jay · October 23, 2023 18:14
diff --git a/curl ubuntu (update installed release).txt b/curl ubuntu (update installed release).txt
 ###############################################################################
 #
 # This is for when we have to update the installed version of curl, nghttp2 or
 # openssl in Ubuntu 16 LTS. This is not a single script.
 #
 # https://gist.github.com/jay/d88d74b6807544387a6c
 #

 ###############################################################################
 #
 # Set environment variables to latest versions
 # Paths must not have spaces (OpenSSL build process can't handle them)
 #

 CURL_VER=8.0.1
 CURL_PREFIX=/usr/local

 NGHTTP2_VER=1.52.0
 NGHTTP2_PREFIX=/usr/local

 OPENSSL_VER=3.1.0
 OPENSSL_PREFIX=/usr/local/ssl
 OPENSSLDIR_PREFIX=/usr/local/ssl

 ###############################################################################
 #
 # To install self contained for test purposes, after setting the _VER vars do:
 #

 mkdir -p test && cd test
 CURL_PREFIX=$PWD
 NGHTTP2_PREFIX=$PWD
 OPENSSL_PREFIX=$PWD/ssl
 OPENSSLDIR_PREFIX=$PWD/ssl

 ###############################################################################
 #
 # Download OpenSSL, verify, build, test, install. Takes 15 minutes.
 #

 sudo rm -rf "openssl-$OPENSSL_VER" && \
 mkdir -p -m 0700 "openssl-$OPENSSL_VER/.gnupg" && \
 curl --fail \
  -O https://www.openssl.org/source/openssl-$OPENSSL_VER.tar.gz \
  -O https://www.openssl.org/source/openssl-$OPENSSL_VER.tar.gz.asc && \
 \
 # https://www.openssl.org/community/omc.html
 #
 gpg \
  --no-auto-key-locate \
  --no-default-keyring \
  --homedir "$PWD/openssl-$OPENSSL_VER/.gnupg" \
  --keyring "$PWD/openssl-$OPENSSL_VER/.gnupg/openssl.gpg" \
  --keyserver hkp://keyserver.ubuntu.com \
  --keyserver-options no-auto-key-retrieve \
  --recv-keys \
    7953AC1FBC3DC8B3B292393ED5E9E43F7DF9EE8C \
    8657ABB260F056B1E5190839D9C4D26D0E604491 \
    B7C1C14360F353A36862E4D5231C84CDDCC69C45 \
    A21FAB74B0088AA361152586B8EF1A6BA9DA2D5C \
    EFC0A467D613CB83C7ED6D30D894E2CE8B3D79F5 \
  && \
 gpg \
  --no-auto-key-locate \
  --no-default-keyring \
  --homedir "$PWD/openssl-$OPENSSL_VER/.gnupg" \
  --keyring "$PWD/openssl-$OPENSSL_VER/.gnupg/openssl.gpg" \
  --keyserver hkp://keyserver.ubuntu.com \
  --keyserver-options no-auto-key-retrieve \
  --verify openssl-$OPENSSL_VER.tar.gz.asc \
  && \
 tar xvfz openssl-$OPENSSL_VER.tar.gz && \
 cd openssl-$OPENSSL_VER && \
 \
 ./config shared no-zlib -Wl,--enable-new-dtags,-rpath,'$(LIBRPATH)' \
  --prefix=$OPENSSL_PREFIX --openssldir=$OPENSSLDIR_PREFIX --libdir=lib && \
 make && \
 make test && \
 sudo make install && \
 cd .. && \
 echo -e "\n\n" && \
 $OPENSSL_PREFIX/bin/openssl version -a && \
 echo -e "\n\nSuccess: Installed OpenSSL $OPENSSL_VER in $OPENSSL_PREFIX\n"

 ###############################################################################
 #
 # Download nghttp2, verify, build, test, install. Takes 1 minute.
 #

