forked from puppetlabs-toy-chest/puppet-runtime
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcurl.rb
108 lines (94 loc) · 4.39 KB
/
curl.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
component 'curl' do |pkg, settings, platform|
# Projects may define a :curl_version setting
version = settings[:curl_version] || '7.88.1'
pkg.version version
case version
when '7.88.1'
pkg.sha256sum 'cdb38b72e36bc5d33d5b8810f8018ece1baa29a8f215b4495e495ded82bbf3c7'
when '8.10.1'
pkg.sha256sum 'd15ebab765d793e2e96db090f0e172d127859d78ca6f6391d7eafecfd894bbc0'
else
raise "curl version #{version} has not been configured; Cannot continue."
end
pkg.url "https://curl.se/download/curl-#{pkg.get_version}.tar.gz"
pkg.mirror "#{settings[:buildsources_url]}/curl-#{pkg.get_version}.tar.gz"
pkg.build_requires "openssl-#{settings[:openssl_version]}"
pkg.build_requires "puppet-ca-bundle"
ldflags = settings[:ldflags]
if platform.is_cross_compiled_linux?
pkg.build_requires "runtime-#{settings[:runtime_project]}"
pkg.environment "PATH", "/opt/pl-build-tools/bin:$(PATH):#{settings[:bindir]}"
pkg.environment "PKG_CONFIG_PATH", "/opt/puppetlabs/puppet/lib/pkgconfig"
pkg.environment "PATH", "/opt/pl-build-tools/bin:$(PATH)"
elsif platform.is_windows?
pkg.build_requires "runtime-#{settings[:runtime_project]}"
pkg.environment "PATH", "$(shell cygpath -u #{settings[:gcc_bindir]}):$(PATH)"
pkg.environment "NM" , "/usr/bin/nm" if platform.name =~ /windowsfips-2016/
pkg.environment "CYGWIN", settings[:cygwin]
elsif platform.is_aix? && platform.name != 'aix-7.1-ppc'
pkg.environment "PKG_CONFIG_PATH", "/opt/puppetlabs/puppet/lib/pkgconfig"
pkg.environment 'PATH', "/opt/freeware/bin:$(PATH):#{settings[:bindir]}"
# exclude -Wl,-brtl
ldflags = "-L#{settings[:libdir]}"
else
pkg.environment "PATH", "/opt/pl-build-tools/bin:$(PATH):#{settings[:bindir]}"
end
# Following lines should we removed once we drop curl 7
if version.start_with?('7')
pkg.apply_patch 'resources/patches/curl/CVE-2023-27535.patch'
pkg.apply_patch 'resources/patches/curl/CVE-2023-28319.patch'
pkg.apply_patch 'resources/patches/curl/CVE-2023-32001.patch'
pkg.apply_patch 'resources/patches/curl/CVE-2023-38545.patch'
pkg.apply_patch 'resources/patches/curl/CVE-2023-38546.patch'
pkg.apply_patch 'resources/patches/curl/CVE-2023-46218.patch'
pkg.apply_patch 'resources/patches/curl/CVE-2024-2004.patch'
pkg.apply_patch 'resources/patches/curl/CVE-2024-2398.patch'
pkg.apply_patch 'resources/patches/curl/CVE-2024-7264.patch'
pkg.apply_patch 'resources/patches/curl/CVE-2024-8096.patch'
end
configure_options = []
configure_options << "--with-ssl=#{settings[:prefix]} --without-libpsl"
# OpenSSL version 3.0 & up no longer ships by default the insecure algorithms
# that curl's ntlm module depends on (md4 & des).
if !settings[:use_legacy_openssl_algos] && settings[:openssl_version] =~ /^3\./
configure_options << "--disable-ntlm"
end
extra_cflags = []
if platform.is_cross_compiled? && platform.is_macos?
extra_cflags << '-mmacosx-version-min=11.0 -arch arm64' if platform.name =~ /osx-11/
extra_cflags << '-mmacosx-version-min=12.0 -arch arm64' if platform.name =~ /osx-12/
end
if (platform.is_solaris? && platform.os_version == '11') || platform.is_aix?
# Makefile generation with automatic dependency tracking fails on these platforms
configure_options << "--disable-dependency-tracking"
end
pkg.configure do
["CPPFLAGS='#{settings[:cppflags]}' \
LDFLAGS='#{ldflags}' \
./configure --prefix=#{settings[:prefix]} \
#{configure_options.join(" ")} \
--enable-threaded-resolver \
--disable-ldap \
--disable-ldaps \
--with-ca-bundle=#{settings[:prefix]}/ssl/cert.pem \
--with-ca-path=#{settings[:prefix]}/ssl/certs \
--without-nghttp2 \
CFLAGS='#{settings[:cflags]} #{extra_cflags.join(" ")}' \
#{settings[:host]}"]
end
pkg.build do
["#{platform[:make]} -j$(shell expr $(shell #{platform[:num_cores]}) + 1)"]
end
install_steps = [
"#{platform[:make]} -j$(shell expr $(shell #{platform[:num_cores]}) + 1) install",
]
unless ['agent', 'pdk'].include?(settings[:runtime_project])
# Most projects won't need curl binaries, so delete them after installation.
# Note that the agent _should_ include curl binaries; Some projects and
# scripts depend on them and they can be helpful in debugging.
install_steps << "rm -f #{settings[:prefix]}/bin/{curl,curl-config}"
end
pkg.install do
install_steps
end
end