Skip to content

Commit

Permalink
chore: use dynamic build of OpenSSL
Browse files Browse the repository at this point in the history
  • Loading branch information
@mayeut
mayeut committed May 8, 2024
1 parent e2b24d9 commit 350a764
Show file tree
Hide file tree
Showing 2 changed files with 20 additions and 3 deletions.
16 changes: 15 additions & 1 deletion docker/build_scripts/build-cpython.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,17 +43,31 @@ if [ "${AUDITWHEEL_POLICY}" == "manylinux2014" ] ; then
export TCLTK_LIBS="-ltk8.6 -ltcl8.6"
fi

OPENSSL_EXTRA=""
OPENSSL_PREFIX=$(find /opt/_internal -maxdepth 1 -name 'openssl*')
if [ "${OPENSSL_PREFIX}" != "" ]; then
OPENSSL_EXTRA="--with-openssl=${OPENSSL_PREFIX}"
case "${CPYTHON_VERSION}" in
3.8.*|3.9.*) export LD_RUN_PATH=${OPENSSL_PREFIX}/lib;;
*) OPENSSL_EXTRA="${OPENSSL_EXTRA} --with-openssl-rpath=auto";;
esac
fi

# configure with hardening options only for the interpreter & stdlib C extensions
# do not change the default for user built extension (yet?)
./configure \
CFLAGS_NODIST="${MANYLINUX_CFLAGS} ${MANYLINUX_CPPFLAGS} ${CFLAGS_EXTRA}" \
LDFLAGS_NODIST="${MANYLINUX_LDFLAGS}" \
LDFLAGS_NODIST="${MANYLINUX_LDFLAGS}" ${OPENSSL_EXTRA} \
--prefix=${PREFIX} --disable-shared --with-ensurepip=no > /dev/null
make > /dev/null
make install > /dev/null
popd
rm -rf Python-${CPYTHON_VERSION} Python-${CPYTHON_VERSION}.tgz Python-${CPYTHON_VERSION}.tgz.asc

if [ "${OPENSSL_PREFIX}" != "" ]; then
rm -rf ${OPENSSL_PREFIX}/bin ${OPENSSL_PREFIX}/include ${OPENSSL_PREFIX}/lib/pkgconfig ${OPENSSL_PREFIX}/lib/*.so
fi

# We do not need precompiled .pyc and .pyo files.
clean_pyc ${PREFIX}

Expand Down
7 changes: 5 additions & 2 deletions docker/build_scripts/build-openssl.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,15 +35,18 @@ else
apk del openssl-dev
fi
PREFIX=/opt/_internal/openssl-${OPENSSL_VERSION%.*}
fetch_source ${OPENSSL_ROOT}.tar.gz ${OPENSSL_DOWNLOAD_URL}
check_sha256sum ${OPENSSL_ROOT}.tar.gz ${OPENSSL_HASH}
tar -xzf ${OPENSSL_ROOT}.tar.gz
pushd ${OPENSSL_ROOT}
./config no-shared --prefix=/usr/local/ssl --openssldir=/usr/local/ssl --libdir=lib CPPFLAGS="${MANYLINUX_CPPFLAGS}" CFLAGS="${MANYLINUX_CFLAGS} -fPIC" CXXFLAGS="${MANYLINUX_CXXFLAGS} -fPIC" LDFLAGS="${MANYLINUX_LDFLAGS} -fPIC" > /dev/null
./Configure --prefix=${PREFIX} --openssldir=${PREFIX} --libdir=lib CPPFLAGS="${MANYLINUX_CPPFLAGS}" CFLAGS="${MANYLINUX_CFLAGS}" CXXFLAGS="${MANYLINUX_CXXFLAGS}" LDFLAGS="${MANYLINUX_LDFLAGS} -Wl,-rpath,\$(LIBRPATH)" > /dev/null
make > /dev/null
make install_sw > /dev/null
popd
rm -rf ${OPENSSL_ROOT} ${OPENSSL_ROOT}.tar.gz
strip_ ${PREFIX}
/usr/local/ssl/bin/openssl version
${PREFIX}/bin/openssl version

0 comments on commit 350a764

Please sign in to comment.