Merge pull request #4320 from eval-exec/exec/enable-openssl-vendored

Enable the `openssl-vendored` feature for the `tentacle` package to allow CKB to statically link with OpenSSL.
nervosnetwork · Jan 25, 2024 · 2d03596 · 2d03596
2 parents ecda90b + 21999c8
commit 2d03596
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 69 deletions.
diff --git a/.github/workflows/package.yaml b/.github/workflows/package.yaml
@@ -61,7 +61,7 @@ jobs:
         GPG_SIGNER: ${{ secrets.GPG_SIGNER }}
       run: |
         export GIT_TAG_NAME=` echo ${{ github.ref }} | awk -F '/' '{print $4}' `
-        docker run --rm -i -w /ckb -v $(pwd):/ckb -e OPENSSL_STATIC=1 -e OPENSSL_LIB_DIR=/usr/local/lib64 -e OPENSSL_INCLUDE_DIR=/usr/local/include $BUILDER_IMAGE make ${{ matrix.build_target }}
+        docker run --rm -i -w /ckb -v $(pwd):/ckb -e $BUILDER_IMAGE make ${{ matrix.build_target }}
         gpg --quiet --batch --yes --decrypt --passphrase="$LARGE_SECRET_PASSPHRASE" --output devtools/ci/signer.asc devtools/ci/signer.asc.gpg
         gpg --import devtools/ci/signer.asc
         devtools/ci/package.sh target/prod/ckb
@@ -94,24 +94,6 @@ jobs:
       run: rustup target add aarch64-unknown-linux-gnu
     - name: Install dependencies
       run: sudo apt-get update && sudo apt-get install -y gcc-multilib && sudo apt-get install -y build-essential clang gcc-aarch64-linux-gnu g++-aarch64-linux-gnu
-    - name: Install OpenSSL
-      run: |
-        mkdir target && cd target
-
-        curl -LO https://www.openssl.org/source/openssl-3.1.3.tar.gz
-        curl -LO https://www.openssl.org/source/openssl-3.1.3.tar.gz.asc
-
-        gpg --keyserver keys.openpgp.org --recv-keys EFC0A467D613CB83C7ED6D30D894E2CE8B3D79F5
-        gpg --verify openssl-3.1.3.tar.gz.asc openssl-3.1.3.tar.gz
-
-        curl -LO https://www.openssl.org/source/openssl-3.1.3.tar.gz.sha256
-        echo $(cat openssl-3.1.3.tar.gz.sha256) openssl-3.1.3.tar.gz | sha256sum --check
-
-        tar -xzf openssl-3.1.3.tar.gz
-        cd openssl-3.1.3
-        CC=aarch64-linux-gnu-gcc ./Configure --prefix=$(pwd)/openssl-3.1.3/build linux-aarch64 no-shared
-        CC=aarch64-linux-gnu-gcc make -j $(nproc)
-        CC=aarch64-linux-gnu-gcc make -j $(nproc) install_sw
     - name: Build CKB and Package CKB
       env:
         LARGE_SECRET_PASSPHRASE: ${{ secrets.LARGE_SECRET_PASSPHRASE }}
@@ -122,10 +104,6 @@ jobs:
       run: |
         export GIT_TAG_NAME=` echo ${{ github.ref }} | awk -F '/' '{print $4}' `
 
-        export OPENSSL_DIR=$(pwd)/target/openssl-3.1.3/build
-        export OPENSSL_INCLUDE_DIR=${OPENSSL_DIR}/include
-        export OPENSSL_LIB_DIR=${OPENSSL_DIR}/lib64
-        export OPENSSL_STATIC=1
         PKG_CONFIG_ALLOW_CROSS=1 CC=gcc CC_aarch64_unknown_linux_gnu=aarch64-linux-gnu-gcc CKB_BUILD_TARGET="--target=aarch64-unknown-linux-gnu" make prod_portable
 
