From 57d2b4d27c66147ed689e6e5d6e83f81dd1880c0 Mon Sep 17 00:00:00 2001 From: nmburgan <13688219+nmburgan@users.noreply.github.com> Date: Thu, 6 Nov 2025 18:34:42 -0800 Subject: [PATCH] Massive cleanup This attempts to clean up the logic in as many configs as possible. Not only has the code turned into a bit of spaghetti over the years, but it contains a lot of dead code. In general, the strategy here is to: - Remove any platforms we will never build for (old). - Keep platforms we don't currently build, but might in the future. - In the future, we plan to move these runtime builds into the repos themselves (openvox/packaging and openbolt/packaging). - After this, each branch will maintain its version of the packaging code. Specifically, this commit: - Removes anything to do with Ruby 2.7. If we need to go back to build 7.x, we can make a branch from a prior commit. - Removes anything to do with AIX 7.1 or SLES 11, any 32-bit platforms, and any other platforms we will never build for. Leave in AIX and Solaris 10/11 code, as there is a nonzero chance we might look at these platforms in the future. - Reduces code branching and indirection by integrating several files that were previously shared by different versions of components. We should not need to build more than one Ruby version for a particular OpenVox branch, for example, so integrate _base-ruby.rb into the ruby component. - Removes old components no longer used. - Integrates patches from mac_crosscompile branch. We aren't 100% sure we will be doing cross compilation for macos-all-x86_64, so attempted to keep things as flexible as possible until then. - Attempts to make code more readable and compact --- configs/components/_base-ruby-augeas.rb | 121 ------- configs/components/_base-ruby-selinux.rb | 145 --------- configs/components/_base-ruby.rb | 110 ------- configs/components/_base-rubygem.rb | 23 +- configs/components/augeas.rb | 145 ++++----- configs/components/curl.rb | 55 +--- configs/components/dmidecode.rb | 15 +- configs/components/libedit.rb | 17 +- configs/components/libffi.rb | 34 +- configs/components/libxml2.rb | 26 +- configs/components/libxslt.rb | 10 +- configs/components/libyaml.rb | 30 +- configs/components/openssl-1.0.2.rb | 182 ----------- configs/components/openssl-1.1.1-fips.rb | 94 ------ configs/components/openssl-1.1.1.rb | 200 ------------ configs/components/openssl-3.0.rb | 73 ++--- configs/components/openssl-fips-2.0.16.rb | 37 --- configs/components/pl-ruby-patch.rb | 6 +- configs/components/readline.rb | 7 +- configs/components/ruby-2.7-augeas.rb | 18 -- configs/components/ruby-2.7-selinux.rb | 17 - configs/components/ruby-2.7.8.rb | 299 ------------------ configs/components/ruby-3.2.rb | 228 ++++++------- configs/components/ruby-augeas.rb | 85 ++++- configs/components/ruby-selinux.rb | 140 +++++++- configs/components/ruby-shadow.rb | 8 +- configs/components/rubygem-CFPropertyList.rb | 1 + configs/components/rubygem-fast_gettext.rb | 1 + configs/components/rubygem-ffi.rb | 95 +++--- configs/components/rubygem-mini_portile2.rb | 15 - configs/components/rubygem-sys-filesystem.rb | 1 + configs/components/runtime-agent.rb | 47 +-- configs/components/virt-what.rb | 5 +- configs/platforms/aix-7.2-ppc.rb | 2 + configs/platforms/debian-11-armhf.rb | 1 + configs/platforms/debian-12-armhf.rb | 1 + configs/platforms/el-8-ppc64le.rb | 1 + configs/platforms/el-9-ppc64le.rb | 1 + configs/platforms/macos-all-x86_64.rb | 6 +- configs/projects/_shared-agent-components.rb | 83 ----- configs/projects/_shared-agent-settings.rb | 243 -------------- configs/projects/_shared-compiler-settings.rb | 24 -- configs/projects/agent-runtime-7.x.rb | 76 ----- configs/projects/agent-runtime-main.rb | 238 +++++++++++--- configs/projects/openbolt-runtime.rb | 216 ++++++------- resources/files/ruby/patch-hostruby.rb | 10 +- .../ruby-augeas-0.5.0-patch_c_extension.patch | 12 - ...-0.5.0-patch_remove_unused_parameter.patch | 12 - resources/patches/curl/CVE-2023-27535.patch | 146 --------- resources/patches/curl/CVE-2023-28319.patch | 17 - resources/patches/curl/CVE-2023-32001.patch | 24 -- resources/patches/curl/CVE-2023-38545.patch | 27 -- resources/patches/curl/CVE-2023-38546.patch | 125 -------- resources/patches/curl/CVE-2023-46218.patch | 45 --- resources/patches/curl/CVE-2024-2004.patch | 63 ---- resources/patches/curl/CVE-2024-2398.patch | 215 ------------- resources/patches/curl/CVE-2024-7264.patch | 93 ------ resources/patches/curl/CVE-2024-8096.patch | 189 ----------- .../patches/libffi/revert_clang_32bit.patch | 23 -- .../patches/ruby_32/target_rbconfig.patch | 32 ++ .../FORCEINLINE-i686-w64-mingw32-winnt.h | 70 ---- tasks/update_gems.rake | 8 +- 62 files changed, 889 insertions(+), 3404 deletions(-) delete mode 100644 configs/components/_base-ruby-augeas.rb delete mode 100644 configs/components/_base-ruby-selinux.rb delete mode 100644 configs/components/_base-ruby.rb delete mode 100644 configs/components/openssl-1.0.2.rb delete mode 100644 configs/components/openssl-1.1.1-fips.rb delete mode 100644 configs/components/openssl-1.1.1.rb delete mode 100644 configs/components/openssl-fips-2.0.16.rb delete mode 100644 configs/components/ruby-2.7-augeas.rb delete mode 100644 configs/components/ruby-2.7-selinux.rb delete mode 100644 configs/components/ruby-2.7.8.rb delete mode 100644 configs/components/rubygem-mini_portile2.rb delete mode 100644 configs/projects/_shared-agent-components.rb delete mode 100644 configs/projects/_shared-agent-settings.rb delete mode 100644 configs/projects/_shared-compiler-settings.rb delete mode 100644 configs/projects/agent-runtime-7.x.rb delete mode 100644 resources/patches/augeas/ruby-augeas-0.5.0-patch_c_extension.patch delete mode 100644 resources/patches/augeas/ruby-augeas-0.5.0-patch_remove_unused_parameter.patch delete mode 100644 resources/patches/curl/CVE-2023-27535.patch delete mode 100644 resources/patches/curl/CVE-2023-28319.patch delete mode 100644 resources/patches/curl/CVE-2023-32001.patch delete mode 100644 resources/patches/curl/CVE-2023-38545.patch delete mode 100644 resources/patches/curl/CVE-2023-38546.patch delete mode 100644 resources/patches/curl/CVE-2023-46218.patch delete mode 100644 resources/patches/curl/CVE-2024-2004.patch delete mode 100644 resources/patches/curl/CVE-2024-2398.patch delete mode 100644 resources/patches/curl/CVE-2024-7264.patch delete mode 100644 resources/patches/curl/CVE-2024-8096.patch delete mode 100644 resources/patches/libffi/revert_clang_32bit.patch create mode 100644 resources/patches/ruby_32/target_rbconfig.patch delete mode 100644 resources/patches/windows/FORCEINLINE-i686-w64-mingw32-winnt.h diff --git a/configs/components/_base-ruby-augeas.rb b/configs/components/_base-ruby-augeas.rb deleted file mode 100644 index f3a1a352..00000000 --- a/configs/components/_base-ruby-augeas.rb +++ /dev/null @@ -1,121 +0,0 @@ -##### -# Component release information: -# https://github.com/hercules-team/ruby-augeas/releases -# Notes: -# This file is a basis for multiple versions/targets of ruby-augeas. -# It should not be included as a component; Instead other components should -# load it with instance_eval. See ruby-x.y-augeas.rb configs. -##### - -pkg.add_source("file://resources/patches/augeas/ruby-augeas-0.5.0-patch_c_extension.patch") - -# We can remove the below patch after https://github.com/hercules-team/ruby-augeas/pull/17 is merged. -pkg.add_source("file://resources/patches/augeas/ruby-augeas-0.5.0-patch_remove_unused_parameter.patch") - -# These can be overridden by the including component. -ruby_version ||= settings[:ruby_version] -host_ruby ||= settings[:host_ruby] -ruby_dir ||= settings[:ruby_dir] -ruby_bindir ||= settings[:ruby_bindir] - -pkg.version "0.5.0" -pkg.md5sum "a132eace43ce13ccd059e22c0b1188ac" -pkg.url "http://download.augeas.net/ruby/ruby-augeas-#{pkg.get_version}.tgz" -pkg.mirror "#{settings[:buildsources_url]}/ruby-augeas-#{pkg.get_version}.tgz" - -pkg.build_requires "ruby-#{ruby_version}" -pkg.build_requires "augeas" - -if platform.name == 'sles-11-x86_64' - pkg.environment "PATH", "/opt/pl-build-tools/bin:$(PATH)" -else - pkg.environment "PATH", "$(PATH):/opt/pl-build-tools/bin:/usr/local/bin:/opt/csw/bin:/usr/ccs/bin:/usr/sfw/bin" -end - -if platform.is_aix? - if platform.name == 'aix-7.1-ppc' - pkg.environment "CC", "/opt/pl-build-tools/bin/gcc" - # pl-build-tools was added to PATH above - else - pkg.environment "CC", "/opt/freeware/bin/gcc" - pkg.environment "PATH", "$(PATH):/opt/freeware/bin" - end - pkg.environment "RUBY", host_ruby - pkg.environment "LDFLAGS", " -brtl #{settings[:ldflags]}" -end - -pkg.environment "CONFIGURE_ARGS", '--vendor' -pkg.environment "PKG_CONFIG_PATH", "#{File.join(settings[:libdir], 'pkgconfig')}:/usr/lib/pkgconfig" - -if platform.is_solaris? - if platform.is_cross_compiled? - pkg.environment "RUBY", host_ruby - end - - if !platform.is_cross_compiled? && platform.architecture == 'sparc' - ruby = File.join(ruby_bindir, 'ruby') - else - # This should really only be done when cross compiling but - # to avoid breaking solaris x86_64 in 7.x continue preloading - # our hook. - ruby = "#{host_ruby} -r#{settings[:datadir]}/doc/rbconfig-#{ruby_version}-orig.rb" - end -elsif platform.is_cross_compiled? - if platform.is_linux? || platform.is_macos? - pkg.environment "RUBY", host_ruby - pkg.environment 'CC', 'clang -target arm64-apple-macos11' if platform.name =~ /osx-11/ - pkg.environment 'CC', 'clang -target arm64-apple-macos12' if platform.name =~ /osx-12/ - ruby = "#{host_ruby} -r#{settings[:datadir]}/doc/rbconfig-#{ruby_version}-orig.rb" - pkg.environment "LDFLAGS", settings[:ldflags] - end -elsif platform.is_macos? - if platform.architecture == 'arm64' - pkg.environment "PATH", "$(PATH):/opt/homebrew/bin" - end - pkg.environment 'CC', settings[:cc] - pkg.environment 'CFLAGS', settings[:cflags] - pkg.environment "LDFLAGS", settings[:ldflags] - pkg.environment 'MACOSX_DEPLOYMENT_TARGET', settings[:deployment_target] - ruby = File.join(ruby_bindir, 'ruby') -else - ruby = File.join(ruby_bindir, 'ruby') -end - -pkg.build do - build_commands = [] - if ruby_version =~ /^3/ - build_commands << "#{platform.patch} --strip=2 --fuzz=0 --ignore-whitespace --no-backup-if-mismatch < ../ruby-augeas-0.5.0-patch_c_extension.patch" - end - build_commands << "#{platform.patch} --strip=2 --fuzz=0 --ignore-whitespace --no-backup-if-mismatch < ../ruby-augeas-0.5.0-patch_remove_unused_parameter.patch" - build_commands << "#{ruby} ext/augeas/extconf.rb" - build_commands << "#{platform[:make]} -e -j$(shell expr $(shell #{platform[:num_cores]}) + 1)" - - build_commands -end - -if settings[:ruby_vendordir] - augeas_rb_target = File.join(settings[:ruby_vendordir], 'augeas.rb') -else - # If no alternate vendordir has been set, install into default - # vendordir for this ruby version. - augeas_rb_target = File.join(ruby_dir, 'lib', 'ruby', 'vendor_ruby', 'augeas.rb') -end - -pkg.install_file 'lib/augeas.rb', augeas_rb_target - -pkg.install do - [ - "#{platform[:make]} -e -j$(shell expr $(shell #{platform[:num_cores]}) + 1) DESTDIR=/ install", - ] -end - -if platform.is_solaris? || platform.is_cross_compiled_linux? - pkg.install do - "chown root:root #{augeas_rb_target}" - end -end - -# Clean after install in case we are building for multiple rubies. -pkg.install do - "#{platform[:make]} -e clean" -end diff --git a/configs/components/_base-ruby-selinux.rb b/configs/components/_base-ruby-selinux.rb deleted file mode 100644 index e900c5c2..00000000 --- a/configs/components/_base-ruby-selinux.rb +++ /dev/null @@ -1,145 +0,0 @@ -##### -# Component release information: -# https://github.com/SELinuxProject/selinux/releases -# Notes: -# This file is a basis for multiple versions/targets of ruby-selinux. -# It should not be included as a component; Instead other components should -# load it with instance_eval. See ruby-x.y-selinux.rb configs. -##### - -pkg.add_source("file://resources/patches/ruby-selinux/selinuxswig_ruby_wrap.patch") -pkg.add_source("file://resources/patches/ruby-selinux/selinuxswig_ruby_undefining_allocator.patch") -pkg.add_source("file://resources/patches/ruby-selinux/undefining_allocator_el_7.patch") - -# These can be overridden by the including component. -ruby_version ||= settings[:ruby_version] -host_ruby ||= settings[:host_ruby] -ruby_bindir ||= settings[:ruby_bindir] - -# We download tarballs because system development packages (e.g. -# libselinux-devel) don't necessarily include Swig interface files (*.i files) -if platform.name =~ /el-(6|7)|ubuntu-(16|18.04-amd64)/ - pkg.version "2.0.94" - pkg.md5sum "544f75aab11c2af352facc51af12029f" - pkg.url "https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20100525/devel/libselinux-#{pkg.get_version}.tar.gz" -elsif platform.name.start_with?('el-9') - # SELinux 3.3 is the minimum version available in RHEL 9 repos - pkg.version '3.3' - pkg.sha256sum 'acfdee27633d2496508c28727c3d41d3748076f66d42fccde2e6b9f3463a7057' - pkg.url "https://github.com/SELinuxProject/selinux/releases/download/#{pkg.get_version}/libselinux-#{pkg.get_version}.tar.gz" -elsif platform.name.start_with?('debian-12') - # SELinux 3.4 is the minimum version available in Debian 12 repos - pkg.version '3.4' - pkg.sha256sum '77c294a927e6795c2e98f74b5c3adde9c8839690e9255b767c5fca6acff9b779' - pkg.url "https://github.com/SELinuxProject/selinux/releases/download/#{pkg.get_version}/libselinux-#{pkg.get_version}.tar.gz" - pkg.build_requires 'python3-distutils' -elsif platform.name.start_with?('debian-13') - # SELinux 3.8.1 is the minimum version available in Debian 13 repos - # Double check when Trixie is released - pkg.version '3.8.1' - pkg.sha256sum 'ec2d2789f931152d21c1db1eb4bc202ce4eccede34d9be9e360e3b45243cee2c' - pkg.url "https://github.com/SELinuxProject/selinux/releases/download/#{pkg.get_version}/libselinux-#{pkg.get_version}.tar.gz" - pkg.build_requires 'python3-setuptools' -elsif platform.name.start_with?('ubuntu-24') - # SELinux 3.5 is the minimum version available in Ubuntu 24 repos - pkg.version '3.5' - pkg.sha256sum '9a3a3705ac13a2ccca2de6d652b6356fead10f36fb33115c185c5ccdf29eec19' - pkg.url "https://github.com/SELinuxProject/selinux/releases/download/#{pkg.get_version}/libselinux-#{pkg.get_version}.tar.gz" - pkg.build_requires 'python3-setuptools' -elsif platform.name =~ /el-10|ubuntu-25.04/ - # SELinux 3.7 is the minimum version available in RHEL 10 repos - pkg.version '3.7' - pkg.sha256sum 'ea03f42d13a4f95757997dba8cf0b26321fac5d2f164418b4cc856a92d2b17bd' - pkg.url "https://github.com/SELinuxProject/selinux/releases/download/#{pkg.get_version}/libselinux-#{pkg.get_version}.tar.gz" - pkg.build_requires 'python3-setuptools' -else - pkg.version "2.9" - pkg.md5sum "bb449431b6ed55a0a0496dbc366d6e31" - pkg.apply_patch "resources/patches/ruby-selinux/selinux-29-function.patch" - pkg.url "https://github.com/SELinuxProject/selinux/releases/download/20190315/libselinux-#{pkg.get_version}.tar.gz" -end -pkg.mirror "#{settings[:buildsources_url]}/libselinux-#{pkg.get_version}.tar.gz" - -pkg.build_requires "ruby-#{ruby_version}" -cc = "/opt/pl-build-tools/bin/gcc" -system_include = '-I/usr/include' -ruby = "#{ruby_bindir}/ruby -rrbconfig" - -# The RHEL 9 libselinux-devel package provides headers, but we don't want to -# use the package becuase of a compatibility issue with the shared library. -# Instead, we use the headers provided in the tarball. -system_include.prepend('-I./include ') if platform.name =~ /el-(9|10)/ - -if platform.is_cross_compiled_linux? - cc = "/opt/pl-build-tools/bin/#{settings[:platform_triple]}-gcc" - system_include = "-I/opt/pl-build-tools/#{settings[:platform_triple]}/sysroot/usr/include" - pkg.environment "RUBY", host_ruby - ruby = "#{host_ruby} -r#{settings[:datadir]}/doc/rbconfig-#{ruby_version}-orig.rb" -end - -cflags = "" - -# The platforms below use pl-build-tools -unless platform.name =~ /el-6|ubuntu-(16-amd64)/ - cc = '/usr/bin/gcc' - cflags += "#{settings[:cppflags]} #{settings[:cflags]}" -end - -pkg.build do - steps = [ - "export RUBYHDRDIR=$(shell #{ruby} -e 'puts RbConfig::CONFIG[\"rubyhdrdir\"]')", - "export VENDORARCHDIR=$(shell #{ruby} -e 'puts RbConfig::CONFIG[\"vendorarchdir\"]')", - "export ARCHDIR=$${RUBYHDRDIR}/$(shell #{ruby} -e 'puts RbConfig::CONFIG[\"arch\"]')", - "export INCLUDESTR=\"-I#{settings[:includedir]} -I$${RUBYHDRDIR} -I$${ARCHDIR}\"", - "cp -pr src/{selinuxswig_ruby.i,selinuxswig.i} .", - "swig -Wall -ruby #{system_include} -o selinuxswig_ruby_wrap.c -outdir ./ selinuxswig_ruby.i" - ] - - if ruby_version =~ /^3/ - # swig 4.1 generated interface does not need patching, so skip - # when running debian >= 12, fedora >= 40, etc - unless (platform.is_debian? && platform.os_version.to_i >= 12) || - (platform.is_fedora? && platform.os_version.to_i >= 40) || - (platform.is_ubuntu? && platform.os_version.to_i >= 24) || - (platform.is_el? && platform.os_version.to_i >= 10) - steps << "#{platform.patch} --strip=0 --fuzz=0 --ignore-whitespace --no-backup-if-mismatch < ../selinuxswig_ruby_wrap.patch" - end - # EL 7 uses an older version of swig (2.0) so a different patch is needed to - # fix warning:undefining the allocator of T_DATA class - if platform.name =~ /el-7|redhatfips-7/ - steps << "#{platform.patch} --strip=0 --fuzz=0 --ignore-whitespace --no-backup-if-mismatch < ../undefining_allocator_el_7.patch" - else - # Ubuntu 24, Fedora 40, EL 10, and Debian 13 use a newer swig that already has the fix that's - # being patched - unless (platform.is_fedora? && platform.os_version.to_i >= 40) || - (platform.is_ubuntu? && platform.os_version.to_i >= 24) || - (platform.is_el? && platform.os_version.to_i >= 10) || - (platform.is_debian? && platform.os_version.to_i >= 13) - steps << "#{platform.patch} --strip=0 --fuzz=0 --ignore-whitespace --no-backup-if-mismatch < ../selinuxswig_ruby_undefining_allocator.patch" - end - end - end - - # libselinux 3.3 is the minimum version we want to build on RHEL 9, but the - # libeselinux-devel-3.3 package confusingly installs a shared library that - # uses 3.4. The hacky workaround for this is to symlink an existing library. - # PDK builds two Rubies so check if symlink exists first. Similar issue - # exists for RHEL 10. - if platform.name =~ /el-(9|10)/ - steps << 'if [ ! -L /usr/lib64/libselinux.so ]; then ln -s /usr/lib64/libselinux.so.1 /usr/lib64/libselinux.so; fi' - end - - steps.concat([ - "#{cc} $${INCLUDESTR} #{system_include} #{cflags} -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -fPIC -DSHARED -c -o selinuxswig_ruby_wrap.lo selinuxswig_ruby_wrap.c", - "#{cc} $${INCLUDESTR} #{system_include} -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -shared -o _rubyselinux.so selinuxswig_ruby_wrap.lo -lselinux -Wl,-z,relro,-z,now,-soname,_rubyselinux.so", - ]) -end - -pkg.install do - [ - "export VENDORARCHDIR=$(shell #{ruby} -e 'puts RbConfig::CONFIG[\"vendorarchdir\"]')", - "install -d $${VENDORARCHDIR}", - "install -p -m755 _rubyselinux.so $${VENDORARCHDIR}/selinux.so", - "#{platform[:make]} -e clean", - ] -end diff --git a/configs/components/_base-ruby.rb b/configs/components/_base-ruby.rb deleted file mode 100644 index b23db021..00000000 --- a/configs/components/_base-ruby.rb +++ /dev/null @@ -1,110 +0,0 @@ -# This file is a basis for multiple ruby versions. -# It should not be included as a component; Instead other components should -# load it with instance_eval. See ruby-x.y.z.rb configs. - -# Condensed version, e.g. '2.4.3' -> '243' -ruby_version_condensed = pkg.get_version.tr('.', '') -# Y version, e.g. '2.4.3' -> '2.4' -ruby_version_y = pkg.get_version.gsub(/(\d+)\.(\d+)(\.\d+)?/, '\1.\2') - -pkg.mirror "#{settings[:buildsources_url]}/ruby-#{pkg.get_version}.tar.gz" -pkg.url "https://cache.ruby-lang.org/pub/ruby/#{ruby_version_y}/ruby-#{pkg.get_version}.tar.gz" - - -# These may have been overridden in the including file, -# if not then default them back to original values. -ruby_dir ||= settings[:ruby_dir] -ruby_bindir ||= settings[:ruby_bindir] - - -############# -# ENVIRONMENT -############# - -if platform.is_aix? - if platform.name == 'aix-7.1-ppc' - pkg.environment "CC", "/opt/pl-build-tools/bin/gcc" - else - pkg.environment "CC", "/opt/freeware/bin/gcc" - end - pkg.environment 'LDFLAGS', "#{settings[:ldflags]} -Wl,-bmaxdata:0x80000000" -elsif platform.is_solaris? - # See PA-5639, if we decide to go without OpenCSW GCC then we can simplify this logic - if ruby_version_y >= '3.0' - if !platform.is_cross_compiled? && platform.architecture == 'sparc' - pkg.environment 'PATH', "#{settings[:bindir]}:/opt/pl-build-tools/bin:/opt/csw/bin:/usr/ccs/bin:/usr/sfw/bin:$(PATH)" - pkg.environment 'CC', "/opt/pl-build-tools/bin/#{settings[:platform_triple]}-gcc" - else - pkg.environment 'PATH', "#{settings[:bindir]}:/opt/csw/bin:/usr/ccs/bin:/usr/sfw/bin:$(PATH)" - pkg.environment 'CC', '/opt/csw/bin/gcc' - pkg.environment 'LD', '/opt/csw/bin/gld' - pkg.environment 'AR', '/opt/csw/bin/gar' - end - else - pkg.environment 'PATH', "#{settings[:bindir]}:/usr/ccs/bin:/usr/sfw/bin:$(PATH):/opt/csw/bin" - pkg.environment 'CC', "/opt/pl-build-tools/bin/#{settings[:platform_triple]}-gcc" - end - pkg.environment 'CXX', "/opt/pl-build-tools/bin/#{settings[:platform_triple]}-g++" - pkg.environment 'LDFLAGS', "-Wl,-rpath=#{settings[:libdir]}" - if platform.os_version == '10' - # ./configure uses /bin/sh as the default shell when running config.sub on Solaris 10; - # This doesn't work and halts the configure process. Set CONFIG_SHELL to force use of bash: - pkg.environment 'CONFIG_SHELL', '/bin/bash' - end -elsif platform.is_cross_compiled_linux? - pkg.environment 'PATH', "#{settings[:bindir]}:$(PATH)" - pkg.environment 'CC', "/opt/pl-build-tools/bin/#{settings[:platform_triple]}-gcc" - pkg.environment 'CXX', "/opt/pl-build-tools/bin/#{settings[:platform_triple]}-g++" - pkg.environment 'LDFLAGS', "-Wl,-rpath=#{settings[:libdir]}" -elsif platform.is_windows? - pkg.environment "PATH", "$(shell cygpath -u #{settings[:gcc_bindir]}):$(shell cygpath -u #{settings[:tools_root]}/bin):$(shell cygpath -u #{settings[:tools_root]}/include):$(shell cygpath -u #{settings[:bindir]}):$(shell cygpath -u #{ruby_bindir}):$(shell cygpath -u #{settings[:includedir]}):$(PATH)" - pkg.environment 'CYGWIN', settings[:cygwin] - pkg.environment 'LDFLAGS', settings[:ldflags] - optflags = settings[:cflags] + ' -O3' - pkg.environment 'optflags', optflags - pkg.environment 'CFLAGS', optflags -elsif platform.is_macos? - pkg.environment 'optflags', settings[:cflags] - pkg.environment 'CFLAGS', settings[:cflags] - pkg.environment 'CC', settings[:cc] - pkg.environment 'MACOSX_DEPLOYMENT_TARGET', settings[:deployment_target] -elsif settings[:supports_pie] - pkg.environment 'LDFLAGS', settings[:ldflags] - pkg.environment 'optflags', settings[:cflags] -end - -#################### -# BUILD REQUIREMENTS -#################### - -pkg.build_requires "openssl-#{settings[:openssl_version]}" - -if platform.is_aix? - pkg.build_requires "runtime-#{settings[:runtime_project]}" - if platform.name == 'aix-7.1-ppc' - pkg.build_requires "libedit" - else - pkg.build_requires "readline" - end -elsif platform.is_solaris? - pkg.build_requires "runtime-#{settings[:runtime_project]}" - pkg.build_requires "libedit" if platform.name =~ /^solaris-10-sparc/ -elsif platform.is_cross_compiled_linux? - pkg.build_requires "runtime-#{settings[:runtime_project]}" -end - -####### -# BUILD -####### - -pkg.build do - "#{platform[:make]} -j$(shell expr $(shell #{platform[:num_cores]}) + 1)" -end - -######### -# INSTALL -######### - -pkg.install do - [ "#{platform[:make]} -j$(shell expr $(shell #{platform[:num_cores]}) + 1) install" ] -end diff --git a/configs/components/_base-rubygem.rb b/configs/components/_base-rubygem.rb index bf1c3133..498212cd 100644 --- a/configs/components/_base-rubygem.rb +++ b/configs/components/_base-rubygem.rb @@ -6,7 +6,7 @@ name = pkg.get_name.gsub('rubygem-', '') unless name && !name.empty? - raise "Rubygem component files that instance_eval _base-rubygem must be named rubygem-.rb" + raise 'Rubygem component files that instance_eval _base-rubygem must be named rubygem-.rb' end version = pkg.get_version @@ -15,27 +15,36 @@ end pkg.build_requires "runtime-#{settings[:runtime_project]}" -pkg.build_requires "pl-ruby-patch" if platform.is_cross_compiled? +pkg.build_requires "ruby-#{settings[:ruby_version]}" +pkg.build_requires 'pl-ruby-patch' if platform.is_cross_compiled? if platform.is_windows? - pkg.environment "PATH", "$(shell cygpath -u #{settings[:gcc_bindir]}):$(shell cygpath -u #{settings[:ruby_bindir]}):$(shell cygpath -u #{settings[:bindir]}):/cygdrive/c/Windows/system32:/cygdrive/c/Windows:/cygdrive/c/Windows/System32/WindowsPowerShell/v1.0:$(PATH)" + pkg.environment 'PATH', "$(shell cygpath -u #{settings[:gcc_bindir]}):$(shell cygpath -u #{settings[:ruby_bindir]}):$(shell cygpath -u #{settings[:bindir]}):/cygdrive/c/Windows/system32:/cygdrive/c/Windows:/cygdrive/c/Windows/System32/WindowsPowerShell/v1.0:$(PATH)" +end + +if platform.is_macos? + pkg.environment 'CC', settings[:cc] + pkg.environment 'CXX', settings[:cxx] + pkg.environment 'LDFLAGS', settings[:ldflags] + pkg.environment 'CPPFLAGS', settings[:cppflags] + pkg.environment 'CFLAGS', settings[:cflags] + pkg.environment 'MACOSX_DEPLOYMENT_TARGET', settings[:deployment_target] end # When cross-compiling, we can't use the rubygems we just built. # Instead we use the host gem installation and override GEM_HOME. Yay? -pkg.environment "GEM_HOME", settings[:gem_home] -pkg.environment "GEM_PATH", settings[:gem_home] +pkg.environment 'GEM_HOME', settings[:gem_home] +pkg.environment 'GEM_PATH', settings[:gem_home] # PA-25 in order to install gems in a cross-compiled environment we need to # set RUBYLIB to include puppet and hiera, so that their gemspecs can resolve # hiera/version and puppet/version requires. Without this the gem install # will fail by blowing out the stack. if settings[:ruby_vendordir] - pkg.environment "RUBYLIB", "#{settings[:ruby_vendordir]}:$(RUBYLIB)" + pkg.environment 'RUBYLIB', "#{settings[:ruby_vendordir]}:$(RUBYLIB)" end pkg.url("https://rubygems.org/downloads/#{name}-#{version}.gem") -pkg.mirror("#{settings[:buildsources_url]}/#{name}-#{version}.gem") # If a gem needs more command line options to install set the :gem_install_options # in its component file rubygem-, before the instance_eval of this file. diff --git a/configs/components/augeas.rb b/configs/components/augeas.rb index 9300f7ba..3dd0d1cf 100644 --- a/configs/components/augeas.rb +++ b/configs/components/augeas.rb @@ -2,136 +2,115 @@ # Component release information: https://github.com/hercules-team/augeas/releases ##### component 'augeas' do |pkg, settings, platform| - version = settings[:augeas_version] || '1.14.1' - pkg.version version - - case version - when '1.14.1' - pkg.md5sum 'ac31216268b4b64809afd3a25f2515e5' - - pkg.apply_patch 'resources/patches/augeas/augeas-1.14.1-return_reg_enosys.patch' - when '1.12.0' - pkg.md5sum '74f1c7b8550f4e728486091f6b907175' - + pkg.version '1.14.1' + pkg.sha256sum '368bfdd782e4b9c7163baadd621359c82b162734864b667051ff6bcb57b9edff' + pkg.url "https://github.com/hercules-team/augeas/releases/download/release-#{pkg.get_version}/augeas-#{pkg.get_version}.tar.gz" + + extra_config_flags = '' + ##### + # Solaris and AIX differences + ##### + # Solaris and AIX depend on libedit which breaks augeas compliation starting with 1.13.0 + # Releases from 1.13.0 onward are only available from github + if platform.is_solaris? + pkg.version '1.12.0' + pkg.sha256sum '321942c9cc32185e2e9cb72d0a70eea106635b50269075aca6714e3ec282cb87' + pkg.url "http://download.augeas.net/augeas-#{pkg.get_version}.tar.gz" pkg.apply_patch 'resources/patches/augeas/augeas-1.12.0-allow-ad-groups-in-sudoers.patch' pkg.apply_patch 'resources/patches/augeas/augeas-1.12.0-allow-hyphen-postgresql-lens.patch' else - raise "augeas version #{version} has not been configured; Cannot continue." - end - - # releases from 1.13.0 onward are only available from github - if Gem::Version.new(pkg.get_version) < Gem::Version.new('1.13.0') - # this url may be removed once 1.12.0 is no longer supported - pkg.url "http://download.augeas.net/augeas-#{pkg.get_version}.tar.gz" - else - pkg.url "https://github.com/hercules-team/augeas/releases/download/release-#{pkg.get_version}/augeas-#{pkg.get_version}.tar.gz" + pkg.apply_patch 'resources/patches/augeas/augeas-1.14.1-return_reg_enosys.patch' end - if ['1.12.0', '1.14.1'].include?