From cff6d757e3ba609c08ef2aaa00f07e53551e5bf6 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Mon, 3 Jun 2024 07:11:10 +0200 Subject: Adding upstream version 3.0.0. Signed-off-by: Daniel Baumann --- scripts/build-ssl.sh | 162 ++++++++++++++++++++++++++--------------------- scripts/build-vtest.sh | 22 ++++++- scripts/mk-patch-list.sh | 47 ++++++++++++++ scripts/run-regtests.sh | 11 ++-- 4 files changed, 164 insertions(+), 78 deletions(-) create mode 100755 scripts/mk-patch-list.sh (limited to 'scripts') diff --git a/scripts/build-ssl.sh b/scripts/build-ssl.sh index 1c17775..f1a6f8a 100755 --- a/scripts/build-ssl.sh +++ b/scripts/build-ssl.sh @@ -1,8 +1,11 @@ #!/bin/sh set -eux +BUILDSSL_DESTDIR=${BUILDSSL_DESTDIR:-${HOME}/opt} +BUILDSSL_TMPDIR=${BUILDSSL_TMPDIR:-/tmp/download-cache} + download_openssl () { - if [ ! -f "download-cache/openssl-${OPENSSL_VERSION}.tar.gz" ]; then + if [ ! -f "${BUILDSSL_TMPDIR}/openssl-${OPENSSL_VERSION}.tar.gz" ]; then # # OpenSSL has different links for latest and previous releases @@ -10,10 +13,12 @@ download_openssl () { # current version as latest, if it fails, follow with previous # - wget -P download-cache/ \ + wget -P ${BUILDSSL_TMPDIR}/ \ "https://www.openssl.org/source/openssl-${OPENSSL_VERSION}.tar.gz" || \ - wget -P download-cache/ \ - "https://www.openssl.org/source/old/${OPENSSL_VERSION%[a-z]}/openssl-${OPENSSL_VERSION}.tar.gz" + wget -P ${BUILDSSL_TMPDIR}/ \ + "https://www.openssl.org/source/old/${OPENSSL_VERSION%[a-z]}/openssl-${OPENSSL_VERSION}.tar.gz" || \ + wget -P ${BUILDSSL_TMPDIR}/ \ + "https://github.com/openssl/openssl/releases/download/openssl-${OPENSSL_VERSION}/openssl-${OPENSSL_VERSION}.tar.gz" fi } @@ -21,8 +26,8 @@ download_openssl () { # while older ones require to build everything sequentially. build_openssl_linux () { ( - cd "openssl-${OPENSSL_VERSION}/" - ./config shared --prefix="${HOME}/opt" --openssldir="${HOME}/opt" --libdir=lib -DPURIFY + cd "${BUILDSSL_TMPDIR}/openssl-${OPENSSL_VERSION}/" + ./config shared --prefix="${BUILDSSL_DESTDIR}" --openssldir="${BUILDSSL_DESTDIR}" --libdir=lib -DPURIFY if [ -z "${OPENSSL_VERSION##1.*}" ]; then make all else @@ -34,16 +39,18 @@ build_openssl_linux () { build_openssl_osx () { ( - cd "openssl-${OPENSSL_VERSION}/" + cd "${BUILDSSL_TMPDIR}/openssl-${OPENSSL_VERSION}/" ./Configure darwin64-x86_64-cc shared \ - --prefix="${HOME}/opt" --openssldir="${HOME}/opt" --libdir=lib -DPURIFY + --prefix="${BUILDSSL_DESTDIR}" --openssldir="${BUILDSSL_DESTDIR}" --libdir=lib -DPURIFY make depend build_sw install_sw ) } build_openssl () { - if [ "$(cat ${HOME}/opt/.openssl-version)" != "${OPENSSL_VERSION}" ]; then - tar zxf "download-cache/openssl-${OPENSSL_VERSION}.tar.gz" + if [ "$(cat ${BUILDSSL_DESTDIR}/.openssl-version)" != "${OPENSSL_VERSION}" ]; then + + mkdir -p "${BUILDSSL_TMPDIR}/openssl-${OPENSSL_VERSION}/" + tar