hoelee/curl-impersonate
1
0
Fork 0
mirror of https://github.com/lwthiker/curl-impersonate.git synced 2025-08-09 13:19:37 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Add cross compilation support

Browse Source 
Add support for cross-compiling curl-impersonate.

Cross compiling can now be done using the '--host' flag to the configure
script. This will make sure that all sub-components are cross-compiled.
In addition, compiling for a different system requires explicitly
specifying multiple paths used by curl (e.g. for certificates). These
options were added to the configure script as well.

The build and test CI workflow will now attempt to cross-compile
curl-impersonate to ARM64 (aarch64), and upload this binary to the
GitHub release page.
This commit is contained in:
lwthiker
2022-07-14 15:56:09 +03:00
parent 6572db81db
commit d860024dac
5 changed files with 364 additions and 83 deletions
Download Patch File Download Diff File Expand all files Collapse all files

85
.github/workflows/build-and-test-make.yml vendored
View File

@@ -21,15 +21,23 @@ jobs:
strategy:
matrix:
os: [ubuntu-20.04, macos-11]
arch: [x86_64]
include:
- os: ubuntu-20.04
arch: x86_64
host: x86_64-linux-gnu
capture_interface: eth0
make: make
- os: ubuntu-20.04
arch: aarch64
host: aarch64-linux-gnu
capture_interface: eth0
make: make
release_name: x86_64-linux-gnu
- os: macos-11
arch: x86_64
host: x86_64-macos
capture_interface: en0
make: gmake
release_name: x86_64-macos
steps:
- uses: actions/setup-python@v3
@@ -69,12 +77,37 @@ jobs:
run: |
pip3 install -r tests/requirements.txt
- name: Run configure script
# When cross compiling we need to build zlib first.
- name: Build zlib
run: |
curl -LO https://zlib.net/zlib-1.2.12.tar.gz
tar xf zlib-1.2.12.tar.gz
cd zlib-1.2.12
CHOST=${{ matrix.host }} ./configure --prefix=${{ runner.temp }}/zlib
make
# Make sure curl will link with libz.so.1 and not libz.so
rm -f libz.so
- name: Run configure script
if: matrix.arch == 'x86_64'
run: |
autoconf
mkdir ${{ runner.temp }}/install
./configure --prefix=${{ runner.temp }}/install
# When cross compiling a more complicated configuration is needed, since
# curl's configure script can't figure out where some files and libraries
# are located. The locations used here are the ones used by Ubuntu.
- name: Run configure script (cross compiling)
if: matrix.arch != 'x86_64'
run: |
mkdir ${{ runner.temp }}/install
./configure --prefix=${{ runner.temp }}/install \
--host=${{ matrix.arch }} \
--with-zlib=${{ runner.temp }}/zlib \
--with-ca-path=/etc/ssl/certs \
--with-ca-bundle=/etc/ssl/certs/ca-certificates.crt \
--with-libnssckbi=/usr/lib/${{ matrix.host }}/nss
# Cache the build of BoringSSL, which is the longest part of the build
# We must cache the .zip as well, otherwise the Makefile will
# rebuild BoringSSL. This whole thing is a bit hacky, but necessary to
@@ -83,14 +116,14 @@ jobs:
uses: actions/cache@v3
with:
path: boringssl.zip
key: ${{ runner.os }}-boring-source-${{ env.BORING_SSL_COMMIT }}
key: ${{ runner.os }}-${{ matrix.arch }}-boring-source-${{ env.BORING_SSL_COMMIT }}
- name: Cache BoringSSL build
id: cache-boringssl
uses: actions/cache@v3
with:
path: boringssl/build
key: ${{ runner.os }}-boring-build-${{ env.BORING_SSL_COMMIT }}-${{ hashFiles('chrome/patches/boringssl*.patch') }}
key: ${{ runner.os }}-${{ matrix.arch }}-boring-build-${{ env.BORING_SSL_COMMIT }}-${{ hashFiles('chrome/patches/boringssl*.patch') }}
# Trick the Makefile into skipping the BoringSSL build step
# if it was found in the cache. See Makefile.in
@@ -114,14 +147,14 @@ jobs:
uses: actions/cache@v3
with:
path: ${{ env.NSS_VERSION }}.tar.gz
key: ${{ runner.os }}-nss-source-${{ env.NSS_VERSION }}
key: ${{ runner.os }}-${{ matrix.arch }}-nss-source-${{ env.NSS_VERSION }}
- name: Cache NSS build
id: cache-nss
uses: actions/cache@v3
with:
