Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

openssl: add support for install_ssldirs and/or install_fips #18367

Closed
wants to merge 2 commits into from
Closed

openssl: add support for install_ssldirs and/or install_fips #18367

wants to merge 2 commits into from

Conversation

gegles
Copy link
Contributor

@gegles gegles commented Jul 6, 2023

Specify library name and version: openssl/v3.x.x

The various config files and certs-related files generated and installed via OpenSSL's install_ssldirs and install_fips targets can sometimes be needed by packages using openssl, either directly or repackaged when a final product embeds OpenSSL. Currently only the install_sw target is installed.

This PR does the following:

  • It adds a package option called with_ssldirs
  • The default value for with_ssldirs is False (i.e. same as current behavior where only install_sw is called)
  • When with_ssldirs is True, install_ssldirs is called at install time
  • Also, when no_fips is False, the install_fips target is called at install time

Because of how the install_ssldirs and install_fips targets heavily depend on the combo of $(DESTDIR) and $(OPENSSLDIR), we have to override the previously set value of OPENSSLDIR in order for Make to install these files in a known/package-level subdir (i.e. etc/ssl). This does not affect the value of OPENSSLDIR that is set in the openssl binary at build time, especially when the user set it via the openssldir package option.

So, when the package was created using:

conan create --version 3.1.1 3.x.x -o with_ssldirs=True -o openssldir=/opt/mysoftware/etc/ssl

The resulting package's openssl will still embed the correct OPENSSLDIR:

~/.conan2/p/b/opensa94ddd3dbc68b/p/bin/openssl version -d                                                                                                                                                            
OPENSSLDIR: "/opt/mysoftware/etc/ssl"

Even though the ssl dir config files will be packaged at:

 tree ~/.conan2/p/b/opensa94ddd3dbc68b/p/etc/ssl 
├── certs
├── ct_log_list.cnf
├── ct_log_list.cnf.dist
├── fipsmodule.cnf
├── misc
│   ├── CA.pl
│   ├── tsget -> tsget.pl
│   └── tsget.pl
├── openssl.cnf
├── openssl.cnf.dist
└── private

4 directories, 8 files

@github-actions
Copy link
Contributor

github-actions bot commented Jul 6, 2023

🤖 Beep Boop! This pull request is making changes to 'recipes/openssl//'.

👋 @Hopobcn @Croydon you might be interested. 😉

@prince-chrismc prince-chrismc mentioned this pull request Jul 6, 2023
Open
@conan-center-bot

This comment has been minimized.

Sign in to view
@gegles
Copy link
Contributor Author

gegles commented Jul 6, 2023

@Hopobcn @Croydon let us know what you think of this PR and/or if you think there is a better approach to the DESTDIR vs OPENSSLDIR...

For example, why is the get_default_openssl_dir different on Linux than elsewhere?

Why could we not simply have the default openssldir be /res/ on all platforms? This would always install the config files under <package_folder>/<openssldir> and would be <package_folder>/res by default (when no openssldir is specified.

Let us know. thx!

@kulkarniamit
Copy link
Contributor

According to https://github.com/openssl/openssl/blob/master/INSTALL.md:

Directory for OpenSSL configuration files, and also the default certificate and key store. Defaults are:
Unix:           /usr/local/ssl
Windows:        C:\Program Files\Common Files\SSL
OpenVMS:        SYS$COMMON:[OPENSSL-COMMON]

But this would violate the DEFAULT-PACKAGE-LAYOUT rule.
A good solution would apply these official defaults as --openssldir (so binaries on installed machines have good default locations to look for config files) during compilation and use a standard location like <package_folder>/res/ while creating the package using OPENSSLDIR.
This will allow conan to create package binaries with official defaults and follow DEFAULT-PACKAGE-LAYOUT rules. Consumers can reliably extract config files from a known location and yet have official default path for config files.

@conan-center-bot

This comment has been minimized.

Sign in to view
This was referenced Jul 18, 2023
Closed
Closed
@ghost
Copy link

ghost commented Jul 18, 2023
edited by ghost
Loading

I detected other pull requests that are modifying openssl/3.x.x recipe:

This message is automatically generated by https://github.com/ericLemanissier/conan-center-conflicting-prs so don't hesitate to report issues/improvements there.

@conan-center-bot

This comment has been minimized.

Sign in to view
@conan-center-bot

This comment has been minimized.

Sign in to view
@jcar87 jcar87 self-assigned this Aug 2, 2023
This was referenced Aug 3, 2023
Merged
Merged
@conan-center-bot

This comment has been minimized.

Sign in to view
@gegles gegles closed this Aug 17, 2023
@gegles gegles deleted the openssl branch August 17, 2023 16:34
@gegles gegles restored the openssl branch August 23, 2023 21:40
@gegles gegles reopened this Aug 23, 2023
@conan-center-bot
Copy link
Collaborator

Conan v1 pipeline ✔️

All green in build 4 (0a2112b432fb61d24ae837ab5f35084a3cf4303b):

  • openssl/3.1.0:
    All packages built successfully! (All logs)

  • openssl/3.1.2:
    All packages built successfully! (All logs)

  • openssl/3.0.10:
    All packages built successfully! (All logs)

  • openssl/3.1.1:
    All packages built successfully! (All logs)

  • openssl/3.0.8:
    All packages built successfully! (All logs)

  • openssl/3.0.9:
    All packages built successfully! (All logs)

Conan v2 pipeline ✔️

Note: Conan v2 builds may be required once they are on the v2 ready list

All green in build 5 (0a2112b432fb61d24ae837ab5f35084a3cf4303b):

  • openssl/3.1.2:
    All packages built successfully! (All logs)

  • openssl/3.1.1:
    All packages built successfully! (All logs)

  • openssl/3.1.0:
    All packages built successfully! (All logs)

  • openssl/3.0.10:
    All packages built successfully! (All logs)

  • openssl/3.0.9:
    All packages built successfully! (All logs)

  • openssl/3.0.8:
    All packages built successfully! (All logs)

@ghost ghost mentioned this pull request Sep 7, 2023
Closed
3 tasks
@ghost ghost mentioned this pull request Sep 11, 2023
Merged
@ghost ghost mentioned this pull request Sep 19, 2023
Merged
3 tasks
@ghost ghost mentioned this pull request Oct 2, 2023
Merged
3 tasks
This was referenced Oct 8, 2023
Merged
Merged
This was referenced Oct 27, 2023
Merged
Merged
@ghost ghost mentioned this pull request Nov 8, 2023
Merged
3 tasks
This was referenced Nov 27, 2023
Merged
Merged
@ghost ghost mentioned this pull request Dec 11, 2023
Merged
This was referenced Jan 26, 2024
Merged
Merged
@gegles gegles closed this Jan 31, 2024
@gegles gegles deleted the openssl branch January 31, 2024 21:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jwillikers jwillikers jwillikers approved these changes

@jcar87 jcar87 Awaiting requested review from jcar87

@AbrilRBS AbrilRBS Awaiting requested review from AbrilRBS

@uilianries uilianries Awaiting requested review from uilianries

Assignees

@jcar87 jcar87

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@gegles @conan-center-bot @kulkarniamit @jwillikers @jcar87