mirror of
https://github.com/ivabus/pantry
synced 2024-09-20 00:30:48 +03:00
parent
cc306dd2f8
commit
e968bff3f1
|
@ -21,37 +21,43 @@ build:
|
||||||
tea.xyz/gx/cc: c99
|
tea.xyz/gx/cc: c99
|
||||||
tea.xyz/gx/make: '*'
|
tea.xyz/gx/make: '*'
|
||||||
perl.org: 5
|
perl.org: 5
|
||||||
curl.se: '*' # to download ca-certs on linux
|
curl.se: '*' # to download ca-certs on linux
|
||||||
git-scm.org: 2
|
git-scm.org: 2 # to apply our patch
|
||||||
script: |
|
script: |
|
||||||
if {{ hw.platform }} = linux; then
|
git apply "{{ pkg.pantry-prefix }}"/x509_def.c.diff
|
||||||
git apply {{ pkg.pantry-prefix }}/x509_def.c.diff
|
|
||||||
fi
|
|
||||||
|
|
||||||
./Configure --prefix={{ prefix }} $ARCH no-tests $ARGS
|
./Configure --prefix={{ prefix }} $ARCH no-tests $ARGS --openssldir={{prefix}}/ssl
|
||||||
make --jobs {{ hw.concurrency }}
|
make --jobs {{ hw.concurrency }}
|
||||||
make install_sw # `_sw` avoids installing docs
|
make install_sw # `_sw` avoids installing docs
|
||||||
|
|
||||||
if test {{hw.platform}} = linux; then
|
#FIXME needs to be a curl.se/ca-certs that gets updates
|
||||||
#FIXME needs to be a curl.se/ca-certs that gets updates
|
#FIXME on macOS use /etc/ssl/cert.pem (I couldn't make this work)
|
||||||
mkdir -p "{{prefix}}/ssl"
|
#FIXME or on macOS get certs from the keychain
|
||||||
curl -k https://curl.se/ca/cacert-2022-07-19.pem -o "{{prefix}}/ssl"/cert.pem
|
cd "{{prefix}}"
|
||||||
fi
|
mkdir -p ssl
|
||||||
|
curl -k https://curl.se/ca/cacert-2022-07-19.pem -o ssl/cert.pem
|
||||||
env:
|
env:
|
||||||
darwin/aarch64: {ARCH: 'darwin64-arm64-cc'}
|
darwin/aarch64: {ARCH: 'darwin64-arm64-cc'}
|
||||||
darwin/x86-64: {ARCH: 'darwin64-x86_64-cc'}
|
darwin/x86-64: {ARCH: 'darwin64-x86_64-cc'}
|
||||||
linux/aarch64: {ARCH: 'linux-aarch64'}
|
linux/aarch64: {ARCH: 'linux-aarch64'}
|
||||||
linux/x86-64: {ARCH: 'linux-x86_64'}
|
linux/x86-64: {ARCH: 'linux-x86_64'}
|
||||||
darwin:
|
darwin:
|
||||||
ARGS: --openssldir=/etc/ssl
|
# supposedly enables important optimizations
|
||||||
|
ARGS: enable-ec_nistp_64_gcc_128
|
||||||
|
test:
|
||||||
|
make test
|
||||||
|
|
||||||
#TODO need to test the SSL certs work
|
#TODO need to test the SSL certs work
|
||||||
# otherwise we are basically relying on wget etc. to test for it
|
# otherwise we are basically relying on wget etc. to test for it
|
||||||
|
|
||||||
test:
|
test:
|
||||||
|
dependencies:
|
||||||
|
gnu.org/wget: '*'
|
||||||
script: |
|
script: |
|
||||||
echo "This is a test file" > in
|
echo "This is a test file" > in
|
||||||
openssl dgst -sha256 -out out ./in
|
openssl dgst -sha256 -out out ./in
|
||||||
test "$(cat ./out)" = "$SAMPLE"
|
test "$(cat ./out)" = "$SAMPLE"
|
||||||
|
|
||||||
|
wget tea.xyz # test the certs work
|
||||||
env:
|
env:
|
||||||
SAMPLE: SHA256(./in)= c87e2ca771bab6024c269b933389d2a92d4941c848c52f155b9b84e1f109fe35
|
SAMPLE: SHA256(./in)= c87e2ca771bab6024c269b933389d2a92d4941c848c52f155b9b84e1f109fe35
|
||||||
|
|
|
@ -1,32 +1,37 @@
|
||||||
diff --git a/crypto/x509/x509_def.c b/crypto/x509/x509_def.c
|
diff --git a/crypto/x509/x509_def.c b/crypto/x509/x509_def.c
|
||||||
index bfa8d7d..7e83bae 100644
|
index bfa8d7d..da3c743 100644
|
||||||
--- a/crypto/x509/x509_def.c
|
--- a/crypto/x509/x509_def.c
|
||||||
+++ b/crypto/x509/x509_def.c
|
+++ b/crypto/x509/x509_def.c
|
||||||
@@ -11,25 +11,48 @@
|
@@ -11,25 +11,53 @@
|
||||||
#include "internal/cryptlib.h"
|
#include "internal/cryptlib.h"
|
||||||
#include <openssl/crypto.h>
|
#include <openssl/crypto.h>