(version) - if platform.is_el? || platform.is_fedora? - # Augeas 1.11.0 needs a libselinux pkgconfig file on these platforms: - pkg.build_requires 'ruby-selinux' + if platform.name =~ /solaris-10-sparc/ + # This patch to gnulib fixes a linking error around symbol versioning in pthread. + pkg.add_source "file://resources/patches/augeas/augeas-#{version}-gnulib-pthread-in-use.patch" + pkg.configure do + # gnulib is a submodule, and its files don't exist until after configure, + # so we apply the patch manually here instead of using pkg.apply_patch. + ["/usr/bin/gpatch -p0 < ../augeas-#{version}-gnulib-pthread-in-use.patch"] end + end - if platform.name =~ /solaris-10-sparc/ - # This patch to gnulib fixes a linking error around symbol versioning in pthread. - pkg.add_source "file://resources/patches/augeas/augeas-#{version}-gnulib-pthread-in-use.patch" - pkg.configure do - # gnulib is a submodule, and its files don't exist until after configure, - # so we apply the patch manually here instead of using pkg.apply_patch. - ["/usr/bin/gpatch -p0 < ../augeas-#{version}-gnulib-pthread-in-use.patch"] - end - end + extra_config_flags = ' --disable-dependency-tracking' if platform.name =~ /solaris-11|aix/ + ##### - if platform.is_macos? - pkg.build_requires 'readline' - pkg.build_requires 'autoconf' - pkg.build_requires 'automake' - pkg.build_requires 'libtool' - end - - extra_config_flags = platform.name =~ /solaris-11|aix/ ? " --disable-dependency-tracking" : "" + if platform.is_el? || platform.is_fedora? + # Augeas 1.11.0+ needs a libselinux pkgconfig file on these platforms + pkg.build_requires 'ruby-selinux' end - pkg.mirror "#{settings[:buildsources_url]}/augeas-#{pkg.get_version}.tar.gz" + if platform.is_macos? + pkg.build_requires 'readline' + pkg.build_requires 'autoconf' + pkg.build_requires 'automake' + pkg.build_requires 'libtool' + end - pkg.build_requires "libxml2" + pkg.build_requires 'libxml2' # Ensure we're building against our own libraries when present - pkg.environment "PKG_CONFIG_PATH", "#{settings[:libdir]}/pkgconfig" + pkg.environment 'PKG_CONFIG_PATH', "#{settings[:libdir]}/pkgconfig" if platform.is_aix? - if platform.name == 'aix-7.1-ppc' - pkg.environment "CC", "/opt/pl-build-tools/bin/gcc" - else - pkg.environment "CC", "/opt/freeware/bin/gcc" - pkg.environment "PATH", "/opt/freeware/bin:$(PATH):#{settings[:bindir]}" - end + pkg.environment 'CC', '/opt/freeware/bin/gcc' + pkg.environment 'PATH', "/opt/freeware/bin:$(PATH):#{settings[:bindir]}" pkg.build_requires "runtime-#{settings[:runtime_project]}" - if platform.name == 'aix-7.1-ppc' - pkg.build_requires 'libedit' - else - pkg.build_requires 'readline' - end + pkg.build_requires 'readline' - pkg.environment "LDFLAGS", settings[:ldflags] - pkg.environment "CFLAGS", "-I#{settings[:includedir]}" + pkg.environment 'LDFLAGS', settings[:ldflags] + pkg.environment 'CFLAGS', "-I#{settings[:includedir]}" end if platform.is_rpm? && !platform.is_aix? if platform.architecture =~ /aarch64|ppc64|ppc64le/ pkg.build_requires "runtime-#{settings[:runtime_project]}" - pkg.environment "PATH", "/opt/pl-build-tools/bin:$(PATH):#{settings[:bindir]}" - pkg.environment "CFLAGS", settings[:cflags] - pkg.environment "LDFLAGS", settings[:ldflags] + pkg.environment 'PATH', "$(PATH):#{settings[:bindir]}" + pkg.environment 'CFLAGS', settings[:cflags] + pkg.environment 'LDFLAGS', settings[:ldflags] end elsif platform.is_deb? pkg.requires 'libreadline6' if platform.is_cross_compiled_linux? - pkg.environment "PATH", "/opt/pl-build-tools/bin:$(PATH):#{settings[:bindir]}" - pkg.environment "CFLAGS", settings[:cflags] - pkg.environment "LDFLAGS", settings[:ldflags] + pkg.environment 'PATH', "$(PATH):#{settings[:bindir]}" + pkg.environment 'CFLAGS', settings[:cflags] + pkg.environment 'LDFLAGS', settings[:ldflags] end elsif platform.is_solaris? - pkg.environment "PATH", "/opt/pl-build-tools/bin:$(PATH):/usr/local/bin:/usr/ccs/bin:/usr/sfw/bin:#{settings[:bindir]}" - pkg.environment "CFLAGS", settings[:cflags] - pkg.environment "LDFLAGS", settings[:ldflags] + pkg.environment 'PATH', "$(PATH):/usr/local/bin:/usr/ccs/bin:/usr/sfw/bin:#{settings[:bindir]}" + pkg.environment 'CFLAGS', settings[:cflags] + pkg.environment 'LDFLAGS', settings[:ldflags] pkg.build_requires 'libedit' pkg.build_requires "runtime-#{settings[:runtime_project]}" - if platform.os_version == "10" - pkg.environment "PKG_CONFIG_PATH", "/opt/csw/lib/pkgconfig" - pkg.environment "PKG_CONFIG", "/opt/csw/bin/pkg-config" + if platform.os_version == '10' + pkg.environment 'PKG_CONFIG_PATH', '/opt/csw/lib/pkgconfig' + pkg.environment 'PKG_CONFIG', '/opt/csw/bin/pkg-config' elsif !platform.is_cross_compiled? && platform.architecture == 'sparc' - pkg.environment "PKG_CONFIG_PATH", "#{settings[:libdir]}/pkgconfig" - pkg.environment "PKG_CONFIG", "/usr/bin/pkg-config" - else - pkg.environment "PKG_CONFIG_PATH", "/usr/lib/pkgconfig" - pkg.environment "PKG_CONFIG", "/opt/pl-build-tools/bin/pkg-config" + pkg.environment 'PKG_CONFIG_PATH', "#{settings[:libdir]}/pkgconfig" + pkg.environment 'PKG_CONFIG', '/usr/bin/pkg-config' end elsif platform.is_macos? pkg.environment 'PATH', '$(PATH):/opt/homebrew/bin:/usr/local/bin' pkg.environment 'CFLAGS', settings[:cflags] pkg.environment 'CPPFLAGS', settings[:cppflags] - pkg.environment "LDFLAGS", settings[:ldflags] + pkg.environment 'LDFLAGS', settings[:ldflags] pkg.environment 'CC', settings[:cc] pkg.environment 'CXX', settings[:cxx] pkg.environment 'MACOSX_DEPLOYMENT_TARGET', settings[:deployment_target] end - if settings[:supports_pie] - pkg.environment 'CFLAGS', settings[:cflags] - pkg.environment 'CPPFLAGS', settings[:cppflags] - pkg.environment "LDFLAGS", settings[:ldflags] - end + pkg.environment 'CFLAGS', settings[:cflags] + pkg.environment 'CPPFLAGS', settings[:cppflags] + pkg.environment 'LDFLAGS', settings[:ldflags] # fix libtool linking on big sur if platform.is_macos? - if platform.architecture == 'arm64' - pkg.configure { ["/opt/homebrew/bin/autoreconf --force --install"] } + if platform.architecture == 'arm64' || platform.is_cross_compiled? + pkg.configure { ['/opt/homebrew/bin/autoreconf --force --install'] } else - pkg.configure { ["/usr/local/bin/autoreconf --force --install"] } + pkg.configure { ['/usr/local/bin/autoreconf --force --install'] } end end diff --git a/configs/components/curl.rb b/configs/components/curl.rb index 4741255f..1c0f6e99 100644 --- a/configs/components/curl.rb +++ b/configs/components/curl.rb @@ -2,57 +2,30 @@ # Component release information: https://github.com/curl/curl/releases ##### component 'curl' do |pkg, settings, platform| - # Projects may define a :curl_version setting - version = settings[:curl_version] || '8.15.0' - pkg.version version - - case version - when '7.88.1' - pkg.sha256sum 'cdb38b72e36bc5d33d5b8810f8018ece1baa29a8f215b4495e495ded82bbf3c7' - when '8.15.0' - pkg.sha256sum 'd85cfc79dc505ff800cb1d321a320183035011fa08cb301356425d86be8fc53c' - else - raise "curl version #{version} has not been configured; Cannot continue." - end - + pkg.version '8.15.0' + pkg.sha256sum 'd85cfc79dc505ff800cb1d321a320183035011fa08cb301356425d86be8fc53c' pkg.url "https://curl.se/download/curl-#{pkg.get_version}.tar.gz" - pkg.mirror "#{settings[:buildsources_url]}/curl-#{pkg.get_version}.tar.gz" pkg.build_requires "openssl-#{settings[:openssl_version]}" - pkg.build_requires "puppet-ca-bundle" + pkg.build_requires 'puppet-ca-bundle' ldflags = settings[:ldflags] if platform.is_cross_compiled_linux? pkg.build_requires "runtime-#{settings[:runtime_project]}" - pkg.environment "PATH", "/opt/pl-build-tools/bin:$(PATH):#{settings[:bindir]}" - pkg.environment "PKG_CONFIG_PATH", "/opt/puppetlabs/puppet/lib/pkgconfig" - pkg.environment "PATH", "/opt/pl-build-tools/bin:$(PATH)" + pkg.environment 'PATH', "$(PATH):#{settings[:bindir]}" + pkg.environment 'PKG_CONFIG_PATH', '/opt/puppetlabs/puppet/lib/pkgconfig' elsif platform.is_windows? pkg.build_requires "runtime-#{settings[:runtime_project]}" - pkg.environment "PATH", "$(shell cygpath -u #{settings[:gcc_bindir]}):$(PATH)" - pkg.environment "NM" , "/usr/bin/nm" if platform.name =~ /windowsfips-2016/ - pkg.environment "CYGWIN", settings[:cygwin] - elsif platform.is_aix? && platform.name != 'aix-7.1-ppc' - pkg.environment "PKG_CONFIG_PATH", "/opt/puppetlabs/puppet/lib/pkgconfig" + pkg.environment 'PATH', "$(shell cygpath -u #{settings[:gcc_bindir]}):$(PATH)" + pkg.environment 'NM' , '/usr/bin/nm' if platform.name =~ /windowsfips-2016/ + pkg.environment 'CYGWIN', settings[:cygwin] + elsif platform.is_aix? + pkg.environment 'PKG_CONFIG_PATH', '/opt/puppetlabs/puppet/lib/pkgconfig' pkg.environment 'PATH', "/opt/freeware/bin:$(PATH):#{settings[:bindir]}" # exclude -Wl,-brtl ldflags = "-L#{settings[:libdir]}" else - pkg.environment "PATH", "/opt/pl-build-tools/bin:$(PATH):#{settings[:bindir]}" - end - - # Following lines should we removed once we drop curl 7 - if version.start_with?('7') - pkg.apply_patch 'resources/patches/curl/CVE-2023-27535.patch' - pkg.apply_patch 'resources/patches/curl/CVE-2023-28319.patch' - pkg.apply_patch 'resources/patches/curl/CVE-2023-32001.patch' - pkg.apply_patch 'resources/patches/curl/CVE-2023-38545.patch' - pkg.apply_patch 'resources/patches/curl/CVE-2023-38546.patch' - pkg.apply_patch 'resources/patches/curl/CVE-2023-46218.patch' - pkg.apply_patch 'resources/patches/curl/CVE-2024-2004.patch' - pkg.apply_patch 'resources/patches/curl/CVE-2024-2398.patch' - pkg.apply_patch 'resources/patches/curl/CVE-2024-7264.patch' - pkg.apply_patch 'resources/patches/curl/CVE-2024-8096.patch' + pkg.environment 'PATH', "$(PATH):#{settings[:bindir]}" end configure_options = [] @@ -60,13 +33,13 @@ # OpenSSL version 3.0 & up no longer ships by default the insecure algorithms # that curl's ntlm module depends on (md4 & des). - if !settings[:use_legacy_openssl_algos] && settings[:openssl_version] =~ /^3\./ - configure_options << "--disable-ntlm" + if !settings[:use_legacy_openssl_algos] + configure_options << '--disable-ntlm' end if (platform.is_solaris? && platform.os_version == '11') || platform.is_aix? # Makefile generation with automatic dependency tracking fails on these platforms - configure_options << "--disable-dependency-tracking" + configure_options << '--disable-dependency-tracking' end if platform.is_macos? diff --git a/configs/components/dmidecode.rb b/configs/components/dmidecode.rb index 92d97547..9f9bca81 100644 --- a/configs/components/dmidecode.rb +++ b/configs/components/dmidecode.rb @@ -7,18 +7,13 @@ pkg.apply_patch 'resources/patches/dmidecode/dmidecode-install-to-bin.patch' pkg.url "http://download-mirror.savannah.gnu.org/releases/dmidecode/dmidecode-#{pkg.get_version}.tar.xz" - pkg.mirror "#{settings[:buildsources_url]}/dmidecode-#{pkg.get_version}.tar.xz" - pkg.environment "LDFLAGS", settings[:ldflags] - pkg.environment "CFLAGS", settings[:cflags] + pkg.environment 'LDFLAGS', settings[:ldflags] + pkg.environment 'CFLAGS', settings[:cflags] - if platform.is_cross_compiled? - # The Makefile doesn't honor environment overrides, so we need to - # edit it directly for cross-compiling - pkg.configure do - ["sed -i \"s|gcc|/opt/pl-build-tools/bin/#{settings[:platform_triple]}-gcc|g\" Makefile"] - end - end + # The Makefile doesn't honor environment overrides, so if you need to + # override the compiler (e.g., when cross-compiling), add a pkg.configure + # here that `sed`s the Makefile to replace `gcc` with the desired compiler. pkg.build do ["#{platform[:make]} -j$(shell expr $(shell #{platform[:num_cores]}) + 1)"] diff --git a/configs/components/libedit.rb b/configs/components/libedit.rb index bb626305..24377c2f 100644 --- a/configs/components/libedit.rb +++ b/configs/components/libedit.rb @@ -7,22 +7,11 @@ ##### component 'libedit' do |pkg, settings, platform| pkg.version '20150325-3.1' - pkg.md5sum '43cdb5df3061d78b5e9d59109871b4f6' + pkg.sha256sum 'c88a5e4af83c5f40dda8455886ac98923a9c33125699742603a88a0253fcc8c5' pkg.url "http://thrysoee.dk/editline/libedit-#{pkg.get_version}.tar.gz" - pkg.mirror "#{settings[:buildsources_url]}/libedit-#{pkg.get_version}.tar.gz" - pkg.environment "PATH", "/opt/pl-build-tools/bin:$(PATH)" - - if platform.is_solaris? - pkg.environment "CC", "/opt/pl-build-tools/bin/#{settings[:platform_triple]}-gcc" - elsif platform.is_aix? - pkg.environment "CC", "/opt/pl-build-tools/bin/gcc" - pkg.environment "LDFLAGS", settings[:ldflags] - end - - if platform.is_macos? - pkg.environment "CFLAGS", settings[:cflags] - end + pkg.environment 'CFLAGS', settings[:cflags] if platform.is_macos? + pkg.environment 'LDFLAGS', settings[:ldflags] if platform.is_aix? pkg.configure do "bash configure --enable-shared --prefix=#{settings[:prefix]} #{settings[:host]}" diff --git a/configs/components/libffi.rb b/configs/components/libffi.rb index 8b65e979..124dd42b 100644 --- a/configs/components/libffi.rb +++ b/configs/components/libffi.rb @@ -5,45 +5,31 @@ pkg.version '3.5.2' pkg.sha256sum 'f3a3082a23b37c293a4fcd1053147b371f2ff91fa7ea1b2a52e335676bac82dc' pkg.url "https://github.com/libffi/libffi/releases/download/v#{pkg.get_version}/#{pkg.get_name}-#{pkg.get_version}.tar.gz" - pkg.mirror "#{settings[:buildsources_url]}/#{pkg.get_name}-#{pkg.get_version}.tar.gz" + + pkg.environment 'LDFLAGS', settings[:ldflags] + pkg.environment 'CFLAGS', settings[:cflags] if platform.is_aix? - if platform.name == 'aix-7.1-ppc' - pkg.environment "PATH", "/opt/pl-build-tools/bin:$(PATH)" - else - pkg.environment "PATH", "/opt/freeware/bin:$(PATH)" - end + pkg.environment 'PATH', '/opt/freeware/bin:$(PATH)' elsif platform.is_cross_compiled_linux? - pkg.environment "PATH", "/opt/pl-build-tools/bin:$(PATH):#{settings[:bindir]}" - pkg.environment "CFLAGS", settings[:cflags] - pkg.environment "LDFLAGS", settings[:ldflags] + pkg.environment 'PATH', "$(PATH):#{settings[:bindir]}" elsif platform.is_solaris? - pkg.environment "PATH", "/opt/pl-build-tools/bin:$(PATH):/usr/local/bin:/usr/ccs/bin:/usr/sfw/bin:#{settings[:bindir]}" + pkg.environment 'PATH', "$(PATH):/usr/local/bin:/usr/ccs/bin:/usr/sfw/bin:#{settings[:bindir]}" if !platform.is_cross_compiled? && platform.architecture == 'sparc' # must use gnu99 due to `asm` keyword # https://gcc.gnu.org/onlinedocs/gcc-7.2.0/gcc/Extended-Asm.html - pkg.environment "CFLAGS", "#{settings[:cflags]} -std=gnu99" + pkg.environment 'CFLAGS', "#{settings[:cflags]} -std=gnu99" else - pkg.environment "CFLAGS", "#{settings[:cflags]} -std=c99" + pkg.environment 'CFLAGS', "#{settings[:cflags]} -std=c99" end - pkg.environment "LDFLAGS", settings[:ldflags] pkg.environment 'MAKE', 'gmake' elsif platform.is_macos? - pkg.environment "LDFLAGS", settings[:ldflags] - pkg.environment "CFLAGS", settings[:cflags] pkg.environment 'CC', settings[:cc] pkg.environment 'MACOSX_DEPLOYMENT_TARGET', settings[:deployment_target] elsif platform.is_windows? - pkg.environment "PATH", "$(shell cygpath -u #{settings[:gcc_bindir]}):$(PATH)" - pkg.environment "LDFLAGS", settings[:ldflags] - pkg.environment "CFLAGS", settings[:cflags] - - if platform.architecture == "x86" - pkg.apply_patch "resources/patches/libffi/revert_clang_32bit.patch" - end + pkg.environment 'PATH', "$(shell cygpath -u #{settings[:gcc_bindir]}):$(PATH)" else - pkg.environment "LDFLAGS", settings[:ldflags] - pkg.environment "CFLAGS", settings[:cflags] + end pkg.build_requires "runtime-#{settings[:runtime_project]}" diff --git a/configs/components/libxml2.rb b/configs/components/libxml2.rb index 6e604a05..7a1d4418 100644 --- a/configs/components/libxml2.rb +++ b/configs/components/libxml2.rb @@ -3,36 +3,26 @@ # https://gitlab.gnome.org/GNOME/libxml2/-/releases # https://github.com/GNOME/libxml2/tags ##### -component "libxml2" do |pkg, settings, platform| +component 'libxml2' do |pkg, settings, platform| pkg.version '2.14.5' pkg.sha256sum '03d006f3537616833c16c53addcdc32a0eb20e55443cba4038307e3fa7d8d44b' libxml2_version_y = pkg.get_version.gsub(/(\d+)\.(\d+)(\.\d+)?/, '\1.\2') pkg.url "https://download.gnome.org/sources/libxml2/#{libxml2_version_y}/libxml2-#{pkg.get_version}.tar.xz" - pkg.mirror "#{settings[:buildsources_url]}/libxml2-#{pkg.get_version}.tar.xz" + + pkg.environment 'LDFLAGS', settings[:ldflags] + pkg.environment 'CFLAGS', settings[:cflags] if platform.is_aix? - if platform.name == 'aix-7.1-ppc' - pkg.environment "PATH", "/opt/pl-build-tools/bin:/opt/freeware/bin:$(PATH)" - else - pkg.environment "PATH", "/opt/freeware/bin:$(PATH)" - end + pkg.environment 'PATH', '/opt/freeware/bin:$(PATH)' elsif platform.is_cross_compiled_linux? - pkg.environment "PATH", "/opt/pl-build-tools/bin:$(PATH):#{settings[:bindir]}" - pkg.environment "CFLAGS", settings[:cflags] - pkg.environment "LDFLAGS", settings[:ldflags] + pkg.environment 'PATH', "$(PATH):#{settings[:bindir]}" elsif platform.is_solaris? - pkg.environment "PATH", "/opt/pl-build-tools/bin:$(PATH):/usr/local/bin:/usr/ccs/bin:/usr/sfw/bin:/opt/csw/bin:#{settings[:bindir]}" - pkg.environment "CFLAGS", "#{settings[:cflags]} -std=c99" - pkg.environment "LDFLAGS", settings[:ldflags] + pkg.environment 'PATH', "$(PATH):/usr/local/bin:/usr/ccs/bin:/usr/sfw/bin:/opt/csw/bin:#{settings[:bindir]}" + pkg.environment 'CFLAGS', "#{settings[:cflags]} -std=c99" elsif platform.is_macos? - pkg.environment "LDFLAGS", settings[:ldflags] - pkg.environment "CFLAGS", settings[:cflags] pkg.environment 'CC', settings[:cc] pkg.environment 'MACOSX_DEPLOYMENT_TARGET', settings[:deployment_target] - else - pkg.environment "LDFLAGS", settings[:ldflags] - pkg.environment "CFLAGS", settings[:cflags] end pkg.build_requires "runtime-#{settings[:runtime_project]}" diff --git a/configs/components/libxslt.rb b/configs/components/libxslt.rb index 3bbe8400..6db54cc9 100644 --- a/configs/components/libxslt.rb +++ b/configs/components/libxslt.rb @@ -14,13 +14,9 @@ pkg.build_requires "libxml2" if platform.is_aix? - if platform.name == 'aix-7.1-ppc' - pkg.environment "PATH", "/opt/pl-build-tools/bin:/opt/freeware/bin:$(PATH)" - else - pkg.environment "PATH", "/opt/freeware/bin:$(PATH)" - end + pkg.environment "PATH", "/opt/freeware/bin:$(PATH)" elsif platform.is_cross_compiled_linux? - pkg.environment "PATH", "/opt/pl-build-tools/bin:$(PATH):#{settings[:bindir]}" + pkg.environment "PATH", "$(PATH):#{settings[:bindir]}" pkg.environment "CFLAGS", settings[:cflags] pkg.environment "LDFLAGS", settings[:ldflags] @@ -29,7 +25,7 @@ # don't depend on libgcrypto disable_crypto = "--without-crypto" elsif platform.is_solaris? - pkg.environment "PATH", "/opt/pl-build-tools/bin:$(PATH):/usr/local/bin:/usr/ccs/bin:/usr/sfw/bin:/opt/csw/bin:#{settings[:bindir]}" + pkg.environment "PATH", "$(PATH):/usr/local/bin:/usr/ccs/bin:/usr/sfw/bin:/opt/csw/bin:#{settings[:bindir]}" pkg.environment "CFLAGS", settings[:cflags] pkg.environment "LDFLAGS", settings[:ldflags] elsif platform.is_macos? diff --git a/configs/components/libyaml.rb b/configs/components/libyaml.rb index dcb57bb7..ccb39ea4 100644 --- a/configs/components/libyaml.rb +++ b/configs/components/libyaml.rb @@ -3,36 +3,24 @@ ##### component 'libyaml' do |pkg, settings, platform| pkg.version '0.2.5' - pkg.md5sum 'bb15429d8fb787e7d3f1c83ae129a999' + pkg.sha256sum 'c642ae9b75fee120b2d96c712538bd2cf283228d2337df2cf2988e3c02678ef4' pkg.url "https://github.com/yaml/libyaml/releases/download/#{pkg.get_version}/yaml-#{pkg.get_version}.tar.gz" - pkg.mirror "#{settings[:buildsources_url]}/yaml-#{pkg.get_version}.tar.gz" + + pkg.environment 'LDFLAGS', settings[:ldflags] + pkg.environment 'CFLAGS', settings[:cflags] if platform.is_aix? - if platform.name == 'aix-7.1-ppc' - pkg.environment "PATH", "/opt/pl-build-tools/bin:$(PATH)" - else - pkg.environment "PATH", "/opt/freeware/bin:$(PATH)" - end + pkg.environment 'PATH', '/opt/freeware/bin:$(PATH)' elsif platform.is_cross_compiled_linux? - pkg.environment "PATH", "/opt/pl-build-tools/bin:$(PATH):#{settings[:bindir]}" - pkg.environment "CFLAGS", settings[:cflags] - pkg.environment "LDFLAGS", settings[:ldflags] + pkg.environment 'PATH', "$(PATH):#{settings[:bindir]}" elsif platform.is_solaris? - pkg.environment "PATH", "/opt/pl-build-tools/bin:$(PATH):/usr/local/bin:/usr/ccs/bin:/usr/sfw/bin:#{settings[:bindir]}" - pkg.environment "CFLAGS", "#{settings[:cflags]} -std=c99" - pkg.environment "LDFLAGS", settings[:ldflags] + pkg.environment 'PATH', "$(PATH):/usr/local/bin:/usr/ccs/bin:/usr/sfw/bin:#{settings[:bindir]}" + pkg.environment 'CFLAGS', "#{settings[:cflags]} -std=c99" elsif platform.is_macos? - pkg.environment "LDFLAGS", settings[:ldflags] - pkg.environment "CFLAGS", settings[:cflags] pkg.environment 'CC', settings[:cc] pkg.environment 'MACOSX_DEPLOYMENT_TARGET', settings[:deployment_target] elsif platform.is_windows? - pkg.environment "PATH", "$(shell cygpath -u #{settings[:gcc_bindir]}):$(PATH)" - pkg.environment "LDFLAGS", settings[:ldflags] - pkg.environment "CFLAGS", settings[:cflags] - else - pkg.environment "LDFLAGS", settings[:ldflags] - pkg.environment "CFLAGS", settings[:cflags] + pkg.environment 'PATH', "$(shell cygpath -u #{settings[:gcc_bindir]}):$(PATH)" end pkg.build_requires "runtime-#{settings[:runtime_project]}" diff --git a/configs/components/openssl-1.0.2.rb b/configs/components/openssl-1.0.2.rb deleted file mode 100644 index b627f0aa..00000000 --- a/configs/components/openssl-1.0.2.rb +++ /dev/null @@ -1,182 +0,0 @@ -##### -# Component release information: -# https://github.com/openssl/openssl/releases -# Notes: -# This is very, very old and only used for windowsfips. If OpenVox -# does a Windows FIPS build, we should replace this. -##### -component 'openssl' do |pkg, settings, platform| - pkg.version '1.0.2u' - pkg.md5sum 'cdc2638f789ecc2db2c91488265686c1' - pkg.url "https://openssl.org/source/openssl-#{pkg.get_version}.tar.gz" - pkg.mirror "#{settings[:buildsources_url]}/openssl-#{pkg.get_version}.tar.gz" - - ############################# - # ENVIRONMENT, FLAGS, TARGETS - ############################# - - target = cflags = ldflags = sslflags = '' - - if platform.is_windows? - pkg.environment 'PATH', "$(shell cygpath -u #{settings[:gcc_bindir]}):$(PATH)" - pkg.environment 'CYGWIN', settings[:cygwin] - pkg.environment 'CC', settings[:cc] - pkg.environment 'CXX', settings[:cxx] - pkg.environment 'MAKE', platform[:make] - - target = platform.architecture == 'x64' ? 'mingw64' : 'mingw' - cflags = settings[:cflags] - ldflags = settings[:ldflags] - elsif platform.is_cross_compiled_linux? - pkg.environment 'PATH', "/opt/pl-build-tools/bin:$(PATH)" - pkg.environment 'CC', "/opt/pl-build-tools/bin/#{settings[:platform_triple]}-gcc" - - cflags = "#{settings[:cflags]} -fPIC" - ldflags = "-Wl,-rpath=/opt/pl-build-tools/#{settings[:platform_triple]}/lib -Wl,-rpath=#{settings[:libdir]} -L/opt/pl-build-tools/#{settings[:platform_triple]}/lib" - target = if platform.architecture == 'aarch64' - 'linux-aarch64' - elsif platform.architecture =~ /ppc64le|ppc64el/ # Litte-endian - 'linux-ppc64le' - elsif platform.architecture =~ /ppc64/ # Big-endian - 'linux-ppc64' - end - elsif platform.is_aix? - pkg.environment "CC", "/opt/pl-build-tools/bin/gcc" - cflags = '$${CFLAGS} -static-libgcc' - target = 'aix-gcc' - elsif platform.is_solaris? - pkg.environment 'PATH', '/opt/pl-build-tools/bin:$(PATH):/usr/local/bin:/usr/ccs/bin:/usr/sfw/bin' - pkg.environment 'CC', "/opt/pl-build-tools/bin/#{settings[:platform_triple]}-gcc" - - cflags = "#{settings[:cflags]} -fPIC" - ldflags = "-R/opt/pl-build-tools/#{settings[:platform_triple]}/lib -Wl,-rpath=#{settings[:libdir]} -L/opt/pl-build-tools/#{settings[:platform_triple]}/lib" - target = platform.architecture =~ /86/ ? 