Builds ChaCha20 version of openssl on Mac OS X static without dylib for use with testssl.sh
#!/bin/sh | |
## -no-shared builds a static binary without the need of dylib files | |
# requires: Perl; reasonably new version of Xcode and https://github.com/PeterMosmans/openssl | |
pushd /tmp | |
git clone https://github.com/drwetter/openssl-pm-snapshot.git openssl | |
#git clone https://github.com/drwetter/openssl.git openssl | |
#git clone https://jpluimers@github.com/jpluimers/openssl.git openssl | |
#git clone https://github.com/PeterMosmans/openssl openssl | |
cd openssl | |
# bash debugging, see: http://stackoverflow.com/questions/2853803/in-a-shell-script-echo-shell-commands-as-they-are-executed/2853811#2853811 | |
set -vx | |
outDirectory="../out" | |
binariesDirectory="$outDirectory/binaries.testssl.macOS" | |
reportsDirectory="$outDirectory/reports.testssl.macOS" | |
statisticsDirectory="$outDirectory/statistics.testssl.macOS" | |
# http://stackoverflow.com/questions/3963716/how-to-manually-expand-a-special-variable-ex-tilde-in-bash | |
binary_directory="${HOME}/Versioned/testssl.sh/bin/" | |
cipher_types=("DEFAULT" "ALL:COMPLEMENTOFALL") | |
# In $arguments, note -static is not supported on OS X as both cc and gcc direct to clang. | |
# You get the below error. See: http://stackoverflow.com/questions/5259249/creating-static-mac-os-x-c-build | |
# ld: library not found for -lcrt0.o | |
#cc_arguments_common="no-shared enable-static-engine no-zlib-dynamic enable-zlib enable-ssl2 enable-ssl3 enable-ssl-trace enable-rc2 enable-rc5 enable-gost enable-cms enable-md2 enable-mdc2 enable-ec enable-ec2m enable-ecdh enable-ecdsa enable-seed enable-camellia enable-idea enable-rfc3779 experimental-jpake -DOPENSSL_USE_BUILD_DATE -DTEMP_GOST_TLS" | |
#cc_arguments_common="no-shared enable-static-engine no-zlib-dynamic enable-zlib enable-ssl2 enable-ssl3 enable-ssl-trace enable-rc2 enable-rc5 enable-gost enable-cms enable-md2 enable-mdc2 enable-ec enable-ec2m enable-ecdh enable-ecdsa enable-seed enable-camellia enable-idea enable-rfc3779 experimental-jpake -DOPENSSL_USE_BUILD_DATE" | |
# for "zlib no-zlib-dynamic", you need the zlib-devel package on your Mac, see https://github.com/drwetter/testssl.sh/issues/164#issuecomment-132144489 | |
# installing zlib-devel with `xcode-select --install`; see http://stackoverflow.com/questions/23749530/brew-install-zlib-devel-on-mac-os-x-mavericks/26912010#26912010 | |
#cc_arguments_common="no-shared enable-static-engine zlib no-zlib-dynamic enable-zlib enable-ssl2 enable-ssl3 enable-ssl-trace enable-rc2 enable-rc5 enable-gost enable-cms enable-md2 enable-mdc2 enable-ec enable-ec2m enable-ecdh enable-ecdsa enable-seed enable-camellia enable-idea enable-rfc3779 experimental-jpake -DOPENSSL_USE_BUILD_DATE" | |
cc_arguments_common="no-shared enable-static-engine zlib no-zlib-dynamic -DOPENSSL_USE_IPV6 \ | |
-DOPENSSL_USE_BUILD_DATE enable-zlib \ | |
enable-ssl2 enable-ssl3 enable-ssl-trace enable-rc5 enable-rc2 \ | |
enable-gost enable-cms enable-md2 enable-mdc2 enable-ec enable-ec2m enable-ecdh enable-ecdsa \ | |
enable-seed enable-camellia enable-idea enable-rfc3779 experimental-jpake" # -DTEMP_GOST_TLS" | |
# notes: | |
# - removed because of cipher order: -DTEMP_GOST_TLS | |
cc_arguments_x86="$cc_arguments_common " | |
cc_arguments_x64="$cc_arguments_common enable-ec_nistp_64_gcc_128 " | |
# architecture names are the ones used in openssl/config: | |
architecture_darwin_x64="darwin64-x86_64-cc" | |
architecture_darwin_x86="darwin-i386-cc" | |
architectures=("$architecture_darwin_x64" "$architecture_darwin_x86") | |
## Declare associative array: http://wiki.bash-hackers.org/commands/builtin/declare | |
## declare -A cc_arguments_by_architecture=(["$architecture_darwin_x64"]="$cc_arguments_x64" ["$architecture_darwin_x86"]="$cc_arguments_x86") | |
## But OS/X does not have bash version 4: http://stackoverflow.com/questions/6047648/bash-4-associative-arrays-error-declare-a-invalid-option | |
## So work around it using functions | |
## http://stackoverflow.com/questions/14482943/can-a-string-be-returned-from-a-bash-function-without-using-echo-or-global-varia | |
cc_arguments_by_architecture() { | |
