From 955b3df8bb5164015ab1abb43d77b3305b108bdf Mon Sep 17 00:00:00 2001 From: Anton Tieleman Date: Sun, 18 Sep 2016 23:19:23 +0200 Subject: [PATCH 1/2] Add branch option for building the latest version of a branch. Use github API to determine latest version and verify download archive availability afterwards. --- build-libssl.sh | 52 ++++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 47 insertions(+), 5 deletions(-) diff --git a/build-libssl.sh b/build-libssl.sh index c8cda01..c05ce63 100755 --- a/build-libssl.sh +++ b/build-libssl.sh @@ -36,6 +36,8 @@ echo_help() echo " --archs=\"ARCH ARCH ...\" Space-separated list of architectures to build" echo " Options: x86_64 i386 arm64 armv7s armv7 tv_x86_64 tv_arm64" echo " Note: The framework will contain include files from the architecture listed first" + echo " --branch=BRANCH Select OpenSSL branch to build. The script will determine and download the latest release for that branch" + echo " Note: This script does not yet work with OpenSSL 1.1.0" echo " --cleanup Clean up build directories (bin, include/openssl, lib, src) before starting build" echo " --ec-nistp-64-gcc-128 Enable config option enable-ec_nistp_64_gcc_128 for 64 bit builds" echo " -h, --help Print help (this message)" @@ -95,6 +97,7 @@ check_status() # Init optional command line vars ARCHS="" +BRANCH="" CLEANUP="" CONFIG_ENABLE_EC_NISTP_64_GCC_128="" IOS_SDKVERSION="" @@ -111,6 +114,10 @@ case $i in ARCHS="${i#*=}" shift ;; + --branch=*) + BRANCH="${i#*=}" + shift + ;; --cleanup) CLEANUP="true" ;; @@ -149,15 +156,50 @@ case $i in esac done -# Preprocess/validate OpenSSL version -if [ -n "${VERSION}" ]; then +# Don't mix version and branch +if [[ -n "${VERSION}" && -n "${BRANCH}" ]]; then + echo "Either select a branch (the script will determine and build the latest version) or select a specific version, but not both." + exit 1 + +# Specific version: Verify version number format. Expected: dot notation +elif [[ -n "${VERSION}" && ! "${VERSION}" =~ ^[0-9]+\.[0-9]+\.[0-9]+[a-z]*$ ]]; then + echo "Unknown version number format. Examples: 1.0.2, 1.0.2h" + exit 1 + +# Specific branch +elif [ -n "${BRANCH}" ]; then # Verify version number format. Expected: dot notation - if [[ ! "${VERSION}" =~ ^[0-9]+\.[0-9]+\.[0-9]+[a-z]*$ ]]; then - echo "Unknown version number format. Examples: 1.0.2, 1.0.2h" + if [[ ! "${BRANCH}" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then + echo "Unknown branch version number format. Examples: 1.0.2, 1.0.1" exit 1 + + # Valid version number, determine latest version + else + echo "Checking latest version of ${BRANCH} branch on GitHub..." + # Request all git tags for the openssl repostory, get all tags that match the current branch version (with an optional alphabetic suffix), remove everything except the version number, sort the list and get the last item + GITHUB_VERSION=$(curl -Ls https://api.github.com/repos/openssl/openssl/git/refs/tags | grep -Eo "\"ref\": \"refs/tags/OpenSSL_${BRANCH//./_}[a-z]*\"" | sed -E 's|^.*"refs/tags/OpenSSL_([^"]+)".*$|\1|g' | sort | tail -1) + + # Verify result + if [ -z "${GITHUB_VERSION}" ]; then + echo "Could not determine latest version, please check https://github.com/openssl/openssl/releases and use --version option" + exit 1 + fi + + VERSION="${GITHUB_VERSION//_/.}" + + # Check whether download exists + # -I = HEAD, -L follow Location header, -f fail silently for 4xx errors and return status 22, -s silent + curl ${CURL_OPTIONS} -ILfs "https://github.com/openssl/openssl/archive/OpenSSL_${GITHUB_VERSION}.tar.gz" > /dev/null + + # Check for success status + if [ $? -ne 0 ]; then + echo "Script determined latest version ${VERSION}, but the download archive does not seem to be available." + echo "Please check https://github.com/openssl/openssl/releases and use --version option" + exit 1 + fi fi -# Default OpenSSL version +# Script default else VERSION="${DEFAULTVERSION}" fi From 7c1e6c86d558c5430d605bc584f16e2d8a44b185 Mon Sep 17 00:00:00 2001 