ivabus/pantry
1
0
Fork 0
mirror of https://github.com/ivabus/pantry synced 2024-09-20 00:30:48 +03:00
Code Issues Actions Packages Projects Releases Wiki Activity

Openssl portable (#132)

Browse source 
* +scripts/test-all.ts
This commit is contained in:
Max Howell 2022-09-14 11:43:44 -04:00 committed by GitHub
parent cc306dd2f8
commit e968bff3f1
3 changed files with 68 additions and 29 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

32
projects/openssl.org/package.yml
View file

@ -21,37 +21,43 @@ build:
tea.xyz/gx/cc: c99 tea.xyz/gx/cc: c99
tea.xyz/gx/make: '*' tea.xyz/gx/make: '*'
perl.org: 5 perl.org: 5
curl.se: '*' # to download ca-certs on linux curl.se: '*' # to download ca-certs on linux
git-scm.org: 2 git-scm.org: 2 # to apply our patch
script: | script: |
if {{ hw.platform }} = linux; then git apply "{{ pkg.pantry-prefix }}"/x509_def.c.diff
git apply {{ pkg.pantry-prefix }}/x509_def.c.diff
fi
./Configure --prefix={{ prefix }} $ARCH no-tests $ARGS ./Configure --prefix={{ prefix }} $ARCH no-tests $ARGS --openssldir={{prefix}}/ssl
make --jobs {{ hw.concurrency }} make --jobs {{ hw.concurrency }}
make install_sw # `_sw` avoids installing docs make install_sw # `_sw` avoids installing docs
if test {{hw.platform}} = linux; then #FIXME needs to be a curl.se/ca-certs that gets updates
#FIXME needs to be a curl.se/ca-certs that gets updates #FIXME on macOS use /etc/ssl/cert.pem (I couldn't make this work)
mkdir -p "{{prefix}}/ssl" #FIXME or on macOS get certs from the keychain
curl -k https://curl.se/ca/cacert-2022-07-19.pem -o "{{prefix}}/ssl"/cert.pem cd "{{prefix}}"
fi mkdir -p ssl
curl -k https://curl.se/ca/cacert-2022-07-19.pem -o ssl/cert.pem
env: env:
darwin/aarch64: {ARCH: 'darwin64-arm64-cc'} darwin/aarch64: {ARCH: 'darwin64-arm64-cc'}
darwin/x86-64: {ARCH: 'darwin64-x86_64-cc'} darwin/x86-64: {ARCH: 'darwin64-x86_64-cc'}
linux/aarch64: {ARCH: 'linux-aarch64'} linux/aarch64: {ARCH: 'linux-aarch64'}
linux/x86-64: {ARCH: 'linux-x86_64'} linux/x86-64: {ARCH: 'linux-x86_64'}
darwin: darwin:
ARGS: --openssldir=/etc/ssl # supposedly enables important optimizations
ARGS: enable-ec_nistp_64_gcc_128
test:
make test
#TODO need to test the SSL certs work #TODO need to test the SSL certs work
# otherwise we are basically relying on wget etc. to test for it # otherwise we are basically relying on wget etc. to test for it
test: test:
dependencies:
gnu.org/wget: '*'
script: | script: |
echo "This is a test file" > in echo "This is a test file" > in
openssl dgst -sha256 -out out ./in openssl dgst -sha256 -out out ./in
test "$(cat ./out)" = "$SAMPLE" test "$(cat ./out)" = "$SAMPLE"
wget tea.xyz # test the certs work
env: env:
SAMPLE: SHA256(./in)= c87e2ca771bab6024c269b933389d2a92d4941c848c52f155b9b84e1f109fe35 SAMPLE: SHA256(./in)= c87e2ca771bab6024c269b933389d2a92d4941c848c52f155b9b84e1f109fe35

