laantungir/nostr_core_lib
1
1
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Updated build.sh to build curl, openssl, and 256k1 if needed

Browse Source
This commit is contained in:
Laan Tungir
2025-08-16 10:26:39 -04:00
parent 00df0cad99
commit 40dd3aa20b
9429 changed files with 407781 additions and 47716 deletions
Download Patch File Download Diff File Expand all files Collapse all files

383
openssl-install/ssl/misc/CA.pl Executable file
View File

@@ -0,0 +1,383 @@
#!/usr/bin/env perl
# Copyright 2000-2025 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
#
# Wrapper around the ca to make it easier to use
#
# WARNING: do not edit!
# Generated by Makefile from apps/CA.pl.in
use strict;
use warnings;
my $verbose = 1;
my @OPENSSL_CMDS = ("req", "ca", "pkcs12", "x509", "verify");
my $openssl = $ENV{'OPENSSL'} // "openssl";
$ENV{'OPENSSL'} = $openssl;
my @openssl = split_val($openssl);
my $OPENSSL_CONFIG = $ENV{"OPENSSL_CONFIG"} // "";
my @OPENSSL_CONFIG = split_val($OPENSSL_CONFIG);
# Command invocations.
my @REQ = (@openssl, "req", @OPENSSL_CONFIG);
my @CA = (@openssl, "ca", @OPENSSL_CONFIG);
my @VERIFY = (@openssl, "verify");
my @X509 = (@openssl, "x509");
my @PKCS12 = (@openssl, "pkcs12");
# Default values for various configuration settings.
my $CATOP = "./demoCA";
my $CAKEY = "cakey.pem";
my $CAREQ = "careq.pem";
my $CACERT = "cacert.pem";
my $CACRL = "crl.pem";
my @DAYS = qw(-days 365);
my @CADAYS = qw(-days 1095); # 3 years
my @EXTENSIONS = qw(-extensions v3_ca);
my @POLICY = qw(-policy policy_anything);
my $NEWKEY = "newkey.pem";
my $NEWREQ = "newreq.pem";
my $NEWCERT = "newcert.pem";
my $NEWP12 = "newcert.p12";
# Commandline parsing
my %EXTRA;
my $WHAT = shift @ARGV // "";
@ARGV = parse_extra(@ARGV);
my $RET = 0;
sub split_val {
return split_val_win32(@_) if ($^O eq 'MSWin32');
my ($val) = @_;
my (@ret, @frag);
# Skip leading whitespace
$val =~ m{\A[ \t]*}ogc;
# Unix shell-compatible split
#
# Handles backslash escapes outside quotes and
# in double-quoted strings. Parameter and
# command-substitution is silently ignored.
# Bare newlines outside quotes and (trailing) backslashes are disallowed.
while (1) {
last if (pos($val) == length($val));
# The first char is never a SPACE or TAB. Possible matches are:
# 1. Ordinary string fragment
# 2. Single-quoted string
# 3. Double-quoted string
# 4. Backslash escape
# 5. Bare backlash or newline (rejected)
#
if ($val =~ m{\G([^'" \t\n\\]+)}ogc) {
# Ordinary string
push @frag, $1;
} elsif ($val =~ m{\G'([^']*)'}ogc) {
# Single-quoted string
push @frag, $1;
} elsif ($val =~ m{\G"}ogc) {
# Double-quoted string
push @frag, "";
while (1) {
last if ($val =~ m{\G"}ogc);
if ($val =~ m{\G([^"\\]+)}ogcs) {
# literals
push @frag, $1;
} elsif ($val =~ m{\G.(["\`\$\\])}ogc) {
# backslash-escaped special
push @frag, $1;
} elsif ($val =~ m{\G.(.)}ogcs) {
# backslashed non-special
push @frag, "\\$1" unless $1 eq "\n";
} else {
die sprintf("Malformed quoted string: %s\n", $val);
}
}
} elsif ($val =~ m{\G\\(.)}ogc) {
# Backslash is unconditional escape outside quoted strings
push @frag, $1 unless $1 eq "\n";
} else {
die sprintf("Bare backslash or newline in: '%s'\n", $val);
}
# Done if at SPACE, TAB or end, otherwise continue current fragment
#
next unless ($val =~ m{\G(?:[ \t]+|\z)}ogcs);
push @ret, join("", splice(@frag)) if (@frag > 0);
}
# Handle final fragment
push @ret, join("", splice(@frag)) if (@frag > 0);
return @ret;
}
sub split_val_win32 {
my ($val) = @_;
my (@ret, @frag);
# Skip leading whitespace
$val =~ m{\A[ \t]*}ogc;
