forked from nodejs/node
-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
PR-URL: nodejs#48377 Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com> Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com> Reviewed-By: Paolo Insogna <paolo@cowtech.it>
- Loading branch information
1 parent
9bbd991
commit dd2a467
Showing
2 changed files
with
284 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,185 @@ | ||
| #!/bin/sh | ||
| set -e | ||
| # Shell script to update OpenSSL in the source tree to a specific version | ||
| # Based on https://github.com/nodejs/node/blob/main/doc/contributing/maintaining/maintaining-openssl.md | ||
|
|
||
| cleanup() { | ||
| EXIT_CODE=$? | ||
| [ -d "$WORKSPACE" ] && rm -rf "$WORKSPACE" | ||
| exit $EXIT_CODE | ||
| } | ||
|
|
||
| download_v1() { | ||
| LATEST_V1_TAG_NAME="$("$NODE" --input-type=module --experimental-fetch <<'EOF' | ||
| const res = await fetch('https://api.github.com/repos/quictls/openssl/git/matching-refs/tags/OpenSSL_1'); | ||
| if (!res.ok) throw new Error(`FetchError: ${res.status} ${res.statusText}`); | ||
| const releases = await res.json() | ||
| const latest = releases.reverse().find(({ ref }) => ref.includes('quic')); | ||
| if(!latest) throw new Error(`Could not find latest release for v1`); | ||
| console.log(latest.ref.replace('refs/tags/','')); | ||
| EOF | ||
| )" | ||
|
|
||
| NEW_VERSION_V1=$(echo "$LATEST_V1_TAG_NAME" | sed 's/OpenSSL_//;s/_/./g;s/-/+/g') | ||
|
|
||
| case "$NEW_VERSION_V1" in | ||
| *quic1) NEW_VERSION_V1_NO_RELEASE="${NEW_VERSION_V1%1}" ;; | ||
| *) NEW_VERSION_V1_NO_RELEASE="$NEW_VERSION_V1" ;; | ||
| esac | ||
|
|
||
| VERSION_H="$DEPS_DIR/openssl/openssl/include/openssl/opensslv.h" | ||
| CURRENT_VERSION=$(grep "OPENSSL_VERSION_TEXT" "$VERSION_H" | sed -n "s/.*OpenSSL \([^\"]*\).*/\1/p" | cut -d ' ' -f 1) | ||
|
|
||
| # This function exit with 0 if new version and current version are the same | ||
| compare_dependency_version "openssl" "$NEW_VERSION_V1_NO_RELEASE" "$CURRENT_VERSION" | ||
|
|
||
| echo "Making temporary workspace..." | ||
| WORKSPACE=$(mktemp -d 2> /dev/null || mktemp -d -t 'tmp') | ||
| cd "$WORKSPACE" | ||
|
|
||
| echo "Fetching OpenSSL source archive..." | ||
| OPENSSL_TARBALL="openssl.tar.gz" | ||
| curl -sL -o "$OPENSSL_TARBALL" "https://api.github.com/repos/quictls/openssl/tarball/$LATEST_V1_TAG_NAME" | ||
| log_and_verify_sha256sum "openssl" "$OPENSSL_TARBALL" | ||
| gzip -dc "$OPENSSL_TARBALL" | tar xf - | ||
| rm "$OPENSSL_TARBALL" | ||
|
|
||
| mv quictls-openssl-* openssl | ||
|
|
||
| echo "Replacing existing OpenSSL..." | ||
| rm -rf "$DEPS_DIR/openssl/openssl" | ||
| mv "$WORKSPACE/openssl" "$DEPS_DIR/openssl/" | ||
|
|
||
| echo "All done!" | ||
| echo "" | ||
| echo "Please git add openssl, and commit the new version:" | ||
| echo "" | ||
| echo "$ git add -A deps/openssl/openssl" | ||
| echo "$ git add doc/contributing/maintaining/maintaining-dependencies.md" | ||
| echo "$ git commit -m \"deps: upgrade openssl sources to quictls/openssl-$NEW_VERSION_V1\"" | ||
| echo "" | ||
| # The last line of the script should always print the new version, | ||
