From 350a7647f314503d605072e2cb2e40aae61236b4 Mon Sep 17 00:00:00 2001
From: mayeut <mayeut@users.noreply.github.com>
Date: Mon, 10 Apr 2023 17:35:41 +0200
Subject: [PATCH] chore: use dynamic build of OpenSSL

---
 docker/build_scripts/build-cpython.sh | 16 +++++++++++++++-
 docker/build_scripts/build-openssl.sh |  7 +++++--
 2 files changed, 20 insertions(+), 3 deletions(-)

diff --git a/docker/build_scripts/build-cpython.sh b/docker/build_scripts/build-cpython.sh
index 8a5854d66..41174b5ea 100755
--- a/docker/build_scripts/build-cpython.sh
+++ b/docker/build_scripts/build-cpython.sh
@@ -43,17 +43,31 @@ if [ "${AUDITWHEEL_POLICY}" == "manylinux2014" ] ; then
 	export TCLTK_LIBS="-ltk8.6 -ltcl8.6"
 fi
 
+OPENSSL_EXTRA=""
+OPENSSL_PREFIX=$(find /opt/_internal -maxdepth 1 -name 'openssl*')
+if [ "${OPENSSL_PREFIX}" != "" ]; then
+	OPENSSL_EXTRA="--with-openssl=${OPENSSL_PREFIX}"
+	case "${CPYTHON_VERSION}" in
+		3.8.*|3.9.*) export LD_RUN_PATH=${OPENSSL_PREFIX}/lib;;
+		*) OPENSSL_EXTRA="${OPENSSL_EXTRA} --with-openssl-rpath=auto";;
+	esac
+fi
+
 # configure with hardening options only for the interpreter & stdlib C extensions
 # do not change the default for user built extension (yet?)
 ./configure \
 	CFLAGS_NODIST="${MANYLINUX_CFLAGS} ${MANYLINUX_CPPFLAGS} ${CFLAGS_EXTRA}" \
-	LDFLAGS_NODIST="${MANYLINUX_LDFLAGS}" \
+	LDFLAGS_NODIST="${MANYLINUX_LDFLAGS}" ${OPENSSL_EXTRA} \
 	--prefix=${PREFIX} --disable-shared --with-ensurepip=no > /dev/null
 make > /dev/null
 make install > /dev/null
 popd
 rm -rf Python-${CPYTHON_VERSION} Python-${CPYTHON_VERSION}.tgz Python-${CPYTHON_VERSION}.tgz.asc
 
+if [ "${OPENSSL_PREFIX}" != "" ]; then
+	rm -rf ${OPENSSL_PREFIX}/bin ${OPENSSL_PREFIX}/include ${OPENSSL_PREFIX}/lib/pkgconfig ${OPENSSL_PREFIX}/lib/*.so
+fi
+
 # We do not need precompiled .pyc and .pyo files.
 clean_pyc ${PREFIX}
 
diff --git a/docker/build_scripts/build-openssl.sh b/docker/build_scripts/build-openssl.sh
index 633b5ab36..6c49d1c6b 100755
--- a/docker/build_scripts/build-openssl.sh
+++ b/docker/build_scripts/build-openssl.sh
@@ -35,15 +35,18 @@ else
 	apk del openssl-dev
 fi
 
+PREFIX=/opt/_internal/openssl-${OPENSSL_VERSION%.*}
+
 fetch_source ${OPENSSL_ROOT}.tar.gz ${OPENSSL_DOWNLOAD_URL}
 check_sha256sum ${OPENSSL_ROOT}.tar.gz ${OPENSSL_HASH}
 tar -xzf ${OPENSSL_ROOT}.tar.gz
 pushd ${OPENSSL_ROOT}
-./config no-shared --prefix=/usr/local/ssl --openssldir=/usr/local/ssl --libdir=lib CPPFLAGS="${MANYLINUX_CPPFLAGS}" CFLAGS="${MANYLINUX_CFLAGS} -fPIC" CXXFLAGS="${MANYLINUX_CXXFLAGS} -fPIC" LDFLAGS="${MANYLINUX_LDFLAGS} -fPIC" > /dev/null
+./Configure --prefix=${PREFIX} --openssldir=${PREFIX} --libdir=lib CPPFLAGS="${MANYLINUX_CPPFLAGS}" CFLAGS="${MANYLINUX_CFLAGS}" CXXFLAGS="${MANYLINUX_CXXFLAGS}" LDFLAGS="${MANYLINUX_LDFLAGS} -Wl,-rpath,\$(LIBRPATH)" > /dev/null
 make > /dev/null
 make install_sw > /dev/null
 popd
 rm -rf ${OPENSSL_ROOT} ${OPENSSL_ROOT}.tar.gz
 
+strip_ ${PREFIX}
 
-/usr/local/ssl/bin/openssl version
+${PREFIX}/bin/openssl version