path: ${{ env.NSS_VERSION }}/dist
key: ${{ runner.os }}-nss-build-${{ env.NSS_VERSION }}
key: ${{ runner.os }}-${{ matrix.arch }}-nss-build-${{ env.NSS_VERSION }}
# Trick the Makefile into skipping the NSS build step
# if it was found in the cache.
@@ -138,11 +171,15 @@ jobs:
${{ matrix.make }} firefox-install
- name: Prepare the tests
if: matrix.arch == 'x86_64'
run: |
# Compile 'minicurl' which is used by the tests
gcc -Wall -Werror -o ${{ runner.temp }}/install/bin/minicurl tests/minicurl.c `curl-config --libs`
# For now we can only run the tests when not cross compiling, since the
# tests run the curl-impersonate binary locally.
- name: Run the tests
if: matrix.arch == 'x86_64'
run: |
cd tests
# sudo is needed for capturing packets
@@ -154,18 +191,38 @@ jobs:
if: startsWith(github.ref, 'refs/tags/')
run: |
cd ${{ runner.temp }}/install/lib
tar -c -z -f ${{ runner.temp }}/libcurl-impersonate-${{ github.ref_name }}.${{ matrix.release_name }}.tar.gz libcurl-impersonate*
echo "release_file_lib=${{ runner.temp }}/libcurl-impersonate-${{ github.ref_name }}.${{ matrix.release_name }}.tar.gz" >> $GITHUB_ENV
tar -c -z -f ${{ runner.temp }}/libcurl-impersonate-${{ github.ref_name }}.${{ matrix.host }}.tar.gz libcurl-impersonate*
echo "release_file_lib=${{ runner.temp }}/libcurl-impersonate-${{ github.ref_name }}.${{ matrix.host }}.tar.gz" >> $GITHUB_ENV
# Recompile curl-impersonate statically.
- name: Recompile statically
- name: Clean build
if: startsWith(github.ref, 'refs/tags/')