| # as we need to add it to $GITHUB_ENV variable. | ||
| echo "NEW_VERSION=$NEW_VERSION_V1" | ||
| } | ||
|
|
||
| download_v3() { | ||
| LATEST_V3_TAG_NAME="$("$NODE" --input-type=module <<'EOF' | ||
| const res = await fetch('https://api.github.com/repos/quictls/openssl/git/matching-refs/tags/openssl-3.0'); | ||
| if (!res.ok) throw new Error(`FetchError: ${res.status} ${res.statusText}`, { cause: res }); | ||
| const releases = await res.json() | ||
| const latest = releases.findLast(({ ref }) => ref.includes('quic')); | ||
| if(!latest) throw new Error(`Could not find latest release for v3.0`); | ||
| console.log(latest.ref.replace('refs/tags/','')); | ||
| EOF | ||
| )" | ||
| NEW_VERSION_V3=$(echo "$LATEST_V3_TAG_NAME" | sed 's/openssl-//;s/-/+/g') | ||
|
|
||
| case "$NEW_VERSION_V3" in | ||
| *quic1) NEW_VERSION_V3_NO_RELEASE="${NEW_VERSION_V3%1}" ;; | ||
| *) NEW_VERSION_V3_NO_RELEASE="$NEW_VERSION_V3" ;; | ||
| esac | ||
| VERSION_H="./deps/openssl/config/archs/linux-x86_64/asm/include/openssl/opensslv.h" | ||
| CURRENT_VERSION=$(grep "OPENSSL_FULL_VERSION_STR" $VERSION_H | sed -n "s/^.*VERSION_STR \"\(.*\)\"/\1/p") | ||
| # This function exit with 0 if new version and current version are the same | ||
| compare_dependency_version "openssl" "$NEW_VERSION_V3_NO_RELEASE" "$CURRENT_VERSION" | ||
|
|
||
| echo "Making temporary workspace..." | ||
|
|
||
| WORKSPACE=$(mktemp -d 2> /dev/null || mktemp -d -t 'tmp') | ||
|
|
||
| cd "$WORKSPACE" | ||
| echo "Fetching OpenSSL source archive..." | ||
|
|
||
| OPENSSL_TARBALL="openssl.tar.gz" | ||
|
|
||
| curl -sL -o "$OPENSSL_TARBALL" "https://api.github.com/repos/quictls/openssl/tarball/$LATEST_V3_TAG_NAME" | ||
|
|
||
| log_and_verify_sha256sum "openssl" "$OPENSSL_TARBALL" | ||
|
|
||
| gzip -dc "$OPENSSL_TARBALL" | tar xf - | ||
|
|
||
| rm "$OPENSSL_TARBALL" | ||
| mv quictls-openssl-* openssl | ||
| echo "Replacing existing OpenSSL..." | ||
| rm -rf "$DEPS_DIR/openssl/openssl" | ||
| mv "$WORKSPACE/openssl" "$DEPS_DIR/openssl/" | ||
|
|
||
| # Update the version number | ||
| update_dependency_version "openssl" "$NEW_VERSION_V3" | ||
| echo "All done!" | ||
| echo "" | ||
| echo "Please git add openssl, and commit the new version:" | ||
| echo "" | ||
| echo "$ git add -A deps/openssl/openssl" | ||
| echo "$ git add doc/contributing/maintaining/maintaining-dependencies.md" | ||
| echo "$ git commit -m \"deps: upgrade openssl sources to quictls/openssl-$NEW_VERSION_V3\"" | ||
| echo "" | ||
| # The last line of the script should always print the new version, | ||
| # as we need to add it to $GITHUB_ENV variable. | ||
| echo "NEW_VERSION=$NEW_VERSION_V3" | ||
| } | ||
|
|
||
| regenerate() { | ||
| command -v perl >/dev/null 2>&1 || { echo >&2 "Error: 'Perl' required but not installed."; exit 1; } | ||
| command -v nasm >/dev/null 2>&1 || { echo >&2 "Error: 'nasm' required but not installed."; exit 1; } | ||
| command -v as >/dev/null 2>&1 || { echo >&2 "Error: 'GNU as' required but not installed."; exit 1; } | ||
| perl -e "use Text::Template">/dev/null 2>&1 || { echo >&2 "Error: 'Text::Template' Perl module required but not installed."; exit 1; } | ||
|
|
||
