diff --git a/.github/workflows/build-and-test-make.yml b/.github/workflows/build-and-test-make.yml index d86b181..165f824 100644 --- a/.github/workflows/build-and-test-make.yml +++ b/.github/workflows/build-and-test-make.yml @@ -21,15 +21,23 @@ jobs: strategy: matrix: os: [ubuntu-20.04, macos-11] + arch: [x86_64] include: - os: ubuntu-20.04 + arch: x86_64 + host: x86_64-linux-gnu + capture_interface: eth0 + make: make + - os: ubuntu-20.04 + arch: aarch64 + host: aarch64-linux-gnu capture_interface: eth0 make: make - release_name: x86_64-linux-gnu - os: macos-11 + arch: x86_64 + host: x86_64-macos capture_interface: en0 make: gmake - release_name: x86_64-macos steps: - uses: actions/setup-python@v3 @@ -69,12 +77,37 @@ jobs: run: | pip3 install -r tests/requirements.txt - - name: Run configure script + # When cross compiling we need to build zlib first. + - name: Build zlib + run: | + curl -LO https://zlib.net/zlib-1.2.12.tar.gz + tar xf zlib-1.2.12.tar.gz + cd zlib-1.2.12 + CHOST=${{ matrix.host }} ./configure --prefix=${{ runner.temp }}/zlib + make + # Make sure curl will link with libz.so.1 and not libz.so + rm -f libz.so + + - name: Run configure script + if: matrix.arch == 'x86_64' run: | - autoconf mkdir ${{ runner.temp }}/install ./configure --prefix=${{ runner.temp }}/install + # When cross compiling a more complicated configuration is needed, since + # curl's configure script can't figure out where some files and libraries + # are located. The locations used here are the ones used by Ubuntu. + - name: Run configure script (cross compiling) + if: matrix.arch != 'x86_64' + run: | + mkdir ${{ runner.temp }}/install + ./configure --prefix=${{ runner.temp }}/install \ + --host=${{ matrix.arch }} \ + --with-zlib=${{ runner.temp }}/zlib \ + --with-ca-path=/etc/ssl/certs \ + --with-ca-bundle=/etc/ssl/certs/ca-certificates.crt \ + --with-libnssckbi=/usr/lib/${{ matrix.host }}/nss + # Cache the build of BoringSSL, which is the longest part of the build # We must cache the .zip as well, otherwise the Makefile will # rebuild BoringSSL. This whole thing is a bit hacky, but necessary to @@ -83,14 +116,14 @@ jobs: uses: actions/cache@v3 with: path: boringssl.zip - key: ${{ runner.os }}-boring-source-${{ env.BORING_SSL_COMMIT }} + key: ${{ runner.os }}-${{ matrix.arch }}-boring-source-${{ env.BORING_SSL_COMMIT }} - name: Cache BoringSSL build id: cache-boringssl uses: actions/cache@v3 with: path: boringssl/build - key: ${{ runner.os }}-boring-build-${{ env.BORING_SSL_COMMIT }}-${{ hashFiles('chrome/patches/boringssl*.patch') }} + key: ${{ runner.os }}-${{ matrix.arch }}-boring-build-${{ env.BORING_SSL_COMMIT }}-${{ hashFiles('chrome/patches/boringssl*.patch') }} # Trick the Makefile into skipping the BoringSSL build step # if it was found in the cache. See Makefile.in @@ -114,14 +147,14 @@ jobs: uses: actions/cache@v3 with: path: ${{ env.NSS_VERSION }}.tar.gz - key: ${{ runner.os }}-nss-source-${{ env.NSS_VERSION }} + key: ${{ runner.os }}-${{ matrix.arch }}-nss-source-${{ env.NSS_VERSION }} - name: Cache NSS build id: cache-nss uses: actions/cache@v3 with: path: ${{ env.NSS_VERSION }}/dist - key: ${{ runner.os }}-nss-build-${{ env.NSS_VERSION }} + key: ${{ runner.os }}-${{ matrix.arch }}-nss-build-${{ env.NSS_VERSION }} # Trick the Makefile into skipping the NSS build step # if it was found in the cache. @@ -138,11 +171,15 @@ jobs: ${{ matrix.make }} firefox-install - name: Prepare the tests + if: matrix.arch == 'x86_64' run: | # Compile 'minicurl' which is used by the tests gcc -Wall -Werror -o ${{ runner.temp }}/install/bin/minicurl tests/minicurl.c `curl-config --libs` + # For now we can only run the tests when not cross compiling, since the + # tests run the curl-impersonate binary locally. - name: Run the tests + if: matrix.arch == 'x86_64' run: | cd tests # sudo is needed for capturing packets @@ -154,18 +191,38 @@ jobs: if: startsWith(github.ref, 'refs/tags/') run: | cd ${{ runner.temp }}/install/lib - tar -c -z -f ${{ runner.temp }}/libcurl-impersonate-${{ github.ref_name }}.${{ matrix.release_name }}.tar.gz libcurl-impersonate* - echo "release_file_lib=${{ runner.temp }}/libcurl-impersonate-${{ github.ref_name }}.${{ matrix.release_name }}.tar.gz" >> $GITHUB_ENV + tar -c -z -f ${{ runner.temp }}/libcurl-impersonate-${{ github.ref_name }}.${{ matrix.host }}.tar.gz libcurl-impersonate* + echo "release_file_lib=${{ runner.temp }}/libcurl-impersonate-${{ github.ref_name }}.${{ matrix.host }}.tar.gz" >> $GITHUB_ENV - # Recompile curl-impersonate statically. - - name: Recompile statically + - name: Clean build if: startsWith(github.ref, 'refs/tags/') run: | ${{ matrix.make }} chrome-clean ${{ matrix.make }} firefox-clean rm -Rf ${{ runner.temp }}/install mkdir ${{ runner.temp }}/install + + # Recompile curl-impersonate statically when doing a release. + - name: Reconfigure statically + if: startsWith(github.ref, 'refs/tags/') && matrix.arch == 'x86_64' + run: | ./configure --prefix=${{ runner.temp }}/install --enable-static + + - name: Reconfigure statically (cross compiling) + if: startsWith(github.ref, 'refs/tags/') && matrix.arch != 'x86_64' + run: | + mkdir ${{ runner.temp }}/install + ./configure --prefix=${{ runner.temp }}/install \ + --enable-static \ + --host=${{ matrix.arch }} \ + --with-zlib=${{ runner.temp }}/zlib \ + --with-ca-path=/etc/ssl/certs \ + --with-ca-bundle=/etc/ssl/certs/ca-certificates.crt \ + --with-libnssckbi=/usr/lib/${{ matrix.host }}/nss + + - name: Rebuild statically + if: startsWith(github.ref, 'refs/tags/') + run: | ${{ matrix.make }} chrome-build ${{ matrix.make }} chrome-checkbuild ${{ matrix.make }} chrome-install-strip @@ -177,8 +234,8 @@ jobs: if: startsWith(github.ref, 'refs/tags/') run: | cd ${{ runner.temp }}/install/bin - tar -c -z -f ${{ runner.temp }}/curl-impersonate-${{ github.ref_name }}.${{ matrix.release_name }}.tar.gz curl-impersonate-ff curl-impersonate-chrome curl_* - echo "release_file_bin=${{ runner.temp }}/curl-impersonate-${{ github.ref_name }}.${{ matrix.release_name }}.tar.gz" >> $GITHUB_ENV + tar -c -z -f ${{ runner.temp }}/curl-impersonate-${{ github.ref_name }}.