Start using OpenSSL 3.0.7 in CI

Task-number: QTQAINFRA-4889 Change-Id: I3e335395762710d520ca93a5996d1b21d202ed4e Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org> Reviewed-by: Vladimir Minenko <vladimir.minenko@qt.io> Reviewed-by: Simo Fält <simo.falt@qt.io> (cherry picked from commit 68a7947e421bb71a6c85cb1aded94ee1ea38d235)
author: Heikki Halmet <heikki.halmet@qt.io> 2022-05-09 13:20:46 +0300
committer: Heikki Halmet <heikki.halmet@qt.io> 2023-01-16 18:57:36 +0000
commit: 252c7ae303d31ef241d265f5400fcc1947f4e70d (patch)
tree: c7c828a2b46cbf17859f2bbc15afe1f7feb57f7f
parent: 9d9cbae102dd451405ce01087a8454dbcee4c3f7 (diff)
13 files changed, 65 insertions, 41 deletions
diff --git a/coin/platform_configs/address_sanitizer_platforms.yaml b/coin/platform_configs/address_sanitizer_platforms.yaml
index 4ba7019a..ca10223d 100644
--- a/coin/platform_configs/address_sanitizer_platforms.yaml
+++ b/coin/platform_configs/address_sanitizer_platforms.yaml
@@ -8,5 +8,6 @@ Configurations:
     Configure arguments: '-nomake examples -developer-build'
     Environment variables: [
         'PATH={{.Env.CMAKE_MIN_SUPPORTED_BIN_PATH}}:{{.Env.PATH}}',
-        'CONAN_PROFILE=coin/conan/profiles/ci-linux-x86_64-gcc-debug-developer'
+        'CONAN_PROFILE=coin/conan/profiles/ci-linux-x86_64-gcc-debug-developer',
+        'CMAKE_ARGS=-DOPENSSL_ROOT_DIR={{.Env.OPENSSL_HOME}}'
     ]
diff --git a/coin/platform_configs/cmake_platforms.yaml b/coin/platform_configs/cmake_platforms.yaml
index 2db8b0a4..2e5ce506 100644
--- a/coin/platform_configs/cmake_platforms.yaml
+++ b/coin/platform_configs/cmake_platforms.yaml
@@ -32,7 +32,8 @@ Configurations:
     Configure arguments: '-nomake examples -developer-build'
     Environment variables: [
         'PATH={{.Env.CMAKE_MIN_SUPPORTED_BIN_PATH}}:{{.Env.PATH}}',
-        'CONAN_PROFILE=coin/conan/profiles/ci-linux-x86_64-gcc-debug-developer'
+        'CONAN_PROFILE=coin/conan/profiles/ci-linux-x86_64-gcc-debug-developer',
+        'CMAKE_ARGS=-DOPENSSL_ROOT_DIR={{.Env.OPENSSL_HOME}}'
     ]
 -
     Id: 'sles-15_sp4-static'
diff --git a/coin/provisioning/common/unix/install-openssl.sh b/coin/provisioning/common/unix/install-openssl.sh
index d091956a..f9058a71 100755
--- a/coin/provisioning/common/unix/install-openssl.sh
+++ b/coin/provisioning/common/unix/install-openssl.sh
@@ -48,11 +48,11 @@ SCRIPT_DIR="$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
 source "${BASH_SOURCE%/*}/../unix/DownloadURL.sh"
 # shellcheck source=../unix/SetEnvVar.sh
 source "${BASH_SOURCE%/*}/../unix/SetEnvVar.sh"
-version="1.1.1m"
+version="3.0.7"
 officialUrl="https://www.openssl.org/source/openssl-$version.tar.gz"
 cachedUrl="http://ci-files01-hki.intra.qt.io/input/openssl/openssl-$version.tar.gz"
 targetFile="/tmp/openssl-$version.tar.gz"
-sha="39d424c4411e45f1570073d7a71b1830b96007ca"
+sha="f20736d6aae36bcbfa9aba0d358c71601833bf27"
 opensslHome="${HOME}/openssl-${version}"
 opensslSource="${opensslHome}-src"
 DownloadURL "$cachedUrl" "$officialUrl" "$sha" "$targetFile"
@@ -62,13 +62,13 @@ cd "$opensslSource"
 pwd
 
