2022-09-14 00:53:12 +03:00
|
|
|
|
# NOTE
|
|
|
|
|
# on darwin we use Apple’s provided TLS certs at /etc/certs
|
|
|
|
|
# on linux we grab the curl certs (usually these are package as ca-certificates)
|
|
|
|
|
|
2022-08-02 04:18:01 +03:00
|
|
|
|
distributable:
|
2022-12-16 18:59:59 +03:00
|
|
|
|
url: https://www.openssl.org/source/openssl-{{version.raw}}.tar.gz
|
|
|
|
|
sha: ${{url}}.sha256
|
|
|
|
|
sig: ${{url}}.asc
|
2022-08-02 04:18:01 +03:00
|
|
|
|
strip-components: 1
|
|
|
|
|
|
|
|
|
|
versions:
|
2022-12-16 18:59:59 +03:00
|
|
|
|
- 1.1.1s
|
2022-08-02 04:18:01 +03:00
|
|
|
|
# github: openssl/openssl
|
2022-12-16 18:59:59 +03:00
|
|
|
|
# transform: /^OpenSSL_(\d+)_(\d+)_(\d+\w)$/$1.$2.$3/
|
2022-08-02 04:18:01 +03:00
|
|
|
|
|
|
|
|
|
provides:
|
|
|
|
|
- bin/openssl
|
|
|
|
|
- bin/c_rehash
|
|
|
|
|
|
|
|
|
|
build:
|
|
|
|
|
dependencies:
|
|
|
|
|
tea.xyz/gx/cc: c99
|
|
|
|
|
tea.xyz/gx/make: '*'
|
|
|
|
|
perl.org: 5
|
2022-09-14 18:43:44 +03:00
|
|
|
|
curl.se: '*' # to download ca-certs on linux
|
|
|
|
|
git-scm.org: 2 # to apply our patch
|
2022-08-02 04:18:01 +03:00
|
|
|
|
script: |
|
2022-09-25 16:06:14 +03:00
|
|
|
|
git apply props/x509_def.c.diff
|
2022-09-14 00:53:12 +03:00
|
|
|
|
|
2022-09-14 18:43:44 +03:00
|
|
|
|
./Configure --prefix={{ prefix }} $ARCH no-tests $ARGS --openssldir={{prefix}}/ssl
|
2022-08-02 04:18:01 +03:00
|
|
|
|
make --jobs {{ hw.concurrency }}
|
2022-09-14 18:43:44 +03:00
|
|
|
|
make install_sw # `_sw` avoids installing docs
|
|
|
|
|
|
|
|
|
|
#FIXME needs to be a curl.se/ca-certs that gets updates
|
|
|
|
|
#FIXME on macOS use /etc/ssl/cert.pem (I couldn't make this work)
|
|
|
|
|
#FIXME or on macOS get certs from the keychain
|
|
|
|
|
cd "{{prefix}}"
|
|
|
|
|
mkdir -p ssl
|
|
|
|
|
curl -k https://curl.se/ca/cacert-2022-07-19.pem -o ssl/cert.pem
|
2022-09-01 20:49:14 +03:00
|
|
|
|
env:
|
|
|
|
|
darwin/aarch64: {ARCH: 'darwin64-arm64-cc'}
|
|
|
|
|
darwin/x86-64: {ARCH: 'darwin64-x86_64-cc'}
|
|
|
|
|
linux/aarch64: {ARCH: 'linux-aarch64'}
|
|
|
|
|
linux/x86-64: {ARCH: 'linux-x86_64'}
|
2022-09-14 00:53:12 +03:00
|
|
|
|
darwin:
|
2022-09-14 18:43:44 +03:00
|
|
|
|
# supposedly enables important optimizations
|
|
|
|
|
ARGS: enable-ec_nistp_64_gcc_128
|
|
|
|
|
test:
|
|
|
|
|
make test
|
2022-09-14 00:53:12 +03:00
|
|
|
|
|
|
|
|
|
#TODO need to test the SSL certs work
|
|
|
|
|
# otherwise we are basically relying on wget etc. to test for it
|
2022-08-02 04:18:01 +03:00
|
|
|
|
|
|
|
|
|
test:
|
2022-09-14 18:43:44 +03:00
|
|
|
|
dependencies:
|
|
|
|
|
gnu.org/wget: '*'
|
2022-08-02 04:18:01 +03:00
|
|
|
|
script: |
|
|
|
|
|
echo "This is a test file" > in
|
|
|
|
|
openssl dgst -sha256 -out out ./in
|
|
|
|
|
test "$(cat ./out)" = "$SAMPLE"
|
2022-09-14 18:43:44 +03:00
|
|
|
|
|
|
|
|
|
wget tea.xyz # test the certs work
|
2022-08-02 04:18:01 +03:00
|
|
|
|
env:
|
|
|
|
|
SAMPLE: SHA256(./in)= c87e2ca771bab6024c269b933389d2a92d4941c848c52f155b9b84e1f109fe35
|