jay/curl ubuntu (update installed release).txt

## curl ubuntu (update installed release).txt
###############################################################################
#
# This is for when we have to update the installed version of curl, nghttp2 or
# openssl in Ubuntu 16 LTS. This is not a single script.
#
# https://gist.github.com/jay/d88d74b6807544387a6c
#

###############################################################################
#
# Set environment variables to latest versions
# Paths must not have spaces (OpenSSL build process can't handle them)
#

CURL_VER=8.0.1
CURL_PREFIX=/usr/local

NGHTTP2_VER=1.52.0
NGHTTP2_PREFIX=/usr/local

OPENSSL_VER=3.1.0
OPENSSL_PREFIX=/usr/local/ssl
OPENSSLDIR_PREFIX=/usr/local/ssl

###############################################################################
#
# To install self contained for test purposes, after setting the _VER vars do:
#

mkdir -p test && cd test
CURL_PREFIX=$PWD
NGHTTP2_PREFIX=$PWD
OPENSSL_PREFIX=$PWD/ssl
OPENSSLDIR_PREFIX=$PWD/ssl

###############################################################################
#
# Download OpenSSL, verify, build, test, install. Takes 15 minutes.
#

sudo rm -rf "openssl-$OPENSSL_VER" && \
mkdir -p -m 0700 "openssl-$OPENSSL_VER/.gnupg" && \
curl --fail \
  -O https://www.openssl.org/source/openssl-$OPENSSL_VER.tar.gz \
  -O https://www.openssl.org/source/openssl-$OPENSSL_VER.tar.gz.asc && \
\
# https://www.openssl.org/community/omc.html
#
gpg \
  --no-auto-key-locate \
  --no-default-keyring \
  --homedir "$PWD/openssl-$OPENSSL_VER/.gnupg" \
  --keyring "$PWD/openssl-$OPENSSL_VER/.gnupg/openssl.gpg" \
  --keyserver hkp://keyserver.ubuntu.com \
  --keyserver-options no-auto-key-retrieve \
  --recv-keys \
    7953AC1FBC3DC8B3B292393ED5E9E43F7DF9EE8C \
    8657ABB260F056B1E5190839D9C4D26D0E604491 \
    B7C1C14360F353A36862E4D5231C84CDDCC69C45 \
    A21FAB74B0088AA361152586B8EF1A6BA9DA2D5C \
    EFC0A467D613CB83C7ED6D30D894E2CE8B3D79F5 \
  && \
gpg \
  --no-auto-key-locate \
  --no-default-keyring \
  --homedir "$PWD/openssl-$OPENSSL_VER/.gnupg" \
  --keyring "$PWD/openssl-$OPENSSL_VER/.gnupg/openssl.gpg" \
  --keyserver hkp://keyserver.ubuntu.com \
  --keyserver-options no-auto-key-retrieve \
  --verify openssl-$OPENSSL_VER.tar.gz.asc \
  && \
tar xvfz openssl-$OPENSSL_VER.tar.gz && \
cd openssl-$OPENSSL_VER && \
\
./config shared no-zlib -Wl,--enable-new-dtags,-rpath,'$(LIBRPATH)' \
  --prefix=$OPENSSL_PREFIX --openssldir=$OPENSSLDIR_PREFIX --libdir=lib && \
make && \
make test && \
sudo make install && \
cd .. && \
echo -e "\n\n" && \
$OPENSSL_PREFIX/bin/openssl version -a && \
echo -e "\n\nSuccess: Installed OpenSSL $OPENSSL_VER in $OPENSSL_PREFIX\n"

