From db4de3b289ad315353ef0135b352c409d1e8ff04 Mon Sep 17 00:00:00 2001 From: Petr Shumilov Date: Wed, 12 Feb 2025 16:12:31 +0300 Subject: [PATCH] Add patch applying for OpenSSL Signed-off-by: Petr Shumilov --- .github/workflows/Dockerfile.focal | 2 +- .github/workflows/Dockerfile.jammy | 2 +- .gitmodules | 4 +-- cmake/apply_patches.cmake | 35 +++++++++++++++++++++++++ third-party/openssl | 2 +- third-party/openssl-cmake/openssl.cmake | 12 ++++++--- 6 files changed, 48 insertions(+), 9 deletions(-) create mode 100644 cmake/apply_patches.cmake diff --git a/.github/workflows/Dockerfile.focal b/.github/workflows/Dockerfile.focal index 2a6f02d99d..10c0fdba51 100644 --- a/.github/workflows/Dockerfile.focal +++ b/.github/workflows/Dockerfile.focal @@ -12,7 +12,7 @@ RUN apt-get update && \ add-apt-repository ppa:deadsnakes/ppa && \ apt-get update && \ apt-get install -y --no-install-recommends \ - git cmake make clang g++ g++-10 gperf netcat \ + git cmake make clang g++ g++-10 gperf netcat patch \ python3.7 python3-pip python3.7-distutils python3.7-dev libpython3.7-dev python3-jsonschema python3-setuptools mysql-server libmysqlclient-dev && \ python3.7 -m pip install pip && python3.7 -m pip install -r /tmp/requirements.txt && \ apt-get install -y --no-install-recommends kphp-timelib libuber-h3-dev libfmt-dev libgtest-dev libgmock-dev libre2-dev libpcre3-dev \ diff --git a/.github/workflows/Dockerfile.jammy b/.github/workflows/Dockerfile.jammy index cb445104e1..cb667c503b 100644 --- a/.github/workflows/Dockerfile.jammy +++ b/.github/workflows/Dockerfile.jammy @@ -16,7 +16,7 @@ RUN apt update && \ add-apt-repository ppa:deadsnakes/ppa && \ apt update && \ apt install -y --no-install-recommends \ - build-essential devscripts fakeroot git cmake make g++ lld gperf netcat \ + build-essential devscripts fakeroot git cmake make g++ lld gperf netcat patch \ python3.7 python3-pip python3.7-distutils python3.7-dev libpython3.7-dev python3-jsonschema python3-setuptools && \ apt install -y --no-install-recommends kphp-timelib libuber-h3-dev libfmt-dev libgtest-dev libgmock-dev libre2-dev libpcre3-dev \ libzstd-dev libyaml-cpp-dev libnghttp2-dev zlib1g-dev php7.4-dev libnuma-dev unzip && \ diff --git a/.gitmodules b/.gitmodules index 107f016fc8..daab73053c 100644 --- a/.gitmodules +++ b/.gitmodules @@ -9,8 +9,8 @@ url = https://github.com/PCRE2Project/pcre2.git [submodule "third-party/openssl"] path = third-party/openssl - url = https://github.com/openssl/openssl.git - branch = OpenSSL_1_1_1-stable + url = https://salsa.debian.org/debian/openssl.git + branch = debian/buster [submodule "third-party/curl"] path = third-party/curl url = https://github.com/VKCOM/curl.git diff --git a/cmake/apply_patches.cmake b/cmake/apply_patches.cmake new file mode 100644 index 0000000000..9cf1b26c98 --- /dev/null +++ b/cmake/apply_patches.cmake @@ -0,0 +1,35 @@ +function(apply_patches_from_series build_dir series_file patch_dir) + # Check for the presence of the patch utility + find_program(PATCH_EXECUTABLE