 if [[ "$os" == "linux" ]]; then
-    ./Configure --prefix="$opensslHome" shared no-ssl3-method enable-ec_nistp_64_gcc_128 linux-x86_64 "-Wa,--noexecstack"
+    ./Configure --prefix="$opensslHome" shared enable-ec_nistp_64_gcc_128 linux-x86_64 "-Wa,--noexecstack"
     make && make install_sw install_ssldirs
     SetEnvVar "OPENSSL_HOME" "$opensslHome"
     if uname -a |grep -q "Ubuntu"; then
-        echo "export LD_LIBRARY_PATH=$opensslHome/lib:$LD_LIBRARY_PATH" >> ~/.bash_profile
+        echo "export LD_LIBRARY_PATH=$opensslHome/lib64:$LD_LIBRARY_PATH" >> ~/.bash_profile
     else
-        echo "export LD_LIBRARY_PATH=$opensslHome/lib:$LD_LIBRARY_PATH" >> ~/.bashrc
+        echo "export LD_LIBRARY_PATH=$opensslHome/lib64:$LD_LIBRARY_PATH" >> ~/.bashrc
     fi
 
 elif [ "$os" == "macos" -o "$os" == "macos-universal" ]; then
diff --git a/coin/provisioning/common/unix/openssl_for_android.sh b/coin/provisioning/common/unix/openssl_for_android.sh
index 791760c6..a3a3e83a 100755
--- a/coin/provisioning/common/unix/openssl_for_android.sh
+++ b/coin/provisioning/common/unix/openssl_for_android.sh
@@ -48,16 +48,16 @@ source "${BASH_SOURCE%/*}/../unix/DownloadURL.sh"
 # shellcheck source=../unix/SetEnvVar.sh
 source "${BASH_SOURCE%/*}/../unix/SetEnvVar.sh"
 
-version="1.1.1m"
+version="3.0.7"
 ndkVersionLatest="r25b"
 ndkVersionDefault=$ndkVersionLatest
-prebuiltOpensslNdkShaDarwinLatest="1f4f994255c39839c8857d2ed1ff58a2101de714"
-prebuiltOpensslNdkShaLinuxLatest="15f7014781186a23f4973a719b55b766b1e69116"
+prebuiltOpensslNdkShaDarwinLatest="5cf5ef6c19e62954ccffcd1e31ac1f331028de0d"
+prebuiltOpensslNdkShaLinuxLatest="f5e7e840dc1fac2868033ecfc0eeb79742b0daff"
 prebuiltOpensslNdkShaDarwinDefault=$prebuiltOpensslNdkShaDarwinLatest
 prebuiltOpensslNdkShaLinuxDefault=$prebuiltOpensslNdkShaLinuxLatest
 
 : ' SOURCE BUILD INSTRUCTIONS - Openssl prebuilt was made using Android NDK 25
-# Source built requires GCC and Perl to be in PATH.
+# Source built requires GCC and Perl to be in PATH. Rhel "requires yum install perl-IPC-Cmd"
 exports_file="/tmp/export.sh"
 # source previously made environmental variables.
 if uname -a |grep -q "Ubuntu"; then
@@ -70,10 +70,13 @@ else
     rm -rf "$exports_file"
 fi
 
+# ANDROID_NDK_ROOT is required during Configure
+export ANDROID_NDK_ROOT=/opt/android/android-ndk-r25b
+
 officialUrl="https://www.openssl.org/source/openssl-$version.tar.gz"
 cachedUrl="http://ci-files01-hki.intra.qt.io/input/openssl/openssl-$version.tar.gz"
 targetFile="/tmp/openssl-$version.tar.gz"
-sha="39d424c4411e45f1570073d7a71b1830b96007ca"
+sha="f20736d6aae36bcbfa9aba0d358c71601833bf27"
 opensslHome="${HOME}/openssl/android/openssl-${version}"
 DownloadURL "$cachedUrl" "$officialUrl" "$sha" "$targetFile"
 mkdir -p "${HOME}/openssl/android/"
@@ -100,8 +103,7 @@ function InstallPrebuiltOpenssl() {
 
