1#!/bin/sh 2set -e 3# Shell script to update OpenSSL in the source tree to a specific version 4# Based on https://github.com/nodejs/node/blob/main/doc/contributing/maintaining/maintaining-openssl.md 5 6cleanup() { 7 EXIT_CODE=$? 8 [ -d "$WORKSPACE" ] && rm -rf "$WORKSPACE" 9 exit $EXIT_CODE 10} 11 12download() { 13 if [ -z "$1" ]; then 14 echo "Error: please provide an OpenSSL version to update to" 15 echo " e.g. ./$0 download 3.0.7+quic1" 16 exit 1 17 fi 18 19 OPENSSL_VERSION=$1 20 echo "Making temporary workspace..." 21 WORKSPACE=$(mktemp -d 2> /dev/null || mktemp -d -t 'tmp') 22 23 # shellcheck disable=SC1091 24 . "$BASE_DIR/tools/dep_updaters/utils.sh" 25 26 cd "$WORKSPACE" 27 28 echo "Fetching OpenSSL source archive..." 29 OPENSSL_TARBALL="openssl-v$OPENSSL_VERSION.tar.gz" 30 curl -sL -o "$OPENSSL_TARBALL" "https://api.github.com/repos/quictls/openssl/tarball/openssl-$OPENSSL_VERSION" 31 log_and_verify_sha256sum "openssl" "$OPENSSL_TARBALL" 32 gzip -dc "$OPENSSL_TARBALL" | tar xf - 33 rm "$OPENSSL_TARBALL" 34 mv quictls-openssl-* openssl 35 36 echo "Replacing existing OpenSSL..." 37 rm -rf "$DEPS_DIR/openssl/openssl" 38 mv "$WORKSPACE/openssl" "$DEPS_DIR/openssl/" 39 40 echo "All done!" 41 echo "" 42 echo "Please git add openssl, and commit the new version:" 43 echo "" 44 echo "$ git add -A deps/openssl/openssl" 45 echo "$ git commit -m \"deps: upgrade openssl sources to quictls/openssl-$OPENSSL_VERSION\"" 46 echo "" 47} 48 49regenerate() { 50 command -v perl >/dev/null 2>&1 || { echo >&2 "Error: 'Perl' required but not installed."; exit 1; } 51 command -v nasm >/dev/null 2>&1 || { echo >&2 "Error: 'nasm' required but not installed."; exit 1; } 52 command -v as >/dev/null 2>&1 || { echo >&2 "Error: 'GNU as' required but not installed."; exit 1; } 53 perl -e "use Text::Template">/dev/null 2>&1 || { echo >&2 "Error: 'Text::Template' Perl module required but not installed."; exit 1; } 54 55 echo "Regenerating platform-dependent files..." 56 57 make -C "$DEPS_DIR/openssl/config" clean 58 # Needed for compatibility with nasm on 32-bit Windows 59 # See https://github.com/nodejs/node/blob/main/doc/contributing/maintaining/maintaining-openssl.md#2-execute-make-in-depsopensslconfig-directory 60 sed -i 's/#ifdef/%ifdef/g' "$DEPS_DIR/openssl/openssl/crypto/perlasm/x86asm.pl" 61 sed -i 's/#endif/%endif/g' "$DEPS_DIR/openssl/openssl/crypto/perlasm/x86asm.pl" 62 make -C "$DEPS_DIR/openssl/config" 63 64 echo "All done!" 65 echo "" 66 echo "Please commit the regenerated files:" 67 echo "" 68 echo "$ git add -A deps/openssl/config/archs deps/openssl/openssl" 69 echo "$ git commit -m \"deps: update archs files for openssl\"" 70 echo "" 71} 72 73help() { 74 echo "Shell script to update OpenSSL in the source tree to a specific version" 75 echo "Sub-commands:" 76 printf "%-23s %s\n" "help" "show help menu and commands" 77 printf "%-23s %s\n" "download" "download and replace OpenSSL source code with new version" 78 printf "%-23s %s\n" "regenerate" "regenerate platform-specific files" 79 echo "" 80 exit "${1:-0}" 81} 82 83main() { 84 if [ ${#} -eq 0 ]; then 85 help 0 86 fi 87 88 trap cleanup INT TERM EXIT 89 90 BASE_DIR=$(cd "$(dirname "$0")/../.." && pwd) 91 DEPS_DIR="$BASE_DIR/deps" 92 93 case ${1} in 94 help | download | regenerate ) 95 $1 "${2}" 96 ;; 97 * ) 98 echo "unknown command: $1" 99 help 1 100 exit 1 101 ;; 102 esac 103} 104 105main "$@" 106