 sudo rm -rf "nghttp2-$NGHTTP2_VER" && \
 curl --fail -L --proto-redir =https \
  -O https://github.com/tatsuhiro-t/nghttp2/releases/download/\
 v$NGHTTP2_VER/nghttp2-$NGHTTP2_VER.tar.gz && \
 tar xvfz nghttp2-$NGHTTP2_VER.tar.gz && \
 cd nghttp2-$NGHTTP2_VER && \
 \
 # Workaround older g++, see https://github.com/nghttp2/nghttp2/issues/1305
 #
 curl --fail -OL \
  https://gist.githubusercontent.com/jay/d88d74b6807544387a6c/raw/workaround_g++_5.patch && \
 patch -F999 -p1 < workaround_g++_5.patch && \
 \
 OPENSSL_CFLAGS=`PKG_CONFIG_PATH=$OPENSSL_PREFIX/lib/pkgconfig/ \
  pkg-config openssl --cflags` \
 OPENSSL_LIBS=`PKG_CONFIG_PATH=$OPENSSL_PREFIX/lib/pkgconfig/ \
  pkg-config openssl --libs` \
 LDFLAGS="-Wl,-rpath,$OPENSSL_PREFIX/lib -Wl,-rpath,$NGHTTP2_PREFIX/lib" \
 ./configure --enable-lib-only \
  --prefix=$NGHTTP2_PREFIX && \
 make && \
 make check && \
 sudo make install && \
 cd .. && \
 echo -e "\n\nSuccess: Installed Nghttp2 $NGHTTP2_VER in $NGHTTP2_PREFIX\n"

 #
 # nghttp2 examples are disabled because we're not using the system OpenSSL.
 # https://github.com/tatsuhiro-t/nghttp2/issues/336
 #

 ###############################################################################
 #
 # Download curl, verify, build, test, install. Takes 15 minutes.
 #

 sudo rm -rf "curl-$CURL_VER" && \
 mkdir -p -m 0700 "curl-$CURL_VER/.gnupg" && \
 curl --fail \
  -O https://curl.se/download/curl-$CURL_VER.tar.gz \
  -O https://curl.se/download/curl-$CURL_VER.tar.gz.asc && \
 # https://daniel.haxx.se/address.html
 # https://github.com/curl/curl/issues/735
 #
 gpg \
  --no-auto-key-locate \
  --no-default-keyring \
  --homedir "$PWD/curl-$CURL_VER/.gnupg" \
  --keyring "$PWD/curl-$CURL_VER/.gnupg/curl.gpg" \
  --keyserver hkp://keyserver.ubuntu.com \
  --keyserver-options no-auto-key-retrieve \
  --recv-keys \
    27EDEAF22F3ABCEB50DB9A125CC908FDB71E12C2 \
  && \
 gpg \
  --no-auto-key-locate \
  --no-default-keyring \
  --homedir "$PWD/curl-$CURL_VER/.gnupg" \
  --keyring "$PWD/curl-$CURL_VER/.gnupg/curl.gpg" \
  --keyserver hkp://keyserver.ubuntu.com \
  --keyserver-options no-auto-key-retrieve \
  --verify curl-$CURL_VER.tar.gz.asc \
  && \
 tar xvfz curl-$CURL_VER.tar.gz && \
 cd curl-$CURL_VER && \
 \
 # Workaround libtool bug 24296, see https://github.com/curl/curl/issues/432
 #
 curl --fail -L --output workaround_libtool_bug_24296.patch \
  https://github.com/curl/curl/compare/master...jay:workaround_libtool_bug_24296.diff && \
 patch -F999 -p1 < workaround_libtool_bug_24296.patch && \
 \
 # Use a related workaround for src/Makefile.in since we're not regenerating it
 #
 curl --fail -OL \
  https://gist.githubusercontent.com/jay/d88d74b6807544387a6c/raw/workaround_when_buildconf_is_not_used.patch && \
 patch -F999 -p1 < workaround_when_buildconf_is_not_used.patch && \
 \
 # REM don't use --enable-versioned-symbols, it breaks cmake's dependency.
 #
 LDFLAGS="-Wl,-rpath,$OPENSSL_PREFIX/lib -Wl,-rpath,$NGHTTP2_PREFIX/lib \
  -Wl,-rpath,$CURL_PREFIX/lib" \
 ./configure --with-nghttp2=$NGHTTP2_PREFIX --with-ssl=$OPENSSL_PREFIX \
  --prefix=$CURL_PREFIX && \
 make && \
 make test-nonflaky TFLAGS=-n && \
 sudo make install && \
 sudo ldconfig && \
 cd .. && \
 echo -e "\n\n" && \
 $CURL_PREFIX/bin/curl --version && \
 echo -e "\n\nSuccess: Installed curl $CURL_VER in $CURL_PREFIX\n"

 #
 # curl won't install if any tests fail, like flaky tests (eg 1510).
 # Determine if failed tests are flaky then run from line 'sudo make install'
 #

