Skip to content

Commit 2133933

Browse files
mayeutmayeut
committed
Build shared OpenSSL
OpenSSL & curl libraries are isolated from the system one & won't conflict with system tools.
1 parent e647ac3 commit 2133933

File tree

2 files changed

+48
-19
lines changed

2 files changed

+48
-19
lines changed

docker/build_scripts/build.sh

Lines changed: 44 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -83,10 +83,6 @@ hash -r
8383
curl --version
8484
curl-config --features
8585

86-
# Install a git we link against OpenSSL so that we can use TLS 1.2
87-
build_git $GIT_ROOT $GIT_HASH
88-
git version
89-
9086
# Install newest autoconf
9187
build_autoconf $AUTOCONF_ROOT $AUTOCONF_HASH
9288
autoconf --version
@@ -99,6 +95,41 @@ automake --version
9995
build_libtool $LIBTOOL_ROOT $LIBTOOL_HASH
10096
libtool --version
10197

98+
# Install patchelf (latest with unreleased bug fixes)
99+
curl -fsSL -o patchelf.tar.gz https://github.com/NixOS/patchelf/archive/$PATCHELF_VERSION.tar.gz
100+
check_sha256sum patchelf.tar.gz $PATCHELF_HASH
101+
tar -xzf patchelf.tar.gz
102+
(cd patchelf-$PATCHELF_VERSION && ./bootstrap.sh && do_standard_install)
103+
rm -rf patchelf.tar.gz patchelf-$PATCHELF_VERSION
104+
105+
# Let's patch curl & openssl
106+
CHECKSUM=$(sha256sum /opt/_internal/_vendor/lib/libcrypto.so.1.0.0)
107+
CHECKSUM=${CHECKSUM:0:8}
108+
patchelf --set-soname /opt/_internal/_vendor/lib/libcrypto.so.1.0.0-${CHECKSUM} /opt/_internal/_vendor/lib/libcrypto.so.1.0.0
109+
mv /opt/_internal/_vendor/lib/libcrypto.so.1.0.0 /opt/_internal/_vendor/lib/libcrypto.so.1.0.0-${CHECKSUM}
110+
ln -sf libcrypto.so.1.0.0-${CHECKSUM} /opt/_internal/_vendor/lib/libcrypto.so
111+
patchelf --replace-needed libcrypto.so.1.0.0 /opt/_internal/_vendor/lib/libcrypto.so.1.0.0-${CHECKSUM} /opt/_internal/_vendor/lib/libssl.so.1.0.0
112+
patchelf --replace-needed libcrypto.so.1.0.0 /opt/_internal/_vendor/lib/libcrypto.so.1.0.0-${CHECKSUM} /opt/_internal/_vendor/lib/libcurl.so.4
113+
patchelf --replace-needed libcrypto.so.1.0.0 /opt/_internal/_vendor/lib/libcrypto.so.1.0.0-${CHECKSUM} /usr/local/bin/curl
114+
115+
CHECKSUM=$(sha256sum /opt/_internal/_vendor/lib/libssl.so.1.0.0)
116+
CHECKSUM=${CHECKSUM:0:8}
117+
patchelf --set-soname /opt/_internal/_vendor/lib/libssl.so.1.0.0-${CHECKSUM} /opt/_internal/_vendor/lib/libssl.so.1.0.0
118+
mv /opt/_internal/_vendor/lib/libssl.so.1.0.0 /opt/_internal/_vendor/lib/libssl.so.1.0.0-${CHECKSUM}
119+
ln -sf libssl.so.1.0.0-${CHECKSUM} /opt/_internal/_vendor/lib/libssl.so
120+
patchelf --replace-needed libssl.so.1.0.0 /opt/_internal/_vendor/lib/libssl.so.1.0.0-${CHECKSUM} /opt/_internal/_vendor/lib/libcurl.so.4
121+
patchelf --replace-needed libssl.so.1.0.0 /opt/_internal/_vendor/lib/libssl.so.1.0.0-${CHECKSUM} /usr/local/bin/curl
122+
123+
CHECKSUM=$(sha256sum /opt/_internal/_vendor/lib/libcurl.so.4)
124+
CHECKSUM=${CHECKSUM:0:8}
125+
patchelf --set-soname /opt/_internal/_vendor/lib/libcurl.so.4-${CHECKSUM} /opt/_internal/_vendor/lib/libcurl.so.4
126+
mv /opt/_internal/_vendor/lib/libcurl.so.4 /opt/_internal/_vendor/lib/libcurl.so.4-${CHECKSUM}
127+
patchelf --replace-needed libcurl.so.4 /opt/_internal/_vendor/lib/libcurl.so.4-${CHECKSUM} /usr/local/bin/curl
128+
129+
# Install a git we link against OpenSSL so that we can use TLS 1.2
130+
build_git $GIT_ROOT $GIT_HASH
131+
git version
132+
102133
# Install a more recent SQLite3
103134
curl -fsSLO $SQLITE_AUTOCONF_DOWNLOAD_URL/$SQLITE_AUTOCONF_VERSION.tar.gz
104135
check_sha256sum $SQLITE_AUTOCONF_VERSION.tar.gz $SQLITE_AUTOCONF_HASH
@@ -107,11 +138,14 @@ cd $SQLITE_AUTOCONF_VERSION
107138
do_standard_install
108139
cd ..
109140
rm -rf $SQLITE_AUTOCONF_VERSION*
141+
rm -f /usr/local/lib/libsqlite3.a
142+
143+
# Create a symbolic link for python to find openssl
144+
ln -s /opt/_internal/_vendor /usr/local/ssl
110145

