diff --git a/coin/platform_configs/cmake_platforms.yaml b/coin/platform_configs/cmake_platforms.yaml index 50c8c9bf..92a953b8 100644 --- a/coin/platform_configs/cmake_platforms.yaml +++ b/coin/platform_configs/cmake_platforms.yaml @@ -190,7 +190,7 @@ Configurations: Features: ['Sccache', 'Packaging', "DebugAndRelease", 'UseConfigure', 'GenerateSBOM', 'VerifySBOM'] Configure arguments: '-debug-and-release -force-debug-info -headersclean -nomake examples -qt-zlib' Environment variables: [ - 'CMAKE_ARGS=-DFEATURE_msvc_obj_debug_info=ON -DOPENSSL_ROOT_DIR={{.Env.OPENSSL_INCLUDE_x64}}\.. -DPostgreSQL_ROOT={{.Env.POSTGRESQL_LIB_x64}}\..', + 'CMAKE_ARGS=-DFEATURE_msvc_obj_debug_info=ON -DOPENSSL_ROOT_DIR={{.Env.OPENSSL_ROOT_DIR_x64}}\.. -DPostgreSQL_ROOT={{.Env.POSTGRESQL_LIB_x64}}\..', 'NON_QTBASE_CMAKE_ARGS=-DFFMPEG_DIR={{.Env.FFMPEG_DIR_MSVC}} -DQT_DEPLOY_FFMPEG=TRUE -DFEATURE_clangcpp=OFF -DINPUT_headersclean=ON', 'LLVM_INSTALL_DIR={{.Env.LLVM_INSTALL_DIR_msvc}}', 'VCPKG_HOST_TRIPLET=x64-windows-qt', @@ -224,9 +224,9 @@ Configurations: 'TARGET_CONFIGURE_ARGS=-debug-and-release -force-debug-info -platform win32-arm64-msvc -qt-zlib -no-sql-db2 -no-sql-ibase -no-sql-mysql -no-sql-oci -no-sql-psql -no-sql-mimer', 'TARGET_CMAKE_ARGS=-DFEATURE_msvc_obj_debug_info=ON -DOPENSSL_ROOT_DIR={{.Env.OPENSSL_ROOT_DIR_x64_arm64}} -DQT_FORCE_BUILD_TOOLS=ON', 'NON_QTBASE_TARGET_CMAKE_ARGS=-DFEATURE_native_grpc=OFF -DFFMPEG_DIR={{.Env.FFMPEG_DIR_MSVC_ARM64}} -DQT_DEPLOY_FFMPEG=TRUE', - 'OPENSSL_CONF_x64={{.Env.OPENSSL_CONF_x64_arm64}}', - 'OPENSSL_INCLUDE_x64={{.Env.OPENSSL_INCLUDE_x64_arm64}}', - 'OPENSSL_LIB_x64={{.Env.OPENSSL_LIB_x64_arm64}}', + 'OPENSSL_INCLUDE={{.Env.OPENSSL_INCLUDE_x64_arm64}}', + 'OPENSSL_LIB={{.Env.OPENSSL_LIB_x64_arm64}}', + 'OPENSSL_ROOT_DIR={{.Env.OPENSSL_ROOT_DIR_x64_arm64}}', 'LLVM_INSTALL_DIR={{.Env.LLVM_INSTALL_DIR_msvc_arm64}}', 'VCPKG_HOST_TRIPLET=x64-windows-qt', 'VCPKG_TARGET_TRIPLET=arm64-windows-qt', diff --git a/coin/provisioning/common/unix/install-openssl.sh b/coin/provisioning/common/unix/install-openssl.sh index 68589fac..b2a385d5 100755 --- a/coin/provisioning/common/unix/install-openssl.sh +++ b/coin/provisioning/common/unix/install-openssl.sh @@ -1,13 +1,13 @@ #!/usr/bin/env bash -# Copyright (C) 2022 The Qt Company Ltd. +# Copyright (C) 2025 The Qt Company Ltd. # SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only # This script install OpenSSL from sources. # Requires GCC and Perl to be in PATH. set -ex os="$1" -version=${2:-"3.0.7"} -sha=${3:-"f20736d6aae36bcbfa9aba0d358c71601833bf27"} +version=${2:-"3.5.4"} +sha=${3:-"b75daac8e10f189abe28a076ba5905d363e4801f"} SCRIPT_DIR="$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )" # shellcheck source=../unix/DownloadURL.sh @@ -104,6 +104,18 @@ elif [ "$os" == "macos" ] || [ "$os" == "macos-universal" ]; then SetEnvVar "OPENSSL_INCLUDE" "\"$openssl_install_dir/include\"" SetEnvVar "OPENSSL_LIB" "\"$openssl_install_dir/lib\"" + # Set runtime loader (dyld) and OpenSSL providers for SSL tests (QTBUG-142392) + SetEnvVar "DYLD_LIBRARY_PATH" "\"$opensslTargetLocation/lib:\$DYLD_LIBRARY_PATH\"" + SetEnvVar "OPENSSL_MODULES" "\"$opensslTargetLocation/lib/ossl-modules\"" + # Check that the versioned dylibs exists and ML-DSA is available + test -f "$opensslTargetLocation/lib/libcrypto.3.dylib" + test -f "$opensslTargetLocation/lib/libssl.3.dylib" + test -d "$opensslTargetLocation/lib/ossl-modules" + + OPENSSL_MODULES="$opensslTargetLocation/lib/ossl-modules" \ + "$opensslTargetLocation/bin/openssl" list -signature-algorithms | \ + grep -q -i 'ML-DSA' || { echo "ML-DSA not available"; exit 1; } + security find-certificate -a -p /Library/Keychains/System.keychain | sudo tee -a "$opensslTargetLocation/ssl/cert.pem" > /dev/null security find-certificate -a -p /System/Library/Keychains/SystemRootCertificates.keychain | sudo tee -a "$opensslTargetLocation/ssl/cert.pem" > /dev/null fi diff --git a/coin/provisioning/common/unix/openssl_for_android.sh b/coin/provisioning/common/unix/openssl_for_android.sh index e77097f3..8821a162 100755 --- a/coin/provisioning/common/unix/openssl_for_android.sh +++ b/coin/provisioning/common/unix/openssl_for_android.sh @@ -13,15 +13,15 @@ source "${BASH_SOURCE%/*}/../unix/SetEnvVar.sh" outputPathBase="${HOME}" -sslVersionForLatest="3.0.7" +sslVersionForLatest="3.5.4" ndkVersionLatest="r27c" -featureSuffixLatest="_16kb" -prebuiltOpensslShaLatest="2cc15dd990460c2c7157ab257a47071fbd9e0ac8" +featureSuffixLatest="_16kb_fixed_symversions" +prebuiltOpensslShaLatest="b9dc30ed77bfd26e526e81d558d6964585b27283" -sslVersionForPreview="3.0.7" +sslVersionForPreview="3.5.4" ndkVersionPreview="r29-beta2" -featureSuffixPreview="_16kb" -prebuiltOpensslShaPreview="76c9788216440111be97ea1a63c4d8cd807baacd" +featureSuffixPreview="_16kb_fixed_symversions" +prebuiltOpensslShaPreview="89b6692e983c7e9678dcd9fc03da623fb75593d3" ndkVersionNightly1=$ndkVersionLatest sslVersionForNightly1=$sslVersionForLatest @@ -33,36 +33,20 @@ sslVersionForNightly2=$sslVersionForLatest featureSuffixNightly2="" prebuiltOpensslShaNightly2=$prebuiltOpensslShaLatest -: <<'EOB' SOURCE BUILD INSTRUCTIONS - Openssl prebuilt was made using Android NDK r29-beta2 -# Source built requires GCC and Perl to be in PATH. Rhel "requires yum install perl-IPC-Cmd" -exports_file="/tmp/export.sh" -# source previously made environmental variables. -if uname -a |grep -q "Ubuntu"; then - # shellcheck disable=SC1090 - grep -e "^export" "$HOME/.profile" > $exports_file && source $exports_file - rm -rf "$exports_file" -else - # shellcheck disable=SC1090 - grep -e "^export" "$HOME/.bashrc" > $exports_file && source $exports_file - rm -rf "$exports_file" -fi +: <<'EOB' SOURCE BUILD INSTRUCTIONS +Openssl 3.5.4 prebuilt was made using Android NDK r27c Revision 27.2.12479018 +and r29-beta2 Revision 29.0.13599879 -officialUrl="https://www.openssl.org/source/openssl-$sslVersionForLatest.tar.gz" -cachedUrl="http://ci-files01-hki.ci.qt.io/input/openssl/openssl-$sslVersionForLatest.tar.gz" -targetFile="/tmp/openssl-$sslVersionForLatest.tar.gz" -sha="f20736d6aae36bcbfa9aba0d358c71601833bf27" -opensslHome="${HOME}/openssl/android/openssl-${sslVersionForLatest}" -DownloadURL "$cachedUrl" "$officialUrl" "$sha" "$targetFile" -mkdir -p "${HOME}/openssl/android/" -tar -xzf "$targetFile" -C "${HOME}/openssl/android/" -if uname -a |grep -q "Darwin"; then - TOOLCHAIN=${ANDROID_NDK_ROOT}/toolchains/llvm/prebuilt/darwin-x86_64/bin -else - TOOLCHAIN=${ANDROID_NDK_ROOT}/toolchains/llvm/prebuilt/linux-x86_64/bin -fi -cd "$opensslHome" -PATH=$TOOLCHAIN:$PATH