# Windows-compatible split
# See: "Parsing C++ command-line arguments" in:
# https://learn.microsoft.com/en-us/cpp/cpp/main-function-command-line-args?view=msvc-170
#
# Backslashes are special only when followed by a double-quote
# Pairs of double-quotes make a single double-quote.
# Closing double-quotes may be omitted.
while (1) {
last if (pos($val) == length($val));
# The first char is never a SPACE or TAB.
# 1. Ordinary string fragment
# 2. Double-quoted string
# 3. Backslashes preceding a double-quote
# 4. Literal backslashes
# 5. Bare newline (rejected)
#
if ($val =~ m{\G([^" \t\n\\]+)}ogc) {
# Ordinary string
push @frag, $1;
} elsif ($val =~ m{\G"}ogc) {
# Double-quoted string
push @frag, "";
while (1) {
if ($val =~ m{\G("+)}ogc) {
# Two double-quotes make one literal double-quote
my $l = length($1);
push @frag, q{"} x int($l/2) if ($l > 1);
next if ($l % 2 == 0);
last;
}
if ($val =~ m{\G([^"\\]+)}ogc) {
push @frag, $1;
} elsif ($val =~ m{\G((?>[\\]+))(?=")}ogc) {
# Backslashes before a double-quote are escapes
my $l = length($1);
push @frag, q{\\} x int($l / 2);
if ($l % 2 == 1) {
++pos($val);
push @frag, q{"};
}
} elsif ($val =~ m{\G((?:(?>[\\]+)[^"\\]+)+)}ogc) {
# Backslashes not before a double-quote are not special
push @frag, $1;
} else {
# Tolerate missing closing double-quote
last;
}
}
} elsif ($val =~ m{\G((?>[\\]+))(?=")}ogc) {
my $l = length($1);
push @frag, q{\\} x int($l / 2);
if ($l % 2 == 1) {
++pos($val);
push @frag, q{"};
}
} elsif ($val =~ m{\G([\\]+)}ogc) {
# Backslashes not before a double-quote are not special
push @frag, $1;
} else {
die sprintf("Bare newline in: '%s'\n", $val);
}
# Done if at SPACE, TAB or end, otherwise continue current fragment
#
next unless ($val =~ m{\G(?:[ \t]+|\z)}ogcs);
push @ret, join("", splice(@frag)) if (@frag > 0);
}
# Handle final fragment
push @ret, join("", splice(@frag)) if (@frag);
return @ret;
}
# Split out "-extra-CMD value", and return new |@ARGV|. Fill in
# |EXTRA{CMD}| with list of values.
sub parse_extra
{
my @args;
foreach ( @OPENSSL_CMDS ) {
$EXTRA{$_} = [];
}
while (@_) {
my $arg = shift(@_);
if ( $arg !~ m{^-extra-(\w+)$} ) {
push @args, split_val($arg);
next;
}
$arg = $1;
die "Unknown \"-extra-${arg}\" option, exiting\n"
unless grep { $arg eq $_ } @OPENSSL_CMDS;
die "Missing \"-extra-${arg}\" option value, exiting\n"
unless (@_ > 0);
push @{$EXTRA{$arg}}, split_val(shift(@_));
}
return @args;
}
# See if reason for a CRL entry is valid; exit if not.
sub crl_reason_ok
{
my $r = shift;
if ($r eq 'unspecified' || $r eq 'keyCompromise'
|| $r eq 'CACompromise' || $r eq 'affiliationChanged'
|| $r eq 'superseded' || $r eq 'cessationOfOperation'
|| $r eq 'certificateHold' || $r eq 'removeFromCRL') {
return 1;
}
print STDERR "Invalid CRL reason; must be one of:\n";
print STDERR " unspecified, keyCompromise, CACompromise,\n";
print STDERR " affiliationChanged, superseded, cessationOfOperation\n";
print STDERR " certificateHold, removeFromCRL";
exit 1;
}
# Copy a PEM-format file; return like exit status (zero means ok)
sub copy_pemfile
{
my ($infile, $outfile, $bound) = @_;
my $found = 0;
open IN, $infile || die "Cannot open $infile, $!";
open OUT, ">$outfile" || die "Cannot write to $outfile, $!";
while (<IN>) {
$found = 1 if /^-----BEGIN.*$bound/;
print OUT $_ if $found;
$found = 2, last if /^-----END.*$bound/;
}
close IN;
close OUT;
return $found == 2 ? 0 : 1;
}
# Wrapper around system; useful for debugging. Returns just the exit status
sub run
{
my ($cmd, @args) = @_;
print "====\n$cmd @args\n" if $verbose;
my $status = system {$cmd} $cmd, @args;
print "==> $status\n====\n" if $verbose;
return $status >> 8;
}
if ( $WHAT =~ /^(-\?|-h|-help)$/ ) {
print STDERR <<EOF;
Usage:
CA.pl -newcert | -newreq | -newreq-nodes | -xsign | -sign | -signCA | -signcert | -crl | -newca [-extra-cmd parameter]
CA.pl -pkcs12 [certname]
CA.pl -verify certfile ...