'solaris-x86-gcc' : 'solaris-sparcv9-gcc' - elsif platform.is_macos? - pkg.environment 'PATH', '/opt/pl-build-tools/bin:$(PATH):/usr/local/bin' - - cflags = settings[:cflags] - target = 'darwin64-x86_64-cc' - elsif platform.is_linux? - pkg.environment 'PATH', '/opt/pl-build-tools/bin:$(PATH):/usr/local/bin' - - cflags = settings[:cflags] - ldflags = "#{settings[:ldflags]} -Wl,-z,relro" - if platform.architecture =~ /86$/ - target = 'linux-elf' - sslflags = '386' - elsif platform.architecture =~ /aarch64$/ - target = 'linux-aarch64' - elsif platform.architecture =~ /ppc64le|ppc64el/ # Little-endian - target = 'linux-ppc64le' - elsif platform.architecture =~ /64$/ - target = 'linux-x86_64' - end - end - - #################### - # BUILD REQUIREMENTS - #################### - - pkg.build_requires "runtime-#{settings[:runtime_project]}" - - ######### - # PATCHES - ######### - - if platform.is_windows? - pkg.apply_patch 'resources/patches/openssl/openssl-1.0.0l-use-gcc-instead-of-makedepend.patch' - # This patch removes the option `-DOPENSSL_USE_APPLINK` from the mingw openssl congifure target - # This brings mingw more in line with what is happening with mingw64. All applink does it makes - # it possible to use the .dll compiled with one compiler with an application compiled with a - # different compiler. Given our openssl should only be interacting with things that we build, - # we can ensure everything is build with the same compiler. - pkg.apply_patch 'resources/patches/openssl/openssl-mingw-do-not-build-applink.patch' - pkg.apply_patch 'resources/patches/openssl/openssl-enforce-fips-on-fips-mode.patch' - pkg.apply_patch 'resources/patches/openssl/openssl-low-level-access.patch' - pkg.apply_patch 'resources/patches/openssl/openssl-expose-drbg-init.patch' - elsif platform.is_aix? - pkg.apply_patch 'resources/patches/openssl/add-shell-to-engines_makefile.patch' - pkg.apply_patch 'resources/patches/openssl/openssl-1.0.0l-use-gcc-instead-of-makedepend.patch' - elsif platform.is_solaris? - pkg.apply_patch 'resources/patches/openssl/add-shell-to-engines_makefile.patch' - pkg.apply_patch 'resources/patches/openssl/openssl-1.0.0l-use-gcc-instead-of-makedepend.patch' - end - pkg.apply_patch 'resources/patches/openssl/CVE-2020-1968.patch' - pkg.apply_patch 'resources/patches/openssl/CVE-2020-1971.patch' - pkg.apply_patch 'resources/patches/openssl/CVE-2021-23839.patch' - pkg.apply_patch 'resources/patches/openssl/CVE-2021-23840.patch' - pkg.apply_patch 'resources/patches/openssl/CVE-2021-23841.patch' - pkg.apply_patch 'resources/patches/openssl/CVE-2021-3712.patch' - - ########### - # CONFIGURE - ########### - - # OpenSSL Configure doesn't honor CFLAGS or LDFLAGS as environment variables. - # Instead, those should be passed to Configure at the end of its options, as - # any unrecognized options are passed straight through to ${CC}. Defining - # --libdir ensures that we avoid the multilib (lib/ vs. lib64/) problem, - # since configure uses the existence of a lib64 directory to determine - # if it should install its own libs into a multilib dir. Yay OpenSSL! - configure_flags = [ - "--prefix=#{settings[:prefix]}", - '--libdir=lib', - "--openssldir=#{settings[:prefix]}/ssl", - 'shared', - 'no-asm', - target, - sslflags, - 'enable-rfc3779', - 'enable-tlsext', - 'no-camellia', - 'no-ec2m', - 'no-md2', - 'no-mdc2', - 'no-ssl2', - 'no-ssl3', - ] - - configure_flags += ['fips', "--with-fipsdir=#{settings[:prefix]}/usr/local/ssl/fips-2.0"] if platform.name =~ /windowsfips-/ - - # Individual projects may provide their own openssl configure flags: - project_flags = settings[:openssl_extra_configure_flags] || [] - configure_flags << project_flags << cflags << ldflags - - pkg.configure do - ["./Configure #{configure_flags.join(' ')}"] - end - - ####### - # BUILD - ####### - - pkg.build do - [ - "#{platform[:make]} depend", - "#{platform[:make]}" - ] - end - - ######### - # INSTALL - ######### - - install_prefix = platform.is_windows? ? '' : 'INSTALL_PREFIX=/' - install_commands = [] - - if platform.is_aix? - install_commands << "slibclean" - end - - install_commands << "#{platform[:make]} #{install_prefix} install" - - if settings[:runtime_project] == 'pdk' - install_commands << "rm -f #{settings[:prefix]}/bin/{openssl,c_rehash}" - end - - pkg.install do - install_commands - end - - pkg.install_file 'LICENSE', "#{settings[:prefix]}/share/doc/openssl-#{pkg.get_version}/LICENSE" -end diff --git a/configs/components/openssl-1.1.1-fips.rb b/configs/components/openssl-1.1.1-fips.rb deleted file mode 100644 index e95bacb4..00000000 --- a/configs/components/openssl-1.1.1-fips.rb +++ /dev/null @@ -1,94 +0,0 @@ -##### -# Component release information: -# https://github.com/openssl/openssl/releases -# Notes: -# This is very, very old and only used for fips. If OpenVox -# does a FIPS build, we should replace this. -##### -component 'openssl-1.1.1-fips' do |pkg, settings, platform| - pkg.version '1.1.1k-6' - pkg.sha256sum 'da536944410a0cbf5c0b6ee0b8f3ec62a9121be3b72bf2819bb4395a761662aa' - pkg.url "https://vault.centos.org/centos/8-stream/BaseOS/Source/SPackages/openssl-#{pkg.get_version}.el8.src.rpm" - pkg.mirror "#{settings[:buildsources_url]}/openssl-#{pkg.get_version}.el8.src.rpm" - - pkg.build_requires 'rpm-build' - pkg.build_requires 'krb5-devel' - pkg.build_requires 'zlib-devel' - pkg.build_requires 'lksctp-tools-devel' - pkg.build_requires 'perl-Test-Harness' - pkg.build_requires 'perl-Module-Load-Conditional' - - patch_version = pkg.get_version.match(/\d\.\d\.\d(\w)/).captures.first - ############################# - # ENVIRONMENT, FLAGS, TARGETS - ############################# - - # FIXME: pkg.apply_patch is not useful here as vanagon component does - # not know how to extract rpm and patch happend before configure step - # proper fix would be extension in vanagon for source rpm handling - pkg.add_source 'file://resources/patches/openssl/openssl-1.1.1-fips-patch-openssl-cnf.patch' - pkg.add_source 'file://resources/patches/openssl/openssl-1.1.1-fips-force-fips-mode.patch' - pkg.add_source 'file://resources/patches/openssl/openssl-1.1.1-fips-spec-file.patch' - pkg.add_source 'file://resources/patches/openssl/openssl-1.1.1-fips-remove-env-check.patch' - pkg.add_source 'file://resources/patches/openssl/openssl-1.1.1l-sm2-plaintext.patch' - pkg.add_source 'file://resources/patches/openssl/openssl-1.1.1k-CVE-2023-3446-fips.patch' - pkg.add_source 'file://resources/patches/openssl/openssl-1.1.1k-CVE-2023-5678-fips.patch' - pkg.add_source 'file://resources/patches/openssl/openssl-1.1.1k-CVE-2024-0727-fips.patch' - - if platform.name =~ /-7-/ - pkg.add_source 'file://resources/patches/openssl/openssl-1.1.1-fips-post-rand.patch' - pkg.add_source 'file://resources/patches/openssl/openssl-1.1.1-fips-edk2-build.patch' - end - - topdir = "--define \"_topdir `pwd`/openssl-#{pkg.get_version}\"" - libdir = "--define '%_libdir %{_prefix}/lib'" - prefix = "--define '%_prefix #{settings[:prefix]}'" - - pkg.configure do - [ - "rpm -i #{topdir} openssl-#{pkg.get_version}.el8.src.rpm" - ] - end - - if platform.name =~ /-7-/ - pkg.configure do - [ - "cd openssl-#{pkg.get_version} && /usr/bin/patch --strip=1 --fuzz=0 --ignore-whitespace --no-backup-if-mismatch < ../openssl-1.1.1-fips-edk2-build.patch && cd -", - "cd openssl-#{pkg.get_version} && /usr/bin/patch --strip=1 --fuzz=0 --ignore-whitespace --no-backup-if-mismatch < ../openssl-1.1.1-fips-post-rand.patch && cd -", - ] - end - end - - pkg.configure do - [ - "cd openssl-#{pkg.get_version} && /usr/bin/patch --strip=1 --fuzz=0 --ignore-whitespace --no-backup-if-mismatch < ../openssl-1.1.1-fips-patch-openssl-cnf.patch && cd -", - "cd openssl-#{pkg.get_version} && /usr/bin/patch --strip=1 --fuzz=0 --ignore-whitespace --no-backup-if-mismatch < ../openssl-1.1.1-fips-force-fips-mode.patch && cd -", - "cd openssl-#{pkg.get_version} && /usr/bin/patch --strip=1 --fuzz=0 --ignore-whitespace --no-backup-if-mismatch < ../openssl-1.1.1-fips-spec-file.patch && cd -", - "cd openssl-#{pkg.get_version} && /usr/bin/patch --strip=1 --fuzz=0 --ignore-whitespace --no-backup-if-mismatch < ../openssl-1.1.1-fips-remove-env-check.patch && cd -", - "cd openssl-#{pkg.get_version} && /usr/bin/patch --strip=1 --fuzz=0 --ignore-whitespace --no-backup-if-mismatch < ../openssl-1.1.1l-sm2-plaintext.patch && cd -", - "cd openssl-#{pkg.get_version} && /usr/bin/patch --strip=1 --fuzz=0 --ignore-whitespace --no-backup-if-mismatch < ../openssl-1.1.1k-CVE-2023-3446-fips.patch && cd -", - "cd openssl-#{pkg.get_version} && /usr/bin/patch --strip=1 --fuzz=0 --ignore-whitespace --no-backup-if-mismatch < ../openssl-1.1.1k-CVE-2023-5678-fips.patch && cd -", - "cd openssl-#{pkg.get_version} && /usr/bin/patch --strip=1 --fuzz=0 --ignore-whitespace --no-backup-if-mismatch < ../openssl-1.1.1k-CVE-2024-0727-fips.patch && cd -" - ] - end - - pkg.build do - [ - 'if [ -f /etc/system-fips ]; then mv /etc/system-fips /etc/system-fips.off; fi', - "rpmbuild -bc --nocheck #{libdir} #{prefix} #{topdir} openssl-#{pkg.get_version}/SPECS/openssl.spec", - 'if [ -f /etc/system-fips.off ]; then mv /etc/system-fips.off /etc/system-fips; fi' - ] - end - - pkg.install do - [ - "cd openssl-#{pkg.get_version}/BUILD/openssl-1.1.1#{patch_version} && make install", - # This chmod command is a work around, once we're off 1.1.1k-6 for openssl the below should be patched and we can remove the below line (PA-4621) - "chmod -x #{settings[:prefix]}/bin/c_rehash", - 'if [ -f /etc/system-fips ]; then mv /etc/system-fips /etc/system-fips.off; fi', - "/usr/bin/strip #{settings[:prefix]}/lib/libcrypto.so.1.1 && LD_LIBRARY_PATH=. crypto/fips/fips_standalone_hmac #{settings[:prefix]}/lib/libcrypto.so.1.1 > #{settings[:prefix]}/lib/.libcrypto.so.1.1.hmac", - "/usr/bin/strip #{settings[:prefix]}/lib/libssl.so.1.1 && LD_LIBRARY_PATH=. crypto/fips/fips_standalone_hmac #{settings[:prefix]}/lib/libssl.so.1.1 > #{settings[:prefix]}/lib/.libssl.so.1.1.hmac", - 'if [ -f /etc/system-fips.off ]; then mv /etc/system-fips.off /etc/system-fips; fi' - ] - end -end diff --git a/configs/components/openssl-1.1.1.rb b/configs/components/openssl-1.1.1.rb deleted file mode 100644 index 0b791a71..00000000 --- a/configs/components/openssl-1.1.1.rb +++ /dev/null @@ -1,200 +0,0 @@ -##### -# Component release information: -# https://github.com/openssl/openssl/releases -# Notes: -# This is a default version used when an OpenSSL version is not specified. -# Should no longer be used and probably should be removed. -##### -component 'openssl' do |pkg, settings, platform| - pkg.version '1.1.1w' - pkg.sha256sum 'cf3098950cb4d853ad95c0841f1f9c6d3dc102dccfcacd521d93925208b76ac8' - pkg.url "https://openssl.org/source/openssl-#{pkg.get_version}.tar.gz" - pkg.mirror "#{settings[:buildsources_url]}/openssl-#{pkg.get_version}.tar.gz" - - ############################# - # ENVIRONMENT, FLAGS, TARGETS - ############################# - - target = cflags = ldflags = sslflags = '' - - if platform.is_windows? - pkg.environment 'PATH', "$(shell cygpath -u #{settings[:gcc_bindir]}):$(PATH)" - pkg.environment 'CYGWIN', settings[:cygwin] - pkg.environment 'CC', settings[:cc] - pkg.environment 'CXX', settings[:cxx] - pkg.environment 'MAKE', platform[:make] - - target = platform.architecture == 'x64' ? 'mingw64' : 'mingw' - cflags = settings[:cflags] - ldflags = settings[:ldflags] - elsif platform.is_cross_compiled_linux? - pkg.environment 'PATH', "/opt/pl-build-tools/bin:$(PATH)" - pkg.environment 'CC', "/opt/pl-build-tools/bin/#{settings[:platform_triple]}-gcc" - - cflags = "#{settings[:cflags]} -fPIC" - if platform.architecture =~ /aarch/ - # OpenSSL fails to work on aarch unless we turn down the compiler optimization. - # See PA-2135 for details - cflags += " -O2" - end - - ldflags = "-Wl,-rpath=/opt/pl-build-tools/#{settings[:platform_triple]}/lib -Wl,-rpath=#{settings[:libdir]} -L/opt/pl-build-tools/#{settings[:platform_triple]}/lib" - target = if platform.architecture == 'aarch64' - 'linux-aarch64' - elsif platform.name =~ /debian-8-arm/ - 'linux-armv4' - elsif platform.architecture =~ /ppc64le|ppc64el/ # Little-endian - 'linux-ppc64le' - elsif platform.architecture =~ /ppc64/ # Big-endian - 'linux-ppc64' - end - elsif platform.is_aix? - pkg.environment 'CC', '/opt/pl-build-tools/bin/gcc' - - cflags = '$${CFLAGS} -static-libgcc' - ldflags = "#{settings[:ldflags]} -Wl,-R#{settings[:libdir]}" - target = 'aix-gcc' - elsif platform.is_solaris? - pkg.environment 'PATH', '/opt/pl-build-tools/bin:$(PATH):/usr/local/bin:/usr/ccs/bin:/usr/sfw/bin' - pkg.environment 'CC', "/opt/pl-build-tools/bin/#{settings[:platform_triple]}-gcc" - - cflags = "#{settings[:cflags]} -fPIC" - ldflags = "-R/opt/pl-build-tools/#{settings[:platform_triple]}/lib -Wl,-rpath=#{settings[:libdir]} -L/opt/pl-build-tools/#{settings[:platform_triple]}/lib" - target = platform.architecture =~ /86/ ? 'solaris-x86-gcc' : 'solaris-sparcv9-gcc' - elsif platform.is_macos? - if platform.architecture == 'arm64' - pkg.environment 'PATH', '/opt/homebrew/bin:$(PATH):/usr/local/bin' - else - pkg.environment 'PATH', '/opt/pl-build-tools/bin:$(PATH):/usr/local/bin' - end - - cflags = settings[:cflags] - - target = if platform.architecture == 'arm64' - 'darwin64-arm64-cc' - else - 'darwin64-x86_64-cc' - end - elsif platform.is_linux? - pkg.environment 'PATH', '/opt/pl-build-tools/bin:$(PATH):/usr/local/bin' - - cflags = settings[:cflags] - ldflags = "#{settings[:ldflags]} -Wl,-z,relro" - if platform.architecture =~ /86$/ - target = 'linux-elf' - sslflags = '386' - elsif platform.architecture =~ /aarch64$/ - target = 'linux-aarch64' - elsif platform.architecture =~ /ppc64le|ppc64el/ # Little-endian - target = 'linux-ppc64le' - elsif platform.architecture =~ /64$/ - target = 'linux-x86_64' - elsif platform.architecture == 'armhf' - target = 'linux-armv4' - end - end - - pkg.apply_patch 'resources/patches/openssl/CVE-2023-5678.patch' - pkg.apply_patch 'resources/patches/openssl/CVE-2024-0727.patch' - pkg.apply_patch 'resources/patches/openssl/CVE-2024-5535.patch' - pkg.apply_patch 'resources/patches/openssl/openssl-1.1.1-CVE-2024-2511.patch' - pkg.apply_patch 'resources/patches/openssl/openssl-1.1.1-CVE-2024-4741.patch' - - #################### - # BUILD REQUIREMENTS - #################### - - pkg.build_requires "runtime-#{settings[:runtime_project]}" - - ########### - # CONFIGURE - ########### - - if platform.is_solaris? && platform.name =~ /10/ - # We need to link the rt library on Solaris 10 in order to access the clock_gettime - # function. - cflags += " -lrt" - - # Additionally when we're building on SPARC, we need to revert - # https://github.com/openssl/openssl/commit/7a061312 because for - # some reason, the linker fails to generate the .map files (like - # e.g. libcrypto.map). Strangely, this is not an issue for Solaris - # 11 SPARC despite it using an older version of ld (2.25 vs. 2.27). - if platform.is_cross_compiled? - pkg.apply_patch 'resources/patches/openssl/openssl-1.1.1a-revert-7a061312.patch' - else - # Work around gcc not conforming to Solaris 32-bit ABI by expecting 16-byte stack alignment - # https://github.com/openssl/openssl/issues/13666 - cflags += " -mincoming-stack-boundary=2" - end - end - - # OpenSSL Configure doesn't honor CFLAGS or LDFLAGS as environment variables. - # Instead, those should be passed to Configure at the end of its options, as - # any unrecognized options are passed straight through to ${CC}. Defining - # --libdir ensures that we avoid the multilib (lib/ vs. lib64/) problem, - # since configure uses the existence of a lib64 directory to determine - # if it should install its own libs into a multilib dir. Yay OpenSSL! - configure_flags = [ - "--prefix=#{settings[:prefix]}", - '--libdir=lib', - "--openssldir=#{settings[:prefix]}/ssl", - 'shared', - 'no-asm', - target, - sslflags, - 'no-camellia', - 'no-ec2m', - 'no-md2', - 'no-ssl3' - ] - - # Individual projects may provide their own openssl configure flags: - project_flags = settings[:openssl_extra_configure_flags] || [] - perl_exec = '' - if platform.is_aix? - perl_exec = '/opt/freeware/bin/perl' - elsif platform.is_solaris? && platform.os_version == '10' - perl_exec = '/opt/csw/bin/perl' - end - configure_flags << project_flags << cflags << ldflags - - pkg.configure do - ["#{perl_exec} ./Configure #{configure_flags.join(' ')}"] - end - - ####### - # BUILD - ####### - - pkg.build do - [ - "#{platform[:make]} depend", - "#{platform[:make]}" - ] - end - - ######### - # INSTALL - ######### - - install_prefix = platform.is_windows? ? '' : 'INSTALL_PREFIX=/' - install_commands = [] - - if platform.is_aix? - install_commands << "slibclean" - end - - # Skip man and html docs - install_commands << "#{platform[:make]} #{install_prefix} install_sw install_ssldirs" - - if settings[:runtime_project] == 'pdk' - install_commands << "rm -f #{settings[:prefix]}/bin/{openssl,c_rehash}" - end - - pkg.install do - install_commands - end - - pkg.install_file 'LICENSE', "#{settings[:prefix]}/share/doc/openssl-#{pkg.get_version}/LICENSE" -end diff --git a/configs/components/openssl-3.0.rb b/configs/components/openssl-3.0.rb index 2bde2256..2beb14e6 100644 --- a/configs/components/openssl-3.0.rb +++ b/configs/components/openssl-3.0.rb @@ -9,7 +9,6 @@ pkg.version '3.0.17' pkg.sha256sum 'dfdd77e4ea1b57ff3a6dbde6b0bdc3f31db5ac99e7fdd4eaf9e1fbb6ec2db8ce' pkg.url "https://github.com/openssl/openssl/releases/download/openssl-#{pkg.get_version}/openssl-#{pkg.get_version}.tar.gz" - pkg.mirror "#{settings[:buildsources_url]}/openssl-#{pkg.get_version}.tar.gz" ############################# # ENVIRONMENT, FLAGS, TARGETS @@ -31,11 +30,8 @@ pkg.environment 'PATH', "$(shell cygpath -u #{settings[:gcc_bindir]}):$(PATH)" pkg.environment 'CYGWIN', settings[:cygwin] pkg.environment 'MAKE', platform[:make] - - target = platform.architecture == 'x64' ? 'mingw64' : 'mingw' + target = 'mingw64' elsif platform.is_aix? - raise "openssl-3.0 is not supported on older AIX" if platform.name == 'aix-7.1-ppc' - # REMIND: why not PATH? pkg.environment 'CC', '/opt/freeware/bin/gcc' @@ -46,35 +42,20 @@ target = 'aix-gcc' elsif platform.is_solaris? pkg.environment 'PATH', '/opt/csw/bin:$(PATH):/usr/local/bin:/usr/ccs/bin:/usr/sfw/bin' - if !platform.is_cross_compiled? && platform.architecture == 'sparc' - pkg.environment 'CC', "/opt/pl-build-tools/bin/gcc" - gcc_lib = "/opt/pl-build-tools/#{settings[:platform_triple]}/lib" - else - pkg.environment 'CC', "/opt/csw/bin/gcc" - gcc_lib = "/opt/csw/#{settings[:platform_triple]}/lib" - end + pkg.environment 'CC', "/opt/csw/bin/gcc" + gcc_lib = "/opt/csw/#{platform.platform_triple}/lib" cflags = "#{settings[:cflags]} -fPIC" ldflags = "-R#{gcc_lib} -Wl,-rpath=#{settings[:libdir]} -L#{gcc_lib}" - target = platform.architecture =~ /86/ ? 'solaris-x86-gcc' : 'solaris-sparcv9-gcc' + target = 'solaris-sparcv9-gcc' elsif platform.is_macos? pkg.environment 'PATH', '$(PATH):/opt/homebrew/bin:/usr/local/bin' pkg.environment "CFLAGS", settings[:cflags] pkg.environment 'CC', settings[:cc] pkg.environment 'MACOSX_DEPLOYMENT_TARGET', settings[:deployment_target] - - target = if platform.architecture == "arm64" - 'darwin64-arm64' - else - 'darwin64-x86_64' - end + target = "darwin64-#{platform.architecture}" elsif platform.is_linux? - pkg.environment 'PATH', '/opt/pl-build-tools/bin:$(PATH):/usr/local/bin' - ldflags = "#{settings[:ldflags]} -Wl,-z,relro" - if platform.architecture =~ /86$/ - target = 'linux-elf' - sslflags = '386' - elsif platform.architecture =~ /aarch64$/ + if platform.architecture =~ /aarch64$/ target = 'linux-aarch64' elsif platform.architecture =~ /ppc64le|ppc64el/ # Little-endian target = 'linux-ppc64le' @@ -130,12 +111,16 @@ configure_flags << 'no-legacy' << 'no-md4' end - # Individual projects may provide their own openssl configure flags: - project_flags = settings[:openssl_extra_configure_flags] || [] - perl_exec = '' - if platform.is_aix? - perl_exec = '/opt/freeware/bin/perl' - end + project_flags = [ + 'no-dtls', + 'no-dtls1', + 'no-idea', + 'no-seed', + 'no-weak-ssl-ciphers', + '-DOPENSSL_NO_HEARTBEATS', + ] + + perl_exec = platform.is_aix? ? '/opt/freeware/bin/perl' : '' configure_flags << project_flags pkg.environment 'CFLAGS', cflags @@ -150,23 +135,10 @@ build_commands = [] - if platform.is_windows? && platform.architecture == "x86" - # mingw-w32 5.2.0 has a bug in include/winnt.h that declares GetCurrentFiber - # with __CRT_INLINE, which results in the function not being inlined and - # generates a linker error: undefined reference to `GetCurrentFiber'. - # This only affects 32-bit builds - # See https://github.com/openssl/openssl/issues/513 - # See https://github.com/mingw-w64/mingw-w64/commit/8da1aae7a7ff5bf996878dc8fe30a0e01e210e5a - pkg.add_source("file://resources/patches/windows/FORCEINLINE-i686-w64-mingw32-winnt.h") - build_commands << "#{platform.patch} --dir #{settings[:gcc_root]}/#{settings[:platform_triple]} --strip=2 --fuzz=0 --ignore-whitespace --no-backup-if-mismatch < ../FORCEINLINE-i686-w64-mingw32-winnt.h" - end - build_commands << "#{platform[:make]} depend" build_commands << "#{platform[:make]}" - pkg.build do - build_commands - end + pkg.build { build_commands } ######### # INSTALL @@ -175,19 +147,14 @@ install_prefix = platform.is_windows? ? '' : 'INSTALL_PREFIX=/' install_commands = [] - if platform.is_aix? - # "Removes any currently unused modules in kernel and library memory." - install_commands << "slibclean" - end + # "Removes any currently unused modules in kernel and library memory." + install_commands << "slibclean" if platform.is_aix? # Skip man and html docs install_commands << "#{platform[:make]} #{install_prefix} install_sw install_ssldirs" install_commands << "rm -f #{settings[:prefix]}/bin/c_rehash" - pkg.install do - install_commands - end - + pkg.install { install_commands } pkg.install_file 'LICENSE.txt', "#{settings[:prefix]}/share/doc/openssl-#{pkg.get_version}/LICENSE" end diff --git a/configs/components/openssl-fips-2.0.16.rb b/configs/components/openssl-fips-2.0.16.rb deleted file mode 100644 index e95e8c7b..00000000 --- a/configs/components/openssl-fips-2.0.16.rb +++ /dev/null @@ -1,37 +0,0 @@ -##### -# Component release information: -# https://github.com/openssl/openssl/releases -# Notes: -# This is very, very old and only used for windowsfips (is actually 1.0.2). -# If OpenVox does a Windows FIPS build, we should replace this. -##### -component 'openssl-fips-2.0.16' do |pkg, settings, platform| - pkg.md5sum '55ef09f12bb199d47e6a84e79fb959d7' - pkg.url 'https://www.openssl.org/source/openssl-fips-2.0.16.tar.gz' - - if platform.is_windows? - pkg.environment 'PATH', "$(shell cygpath -u #{settings[:gcc_bindir]}):$(PATH)" - pkg.environment 'CYGWIN', settings[:cygwin] - pkg.environment 'CC', settings[:cc] - pkg.environment 'CXX', settings[:cxx] - pkg.environment 'MAKE', platform[:make] - pkg.environment 'SYSTEM', 'mingw64' - pkg.environment 'INSTALL_PREFIX', settings[:prefix] - end - - if platform.is_windows? - pkg.apply_patch 'resources/patches/openssl/openssl-fips-2.0.16.patch' - end - - pkg.configure do - ["./config no-asm"] - end - - pkg.build do - ['/usr/bin/make '] - end - - pkg.install do - ['/usr/bin/make install'] - end -end diff --git a/configs/components/pl-ruby-patch.rb b/configs/components/pl-ruby-patch.rb index 87610181..bfae6984 100644 --- a/configs/components/pl-ruby-patch.rb +++ b/configs/components/pl-ruby-patch.rb @@ -23,11 +23,7 @@ elsif platform.name =~ /solaris-10/ "sparc-solaris" elsif platform.is_macos? - if ruby_version_y.start_with?('2') - "aarch64-darwin" - else - "arm64-darwin" - end + "#{platform.architecture}-darwin" else "#{platform.architecture}-linux" end diff --git a/configs/components/readline.rb b/configs/components/readline.rb index b234549b..5fae9661 100644 --- a/configs/components/readline.rb +++ b/configs/components/readline.rb @@ -10,18 +10,15 @@ pkg.version "8.1.2" pkg.md5sum "12819fa739a78a6172400f399ab34f81" pkg.url "http://ftp.gnu.org/gnu/#{pkg.get_name}/#{pkg.get_name}-#{pkg.get_version}.tar.gz" - pkg.mirror "#{settings[:buildsources_url]}/#{pkg.get_name}-#{pkg.get_version}.tar.gz" if platform.is_aix? - raise "readline is not supported on older AIX" if platform.name == 'aix-7.1-ppc' - pkg.environment "PATH", "/opt/freeware/bin:$(PATH)" elsif platform.is_cross_compiled_linux? - pkg.environment "PATH", "/opt/pl-build-tools/bin:$(PATH):#{settings[:bindir]}" + pkg.environment "PATH", "$(PATH):#{settings[:bindir]}" pkg.environment "CFLAGS", settings[:cflags] pkg.environment "LDFLAGS", settings[:ldflags] elsif platform.is_solaris? - pkg.environment "PATH", "/opt/pl-build-tools/bin:$(PATH):/usr/local/bin:/usr/ccs/bin:/usr/sfw/bin:#{settings[:bindir]}" + pkg.environment "PATH", "$(PATH):/usr/local/bin:/usr/ccs/bin:/usr/sfw/bin:#{settings[:bindir]}" pkg.environment "CFLAGS", "#{settings[:cflags]} -std=c99" pkg.environment "LDFLAGS", settings[:ldflags] elsif platform.is_macos? diff --git a/configs/components/ruby-2.7-augeas.rb b/configs/components/ruby-2.7-augeas.rb deleted file mode 100644 index 661b8473..00000000 --- a/configs/components/ruby-2.7-augeas.rb +++ /dev/null @@ -1,18 +0,0 @@ -component 'ruby-2.7-augeas' do |pkg, settings, platform| - expected_ruby_version = '2.7.8' - - unless settings[:ruby_version] == expected_ruby_version - unless settings.key?(:additional_rubies) && settings[:additional_rubies].key?(expected_ruby_version) - raise "No config found for Ruby #{expected_ruby_version} in settings[:additional_rubies]" - end - - ruby_settings = settings[:additional_rubies][expected_ruby_version] - - ruby_version = ruby_settings[:ruby_version] - host_ruby = ruby_settings[:host_ruby] - ruby_dir = ruby_settings[:ruby_dir] - ruby_bindir = ruby_settings[:ruby_bindir] - end - - instance_eval File.read('configs/components/_base-ruby-augeas.rb') -end diff --git a/configs/components/ruby-2.7-selinux.rb b/configs/components/ruby-2.7-selinux.rb deleted file mode 100644 index 61c9495a..00000000 --- a/configs/components/ruby-2.7-selinux.rb +++ /dev/null @@ -1,17 +0,0 @@ -component 'ruby-2.7-selinux' do |pkg, settings, platform| - expected_ruby_version = '2.7.8' - - unless settings[:ruby_version] == expected_ruby_version - unless settings.key?(:additional_rubies) && settings[:additional_rubies].key?(expected_ruby_version) - raise "No config found for Ruby #{expected_ruby_version} in settings[:additional_rubies]" - end - - ruby_settings = settings[:additional_rubies][expected_ruby_version] - - ruby_version = ruby_settings[:ruby_version] - host_ruby = ruby_settings[:host_ruby] - ruby_bindir = ruby_settings[:ruby_bindir] - end - - instance_eval File.read('configs/components/_base-ruby-selinux.rb') -end diff --git a/configs/components/ruby-2.7.8.rb b/configs/components/ruby-2.7.8.rb deleted file mode 100644 index 862483a4..00000000 --- a/configs/components/ruby-2.7.8.rb +++ /dev/null @@ -1,299 +0,0 @@ -##### -# Component release information: -# https://github.com/ruby/ruby/releases -# https://www.ruby-lang.org/en/downloads/releases/ -# Notes: -# The file name of the ruby component must match the ruby_version -##### -component 'ruby-2.7.8' do |pkg, settings, platform| - pkg.version '2.7.8' - pkg.sha256sum 'c2dab63cbc8f2a05526108ad419efa63a67ed4074dbbcf9fc2b1ca664cb45ba0' - - # rbconfig-update is used to munge rbconfigs after the fact. - pkg.add_source("file://resources/files/ruby/rbconfig-update.rb") - - # PDK packages multiple rubies and we need to tweak some settings - # if this is not the *primary* ruby. - if pkg.get_version != settings[:ruby_version] - # not primary ruby - - # ensure we have config for this ruby - unless settings.key?(:additional_rubies) && settings[:additional_rubies].key?