pantry/projects/openssl.org/package.yml

65 lines
1.8 KiB
YAML
Raw Normal View History

2022-09-14 00:53:12 +03:00
# NOTE
# on darwin we use Apples provided TLS certs at /etc/certs
# on linux we grab the curl certs (usually these are package as ca-certificates)
2022-08-02 04:18:01 +03:00
distributable:
2022-12-16 18:59:59 +03:00
url: https://www.openssl.org/source/openssl-{{version.raw}}.tar.gz
sha: ${{url}}.sha256
sig: ${{url}}.asc
2022-08-02 04:18:01 +03:00
strip-components: 1
versions:
2022-12-16 18:59:59 +03:00
- 1.1.1s
2022-08-02 04:18:01 +03:00
# github: openssl/openssl
2022-12-16 18:59:59 +03:00
# transform: /^OpenSSL_(\d+)_(\d+)_(\d+\w)$/$1.$2.$3/
2022-08-02 04:18:01 +03:00
provides:
- bin/openssl
- bin/c_rehash
build:
dependencies:
tea.xyz/gx/cc: c99
tea.xyz/gx/make: '*'
perl.org: 5
curl.se: '*' # to download ca-certs on linux
git-scm.org: 2 # to apply our patch
2022-08-02 04:18:01 +03:00
script: |
2022-09-25 16:06:14 +03:00
git apply props/x509_def.c.diff
2022-09-14 00:53:12 +03:00
./Configure --prefix={{ prefix }} $ARCH no-tests $ARGS --openssldir={{prefix}}/ssl
2022-08-02 04:18:01 +03:00
make --jobs {{ hw.concurrency }}
make install_sw # `_sw` avoids installing docs
#FIXME needs to be a curl.se/ca-certs that gets updates
#FIXME on macOS use /etc/ssl/cert.pem (I couldn't make this work)
#FIXME or on macOS get certs from the keychain
cd "{{prefix}}"
mkdir -p ssl
curl -k https://curl.se/ca/cacert-2022-07-19.pem -o ssl/cert.pem
2022-09-01 20:49:14 +03:00
env:
darwin/aarch64: {ARCH: 'darwin64-arm64-cc'}
darwin/x86-64: {ARCH: 'darwin64-x86_64-cc'}
linux/aarch64: {ARCH: 'linux-aarch64'}
linux/x86-64: {ARCH: 'linux-x86_64'}
2022-09-14 00:53:12 +03:00
darwin:
# supposedly enables important optimizations
ARGS: enable-ec_nistp_64_gcc_128
test:
make test
2022-09-14 00:53:12 +03:00
#TODO need to test the SSL certs work
# otherwise we are basically relying on wget etc. to test for it
2022-08-02 04:18:01 +03:00
test:
dependencies:
gnu.org/wget: '*'
2022-08-02 04:18:01 +03:00
script: |
echo "This is a test file" > in
openssl dgst -sha256 -out out ./in
test "$(cat ./out)" = "$SAMPLE"
wget tea.xyz # test the certs work
2022-08-02 04:18:01 +03:00
env:
SAMPLE: SHA256(./in)= c87e2ca771bab6024c269b933389d2a92d4941c848c52f155b9b84e1f109fe35