CA.pl -revoke certfile [reason]
EOF
exit 0;
}
if ($WHAT eq '-newcert' ) {
# create a certificate
$RET = run(@REQ, qw(-new -x509 -keyout), $NEWKEY, "-out", $NEWCERT, @DAYS, @{$EXTRA{req}});
print "Cert is in $NEWCERT, private key is in $NEWKEY\n" if $RET == 0;
} elsif ($WHAT eq '-precert' ) {
# create a pre-certificate
$RET = run(@REQ, qw(-x509 -precert -keyout), $NEWKEY, "-out", $NEWCERT, @DAYS, @{$EXTRA{req}});
print "Pre-cert is in $NEWCERT, private key is in $NEWKEY\n" if $RET == 0;
} elsif ($WHAT =~ /^\-newreq(\-nodes)?$/ ) {
# create a certificate request
$RET = run(@REQ, "-new", (defined $1 ? ($1,) : ()), "-keyout", $NEWKEY, "-out", $NEWREQ, @{$EXTRA{req}});
print "Request is in $NEWREQ, private key is in $NEWKEY\n" if $RET == 0;
} elsif ($WHAT eq '-newca' ) {
# create the directory hierarchy
my @dirs = ( "${CATOP}", "${CATOP}/certs", "${CATOP}/crl",
"${CATOP}/newcerts", "${CATOP}/private" );
die "${CATOP}/index.txt exists.\nRemove old sub-tree to proceed,"
if -f "${CATOP}/index.txt";
die "${CATOP}/serial exists.\nRemove old sub-tree to proceed,"
if -f "${CATOP}/serial";
foreach my $d ( @dirs ) {
if ( -d $d ) {
warn "Directory $d exists" if -d $d;
} else {
mkdir $d or die "Can't mkdir $d, $!";
}
}
open OUT, ">${CATOP}/index.txt";
close OUT;
open OUT, ">${CATOP}/crlnumber";
print OUT "01\n";
close OUT;
# ask user for existing CA certificate
print "CA certificate filename (or enter to create)\n";
my $FILE;
$FILE = "" unless defined($FILE = <STDIN>);
$FILE =~ s{\R$}{};
if ($FILE ne "") {
copy_pemfile($FILE,"${CATOP}/private/$CAKEY", "PRIVATE");
copy_pemfile($FILE,"${CATOP}/$CACERT", "CERTIFICATE");
} else {
print "Making CA certificate ...\n";
$RET = run(@REQ, qw(-new -keyout), "${CATOP}/private/$CAKEY",
"-out", "${CATOP}/$CAREQ", @{$EXTRA{req}});
$RET = run(@CA, qw(-create_serial -out), "${CATOP}/$CACERT", @CADAYS,
qw(-batch -keyfile), "${CATOP}/private/$CAKEY", "-selfsign",
@EXTENSIONS, "-infiles", "${CATOP}/$CAREQ", @{$EXTRA{ca}})
if $RET == 0;
print "CA certificate is in ${CATOP}/$CACERT\n" if $RET == 0;
}
} elsif ($WHAT eq '-pkcs12' ) {
my $cname = $ARGV[0];
$cname = "My Certificate" unless defined $cname;
$RET = run(@PKCS12, "-in", $NEWCERT, "-inkey", $NEWKEY,
"-certfile", "${CATOP}/$CACERT", "-out", $NEWP12,
qw(-export -name), $cname, @{$EXTRA{pkcs12}});
print "PKCS#12 file is in $NEWP12\n" if $RET == 0;
} elsif ($WHAT eq '-xsign' ) {
$RET = run(@CA, @POLICY, "-infiles", $NEWREQ, @{$EXTRA{ca}});
} elsif ($WHAT eq '-sign' ) {
$RET = run(@CA, @POLICY, "-out", $NEWCERT,
"-infiles", $NEWREQ, @{$EXTRA{ca}});
print "Signed certificate is in $NEWCERT\n" if $RET == 0;
} elsif ($WHAT eq '-signCA' ) {
$RET = run(@CA, @POLICY, "-out", $NEWCERT, @EXTENSIONS,
"-infiles", $NEWREQ, @{$EXTRA{ca}});
print "Signed CA certificate is in $NEWCERT\n" if $RET == 0;
} elsif ($WHAT eq '-signcert' ) {
$RET = run(@X509, qw(-x509toreq -in), $NEWREQ, "-signkey", $NEWREQ,
qw(-out tmp.pem), @{$EXTRA{x509}});
