Skip to content

Commit 15832f8

Browse files
mayeutmayeut
committed
Build shared OpenSSL
OpenSSL & curl libraries are isolated from the system one & won't conflict with system tools.
1 parent a8f7292 commit 15832f8

File tree

2 files changed

+48
-19
lines changed

2 files changed

+48
-19
lines changed

docker/build_scripts/build.sh

+44-14
Original file line numberDiff line numberDiff line change
@@ -86,10 +86,6 @@ hash -r
8686
curl --version
8787
curl-config --features
8888

89-
# Install a git we link against OpenSSL so that we can use TLS 1.2
90-
build_git $GIT_ROOT $GIT_HASH
91-
git version
92-
9389
# Install newest autoconf
9490
build_autoconf $AUTOCONF_ROOT $AUTOCONF_HASH
9591
autoconf --version
@@ -102,6 +98,41 @@ automake --version
10298
build_libtool $LIBTOOL_ROOT $LIBTOOL_HASH
10399
libtool --version
104100

101+
# Install patchelf (latest with unreleased bug fixes)
102+
curl -fsSL -o patchelf.tar.gz https://github.com/NixOS/patchelf/archive/$PATCHELF_VERSION.tar.gz
103+
check_sha256sum patchelf.tar.gz $PATCHELF_HASH
104+
tar -xzf patchelf.tar.gz
105+
(cd patchelf-$PATCHELF_VERSION && ./bootstrap.sh && do_standard_install)
106+
rm -rf patchelf.tar.gz patchelf-$PATCHELF_VERSION
107+
108+
# Let's patch curl & openssl
109+
CHECKSUM=$(sha256sum /opt/_internal/_vendor/lib/libcrypto.so.1.0.0)
110+
CHECKSUM=${CHECKSUM:0:8}
111+
patchelf --set-soname /opt/_internal/_vendor/lib/libcrypto.so.1.0.0-${CHECKSUM} /opt/_internal/_vendor/lib/libcrypto.so.1.0.0
112+
mv /opt/_internal/_vendor/lib/libcrypto.so.1.0.0 /opt/_internal/_vendor/lib/libcrypto.so.1.0.0-${CHECKSUM}
113+
ln -sf libcrypto.so.1.0.0-${CHECKSUM} /opt/_internal/_vendor/lib/libcrypto.so
114+
patchelf --replace-needed libcrypto.so.1.0.0 /opt/_internal/_vendor/lib/libcrypto.so.1.0.0-${CHECKSUM} /opt/_internal/_vendor/lib/libssl.so.1.0.0
115+
patchelf --replace-needed libcrypto.so.1.0.0 /opt/_internal/_vendor/lib/libcrypto.so.1.0.0-${CHECKSUM} /opt/_internal/_vendor/lib/libcurl.so.4
116+
patchelf --replace-needed libcrypto.so.1.0.0 /opt/_internal/_vendor/lib/libcrypto.so.1.0.0-${CHECKSUM} /usr/local/bin/curl
117+
118+
CHECKSUM=$(sha256sum /opt/_internal/_vendor/lib/libssl.so.1.0.0)
119+
CHECKSUM=${CHECKSUM:0:8}
120+
patchelf --set-soname /opt/_internal/_vendor/lib/libssl.so.1.0.0-${CHECKSUM} /opt/_internal/_vendor/lib/libssl.so.1.0.0
121+
mv /opt/_internal/_vendor/lib/libssl.so.1.0.0 /opt/_internal/_vendor/lib/libssl.so.1.0.0-${CHECKSUM}
122+
ln -sf libssl.so.1.0.0-${CHECKSUM} /opt/_internal/_vendor/lib/libssl.so
123+
patchelf --replace-needed libssl.so.1.0.0 /opt/_internal/_vendor/lib/libssl.so.1.0.0-${CHECKSUM} /opt/_internal/_vendor/lib/libcurl.so.4
124+
patchelf --replace-needed libssl.so.1.0.0 /opt/_internal/_vendor/lib/libssl.so.1.0.0-${CHECKSUM} /usr/local/bin/curl
125+
126+
CHECKSUM=$(sha256sum /opt/_internal/_vendor/lib/libcurl.so.4)
127+
CHECKSUM=${CHECKSUM:0:8}
128+
patchelf --set-soname /opt/_internal/_vendor/lib/libcurl.so.4-${CHECKSUM} /opt/_internal/_vendor/lib/libcurl.so.4
129+
mv /opt/_internal/_vendor/lib/libcurl.so.4 /opt/_internal/_vendor/lib/libcurl.so.4-${CHECKSUM}
130+
patchelf --replace-needed libcurl.so.4 /opt/_internal/_vendor/lib/libcurl.so.4-${CHECKSUM} /usr/local/bin/curl
131+
132+
# Install a git we link against OpenSSL so that we can use TLS 1.2
133+
build_git $GIT_ROOT $GIT_HASH
134+
git version
135+
105136
# Install a more recent SQLite3
106137
curl -fsSLO $SQLITE_AUTOCONF_DOWNLOAD_URL/$SQLITE_AUTOCONF_VERSION.tar.gz
107138
check_sha256sum $SQLITE_AUTOCONF_VERSION.tar.gz $SQLITE_AUTOCONF_HASH
@@ -110,11 +141,14 @@ cd $SQLITE_AUTOCONF_VERSION
110141
do_standard_install
111142
cd ..
112143
rm -rf $SQLITE_AUTOCONF_VERSION*
144+
rm -f /usr/local/lib/libsqlite3.a
145+
146+
# Create a symbolic link for python to find openssl
147+
ln -s /opt/_internal/_vendor /usr/local/ssl
113148

