-
-
Save tmiz/1441111 to your computer and use it in GitHub Desktop.
| #!/bin/bash | |
| OPENSSL_VERSION="1.0.1g" | |
| curl -O http://www.openssl.org/source/openssl-$OPENSSL_VERSION.tar.gz | |
| tar -xvzf openssl-$OPENSSL_VERSION.tar.gz | |
| mv openssl-$OPENSSL_VERSION openssl_i386 | |
| tar -xvzf openssl-$OPENSSL_VERSION.tar.gz | |
| mv openssl-$OPENSSL_VERSION openssl_x86_64 | |
| cd openssl_i386 | |
| ./Configure darwin-i386-cc -shared | |
| make | |
| cd ../ | |
| cd openssl_x86_64 | |
| ./Configure darwin64-x86_64-cc -shared | |
| make | |
| cd ../ | |
| lipo -create openssl_i386/libcrypto.1.0.0.dylib openssl_x86_64/libcrypto.1.0.0.dylib -output libcrypto.1.0.0.dylib | |
| lipo -create openssl_i386/libssl.1.0.0.dylib openssl_x86_64/libssl.1.0.0.dylib -output libssl.1.0.0.dylib | |
| rm openssl-$OPENSSL_VERSION.tar.gz |
Just used this recipe for successful build of VERSION=1.0.1c - worked great.
Small note: I directed output directly to /usr/local/lib.
Super Notes, Thanks!
Good recipe, Thanks!
I updated this snippet for security
Your script is quite good in many ways, for example it's nice that it downloads the source with curl.
But it strips the version number from the directory name, leaving only the CPU architecture. Might get confusing sometimes, if you build more than one version without deleting/moving/renaming the prior build. Why not add the variable OPENSSL_VERSION to the directory name, that way it's explicitly stated and unambiguous.
Also, notice how the output files have the wrong version: libcrypto.1.0.0.dylib (instead of 1.0.1). It's a tiny difference, but it's not just a name. I bet if you run otool -L on one of those .dylibs chances are it will also say 1.0.0 next to "compatibility version" - meaning code linked explicitly against 1.0.1 or higher could easily not run for this reason alone. Setting the correct version happens during the build, so it's a problem with the source, but better to fix it somehow, even hacking it manually into the Makefile works, if it's a one time fix.
also, your configure line is missing two useful parameters: --prefix= --openssldir=
--prefix= is the directory where the binary openssl and dylibs will end up, and --openssldir= is the directory where openssl.cnf lives.
And you seem to have missed the openssl binary, which the source builds in the apps subdirectory. Kind of useful, since it can calculate md5 and sha sums. But it has to be linked to the same version of libssl, so Apple's binary may or may not work with libssl 1.0.1 but the reverse is definitely unlikely. This is why the version numbers matter.
Oh, and since a lot of this software runs on arm (iphone,ipad) and at least until Mac OS X 10.5 on powerpc, two Intel compatible binaries is hardly universal :-) I wrote a similar script to compile openssl 1.0.1g for all 4 CPU architectures Xcode 3.1 on 10.5 handles - 32/64 bit PowerPC and 32/64 bit Intel. Not posted anywhere yet, but I can post it on Gist myself, and add the link if I can edit the comment later, or just in another separate comment.
great! good work. but you should update ssl version to 1.0.1i
made some fixes based on @lyubod suggestions
I did not include other platforms by default since not all systems are prepared to build it, but if your system enables it, it's just a matter of adding to the PLATFORMS variable, using the platform name provided by ./Configure
I suggest applying http://www.linuxfromscratch.org/patches/downloads/openssl/
I used patch -Np1 -i ...
I just forked and updated this gist to install latest openssl 0.9.8zf on OSX. For me, I am running 10.9.5 mavericks (due to application incompatibilities with 10.10) and this version requires version 0.9.8 for key app library support. Added commands to install the library over the system openssl.
I modified your script to make result library portable: https://bitbucket.org/snippets/Zifix/88ny/
You rock! I spent a frustrating afternoon trying to figure out how to build that, and I came across this 5 minutes before I was going to go home in disgust. Now I get to go home victorious! Thanks so much! I just wish I'd seen it earlier today!
This thing misses one bit, arguably the most important one:
Download and verify security signatures.
For something crypto-related, this is an absolute must.
This was neat!
Many nice people here hinted on better build-scripts they've made... could one of you please spare a link?
I need: 1. shared (dylib) and static, OS-X only (actually 64bit is enough for me). I need to build relocatable dylibs (OS-X Frameworks) linked against openssl libs (libcrypto and libssl)
This is brilliant
Thanks!
You may want to modify your curl request to curl -O -L http://www.openssl.org/source/openssl-$OPENSSL_VERSION.tar.gz. I had to struggle with a redirect -L automatically follows...
FYI as of the time of writing this the current openssl version is openssl-1.0.2o
Although very old, I wonder if this could still work for Mac OS X 10.4 on PPC with openssl 1.1.1
change http with https :) curl -O https://www.openssl.org/source/openssl-$OPENSSL_VERSION.tar.gz
Very useful!
I tried compiling this library for deploying applications built with Delphi for OSX64, but nothing worked. But this script runs perfectly!
Total respect!!
Huh, didn't think it was that easy...