run: |
${{ matrix.make }} chrome-clean
${{ matrix.make }} firefox-clean
rm -Rf ${{ runner.temp }}/install
mkdir ${{ runner.temp }}/install
# Recompile curl-impersonate statically when doing a release.
- name: Reconfigure statically
if: startsWith(github.ref, 'refs/tags/') && matrix.arch == 'x86_64'
run: |
./configure --prefix=${{ runner.temp }}/install --enable-static
- name: Reconfigure statically (cross compiling)
if: startsWith(github.ref, 'refs/tags/') && matrix.arch != 'x86_64'
run: |
mkdir ${{ runner.temp }}/install
./configure --prefix=${{ runner.temp }}/install \
--enable-static \
--host=${{ matrix.arch }} \
--with-zlib=${{ runner.temp }}/zlib \
--with-ca-path=/etc/ssl/certs \
--with-ca-bundle=/etc/ssl/certs/ca-certificates.crt \
--with-libnssckbi=/usr/lib/${{ matrix.host }}/nss
- name: Rebuild statically
if: startsWith(github.ref, 'refs/tags/')
run: |
${{ matrix.make }} chrome-build
${{ matrix.make }} chrome-checkbuild
${{ matrix.make }} chrome-install-strip
@@ -177,8 +234,8 @@ jobs:
if: startsWith(github.ref, 'refs/tags/')
run: |
cd ${{ runner.temp }}/install/bin
tar -c -z -f ${{ runner.temp }}/curl-impersonate-${{ github.ref_name }}.${{ matrix.release_name }}.tar.gz curl-impersonate-ff curl-impersonate-chrome curl_*
echo "release_file_bin=${{ runner.temp }}/curl-impersonate-${{ github.ref_name }}.${{ matrix.release_name }}.tar.gz" >> $GITHUB_ENV
tar -c -z -f ${{ runner.temp }}/curl-impersonate-${{ github.ref_name }}.${{ matrix.host }}.tar.gz curl-impersonate-ff curl-impersonate-chrome curl_*
echo "release_file_bin=${{ runner.temp }}/curl-impersonate-${{ github.ref_name }}.${{ matrix.host }}.tar.gz" >> $GITHUB_ENV
- name: Upload release files
uses: softprops/action-gh-release@v1

10
INSTALL.md
View File

@@ -29,11 +29,6 @@ git clone https://github.com/lwthiker/curl-impersonate.git
cd curl-impersonate
```
Generate the configure script:
```
autoconf
```
Configure and compile:
```
mkdir build && cd build
@@ -102,11 +97,6 @@ pip3 install gyp-next
brew install go
```
Generate the configure script:
```
autoconf
```
Configure and compile:
```
mkdir build && cd build

211
Makefile.in
View File

@@ -5,8 +5,8 @@ SHELL := bash
.ONESHELL:
.SHELLFLAGS := -euc
.DELETE_ON_ERROR:
MAKEFLAGS += --warn-undefined-variables
MAKEFLAGS += --no-builtin-rules
# MAKEFLAGS += --warn-undefined-variables
# MAKEFLAGS += --no-builtin-rules
BROTLI_VERSION := 1.0.9
# In case this is changed, update build-and-test-make.yml as well
@@ -32,10 +32,30 @@ firefox_libs := $(brotli_static_libs) $(nss_static_libs) $(nghttp2_static_libs)
# Dependencies needed to compile the Chrome version
chrome_libs := $(brotli_static_libs) $(boringssl_static_libs) $(nghttp2_static_libs)
# To be set by the configure script
# The following variables will be set by the configure script.
prefix = @prefix@
exec_prefix = @exec_prefix@
srcdir = @abs_srcdir@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
host_os = @host_os@
build = @build@
# Whether to link curl-impersonate with libcurl-impersonate statically.
static_build = @static_build@
# Whether the user provided a specific find for zlib
with_zlib = @with_zlib@
# Path to be passed to curl's --with-ca-bundle configure option.
with_ca_bundle = @with_ca_bundle@
# Path to be passed to curl's --with-ca-path configure option.
with_ca_path = @with_ca_path@
# Path to be passed to curl's --with-libnssckbi configure option (an option
# added for curl-impersonate).
with_libnssckbi = @with_libnssckbi@
CC = @CC@
CXX = @CXX@
STRIP = @STRIP@
# Auto-generate Makefile help.
# Borrowed from https://marmelab.com/blog/2016/02/29/auto-documented-makefile.html
@@ -51,6 +71,7 @@ firefox-build: $(CURL_VERSION)/.firefox ## Build the Firefox version of curl-imp
.PHONY: firefox-build
firefox-checkbuild: ## Run basic checks on the built binary
ifeq ($(host),$(build))
cd $(CURL_VERSION)
# Make sure all needed features were compiled in
./src/curl-impersonate-ff -V | grep -q zlib
@@ -58,6 +79,9 @@ firefox-checkbuild: ## Run basic checks on the built binary
./src/curl-impersonate-ff -V | grep -q nghttp2
./src/curl-impersonate-ff -V | grep -q NSS
$(info Build OK)
else
$(info Cross compiling, skipping checkbuild)
endif
.PHONY: firefox-checkbuild
firefox-install: ## Install the Firefox version of curl-impersonate after build
@@ -72,7 +96,7 @@ firefox-install-strip: ## Like 'firefox-install', but strip binaries for smaller
