mirror of
http://git.haproxy.org/git/haproxy.git/
synced 2024-12-24 21:52:17 +00:00
9c1fa3e411
Put the quictls and boringssl build in their own function instead of keeping it in the main part of the script.
227 lines
7.1 KiB
Bash
Executable File
227 lines
7.1 KiB
Bash
Executable File
#!/bin/sh
|
|
set -eux
|
|
|
|
BUILDSSL_DESTDIR=${BUILDSSL_DESTDIR:-${HOME}/opt}
|
|
BUILDSSL_TMPDIR=${BUILDSSL_TMPDIR:-/tmp/download-cache}
|
|
|
|
download_openssl () {
|
|
if [ ! -f "${BUILDSSL_TMPDIR}/openssl-${OPENSSL_VERSION}.tar.gz" ]; then
|
|
|
|
#
|
|
# OpenSSL has different links for latest and previous releases
|
|
# since we want to download several versions, let us try to treat
|
|
# current version as latest, if it fails, follow with previous
|
|
#
|
|
|
|
wget -P ${BUILDSSL_TMPDIR}/ \
|
|
"https://www.openssl.org/source/openssl-${OPENSSL_VERSION}.tar.gz" || \
|
|
wget -P ${BUILDSSL_TMPDIR}/ \
|
|
"https://www.openssl.org/source/old/${OPENSSL_VERSION%[a-z]}/openssl-${OPENSSL_VERSION}.tar.gz" || \
|
|
wget -P ${BUILDSSL_TMPDIR}/ \
|
|
"https://github.com/openssl/openssl/releases/download/openssl-${OPENSSL_VERSION}/openssl-${OPENSSL_VERSION}.tar.gz"
|
|
fi
|
|
}
|
|
|
|
# recent openssl versions support parallel builds and skipping the docs,
|
|
# while older ones require to build everything sequentially.
|
|
build_openssl_linux () {
|
|
(
|
|
cd "${BUILDSSL_TMPDIR}/openssl-${OPENSSL_VERSION}/"
|
|
./config shared --prefix="${BUILDSSL_DESTDIR}" --openssldir="${BUILDSSL_DESTDIR}" --libdir=lib -DPURIFY
|
|
if [ -z "${OPENSSL_VERSION##1.*}" ]; then
|
|
make all
|
|
else
|
|
make -j$(nproc) build_sw
|
|
fi
|
|
make install_sw
|
|
)
|
|
}
|
|
|
|
build_openssl_osx () {
|
|
(
|
|
cd "${BUILDSSL_TMPDIR}/openssl-${OPENSSL_VERSION}/"
|
|
./Configure darwin64-x86_64-cc shared \
|
|
--prefix="${BUILDSSL_DESTDIR}" --openssldir="${BUILDSSL_DESTDIR}" --libdir=lib -DPURIFY
|
|
make depend build_sw install_sw
|
|
)
|
|
}
|
|
|
|
build_openssl () {
|
|
if [ "$(cat ${BUILDSSL_DESTDIR}/.openssl-version)" != "${OPENSSL_VERSION}" ]; then
|
|
|
|
mkdir -p "${BUILDSSL_TMPDIR}/openssl-${OPENSSL_VERSION}/"
|
|
tar zxf "${BUILDSSL_TMPDIR}/openssl-${OPENSSL_VERSION}.tar.gz" -C "${BUILDSSL_TMPDIR}/openssl-${OPENSSL_VERSION}/" --strip-components=1
|
|
case `uname` in
|
|
'Darwin')
|
|
build_openssl_osx
|
|
;;
|
|
'Linux')
|
|
build_openssl_linux
|
|
;;
|
|
*)
|
|
echo "not yet implemented"
|
|
exit 1
|
|
;;
|
|
esac
|
|
echo "${OPENSSL_VERSION}" > "${BUILDSSL_DESTDIR}/.openssl-version"
|
|
fi
|
|
}
|
|
|
|
download_libressl () {
|
|
if [ ! -f "${BUILDSSL_TMPDIR}/libressl-${LIBRESSL_VERSION}.tar.gz" ]; then
