You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by dm...@apache.org on 2024/04/30 07:40:26 UTC
(trafficserver) branch master updated: tools: Dual build for openssl and boringssl H3 tools. (#11270)
This is an automated email from the ASF dual-hosted git repository.
dmeden pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/master by this push:
new fe2f9eb5ba tools: Dual build for openssl and boringssl H3 tools. (#11270)
fe2f9eb5ba is described below
commit fe2f9eb5ba82d94d51a45723c4c7abb275f963c7
Author: Damian Meden <dm...@apache.org>
AuthorDate: Tue Apr 30 09:40:21 2024 +0200
tools: Dual build for openssl and boringssl H3 tools. (#11270)
* tools: Dual build for openssl and boringssl H3 tools.
Build both boringssl and openssl tools which can be used to build
ATS with either SSL vendor. This is needed if you want to use quiche
either with boring or openssl.
---
...ild_h3_tools.sh => build_boringssl_h3_tools.sh} | 93 ++++----
tools/build_h3_tools.sh | 261 ++-------------------
...build_h3_tools.sh => build_openssl_h3_tools.sh} | 106 ++-------
3 files changed, 85 insertions(+), 375 deletions(-)
diff --git a/tools/build_h3_tools.sh b/tools/build_boringssl_h3_tools.sh
similarity index 77%
copy from tools/build_h3_tools.sh
copy to tools/build_boringssl_h3_tools.sh
index ff5f2ffa5b..78b03b5b8e 100755
--- a/tools/build_h3_tools.sh
+++ b/tools/build_boringssl_h3_tools.sh
@@ -1,6 +1,7 @@
#!/usr/bin/env bash
#
-# Simple script to build OpenSSL and various tools with H3 and QUIC support.
+# Simple script to build BoringsSSL and various tools with H3 and QUIC support
+# including quiche+BoringSSL.
# This probably needs to be modified based on platform.
#
# Licensed to the Apache Software Foundation (ASF) under one
@@ -25,24 +26,22 @@ WORKDIR="$(mktemp -d)"
readonly WORKDIR
cd "${WORKDIR}"
-echo "Building H3 dependencies in ${WORKDIR} ..."
-# Update this as the draft we support updates.
-OPENSSL_BRANCH=${OPENSSL_BRANCH:-"openssl-3.1.4+quic"}
# Set these, if desired, to change these to your preferred installation
# directory
-BASE=${BASE:-"/opt/ats_h3_tools"}
-OPENSSL_BASE=${OPENSSL_BASE:-"${BASE}/openssl-quic"}
-OPENSSL_PREFIX=${OPENSSL_PREFIX:-"${OPENSSL_BASE}-${OPENSSL_BRANCH}"}
+BASE=${BASE:-"/opt/h3-tools-boringssl"}
MAKE="make"
+echo "Building boringssl H3 dependencies in ${WORKDIR}. Installation will be done in ${BASE}"
+
CFLAGS=${CFLAGS:-"-O3 -g"}
CXXFLAGS=${CXXFLAGS:-"-O3 -g"}
+BORINGSSL_PATH="${BASE}/boringssl"
if [ -e /etc/redhat-release ]; then
MAKE="gmake"
- TMP_QUICHE_BSSL_PATH="${BASE}/boringssl/lib64"
+ TMP_BORINGSSL_LIB_PATH="${BASE}/boringssl/lib64"
echo "+-------------------------------------------------------------------------+"
echo "| You probably need to run this, or something like this, for your system: |"
echo "| |"
@@ -55,7 +54,7 @@ if [ -e /etc/redhat-release ]; then
echo
echo
elif [ -e /etc/debian_version ]; then
- TMP_QUICHE_BSSL_PATH="${BASE}/boringssl/lib"
+ TMP_BORINGSSL_LIB_PATH="${BASE}/boringssl/lib"
echo "+-------------------------------------------------------------------------+"
echo "| You probably need to run this, or something like this, for your system: |"
echo "| |"
@@ -77,8 +76,8 @@ if [ `uname -s` = "Darwin" ]; then
echo "+-------------------------------------------------------------------------+"
fi
-if [ -z ${QUICHE_BSSL_PATH+x} ]; then
- QUICHE_BSSL_PATH=${TMP_QUICHE_BSSL_PATH:-"${BASE}/boringssl/lib"}
+if [ -z ${BORINGSSL_LIB_PATH+x} ]; then
+ BORINGSSL_LIB_PATH=${TMP_BORINGSSL_LIB_PATH:-"${BORINGSSL_PATH}/lib"}
fi
set -x
@@ -126,12 +125,26 @@ if [ ! -d boringssl ]; then
cd ..
fi
cd boringssl
+
+# un-set it for a bit.