CC=clang ./Configure android-arm -PATH=$TOOLCHAIN:$PATH CC=clang make build_generated +By using a helpful (build_ssl.sh) script from: +Android OpenSSL support for Qt +https://github.com/KDAB/android_openssl/commit/b71f1470962019bd89534a2919f5925f93bc5779 + +Download the same NDK version that the Qt branch supports +https://developer.android.com/ndk/downloads + +Modify the script to your liking: set a path to NDK root, set OpenSSL version +(script will download needed OpenSSL packages) +Set ANDROID_API to the lowest version of Android which will be used. EOB function BuildOutputPath() { diff --git a/coin/provisioning/common/windows/android-openssl.ps1 b/coin/provisioning/common/windows/android-openssl.ps1 index d50c127b..59fe68aa 100644 --- a/coin/provisioning/common/windows/android-openssl.ps1 +++ b/coin/provisioning/common/windows/android-openssl.ps1 @@ -15,15 +15,15 @@ if (Is64BitWinHost) { # Msys need to be installed to target machine # More info and building instructions can be found from http://doc.qt.io/qt-5/opensslsupport.html -$openssl_version_latest = "3.0.7" -$ndk_version_latest = "r27c" -$prebuilt_ssl_sha1_latest = "733cff853b6ee7738e78b90f46b5f028c8490e1e" -$openssl_sha1_latest = "f20736d6aae36bcbfa9aba0d358c71601833bf27" +$openssl_version_latest = "3.5.4" +$ndk_version_latest = "r27c_16kb" +$prebuilt_ssl_sha1_latest = "a76cd9ec719d4e71473dcf451d648a9766247081" +$openssl_sha1_latest = "b75daac8e10f189abe28a076ba5905d363e4801f" -$openssl_version_preview = "3.0.7" -$ndk_version_preview = "r29-beta2" -$prebuilt_ssl_sha1_preview = "c2cf8fabfb7e00b31abcc554e6e306dafd99ae1b" -$openssl_sha1_preview = "f20736d6aae36bcbfa9aba0d358c71601833bf27" +$openssl_version_preview = "3.5.4" +$ndk_version_preview = "r29-beta2_16kb" +$prebuilt_ssl_sha1_preview = "664bab8b4f5e01c8bb87ab0ea8333b2ef1af703d" +$openssl_sha1_preview = "b75daac8e10f189abe28a076ba5905d363e4801f" $openssl_version_nightly1 = $openssl_version_latest $ndk_version_nightly1 = $ndk_version_latest diff --git a/coin/provisioning/common/windows/openssl-arm64.ps1 b/coin/provisioning/common/windows/openssl-arm64.ps1 index 16627039..d32e0e89 100644 --- a/coin/provisioning/common/windows/openssl-arm64.ps1 +++ b/coin/provisioning/common/windows/openssl-arm64.ps1 @@ -1,31 +1,28 @@ -# Copyright (C) 2022 The Qt Company Ltd. +# Copyright (C) 2025 The Qt Company Ltd. # SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only . "$PSScriptRoot\helpers.ps1" -# This script installs OpenSSL ARM64 $version. +# This script installs OpenSSL ARM64 (debug version) -##### OpenSSL ARM64 has been pre-built with following commands ##### -# Two different builds were done to the same folder C:\openssl_arm64\. One with '--debug' and one with '--release' parameter -# From Visual studio 'C++ Universal Windows Platform support for v142 build tools (ARM64)' and 'Windows Universal C Runtime' were installed -# cd C:\Program Files (x86)\Microsoft Visual Studio\2019\Professional\VC\Auxiliary\Build -# call vcvarsamd64_arm64 -# curl -o C:\Utils\openssl-3.0.7.zip http://ci-files01-hki.ci.qt.io/input/openssl/openssl-3.0.7.zip +##### OpenSSL ARM64 and x64-arm64 has been pre-built with following commands ##### +# From Visual studio 'C++ Universal Windows Platform support for v143 build tools' and 'Windows Universal C