 ###############################################################################
diff --git a/workaround_g++_5.patch b/workaround_g++_5.patch
 --- nghttp2-1.41.0/src/shrpx_api_downstream_connection.cc	2020-06-02 08:08:45.000000000 -0400
 +++ nghttp2/src/shrpx_api_downstream_connection.cc	2020-10-26 23:08:33.016344429 -0400
 @@ -41,7 +41,7 @@
 namespace {
 // List of API endpoints
 const std::array<APIEndpoint, 2> &apis() {
 -  static const auto apis = new std::array<APIEndpoint, 2>{
 +  static const auto apis = new std::array<APIEndpoint, 2>{{
       APIEndpoint{
           StringRef::from_lit("/api/v1beta1/backendconfig"),
           true,
 @@ -54,7 +54,7 @@
           (1 << API_METHOD_GET),
           &APIDownstreamConnection::handle_configrevision,
       },
 -  };
 +  }};
 
   return *apis;
 }
diff --git a/workaround_when_buildconf_is_not_used.patch b/workaround_when_buildconf_is_not_used.patch
 --- curl-7.50.1/src/Makefile.in	2016-07-21 05:16:37.000000000 -0400
 +++ curl/src/Makefile.in	2016-09-05 03:00:18.929760980 -0400
 @@ -1920,7 +1920,7 @@
 check-am: all-am
 check: $(BUILT_SOURCES)
 	$(MAKE) $(AM_MAKEFLAGS) check-am
 -@CURLDEBUG_FALSE@all-local:
 +@CURLDEBUG_FALSE@@USE_CPPFLAG_CURL_STATICLIB_TRUE@all-local:
 all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) all-local
 installdirs:
 	for dir in "$(DESTDIR)$(bindir)"; do \
 @@ -2084,7 +2084,14 @@
 	-W$(srcdir)/tool_hugehelp.c $(srcdir)/*.[ch]
 
 # for debug builds, we scan the sources on all regular make invokes
 -@CURLDEBUG_TRUE@all-local: checksrc
 +@CURLDEBUG_TRUE@all-local:: checksrc
 +
 +# This script fixes lt-curl so that the first rpath it checks for dependencies
 +# will be lib/.libs. See curl bug https://github.com/curl/curl/issues/432
 +workaround_libtool_bug_24296:
 +	@PERL@ "$(top_srcdir)/scripts/fix_rpath.pl" "$(abs_top_builddir)"
 +
 +@USE_CPPFLAG_CURL_STATICLIB_FALSE@all-local:: workaround_libtool_bug_24296
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
 # Otherwise a system limit (for SysV at least) may be exceeded.
 --- curl-7.50.1/tests/libtest/Makefile.in	2016-07-21 05:16:37.000000000 -0400
 +++ curl/tests/libtest/Makefile.in	2016-09-05 17:48:58.704114175 -0400
 @@ -1488,7 +1488,7 @@
 # Preloading of libhostname allows host name overriding,
 # this is used to make some tests machine independent.
 @BUILD_LIBHOSTNAME_TRUE@noinst_LTLIBRARIES = libhostname.la
 -AM_LDFLAGS = 
 +AM_LDFLAGS = -Wl,-rpath "-Wl,$(abs_top_builddir)/lib/.libs"
 AM_CFLAGS = 
 libhostname_la_CPPFLAGS_EXTRA = $(am__append_4)
 libhostname_la_LDFLAGS_EXTRA = -module -avoid-version -rpath /nowhere \
	###############################################################################
	#
	# This is for when we have to update the installed version of curl, nghttp2 or
	# openssl in Ubuntu 16 LTS. This is not a single script.
	#
	# https://gist.github.com/jay/d88d74b6807544387a6c
	#

	###############################################################################
	#
	# Set environment variables to latest versions
	# Paths must not have spaces (OpenSSL build process can't handle them)
	#

	CURL_VER=8.0.1
	CURL_PREFIX=/usr/local

	NGHTTP2_VER=1.52.0
	NGHTTP2_PREFIX=/usr/local

	OPENSSL_VER=3.1.0
	OPENSSL_PREFIX=/usr/local/ssl
	OPENSSLDIR_PREFIX=/usr/local/ssl

	###############################################################################
	#
	# To install self contained for test purposes, after setting the _VER vars do:
	#

	mkdir -p test && cd test
	CURL_PREFIX=$PWD
	NGHTTP2_PREFIX=$PWD
	OPENSSL_PREFIX=$PWD/ssl
	OPENSSLDIR_PREFIX=$PWD/ssl

