Statically linking openssl | libevent in tor #5
Conversation
build_darwin.sh
Outdated
| tar -xvzf openssl-$OPENSSL_VERSION.tar.gz && \ | ||
| cd openssl-$OPENSSL_VERSION && \ | ||
| ./config --prefix=$PWD/install no-shared no-dso && \ | ||
| make |
There was a problem hiding this comment.
can we add make test for openssl?
There was a problem hiding this comment.
1.0m fails make test. 1.0o is not linkable so disabled that for now. I'm debugging on how to address this issue.
../certs/demo/pca-cert.pem: C = AU, ST = Queensland, O = CryptSoft Pty Ltd, CN = Test PCA (1024 bit)
error 18 at 0 depth lookup:self signed certificate
C = AU, ST = Queensland, O = CryptSoft Pty Ltd, CN = Test PCA (1024 bit)
error 10 at 0 depth lookup:certificate has expired
OK
make[1]: *** [test_verify] Error 2
make: *** [tests] Error 2
There was a problem hiding this comment.
make test appears to pass for OpenSSL on Linux. I don't know what the discrepancy is offhand.
build_darwin.sh
Outdated
| ./configure && make && make install | ||
| tar -xvzf tor-$TOR_VERSION.tar.gz | ||
| cd tor-$TOR_VERSION && \ | ||
| ./configure --enable-static-libevent \ |
There was a problem hiding this comment.
Why not just --enable-static-tor? Also add --disable-asciidoc cause we don't need that.
There was a problem hiding this comment.
it enables --enable-static-zlib as well. I'll add --disable-asciidoc
build_linux.sh
Outdated
| @@ -4,4 +4,4 @@ set -eu | |||
| docker rm -fv tor-brave || true | |||
| docker build -t tor-brave -f Dockerfile-linux --build-arg tor_version=$TOR_VERSION --build-arg zlib_version=$ZLIB_VERSION --build-arg libevent_version=$LIBEVENT_VERSION --build-arg openssl_version=$OPENSSL_VERSION . | |||
| docker run --name tor-brave -d tor-brave | |||
| docker cp tor-brave:/tor-$TOR_VERSION/src/or/tor tor-linux-$TOR_VERSION-brave-$BRAVE_TOR_VERSION | |||
| docker cp tor-brave:/tor-$TOR_VERSION/src/or/tor tor-$TOR_VERSION-linux-brave-$BRAVE_TOR_VERSION | |||
There was a problem hiding this comment.
Separate commit, or mention this in the commit message?
| cd .. | ||
| mv Tor/tor-win32-$TOR_VERSION-brave-$BRAVE_TOR_VERSION.zip . | ||
| mv Tor/tor-$TOR_VERSION-win32-brave-$BRAVE_TOR_VERSION.zip . |
There was a problem hiding this comment.
Separate commit, or mention this in the commit message?
There was a problem hiding this comment.
Added to the commit message
build_darwin.sh
Outdated
| --enable-static-openssl \ | ||
| --with-libevent-dir=$PWD/../libevent-$LIBEVENT_VERSION/install \ | ||
| --with-openssl-dir=$PWD/../openssl-$OPENSSL_VERSION/install && \ | ||
| make && make check | ||
| cd .. | ||
|
|
||
| cp tor-0.3.2.10/src/or/tor tor-darwin-$TOR_VERSION-brave-$BRAVE_TOR_VERSION |
There was a problem hiding this comment.
Maybe check the list of libraries this links against and fail if /usr/local or /opt/local appears in it? (otool -L or something should do it.)
build_darwin.sh
Outdated
| LDFLAGS="-L$PWD/../openssl-$OPENSSL_VERSION/" \ | ||
| CPPFLAGS="-I$PWD/../openssl-$OPENSSL_VERSION/include" \ | ||
| LDFLAGS="-L/usr/local/opt/openssl/lib" \ | ||
| CPPFLAGS="-I/usr/local/opt/openssl/include" \ |
There was a problem hiding this comment.
Why are you using the system-wide /usr/local/opt version instead of the local newly built version?
build_darwin.sh
Outdated
| --prefix=$PWD/install \ | ||
| --disable-shared \ | ||
| --enable-static \ | ||
| --with-pic && \ | ||
| make && make check | ||
| make && make install |
There was a problem hiding this comment.
Why is make check removed?
Dockerfile-linux
Outdated
| @@ -30,11 +30,11 @@ RUN \ | |||
| --disable-shared \ | |||
| --enable-static \ | |||
| --with-pic && \ | |||
| make && make check && make install | |||
| make && make install | |||
There was a problem hiding this comment.
Why is make check removed?
There was a problem hiding this comment.
Removed it for testing since it takes about 30 mins. Putting it back in soon.
jumde
force-pushed
the
enabling_static_libevent_openssl_darwin
branch
from
d170a3c to
1c9830b
Compare
| tar -xvzf openssl-$OPENSSL_VERSION.tar.gz && \ | ||
| cd openssl-$OPENSSL_VERSION && \ | ||
| ./config --prefix=$PWD/install no-shared no-dso && \ | ||
| make |
There was a problem hiding this comment.
make test for darwin fails because of expired certs. Some forums say that it is because of a conflict with xcode and brew.
There was a problem hiding this comment.
OK. Can you put a comment in here explaining this, and quoting the error so we can see if it's still around in the future?
There was a problem hiding this comment.
Check this issue: #6
jumde
force-pushed
the
enabling_static_libevent_openssl_darwin
branch
from
1c9830b to
9b194ab
Compare
env.sh
Outdated
| export TOR_HASH=60df77c31dcf94fdd686c8ca8c34f3b70243b33a7344ecc0b719d5ca2617cbee | ||
|
|
||
| export LIBEVENT_KEY=B86086848EF8686D | ||
| export TOR_KEY=FE43009C4607B1FB |
There was a problem hiding this comment.
not a huge deal, but i think you want the full key fingerprint here. ex: 2133BC600AB133E1D826D173FE43009C4607B1FB for tor
jumde
force-pushed
the
enabling_static_libevent_openssl_darwin
branch
2 times, most recently
from
51770c4 to
1168dcf
Compare
2. Correct binary naming for windows and linux 3. Move hashes/keys to env.sh
jumde
force-pushed
the
enabling_static_libevent_openssl_darwin
branch
from
2357836 to
3fbbe05
Compare
Fixes: #4