Upgrade OpenSSL 3.0.9 and use vcpkg manifest

IB-7760

Signed-off-by: Raul Metsma <[email protected]>

.github/workflows/build.yml

@@ -150,24 +150,38 @@ jobs:
       MAKEFLAGS: ""
       VER_SUFFIX: .VS${{ matrix.toolset }}
       VERSION: 3.16.0.${{ github.run_number }}
-      VCPKG_OVERLAY_TRIPLETS: ${{ github.workspace }}/patches/vcpkg-triplets
-      VCPKG_OVERLAY_PORTS: ${{ github.workspace }}/patches/vcpkg-ports
     steps:
     - name: Checkout
       uses: actions/checkout@v3
       with:
         submodules: recursive
-    - name: Prepare vcpkg
-      uses: lukka/run-vcpkg@v7
+    - uses: mad9000/actions-find-and-replace-string@3
+      id: path
       with:
-        vcpkgArguments: >-
-          "xml-security-c:x86-windows-v${{ matrix.toolset }}"
-          "xml-security-c:x64-windows-v${{ matrix.toolset }}"
-          "zlib:x86-windows-v${{ matrix.toolset }}"
-          "zlib:x64-windows-v${{ matrix.toolset }}"
-          "boost-test:x86-windows-v${{ matrix.toolset }}"
-          "boost-test:x64-windows-v${{ matrix.toolset }}"
-        vcpkgGitCommitId: 9b9c2758ece1d8ac0de90589730bb5ccf45c0874
+        source: ${{ github.workspace }}
+        find: '\'
+        replace: '/'
+        replaceAll: true
+    - name: Prepare vcpkg X64
+      uses: lukka/run-vcpkg@v11
+      with:
+        vcpkgGitCommitId: 5787cfa699a75805ef41938ec66bc7492714d290
+        vcpkgJsonGlob: ${{ steps.path.outputs.value }}/vcpkg.json
+        runVcpkgInstall: true
+        runVcpkgFormatString: "[`install`, `--recurse`, `--clean-after-build`, `--x-install-root`, `$[env.VCPKG_INSTALLED_DIR]`, `--triplet`, `$[env.VCPKG_DEFAULT_TRIPLET]`, `--x-feature`, `tests`]"
+      env:
+        VCPKG_DEFAULT_TRIPLET: x64-windows-v${{ matrix.toolset }}
+        VCPKG_INSTALLED_DIR: ${{ github.workspace }}/vcpkg_installed
+    - name: Prepare vcpkg X86
+      uses: lukka/run-vcpkg@v11
+      with:
+        vcpkgGitCommitId: 5787cfa699a75805ef41938ec66bc7492714d290
+        vcpkgJsonGlob: ${{ steps.path.outputs.value }}/vcpkg.json
+        runVcpkgInstall: true
+        runVcpkgFormatString: "[`install`, `--recurse`, `--clean-after-build`, `--x-install-root`, `$[env.VCPKG_INSTALLED_DIR]`, `--triplet`, `$[env.VCPKG_DEFAULT_TRIPLET]`, `--x-feature`, `tests`]"
+      env:
+        VCPKG_DEFAULT_TRIPLET: x86-windows-v${{ matrix.toolset }}
+        VCPKG_INSTALLED_DIR: ${{ github.workspace }}/vcpkg_installed
     - name: Install dependencies
       run: choco install doxygen.install swig -y > $null
     - name: Build xsd
@@ -179,7 +193,8 @@ jobs:
           -toolset ${{ matrix.toolset }} `
           -vcvars "${{ matrix.vcvars }}" `
           -swig C:/ProgramData/chocolatey/bin/swig.exe `
-          -doxygen "C:/Program files/doxygen/bin/doxygen.exe"
+          -doxygen "C:/Program files/doxygen/bin/doxygen.exe" `
+          -boost
     - name: Archive artifacts
       uses: actions/upload-artifact@v3
       with:

README.md

@@ -85,6 +85,7 @@
 1. Install dependencies and necessary tools from
 	* [Visual Studio Community 2017/2019/2022](https://www.visualstudio.com/downloads/)
 	* [CMake](http://www.cmake.org)
+	* [vcpkg](https://vcpkg.io/)
 	* [Swig](http://swig.org/download.html) - Optional, for C# and Java bindings
 	* [Doxygen](https://www.doxygen.nl/download.html) - Optional, for generationg documentation
 	* [Wix toolset](http://wixtoolset.org/releases/) - Optional, for creating Windows installation packages
@@ -106,8 +107,9 @@
 
