1*e7b1675dSTing-Kang Chang#!/bin/bash 2*e7b1675dSTing-Kang Chang# Copyright 2022 Google LLC 3*e7b1675dSTing-Kang Chang# 4*e7b1675dSTing-Kang Chang# Licensed under the Apache License, Version 2.0 (the "License"); 5*e7b1675dSTing-Kang Chang# you may not use this file except in compliance with the License. 6*e7b1675dSTing-Kang Chang# You may obtain a copy of the License at 7*e7b1675dSTing-Kang Chang# 8*e7b1675dSTing-Kang Chang# http://www.apache.org/licenses/LICENSE-2.0 9*e7b1675dSTing-Kang Chang# 10*e7b1675dSTing-Kang Chang# Unless required by applicable law or agreed to in writing, software 11*e7b1675dSTing-Kang Chang# distributed under the License is distributed on an "AS IS" BASIS, 12*e7b1675dSTing-Kang Chang# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13*e7b1675dSTing-Kang Chang# See the License for the specific language governing permissions and 14*e7b1675dSTing-Kang Chang# limitations under the License. 15*e7b1675dSTing-Kang Chang################################################################################ 16*e7b1675dSTing-Kang Chang 17*e7b1675dSTing-Kang Chang# This scripts installs OpenSSL of a given version and SHA256. If the version is 18*e7b1675dSTing-Kang Chang# not specified, DEFAULT_OPENSSL_VERSION is used; similarly the digest is by 19*e7b1675dSTing-Kang Chang# default DEFAULT_OPENSSL_SHA256. 20*e7b1675dSTing-Kang Chang# 21*e7b1675dSTing-Kang Chang# NOTEs: 22*e7b1675dSTing-Kang Chang# * If not running on Kokoro, this script will do nothing. 23*e7b1675dSTing-Kang Chang# * This script MUST be sourced to update the environment of the calling 24*e7b1675dSTing-Kang Chang# script. 25*e7b1675dSTing-Kang Chang# * If a custom version is passed, the corresponding digest should be passed 26*e7b1675dSTing-Kang Chang# too. 27*e7b1675dSTing-Kang Chang# 28*e7b1675dSTing-Kang Chang# Usage: 29*e7b1675dSTing-Kang Chang# source ./kokoro/testutils/install_openssl.sh [version] [sha256] 30*e7b1675dSTing-Kang Chang 31*e7b1675dSTing-Kang Changreadonly DEFAULT_OPENSSL_VERSION="1.1.1l" 32*e7b1675dSTing-Kang Changreadonly DEFAULT_OPENSSL_SHA256="0b7a3e5e59c34827fe0c3a74b7ec8baef302b98fa80088d7f9153aa16fa76bd1" 33*e7b1675dSTing-Kang Changreadonly PLATFORM="$(uname | tr '[:upper:]' '[:lower:]')" 34*e7b1675dSTing-Kang Chang 35*e7b1675dSTing-Kang Changinstall_openssl() { 36*e7b1675dSTing-Kang Chang local openssl_version="${1:-${DEFAULT_OPENSSL_VERSION}}" 37*e7b1675dSTing-Kang Chang local openssl_sha256="${2:-${DEFAULT_OPENSSL_SHA256}}" 38*e7b1675dSTing-Kang Chang 39*e7b1675dSTing-Kang Chang local openssl_name="openssl-${openssl_version}" 40*e7b1675dSTing-Kang Chang local openssl_archive="${openssl_name}.tar.gz" 41*e7b1675dSTing-Kang Chang local openssl_url="https://www.openssl.org/source/${openssl_archive}" 42*e7b1675dSTing-Kang Chang 43*e7b1675dSTing-Kang Chang local openssl_tmpdir="$(mktemp -dt tink-openssl-${openssl_version}.XXXXXX)" 44*e7b1675dSTing-Kang Chang echo "Building and installing OpensSSL ${openssl_version} to \ 45*e7b1675dSTing-Kang Chang${openssl_tmpdir}..." 46*e7b1675dSTing-Kang Chang ( 47*e7b1675dSTing-Kang Chang cd "${openssl_tmpdir}" 48*e7b1675dSTing-Kang Chang curl -OLsS "${openssl_url}" 49*e7b1675dSTing-Kang Chang echo "${openssl_sha256} ${openssl_archive}" | sha256sum -c 50*e7b1675dSTing-Kang Chang 51*e7b1675dSTing-Kang Chang tar xzf "${openssl_archive}" 52*e7b1675dSTing-Kang Chang cd "${openssl_name}" 53*e7b1675dSTing-Kang Chang ./config --prefix="${openssl_tmpdir}" --openssldir="${openssl_tmpdir}" 54*e7b1675dSTing-Kang Chang if [[ "${PLATFORM}" == "darwin" ]]; then 55*e7b1675dSTing-Kang Chang make -j "$(sysctl -n hw.ncpu)" > /dev/null 56*e7b1675dSTing-Kang Chang else 57*e7b1675dSTing-Kang Chang make -j "$(nproc)" > /dev/null 58*e7b1675dSTing-Kang Chang fi 59*e7b1675dSTing-Kang Chang make install_sw > /dev/null 60*e7b1675dSTing-Kang Chang ) 61*e7b1675dSTing-Kang Chang echo "Done" 62*e7b1675dSTing-Kang Chang export OPENSSL_ROOT_DIR="${openssl_tmpdir}" 63*e7b1675dSTing-Kang Chang export PATH="${openssl_tmpdir}/bin:${PATH}" 64*e7b1675dSTing-Kang Chang} 65*e7b1675dSTing-Kang Chang 66*e7b1675dSTing-Kang Changif [[ -n "${KOKORO_ARTIFACTS_DIR:-}" ]]; then 67*e7b1675dSTing-Kang Chang # If specifying the version, users must also specify the digest. 68*e7b1675dSTing-Kang Chang if (( "$#" == 1 )); then 69*e7b1675dSTing-Kang Chang echo \ 70*e7b1675dSTing-Kang Chang "The SHA256 digest must be provided too when specifying OpenSSL's version" \ 71*e7b1675dSTing-Kang Chang >&2 72*e7b1675dSTing-Kang Chang exit 1 73*e7b1675dSTing-Kang Chang fi 74*e7b1675dSTing-Kang Chang install_openssl "$@" 75*e7b1675dSTing-Kang Changfi 76