case "$1" in | |
"$architecture_darwin_x64") echo "$cc_arguments_x64";; | |
"$architecture_darwin_x86") echo "$cc_arguments_x86";; | |
esac | |
} | |
build1architecture() { | |
target=$1 | |
# all but first: http://stackoverflow.com/questions/9057387/process-all-arguments-except-the-first-one/9057392#9057392 | |
arguments="${*:2}" | |
echo "Building for '$target' with arguments '$arguments'" | tee $outDirectory/$target.target.arguments.txt | |
make dclean > $outDirectory/$target.make.dclean.txt | |
make clean > $outDirectory/$target.make.clean.txt | |
2>&1 > $outDirectory/$target.Configure.txt ./Configure $target $arguments | |
> $outDirectory/$target.make.depend.txt make depend 2>&1 | |
> $outDirectory/$target.make.txt make 2>&1 | |
> $reportsDirectory/$target.make.test.txt make test 2>&1 | |
> $reportsDirectory/$target.make.report.txt make report 2>&1 | |
# `maketest.log` is created by `make report` | |
> $reportsDirectory/$target.make.test.maketest.log.txt cat maketest.log 2>&1 | |
mv apps/openssl $binariesDirectory/openssl.$target | |
mv testlog $statisticsDirectory/openssl.$target.testlog.txt | |
> $statisticsDirectory/openssl.$target.version.txt $binariesDirectory/openssl.$target version -a 2>&1 | |
> $statisticsDirectory/openssl.$target.ciphercount.txt echo "Cipher counts for $target" | |
for cipher_type in "${cipher_types[@]}" | |
do | |
get_ciphers="$binariesDirectory/openssl.$target ciphers -V $cipher_type" | |
echo $get_ciphers | |
>> $statisticsDirectory/openssl.$target.ciphercount.txt echo "Count for cypher type $cipher_type:" | |
$get_ciphers 2>&1 | grep 0x | wc -l >> $statisticsDirectory/openssl.$target.ciphercount.txt | |
> "$statisticsDirectory/openssl.$target.ciphers.$cipher_type.txt" $get_ciphers 2>&1 | sort | |
done | |
} | |
rm -rf $outDirectory | |
mkdir $outDirectory | |
mkdir $binariesDirectory | |
mkdir $reportsDirectory | |
mkdir $statisticsDirectory | |
for architecture in "${architectures[@]}" | |
do | |
## associative arrays: http://stackoverflow.com/questions/3112687/how-to-iterate-over-associative-array-in-bash/3113285#3113285 | |
## bash 4: | |
# build1architecture "$architecture" ${cc_arguments_by_architecture["$architecture"]} | |
## get associate simulation http://stackoverflow.com/questions/3236871/how-to-return-a-string-value-from-a-bash-function | |
build1architecture "$architecture" $(cc_arguments_by_architecture $architecture) | |
done | |
cat $statisticsDirectory/*count* | |
cat $statisticsDirectory/*testlog* | |
# target names are the ones used in uname: https://github.com/drwetter/testssl.sh/issues/127#issuecomment-127408205 | |
target_x86="Darwin.i386" | |
target_x64="Darwin.x86_64" | |
## bash 4 associative array: | |
# declare -A targets_by_architecture=(["$architecture_darwin_x64"]="$target_x64" ["$architecture_darwin_x86"]="$target_x86") | |
## simulate associative array using a function doing echo to stdout and evaluate the result | |
## http://stackoverflow.com/questions/14482943/can-a-string-be-returned-from-a-bash-function-without-using-echo-or-global-varia | |
targets_by_architecture() { | |
case "$1" in | |
"$architecture_darwin_x64") echo "$target_x64";; | |
"$architecture_darwin_x86") echo "$target_x86";; | |
esac | |
} | |
for architecture in "${architectures[@]}" | |
do | |
# bash 4: current_target=${targets_by_architecture["$architecture"]} | |
## get associate simulation http://stackoverflow.com/questions/3236871/how-to-return-a-string-value-from-a-bash-function | |
current_target=$(targets_by_architecture $architecture) | |
echo "architecture: $architecture leads to target: $current_target" | |
cp -p "$binariesDirectory/openssl.$architecture" "$binariesDirectory/openssl.$current_target" | |
strip "$binariesDirectory/openssl.$current_target" | |
cp -p "$binariesDirectory/openssl.$current_target" "$binary_directory/openssl.$current_target" | |
cp -p "$binariesDirectory/openssl.$architecture" "$binary_directory/openssl.$architecture" | |
pushd $binary_directory | |
git add openssl.$current_target | |
popd | |
done | |
popd |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment