diff options
| -rw-r--r-- | .circleci/config.yml | 53 | ||||
| -rw-r--r-- | openssl-sys/Cargo.toml | 4 | ||||
| -rw-r--r-- | openssl-sys/build/main.rs | 338 | ||||
| -rw-r--r-- | openssl/Cargo.toml | 2 | ||||
| -rw-r--r-- | openssl/src/ssl/test.rs | 6 | ||||
| -rw-r--r-- | systest/Cargo.toml | 3 | ||||
| -rwxr-xr-x | test/add_target.sh | 3 | ||||
| -rwxr-xr-x | test/build_openssl.sh | 8 |
8 files changed, 251 insertions, 166 deletions
diff --git a/.circleci/config.yml b/.circleci/config.yml index 0d4315dc..b188695b 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -1,9 +1,9 @@ restore_registry: &RESTORE_REGISTRY restore_cache: - key: registry-3 + key: registry-4 save_registry: &SAVE_REGISTRY save_cache: - key: registry-3-{{ .BuildNum }} + key: registry-4-{{ .BuildNum }} paths: - /usr/local/cargo/registry/index openssl_key: &OPENSSL_KEY @@ -38,14 +38,14 @@ job: &JOB - run: apt-get remove -y libssl-dev - run: ./test/add_target.sh - *RESTORE_REGISTRY - - run: cargo generate-lockfile + - run: cargo generate-lockfile --verbose - *SAVE_REGISTRY - run: echo "${LIBRARY}-${VERSION}-${TARGET}" > ~/lib_key - *RESTORE_OPENSSL - run: ./test/build_openssl.sh - *SAVE_OPENSSL - *RESTORE_DEPS - - run: cargo run --manifest-path=systest/Cargo.toml --target $TARGET + - run: cargo run --manifest-path=systest/Cargo.toml --target $TARGET --features "$FEATURES" - run: | ulimit -c unlimited export PATH=$OPENSSL_DIR/bin:$PATH @@ -55,6 +55,7 @@ job: &JOB cargo test \ --manifest-path=openssl/Cargo.toml \ --target $TARGET \ + --features "$FEATURES" \ $TEST_ARGS - run: command: | @@ -69,9 +70,6 @@ job: &JOB macos_job: &MACOS_JOB macos: xcode: "9.0" - environment: - RUSTUP_HOME: /usr/local/rustup - CARGO_HOME: /usr/local/cargo steps: - checkout - run: sudo mkdir /opt @@ -83,12 +81,18 @@ macos_job: &MACOS_JOB - *SAVE_REGISTRY - run: echo "homebrew-x86_64-apple-darwin" > ~/lib_key - *RESTORE_DEPS - - run: cargo run --manifest-path=systest/Cargo.toml + - run: cargo run --manifest-path=systest/Cargo.toml --features "$FEATURES" - run: | PATH=/usr/local/opt/openssl/bin:$PATH - cargo test --manifest-path=openssl/Cargo.toml + cargo test --manifest-path=openssl/Cargo.toml --features "$FEATURES" - *SAVE_DEPS +macos_env: &MACOS_ENV + RUSTUP_HOME: /usr/local/rustup + CARGO_HOME: /usr/local/cargo +vendored: &VENDORED + FEATURES: vendored + LIBRARY: "" openssl_111: &OPENSSL_111 LIBRARY: openssl VERSION: 1.1.1-pre8 @@ -110,6 +114,8 @@ libressl_270: &LIBRESSL_272 x86_64: &X86_64 TARGET: x86_64-unknown-linux-gnu +musl: &MUSL + TARGET: x86_64-unknown-linux-musl i686: &I686 TARGET: i686-unknown-linux-gnu armhf: &ARMHF @@ -127,6 +133,16 @@ base: &BASE version: 2 jobs: + musl-vendored: + <<: *JOB + docker: + - image: rust:1.21.0 + environment: + <<: [*VENDORED, *MUSL, *BASE] + x86_64-vendored: + <<: *JOB + environment: + <<: [*VENDORED, *X86_64, *BASE] x86_64-openssl-1.1.1: <<: *JOB environment: @@ -143,6 +159,10 @@ jobs: <<: *JOB environment: <<: [*OPENSSL_101, *X86_64, *BASE] + i686-vendored: + <<: *JOB + environment: + <<: [*VENDORED, *I686, *BASE] i686-openssl-1.1.1: <<: *JOB environment: @@ -155,6 +175,10 @@ jobs: <<: *JOB environment: <<: [*OPENSSL_102, *I686, *BASE] + armhf-vendored: + <<: *JOB + environment: + <<: [*VENDORED, *ARMHF, *BASE] armhf-openssl-1.1.1: <<: *JOB environment: @@ -177,20 +201,31 @@ jobs: <<: [*LIBRESSL_272, *X86_64, *BASE] macos: <<: *MACOS_JOB + environment: + <<: [*MACOS_ENV] + macos-vendored: + <<: *MACOS_JOB + environment: + <<: [*VENDORED, *MACOS_ENV] workflows: version: 2 tests: jobs: + - musl-vendored + - x86_64-vendored - x86_64-openssl-1.1.1 - x86_64-openssl-1.1.0 - x86_64-openssl-1.0.2 - x86_64-openssl-1.0.1 + - i686-vendored - i686-openssl-1.1.1 - i686-openssl-1.1.0 - i686-openssl-1.0.2 + - armhf-vendored - armhf-openssl-1.1.1 - armhf-openssl-1.1.0 - armhf-openssl-1.0.2 - x86_64-libressl-2.5.0 - x86_64-libressl-2.7.2 - macos + - macos-vendored diff --git a/openssl-sys/Cargo.toml b/openssl-sys/Cargo.toml index b48d3055..195a179f 100644 --- a/openssl-sys/Cargo.toml +++ b/openssl-sys/Cargo.toml @@ -11,12 +11,16 @@ categories = ["cryptography", "external-ffi-bindings"] links = "openssl" build = "build/main.rs" +[features] +vendored = ['openssl-src'] + [dependencies] libc = "0.2" [build-dependencies] pkg-config = "0.3.9" cc = "1.0" +openssl-src = { version = "110.0.4", optional = true } [target.'cfg(target_env = "msvc")'.build-dependencies] vcpkg = "0.2" diff --git a/openssl-sys/build/main.rs b/openssl-sys/build/main.rs index 24f69018..4d58d248 100644 --- a/openssl-sys/build/main.rs +++ b/openssl-sys/build/main.rs @@ -2,6 +2,8 @@ extern crate cc; extern crate pkg_config; #[cfg(target_env = "msvc")] extern crate vcpkg; +#[cfg(feature = "vendored")] +extern crate openssl_src; use std::collections::HashSet; use std::env; @@ -9,7 +11,6 @@ use std::ffi::OsString; use std::fs::File; use std::io::{BufWriter, Write}; use std::path::{Path, PathBuf}; -use std::process::Command; mod cfgs; @@ -52,18 +53,7 @@ fn env(name: &str) -> Option<OsString> { fn main() { let target = env::var("TARGET").unwrap(); - let lib_dir = env("OPENSSL_LIB_DIR").map(PathBuf::from); - let include_dir = env("OPENSSL_INCLUDE_DIR").map(PathBuf::from); - - let (lib_dir, include_dir) = if lib_dir.is_none() || include_dir.is_none() { - let openssl_dir = env("OPENSSL_DIR").unwrap_or_else(|| find_openssl_dir(&target)); - let openssl_dir = Path::new(&openssl_dir); - let lib_dir = lib_dir.unwrap_or_else(|| openssl_dir.join("lib")); - let include_dir = include_dir.unwrap_or_else(|| openssl_dir.join("include")); - (lib_dir, include_dir) - } else { - (lib_dir.unwrap(), include_dir.unwrap()) - }; + let (lib_dir, include_dir) = imp::get_openssl(&target); if !Path::new(&lib_dir).exists() { panic!( @@ -110,48 +100,83 @@ fn main() { } } -fn find_openssl_dir(target: &str) -> OsString { - let host = env::var("HOST").unwrap(); +#[cfg(feature = "vendored")] +mod imp { + use std::path::PathBuf; + use openssl_src; - if host == target && target.contains("apple-darwin") { - // Check up default Homebrew installation location first - // for quick resolution if possible. - let homebrew = Path::new("/usr/local/opt/openssl@1.1"); - if homebrew.exists() { - return homebrew.to_path_buf().into(); - } - let homebrew = Path::new("/usr/local/opt/openssl"); - if homebrew.exists() { - return homebrew.to_path_buf().into(); + pub fn get_openssl(_target: &str) -> (PathBuf, PathBuf) { + let artifacts = openssl_src::Build::new().build(); + (artifacts.lib_dir().to_path_buf(), artifacts.include_dir().to_path_buf()) + } +} + +#[cfg(not(feature = "vendored"))] +mod imp { + use pkg_config; + use std::path::{Path, PathBuf}; + use std::ffi::OsString; + use std::process::{self, Command}; + + use super::env; + + pub fn get_openssl(target: &str) -> (PathBuf, PathBuf) { + let lib_dir = env("OPENSSL_LIB_DIR").map(PathBuf::from); + let include_dir = env("OPENSSL_INCLUDE_DIR").map(PathBuf::from); + + if lib_dir.is_none() || include_dir.is_none() { + let openssl_dir = env("OPENSSL_DIR").unwrap_or_else(|| find_openssl_dir(&target)); + let openssl_dir = Path::new(&openssl_dir); + let lib_dir = lib_dir.unwrap_or_else(|| openssl_dir.join("lib")); + let include_dir = include_dir.unwrap_or_else(|| openssl_dir.join("include")); + (lib_dir, include_dir) + } else { + (lib_dir.unwrap(), include_dir.unwrap()) } - // Calling `brew --prefix <package>` command usually slow and - // takes seconds, and will be used only as a last resort. - let output = execute_command_and_get_output("brew", &["--prefix", "openssl@1.1"]); - if let Some(ref output) = output { - let homebrew = Path::new(&output); + } + + fn find_openssl_dir(target: &str) -> OsString { + let host = env::var("HOST").unwrap(); + + if host == target && target.contains("apple-darwin") { + // Check up default Homebrew installation location first + // for quick resolution if possible. + let homebrew = Path::new("/usr/local/opt/openssl@1.1"); if homebrew.exists() { return homebrew.to_path_buf().into(); } - } - let output = execute_command_and_get_output("brew", &["--prefix", "openssl"]); - if let Some(ref output) = output { - let homebrew = Path::new(&output); + let homebrew = Path::new("/usr/local/opt/openssl"); if homebrew.exists() { return homebrew.to_path_buf().into(); } + // Calling `brew --prefix <package>` command usually slow and + // takes seconds, and will be used only as a last resort. + let output = execute_command_and_get_output("brew", &["--prefix", "openssl@1.1"]); + if let Some(ref output) = output { + let homebrew = Path::new(&output); + if homebrew.exists() { + return homebrew.to_path_buf().into(); + } + } + let output = execute_command_and_get_output("brew", &["--prefix", "openssl"]); + if let Some(ref output) = output { + let homebrew = Path::new(&output); + if homebrew.exists() { + return homebrew.to_path_buf().into(); + } + } } - } - try_pkg_config(); - try_vcpkg(); + try_pkg_config(); + try_vcpkg(); - // FreeBSD ships with OpenSSL but doesn't include a pkg-config file :( - if host == target && target.contains("freebsd") { - return OsString::from("/usr"); - } + // FreeBSD ships with OpenSSL but doesn't include a pkg-config file :( + if host == target && target.contains("freebsd") { + return OsString::from("/usr"); + } - let mut msg = format!( - " + let mut msg = format!( + " Could not find directory of OpenSSL installation, and this `-sys` crate cannot proceed without this knowledge. If OpenSSL is installed and this crate had @@ -170,16 +195,16 @@ and include information about your system as well as this message. openssl-sys = {} ", - host, - target, - env!("CARGO_PKG_VERSION") - ); + host, + target, + env!("CARGO_PKG_VERSION") + ); - if host.contains("apple-darwin") && target.contains("apple-darwin") { - let system = Path::new("/usr/lib/libssl.0.9.8.dylib"); - if system.exists() { - msg.push_str(&format!( - " + if host.contains("apple-darwin") && target.contains("apple-darwin") { + let system = Path::new("/usr/lib/libssl.0.9.8.dylib"); + if system.exists() { + msg.push_str(&format!( + " It looks like you're compiling on macOS, where the system contains a version of OpenSSL 0.9.8. This crate no longer supports OpenSSL 0.9.8. @@ -191,27 +216,27 @@ install the `openssl` package, or as a maintainer you can use the openssl-sys Unfortunately though the compile cannot continue, so aborting. " - )); + )); + } } - } - if host.contains("unknown-linux") && target.contains("unknown-linux-gnu") { - if Command::new("pkg-config").output().is_err() { - msg.push_str(&format!