114149
# Compile the latest Python releases.
115150
# (In order to have a proper SSL module, Python is compiled
116-
# against a recent openssl [see env vars above], which is linked
117-
# statically.
151+
# against a recent openssl [see env vars above])
118152
mkdir -p /opt/python
119153
build_cpythons $CPYTHON_VERSIONS
120154

@@ -134,14 +168,8 @@ ln -s $($PY36_BIN/python -c 'import certifi; print(certifi.where())') \
134168
export SSL_CERT_FILE=/opt/_internal/certs.pem
135169

136170
# Now we can delete our built OpenSSL headers/static libs since we've linked everything we need
137-
rm -rf /usr/local/ssl
138-
139-
# Install patchelf (latest with unreleased bug fixes)
140-
curl -fsSL -o patchelf.tar.gz https://github.com/NixOS/patchelf/archive/$PATCHELF_VERSION.tar.gz
141-
check_sha256sum patchelf.tar.gz $PATCHELF_HASH
142-
tar -xzf patchelf.tar.gz
143-
(cd patchelf-$PATCHELF_VERSION && ./bootstrap.sh && do_standard_install)
144-
rm -rf patchelf.tar.gz patchelf-$PATCHELF_VERSION
171+
unlink /usr/local/ssl
172+
find /opt/_internal/_vendor -mindepth 1 -maxdepth 1 -not -path '/opt/_internal/_vendor/lib*' | xargs rm -rf
145173

146174
ln -s $PY36_BIN/auditwheel /usr/local/bin/auditwheel
147175

@@ -167,6 +195,8 @@ find /opt/_internal -name '*.a' -print0 | xargs -0 rm -f
167195
# *everything*, including non-ELF files:
168196
find /opt/_internal -type f -print0 \
169197
| xargs -0 -n1 strip --strip-unneeded 2>/dev/null || true
198+
find /usr/local -type f -print0 \
199+
| xargs -0 -n1 strip --strip-unneeded 2>/dev/null || true
170200

171201
for PYTHON in /opt/python/*/bin/python; do
172202
# Smoke test to make sure that our Pythons work, and do indeed detect as

docker/build_scripts/build_utils.sh

+4-5
Original file line numberDiff line numberDiff line change
@@ -104,9 +104,10 @@ function build_cpythons {
104104

105105

106106
function do_openssl_build {
107-
./config no-ssl2 no-shared -fPIC --prefix=/usr/local/ssl > /dev/null
107+
./config no-ssl2 shared --prefix=/opt/_internal/_vendor --openssldir=/opt/_internal/_vendor > /dev/null
108108
make > /dev/null
109109
make install_sw > /dev/null
110+
rm -rf /opt/_internal/_vendor/bin /opt/_internal/_vendor/lib/*.a
110111
}
111112

112113

@@ -170,15 +171,13 @@ function build_git {
170171
fetch_source v${git_fname}.tar.gz ${GIT_DOWNLOAD_URL}
171172
check_sha256sum v${git_fname}.tar.gz ${git_sha256}
172173
tar -xzf v${git_fname}.tar.gz
173-
(cd git-${git_fname} && make install prefix=/usr/local LDFLAGS="-L/usr/local/ssl/lib -ldl" CFLAGS="-I/usr/local/ssl/include" > /dev/null)
174+
(cd git-${git_fname} && make install prefix=/usr/local NO_GETTEXT=1 LDFLAGS="-L/opt/_internal/_vendor/lib -ldl" CFLAGS="-I/opt/_internal/_vendor/include" > /dev/null)
174175
rm -rf git-${git_fname} v${git_fname}.tar.gz
175176
}
176177

177178

178179
function do_curl_build {
179-
# We do this shared to avoid obnoxious linker issues where git couldn't
180-
# link properly. If anyone wants to make this build statically go for it.
181-
LIBS=-ldl CFLAGS=-Wl,--exclude-libs,ALL ./configure --with-ssl --disable-static > /dev/null
180+
LD_LIBRARY_PATH=/opt/_internal/_vendor/lib:$LD_LIBRARY_PATH LIBS=-ldl CFLAGS=-Wl,--exclude-libs,ALL ./configure --with-ssl=/opt/_internal/_vendor --disable-static --prefix=/opt/_internal/_vendor --bindir=/usr/local/bin > /dev/null
182181
make > /dev/null
183182
make install > /dev/null
184183
}

0 commit comments

Comments
 (0)