###############################################################################
#
# Download nghttp2, verify, build, test, install. Takes 1 minute.
#

sudo rm -rf "nghttp2-$NGHTTP2_VER" && \
curl --fail -L --proto-redir =https \
  -O https://github.com/tatsuhiro-t/nghttp2/releases/download/\
v$NGHTTP2_VER/nghttp2-$NGHTTP2_VER.tar.gz && \
tar xvfz nghttp2-$NGHTTP2_VER.tar.gz && \
cd nghttp2-$NGHTTP2_VER && \
\
# Workaround older g++, see https://github.com/nghttp2/nghttp2/issues/1305
#
curl --fail -OL \
  https://gist.githubusercontent.com/jay/d88d74b6807544387a6c/raw/workaround_g++_5.patch && \
patch -F999 -p1 < workaround_g++_5.patch && \
\
OPENSSL_CFLAGS=`PKG_CONFIG_PATH=$OPENSSL_PREFIX/lib/pkgconfig/ \
  pkg-config openssl --cflags` \
OPENSSL_LIBS=`PKG_CONFIG_PATH=$OPENSSL_PREFIX/lib/pkgconfig/ \
  pkg-config openssl --libs` \
LDFLAGS="-Wl,-rpath,$OPENSSL_PREFIX/lib -Wl,-rpath,$NGHTTP2_PREFIX/lib" \
./configure --enable-lib-only \
  --prefix=$NGHTTP2_PREFIX && \
make && \
make check && \
sudo make install && \
cd .. && \
echo -e "\n\nSuccess: Installed Nghttp2 $NGHTTP2_VER in $NGHTTP2_PREFIX\n"

#
# nghttp2 examples are disabled because we're not using the system OpenSSL.
# https://github.com/tatsuhiro-t/nghttp2/issues/336
#

###############################################################################
#
# Download curl, verify, build, test, install. Takes 15 minutes.
#

sudo rm -rf "curl-$CURL_VER" && \
mkdir -p -m 0700 "curl-$CURL_VER/.gnupg" && \
curl --fail \
  -O https://curl.se/download/curl-$CURL_VER.tar.gz \
  -O https://curl.se/download/curl-$CURL_VER.tar.gz.asc && \
# https://daniel.haxx.se/address.html
# https://github.com/curl/curl/issues/735
#
gpg \
  --no-auto-key-locate \
  --no-default-keyring \
  --homedir "$PWD/curl-$CURL_VER/.gnupg" \
  --keyring "$PWD/curl-$CURL_VER/.gnupg/curl.gpg" \
  --keyserver hkp://keyserver.ubuntu.com \
  --keyserver-options no-auto-key-retrieve \
  --recv-keys \
    27EDEAF22F3ABCEB50DB9A125CC908FDB71E12C2 \
  && \
gpg \
  --no-auto-key-locate \
  --no-default-keyring \
  --homedir "$PWD/curl-$CURL_VER/.gnupg" \
  --keyring "$PWD/curl-$CURL_VER/.gnupg/curl.gpg" \
  --keyserver hkp://keyserver.ubuntu.com \
  --keyserver-options no-auto-key-retrieve \
  --verify curl-$CURL_VER.tar.gz.asc \
  && \
tar xvfz curl-$CURL_VER.tar.gz && \
cd curl-$CURL_VER && \
\
# Workaround libtool bug 24296, see https://github.com/curl/curl/issues/432
#
curl --fail -L --output workaround_libtool_bug_24296.patch \
  https://github.com/curl/curl/compare/master...jay:workaround_libtool_bug_24296.diff && \
patch -F999 -p1 < workaround_libtool_bug_24296.patch && \
\
# Use a related workaround for src/Makefile.in since we're not regenerating it
#
curl --fail -OL \
  https://gist.githubusercontent.com/jay/d88d74b6807544387a6c/raw/workaround_when_buildconf_is_not_used.patch && \
patch -F999 -p1 < workaround_when_buildconf_is_not_used.patch && \
\
# REM don't use --enable-versioned-symbols, it breaks cmake's dependency.
#
LDFLAGS="-Wl,-rpath,$OPENSSL_PREFIX/lib -Wl,-rpath,$NGHTTP2_PREFIX/lib \
  -Wl,-rpath,$CURL_PREFIX/lib" \
./configure --with-nghttp2=$NGHTTP2_PREFIX --with-ssl=$OPENSSL_PREFIX \
  --prefix=$CURL_PREFIX && \
make && \
make test-nonflaky TFLAGS=-n && \
sudo make install && \
sudo ldconfig && \
cd .. && \
echo -e "\n\n" && \
$CURL_PREFIX/bin/curl --version && \
echo -e "\n\nSuccess: Installed curl $CURL_VER in $CURL_PREFIX\n"