$(MAKE) install-exec MAKEFLAGS=
# We could have used 'install-strip' but then the docs would be installed as well.
# Instead strip manually.
strip @bindir@/curl-impersonate-ff
$(STRIP) @bindir@/curl-impersonate-ff
# Wrapper scripts for the Firefox version (e.g. 'curl_ff98')
install $(srcdir)/firefox/curl_ff* @bindir@
.PHONY: firefox-install-strip
@@ -96,6 +120,7 @@ chrome-build: $(CURL_VERSION)/.chrome ## Build the Chrome version of curl-impers
.PHONY: chrome-build
chrome-checkbuild: ## Run basic checks on the built binary
ifeq ($(host),$(build))
cd $(CURL_VERSION)
# Make sure all needed features were compiled in
./src/curl-impersonate-chrome -V | grep -q zlib
@@ -103,6 +128,9 @@ chrome-checkbuild: ## Run basic checks on the built binary
./src/curl-impersonate-chrome -V | grep -q nghttp2
./src/curl-impersonate-chrome -V | grep -q BoringSSL
$(info Build OK)
else
$(info Cross compiling, skipping checkbuild)
endif
.PHONY: chrome-checkbuild
chrome-install: ## Install the Chrome version of curl-impersonate after build
@@ -117,7 +145,7 @@ chrome-install-strip: ## Like 'chrome-install', but strip binaries for smaller s
$(MAKE) install-exec MAKEFLAGS=
# We could have used 'install-strip' but then the docs would be installed as well.
# Instead strip manually.
strip @bindir@/curl-impersonate-chrome
$(STRIP) @bindir@/curl-impersonate-chrome
# Wrapper scripts for the Chrome version (e.g. 'curl_chrome99')
install $(srcdir)/chrome/curl_chrome* $(srcdir)/chrome/curl_edge* $(srcdir)/chrome/curl_safari* @bindir@
.PHONY: chrome-install-strip
@@ -150,10 +178,29 @@ $(brotli_static_libs): brotli-$(BROTLI_VERSION).tar.gz
cd brotli-$(BROTLI_VERSION)
mkdir -p out
cd out
# Convert autoconf style os name to CMake style os name.
case $(host_os) in \
linux*) \
system_name=Linux \
;; \
darwin*) \
system_name=Darwin \
;; \
*) \
system_name=$(host_os) \
;; \
esac
@cmake@ -DCMAKE_BUILD_TYPE=Release \
-DCMAKE_INSTALL_PREFIX=./installed \
-DCMAKE_INSTALL_LIBDIR=lib \
..
-DCMAKE_INSTALL_PREFIX=./installed \
-DCMAKE_INSTALL_LIBDIR=lib \
-DCMAKE_CXX_COMPILER=$(CXX) \
-DCMAKE_C_COMPILER=$(CC) \
-DCMAKE_SYSTEM_NAME=$$system_name \
-DCMAKE_SYSTEM_PROCESSOR=$(host_cpu) \
..
@cmake@ --build . --config Release --target install
@@ -162,8 +209,43 @@ $(NSS_VERSION).tar.gz:
$(nss_static_libs): $(NSS_VERSION).tar.gz
tar xf $(NSS_VERSION).tar.gz
ifeq ($(host),$(build))