$RET = run(@CA, @POLICY, "-out", $NEWCERT,
qw(-infiles tmp.pem), @{$EXTRA{ca}}) if $RET == 0;
print "Signed certificate is in $NEWCERT\n" if $RET == 0;
} elsif ($WHAT eq '-verify' ) {
my @files = @ARGV ? @ARGV : ( $NEWCERT );
foreach my $file (@files) {
my $status = run(@VERIFY, "-CAfile", "${CATOP}/$CACERT", $file, @{$EXTRA{verify}});
$RET = $status if $status != 0;
}
} elsif ($WHAT eq '-crl' ) {
$RET = run(@CA, qw(-gencrl -out), "${CATOP}/crl/$CACRL", @{$EXTRA{ca}});
print "Generated CRL is in ${CATOP}/crl/$CACRL\n" if $RET == 0;
} elsif ($WHAT eq '-revoke' ) {
my $cname = $ARGV[0];
if (!defined $cname) {
print "Certificate filename is required; reason optional.\n";
exit 1;
}
my @reason;
@reason = ("-crl_reason", $ARGV[1])
if defined $ARGV[1] && crl_reason_ok($ARGV[1]);
$RET = run(@CA, "-revoke", $cname, @reason, @{$EXTRA{ca}});
} else {
print STDERR "Unknown arg \"$WHAT\"\n";
print STDERR "Use -help for help.\n";
exit 1;
}
exit $RET;

1
openssl-install/ssl/misc/tsget Symbolic link
View File

@@ -0,0 +1 @@
tsget.pl

200
openssl-install/ssl/misc/tsget.pl Executable file
View File

@@ -0,0 +1,200 @@
#!/usr/bin/env perl
# Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.
# Copyright (c) 2002 The OpenTSA Project. All rights reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
use strict;
use IO::Handle;
use Getopt::Std;
use File::Basename;
use WWW::Curl::Easy;
use vars qw(%options);
# Callback for reading the body.
sub read_body {
my ($maxlength, $state) = @_;
my $return_data = "";
my $data_len = length ${$state->{data}};
if ($state->{bytes} < $data_len) {
$data_len = $data_len - $state->{bytes};
$data_len = $maxlength if $data_len > $maxlength;
$return_data = substr ${$state->{data}}, $state->{bytes}, $data_len;
$state->{bytes} += $data_len;
}
return $return_data;
}
# Callback for writing the body into a variable.
sub write_body {
my ($data, $pointer) = @_;
${$pointer} .= $data;
return length($data);
}
# Initialise a new Curl object.
sub create_curl {
my $url = shift;
# Create Curl object.
my $curl = WWW::Curl::Easy::new();
# Error-handling related options.
$curl->setopt(CURLOPT_VERBOSE, 1) if $options{d};
$curl->setopt(CURLOPT_FAILONERROR, 1);
$curl->setopt(CURLOPT_USERAGENT,
"OpenTSA tsget.pl/openssl-3.4.2");
# Options for POST method.
$curl->setopt(CURLOPT_UPLOAD, 1);
$curl->setopt(CURLOPT_CUSTOMREQUEST, "POST");
$curl->setopt(CURLOPT_HTTPHEADER,
["Content-Type: application/timestamp-query",
"Accept: application/timestamp-reply,application/timestamp-response"]);
$curl->setopt(CURLOPT_READFUNCTION, \&read_body);
$curl->setopt(CURLOPT_HEADERFUNCTION, sub { return length($_[0]); });
# Options for getting the result.
$curl->setopt(CURLOPT_WRITEFUNCTION, \&write_body);
# SSL related options.
$curl->setopt(CURLOPT_SSLKEYTYPE, "PEM");
$curl->setopt(CURLOPT_SSL_VERIFYPEER, 1); # Verify server's certificate.
$curl->setopt(CURLOPT_SSL_VERIFYHOST, 2); # Check server's CN.
