#!/bin/sh # Automatic build script for libssl and libcrypto # for iPhoneOS and iPhoneSimulator # # Created by Felix Schulze on 16.12.10. # Copyright 2010-2016 Felix Schulze. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # -u Attempt to use undefined variable outputs error message, and forces an exit set -u DEFAULTBRANCH="1.0.2" # Default branch in case no version or branch is specified IOS_MIN_SDK_VERSION="7.0" # Minimum iOS SDK version to build for TVOS_MIN_SDK_VERSION="9.0" # Minimum tvOS SDK version to build for # Init optional env variables CURL_OPTIONS="${CURL_OPTIONS:-}" CONFIG_OPTIONS="${CONFIG_OPTIONS:-}" echo_help() { echo "Usage: $0 [options...]" echo " --archs=\"ARCH ARCH ...\" Space-separated list of architectures to build" echo " Options: x86_64 i386 arm64 armv7s armv7 tv_x86_64 tv_arm64" echo " Note: The framework will contain include files from the architecture listed first" echo " --ec-nistp-64-gcc-128 Enable config option enable-ec_nistp_64_gcc_128 for 64 bit builds" echo " -h, --help Print help (this message)" echo " --ios-sdk=SDKVERSION Override iOS SDK version" echo " --noparallel Disable running make with parallel jobs (make -j)" echo " --tvos-sdk=SDKVERSION Override tvOS SDK version" echo " -v, --verbose Enable verbose logging" echo " --verbose-on-error Dump last 500 lines from log file if an error occurs (for Travis builds)" echo " --version=VERSION OpenSSL version to build (defaults to latest version in branch ${DEFAULTBRANCH}" echo echo "For custom configure options, set variable CONFIG_OPTIONS" echo "For custom cURL options, set variable CURL_OPTIONS" echo " Example: CURL_OPTIONS=\"--proxy 192.168.1.1:8080\" ./build-libssl.sh" } spinner() { local pid=$! local delay=0.75 local spinstr='|/-\' while [ "$(ps a | awk '{print $1}' | grep $pid)" ]; do local temp=${spinstr#?} printf " [%c]" "$spinstr" local spinstr=$temp${spinstr%"$temp"} sleep $delay printf "\b\b\b\b" done printf " \b\b" wait $pid return $? } # Check for error status check_status() { local STATUS=$1 local COMMAND=$2 echo "\n" if [ "${STATUS}" != 0 ]; then if [[ "${LOG_VERBOSE}" != "verbose"* ]]; then echo "Problem during ${COMMAND} - Please check ${LOG}" fi # Dump last 500 lines from log file for verbose-on-error if [ "${LOG_VERBOSE}" == "verbose-on-error" ]; then echo "Problem during ${COMMAND} - Dumping last 500 lines from log file" echo tail -n 500 "${LOG}" fi exit 1 fi } # Init optional command line vars ARCHS="" CONFIG_ENABLE_EC_NISTP_64_GCC_128="" IOS_SDKVERSION="" PARALLEL="" LOG_VERBOSE="" TVOS_SDKVERSION="" VERSION="" # Process command line arguments for i in "$@" do case $i in --archs=*) ARCHS="${i#*=}" shift ;; --ec-nistp-64-gcc-128) CONFIG_ENABLE_EC_NISTP_64_GCC_128="true" ;; -h|--help) echo_help exit ;; --ios-sdk=*) IOS_SDKVERSION="${i#*=}" shift ;; --noparallel) PARALLEL="false" shift ;; --tvos-sdk=*) TVOS_SDKVERSION="${i#*=}" shift ;; -v|--verbose) LOG_VERBOSE="verbose" ;; --verbose-on-error) LOG_VERBOSE="verbose-on-error" ;; --version=*) VERSION="${i#*=}" shift ;; *) echo "Unknown argument: ${i}" ;; esac done # Preprocess/validate OpenSSL version if [ -n "${VERSION}" ]; then # Verify version number format. Expected: dot notation if [[ ! "${VERSION}" =~ ^[0-9]+\.