 4. Configure
 
-        cmake -DCMAKE_TOOLCHAIN_FILE=vcpkg/scripts/buildsystems/vcpkg.cmake" `
+        cmake -DCMAKE_TOOLCHAIN_FILE=vcpkg/scripts/buildsystems/vcpkg.cmake `
               -DVCPKG_TARGET_TRIPLET=x64-windows-v142 `
+              -DVCPKG_MANIFEST_FEATURES=tests `
               -DXSD_INCLUDE_DIR=xsd/libxsd `
               -DXSD_EXECUTABLE=xsd/bin/xsd.exe `
               -B build -S .

build.ps1

@@ -16,7 +16,7 @@ param(
   [string]$light = "$env:WIX\bin\light.exe",
   [string]$swig = $null,
   [string]$doxygen = $null,
-  [string]$boost = $null,
+  [switch]$boost = $false,
   [string]$xsd = "$libdigidocpp\xsd",
   [string]$sign = $null,
   [string]$crosssign = $null,
@@ -33,7 +33,6 @@ if ($vcver) {
   $vcver = "-vcvars_ver=$vcver"
 }
 
-$env:VCPKG_OVERLAY_TRIPLETS = "$libdigidocpp\patches\vcpkg-triplets"
 $cmakeext = @()
 $candleext = @()
 $lightext = @()
@@ -47,7 +46,7 @@ if($doxygen) {
   $lightext += "DocFilesFragment.wixobj"
 }
 if($boost) {
-  $cmakeext += "-DBoost_INCLUDE_DIR=$boost"
+  $cmakeext += "-DVCPKG_MANIFEST_FEATURES=tests"
 }
 if($source) {
   Remove-Item source -Force -Recurse
@@ -62,25 +61,27 @@ foreach($platform in @("x86", "x64")) {
   foreach($type in @("Debug", "RelWithDebInfo")) {
     $buildpath = $platform+$type
     Remove-Item $buildpath -Force -Recurse -ErrorAction Ignore
-    & $vcvars $platform $vcver "&&" $cmake "-G$generator" `
+    & $vcvars $platform $vcver "&&" $cmake -B $buildpath -S $libdigidocpp "-G$generator" `
       "-DCMAKE_BUILD_TYPE=$type" `
       "-DCMAKE_INSTALL_PREFIX=$platform" `
       "-DCMAKE_INSTALL_LIBDIR=bin" `
       "-DCMAKE_TOOLCHAIN_FILE=$vcpkg_dir/scripts/buildsystems/vcpkg.cmake" `
       "-DVCPKG_TARGET_TRIPLET=$platform-windows-v$toolset" `
+      "-DVCPKG_INSTALLED_DIR=$libdigidocpp\vcpkg_installed_$platform" `
       "-DXSD_INCLUDE_DIR=$xsd/libxsd" `
       "-DXSD_EXECUTABLE=$xsd/bin/xsd.exe" `
       "-DSIGNCERT=$sign" `
       "-DCROSSSIGNCERT=$crosssign" `
-      $cmakeext -B $buildpath -S $libdigidocpp "&&" $cmake --build $buildpath --target check install
+      $cmakeext "&&" $cmake --build $buildpath --target check install
   }
 }
 
 if($doxygen) {
   & $heat dir x86/share/doc/libdigidocpp -nologo -cg Documentation -gg -scom -sreg -sfrag -srd -dr DocumentationFolder -var var.docLocation -out DocFilesFragment.wxs
 }
 & $heat dir x86/include -nologo -cg Headers -gg -scom -sreg -sfrag -srd -dr HeadersFolder -var var.headersLocation -out HeadersFragment.wxs
-& $vcvars x86 "&&" $candle -nologo "-dICON=$libdigidocpp/cmake/modules/ID.ico" "-dMSI_VERSION=$msiversion" "-dvcpkg=$vcpkg_dir" "-dvcpkg_suffix=windows-v$toolset" `
+& $vcvars x86 "&&" $candle -nologo "-dICON=$libdigidocpp/cmake/modules/ID.ico" "-dMSI_VERSION=$msiversion" `
+  "-dvcpkg_x86=$libdigidocpp\vcpkg_installed_x86\x86-windows-v$toolset" "-dvcpkg_x64=$libdigidocpp\vcpkg_installed_x64\x64-windows-v$toolset" `
   "-dheadersLocation=x86/include" "-dlibdigidocpp=." $candleext $libdigidocpp\libdigidocpp.wxs HeadersFragment.wxs
 & $light -nologo -out $msi_name -ext WixUIExtension `
   "-dWixUIBannerBmp=$libdigidocpp/cmake/modules/banner.bmp" `

