From 671f57f62789ae43e86935c2239e1a3a8fc2c1dd Mon Sep 17 00:00:00 2001 From: Gordon Tetlow Date: Thu, 20 Jun 2024 13:31:28 -0700 Subject: [PATCH 1/3] Change freshness check to properly parse git output. According to git sources, this was changed from "up-to-date" to "up to date" in 2017. --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 0669c2b..4a6bae0 100644 --- a/Makefile +++ b/Makefile @@ -141,7 +141,7 @@ uninstall: true opensslpull: if [ -d openssl -a -d openssl/.git ]; then \ - cd ./openssl && git checkout `git ls-remote https://github.com/openssl/openssl | grep -Eo '(openssl-3\.0\.[0-9]+)' | sort --version-sort | tail -n 1` && git pull | grep -q "Already up-to-date." && [ -e ../.openssl.is.fresh ] || touch ../.openssl.is.fresh ; \ + cd ./openssl && git checkout `git ls-remote https://github.com/openssl/openssl | grep -Eo '(openssl-3\.0\.[0-9]+)' | sort --version-sort | tail -n 1` && git pull | grep -q "Already up to date." && [ -e ../.openssl.is.fresh ] || touch ../.openssl.is.fresh ; \ else \ git clone --depth 1 -b `git ls-remote https://github.com/openssl/openssl | grep -Eo '(openssl-3\.0\.[0-9]+)' | sort -V | tail -n 1` https://github.com/openssl/openssl ./openssl && cd ./openssl && touch ../.openssl.is.fresh ; \ fi From 2a499dfaa32c363f28ab409e1aa624bbeaa3a343 Mon Sep 17 00:00:00 2001 From: Gordon Tetlow Date: Thu, 20 Jun 2024 16:49:46 -0700 Subject: [PATCH 2/3] Breakout clean target. One for sslscan itself and another for the openssl repo. --- Makefile | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index 4a6bae0..c731a9a 100644 --- a/Makefile +++ b/Makefile @@ -102,7 +102,7 @@ ifeq ($(OS), Darwin) NUM_PROCS = `sysctl -n hw.ncpu` endif -.PHONY: all sslscan clean install uninstall static opensslpull +.PHONY: all sslscan clean realclean install uninstall static opensslpull all: sslscan @echo @@ -176,6 +176,8 @@ test: static ./docker_test.sh clean: - if [ -d openssl ]; then ( rm -rf openssl ); fi; rm -f sslscan + +realclean: clean + if [ -d openssl ]; then ( rm -rf openssl ); fi; rm -f .openssl.is.fresh From a13962084f8d13a1b31fa4247d27adc3b450bd17 Mon Sep 17 00:00:00 2001 From: Gordon Tetlow Date: Thu, 20 Jun 2024 20:11:31 -0700 Subject: [PATCH 3/3] Unify configuration for OpenSSL. MacOS isn't special and can properly build with the same arguments as the "normal" build path. While we are at it, go ahead and use Configure, which is the documented way to invoke the OpenSSL build system (./config just calls Configure). Tested on: MacOS (arm64), FreeBSD (amd64, arm64), Ubuntu (aarch64) --- Makefile | 14 +------------- 1 file changed, 1 insertion(+), 13 deletions(-) diff --git a/Makefile b/Makefile index c731a9a..faed6e2 100644 --- a/Makefile +++ b/Makefile @@ -146,20 +146,8 @@ opensslpull: git clone --depth 1 -b `git ls-remote https://github.com/openssl/openssl | grep -Eo '(openssl-3\.0\.[0-9]+)' | sort -V | tail -n 1` https://github.com/openssl/openssl ./openssl && cd ./openssl && touch ../.openssl.is.fresh ; \ fi -# Need to build OpenSSL differently on OSX -ifeq ($(OS), Darwin) -ifeq ($(ARCH), arm64) -OSSL_TARGET=darwin64-arm64-cc -else -OSSL_TARGET=darwin64-x86_64-cc -endif openssl/Makefile: .openssl.is.fresh - cd ./openssl; ./Configure -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIC enable-weak-ssl-ciphers zlib $(OSSL_TARGET) -# Any other *NIX platform -else -openssl/Makefile: .openssl.is.fresh - cd ./openssl; ./config -v -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIC no-shared enable-weak-ssl-ciphers zlib -endif + cd ./openssl; ./Configure -v -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIC no-shared enable-weak-ssl-ciphers zlib openssl/libcrypto.a: openssl/Makefile $(MAKE) -j $(NUM_PROCS) -C openssl depend