src/fluent-bit/lib/librdkafka-2.1.0/mklove/modules/configure.libssl


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147

#!/bin/bash
#
# libssl and libcrypto (OpenSSL or derivate) support, with installer.
# Requires OpenSSL version v1.0.1 or later.
#
# Usage:
#   mkl_require libssl
#

# And then call the following function from the correct place/order in checks:
#   mkl_check libssl
#
#
# This module is a bit hacky since OpenSSL provides both libcrypto and libssl,
# the latter depending on the former, but from a user perspective it is
# SSL that is the feature, not crypto.

mkl_toggle_option "Feature" ENABLE_SSL "--enable-ssl" "Enable SSL support" "try"


function manual_checks {
    case "$ENABLE_SSL" in
        n) return 0 ;;
        y) local action=fail ;;
        try) local action=disable ;;
        *) mkl_err "mklove internal error: invalid value for ENABLE_SSL: $ENABLE_SSL"; exit 1 ;;
    esac

    if [[ $MKL_SOURCE_DEPS_ONLY != y && $MKL_DISTRO == "osx" ]]; then
        # Add brew's OpenSSL pkg-config path on OSX
        # to avoid picking up the outdated system-provided openssl/libcrypto.
        mkl_env_append PKG_CONFIG_PATH "/usr/local/opt/openssl/lib/pkgconfig" ":"
	# and similar path for M1 brew location
        mkl_env_append PKG_CONFIG_PATH "/opt/homebrew/opt/openssl/lib/pkgconfig" ":"
    fi

    # OpenSSL provides both libcrypto and libssl
    if [[ $WITH_STATIC_LINKING != y ]]; then
        # Debian's OpenSSL static libraries are broken.
        mkl_meta_set "libcrypto" "deb" "libssl-dev"
    fi
    mkl_meta_set "libcrypto" "rpm" "openssl-devel"
    mkl_meta_set "libcrypto" "brew" "openssl"
    mkl_meta_set "libcrypto" "apk" "openssl-dev"
    mkl_meta_set "libcrypto" "static" "libcrypto.a"

    if ! mkl_lib_check "libcrypto" "" $action CC "-lcrypto" "
#include <openssl/ssl.h>
#include <openssl/evp.h>
#if OPENSSL_VERSION_NUMBER < 0x1000100fL
#error \"Requires OpenSSL version >= v1.0.1\"
#endif"; then
        return
    fi


    #
    # libssl
    #
    mkl_meta_set "libssl" "static" "libssl.a"

    if [[ $(mkl_meta_get "libcrypto" "installed_with") == "source" ]]; then
        # Try to resolve the libssl.a static library path based on the
        # libcrypto (openssl) install path.
        mkl_resolve_static_libs "libssl" "$(mkl_dep_destdir libcrypto)"
    fi

    mkl_lib_check "libssl" "WITH_SSL" $action CC "-lssl -lcrypto" \
                  "#include <openssl/ssl.h>
#if OPENSSL_VERSION_NUMBER < 0x1000100fL
#error \"Requires OpenSSL version >= v1.0.1\"
#endif"

    # Silence OpenSSL 3.0.0 deprecation warnings since they'll make
    # -Werror fail.
    if ! mkl_compile_check --sub "libcrypto" "" "" CC "-lcrypto" "
#include <openssl/ssl.h>
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
#error \"OpenSSL version >= v3.0.0 needs OPENSSL_SUPPRESS_DEPRECATED\"
#endif"; then
            mkl_define_set "libcrypto" OPENSSL_SUPPRESS_DEPRECATED
    fi
}


    # Install libcrypto/libssl from source tarball on linux.
    #
    # Param 1: name (libcrypto)
    # Param 2: install-dir-prefix (e.g., DESTDIR)
    # Param 2: version (optional)
function libcrypto_install_source {
    local name=$1
    local destdir=$2
    local ver=3.0.8
    local checksum="6c13d2bf38fdf31eac3ce2a347073673f5d63263398f1f69d0df4a41253e4b3e"
    local url=https://www.openssl.org/source/openssl-${ver}.tar.gz

    local conf_args="--prefix=/usr --openssldir=/usr/lib/ssl no-shared no-zlib"

    if [[ $ver == 1.0.* ]]; then
        conf_args="${conf_args} no-krb5"
    fi

    if [[ $ver != 3.* ]]; then
        # OpenSSL 3 deprecates ENGINE support, but we still need it, so only
        # add no-deprecated to non-3.x builds.
        conf_args="${conf_args} no-deprecated"
    fi

    # 1.1.1q tests fail to build on OSX/M1, so disable them.
    if [[ $MKL_DISTRO == osx && $ver == 1.1.1q ]]; then
        conf_args="${conf_args} no-tests"
    fi

    echo "### Installing $name $ver from source ($url) to $destdir"
    if [[ ! -f config ]]; then
        echo "### Downloading"
        mkl_download_archive "$url" "256" "$checksum" || return 1
    fi

    if [[ $MKL_DISTRO == "osx" ]]; then
        # Workaround build issue in 1.1.1l on OSX with older toolchains.
        if [[ $ver == 1.1.1l ]]; then
            if ! mkl_patch libssl 0000 ; then
                return 1
            fi
        fi

        # Silence a load of warnings on OSX
        conf_args="${conf_args} -Wno-nullability-completeness"
    fi

    echo "### Configuring with args $conf_args"
    ./config $conf_args || return $?

    echo "### Building"
    make

    echo "### Installing to $destdir"
    if [[ $ver == 1.0.* ]]; then
        make INSTALL_PREFIX="$destdir" install_sw
    else
        make DESTDIR="$destdir" install
    fi

    return $?
}