libdigidocpp.wxs

@@ -4,10 +4,10 @@
 <?elseif $(env.VisualStudioVersion) = "16.0" ?>
 <?define VCVER = "142" ?>
 <?endif?>
-<?define VCPKG_X86 = "$(var.vcpkg)\installed\x86-$(var.vcpkg_suffix)\bin" ?>
-<?define VCPKG_X64 = "$(var.vcpkg)\installed\x64-$(var.vcpkg_suffix)\bin" ?>
-<?define VCPKG_X86D = "$(var.vcpkg)\installed\x86-$(var.vcpkg_suffix)\debug\bin" ?>
-<?define VCPKG_X64D = "$(var.vcpkg)\installed\x64-$(var.vcpkg_suffix)\debug\bin" ?>
+<?define VCPKG_X86 = "$(var.vcpkg_x86)\bin" ?>
+<?define VCPKG_X64 = "$(var.vcpkg_x64)\bin" ?>
+<?define VCPKG_X86D = "$(var.vcpkg_x86)\debug\bin" ?>
+<?define VCPKG_X64D = "$(var.vcpkg_x64)\debug\bin" ?>
 
 <Wix xmlns="http://schemas.microsoft.com/wix/2006/wi">
   <Product Name="Libdigidocpp" UpgradeCode="{93985BBA-6B59-443B-80C8-BA987407F8B8}"

patches/vcpkg-ports/openssl/disable-apps.patch

@@ -0,0 +1,12 @@
+diff --git a/Configure b/Configure
+index 5ac4b52..ad638e8 100755
+--- a/Configure
++++ b/Configure
+@@ -401,6 +401,7 @@ my @dtls = qw(dtls1 dtls1_2);
+ my @disablables = (
+     "acvp-tests",
+     "afalgeng",
++    "apps",
+     "aria",
+     "asan",
+     "asm",

patches/vcpkg-ports/openssl/disable-install-docs.patch

@@ -0,0 +1,26 @@
+diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl
+index 110ba06..5b6b1c7 100644
+--- a/Configurations/unix-Makefile.tmpl
++++ b/Configurations/unix-Makefile.tmpl
+@@ -611,7 +611,7 @@ install_sw: install_dev install_engines install_modules install_runtime
+
+ uninstall_sw: uninstall_runtime uninstall_modules uninstall_engines uninstall_dev
+
+-install_docs: install_man_docs install_html_docs
++install_docs:
+
+ uninstall_docs: uninstall_man_docs uninstall_html_docs
+ 	$(RM) -r $(DESTDIR)$(DOCDIR)
+diff --git a/Configurations/windows-makefile.tmpl b/Configurations/windows-makefile.tmpl
+index d054431..b5c1c88 100644
+--- a/Configurations/windows-makefile.tmpl
++++ b/Configurations/windows-makefile.tmpl
+@@ -487,7 +487,7 @@ install_sw: install_dev install_engines install_modules install_runtime
+
+ uninstall_sw: uninstall_runtime uninstall_modules uninstall_engines uninstall_dev
+
+-install_docs: install_html_docs
++install_docs:
+
+ uninstall_docs: uninstall_html_docs
+

patches/vcpkg-ports/openssl/install-pc-files.cmake

@@ -0,0 +1,32 @@
+function(install_pc_file name pc_data)
+    if(NOT DEFINED VCPKG_BUILD_TYPE OR VCPKG_BUILD_TYPE STREQUAL "release")
+        configure_file("${CMAKE_CURRENT_LIST_DIR}/openssl.pc.in" "${CURRENT_PACKAGES_DIR}/lib/pkgconfig/${name}.pc" @ONLY)
+    endif()
+    if(NOT DEFINED VCPKG_BUILD_TYPE OR VCPKG_BUILD_TYPE STREQUAL "debug")
+        configure_file("${CMAKE_CURRENT_LIST_DIR}/openssl.pc.in" "${CURRENT_PACKAGES_DIR}/debug/lib/pkgconfig/${name}.pc" @ONLY)
+    endif()
+endfunction()
+
+install_pc_file(openssl [[
+Name: OpenSSL
+Description: Secure Sockets Layer and cryptography libraries and tools
+Requires: libssl libcrypto
+]])
+
+install_pc_file(libssl [[
+Name: OpenSSL-libssl
+Description: Secure Sockets Layer and cryptography libraries
+Libs: -L"${libdir}" -llibssl
+Requires: libcrypto
+Cflags: -I"${includedir}"
+]])
+
+install_pc_file(libcrypto [[
+Name: OpenSSL-libcrypto
+Description: OpenSSL cryptography library
+Libs: -L"${libdir}" -llibcrypto
+Libs.private: -lcrypt32 -lws2_32 -ladvapi32 -luser32
+Cflags: -I"${includedir}"
+]])
+
+vcpkg_fixup_pkgconfig()