+set +e
+BSSL_C_FLAGS="-Wdangling-pointer=0"
+GCCO=$(eval "gcc --help=warnings | grep dangling-pointer=")
+retVal=$?
+if [ $retVal -eq 1 ]; then
+ BSSL_C_FLAGS=""
+fi
+set -e
+
+# Note: -Wdangling-pointer=0
+# We may have some issues with latest GCC compilers, so disabling -Wdangling-pointer=
cmake \
-B build-shared \
-DGO_EXECUTABLE=${GO_BINARY_PATH} \
-DCMAKE_INSTALL_PREFIX=${BASE}/boringssl \
-DCMAKE_BUILD_TYPE=Release \
-DCMAKE_CXX_FLAGS='-Wno-error=ignored-attributes' \
+ -DCMAKE_C_FLAGS=${BSSL_C_FLAGS} \
-DBUILD_SHARED_LIBS=1
cmake \
-B build-static \
@@ -139,22 +152,24 @@ cmake \
-DCMAKE_INSTALL_PREFIX=${BASE}/boringssl \
-DCMAKE_BUILD_TYPE=Release \
-DCMAKE_CXX_FLAGS='-Wno-error=ignored-attributes' \
+ -DCMAKE_C_FLAGS=${BSSL_C_FLAGS} \
-DBUILD_SHARED_LIBS=0
cmake --build build-shared -j ${num_threads}
cmake --build build-static -j ${num_threads}
sudo cmake --install build-shared
sudo cmake --install build-static
sudo chmod -R a+rX ${BASE}
+
cd ..
# Build quiche
# Steps borrowed from: https://github.com/apache/trafficserver-ci/blob/main/docker/rockylinux8/Dockerfile
echo "Building quiche"
QUICHE_BASE="${BASE:-/opt}/quiche"
-[ ! -d quiche ] && git clone --recursive https://github.com/cloudflare/quiche.git
+[ ! -d quiche ] && git clone https://github.com/cloudflare/quiche.git
cd quiche
-git checkout 0.20.1
-QUICHE_BSSL_PATH=${QUICHE_BSSL_PATH} QUICHE_BSSL_LINK_KIND=dylib cargo build -j4 --package quiche --release --features ffi,pkg-config-meta,qlog
+git checkout 0.21.0
+QUICHE_BSSL_PATH=${BORINGSSL_LIB_PATH} QUICHE_BSSL_LINK_KIND=dylib cargo build -j4 --package quiche --release --features ffi,pkg-config-meta,qlog
sudo mkdir -p ${QUICHE_BASE}/lib/pkgconfig
sudo mkdir -p ${QUICHE_BASE}/include
sudo cp target/release/libquiche.a ${QUICHE_BASE}/lib/
@@ -164,30 +179,7 @@ sudo cp target/release/quiche.pc ${QUICHE_BASE}/lib/pkgconfig
sudo chmod -R a+rX ${BASE}
cd ..
-echo "Building OpenSSL with QUIC support"
-[ ! -d openssl-quic ] && git clone -b ${OPENSSL_BRANCH} --depth 1 https://github.com/quictls/openssl.git openssl-quic
-cd openssl-quic
-./config enable-tls1_3 --prefix=${OPENSSL_PREFIX}
-${MAKE} -j ${num_threads}
-sudo ${MAKE} install_sw
-sudo chmod -R a+rX ${BASE}
-
-# The symlink target provides a more convenient path for the user while also
-# providing, in the symlink source, the precise branch of the OpenSSL build.
-sudo ln -sf ${OPENSSL_PREFIX} ${OPENSSL_BASE}
-sudo chmod -R a+rX ${BASE}
-cd ..
-
-# OpenSSL will install in /lib or lib64 depending upon the architecture.