zxf "${BUILDSSL_TMPDIR}/openssl-${OPENSSL_VERSION}.tar.gz" -C "${BUILDSSL_TMPDIR}/openssl-${OPENSSL_VERSION}/" --strip-components=1 case `uname` in 'Darwin') build_openssl_osx @@ -51,105 +58,143 @@ build_openssl () { 'Linux') build_openssl_linux ;; + *) + echo "not yet implemented" + exit 1 + ;; esac - echo "${OPENSSL_VERSION}" > "${HOME}/opt/.openssl-version" + echo "${OPENSSL_VERSION}" > "${BUILDSSL_DESTDIR}/.openssl-version" fi } download_libressl () { - if [ ! -f "download-cache/libressl-${LIBRESSL_VERSION}.tar.gz" ]; then - wget -P download-cache/ \ + if [ ! -f "${BUILDSSL_TMPDIR}/libressl-${LIBRESSL_VERSION}.tar.gz" ]; then + wget -P ${BUILDSSL_TMPDIR}/ \ "https://cdn.openbsd.org/pub/OpenBSD/LibreSSL/libressl-${LIBRESSL_VERSION}.tar.gz" fi } build_libressl () { - if [ "$(cat ${HOME}/opt/.libressl-version)" != "${LIBRESSL_VERSION}" ]; then - tar zxf "download-cache/libressl-${LIBRESSL_VERSION}.tar.gz" + if [ "$(cat ${BUILDSSL_DESTDIR}/.libressl-version)" != "${LIBRESSL_VERSION}" ]; then + mkdir -p "${BUILDSSL_TMPDIR}/libressl-${LIBRESSL_VERSION}/" + tar zxf "${BUILDSSL_TMPDIR}/libressl-${LIBRESSL_VERSION}.tar.gz" -C "${BUILDSSL_TMPDIR}/libressl-${LIBRESSL_VERSION}/" --strip-components=1 ( - cd "libressl-${LIBRESSL_VERSION}/" - ./configure --prefix="${HOME}/opt" + cd "${BUILDSSL_TMPDIR}/libressl-${LIBRESSL_VERSION}/" + ./configure --prefix="${BUILDSSL_DESTDIR}" make all install ) - echo "${LIBRESSL_VERSION}" > "${HOME}/opt/.libressl-version" + echo "${LIBRESSL_VERSION}" > "${BUILDSSL_DESTDIR}/.libressl-version" fi } download_boringssl () { - if [ ! -d "download-cache/boringssl" ]; then - git clone --depth=1 https://boringssl.googlesource.com/boringssl download-cache/boringssl + + # travis-ci comes with go-1.11, while boringssl requires go-1.13 + eval "$(curl -sL https://raw.githubusercontent.com/travis-ci/gimme/master/gimme | GIMME_GO_VERSION=1.13 bash)" + + if [ ! -d "${BUILDSSL_TMPDIR}/boringssl" ]; then + git clone --depth=1 https://boringssl.googlesource.com/boringssl ${BUILDSSL_TMPDIR}/boringssl else ( - cd download-cache/boringssl + cd ${BUILDSSL_TMPDIR}/boringssl git pull ) fi } +build_boringssl () { + cd ${BUILDSSL_TMPDIR}/boringssl + if [ -d build ]; then rm -rf build; fi + mkdir build + cd build + cmake -GNinja -DCMAKE_BUILD_TYPE=release -DBUILD_SHARED_LIBS=1 .. + ninja + + rm -rf ${BUILDSSL_DESTDIR}/lib || exit 0 + rm -rf ${BUILDSSL_DESTDIR}/include || exit 0 + + mkdir -p ${BUILDSSL_DESTDIR}/lib + cp crypto/libcrypto.so ssl/libssl.so ${BUILDSSL_DESTDIR}/lib + + mkdir -p ${BUILDSSL_DESTDIR}/include + cp -r ../include/* ${BUILDSSL_DESTDIR}/include +} + download_aws_lc () { - if [ ! -f "download-cache/aws-lc-${AWS_LC_VERSION}.tar.gz" ]; then - mkdir -p download-cache - wget -q -O "download-cache/aws-lc-${AWS_LC_VERSION}.tar.gz" \ + if [ ! -f "${BUILDSSL_TMPDIR}/aws-lc-${AWS_LC_VERSION}.tar.gz" ]; then + mkdir -p "${BUILDSSL_TMPDIR}" + wget -q -O "${BUILDSSL_TMPDIR}/aws-lc-${AWS_LC_VERSION}.tar.gz" \ "https://github.com/aws/aws-lc/archive/refs/tags/v${AWS_LC_VERSION}.tar.gz" fi } build_aws_lc () { - if [ "$(cat ${HOME}/opt/.aws_lc-version)" != "${AWS_LC_VERSION}" ]; then - tar zxf "download-cache/aws-lc-${AWS_LC_VERSION}.tar.gz" + if [ "$(cat ${BUILDSSL_DESTDIR}/.aws_lc-version)" != "${AWS_LC_VERSION}" ]; then + mkdir -p "${BUILDSSL_TMPDIR}/aws-lc-${AWS_LC_VERSION}/" + tar zxf "${BUILDSSL_TMPDIR}/aws-lc-${AWS_LC_VERSION}.tar.gz" -C "${BUILDSSL_TMPDIR}/aws-lc-${AWS_LC_VERSION}/" --strip-components=1 ( - cd "aws-lc-${AWS_LC_VERSION}/" + cd "${BUILDSSL_TMPDIR}/aws-lc-${AWS_LC_VERSION}/" mkdir -p build cd build cmake -version cmake -DCMAKE_BUILD_TYPE=Release -DBUILD_SHARED_LIBS=1 -DDISABLE_GO=1 -DDISABLE_PERL=1 \ - -DBUILD_TESTING=0 -DCMAKE_INSTALL_PREFIX=${HOME}/opt .. + -DBUILD_TESTING=0 -DCMAKE_INSTALL_PREFIX=${BUILDSSL_DESTDIR} .. make -j$(nproc) make install ) - echo "${AWS_LC_VERSION}" > "${HOME}/opt/.aws_lc-version" + echo "${AWS_LC_VERSION}" > "${BUILDSSL_DESTDIR}/.aws_lc-version" fi } download_quictls () { - if [ ! -d "download-cache/quictls" ]; then - git clone --depth=1 https://github.com/quictls/openssl download-cache/quictls + if [ ! -d "${BUILDSSL_TMPDIR}/quictls" ]; then + git clone --depth=1 https://github.com/quictls/openssl ${BUILDSSL_TMPDIR}/quictls else ( - cd download-cache/quictls + cd ${BUILDSSL_TMPDIR}/quictls git pull ) fi } +build_quictls () { + cd ${BUILDSSL_TMPDIR}/quictls + ./config shared no-tests ${QUICTLS_EXTRA_ARGS:-} --prefix="${BUILDSSL_DESTDIR}" --openssldir="${BUILDSSL_DESTDIR}" --libdir=lib -DPURIFY + make -j$(nproc) build_sw + make install_sw +} + download_wolfssl () { - if [ ! -f "download-cache/wolfssl-${WOLFSSL_VERSION}.tar.gz" ]; then - mkdir -p download-cache + if [ ! -f "${BUILDSSL_TMPDIR}/wolfssl-${WOLFSSL_VERSION}.tar.gz" ]; then + mkdir -p ${BUILDSSL_TMPDIR} if [ "${WOLFSSL_VERSION%%-*}" != "git" ]; then - wget -q -O "download-cache/wolfssl-${WOLFSSL_VERSION}.tar.gz" \ + wget -q -O "${BUILDSSL_TMPDIR}/wolfssl-${WOLFSSL_VERSION}.tar.gz" \ "https://github.com/wolfSSL/wolfssl/archive/refs/tags/v${WOLFSSL_VERSION}-stable.tar.gz" else - wget -q -O "download-cache/wolfssl-${WOLFSSL_VERSION}.tar.gz" \ + wget -q -O "${BUILDSSL_TMPDIR}/wolfssl-${WOLFSSL_VERSION}.tar.gz" \ "https://github.com/wolfSSL/wolfssl/archive/${WOLFSSL_VERSION##git-}.tar.gz" fi fi } build_wolfssl () { - if [ "$(cat ${HOME}/opt/.wolfssl-version)" != "${WOLFSSL_VERSION}" ]; then - mkdir "wolfssl-${WOLFSSL_VERSION}/" - tar zxf "download-cache/wolfssl-${WOLFSSL_VERSION}.tar.gz" -C "wolfssl-${WOLFSSL_VERSION}/" --strip-components=1 + if [ "$(cat ${BUILDSSL_DESTDIR}/.wolfssl-version)" != "${WOLFSSL_VERSION}" ]; then + mkdir -p "${BUILDSSL_TMPDIR}/wolfssl-${WOLFSSL_VERSION}/" + tar zxf "${BUILDSSL_TMPDIR}/wolfssl-${WOLFSSL_VERSION}.tar.gz" -C "${BUILDSSL_TMPDIR}/wolfssl-${WOLFSSL_VERSION}/" --strip-components=1 ( - cd "wolfssl-${WOLFSSL_VERSION}/" + cd "${BUILDSSL_TMPDIR}/wolfssl-${WOLFSSL_VERSION}/" autoreconf -i - ./configure --enable-haproxy --enable-quic --prefix="${HOME}/opt" + ./configure --enable-haproxy --enable-quic --prefix="${BUILDSSL_DESTDIR}" make -j$(nproc) make install ) - echo "${WOLFSSL_VERSION}" > "${HOME}/opt/.wolfssl-version" + echo "${WOLFSSL_VERSION}" > "${BUILDSSL_DESTDIR}/.wolfssl-version" fi } +mkdir -p "${BUILDSSL_DESTDIR}" + + if [ ! -z ${LIBRESSL_VERSION+x} ]; then download_libressl build_libressl @@ -161,28 +206,8 @@ if [ ! -z ${OPENSSL_VERSION+x} ]; then fi if [ ! -z ${BORINGSSL+x} ]; then - ( - - # travis-ci comes with go-1.11, while boringssl requires go-1.13 - eval "$(curl -sL https://raw.githubusercontent.com/travis-ci/gimme/master/gimme | GIMME_GO_VERSION=1.13 bash)" - - download_boringssl - cd download-cache/boringssl - if [ -d build ]; then rm -rf build; fi - mkdir build - cd build - cmake -GNinja -DCMAKE_BUILD_TYPE=release -DBUILD_SHARED_LIBS=1 .. - ninja - - rm -rf ${HOME}/opt/lib || exit 0 - rm -rf ${HOME}/opt/include || exit 0 - - mkdir -p ${HOME}/opt/lib - cp crypto/libcrypto.so ssl/libssl.so ${HOME}/opt/lib - - mkdir -p ${HOME}/opt/include - cp -r ../include/* ${HOME}/opt/include - ) + download_boringssl + build_boringssl fi if [ ! -z ${AWS_LC_VERSION+x} ]; then @@ -191,15 +216,8 @@ if [ ! -z ${AWS_LC_VERSION+x} ]; then fi if [ ! -z ${QUICTLS+x} ]; then - ( download_quictls - cd download-cache/quictls - - ./config shared no-tests ${QUICTLS_EXTRA_ARGS:-} --prefix="${HOME}/opt" --openssldir="${HOME}/opt" --libdir=lib -DPURIFY - make -j$(nproc) build_sw - make install_sw - - ) + build_quictls fi if [ ! -z ${WOLFSSL_VERSION+x} ]; then diff --git a/scripts/build-vtest.sh b/scripts/build-vtest.sh index 4db35d6..9ae4306 100755 --- a/scripts/build-vtest.sh +++ b/scripts/build-vtest.sh @@ -6,5 +6,25 @@ curl -fsSL https://github.com/vtest/VTest/archive/master.tar.gz -o VTest.tar.gz mkdir ../vtest tar xvf VTest.tar.gz -C ../vtest --strip-components=1 # Special flags due to: https://github.com/vtest/VTest/issues/12 -make -C ../vtest FLAGS="-O2 -s -Wall" +# Note: do not use "make -C ../vtest", otherwise MAKEFLAGS contains "w" +# and fails (see Options/Recursion in GNU Make doc, it contains the list +# of options without the leading '-'). +# MFLAGS works on BSD but misses variable definitions on GNU Make. +# Better just avoid the -C and do the cd ourselves then. + +cd ../vtest + +set +e +CPUS=${CPUS:-$(nproc 2>/dev/null)} +CPUS=${CPUS:-1} +set -e + +# +# temporarily detect Apple Silicon (it's using /opt/homebrew instead of /usr/local) +# +if test -f /opt/homebrew/include/pcre2.h; then + make -j${CPUS} FLAGS="-O2 -s -Wall" INCS="-Isrc -Ilib -I/usr/local/include -I/opt/homebrew/include -pthread" +else + make -j${CPUS} FLAGS="-O2 -s -Wall" +fi diff --git a/scripts/mk-patch-list.sh b/scripts/mk-patch-list.sh new file mode 100755 index 0000000..aa6aa6d --- /dev/null +++ b/scripts/mk-patch-list.sh @@ -0,0 +1,47 @@ +#!