[0-9]+\.[0-9]+[a-z]*$ ]]; then echo "Unknown version number format. Examples: 1.0.2, 1.0.2h" exit 1 fi # Default OpenSSL version else # Default branch or user provided (in latter case verify number format) # For future use (when adding 1.1.0), so the user can select a default branch BRANCH="${DEFAULTBRANCH}" # Determine latest version of selected branch echo "Checking latest version of ${BRANCH} branch on GitHub..." GITHUB_VERSION=$(curl ${CURL_OPTIONS} -Ls https://github.com/openssl/openssl/releases.atom | grep "OpenSSL_${BRANCH//./_}" | head -1 | sed -E "s|^.*title>OpenSSL_(${BRANCH//./_}[a-z]*)</title.*$|\1|g") # Verify result if [ -z "${GITHUB_VERSION}" ]; then echo "Could not determine latest version, please check https://github.com/openssl/openssl/releases and use --version option" exit 1 fi VERSION="${GITHUB_VERSION//_/.}" fi # Set GITHUB_VERSION (version with underscores instead of dots) GITHUB_VERSION="${VERSION//./_}" # Determine SDK versions if [ ! -n "${IOS_SDKVERSION}" ]; then IOS_SDKVERSION=$(xcrun -sdk iphoneos --show-sdk-version) fi if [ ! -n "${TVOS_SDKVERSION}" ]; then TVOS_SDKVERSION=$(xcrun -sdk appletvos --show-sdk-version) fi # Set default for ARCHS if not specified if [ ! -n "${ARCHS}" ]; then ARCHS="x86_64 i386 arm64 armv7s armv7 tv_x86_64 tv_arm64" fi # Determine number of cores for (parallel) build BUILD_THREADS=1 if [ "${PARALLEL}" != "false" ]; then BUILD_THREADS=$(sysctl hw.ncpu | awk '{print $2}') fi # Write files relative to script location and validate directory CURRENTPATH=$(cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd) case "${CURRENTPATH}" in *\ * ) echo "Your path contains whitespaces, which is not supported by 'make install'." exit 1 ;; esac if [[ "${CURRENTPATH}" == "/" || "${CURRENTPATH}" == "/usr" || "${CURRENTPATH}" == "/usr/local" ]]; then echo "This script should not be executed from directory ${CURRENTPATH}" exit 1 fi cd "${CURRENTPATH}" # Validate Xcode Developer path DEVELOPER=$(xcode-select -print-path) if [ ! -d "${DEVELOPER}" ]; then echo "Xcode path is not set correctly ${DEVELOPER} does not exist" echo "run" echo "sudo xcode-select -switch <Xcode path>" echo "for default installation:" echo "sudo xcode-select -switch /Applications/Xcode.app/Contents/Developer" exit 1 fi case "${DEVELOPER}" in *\ * ) echo "Your Xcode path contains whitespaces, which is not supported." exit 1 ;; esac # Show build options echo echo "Build options" echo " OpenSSL version: ${VERSION}" echo " Architectures: ${ARCHS}" echo " iOS SDK: ${IOS_SDKVERSION}" echo " tvOS SDK: ${TVOS_SDKVERSION}" echo " Number of make threads: ${BUILD_THREADS}" if [ -n "${CONFIG_OPTIONS}" ]; then echo " Configure options: ${CONFIG_OPTIONS}" fi