-if [ -d "${OPENSSL_PREFIX}/lib" ]; then
- OPENSSL_LIB="${OPENSSL_PREFIX}/lib"
-elif [ -d "${OPENSSL_PREFIX}/lib64" ]; then
- OPENSSL_LIB="${OPENSSL_PREFIX}/lib64"
-else
- echo "Could not find the OpenSSL install library directory."
- exit 1
-fi
-LDFLAGS=${LDFLAGS:-"-Wl,-rpath,${OPENSSL_LIB}"}
+LDFLAGS=${LDFLAGS:-"-Wl,-rpath,${BORINGSSL_LIB_PATH}"}
# Then nghttp3
echo "Building nghttp3..."
@@ -197,7 +189,7 @@ git submodule update --init
autoreconf -if
./configure \
--prefix=${BASE} \
- PKG_CONFIG_PATH=${BASE}/lib/pkgconfig:${OPENSSL_LIB}/pkgconfig \
+ PKG_CONFIG_PATH=${BASE}/lib/pkgconfig:${BORINGSSL_LIB_PATH}/pkgconfig \
CFLAGS="${CFLAGS}" \
CXXFLAGS="${CXXFLAGS}" \
LDFLAGS="${LDFLAGS}" \
@@ -214,9 +206,12 @@ cd ngtcp2
autoreconf -if
./configure \
--prefix=${BASE} \
- PKG_CONFIG_PATH=${BASE}/lib/pkgconfig:${OPENSSL_LIB}/pkgconfig \
- CFLAGS="${CFLAGS}" \
- CXXFLAGS="${CXXFLAGS}" \
+ --with-boringssl \
+ BORINGSSL_CFLAGS="-I${BORINGSSL_PATH}/include" \
+ BORINGSSL_LIBS="-L${BORINGSSL_LIB_PATH} -lssl -lcrypto" \
+ PKG_CONFIG_PATH=${BASE}/lib/pkgconfig \
+ CFLAGS="${CFLAGS} -fPIC" \
+ CXXFLAGS="${CXXFLAGS} -fPIC" \
LDFLAGS="${LDFLAGS}" \
--enable-lib-only
${MAKE} -j ${num_threads}
@@ -241,11 +236,13 @@ fi
# Note for FreeBSD: This will not build h2load. h2load can be run on a remote machine.
./configure \
--prefix=${BASE} \
- PKG_CONFIG_PATH=${BASE}/lib/pkgconfig:${OPENSSL_LIB}/pkgconfig \
+ PKG_CONFIG_PATH=${BASE}/lib/pkgconfig \
CFLAGS="${CFLAGS}" \
- CXXFLAGS="${CXXFLAGS}" \
- LDFLAGS="${LDFLAGS} -L${OPENSSL_LIB}" \
+ CXXFLAGS="${CXXFLAGS} -I${BORINGSSL_PATH}/include" \
+ LDFLAGS="${LDFLAGS}" \
+ OPENSSL_LIBS="-lcrypto -lssl -L${BORINGSSL_LIB_PATH}" \
--enable-http3 \
+ --disable-examples \
${ENABLE_APP}
${MAKE} -j ${num_threads}
sudo ${MAKE} install
@@ -261,13 +258,13 @@ cd curl
autoreconf -fi || autoreconf -fi
./configure \
--prefix=${BASE} \
- --with-ssl=${OPENSSL_PREFIX} \
+ --with-openssl="${BORINGSSL_PATH}" \
--with-nghttp2=${BASE} \
--with-nghttp3=${BASE} \
--with-ngtcp2=${BASE} \
+ LDFLAGS="${LDFLAGS} -L${BORINGSSL_LIB_PATH} -Wl,-rpath,${BORINGSSL_LIB_PATH}" \
CFLAGS="${CFLAGS}" \
- CXXFLAGS="${CXXFLAGS}" \
- LDFLAGS="${LDFLAGS}"
+ CXXFLAGS="${CXXFLAGS}"
${MAKE} -j ${num_threads}
sudo ${MAKE} install
sudo chmod -R a+rX ${BASE}
diff --git a/tools/build_h3_tools.sh b/tools/build_h3_tools.sh
index ff5f2ffa5b..c56c73bc54 100755
--- a/tools/build_h3_tools.sh
+++ b/tools/build_h3_tools.sh
@@ -19,256 +19,23 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-set -e
-WORKDIR="$(mktemp -d)"
-readonly WORKDIR
+# The whole idea is to end up with two set of tools, a borinssgl toolset and an
+# openssl one. The first one can be used to build ATS+Boringssl+quiche(borinssl) while the
+# later one will give the base to build ATS on top of openssl/quictls+quiche(openssl/quictls).