${{ matrix.host }}.tar.gz curl-impersonate-ff curl-impersonate-chrome curl_* + echo "release_file_bin=${{ runner.temp }}/curl-impersonate-${{ github.ref_name }}.${{ matrix.host }}.tar.gz" >> $GITHUB_ENV - name: Upload release files uses: softprops/action-gh-release@v1 diff --git a/INSTALL.md b/INSTALL.md index 0bb9bf1..8c89083 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -29,11 +29,6 @@ git clone https://github.com/lwthiker/curl-impersonate.git cd curl-impersonate ``` -Generate the configure script: -``` -autoconf -``` - Configure and compile: ``` mkdir build && cd build @@ -102,11 +97,6 @@ pip3 install gyp-next brew install go ``` -Generate the configure script: -``` -autoconf -``` - Configure and compile: ``` mkdir build && cd build diff --git a/Makefile.in b/Makefile.in index 6e6d956..700157d 100644 --- a/Makefile.in +++ b/Makefile.in @@ -5,8 +5,8 @@ SHELL := bash .ONESHELL: .SHELLFLAGS := -euc .DELETE_ON_ERROR: -MAKEFLAGS += --warn-undefined-variables -MAKEFLAGS += --no-builtin-rules +# MAKEFLAGS += --warn-undefined-variables +# MAKEFLAGS += --no-builtin-rules BROTLI_VERSION := 1.0.9 # In case this is changed, update build-and-test-make.yml as well @@ -32,10 +32,30 @@ firefox_libs := $(brotli_static_libs) $(nss_static_libs) $(nghttp2_static_libs) # Dependencies needed to compile the Chrome version chrome_libs := $(brotli_static_libs) $(boringssl_static_libs) $(nghttp2_static_libs) -# To be set by the configure script +# The following variables will be set by the configure script. prefix = @prefix@ exec_prefix = @exec_prefix@ srcdir = @abs_srcdir@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +build = @build@ +# Whether to link curl-impersonate with libcurl-impersonate statically. +static_build = @static_build@ +# Whether the user provided a specific find for zlib +with_zlib = @with_zlib@ +# Path to be passed to curl's --with-ca-bundle configure option. +with_ca_bundle = @with_ca_bundle@ +# Path to be passed to curl's --with-ca-path configure option. +with_ca_path = @with_ca_path@ +# Path to be passed to curl's --with-libnssckbi configure option (an option +# added for curl-impersonate). +with_libnssckbi = @with_libnssckbi@ + +CC = @CC@ +CXX = @CXX@ +STRIP = @STRIP@ # Auto-generate Makefile help. # Borrowed from https://marmelab.com/blog/2016/02/29/auto-documented-makefile.html @@ -51,6 +71,7 @@ firefox-build: $(CURL_VERSION)/.firefox ## Build the Firefox version of curl-imp .PHONY: firefox-build firefox-checkbuild: ## Run basic checks on the built binary +ifeq ($(host),$(build)) cd $(CURL_VERSION) # Make sure all needed features were compiled in ./src/curl-impersonate-ff -V | grep -q zlib @@ -58,6 +79,9 @@ firefox-checkbuild: ## Run basic checks on the built binary ./src/curl-impersonate-ff -V | grep -q nghttp2 ./src/curl-impersonate-ff -V | grep -q NSS $(info Build OK) +else + $(info Cross compiling, skipping checkbuild) +endif .PHONY: firefox-checkbuild firefox-install: ## Install the Firefox version of curl-impersonate after build @@ -72,7 +96,7 @@ firefox-install-strip: ## Like 'firefox-install', but strip binaries for smaller $(MAKE) install-exec MAKEFLAGS= # We could have used 'install-strip' but then the docs would be installed as well. # Instead strip manually. - strip @bindir@/curl-impersonate-ff + $(STRIP) @bindir@/curl-impersonate-ff # Wrapper scripts for the Firefox version (e.g. 