This repository has been archived by the owner on Feb 25, 2021. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathbuild-posix
executable file
·179 lines (155 loc) · 6.08 KB
/
build-posix
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
#! /usr/bin/env bash
set -e
__dir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
__file="${__dir}/$(basename "${BASH_SOURCE[0]}")"
__base="$(basename "${__file}" .sh)"
die() { echo "${__base}:" "$*" 1>&2 ; exit 1; }
# Set platform based on the host platform
case "$(uname)" in
Linux)
case "$(uname -m)" in
x86)
platform=linux32
openssl_platform=linux-elf
# Note - might want to set minimum CPU here; see OpenSSL's `config`
;;
x86_64)
platform=linux64
openssl_platform=linux-x86_64
;;
*) die "Unsupported Linux architecture" ;;
esac
;;
Darwin)
platform=macos
openssl_platform=darwin64-x86_64-cc
;;
MINGW64_NT*)
platform=mingw64
openssl_platform=mingw64
# unbound's configure.ac checks for uname=MINGW32, but not MINGW64.
# Pass --host and --build so it still detects MinGW.
unbound_platform_cfgargs="--host=${MINGW_CHOST} --build=${MINGW_CHOST}"
;;
MINGW32_NT*)
platform=mingw
openssl_platform=mingw
# In addition to the host/build tweak, MinGW32 is missing
# lib/bfd-plugins/liblto_plugin-0.dll, use gcc-ar and gcc-ranlib instead
# which know to load that plugin from the gcc lib directory
unbound_platform_cfgargs="--host=${MINGW_CHOST} --build=${MINGW_CHOST} AR=gcc-ar RANLIB=gcc-ranlib"
;;
*)
die "Unsupported host platform"
;;
esac
output_dir="${__dir}/out/build/${platform}"
artifacts_dir="${__dir}/out/artifacts/${platform}"
build_dir="${__dir}/build.tmp"
# For quick iterations on the build script itself, setting REBUILD skips the
# clean and clone steps for build dirs that already exist. It does _not_ make
# sure existing build directories are up to date with the submodules, though.
if [ -z "${REBUILD}" ]; then
rm -rf "${output_dir}" "${artifacts_dir}" "${build_dir}"
fi
rm -rf "${output_dir}"
mkdir -p "${output_dir}"
mkdir -p "${artifacts_dir}"
mkdir -p "${build_dir}"
# Local changes would be ignored due to clones below; make sure submodules are clean
check_submodule_clean() {
git -C "./$1" diff-index --quiet HEAD -- || die "$1 submodule is not clean, commit or revert changes before building"
}
check_submodule_clean openssl
check_submodule_clean unbound
check_submodule_clean hnsd
# Create a build directory for a submodule by cloning it, and apply patches if
# present
prep_submodule() {
local module_build_dir="${build_dir}/$1"
# For normal full builds, always do the clone. For rebuilds, do the clone
# only if this build dir doesn't exist yet.
if [ -z "${REBUILD}" ] || [ ! -d "${module_build_dir}" ]; then
git clone "./$1" "${module_build_dir}" || die "Could not create build directory for $1"
for p in "${__dir}/patch-$1"/*.patch; do
[ -f "$p" ] || continue # empty patch dir
echo "+ Applying $p..."
git -C "${module_build_dir}" am "$p"
done
fi
}
prep_submodule openssl
prep_submodule unbound
prep_submodule hnsd
echo "Building OpenSSL..."
pushd "${build_dir}/openssl"
./Configure $openssl_platform --prefix="${output_dir}/openssl"
make -j2
# The install_sw target skips man pages
make install_sw
popd
echo "Building Unbound..."
pushd "${build_dir}/unbound"
# Rerun autoconf due to change to configure.ac
autoconf
# Configure options
# - Use OpenSSL built above
# - Just build libunbound, skip unbound, unbound-anchor, etc.
# - Don't build shared objects (just build static libraries)
# - Always install to /usr/local prefix (default is different on MinGW)
# shellcheck disable=SC2086
# ^ Intentional wordsplitting of ${unbound_platform_cfgargs}
./configure --with-ssl="${output_dir}/openssl" --disable-shared --enable-static ${unbound_platform_cfgargs} --prefix="${output_dir}/unbound" --disable-flto
make -j2
make install
popd
echo "Building hnsd..."
pushd "${build_dir}/hnsd"
./autogen.sh
# mainnet does not exist yet. testnet is currently the default. We'll almost
# certainly switch to mainnet at our first chance, but we don't want the rug
# pulled out from under us.
./configure --with-network=testnet --with-unbound="${output_dir}/unbound"
make -j2
# Copy unbound to artifacts
cp "${build_dir}/unbound/unbound" "${artifacts_dir}/pia-unbound"
# Copy hnsd to artifacts
cp "${build_dir}/hnsd/hnsd" "${artifacts_dir}/pia-hnsd"
function strip_symbols() {
local ARTIFACT=$1
local EXT=$2
# Strip debugging symbols from hnsd, but keep a full copy in case it's
# needed for debugging
cp "${artifacts_dir}/${ARTIFACT}${EXT}" "${artifacts_dir}/${ARTIFACT}.full${EXT}"
strip --strip-debug "${artifacts_dir}/${ARTIFACT}${EXT}"
objcopy --add-gnu-debuglink="${artifacts_dir}/${ARTIFACT}.full${EXT}" "${artifacts_dir}/${ARTIFACT}${EXT}"
}
function mac_set_loader_path() {
local LIBNAME=$1
local TARGET=$2
local LIBPATH="$(otool -L "$TARGET" | sed -E $'s|^[ \t]*([^ \t].*/'"$LIBNAME"$').*$|\\1|' | grep "$LIBNAME")"
install_name_tool -change "$LIBPATH" "@loader_path/$LIBNAME" "$TARGET"
}
case $platform in
linux*)
# OpenSSL is dynamically linked. We ship the dynamic libraries built from the desktop-openvpn repo,
# but the rpaths in these binaries need to be set.
patchelf --force-rpath --set-rpath '$ORIGIN/../lib' "${artifacts_dir}/pia-unbound"
patchelf --force-rpath --set-rpath '$ORIGIN/../lib' "${artifacts_dir}/pia-hnsd"
strip_symbols pia-hnsd ""
strip_symbols pia-unbound ""
;;
mingw*)
strip_symbols pia-hnsd .exe
strip_symbols pia-unbound .exe
;;
macos)
# Like on Linux, OpenSSL is dynamically linked - we ship dylibs from desktop-openvpn, but set the
# library paths.
mac_set_loader_path libssl.1.1.dylib "${artifacts_dir}/pia-unbound"
mac_set_loader_path libcrypto.1.1.dylib "${artifacts_dir}/pia-unbound"
mac_set_loader_path libssl.1.1.dylib "${artifacts_dir}/pia-hnsd"
mac_set_loader_path libcrypto.1.1.dylib "${artifacts_dir}/pia-hnsd"
;;
esac
popd