Skip to content

Instantly share code, notes, and snippets.

@jay
Last active October 23, 2023 18:14
Show Gist options
  • Save jay/d88d74b6807544387a6c to your computer and use it in GitHub Desktop.
Save jay/d88d74b6807544387a6c to your computer and use it in GitHub Desktop.
Notes for building and installing curl and OpenSSL in Ubuntu 16 x64 LTS
###############################################################################
#
# This is for when we have to update the installed version of curl, nghttp2 or
# openssl in Ubuntu 16 LTS. This is not a single script.
#
# https://gist.github.com/jay/d88d74b6807544387a6c
#
###############################################################################
#
# Set environment variables to latest versions
# Paths must not have spaces (OpenSSL build process can't handle them)
#
CURL_VER=8.0.1
CURL_PREFIX=/usr/local
NGHTTP2_VER=1.52.0
NGHTTP2_PREFIX=/usr/local
OPENSSL_VER=3.1.0
OPENSSL_PREFIX=/usr/local/ssl
OPENSSLDIR_PREFIX=/usr/local/ssl
###############################################################################
#
# To install self contained for test purposes, after setting the _VER vars do:
#
mkdir -p test && cd test
CURL_PREFIX=$PWD
NGHTTP2_PREFIX=$PWD
OPENSSL_PREFIX=$PWD/ssl
OPENSSLDIR_PREFIX=$PWD/ssl
###############################################################################
#
# Download OpenSSL, verify, build, test, install. Takes 15 minutes.
#
sudo rm -rf "openssl-$OPENSSL_VER" && \
mkdir -p -m 0700 "openssl-$OPENSSL_VER/.gnupg" && \
curl --fail \
-O https://www.openssl.org/source/openssl-$OPENSSL_VER.tar.gz \
-O https://www.openssl.org/source/openssl-$OPENSSL_VER.tar.gz.asc && \
\
# https://www.openssl.org/community/omc.html
#
gpg \
--no-auto-key-locate \
--no-default-keyring \
--homedir "$PWD/openssl-$OPENSSL_VER/.gnupg" \
--keyring "$PWD/openssl-$OPENSSL_VER/.gnupg/openssl.gpg" \
--keyserver hkp://keyserver.ubuntu.com \
--keyserver-options no-auto-key-retrieve \
--recv-keys \
7953AC1FBC3DC8B3B292393ED5E9E43F7DF9EE8C \
8657ABB260F056B1E5190839D9C4D26D0E604491 \
B7C1C14360F353A36862E4D5231C84CDDCC69C45 \
A21FAB74B0088AA361152586B8EF1A6BA9DA2D5C \
EFC0A467D613CB83C7ED6D30D894E2CE8B3D79F5 \
&& \
gpg \
--no-auto-key-locate \
--no-default-keyring \
--homedir "$PWD/openssl-$OPENSSL_VER/.gnupg" \
--keyring "$PWD/openssl-$OPENSSL_VER/.gnupg/openssl.gpg" \
--keyserver hkp://keyserver.ubuntu.com \
--keyserver-options no-auto-key-retrieve \
--verify openssl-$OPENSSL_VER.tar.gz.asc \
&& \
tar xvfz openssl-$OPENSSL_VER.tar.gz && \
cd openssl-$OPENSSL_VER && \
\
./config shared no-zlib -Wl,--enable-new-dtags,-rpath,'$(LIBRPATH)' \
--prefix=$OPENSSL_PREFIX --openssldir=$OPENSSLDIR_PREFIX --libdir=lib && \
make && \
make test && \
sudo make install && \
cd .. && \
echo -e "\n\n" && \
$OPENSSL_PREFIX/bin/openssl version -a && \
echo -e "\n\nSuccess: Installed OpenSSL $OPENSSL_VER in $OPENSSL_PREFIX\n"