# Native build, use NSS' build script.
cd $(NSS_VERSION)/nss
./build.sh -o --disable-tests --static --python=python3
else
# We are cross compiling.
# Cross compiling NSS is not supported by its build script and is poorly
# documented. We need to compile NSPR manually and only then compile nss.
case $(host_cpu) in \
*64*) \
use_64="1"; \
nspr_configure_flags="--enable-64bit"; \
;; \
*) \
use_64="0"; \
;; \
esac
# Cross-compile nspr separately
cd $(NSS_VERSION)/nspr
./configure --prefix=$(nss_install_dir) \
--disable-debug --enable-optimize \
--target=$(host_alias) \
$$nspr_configure_flags
$(MAKE) MAKEFLAGS=
$(MAKE) install MAKEFLAGS=
# Now we can run ./build.sh with the already built nspr
cd ../nss
CC=$(CC) CXX=$(CXX) CCC=$(CXX) \
./build.sh -o --disable-tests --static --python=python3 \
--with-nspr=$(nss_install_dir)/include/nspr:$(nss_install_dir)/lib \
--target=$(host_cpu) \
-Duse_system_zlib=0 \
-Dsign_libs=0
endif
# Hack for macOS: Remove dynamic libraries to force the linker to use the
# static ones when linking curl.
rm -Rf $(nss_install_dir)/lib/*.dylib
@@ -184,6 +266,20 @@ boringssl/.patched: $(srcdir)/chrome/patches/boringssl-*.patch
$(boringssl_static_libs): boringssl.zip boringssl/.patched
mkdir -p $(boringssl_install_dir)
cd $(boringssl_install_dir)
# Convert autoconf style os name to CMake style os name.
case $(host_os) in \
linux*) \
system_name=Linux \
;; \
darwin*) \
system_name=Darwin \
;; \
*) \
system_name=Linux \
;; \
esac
# The extra CMAKE_C_FLAGS are needed because otherwise boringssl fails to
# compile in release mode on some systems with gcc 12 (e.g. Fedora).
# In addition, guard these options with -Wno-unknown-warning-option to
@@ -191,6 +287,10 @@ $(boringssl_static_libs): boringssl.zip boringssl/.patched
@cmake@ -DCMAKE_BUILD_TYPE=Release \
-DCMAKE_POSITION_INDEPENDENT_CODE=on \
-DCMAKE_C_FLAGS="-Wno-unknown-warning-option -Wno-stringop-overflow -Wno-array-bounds" \
-DCMAKE_CXX_COMPILER=$(CXX) \
-DCMAKE_C_COMPILER=$(CC) \
-DCMAKE_SYSTEM_NAME=$$system_name \
-DCMAKE_SYSTEM_PROCESSOR=$(host_cpu) \
-GNinja \
..
@ninja@
@@ -208,10 +308,20 @@ $(NGHTTP2_VERSION).tar.bz2:
$(nghttp2_static_libs): $(NGHTTP2_VERSION).tar.bz2
tar -xf $(NGHTTP2_VERSION).tar.bz2
cd $(NGHTTP2_VERSION)
./configure --prefix=$(nghttp2_install_dir) \
--with-pic \
--disable-shared \
--disable-python-bindings
# Set up the configure flags to nghttp2.
# If the user provided the --host flag to our configure script
# (for cross compilation), then pass it on to nghttp2.
{ \
config_flags="--prefix=$(nghttp2_install_dir)"; \
config_flags="$$config_flags --with-pic --enable-lib-only"; \
config_flags="$$config_flags --disable-shared --disable-python-bindings"; \
if test -n "$(host_alias)"; then \
config_flags="$$config_flags --host=$(host_alias)"; \
fi; \
}
./configure $$config_flags
$(MAKE) MAKEFLAGS=
$(MAKE) install MAKEFLAGS=
@@ -244,13 +354,35 @@ $(CURL_VERSION)/.patched-chrome: $(srcdir)/chrome/patches/curl-*.patch
# This is a small hack that flags that curl was patched and configured in the "firefox" version
$(CURL_VERSION)/.firefox: $(firefox_libs) $(CURL_VERSION).tar.xz $(CURL_VERSION)/.patched-ff
cd $(CURL_VERSION)
./configure @curl_configure_options@ \
--prefix=@prefix@ \
--with-nghttp2=$(nghttp2_install_dir) \
--with-brotli=$(brotli_install_dir) \
--with-nss=$(nss_install_dir) \
USE_CURL_SSLKEYLOGFILE=true \
CFLAGS="-I$(nss_install_dir)/../public/nss -I$(nss_install_dir)/include/nspr"