$curl->setopt(CURLOPT_SSLKEY, $options{k}) if defined($options{k});
$curl->setopt(CURLOPT_SSLKEYPASSWD, $options{p}) if defined($options{p});
$curl->setopt(CURLOPT_SSLCERT, $options{c}) if defined($options{c});
$curl->setopt(CURLOPT_CAINFO, $options{C}) if defined($options{C});
$curl->setopt(CURLOPT_CAPATH, $options{P}) if defined($options{P});
$curl->setopt(CURLOPT_RANDOM_FILE, $options{r}) if defined($options{r});
$curl->setopt(CURLOPT_EGDSOCKET, $options{g}) if defined($options{g});
# Setting destination.
$curl->setopt(CURLOPT_URL, $url);
return $curl;
}
# Send a request and returns the body back.
sub get_timestamp {
my $curl = shift;
my $body = shift;
my $ts_body;
local $::error_buf;
# Error-handling related options.
$curl->setopt(CURLOPT_ERRORBUFFER, "::error_buf");
# Options for POST method.
$curl->setopt(CURLOPT_INFILE, {data => $body, bytes => 0});
$curl->setopt(CURLOPT_INFILESIZE, length(${$body}));
# Options for getting the result.
$curl->setopt(CURLOPT_FILE, \$ts_body);
# Send the request...
my $error_code = $curl->perform();
my $error_string;
if ($error_code != 0) {
my $http_code = $curl->getinfo(CURLINFO_HTTP_CODE);
$error_string = "could not get timestamp";
$error_string .= ", http code: $http_code" unless $http_code == 0;
$error_string .= ", curl code: $error_code";
$error_string .= " ($::error_buf)" if defined($::error_buf);
} else {
my $ct = $curl->getinfo(CURLINFO_CONTENT_TYPE);
if (lc($ct) ne "application/timestamp-reply"
&& lc($ct) ne "application/timestamp-response") {
$error_string = "unexpected content type returned: $ct";
}
}
return ($ts_body, $error_string);
}
# Print usage information and exists.
sub usage {
print STDERR "usage: $0 -h <server_url> [-e <extension>] [-o <output>] ";
print STDERR "[-v] [-d] [-k <private_key.pem>] [-p <key_password>] ";
print STDERR "[-c <client_cert.pem>] [-C <CA_certs.pem>] [-P <CA_path>] ";
print STDERR "[-r <file:file...>] [-g <EGD_socket>] [<request>]...\n";
exit 1;
}
# ----------------------------------------------------------------------
# Main program
# ----------------------------------------------------------------------
# Getting command-line options (default comes from TSGET environment variable).
my $getopt_arg = "h:e:o:vdk:p:c:C:P:r:g:";
if (exists $ENV{TSGET}) {
my @old_argv = @ARGV;
@ARGV = split /\s+/, $ENV{TSGET};
getopts($getopt_arg, \%options) or usage;
@ARGV = @old_argv;
}
getopts($getopt_arg, \%options) or usage;
# Checking argument consistency.
if (!exists($options{h}) || (@ARGV == 0 && !exists($options{o}))
|| (@ARGV > 1 && exists($options{o}))) {
print STDERR "Inconsistent command line options.\n";
usage;
}
# Setting defaults.
@ARGV = ("-") unless @ARGV != 0;
$options{e} = ".tsr" unless defined($options{e});
# Processing requests.
my $curl = create_curl $options{h};
undef $/; # For reading whole files.
REQUEST: foreach (@ARGV) {
my $input = $_;
my ($base, $path) = fileparse($input, '\.[^.]*');
my $output_base = $base . $options{e};
my $output = defined($options{o}) ? $options{o} : $path . $output_base;
STDERR->printflush("$input: ") if $options{v};
# Read request.
my $body;
if ($input eq "-") {
# Read the request from STDIN;
$body = <STDIN>;
} else {
# Read the request from file.
open INPUT, "<" . $input
or warn("$input: could not open input file: $!\n"), next REQUEST;
$body = <INPUT>;
close INPUT
or warn("$input: could not close input file: $!\n"), next REQUEST;
}
# Send request.
STDERR->printflush("sending request") if $options{v};
my ($ts_body, $error) = get_timestamp $curl, \$body;
if (defined($error)) {
die "$input: fatal error: $error\n";
}
STDERR->printflush(", reply received") if $options{v};
# Write response.
if ($output eq "-") {
# Write to STDOUT.
print $ts_body;
} else {
# Write to file.
open OUTPUT, ">", $output
or warn("$output: could not open output file: $!\n"), next REQUEST;
print OUTPUT $ts_body;
close OUTPUT
or warn("$output: could not close output file: $!\n"), next REQUEST;
}
STDERR->printflush(", $output written.\n") if $options{v};
}
$curl->cleanup();