fa9

BMDan force-pushed the fix/restore-missing-Configure-help branch from e1f6a61 to 2c05fa9 Compare January 25, 2024 20:23

openssl-machine removed the hold: cla required The contributor needs to submit a license agreement label Jan 25, 2024

BMDan changed the title ~~fix: restore missing --help in Configure~~ fix: restore missing --help in Configure, clean up output and show enabled/disabled flags, warn user of possible incorrect usage Jan 25, 2024

BMDan requested a review from hlandau February 27, 2024 18:52

t8m added branch: master Merge to master branch approval: review pending This pull request needs review by a committer and removed cla: trivial One of the commits is marked as 'CLA: trivial' labels Mar 18, 2024

t8m added approval: otc review pending triaged: feature The issue/pr requests/adds a feature tests: exempted The PR is exempt from requirements for testing labels Mar 18, 2024

t8m requested a review from levitte March 18, 2024 09:02

t8m closed this Mar 18, 2024

t8m reopened this Mar 18, 2024

t8m requested a review from a team May 8, 2024 09:19

t8m removed the approval: otc review pending label Sep 9, 2024

vdukhovni requested changes Oct 10, 2024

View reviewed changes

Configure Outdated Show resolved Hide resolved

Configure Outdated Show resolved Hide resolved

Apply suggestions from code review

2f7cf33

Co-authored-by: Viktor Dukhovni <viktor1ghub@dukhovni.org>

BMDan requested a review from vdukhovni February 12, 2025 02:00

mattcaswell requested changes Apr 11, 2025

View reviewed changes

mattcaswell approved these changes Jul 4, 2025

View reviewed changes

Configure

if (not exists $disabled{$i})

{

$this_color=$en_color;

$i = uc $i;

Copy link

Member

mattcaswell Jul 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm ok to leave it as is

mattcaswell requested a review from t8m July 4, 2025 07:43

Uh oh!

fix: restore missing --help in Configure, clean up output and show enabled/disabled flags, warn user of possible incorrect usage #22621

Are you sure you want to change the base?

fix: restore missing --help in Configure, clean up output and show enabled/disabled flags, warn user of possible incorrect usage #22621

Conversation

BMDan commented Nov 3, 2023 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

nhorman commented Nov 4, 2023

Uh oh!

BMDan commented Nov 4, 2023

Uh oh!

hlandau left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

hlandau commented Nov 6, 2023

Uh oh!

mattcaswell commented Nov 6, 2023

Uh oh!

openssl-machine commented Dec 8, 2023

Uh oh!

BMDan commented Dec 14, 2023

Uh oh!

t8m commented Dec 14, 2023

Uh oh!

openssl-machine commented Jan 14, 2024

Uh oh!

openssl-machine commented Feb 25, 2024

Uh oh!

BMDan commented Mar 10, 2024

Uh oh!

BMDan commented Mar 15, 2024

Uh oh!

BMDan commented Apr 7, 2024

Uh oh!

openssl-machine commented May 8, 2024

Uh oh!

openssl-machine commented Jun 8, 2024

Uh oh!

openssl-machine commented Jul 9, 2024

Uh oh!

openssl-machine commented Aug 8, 2024

Uh oh!

openssl-machine commented Sep 8, 2024

Uh oh!

openssl-machine commented Oct 10, 2024

Uh oh!

vdukhovni left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

openssl-machine commented Nov 10, 2024

Uh oh!

openssl-machine commented Dec 11, 2024

Uh oh!

openssl-machine commented Jan 11, 2025

Uh oh!

openssl-machine commented Feb 11, 2025

Uh oh!

BMDan commented Mar 11, 2025

Uh oh!

openssl-machine commented Apr 11, 2025

Uh oh!

mattcaswell left a comment

Choose a reason for hiding this comment

Uh oh!

mattcaswell Apr 11, 2025

Choose a reason for hiding this comment

Uh oh!

t8m May 12, 2025

Choose a reason for hiding this comment

Uh oh!

BMDan May 13, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

BMDan Jun 10, 2025

Choose a reason for hiding this comment

BMDan commented Nov 3, 2023 •

edited

Loading

BMDan May 13, 2025 •

edited

Loading