'curl_ff98') install $(srcdir)/firefox/curl_ff* @bindir@ .PHONY: firefox-install-strip @@ -96,6 +120,7 @@ chrome-build: $(CURL_VERSION)/.chrome ## Build the Chrome version of curl-impers .PHONY: chrome-build chrome-checkbuild: ## Run basic checks on the built binary +ifeq ($(host),$(build)) cd $(CURL_VERSION) # Make sure all needed features were compiled in ./src/curl-impersonate-chrome -V | grep -q zlib @@ -103,6 +128,9 @@ chrome-checkbuild: ## Run basic checks on the built binary ./src/curl-impersonate-chrome -V | grep -q nghttp2 ./src/curl-impersonate-chrome -V | grep -q BoringSSL $(info Build OK) +else + $(info Cross compiling, skipping checkbuild) +endif .PHONY: chrome-checkbuild chrome-install: ## Install the Chrome version of curl-impersonate after build @@ -117,7 +145,7 @@ chrome-install-strip: ## Like 'chrome-install', but strip binaries for smaller s $(MAKE) install-exec MAKEFLAGS= # We could have used 'install-strip' but then the docs would be installed as well. # Instead strip manually. - strip @bindir@/curl-impersonate-chrome + $(STRIP) @bindir@/curl-impersonate-chrome # Wrapper scripts for the Chrome version (e.g. 'curl_chrome99') install $(srcdir)/chrome/curl_chrome* $(srcdir)/chrome/curl_edge* $(srcdir)/chrome/curl_safari* @bindir@ .PHONY: chrome-install-strip @@ -150,10 +178,29 @@ $(brotli_static_libs): brotli-$(BROTLI_VERSION).tar.gz cd brotli-$(BROTLI_VERSION) mkdir -p out cd out + + # Convert autoconf style os name to CMake style os name. + case $(host_os) in \ + linux*) \ + system_name=Linux \ + ;; \ + darwin*) \ + system_name=Darwin \ + ;; \ + *) \ + system_name=$(host_os) \ + ;; \ + esac + @cmake@ -DCMAKE_BUILD_TYPE=Release \ - -DCMAKE_INSTALL_PREFIX=./installed \ - -DCMAKE_INSTALL_LIBDIR=lib \ - .. + -DCMAKE_INSTALL_PREFIX=./installed \ + -DCMAKE_INSTALL_LIBDIR=lib \ + -DCMAKE_CXX_COMPILER=$(CXX) \ + -DCMAKE_C_COMPILER=$(CC) \ + -DCMAKE_SYSTEM_NAME=$$system_name \ + -DCMAKE_SYSTEM_PROCESSOR=$(host_cpu) \ + .. + @cmake@ --build . --config Release --target install @@ -162,8 +209,43 @@ $(NSS_VERSION).tar.gz: $(nss_static_libs): $(NSS_VERSION).tar.gz tar xf $(NSS_VERSION).tar.gz + +ifeq ($(host),$(build)) + # Native build, use NSS' build script. cd $(NSS_VERSION)/nss ./build.sh -o --disable-tests --static --python=python3 +else + # We are cross compiling. + # Cross compiling NSS is not supported by its build script and is poorly + # documented. We need to compile NSPR manually and only then compile nss. + case $(host_cpu) in \ + *64*) \ + use_64="1"; \ + nspr_configure_flags="--enable-64bit"; \ + ;; \ + *) \ + use_64="0"; \ + ;; \ + esac + + # Cross-compile nspr separately + cd $(NSS_VERSION)/nspr + ./configure --prefix=$(nss_install_dir) \ + --disable-debug --enable-optimize \ + --target=$(host_alias) \ + $$nspr_configure_flags + $(MAKE) MAKEFLAGS= + $(MAKE) install MAKEFLAGS= + + # Now we can run ./build.sh with the already built nspr + cd ../nss + CC=$(CC) CXX=$(CXX) CCC=$(CXX) \ + ./build.sh -o --disable-tests --static --python=python3 \ + --with-nspr=$(nss_install_dir)/include/nspr:$(nss_install_dir)/lib \ + --target=$(host_cpu) \ + -Duse_system_zlib=0 \ + -Dsign_libs=0 +endif # Hack for macOS: Remove dynamic libraries to force the linker to use the # static ones when linking curl. rm -Rf $(nss_install_dir)/lib/*.dylib @@ -184,6 +266,20 @@ boringssl/.patched: $(srcdir)/chrome/patches/boringssl-*.patch $(boringssl_static_libs): boringssl.zip boringssl/.patched mkdir -p $(boringssl_install_dir) cd $(boringssl_install_dir) + + # Convert autoconf style os name to CMake style os name. + case $(host_os) in \ + linux*) \ + system_name=Linux \ + ;; \ + darwin*) \ + system_name=Darwin \ + ;; \ + *) \ + system_name=Linux \ + ;; \ + esac + # The extra CMAKE_C_FLAGS are needed because otherwise boringssl fails to # compile in release mode on some systems with gcc 12 (e.g. Fedora). # In addition, guard these options with -Wno-unknown-warning-option to @@ -191,6 +287,10 @@ $(boringssl_static_libs): boringssl.zip boringssl/.patched @cmake@ -DCMAKE_BUILD_TYPE=Release \ -DCMAKE_POSITION_INDEPENDENT_CODE=on \ -DCMAKE_C_FLAGS="-Wno-unknown-warning-option -Wno-stringop-overflow -Wno-array-bounds" \ + -DCMAKE_CXX_COMPILER=$(CXX) \ + -DCMAKE_C_COMPILER=$(CC) \ + -DCMAKE_SYSTEM_NAME=$$system_name \ + -DCMAKE_SYSTEM_PROCESSOR=$(host_cpu) \ -GNinja \ .. @ninja@ @@ -208,10 +308,20 @@ $(NGHTTP2_VERSION).tar.bz2: $(nghttp2_static_libs): $(NGHTTP2_VERSION).tar.bz2 tar -xf $(NGHTTP2_VERSION).tar.bz2 cd $(NGHTTP2_VERSION) - ./configure --prefix=$(nghttp2_install_dir) \ - --with-pic \ - --disable-shared \ - --disable-python-bindings + + # Set up the configure flags to nghttp2. + # If the user provided the --host flag to our configure script + # (for cross compilation), then pass it on to nghttp2. + { \ + config_flags="--prefix=$(nghttp2_install_dir)"; \ + config_flags="$$config_flags --with-pic --enable-lib-only"; \ + config_flags="$$config_flags --disable-shared --disable-python-bindings"; \ + if test -n "$(host_alias)"; then \ + config_flags="$$config_flags --host=$(host_alias)"; \ + fi; \ + } + + ./configure $$config_flags $(MAKE) MAKEFLAGS= $(MAKE) install MAKEFLAGS= @@ -244,13 +354,35 @@ $(CURL_VERSION)/.patched-chrome: $(srcdir)/chrome/patches/curl-*.patch # This is a small hack that flags that curl was patched and configured in the "firefox" version $(CURL_VERSION)/.firefox: $(firefox_libs) $(CURL_VERSION).tar.xz $(CURL_VERSION)/.patched-ff cd $(CURL_VERSION) - ./configure @curl_configure_options@ \ - --prefix=@prefix@ \ - --with-nghttp2=$(nghttp2_install_dir) \ - --with-brotli=$(brotli_install_dir) \ - --with-nss=$(nss_install_dir) \ - USE_CURL_SSLKEYLOGFILE=true \ - CFLAGS="-I$(nss_install_dir)/../public/nss -I$(nss_install_dir)/include/nspr" + + # Set up the configure flags to curl. + # If the user provided the --host flag to our configure script + # (for cross compilation), then pass it on to curl. + { \ + config_flags="--prefix=@prefix@"; \ + config_flags+=" --with-nghttp2=$(nghttp2_install_dir)"; \ + config_flags+=" --with-brotli=$(brotli_install_dir)"; \ + config_flags+=" --with-nss=$(nss_install_dir)"; \ + config_flags+=" USE_CURL_SSLKEYLOGFILE=true"; \ + if test "$(static_build)" = "yes"; then \ + config_flags+=" --enable-static --disable-shared"; \ + fi; \ + if test -n "$(host_alias)"; then \ + config_flags+=" --host=$(host_alias)"; \ + fi; \ + if test -n "$(with_zlib)"; then \ + config_flags+=" --with-zlib=$(with_zlib)"; \ + fi; \ + if test -n "$(with_libnssckbi)"; then \ + config_flags+=" --with-libnssckbi=$(with_libnssckbi)"; \ + fi; \ + add_cflags="-I$(nss_install_dir)/../public/nss"; \ + add_cflags+=" -I$(nss_install_dir)/include/nspr"; \ + } + + echo "Configuring curl with: $$config_flags" + + ./configure $$config_flags CFLAGS="$$add_cflags" # Remove possible leftovers from a previous compilation $(MAKE) clean MAKEFLAGS= touch .firefox @@ -260,14 +392,39 @@ $(CURL_VERSION)/.firefox: $(firefox_libs) $(CURL_VERSION).tar.xz $(CURL_VERSION) # This is a small hack that flags that curl was patched and configured in the "chrome" version $(CURL_VERSION)/.chrome: $(chrome_libs) $(CURL_VERSION).tar.xz $(CURL_VERSION)/.patched-chrome cd $(CURL_VERSION) - ./configure @curl_configure_options@ \ - --prefix=@prefix@ \ - --with-nghttp2=$(nghttp2_install_dir) \ - --with-brotli=$(brotli_install_dir) \ - --with-openssl=$(boringssl_install_dir) \ - USE_CURL_SSLKEYLOGFILE=true \ - LIBS="-pthread" \ - CFLAGS="-I$(boringssl_install_dir)" + + # Set up the configure flags to curl. + # If the user provided the --host flag to our configure script + # (for cross compilation), then pass it on to curl. + { \ + config_flags="--prefix=@prefix@"; \ + config_flags="$$config_flags --with-nghttp2=$(nghttp2_install_dir)"; \ + config_flags="$$config_flags --with-brotli=$(brotli_install_dir)"; \ + config_flags="$$config_flags --with-openssl=$(boringssl_install_dir)"; \ + config_flags="$$config_flags USE_CURL_SSLKEYLOGFILE=true"; \ + if test "$(static_build)" = "yes"; then \ + config_flags="$$config_flags --enable-static --disable-shared"; + fi; \ + if test -n "$(host_alias)"; then \ + config_flags="$$config_flags --host=$(host_alias)"; \ + fi; \ + if test -n "$(with_zlib)"; then \ + config_flags="$$config_flags --with-zlib=$(with_zlib)"; \ + fi; \ + if test -n "$(with_ca_bundle)"; then \ + config_flags="$$config_flags --with-ca-bundle=$(with_ca_bundle)"; \ + fi; \ + if test -n "$(with_ca_path)"; then \ + config_flags="$$config_flags --with-ca-path=$(with_ca_path)"; \ + fi; \ + add_libs="-pthread"; \ + add_cflags="-I$(boringssl_install_dir)"; \ + } + + echo "Configuring curl with: $$config_flags" + + ./configure $$config_flags CFLAGS="$$add_cflags" LIBS="$$add_libs" + # Remove possible leftovers from a previous compilation $(MAKE) clean MAKEFLAGS= touch .chrome diff --git a/configure.ac b/configure.ac index 4067fe6..1b0b434 100644 --- a/configure.ac +++ b/configure.ac @@ -1,10 +1,71 @@ -AC_INIT([curl-impersonate], [0.3.2], [lwt@lwthiker.com]) +AC_INIT([curl-impersonate], [0.5.0], [lwt@lwthiker.com]) + +AC_CANONICAL_BUILD +AC_CANONICAL_HOST + +AC_PROG_CC +AC_PROG_CXX + +AC_CHECK_TOOL([STRIP], [strip]) AC_ARG_ENABLE([static], [AS_HELP_STRING([--enable-static], [Build curl-impersonate statically with libcurl-impersonate])], - [AC_SUBST([curl_configure_options], ["--enable-static --disable-shared"])], - []) + [AC_SUBST([static_build], ["yes"])], + [AC_SUBST([static_build], ["no"])]) + +# Let the user optionally specify the path to zlib. +# This is useful when cross compiling. +# The Makefile will pass on the path to curl's own configure script. +AC_ARG_WITH([zlib], + [AS_HELP_STRING([--with-zlib=PATH], + [Search for zlib in PATH. Useful when cross compiling])], + [with_zlib="$withval"], + [with_zlib="check"]) + +AS_IF( + # User provided --without-zlib, which we don't support + [test x"$with_zlib" = xno], + [AC_MSG_ERROR(building without zlib is not supported)], + # User didn't provide --with-zlib at all, or provided --with-zlib without + # a path. Check if zlib can be linked against using the default linker flags. + [test x"$with_zlib" = xcheck -o x"$with_zlib" = xyes], + [AC_CHECK_LIB([z], [inflateEnd], + [AC_SUBST([with_zlib], [""])], + [AC_MSG_ERROR(failed to find zlib)])], + # User provided --with-zlib with a path. + [AC_SUBST([with_zlib], ["$with_zlib"])]) + +# Path to CA certificates. +# These options will be passed as-is to curl's configure script. +# Useful when cross compiling, since curl's configure script doesn't know +# where to look for these files in that case. +AC_ARG_WITH([ca-bundle], + [AS_HELP_STRING([--with-ca-bundle=FILE], + [Path to be passed to curl's --with-ca-bundle configure option. \ + Useful when cross compiling. \ + Relevant only for the Chrome build.])], + [AC_SUBST([with_ca_bundle], ["$withval"])], + [AC_SUBST([with_ca_bundle], [""])]) +AC_ARG_WITH([ca-path], + [AS_HELP_STRING([--with-ca-path=DIRECTORY], + [Path to be passed to curl's --with-ca-path configure option. \ + Useful when cross compiling. \ + Relevant only for the chrome build.])], + [AC_SUBST([with_ca_path], ["$withval"])], + [AC_SUBST([with_ca_path], [""])]) + +# Path to a directory containing libnssckbi.so, the file that contains the root +# certificates needed for nss. +# Useful when cross compiling. When building natively, curl's patched configure +# script will attempt to locate it on the local system instead. +AC_ARG_WITH([libnssckbi], + [AS_HELP_STRING([--with-libnssckbi=DIRECTORY], + [Path to a directory containing libnssckbi.so. \ + Useful when cross compiling. \ + Relevant only for the Firefox build.])], + [AC_SUBST([with_libnssckbi], ["$withval"])], + [AC_SUBST([with_libnssckbi], [""])]) # BoringSSL requires cmake 3.5+, which is sometimes available under # "cmake3" instead of "cmake" diff --git a/firefox/patches/curl-impersonate.patch b/firefox/patches/curl-impersonate.patch index 3ccaa71..bb30c0f 100644 --- a/firefox/patches/curl-impersonate.patch +++ b/firefox/patches/curl-impersonate.patch @@ -1246,10 +1246,10 @@ index 8ac15d407..68d01b219 100644 Libs.private: @LIBCURL_LIBS@ Cflags: -I${includedir} @CPPFLAG_CURL_STATICLIB@ diff --git a/m4/curl-nss.m4 b/m4/curl-nss.m4 -index 397ba71b1..d2a8fc1f2 100644 +index 397ba71b1..e7fe93925 100644 --- a/m4/curl-nss.m4 +++ b/m4/curl-nss.m4 -@@ -74,7 +74,107 @@ if test "x$OPT_NSS" != xno; then +@@ -74,7 +74,123 @@ if test "x$OPT_NSS" != xno; then # Without pkg-config, we'll kludge in some defaults AC_MSG_WARN([Using hard-wired libraries and compilation flags for NSS.]) addld="-L$OPT_NSS/lib" @@ -1327,38 +1327,54 @@ index 397ba71b1..d2a8fc1f2 100644 + # at runtime using dlopen. If it's not in a path findable by dlopen + # we have to add that path explicitly using -rpath so it may find it. + # On Ubuntu and Mac M1 it is in a non-standard location. -+ AC_MSG_CHECKING([if libnssckbi is in a non-standard location]) -+ case $host_os in -+ linux*) -+ search_paths="/usr/lib/$host /usr/lib/$host/nss" -+ search_paths="$search_paths /usr/lib/$host_cpu-$host_os" -+ search_paths="$search_paths /usr/lib/$host_cpu-$host_os/nss" -+ search_ext="so" -+ ;; -+ darwin*) -+ search_paths="/opt/homebrew/lib" -+ search_ext="dylib" -+ ;; -+ esac ++ AC_ARG_WITH(libnssckbi, ++ [AS_HELP_STRING([--with-libnssckbi=DIRECTORY], ++ [Path where libnssckbi can be found when using NSS])], ++ [AS_IF( ++ [test x"$withval" = xyes], ++ [nssckbi_path="check"], ++ [nssckbi_path="$withval"])], ++ [nssckbi_path="check"]) + -+ found="no" -+ for path in $search_paths; do -+ if test -f "$path/libnssckbi.$search_ext"; then -+ AC_MSG_RESULT([$path]) -+ addld="$addld -Wl,-rpath,$path" -+ found="yes" -+ break -+ fi -+ done ++ AS_IF( ++ [test "x$nssckbi_path" = xno], ++ [], ++ [test "x$nssckbi_path" != xcheck], ++ [addld="$addld -Wl,-rpath,$nssckbi_path"], ++ [ ++ AC_MSG_CHECKING([if libnssckbi is in a non-standard location]) ++ case $host_os in ++ linux*) ++ search_paths="/usr/lib/$host /usr/lib/$host/nss" ++ search_paths="$search_paths /usr/lib/$host_cpu-$host_os" ++ search_paths="$search_paths /usr/lib/$host_cpu-$host_os/nss" ++ search_ext="so" ++ ;; ++ darwin*) ++ search_paths="/opt/homebrew/lib" ++ search_ext="dylib" ++ ;; ++ esac + -+ if test "$found" = "no"; then -+ AC_MSG_RESULT([no]) -+ fi ++ found="no" ++ for path in $search_paths; do ++ if test -f "$path/libnssckbi.$search_ext"; then ++ AC_MSG_RESULT([$path]) ++ addld="$addld -Wl,-rpath,$path" ++ found="yes" ++ break ++ fi ++ done ++ ++ if test "$found" = "no"; then ++ AC_MSG_RESULT([no]) ++ fi ++ ]) + addcflags="-I$OPT_NSS/include" version="unknown" nssprefix=$OPT_NSS -@@ -91,7 +191,7 @@ if test "x$OPT_NSS" != xno; then +@@ -91,7 +207,7 @@ if test "x$OPT_NSS" != xno; then fi dnl The function SSL_VersionRangeSet() is needed to enable TLS > 1.0 @@ -1367,7 +1383,7 @@ index 397ba71b1..d2a8fc1f2 100644 [ AC_DEFINE(USE_NSS, 1, [if NSS is enabled]) AC_SUBST(USE_NSS, [1]) -@@ -101,9 +201,7 @@ if test "x$OPT_NSS" != xno; then +@@ -101,9 +217,7 @@ if test "x$OPT_NSS" != xno; then test nss != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes ], [