| echo "Regenerating platform-dependent files..." | ||
|
|
||
| make -C "$DEPS_DIR/openssl/config" clean | ||
| # Needed for compatibility with nasm on 32-bit Windows | ||
| # See https://github.com/nodejs/node/blob/main/doc/contributing/maintaining/maintaining-openssl.md#2-execute-make-in-depsopensslconfig-directory | ||
| sed -i 's/#ifdef/%ifdef/g' "$DEPS_DIR/openssl/openssl/crypto/perlasm/x86asm.pl" | ||
| sed -i 's/#endif/%endif/g' "$DEPS_DIR/openssl/openssl/crypto/perlasm/x86asm.pl" | ||
| make -C "$DEPS_DIR/openssl/config" | ||
|
|
||
| echo "All done!" | ||
| echo "" | ||
| echo "Please commit the regenerated files:" | ||
| echo "" | ||
| echo "$ git add -A deps/openssl/config/archs deps/openssl/openssl" | ||
| echo "$ git commit -m \"deps: update archs files for openssl\"" | ||
| echo "" | ||
| } | ||
|
|
||
| help() { | ||
| echo "Shell script to update OpenSSL in the source tree to a specific version" | ||
| echo "Sub-commands:" | ||
| printf "%-23s %s\n" "help" "show help menu and commands" | ||
| printf "%-23s %s\n" "download" "download and replace OpenSSL source code with new version" | ||
| printf "%-23s %s\n" "regenerate" "regenerate platform-specific files" | ||
| echo "" | ||
| exit "${1:-0}" | ||
| } | ||
|
|
||
| main() { | ||
| if [ ${#} -eq 0 ]; then | ||
| help 0 | ||
| fi | ||
|
|
||
| trap cleanup INT TERM EXIT | ||
|
|
||
| BASE_DIR=$(cd "$(dirname "$0")/../.." && pwd) | ||
| DEPS_DIR="$BASE_DIR/deps" | ||
|
|
||
| [ -z "$NODE" ] && NODE="$BASE_DIR/out/Release/node" | ||
| [ -x "$NODE" ] || NODE=$(command -v node) | ||
|
|
||
| # shellcheck disable=SC1091 | ||
| . "$BASE_DIR/tools/dep_updaters/utils.sh" | ||
|
|
||
| case ${1} in | ||
| help | regenerate | download_v1 | download_v3 ) | ||
| $1 "${2}" | ||
| ;; | ||
| * ) | ||
| echo "unknown command: $1" | ||
| help 1 | ||
| exit 1 | ||
| ;; | ||
| esac | ||
| } | ||
|
|
||
| main "$@" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,99 @@ | ||
| #!/bin/sh | ||
|
|
||
| ROOT=$(cd "$(dirname "$0")/../.." && pwd) | ||
|
|
||
| # This function compare new version with current version of a depdendency and | ||
| # exit the script if the versions are the same | ||
| # | ||
| # $1 is the package name e.g. 'acorn', 'ada', 'base64' etc. See the file | ||
| # https://github.com/nodejs/node/blob/main/doc/contributing/maintaining/maintaining-dependencies.md | ||
| # for a complete list of package name | ||
| # $2 is the new version. | ||
| compare_dependency_version() { | ||
| package_name="$1" | ||
| new_version="$2" | ||
| current_version="$3" | ||
| echo "Comparing $new_version with $current_version" | ||
| if [ "$new_version" = "$current_version" ]; then | ||
| echo "Skipped because $package_name is on the latest version." | ||
| exit 0 | ||
| fi | ||
| } | ||
|
|
||
| # This function inform to commit the new version of a maintained dependency | ||
| # and print the last line of the script "NEW_VERSION=$NEW_VERSION" as we need | ||
| # to add it to $GITHUB_ENV variable. | ||
| # | ||
| # $1 is the package name e.g. 'acorn', 'ada', 'base64' etc. See the file | ||
| # https://github.com/nodejs/node/blob/main/doc/contributing/maintaining/maintaining-dependencies.md | ||
