Skip to content

Commit

Permalink
Migrate libcurl/libgit2/libssh2 to OpenSSL (#8377)
Browse files Browse the repository at this point in the history
* LibSSH2: use OpenSSL

* LibGit2: use OpenSSL

Also, disable linking to mbedTLS

Co-authored-by: Mosè Giordano <giordano@users.noreply.github.com>

* LibCURL: use OpenSSL

---------

Co-authored-by: Mosè Giordano <giordano@users.noreply.github.com>
  • Loading branch information
fxcoudert and giordano authored Mar 30, 2024
1 parent 2e4ee53 commit dbee0b6
Show file tree
Hide file tree
Showing 5 changed files with 26 additions and 120 deletions.
2 changes: 2 additions & 0 deletions L/LibCURL/LibCURL@8/build_tarballs.jl
Original file line number Diff line number Diff line change
@@ -1,3 +1,5 @@
include("../common.jl")

build_libcurl(ARGS, "LibCURL", v"8.7.1")

# Build trigger: 2
8 changes: 3 additions & 5 deletions L/LibCURL/common.jl
Original file line number Diff line number Diff line change
Expand Up @@ -74,8 +74,8 @@ function build_libcurl(ARGS, name::String, version::VersionNumber)
export CFLAGS=-mmacosx-version-min=10.11
fi
else
# On all other systems, we use MbedTLS
FLAGS+=(--with-mbedtls=${prefix})
# On all other systems, we use OpenSSL
FLAGS+=(--with-openssl)
fi
if false; then
Expand Down Expand Up @@ -128,9 +128,7 @@ function build_libcurl(ARGS, name::String, version::VersionNumber)
Dependency("LibSSH2_jll"),
Dependency("Zlib_jll"),
Dependency("nghttp2_jll"),
# Note that while we unconditionally list MbedTLS as a dependency,
# we default to schannel/SecureTransport on Windows/MacOS.
Dependency("MbedTLS_jll"; compat="~2.28.0", platforms=filter(p->Sys.islinux(p) || Sys.isfreebsd(p), platforms)),
Dependency("OpenSSL_jll"; compat="3.0.8", platforms=filter(p->Sys.islinux(p) || Sys.isfreebsd(p), platforms)),
# Dependency("Kerberos_krb5_jll"; platforms=filter(p->Sys.islinux(p) || Sys.isfreebsd(p), platforms)),
BuildDependency(PackageSpec(name="LLVMCompilerRT_jll", uuid="4e17d02c-6bf5-513e-be62-445f41c75a11", version=llvm_version);
platforms=filter(p -> sanitize(p)=="memory", platforms)),
Expand Down
18 changes: 14 additions & 4 deletions L/LibGit2/build_tarballs.jl
Original file line number Diff line number Diff line change
Expand Up @@ -17,10 +17,18 @@ BUILD_FLAGS=(
-DCMAKE_BUILD_TYPE=Release
-DUSE_THREADS=ON
-DUSE_BUNDLED_ZLIB=ON
-DUSE_HTTPS=OpenSSL
-DUSE_SHA1=CollisionDetection
-DUSE_SSH=ON
-DBUILD_CLI=OFF
"-DCMAKE_INSTALL_PREFIX=${prefix}"
"-DCMAKE_TOOLCHAIN_FILE="${CMAKE_TARGET_TOOLCHAIN}""
# Make sure we don't link to mbedTLS:
# <https://github.com/JuliaPackaging/Yggdrasil/pull/8377#issuecomment-2027370830>.
# TODO: this hack can be removed when we'll link to a newer version of libssh2 which
# doesn't link to mbedTLS.
-DLIBSSH2_LDFLAGS="-L${libdir};-lssh2"
-DLIBSSH2_LIBRARIES="ssh2"
)
if [[ ${bb_full_target} == *-sanitize+memory* ]]; then
Expand All @@ -37,9 +45,11 @@ if [[ ${target} == *-mingw* ]]; then
# For some reason, CMake fails to find libssh2 using pkg-config.
BUILD_FLAGS+=(-Dssh2_RESOLVED=${bindir}/libssh2.dll)
elif [[ ${target} == *linux* ]] || [[ ${target} == *freebsd* ]]; then
# If we're on Linux or FreeBSD, explicitly ask for mbedTLS instead of OpenSSL
BUILD_FLAGS+=(-DUSE_HTTPS=mbedTLS -DUSE_SHA1=CollisionDetection -DCMAKE_INSTALL_RPATH="\$ORIGIN")
fi
# Necessary for cmake to find openssl on Windows
if [[ ${target} == x86_64-*-mingw* ]]; then
export OPENSSL_ROOT_DIR=${prefix}/lib64
fi
mkdir build && cd build
Expand All @@ -63,8 +73,8 @@ llvm_version = v"13.0.1"

# Dependencies that must be installed before this package can be built
dependencies = [
Dependency("MbedTLS_jll"; compat="~2.28.0"),
Dependency("LibSSH2_jll"; compat="1.11.0"),
Dependency("OpenSSL_jll"; compat="3.0.8"),
BuildDependency(PackageSpec(name="LLVMCompilerRT_jll", uuid="4e17d02c-6bf5-513e-be62-445f41c75a11", version=llvm_version);
platforms=filter(p -> sanitize(p)=="memory", platforms)),
]
Expand Down
13 changes: 7 additions & 6 deletions L/LibSSH2/build_tarballs.jl
Original file line number Diff line number Diff line change
Expand Up @@ -9,24 +9,25 @@ version = v"1.11.0"
sources = [
ArchiveSource("https://github.com/libssh2/libssh2/releases/download/libssh2-$(version)/libssh2-$(version).tar.gz",
"3736161e41e2693324deb38c26cfdc3efe6209d634ba4258db1cecff6a5ad461"),
DirectorySource("./bundled"),
]

# Bash recipe for building across all platforms
script = raw"""
cd $WORKSPACE/srcdir/libssh2*/
# Apply patch from https://github.com/libssh2/libssh2/pull/1054
atomic_patch -p1 ../patches/0001-mbedtls-use-more-size_t-to-sync-up-with-crypto.h.patch
if [[ ${bb_full_target} == *-sanitize+memory* ]]; then
# Install msan runtime (for clang)
cp -rL ${libdir}/linux/* /opt/x86_64-linux-musl/lib/clang/*/lib/linux/
fi
# Necessary for cmake to find openssl on Windows
if [[ ${target} == x86_64-*-mingw* ]]; then
export OPENSSL_ROOT_DIR=${prefix}/lib64
fi
BUILD_FLAGS=(
-DCMAKE_BUILD_TYPE=Release
-DCRYPTO_BACKEND=mbedTLS
-DCRYPTO_BACKEND=OpenSSL
-DBUILD_SHARED_LIBS=ON
-DBUILD_STATIC_LIBS=OFF
-DBUILD_EXAMPLES=OFF
Expand Down Expand Up @@ -57,7 +58,7 @@ llvm_version = v"13.0.1"

# Dependencies that must be installed before this package can be built
dependencies = [
Dependency("MbedTLS_jll"; compat="~2.28.0"),
Dependency("OpenSSL_jll"; compat="3.0.8"),
BuildDependency(PackageSpec(name="LLVMCompilerRT_jll", uuid="4e17d02c-6bf5-513e-be62-445f41c75a11", version=llvm_version);
platforms=filter(p -> sanitize(p)=="memory", platforms)),
]
Expand Down

This file was deleted.

0 comments on commit dbee0b6

Please sign in to comment.