|
|
wget -P ${BUILDSSL_TMPDIR}/ \
|
|
"https://cdn.openbsd.org/pub/OpenBSD/LibreSSL/libressl-${LIBRESSL_VERSION}.tar.gz"
|
|
fi
|
|
}
|
|
|
|
build_libressl () {
|
|
if [ "$(cat ${BUILDSSL_DESTDIR}/.libressl-version)" != "${LIBRESSL_VERSION}" ]; then
|
|
mkdir -p "${BUILDSSL_TMPDIR}/libressl-${LIBRESSL_VERSION}/"
|
|
tar zxf "${BUILDSSL_TMPDIR}/libressl-${LIBRESSL_VERSION}.tar.gz" -C "${BUILDSSL_TMPDIR}/libressl-${LIBRESSL_VERSION}/" --strip-components=1
|
|
(
|
|
cd "${BUILDSSL_TMPDIR}/libressl-${LIBRESSL_VERSION}/"
|
|
./configure --prefix="${BUILDSSL_DESTDIR}"
|
|
make all install
|
|
)
|
|
echo "${LIBRESSL_VERSION}" > "${BUILDSSL_DESTDIR}/.libressl-version"
|
|
fi
|
|
}
|
|
|
|
download_boringssl () {
|
|
|
|
# travis-ci comes with go-1.11, while boringssl requires go-1.13
|
|
eval "$(curl -sL https://raw.githubusercontent.com/travis-ci/gimme/master/gimme | GIMME_GO_VERSION=1.13 bash)"
|
|
|
|
if [ ! -d "${BUILDSSL_TMPDIR}/boringssl" ]; then
|
|
git clone --depth=1 https://boringssl.googlesource.com/boringssl ${BUILDSSL_TMPDIR}/boringssl
|
|
else
|
|
(
|
|
cd ${BUILDSSL_TMPDIR}/boringssl
|
|
git pull
|
|
)
|
|
fi
|
|
}
|
|
|
|
build_boringssl () {
|
|
cd ${BUILDSSL_TMPDIR}/boringssl
|
|
if [ -d build ]; then rm -rf build; fi
|
|
mkdir build
|
|
cd build
|
|
cmake -GNinja -DCMAKE_BUILD_TYPE=release -DBUILD_SHARED_LIBS=1 ..
|
|
ninja
|
|
|
|
rm -rf ${BUILDSSL_DESTDIR}/lib || exit 0
|
|
rm -rf ${BUILDSSL_DESTDIR}/include || exit 0
|
|
|
|
mkdir -p ${BUILDSSL_DESTDIR}/lib
|
|
cp crypto/libcrypto.so ssl/libssl.so ${BUILDSSL_DESTDIR}/lib
|
|
|
|
mkdir -p ${BUILDSSL_DESTDIR}/include
|
|
cp -r ../include/* ${BUILDSSL_DESTDIR}/include
|
|
}
|
|
|
|
download_aws_lc () {
|
|
if [ ! -f "${BUILDSSL_TMPDIR}/aws-lc-${AWS_LC_VERSION}.tar.gz" ]; then
|
|
mkdir -p "${BUILDSSL_TMPDIR}"
|
|
wget -q -O "${BUILDSSL_TMPDIR}/aws-lc-${AWS_LC_VERSION}.tar.gz" \
|
|
"https://github.com/aws/aws-lc/archive/refs/tags/v${AWS_LC_VERSION}.tar.gz"
|
|
fi
|
|
}
|
|
|
|
build_aws_lc () {
|
|
if [ "$(cat ${BUILDSSL_DESTDIR}/.aws_lc-version)" != "${AWS_LC_VERSION}" ]; then
|
|
mkdir -p "${BUILDSSL_TMPDIR}/aws-lc-${AWS_LC_VERSION}/"
|
|
tar zxf "${BUILDSSL_TMPDIR}/aws-lc-${AWS_LC_VERSION}.tar.gz" -C "${BUILDSSL_TMPDIR}/aws-lc-${AWS_LC_VERSION}/" --strip-components=1
|
|
(
|
|
cd "${BUILDSSL_TMPDIR}/aws-lc-${AWS_LC_VERSION}/"
|
|
mkdir -p build
|
|
cd build
|
|
cmake -version
|
|
cmake -DCMAKE_BUILD_TYPE=Release -DBUILD_SHARED_LIBS=1 -DDISABLE_GO=1 -DDISABLE_PERL=1 \
|
|
-DBUILD_TESTING=0 -DCMAKE_INSTALL_PREFIX=${BUILDSSL_DESTDIR} ..