|
||||||
#include <openssl/x509.h>
|
#include <openssl/x509.h>
|
||||||
+#include <dlfcn.h>
|
+#include <libgen.h> /* dirname */
|
||||||
+#include <libgen.h>
|
+
|
||||||
|
+#ifdef __linux__
|
||||||
|
+#define __USE_GNU
|
||||||
|
+#endif
|
||||||
|
+#include <dlfcn.h> /* dladdr */
|
||||||
+
|
+
|
||||||
+const char *relocat0r(const char *suffix) {
|
+const char *relocat0r(const char *suffix) {
|
||||||
+ Dl_info info;
|
+ static const char *prefix = NULL;
|
||||||
+ if (dladdr(relocat0r, &info)) {
|
+ if (!prefix) {
|
||||||
+ const char *prefix = dirname(info.dli_fname);
|
+ // repeated calls to dladdr seem to return different values on Linux ¯\_(ツ)_/¯
|
||||||
+ char *dir = malloc(strlen(prefix) + strlen(suffix) + 2);
|
+ Dl_info info;
|
||||||
+ if (dir == NULL) { return NULL; }
|
+ if (!dladdr(relocat0r, &info)) { return NULL; }
|
||||||
+ sprintf(dir, "%s/%s", prefix, suffix);
|
+ prefix = dirname(info.dli_fname);
|
||||||
+ return dir;
|
|
||||||
+ }
|
+ }
|
||||||
+ return NULL;
|
+ char *dir = malloc(strlen(prefix) + 4 + strlen(suffix) + 2);
|
||||||
|
+ if (!dir) { return NULL; }
|
||||||
|
+ sprintf(dir, "%s/../%s", prefix, suffix);
|
||||||
|
+ return dir;
|
||||||
+}
|
+}
|
||||||
+
|
|
||||||
|
|
||||||
const char *X509_get_default_private_dir(void)
|
const char *X509_get_default_private_dir(void)
|
||||||
{
|
{
|
||||||
- return X509_PRIVATE_DIR;
|
- return X509_PRIVATE_DIR;
|
||||||
+ static const char *dir = NULL;
|
+ static const char *dir = NULL;
|
||||||
+ if (!dir) dir = relocat0r("private");
|
+ if (!dir) dir = relocat0r("ssl/private");
|
||||||
+ return dir ?: X509_PRIVATE_DIR;
|
+ return dir ?: X509_PRIVATE_DIR;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -42,7 +47,7 @@ index bfa8d7d..7e83bae 100644
|
||||||
{
|
{
|
||||||
- return X509_CERT_DIR;
|
- return X509_CERT_DIR;
|
||||||
+ static const char *dir = NULL;
|
+ static const char *dir = NULL;
|
||||||
+ if (!dir) dir = relocat0r("certs");
|
+ if (!dir) dir = relocat0r("ssl/certs");
|
||||||
+ return dir ?: X509_CERT_DIR;
|
+ return dir ?: X509_CERT_DIR;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -50,7 +55,7 @@ index bfa8d7d..7e83bae 100644
|
||||||
{
|
{
|
||||||
- return X509_CERT_FILE;
|
- return X509_CERT_FILE;
|
||||||
+ static const char *dir = NULL;
|
+ static const char *dir = NULL;
|
||||||
+ if (!dir) dir = relocat0r("cert.pem");
|
+ if (!dir) dir = relocat0r("ssl/cert.pem");
|
||||||
+ return dir ?: X509_CERT_FILE;
|
+ return dir ?: X509_CERT_FILE;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
28
scripts/test-all.ts
Executable file
28
scripts/test-all.ts
Executable file
|
@ -0,0 +1,28 @@
|
||||||
|
#!/usr/bin/env -S tea -E
|
||||||
|
|
||||||
|
/*---
|
||||||
|
args:
|
||||||
|
- deno
|
||||||
|
- run
|
||||||
|
- --allow-run
|
||||||
|
- --allow-read
|
||||||
|
- --allow-env
|
||||||
|
- --import-map={{ srcroot }}/import-map.json
|
||||||
|
---*/
|
||||||
|
|
||||||
|
import { Path } from "types"
|
||||||
|
import { ls } from "./ls.ts"
|
||||||
|
|
||||||
|
const cwd = new Path(new URL(import.meta.url).pathname).parent().string
|
||||||
|
|
||||||
|
for await (const { project } of ls()) {
|
||||||
|
const proc = Deno.run({
|
||||||
|
stdout: "null", stderr: "null",
|
||||||
|
cmd: ["./test.ts", project],
|
||||||
|
cwd
|
||||||
|
})
|
||||||
|
const status = await proc.status()
|
||||||
|
if (status.code !== 0) {
|
||||||
|
console.error(`test failed: ${project}`)
|
||||||
|
}
|
||||||
|
}
|
Loading…
Reference in a new issue