/bin/bash + +die() { + [ "$#" -eq 0 ] || echo "$*" >&2 + exit 1 +} + +err() { + echo "$*" >&2 +} + +quit() { + [ "$#" -eq 0 ] || echo "$*" + exit 0 +} + +#### Main + +USAGE="Usage: ${0##*/} [-o ] [-s ] [-b ] commit_id..." +OUTPUT= +BASE= +NUM= + +while [ -n "$1" -a -z "${1##-*}" ]; do + case "$1" in + -b) BASE="$2" ; shift 2 ;; + -o) OUTPUT="$2" ; shift 2 ;; + -s) NUM="$2" ; shift 2 ;; + -h|--help) quit "$USAGE" ;; + *) die "$USAGE" ;; + esac +done + +PATCHES=( "$@" ) +NUM=${NUM:-1} + +for p in ${PATCHES[@]}; do + if [ -n "$BASE" ]; then + # find the patch number from the base. + # E.g. v2.9-dev0-774-gd710dfbac + NUM=$(git describe --match "$BASE" "$p") + NUM=${NUM#"$BASE"-} + NUM=${NUM%-*} + fi + git format-patch -k -1 --start-number=$NUM ${OUTPUT:+-o $OUTPUT} "$p" + ((NUM++)) +done diff --git a/scripts/run-regtests.sh b/scripts/run-regtests.sh index 85f1341..79dd8e9 100755 --- a/scripts/run-regtests.sh +++ b/scripts/run-regtests.sh @@ -312,8 +312,9 @@ _version() { HAPROXY_PROGRAM="${HAPROXY_PROGRAM:-${PWD}/haproxy}" -HAPROXY_ARGS="${HAPROXY_ARGS--dM}" +HAPROXY_ARGS="${HAPROXY_ARGS--dM -dI}" VTEST_PROGRAM="${VTEST_PROGRAM:-vtest}" +VTEST_TIMEOUT="${VTEST_TIMEOUT:-10}" TESTDIR="${TMPDIR:-/tmp}" REGTESTS="" LINEFEED=" @@ -344,16 +345,16 @@ if [ $preparefailed ]; then fi { read HAPROXY_VERSION; read TARGET; read FEATURES; read SERVICES; } << EOF -$($HAPROXY_PROGRAM $HAPROXY_ARGS -vv | grep 'HA-\?Proxy version\|TARGET.*=\|^Feature\|^Available services' | sed 's/.* [:=] //') +$($HAPROXY_PROGRAM $HAPROXY_ARGS -vv | grep -E 'HA-?Proxy version|TARGET.*=|^Feature|^Available services' | sed 's/.* [:=] //') EOF HAPROXY_VERSION=$(echo $HAPROXY_VERSION | cut -d " " -f 3) echo "Testing with haproxy version: $HAPROXY_VERSION" -PROJECT_VERSION=$(${MAKE:-make} version 2>&1 | grep '^VERSION:\|^SUBVERS:'|cut -f2 -d' '|tr -d '\012') +PROJECT_VERSION=$(${MAKE:-make} version 2>&1 | grep -E '^VERSION:|^SUBVERS:'|cut -f2 -d' '|tr -d '\012') if [ -z "${PROJECT_VERSION}${MAKE}" ]; then # try again with gmake, just in case - PROJECT_VERSION=$(gmake version 2>&1 | grep '^VERSION:\|^SUBVERS:'|cut -f2 -d' '|tr -d '\012') + PROJECT_VERSION=$(gmake version 2>&1 | grep -E '^VERSION:|^SUBVERS:'|cut -f2 -d' '|tr -d '\012') fi FEATURES_PATTERN=" $FEATURES " @@ -396,7 +397,7 @@ if [ -n "$testlist" ]; then if [ -n "$jobcount" ]; then jobcount="-j $jobcount" fi - cmd="$VTEST_PROGRAM -b $((2<<20)) -k -t 10 $keep_logs $verbose $debug $jobcount $vtestparams $testlist" + cmd="$VTEST_PROGRAM -b $((2<<20)) -k -t ${VTEST_TIMEOUT} $keep_logs $verbose $debug $jobcount $vtestparams $testlist" eval $cmd _vtresult=$? else -- cgit v1.2.3