# NOTE # on darwin we use Appleā€™s provided TLS certs at /etc/certs # on linux we grab the curl certs (usually these are package as ca-certificates) distributable: url: https://github.com/openssl/openssl/archive/refs/tags/OpenSSL_1_1_1q.tar.gz strip-components: 1 versions: - 1.1.118 # TODO # github: openssl/openssl # parser: version-parser.ts provides: - bin/openssl - bin/c_rehash build: dependencies: tea.xyz/gx/cc: c99 tea.xyz/gx/make: '*' perl.org: 5 curl.se: '*' # to download ca-certs on linux git-scm.org: 2 # to apply our patch script: | git apply "{{ pkg.pantry-prefix }}"/x509_def.c.diff ./Configure --prefix={{ prefix }} $ARCH no-tests $ARGS --openssldir={{prefix}}/ssl make --jobs {{ hw.concurrency }} make install_sw # `_sw` avoids installing docs #FIXME needs to be a curl.se/ca-certs that gets updates #FIXME on macOS use /etc/ssl/cert.pem (I couldn't make this work) #FIXME or on macOS get certs from the keychain cd "{{prefix}}" mkdir -p ssl curl -k https://curl.se/ca/cacert-2022-07-19.pem -o ssl/cert.pem env: darwin/aarch64: {ARCH: 'darwin64-arm64-cc'} darwin/x86-64: {ARCH: 'darwin64-x86_64-cc'} linux/aarch64: {ARCH: 'linux-aarch64'} linux/x86-64: {ARCH: 'linux-x86_64'} darwin: # supposedly enables important optimizations ARGS: enable-ec_nistp_64_gcc_128 test: make test #TODO need to test the SSL certs work # otherwise we are basically relying on wget etc. to test for it test: dependencies: gnu.org/wget: '*' script: | echo "This is a test file" > in openssl dgst -sha256 -out out ./in test "$(cat ./out)" = "$SAMPLE" wget tea.xyz # test the certs work env: SAMPLE: SHA256(./in)= c87e2ca771bab6024c269b933389d2a92d4941c848c52f155b9b84e1f109fe35