###############################################################################
#
# Download nghttp2, verify, build, test, install. Takes 1 minute.
#
sudo rm -rf "nghttp2-$NGHTTP2_VER" && \
curl --fail -L --proto-redir =https \
-O https://github.com/tatsuhiro-t/nghttp2/releases/download/\
v$NGHTTP2_VER/nghttp2-$NGHTTP2_VER.tar.gz && \
tar xvfz nghttp2-$NGHTTP2_VER.tar.gz && \
cd nghttp2-$NGHTTP2_VER && \
\
# Workaround older g++, see https://github.com/nghttp2/nghttp2/issues/1305
#
curl --fail -OL \
https://gist.githubusercontent.com/jay/d88d74b6807544387a6c/raw/workaround_g++_5.patch && \
patch -F999 -p1 < workaround_g++_5.patch && \
\
OPENSSL_CFLAGS=`PKG_CONFIG_PATH=$OPENSSL_PREFIX/lib/pkgconfig/ \
pkg-config openssl --cflags` \
OPENSSL_LIBS=`PKG_CONFIG_PATH=$OPENSSL_PREFIX/lib/pkgconfig/ \
pkg-config openssl --libs` \
LDFLAGS="-Wl,-rpath,$OPENSSL_PREFIX/lib -Wl,-rpath,$NGHTTP2_PREFIX/lib" \
./configure --enable-lib-only \
--prefix=$NGHTTP2_PREFIX && \
make && \
make check && \
sudo make install && \
cd .. && \
echo -e "\n\nSuccess: Installed Nghttp2 $NGHTTP2_VER in $NGHTTP2_PREFIX\n"
#
# nghttp2 examples are disabled because we're not using the system OpenSSL.
# https://github.com/tatsuhiro-t/nghttp2/issues/336
#
###############################################################################
#
# Download curl, verify, build, test, install. Takes 15 minutes.
#
sudo rm -rf "curl-$CURL_VER" && \
mkdir -p -m 0700 "curl-$CURL_VER/.gnupg" && \
curl --fail \
-O https://curl.se/download/curl-$CURL_VER.tar.gz \
-O https://curl.se/download/curl-$CURL_VER.tar.gz.asc && \
# https://daniel.haxx.se/address.html
# https://github.com/curl/curl/issues/735
#
gpg \
--no-auto-key-locate \
--no-default-keyring \
--homedir "$PWD/curl-$CURL_VER/.gnupg" \
--keyring "$PWD/curl-$CURL_VER/.gnupg/curl.gpg" \
--keyserver hkp://keyserver.ubuntu.com \
--keyserver-options no-auto-key-retrieve \
--recv-keys \
27EDEAF22F3ABCEB50DB9A125CC908FDB71E12C2 \
&& \
gpg \
--no-auto-key-locate \
--no-default-keyring \
--homedir "$PWD/curl-$CURL_VER/.gnupg" \
--keyring "$PWD/curl-$CURL_VER/.gnupg/curl.gpg" \
--keyserver hkp://keyserver.ubuntu.com \
--keyserver-options no-auto-key-retrieve \
--verify curl-$CURL_VER.tar.gz.asc \
&& \
tar xvfz curl-$CURL_VER.tar.gz && \
cd curl-$CURL_VER && \
\
# Workaround libtool bug 24296, see https://github.com/curl/curl/issues/432
#
curl --fail -L --output workaround_libtool_bug_24296.patch \
https://github.com/curl/curl/compare/master...jay:workaround_libtool_bug_24296.diff && \
patch -F999 -p1 < workaround_libtool_bug_24296.patch && \
\
# Use a related workaround for src/Makefile.in since we're not regenerating it
#
curl --fail -OL \
https://gist.githubusercontent.com/jay/d88d74b6807544387a6c/raw/workaround_when_buildconf_is_not_used.patch && \
