Last active
October 23, 2023 18:14
-
-
Save jay/d88d74b6807544387a6c to your computer and use it in GitHub Desktop.
Notes for building and installing curl and OpenSSL in Ubuntu 16 x64 LTS
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
############################################################################### | |
# | |
# This is for when we have to update the installed version of curl, nghttp2 or | |
# openssl in Ubuntu 16 LTS. This is not a single script. | |
# | |
# https://gist.github.com/jay/d88d74b6807544387a6c | |
# | |
############################################################################### | |
# | |
# Set environment variables to latest versions | |
# Paths must not have spaces (OpenSSL build process can't handle them) | |
# | |
CURL_VER=8.0.1 | |
CURL_PREFIX=/usr/local | |
NGHTTP2_VER=1.52.0 | |
NGHTTP2_PREFIX=/usr/local | |
OPENSSL_VER=3.1.0 | |
OPENSSL_PREFIX=/usr/local/ssl | |
OPENSSLDIR_PREFIX=/usr/local/ssl | |
############################################################################### | |
# | |
# To install self contained for test purposes, after setting the _VER vars do: | |
# | |
mkdir -p test && cd test | |
CURL_PREFIX=$PWD | |
NGHTTP2_PREFIX=$PWD | |
OPENSSL_PREFIX=$PWD/ssl | |
OPENSSLDIR_PREFIX=$PWD/ssl | |
############################################################################### | |
# | |
# Download OpenSSL, verify, build, test, install. Takes 15 minutes. | |
# | |
sudo rm -rf "openssl-$OPENSSL_VER" && \ | |
mkdir -p -m 0700 "openssl-$OPENSSL_VER/.gnupg" && \ | |
curl --fail \ | |
-O https://www.openssl.org/source/openssl-$OPENSSL_VER.tar.gz \ | |
-O https://www.openssl.org/source/openssl-$OPENSSL_VER.tar.gz.asc && \ | |
\ | |
# https://www.openssl.org/community/omc.html | |
# | |
gpg \ | |
--no-auto-key-locate \ | |
--no-default-keyring \ | |
--homedir "$PWD/openssl-$OPENSSL_VER/.gnupg" \ | |
--keyring "$PWD/openssl-$OPENSSL_VER/.gnupg/openssl.gpg" \ | |
--keyserver hkp://keyserver.ubuntu.com \ | |
--keyserver-options no-auto-key-retrieve \ | |
--recv-keys \ | |
7953AC1FBC3DC8B3B292393ED5E9E43F7DF9EE8C \ | |
8657ABB260F056B1E5190839D9C4D26D0E604491 \ | |
B7C1C14360F353A36862E4D5231C84CDDCC69C45 \ | |
A21FAB74B0088AA361152586B8EF1A6BA9DA2D5C \ | |
EFC0A467D613CB83C7ED6D30D894E2CE8B3D79F5 \ | |
&& \ | |
gpg \ | |
--no-auto-key-locate \ | |
--no-default-keyring \ | |
--homedir "$PWD/openssl-$OPENSSL_VER/.gnupg" \ | |
--keyring "$PWD/openssl-$OPENSSL_VER/.gnupg/openssl.gpg" \ | |
--keyserver hkp://keyserver.ubuntu.com \ | |
--keyserver-options no-auto-key-retrieve \ | |
--verify openssl-$OPENSSL_VER.tar.gz.asc \ | |
&& \ | |
tar xvfz openssl-$OPENSSL_VER.tar.gz && \ | |
cd openssl-$OPENSSL_VER && \ | |
\ | |
./config shared no-zlib -Wl,--enable-new-dtags,-rpath,'$(LIBRPATH)' \ | |
--prefix=$OPENSSL_PREFIX --openssldir=$OPENSSLDIR_PREFIX --libdir=lib && \ | |
make && \ | |
make test && \ | |
sudo make install && \ | |
cd .. && \ | |
echo -e "\n\n" && \ | |
$OPENSSL_PREFIX/bin/openssl version -a && \ | |
echo -e "\n\nSuccess: Installed OpenSSL $OPENSSL_VER in $OPENSSL_PREFIX\n" | |
############################################################################### | |
