From bcab6772b8f070aaae688066ae76103b511f8a4e Mon Sep 17 00:00:00 2001 From: Christoph Junghans Date: Wed, 31 Jul 2013 13:52:40 -0600 Subject: [PATCH] Drop md5sum check for GMX_BUILD_OWN_FFTW The old version gave a confusing error message about a wrong md5sum if the download failed. The new version no longer checks an md5sum at all, which avoids the need to test a CMake version. It also gives an explicit warning and instructions on how to proceed safely. CMake bug reported at http://www.cmake.org/Bug/view.php?id=14330 Noted TODO to revisit if that bug gets fixed. Noted TODO in master branch to show this warning only the first time a suitable cached variable is set. Change-Id: I403896505b178251087d71f95362c3754cd4a2de --- admin/installguide/installguide.tex | 3 +++ src/contrib/fftw/CMakeLists.txt | 19 +++++++------------ 2 files changed, 10 insertions(+), 12 deletions(-) diff --git a/admin/installguide/installguide.tex b/admin/installguide/installguide.tex index b5ede9a4d8..770a8668d8 100644 --- a/admin/installguide/installguide.tex +++ b/admin/installguide/installguide.tex @@ -237,6 +237,9 @@ recommends either build \fftw{} \fftwversion{} from source automatically for you (use \verb+cmake -DGMX_BUILD_OWN_FFTW=ON+), or \item that you build \fftw{} from the source code. +Note that the GROMACS-managed download of the FFTW tarball has a +slight chance of posing a security risk. If you use this option, you +will see a warning that advises how you can eliminate this risk. \end{itemize} If you build \fftw{} from source yourself, get the most recent version diff --git a/src/contrib/fftw/CMakeLists.txt b/src/contrib/fftw/CMakeLists.txt index 6787c83ea8..d081121dce 100644 --- a/src/contrib/fftw/CMakeLists.txt +++ b/src/contrib/fftw/CMakeLists.txt @@ -28,24 +28,19 @@ endif() # Machinery for running the external project set(EXTERNAL_FFTW_VERSION 3.3.2) -set(EXTERNAL_FFTW_VERSION_MD5_SUM 6977ee770ed68c85698c7168ffa6e178) include(ExternalProject) -if(CMAKE_VERSION VERSION_LESS 2.8.3) - # Can't check MD5 sum with this CMake version - message(WARNING "GROMACS is downloading FFTW ${EXTERNAL_FFTW_VERSION}, but your version of CMake is too old to allow GROMACS to check that the archive it receives is correct. GROMACS will build and link to FFTW anyway, but there is a security risk if you execute a GROMACS tool that calls this library. Either build your own FFTW, or update CMake to at least version 2.8.3.") - ExternalProject_add(gmxfftw - URL "http://www.fftw.org/fftw-${EXTERNAL_FFTW_VERSION}.tar.gz" - CONFIGURE_COMMAND /configure --prefix= - ${GMX_BUILD_OWN_FFTW_SHARED_FLAG} ${GMX_BUILD_OWN_FFTW_OPTIMIZATION_CONFIGURATION} - ${GMX_BUILD_OWN_FFTW_PREC}) -else() +# TODO in master branch - show this warning only on the first run +# by using gmx_check_if_changed_result from I21b791ab8e4f3 when +# that becomes available +message(WARNING "The GROMACS build will download FFTW ${EXTERNAL_FFTW_VERSION} as requested, but it will not know the file it receives is correct. GROMACS will build and link to FFTW anyway, but there is a possible security risk if you execute a GROMACS tool that calls this library. You can use\nmake gmxfftw\n to do the download and build, and then run\nmd5sum src/contrib/fftw/gmxfftw-prefix/src/fftw-3.3.2.tar.gz\nto see if it matches 6977ee770ed68c85698c7168ffa6e178. If so, everything is OK and you should proceed with the rest of the GROMACS build. Alternatively, you can follow the GROMACS installation instructions to build FFTW yourself.") +# TODO if/when CMake fixes http://www.cmake.org/Bug/view.php?id=14330 +# (ie. at least version > 2.8.11.2), consider reverting to using an +# md5sum check to avoid needing the above warning ExternalProject_add(gmxfftw URL "http://www.fftw.org/fftw-${EXTERNAL_FFTW_VERSION}.tar.gz" - URL_MD5 ${EXTERNAL_FFTW_VERSION_MD5_SUM} CONFIGURE_COMMAND /configure --prefix= ${GMX_BUILD_OWN_FFTW_SHARED_FLAG} ${GMX_BUILD_OWN_FFTW_OPTIMIZATION_CONFIGURATION} ${GMX_BUILD_OWN_FFTW_PREC}) -endif() externalproject_get_property(gmxfftw INSTALL_DIR) # The dependency that triggers building the gmxfftw target gets made where libmd is constructed -- 2.22.0