Runtime' were installed +# cd C:\Program Files\Microsoft Visual Studio\2022\Professional\VC\Auxiliary\Build +# call vcvarsamd64_arm64 (or vcvarsarm64 in Windows 11 arm64 OS) +# curl -o C:\Utils\openssl-3.5.4.zip http://ci-files01-hki.ci.qt.io/input/openssl/openssl-3.5.4.zip +# (or https://github.com/openssl/openssl/releases/download/openssl-3.5.4/openssl-3.5.4.tar.gz) # cd C:\Utils -# C:\Utils\sevenzip\7z.exe x C:\Utils\openssl-3.0.7.zip -# cd C:\Utils\openssl-3.0.7 -# perl Configure no-asm VC-WIN64-ARM --debug --prefix=C:\openssl_arm64\ --openssldir=C:\openssl_arm64\ +# C:\Utils\sevenzip\7z.exe x C:\Utils\openssl-3.5.4.zip +# cd C:\Utils\openssl-3.5.4 +# perl Configure no-asm VC-WIN64-ARM --debug --prefix=C:\openssl_arm64\ # nmake # nmake install -# -# perl Configure no-asm VC-WIN64-ARM --release --prefix=C:\openssl_arm64\ --openssldir=C:\openssl_arm64\ -# nmake -# nmake install -################################################################################################################################################# +################################################################################## -$version = "3_0_7" -$url = "\\ci-files01-hki.ci.qt.io\provisioning\openssl\openssl-$version-arm64.zip" -$sha1 = "19be15069d981b4a96f5715f039df7aaa7456d52" +$version = "3.5.4" + +$url = "https://ci-files01-hki.ci.qt.io/input/openssl/openssl-$version-prebuild-windows-msvc2022-arm64.zip" +$sha1 = "e5fdf5c565e7c275fdfe877f31b387eb48da5d96" $installFolder = "C:\openssl_arm64" $zip_package = "C:\Windows\Temp\$version.zip" @@ -38,9 +35,8 @@ Remove $zip_package $cpu_arch = Get-CpuArchitecture switch ($cpu_arch) { arm64 { - # For native arm64 + # Native arm64 Set-EnvironmentVariable "OPENSSL_ROOT_DIR_arm64" "$installFolder" - Set-EnvironmentVariable "OPENSSL_CONF_arm64" "$installFolder\bin\openssl.cfg" Set-EnvironmentVariable "OPENSSL_INCLUDE_arm64" "$installFolder\include" Set-EnvironmentVariable "OPENSSL_LIB_arm64" "$installFolder\lib" Break @@ -48,7 +44,6 @@ switch ($cpu_arch) { x64 { # For cross-compiling x64_arm64 Set-EnvironmentVariable "OPENSSL_ROOT_DIR_x64_arm64" "$installFolder" - Set-EnvironmentVariable "OPENSSL_CONF_x64_arm64" "$installFolder\bin\openssl.cfg" Set-EnvironmentVariable "OPENSSL_INCLUDE_x64_arm64" "$installFolder\include" Set-EnvironmentVariable "OPENSSL_LIB_x64_arm64" "$installFolder\lib" } diff --git a/coin/provisioning/common/windows/openssl.ps1 b/coin/provisioning/common/windows/openssl.ps1 index 8f59f9d2..97e89f87 100644 --- a/coin/provisioning/common/windows/openssl.ps1 +++ b/coin/provisioning/common/windows/openssl.ps1 @@ -1,64 +1,44 @@ -# Copyright (C) 2022 The Qt Company Ltd. +# Copyright (C) 2025 The Qt Company Ltd. # SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only . "$PSScriptRoot\helpers.ps1" -# This script installs OpenSSL $version. -# Both x86 and x64 versions needed when x86 integrations are done on x64 machine +# This script installs OpenSSL x86_64 (debug version) -$version = "3_0_7" -$packagex64 = "C:\Windows\Temp\Win64OpenSSL-$version.exe" -$packagex86 = "C:\Windows\Temp\Win32OpenSSL-$version.exe" +##### OpenSSL has been pre-built with following commands ##### +# cd C:\Program Files\Microsoft Visual Studio\2022\Professional\VC\Auxiliary\Build +# call vcvarsamd64 +# curl -o C:\Utils\openssl-3.5.4.zip