|
|
make -j$(nproc)
|
|
make install
|
|
)
|
|
echo "${AWS_LC_VERSION}" > "${BUILDSSL_DESTDIR}/.aws_lc-version"
|
|
fi
|
|
}
|
|
|
|
download_quictls () {
|
|
if [ ! -d "${BUILDSSL_TMPDIR}/quictls" ]; then
|
|
git clone --depth=1 https://github.com/quictls/openssl ${BUILDSSL_TMPDIR}/quictls
|
|
else
|
|
(
|
|
cd ${BUILDSSL_TMPDIR}/quictls
|
|
git pull
|
|
)
|
|
fi
|
|
}
|
|
|
|
build_quictls () {
|
|
cd ${BUILDSSL_TMPDIR}/quictls
|
|
./config shared no-tests ${QUICTLS_EXTRA_ARGS:-} --prefix="${BUILDSSL_DESTDIR}" --openssldir="${BUILDSSL_DESTDIR}" --libdir=lib -DPURIFY
|
|
make -j$(nproc) build_sw
|
|
make install_sw
|
|
}
|
|
|
|
download_wolfssl () {
|
|
if [ ! -f "${BUILDSSL_TMPDIR}/wolfssl-${WOLFSSL_VERSION}.tar.gz" ]; then
|
|
mkdir -p ${BUILDSSL_TMPDIR}
|
|
if [ "${WOLFSSL_VERSION%%-*}" != "git" ]; then
|
|
wget -q -O "${BUILDSSL_TMPDIR}/wolfssl-${WOLFSSL_VERSION}.tar.gz" \
|
|
"https://github.com/wolfSSL/wolfssl/archive/refs/tags/v${WOLFSSL_VERSION}-stable.tar.gz"
|
|
else
|
|
wget -q -O "${BUILDSSL_TMPDIR}/wolfssl-${WOLFSSL_VERSION}.tar.gz" \
|
|
"https://github.com/wolfSSL/wolfssl/archive/${WOLFSSL_VERSION##git-}.tar.gz"
|
|
fi
|
|
fi
|
|
}
|
|
|
|
build_wolfssl () {
|
|
if [ "$(cat ${BUILDSSL_DESTDIR}/.wolfssl-version)" != "${WOLFSSL_VERSION}" ]; then
|
|
mkdir -p "${BUILDSSL_TMPDIR}/wolfssl-${WOLFSSL_VERSION}/"
|
|
tar zxf "${BUILDSSL_TMPDIR}/wolfssl-${WOLFSSL_VERSION}.tar.gz" -C "${BUILDSSL_TMPDIR}/wolfssl-${WOLFSSL_VERSION}/" --strip-components=1
|
|
(
|
|
cd "${BUILDSSL_TMPDIR}/wolfssl-${WOLFSSL_VERSION}/"
|
|
autoreconf -i
|
|
./configure --enable-haproxy --enable-quic --prefix="${BUILDSSL_DESTDIR}"
|
|
make -j$(nproc)
|
|
make install
|
|
)
|
|
echo "${WOLFSSL_VERSION}" > "${BUILDSSL_DESTDIR}/.wolfssl-version"
|
|
fi
|
|
}
|
|
|
|
mkdir -p "${BUILDSSL_DESTDIR}"
|
|
|
|
|
|
if [ ! -z ${LIBRESSL_VERSION+x} ]; then
|
|
download_libressl
|
|
build_libressl
|
|
fi
|
|
|
|
if [ ! -z ${OPENSSL_VERSION+x} ]; then
|
|
download_openssl
|
|
build_openssl
|
|
fi
|
|
|
|
if [ ! -z ${BORINGSSL+x} ]; then
|
|
download_boringssl
|
|
build_boringssl
|
|
fi
|
|
|
|
if [ ! -z ${AWS_LC_VERSION+x} ]; then
|
|
download_aws_lc
|
|
build_aws_lc
|
|
fi
|
|
|
|
if [ ! -z ${QUICTLS+x} ]; then
|
|
download_quictls
|
|
build_quictls
|
|
fi
|
|
|
|
if [ ! -z ${WOLFSSL_VERSION+x} ]; then
|
|
download_wolfssl
|
|
build_wolfssl
|
|
fi
|