From c53e71a29fcd66ad7956060088230173b7dfba17 Mon Sep 17 00:00:00 2001 From: Mohammad Akhlaghi Date: Mon, 3 Dec 2018 16:12:09 +0000 Subject: Trusted CA certificates also downloaded for Wget usage To enable easy downloading of HTTPS links with Wget (this pipeline's defaut downloader), we need a set of trusted CA certificates. Until the time that we can generate one ourselves, one generic set of trusted CA certificates is now downloaded like a tarball and placed in the OpenSSL configuration directory. With these CA certificates, within the pipeline we can now safely use the pipeline's own installed Wget. --- reproduce/src/make/dependencies-basic.mk | 26 ++++++++++++++++++-------- reproduce/src/make/dependencies-build-rules.mk | 1 + reproduce/src/make/download.mk | 2 +- 3 files changed, 20 insertions(+), 9 deletions(-) (limited to 'reproduce') diff --git a/reproduce/src/make/dependencies-basic.mk b/reproduce/src/make/dependencies-basic.mk index 0f66b06..c8babe1 100644 --- a/reproduce/src/make/dependencies-basic.mk +++ b/reproduce/src/make/dependencies-basic.mk @@ -95,6 +95,7 @@ all: $(foreach p, $(top-level-programs), $(ibdir)/$(p)) tarballs = $(foreach t, bash-$(bash-version).tar.gz \ binutils-$(binutils-version).tar.lz \ bzip2-$(bzip2-version).tar.gz \ + cert.pem \ coreutils-$(coreutils-version).tar.xz \ diffutils-$(diffutils-version).tar.xz \ findutils-$(findutils-version).tar.lz \ @@ -129,6 +130,7 @@ $(tarballs): $(tdir)/%: if [ $$n = bash ]; then w=http://ftpmirror.gnu.org/gnu/bash; \ elif [ $$n = binutils ]; then w=http://ftpmirror.gnu.org/gnu/binutils; \ elif [ $$n = bzip ]; then w=http://akhlaghi.org/src; \ + elif [ $$n = cert ]; then w=http://akhlaghi.org/src; \ elif [ $$n = coreutils ]; then w=http://ftpmirror.gnu.org/gnu/coreutils;\ elif [ $$n = diffutils ]; then w=http://ftpmirror.gnu.org/gnu/diffutils;\ elif [ $$n = findutils ]; then w=http://akhlaghi.org/src; \ @@ -318,19 +320,25 @@ $(ilidir)/zlib: $(tdir)/zlib-$(zlib-version).tar.gz \ # OpenSSL: Some programs/libraries later need dynamic linking. So we'll # build libssl (and libcrypto) dynamically also. # +# Until we find a nice and generic way to create an updated CA file in the +# pipeline, the certificates will be available in a file for this pipeline +# along with the other tarballs. +# # In case you do want a static OpenSSL and libcrypto, then uncomment the # following conditional and put $(openssl-static) in the configure options. # #ifeq ($(static_build),yes) #openssl-static = no-dso no-dynamic-engine no-shared #endif -$(ilidir)/openssl: $(tdir)/openssl-$(openssl-version).tar.gz \ +$(ilidir)/openssl: $(tdir)/openssl-$(openssl-version).tar.gz \ + $(tdir)/cert.pem \ $(ilidir)/zlib | $(idir)/etc - $(call gbuild, $<, openssl-$(openssl-version), , \ - --openssldir=$(idir)/etc/ssl \ - --with-zlib-lib=$(ildir) \ - --with-zlib-include=$(idir)/include zlib ) \ - && echo "OpenSSL is built" > $@ + $(call gbuild, $<, openssl-$(openssl-version), , \ + --openssldir=$(idir)/etc/ssl \ + --with-zlib-lib=$(ildir) \ + --with-zlib-include=$(idir)/include zlib ) && \ + cp $(tdir)/cert.pem $(idir)/etc/ssl/cert.pem && \ + echo "OpenSSL is built and ready" > $@ # GNU Wget # @@ -373,8 +381,10 @@ $(ibdir)/grep: $(tdir)/grep-$(grep-version).tar.xz \ $(call gbuild, $<, grep-$(grep-version), static) $(ibdir)/ls: $(tdir)/coreutils-$(coreutils-version).tar.xz \ - $(ibdir)/make - $(call gbuild, $<, coreutils-$(coreutils-version), static) + $(ilidir)/openssl + # Coreutils will use the hashing features of OpenSSL's `libcrypto'. + $(call gbuild, $<, coreutils-$(coreutils-version), static, + --with-openssl) $(ibdir)/pkg-config: $(tdir)/pkg-config-$(pkgconfig-version).tar.gz \ $(ibdir)/make diff --git a/reproduce/src/make/dependencies-build-rules.mk b/reproduce/src/make/dependencies-build-rules.mk index 457d5fe..af2be95 100644 --- a/reproduce/src/make/dependencies-build-rules.mk +++ b/reproduce/src/make/dependencies-build-rules.mk @@ -81,6 +81,7 @@ gbuild = if [ x$(static_build) = xyes ] && [ $(3)x = staticx ]; then \ else configop="$$shellop --prefix=$(idir)"; \ fi; \ \ + echo; echo "Using '$$confscript' to configure..."; echo; \ ./$$confscript $(4) $$configop && \ make "$$shellop" $(5) && \ $$check && \ diff --git a/reproduce/src/make/download.mk b/reproduce/src/make/download.mk index 37789e2..260fd0c 100644 --- a/reproduce/src/make/download.mk +++ b/reproduce/src/make/download.mk @@ -68,7 +68,7 @@ $(inputdatasets): $(indir)/%.fits: | $(indir) $(lockdir) ln -s $(INDIR)/$$origname $@ else touch $(lockdir)/download - flock $(lockdir)/download $(DOWNLOADER) $@ $$url/$$origname + flock $(lockdir)/download wget -O$@ $$url/$$origname fi # Check the md5 sum to see if this is the proper dataset. -- cgit v1.2.1