-cd "${WORKDIR}"
-echo "Building H3 dependencies in ${WORKDIR} ..."
-# Update this as the draft we support updates.
-OPENSSL_BRANCH=${OPENSSL_BRANCH:-"openssl-3.1.4+quic"}
-
-# Set these, if desired, to change these to your preferred installation
-# directory
-BASE=${BASE:-"/opt/ats_h3_tools"}
-OPENSSL_BASE=${OPENSSL_BASE:-"${BASE}/openssl-quic"}
-OPENSSL_PREFIX=${OPENSSL_PREFIX:-"${OPENSSL_BASE}-${OPENSSL_BRANCH}"}
-MAKE="make"
-
-CFLAGS=${CFLAGS:-"-O3 -g"}
-CXXFLAGS=${CXXFLAGS:-"-O3 -g"}
-
-if [ -e /etc/redhat-release ]; then
- MAKE="gmake"
- TMP_QUICHE_BSSL_PATH="${BASE}/boringssl/lib64"
- echo "+-------------------------------------------------------------------------+"
- echo "| You probably need to run this, or something like this, for your system: |"
- echo "| |"
- echo "| sudo yum -y install libev-devel jemalloc-devel python2-devel |"
- echo "| sudo yum -y install libxml2-devel c-ares-devel libevent-devel |"
- echo "| sudo yum -y install jansson-devel zlib-devel systemd-devel cargo |"
- echo "| |"
- echo "| Rust may be needed too, see https://rustup.rs for the details |"
- echo "+-------------------------------------------------------------------------+"
- echo
- echo
-elif [ -e /etc/debian_version ]; then
- TMP_QUICHE_BSSL_PATH="${BASE}/boringssl/lib"
- echo "+-------------------------------------------------------------------------+"
- echo "| You probably need to run this, or something like this, for your system: |"
- echo "| |"
- echo "| sudo apt -y install libev-dev libjemalloc-dev python2-dev libxml2-dev |"
- echo "| sudo apt -y install libpython2-dev libc-ares-dev libsystemd-dev |"
- echo "| sudo apt -y install libevent-dev libjansson-dev zlib1g-dev cargo |"
- echo "| |"
- echo "| Rust may be needed too, see https://rustup.rs for the details |"
- echo "+-------------------------------------------------------------------------+"
- echo
- echo
-fi
-
-if [ `uname -s` = "Darwin" ]; then
- echo "+-------------------------------------------------------------------------+"
- echo "| When building on a Mac, be aware that the Apple version of clang may |"
- echo "| fail to build curl due to the issue described here: |"
- echo "| https://github.com/curl/curl/issues/11391#issuecomment-1623890325 |"
- echo "+-------------------------------------------------------------------------+"
-fi
-
-if [ -z ${QUICHE_BSSL_PATH+x} ]; then
- QUICHE_BSSL_PATH=${TMP_QUICHE_BSSL_PATH:-"${BASE}/boringssl/lib"}
+SCRIPT_PATH=$(dirname $0)
+# We make boringssl tools first.
+BASE=${BASE:-"/opt"}/h3-tools-boringssl ${SCRIPT_PATH}/build_boringssl_h3_tools.sh
+if [ $? -ne 0 ]; then
+ echo "build_boringssl_h3_tools script Failed."
+ exit 1
fi
-set -x
-if [ `uname -s` = "Linux" ]
-then
- num_threads=$(nproc)
-elif [ `uname -s` = "FreeBSD" ]
-then
- num_threads=$(sysctl -n hw.ncpu)
-else
- # MacOS.
- num_threads=$(sysctl -n hw.logicalcpu)
+# then openssl/quictls.