37
projects/openssl.org/x509_def.c.diff
View file

@ -1,32 +1,37 @@
diff --git a/crypto/x509/x509_def.c b/crypto/x509/x509_def.c diff --git a/crypto/x509/x509_def.c b/crypto/x509/x509_def.c
index bfa8d7d..7e83bae 100644 index bfa8d7d..da3c743 100644
--- a/crypto/x509/x509_def.c --- a/crypto/x509/x509_def.c
+++ b/crypto/x509/x509_def.c +++ b/crypto/x509/x509_def.c
@@ -11,25 +11,48 @@ @@ -11,25 +11,53 @@
#include "internal/cryptlib.h" #include "internal/cryptlib.h"
#include <openssl/crypto.h> #include <openssl/crypto.h>
#include <openssl/x509.h> #include <openssl/x509.h>
+#include <dlfcn.h> +#include <libgen.h> /* dirname */
+#include <libgen.h> +
+#ifdef __linux__
+#define __USE_GNU
+#endif
+#include <dlfcn.h> /* dladdr */
+ +
+const char *relocat0r(const char *suffix) { +const char *relocat0r(const char *suffix) {
+ Dl_info info; + static const char *prefix = NULL;
+ if (dladdr(relocat0r, &info)) { + if (!prefix) {
+ const char *prefix = dirname(info.dli_fname); + // repeated calls to dladdr seem to return different values on Linux ¯\_(ツ)_/¯
+ char *dir = malloc(strlen(prefix) + strlen(suffix) + 2); + Dl_info info;
+ if (dir == NULL) { return NULL; } + if (!dladdr(relocat0r, &info)) { return NULL; }
+ sprintf(dir, "%s/%s", prefix, suffix); + prefix = dirname(info.dli_fname);
+ return dir;
+ } + }
+ return NULL; + char *dir = malloc(strlen(prefix) + 4 + strlen(suffix) + 2);
+ if (!dir) { return NULL; }
+ sprintf(dir, "%s/../%s", prefix, suffix);
+ return dir;
+} +}
+
const char *X509_get_default_private_dir(void) const char *X509_get_default_private_dir(void)
{ {
- return X509_PRIVATE_DIR; - return X509_PRIVATE_DIR;
+ static const char *dir = NULL; + static const char *dir = NULL;
+ if (!dir) dir = relocat0r("private"); + if (!dir) dir = relocat0r("ssl/private");
+ return dir ?: X509_PRIVATE_DIR; + return dir ?: X509_PRIVATE_DIR;
} }
@ -42,7 +47,7 @@ index bfa8d7d..7e83bae 100644
{ {
- return X509_CERT_DIR; - return X509_CERT_DIR;
+ static const char *dir = NULL; + static const char *dir = NULL;
+ if (!dir) dir = relocat0r("certs"); + if (!dir) dir = relocat0r("ssl/certs");
+ return dir ?: X509_CERT_DIR; + return dir ?: X509_CERT_DIR;
} }
@ -50,7 +55,7 @@ index bfa8d7d..7e83bae 100644
{ {
- return X509_CERT_FILE; - return X509_CERT_FILE;
+ static const char *dir = NULL; + static const char *dir = NULL;
+ if (!dir) dir = relocat0r("cert.pem"); + if (!dir) dir = relocat0r("ssl/cert.pem");
+ return dir ?: X509_CERT_FILE; + return dir ?: X509_CERT_FILE;
} }

28
scripts/test-all.ts Executable file
View file

@ -0,0 +1,28 @@
#!/usr/bin/env -S tea -E
/*---
args:
- deno
- run
- --allow-run
- --allow-read
- --allow-env
- --import-map={{ srcroot }}/import-map.json
---*/
import { Path } from "types"
import { ls } from "./ls.ts"
const cwd = new Path(new URL(import.meta.url).pathname).parent().string
for await (const { project } of ls()) {
const proc = Deno.run({
stdout: "null", stderr: "null",
cmd: ["./test.ts", project],
cwd
})
const status = await proc.status()
if (status.code !== 0) {
console.error(`test failed: ${project}`)
}
}