echo " Script directory and build location: ${CURRENTPATH}" echo # -e Abort script at first error, when a command exits with non-zero status (except in until or while loops, if-tests, list constructs) # -o pipefail Causes a pipeline to return the exit status of the last command in the pipe that returned a non-zero return value set -eo pipefail # Download OpenSSL when not present OPENSSL_ARCHIVE_BASE_NAME=OpenSSL_${GITHUB_VERSION} OPENSSL_ARCHIVE_FILE_NAME=${OPENSSL_ARCHIVE_BASE_NAME}.tar.gz if [ ! -e ${OPENSSL_ARCHIVE_FILE_NAME} ]; then echo "Downloading ${OPENSSL_ARCHIVE_FILE_NAME}..." curl ${CURL_OPTIONS} -L -O https://github.com/openssl/openssl/archive/${OPENSSL_ARCHIVE_FILE_NAME} else echo "Using ${OPENSSL_ARCHIVE_FILE_NAME}" fi # Clean up target directories if present if [ -d "${CURRENTPATH}/bin" ]; then rm -r "${CURRENTPATH}/bin" fi if [ -d "${CURRENTPATH}/include/openssl" ]; then rm -r "${CURRENTPATH}/include/openssl" fi if [ -d "${CURRENTPATH}/lib" ]; then rm -r "${CURRENTPATH}/lib" fi if [ -d "${CURRENTPATH}/src" ]; then rm -r "${CURRENTPATH}/src" fi # (Re-)create target directories mkdir -p "${CURRENTPATH}/bin" mkdir -p "${CURRENTPATH}/lib" mkdir -p "${CURRENTPATH}/src" # Init vars for library references INCLUDE_DIR="" LIBSSL_IOS=() LIBCRYPTO_IOS=() LIBSSL_TVOS=() LIBCRYPTO_TVOS=() for ARCH in ${ARCHS} do # Determine relevant SDK version if [[ "$ARCH" == tv* ]]; then SDKVERSION=${TVOS_SDKVERSION} else SDKVERSION=${IOS_SDKVERSION} fi # Determine platform, override arch for tvOS builds if [[ "${ARCH}" == "i386" || "${ARCH}" == "x86_64" ]]; then PLATFORM="iPhoneSimulator" elif [ "${ARCH}" == "tv_x86_64" ]; then ARCH="x86_64" PLATFORM="AppleTVSimulator" elif [ "${ARCH}" == "tv_arm64" ]; then ARCH="arm64" PLATFORM="AppleTVOS" else PLATFORM="iPhoneOS" fi # Set env vars for Configure export CROSS_TOP="${DEVELOPER}/Platforms/${PLATFORM}.platform/Developer" export CROSS_SDK="${PLATFORM}${SDKVERSION}.sdk" export BUILD_TOOLS="${DEVELOPER}" export CC="${BUILD_TOOLS}/usr/bin/gcc -arch ${ARCH}" # Prepare target dir TARGETDIR="${CURRENTPATH}/bin/${PLATFORM}${SDKVERSION}-${ARCH}.sdk" mkdir -p "${TARGETDIR}" LOG="${TARGETDIR}/build-openssl-${VERSION}.log" echo "Building openssl-${VERSION} for ${PLATFORM} ${SDKVERSION} ${ARCH}..." echo " Logfile: ${LOG}" # Prepare source dir SOURCEDIR="${CURRENTPATH}/src/${PLATFORM}-${ARCH}" mkdir -p "${SOURCEDIR}" tar zxf "${CURRENTPATH}/${OPENSSL_ARCHIVE_FILE_NAME}" -C "${SOURCEDIR}" cd "${SOURCEDIR}/openssl-${OPENSSL_ARCHIVE_BASE_NAME}" chmod u+x ./Configure # Add optional enable-ec_nistp_64_gcc_128 configure option for 64 bit builds LOCAL_CONFIG_OPTIONS="${CONFIG_OPTIONS}" if [ "${CONFIG_ENABLE_EC_NISTP_64_GCC_128}" == "true" ]; then case "${ARCH}" in *64*) LOCAL_CONFIG_OPTIONS="${LOCAL_CONFIG_OPTIONS} enable-ec_nistp_64_gcc_128" ;; esac fi # Embed bitcode for SDK >= 9 if [[ "${SDKVERSION}" == 9.* || "${SDKVERSION}" == [0-9][0-9].