http://ci-files01-hki.ci.qt.io/input/openssl/openssl-3.5.4.zip +# cd C:\Utils +# C:\Utils\sevenzip\7z.exe x C:\Utils\openssl-3.5.4.zip +# cd C:\Utils\openssl-3.5.4 +# perl Configure VC-WIN64A --debug --prefix=C:\openssl_x64\ +# nmake +# nmake install +#################################################################################################### -if (Is64BitWinHost) { - - # Install x64 bit version - $architecture = "x64" - $installFolder = "C:\openssl" - $externalUrl = "https://slproweb.com/download/Win64OpenSSL-$version.exe" - $internalUrl = "\\ci-files01-hki.ci.qt.io\provisioning\openssl\Win64OpenSSL-$version.exe" - $sha1 = "2fb73f233bc565939312782b8157bebc26a5e17b" - - Write-Host "Fetching from URL ..." - Download $externalUrl $internalUrl $packagex64 - Verify-Checksum $packagex64 $sha1 - Write-Host "Installing $packagex64 ..." - Run-Executable "$packagex64" "/SP- /SILENT /LOG /SUPPRESSMSGBOXES /NORESTART /DIR=$installFolder" - - Write-Host "Remove downloaded $packagex64 ..." - Remove "$packagex64" - - Set-EnvironmentVariable "OPENSSL_CONF_x64" "$installFolder\bin\openssl.cfg" - Set-EnvironmentVariable "OPENSSL_INCLUDE_x64" "$installFolder\include" - Set-EnvironmentVariable "OPENSSL_LIB_x64" "$installFolder\lib" - Prepend-Path "$installFolder\bin" -} - -# Install x86 bit version -$architecture = "x86" - -if (Is64BitWinHost) { - $installFolder = "C:\openssl$architecture" -} else { - $installFolder = "C:\openssl" -} - -$externalUrl = "https://slproweb.com/download/Win32OpenSSL-$version.exe" -$internalUrl = "\\ci-files01-hki.ci.qt.io\provisioning\openssl\Win32OpenSSL-$version.exe" -$sha1 = "ddead693fa279ad6b1baf123b3af51a9ef289dc1" +$version = "3.5.4" +$url = "https://ci-files01-hki.ci.qt.io/input/openssl/openssl-$version-prebuild-windows-msvc2022-x64.zip" +$sha1 = "a028caa10ade0c1d39ad60d06201345908dfaaf2" +$installFolder = "C:\openssl_x64" +$zip_package = "C:\Windows\Temp\$version.zip" Write-Host "Fetching from URL ..." -Download $externalUrl $internalUrl $packagex86 -Verify-Checksum $packagex86 $sha1 -Write-Host "Installing $packagex86 ..." -Run-Executable "$packagex86" "/SP- /SILENT /LOG /SUPPRESSMSGBOXES /NORESTART /DIR=$installFolder" +Download $url $url $zip_package +Verify-Checksum $zip_package $sha1 +Extract-7Zip $zip_package C:\ +Remove $zip_package -Write-Host "Remove downloaded $packagex86 ..." -Remove "$packagex86" +Set-EnvironmentVariable "OPENSSL_ROOT_DIR_x64" "$installFolder" +Set-EnvironmentVariable "OPENSSL_INCLUDE_x64" "$installFolder\include" +Set-EnvironmentVariable "OPENSSL_LIB_x64" "$installFolder\lib" -Set-EnvironmentVariable "OPENSSL_CONF_x86" "$installFolder\bin\openssl.cfg" -Set-EnvironmentVariable "OPENSSL_INCLUDE_x86" "$installFolder\include" -Set-EnvironmentVariable "OPENSSL_LIB_x86" "$installFolder\lib" +# Set envvars for builds in provisoning e.g. grpc +Set-EnvironmentVariable "OPENSSL_ROOT_DIR" "$installFolder" +Set-EnvironmentVariable "OPENSSL_INCLUDE" "$installFolder\include" +Set-EnvironmentVariable "OPENSSL_LIB" "$installFolder\lib" + +Prepend-Path "$installFolder\bin" # Store version information to ~/versions.txt, which is used to print version information to provision log. -Write-Output "OpenSSL = $version" >> ~/versions.txt +Write-Output "OpenSSL x64= $version" >> ~/versions.txt