( - " + if host.contains("unknown-linux") && target.contains("unknown-linux-gnu") { + if Command::new("pkg-config").output().is_err() { + msg.push_str(&format!( + " It looks like you're compiling on Linux and also targeting Linux. Currently this requires the `pkg-config` utility to find OpenSSL but unfortunately `pkg-config` could not be found. If you have OpenSSL installed you can likely fix this by installing `pkg-config`. " - )); + )); + } } - } - if host.contains("windows") && target.contains("windows-gnu") { - msg.push_str(&format!( - " + if host.contains("windows") && target.contains("windows-gnu") { + msg.push_str(&format!( + " It looks like you're compiling for MinGW but you may not have either OpenSSL or pkg-config installed. You can install these two dependencies with: @@ -220,12 +245,12 @@ pkg-config installed. You can install these two dependencies with: and try building this crate again. " - )); - } + )); + } - if host.contains("windows") && target.contains("windows-msvc") { - msg.push_str(&format!( - " + if host.contains("windows") && target.contains("windows-msvc") { + msg.push_str(&format!( + " It looks like you're compiling for MSVC but we couldn't detect an OpenSSL installation. If there isn't one installed then you can try the rust-openssl README for more information about how to download precompiled binaries of @@ -234,96 +259,112 @@ OpenSSL: https://github.com/sfackler/rust-openssl#windows " - )); - } - - panic!(msg); -} - -/// Attempt to find OpenSSL through pkg-config. -/// -/// Note that if this succeeds then the function does not return as pkg-config -/// typically tells us all the information that we need. -fn try_pkg_config() { - let target = env::var("TARGET").unwrap(); - let host = env::var("HOST").unwrap(); + )); + } - // If we're going to windows-gnu we can use pkg-config, but only so long as - // we're coming from a windows host. - // - // Otherwise if we're going to windows we probably can't use pkg-config. - if target.contains("windows-gnu") && host.contains("windows") { - env::set_var("PKG_CONFIG_ALLOW_CROSS", "1"); - } else if target.contains("windows") { - return; + panic!(msg); } - let lib = match pkg_config::Config::new() - .print_system_libs(false) - .find("openssl") - { - Ok(lib) => lib, - Err(e) => { - println!("run pkg_config fail: {:?}", e); + /// Attempt to find OpenSSL through pkg-config. + /// + /// Note that if this succeeds then the function does not return as pkg-config + /// typically tells us all the information that we need. + fn try_pkg_config() { + let target = env::var("TARGET").unwrap(); + let host = env::var("HOST").unwrap(); + + // If we're going to windows-gnu we can use pkg-config, but only so long as + // we're coming from a windows host. + // + // Otherwise if we're going to windows we probably can't use pkg-config. + if target.contains("windows-gnu") && host.contains("windows") { + env::set_var("PKG_CONFIG_ALLOW_CROSS", "1"); + } else if target.contains("windows") { return; } - }; - validate_headers(&lib.include_paths); + let lib = match pkg_config::Config::new() + .print_system_libs(false) + .find("openssl") + { + Ok(lib) => lib, + Err(e) => { + println!("run pkg_config fail: {:?}", e); + return; + } + }; + + super::validate_headers(&lib.include_paths); - for include in lib.include_paths.iter() { - println!("cargo:include={}", include.display()); + for include in lib.include_paths.iter() { + println!("cargo:include={}", include.display()); + } + + process::exit(0); } - std::process::exit(0); -} + /// Attempt to find OpenSSL through vcpkg. + /// + /// Note that if this succeeds then the function does not return as vcpkg + /// should emit all of the cargo metadata that we need. + #[cfg(target_env = "msvc")] + fn try_vcpkg() { + use vcpkg; -/// Attempt to find OpenSSL through vcpkg. -/// -/// Note that if this succeeds then the function does not return as vcpkg -/// should emit all of the cargo metadata that we need. -#[cfg(target_env = "msvc")] -fn try_vcpkg() { - // vcpkg will not emit any metadata if it can not find libraries - // appropriate for the target triple with the desired linkage. - - let mut lib = vcpkg::Config::new() - .emit_includes(true) - .lib_name("libcrypto") - .lib_name("libssl") - .probe("openssl"); - - if let Err(e) = lib { - println!( - "note: vcpkg did not find openssl as libcrypto and libssl : {:?}", - e - ); - lib = vcpkg::Config::new() + // vcpkg will not emit any metadata if it can not find libraries + // appropriate for the target triple with the desired linkage. + + let mut lib = vcpkg::Config::new() .emit_includes(true) - .lib_name("libeay32") - .lib_name("ssleay32") + .lib_name("libcrypto") + .lib_name("libssl") .probe("openssl"); - } - if let Err(e) = lib { - println!( - "note: vcpkg did not find openssl as ssleay32 and libeay32: {:?}", - e - ); - return; - } - let lib = lib.unwrap(); - validate_headers(&lib.include_paths); + if let Err(e) = lib { + println!( + "note: vcpkg did not find openssl as libcrypto and libssl : {:?}", + e + ); + lib = vcpkg::Config::new() + .emit_includes(true) + .lib_name("libeay32") + .lib_name("ssleay32") + .probe("openssl"); + } + if let Err(e) = lib { + println!( + "note: vcpkg did not find openssl as ssleay32 and libeay32: {:?}", + e + ); + return; + } + + let lib = lib.unwrap(); + super::validate_headers(&lib.include_paths); - println!("cargo:rustc-link-lib=user32"); - println!("cargo:rustc-link-lib=gdi32"); - println!("cargo:rustc-link-lib=crypt32"); + println!("cargo:rustc-link-lib=user32"); + println!("cargo:rustc-link-lib=gdi32"); + println!("cargo:rustc-link-lib=crypt32"); - std::process::exit(0); -} + process::exit(0); + } -#[cfg(not(target_env = "msvc"))] -fn try_vcpkg() {} + #[cfg(not(target_env = "msvc"))] + fn try_vcpkg() {} + + fn execute_command_and_get_output(cmd: &str, args: &[&str]) -> Option<String> { + let out = Command::new(cmd).args(args).output(); + if let Ok(ref r1) = out { + if r1.status.success() { + let r2 = String::from_utf8(r1.stdout.clone()); + if let Ok(r3) = r2 { + return Some(r3.trim().to_string()); + } + } + } + return None; + } +} /// Validates the header files found in `include_dir` and then returns the /// version string of OpenSSL. @@ -565,16 +606,3 @@ fn determine_mode(libdir: &Path, libs: &[&str]) -> &'static str { // practices with security libs", let's link dynamically. "dylib" } - -fn execute_command_and_get_output(cmd: &str, args: &[&str]) -> Option<String> { - let out = Command::new(cmd).args(args).output(); - if let Ok(ref r1) = out { - if r1.status.success() { - let r2 = String::from_utf8(r1.stdout.clone()); - if let Ok(r3) = r2 { - return Some(r3.trim().to_string()); - } - } - } - return None; -} diff --git a/openssl/Cargo.toml