         DownloadURL "$prebuiltUrl" "$prebuiltUrl" "$nkdSha" "$targetFile"
         tar -xzf "$targetFile" -C "${HOME}"
-        mv "${HOME}/openssl" "${HOME}/openssl_android_ndk_${ndkVersion}"
-        opensslHome="${HOME}/openssl_android_ndk_${ndkVersion}/android/openssl-${version}"
+        opensslHome="${HOME}/openssl_${version}_android_ndk_${ndkVersion}/android/openssl-${version}"
         sudo rm -f $targetFile
     fi
 }
diff --git a/coin/provisioning/common/windows/android-openssl.ps1 b/coin/provisioning/common/windows/android-openssl.ps1
index baef0635..ecfa4e7c 100644
--- a/coin/provisioning/common/windows/android-openssl.ps1
+++ b/coin/provisioning/common/windows/android-openssl.ps1
@@ -51,12 +51,12 @@ if (Is64BitWinHost) {
 # Msys need to be installed to target machine
 # More info and building instructions can be found from http://doc.qt.io/qt-5/opensslsupport.html
 
-$openssl_version = "1.1.1m"
+$openssl_version = "3.0.7"
 $ndk_version_latest = "r25b"
 $ndk_version_default = "$ndk_version_latest"
-$openssl_compressed = Get-DownloadLocation ("openssl-${openssl_version}_fixes-ndk_root.tar.gz")
-$openssl_sha1 = "c9638d25b9709eda1ac52591c0993af52d6d1206"
-$prebuilt_sha1_ndk_latest = "2897c84dccdb26e15b467e4a63de025fe7038899"
+$openssl_compressed = Get-DownloadLocation ("openssl-${openssl_version}.tar.gz")
+$openssl_sha1 = "f20736d6aae36bcbfa9aba0d358c71601833bf27"
+$prebuilt_sha1_ndk_latest = "d4348812054a88b5b672a8ceae62bf30c564869b"
 $prebuilt_sha1_ndk_default = "$prebuilt_sha1_ndk_latest"
 $destination = "C:\Utils\openssl-android-master"
 
@@ -81,16 +81,16 @@ function Install($1, $2) {
     } else {
         Write-Host "Build OpenSSL for Android from sources"
         # openssl-${openssl_version}_fixes-ndk_root.tar.gz package includes fixes from https://github.com/openssl/openssl/pull/17322 and string ANDROID_NDK_HOME is replaced with ANDROID_NDK_ROOT in Configurations/15-android.conf
-        Download \\ci-files01-hki.intra.qt.io\provisioning\openssl\openssl-${openssl_version}_fixes-ndk_root.tar.gz \\ci-files01-hki.intra.qt.io\provisioning\openssl\openssl-${openssl_version}_fixes-ndk_root.tar.gz $openssl_compressed
+        Download \\ci-files01-hki.intra.qt.io\provisioning\openssl\openssl-${openssl_version}.tar.gz \\ci-files01-hki.intra.qt.io\provisioning\openssl\openssl-${openssl_version}.tar.gz $openssl_compressed
         Verify-Checksum $openssl_compressed $openssl_sha1
 
         Extract-7Zip $openssl_compressed C:\Utils\tmp
-        Extract-7Zip C:\Utils\tmp\openssl-${openssl_version}_fixes-ndk_root.tar C:\Utils\tmp
-        Move-Item C:\Utils\tmp\openssl-${openssl_version} $destination
+        Extract-7Zip C:\Utils\tmp\openssl-${openssl_version}.tar C:\Utils\tmp
+        Move-Item C:\Utils\tmp\openssl-${openssl_version} ${destination}-${ndk_version}
         Remove "$openssl_compressed"
 
         Write-Host "Configuring OpenSSL $openssl_version for Android..."
-        Push-Location $destination
+        Push-Location ${destination}-${ndk_version}
         # $ must be escaped in powershell...
 
         function CheckExitCode {
@@ -105,6 +105,12 @@ function Install($1, $2) {
             }
         }
 