#
# curl won't install if any tests fail, like flaky tests (eg 1510).
# Determine if failed tests are flaky then run from line 'sudo make install'
#

###############################################################################

## workaround_g++_5.patch
--- nghttp2-1.41.0/src/shrpx_api_downstream_connection.cc	2020-06-02 08:08:45.000000000 -0400
+++ nghttp2/src/shrpx_api_downstream_connection.cc	2020-10-26 23:08:33.016344429 -0400
@@ -41,7 +41,7 @@
 namespace {
 // List of API endpoints
 const std::array<APIEndpoint, 2> &apis() {
-  static const auto apis = new std::array<APIEndpoint, 2>{
+  static const auto apis = new std::array<APIEndpoint, 2>{{
       APIEndpoint{
           StringRef::from_lit("/api/v1beta1/backendconfig"),
           true,
@@ -54,7 +54,7 @@
           (1 << API_METHOD_GET),
           &APIDownstreamConnection::handle_configrevision,
       },
-  };
+  }};

   return *apis;
 }

## workaround_when_buildconf_is_not_used.patch
--- curl-7.50.1/src/Makefile.in	2016-07-21 05:16:37.000000000 -0400
+++ curl/src/Makefile.in	2016-09-05 03:00:18.929760980 -0400
@@ -1920,7 +1920,7 @@
 check-am: all-am
 check: $(BUILT_SOURCES)
 	$(MAKE) $(AM_MAKEFLAGS) check-am
-@CURLDEBUG_FALSE@all-local:
+@CURLDEBUG_FALSE@@USE_CPPFLAG_CURL_STATICLIB_TRUE@all-local:
 all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) all-local
 installdirs:
 	for dir in "$(DESTDIR)$(bindir)"; do \
@@ -2084,7 +2084,14 @@
 	-W$(srcdir)/tool_hugehelp.c $(srcdir)/*.[ch]

 # for debug builds, we scan the sources on all regular make invokes
-@CURLDEBUG_TRUE@all-local: checksrc
+@CURLDEBUG_TRUE@all-local:: checksrc
+
+# This script fixes lt-curl so that the first rpath it checks for dependencies
+# will be lib/.libs. See curl bug https://github.com/curl/curl/issues/432
+workaround_libtool_bug_24296:
+	@PERL@ "$(top_srcdir)/scripts/fix_rpath.pl" "$(abs_top_builddir)"
+
+@USE_CPPFLAG_CURL_STATICLIB_FALSE@all-local:: workaround_libtool_bug_24296

 # Tell versions [3.59,3.63) of GNU make to not export all variables.
 # Otherwise a system limit (for SysV at least) may be exceeded.
--- curl-7.50.1/tests/libtest/Makefile.in	2016-07-21 05:16:37.000000000 -0400
+++ curl/tests/libtest/Makefile.in	2016-09-05 17:48:58.704114175 -0400
@@ -1488,7 +1488,7 @@
 # Preloading of libhostname allows host name overriding,
 # this is used to make some tests machine independent.
 @BUILD_LIBHOSTNAME_TRUE@noinst_LTLIBRARIES = libhostname.la
-AM_LDFLAGS =
+AM_LDFLAGS = -Wl,-rpath "-Wl,$(abs_top_builddir)/lib/.libs"
 AM_CFLAGS =
 libhostname_la_CPPFLAGS_EXTRA = $(am__append_4)
 libhostname_la_LDFLAGS_EXTRA = -module -avoid-version -rpath /nowhere \
	###############################################################################
	#
	# This is for when we have to update the installed version of curl, nghttp2 or
	# openssl in Ubuntu 16 LTS. This is not a single script.
	#
	# https://gist.github.com/jay/d88d74b6807544387a6c
	#