b/openssl/Cargo.toml index b14a7d28..317918f0 100644 --- a/openssl/Cargo.toml +++ b/openssl/Cargo.toml @@ -16,6 +16,8 @@ v102 = [] v110 = [] v111 = [] +vendored = ['openssl-sys/vendored'] + [dependencies] bitflags = "1.0" cfg-if = "0.1" diff --git a/openssl/src/ssl/test.rs b/openssl/src/ssl/test.rs index 05938af4..08a93b97 100644 --- a/openssl/src/ssl/test.rs +++ b/openssl/src/ssl/test.rs @@ -775,6 +775,7 @@ fn refcount_ssl_context() { #[test] #[cfg_attr(libressl250, ignore)] +#[cfg_attr(all(target_os = "macos", feature = "vendored"), ignore)] fn default_verify_paths() { let mut ctx = SslContext::builder(SslMethod::tls()).unwrap(); ctx.set_default_verify_paths().unwrap(); @@ -804,6 +805,7 @@ fn add_extra_chain_cert() { #[test] #[cfg(any(ossl102, ossl110))] +#[cfg_attr(all(target_os = "macos", feature = "vendored"), ignore)] fn verify_valid_hostname() { let mut ctx = SslContext::builder(SslMethod::tls()).unwrap(); ctx.set_default_verify_paths().unwrap(); @@ -845,6 +847,7 @@ fn verify_invalid_hostname() { #[test] #[cfg_attr(libressl250, ignore)] +#[cfg_attr(all(target_os = "macos", feature = "vendored"), ignore)] fn connector_valid_hostname() { let connector = SslConnector::builder(SslMethod::tls()).unwrap().build(); @@ -861,6 +864,7 @@ fn connector_valid_hostname() { } #[test] +#[cfg_attr(all(target_os = "macos", feature = "vendored"), ignore)] fn connector_invalid_hostname() { let connector = SslConnector::builder(SslMethod::tls()).unwrap().build(); @@ -870,6 +874,7 @@ fn connector_invalid_hostname() { #[test] #[cfg_attr(libressl250, ignore)] +#[cfg_attr(all(target_os = "macos", feature = "vendored"), ignore)] fn connector_invalid_no_hostname_verification() { let connector = SslConnector::builder(SslMethod::tls()).unwrap().build(); @@ -1202,6 +1207,7 @@ fn idle_session() { #[test] #[cfg_attr(libressl250, ignore)] +#[cfg_attr(all(target_os = "macos", feature = "vendored"), ignore)] fn active_session() { let connector = SslConnector::builder(SslMethod::tls()).unwrap().build(); diff --git a/systest/Cargo.toml b/systest/Cargo.toml index e9d7af64..63f80479 100644 --- a/systest/Cargo.toml +++ b/systest/Cargo.toml @@ -9,3 +9,6 @@ openssl-sys = { path = "../openssl-sys" } [build-dependencies] ctest = "0.1" + +[features] +vendored = ['openssl-sys/vendored'] diff --git a/test/add_target.sh b/test/add_target.sh index c9914ad2..8aef7d6a 100755 --- a/test/add_target.sh +++ b/test/add_target.sh @@ -8,6 +8,9 @@ case "${TARGET}" in "i686-unknown-linux-gnu") apt-get install -y --no-install-recommends gcc-multilib ;; +"x86_64-unknown-linux-musl") + apt-get install -y --no-install-recommends musl-tools + ;; "arm-unknown-linux-gnueabihf") dpkg --add-architecture armhf apt-get update diff --git a/test/build_openssl.sh b/test/build_openssl.sh index 9c1cda1e..a5250d11 100755 --- a/test/build_openssl.sh +++ b/test/build_openssl.sh @@ -5,8 +5,6 @@ if [ -d "${OPENSSL_DIR}" ]; then exit 0 fi -apt-get install -y --no-install-recommends curl - case "${LIBRARY}" in "libressl") URL1="http://ftp3.usa.openbsd.org/pub/OpenBSD/LibreSSL/libressl-${VERSION}.tar.gz" @@ -16,8 +14,14 @@ case "${LIBRARY}" in URL1="https://openssl.org/source/openssl-${VERSION}.tar.gz" URL2="http://mirrors.ibiblio.org/openssl/source/openssl-${VERSION}.tar.gz" ;; +"") + # using the vendored builds + exit 0; + ;; esac +apt-get install -y --no-install-recommends curl + case "${TARGET}" in "x86_64-unknown-linux-gnu") OS_COMPILER=linux-x86_64 |