# Set up the configure flags to curl.
# If the user provided the --host flag to our configure script
# (for cross compilation), then pass it on to curl.
{ \
config_flags="--prefix=@prefix@"; \
config_flags+=" --with-nghttp2=$(nghttp2_install_dir)"; \
config_flags+=" --with-brotli=$(brotli_install_dir)"; \
config_flags+=" --with-nss=$(nss_install_dir)"; \
config_flags+=" USE_CURL_SSLKEYLOGFILE=true"; \
if test "$(static_build)" = "yes"; then \
config_flags+=" --enable-static --disable-shared"; \
fi; \
if test -n "$(host_alias)"; then \
config_flags+=" --host=$(host_alias)"; \
fi; \
if test -n "$(with_zlib)"; then \
config_flags+=" --with-zlib=$(with_zlib)"; \
fi; \
if test -n "$(with_libnssckbi)"; then \
config_flags+=" --with-libnssckbi=$(with_libnssckbi)"; \
fi; \
add_cflags="-I$(nss_install_dir)/../public/nss"; \
add_cflags+=" -I$(nss_install_dir)/include/nspr"; \
}
echo "Configuring curl with: $$config_flags"
./configure $$config_flags CFLAGS="$$add_cflags"
# Remove possible leftovers from a previous compilation
$(MAKE) clean MAKEFLAGS=
touch .firefox
@@ -260,14 +392,39 @@ $(CURL_VERSION)/.firefox: $(firefox_libs) $(CURL_VERSION).tar.xz $(CURL_VERSION)
# This is a small hack that flags that curl was patched and configured in the "chrome" version
$(CURL_VERSION)/.chrome: $(chrome_libs) $(CURL_VERSION).tar.xz $(CURL_VERSION)/.patched-chrome
cd $(CURL_VERSION)
./configure @curl_configure_options@ \
--prefix=@prefix@ \
--with-nghttp2=$(nghttp2_install_dir) \
--with-brotli=$(brotli_install_dir) \
--with-openssl=$(boringssl_install_dir) \
USE_CURL_SSLKEYLOGFILE=true \
LIBS="-pthread" \
CFLAGS="-I$(boringssl_install_dir)"
# Set up the configure flags to curl.
# If the user provided the --host flag to our configure script
# (for cross compilation), then pass it on to curl.
{ \
config_flags="--prefix=@prefix@"; \
config_flags="$$config_flags --with-nghttp2=$(nghttp2_install_dir)"; \
config_flags="$$config_flags --with-brotli=$(brotli_install_dir)"; \
config_flags="$$config_flags --with-openssl=$(boringssl_install_dir)"; \
config_flags="$$config_flags USE_CURL_SSLKEYLOGFILE=true"; \
if test "$(static_build)" = "yes"; then \
config_flags="$$config_flags --enable-static --disable-shared";
fi; \
if test -n "$(host_alias)"; then \
config_flags="$$config_flags --host=$(host_alias)"; \
fi; \
if test -n "$(with_zlib)"; then \
config_flags="$$config_flags --with-zlib=$(with_zlib)"; \
fi; \
if test -n "$(with_ca_bundle)"; then \
config_flags="$$config_flags --with-ca-bundle=$(with_ca_bundle)"; \
fi; \
if test -n "$(with_ca_path)"; then \
config_flags="$$config_flags --with-ca-path=$(with_ca_path)"; \
fi; \
add_libs="-pthread"; \
add_cflags="-I$(boringssl_install_dir)"; \
}
echo "Configuring curl with: $$config_flags"
./configure $$config_flags CFLAGS="$$add_cflags" LIBS="$$add_libs"
# Remove possible leftovers from a previous compilation
$(MAKE) clean MAKEFLAGS=
touch .chrome

67
configure.ac
View File

@@ -1,10 +1,71 @@
AC_INIT([curl-impersonate], [0.3.2], [lwt@lwthiker.com])
AC_INIT([curl-impersonate], [0.5.0], [lwt@lwthiker.com])
AC_CANONICAL_BUILD
AC_CANONICAL_HOST
AC_PROG_CC
AC_PROG_CXX
AC_CHECK_TOOL([STRIP], [strip])
AC_ARG_ENABLE([static],
[AS_HELP_STRING([--enable-static],
[Build curl-impersonate statically with libcurl-impersonate])],
[AC_SUBST([curl_configure_options], ["--enable-static --disable-shared"])],
[])
[AC_SUBST([static_build], ["yes"])],
[AC_SUBST([static_build], ["no"])])