(pkg.get_version) - raise "missing config for additional ruby #{pkg.get_version}" - end - - ruby_settings = settings[:additional_rubies][pkg.get_version] - - ruby_dir = ruby_settings[:ruby_dir] - ruby_bindir = ruby_settings[:ruby_bindir] - host_ruby = ruby_settings[:host_ruby] - else - # primary ruby - ruby_dir = settings[:ruby_dir] - ruby_bindir = settings[:ruby_bindir] - host_ruby = settings[:host_ruby] - end - - # Most ruby configuration happens in the base ruby config: - instance_eval File.read('configs/components/_base-ruby.rb') - # Configuration below should only be applicable to ruby 2.5 - - ######### - # PATCHES - ######### - - base = 'resources/patches/ruby_27' - # Patch for https://bugs.ruby-lang.org/issues/14972 - pkg.apply_patch "#{base}/net_http_eof_14972_r2.5.patch" - pkg.apply_patch "#{base}/regexp_use_after_free.patch" - - pkg.apply_patch "#{base}/uri-redos-cve-2023-36617.patch" - pkg.apply_patch "#{base}/stringio_cve-2024-27280.patch" - - pkg.apply_patch "#{base}/0001-Filter-marshaled-objects-ruby30.patch" - pkg.apply_patch "#{base}/0001-Use-safe_load-and-safe_load_file-for-rdoc_options.patch" - - if platform.is_cross_compiled? - unless platform.is_macos? - pkg.apply_patch "#{base}/uri_generic_remove_safe_nav_operator_r2.5.patch" - pkg.apply_patch "#{base}/lib_optparse_remove_safe_nav_operator.patch" - pkg.apply_patch "#{base}/revert_delete_prefix.patch" - pkg.apply_patch "#{base}/remove_squiggly_heredocs.patch" - pkg.apply_patch "#{base}/remove_deprecate_constant_statements.patch" - pkg.apply_patch "#{base}/ruby2_keywords_guard.patch" - pkg.apply_patch "#{base}/ruby_version_extra_guards.patch" - pkg.apply_patch "#{base}/ruby_20_guards.patch" - if platform.name =~ /^solaris-10-sparc/ - pkg.apply_patch "#{base}/Solaris-only-Replace-reference-to-RUBY-var-with-opt-pl-build-tool.patch" - else - pkg.apply_patch "#{base}/Replace-reference-to-RUBY-var-with-opt-pl-build-tool.patch" - end - if platform.name =~ /sparc/ - pkg.apply_patch "#{base}/transform_mjit_header.patch" - end - end - pkg.apply_patch "#{base}/rbinstall_gem_path.patch" - pkg.apply_patch "#{base}/revert_host_value_changes.patch" - end - - if platform.is_aix? - # TODO: Remove this patch once PA-1607 is resolved. - pkg.apply_patch "#{base}/aix_configure.patch" - pkg.apply_patch "#{base}/aix-fix-libpath-in-configure.patch" - pkg.apply_patch "#{base}/aix-do-not-use-realpath.patch" - pkg.apply_patch "#{base}/aix_ruby_2.1_fix_make_test_failure_r2.5.patch" - pkg.apply_patch "#{base}/Remove-O_CLOEXEC-check-for-AIX-builds_r2.5.patch" - end - - if platform.is_windows? - pkg.apply_patch "#{base}/windows_ruby_2.5_fixup_generated_batch_files.patch" - pkg.apply_patch "#{base}/windows_nocodepage_utf8_fallback_r2.5.patch" - pkg.apply_patch "#{base}/win32_long_paths_support.patch" - pkg.apply_patch "#{base}/ruby-faster-load_27.patch" - pkg.apply_patch "#{base}/windows_configure.patch" - end - - #################### - # ENVIRONMENT, FLAGS - #################### - - if platform.is_macos? - pkg.environment 'optflags', settings[:cflags] - elsif platform.is_windows? - pkg.environment 'optflags', settings[:cflags] + ' -O3' - pkg.environment 'MAKE', 'make' - elsif platform.is_cross_compiled? - pkg.environment 'CROSS_COMPILING', 'true' - else - pkg.environment 'optflags', '-O2' - end - - special_flags = " --prefix=#{ruby_dir} --with-opt-dir=#{settings[:prefix]} " - - if settings[:supports_pie] - special_flags += " CFLAGS='#{settings[:cflags]}' LDFLAGS='#{settings[:ldflags]}' CPPFLAGS='#{settings[:cppflags]}' " - end - - if platform.is_aix? - # This normalizes the build string to something like AIX 7.1.0.0 rather - # than AIX 7.1.0.2 or something - special_flags += " --build=#{settings[:platform_triple]} " - elsif platform.is_cross_compiled? && platform.is_linux? - special_flags += " --with-baseruby=#{host_ruby} " - elsif platform.is_cross_compiled? && platform.is_macos? - # When the target arch is aarch64, ruby incorrectly selects the 'ucontext' coroutine - # implementation instead of 'arm64', so specify 'amd64' explicitly - # https://github.com/ruby/ruby/blob/c9c2245c0a25176072e02db9254f0e0c84c805cd/configure.ac#L2329-L2330 - special_flags += " --with-baseruby=#{host_ruby} --with-coroutine=arm64 " - elsif platform.is_macos? && platform.architecture == 'arm64' && platform.os_version.to_i >= 13 - pkg.environment 'PATH', '/opt/homebrew/bin:$(PATH):/usr/local/bin' - special_flags += " --with-openssl-dir=#{settings[:prefix]} " - elsif platform.is_solaris? && platform.architecture == "sparc" - special_flags += " --with-baseruby=#{host_ruby} --enable-close-fds-by-recvmsg-with-peek " - elsif platform.name =~ /el-6/ || platform.name =~ /sles-11-x86_64/ - # Since we're not cross compiling, ignore old ruby versions that happen to be in the PATH - # and force ruby to build miniruby and use that to bootstrap the rest of the build - special_flags += " --with-baseruby=no " - elsif platform.is_windows? - special_flags = " CPPFLAGS='-DFD_SETSIZE=2048' debugflags=-g --prefix=#{ruby_dir} --with-opt-dir=#{settings[:prefix]} " - end - - without_dtrace = [ - 'aix-7.1-ppc', - 'el-7-ppc64le', - 'osx-11-arm64', - 'osx-12-arm64', - 'redhatfips-7-x86_64', - 'sles-11-x86_64', - 'sles-12-ppc64le', - 'solaris-10-sparc', - 'solaris-11-sparc', - 'windows-2012r2-x64', - 'windows-2012r2-x86', - 'windows-2019-x64', - 'windowsfips-2012r2-x64', - 'windowsfips-2016-x64' - ] - - unless without_dtrace.include? platform.name - special_flags += ' --enable-dtrace ' - end - - ########### - # CONFIGURE - ########### - - # TODO: Remove this once PA-1607 is resolved. - # TODO: Can we use native autoconf? The dependencies seemed a little too extensive - pkg.configure { ["/opt/pl-build-tools/bin/autoconf"] } if platform.is_aix? - - # Here we set --enable-bundled-libyaml to ensure that the libyaml included in - # ruby is used, even if the build system has a copy of libyaml available - pkg.configure do - [ - "bash configure \ - --enable-shared \ - --enable-bundled-libyaml \ - --disable-install-doc \ - --disable-install-rdoc \ - #{settings[:host]} \ - #{special_flags}" - ] - end - - if(platform.name =~ /windowsfips-2016/) - # We need the below patch since during ruby build step for windowsfips-2016-x64 agent-runtime builds, - # the rbconfig.rb file that gets generated contains '\r' trailing character in 'ruby_version' config. - # We patch rbconfig.rb to remove the '\r' character. - # This patch has to run after the build step since rbconfig.rb is generated during the build step. - # This is sort of a hacky way to do this. We need to find why the '\r' character gets appended to - # 'ruby_version' field in the future so that this patch can be removed - PA-6902. - pkg.add_source("#{base}/rbconfig_win.patch") - pkg.build do - ["TMP=/var/tmp /usr/bin/patch.exe --binary --strip=1 --fuzz=0 --ignore-whitespace --no-backup-if-mismatch < ../rbconfig_win.patch"] - end - end - - ######### - # INSTALL - ######### - - if platform.is_windows? - # With ruby 2.5, ruby will generate cmd files instead of bat files; These - # cmd wrappers work fine in our environment if they're just renamed as batch - # files. Rake is omitted here on purpose - it retains the old batch wrapper. - # - # Note that this step must happen after the install step above. - pkg.install do - %w{erb gem irb rdoc ri}.map do |name| - "mv #{ruby_bindir}/#{name}.cmd #{ruby_bindir}/#{name}.bat" - end - end - end - - target_doubles = { - 'powerpc-ibm-aix7.1.0.0' => 'powerpc-aix7.1.0.0', - 'aarch64-apple-darwin' => 'aarch64-darwin', - 'aarch64-redhat-linux' => 'aarch64-linux', - 'ppc64-redhat-linux' => 'powerpc64-linux', - 'ppc64le-redhat-linux' => 'powerpc64le-linux', - 'powerpc64le-suse-linux' => 'powerpc64le-linux', - 'powerpc64le-linux-gnu' => 'powerpc64le-linux', - 'i386-pc-solaris2.10' => 'i386-solaris2.10', - 'sparc-sun-solaris2.10' => 'sparc-solaris2.10', - 'i386-pc-solaris2.11' => 'i386-solaris2.11', - 'sparc-sun-solaris2.11' => 'sparc-solaris2.11', - 'arm-linux-gnueabihf' => 'arm-linux-eabihf', - 'arm-linux-gnueabi' => 'arm-linux-eabi', - 'x86_64-w64-mingw32' => 'x64-mingw32', - 'i686-w64-mingw32' => 'i386-mingw32' - } - - if target_doubles.key?(settings[:platform_triple]) - rbconfig_topdir = File.join(ruby_dir, 'lib', 'ruby', '2.7.0', target_doubles[settings[:platform_triple]]) - else - rbconfig_topdir = "$$(#{ruby_bindir}/ruby -e \"puts RbConfig::CONFIG[\\\"topdir\\\"]\")" - end - - rbconfig_changes = {} - if platform.is_aix? - rbconfig_changes["CC"] = "gcc" - elsif platform.is_cross_compiled? || platform.is_solaris? - if platform.name =~ /osx-11/ - rbconfig_changes["CC"] = 'clang -target arm64-apple-macos11' - elsif platform.name =~ /osx-12/ - rbconfig_changes["CC"] = 'clang -target arm64-apple-macos12' - else - rbconfig_changes["CC"] = "gcc" - if platform.is_solaris? - # this should probably be done for aix and cross compiled targets too - rbconfig_changes["CPP"] = "gcc -E" - end - rbconfig_changes["warnflags"] = "-Wall -Wextra -Wno-unused-parameter -Wno-parentheses -Wno-long-long -Wno-missing-field-initializers -Wno-tautological-compare -Wno-parentheses-equality -Wno-constant-logical-operand -Wno-self-assign -Wunused-variable -Wimplicit-int -Wpointer-arith -Wwrite-strings -Wdeclaration-after-statement -Wimplicit-function-declaration -Wdeprecated-declarations -Wno-packed-bitfield-compat -Wsuggest-attribute=noreturn -Wsuggest-attribute=format -Wno-maybe-uninitialized" - end - if platform.name =~ /el-7-ppc64/ - # EL 7 on POWER will fail with -Wl,--compress-debug-sections=zlib so this - # will remove that entry - # Matches both endians - rbconfig_changes["DLDFLAGS"] = "-Wl,-rpath=/opt/puppetlabs/puppet/lib -L/opt/puppetlabs/puppet/lib -Wl,-rpath,/opt/puppetlabs/puppet/lib" - elsif platform.name =~ /sles-12-ppc64le/ - # the ancient gcc version on sles-12-ppc64le does not understand -fstack-protector-strong, so remove the `strong` part - rbconfig_changes["LDFLAGS"] = "-L. -Wl,-rpath=/opt/puppetlabs/puppet/lib -fstack-protector -rdynamic -Wl,-export-dynamic -L/opt/puppetlabs/puppet/lib" - end - elsif platform.is_macos? && platform.architecture == 'arm64' && platform.os_version.to_i >= 13 - rbconfig_changes["CC"] = 'clang' - elsif platform.is_windows? - if platform.architecture == "x64" - rbconfig_changes["CC"] = "x86_64-w64-mingw32-gcc" - else - rbconfig_changes["CC"] = "i686-w64-mingw32-gcc" - end - end - - pkg.add_source("file://resources/files/ruby_vendor_gems/operating_system.rb") - defaults_dir = File.join(settings[:libdir], "ruby/2.7.0/rubygems/defaults") - pkg.directory(defaults_dir) - pkg.install_file "../operating_system.rb", File.join(defaults_dir, 'operating_system.rb') - - certs_dir = File.join(settings[:libdir], 'ruby/2.7.0/rubygems/ssl_certs/puppetlabs.net') - pkg.directory(certs_dir) - - pkg.add_source('file://resources/files/rubygems/COMODO_RSA_Certification_Authority.pem') - pkg.install_file '../COMODO_RSA_Certification_Authority.pem', File.join(certs_dir, 'COMODO_RSA_Certification_Authority.pem') - - pkg.add_source('file://resources/files/rubygems/GlobalSignRootCA_R3.pem') - pkg.install_file '../GlobalSignRootCA_R3.pem', File.join(certs_dir, 'GlobalSignRootCA_R3.pem') - - pkg.add_source('file://resources/files/rubygems/DigiCertGlobalRootG2.pem') - pkg.install_file '../DigiCertGlobalRootG2.pem', File.join(certs_dir, 'DigiCertGlobalRootG2.pem') - - if rbconfig_changes.any? - pkg.install do - [ - "#{host_ruby} ../rbconfig-update.rb \"#{rbconfig_changes.to_s.gsub('"', '\"')}\" #{rbconfig_topdir}", - "cp original_rbconfig.rb #{settings[:datadir]}/doc/rbconfig-#{pkg.get_version}-orig.rb", - "cp new_rbconfig.rb #{rbconfig_topdir}/rbconfig.rb", - ] - end - end -end diff --git a/configs/components/ruby-3.2.rb b/configs/components/ruby-3.2.rb index 16dec74e..aff600fe 100644 --- a/configs/components/ruby-3.2.rb +++ b/configs/components/ruby-3.2.rb @@ -8,6 +8,8 @@ component 'ruby-3.2' do |pkg, settings, platform| pkg.version '3.2.9' pkg.sha256sum 'abbad98db9aeb152773b0d35868e50003b8c467f3d06152577c4dfed9d88ed2a' + ruby_version_y = pkg.get_version.gsub(/(\d+)\.(\d+)(\.\d+)?/, '\1.\2') + pkg.url "https://cache.ruby-lang.org/pub/ruby/#{ruby_version_y}/ruby-#{pkg.get_version}.tar.gz" ruby_dir = settings[:ruby_dir] ruby_bindir = settings[:ruby_bindir] @@ -16,87 +18,111 @@ # rbconfig-update is used to munge rbconfigs after the fact. pkg.add_source("file://resources/files/ruby/rbconfig-update.rb") - # Most ruby configuration happens in the base ruby config: - instance_eval File.read('configs/components/_base-ruby.rb') - - ######### - # PATCHES - ######### - - base = 'resources/patches/ruby_32' - - if platform.is_cross_compiled? - pkg.apply_patch "#{base}/rbinstall_gem_path.patch" - end - - if platform.is_aix? - pkg.apply_patch "#{base}/reline_disable_terminfo.patch" - end - - if platform.is_windows? - pkg.apply_patch "#{base}/windows_mingw32_mkmf.patch" - pkg.apply_patch "#{base}/ruby-faster-load_32.patch" - pkg.apply_patch "#{base}/revert_speed_up_rebuilding_loaded_feature_index.patch" - pkg.apply_patch "#{base}/revert-ruby-double-load-symlink.patch" - pkg.apply_patch "#{base}/revert_ruby_utf8_default_encoding.patch" - end - - if platform.is_fips? - # This is needed on Ruby < 3.3 until the fix is backported (if ever) - # See: https://bugs.ruby-lang.org/issues/20000 - pkg.apply_patch "#{base}/openssl3_fips.patch" - end - #################### - # ENVIRONMENT, FLAGS + # BUILD REQUIREMENTS #################### - cflags = settings[:cflags] + pkg.build_requires "openssl-#{settings[:openssl_version]}" + pkg.build_requires "runtime-#{settings[:runtime_project]}" if platform.is_aix? || platform.is_solaris? || platform.is_cross_compiled_linux? + pkg.build_requires 'readline' if platform.is_aix? + pkg.build_requires 'libedit' if platform.name =~ /^solaris-10-sparc/ + + ############# + # ENVIRONMENT + ############# + + pkg.environment 'CROSS_COMPILING', 'true' if platform.is_cross_compiled? + # Remove the default -O2 if it exists since we'll pick our own optimization level later + cflags = settings[:cflags].gsub("-O2", '') cppflags = settings[:cppflags] + ldflags = settings[:ldflags] + optimization_level = 2 if platform.is_macos? - pkg.environment 'optflags', cflags - pkg.environment 'CFLAGS', cflags - pkg.environment 'CPPFLAGS', cppflags - pkg.environment 'LDFLAGS', settings[:ldflags] pkg.environment 'CC', settings[:cc] pkg.environment 'CXX', settings[:cxx] pkg.environment 'MACOSX_DEPLOYMENT_TARGET', settings[:deployment_target] pkg.environment 'PATH', '$(PATH):/opt/homebrew/bin:/usr/local/bin' elsif platform.is_windows? - optflags = cflags + ' -O3' - pkg.environment 'optflags', optflags - pkg.environment 'CFLAGS', optflags + pkg.environment 'PATH', "$(shell cygpath -u #{settings[:gcc_bindir]}):$(shell cygpath -u #{settings[:tools_root]}/bin):$(shell cygpath -u #{settings[:tools_root]}/include):$(shell cygpath -u #{settings[:bindir]}):$(shell cygpath -u #{settings[:ruby_bindir]}):$(shell cygpath -u #{settings[:includedir]}):$(PATH)" + pkg.environment 'CYGWIN', settings[:cygwin] + cppflags += ' -DFD_SETSIZE=2048 ' + optimization_level = 3 pkg.environment 'MAKE', 'make' - elsif platform.is_cross_compiled? - pkg.environment 'CROSS_COMPILING', 'true' elsif platform.is_aix? + pkg.environment 'CC', '/opt/freeware/bin/gcc' + ldflags += " -Wl,-bmaxdata:0x80000000 " # When using the default -ggdb3 I was seeing linker errors like, so use -g0 instead: # # ld: 0711-759 INTERNAL ERROR: Source file dwarf.c, line 528. # Depending on where this product was acquired, contact your service # representative or the approved supplier. # collect2: error: ld returned 16 exit status - - pkg.environment 'optflags', "-O2 -fPIC -g0 " + cflags += " -fPIC -g0 " + optimization_level = 2 elsif platform.is_solaris? - pkg.environment 'optflags', '-O1' - else - pkg.environment 'optflags', '-O2' + pkg.environment 'PATH', "#{settings[:bindir]}:/opt/csw/bin:/usr/ccs/bin:/usr/sfw/bin:$(PATH)" + pkg.environment 'CC', '/opt/csw/bin/gcc' + pkg.environment 'LD', '/opt/csw/bin/gld' + pkg.environment 'AR', '/opt/csw/bin/gar' + ldflags += " -Wl,-rpath=#{settings[:libdir]} " + # ./configure uses /bin/sh as the default shell when running config.sub on Solaris 10; + # This doesn't work and halts the configure process. Set CONFIG_SHELL to force use of bash: + pkg.environment 'CONFIG_SHELL', '/bin/bash' if platform.os_version == '10' + optimization_level = 1 + elsif platform.is_cross_compiled_linux? + pkg.environment 'PATH', "#{settings[:bindir]}:$(PATH)" + ldflags += " -Wl,-rpath=#{settings[:libdir]} " end - - special_flags = " --prefix=#{ruby_dir} --with-opt-dir=#{settings[:prefix]} " - if (platform.is_debian? && platform.os_version.to_i >= 13) || (platform.is_ubuntu? && platform.os_version =~ /25.04/) # A problem with --enable-dtrace, which I suspect may be because of GCC on the Trixie image. # Check if this is still needed next time we bump Ruby and/or bump the Debian 13 # container to the release version. cflags += ' -Wno-error=implicit-function-declaration ' end + cflags = "#{cflags} -O#{optimization_level}" + pkg.environment 'CFLAGS', cflags + pkg.environment 'CPPFLAGS', cppflags + pkg.environment 'LDFLAGS', ldflags + pkg.environment 'optflags', cflags + + ######### + # PATCHES + ######### + + base = 'resources/patches/ruby_32' + + if platform.is_cross_compiled? + pkg.apply_patch "#{base}/rbinstall_gem_path.patch" + pkg.apply_patch "#{base}/target_rbconfig.patch" + end - if settings[:supports_pie] - special_flags += " CFLAGS='#{cflags}' LDFLAGS='#{settings[:ldflags]}' CPPFLAGS='#{settings[:cppflags]}' " + pkg.apply_patch "#{base}/reline_disable_terminfo.patch" if platform.is_aix? + + if platform.is_windows? + pkg.apply_patch "#{base}/windows_mingw32_mkmf.patch" + pkg.apply_patch "#{base}/ruby-faster-load_32.patch" + pkg.apply_patch "#{base}/revert_speed_up_rebuilding_loaded_feature_index.patch" + pkg.apply_patch "#{base}/revert-ruby-double-load-symlink.patch" + pkg.apply_patch "#{base}/revert_ruby_utf8_default_encoding.patch" end + # This is needed on Ruby < 3.3 until the fix is backported (if ever) + # See: https://bugs.ruby-lang.org/issues/20000 + pkg.apply_patch "#{base}/openssl3_fips.patch" if platform.is_fips? + + ############# + # CONFIGURE FLAGS + ############# + # Pretty sure we don't need to be specifiy the flag vars again, + # but leaving it in until it can be checked. + flags = [ + "--prefix=#{ruby_dir}", + "--with-opt-dir=#{settings[:prefix]}", + "CFLAGS='#{cflags}'", + "LDFLAGS='#{ldflags}'", + "CPPFLAGS='#{cppflags}'" + ] + # Ruby's build process requires a "base" ruby and we need a ruby to install # gems into the /opt/puppetlabs/puppet/lib directory. # @@ -108,54 +134,27 @@ # is in the PATH, as it's probably too old to build ruby 3.2. And we don't # want to use/maintain pl-ruby if we don't have to. Instead set baseruby to # "no" which will force ruby to build and use miniruby. - if platform.is_cross_compiled? - special_flags += " --with-baseruby=#{host_ruby} " - else - special_flags += " --with-baseruby=no " - end + flags << (platform.is_cross_compiled? ? "--with-baseruby=#{host_ruby}" : "--with-baseruby=no") if platform.is_aix? # This normalizes the build string to something like AIX 7.1.0.0 rather # than AIX 7.1.0.2 or something - special_flags += " --build=#{settings[:platform_triple]} " - elsif platform.is_cross_compiled? && platform.is_macos? - # When the target arch is aarch64, ruby incorrectly selects the 'ucontext' coroutine - # implementation instead of 'arm64', so specify 'amd64' explicitly - # https://github.com/ruby/ruby/blob/c9c2245c0a25176072e02db9254f0e0c84c805cd/configure.ac#L2329-L2330 - special_flags += " --with-coroutine=arm64 " + flags << "--build=#{platform.platform_triple}" elsif platform.is_solaris? && platform.architecture == "sparc" - unless platform.is_cross_compiled? - # configure seems to enable dtrace because the executable is present, - # explicitly disable it and don't enable it below - special_flags += " --enable-dtrace=no " - end - special_flags += "--enable-close-fds-by-recvmsg-with-peek " - + flags << platform.is_cross_compiled? ? "" : "--enable-dtrace=no" + flags << "--enable-close-fds-by-recvmsg-with-peek" elsif platform.is_windows? - # ruby's configure script guesses the build host is `cygwin`, because we're using - # cygwin opensshd & bash. So mkmf will convert compiler paths, e.g. -IC:/... to - # cygwin paths, -I/cygdrive/c/..., which confuses mingw-w64. So specify the build - # target explicitly. - special_flags += " CPPFLAGS='-DFD_SETSIZE=2048' debugflags=-g " - - if platform.architecture == "x64" - special_flags += " --build x86_64-w64-mingw32 " - else - special_flags += " --build i686-w64-mingw32 " - end + flags << "--build x86_64-w64-mingw32" elsif platform.is_macos? - special_flags += " --with-openssl-dir=#{settings[:prefix]} " + flags << "--with-openssl-dir=#{settings[:prefix]}" end without_dtrace = [ - 'aix-7.1-ppc', 'aix-7.2-ppc', 'el-7-ppc64le', 'macos-all-arm64', 'macos-all-x86_64', 'redhatfips-7-x86_64', - 'sles-11-x86_64', - 'sles-12-ppc64le', 'solaris-11-sparc', 'solaris-113-sparc', 'windows-all-x64', @@ -163,21 +162,15 @@ ] unless without_dtrace.include? platform.name - special_flags += ' --enable-dtrace ' + flags << '--enable-dtrace' end ########### # CONFIGURE ########### - # TODO: Remove this once PA-1607 is resolved. - # TODO: Can we use native autoconf? The dependencies seemed a little too extensive if platform.is_aix? - if platform.name == 'aix-7.1-ppc' - pkg.configure { ["/opt/pl-build-tools/bin/autoconf"] } - else - pkg.configure { ["/opt/freeware/bin/autoconf"] } - end + pkg.configure { ["/opt/freeware/bin/autoconf"] } else pkg.configure { ["bash autogen.sh"] } end @@ -189,7 +182,7 @@ --disable-install-doc \ --disable-install-rdoc \ #{settings[:host]} \ - #{special_flags}" + #{flags.join(' ')}" ] end @@ -206,10 +199,22 @@ end end + ####### + # BUILD + ####### + + pkg.build do + "#{platform[:make]} -j$(shell expr $(shell #{platform[:num_cores]}) + 1)" + end + ######### # INSTALL ######### + pkg.install do + [ "#{platform[:make]} -j$(shell expr $(shell #{platform[:num_cores]}) + 1) install" ] + end + if platform.is_windows? # Ruby 3.2 copies bin/gem to $ruby_bindir/gem.cmd, but generates bat files for # other gems like bundle.bat, irb.bat, etc. Just rename the cmd.cmd to cmd.bat @@ -226,10 +231,19 @@ pkg.install_file File.join(settings[:gcc_bindir], "libssp-0.dll"), File.join(settings[:bindir], "libssp-0.dll") end + ### Rbconfig Patching ### + # When cross compiling or building on non-linux, we sometimes need to patch + # the rbconfig.rb in the "host" ruby so that later when we try to build gems + # with native extensions, like ffi, the "host" ruby's mkmf will use the CC, + # etc specified below. For example, if we're building on mac Intel for ARM, + # then the CC override allows us to build ffi_c.so for ARM as well. The + # "host" ruby is configured in project settings. + target_doubles = { 'powerpc-ibm-aix7.1.0.0' => 'powerpc-aix7.1.0.0', 'powerpc-ibm-aix7.2.0.0' => 'powerpc-aix7.2.0.0', 'aarch64-redhat-linux' => 'aarch64-linux', + 'x86_64-apple-darwin' => 'x86_64-darwin', # Added for x86_64 crosscompile on arm64. Remove if we build natively in the future. 'ppc64-redhat-linux' => 'powerpc64-linux', 'ppc64le-redhat-linux' => 'powerpc64le-linux', 'powerpc64le-suse-linux' => 'powerpc64le-linux', @@ -243,21 +257,18 @@ 'x86_64-w64-mingw32' => 'x64-mingw32', 'i686-w64-mingw32' => 'i386-mingw32' } - if target_doubles.key?(settings[:platform_triple]) - rbconfig_topdir = File.join(ruby_dir, 'lib', 'ruby', '3.2.0', target_doubles[settings[:platform_triple]]) + if target_doubles.key?