mirror of
https://github.com/ivabus/pantry
synced 2024-11-27 10:45:08 +03:00
64 lines
1.8 KiB
YAML
64 lines
1.8 KiB
YAML
# NOTE
|
||
# on darwin we use Apple’s provided TLS certs at /etc/certs
|
||
# on linux we grab the curl certs (usually these are package as ca-certificates)
|
||
|
||
distributable:
|
||
url: https://www.openssl.org/source/openssl-{{version.raw}}.tar.gz
|
||
sha: ${{url}}.sha256
|
||
sig: ${{url}}.asc
|
||
strip-components: 1
|
||
|
||
versions:
|
||
- 1.1.1s
|
||
# github: openssl/openssl
|
||
# transform: /^OpenSSL_(\d+)_(\d+)_(\d+\w)$/$1.$2.$3/
|
||
|
||
provides:
|
||
- bin/openssl
|
||
- bin/c_rehash
|
||
|
||
build:
|
||
dependencies:
|
||
tea.xyz/gx/cc: c99
|
||
tea.xyz/gx/make: '*'
|
||
perl.org: 5
|
||
curl.se: '*' # to download ca-certs on linux
|
||
git-scm.org: 2 # to apply our patch
|
||
script: |
|
||
git apply props/x509_def.c.diff
|
||
|
||
./Configure --prefix={{ prefix }} $ARCH no-tests $ARGS --openssldir={{prefix}}/ssl
|
||
make --jobs {{ hw.concurrency }}
|
||
make install_sw # `_sw` avoids installing docs
|
||
|
||
#FIXME needs to be a curl.se/ca-certs that gets updates
|
||
#FIXME on macOS use /etc/ssl/cert.pem (I couldn't make this work)
|
||
#FIXME or on macOS get certs from the keychain
|
||
cd "{{prefix}}"
|
||
mkdir -p ssl
|
||
curl -k https://curl.se/ca/cacert-2022-07-19.pem -o ssl/cert.pem
|
||
env:
|
||
darwin/aarch64: {ARCH: 'darwin64-arm64-cc'}
|
||
darwin/x86-64: {ARCH: 'darwin64-x86_64-cc'}
|
||
linux/aarch64: {ARCH: 'linux-aarch64'}
|
||
linux/x86-64: {ARCH: 'linux-x86_64'}
|
||
darwin:
|
||
# supposedly enables important optimizations
|
||
ARGS: enable-ec_nistp_64_gcc_128
|
||
test:
|
||
make test
|
||
|
||
#TODO need to test the SSL certs work
|
||
# otherwise we are basically relying on wget etc. to test for it
|
||
|
||
test:
|
||
dependencies:
|
||
gnu.org/wget: '*'
|
||
script: |
|
||
echo "This is a test file" > in
|
||
openssl dgst -sha256 -out out ./in
|
||
test "$(cat ./out)" = "$SAMPLE"
|
||
|
||
wget tea.xyz # test the certs work
|
||
env:
|
||
SAMPLE: SHA256(./in)= c87e2ca771bab6024c269b933389d2a92d4941c848c52f155b9b84e1f109fe35
|