| # for a complete list of package name | ||
| # $2 is the new version. | ||
| # $3 (optional) other files to be git added apart from the deps/package_name | ||
| finalize_version_update() { | ||
| package_name="$1" | ||
| new_version="$2" | ||
| extra_files="$3" | ||
|
|
||
| # Update the version number on maintaining-dependencies.md | ||
| update_dependency_version "$package_name" "$new_version" | ||
|
|
||
| echo "All done!" | ||
| echo "" | ||
| echo "Please git add $package_name and commit the new version:" | ||
| echo "" | ||
| echo "$ git add -A deps/$package_name $extra_files" | ||
| echo "$ git add doc/contributing/maintaining/maintaining-dependencies.md" | ||
| echo "$ git commit -m \"deps: update $package_name to $new_version\"" | ||
| echo "" | ||
|
|
||
| # The last line of the script should always print the new version, | ||
| # as we need to add it to $GITHUB_ENV variable. | ||
| echo "NEW_VERSION=$new_version" | ||
| } | ||
|
|
||
| # This function logs the archive checksum and, if provided, compares it with | ||
| # the deposited checksum | ||
| # | ||
| # $1 is the package name e.g. 'acorn', 'ada', 'base64' etc. See the file | ||
| # https://github.com/nodejs/node/blob/main/doc/contributing/maintaining/maintaining-dependencies.md | ||
| # for a complete list of package name | ||
| # $2 is the downloaded archive | ||
| # $3 (optional) is the deposited sha256 cheksum. When provided, it is checked | ||
| # against the checksum generated from the archive | ||
| log_and_verify_sha256sum() { | ||
| package_name="$1" | ||
| archive="$2" | ||
| checksum="$3" | ||
| bsd_formatted_checksum=$(shasum -a 256 --tag "$archive") | ||
| if [ -z "$3" ]; then | ||
| echo "$bsd_formatted_checksum" | ||
| else | ||
| archive_checksum=$(shasum -a 256 "$archive") | ||
| if [ "$checksum" = "$archive_checksum" ]; then | ||
| echo "Valid $package_name checksum" | ||
| echo "$bsd_formatted_checksum" | ||
| else | ||
| echo "ERROR - Invalid $package_name checksum:" | ||
| echo "deposited: $checksum" | ||
| echo "generated: $archive_checksum" | ||
| exit 1 | ||
| fi | ||
| fi | ||
| } | ||
|
|
||
| # This function update the version of a maintained dependency in | ||
| # https://github.com/nodejs/node/blob/main/doc/contributing/maintaining/maintaining-dependencies.md | ||
| # | ||
| # $1 is the package name e.g. 'acorn', 'ada', 'base64' etc. See that file | ||
| # for a complete list of package name | ||
| # $2 is the new version. | ||
| update_dependency_version() { | ||
| package_name="$1" | ||
| new_version="$2" | ||
| deps_file_path="$ROOT/doc/contributing/maintaining/maintaining-dependencies.md" | ||
| # Remove version dots for anchor markdown | ||
| version_no_dots=$(echo "$new_version" | sed -e 's/\.//g') | ||
| perl -i -pe 's|^\* \['"$package_name"'.*|* ['"$package_name"' '"$new_version"'][]|' "$deps_file_path" | ||
| perl -i -pe 's|^\['"$package_name"'.*\]: #'"$package_name"'.*|['"$package_name"' '"$new_version"']: #'"$package_name"'-'"$version_no_dots"'|' "$deps_file_path" | ||
| perl -i -pe 's|^### '"$package_name"'.*|### '"$package_name"' '"$new_version"'|' "$deps_file_path" | ||
| } |