+        # ANDROID_NDK_ROOT needs to be in environment variables before running this script
+        # Set-EnvironmentVariable "ANDROID_NDK_ROOT" "C:\Utils\Android\android-ndk-r25b"
+
+        $make_install = Start-Process -NoNewWindow -Wait -PassThru -ErrorAction Stop -FilePath "$msys_bash" -ArgumentList ("-lc", "`"yes | pacman -S make`"")
+        CheckExitCode $make_install
+
         $configure = Start-Process -NoNewWindow -Wait -PassThru -ErrorAction Stop -FilePath "$msys_bash" -ArgumentList ("-lc", "`"pushd $openssl_path; ANDROID_NDK_ROOT=$ndk_path PATH=${cc_path}:`$PATH CC=clang $openssl_path/Configure shared android-arm`"")
         CheckExitCode $configure
 
@@ -115,7 +121,6 @@ function Install($1, $2) {
         Remove-item C:\Utils\tmp -Recurse -Confirm:$false
     }
 
-    Move-Item $destination "${destination}-${ndk_version}"
 }
 
 # Install NDK Default version
diff --git a/coin/provisioning/common/windows/openssl-arm64.ps1 b/coin/provisioning/common/windows/openssl-arm64.ps1
index 3af34428..1fd3a839 100644
--- a/coin/provisioning/common/windows/openssl-arm64.ps1
+++ b/coin/provisioning/common/windows/openssl-arm64.ps1
@@ -46,7 +46,10 @@
 # From Visual studio 'C++ Universal Windows Platform support for v142 build tools (ARM64)' and 'Windows Universal C Runtime' were installed
 # cd C:\Program Files (x86)\Microsoft Visual Studio\2019\Professional\VC\Auxiliary\Build
 # call vcvarsamd64_arm64
-#
+# curl -o C:\Utils\openssl-3.0.7.zip http://ci-files01-hki.intra.qt.io/input/openssl/openssl-3.0.7.zip
+# cd C:\Utils
+# C:\Utils\sevenzip\7z.exe x C:\Utils\openssl-3.0.7.zip
+# cd C:\Utils\openssl-3.0.7
 # perl Configure no-asm VC-WIN64-ARM --debug --prefix=C:\openssl_arm64\ --openssldir=C:\openssl_arm64\
 # nmake
 # nmake install
@@ -56,9 +59,9 @@
 # nmake install
 #################################################################################################################################################
 
-$version = "1_1_1_m"
+$version = "3_0_7"
 $url = "\\ci-files01-hki.intra.qt.io\provisioning\openssl\openssl-$version-arm64.zip"
-$sha1 = "52963bba9b542eb885f19641f5cd78870246ea02"
+$sha1 = "19be15069d981b4a96f5715f039df7aaa7456d52"
 $installFolder = "C:\openssl_arm64"
 $zip_package = "C:\Windows\Temp\$version.zip"
 
diff --git a/coin/provisioning/common/windows/openssl.ps1 b/coin/provisioning/common/windows/openssl.ps1
index 526c59f5..fa763228 100644
--- a/coin/provisioning/common/windows/openssl.ps1
+++ b/coin/provisioning/common/windows/openssl.ps1
@@ -42,7 +42,7 @@
 # This script installs OpenSSL $version.
 # Both x86 and x64 versions needed when x86 integrations are done on x64 machine
 
-$version = "1_1_1m"
+$version = "3_0_7"
 $packagex64 = "C:\Windows\Temp\Win64OpenSSL-$version.exe"
 $packagex86 = "C:\Windows\Temp\Win32OpenSSL-$version.exe"
 
@@ -53,7 +53,7 @@ if (Is64BitWinHost) {
     $installFolder = "C:\openssl"
     $externalUrl = "https://slproweb.com/download/Win64OpenSSL-$version.exe"
     $internalUrl = "\\ci-files01-hki.intra.qt.io\provisioning\openssl\Win64OpenSSL-$version.exe"
-    $sha1 = "16d83bd6d36be7b3ea85f822135352fa8f8d8134"
+    $sha1 = "2fb73f233bc565939312782b8157bebc26a5e17b"
 