+BASE=${BASE:-"/opt"}/h3-tools-openssl ${SCRIPT_PATH}/build_openssl_h3_tools.sh
+if [ $? -ne 0 ]; then
+ echo "build_openssl_h3_tools script Failed."
+ exit 1
fi
-
-# boringssl
-echo "Building boringssl..."
-
-# We need this go version.
-sudo mkdir -p ${BASE}/go
-
-if [ `uname -m` = "arm64" -o `uname -m` = "aarch64" ]; then
- ARCH="arm64"
-else
- ARCH="amd64"
-fi
-
-if [ `uname -s` = "Darwin" ]; then
- OS="darwin"
-elif [ `uname -s` = "FreeBSD" ]; then
- OS="freebsd"
-else
- OS="linux"
-fi
-
-wget https://go.dev/dl/go1.21.6.${OS}-${ARCH}.tar.gz
-sudo rm -rf ${BASE}/go && sudo tar -C ${BASE} -xf go1.21.6.${OS}-${ARCH}.tar.gz
-rm go1.21.6.${OS}-${ARCH}.tar.gz
-sudo chmod -R a+rX ${BASE}
-
-GO_BINARY_PATH=${BASE}/go/bin/go
-if [ ! -d boringssl ]; then
- git clone https://boringssl.googlesource.com/boringssl
- cd boringssl
- git checkout a1843d660b47116207877614af53defa767be46a
- cd ..
-fi
-cd boringssl
-cmake \
- -B build-shared \
- -DGO_EXECUTABLE=${GO_BINARY_PATH} \
- -DCMAKE_INSTALL_PREFIX=${BASE}/boringssl \
- -DCMAKE_BUILD_TYPE=Release \
- -DCMAKE_CXX_FLAGS='-Wno-error=ignored-attributes' \
- -DBUILD_SHARED_LIBS=1
-cmake \
- -B build-static \
- -DGO_EXECUTABLE=${GO_BINARY_PATH} \
- -DCMAKE_INSTALL_PREFIX=${BASE}/boringssl \
- -DCMAKE_BUILD_TYPE=Release \
- -DCMAKE_CXX_FLAGS='-Wno-error=ignored-attributes' \
- -DBUILD_SHARED_LIBS=0
-cmake --build build-shared -j ${num_threads}
-cmake --build build-static -j ${num_threads}
-sudo cmake --install build-shared
-sudo cmake --install build-static
-sudo chmod -R a+rX ${BASE}
-cd ..
-
-# Build quiche
-# Steps borrowed from: https://github.com/apache/trafficserver-ci/blob/main/docker/rockylinux8/Dockerfile
-echo "Building quiche"
-QUICHE_BASE="${BASE:-/opt}/quiche"
-[ ! -d quiche ] && git clone --recursive https://github.com/cloudflare/quiche.git
-cd quiche
-git checkout 0.20.1
-QUICHE_BSSL_PATH=${QUICHE_BSSL_PATH} QUICHE_BSSL_LINK_KIND=dylib cargo build -j4 --package quiche --release --features ffi,pkg-config-meta,qlog
-sudo mkdir -p ${QUICHE_BASE}/lib/pkgconfig
-sudo mkdir -p ${QUICHE_BASE}/include
-sudo cp target/release/libquiche.a ${QUICHE_BASE}/lib/
-[ -f target/release/libquiche.so ] && sudo cp target/release/libquiche.so ${QUICHE_BASE}/lib/
-sudo cp quiche/include/quiche.h ${QUICHE_BASE}/include/
-sudo cp target/release/quiche.pc ${QUICHE_BASE}/lib/pkgconfig
-sudo chmod -R a+rX ${BASE}
-cd ..
-
-echo "Building OpenSSL with QUIC support"
-[ ! -d openssl-quic ] && git clone -b ${OPENSSL_BRANCH} --depth 1 https://github.com/quictls/openssl.git openssl-quic
-cd openssl-quic
-./config enable-tls1_3 --prefix=${OPENSSL_PREFIX}
-${MAKE} -j ${num_threads}
-sudo ${MAKE} install_sw
-sudo chmod -R a+rX ${BASE}
-
-# The symlink target provides a more convenient path for the user while also
-# providing, in the symlink source, the precise branch of the OpenSSL build.