         gpg --quiet --batch --yes --decrypt --passphrase="$LARGE_SECRET_PASSPHRASE" --output devtools/ci/signer.asc devtools/ci/signer.asc.gpg
@@ -168,7 +146,7 @@ jobs:
         GPG_SIGNER: ${{ secrets.GPG_SIGNER }}
       run: |
         export GIT_TAG_NAME=` echo ${{ github.ref }} | awk -F '/' '{print $4}' `
-        docker run --rm -i -w /ckb -v $(pwd):/ckb -e OPENSSL_STATIC=1 -e OPENSSL_LIB_DIR=/usr/local/lib64 -e OPENSSL_INCLUDE_DIR=/usr/local/include $BUILDER_IMAGE make ${{ matrix.build_target }}
+        docker run --rm -i -w /ckb -v $(pwd):/ckb -e $BUILDER_IMAGE make ${{ matrix.build_target }}
         gpg --quiet --batch --yes --decrypt --passphrase="$LARGE_SECRET_PASSPHRASE" --output devtools/ci/signer.asc devtools/ci/signer.asc.gpg
         gpg --import devtools/ci/signer.asc
         devtools/ci/package.sh target/prod/ckb
@@ -204,35 +182,13 @@ jobs:
       run: |
         export GIT_TAG_NAME=` echo ${{ github.ref }} | awk -F '/' '{print $4}' `
         echo "GIT_TAG_NAME=$GIT_TAG_NAME" >> $GITHUB_ENV
-    - name: Install Dependencies
-      run: |
-        mkdir target && cd target
-
-        curl -LO https://www.openssl.org/source/openssl-3.1.3.tar.gz
-        curl -LO https://www.openssl.org/source/openssl-3.1.3.tar.gz.asc
-
-        gpg --keyserver keys.openpgp.org --recv-keys EFC0A467D613CB83C7ED6D30D894E2CE8B3D79F5
-        gpg --verify openssl-3.1.3.tar.gz.asc openssl-3.1.3.tar.gz
-
-        curl -LO https://www.openssl.org/source/openssl-3.1.3.tar.gz.sha256
-        echo $(cat openssl-3.1.3.tar.gz.sha256) openssl-3.1.3.tar.gz | sha256sum --check
-
-        tar -xzf openssl-3.1.3.tar.gz
-        cd openssl-3.1.3
-        ./Configure --prefix=$(pwd)/openssl-3.1.3/build no-shared
-        make
-        make install_sw
     - name: Build CKB and Package CKB
       env:
         LARGE_SECRET_PASSPHRASE: ${{ secrets.LARGE_SECRET_PASSPHRASE }}
         GPG_SIGNER: ${{ secrets.GPG_SIGNER }}
       run: |
         export GIT_TAG_NAME=` echo ${{ github.ref }} | awk -F '/' '{print $4}' `
 
-        export OPENSSL_DIR=$(pwd)/target/openssl-3.1.3/build
-        export OPENSSL_LIB_DIR=${OPENSSL_DIR}/lib
-        export OPENSSL_INCLUDE_DIR=${OPENSSL_DIR}/include
-        export OPENSSL_STATIC=1
         make ${{ matrix.build_target }}
 
         gpg --quiet --batch --yes --decrypt --passphrase="$LARGE_SECRET_PASSPHRASE" --output devtools/ci/signer.asc devtools/ci/signer.asc.gpg
@@ -282,35 +238,13 @@ jobs:
         if ! [ -f "$HOME/.cargo/bin/rustup" ]; then
           curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
         fi
-
-        mkdir target && cd target
-
-        curl -LO https://www.openssl.org/source/openssl-3.1.3.tar.gz
-        curl -LO https://www.openssl.org/source/openssl-3.1.3.tar.gz.asc
-
-        gpg --keyserver keys.openpgp.org --recv-keys EFC0A467D613CB83C7ED6D30D894E2CE8B3D79F5
-        gpg --verify openssl-3.1.3.tar.gz.asc openssl-3.1.3.tar.gz
-
-        curl -LO https://www.openssl.org/source/openssl-3.1.3.tar.gz.sha256
-        echo $(cat openssl-3.1.3.tar.gz.sha256) openssl-3.1.3.tar.gz | sha256sum --check
-
-        tar -xzf openssl-3.1.3.tar.gz
-        cd openssl-3.1.3
-        ./Configure --prefix=$(pwd)/openssl-3.1.3/build no-shared
-        make
-        make install_sw
-
     - name: Build CKB and Package CKB
       env:
         LARGE_SECRET_PASSPHRASE: ${{ secrets.LARGE_SECRET_PASSPHRASE }}
         GPG_SIGNER: ${{ secrets.GPG_SIGNER }}
       run: |
         export GIT_TAG_NAME=` echo ${{ github.ref }} | awk -F '/' '{print $4}' `
 
-        export OPENSSL_DIR=$(pwd)/target/openssl-3.1.3/build
-        export OPENSSL_LIB_DIR=${OPENSSL_DIR}/lib
-        export OPENSSL_INCLUDE_DIR=${OPENSSL_DIR}/include
-        export OPENSSL_STATIC=1
         make ${{ matrix.build_target }}
 
         gpg --quiet --batch --yes --decrypt --passphrase="$LARGE_SECRET_PASSPHRASE" --output devtools/ci/signer.asc devtools/ci/signer.asc.gpg

diff --git a/Cargo.lock b/Cargo.lock
diff --git a/network/Cargo.toml b/network/Cargo.toml
@@ -36,7 +36,7 @@ ckb-spawn = { path = "../util/spawn", version = "= 0.114.0-pre" }
 socket2 = "0.4"
 bitflags = "1.0"
 
-p2p = { version="0.4.0", package="tentacle", features = ["upnp", "parking_lot"] }
+p2p = { version="0.4.0", package="tentacle", features = ["upnp", "parking_lot", "openssl-vendored"] }
 
 [features]
 with_sentry = ["sentry"]