     Write-Host "Fetching from URL ..."
     Download $externalUrl $internalUrl $packagex64
@@ -67,6 +67,7 @@ if (Is64BitWinHost) {
     Set-EnvironmentVariable "OPENSSL_CONF_x64" "$installFolder\bin\openssl.cfg"
     Set-EnvironmentVariable "OPENSSL_INCLUDE_x64" "$installFolder\include"
     Set-EnvironmentVariable "OPENSSL_LIB_x64" "$installFolder\lib"
+    Prepend-Path "$installFolder\bin"
 }
 
 # Install x86 bit version
@@ -80,7 +81,7 @@ if (Is64BitWinHost) {
 
 $externalUrl = "https://slproweb.com/download/Win32OpenSSL-$version.exe"
 $internalUrl = "\\ci-files01-hki.intra.qt.io\provisioning\openssl\Win32OpenSSL-$version.exe"
-$sha1 = "1d7146e56b201404ce67f1e636eab360211c175a"
+$sha1 = "ddead693fa279ad6b1baf123b3af51a9ef289dc1"
 
 Write-Host "Fetching from URL ..."
 Download $externalUrl $internalUrl $packagex86
diff --git a/coin/provisioning/qtci-linux-RHEL-8.4-x86_64/04-install-packages.sh b/coin/provisioning/qtci-linux-RHEL-8.4-x86_64/04-install-packages.sh
index a442f5aa..2ee68666 100755
--- a/coin/provisioning/qtci-linux-RHEL-8.4-x86_64/04-install-packages.sh
+++ b/coin/provisioning/qtci-linux-RHEL-8.4-x86_64/04-install-packages.sh
@@ -2,7 +2,7 @@
 
 #############################################################################
 ##
-## Copyright (C) 2021 The Qt Company Ltd.
+## Copyright (C) 2022 The Qt Company Ltd.
 ## Contact: https://www.qt.io/licensing/
 ##
 ## This file is part of the provisioning scripts of the Qt Toolkit.
@@ -48,7 +48,7 @@ installPackages=()
 installPackages+=(git)
 installPackages+=(zlib-devel)
 installPackages+=(glib2-devel)
-installPackages+=(openssl-devel)
+installPackages+=(openssl3-devel)
 installPackages+=(freetype-devel)
 installPackages+=(fontconfig-devel)
 installPackages+=(curl-devel)
@@ -183,6 +183,5 @@ python3.8 -m pip wheel --wheel-dir "$HOME/python3-wheels" -r "${BASH_SOURCE%/*}/
 source "${BASH_SOURCE%/*}/../common/unix/SetEnvVar.sh"
 SetEnvVar "PYTHON3_WHEEL_CACHE" "$HOME/python3-wheels"
 
-OpenSSLVersion="$(openssl version |cut -b 9-14)"
+OpenSSLVersion="$(openssl3 version |cut -b 9-14)"
 echo "OpenSSL = $OpenSSLVersion" >> ~/versions.txt
-
diff --git a/coin/provisioning/qtci-linux-SLES-15_SP4-x86_64/02-zypperpackages.sh b/coin/provisioning/qtci-linux-SLES-15_SP4-x86_64/02-zypperpackages.sh
index 01c5bf36..c04598a4 100755
--- a/coin/provisioning/qtci-linux-SLES-15_SP4-x86_64/02-zypperpackages.sh
+++ b/coin/provisioning/qtci-linux-SLES-15_SP4-x86_64/02-zypperpackages.sh
@@ -2,7 +2,7 @@
 
 #############################################################################
 ##
-## Copyright (C) 2020 The Qt Company Ltd.
+## Copyright (C) 2022 The Qt Company Ltd.
 ## Contact: https://www.qt.io/licensing/
 ##
 ## This file is part of the provisioning scripts of the Qt Toolkit.
@@ -58,7 +58,6 @@ sudo zypper -nq install bison flex gperf \
         zlib-devel \
         libudev-devel \
         glib2-devel \
-        libopenssl-devel \
         freetype2-devel \
         fontconfig-devel \
         sqlite3-devel \
@@ -126,8 +125,8 @@ sudo zypper -nq install autoconf libcurl-devel libexpat-devel
 # Nodejs - required by QtWebengine
 sudo zypper -nq install nodejs16
 