-sudo ln -sf ${OPENSSL_PREFIX} ${OPENSSL_BASE}
-sudo chmod -R a+rX ${BASE}
-cd ..
-
-# OpenSSL will install in /lib or lib64 depending upon the architecture.
-if [ -d "${OPENSSL_PREFIX}/lib" ]; then
- OPENSSL_LIB="${OPENSSL_PREFIX}/lib"
-elif [ -d "${OPENSSL_PREFIX}/lib64" ]; then
- OPENSSL_LIB="${OPENSSL_PREFIX}/lib64"
-else
- echo "Could not find the OpenSSL install library directory."
- exit 1
-fi
-LDFLAGS=${LDFLAGS:-"-Wl,-rpath,${OPENSSL_LIB}"}
-
-# Then nghttp3
-echo "Building nghttp3..."
-[ ! -d nghttp3 ] && git clone --depth 1 -b v1.2.0 https://github.com/ngtcp2/nghttp3.git
-cd nghttp3
-git submodule update --init
-autoreconf -if
-./configure \
- --prefix=${BASE} \
- PKG_CONFIG_PATH=${BASE}/lib/pkgconfig:${OPENSSL_LIB}/pkgconfig \
- CFLAGS="${CFLAGS}" \
- CXXFLAGS="${CXXFLAGS}" \
- LDFLAGS="${LDFLAGS}" \
- --enable-lib-only
-${MAKE} -j ${num_threads}
-sudo ${MAKE} install
-sudo chmod -R a+rX ${BASE}
-cd ..
-
-# Now ngtcp2
-echo "Building ngtcp2..."
-[ ! -d ngtcp2 ] && git clone --depth 1 -b v1.4.0 https://github.com/ngtcp2/ngtcp2.git
-cd ngtcp2
-autoreconf -if
-./configure \
- --prefix=${BASE} \
- PKG_CONFIG_PATH=${BASE}/lib/pkgconfig:${OPENSSL_LIB}/pkgconfig \
- CFLAGS="${CFLAGS}" \
- CXXFLAGS="${CXXFLAGS}" \
- LDFLAGS="${LDFLAGS}" \
- --enable-lib-only
-${MAKE} -j ${num_threads}
-sudo ${MAKE} install
-sudo chmod -R a+rX ${BASE}
-cd ..
-
-# Then nghttp2, with support for H3
-echo "Building nghttp2 ..."
-[ ! -d nghttp2 ] && git clone --depth 1 -b v1.60.0 https://github.com/tatsuhiro-t/nghttp2.git
-cd nghttp2
-git submodule update --init
-autoreconf -if
-if [ `uname -s` = "Darwin" ] || [ `uname -s` = "FreeBSD" ]
-then
- # --enable-app requires systemd which is not available on Mac/FreeBSD.
- ENABLE_APP=""
-else
- ENABLE_APP="--enable-app"
-fi
-
-# Note for FreeBSD: This will not build h2load. h2load can be run on a remote machine.
-./configure \
- --prefix=${BASE} \
- PKG_CONFIG_PATH=${BASE}/lib/pkgconfig:${OPENSSL_LIB}/pkgconfig \
- CFLAGS="${CFLAGS}" \
- CXXFLAGS="${CXXFLAGS}" \
- LDFLAGS="${LDFLAGS} -L${OPENSSL_LIB}" \
- --enable-http3 \
- ${ENABLE_APP}
-${MAKE} -j ${num_threads}
-sudo ${MAKE} install
-sudo chmod -R a+rX ${BASE}
-cd ..
-
-# Then curl
-echo "Building curl ..."
-[ ! -d curl ] && git clone --depth 1 -b curl-8_7_1 https://github.com/curl/curl.git
-cd curl
-# On mac autoreconf fails on the first attempt with an issue finding ltmain.sh.
-# The second runs fine.