(platform.platform_triple) + rbconfig_topdir = File.join(ruby_dir, 'lib', 'ruby', '3.2.0', target_doubles[platform.platform_triple]) else rbconfig_topdir = "$$(#{ruby_bindir}/ruby -e \"puts RbConfig::CONFIG[\\\"topdir\\\"]\")" end - # When cross compiling or building on non-linux, we sometimes need to patch - # the rbconfig.rb in the "host" ruby so that later when we try to build gems - # with native extensions, like ffi, the "host" ruby's mkmf will use the CC, - # etc specified below. For example, if we're building on mac Intel for ARM, - # then the CC override allows us to build ffi_c.so for ARM as well. The - # "host" ruby is configured in _shared-agent-settings rbconfig_changes = {} if platform.is_aix? rbconfig_changes["CC"] = "gcc" + elsif platform.is_macos? && platform.is_cross_compiled? + rbconfig_changes["CC"] = settings[:cc] + rbconfig_changes["CXX"] = settings[:cxx] elsif platform.is_cross_compiled? || (platform.is_solaris? && platform.architecture != 'sparc') # REMIND: why are we overriding rbconfig for solaris intel? rbconfig_changes["CC"] = 'gcc' @@ -267,18 +278,9 @@ # will remove that entry # Matches both endians rbconfig_changes["DLDFLAGS"] = "-Wl,-rpath=/opt/puppetlabs/puppet/lib -L/opt/puppetlabs/puppet/lib -Wl,-rpath,/opt/puppetlabs/puppet/lib" - elsif platform.name =~ /sles-12-ppc64le/ - # the ancient gcc version on sles-12-ppc64le does not understand -fstack-protector-strong, so remove the `strong` part - rbconfig_changes["LDFLAGS"] = "-L. -Wl,-rpath=/opt/puppetlabs/puppet/lib -fstack-protector -rdynamic -Wl,-export-dynamic -L/opt/puppetlabs/puppet/lib" end - elsif platform.is_macos? - rbconfig_changes["CC"] = "#{settings[:cc]} #{cflags}" elsif platform.is_windows? - if platform.architecture == "x64" - rbconfig_changes["CC"] = "x86_64-w64-mingw32-gcc" - else - rbconfig_changes["CC"] = "i686-w64-mingw32-gcc" - end + rbconfig_changes["CC"] = "x86_64-w64-mingw32-gcc" end pkg.add_source("file://resources/files/ruby_vendor_gems/operating_system.rb") @@ -303,7 +305,7 @@ [ "#{host_ruby} ../rbconfig-update.rb \"#{rbconfig_changes.to_s.gsub('"', '\"')}\" #{rbconfig_topdir}", "cp original_rbconfig.rb #{settings[:datadir]}/doc/rbconfig-#{pkg.get_version}-orig.rb", - "cp new_rbconfig.rb #{rbconfig_topdir}/rbconfig.rb", + "sudo cp new_rbconfig.rb #{rbconfig_topdir}/rbconfig.rb", ] end end diff --git a/configs/components/ruby-augeas.rb b/configs/components/ruby-augeas.rb index 0b945d6f..710bc3c3 100644 --- a/configs/components/ruby-augeas.rb +++ b/configs/components/ruby-augeas.rb @@ -1,3 +1,84 @@ -component "ruby-augeas" do |pkg, settings, platform| - instance_eval File.read('configs/components/_base-ruby-augeas.rb') + ##### + # Component release information: + # https://github.com/hercules-team/ruby-augeas/releases + ##### +component 'ruby-augeas' do |pkg, settings, platform| + pkg.version '0.6.0' + pkg.sha256sum '98158a54c655b4823439b4bd38609f01e0b912a3d1453144082b8a5f43b0c4dc' + pkg.build_requires "ruby-#{settings[:ruby_version]}" + pkg.build_requires 'augeas' + pkg.url "https://github.com/hercules-team/ruby-augeas/releases/download/release-#{pkg.get_version}/ruby-augeas-#{pkg.get_version}.tgz" + + pkg.environment 'PATH', '$(PATH):/usr/local/bin:/opt/csw/bin:/usr/ccs/bin:/usr/sfw/bin' + pkg.environment 'CONFIGURE_ARGS', '--vendor' + pkg.environment 'PKG_CONFIG_PATH', "#{File.join(settings[:libdir], 'pkgconfig')}:/usr/lib/pkgconfig" + + if platform.is_aix? + pkg.environment 'CC', '/opt/freeware/bin/gcc' + pkg.environment 'PATH', '$(PATH):/opt/freeware/bin' + pkg.environment 'RUBY', settings[:host_ruby] + pkg.environment 'LDFLAGS', " -brtl #{settings[:ldflags]}" + end + + if platform.is_solaris? + pkg.environment 'RUBY', settings[:host_ruby] if platform.is_cross_compiled? + + if !platform.is_cross_compiled? && platform.architecture == 'sparc' + ruby = File.join(settings[:ruby_bindir], 'ruby') + else + # This should really only be done when cross compiling but + # to avoid breaking solaris x86_64 in 7.x continue preloading + # our hook. + ruby = "#{settings[:host_ruby]} -r#{settings[:datadir]}/doc/rbconfig-#{settings[:ruby_version]}-orig.rb" + end + elsif platform.is_cross_compiled? && (platform.is_linux? || platform.is_macos?) + pkg.environment 'RUBY', settings[:host_ruby] + ruby = "#{settings[:host_ruby]} -r#{settings[:datadir]}/doc/rbconfig-#{settings[:ruby_version]}-orig.rb" + pkg.environment 'LDFLAGS', settings[:ldflags] + elsif platform.is_macos? + pkg.environment 'PATH', '$(PATH):/opt/homebrew/bin' if platform.architecture == 'arm64' + pkg.environment 'CC', settings[:cc] + pkg.environment 'CFLAGS', settings[:cflags] + pkg.environment 'LDFLAGS', settings[:ldflags] + pkg.environment 'MACOSX_DEPLOYMENT_TARGET', settings[:deployment_target] + ruby = File.join(settings[:ruby_bindir], 'ruby') + else + ruby = File.join(settings[:ruby_bindir], 'ruby') + end + + pkg.build do + build_commands = [] + build_commands << "#{ruby} ext/augeas/extconf.rb" + build_commands << "#{platform[:make]} -e -j$(shell expr $(shell #{platform[:num_cores]}) + 1)" + + build_commands + end + + if settings[:ruby_vendordir] + augeas_rb_target = File.join(settings[:ruby_vendordir], 'augeas.rb') + else + # If no alternate vendordir has been set, install into default + # vendordir for this ruby version. + augeas_rb_target = File.join(settings[:ruby_dir], 'lib', 'ruby', 'vendor_ruby', 'augeas.rb') + end + + pkg.install_file 'lib/augeas.rb', augeas_rb_target + + pkg.install do + [ + "#{platform[:make]} -e -j$(shell expr $(shell #{platform[:num_cores]}) + 1) DESTDIR=/ install", + ] + end + + if platform.is_solaris? || platform.is_cross_compiled_linux? + pkg.install do + "chown root:root #{augeas_rb_target}" + end + end + + # Clean after install in case we are building for multiple rubies. + pkg.install do + "#{platform[:make]} -e clean" + end + end diff --git a/configs/components/ruby-selinux.rb b/configs/components/ruby-selinux.rb index 0175d33e..80a0fa78 100644 --- a/configs/components/ruby-selinux.rb +++ b/configs/components/ruby-selinux.rb @@ -1,3 +1,139 @@ -component "ruby-selinux" do |pkg, settings, platform| - instance_eval File.read('configs/components/_base-ruby-selinux.rb') +##### +# Component release information: +# https://github.com/SELinuxProject/selinux/releases +##### +component 'ruby-selinux' do |pkg, settings, platform| + # We download tarballs because system development packages (e.g. + # libselinux-devel) don't necessarily include Swig interface files (*.i files) + # We select the minimum version available in the platform repos. + case platform.name + when /^(el-7|amazon-2|redhatfips-7)-/ + pkg.version "2.0.94" + pkg.sha256sum 'b8312852306650e9720de5a20fe7560d935d3c90ffedca1cac25bf3f283d8a36' + pkg.url 'https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20100525/devel/libselinux-2.0.94.tar.gz' + when /^(el-8|redhatfips-8)-/ + pkg.version '2.9' + pkg.sha256sum '1bccc8873e449587d9a2b2cf253de9b89a8291b9fbc7c59393ca9e5f5f4d2693' + pkg.apply_patch 'resources/patches/ruby-selinux/selinux-29-function.patch' + pkg.url 'https://github.com/SELinuxProject/selinux/releases/download/20190315/libselinux-2.9.tar.gz' + when /^debian-11-/ + pkg.version '3.1' + pkg.sha256sum 'ea5dcbb4d859e3f999c26a13c630da2f16dff9462e3cc8cb7b458ac157d112e7' + pkg.url 'https://github.com/SELinuxProject/selinux/releases/download/20200710/libselinux-3.1.tar.gz' + pkg.build_requires 'python3-distutils' if platform.is_deb? + when /^(el-9|redhatfips-9|ubuntu-22.04)-/ + pkg.version '3.3' + pkg.sha256sum 'acfdee27633d2496508c28727c3d41d3748076f66d42fccde2e6b9f3463a7057' + pkg.build_requires 'python3-distutils' if platform.is_deb? + pkg.url "https://github.com/SELinuxProject/selinux/releases/download/#{pkg.get_version}/libselinux-#{pkg.get_version}.tar.gz" + when /^(amazon-2023|debian-12)-/ + pkg.version '3.4' + pkg.sha256sum '77c294a927e6795c2e98f74b5c3adde9c8839690e9255b767c5fca6acff9b779' + pkg.build_requires 'python3-distutils' if platform.is_deb? + pkg.url "https://github.com/SELinuxProject/selinux/releases/download/#{pkg.get_version}/libselinux-#{pkg.get_version}.tar.gz" + when /^(sles-15|ubuntu-24.04)-/ + pkg.version '3.5' + pkg.sha256sum '9a3a3705ac13a2ccca2de6d652b6356fead10f36fb33115c185c5ccdf29eec19' + pkg.build_requires 'python3-setuptools' + pkg.url "https://github.com/SELinuxProject/selinux/releases/download/#{pkg.get_version}/libselinux-#{pkg.get_version}.tar.gz" + when /^(fedora-41|ubuntu-25.04)-/ + pkg.version '3.7' + pkg.sha256sum 'ea03f42d13a4f95757997dba8cf0b26321fac5d2f164418b4cc856a92d2b17bd' + pkg.build_requires 'python3-setuptools' + pkg.url "https://github.com/SELinuxProject/selinux/releases/download/#{pkg.get_version}/libselinux-#{pkg.get_version}.tar.gz" + when /^(el-10|redhatfips-10|fedora-42)-/ + pkg.version '3.8' + pkg.sha256sum '0c3756bca047c9270281d7c4dcdecd000b72e38a183c930661eba9690839b541' + pkg.build_requires 'python3-setuptools' + pkg.url "https://github.com/SELinuxProject/selinux/releases/download/#{pkg.get_version}/libselinux-#{pkg.get_version}.tar.gz" + when /^(debian-13|sles-16)-/ + pkg.version '3.8.1' + pkg.sha256sum 'ec2d2789f931152d21c1db1eb4bc202ce4eccede34d9be9e360e3b45243cee2c' + pkg.build_requires 'python3-setuptools' + pkg.url "https://github.com/SELinuxProject/selinux/releases/download/#{pkg.get_version}/libselinux-#{pkg.get_version}.tar.gz" + when /^fedora-43-/ + pkg.version '3.9' + pkg.sha256sum 'e7ee2c01dba64a0c35c9d7c9c0e06209d8186b325b0638a0d83f915cc3c101e8' + pkg.build_requires 'python3-setuptools' + pkg.url "https://github.com/SELinuxProject/selinux/releases/download/#{pkg.get_version}/libselinux-#{pkg.get_version}.tar.gz" + else + raise "The ruby-selinux component needs to be updated for platform #{platform.name}" + end + + pkg.add_source('file://resources/patches/ruby-selinux/selinuxswig_ruby_wrap.patch') + pkg.add_source('file://resources/patches/ruby-selinux/selinuxswig_ruby_undefining_allocator.patch') + pkg.add_source('file://resources/patches/ruby-selinux/undefining_allocator_el_7.patch') + + pkg.build_requires "ruby-#{settings[:ruby_version]}" + system_include = '-I/usr/include' + ruby = "#{settings[:ruby_bindir]}/ruby -rrbconfig" + + # The RHEL 9 libselinux-devel package provides headers, but we don't want to + # use the package becuase of a compatibility issue with the shared library. + # Instead, we use the headers provided in the tarball. + system_include.prepend('-I./include ') if platform.name =~ /el-(9|10)/ + + if platform.is_cross_compiled_linux? + pkg.environment 'RUBY', settings[:host_ruby] + ruby = "#{settings[:host_ruby]} -r#{settings[:datadir]}/doc/rbconfig-#{settings[:ruby_version]}-orig.rb" + end + + cflags = '' + + pkg.build do + steps = [ + "export RUBYHDRDIR=$(shell #{ruby} -e 'puts RbConfig::CONFIG[\"rubyhdrdir\"]')", + "export VENDORARCHDIR=$(shell #{ruby} -e 'puts RbConfig::CONFIG[\"vendorarchdir\"]')", + "export ARCHDIR=$${RUBYHDRDIR}/$(shell #{ruby} -e 'puts RbConfig::CONFIG[\"arch\"]')", + "export INCLUDESTR=\"-I#{settings[:includedir]} -I$${RUBYHDRDIR} -I$${ARCHDIR}\"", + "cp -pr src/{selinuxswig_ruby.i,selinuxswig.i} .", + "swig -Wall -ruby #{system_include} -o selinuxswig_ruby_wrap.c -outdir ./ selinuxswig_ruby.i" + ] + + # swig 4.1 generated interface does not need patching, so skip + # when running debian >= 12, fedora >= 40, etc + unless (platform.is_debian? && platform.os_version.to_i >= 12) || + (platform.is_fedora? && platform.os_version.to_i >= 40) || + (platform.is_ubuntu? && platform.os_version.to_i >= 24) || + (platform.is_el? && platform.os_version.to_i >= 10) + steps << "#{platform.patch} --strip=0 --fuzz=0 --ignore-whitespace --no-backup-if-mismatch < ../selinuxswig_ruby_wrap.patch" + end + # EL 7 uses an older version of swig (2.0) so a different patch is needed to + # fix warning:undefining the allocator of T_DATA class + if platform.name =~ /el-7|redhatfips-7/ + steps << "#{platform.patch} --strip=0 --fuzz=0 --ignore-whitespace --no-backup-if-mismatch < ../undefining_allocator_el_7.patch" + else + # Ubuntu 24, Fedora 40, EL 10, and Debian 13 use a newer swig that already has the fix that's + # being patched + unless (platform.is_fedora? && platform.os_version.to_i >= 40) || + (platform.is_ubuntu? && platform.os_version.to_i >= 24) || + (platform.is_el? && platform.os_version.to_i >= 10) || + (platform.is_debian? && platform.os_version.to_i >= 13) + steps << "#{platform.patch} --strip=0 --fuzz=0 --ignore-whitespace --no-backup-if-mismatch < ../selinuxswig_ruby_undefining_allocator.patch" + end + end + + # libselinux 3.3 is the minimum version we want to build on RHEL 9, but the + # libeselinux-devel-3.3 package confusingly installs a shared library that + # uses 3.4. The hacky workaround for this is to symlink an existing library. + # PDK builds two Rubies so check if symlink exists first. Similar issue + # exists for RHEL 10. + if platform.name =~ /(el|redhatfips)-(9|10)/ + steps << 'if [ ! -L /usr/lib64/libselinux.so ]; then ln -s /usr/lib64/libselinux.so.1 /usr/lib64/libselinux.so; fi' + end + + steps.concat([ + "gcc $${INCLUDESTR} #{system_include} #{cflags} -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -fPIC -DSHARED -c -o selinuxswig_ruby_wrap.lo selinuxswig_ruby_wrap.c", + "gcc $${INCLUDESTR} #{system_include} -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -shared -o _rubyselinux.so selinuxswig_ruby_wrap.lo -lselinux -Wl,-z,relro,-z,now,-soname,_rubyselinux.so", + ]) + end + + pkg.install do + [ + "export VENDORARCHDIR=$(shell #{ruby} -e 'puts RbConfig::CONFIG[\"vendorarchdir\"]')", + "install -d $${VENDORARCHDIR}", + "install -p -m755 _rubyselinux.so $${VENDORARCHDIR}/selinux.so", + "#{platform[:make]} -e clean", + ] + end end diff --git a/configs/components/ruby-shadow.rb b/configs/components/ruby-shadow.rb index 1473782b..18d3ad0b 100644 --- a/configs/components/ruby-shadow.rb +++ b/configs/components/ruby-shadow.rb @@ -8,13 +8,7 @@ pkg.ref "refs/tags/2.5.1" pkg.build_requires "ruby-#{settings[:ruby_version]}" - if !platform.is_cross_compiled? && platform.architecture == 'sparc' - pkg.environment "PATH", "$(PATH):/opt/pl-build-tools/bin:/usr/ccs/bin:/usr/sfw/bin" - elsif platform.name == 'sles-11-x86_64' - pkg.environment "PATH", "/opt/pl-build-tools/bin:$(PATH)" - else - pkg.environment "PATH", "$(PATH):/usr/ccs/bin:/usr/sfw/bin" - end + pkg.environment "PATH", "$(PATH):/usr/ccs/bin:/usr/sfw/bin" pkg.environment "CONFIGURE_ARGS", '--vendor' diff --git a/configs/components/rubygem-CFPropertyList.rb b/configs/components/rubygem-CFPropertyList.rb index 8ce5a853..b3da6b9f 100644 --- a/configs/components/rubygem-CFPropertyList.rb +++ b/configs/components/rubygem-CFPropertyList.rb @@ -10,6 +10,7 @@ ### Maintained by update_gems automation ### pkg.version '3.0.7' pkg.md5sum 'ed89ce5e7074a6f8e8b8e744eaf014d0' + pkg.build_requires 'rubygem-rexml' ### End automated maintenance section ### instance_eval File.read('configs/components/_base-rubygem.rb') diff --git a/configs/components/rubygem-fast_gettext.rb b/configs/components/rubygem-fast_gettext.rb index f9fc2d40..5a0f533d 100644 --- a/configs/components/rubygem-fast_gettext.rb +++ b/configs/components/rubygem-fast_gettext.rb @@ -10,6 +10,7 @@ # PINNED pkg.version '2.4.0' pkg.sha256sum 'fd26c4c406aa10be34f0fd2847ce3ffdc1e9d9798de87538594757bbb9175fbf' + pkg.build_requires 'rubygem-prime' ### End automated maintenance section ### instance_eval File.read('configs/components/_base-rubygem.rb') diff --git a/configs/components/rubygem-ffi.rb b/configs/components/rubygem-ffi.rb index 760d8276..46bb7bc7 100644 --- a/configs/components/rubygem-ffi.rb +++ b/configs/components/rubygem-ffi.rb @@ -26,68 +26,51 @@ settings["#{pkg.get_name}_gem_install_options".to_sym] = "-- --enable-system-libffi" instance_eval File.read('configs/components/_base-rubygem.rb') - # due to contrib/make_sunver.pl missing on solaris 11 we cannot compile libffi, so we provide the opencsw library - pkg.environment "CPATH", "/opt/csw/lib/libffi-3.2.1/include" if platform.name =~ /solaris-11/ && (platform.is_cross_compiled? || platform.architecture != 'sparc') - pkg.environment "MAKE", platform[:make] if platform.is_solaris? - if platform.is_solaris? - if !platform.is_cross_compiled? && platform.architecture == 'sparc' - pkg.environment "PATH", "#{settings[:ruby_bindir]}:$(PATH)" - else - pkg.environment "PATH", "/opt/csw/bin:$(PATH)" - end - elsif platform.is_aix? - pkg.environment 'PATH', '/opt/freeware/bin:$(PATH)' - end - - if platform.name =~ /solaris-10-i386/ - pkg.install_file "/opt/csw/lib/libffi.so.6", "#{settings[:libdir]}/libffi.so.6" - end - - pkg.environment 'PKG_CONFIG_PATH', '/opt/puppetlabs/puppet/lib/pkgconfig:$(PKG_CONFIG_PATH)' + ver, arch = platform.match(/^\w+-(\d+)-(\w+)$/).captures + cross = platform.is_cross_compiled? - if platform.is_cross_compiled? && !platform.is_macos? - base_ruby = case platform.name - when /solaris-10/ - "/opt/csw/lib/ruby/2.0.0" - else - # Change this someday if we ever end up cross compiling OpenVox on Linux - # as we won't be using pl-build-tools there - "/opt/pl-build-tools/lib/ruby/2.1.0" - end + pkg.environment "MAKE", platform[:make] + pkg.environment "PATH", "/opt/csw/bin:$(PATH)" + pkg.environment "PATH", "#{settings[:ruby_bindir]}:$(PATH)" if !cross && arch == 'sparc' - # force compilation without system libffi in order to have a statically linked ffi_c.so - if platform.name =~ /solaris-11-sparc/ - sed_exp = 's|CONFIG\["LDFLAGS"\].*|CONFIG["LDFLAGS"] = "-Wl,-rpath-link,/opt/pl-build-tools/sparc-sun-solaris2.11/sysroot/lib:/opt/pl-build-tools/sparc-sun-solaris2.11/sysroot/usr/lib -L. -Wl,-rpath=/opt/puppetlabs/puppet/lib -fstack-protector"|' - - pkg.configure do - [ - # libtool always uses the system/solaris ld even if we - # configure it to use the GNU ld, causing some flag - # mismatches, so just temporarily move the system ld - # somewhere else - %(mv /usr/bin/ld /usr/bin/ld1), - %(#{platform[:sed]} -i '#{sed_exp}' /opt/puppetlabs/puppet/share/doc/rbconfig-#{settings[:ruby_version]}-orig.rb) - ] - end - - # move ld back after the gem is installed - pkg.install { "mv /usr/bin/ld1 /usr/bin/ld" } - - elsif platform.name =~ /solaris-10-sparc/ - sed_exp = 's|CONFIG\["LDFLAGS"\].*|CONFIG["LDFLAGS"] = "-Wl,-rpath-link,/opt/pl-build-tools/sparc-sun-solaris2.10/sysroot/lib:/opt/pl-build-tools/sparc-sun-solaris2.10/sysroot/usr/lib -L. -Wl,-rpath=/opt/puppetlabs/puppet/lib -fstack-protector"|' - pkg.configure do - [ - %(#{platform[:sed]} -i '#{sed_exp}' /opt/puppetlabs/puppet/share/doc/rbconfig-#{settings[:ruby_version]}-orig.rb) - ] + if ver == '11' + # due to contrib/make_sunver.pl missing on solaris 11 we cannot compile libffi, so we provide the opencsw library + pkg.environment "CPATH", "/opt/csw/lib/libffi-3.2.1/include" if cross || arch != 'sparc' + # With Ruby 3.2 on Solaris-11 we install OpenSCW's libffi, no need to copy over the system libffi + pkg.install_file "/usr/lib/libffi.so.5.0.10", "#{settings[:libdir]}/libffi.so" if arch == 'i386' && rb_major_minor_version < 3.2 + if arch == 'sparc' + # force compilation without system libffi in order to have a statically linked ffi_c.so + # If we end up building this in the future, replace the paths to pl-build-tools things. + sed_exp = 's|CONFIG\["LDFLAGS"\].*|CONFIG["LDFLAGS"] = "-Wl,-rpath-link,/opt/pl-build-tools/sparc-sun-solaris2.11/sysroot/lib:/opt/pl-build-tools/sparc-sun-solaris2.11/sysroot/usr/lib -L. -Wl,-rpath=/opt/puppetlabs/puppet/lib -fstack-protector"|' + pkg.configure do + [ + # libtool always uses the system/solaris ld even if we + # configure it to use the GNU ld, causing some flag + # mismatches, so just temporarily move the system ld + # somewhere else + %(mv /usr/bin/ld /usr/bin/ld1), + %(#{platform[:sed]} -i '#{sed_exp}' /opt/puppetlabs/puppet/share/doc/rbconfig-#{settings[:ruby_version]}-orig.rb) + ] + end + # move ld back after the gem is installed + pkg.install { "mv /usr/bin/ld1 /usr/bin/ld" } end end - # FFI 1.13.1 forced the minimum required ruby version to ~> 2.3 - # In order to be able to install the gem using pl-ruby(2.1.9) - # we need to remove the required ruby version check - pkg.configure do - %(#{platform[:sed]} -i '0,/ensure_required_ruby_version_met/b; /ensure_required_ruby_version_met/d' #{base_ruby}/rubygems/installer.rb) + if ver == '10' + if arch == 'sparc' + # If we end up building this in the future, replace the paths to pl-build-tools things. + sed_exp = 's|CONFIG\["LDFLAGS"\].*|CONFIG["LDFLAGS"] = "-Wl,-rpath-link,/opt/pl-build-tools/sparc-sun-solaris2.10/sysroot/lib:/opt/pl-build-tools/sparc-sun-solaris2.10/sysroot/usr/lib -L. -Wl,-rpath=/opt/puppetlabs/puppet/lib -fstack-protector"|' + pkg.configure do + [ + %(#{platform[:sed]} -i '#{sed_exp}' /opt/puppetlabs/puppet/share/doc/rbconfig-#{settings[:ruby_version]}-orig.rb) + ] + end + end end end + + pkg.environment 'PATH', '/opt/freeware/bin:$(PATH)' if platform.is_aix? + pkg.environment 'PKG_CONFIG_PATH', '/opt/puppetlabs/puppet/lib/pkgconfig:$(PKG_CONFIG_PATH)' end diff --git a/configs/components/rubygem-mini_portile2.rb b/configs/components/rubygem-mini_portile2.rb deleted file mode 100644 index 2bc9932a..00000000 --- a/configs/components/rubygem-mini_portile2.rb +++ /dev/null @@ -1,15 +0,0 @@ -##### -# Component release information: -# https://rubygems.org/gems/mini_portile2 -# https://github.com/flavorjones/mini_portile/blob/main/CHANGELOG.md -##### -component 'rubygem-mini_portile2' do |pkg, _settings, _platform| - ### Maintained by update_gems automation ### - pkg.version '2.8.9' - pkg.sha256sum '0cd7c7f824e010c072e33f68bc02d85a00aeb6fce05bb4819c03dfd3c140c289' - ### End automated maintenance section ### - - instance_eval File.read('configs/components/_base-rubygem.rb') - - pkg.environment 'GEM_HOME', settings[:gem_home] -end diff --git a/configs/components/rubygem-sys-filesystem.rb b/configs/components/rubygem-sys-filesystem.rb index 80a6f102..673d9a14 100644 --- a/configs/components/rubygem-sys-filesystem.rb +++ b/configs/components/rubygem-sys-filesystem.rb @@ -7,6 +7,7 @@ ### Maintained by update_gems automation ### pkg.version '1.5.3' pkg.sha256sum '17b561d1be683c34bc53946461ea9d67012d8f395e7297db8c63b9018cb30ece' + pkg.build_requires 'rubygem-ffi' ### End automated maintenance section ### instance_eval File.read('configs/components/_base-rubygem.rb') diff --git a/configs/components/runtime-agent.rb b/configs/components/runtime-agent.rb index 5b08aa5e..cbac4188 100644 --- a/configs/components/runtime-agent.rb +++ b/configs/components/runtime-agent.rb @@ -3,43 +3,18 @@ pkg.environment "PROJECT_SHORTNAME", "puppet" pkg.add_source "file://resources/files/runtime/runtime.sh" - if platform.name =~ /sles-11-x86_64/ - if settings[:ruby_version] =~ /2.7/ - pkg.install do - "zypper install -y pl-gcc=4.8.2-1" - end - else - pkg.install do - "zypper install -y pl-gcc8" - end - end - elsif platform.is_macos? && platform.is_cross_compiled? + if platform.is_macos? && platform.is_cross_compiled? if settings[:ruby_version] =~ /^3\./ pkg.install do # These are dependencies of ruby@3.x, remove symlinks from /usr/local # so our build doesn't use the wrong headers - "cd /etc/homebrew && su test -c '#{platform.brew} unlink openssl libyaml'" + "#{platform.brew} unlink openssl libyaml" end end end - if platform.is_cross_compiled? - if platform.architecture =~ /aarch64|ppc64$|ppc64le/ - libdir = File.join("/opt/pl-build-tools", settings[:platform_triple], "lib64") - else - libdir = File.join("/opt/pl-build-tools", settings[:platform_triple], "lib") - end - elsif platform.is_aix? - if platform.name == "aix-7.1-ppc" - libdir = "/opt/pl-build-tools/lib/gcc/powerpc-ibm-aix7.1.0.0/5.2.0/" - else - libdir = "/opt/freeware/lib/gcc/powerpc-ibm-aix7.2.0.0/10/" - end - elsif platform.is_solaris? || platform.architecture =~ /i\d86/ - libdir = "/opt/pl-build-tools/lib" - elsif platform.architecture =~ /64/ - libdir = "/opt/pl-build-tools/lib64" - end + + libdir = "/opt/freeware/lib/gcc/powerpc-ibm-aix7.2.0.0/10/" if platform.is_aix? # The runtime script uses readlink, which is in an odd place on Solaris systems: pkg.environment "PATH", "$(PATH):/opt/csw/gnu" if platform.is_solaris? @@ -47,14 +22,12 @@ if platform.is_aix? pkg.install_file File.join(libdir, "libstdc++.a"), "/opt/puppetlabs/puppet/lib/libstdc++.a" pkg.install_file File.join(libdir, "libgcc_s.a"), "/opt/puppetlabs/puppet/lib/libgcc_s.a" - if platform.name != 'aix-7.1-ppc' - pkg.install_file File.join(libdir, "libatomic.a"), "/opt/puppetlabs/puppet/lib/libatomic.a" - pkg.install_file "/opt/freeware/lib/libiconv.a", "/opt/puppetlabs/puppet/lib/libiconv.a" - pkg.install_file "/opt/freeware/lib/libncurses.so.6.4.0", "/opt/puppetlabs/puppet/lib/libncurses.so.6.4.0" - pkg.link "libncurses.so.6.4.0", "/opt/puppetlabs/puppet/lib/libncurses.so" - pkg.install_file "/opt/freeware/lib/libreadline.a", "/opt/puppetlabs/puppet/lib/libreadline.a" - pkg.install_file "/opt/freeware/lib/libz.a", "/opt/puppetlabs/puppet/lib/libz.a" - end + pkg.install_file File.join(libdir, "libatomic.a"), "/opt/puppetlabs/puppet/lib/libatomic.a" + pkg.install_file "/opt/freeware/lib/libiconv.a", "/opt/puppetlabs/puppet/lib/libiconv.a" + pkg.install_file "/opt/freeware/lib/libncurses.so.6.4.0", "/opt/puppetlabs/puppet/lib/libncurses.so.6.4.0" + pkg.link "libncurses.so.6.4.0", "/opt/puppetlabs/puppet/lib/libncurses.so" + pkg.install_file "/opt/freeware/lib/libreadline.a", "/opt/puppetlabs/puppet/lib/libreadline.a" + pkg.install_file "/opt/freeware/lib/libz.a", "/opt/puppetlabs/puppet/lib/libz.a" elsif platform.is_windows? lib_type = platform.architecture == "x64" ? "seh" : "sjlj" pkg.install_file "#{settings[:gcc_bindir]}/libgcc_s_#{lib_type}-1.dll", "#{settings[:bindir]}/libgcc_s_#{lib_type}-1.dll" diff --git a/configs/components/virt-what.rb b/configs/components/virt-what.rb index d45a91d2..e15a9ecd 100644 --- a/configs/components/virt-what.rb +++ b/configs/components/virt-what.rb @@ -15,7 +15,6 @@ # original URL next time we bump this. #pkg.url "https://people.redhat.com/~rjones/virt-what/files/virt-what-#{pkg.get_version}.tar.gz" pkg.url "https://artifacts.voxpupuli.org/components/virt-what-#{pkg.get_version}.tar.gz" - pkg.mirror "#{settings[:buildsources_url]}/virt-what-#{pkg.get_version}.tar.gz" pkg.replaces 'pe-virt-what' @@ -37,9 +36,9 @@ end if platform.is_cross_compiled_linux? - host_opt = "--host #{settings[:platform_triple]}" + host_opt = "--host #{platform.platform_triple}" - pkg.environment "PATH" => "/opt/pl-build-tools/bin:$$PATH:#{settings[:bindir]}" + pkg.environment "PATH" => "$$PATH:#{settings[:bindir]}" pkg.environment "CFLAGS" => settings[:cflags] pkg.environment "LDFLAGS" => settings[:ldflags] end diff --git a/configs/platforms/aix-7.2-ppc.rb b/configs/platforms/aix-7.2-ppc.rb index db38eaab..a960fc88 100644 --- a/configs/platforms/aix-7.2-ppc.rb +++ b/configs/platforms/aix-7.2-ppc.rb @@ -63,4 +63,6 @@ plat.install_build_dependencies_with "yum install --assumeyes " plat.vmpooler_template "aix-7.2-power" + + plat.platform_triple "powerpc-ibm-aix7.2.0.0" end diff --git a/configs/platforms/debian-11-armhf.rb b/configs/platforms/debian-11-armhf.rb index ae5c15a7..13fbb4b4 100644 --- a/configs/platforms/debian-11-armhf.rb +++ b/configs/platforms/debian-11-armhf.rb @@ -27,4 +27,5 @@ ] plat.provision_with "export DEBIAN_FRONTEND=noninteractive && apt-get update -qq && apt-get install -qy --no-install-recommends #{packages.join(' ')}" + plat.platform_triple 'arm-linux-gnueabihf' end diff --git a/configs/platforms/debian-12-armhf.rb b/configs/platforms/debian-12-armhf.rb index 47fe31c5..0c556b35 100644 --- a/configs/platforms/debian-12-armhf.rb +++ b/configs/platforms/debian-12-armhf.rb @@ -27,4 +27,5 @@ ] plat.provision_with "export DEBIAN_FRONTEND=noninteractive && apt-get update -qq && apt-get install -qy --no-install-recommends #{packages.join(' ')}" + plat.platform_triple 'arm-linux-gnueabihf' end diff --git a/configs/platforms/el-8-ppc64le.rb b/configs/platforms/el-8-ppc64le.rb index e40874a5..89b445f1 100644 --- a/configs/platforms/el-8-ppc64le.rb +++ b/configs/platforms/el-8-ppc64le.rb @@ -1,3 +1,4 @@ platform 'el-8-ppc64le' do |plat| plat.inherit_from_default + plat.platform_triple 'powerpc64le-redhat-linux' end diff --git a/configs/platforms/el-9-ppc64le.rb b/configs/platforms/el-9-ppc64le.rb index a26c6e20..487a80da 100644 --- a/configs/platforms/el-9-ppc64le.rb +++ b/configs/platforms/el-9-ppc64le.rb @@ -13,4 +13,5 @@ ) plat.provision_with("dnf install -y --allowerasing #{packages.join(' ')}") plat.install_build_dependencies_with "dnf install -y --allowerasing " + plat.platform_triple 'powerpc64le-redhat-linux' end diff --git a/configs/platforms/macos-all-x86_64.rb b/configs/platforms/macos-all-x86_64.rb index f6994a73..72bde626 100644 --- a/configs/platforms/macos-all-x86_64.rb +++ b/configs/platforms/macos-all-x86_64.rb @@ -1,7 +1,11 @@ platform 'macos-all-x86_64' do |plat| plat.inherit_from_default - packages = %w[cmake pkg-config] + packages = %w[cmake pkg-config bison] + # If we ever compile natively, remove these two lines + plat.brew '/opt/homebrew/bin/brew' + plat.cross_compiled true + plat.provision_with "brew install #{packages.join(' ')}" plat.output_dir File.join('macos', 'all', 'x86_64') diff --git a/configs/projects/_shared-agent-components.rb b/configs/projects/_shared-agent-components.rb deleted file mode 100644 index ed0ce1ef..00000000 --- a/configs/projects/_shared-agent-components.rb +++ /dev/null @@ -1,83 +0,0 @@ -# This "project" is designed to be shared by all puppet-agent projects -# See configs/projects/agent-runtime-.rb -unless defined?(proj) - warn('These are components shared by all puppet-agent projects; They cannot be built as a standalone project.') - warn('Please choose one of the other puppet-agent projects instead.') - exit 1 -end - -######## -# Common components for all versions of puppet-agent -######## - -# Common components required by all agent branches -proj.component 'runtime-agent' - -matchdata = platform.settings[:ruby_version].match(/(\d+)\.\d+(\.\d+)?/) -ruby_major_version = matchdata[1].to_i -# Ruby 3.2 does not package these two libraries so we need to add them as a component -if ruby_major_version >= 3 - proj.component 'libffi' - proj.component 'libyaml' -end - -if proj.openssl_version =~ /^3\./ # All Ruby 3 builds will use OpenSSL 3, including FIPS - proj.component "openssl-#{proj.openssl_version}" -elsif platform.name =~ /^redhatfips-.