	###############################################################################
	#
	# Set environment variables to latest versions
	# Paths must not have spaces (OpenSSL build process can't handle them)
	#

	CURL_VER=8.0.1
	CURL_PREFIX=/usr/local

	NGHTTP2_VER=1.52.0
	NGHTTP2_PREFIX=/usr/local

	OPENSSL_VER=3.1.0
	OPENSSL_PREFIX=/usr/local/ssl
	OPENSSLDIR_PREFIX=/usr/local/ssl

	###############################################################################
	#
	# To install self contained for test purposes, after setting the _VER vars do:
	#

	mkdir -p test && cd test
	CURL_PREFIX=$PWD
	NGHTTP2_PREFIX=$PWD
	OPENSSL_PREFIX=$PWD/ssl
	OPENSSLDIR_PREFIX=$PWD/ssl

	###############################################################################
	#
	# Download OpenSSL, verify, build, test, install. Takes 15 minutes.
	#

	sudo rm -rf "openssl-$OPENSSL_VER" && \
	mkdir -p -m 0700 "openssl-$OPENSSL_VER/.gnupg" && \
	curl --fail \
	-O https://www.openssl.org/source/openssl-$OPENSSL_VER.tar.gz \
	-O https://www.openssl.org/source/openssl-$OPENSSL_VER.tar.gz.asc && \
	\
	# https://www.openssl.org/community/omc.html
	#
	gpg \
	--no-auto-key-locate \
	--no-default-keyring \
	--homedir "$PWD/openssl-$OPENSSL_VER/.gnupg" \
	--keyring "$PWD/openssl-$OPENSSL_VER/.gnupg/openssl.gpg" \
	--keyserver hkp://keyserver.ubuntu.com \
	--keyserver-options no-auto-key-retrieve \
	--recv-keys \
	7953AC1FBC3DC8B3B292393ED5E9E43F7DF9EE8C \
	8657ABB260F056B1E5190839D9C4D26D0E604491 \
	B7C1C14360F353A36862E4D5231C84CDDCC69C45 \
	A21FAB74B0088AA361152586B8EF1A6BA9DA2D5C \
	EFC0A467D613CB83C7ED6D30D894E2CE8B3D79F5 \
	&& \
	gpg \
	--no-auto-key-locate \
	--no-default-keyring \
	--homedir "$PWD/openssl-$OPENSSL_VER/.gnupg" \
	--keyring "$PWD/openssl-$OPENSSL_VER/.gnupg/openssl.gpg" \
	--keyserver hkp://keyserver.ubuntu.com \
	--keyserver-options no-auto-key-retrieve \
	--verify openssl-$OPENSSL_VER.tar.gz.asc \
	&& \
	tar xvfz openssl-$OPENSSL_VER.tar.gz && \
	cd openssl-$OPENSSL_VER && \
	\
	./config shared no-zlib -Wl,--enable-new-dtags,-rpath,'$(LIBRPATH)' \
	--prefix=$OPENSSL_PREFIX --openssldir=$OPENSSLDIR_PREFIX --libdir=lib && \
	make && \
	make test && \
	sudo make install && \
	cd .. && \
	echo -e "\n\n" && \
	$OPENSSL_PREFIX/bin/openssl version -a && \
	echo -e "\n\nSuccess: Installed OpenSSL $OPENSSL_VER in $OPENSSL_PREFIX\n"