-autoreconf -fi || autoreconf -fi
-./configure \
- --prefix=${BASE} \
- --with-ssl=${OPENSSL_PREFIX} \
- --with-nghttp2=${BASE} \
- --with-nghttp3=${BASE} \
- --with-ngtcp2=${BASE} \
- CFLAGS="${CFLAGS}" \
- CXXFLAGS="${CXXFLAGS}" \
- LDFLAGS="${LDFLAGS}"
-${MAKE} -j ${num_threads}
-sudo ${MAKE} install
-sudo chmod -R a+rX ${BASE}
-cd ..
diff --git a/tools/build_h3_tools.sh b/tools/build_openssl_h3_tools.sh
similarity index 79%
copy from tools/build_h3_tools.sh
copy to tools/build_openssl_h3_tools.sh
index ff5f2ffa5b..cc4d358b75 100755
--- a/tools/build_h3_tools.sh
+++ b/tools/build_openssl_h3_tools.sh
@@ -1,6 +1,7 @@
#!/usr/bin/env bash
#
-# Simple script to build OpenSSL and various tools with H3 and QUIC support.
+# Simple script to build OpenSSL and various tools with H3 and QUIC support
+# including quiche+openssl-quictls.
# This probably needs to be modified based on platform.
#
# Licensed to the Apache Software Foundation (ASF) under one
@@ -25,24 +26,24 @@ WORKDIR="$(mktemp -d)"
readonly WORKDIR
cd "${WORKDIR}"
-echo "Building H3 dependencies in ${WORKDIR} ..."
# Update this as the draft we support updates.
OPENSSL_BRANCH=${OPENSSL_BRANCH:-"openssl-3.1.4+quic"}
# Set these, if desired, to change these to your preferred installation
# directory
-BASE=${BASE:-"/opt/ats_h3_tools"}
+BASE=${BASE:-"/opt/h3-tools-openssl"}
OPENSSL_BASE=${OPENSSL_BASE:-"${BASE}/openssl-quic"}
OPENSSL_PREFIX=${OPENSSL_PREFIX:-"${OPENSSL_BASE}-${OPENSSL_BRANCH}"}
MAKE="make"
+echo "Building openssl/quictls H3 dependencies in ${WORKDIR}. Installation will be done in ${BASE}"
+
CFLAGS=${CFLAGS:-"-O3 -g"}
CXXFLAGS=${CXXFLAGS:-"-O3 -g"}
if [ -e /etc/redhat-release ]; then
MAKE="gmake"
- TMP_QUICHE_BSSL_PATH="${BASE}/boringssl/lib64"
echo "+-------------------------------------------------------------------------+"
echo "| You probably need to run this, or something like this, for your system: |"
echo "| |"
@@ -55,7 +56,6 @@ if [ -e /etc/redhat-release ]; then
echo
echo
elif [ -e /etc/debian_version ]; then
- TMP_QUICHE_BSSL_PATH="${BASE}/boringssl/lib"
echo "+-------------------------------------------------------------------------+"
echo "| You probably need to run this, or something like this, for your system: |"
echo "| |"
@@ -77,10 +77,6 @@ if [ `uname -s` = "Darwin" ]; then
echo "+-------------------------------------------------------------------------+"
fi
-if [ -z ${QUICHE_BSSL_PATH+x} ]; then
- QUICHE_BSSL_PATH=${TMP_QUICHE_BSSL_PATH:-"${BASE}/boringssl/lib"}
-fi
-
set -x
if [ `uname -s` = "Linux" ]
then
@@ -93,77 +89,6 @@ else
num_threads=$(sysctl -n hw.logicalcpu)
fi
-# boringssl
-echo "Building boringssl..."
-
-# We need this go version.
-sudo mkdir -p ${BASE}/go
-
-if [ `uname -m` = "arm64" -o `uname -m` = "aarch64" ]; then
- ARCH="arm64"
-else
- ARCH="amd64"
-fi
-
-if [ `uname -s` = "Darwin" ]; then
- OS="darwin"
-elif [ `uname -s` = "FreeBSD" ]; then
- OS="freebsd"
-else
- OS="linux"
-fi
-
-wget https://go.dev/dl/go1.21.6.${OS}-${ARCH}.tar.gz
-sudo rm -rf ${BASE}/go && sudo tar -C ${BASE} -xf go1.21.6.${OS}-${ARCH}.tar.gz
-rm go1.21.6.${OS}-${ARCH}.tar.gz
-sudo chmod -R a+rX ${BASE}
-
-GO_BINARY_PATH=${BASE}/go/bin/go
-if [ ! -d boringssl ]; then
- git clone https://boringssl.googlesource.com/boringssl
- cd boringssl
- git checkout a1843d660b47116207877614af53defa767be46a
- cd ..
