feat(crypto): make libsodium a build-selectable optional backend (#102)#103
Merged
Conversation
libsodium was meant to be an optional accelerator, but the build option never reached the source: tunnel.zig and main.zig chose the AEAD backend from builtin.os.tag alone, so -Dno-sodium skipped linkage yet still compiled the sodium path, leaving unresolved symbols on Linux. Add a build_options module carrying use_libsodium (resolved in build.zig from -Dcrypto-backend=auto|std|sodium, with -Dno-sodium kept as a std alias) and thread it into every module. tunnel.zig and main.zig now read build_options.use_libsodium, so source and linker always agree; linkage collapses to a single `if (use_libsodium)`. auto preserves the prior default (libsodium on Linux desktop, std.crypto elsewhere). -Dno-sodium / -Dcrypto-backend=std builds a pure std.crypto binary on Linux x86_64 with no libsodium dependency (verified end-to-end).
There was a problem hiding this comment.
Pull request overview
This PR makes libsodium a truly optional crypto backend by threading the build-selected backend choice into Zig source via a generated build_options module, ensuring compile-time backend selection matches linker configuration (fixing the Linux -Dno-sodium link-failure described in #102).
Changes:
- Adds
-Dcrypto-backend=auto|std|sodium(with-Dno-sodiumkept as an alias) and derives a singleuse_libsodiumboolean inbuild.zig. - Passes
use_libsodiuminto source as@import("build_options").use_libsodium, updating backend selection intunnel.zigand libsodium init gating inmain.zig. - Collapses libsodium linkage to
if (use_libsodium)across build targets/modules so source and linkage agree.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| src/wireguard/tunnel.zig | Switches AEAD backend selection to build_options.use_libsodium so codegen aligns with build config. |
| src/main.zig | Gates libsodium initialization on build_options.use_libsodium rather than OS-only detection. |
| build.zig | Introduces crypto-backend selection, generates build_options, imports it into modules, and links libsodium only when selected. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
+32
to
+36
| const use_libsodium = if (no_sodium) false else switch (crypto_backend) { | ||
| .std => false, | ||
| .sodium => true, | ||
| .auto => auto_libsodium, | ||
| }; |
Owner
Author
There was a problem hiding this comment.
Good catch — fixed in c843ff4. The build now fails fast with a clear message when -Dno-sodium=true is combined with -Dcrypto-backend=sodium (only that pairing; -Dno-sodium with std/auto is still accepted as a no-op/alias).
…sodium (PR #103 review — Copilot)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Makes
-Dno-sodium/-Dcrypto-backendactually reach the source, so MeshGuard can build withstd.cryptoand no libsodium — addresses #102.Previously the build option only controlled linkage:
tunnel.zigandmain.zigchose the AEAD backend frombuiltin.os.tagalone, so-Dno-sodium=trueon Linux skipped linking libsodium yet still compiled the sodium path → unresolved symbols at link time. The flag was effectively a no-op (or broke the build) on Linux.Changes
build_optionsmodule exposinguse_libsodium, resolved inbuild.zigfrom a new-Dcrypto-backend=auto|std|sodium(with-Dno-sodiumkept as astdalias), and thread it into every module (ffi, exe, lib, interop, test).tunnel.zigandmain.zignow readbuild_options.use_libsodiuminstead ofbuiltin.os.tag, so source and linker always agree. Linkage collapses to a singleif (use_libsodium).autopreserves prior behaviour: libsodium on Linux desktop (non-Android),std.cryptoeverywhere else.Verification
-Dno-sodium=true/-Dcrypto-backend=std.zig build -Dtarget=x86_64-linux-gnu -Dno-sodium=true→ builds cleanly withstd.crypto, no libsodium (the acceptance criterion that previously failed at link time).zig build test -Dcrypto-backend=sodium(linking system libsodium) → 40/40 tests pass, including the tunnel encrypt/decrypt roundtrip through libsodium.Acceptance criteria (#102)
std.cryptoon Linux without libsodium installedbuild.zigpassesuse_libsodiumthrough to the embedded module)