# | |
# Download nghttp2, verify, build, test, install. Takes 1 minute. | |
# | |
sudo rm -rf "nghttp2-$NGHTTP2_VER" && \ | |
curl --fail -L --proto-redir =https \ | |
-O https://github.com/tatsuhiro-t/nghttp2/releases/download/\ | |
v$NGHTTP2_VER/nghttp2-$NGHTTP2_VER.tar.gz && \ | |
tar xvfz nghttp2-$NGHTTP2_VER.tar.gz && \ | |
cd nghttp2-$NGHTTP2_VER && \ | |
\ | |
# Workaround older g++, see https://github.com/nghttp2/nghttp2/issues/1305 | |
# | |
curl --fail -OL \ | |
https://gist.githubusercontent.com/jay/d88d74b6807544387a6c/raw/workaround_g++_5.patch && \ | |
patch -F999 -p1 < workaround_g++_5.patch && \ | |
\ | |
OPENSSL_CFLAGS=`PKG_CONFIG_PATH=$OPENSSL_PREFIX/lib/pkgconfig/ \ | |
pkg-config openssl --cflags` \ | |
OPENSSL_LIBS=`PKG_CONFIG_PATH=$OPENSSL_PREFIX/lib/pkgconfig/ \ | |
pkg-config openssl --libs` \ | |
LDFLAGS="-Wl,-rpath,$OPENSSL_PREFIX/lib -Wl,-rpath,$NGHTTP2_PREFIX/lib" \ | |
./configure --enable-lib-only \ | |
--prefix=$NGHTTP2_PREFIX && \ | |
make && \ | |
make check && \ | |
sudo make install && \ | |
cd .. && \ | |
echo -e "\n\nSuccess: Installed Nghttp2 $NGHTTP2_VER in $NGHTTP2_PREFIX\n" | |
# | |
# nghttp2 examples are disabled because we're not using the system OpenSSL. | |
# https://github.com/tatsuhiro-t/nghttp2/issues/336 | |
# | |
############################################################################### | |
# | |
# Download curl, verify, build, test, install. Takes 15 minutes. | |
# | |
sudo rm -rf "curl-$CURL_VER" && \ | |
mkdir -p -m 0700 "curl-$CURL_VER/.gnupg" && \ | |
curl --fail \ | |
-O https://curl.se/download/curl-$CURL_VER.tar.gz \ | |
-O https://curl.se/download/curl-$CURL_VER.tar.gz.asc && \ | |
# https://daniel.haxx.se/address.html | |
# https://github.com/curl/curl/issues/735 | |
# | |
gpg \ | |
--no-auto-key-locate \ | |
--no-default-keyring \ | |
--homedir "$PWD/curl-$CURL_VER/.gnupg" \ | |
--keyring "$PWD/curl-$CURL_VER/.gnupg/curl.gpg" \ | |
--keyserver hkp://keyserver.ubuntu.com \ | |
--keyserver-options no-auto-key-retrieve \ | |
--recv-keys \ | |
27EDEAF22F3ABCEB50DB9A125CC908FDB71E12C2 \ | |
&& \ | |
gpg \ | |
--no-auto-key-locate \ | |
--no-default-keyring \ | |
--homedir "$PWD/curl-$CURL_VER/.gnupg" \ | |
--keyring "$PWD/curl-$CURL_VER/.gnupg/curl.gpg" \ | |
--keyserver hkp://keyserver.ubuntu.com \ | |
--keyserver-options no-auto-key-retrieve \ | |
--verify curl-$CURL_VER.tar.gz.asc \ | |
&& \ | |
tar xvfz curl-$CURL_VER.tar.gz && \ | |
cd curl-$CURL_VER && \ | |
\ | |
# Workaround libtool bug 24296, see https://github.com/curl/curl/issues/432 | |
# | |
curl --fail -L --output workaround_libtool_bug_24296.patch \ | |
https://github.com/curl/curl/compare/master...jay:workaround_libtool_bug_24296.diff && \ | |
patch -F999 -p1 < workaround_libtool_bug_24296.patch && \ | |
\ | |
# Use a related workaround for src/Makefile.in since we're not regenerating it | |
# | |
curl --fail -OL \ | |
https://gist.githubusercontent.com/jay/d88d74b6807544387a6c/raw/workaround_when_buildconf_is_not_used.patch && \ | |
patch -F999 -p1 < workaround_when_buildconf_is_not_used.patch && \ | |
\ | |
# REM don't use --enable-versioned-symbols, it breaks cmake's dependency. | |
# | |
LDFLAGS="-Wl,-rpath,$OPENSSL_PREFIX/lib -Wl,-rpath,$NGHTTP2_PREFIX/lib \ | |
-Wl,-rpath,$CURL_PREFIX/lib" \ | |
./configure --with-nghttp2=$NGHTTP2_PREFIX --with-ssl=$OPENSSL_PREFIX \ | |
--prefix=$CURL_PREFIX && \ | |
make && \ | |
make test-nonflaky TFLAGS=-n && \ | |
sudo make install && \ | |
sudo ldconfig && \ | |
cd .. && \ | |
echo -e "\n\n" && \ | |
$CURL_PREFIX/bin/curl --version && \ | |
echo -e "\n\nSuccess: Installed curl $CURL_VER in $CURL_PREFIX\n" | |
# | |
# curl won't install if any tests fail, like flaky tests (eg 1510). | |
# Determine if failed tests are flaky then run from line 'sudo make install' | |
# | |
############################################################################### |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- nghttp2-1.41.0/src/shrpx_api_downstream_connection.cc 2020-06-02 08:08:45.000000000 -0400 | |
+++ nghttp2/src/shrpx_api_downstream_connection.cc 2020-10-26 23:08:33.016344429 -0400 | |
@@ -41,7 +41,7 @@ | |
namespace { | |
// List of API endpoints | |
const std::array<APIEndpoint, 2> &apis() { | |
- static const auto apis = new std::array<APIEndpoint, 2>{ | |
+ static const auto apis = new std::array<APIEndpoint, 2>{{ | |
APIEndpoint{ | |
StringRef::from_lit("/api/v1beta1/backendconfig"), | |
true, | |
@@ -54,7 +54,7 @@ | |
(1 << API_METHOD_GET), | |
&APIDownstreamConnection::handle_configrevision, | |
}, | |
- }; | |
+ }}; | |
return *apis; | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- curl-7.50.1/src/Makefile.in 2016-07-21 05:16:37.000000000 -0400 | |
+++ curl/src/Makefile.in 2016-09-05 03:00:18.929760980 -0400 | |
@@ -1920,7 +1920,7 @@ | |
check-am: all-am | |
check: $(BUILT_SOURCES) | |
$(MAKE) $(AM_MAKEFLAGS) check-am | |
-@CURLDEBUG_FALSE@all-local: | |
+@CURLDEBUG_FALSE@@USE_CPPFLAG_CURL_STATICLIB_TRUE@all-local: | |
all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) all-local | |
installdirs: | |
for dir in "$(DESTDIR)$(bindir)"; do \ | |
@@ -2084,7 +2084,14 @@ | |
-W$(srcdir)/tool_hugehelp.c $(srcdir)/*.[ch] | |
# for debug builds, we scan the sources on all regular make invokes | |
-@CURLDEBUG_TRUE@all-local: checksrc | |
+@CURLDEBUG_TRUE@all-local:: checksrc | |
+ | |
+# This script fixes lt-curl so that the first rpath it checks for dependencies | |
+# will be lib/.libs. See curl bug https://github.com/curl/curl/issues/432 | |
+workaround_libtool_bug_24296: | |
+ @PERL@ "$(top_srcdir)/scripts/fix_rpath.pl" "$(abs_top_builddir)" | |
+ | |
+@USE_CPPFLAG_CURL_STATICLIB_FALSE@all-local:: workaround_libtool_bug_24296 | |
# Tell versions [3.59,3.63) of GNU make to not export all variables. | |
# Otherwise a system limit (for SysV at least) may be exceeded. | |
--- curl-7.50.1/tests/libtest/Makefile.in 2016-07-21 05:16:37.000000000 -0400 | |
+++ curl/tests/libtest/Makefile.in 2016-09-05 17:48:58.704114175 -0400 | |
@@ -1488,7 +1488,7 @@ | |
# Preloading of libhostname allows host name overriding, | |
# this is used to make some tests machine independent. | |
@BUILD_LIBHOSTNAME_TRUE@noinst_LTLIBRARIES = libhostname.la | |
-AM_LDFLAGS = | |
+AM_LDFLAGS = -Wl,-rpath "-Wl,$(abs_top_builddir)/lib/.libs" | |
AM_CFLAGS = | |
libhostname_la_CPPFLAGS_EXTRA = $(am__append_4) | |
libhostname_la_LDFLAGS_EXTRA = -module -avoid-version -rpath /nowhere \ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment