From 072540688a90017f57730dbabf4198cb7ea310f2 Mon Sep 17 00:00:00 2001 From: Sergey Sharybin Date: Mon, 27 Aug 2018 18:09:30 +0200 Subject: [PATCH] Build environment: Enable SSL for Python on Linux This involved getting SSL compiled from sources first, ensuring it is a static library placement independent code. Configuration is based on what Debian is using. CFlags required to have own configuration file, which i didn't find a better place that next to the corresponding CMake file. It is OpenSSL btw. It is set to Python via --with-openssl= configuration argument. This works fine in a clean chroot, but having libssl-dev installed might make Python to prefer system wide library, This was worked around by using libssl_pic.a name for the library and modifying setup.py. Would be cool to ensure system wide libraries are not a problem, but official release builder is safe against this, since it will catch possible non-static dependencies. There is also a new map file which shadows bunch of Python symbols. Without this Python's shared libraries might bring conflicting symbols to Blender namespace at runtime. Hopefully this doesn't break other platforms. --- build_files/build_environment/CMakeLists.txt | 4 ++ .../build_environment/cmake/python.cmake | 11 ++++- .../build_environment/cmake/python.map | 9 ++++ build_files/build_environment/cmake/ssl.cmake | 44 +++++++++++++++++++ build_files/build_environment/cmake/ssl.conf | 10 +++++ .../build_environment/cmake/versions.cmake | 4 ++ 6 files changed, 81 insertions(+), 1 deletion(-) create mode 100644 build_files/build_environment/cmake/python.map create mode 100644 build_files/build_environment/cmake/ssl.cmake create mode 100644 build_files/build_environment/cmake/ssl.conf diff --git a/build_files/build_environment/CMakeLists.txt b/build_files/build_environment/CMakeLists.txt index 81810e3e457..a334adc34ff 100644 --- a/build_files/build_environment/CMakeLists.txt +++ b/build_files/build_environment/CMakeLists.txt @@ -137,4 +137,8 @@ if(NOT WIN32 OR ENABLE_MINGW64) endif() endif() +if(UNIX AND NOT APPLE) + include(cmake/ssl.cmake) +endif() + include(cmake/harvest.cmake) diff --git a/build_files/build_environment/cmake/python.cmake b/build_files/build_environment/cmake/python.cmake index 3fbf3a40868..64ae515cb1b 100644 --- a/build_files/build_environment/cmake/python.cmake +++ b/build_files/build_environment/cmake/python.cmake @@ -88,7 +88,9 @@ else() set(PYTHON_BINARY ${BUILD_DIR}/python/src/external_python/python.exe) #set(PYTHON_PATCH ${PATCH_CMD} --verbose -p1 -d ${BUILD_DIR}/python/src/external_python < ${PATCH_DIR}/python_apple.diff) set(PYTHON_PATCH echo .) + set(PYTHON_CONFIGURE_EXTRA_ARGS) else() + set(PYTHON_CONFIGURE_EXTRA_ARGS "--with-openssl=${LIBDIR}/ssl") set(PYTHON_CONFIGURE_ENV ${CONFIGURE_ENV}) set(PYTHON_BINARY ${BUILD_DIR}/python/src/external_python/python) endif() @@ -99,7 +101,7 @@ else() URL_HASH MD5=${PYTHON_HASH} PREFIX ${BUILD_DIR}/python PATCH_COMMAND ${PYTHON_PATCH} - CONFIGURE_COMMAND ${PYTHON_CONFIGURE_ENV} && cd ${BUILD_DIR}/python/src/external_python/ && ${CONFIGURE_COMMAND} --prefix=${LIBDIR}/python + CONFIGURE_COMMAND ${PYTHON_CONFIGURE_ENV} && cd ${BUILD_DIR}/python/src/external_python/ && ${CONFIGURE_COMMAND} --prefix=${LIBDIR}/python ${PYTHON_CONFIGURE_EXTRA_ARGS} BUILD_COMMAND ${PYTHON_CONFIGURE_ENV} && cd ${BUILD_DIR}/python/src/external_python/ && make -j${MAKE_THREADS} INSTALL_COMMAND ${PYTHON_CONFIGURE_ENV} && cd ${BUILD_DIR}/python/src/external_python/ && make install INSTALL_DIR ${LIBDIR}/python) @@ -162,3 +164,10 @@ if(MSVC) ) add_custom_target(Make_Python_Environment ALL DEPENDS ${BUILD_DIR}/python/src/external_python/run/python${PYTHON_POSTFIX}.exe Package_Python) endif() + +if(UNIX AND NOT APPLE) + add_dependencies( + external_python + external_ssl + ) +endif() diff --git a/build_files/build_environment/cmake/python.map b/build_files/build_environment/cmake/python.map new file mode 100644 index 00000000000..1c11c33011d --- /dev/null +++ b/build_files/build_environment/cmake/python.map @@ -0,0 +1,9 @@ +{ +global: + Py*; + _Py*; + _py*; +local: + *; +}; + diff --git a/build_files/build_environment/cmake/ssl.cmake b/build_files/build_environment/cmake/ssl.cmake new file mode 100644 index 00000000000..dd1b9957cc2 --- /dev/null +++ b/build_files/build_environment/cmake/ssl.cmake @@ -0,0 +1,44 @@ +# ***** BEGIN GPL LICENSE BLOCK ***** +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. +# +# ***** END GPL LICENSE BLOCK ***** + +set(SSL_CONFIGURE_COMMAND ./Configure) +set(SSL_PATCH_CMD echo .) + +if("${CMAKE_SIZEOF_VOID_P}" EQUAL "8") + set(SSL_EXTRA_ARGS enable-ec_nistp_64_gcc_128) + set(SSL_OS_COMPILER "blender-x86_64") +else() + set(SSL_OS_COMPILER "blender-x86") +endif() + +ExternalProject_Add(external_ssl + URL ${SSL_URI} + DOWNLOAD_DIR ${DOWNLOAD_DIR} + URL_HASH SHA256=${SSL_HASH} + PREFIX ${BUILD_DIR}/ssl + PATCH_COMMAND ${SSL_PATCH_CMD} + CONFIGURE_COMMAND ${CONFIGURE_ENV} && cd ${BUILD_DIR}/ssl/src/external_ssl/ && ${SSL_CONFIGURE_COMMAND} --prefix=${LIBDIR}/ssl + --openssldir=${LIBDIR}/ssl + no-shared + no-idea no-mdc2 no-rc5 no-zlib no-ssl3 enable-unit-test no-ssl3-method enable-rfc3779 enable-cms + --config=${CMAKE_CURRENT_SOURCE_DIR}/cmake/ssl.conf + ${SSL_OS_COMPILER} + BUILD_COMMAND ${CONFIGURE_ENV} && cd ${BUILD_DIR}/ssl/src/external_ssl/ && make -j${MAKE_THREADS} + INSTALL_COMMAND ${CONFIGURE_ENV} && cd ${BUILD_DIR}/ssl/src/external_ssl/ && make install + INSTALL_DIR ${LIBDIR}/ssl +) diff --git a/build_files/build_environment/cmake/ssl.conf b/build_files/build_environment/cmake/ssl.conf new file mode 100644 index 00000000000..a9534e56291 --- /dev/null +++ b/build_files/build_environment/cmake/ssl.conf @@ -0,0 +1,10 @@ +%targets = ( + "blender-x86" => { + inherit_from => [ "linux-x86" ], + cflags => add("-fPIC"), + }, + "blender-x86_64" => { + inherit_from => [ "linux-x86_64" ], + cflags => add("-fPIC"), + }, +); diff --git a/build_files/build_environment/cmake/versions.cmake b/build_files/build_environment/cmake/versions.cmake index 594aa990d31..3b3ee092ca5 100644 --- a/build_files/build_environment/cmake/versions.cmake +++ b/build_files/build_environment/cmake/versions.cmake @@ -274,3 +274,7 @@ set(PUGIXML_HASH 9346ca1dce2c48f1748c12fdac41a714) set(FLEXBISON_VERSION 2.5.5) set(FLEXBISON_URI http://prdownloads.sourceforge.net/winflexbison//win_flex_bison-2.5.5.zip) set(FLEXBISON_HASH d87a3938194520d904013abef3df10ce) + +set(SSL_VERSION 1.1.0i) +set(SSL_URI https://www.openssl.org/source/openssl-${SSL_VERSION}.tar.gz) +set(SSL_HASH ebbfc844a8c8cc0ea5dc10b86c9ce97f401837f3fa08c17b2cdadc118253cf99)