# Let the user optionally specify the path to zlib.
# This is useful when cross compiling.
# The Makefile will pass on the path to curl's own configure script.
AC_ARG_WITH([zlib],
[AS_HELP_STRING([--with-zlib=PATH],
[Search for zlib in PATH. Useful when cross compiling])],
[with_zlib="$withval"],
[with_zlib="check"])
AS_IF(
# User provided --without-zlib, which we don't support
[test x"$with_zlib" = xno],
[AC_MSG_ERROR(building without zlib is not supported)],
# User didn't provide --with-zlib at all, or provided --with-zlib without
# a path. Check if zlib can be linked against using the default linker flags.
[test x"$with_zlib" = xcheck -o x"$with_zlib" = xyes],
[AC_CHECK_LIB([z], [inflateEnd],
[AC_SUBST([with_zlib], [""])],
[AC_MSG_ERROR(failed to find zlib)])],
# User provided --with-zlib with a path.
[AC_SUBST([with_zlib], ["$with_zlib"])])
# Path to CA certificates.
# These options will be passed as-is to curl's configure script.
# Useful when cross compiling, since curl's configure script doesn't know
# where to look for these files in that case.
AC_ARG_WITH([ca-bundle],
[AS_HELP_STRING([--with-ca-bundle=FILE],
[Path to be passed to curl's --with-ca-bundle configure option. \
Useful when cross compiling. \
Relevant only for the Chrome build.])],
[AC_SUBST([with_ca_bundle], ["$withval"])],
[AC_SUBST([with_ca_bundle], [""])])
AC_ARG_WITH([ca-path],
[AS_HELP_STRING([--with-ca-path=DIRECTORY],
[Path to be passed to curl's --with-ca-path configure option. \
Useful when cross compiling. \
Relevant only for the chrome build.])],
[AC_SUBST([with_ca_path], ["$withval"])],
[AC_SUBST([with_ca_path], [""])])
# Path to a directory containing libnssckbi.so, the file that contains the root
# certificates needed for nss.
# Useful when cross compiling. When building natively, curl's patched configure
# script will attempt to locate it on the local system instead.
AC_ARG_WITH([libnssckbi],
[AS_HELP_STRING([--with-libnssckbi=DIRECTORY],
[Path to a directory containing libnssckbi.so. \
Useful when cross compiling. \
Relevant only for the Firefox build.])],
[AC_SUBST([with_libnssckbi], ["$withval"])],
[AC_SUBST([with_libnssckbi], [""])])
# BoringSSL requires cmake 3.5+, which is sometimes available under
# "cmake3" instead of "cmake"

74
firefox/patches/curl-impersonate.patch
View File

@@ -1246,10 +1246,10 @@ index 8ac15d407..68d01b219 100644
Libs.private: @LIBCURL_LIBS@
Cflags: -I${includedir} @CPPFLAG_CURL_STATICLIB@
diff --git a/m4/curl-nss.m4 b/m4/curl-nss.m4
index 397ba71b1..d2a8fc1f2 100644
index 397ba71b1..e7fe93925 100644
--- a/m4/curl-nss.m4
+++ b/m4/curl-nss.m4
@@ -74,7 +74,107 @@ if test "x$OPT_NSS" != xno; then
@@ -74,7 +74,123 @@ if test "x$OPT_NSS" != xno; then
# Without pkg-config, we'll kludge in some defaults
AC_MSG_WARN([Using hard-wired libraries and compilation flags for NSS.])
