diff options
Diffstat (limited to 'scripts/build-ssl.sh')
| -rwxr-xr-x | scripts/build-ssl.sh | 208 |
1 files changed, 208 insertions, 0 deletions
diff --git a/scripts/build-ssl.sh b/scripts/build-ssl.sh new file mode 100755 index 0000000..1c17775 --- /dev/null +++ b/scripts/build-ssl.sh @@ -0,0 +1,208 @@ +#!/bin/sh +set -eux + +download_openssl () { + if [ ! -f "download-cache/openssl-${OPENSSL_VERSION}.tar.gz" ]; then + +# +# OpenSSL has different links for latest and previous releases +# since we want to download several versions, let us try to treat +# current version as latest, if it fails, follow with previous +# + + wget -P download-cache/ \ + "https://www.openssl.org/source/openssl-${OPENSSL_VERSION}.tar.gz" || \ + wget -P download-cache/ \ + "https://www.openssl.org/source/old/${OPENSSL_VERSION%[a-z]}/openssl-${OPENSSL_VERSION}.tar.gz" + fi +} + +# recent openssl versions support parallel builds and skipping the docs, +# while older ones require to build everything sequentially. +build_openssl_linux () { + ( + cd "openssl-${OPENSSL_VERSION}/" + ./config shared --prefix="${HOME}/opt" --openssldir="${HOME}/opt" --libdir=lib -DPURIFY + if [ -z "${OPENSSL_VERSION##1.*}" ]; then + make all + else + make -j$(nproc) build_sw + fi + make install_sw + ) +} + +build_openssl_osx () { + ( + cd "openssl-${OPENSSL_VERSION}/" + ./Configure darwin64-x86_64-cc shared \ + --prefix="${HOME}/opt" --openssldir="${HOME}/opt" --libdir=lib -DPURIFY + make depend build_sw install_sw + ) +} + +build_openssl () { + if [ "$(cat ${HOME}/opt/.openssl-version)" != "${OPENSSL_VERSION}" ]; then + tar zxf "download-cache/openssl-${OPENSSL_VERSION}.tar.gz" + case `uname` in + 'Darwin') + build_openssl_osx + ;; + 'Linux') + build_openssl_linux + ;; + esac + echo "${OPENSSL_VERSION}" > "${HOME}/opt/.openssl-version" + fi +} + +download_libressl () { + if [ ! -f "download-cache/libressl-${LIBRESSL_VERSION}.tar.gz" ]; then + wget -P download-cache/ \ + "https://cdn.openbsd.org/pub/OpenBSD/LibreSSL/libressl-${LIBRESSL_VERSION}.tar.gz" + fi +} + +build_libressl () { + if [ "$(cat ${HOME}/opt/.libressl-version)" != "${LIBRESSL_VERSION}" ]; then + tar zxf "download-cache/libressl-${LIBRESSL_VERSION}.tar.gz" + ( + cd "libressl-${LIBRESSL_VERSION}/" + ./configure --prefix="${HOME}/opt" + make all install + ) + echo "${LIBRESSL_VERSION}" > "${HOME}/opt/.libressl-version" + fi +} + +download_boringssl () { + if [ ! -d "download-cache/boringssl" ]; then + git clone --depth=1 https://boringssl.googlesource.com/boringssl download-cache/boringssl + else + ( + cd download-cache/boringssl + git pull + ) + fi +} + +download_aws_lc () { + if [ ! -f "download-cache/aws-lc-${AWS_LC_VERSION}.tar.gz" ]; then + mkdir -p download-cache + wget -q -O "download-cache/aws-lc-${AWS_LC_VERSION}.tar.gz" \ + "https://github.com/aws/aws-lc/archive/refs/tags/v${AWS_LC_VERSION}.tar.gz" + fi +} + +build_aws_lc () { + if [ "$(cat ${HOME}/opt/.aws_lc-version)" != "${AWS_LC_VERSION}" ]; then + tar zxf "download-cache/aws-lc-${AWS_LC_VERSION}.tar.gz" + ( + cd "aws-lc-${AWS_LC_VERSION}/" + mkdir -p build + cd build + cmake -version + cmake -DCMAKE_BUILD_TYPE=Release -DBUILD_SHARED_LIBS=1 -DDISABLE_GO=1 -DDISABLE_PERL=1 \ + -DBUILD_TESTING=0 -DCMAKE_INSTALL_PREFIX=${HOME}/opt .. + make -j$(nproc) + make install + ) + echo "${AWS_LC_VERSION}" > "${HOME}/opt/.aws_lc-version" + fi +} + +download_quictls () { + if [ ! -d "download-cache/quictls" ]; then + git clone --depth=1 https://github.com/quictls/openssl download-cache/quictls + else + ( + cd download-cache/quictls + git pull + ) + fi +} + +download_wolfssl () { + if [ ! -f "download-cache/wolfssl-${WOLFSSL_VERSION}.tar.gz" ]; then + mkdir -p download-cache + if [ "${WOLFSSL_VERSION%%-*}" != "git" ]; then + wget -q -O "download-cache/wolfssl-${WOLFSSL_VERSION}.tar.gz" \ + "https://github.com/wolfSSL/wolfssl/archive/refs/tags/v${WOLFSSL_VERSION}-stable.tar.gz" + else + wget -q -O "download-cache/wolfssl-${WOLFSSL_VERSION}.tar.gz" \ + "https://github.com/wolfSSL/wolfssl/archive/${WOLFSSL_VERSION##git-}.tar.gz" + fi + fi +} + +build_wolfssl () { + if [ "$(cat ${HOME}/opt/.wolfssl-version)" != "${WOLFSSL_VERSION}" ]; then + mkdir "wolfssl-${WOLFSSL_VERSION}/" + tar zxf "download-cache/wolfssl-${WOLFSSL_VERSION}.tar.gz" -C "wolfssl-${WOLFSSL_VERSION}/" --strip-components=1 + ( + cd "wolfssl-${WOLFSSL_VERSION}/" + autoreconf -i + ./configure --enable-haproxy --enable-quic --prefix="${HOME}/opt" + make -j$(nproc) + make install + ) + echo "${WOLFSSL_VERSION}" > "${HOME}/opt/.wolfssl-version" + fi +} + +if [ ! -z ${LIBRESSL_VERSION+x} ]; then + download_libressl + build_libressl +fi + +if [ ! -z ${OPENSSL_VERSION+x} ]; then + download_openssl + build_openssl +fi + +if [ ! -z ${BORINGSSL+x} ]; then + ( + + # travis-ci comes with go-1.11, while boringssl requires go-1.13 + eval "$(curl -sL https://raw.githubusercontent.com/travis-ci/gimme/master/gimme | GIMME_GO_VERSION=1.13 bash)" + + download_boringssl + cd download-cache/boringssl + if [ -d build ]; then rm -rf build; fi + mkdir build + cd build + cmake -GNinja -DCMAKE_BUILD_TYPE=release -DBUILD_SHARED_LIBS=1 .. + ninja + + rm -rf ${HOME}/opt/lib || exit 0 + rm -rf ${HOME}/opt/include || exit 0 + + mkdir -p ${HOME}/opt/lib + cp crypto/libcrypto.so ssl/libssl.so ${HOME}/opt/lib + + mkdir -p ${HOME}/opt/include + cp -r ../include/* ${HOME}/opt/include + ) +fi + +if [ ! -z ${AWS_LC_VERSION+x} ]; then + download_aws_lc + build_aws_lc +fi + +if [ ! -z ${QUICTLS+x} ]; then + ( + download_quictls + cd download-cache/quictls + + ./config shared no-tests ${QUICTLS_EXTRA_ARGS:-} --prefix="${HOME}/opt" --openssldir="${HOME}/opt" --libdir=lib -DPURIFY + make -j$(nproc) build_sw + make install_sw + + ) +fi + +if [ ! -z ${WOLFSSL_VERSION+x} ]; then + download_wolfssl + build_wolfssl +fi |