Openssl portable (#132)

* +scripts/test-all.ts
2024-09-20 00:30:48 +03:00 · 2022-09-14 11:43:44 -04:00 · 2022-09-14 11:43:44 -04:00 · e968bff3f1
parent cc306dd2f8
commit e968bff3f1
3 changed files with 68 additions and 29 deletions
--- a/projects/openssl.org/package.yml
+++ b/projects/openssl.org/package.yml
@ -21,37 +21,43 @@ build:
    tea.xyz/gx/cc: c99
    tea.xyz/gx/make: '*'
    perl.org: 5
-    curl.se: '*'  # to download ca-certs on linux
-    git-scm.org: 2
+    curl.se: '*'    # to download ca-certs on linux
+    git-scm.org: 2  # to apply our patch
  script: |
-    if {{ hw.platform }} = linux; then
-      git apply {{ pkg.pantry-prefix }}/x509_def.c.diff
-    fi
+    git apply "{{ pkg.pantry-prefix }}"/x509_def.c.diff

-    ./Configure --prefix={{ prefix }} $ARCH no-tests $ARGS
+    ./Configure --prefix={{ prefix }} $ARCH no-tests $ARGS --openssldir={{prefix}}/ssl
    make --jobs {{ hw.concurrency }}
-    make install_sw  # `_sw` avoids installing docs
+    make install_sw   # `_sw` avoids installing docs

-    if test {{hw.platform}} = linux; then
-      #FIXME needs to be a curl.se/ca-certs that gets updates
-      mkdir -p "{{prefix}}/ssl"
-      curl -k https://curl.se/ca/cacert-2022-07-19.pem -o "{{prefix}}/ssl"/cert.pem
-    fi
+    #FIXME needs to be a curl.se/ca-certs that gets updates
+    #FIXME on macOS use /etc/ssl/cert.pem (I couldn't make this work)
+    #FIXME or on macOS get certs from the keychain
+    cd "{{prefix}}"
+    mkdir -p ssl
+    curl -k https://curl.se/ca/cacert-2022-07-19.pem -o ssl/cert.pem
  env:
    darwin/aarch64: {ARCH: 'darwin64-arm64-cc'}
    darwin/x86-64:  {ARCH: 'darwin64-x86_64-cc'}
    linux/aarch64:  {ARCH: 'linux-aarch64'}
    linux/x86-64:   {ARCH: 'linux-x86_64'}
    darwin:
-      ARGS: --openssldir=/etc/ssl
+      # supposedly enables important optimizations
+      ARGS: enable-ec_nistp_64_gcc_128
+  test:
+    make test

 #TODO need to test the SSL certs work
 # otherwise we are basically relying on wget etc. to test for it

 test:
+  dependencies:
+    gnu.org/wget: '*'
  script: |
    echo "This is a test file" > in
    openssl dgst -sha256 -out out ./in
    test "$(cat ./out)" = "$SAMPLE"
+
+    wget tea.xyz  # test the certs work
  env:
    SAMPLE: SHA256(./in)= c87e2ca771bab6024c269b933389d2a92d4941c848c52f155b9b84e1f109fe35
--- a/projects/openssl.org/x509_def.c.diff
+++ b/projects/openssl.org/x509_def.c.diff
@ -1,32 +1,37 @@
 diff --git a/crypto/x509/x509_def.c b/crypto/x509/x509_def.c
-index bfa8d7d..7e83bae 100644
+index bfa8d7d..da3c743 100644
 --- a/crypto/x509/x509_def.c
 +++ b/crypto/x509/x509_def.c
-@@ -11,25 +11,48 @@
+@@ -11,25 +11,53 @@
 #include "internal/cryptlib.h"
 #include <openssl/crypto.h>
 #include <openssl/x509.h>
-+#include <dlfcn.h>
-+#include <libgen.h>
+#include <libgen.h>   /* dirname */
+
+#ifdef __linux__
+#define __USE_GNU
+#endif
+#include <dlfcn.h>    /* dladdr */
 +
 +const char *relocat0r(const char *suffix) {
-+    Dl_info info;
-+    if (dladdr(relocat0r, &info)) {
-+        const char *prefix = dirname(info.dli_fname);
-+        char *dir = malloc(strlen(prefix) + strlen(suffix) + 2);
-+        if (dir == NULL) { return NULL; }
-+        sprintf(dir, "%s/%s", prefix, suffix);
-+        return dir;
+    static const char *prefix = NULL;
+    if (!prefix) {
+      // repeated calls to dladdr seem to return different values on Linux ¯\_(ツ)_/¯
+      Dl_info info;
+      if (!dladdr(relocat0r, &info)) { return NULL; }
+      prefix = dirname(info.dli_fname);
 +    }
-+    return NULL;
+    char *dir = malloc(strlen(prefix) + 4 + strlen(suffix) + 2);
+    if (!dir) { return NULL; }
+    sprintf(dir, "%s/../%s", prefix, suffix);
+    return dir;
 +}
-+

 const char *X509_get_default_private_dir(void)
 {
 -    return X509_PRIVATE_DIR;
 +    static const char *dir = NULL;
-+    if (!dir) dir = relocat0r("private");
+    if (!dir) dir = relocat0r("ssl/private");
 +    return dir ?: X509_PRIVATE_DIR;
 }

@ -42,7 +47,7 @@ index bfa8d7d..7e83bae 100644
 {
 -    return X509_CERT_DIR;
 +    static const char *dir = NULL;
-+    if (!dir) dir = relocat0r("certs");
+    if (!dir) dir = relocat0r("ssl/certs");
 +    return dir ?: X509_CERT_DIR;
 }

@ -50,7 +55,7 @@ index bfa8d7d..7e83bae 100644
 {
 -    return X509_CERT_FILE;
 +    static const char *dir = NULL;
-+    if (!dir) dir = relocat0r("cert.pem");
+    if (!dir) dir = relocat0r("ssl/cert.pem");
 +    return dir ?: X509_CERT_FILE;
 }

--- a/scripts/test-all.ts
+++ b/scripts/test-all.ts
@ -0,0 +1,28 @@
+#!/usr/bin/env -S tea -E
+
+/*---
+args:
+  - deno
+  - run
+  - --allow-run
+  - --allow-read
+  - --allow-env
+  - --import-map={{ srcroot }}/import-map.json
+---*/
+
+import { Path } from "types"
+import { ls } from "./ls.ts"
+
+const cwd = new Path(new URL(import.meta.url).pathname).parent().string
+
+for await (const { project } of ls()) {
+  const proc = Deno.run({
+    stdout: "null", stderr: "null",
+    cmd: ["./test.ts", project],
+    cwd
+  })
+  const status = await proc.status()
+  if (status.code !== 0) {
+    console.error(`test failed: ${project}`)
+  }
+}