patches/vcpkg-ports/openssl/openssl.pc.in

@@ -0,0 +1,6 @@
+prefix=${pcfiledir}/../..
+exec_prefix=${prefix}
+libdir=${exec_prefix}/lib
+includedir=${prefix}/include
+Version: @VERSION@
+@pc_data@

patches/vcpkg-ports/openssl/portfile.cmake

@@ -0,0 +1,69 @@
+if(EXISTS "${CURRENT_INSTALLED_DIR}/share/libressl/copyright"
+    OR EXISTS "${CURRENT_INSTALLED_DIR}/share/boringssl/copyright")
+    message(FATAL_ERROR "Can't build openssl if libressl/boringssl is installed. Please remove libressl/boringssl, and try install openssl again if you need it.")
+endif()
+
+if(VCPKG_TARGET_IS_EMSCRIPTEN)
+    vcpkg_check_linkage(ONLY_STATIC_LIBRARY)
+endif()
+
+if (NOT "${VERSION}" MATCHES [[^([0-9]+)\.([0-9]+)\.([0-9]+)$]])
+    message(FATAL_ERROR "Version regex did not match.")
+endif()
+set(OPENSSL_VERSION_MAJOR "${CMAKE_MATCH_1}")
+set(OPENSSL_VERSION_MINOR "${CMAKE_MATCH_2}")
+set(OPENSSL_VERSION_FIX "${CMAKE_MATCH_3}")
+configure_file("${CMAKE_CURRENT_LIST_DIR}/vcpkg-cmake-wrapper.cmake.in" "${CURRENT_PACKAGES_DIR}/share/${PORT}/vcpkg-cmake-wrapper.cmake" @ONLY)
+
+vcpkg_from_github(
+    OUT_SOURCE_PATH SOURCE_PATH
+    REPO openssl/openssl
+    REF "openssl-${VERSION}"
+    SHA512 4762ce7faa0d7f43d0d4882700dcb10cd31bb025c52110fb2f1a8d3911f4ed92153db982935be6f38f45ae3f030f7edb4968e96dd5a41367ad7365c03c25edb1
+    PATCHES
+        disable-apps.patch
+        disable-install-docs.patch
+        script-prefix.patch
+        windows/install-layout.patch
+        windows/install-pdbs.patch
+        unix/android-cc.patch
+        unix/move-openssldir.patch
+        unix/no-empty-dirs.patch
+        unix/no-static-libs-for-shared.patch
+)
+
+vcpkg_list(SET CONFIGURE_OPTIONS
+    enable-static-engine
+    enable-capieng
+    no-ssl3
+    no-weak-ssl-ciphers
+    no-tests
+)
+
+if(VCPKG_LIBRARY_LINKAGE STREQUAL "dynamic")
+    vcpkg_list(APPEND CONFIGURE_OPTIONS shared)
+else()
+    vcpkg_list(APPEND CONFIGURE_OPTIONS no-shared no-module)
+endif()
+
+if(NOT "tools" IN_LIST FEATURES)
+    vcpkg_list(APPEND CONFIGURE_OPTIONS no-apps)
+endif()
+
+if(DEFINED OPENSSL_USE_NOPINSHARED)
+    vcpkg_list(APPEND CONFIGURE_OPTIONS no-pinshared)
+endif()
+
+if(OPENSSL_NO_AUTOLOAD_CONFIG)
+    vcpkg_list(APPEND CONFIGURE_OPTIONS no-autoload-config)
+endif()
+
+if(VCPKG_TARGET_IS_WINDOWS AND NOT VCPKG_TARGET_IS_MINGW)
+    include("${CMAKE_CURRENT_LIST_DIR}/windows/portfile.cmake")
+    include("${CMAKE_CURRENT_LIST_DIR}/install-pc-files.cmake")
+else()
+    include("${CMAKE_CURRENT_LIST_DIR}/unix/portfile.cmake")
+endif()
+
+file(INSTALL "${CMAKE_CURRENT_LIST_DIR}/usage" DESTINATION "${CURRENT_PACKAGES_DIR}/share/${PORT}")
+file(INSTALL "${SOURCE_PATH}/LICENSE.txt" DESTINATION "${CURRENT_PACKAGES_DIR}/share/${PORT}" RENAME copyright)