* ]]; then LOCAL_CONFIG_OPTIONS="${LOCAL_CONFIG_OPTIONS} -fembed-bitcode" fi # Add platform specific config options if [[ "${PLATFORM}" == AppleTV* ]]; then LOCAL_CONFIG_OPTIONS="${LOCAL_CONFIG_OPTIONS} -DHAVE_FORK=0 -mtvos-version-min=${TVOS_MIN_SDK_VERSION}" echo " Patching Configure..." LC_ALL=C sed -i -- 's/D\_REENTRANT\:iOS/D\_REENTRANT\:tvOS/' "./Configure" else LOCAL_CONFIG_OPTIONS="${LOCAL_CONFIG_OPTIONS} -miphoneos-version-min=${IOS_MIN_SDK_VERSION}" fi # Add --openssldir option LOCAL_CONFIG_OPTIONS="--openssldir=${TARGETDIR} ${LOCAL_CONFIG_OPTIONS}" # Determine configure target if [ "${ARCH}" == "x86_64" ]; then LOCAL_CONFIG_OPTIONS="darwin64-x86_64-cc no-asm ${LOCAL_CONFIG_OPTIONS}" else LOCAL_CONFIG_OPTIONS="iphoneos-cross ${LOCAL_CONFIG_OPTIONS}" fi # Run Configure echo " Configure...\c" set +e if [ "${LOG_VERBOSE}" == "verbose" ]; then ./Configure ${LOCAL_CONFIG_OPTIONS} | tee "${LOG}" else (./Configure ${LOCAL_CONFIG_OPTIONS} > "${LOG}" 2>&1) & spinner fi # Check for error status check_status $? "Configure" # Only required for Darwin64 builds (-isysroot is automatically added by iphoneos-cross target) if [ "${ARCH}" == "x86_64" ]; then echo " Patching Makefile..." sed -ie "s!^CFLAG=!CFLAG=-isysroot ${CROSS_TOP}/SDKs/${CROSS_SDK} !" "Makefile" fi # Run make depend if relevant if [[ ! -z "${CONFIG_OPTIONS}" ]]; then echo " Make depend...\c" if [ "${LOG_VERBOSE}" == "verbose" ]; then make depend | tee -a "${LOG}" else (make depend >> "${LOG}" 2>&1) & spinner fi # Check for error status check_status $? "make depend" fi # Run make echo " Make...\c" if [ "${LOG_VERBOSE}" == "verbose" ]; then make -j "${BUILD_THREADS}" | tee -a "${LOG}" else (make -j "${BUILD_THREADS}" >> "${LOG}" 2>&1) & spinner fi # Check for error status check_status $? "make" # Run make install set -e if [ "${LOG_VERBOSE}" == "verbose" ]; then make install_sw | tee -a "${LOG}" else make install_sw >> "${LOG}" 2>&1 fi # Remove source dir rm -r "${SOURCEDIR}" # Add references to library files to relevant arrays if [[ "${PLATFORM}" == AppleTV* ]]; then LIBSSL_TVOS+=("${TARGETDIR}/lib/libssl.a") LIBCRYPTO_TVOS+=("${TARGETDIR}/lib/libcrypto.a") else LIBSSL_IOS+=("${TARGETDIR}/lib/libssl.a") LIBCRYPTO_IOS+=("${TARGETDIR}/lib/libcrypto.a") fi # Keep reference to first build target for include file if [ -z "${INCLUDE_DIR}" ]; then INCLUDE_DIR="${TARGETDIR}/include/openssl" fi done # Build iOS library if selected for build if [ ${#LIBSSL_IOS} -gt 0 ]; then echo "Build library for iOS..." lipo -create ${LIBSSL_IOS[@]} -output "${CURRENTPATH}/lib/libssl.a" lipo -create ${LIBCRYPTO_IOS[@]} -output "${CURRENTPATH}/lib/libcrypto.a" fi # Build tvOS library if selected for build if [ ${#LIBSSL_TVOS} -gt 0 ] ; then echo "Build library for tvOS..." lipo -create ${LIBSSL_TVOS[@]} -output "${CURRENTPATH}/lib/libssl-tvOS.a" lipo -create ${LIBCRYPTO_TVOS[@]} -output "${CURRENTPATH}/lib/libcrypto-tvOS.a" fi # Copy include directory cp -R "${INCLUDE_DIR}" ${CURRENTPATH}/include/ echo "Done."