	###############################################################################
	#
	# Download nghttp2, verify, build, test, install. Takes 1 minute.
	#

	sudo rm -rf "nghttp2-$NGHTTP2_VER" && \
	curl --fail -L --proto-redir =https \
	-O https://github.com/tatsuhiro-t/nghttp2/releases/download/\
	v$NGHTTP2_VER/nghttp2-$NGHTTP2_VER.tar.gz && \
	tar xvfz nghttp2-$NGHTTP2_VER.tar.gz && \
	cd nghttp2-$NGHTTP2_VER && \
	\
	# Workaround older g++, see https://github.com/nghttp2/nghttp2/issues/1305
	#
	curl --fail -OL \
	https://gist.githubusercontent.com/jay/d88d74b6807544387a6c/raw/workaround_g++_5.patch && \
	patch -F999 -p1 < workaround_g++_5.patch && \
	\
	OPENSSL_CFLAGS=`PKG_CONFIG_PATH=$OPENSSL_PREFIX/lib/pkgconfig/ \
	pkg-config openssl --cflags` \
	OPENSSL_LIBS=`PKG_CONFIG_PATH=$OPENSSL_PREFIX/lib/pkgconfig/ \
	pkg-config openssl --libs` \
	LDFLAGS="-Wl,-rpath,$OPENSSL_PREFIX/lib -Wl,-rpath,$NGHTTP2_PREFIX/lib" \
	./configure --enable-lib-only \
	--prefix=$NGHTTP2_PREFIX && \
	make && \
	make check && \
	sudo make install && \
	cd .. && \
	echo -e "\n\nSuccess: Installed Nghttp2 $NGHTTP2_VER in $NGHTTP2_PREFIX\n"

	#
	# nghttp2 examples are disabled because we're not using the system OpenSSL.
	# https://github.com/tatsuhiro-t/nghttp2/issues/336
	#

	###############################################################################
	#
	# Download curl, verify, build, test, install. Takes 15 minutes.
	#

	sudo rm -rf "curl-$CURL_VER" && \
	mkdir -p -m 0700 "curl-$CURL_VER/.gnupg" && \
	curl --fail \
	-O https://curl.se/download/curl-$CURL_VER.tar.gz \
	-O https://curl.se/download/curl-$CURL_VER.tar.gz.asc && \
	# https://daniel.haxx.se/address.html
	# https://github.com/curl/curl/issues/735
	#
	gpg \
	--no-auto-key-locate \
	--no-default-keyring \
	--homedir "$PWD/curl-$CURL_VER/.gnupg" \
	--keyring "$PWD/curl-$CURL_VER/.gnupg/curl.gpg" \
	--keyserver hkp://keyserver.ubuntu.com \
	--keyserver-options no-auto-key-retrieve \
	--recv-keys \
	27EDEAF22F3ABCEB50DB9A125CC908FDB71E12C2 \
	&& \
	gpg \
	--no-auto-key-locate \
	--no-default-keyring \
	--homedir "$PWD/curl-$CURL_VER/.gnupg" \
	--keyring "$PWD/curl-$CURL_VER/.gnupg/curl.gpg" \
	--keyserver hkp://keyserver.ubuntu.com \
	--keyserver-options no-auto-key-retrieve \
	--verify curl-$CURL_VER.tar.gz.asc \
	&& \
	tar xvfz curl-$CURL_VER.tar.gz && \
	cd curl-$CURL_VER && \
	\
	# Workaround libtool bug 24296, see https://github.com/curl/curl/issues/432
	#
	curl --fail -L --output workaround_libtool_bug_24296.patch \
	https://github.com/curl/curl/compare/master...jay:workaround_libtool_bug_24296.diff && \
	patch -F999 -p1 < workaround_libtool_bug_24296.patch && \
	\
	# Use a related workaround for src/Makefile.in since we're not regenerating it
	#
	curl --fail -OL \
	https://gist.githubusercontent.com/jay/d88d74b6807544387a6c/raw/workaround_when_buildconf_is_not_used.patch && \
	patch -F999 -p1 < workaround_when_buildconf_is_not_used.patch && \
	\
	# REM don't use --enable-versioned-symbols, it breaks cmake's dependency.
	#
	LDFLAGS="-Wl,-rpath,$OPENSSL_PREFIX/lib -Wl,-rpath,$NGHTTP2_PREFIX/lib \
	-Wl,-rpath,$CURL_PREFIX/lib" \
	./configure --with-nghttp2=$NGHTTP2_PREFIX --with-ssl=$OPENSSL_PREFIX \
	--prefix=$CURL_PREFIX && \
	make && \
	make test-nonflaky TFLAGS=-n && \
	sudo make install && \
	sudo ldconfig && \
	cd .. && \
	echo -e "\n\n" && \
	$CURL_PREFIX/bin/curl --version && \
	echo -e "\n\nSuccess: Installed curl $CURL_VER in $CURL_PREFIX\n"