*/ # This is only Ruby 2 builds - proj.component "openssl-1.1.1-fips" -else - proj.component "openssl-fips-2.0.16" if platform.name =~ /windowsfips-/ && proj.openssl_version =~ /1.0.2/ - proj.component "openssl-#{proj.openssl_version}" -end - -proj.component 'curl' -proj.component 'puppet-ca-bundle' -proj.component "ruby-#{proj.ruby_version}" -proj.component "readline" if platform.is_macos? -proj.component 'augeas' unless platform.is_windows? -proj.component 'libxml2' unless platform.is_windows? -proj.component 'libxslt' unless platform.is_windows? - -proj.component 'ruby-augeas' unless platform.is_windows? -proj.component 'ruby-shadow' unless platform.is_aix? || platform.is_windows? -# We only build ruby-selinux for EL, Fedora, Debian and Ubuntu (amd64/i386) -if platform.is_el? || platform.is_fedora? || platform.is_debian? || (platform.is_ubuntu? && platform.architecture !~ /ppc64el$/) - proj.component 'ruby-selinux' -end - -# libedit is used instead of readline on these platforms -if platform.is_solaris? || platform.name == 'aix-7.1-ppc' - proj.component 'libedit' -end - -proj.component 'pl-ruby-patch' if platform.is_cross_compiled? - -proj.component 'rubygem-hocon' -proj.component 'rubygem-deep_merge' -proj.component 'rubygem-net-ssh' -proj.component 'rubygem-semantic_puppet' -proj.component 'rubygem-text' -proj.component 'rubygem-locale' -proj.component 'rubygem-gettext' -proj.component 'rubygem-fast_gettext' -proj.component 'rubygem-ffi' - -# These gems are still included in Ruby 3.2, but we include them because -# OpenFact requires them for Ruby 3.4 support, and the agent will need to -# do the same once we get to Ruby 3.4+ in OpenVox 9. -proj.component 'rubygem-logger' -proj.component 'rubygem-base64' - -# We add rexml explicitly in here because even though ruby 3 ships with rexml as its default gem, the version -# of rexml it ships with contains CVE-2024-41946, CVE-2024-41123, CVE-2024-35176 and CVE-2024-39908. -# So, we add it here to update to a higher version -# free from the CVEs. -proj.component 'rubygem-rexml' - -if platform.is_windows? || platform.is_solaris? || platform.is_aix? - proj.component 'rubygem-minitar' -end - -if platform.is_macos? - proj.component 'rubygem-CFPropertyList' -end diff --git a/configs/projects/_shared-agent-settings.rb b/configs/projects/_shared-agent-settings.rb deleted file mode 100644 index a242f619..00000000 --- a/configs/projects/_shared-agent-settings.rb +++ /dev/null @@ -1,243 +0,0 @@ -# This "project" is designed to be shared by all puppet-agent projects -# See configs/projects/agent-runtime-.rb -unless defined?(proj) - warn('These are base settings shared by all puppet-agent projects; They cannot be built as a standalone project.') - warn('Please choose one of the other puppet-agent projects instead.') - exit 1 -end - -# Export the settings for the current project and platform as yaml during builds -proj.publish_yaml_settings - -# Use sparingly in component configurations to conditionally include -# dependencies that should not be in other projects that use puppet-runtime -proj.setting(:runtime_project, 'agent') - -######## -# Common build settings for all versions of puppet-agent -######## - -proj.generate_archives true -proj.generate_packages false - -proj.description 'The puppet agent runtime contains third-party components needed for the puppet agent' -proj.license 'See components' -proj.vendor 'Vox Pupuli ' -proj.homepage 'https://github.com/OpenVoxProject' -proj.version_from_git - -proj.setting(:artifactory_url, "https://artifactory.delivery.puppetlabs.net/artifactory") -proj.setting(:buildsources_url, "#{proj.artifactory_url}/generic/buildsources") - -if platform.is_windows? - # In order not to break people, we need to keep the paths Puppetlabs/Puppet - proj.setting(:company_id, "VoxPupuli") - proj.setting(:pl_company_id, "PuppetLabs") - proj.setting(:product_id, "OpenVox") - proj.setting(:pl_product_id, "Puppet") - if platform.architecture == "x64" - proj.setting(:base_dir, "ProgramFiles64Folder") - else - proj.setting(:base_dir, "ProgramFilesFolder") - end - # We build for windows not in the final destination, but in the paths that correspond - # to the directory ids expected by WIX. This will allow for a portable installation (ideally). - proj.setting(:install_root, File.join("C:", proj.base_dir, proj.pl_company_id, proj.pl_product_id)) - proj.setting(:sysconfdir, File.join("C:", "CommonAppDataFolder", proj.pl_company_id)) - proj.setting(:tmpfilesdir, "C:/Windows/Temp") -else - proj.setting(:install_root, "/opt/puppetlabs") - if platform.is_macos? - proj.setting(:sysconfdir, "/private/etc/puppetlabs") - else - proj.setting(:sysconfdir, "/etc/puppetlabs") - end - proj.setting(:logdir, "/var/log/puppetlabs") - if platform.is_linux? && platform.name !~ /sles-11|el-6/ - proj.setting(:piddir, "/run/puppetlabs") - else - proj.setting(:piddir, "/var/run/puppetlabs") - end - proj.setting(:tmpfilesdir, "/usr/lib/tmpfiles.d") -end - -proj.setting(:miscdir, File.join(proj.install_root, "misc")) -proj.setting(:prefix, File.join(proj.install_root, "puppet")) -proj.setting(:bindir, File.join(proj.prefix, "bin")) -proj.setting(:libdir, File.join(proj.prefix, "lib")) -proj.setting(:link_bindir, File.join(proj.install_root, "bin")) -proj.setting(:includedir, File.join(proj.prefix, "include")) -proj.setting(:datadir, File.join(proj.prefix, "share")) -proj.setting(:mandir, File.join(proj.datadir, "man")) - -if platform.is_windows? - proj.setting(:windows_tools, proj.bindir) -end - -proj.setting(:ruby_dir, proj.prefix) -proj.setting(:ruby_bindir, proj.bindir) - -raise "Couldn't find a :ruby_version setting in the project file" unless proj.ruby_version -ruby_base_version = proj.ruby_version.gsub(/(\d+)\.(\d+)(\.\d+)?/, '\1.\2.0') -ruby_version_y = proj.ruby_version.gsub(/(\d+)\.(\d+)(\.\d+)?/, '\1.\2') -ruby_version_x = proj.ruby_version.gsub(/(\d+)\.(\d+)(\.\d+)?/, '\1') - -proj.setting(:gem_home, File.join(proj.libdir, 'ruby', 'gems', ruby_base_version)) -proj.setting(:ruby_vendordir, File.join(proj.libdir, "ruby", "vendor_ruby")) - -proj.setting(:ruby_dir_base, File.join(proj.libdir, "ruby")) -proj.setting(:ruby_dir_base_version, File.join(proj.ruby_dir_base, ruby_base_version)) -proj.setting(:rubygems_dir, File.join(proj.ruby_dir_base_version, 'rubygems')) -proj.setting(:rubygems_ssl_dir, File.join(proj.rubygems_dir, 'ssl_certs')) - -# Cross-compiled Linux platforms -platform_triple = "ppc64le-redhat-linux" if platform.architecture == "ppc64le" -platform_triple = "powerpc64le-suse-linux" if platform.architecture == "ppc64le" && platform.name =~ /^sles-/ -platform_triple = "powerpc64le-linux-gnu" if platform.architecture == "ppc64el" -platform_triple = "arm-linux-gnueabihf" if platform.architecture == "armhf" -platform_triple = "aarch64-apple-darwin" if platform.is_cross_compiled? && platform.is_macos? - -# Ruby's build process needs a functional "baseruby". When native compiling, -# ruby will build "miniruby" and use that as "baseruby". When cross compiling, -# we need a "host" ruby from somewhere else. -# -# Our build process also needs a "host" ruby to install rubygem-* components. -if platform.is_windows? - proj.setting(:host_ruby, File.join(proj.ruby_bindir, "ruby.exe")) - proj.setting(:host_gem, File.join(proj.ruby_bindir, "gem.bat")) -elsif platform.is_cross_compiled? && (platform.is_linux? || platform.is_solaris?) - if platform.name =~ /solaris-10-sparc/ - proj.setting(:host_ruby, "/opt/csw/bin/ruby") - proj.setting(:host_gem, "/opt/csw/bin/gem2.0") - else - proj.setting(:host_ruby, "/opt/pl-build-tools/bin/ruby") - proj.setting(:host_gem, "/opt/pl-build-tools/bin/gem") - end -elsif platform.is_cross_compiled? && platform.is_macos? - proj.setting(:host_ruby, "/usr/local/opt/ruby@#{ruby_version_y}/bin/ruby") - proj.setting(:host_gem, "/usr/local/opt/ruby@#{ruby_version_y}/bin/gem") -else - proj.setting(:host_ruby, File.join(proj.ruby_bindir, "ruby")) - proj.setting(:host_gem, File.join(proj.ruby_bindir, "gem")) -end - -if platform.is_cross_compiled_linux? - host = "--host #{platform_triple}" -elsif platform.is_cross_compiled? && platform.is_macos? - host = "--host aarch64-apple-darwin --build x86_64-apple-darwin --target aarch64-apple-darwin" -elsif platform.is_solaris? - if platform.architecture == 'i386' - platform_triple = "#{platform.architecture}-pc-solaris2.#{platform.os_version}" - else - platform_triple = "#{platform.architecture}-sun-solaris2.#{platform.os_version}" - host = "--host #{platform_triple}" - end -elsif platform.is_windows? - # For windows, we need to ensure we are building for mingw not cygwin - platform_triple = platform.platform_triple - host = "--host #{platform_triple}" -end - -proj.setting(:gem_install, "#{proj.host_gem} install --no-rdoc --no-ri --local ") -proj.setting(:gem_uninstall, "#{proj.host_gem} uninstall --all --ignore-dependencies ") - -# For AIX, we use the triple to install a better rbconfig -if platform.is_aix? - platform_triple = "powerpc-ibm-aix#{platform.os_version}.0.0" -end - -proj.setting(:platform_triple, platform_triple) -proj.setting(:host, host) - -# Load default compiler settings -instance_eval File.read('configs/projects/_shared-compiler-settings.rb') - -# Always use OpenSSL 3, even on FIPS, when we're building for Ruby 3 -if ruby_version_x == "3" - proj.setting(:openssl_version, '3.0') -elsif platform.name =~ /^redhatfips-/ # This is only Ruby 2 builds - proj.setting(:openssl_version, '1.1.1-fips') -elsif platform.name =~ /^windowsfips-/ - proj.setting(:openssl_version, '1.0.2') -else - proj.setting(:openssl_version, '1.1.1') -end - -if platform.is_windows? - proj.setting(:gcc_root, "/usr/x86_64-w64-mingw32/sys-root/mingw") - proj.setting(:gcc_bindir, "#{proj.gcc_root}/bin") - proj.setting(:tools_root, "/usr/x86_64-w64-mingw32/sys-root/mingw") - # If tools_root ever differs from gcc_root again, add it back here. - proj.setting(:cppflags, "-I#{proj.gcc_root}/include -I#{proj.gcc_root}/include/readline -I#{proj.includedir}") - proj.setting(:cflags, "#{proj.cppflags}") - - ldflags = "-L#{proj.tools_root}/lib -L#{proj.gcc_root}/lib -L#{proj.libdir} -Wl,--nxcompat" - if platform.name !~ /windowsfips-/ || name != 'agent-runtime-7.x' - ldflags += ' -Wl,--dynamicbase' - end - proj.setting(:ldflags, ldflags) - - proj.setting(:cygwin, "nodosfilewarning winsymlinks:native") -else - proj.setting(:tools_root, "/opt/pl-build-tools") -end - -if platform.is_macos? - # OS X doesn't use RPATH for linking. We shouldn't - # define it or try to force it in the linker, because this might - # break gcc or clang if they try to use the RPATH values we forced. - # - # We now target MacOS 13 as the minimum version, and build a binary - # that works for all MacOS versions since then, rather than building - # separate ones for each version. - proj.setting(:deployment_target, '13.0') - targeting_flags = "-target #{platform.architecture}-apple-darwin22 -arch #{platform.architecture} -mmacos-version-min=13.0" - proj.setting(:cflags, "#{targeting_flags} #{proj.cflags}") - proj.setting(:cppflags, "#{targeting_flags} #{proj.cppflags}") - proj.setting(:cc, 'clang') - proj.setting(:cxx, 'clang++') - proj.setting(:ldflags, "-L#{proj.libdir}") -end - -if platform.is_aix? - if platform.name == 'aix-7.1-ppc' - proj.setting(:ldflags, "-Wl,-brtl -L#{proj.libdir} -L/opt/pl-build-tools/lib") - else - proj.setting(:ldflags, "-Wl,-brtl -L#{proj.libdir}") - end -end - -if platform.is_solaris? - proj.identifier 'voxpupuli.org' -elsif platform.is_macos? - proj.identifier 'org.voxpupuli' -end - -proj.timeout 7200 if platform.is_windows? - -# Most branches of puppet-agent use these openssl flags in addition to the defaults in configs/components/openssl.rb - -# Individual projects can override these if necessary. -proj.setting(:openssl_extra_configure_flags, [ - 'no-dtls', - 'no-dtls1', - 'no-idea', - 'no-seed', - # 'no-ssl2-method', - 'no-weak-ssl-ciphers', - '-DOPENSSL_NO_HEARTBEATS', -]) unless proj.settings[:openssl_extra_configure_flags] - -# Commmon platform-specific settings for all agent branches: -platform = proj.get_platform - -# What to include in package? -proj.directory proj.install_root -proj.directory proj.prefix -proj.directory proj.sysconfdir -proj.directory proj.link_bindir -proj.directory proj.libdir -proj.directory proj.ruby_dir_base -proj.directory proj.ruby_dir_base_version -proj.directory proj.rubygems_dir -proj.directory proj.rubygems_ssl_dir -proj.directory proj.bindir if platform.is_windows? || platform.is_macos? diff --git a/configs/projects/_shared-compiler-settings.rb b/configs/projects/_shared-compiler-settings.rb deleted file mode 100644 index 260f928e..00000000 --- a/configs/projects/_shared-compiler-settings.rb +++ /dev/null @@ -1,24 +0,0 @@ -# Define default CFLAGS and LDFLAGS for most platforms, and then -# tweak or adjust them as needed. -proj.setting(:cppflags, "-I#{proj.includedir} -I/opt/pl-build-tools/include") -proj.setting(:cflags, "#{proj.cppflags}") -proj.setting(:ldflags, "-L#{proj.libdir} -L/opt/pl-build-tools/lib -Wl,-rpath=#{proj.libdir}") - -# Platform specific overrides or settings, which may override the defaults - -# Harden Linux ELF binaries by compiling with PIE (Position Independent Executables) support, -# stack canary and full RELRO. -# We only do this on platforms that use their default OS toolchain since pl-gcc versions -# are too old to support these flags. - -if((platform.is_sles? && platform.os_version.to_i >= 15) || - (platform.is_el? && platform.os_version.to_i == 8 && platform.architecture !~ /ppc64/) || - (platform.is_debian? && platform.os_version.to_i >= 10) || - (platform.is_ubuntu? && platform.os_version.to_i >= 22) || - platform.is_fedora? - ) - proj.setting(:supports_pie, true) - proj.setting(:cppflags, "-I#{proj.includedir} -D_FORTIFY_SOURCE=2") - proj.setting(:cflags, '-fstack-protector-strong -fno-plt -O2') - proj.setting(:ldflags, "-L#{proj.libdir} -Wl,-rpath=#{proj.libdir},-z,relro,-z,now") -end diff --git a/configs/projects/agent-runtime-7.x.rb b/configs/projects/agent-runtime-7.x.rb deleted file mode 100644 index c1e7e4f2..00000000 --- a/configs/projects/agent-runtime-7.x.rb +++ /dev/null @@ -1,76 +0,0 @@ -project 'agent-runtime-7.x' do |proj| - - # Set preferred component versions if they differ from defaults: - proj.setting :ruby_version, '2.7.8' - - # Solaris and AIX depend on libedit which breaks augeas compliation starting with 1.13.0 - if platform.is_solaris? || platform.is_aix? - proj.setting :augeas_version, '1.12.0' - else - proj.setting :augeas_version, '1.14.1' - end - - proj.setting :curl_version, '7.88.1' - - ######## - # Load shared agent settings - ######## - - instance_eval File.read(File.join(File.dirname(__FILE__), '_shared-agent-settings.rb')) - - ######## - # Settings specific to the next branch - ######## - - # Directory for gems shared by puppet and puppetserver - proj.setting(:puppet_gem_vendor_dir, File.join(proj.libdir, "ruby", "vendor_gems")) - - # Ruby 2.7 loads openssl on installation. Because pl-ruby was not - # built with openssl support, we switch to compile with system - # rubies. - # Solaris 11 seems to work with pl-ruby, and 10 is handled in _shared-agent-settings.rb. - if platform.is_cross_compiled_linux? - proj.setting(:host_ruby, "/usr/bin/ruby") - end - - # Ruby 2.6 (RubyGems 3.0.1) removed the --ri and --rdoc - # options. Switch to using --no-document which is available starting - # with RubyGems 2.0.0preview2. This should also cover cross-compiled - # platforms that use older rubies. - proj.setting(:gem_install, "#{proj.host_gem} install --no-document --local") - - ######## - # Load shared agent components - ######## - - instance_eval File.read(File.join(File.dirname(__FILE__), '_shared-agent-components.rb')) - - ######## - # Components specific to the main branch - ######## - - # When adding components to this list, please - # add them to pe-installer-runtime-main as well - proj.component 'rubygem-concurrent-ruby' - proj.component 'rubygem-multi_json' - proj.component 'rubygem-optimist' - proj.component 'rubygem-highline' - proj.component 'rubygem-hiera-eyaml' - proj.component 'rubygem-thor' - proj.component 'rubygem-scanf' - - if platform.is_linux? - proj.component "virt-what" - proj.component "dmidecode" unless platform.architecture =~ /ppc64/ - end - - unless platform.is_windows? - proj.component 'rubygem-sys-filesystem' - end - - # Nokogiri and dependencies to improve macOS performance (PUP-11332) - if platform.is_macos? - proj.component 'rubygem-nokogiri' - proj.component 'rubygem-mini_portile2' - end -end diff --git a/configs/projects/agent-runtime-main.rb b/configs/projects/agent-runtime-main.rb index af2210e3..6bfb42b1 100644 --- a/configs/projects/agent-runtime-main.rb +++ b/configs/projects/agent-runtime-main.rb @@ -1,55 +1,194 @@ project 'agent-runtime-main' do |proj| + proj.description 'The OpenVox agent runtime contains third-party components needed for the OpenVox agent' + proj.license 'See components' + proj.vendor 'Vox Pupuli ' + proj.homepage 'https://github.com/OpenVoxProject' + proj.version_from_git + proj.identifier platform.is_macos? ? 'org.voxpupuli' : 'voxpupuli.org' - # Set preferred component versions if they differ from defaults: - proj.setting :ruby_version, '3.2' # Leave the .Z out for Ruby 3.2 - proj.setting :rubygem_highline_version, '3.0.1' + # Export the settings for the current project and platform as yaml during builds + proj.publish_yaml_settings - # Solaris and AIX depend on libedit which breaks augeas compliation starting with 1.13.0 - if platform.is_solaris? || platform.name == 'aix-7.1-ppc' - proj.setting :augeas_version, '1.12.0' - else - proj.setting :augeas_version, '1.14.1' - end + # Generate a tarball, not a package + proj.generate_archives true + proj.generate_packages false - ######## - # Load shared agent settings - ######## + # Windows builds can be really slow + proj.timeout 7200 if platform.is_windows? - instance_eval File.read(File.join(File.dirname(__FILE__), '_shared-agent-settings.rb')) + platform = proj.get_platform ######## - # Settings specific to this branch + # Project Settings ######## + proj.setting :ruby_version, '3.2' # Leave the .Z out for Ruby 3.2+ + ruby_base_version = proj.ruby_version.gsub(/(\d+)\.(\d+)(\.\d+)?/, '\1.\2.0') + ruby_version_y = proj.ruby_version.gsub(/(\d+)\.(\d+)(\.\d+)?/, '\1.\2') + + proj.setting :openssl_version, '3.0' + + # Use sparingly in component configurations to conditionally include + # dependencies that should not be in other projects that use puppet-runtime + proj.setting :runtime_project, 'agent' + + # Windows-specific settings + proj.setting :company_id, 'VoxPupuli' + proj.setting :pl_company_id, 'PuppetLabs' + proj.setting :product_id, 'OpenVox' + proj.setting :pl_product_id, 'Puppet' + proj.setting :base_dir, 'ProgramFiles64Folder' + # We build for windows not in the final destination, but in the paths that correspond + # to the directory ids expected by WIX. This will allow for a portable installation (ideally). + windows_install_root = File.join('C:', proj.base_dir, proj.pl_company_id, proj.pl_product_id) + + # Install paths + proj.setting :install_root, platform.is_windows? ? windows_install_root : '/opt/puppetlabs' + proj.setting :miscdir, File.join(proj.install_root, 'misc') + proj.setting :prefix, File.join(proj.install_root, 'puppet') + proj.setting :bindir, File.join(proj.prefix, 'bin') + proj.setting :libdir, File.join(proj.prefix, 'lib') + proj.setting :link_bindir, File.join(proj.install_root, 'bin') + proj.setting :includedir, File.join(proj.prefix, 'include') + proj.setting :datadir, File.join(proj.prefix, 'share') + proj.setting :mandir, File.join(proj.datadir, 'man') + proj.setting :tmpfilesdir, platform.is_windows? ? 'C:/Windows/Temp' : '/usr/lib/tmpfiles.d' + proj.setting :sysconfdir, case + when platform.is_windows? then File.join('C:', 'CommonAppDataFolder', proj.pl_company_id) + when platform.is_macos? then '/private/etc/puppetlabs' + else '/etc/puppetlabs' + end + + # Unused by Windows + proj.setting :logdir, '/var/log/puppetlabs' + proj.setting :piddir, platform.is_linux? ? '/run/puppetlabs' : '/var/run/puppetlabs' + + # Ruby paths + proj.setting :ruby_dir, proj.prefix + proj.setting :ruby_bindir, proj.bindir + proj.setting :gem_home, File.join(proj.libdir, 'ruby', 'gems', ruby_base_version) + proj.setting :ruby_vendordir, File.join(proj.libdir, 'ruby', 'vendor_ruby') + proj.setting :ruby_dir_base, File.join(proj.libdir, 'ruby') + proj.setting :ruby_dir_base_version, File.join(proj.ruby_dir_base, ruby_base_version) + proj.setting :rubygems_dir, File.join(proj.ruby_dir_base_version, 'rubygems') + proj.setting :rubygems_ssl_dir, File.join(proj.rubygems_dir, 'ssl_certs') + + # Ruby's build process needs a functional 'baseruby'. When native compiling, + # ruby will build 'miniruby' and use that as 'baseruby'. When cross compiling, + # we need a 'host' ruby from somewhere else. + # + # Our build process also needs a 'host' ruby to install rubygem-* components. + proj.setting :host_ruby, case + when platform.is_windows? then File.join(proj.ruby_bindir, 'ruby.exe') + when platform.name =~ /solaris-10-sparc/ then '/opt/csw/bin/ruby' + when platform.is_cross_compiled? && platform.is_macos? + brewdir = File.dirname(File.dirname(platform.brew)) + File.join(ENV['HOST_RUBY_PREFIX'] || "#{brewdir}/opt/ruby@3.2", 'bin', 'ruby') + else File.join(proj.ruby_bindir, 'ruby') + end + proj.setting :host_gem, case + when platform.is_windows? then File.join(proj.ruby_bindir, 'gem.bat') + when platform.name =~ /solaris-10-sparc/ then '/opt/csw/bin/gem2.0' + when platform.is_cross_compiled? && platform.is_macos? + brewdir = File.dirname(File.dirname(platform.brew)) + File.join(ENV['HOST_RUBY_PREFIX'] || "#{brewdir}/opt/ruby@3.2", 'bin', 'gem') + else File.join(proj.ruby_bindir, 'gem') + end + proj.setting :gem_install, "#{proj.host_gem} install --no-document --local " + proj.setting :gem_uninstall, "#{proj.host_gem} uninstall --all --ignore-dependencies " + # Directory for gems shared by openvox-agent and openvox-server + proj.setting :puppet_gem_vendor_dir, File.join(proj.libdir, 'ruby', 'vendor_gems') + + # Cross-compiled platforms + proj.setting :host, case + when platform.is_cross_compiled_linux? || platform.is_solaris? || platform.is_windows? then "--host #{platform.platform_triple}" + when platform.is_cross_compiled? && platform.is_macos? + current_arch = `uname -m`.strip + current_arch = 'aarch64' if current_arch == 'arm64' + target_arch = platform.architecture == 'arm64' ? 'aarch64' : platform.architecture + "--host #{target_arch}-apple-darwin --build #{current_arch}-apple-darwin --target #{target_arch}-apple-darwin" + end + + # For Windows, we need to specify where tools are located within the Cygwin environment + if platform.is_windows? + proj.setting :tools_root, '/usr/x86_64-w64-mingw32/sys-root/mingw' if platform.is_windows? + proj.setting :gcc_bindir, "#{proj.tools_root}/bin" + proj.setting :cygwin, 'nodosfilewarning winsymlinks:native' + end - # Directory for gems shared by puppet and puppetserver - proj.setting(:puppet_gem_vendor_dir, File.join(proj.libdir, "ruby", "vendor_gems")) + # OS X doesn't use RPATH for linking. We shouldn't + # define it or try to force it in the linker, because this might + # break gcc or clang if they try to use the RPATH values we forced. + # + # We now target MacOS 13 as the minimum version, and build a binary + # that works for all MacOS versions since then, rather than building + # separate ones for each version. + if platform.is_macos? + proj.setting :deployment_target, '13.0' + targeting_flags = "-arch #{platform.architecture} -mmacos-version-min=13.0" + proj.setting :cc, "clang -target #{platform.architecture}-apple-darwin" + proj.setting :cxx, "clang++ -target #{platform.architecture}-apple-darwin" + end - # Ruby 2.7 loads openssl on installation. Because pl-ruby was not - # built with openssl support, we switch to compile with system - # rubies. - # Solaris 11 seems to work with pl-ruby, and 10 is handled in _shared-agent-settings.rb. - if platform.is_cross_compiled_linux? - proj.setting(:host_ruby, "/usr/bin/ruby") + # Compiler flag defaults + # Harden Linux ELF binaries by compiling with PIE (Position Independent Executables) support, + # stack canary and full RELRO. + + cppflags = "-I#{proj.includedir} -D_FORTIFY_SOURCE=2" + cflags = "#{cppflags} -fstack-protector-strong -fPIC -fno-plt -O2" + ldflags = "-L#{proj.libdir}" + proj.setting :cppflags, case + when platform.is_windows? then "-I#{proj.tools_root}/include -I#{proj.tools_root}/include/readline -I#{proj.includedir}" + when platform.is_macos? then "#{targeting_flags} #{cppflags}" + else cppflags + end + proj.setting :cflags, case + when platform.is_windows? then "-I#{proj.tools_root}/include -I#{proj.tools_root}/include/readline -I#{proj.includedir}" + when platform.is_macos? then "#{targeting_flags} #{cflags}" + else cflags + end + proj.setting :ldflags, case + when platform.is_windows? then "#{ldflags} -L#{proj.tools_root}/lib -Wl,--nxcompat" + when platform.is_linux? then "#{ldflags} -Wl,-rpath=#{proj.libdir} -Wl,-z,relro -Wl,-z,now" + when platform.is_aix? then "#{ldflags} -Wl,-brtl" + else ldflags end - # Ruby 2.6 (RubyGems 3.0.1) removed the --ri and --rdoc - # options. Switch to using --no-document which is available starting - # with RubyGems 2.0.0preview2. This should also cover cross-compiled - # platforms that use older rubies. - proj.setting(:gem_install, "#{proj.host_gem} install --no-document --local") ######## - # Load shared agent components + # Directories ######## + proj.directory proj.install_root + proj.directory proj.prefix + proj.directory proj.sysconfdir + proj.directory proj.link_bindir + proj.directory proj.libdir + proj.directory proj.ruby_dir_base + proj.directory proj.ruby_dir_base_version + proj.directory proj.rubygems_dir + proj.directory proj.rubygems_ssl_dir + proj.directory proj.bindir if platform.is_windows? || platform.is_macos? - instance_eval File.read(File.join(File.dirname(__FILE__), '_shared-agent-components.rb')) ######## - # Components specific to the main branch + # Components ######## - - # When adding components to this list, please - # add them to pe-installer-runtime-main as well + proj.component 'runtime-agent' + proj.component 'libffi' + proj.component 'libyaml' + proj.component "openssl-#{proj.openssl_version}" + proj.component 'curl' + proj.component 'puppet-ca-bundle' + proj.component "ruby-#{proj.ruby_version}" + + proj.component 'rubygem-hocon' + proj.component 'rubygem-deep_merge' + proj.component 'rubygem-net-ssh' + proj.component 'rubygem-semantic_puppet' + proj.component 'rubygem-text' + proj.component 'rubygem-locale' + proj.component 'rubygem-gettext' + proj.component 'rubygem-fast_gettext' + proj.component 'rubygem-ffi' proj.component 'rubygem-concurrent-ruby' proj.component 'rubygem-multi_json' proj.component 'rubygem-optimist' @@ -57,23 +196,34 @@ proj.component 'rubygem-hiera-eyaml' proj.component 'rubygem-thor' proj.component 'rubygem-scanf' + proj.component 'rubygem-erubi' + proj.component 'rubygem-prime' + proj.component 'rubygem-logger' + proj.component 'rubygem-base64' + proj.component 'rubygem-rexml' - if platform.is_linux? - proj.component "virt-what" - proj.component "dmidecode" unless platform.architecture =~ /ppc64/ + # Platform-specific differences + if platform.is_macos? + proj.component 'readline' + proj.component 'rubygem-CFPropertyList' end unless platform.is_windows? + proj.component 'augeas' + proj.component 'ruby-augeas' + proj.component 'libxml2' + proj.component 'libxslt' proj.component 'rubygem-sys-filesystem' end - # Nokogiri and dependencies to improve macOS performance (PUP-11332) - if platform.is_macos? - proj.component 'rubygem-nokogiri' - proj.component 'rubygem-mini_portile2' - end + proj.component 'ruby-shadow' unless platform.is_aix? || platform.is_windows? + proj.component 'ruby-selinux' if platform.is_el? || platform.is_fedora? || platform.is_debian? || platform.is_ubuntu? + proj.component 'libedit' if platform.is_solaris? # Used instead of readline + proj.component 'pl-ruby-patch' if platform.is_cross_compiled? + proj.component 'rubygem-minitar' if platform.is_windows? || platform.is_solaris? || platform.is_aix? - # Dependencies for gettext for Ruby >= 3.2 (PA-4815) - proj.component 'rubygem-erubi' - proj.component 'rubygem-prime' + if platform.is_linux? + proj.component 'virt-what' + proj.component 'dmidecode' unless platform.architecture =~ /ppc64/ + end end diff --git a/configs/projects/openbolt-runtime.rb b/configs/projects/openbolt-runtime.rb index 0c355219..772a0d94 100644 --- a/configs/projects/openbolt-runtime.rb +++ b/configs/projects/openbolt-runtime.rb @@ -1,133 +1,125 @@ project 'openbolt-runtime' do |proj| - # Used in component configurations to conditionally include dependencies - proj.setting(:runtime_project, 'openbolt') - proj.setting(:ruby_version, '3.2') # Leave the .Z out for Ruby 3.2 - proj.setting(:openssl_version, '3.0') - # Legacy algos must be enabled in OpenSSL >= 3.0 for OpenBolt's WinRM transport to work. - proj.setting(:use_legacy_openssl_algos, true) - proj.setting(:augeas_version, '1.14.1') - - platform = proj.get_platform - - proj.version_from_git - proj.generate_archives true - proj.generate_packages false - proj.description 'The OpenBolt runtime contains third-party components needed for OpenBolt standalone packaging' proj.license 'See components' proj.vendor 'Vox Pupuli ' proj.homepage 'https://github.com/OpenVoxProject' - proj.identifier 'org.voxpupuli' - - if platform.is_windows? - proj.setting(:company_id, 'VoxPupuli') - proj.setting(:pl_company_id, 'PuppetLabs') - proj.setting(:product_id, 'OpenBolt') - proj.setting(:pl_product_id, 'Bolt') - if platform.architecture == 'x64' - proj.setting(:base_dir, 'ProgramFiles64Folder') - else - proj.setting(:base_dir, 'ProgramFilesFolder') - end - # We build for windows not in the final destination, but in the paths that correspond - # to the directory ids expected by WIX. This will allow for a portable installation (ideally). - proj.setting(:prefix, File.join('C:', proj.base_dir, proj.company_id, proj.product_id)) - else - proj.setting(:prefix, '/opt/puppetlabs/bolt') - end + proj.version_from_git + proj.identifier platform.is_macos? ? 