addld="-L$OPT_NSS/lib"
@@ -1327,38 +1327,54 @@ index 397ba71b1..d2a8fc1f2 100644
+ # at runtime using dlopen. If it's not in a path findable by dlopen
+ # we have to add that path explicitly using -rpath so it may find it.
+ # On Ubuntu and Mac M1 it is in a non-standard location.
+ AC_MSG_CHECKING([if libnssckbi is in a non-standard location])
+ case $host_os in
+ linux*)
+ search_paths="/usr/lib/$host /usr/lib/$host/nss"
+ search_paths="$search_paths /usr/lib/$host_cpu-$host_os"
+ search_paths="$search_paths /usr/lib/$host_cpu-$host_os/nss"
+ search_ext="so"
+ ;;
+ darwin*)
+ search_paths="/opt/homebrew/lib"
+ search_ext="dylib"
+ ;;
+ esac
+ AC_ARG_WITH(libnssckbi,
+ [AS_HELP_STRING([--with-libnssckbi=DIRECTORY],
+ [Path where libnssckbi can be found when using NSS])],
+ [AS_IF(
+ [test x"$withval" = xyes],
+ [nssckbi_path="check"],
+ [nssckbi_path="$withval"])],
+ [nssckbi_path="check"])
+
+ found="no"
+ for path in $search_paths; do
+ if test -f "$path/libnssckbi.$search_ext"; then
+ AC_MSG_RESULT([$path])
+ addld="$addld -Wl,-rpath,$path"
+ found="yes"
+ break
+ fi
+ done
+ AS_IF(
+ [test "x$nssckbi_path" = xno],
+ [],
+ [test "x$nssckbi_path" != xcheck],
+ [addld="$addld -Wl,-rpath,$nssckbi_path"],
+ [
+ AC_MSG_CHECKING([if libnssckbi is in a non-standard location])
+ case $host_os in
+ linux*)
+ search_paths="/usr/lib/$host /usr/lib/$host/nss"
+ search_paths="$search_paths /usr/lib/$host_cpu-$host_os"
+ search_paths="$search_paths /usr/lib/$host_cpu-$host_os/nss"
+ search_ext="so"
+ ;;
+ darwin*)
+ search_paths="/opt/homebrew/lib"
+ search_ext="dylib"
+ ;;
+ esac
+
+ if test "$found" = "no"; then
+ AC_MSG_RESULT([no])
+ fi
+ found="no"
+ for path in $search_paths; do
+ if test -f "$path/libnssckbi.$search_ext"; then
+ AC_MSG_RESULT([$path])
+ addld="$addld -Wl,-rpath,$path"
+ found="yes"
+ break
+ fi
+ done
+
+ if test "$found" = "no"; then
+ AC_MSG_RESULT([no])
+ fi
+ ])
+
addcflags="-I$OPT_NSS/include"
version="unknown"
nssprefix=$OPT_NSS
@@ -91,7 +191,7 @@ if test "x$OPT_NSS" != xno; then
@@ -91,7 +207,7 @@ if test "x$OPT_NSS" != xno; then
fi
dnl The function SSL_VersionRangeSet() is needed to enable TLS > 1.0
@@ -1367,7 +1383,7 @@ index 397ba71b1..d2a8fc1f2 100644
[
AC_DEFINE(USE_NSS, 1, [if NSS is enabled])
AC_SUBST(USE_NSS, [1])
@@ -101,9 +201,7 @@ if test "x$OPT_NSS" != xno; then
@@ -101,9 +217,7 @@ if test "x$OPT_NSS" != xno; then
test nss != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes
],
[