	#
	# curl won't install if any tests fail, like flaky tests (eg 1510).
	# Determine if failed tests are flaky then run from line 'sudo make install'
	#

	###############################################################################
	--- nghttp2-1.41.0/src/shrpx_api_downstream_connection.cc 2020-06-02 08:08:45.000000000 -0400
	+++ nghttp2/src/shrpx_api_downstream_connection.cc 2020-10-26 23:08:33.016344429 -0400
	@@ -41,7 +41,7 @@
	namespace {
	// List of API endpoints
	const std::array<APIEndpoint, 2> &apis() {
	- static const auto apis = new std::array<APIEndpoint, 2>{
	+ static const auto apis = new std::array<APIEndpoint, 2>{{
	APIEndpoint{
	StringRef::from_lit("/api/v1beta1/backendconfig"),
	true,
	@@ -54,7 +54,7 @@
	(1 << API_METHOD_GET),
	&APIDownstreamConnection::handle_configrevision,
	},
	- };
	+ }};

	return *apis;
	}
	--- curl-7.50.1/src/Makefile.in 2016-07-21 05:16:37.000000000 -0400
	+++ curl/src/Makefile.in 2016-09-05 03:00:18.929760980 -0400
	@@ -1920,7 +1920,7 @@
	check-am: all-am
	check: $(BUILT_SOURCES)
	$(MAKE) $(AM_MAKEFLAGS) check-am
	-@CURLDEBUG_FALSE@all-local:
	+@CURLDEBUG_FALSE@@USE_CPPFLAG_CURL_STATICLIB_TRUE@all-local:
	all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) all-local
	installdirs:
	for dir in "$(DESTDIR)$(bindir)"; do \
	@@ -2084,7 +2084,14 @@
	-W$(srcdir)/tool_hugehelp.c $(srcdir)/*.[ch]

	# for debug builds, we scan the sources on all regular make invokes
	-@CURLDEBUG_TRUE@all-local: checksrc
	+@CURLDEBUG_TRUE@all-local:: checksrc
	+
	+# This script fixes lt-curl so that the first rpath it checks for dependencies
	+# will be lib/.libs. See curl bug https://github.com/curl/curl/issues/432
	+workaround_libtool_bug_24296:
	+ @PERL@ "$(top_srcdir)/scripts/fix_rpath.pl" "$(abs_top_builddir)"
	+
	+@USE_CPPFLAG_CURL_STATICLIB_FALSE@all-local:: workaround_libtool_bug_24296

	# Tell versions [3.59,3.63) of GNU make to not export all variables.
	# Otherwise a system limit (for SysV at least) may be exceeded.
	--- curl-7.50.1/tests/libtest/Makefile.in 2016-07-21 05:16:37.000000000 -0400
	+++ curl/tests/libtest/Makefile.in 2016-09-05 17:48:58.704114175 -0400
	@@ -1488,7 +1488,7 @@
	# Preloading of libhostname allows host name overriding,
	# this is used to make some tests machine independent.
	@BUILD_LIBHOSTNAME_TRUE@noinst_LTLIBRARIES = libhostname.la
	-AM_LDFLAGS =
	+AM_LDFLAGS = -Wl,-rpath "-Wl,$(abs_top_builddir)/lib/.libs"
	AM_CFLAGS =
	libhostname_la_CPPFLAGS_EXTRA = $(am__append_4)
	libhostname_la_LDFLAGS_EXTRA = -module -avoid-version -rpath /nowhere \