'org.voxpupuli' : 'voxpupuli.org' - proj.setting(:ruby_dir, proj.prefix) - proj.setting(:bindir, File.join(proj.prefix, 'bin')) - proj.setting(:ruby_bindir, proj.bindir) - proj.setting(:libdir, File.join(proj.prefix, 'lib')) - proj.setting(:includedir, File.join(proj.prefix, 'include')) - proj.setting(:datadir, File.join(proj.prefix, 'share')) - proj.setting(:mandir, File.join(proj.datadir, 'man')) + # Export the settings for the current project and platform as yaml during builds + proj.publish_yaml_settings - if platform.is_windows? - proj.setting(:host_ruby, File.join(proj.ruby_bindir, 'ruby.exe')) - proj.setting(:host_gem, File.join(proj.ruby_bindir, 'gem.bat')) - - # For windows, we need to ensure we are building for mingw not cygwin - platform_triple = platform.platform_triple - host = "--host #{platform_triple}" - else - proj.setting(:host_ruby, File.join(proj.ruby_bindir, 'ruby')) - proj.setting(:host_gem, File.join(proj.ruby_bindir, 'gem')) - end + # Generate a tarball, not a package + proj.generate_archives true + proj.generate_packages false - ruby_base_version = proj.ruby_version.gsub(/(\d+)\.(\d+)(\.\d+)?/, '\1.\2.0') - ruby_version_y = proj.ruby_version.gsub(/(\d+)\.(\d+)(\.\d+)?/, '\1.\2') - ruby_version_x = proj.ruby_version.gsub(/(\d+)\.(\d+)(\.\d+)?/, '\1') + # Windows builds can be really slow + proj.timeout 7200 if platform.is_windows? - proj.setting(:gem_home, File.join(proj.libdir, 'ruby', 'gems', ruby_base_version)) - proj.setting(:gem_install, "#{proj.host_gem} install --no-document --local --bindir=#{proj.ruby_bindir}") + platform = proj.get_platform - proj.setting(:platform_triple, platform_triple) - proj.setting(:host, host) + ######## + # Project Settings + ######## + proj.setting :ruby_version, '3.2' # Leave the .Z out for Ruby 3.2 + ruby_base_version = proj.ruby_version.gsub(/(\d+)\.(\d+)(\.\d+)?/, '\1.\2.0') - # Define default CFLAGS and LDFLAGS for most platforms, and then - # tweak or adjust them as needed. - proj.setting(:cppflags, "-I#{proj.includedir}") - proj.setting(:cflags, proj.cppflags) - proj.setting(:ldflags, "-L#{proj.libdir} -Wl,-rpath=#{proj.libdir}") + # Legacy algos must be enabled in OpenSSL >= 3.0 for OpenBolt's WinRM transport to work. + proj.setting :use_legacy_openssl_algos, true + proj.setting :openssl_version, '3.0' - # Platform specific overrides or settings, which may override the defaults + # Used in component configurations to conditionally include dependencies + proj.setting :runtime_project, 'openbolt' + + # Windows-specific settings + proj.setting :company_id, 'VoxPupuli' + proj.setting :pl_company_id, 'PuppetLabs' + proj.setting :product_id, 'OpenBolt' + proj.setting :pl_product_id, 'Bolt' + proj.setting :base_dir, 'ProgramFiles64Folder' + # We build for windows not in the final destination, but in the paths that correspond + # to the directory ids expected by WIX. This will allow for a portable installation (ideally). + windows_prefix = File.join('C:', proj.base_dir, proj.pl_company_id, proj.pl_product_id) + + # Install paths + proj.setting :prefix, platform.is_windows? ? windows_prefix : '/opt/puppetlabs/bolt' + proj.setting :bindir, File.join(proj.prefix, 'bin') + proj.setting :libdir, File.join(proj.prefix, 'lib') + proj.setting :includedir, File.join(proj.prefix, 'include') + proj.setting :datadir, File.join(proj.prefix, 'share') + proj.setting :mandir, File.join(proj.datadir, 'man') + + # Ruby paths + proj.setting :ruby_dir, proj.prefix + proj.setting :ruby_bindir, proj.bindir + ruby_bin = platform.is_windows? ? 'ruby.exe' : 'ruby' + gem_bin = platform.is_windows? ? 'gem.bat' : 'gem' + proj.setting :host_ruby, File.join(proj.ruby_bindir, ruby_bin) + proj.setting :host_gem, File.join(proj.ruby_bindir, gem_bin) + proj.setting :gem_home, File.join(proj.libdir, 'ruby', 'gems', ruby_base_version) + proj.setting :gem_install, "#{proj.host_gem} install --no-document --local --bindir=#{proj.ruby_bindir}" + + proj.setting :host, platform.is_windows? ? "--host #{platform.platform_triple}" : nil + + # For Windows, we need to specify where tools are located within the Cygwin environment if platform.is_windows? - arch = platform.architecture == 'x64' ? '64' : '32' - proj.setting(:gcc_root, "/usr/x86_64-w64-mingw32/sys-root/mingw") - proj.setting(:gcc_bindir, "#{proj.gcc_root}/bin") - proj.setting(:tools_root, "/usr/x86_64-w64-mingw32/sys-root/mingw") - # If tools_root ever differs from gcc_root again, add it back here. - proj.setting(:cppflags, "-I#{proj.gcc_root}/include -I#{proj.gcc_root}/include/readline -I#{proj.includedir}") - proj.setting(:cflags, "#{proj.cppflags}") - proj.setting(:ldflags, "-L#{proj.gcc_root}/lib -L#{proj.libdir} -Wl,--nxcompat -Wl,--dynamicbase") - proj.setting(:cygwin, 'nodosfilewarning winsymlinks:native') + proj.setting :tools_root, '/usr/x86_64-w64-mingw32/sys-root/mingw' if platform.is_windows? + proj.setting :gcc_bindir, "#{proj.tools_root}/bin" + proj.setting :cygwin, 'nodosfilewarning winsymlinks:native' end + # We now target MacOS 13 as the minimum version, and build a binary + # that works for all MacOS versions since then, rather than building + # separate ones for each version. if platform.is_macos? - proj.setting(:deployment_target, '13.0') + proj.setting :deployment_target, '13.0' targeting_flags = "-target #{platform.architecture}-apple-darwin22 -arch #{platform.architecture} -mmacos-version-min=13.0" - proj.setting(:cflags, "#{targeting_flags} #{proj.cflags}") - proj.setting(:cppflags, "#{targeting_flags} #{proj.cppflags}") - proj.setting(:cc, 'clang') - proj.setting(:cxx, 'clang++') - proj.setting(:ldflags, "-L#{proj.libdir}") + proj.setting :cc, 'clang' + proj.setting :cxx, 'clang++' end - # These flags are applied in addition to the defaults in configs/component/openssl.rb. - proj.setting(:openssl_extra_configure_flags, [ - 'no-dtls', - 'no-dtls1', - 'no-idea', - 'no-seed', - 'no-weak-ssl-ciphers', - '-DOPENSSL_NO_HEARTBEATS', - ]) + # Compiler flag defaults + # The flags besides -I and -L here are taken from the agent runtime. + # Remove them if they end up causing problems for OpenBolt. + cppflags = "-I#{proj.includedir} -D_FORTIFY_SOURCE=2" + cflags = "#{cppflags} -fstack-protector-strong -fno-plt -O2" + ldflags = "-L#{proj.libdir}" + proj.setting :cppflags, case + when platform.is_windows? then "-I#{proj.tools_root}/include -I#{proj.tools_root}/include/readline -I#{proj.includedir}" + when platform.is_macos? then "#{targeting_flags} #{cppflags}" + else cppflags + end + proj.setting :cflags, case + when platform.is_windows? then "-I#{proj.tools_root}/include -I#{proj.tools_root}/include/readline -I#{proj.includedir}" + when platform.is_macos? then "#{targeting_flags} #{cflags}" + else cflags + end + proj.setting :ldflags, case + when platform.is_windows? then "#{ldflags} -L#{proj.tools_root}/lib -Wl,--nxcompat -Wl,--dynamicbase" + when platform.is_macos? then ldflags + when platform.is_linux? then "#{ldflags} -Wl,-rpath=#{proj.libdir} -Wl,-z,relro -Wl,-z,now -pie" + else "#{ldflags} -Wl,-rpath=#{proj.libdir}" + end - # What to build? - # -------------- + ######## + # Directories + ######## + proj.directory proj.prefix - # Required to build ruby >=3.0.0 + ######## + # Components + ######## + proj.component 'runtime-openbolt' proj.component 'libffi' proj.component 'libyaml' - - # Ruby and deps proj.component "openssl-#{proj.openssl_version}" - proj.component 'runtime-openbolt' proj.component 'puppet-ca-bundle' proj.component "ruby-#{proj.ruby_version}" proj.component 'rubygem-bcrypt_pbkdf' proj.component 'rubygem-ed25519' - - # These gems are still included in Ruby 3.2, but we include them because - # OpenFact requires them for Ruby 3.4 support, and Bolt will need to - # do the same once we get to Ruby 3.4+ support. proj.component 'rubygem-logger' proj.component 'rubygem-base64' - - # Puppet dependencies proj.component 'rubygem-hocon' proj.component 'rubygem-deep_merge' proj.component 'rubygem-text' @@ -137,16 +129,10 @@ proj.component 'rubygem-fast_gettext' proj.component 'rubygem-scanf' proj.component 'rubygem-semantic_puppet' - - # R10k dependencies proj.component 'rubygem-gettext-setup' - - # hiera-eyaml and its dependencies proj.component 'rubygem-highline' proj.component 'rubygem-optimist' proj.component 'rubygem-hiera-eyaml' - - # faraday and its dependencies proj.component 'rubygem-faraday' proj.component 'rubygem-faraday-em_http' proj.component 'rubygem-faraday-em_synchrony' @@ -160,8 +146,6 @@ proj.component 'rubygem-faraday-retry' proj.component 'rubygem-faraday-follow_redirects' proj.component 'rubygem-ruby2_keywords' - - # Core dependencies proj.component 'rubygem-addressable' proj.component 'rubygem-aws-eventstream' proj.component 'rubygem-aws-partitions' @@ -215,35 +199,21 @@ proj.component 'rubygem-unicode-display_width' proj.component 'rubygem-webrick' proj.component 'rubygem-yard' - - # Core Windows dependencies proj.component 'rubygem-windows_error' proj.component 'rubygem-winrm' proj.component 'rubygem-winrm-fs' + # Platform-specific differences # Components from puppet-runtime included to support apply on localhost # We only build ruby-selinux for EL, Fedora, Debian and Ubuntu (amd64/i386) - if platform.is_el? || platform.is_fedora? || platform.is_debian? || (platform.is_ubuntu? && platform.architecture !~ /ppc64el$/) - proj.component 'ruby-selinux' - end + proj.component 'ruby-selinux' if platform.is_el? || platform.is_fedora? || platform.is_debian? || platform.is_ubuntu? - # Non-windows specific components unless platform.is_windows? - # C Augeas + deps proj.component 'readline' if platform.is_macos? proj.component 'augeas' proj.component 'libxml2' proj.component 'libxslt' - # Ruby Augeas and shadow proj.component 'ruby-augeas' proj.component 'ruby-shadow' end - - # What to include in package? - proj.directory proj.prefix - - # Export the settings for the current project and platform as yaml during builds - proj.publish_yaml_settings - - proj.timeout 7200 if platform.is_windows? end diff --git a/resources/files/ruby/patch-hostruby.rb b/resources/files/ruby/patch-hostruby.rb index 0e09dd68..9b31b273 100644 --- a/resources/files/ruby/patch-hostruby.rb +++ b/resources/files/ruby/patch-hostruby.rb @@ -20,7 +20,11 @@ # target ruby versions (what we're trying to build) target_ruby_version = ARGV[0] target_triple = ARGV[1] -target_api_version = target_ruby_version.gsub(/\.\d*$/, '.0') +target_api_version = if target_ruby_version.match(/\d\.\d\.\d{1,2}/) + target_ruby_version.gsub(/\.\d*$/, '.0') + else + "#{target_ruby_version}.0" + end # host ruby (the ruby we execute to build the target) host_rubylibdir = RbConfig::CONFIG['rubylibdir'] @@ -99,6 +103,10 @@ def rewrite(file) regexp = /Shellwords\.split\(Gem\.ruby\)/ replace = "\\& << '-r/opt/puppetlabs/puppet/share/doc/rbconfig-#{target_ruby_version}-orig.rb'" builder = 'rubygems/ext/builder.rb' +elsif GEM_VERSION <= Gem::Version.new('3.8') + regexp = /shellsplit\(Gem\.ruby\)/ + replace = "\\& << '-r/opt/puppetlabs/puppet/share/doc/rbconfig-#{target_ruby_version}-orig.rb'" + builder = 'rubygems/ext/builder.rb' else raise "We don't know how to patch rubygems #{GEM_VERSION}" end diff --git a/resources/patches/augeas/ruby-augeas-0.5.0-patch_c_extension.patch b/resources/patches/augeas/ruby-augeas-0.5.0-patch_c_extension.patch deleted file mode 100644 index 7b73f8eb..00000000 --- a/resources/patches/augeas/ruby-augeas-0.5.0-patch_c_extension.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff --git a/ruby-augeas-0.5.0/ext/augeas/_augeas.c b/ruby-augeas-0.5.0/ext/augeas/_augeas.c -index 95d9e05024..7aac0eb96d 100644 ---- a/ruby-augeas-0.5.0/ext/augeas/_augeas.c -+++ b/ruby-augeas-0.5.0/ext/augeas/_augeas.c -@@ -489,6 +489,7 @@ void Init__augeas() { - - /* Define the ruby class */ - c_augeas = rb_define_class("Augeas", rb_cObject) ; -+ rb_undef_alloc_func(c_augeas); - - /* Constants for enum aug_flags */ - #define DEF_AUG_FLAG(name) \ diff --git a/resources/patches/augeas/ruby-augeas-0.5.0-patch_remove_unused_parameter.patch b/resources/patches/augeas/ruby-augeas-0.5.0-patch_remove_unused_parameter.patch deleted file mode 100644 index 416ac7b1..00000000 --- a/resources/patches/augeas/ruby-augeas-0.5.0-patch_remove_unused_parameter.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff --git a/ext/augeas/_augeas.c b/ext/augeas/_augeas.c -index f9b49d1..7ef0d7d 100644 ---- a/ruby-augeas-0.5.0/ext/augeas/_augeas.c -+++ b/ruby-augeas-0.5.0/ext/augeas/_augeas.c -@@ -184,7 +184,7 @@ VALUE augeas_mv(VALUE s, VALUE src, VALUE dst) { - * - * Remove path and all its children. Returns the number of entries removed - */ --VALUE augeas_rm(VALUE s, VALUE path, VALUE sibling) { -+VALUE augeas_rm(VALUE s, VALUE path) { - augeas *aug = aug_handle(s); - const char *cpath = StringValueCStr(path) ; diff --git a/resources/patches/curl/CVE-2023-27535.patch b/resources/patches/curl/CVE-2023-27535.patch deleted file mode 100644 index 9321ead7..00000000 --- a/resources/patches/curl/CVE-2023-27535.patch +++ /dev/null @@ -1,146 +0,0 @@ -diff --git a/lib/ftp.c b/lib/ftp.c -index 7766f76c7..601f60394 100644 ---- a/lib/ftp.c -+++ b/lib/ftp.c -@@ -4052,6 +4052,8 @@ static CURLcode ftp_disconnect(struct Curl_easy *data, - } - - freedirs(ftpc); -+ Curl_safefree(ftpc->account); -+ Curl_safefree(ftpc->alternative_to_user); - Curl_safefree(ftpc->prevpath); - Curl_safefree(ftpc->server_os); - Curl_pp_disconnect(pp); -@@ -4321,11 +4323,31 @@ static CURLcode ftp_setup_connection(struct Curl_easy *data, - char *type; - struct FTP *ftp; - CURLcode result = CURLE_OK; -+ struct ftp_conn *ftpc = &conn->proto.ftpc; - -- data->req.p.ftp = ftp = calloc(sizeof(struct FTP), 1); -+ ftp = calloc(sizeof(struct FTP), 1); - if(!ftp) - return CURLE_OUT_OF_MEMORY; - -+ /* clone connection related data that is FTP specific */ -+ if(data->set.str[STRING_FTP_ACCOUNT]) { -+ ftpc->account = strdup(data->set.str[STRING_FTP_ACCOUNT]); -+ if(!ftpc->account) { -+ free(ftp); -+ return CURLE_OUT_OF_MEMORY; -+ } -+ } -+ if(data->set.str[STRING_FTP_ALTERNATIVE_TO_USER]) { -+ ftpc->alternative_to_user = -+ strdup(data->set.str[STRING_FTP_ALTERNATIVE_TO_USER]); -+ if(!ftpc->alternative_to_user) { -+ Curl_safefree(ftpc->account); -+ free(ftp); -+ return CURLE_OUT_OF_MEMORY; -+ } -+ } -+ data->req.p.ftp = ftp; -+ - ftp->path = &data->state.up.path[1]; /* don't include the initial slash */ - - /* FTP URLs support an extension like ";type=" that -@@ -4360,7 +4382,9 @@ static CURLcode ftp_setup_connection(struct Curl_easy *data, - /* get some initial data into the ftp struct */ - ftp->transfer = PPTRANSFER_BODY; - ftp->downloadsize = 0; -- conn->proto.ftpc.known_filesize = -1; /* unknown size for now */ -+ ftpc->known_filesize = -1; /* unknown size for now */ -+ ftpc->use_ssl = data->set.use_ssl; -+ ftpc->ccc = data->set.ftp_ccc; - - return result; - } -diff --git a/lib/ftp.h b/lib/ftp.h -index 65efa6f94..977fc883b 100644 ---- a/lib/ftp.h -+++ b/lib/ftp.h -@@ -120,6 +120,8 @@ struct FTP { - struct */ - struct ftp_conn { - struct pingpong pp; -+ char *account; -+ char *alternative_to_user; - char *entrypath; /* the PWD reply when we logged on */ - char *file; /* url-decoded file name (or path) */ - char **dirs; /* realloc()ed array for path components */ -@@ -143,6 +145,9 @@ struct ftp_conn { - ftpstate state; /* always use ftp.c:state() to change state! */ - ftpstate state_saved; /* transfer type saved to be reloaded after data - connection is established */ -+ unsigned char use_ssl; /* if AUTH TLS is to be attempted etc, for FTP or -+ IMAP or POP3 or others! (type: curl_usessl)*/ -+ unsigned char ccc; /* ccc level for this connection */ - BIT(ftp_trying_alternative); - BIT(dont_check); /* Set to TRUE to prevent the final (post-transfer) - file size and 226/250 status check. It should still -diff --git a/lib/setopt.c b/lib/setopt.c -index 604693ad9..eae6a4cd9 100644 ---- a/lib/setopt.c -+++ b/lib/setopt.c -@@ -2369,7 +2369,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) - arg = va_arg(param, long); - if((arg < CURLUSESSL_NONE) || (arg >= CURLUSESSL_LAST)) - return CURLE_BAD_FUNCTION_ARGUMENT; -- data->set.use_ssl = (curl_usessl)arg; -+ data->set.use_ssl = (unsigned char)arg; - break; - - case CURLOPT_SSL_OPTIONS: -diff --git a/lib/url.c b/lib/url.c -index 1bb93df91..6edb129e0 100644 ---- a/lib/url.c -+++ b/lib/url.c -@@ -1299,11 +1299,24 @@ ConnectionExists(struct Curl_easy *data, - || ((check->httpversion >= 30) && - (data->state.httpwant < CURL_HTTP_VERSION_3)))) - continue; -- -- if(get_protocol_family(needle->handler) == PROTO_FAMILY_SSH) { -+#ifdef USE_SSH -+ else if(get_protocol_family(needle->handler) & PROTO_FAMILY_SSH) { - if(!ssh_config_matches(needle, check)) - continue; - } -+#endif -+#ifndef CURL_DISABLE_FTP -+ else if(get_protocol_family(needle->handler) & PROTO_FAMILY_FTP) { -+ /* Also match ACCOUNT, ALTERNATIVE-TO-USER, USE_SSL and CCC options */ -+ if(Curl_timestrcmp(needle->proto.ftpc.account, -+ check->proto.ftpc.account) || -+ Curl_timestrcmp(needle->proto.ftpc.alternative_to_user, -+ check->proto.ftpc.alternative_to_user) || -+ (needle->proto.ftpc.use_ssl != check->proto.ftpc.use_ssl) || -+ (needle->proto.ftpc.ccc != check->proto.ftpc.ccc)) -+ continue; -+ } -+#endif - - if((needle->handler->flags&PROTOPT_SSL) - #ifndef CURL_DISABLE_PROXY -diff --git a/lib/urldata.h b/lib/urldata.h -index 4cfffa773..8bd6da7ab 100644 ---- a/lib/urldata.h -+++ b/lib/urldata.h -@@ -1713,8 +1713,6 @@ struct UserDefined { - #ifndef CURL_DISABLE_NETRC - unsigned char use_netrc; /* enum CURL_NETRC_OPTION values */ - #endif -- curl_usessl use_ssl; /* if AUTH TLS is to be attempted etc, for FTP or -- IMAP or POP3 or others! */ - unsigned int new_file_perms; /* when creating remote files */ - char *str[STRING_LAST]; /* array of strings, pointing to allocated memory */ - struct curl_blob *blobs[BLOB_LAST]; -@@ -1773,6 +1771,8 @@ struct UserDefined { - BIT(mail_rcpt_allowfails); /* allow RCPT TO command to fail for some - recipients */ - #endif -+ unsigned char use_ssl; /* if AUTH TLS is to be attempted etc, for FTP or -+ IMAP or POP3 or others! (type: curl_usessl)*/ - unsigned char connect_only; /* make connection/request, then let - application use the socket */ - BIT(is_fread_set); /* has read callback been set to non-NULL? */ diff --git a/resources/patches/curl/CVE-2023-28319.patch b/resources/patches/curl/CVE-2023-28319.patch deleted file mode 100644 index 01e21be2..00000000 --- a/resources/patches/curl/CVE-2023-28319.patch +++ /dev/null @@ -1,17 +0,0 @@ -diff --git a/lib/vssh/libssh2.c b/lib/vssh/libssh2.c -index 4703eb572..c5bbdd1f2 100644 ---- a/lib/vssh/libssh2.c -+++ b/lib/vssh/libssh2.c -@@ -723,11 +723,10 @@ static CURLcode ssh_check_fingerprint(struct Curl_easy *data) - */ - if((pub_pos != b64_pos) || - strncmp(fingerprint_b64, pubkey_sha256, pub_pos)) { -- free(fingerprint_b64); -- - failf(data, - "Denied establishing ssh session: mismatch sha256 fingerprint. " - "Remote %s is not equal to %s", fingerprint_b64, pubkey_sha256); -+ free(fingerprint_b64); - state(data, SSH_SESSION_FREE); - sshc->actualcode = CURLE_PEER_FAILED_VERIFICATION; - return sshc->actualcode; diff --git a/resources/patches/curl/CVE-2023-32001.patch b/resources/patches/curl/CVE-2023-32001.patch deleted file mode 100644 index fc2b6ccd..00000000 --- a/resources/patches/curl/CVE-2023-32001.patch +++ /dev/null @@ -1,24 +0,0 @@ -diff --git a/lib/fopen.c b/lib/fopen.c -index f710dbf05..8c728f2a8 100644 ---- a/lib/fopen.c -+++ b/lib/fopen.c -@@ -56,13 +56,13 @@ CURLcode Curl_fopen(struct Curl_easy *data, const char *filename, - int fd = -1; - *tempname = NULL; - -- if(stat(filename, &sb) == -1 || !S_ISREG(sb.st_mode)) { -- /* a non-regular file, fallback to direct fopen() */ -- *fh = fopen(filename, FOPEN_WRITETEXT); -- if(*fh) -- return CURLE_OK; -+ *fh = fopen(filename, FOPEN_WRITETEXT); -+ if(!