From: Anton Tieleman Date: Mon, 19 Sep 2016 19:59:20 +0200 Subject: [PATCH 2/2] Check for errors in archive download, fix --version, whitespace consistency --- build-libssl.sh | 55 ++++++++++++++++++++++++++++--------------------- 1 file changed, 32 insertions(+), 23 deletions(-) diff --git a/build-libssl.sh b/build-libssl.sh index c05ce63..7c3ffb8 100755 --- a/build-libssl.sh +++ b/build-libssl.sh @@ -172,7 +172,7 @@ elif [ -n "${BRANCH}" ]; then if [[ ! "${BRANCH}" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then echo "Unknown branch version number format. Examples: 1.0.2, 1.0.1" exit 1 - + # Valid version number, determine latest version else echo "Checking latest version of ${BRANCH} branch on GitHub..." @@ -184,13 +184,13 @@ elif [ -n "${BRANCH}" ]; then echo "Could not determine latest version, please check https://github.com/openssl/openssl/releases and use --version option" exit 1 fi - + VERSION="${GITHUB_VERSION//_/.}" - + # Check whether download exists # -I = HEAD, -L follow Location header, -f fail silently for 4xx errors and return status 22, -s silent curl ${CURL_OPTIONS} -ILfs "https://github.com/openssl/openssl/archive/OpenSSL_${GITHUB_VERSION}.tar.gz" > /dev/null - + # Check for success status if [ $? -ne 0 ]; then echo "Script determined latest version ${VERSION}, but the download archive does not seem to be available." @@ -200,7 +200,7 @@ elif [ -n "${BRANCH}" ]; then fi # Script default -else +elif [ -z "${VERSION}" ]; then VERSION="${DEFAULTVERSION}" fi @@ -268,34 +268,43 @@ fi echo " Script directory and build location: ${CURRENTPATH}" echo -# -e Abort script at first error, when a command exits with non-zero status (except in until or while loops, if-tests, list constructs) -# -o pipefail Causes a pipeline to return the exit status of the last command in the pipe that returned a non-zero return value -set -eo pipefail - # Download OpenSSL when not present OPENSSL_ARCHIVE_BASE_NAME=OpenSSL_${GITHUB_VERSION} OPENSSL_ARCHIVE_FILE_NAME=${OPENSSL_ARCHIVE_BASE_NAME}.tar.gz if [ ! -e ${OPENSSL_ARCHIVE_FILE_NAME} ]; then echo "Downloading ${OPENSSL_ARCHIVE_FILE_NAME}..." - curl ${CURL_OPTIONS} -L -O https://github.com/openssl/openssl/archive/${OPENSSL_ARCHIVE_FILE_NAME} + OPENSSL_ARCHIVE_URL="https://github.com/openssl/openssl/archive/${OPENSSL_ARCHIVE_FILE_NAME}" + # -L follow Location header, -f fail silently for 4xx errors and return status 22, -O Use server-specified filename for download + curl ${CURL_OPTIONS} -LfO "${OPENSSL_ARCHIVE_URL}" + + # Check for success status + if [ $? -ne 0 ]; then + echo "An error occured when trying to download OpenSSL ${VERSION} from ${OPENSSL_ARCHIVE_URL}." + echo "Please check cURL's error message and/or your network connection." + exit 1 + fi else echo "Using ${OPENSSL_ARCHIVE_FILE_NAME}" fi +# -e Abort script at first error, when a command exits with non-zero status (except in until or while loops, if-tests, list constructs) +# -o pipefail Causes a pipeline to return the exit status of the last command in the pipe that returned a non-zero return value +set -eo pipefail + # Clean up target directories if requested and present if [ "${CLEANUP}" == "true" ]; then - if [ -d "${CURRENTPATH}/bin" ]; then - rm -r "${CURRENTPATH}/bin" - fi - if [ -d "${CURRENTPATH}/include/openssl" ]; then - rm -r "${CURRENTPATH}/include/openssl" - fi - if [ -d "${CURRENTPATH}/lib" ]; then - rm -r "${CURRENTPATH}/lib" - fi - if [ -d "${CURRENTPATH}/src" ]; then - rm -r "${CURRENTPATH}/src" - fi + if [ -d "${CURRENTPATH}/bin" ]; then + rm -r "${CURRENTPATH}/bin" + fi + if [ -d "${CURRENTPATH}/include/openssl" ]; then + rm -r "${CURRENTPATH}/include/openssl" + fi + if [ -d "${CURRENTPATH}/lib" ]; then + rm -r "${CURRENTPATH}/lib" + fi + if [ -d "${CURRENTPATH}/src" ]; then + rm -r "${CURRENTPATH}/src" + fi fi # (Re-)create target directories @@ -395,7 +404,7 @@ do else (./Configure ${LOCAL_CONFIG_OPTIONS} > "${LOG}" 2>&1) & spinner fi - + # Check for error status check_status $? "Configure"