patch) + if(NOT PATCH_EXECUTABLE) + message(FATAL_ERROR "The 'patch' utility is not found on this system.") + endif() + + # Read the series file and apply each patch listed + file(READ "${series_file}" series_content) + string(REPLACE "\n" ";" series_list "${series_content}") + + foreach(patch IN LISTS series_list) + if(NOT patch STREQUAL "") + # Construct the full path to the patch file + set(patch_file "${patch_dir}${patch}") + + # Apply the patch using GNU patch + execute_process( + COMMAND ${PATCH_EXECUTABLE} -p1 -i "${patch_file}" + WORKING_DIRECTORY "${build_dir}" + RESULT_VARIABLE result + OUTPUT_VARIABLE output + ERROR_VARIABLE error + ) + + if(NOT result EQUAL 0) + message(FATAL_ERROR "Failed to apply patch: ${patch}\nOutput: ${output}\nError: ${error}") + else() + message(STATUS "Applied patch: ${patch}") + endif() + endif() + endforeach() +endfunction() + +apply_patches_from_series(${BUILD_DIR} ${PATCH_SERIES} ${PATCH_DIR}) diff --git a/third-party/openssl b/third-party/openssl index b372b1f764..ddafec437b 160000 --- a/third-party/openssl +++ b/third-party/openssl @@ -1 +1 @@ -Subproject commit b372b1f76450acdfed1e2301a39810146e28b02c +Subproject commit ddafec437b0f371490126a3af2577150b56dae81 diff --git a/third-party/openssl-cmake/openssl.cmake b/third-party/openssl-cmake/openssl.cmake index 43012ee4df..c55d06be9b 100644 --- a/third-party/openssl-cmake/openssl.cmake +++ b/third-party/openssl-cmake/openssl.cmake @@ -1,8 +1,10 @@ update_git_submodule(${THIRD_PARTY_DIR}/openssl "--remote") -set(OPENSSL_SOURCE_DIR ${THIRD_PARTY_DIR}/openssl) -set(OPENSSL_BUILD_DIR ${CMAKE_BINARY_DIR}/third-party/openssl/build) -set(OPENSSL_INSTALL_DIR ${CMAKE_BINARY_DIR}/third-party/openssl/install) +set(OPENSSL_SOURCE_DIR ${THIRD_PARTY_DIR}/openssl) +set(OPENSSL_BUILD_DIR ${CMAKE_BINARY_DIR}/third-party/openssl/build) +set(OPENSSL_INSTALL_DIR ${CMAKE_BINARY_DIR}/third-party/openssl/install) +set(OPENSSL_PATCH_DIR ${OPENSSL_BUILD_DIR}/debian/patches/) +set(OPENSSL_PATCH_SERIES ${OPENSSL_BUILD_DIR}/debian/patches/series) # Ensure the build and installation directories exists file(MAKE_DIRECTORY ${OPENSSL_BUILD_DIR}) file(MAKE_DIRECTORY ${OPENSSL_INSTALL_DIR}) @@ -29,8 +31,10 @@ ExternalProject_Add( INSTALL_DIR ${OPENSSL_INSTALL_DIR} BINARY_DIR ${OPENSSL_BUILD_DIR} BUILD_BYPRODUCTS ${OPENSSL_INSTALL_DIR}/lib/libssl.a ${OPENSSL_INSTALL_DIR}/lib/libcrypto.a - CONFIGURE_COMMAND + PATCH_COMMAND COMMAND ${CMAKE_COMMAND} -E copy_directory ${OPENSSL_SOURCE_DIR} ${OPENSSL_BUILD_DIR} + COMMAND ${CMAKE_COMMAND} -DBUILD_DIR=${OPENSSL_BUILD_DIR} -DPATCH_SERIES=${OPENSSL_PATCH_SERIES} -DPATCH_DIR=${OPENSSL_PATCH_DIR} -P ../../cmake/apply_patches.cmake + CONFIGURE_COMMAND COMMAND ./config --prefix=${OPENSSL_INSTALL_DIR} --openssldir=/usr/lib/ssl no-shared no-pic no-idea no-mdc2 no-rc5 no-zlib no-ssl3 enable-unit-test no-ssl3-method enable-rfc3779 enable-cms no-tests ${OPENSSL_CONFIGURE_EXTRA_OPTION} BUILD_COMMAND COMMAND ${CMAKE_COMMAND} -E env CFLAGS=${OPENSSL_COMPILE_FLAGS} make