-fi
-cd boringssl
-cmake \
- -B build-shared \
- -DGO_EXECUTABLE=${GO_BINARY_PATH} \
- -DCMAKE_INSTALL_PREFIX=${BASE}/boringssl \
- -DCMAKE_BUILD_TYPE=Release \
- -DCMAKE_CXX_FLAGS='-Wno-error=ignored-attributes' \
- -DBUILD_SHARED_LIBS=1
-cmake \
- -B build-static \
- -DGO_EXECUTABLE=${GO_BINARY_PATH} \
- -DCMAKE_INSTALL_PREFIX=${BASE}/boringssl \
- -DCMAKE_BUILD_TYPE=Release \
- -DCMAKE_CXX_FLAGS='-Wno-error=ignored-attributes' \
- -DBUILD_SHARED_LIBS=0
-cmake --build build-shared -j ${num_threads}
-cmake --build build-static -j ${num_threads}
-sudo cmake --install build-shared
-sudo cmake --install build-static
-sudo chmod -R a+rX ${BASE}
-cd ..
-
-# Build quiche
-# Steps borrowed from: https://github.com/apache/trafficserver-ci/blob/main/docker/rockylinux8/Dockerfile
-echo "Building quiche"
-QUICHE_BASE="${BASE:-/opt}/quiche"
-[ ! -d quiche ] && git clone --recursive https://github.com/cloudflare/quiche.git
-cd quiche
-git checkout 0.20.1
-QUICHE_BSSL_PATH=${QUICHE_BSSL_PATH} QUICHE_BSSL_LINK_KIND=dylib cargo build -j4 --package quiche --release --features ffi,pkg-config-meta,qlog
-sudo mkdir -p ${QUICHE_BASE}/lib/pkgconfig
-sudo mkdir -p ${QUICHE_BASE}/include
-sudo cp target/release/libquiche.a ${QUICHE_BASE}/lib/
-[ -f target/release/libquiche.so ] && sudo cp target/release/libquiche.so ${QUICHE_BASE}/lib/
-sudo cp quiche/include/quiche.h ${QUICHE_BASE}/include/
-sudo cp target/release/quiche.pc ${QUICHE_BASE}/lib/pkgconfig
-sudo chmod -R a+rX ${BASE}
-cd ..
-
echo "Building OpenSSL with QUIC support"
[ ! -d openssl-quic ] && git clone -b ${OPENSSL_BRANCH} --depth 1 https://github.com/quictls/openssl.git openssl-quic
cd openssl-quic
@@ -189,6 +114,27 @@ else
fi
LDFLAGS=${LDFLAGS:-"-Wl,-rpath,${OPENSSL_LIB}"}
+# Build quiche
+# Steps borrowed from: https://github.com/apache/trafficserver-ci/blob/main/docker/rockylinux8/Dockerfile
+echo "Building quiche"
+QUICHE_BASE="${BASE:-/opt}/quiche"
+[ ! -d quiche ] && git clone https://github.com/cloudflare/quiche.git
+cd quiche
+git checkout 0.21.0
+
+PKG_CONFIG_PATH="$OPENSSL_LIB"/pkgconfig LD_LIBRARY_PATH="$OPENSSL_LIB" \
+ cargo build -j4 --package quiche --release --features ffi,pkg-config-meta,qlog,openssl
+
+sudo mkdir -p ${QUICHE_BASE}/lib/pkgconfig
+sudo mkdir -p ${QUICHE_BASE}/include
+sudo cp target/release/libquiche.a ${QUICHE_BASE}/lib/
+[ -f target/release/libquiche.so ] && sudo cp target/release/libquiche.so ${QUICHE_BASE}/lib/
+sudo cp quiche/include/quiche.h ${QUICHE_BASE}/include/
+sudo cp target/release/quiche.pc ${QUICHE_BASE}/lib/pkgconfig
+sudo chmod -R a+rX ${BASE}
+cd ..
+
+
# Then nghttp3
echo "Building nghttp3..."
[ ! -d nghttp3 ] && git clone --depth 1 -b v1.2.0 https://github.com/ngtcp2/nghttp3.git