patch -F999 -p1 < workaround_when_buildconf_is_not_used.patch && \
\
# REM don't use --enable-versioned-symbols, it breaks cmake's dependency.
#
LDFLAGS="-Wl,-rpath,$OPENSSL_PREFIX/lib -Wl,-rpath,$NGHTTP2_PREFIX/lib \
-Wl,-rpath,$CURL_PREFIX/lib" \
./configure --with-nghttp2=$NGHTTP2_PREFIX --with-ssl=$OPENSSL_PREFIX \
--prefix=$CURL_PREFIX && \
make && \
make test-nonflaky TFLAGS=-n && \
sudo make install && \
sudo ldconfig && \
cd .. && \
echo -e "\n\n" && \
$CURL_PREFIX/bin/curl --version && \
echo -e "\n\nSuccess: Installed curl $CURL_VER in $CURL_PREFIX\n"
#
# curl won't install if any tests fail, like flaky tests (eg 1510).
# Determine if failed tests are flaky then run from line 'sudo make install'
#
###############################################################################
--- nghttp2-1.41.0/src/shrpx_api_downstream_connection.cc 2020-06-02 08:08:45.000000000 -0400
+++ nghttp2/src/shrpx_api_downstream_connection.cc 2020-10-26 23:08:33.016344429 -0400
@@ -41,7 +41,7 @@
namespace {
// List of API endpoints
const std::array<APIEndpoint, 2> &apis() {
- static const auto apis = new std::array<APIEndpoint, 2>{
+ static const auto apis = new std::array<APIEndpoint, 2>{{
APIEndpoint{
StringRef::from_lit("/api/v1beta1/backendconfig"),
true,
@@ -54,7 +54,7 @@
(1 << API_METHOD_GET),
&APIDownstreamConnection::handle_configrevision,
},
- };
+ }};
return *apis;
}
--- curl-7.50.1/src/Makefile.in 2016-07-21 05:16:37.000000000 -0400
+++ curl/src/Makefile.in 2016-09-05 03:00:18.929760980 -0400
@@ -1920,7 +1920,7 @@
check-am: all-am
check: $(BUILT_SOURCES)
$(MAKE) $(AM_MAKEFLAGS) check-am
-@CURLDEBUG_FALSE@all-local:
+@CURLDEBUG_FALSE@@USE_CPPFLAG_CURL_STATICLIB_TRUE@all-local:
all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) all-local
installdirs:
for dir in "$(DESTDIR)$(bindir)"; do \
@@ -2084,7 +2084,14 @@
-W$(srcdir)/tool_hugehelp.c $(srcdir)/*.[ch]
# for debug builds, we scan the sources on all regular make invokes
-@CURLDEBUG_TRUE@all-local: checksrc
+@CURLDEBUG_TRUE@all-local:: checksrc
+
+# This script fixes lt-curl so that the first rpath it checks for dependencies
+# will be lib/.libs. See curl bug https://github.com/curl/curl/issues/432
+workaround_libtool_bug_24296:
+ @PERL@ "$(top_srcdir)/scripts/fix_rpath.pl" "$(abs_top_builddir)"
+
+@USE_CPPFLAG_CURL_STATICLIB_FALSE@all-local:: workaround_libtool_bug_24296
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
--- curl-7.50.1/tests/libtest/Makefile.in 2016-07-21 05:16:37.000000000 -0400
+++ curl/tests/libtest/Makefile.in 2016-09-05 17:48:58.704114175 -0400
@@ -1488,7 +1488,7 @@
# Preloading of libhostname allows host name overriding,
# this is used to make some tests machine independent.
@BUILD_LIBHOSTNAME_TRUE@noinst_LTLIBRARIES = libhostname.la
-AM_LDFLAGS =
+AM_LDFLAGS = -Wl,-rpath "-Wl,$(abs_top_builddir)/lib/.libs"
AM_CFLAGS =
libhostname_la_CPPFLAGS_EXTRA = $(am__append_4)
libhostname_la_LDFLAGS_EXTRA = -module -avoid-version -rpath /nowhere \
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment