diff options
author | Heikki Halmet <heikki.halmet@qt.io> | 2022-05-09 13:20:46 +0300 |
---|---|---|
committer | Heikki Halmet <heikki.halmet@qt.io> | 2023-01-16 18:57:36 +0000 |
commit | 252c7ae303d31ef241d265f5400fcc1947f4e70d (patch) | |
tree | c7c828a2b46cbf17859f2bbc15afe1f7feb57f7f | |
parent | 9d9cbae102dd451405ce01087a8454dbcee4c3f7 (diff) |
Start using OpenSSL 3.0.7 in CI
Task-number: QTQAINFRA-4889
Change-Id: I3e335395762710d520ca93a5996d1b21d202ed4e
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Vladimir Minenko <vladimir.minenko@qt.io>
Reviewed-by: Simo Fält <simo.falt@qt.io>
(cherry picked from commit 68a7947e421bb71a6c85cb1aded94ee1ea38d235)
13 files changed, 65 insertions, 41 deletions
diff --git a/coin/platform_configs/address_sanitizer_platforms.yaml b/coin/platform_configs/address_sanitizer_platforms.yaml index 4ba7019a..ca10223d 100644 --- a/coin/platform_configs/address_sanitizer_platforms.yaml +++ b/coin/platform_configs/address_sanitizer_platforms.yaml @@ -8,5 +8,6 @@ Configurations: Configure arguments: '-nomake examples -developer-build' Environment variables: [ 'PATH={{.Env.CMAKE_MIN_SUPPORTED_BIN_PATH}}:{{.Env.PATH}}', - 'CONAN_PROFILE=coin/conan/profiles/ci-linux-x86_64-gcc-debug-developer' + 'CONAN_PROFILE=coin/conan/profiles/ci-linux-x86_64-gcc-debug-developer', + 'CMAKE_ARGS=-DOPENSSL_ROOT_DIR={{.Env.OPENSSL_HOME}}' ] diff --git a/coin/platform_configs/cmake_platforms.yaml b/coin/platform_configs/cmake_platforms.yaml index 2db8b0a4..2e5ce506 100644 --- a/coin/platform_configs/cmake_platforms.yaml +++ b/coin/platform_configs/cmake_platforms.yaml @@ -32,7 +32,8 @@ Configurations: Configure arguments: '-nomake examples -developer-build' Environment variables: [ 'PATH={{.Env.CMAKE_MIN_SUPPORTED_BIN_PATH}}:{{.Env.PATH}}', - 'CONAN_PROFILE=coin/conan/profiles/ci-linux-x86_64-gcc-debug-developer' + 'CONAN_PROFILE=coin/conan/profiles/ci-linux-x86_64-gcc-debug-developer', + 'CMAKE_ARGS=-DOPENSSL_ROOT_DIR={{.Env.OPENSSL_HOME}}' ] - Id: 'sles-15_sp4-static' diff --git a/coin/provisioning/common/unix/install-openssl.sh b/coin/provisioning/common/unix/install-openssl.sh index d091956a..f9058a71 100755 --- a/coin/provisioning/common/unix/install-openssl.sh +++ b/coin/provisioning/common/unix/install-openssl.sh @@ -48,11 +48,11 @@ SCRIPT_DIR="$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) source "${BASH_SOURCE%/*}/../unix/DownloadURL.sh" # shellcheck source=../unix/SetEnvVar.sh source "${BASH_SOURCE%/*}/../unix/SetEnvVar.sh" -version="1.1.1m" +version="3.0.7" officialUrl="https://www.openssl.org/source/openssl-$version.tar.gz" cachedUrl="http://ci-files01-hki.intra.qt.io/input/openssl/openssl-$version.tar.gz" targetFile="/tmp/openssl-$version.tar.gz" -sha="39d424c4411e45f1570073d7a71b1830b96007ca" +sha="f20736d6aae36bcbfa9aba0d358c71601833bf27" opensslHome="${HOME}/openssl-${version}" opensslSource="${opensslHome}-src" DownloadURL "$cachedUrl" "$officialUrl" "$sha" "$targetFile" @@ -62,13 +62,13 @@ cd "$opensslSource" pwd if [[ "$os" == "linux" ]]; then - ./Configure --prefix="$opensslHome" shared no-ssl3-method enable-ec_nistp_64_gcc_128 linux-x86_64 "-Wa,--noexecstack" + ./Configure --prefix="$opensslHome" shared enable-ec_nistp_64_gcc_128 linux-x86_64 "-Wa,--noexecstack" make && make install_sw install_ssldirs SetEnvVar "OPENSSL_HOME" "$opensslHome" if uname -a |grep -q "Ubuntu"; then - echo "export LD_LIBRARY_PATH=$opensslHome/lib:$LD_LIBRARY_PATH" >> ~/.bash_profile + echo "export LD_LIBRARY_PATH=$opensslHome/lib64:$LD_LIBRARY_PATH" >> ~/.bash_profile else - echo "export LD_LIBRARY_PATH=$opensslHome/lib:$LD_LIBRARY_PATH" >> ~/.bashrc + echo "export LD_LIBRARY_PATH=$opensslHome/lib64:$LD_LIBRARY_PATH" >> ~/.bashrc fi elif [ "$os" == "macos" -o "$os" == "macos-universal" ]; then diff --git a/coin/provisioning/common/unix/openssl_for_android.sh b/coin/provisioning/common/unix/openssl_for_android.sh index 791760c6..a3a3e83a 100755 --- a/coin/provisioning/common/unix/openssl_for_android.sh +++ b/coin/provisioning/common/unix/openssl_for_android.sh @@ -48,16 +48,16 @@ source "${BASH_SOURCE%/*}/../unix/DownloadURL.sh" # shellcheck source=../unix/SetEnvVar.sh source "${BASH_SOURCE%/*}/../unix/SetEnvVar.sh" -version="1.1.1m" +version="3.0.7" ndkVersionLatest="r25b" ndkVersionDefault=$ndkVersionLatest -prebuiltOpensslNdkShaDarwinLatest="1f4f994255c39839c8857d2ed1ff58a2101de714" -prebuiltOpensslNdkShaLinuxLatest="15f7014781186a23f4973a719b55b766b1e69116" +prebuiltOpensslNdkShaDarwinLatest="5cf5ef6c19e62954ccffcd1e31ac1f331028de0d" +prebuiltOpensslNdkShaLinuxLatest="f5e7e840dc1fac2868033ecfc0eeb79742b0daff" prebuiltOpensslNdkShaDarwinDefault=$prebuiltOpensslNdkShaDarwinLatest prebuiltOpensslNdkShaLinuxDefault=$prebuiltOpensslNdkShaLinuxLatest : ' SOURCE BUILD INSTRUCTIONS - Openssl prebuilt was made using Android NDK 25 -# Source built requires GCC and Perl to be in PATH. +# Source built requires GCC and Perl to be in PATH. Rhel "requires yum install perl-IPC-Cmd" exports_file="/tmp/export.sh" # source previously made environmental variables. if uname -a |grep -q "Ubuntu"; then @@ -70,10 +70,13 @@ else rm -rf "$exports_file" fi +# ANDROID_NDK_ROOT is required during Configure +export ANDROID_NDK_ROOT=/opt/android/android-ndk-r25b + officialUrl="https://www.openssl.org/source/openssl-$version.tar.gz" cachedUrl="http://ci-files01-hki.intra.qt.io/input/openssl/openssl-$version.tar.gz" targetFile="/tmp/openssl-$version.tar.gz" -sha="39d424c4411e45f1570073d7a71b1830b96007ca" +sha="f20736d6aae36bcbfa9aba0d358c71601833bf27" opensslHome="${HOME}/openssl/android/openssl-${version}" DownloadURL "$cachedUrl" "$officialUrl" "$sha" "$targetFile" mkdir -p "${HOME}/openssl/android/" @@ -100,8 +103,7 @@ function InstallPrebuiltOpenssl() { DownloadURL "$prebuiltUrl" "$prebuiltUrl" "$nkdSha" "$targetFile" tar -xzf "$targetFile" -C "${HOME}" - mv "${HOME}/openssl" "${HOME}/openssl_android_ndk_${ndkVersion}" - opensslHome="${HOME}/openssl_android_ndk_${ndkVersion}/android/openssl-${version}" + opensslHome="${HOME}/openssl_${version}_android_ndk_${ndkVersion}/android/openssl-${version}" sudo rm -f $targetFile fi } diff --git a/coin/provisioning/common/windows/android-openssl.ps1 b/coin/provisioning/common/windows/android-openssl.ps1 index baef0635..ecfa4e7c 100644 --- a/coin/provisioning/common/windows/android-openssl.ps1 +++ b/coin/provisioning/common/windows/android-openssl.ps1 @@ -51,12 +51,12 @@ if (Is64BitWinHost) { # Msys need to be installed to target machine # More info and building instructions can be found from http://doc.qt.io/qt-5/opensslsupport.html -$openssl_version = "1.1.1m" +$openssl_version = "3.0.7" $ndk_version_latest = "r25b" $ndk_version_default = "$ndk_version_latest" -$openssl_compressed = Get-DownloadLocation ("openssl-${openssl_version}_fixes-ndk_root.tar.gz") -$openssl_sha1 = "c9638d25b9709eda1ac52591c0993af52d6d1206" -$prebuilt_sha1_ndk_latest = "2897c84dccdb26e15b467e4a63de025fe7038899" +$openssl_compressed = Get-DownloadLocation ("openssl-${openssl_version}.tar.gz") +$openssl_sha1 = "f20736d6aae36bcbfa9aba0d358c71601833bf27" +$prebuilt_sha1_ndk_latest = "d4348812054a88b5b672a8ceae62bf30c564869b" $prebuilt_sha1_ndk_default = "$prebuilt_sha1_ndk_latest" $destination = "C:\Utils\openssl-android-master" @@ -81,16 +81,16 @@ function Install($1, $2) { } else { Write-Host "Build OpenSSL for Android from sources" # openssl-${openssl_version}_fixes-ndk_root.tar.gz package includes fixes from https://github.com/openssl/openssl/pull/17322 and string ANDROID_NDK_HOME is replaced with ANDROID_NDK_ROOT in Configurations/15-android.conf - Download \\ci-files01-hki.intra.qt.io\provisioning\openssl\openssl-${openssl_version}_fixes-ndk_root.tar.gz \\ci-files01-hki.intra.qt.io\provisioning\openssl\openssl-${openssl_version}_fixes-ndk_root.tar.gz $openssl_compressed + Download \\ci-files01-hki.intra.qt.io\provisioning\openssl\openssl-${openssl_version}.tar.gz \\ci-files01-hki.intra.qt.io\provisioning\openssl\openssl-${openssl_version}.tar.gz $openssl_compressed Verify-Checksum $openssl_compressed $openssl_sha1 Extract-7Zip $openssl_compressed C:\Utils\tmp - Extract-7Zip C:\Utils\tmp\openssl-${openssl_version}_fixes-ndk_root.tar C:\Utils\tmp - Move-Item C:\Utils\tmp\openssl-${openssl_version} $destination + Extract-7Zip C:\Utils\tmp\openssl-${openssl_version}.tar C:\Utils\tmp + Move-Item C:\Utils\tmp\openssl-${openssl_version} ${destination}-${ndk_version} Remove "$openssl_compressed" Write-Host "Configuring OpenSSL $openssl_version for Android..." - Push-Location $destination + Push-Location ${destination}-${ndk_version} # $ must be escaped in powershell... function CheckExitCode { @@ -105,6 +105,12 @@ function Install($1, $2) { } } + # ANDROID_NDK_ROOT needs to be in environment variables before running this script + # Set-EnvironmentVariable "ANDROID_NDK_ROOT" "C:\Utils\Android\android-ndk-r25b" + + $make_install = Start-Process -NoNewWindow -Wait -PassThru -ErrorAction Stop -FilePath "$msys_bash" -ArgumentList ("-lc", "`"yes | pacman -S make`"") + CheckExitCode $make_install + $configure = Start-Process -NoNewWindow -Wait -PassThru -ErrorAction Stop -FilePath "$msys_bash" -ArgumentList ("-lc", "`"pushd $openssl_path; ANDROID_NDK_ROOT=$ndk_path PATH=${cc_path}:`$PATH CC=clang $openssl_path/Configure shared android-arm`"") CheckExitCode $configure @@ -115,7 +121,6 @@ function Install($1, $2) { Remove-item C:\Utils\tmp -Recurse -Confirm:$false } - Move-Item $destination "${destination}-${ndk_version}" } # Install NDK Default version diff --git a/coin/provisioning/common/windows/openssl-arm64.ps1 b/coin/provisioning/common/windows/openssl-arm64.ps1 index 3af34428..1fd3a839 100644 --- a/coin/provisioning/common/windows/openssl-arm64.ps1 +++ b/coin/provisioning/common/windows/openssl-arm64.ps1 @@ -46,7 +46,10 @@ # From Visual studio 'C++ Universal Windows Platform support for v142 build tools (ARM64)' and 'Windows Universal C Runtime' were installed # cd C:\Program Files (x86)\Microsoft Visual Studio\2019\Professional\VC\Auxiliary\Build # call vcvarsamd64_arm64 -# +# curl -o C:\Utils\openssl-3.0.7.zip http://ci-files01-hki.intra.qt.io/input/openssl/openssl-3.0.7.zip +# cd C:\Utils +# C:\Utils\sevenzip\7z.exe x C:\Utils\openssl-3.0.7.zip +# cd C:\Utils\openssl-3.0.7 # perl Configure no-asm VC-WIN64-ARM --debug --prefix=C:\openssl_arm64\ --openssldir=C:\openssl_arm64\ # nmake # nmake install @@ -56,9 +59,9 @@ # nmake install ################################################################################################################################################# -$version = "1_1_1_m" +$version = "3_0_7" $url = "\\ci-files01-hki.intra.qt.io\provisioning\openssl\openssl-$version-arm64.zip" -$sha1 = "52963bba9b542eb885f19641f5cd78870246ea02" +$sha1 = "19be15069d981b4a96f5715f039df7aaa7456d52" $installFolder = "C:\openssl_arm64" $zip_package = "C:\Windows\Temp\$version.zip" diff --git a/coin/provisioning/common/windows/openssl.ps1 b/coin/provisioning/common/windows/openssl.ps1 index 526c59f5..fa763228 100644 --- a/coin/provisioning/common/windows/openssl.ps1 +++ b/coin/provisioning/common/windows/openssl.ps1 @@ -42,7 +42,7 @@ # This script installs OpenSSL $version. # Both x86 and x64 versions needed when x86 integrations are done on x64 machine -$version = "1_1_1m" +$version = "3_0_7" $packagex64 = "C:\Windows\Temp\Win64OpenSSL-$version.exe" $packagex86 = "C:\Windows\Temp\Win32OpenSSL-$version.exe" @@ -53,7 +53,7 @@ if (Is64BitWinHost) { $installFolder = "C:\openssl" $externalUrl = "https://slproweb.com/download/Win64OpenSSL-$version.exe" $internalUrl = "\\ci-files01-hki.intra.qt.io\provisioning\openssl\Win64OpenSSL-$version.exe" - $sha1 = "16d83bd6d36be7b3ea85f822135352fa8f8d8134" + $sha1 = "2fb73f233bc565939312782b8157bebc26a5e17b" Write-Host "Fetching from URL ..." Download $externalUrl $internalUrl $packagex64 @@ -67,6 +67,7 @@ if (Is64BitWinHost) { Set-EnvironmentVariable "OPENSSL_CONF_x64" "$installFolder\bin\openssl.cfg" Set-EnvironmentVariable "OPENSSL_INCLUDE_x64" "$installFolder\include" Set-EnvironmentVariable "OPENSSL_LIB_x64" "$installFolder\lib" + Prepend-Path "$installFolder\bin" } # Install x86 bit version @@ -80,7 +81,7 @@ if (Is64BitWinHost) { $externalUrl = "https://slproweb.com/download/Win32OpenSSL-$version.exe" $internalUrl = "\\ci-files01-hki.intra.qt.io\provisioning\openssl\Win32OpenSSL-$version.exe" -$sha1 = "1d7146e56b201404ce67f1e636eab360211c175a" +$sha1 = "ddead693fa279ad6b1baf123b3af51a9ef289dc1" Write-Host "Fetching from URL ..." Download $externalUrl $internalUrl $packagex86 diff --git a/coin/provisioning/qtci-linux-RHEL-8.4-x86_64/04-install-packages.sh b/coin/provisioning/qtci-linux-RHEL-8.4-x86_64/04-install-packages.sh index a442f5aa..2ee68666 100755 --- a/coin/provisioning/qtci-linux-RHEL-8.4-x86_64/04-install-packages.sh +++ b/coin/provisioning/qtci-linux-RHEL-8.4-x86_64/04-install-packages.sh @@ -2,7 +2,7 @@ ############################################################################# ## -## Copyright (C) 2021 The Qt Company Ltd. +## Copyright (C) 2022 The Qt Company Ltd. ## Contact: https://www.qt.io/licensing/ ## ## This file is part of the provisioning scripts of the Qt Toolkit. @@ -48,7 +48,7 @@ installPackages=() installPackages+=(git) installPackages+=(zlib-devel) installPackages+=(glib2-devel) -installPackages+=(openssl-devel) +installPackages+=(openssl3-devel) installPackages+=(freetype-devel) installPackages+=(fontconfig-devel) installPackages+=(curl-devel) @@ -183,6 +183,5 @@ python3.8 -m pip wheel --wheel-dir "$HOME/python3-wheels" -r "${BASH_SOURCE%/*}/ source "${BASH_SOURCE%/*}/../common/unix/SetEnvVar.sh" SetEnvVar "PYTHON3_WHEEL_CACHE" "$HOME/python3-wheels" -OpenSSLVersion="$(openssl version |cut -b 9-14)" +OpenSSLVersion="$(openssl3 version |cut -b 9-14)" echo "OpenSSL = $OpenSSLVersion" >> ~/versions.txt - diff --git a/coin/provisioning/qtci-linux-SLES-15_SP4-x86_64/02-zypperpackages.sh b/coin/provisioning/qtci-linux-SLES-15_SP4-x86_64/02-zypperpackages.sh index 01c5bf36..c04598a4 100755 --- a/coin/provisioning/qtci-linux-SLES-15_SP4-x86_64/02-zypperpackages.sh +++ b/coin/provisioning/qtci-linux-SLES-15_SP4-x86_64/02-zypperpackages.sh @@ -2,7 +2,7 @@ ############################################################################# ## -## Copyright (C) 2020 The Qt Company Ltd. +## Copyright (C) 2022 The Qt Company Ltd. ## Contact: https://www.qt.io/licensing/ ## ## This file is part of the provisioning scripts of the Qt Toolkit. @@ -58,7 +58,6 @@ sudo zypper -nq install bison flex gperf \ zlib-devel \ libudev-devel \ glib2-devel \ - libopenssl-devel \ freetype2-devel \ fontconfig-devel \ sqlite3-devel \ @@ -126,8 +125,8 @@ sudo zypper -nq install autoconf libcurl-devel libexpat-devel # Nodejs - required by QtWebengine sudo zypper -nq install nodejs16 +# OpenSSL 3 +sudo zypper -nq install openssl-3 + gccVersion="$(gcc --version |grep gcc |cut -b 17-23)" echo "GCC = $gccVersion" >> versions.txt - -OpenSSLVersion="$(openssl version |cut -b 9-14)" -echo "OpenSSL = $OpenSSLVersion" >> ~/versions.txt diff --git a/coin/provisioning/qtci-linux-SLES-15_SP4-x86_64/08-pythondev.sh b/coin/provisioning/qtci-linux-SLES-15_SP4-x86_64/08-pythondev.sh index f8530fc8..cdb7331a 100755 --- a/coin/provisioning/qtci-linux-SLES-15_SP4-x86_64/08-pythondev.sh +++ b/coin/provisioning/qtci-linux-SLES-15_SP4-x86_64/08-pythondev.sh @@ -64,7 +64,7 @@ function InstallPython { PACKAGE_VERSION=$1 PACKAGE_SHA=$2 - $CMD_PKG_INSTALL ncurses zlib-devel libffi-devel libopenssl-devel + $CMD_PKG_INSTALL ncurses zlib-devel libffi-devel echo 'Configuration and Installation started' diff --git a/coin/provisioning/qtci-linux-SLES-15_SP4-x86_64/09-openssl.sh b/coin/provisioning/qtci-linux-SLES-15_SP4-x86_64/09-openssl.sh new file mode 100755 index 00000000..e1131e39 --- /dev/null +++ b/coin/provisioning/qtci-linux-SLES-15_SP4-x86_64/09-openssl.sh @@ -0,0 +1,5 @@ +#!/usr/bin/env bash + +set -ex + +"$(dirname "$0")/../common/unix/install-openssl.sh" "linux" diff --git a/coin/provisioning/qtci-linux-openSUSE-15.4-x86_64/04-zypperpackages.sh b/coin/provisioning/qtci-linux-openSUSE-15.4-x86_64/04-zypperpackages.sh index 070c026b..1422ac66 100755 --- a/coin/provisioning/qtci-linux-openSUSE-15.4-x86_64/04-zypperpackages.sh +++ b/coin/provisioning/qtci-linux-openSUSE-15.4-x86_64/04-zypperpackages.sh @@ -44,7 +44,7 @@ sudo zypper -nq install bison flex gperf \ zlib-devel \ systemd-devel \ glib2-devel \ - libopenssl-devel \ + libopenssl-3-devel \ freetype2-devel \ fontconfig-devel \ sqlite3-devel \ @@ -90,8 +90,11 @@ sudo zypper -nq install make # Tools to build Git sudo zypper -nq install autoconf libcurl-devel libexpat-devel +# OpenSSL 3 +sudo zypper -nq install openssl-3 + gccVersion="$(gcc --version |grep gcc |cut -b 17-23)" echo "GCC = $gccVersion" >> versions.txt -OpenSSLVersion="$(openssl version |cut -b 9-14)" +OpenSSLVersion="$(openssl-3 version |cut -b 9-14)" echo "OpenSSL = $OpenSSLVersion" >> ~/versions.txt diff --git a/coin/provisioning/qtci-linux-openSUSE-15.4-x86_64/09-openssl.sh b/coin/provisioning/qtci-linux-openSUSE-15.4-x86_64/09-openssl.sh new file mode 100755 index 00000000..e1131e39 --- /dev/null +++ b/coin/provisioning/qtci-linux-openSUSE-15.4-x86_64/09-openssl.sh @@ -0,0 +1,5 @@ +#!/usr/bin/env bash + +set -ex + +"$(dirname "$0")/../common/unix/install-openssl.sh" "linux" |