+# OpenSSL 3
+sudo zypper -nq install openssl-3
+
 gccVersion="$(gcc --version |grep gcc |cut -b 17-23)"
 echo "GCC = $gccVersion" >> versions.txt
-
-OpenSSLVersion="$(openssl version |cut -b 9-14)"
-echo "OpenSSL = $OpenSSLVersion" >> ~/versions.txt
diff --git a/coin/provisioning/qtci-linux-SLES-15_SP4-x86_64/08-pythondev.sh b/coin/provisioning/qtci-linux-SLES-15_SP4-x86_64/08-pythondev.sh
index f8530fc8..cdb7331a 100755
--- a/coin/provisioning/qtci-linux-SLES-15_SP4-x86_64/08-pythondev.sh
+++ b/coin/provisioning/qtci-linux-SLES-15_SP4-x86_64/08-pythondev.sh
@@ -64,7 +64,7 @@ function InstallPython {
     PACKAGE_VERSION=$1
     PACKAGE_SHA=$2
 
-    $CMD_PKG_INSTALL  ncurses zlib-devel libffi-devel libopenssl-devel
+    $CMD_PKG_INSTALL  ncurses zlib-devel libffi-devel
 
     echo 'Configuration and Installation started'
 
diff --git a/coin/provisioning/qtci-linux-SLES-15_SP4-x86_64/09-openssl.sh b/coin/provisioning/qtci-linux-SLES-15_SP4-x86_64/09-openssl.sh
new file mode 100755
index 00000000..e1131e39
--- /dev/null
+++ b/coin/provisioning/qtci-linux-SLES-15_SP4-x86_64/09-openssl.sh
@@ -0,0 +1,5 @@
+#!/usr/bin/env bash
+
+set -ex
+
+"$(dirname "$0")/../common/unix/install-openssl.sh" "linux"
diff --git a/coin/provisioning/qtci-linux-openSUSE-15.4-x86_64/04-zypperpackages.sh b/coin/provisioning/qtci-linux-openSUSE-15.4-x86_64/04-zypperpackages.sh
index 070c026b..1422ac66 100755
--- a/coin/provisioning/qtci-linux-openSUSE-15.4-x86_64/04-zypperpackages.sh
+++ b/coin/provisioning/qtci-linux-openSUSE-15.4-x86_64/04-zypperpackages.sh
@@ -44,7 +44,7 @@ sudo zypper -nq install bison flex gperf \
         zlib-devel \
         systemd-devel \
         glib2-devel \
-        libopenssl-devel \
+        libopenssl-3-devel \
         freetype2-devel \
         fontconfig-devel \
         sqlite3-devel \
@@ -90,8 +90,11 @@ sudo zypper -nq install make
 # Tools to build Git
 sudo zypper -nq install autoconf libcurl-devel libexpat-devel
 
+# OpenSSL 3
+sudo zypper -nq install openssl-3
+
 gccVersion="$(gcc --version |grep gcc |cut -b 17-23)"
 echo "GCC = $gccVersion" >> versions.txt
 
-OpenSSLVersion="$(openssl version |cut -b 9-14)"
+OpenSSLVersion="$(openssl-3 version |cut -b 9-14)"
 echo "OpenSSL = $OpenSSLVersion" >> ~/versions.txt
diff --git a/coin/provisioning/qtci-linux-openSUSE-15.4-x86_64/09-openssl.sh b/coin/provisioning/qtci-linux-openSUSE-15.4-x86_64/09-openssl.sh
new file mode 100755
index 00000000..e1131e39
--- /dev/null
+++ b/coin/provisioning/qtci-linux-openSUSE-15.4-x86_64/09-openssl.sh
@@ -0,0 +1,5 @@
+#!/usr/bin/env bash
+
+set -ex
+
+"$(dirname "$0")/../common/unix/install-openssl.sh" "linux"
author	Heikki Halmet <heikki.halmet@qt.io>	2022-05-09 13:20:46 +0300
committer	Heikki Halmet <heikki.halmet@qt.io>	2023-01-16 18:57:36 +0000
commit	252c7ae303d31ef241d265f5400fcc1947f4e70d (patch)
tree	c7c828a2b46cbf17859f2bbc15afe1f7feb57f7f
parent	9d9cbae102dd451405ce01087a8454dbcee4c3f7 (diff)