patches/vcpkg-ports/openssl/script-prefix.patch

@@ -0,0 +1,22 @@
+diff --git a/tools/c_rehash.in b/tools/c_rehash.in
+index 343cdc1..e48038e 100644
+--- a/tools/c_rehash.in
++++ b/tools/c_rehash.in
+@@ -12,7 +12,7 @@
+ # and add symbolic links to their hash values.
+
+ my $dir = {- quotify1($config{openssldir}) -};
+-my $prefix = {- quotify1($config{prefix}) -};
++use FindBin;
+
+ my $errorcount = 0;
+ my $openssl = $ENV{OPENSSL} || "openssl";
+@@ -61,7 +61,7 @@ if (defined(&Cwd::getcwd)) {
+
+ # DOS/Win32 or Unix delimiter?  Prefix our installdir, then search.
+ my $path_delim = ($pwd =~ /^[a-z]\:/i) ? ';' : ':';
+-$ENV{PATH} = "$prefix/bin" . ($ENV{PATH} ? $path_delim . $ENV{PATH} : "");
++$ENV{PATH} = "$FindBin::Bin" . ($ENV{PATH} ? $path_delim . $ENV{PATH} : "");
+
+ if (! -x $openssl) {
+     my $found = 0;

patches/vcpkg-ports/openssl/unix/Makefile.emscripten

@@ -0,0 +1,4 @@
+build_sw:
+	$(EMSDK)/upstream/emscripten/emmake $(MAKE) -f Makefile build_sw ${VCPKG_JOBS} $(MAKEFLAGS)
+install:
+	$(EMSDK)/upstream/emscripten/emmake $(MAKE) -f Makefile install ${VCPKG_JOBS} $(MAKEFLAGS)

patches/vcpkg-ports/openssl/unix/android-cc.patch

@@ -0,0 +1,20 @@
+diff --git a/Configurations/15-android.conf b/Configurations/15-android.conf
+index 41ad922..d15e34c 100644
+--- a/Configurations/15-android.conf
++++ b/Configurations/15-android.conf
+@@ -102,6 +102,7 @@
+             my $cflags;
+             my $cppflags;
+
++if (0) {
+             # see if there is NDK clang on $PATH, "universal" or "standalone"
+             if (which("clang") =~ m|^$ndk/.*/prebuilt/([^/]+)/|) {
+                 my $host=$1;
+@@ -158,6 +159,7 @@
+                 $sysroot =~ s|^$ndk/||;
+                 $sysroot = " --sysroot=\$($ndk_var)/$sysroot";
+             }
++}
+             $android_ndk = {
+                 cflags   => $cflags . $sysroot,
+                 cppflags => $cppflags,

patches/vcpkg-ports/openssl/unix/configure

@@ -0,0 +1,31 @@
+#!/bin/bash
+
+set -e
+
+declare -a OUT_OPTIONS
+
+INTERPRETER=perl
+
+LAST_SEEN=
+COPY_OPTIONS=no
+for OPTION; do
+    case "${OPTION},${COPY_OPTIONS}" in
+    */Configure,no)
+        OUT_OPTIONS+=("${OPTION}")
+        INTERPRETER="${LAST_SEEN}"
+        COPY_OPTIONS=yes
+        ;;
+    --prefix=*|--openssldir=*|--libdir=*|--cross-compile-prefix=*|--debug,*)
+        OUT_OPTIONS+=("${OPTION}")
+        ;;
+    -*|*=*)
+        ;;
+    *,yes)
+        OUT_OPTIONS+=("${OPTION}")
+        ;;
+    esac
+    LAST_SEEN="${OPTION}"
+done
+
+set -x
+"${INTERPRETER}" ${OUT_OPTIONS[@]}

patches/vcpkg-ports/openssl/unix/move-openssldir.patch

@@ -0,0 +1,15 @@
+diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl
+index dd96254..c4458ca 100644
+--- a/Configurations/unix-Makefile.tmpl
++++ b/Configurations/unix-Makefile.tmpl
+@@ -689,6 +689,10 @@ install_ssldirs:
+ 		cp $(SRCDIR)/apps/ct_log_list.cnf $(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf; \
+ 		chmod 644 $(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf; \
+ 	fi
++	$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(INSTALLTOP)$(OPENSSLDIR)
++	for I in $(DESTDIR)$(OPENSSLDIR)/*; do \
++		mv $$I $(DESTDIR)$(INSTALLTOP)$(OPENSSLDIR)/; \
++	done
+
+ install_dev: install_runtime_libs
+ 	@[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1)