*fh) - goto fail; -- } -+ if(fstat(fileno(*fh), &sb) == -1 || !S_ISREG(sb.st_mode)) -+ return CURLE_OK; -+ fclose(*fh); -+ *fh = NULL; - - result = Curl_rand_hex(data, randsuffix, sizeof(randsuffix)); - if(result) diff --git a/resources/patches/curl/CVE-2023-38545.patch b/resources/patches/curl/CVE-2023-38545.patch deleted file mode 100644 index f2b81d32..00000000 --- a/resources/patches/curl/CVE-2023-38545.patch +++ /dev/null @@ -1,27 +0,0 @@ -diff --git a/lib/socks.c b/lib/socks.c -index 95c2b004c..8cf694d1d 100644 ---- a/lib/socks.c -+++ b/lib/socks.c -@@ -588,9 +588,9 @@ static CURLproxycode do_SOCKS5(struct Curl_cfilter *cf, - - /* RFC1928 chapter 5 specifies max 255 chars for domain name in packet */ - if(!socks5_resolve_local && hostname_len > 255) { -- infof(data, "SOCKS5: server resolving disabled for hostnames of " -- "length > 255 [actual len=%zu]", hostname_len); -- socks5_resolve_local = TRUE; -+ failf(data, "SOCKS5: the destination hostname is too long to be " -+ "resolved remotely by the proxy."); -+ return CURLPX_LONG_HOSTNAME; - } - - if(auth & ~(CURLAUTH_BASIC | CURLAUTH_GSSAPI)) -@@ -904,7 +904,7 @@ static CURLproxycode do_SOCKS5(struct Curl_cfilter *cf, - } - else { - socksreq[len++] = 3; -- socksreq[len++] = (char) hostname_len; /* one byte address length */ -+ socksreq[len++] = (unsigned char) hostname_len; /* one byte length */ - memcpy(&socksreq[len], sx->hostname, hostname_len); /* w/o NULL */ - len += hostname_len; - } - diff --git a/resources/patches/curl/CVE-2023-38546.patch b/resources/patches/curl/CVE-2023-38546.patch deleted file mode 100644 index 249da000..00000000 --- a/resources/patches/curl/CVE-2023-38546.patch +++ /dev/null @@ -1,125 +0,0 @@ -Backport of: - -From 61275672b46d9abb3285740467b882e22ed75da8 Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg -Date: Thu, 14 Sep 2023 23:28:32 +0200 -Subject: [PATCH] cookie: remove unnecessary struct fields - -Plus: reduce the hash table size from 256 to 63. It seems unlikely to -make much of a speed difference for most use cases but saves 1.5KB of -data per instance. - -Closes #11862 ---- - lib/cookie.c | 13 +------------ - lib/cookie.h | 13 ++++--------- - lib/easy.c | 4 +--- - 3 files changed, 6 insertions(+), 24 deletions(-) - ---- a/lib/cookie.c -+++ b/lib/cookie.c -@@ -118,7 +118,6 @@ static void freecookie(struct Cookie *co - free(co->name); - free(co->value); - free(co->maxage); -- free(co->version); - free(co); - } - -@@ -715,11 +714,7 @@ Curl_cookie_add(struct Curl_easy *data, - } - } - else if(strcasecompare("version", name)) { -- strstore(&co->version, whatptr); -- if(!co->version) { -- badcookie = TRUE; -- break; -- } -+ /* just ignore */ - } - else if(strcasecompare("max-age", name)) { - /* -@@ -1174,7 +1169,6 @@ Curl_cookie_add(struct Curl_easy *data, - free(clist->path); - free(clist->spath); - free(clist->expirestr); -- free(clist->version); - free(clist->maxage); - - *clist = *co; /* then store all the new data */ -@@ -1238,9 +1232,6 @@ struct CookieInfo *Curl_cookie_init(stru - c = calloc(1, sizeof(struct CookieInfo)); - if(!c) - return NULL; /* failed to get memory */ -- c->filename = strdup(file?file:"none"); /* copy the name just in case */ -- if(!c->filename) -- goto fail; /* failed to get memory */ - /* - * Initialize the next_expiration time to signal that we don't have enough - * information yet. -@@ -1394,7 +1385,6 @@ static struct Cookie *dup_cookie(struct - CLONE(name); - CLONE(value); - CLONE(maxage); -- CLONE(version); - d->expires = src->expires; - d->tailmatch = src->tailmatch; - d->secure = src->secure; -@@ -1610,7 +1600,6 @@ void Curl_cookie_cleanup(struct CookieIn - { - if(c) { - unsigned int i; -- free(c->filename); - for(i = 0; i < COOKIE_HASH_SIZE; i++) - Curl_cookie_freelist(c->cookies[i]); - free(c); /* free the base struct as well */ ---- a/lib/cookie.h -+++ b/lib/cookie.h -@@ -36,11 +36,7 @@ struct Cookie { - char *domain; /* domain = */ - curl_off_t expires; /* expires = */ - char *expirestr; /* the plain text version */ -- -- /* RFC 2109 keywords. Version=1 means 2109-compliant cookie sending */ -- char *version; /* Version = */ - char *maxage; /* Max-Age = */ -- - bool tailmatch; /* whether we do tail-matching of the domain name */ - bool secure; /* whether the 'secure' keyword was used */ - bool livecookie; /* updated from a server, not a stored file */ -@@ -56,18 +52,16 @@ struct Cookie { - #define COOKIE_PREFIX__SECURE (1<<0) - #define COOKIE_PREFIX__HOST (1<<1) - --#define COOKIE_HASH_SIZE 256 -+#define COOKIE_HASH_SIZE 63 - - struct CookieInfo { - /* linked list of cookies we know of */ - struct Cookie *cookies[COOKIE_HASH_SIZE]; -- -- char *filename; /* file we read from/write to */ -- long numcookies; /* number of cookies in the "jar" */ -+ curl_off_t next_expiration; /* the next time at which expiration happens */ -+ int numcookies; /* number of cookies in the "jar" */ -+ int lastct; /* last creation-time used in the jar */ - bool running; /* state info, for cookie adding information */ - bool newsession; /* new session, discard session cookies on load */ -- int lastct; /* last creation-time used in the jar */ -- curl_off_t next_expiration; /* the next time at which expiration happens */ - }; - - /* This is the maximum line length we accept for a cookie line. RFC 2109 ---- a/lib/easy.c -+++ b/lib/easy.c -@@ -911,9 +911,7 @@ struct Curl_easy *curl_easy_duphandle(st - if(data->cookies) { - /* If cookies are enabled in the parent handle, we enable them - in the clone as well! */ -- outcurl->cookies = Curl_cookie_init(data, -- data->cookies->filename, -- outcurl->cookies, -+ outcurl->cookies = Curl_cookie_init(data, NULL, outcurl->cookies, - data->set.cookiesession); - if(!outcurl->cookies) - goto fail; diff --git a/resources/patches/curl/CVE-2023-46218.patch b/resources/patches/curl/CVE-2023-46218.patch deleted file mode 100644 index a05e524d..00000000 --- a/resources/patches/curl/CVE-2023-46218.patch +++ /dev/null @@ -1,45 +0,0 @@ -From 2b0994c29a721c91c572cff7808c572a24d251eb Thu Nov 23 00:00:00 2023 -From: Daniel Stenberg -Date: Thu, 23 Nov 2023 23:28:32 +0200 -Subject: [PATCH] cookie: lowercase the domain names before PSL checks - -Reported-by: Harry Sintonen - -Closes #12387 ---- -diff --git a/lib/cookie.c b/lib/cookie.c -index c457b2d95..fc3f2bd98 100644 ---- a/lib/cookie.c -+++ b/lib/cookie.c -@@ -1049,15 +1049,23 @@ Curl_cookie_add(struct Curl_easy *data, - * dereference it. - */ - if(data && (domain && co->domain && !Curl_host_is_ipnum(co->domain))) { -- const psl_ctx_t *psl = Curl_psl_use(data); -- int acceptable; -- -- if(psl) { -- acceptable = psl_is_cookie_domain_acceptable(psl, domain, co->domain); -- Curl_psl_release(data); -+ bool acceptable = FALSE; -+ char lcase[256]; -+ char lcookie[256]; -+ size_t dlen = strlen(domain); -+ size_t clen = strlen(co->domain); -+ if((dlen < sizeof(lcase)) && (clen < sizeof(lcookie))) { -+ const psl_ctx_t *psl = Curl_psl_use(data); -+ if(psl) { -+ /* the PSL check requires lowercase domain name and pattern */ -+ Curl_strntolower(lcase, domain, dlen + 1); -+ Curl_strntolower(lcookie, co->domain, clen + 1); -+ acceptable = psl_is_cookie_domain_acceptable(psl, lcase, lcookie); -+ Curl_psl_release(data); -+ } -+ else -+ acceptable = !bad_domain(domain, strlen(domain)); - } -- else -- acceptable = !bad_domain(domain); - - if(!acceptable) { - infof(data, "cookie '%s' dropped, domain '%s' must not " diff --git a/resources/patches/curl/CVE-2024-2004.patch b/resources/patches/curl/CVE-2024-2004.patch deleted file mode 100644 index 128b1da4..00000000 --- a/resources/patches/curl/CVE-2024-2004.patch +++ /dev/null @@ -1,63 +0,0 @@ -setopt: Fix disabling all protocols - -When disabling all protocols without enabling any, the resulting -set of allowed protocols remained the default set. Clearing the -allowed set before inspecting the passed value from --proto make -the set empty even in the errorpath of no protocols enabled. - -Co-authored-by: Dan Fandrich -Reported-by: Dan Fandrich -Reviewed-by: Daniel Stenberg -Closes: #13004 ---- -diff --git a/lib/setopt.c b/lib/setopt.c -index 604693ad9..d6b62c5c9 100644 ---- a/lib/setopt.c -+++ b/lib/setopt.c -@@ -150,6 +150,12 @@ static CURLcode setstropt_userpwd(char *option, char **userp, char **passwdp) - - static CURLcode protocol2num(const char *str, curl_prot_t *val) - { -+ /* -+ * We are asked to cherry-pick protocols, so play it safe and disallow all -+ * protocols to start with, and re-add the wanted ones back in. -+ */ -+ *val = 0; -+ - if(!str) - return CURLE_BAD_FUNCTION_ARGUMENT; - -@@ -158,8 +164,6 @@ static CURLcode protocol2num(const char *str, curl_prot_t *val) - return CURLE_OK; - } - -- *val = 0; -- - do { - const char *token = str; - size_t tlen; -@@ -2668,22 +2672,18 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) - break; - - case CURLOPT_PROTOCOLS_STR: { -- curl_prot_t prot; - argptr = va_arg(param, char *); -- result = protocol2num(argptr, &prot); -+ result = protocol2num(argptr, &data->set.allowed_protocols); - if(result) - return result; -- data->set.allowed_protocols = prot; - break; - } - - case CURLOPT_REDIR_PROTOCOLS_STR: { -- curl_prot_t prot; - argptr = va_arg(param, char *); -- result = protocol2num(argptr, &prot); -+ result = protocol2num(argptr, &data->set.redir_protocols); - if(result) - return result; -- data->set.redir_protocols = prot; - break; - } - \ No newline at end of file diff --git a/resources/patches/curl/CVE-2024-2398.patch b/resources/patches/curl/CVE-2024-2398.patch deleted file mode 100644 index 4c4e36cd..00000000 --- a/resources/patches/curl/CVE-2024-2398.patch +++ /dev/null @@ -1,215 +0,0 @@ -http2: push headers better cleanup - -provide common cleanup method for push headers - -Co-authored-by: Stefan Eissing <@icing@chaos.social> -Reviewed-by: Daniel Stenberg - -Closes #13054 ---- -diff --git a/lib/http2.c b/lib/http2.c -index bdb5e7378..f2c02da7c 100644 ---- a/lib/http2.c -+++ b/lib/http2.c -@@ -144,6 +144,161 @@ static void cf_h2_ctx_free(struct cf_h2_ctx *ctx) - } - } - -+static CURLcode h2_progress_egress(struct Curl_cfilter *cf, -+ struct Curl_easy *data); -+ -+/** -+ * All about the H2 internals of a stream -+ */ -+struct h2_stream_ctx { -+ int32_t id; /* HTTP/2 protocol identifier for stream */ -+ struct bufq recvbuf; /* response buffer */ -+ struct bufq sendbuf; /* request buffer */ -+ struct h1_req_parser h1; /* parsing the request */ -+ struct dynhds resp_trailers; /* response trailer fields */ -+ size_t resp_hds_len; /* amount of response header bytes in recvbuf */ -+ size_t upload_blocked_len; -+ curl_off_t upload_left; /* number of request bytes left to upload */ -+ curl_off_t nrcvd_data; /* number of DATA bytes received */ -+ -+ char **push_headers; /* allocated array */ -+ size_t push_headers_used; /* number of entries filled in */ -+ size_t push_headers_alloc; /* number of entries allocated */ -+ -+ int status_code; /* HTTP response status code */ -+ uint32_t error; /* stream error code */ -+ uint32_t local_window_size; /* the local recv window size */ -+ bool resp_hds_complete; /* we have a complete, final response */ -+ bool closed; /* TRUE on stream close */ -+ bool reset; /* TRUE on stream reset */ -+ bool close_handled; /* TRUE if stream closure is handled by libcurl */ -+ bool bodystarted; -+ bool send_closed; /* transfer is done sending, we might have still -+ buffered data in stream->sendbuf to upload. */ -+}; -+ -+#define H2_STREAM_CTX(d) ((struct h2_stream_ctx *)(((d) && \ -+ (d)->req.p.http)? \ -+ ((struct HTTP *)(d)->req.p.http)->h2_ctx \ -+ : NULL)) -+#define H2_STREAM_LCTX(d) ((struct HTTP *)(d)->req.p.http)->h2_ctx -+#define H2_STREAM_ID(d) (H2_STREAM_CTX(d)? \ -+ H2_STREAM_CTX(d)->id : -2) -+ -+/* -+ * Mark this transfer to get "drained". -+ */ -+static void drain_stream(struct Curl_cfilter *cf, -+ struct Curl_easy *data, -+ struct h2_stream_ctx *stream) -+{ -+ unsigned char bits; -+ -+ (void)cf; -+ bits = CURL_CSELECT_IN; -+ if(!stream->send_closed && -+ (stream->upload_left || stream->upload_blocked_len)) -+ bits |= CURL_CSELECT_OUT; -+ if(data->state.select_bits != bits) { -+ CURL_TRC_CF(data, cf, "[%d] DRAIN select_bits=%x", -+ stream->id, bits); -+ data->state.select_bits = bits; -+ Curl_expire(data, 0, EXPIRE_RUN_NOW); -+ } -+} -+ -+static CURLcode http2_data_setup(struct Curl_cfilter *cf, -+ struct Curl_easy *data, -+ struct h2_stream_ctx **pstream) -+{ -+ struct cf_h2_ctx *ctx = cf->ctx; -+ struct h2_stream_ctx *stream; -+ -+ (void)cf; -+ DEBUGASSERT(data); -+ if(!data->req.p.http) { -+ failf(data, "initialization failure, transfer not http initialized"); -+ return CURLE_FAILED_INIT; -+ } -+ stream = H2_STREAM_CTX(data); -+ if(stream) { -+ *pstream = stream; -+ return CURLE_OK; -+ } -+ -+ stream = calloc(1, sizeof(*stream)); -+ if(!stream) -+ return CURLE_OUT_OF_MEMORY; -+ -+ stream->id = -1; -+ Curl_bufq_initp(&stream->sendbuf, &ctx->stream_bufcp, -+ H2_STREAM_SEND_CHUNKS, BUFQ_OPT_NONE); -+ Curl_h1_req_parse_init(&stream->h1, H1_PARSE_DEFAULT_MAX_LINE_LEN); -+ Curl_dynhds_init(&stream->resp_trailers, 0, DYN_HTTP_REQUEST); -+ stream->resp_hds_len = 0; -+ stream->bodystarted = FALSE; -+ stream->status_code = -1; -+ stream->closed = FALSE; -+ stream->close_handled = FALSE; -+ stream->error = NGHTTP2_NO_ERROR; -+ stream->local_window_size = H2_STREAM_WINDOW_SIZE; -+ stream->upload_left = 0; -+ stream->nrcvd_data = 0; -+ -+ H2_STREAM_LCTX(data) = stream; -+ *pstream = stream; -+ return CURLE_OK; -+} -+ -+static void free_push_headers(struct h2_stream_ctx *stream) -+{ -+ size_t i; -+ for(i = 0; ipush_headers_used; i++) -+ free(stream->push_headers[i]); -+ Curl_safefree(stream->push_headers); -+ stream->push_headers_used = 0; -+} -+ -+static void http2_data_done(struct Curl_cfilter *cf, -+ struct Curl_easy *data, bool premature) -+{ -+ struct cf_h2_ctx *ctx = cf->ctx; -+ struct h2_stream_ctx *stream = H2_STREAM_CTX(data); -+ -+ DEBUGASSERT(ctx); -+ (void)premature; -+ if(!stream) -+ return; -+ -+ if(ctx->h2) { -+ bool flush_egress = FALSE; -+ /* returns error if stream not known, which is fine here */ -+ (void)nghttp2_session_set_stream_user_data(ctx->h2, stream->id, NULL); -+ -+ if(!stream->closed && stream->id > 0) { -+ /* RST_STREAM */ -+ CURL_TRC_CF(data, cf, "[%d] premature DATA_DONE, RST stream", -+ stream->id); -+ stream->closed = TRUE; -+ stream->reset = TRUE; -+ stream->send_closed = TRUE; -+ nghttp2_submit_rst_stream(ctx->h2, NGHTTP2_FLAG_NONE, -+ stream->id, NGHTTP2_STREAM_CLOSED); -+ flush_egress = TRUE; -+ } -+ -+ if(flush_egress) -+ nghttp2_session_send(ctx->h2); -+ } -+ -+ Curl_bufq_free(&stream->sendbuf); -+ Curl_h1_req_parse_free(&stream->h1); -+ Curl_dynhds_free(&stream->resp_trailers); -+ free_push_headers(stream); -+ free(stream); -+ H2_STREAM_LCTX(data) = NULL; -+} -+ - static int h2_client_new(struct Curl_cfilter *cf, - nghttp2_session_callbacks *cbs) - { -@@ -702,6 +857,7 @@ static int push_promise(struct Curl_cfilter *cf, - struct HTTP *newstream; - struct curl_pushheaders heads; - CURLMcode rc; -+ CURLcode result; - size_t i; - /* clone the parent */ - struct Curl_easy *newhandle = h2_duphandle(cf, data); -@@ -738,11 +894,7 @@ static int push_promise(struct Curl_cfilter *cf, - Curl_set_in_callback(data, false); - - /* free the headers again */ -- for(i = 0; ipush_headers_used; i++) -- free(stream->push_headers[i]); -- free(stream->push_headers); -- stream->push_headers = NULL; -- stream->push_headers_used = 0; -+ free_push_headers(stream); - - if(rv) { - DEBUGASSERT((rv > CURL_PUSH_OK) && (rv <= CURL_PUSH_ERROROUT)); -@@ -1198,14 +1350,14 @@ static int on_header(nghttp2_session *session, const nghttp2_frame *frame, - if(stream->push_headers_alloc > 1000) { - /* this is beyond crazy many headers, bail out */ - failf(data_s, "Too many PUSH_PROMISE headers"); -- Curl_safefree(stream->push_headers); -+ free_push_headers(stream); - return NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE; - } - stream->push_headers_alloc *= 2; -- headp = Curl_saferealloc(stream->push_headers, -- stream->push_headers_alloc * sizeof(char *)); -+ headp = realloc(stream->push_headers, -+ stream->push_headers_alloc * sizeof(char *)); - if(!headp) { -- stream->push_headers = NULL; -+ free_push_headers(stream); - return NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE; - } - stream->push_headers = headp; diff --git a/resources/patches/curl/CVE-2024-7264.patch b/resources/patches/curl/CVE-2024-7264.patch deleted file mode 100644 index 220a1380..00000000 --- a/resources/patches/curl/CVE-2024-7264.patch +++ /dev/null @@ -1,93 +0,0 @@ -diff --git a/lib/vtls/x509asn1.c b/lib/vtls/x509asn1.c -index 39e4fb33b..7e2e3d724 100644 ---- a/lib/vtls/x509asn1.c -+++ b/lib/vtls/x509asn1.c -@@ -566,28 +566,40 @@ static const char *GTime2str(const char *beg, const char *end) - tzp = fracp; - fracl = 0; - if(fracp < end && (*fracp == '.' || *fracp == ',')) { -- fracp++; -- do -+ /* Have fractional seconds, e.g. "[.,]\d+". How many? */ -+ fracp++; /* should be a digit char or BAD ARGUMENT */ -+ tzp = fracp; -+ while(tzp < end && ISDIGIT(*tzp)) - tzp++; -- while(tzp < end && *tzp >= '0' && *tzp <= '9'); -- /* Strip leading zeroes in fractional seconds. */ -- for(fracl = tzp - fracp - 1; fracl && fracp[fracl - 1] == '0'; fracl--) -- ; -+ if(tzp == fracp) /* never looped, no digit after [.,] */ -+ return CURLE_BAD_FUNCTION_ARGUMENT; -+ fracl = tzp - fracp; /* number of fractional sec digits */ -+ DEBUGASSERT(fracl > 0); -+ /* Strip trailing zeroes in fractional seconds. -+ * May reduce fracl to 0 if only '0's are present. */ -+ while(fracl && fracp[fracl - 1] == '0') -+ fracl--; - } - - /* Process timezone. */ -- if(tzp >= end) -- ; /* Nothing to do. */ -+ if(tzp >= end) { -+ sep = " "; -+ tzp = "GMT"; -+ tzl = 3; -+ } -+ else if((*tzp == '+') || (*tzp == '-')) { -+ sep = " UTC"; -+ tzl = end - tzp; -+ } /* Nothing to do. */ - else if(*tzp == 'Z') { - tzp = " GMT"; - end = tzp + 4; - } - else { - sep = " "; -- tzp++; -+ tzl = end - tzp; - } - -- tzl = end - tzp; - return curl_maprintf("%.4s-%.2s-%.2s %.2s:%.2s:%c%c%s%.*s%s%.*s", - beg, beg + 4, beg + 6, - beg + 8, beg + 10, sec1, sec2, -@@ -595,6 +607,15 @@ static const char *GTime2str(const char *beg, const char *end) - sep, (int)tzl, tzp); - } - -+#ifdef UNITTESTS -+/* used by unit1656.c */ -+CURLcode Curl_x509_GTime2str(struct dynbuf *store, -+ const char *beg, const char *end) -+{ -+ return GTime2str(store, beg, end); -+} -+#endif -+ - /* - * Convert an ASN.1 UTC time to a printable string. - * Return the dynamically allocated string, or NULL if an error occurs. -diff --git a/lib/vtls/x509asn1.h b/lib/vtls/x509asn1.h -index 5496de40e..93925718c 100644 ---- a/lib/vtls/x509asn1.h -+++ b/lib/vtls/x509asn1.h -@@ -76,6 +76,17 @@ CURLcode Curl_extract_certinfo(struct Curl_easy *data, int certnum, - const char *beg, const char *end); - CURLcode Curl_verifyhost(struct Curl_cfilter *cf, struct Curl_easy *data, - const char *beg, const char *end); -+ -+#ifdef UNITTESTS -+#if defined(USE_GNUTLS) || defined(USE_SCHANNEL) || defined(USE_SECTRANSP) || \ -+ defined(USE_MBEDTLS) -+ -+/* used by unit1656.c */ -+CURLcode Curl_x509_GTime2str(struct dynbuf *store, -+ const char *beg, const char *end); -+#endif -+#endif -+ - #endif /* USE_GSKIT or USE_NSS or USE_GNUTLS or USE_WOLFSSL or USE_SCHANNEL - * or USE_SECTRANSP */ - #endif /* HEADER_CURL_X509ASN1_H */ diff --git a/resources/patches/curl/CVE-2024-8096.patch b/resources/patches/curl/CVE-2024-8096.patch deleted file mode 100644 index 005e2bfc..00000000 --- a/resources/patches/curl/CVE-2024-8096.patch +++ /dev/null @@ -1,189 +0,0 @@ -diff --git a/lib/vtls/gtls.c b/lib/vtls/gtls.c -index 07dfaa437..db9221b96 100644 ---- a/lib/vtls/gtls.c -+++ b/lib/vtls/gtls.c -@@ -526,6 +526,13 @@ CURLcode gtls_client_init(struct Curl_easy *data, - init_flags |= GNUTLS_NO_TICKETS; - #endif - -+#if defined(GNUTLS_NO_STATUS_REQUEST) -+ if(!config->verifystatus) -+ /* Disable the "status_request" TLS extension, enabled by default since -+ GnuTLS 3.8.0. */ -+ init_flags |= GNUTLS_NO_STATUS_REQUEST; -+#endif -+ - rc = gnutls_init(>ls->session, init_flags); - if(rc != GNUTLS_E_SUCCESS) { - failf(data, "gnutls_init() failed: %d", rc); -@@ -919,104 +926,97 @@ Curl_gtls_verifyserver(struct Curl_easy *data, - infof(data, " server certificate verification SKIPPED"); - - if(config->verifystatus) { -- if(gnutls_ocsp_status_request_is_checked(session, 0) == 0) { -- gnutls_datum_t status_request; -- gnutls_ocsp_resp_t ocsp_resp; -+ gnutls_datum_t status_request; -+ gnutls_ocsp_resp_t ocsp_resp; -+ gnutls_ocsp_cert_status_t status; -+ gnutls_x509_crl_reason_t reason; - -- gnutls_ocsp_cert_status_t status; -- gnutls_x509_crl_reason_t reason; -+ rc = gnutls_ocsp_status_request_get(session, &status_request); - -- rc = gnutls_ocsp_status_request_get(session, &status_request); -+ if(rc == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { -+ failf(data, "No OCSP response received"); -+ return CURLE_SSL_INVALIDCERTSTATUS; -+ } - -- infof(data, " server certificate status verification FAILED"); -+ if(rc < 0) { -+ failf(data, "Invalid OCSP response received"); -+ return CURLE_SSL_INVALIDCERTSTATUS; -+ } - -- if(rc == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { -- failf(data, "No OCSP response received"); -- return CURLE_SSL_INVALIDCERTSTATUS; -- } -+ gnutls_ocsp_resp_init(&ocsp_resp); - -- if(rc < 0) { -- failf(data, "Invalid OCSP response received"); -- return CURLE_SSL_INVALIDCERTSTATUS; -- } -+ rc = gnutls_ocsp_resp_import(ocsp_resp, &status_request); -+ if(rc < 0) { -+ failf(data, "Invalid OCSP response received"); -+ return CURLE_SSL_INVALIDCERTSTATUS; -+ } - -- gnutls_ocsp_resp_init(&ocsp_resp); -+ (void)gnutls_ocsp_resp_get_single(ocsp_resp, 0, NULL, NULL, NULL, NULL, -+ &status, NULL, NULL, NULL, &reason); - -- rc = gnutls_ocsp_resp_import(ocsp_resp, &status_request); -- if(rc < 0) { -- failf(data, "Invalid OCSP response received"); -- return CURLE_SSL_INVALIDCERTSTATUS; -- } -+ switch(status) { -+ case GNUTLS_OCSP_CERT_GOOD: -+ break; - -- (void)gnutls_ocsp_resp_get_single(ocsp_resp, 0, NULL, NULL, NULL, NULL, -- &status, NULL, NULL, NULL, &reason); -+ case GNUTLS_OCSP_CERT_REVOKED: { -+ const char *crl_reason; - -- switch(status) { -- case GNUTLS_OCSP_CERT_GOOD: -+ switch(reason) { -+ default: -+ case GNUTLS_X509_CRLREASON_UNSPECIFIED: -+ crl_reason = "unspecified reason"; - break; - -- case GNUTLS_OCSP_CERT_REVOKED: { -- const char *crl_reason; -- -- switch(reason) { -- default: -- case GNUTLS_X509_CRLREASON_UNSPECIFIED: -- crl_reason = "unspecified reason"; -- break; -- -- case GNUTLS_X509_CRLREASON_KEYCOMPROMISE: -- crl_reason = "private key compromised"; -- break; -- -- case GNUTLS_X509_CRLREASON_CACOMPROMISE: -- crl_reason = "CA compromised"; -- break; -- -- case GNUTLS_X509_CRLREASON_AFFILIATIONCHANGED: -- crl_reason = "affiliation has changed"; -- break; -+ case GNUTLS_X509_CRLREASON_KEYCOMPROMISE: -+ crl_reason = "private key compromised"; -+ break; - -- case GNUTLS_X509_CRLREASON_SUPERSEDED: -- crl_reason = "certificate superseded"; -- break; -+ case GNUTLS_X509_CRLREASON_CACOMPROMISE: -+ crl_reason = "CA compromised"; -+ break; - -- case GNUTLS_X509_CRLREASON_CESSATIONOFOPERATION: -- crl_reason = "operation has ceased"; -- break; -+ case GNUTLS_X509_CRLREASON_AFFILIATIONCHANGED: -+ crl_reason = "affiliation has changed"; -+ break; - -- case GNUTLS_X509_CRLREASON_CERTIFICATEHOLD: -- crl_reason = "certificate is on hold"; -- break; -+ case GNUTLS_X509_CRLREASON_SUPERSEDED: -+ crl_reason = "certificate superseded"; -+ break; - -- case GNUTLS_X509_CRLREASON_REMOVEFROMCRL: -- crl_reason = "will be removed from delta CRL"; -- break; -+ case GNUTLS_X509_CRLREASON_CESSATIONOFOPERATION: -+ crl_reason = "operation has ceased"; -+ break; - -- case GNUTLS_X509_CRLREASON_PRIVILEGEWITHDRAWN: -- crl_reason = "privilege withdrawn"; -- break; -+ case GNUTLS_X509_CRLREASON_CERTIFICATEHOLD: -+ crl_reason = "certificate is on hold"; -+ break; - -- case GNUTLS_X509_CRLREASON_AACOMPROMISE: -- crl_reason = "AA compromised"; -- break; -- } -+ case GNUTLS_X509_CRLREASON_REMOVEFROMCRL: -+ crl_reason = "will be removed from delta CRL"; -+ break; - -- failf(data, "Server certificate was revoked: %s", crl_reason); -+ case GNUTLS_X509_CRLREASON_PRIVILEGEWITHDRAWN: -+ crl_reason = "privilege withdrawn"; - break; -- } - -- default: -- case GNUTLS_OCSP_CERT_UNKNOWN: -- failf(data, "Server certificate status is unknown"); -+ case GNUTLS_X509_CRLREASON_AACOMPROMISE: -+ crl_reason = "AA compromised"; - break; - } - -- gnutls_ocsp_resp_deinit(ocsp_resp); -+ failf(data, "Server certificate was revoked: %s", crl_reason); -+ break; -+ } -+ -+ default: -+ case GNUTLS_OCSP_CERT_UNKNOWN: -+ failf(data, "Server certificate status is unknown"); -+ break; -+ } - -+ gnutls_ocsp_resp_deinit(ocsp_resp); -+ if(status != GNUTLS_OCSP_CERT_GOOD) - return CURLE_SSL_INVALIDCERTSTATUS; -- } -- else -- infof(data, " server certificate status verification OK"); - } - else - infof(data, " server certificate status verification SKIPPED"); diff --git a/resources/patches/libffi/revert_clang_32bit.patch b/resources/patches/libffi/revert_clang_32bit.patch deleted file mode 100644 index 1e03e65e..00000000 --- a/resources/patches/libffi/revert_clang_32bit.patch +++ /dev/null @@ -1,23 +0,0 @@ -commit a70ab2d397bfbdb10ab3ba1f98321763105bc017 -Author: Josh Cooper -Date: Tue Feb 7 17:33:09 2023 -0800 - - Revert "Allow to build with mingw-clang (#579)" - - This reverts commit 8cc8f446f5aac13e107161dffbc15d1ee1a58878. - -diff --git a/src/x86/sysv.S b/src/x86/sysv.S -index c7a0fb5..26e7fea 100644 ---- a/src/x86/sysv.S -+++ b/src/x86/sysv.S -@@ -56,8 +56,8 @@ - - /* Handle win32 fastcall name mangling. */ - #ifdef X86_WIN32 --# define ffi_call_i386 "@ffi_call_i386@8" --# define ffi_closure_inner "@ffi_closure_inner@8" -+# define ffi_call_i386 @ffi_call_i386@8 -+# define ffi_closure_inner @ffi_closure_inner@8 - #else - # define ffi_call_i386 C(ffi_call_i386) - # define ffi_closure_inner C(ffi_closure_inner) diff --git a/resources/patches/ruby_32/target_rbconfig.patch b/resources/patches/ruby_32/target_rbconfig.patch new file mode 100644 index 00000000..34977319 --- /dev/null +++ b/resources/patches/ruby_32/target_rbconfig.patch @@ -0,0 +1,32 @@ +From 7cbe54714ca1b9112e278d2d605cd049a065707e Mon Sep 17 00:00:00 2001 +From: Yuta Saito +Date: Tue, 18 Jun 2024 10:19:52 +0900 +Subject: [PATCH] extmk.rb: define Gem.target_rbconfig not to break + `Gem::Platform.local` + +--- + ext/extmk.rb | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/ext/extmk.rb b/ext/extmk.rb +index 2f76e174d5..8b6b365a99 100755 +--- a/ext/extmk.rb ++++ b/ext/extmk.rb +@@ -2,7 +2,13 @@ + # -*- mode: ruby; coding: us-ascii -*- + # frozen_string_literal: false + +-module Gem; end # only needs Gem::Platform ++module Gem ++ # Used by Gem::Platform.local ++ def self.target_rbconfig ++ RbConfig::CONFIG ++ end ++end ++# only needs Gem::Platform + require 'rubygems/platform' + + # :stopdoc: +-- +2.51.0 + diff --git a/resources/patches/windows/FORCEINLINE-i686-w64-mingw32-winnt.h b/resources/patches/windows/FORCEINLINE-i686-w64-mingw32-winnt.h deleted file mode 100644 index 081dde25..00000000 --- a/resources/patches/windows/FORCEINLINE-i686-w64-mingw32-winnt.h +++ /dev/null @@ -1,70 +0,0 @@ -From 8da1aae7a7ff5bf996878dc8fe30a0e01e210e5a Mon Sep 17 00:00:00 2001 -From: Corinna Vinschen -Date: Tue, 25 Aug 2015 13:51:02 +0200 -Subject: [PATCH] winnt.h: FORCELINLINE inline-only definitions - -The following test application fails to build on i686 when building -without optimization: - - $ cat foo.c - #include - - int - main () - { - MEMORY_BASIC_INFORMATION m; - NT_TIB *tib = (NT_TIB *) NtCurrentTeb (); - VirtualQuery (tib, &m, sizeof m); - } - $ gcc -g -O foo.c -o foo - $ gcc -g foo.c -o foo - /tmp/ccnnAEl3.o: In function `main': - /home/corinna/foo.c:7: undefined reference to `NtCurrentTeb' - collect2: error: ld returned 1 exit status - -There's no way around that, except for building with optimization, which -is often not prudent when debugging. - -In winnt.h, NtCurrentTeb is using __CRT_INLINE which, depending on C -standard, expandes into - - extern inline __attribute__((__gnu_inline__)) - -or - - extern __inline__ - -However, that's not sufficient for NtCurrentTeb, nor for GetCurrentFiber, -nor for GetFiberData, since these are inline-only functions not backed by -non-inlined library versions. - -This patch fixes that by using FORCEINLINE in place of __CRT_INLINE. - -Signed-off-by: Corinna Vinschen ---- - mingw-w64-headers/include/winnt.h | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/mingw-w64-headers/include/winnt.h b/mingw-w64-headers/include/winnt.h -index 8d8bd0d18..56d663df5 100644 ---- a/mingw-w64-headers/include/winnt.h -+++ b/mingw-w64-headers/include/winnt.h -@@ -1995,15 +1995,15 @@ __buildmemorybarrier() - - #define DbgRaiseAssertionFailure __int2c - -- __CRT_INLINE struct _TEB *NtCurrentTeb(void) -+ FORCEINLINE struct _TEB *NtCurrentTeb(void) - { - return (struct _TEB *)__readfsdword(PcTeb); - } -- __CRT_INLINE PVOID GetCurrentFiber(void) -+ FORCEINLINE PVOID GetCurrentFiber(void) - { - return(PVOID)__readfsdword(0x10); - } -- __CRT_INLINE PVOID GetFiberData(void) -+ FORCEINLINE PVOID GetFiberData(void) - { - return *(PVOID *)GetCurrentFiber(); - } diff --git a/tasks/update_gems.rake b/tasks/update_gems.rake index 9956cf73..3bd514c1 100644 --- a/tasks/update_gems.rake +++ b/tasks/update_gems.rake @@ -6,8 +6,6 @@ require 'uri' require 'net/http' require 'rubygems/version' require 'rubygems/requirement' -require 'colorize' -require 'tty-table' require 'set' # ----- Constants ----- @@ -47,6 +45,9 @@ end # ----- Table and progress output ----- def color_status(s) + # Put this here so that things don't blow up for other tasks + # if the development bundle isn't installed. + require 'colorize' case s when 'UP TO DATE' then s.green when 'UPDATED' then s.yellow @@ -58,6 +59,9 @@ def color_status(s) end def print_table(headers, rows) + # Put this here so that things don't blow up for other tasks + # if the development bundle isn't installed. + require 'tty-table' comp_w, status_w, version_w = 50, 12, 32 deps_w = [MAX_TABLE_WIDTH - (comp_w + status_w + version_w + 13), 10].max table = TTY::Table.new headers, rows