Introduce the "stanard" feature

The 'default' features are always enabled regardless of which build
features are requested, forcing ugly cfg statement to exclude specific
featurs when incompatible ones are selected, like "fips".

Instead of always compiling all mechanisms by default, introduce the
"standard" that pulls in all mechanism, while the "fips" feature pulls
in only the mechanisms to add in a fips build.

Change packaging and CI to use "standard" everywhere we implied the use
the "default" feature set before.

Signed-off-by: Simo Sorce <[email protected]>

.github/workflows/build.yml

@@ -78,16 +78,16 @@ jobs:
       - name: Build
         run: |
           if [ "${{ matrix.name }}" = "fips" ]; then
-            cargo build -vv --no-default-features --features fips
+            cargo build -vv --features fips
           fi
           if [ "${{ matrix.name }}" = "ossl3" ]; then
-            cargo build -vv
+            cargo build -vv --features standard
           fi
           if [ "${{ matrix.name }}" = "release" ]; then
-            cargo build -vv --release
+            cargo build -vv --release --features standard
           fi
           if [ "${{ matrix.name }}" = "dynamic" ]; then
-            cargo build -vv --release --features dynamic
+            cargo build -vv --release --features standard,dynamic
           fi
 
       - name: Test
@@ -96,16 +96,16 @@ jobs:
             cargo test --no-default-features --features fips
           fi
           if [ "${{ matrix.name }}" = "ossl3" ]; then
-            cargo test
+            cargo test --features standard
           fi
           if [ "${{ matrix.name }}" = "release" ]; then
-            cargo test --release
+            cargo test --release --features standard
           fi
           if [ "${{ matrix.name }}" = "dynamic" ]; then
-            cargo test --release --features dynamic
+            cargo test --release --features standard,dynamic
           fi
           if [ "${{ matrix.name }}" = "i686" ]; then
-            cargo test --target i686-unknown-linux-gnu --features dynamic
+            cargo test --target i686-unknown-linux-gnu --features standard,dynamic
           fi
 
       - uses: actions/upload-artifact@v3

Cargo.toml

@@ -67,13 +67,11 @@ memorydb = []
 sqlitedb = ["dep:rusqlite"]
 
 # these are always required, so easier to specify this way
-basic = [ "aes", "hmac", "pbkdf2", "sqlitedb" ]
+default = [ "aes", "hmac", "pbkdf2", "sqlitedb" ]
 
-#select everything by default
-# Use --no-default-features --features basic, xxx for custom selections
-default = [ "basic", "ecdsa", "ec_montgomery", "eddsa", "ecdh", "hash", "hkdf", "rsa", "sp800_108", "sshkdf", "tlskdf"]
+standard = [ "ecdsa", "ec_montgomery", "eddsa", "ecdh", "hash", "hkdf", "rsa", "sp800_108", "sshkdf", "tlskdf"]
 
-fips = [ "rusqlite/bundled", "basic", "ecdsa", "ecdh", "hash", "hkdf", "rsa", "sp800_108", "sshkdf", "tlskdf"]
+fips = [ "rusqlite/bundled", "ecdsa", "ecdh", "hash", "hkdf", "rsa", "sp800_108", "sshkdf", "tlskdf"]
 
 dynamic = [ ] # Builds against system libcrypto.so
 

packaging/kryoptic.spec

@@ -44,20 +44,20 @@ A PKCS #11 software token written in Rust.}
 %cargo_prep
 
 %generate_buildrequires
-%cargo_generate_buildrequires -f dynamic
+%cargo_generate_buildrequires -f standard,dynamic
 
 %build
-CONFDIR=%{_sysconfdir} %cargo_build -f dynamic
-%{cargo_license_summary -f dynamic}
-%{cargo_license -f dynamic} > LICENSE.dependencies
+CONFDIR=%{_sysconfdir} %cargo_build -f standard,dynamic
+%{cargo_license_summary -f standard,dynamic}
+%{cargo_license -f standard,dynamic} > LICENSE.dependencies
 
 %install
-%cargo_install -f dynamic
+%cargo_install -f standard,dynamic
 install -Dp target/rpm/libkryoptic_pkcs11.so $RPM_BUILD_ROOT/%{_libdir}/libkryoptic_pkcs11.so
 
 %if %{with check}
 %check
-%cargo_test -f dynamic
+%cargo_test -f standard,dynamic
 %endif
 
 %files