mirror of
http://git.haproxy.org/git/haproxy.git/
synced 2024-12-22 04:10:48 +00:00
CI: scripts: add support for AWS-LC-FIPS in build-ssl.sh
Allow the build-ssl.sh script to build AWS-LC-FIPS. Example: sudo AWS_LC_FIPS_VERSION=3.0.0 BUILDSSL_DESTDIR=/opt/awslc-fips-3.0.0/ ./scripts/build-ssl.sh
This commit is contained in:
parent
ee7241ed18
commit
23f670f1f5
@ -146,6 +146,34 @@ build_aws_lc () {
|
||||
fi
|
||||
}
|
||||
|
||||
download_aws_lc_fips () {
|
||||
if [ ! -f "${BUILDSSL_TMPDIR}/aws-lc-${AWS_LC_FIPS_VERSION}.tar.gz" ]; then
|
||||
mkdir -p "${BUILDSSL_TMPDIR}"
|
||||
wget -q -O "${BUILDSSL_TMPDIR}/aws-lc-fips-${AWS_LC_FIPS_VERSION}.tar.gz" \
|
||||
"https://github.com/aws/aws-lc/archive/refs/tags/AWS-LC-FIPS-${AWS_LC_FIPS_VERSION}.tar.gz"
|
||||
fi
|
||||
}
|
||||
|
||||
|
||||
# require GO + Perl for FIPS mode
|
||||
build_aws_lc_fips () {
|
||||
if [ "$(cat ${BUILDSSL_DESTDIR}/.aws_lc_fips-version)" != "${AWS_LC_FIPS_VERSION}" ]; then
|
||||
mkdir -p "${BUILDSSL_TMPDIR}/aws-lc-fips-${AWS_LC_FIPS_VERSION}/"
|
||||
tar zxf "${BUILDSSL_TMPDIR}/aws-lc-fips-${AWS_LC_FIPS_VERSION}.tar.gz" -C "${BUILDSSL_TMPDIR}/aws-lc-fips-${AWS_LC_FIPS_VERSION}/" --strip-components=1
|
||||
(
|
||||
cd "${BUILDSSL_TMPDIR}/aws-lc-fips-${AWS_LC_FIPS_VERSION}/"
|
||||
mkdir -p build
|
||||
cd build
|
||||
cmake -version
|
||||
cmake -DCMAKE_BUILD_TYPE=Release -DFIPS=1 -DBUILD_SHARED_LIBS=1 \
|
||||
-DBUILD_TESTING=0 -DCMAKE_INSTALL_PREFIX=${BUILDSSL_DESTDIR} ..
|
||||
make -j$(nproc)
|
||||
make install
|
||||
)
|
||||
echo "${AWS_LC_FIPS_VERSION}" > "${BUILDSSL_DESTDIR}/.aws_lc_fips-version"
|
||||
fi
|
||||
}
|
||||
|
||||
download_quictls () {
|
||||
if [ ! -d "${BUILDSSL_TMPDIR}/quictls" ]; then
|
||||
git clone --depth=1 https://github.com/quictls/openssl ${BUILDSSL_TMPDIR}/quictls
|
||||
@ -215,6 +243,11 @@ if [ ! -z ${AWS_LC_VERSION+x} ]; then
|
||||
build_aws_lc
|
||||
fi
|
||||
|
||||
if [ ! -z ${AWS_LC_FIPS_VERSION+x} ]; then
|
||||
download_aws_lc_fips
|
||||
build_aws_lc_fips
|
||||
fi
|
||||
|
||||
if [ ! -z ${QUICTLS+x} ]; then
|
||||
download_quictls
|
||||
build_quictls
|
||||
|
Loading…
Reference in New Issue
Block a user