111146
# Compile the latest Python releases.
112147
# (In order to have a proper SSL module, Python is compiled
113-
# against a recent openssl [see env vars above], which is linked
114-
# statically.
148+
# against a recent openssl [see env vars above])
115149
mkdir -p /opt/python
116150
build_cpythons $CPYTHON_VERSIONS
117151

@@ -131,14 +165,8 @@ ln -s $($PY36_BIN/python -c 'import certifi; print(certifi.where())') \
131165
export SSL_CERT_FILE=/opt/_internal/certs.pem
132166

133167
# Now we can delete our built OpenSSL headers/static libs since we've linked everything we need
134-
rm -rf /usr/local/ssl
135-
136-
# Install patchelf (latest with unreleased bug fixes)
137-
curl -fsSL -o patchelf.tar.gz https://github.com/NixOS/patchelf/archive/$PATCHELF_VERSION.tar.gz
138-
check_sha256sum patchelf.tar.gz $PATCHELF_HASH
139-
tar -xzf patchelf.tar.gz
140-
(cd patchelf-$PATCHELF_VERSION && ./bootstrap.sh && do_standard_install)
141-
rm -rf patchelf.tar.gz patchelf-$PATCHELF_VERSION
168+
unlink /usr/local/ssl
169+
find /opt/_internal/_vendor -mindepth 1 -maxdepth 1 -not -path '/opt/_internal/_vendor/lib*' | xargs rm -rf
142170

143171
ln -s $PY36_BIN/auditwheel /usr/local/bin/auditwheel
144172

@@ -164,6 +192,8 @@ find /opt/_internal -name '*.a' -print0 | xargs -0 rm -f
164192
# *everything*, including non-ELF files:
165193
find /opt/_internal -type f -print0 \
166194
| xargs -0 -n1 strip --strip-unneeded 2>/dev/null || true
195+
find /usr/local -type f -print0 \
196+
| xargs -0 -n1 strip --strip-unneeded 2>/dev/null || true
167197

168198
for PYTHON in /opt/python/*/bin/python; do
169199
# Smoke test to make sure that our Pythons work, and do indeed detect as

docker/build_scripts/build_utils.sh

Lines changed: 4 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -107,9 +107,10 @@ function build_cpythons {
107107

108108

109109
function do_openssl_build {
110-
./config no-ssl2 no-shared -fPIC --prefix=/usr/local/ssl > /dev/null
110+
./config no-ssl2 shared --prefix=/opt/_internal/_vendor --openssldir=/opt/_internal/_vendor > /dev/null
111111
make > /dev/null
112112
make install_sw > /dev/null
113+
rm -rf /opt/_internal/_vendor/bin /opt/_internal/_vendor/lib/*.a
113114
}
114115

115116

@@ -173,15 +174,13 @@ function build_git {
173174
fetch_source v${git_fname}.tar.gz ${GIT_DOWNLOAD_URL}
174175
check_sha256sum v${git_fname}.tar.gz ${git_sha256}
175176
tar -xzf v${git_fname}.tar.gz
176-
(cd git-${git_fname} && make install prefix=/usr/local LDFLAGS="-L/usr/local/ssl/lib -ldl" CFLAGS="-I/usr/local/ssl/include" > /dev/null)
177+
(cd git-${git_fname} && make install prefix=/usr/local NO_GETTEXT=1 LDFLAGS="-L/opt/_internal/_vendor/lib -ldl" CFLAGS="-I/opt/_internal/_vendor/include" > /dev/null)
177178
rm -rf git-${git_fname} v${git_fname}.tar.gz
178179
}
179180

180181

181182
function do_curl_build {
182-
# We do this shared to avoid obnoxious linker issues where git couldn't
183-
# link properly. If anyone wants to make this build statically go for it.
184-
LIBS=-ldl CFLAGS=-Wl,--exclude-libs,ALL ./configure --with-ssl --disable-static > /dev/null
183+
LD_LIBRARY_PATH=/opt/_internal/_vendor/lib:$LD_LIBRARY_PATH LIBS=-ldl CFLAGS=-Wl,--exclude-libs,ALL ./configure --with-ssl=/opt/_internal/_vendor --disable-static --prefix=/opt/_internal/_vendor --bindir=/usr/local/bin > /dev/null
185184
make > /dev/null
186185
make install > /dev/null
187186
}

0 commit comments

Comments
 (0)