	###############################################################################
	#
	# Download OpenSSL, verify, build, test, install. Takes 15 minutes.
	#

	sudo rm -rf "openssl-$OPENSSL_VER" && \
	mkdir -p -m 0700 "openssl-$OPENSSL_VER/.gnupg" && \
	curl --fail \
	-O https://www.openssl.org/source/openssl-$OPENSSL_VER.tar.gz \
	-O https://www.openssl.org/source/openssl-$OPENSSL_VER.tar.gz.asc && \
	\
	# https://www.openssl.org/community/omc.html
	#
	gpg \
	--no-auto-key-locate \
	--no-default-keyring \
	--homedir "$PWD/openssl-$OPENSSL_VER/.gnupg" \
	--keyring "$PWD/openssl-$OPENSSL_VER/.gnupg/openssl.gpg" \
	--keyserver hkp://keyserver.ubuntu.com \
	--keyserver-options no-auto-key-retrieve \
	--recv-keys \
	7953AC1FBC3DC8B3B292393ED5E9E43F7DF9EE8C \
	8657ABB260F056B1E5190839D9C4D26D0E604491 \
	B7C1C14360F353A36862E4D5231C84CDDCC69C45 \
	A21FAB74B0088AA361152586B8EF1A6BA9DA2D5C \
	EFC0A467D613CB83C7ED6D30D894E2CE8B3D79F5 \
	&& \
	gpg \
	--no-auto-key-locate \
	--no-default-keyring \
	--homedir "$PWD/openssl-$OPENSSL_VER/.gnupg" \
	--keyring "$PWD/openssl-$OPENSSL_VER/.gnupg/openssl.gpg" \
	--keyserver hkp://keyserver.ubuntu.com \
	--keyserver-options no-auto-key-retrieve \
	--verify openssl-$OPENSSL_VER.tar.gz.asc \
	&& \
	tar xvfz openssl-$OPENSSL_VER.tar.gz && \
	cd openssl-$OPENSSL_VER && \
	\
	./config shared no-zlib -Wl,--enable-new-dtags,-rpath,'$(LIBRPATH)' \
	--prefix=$OPENSSL_PREFIX --openssldir=$OPENSSLDIR_PREFIX --libdir=lib && \
	make && \
	make test && \
	sudo make install && \
	cd .. && \
	echo -e "\n\n" && \
	$OPENSSL_PREFIX/bin/openssl version -a && \
	echo -e "\n\nSuccess: Installed OpenSSL $OPENSSL_VER in $OPENSSL_PREFIX\n"

	###############################################################################
	#
	# Download nghttp2, verify, build, test, install. Takes 1 minute.
	#

	sudo rm -rf "nghttp2-$NGHTTP2_VER" && \
	curl --fail -L --proto-redir =https \
	-O https://github.com/tatsuhiro-t/nghttp2/releases/download/\
	v$NGHTTP2_VER/nghttp2-$NGHTTP2_VER.tar.gz && \
	tar xvfz nghttp2-$NGHTTP2_VER.tar.gz && \
	cd nghttp2-$NGHTTP2_VER && \
	\
	# Workaround older g++, see https://github.com/nghttp2/nghttp2/issues/1305
	#
	curl --fail -OL \
	https://gist.githubusercontent.com/jay/d88d74b6807544387a6c/raw/workaround_g++_5.patch && \
	patch -F999 -p1 < workaround_g++_5.patch && \
	\
	OPENSSL_CFLAGS=`PKG_CONFIG_PATH=$OPENSSL_PREFIX/lib/pkgconfig/ \
	pkg-config openssl --cflags` \
	OPENSSL_LIBS=`PKG_CONFIG_PATH=$OPENSSL_PREFIX/lib/pkgconfig/ \
	pkg-config openssl --libs` \
	LDFLAGS="-Wl,-rpath,$OPENSSL_PREFIX/lib -Wl,-rpath,$NGHTTP2_PREFIX/lib" \
	./configure --enable-lib-only \
	--prefix=$NGHTTP2_PREFIX && \
	make && \
	make check && \
	sudo make install && \
	cd .. && \
	echo -e "\n\nSuccess: Installed Nghttp2 $NGHTTP2_VER in $NGHTTP2_PREFIX\n"

	#
	# nghttp2 examples are disabled because we're not using the system OpenSSL.
	# https://github.com/tatsuhiro-t/nghttp2/issues/336
	#

	###############################################################################
	#
	# Download curl, verify, build, test, install. Takes 15 minutes.
	#

	sudo rm -rf "curl-$CURL_VER" && \
	mkdir -p -m 0700 "curl-$CURL_VER/.gnupg" && \
	curl --fail \
	-O https://curl.se/download/curl-$CURL_VER.tar.gz \
	-O https://curl.se/download/curl-$CURL_VER.tar.gz.asc && \
	# https://daniel.haxx.se/address.html
	# https://github.com/curl/curl/issues/735
	#
	gpg \
	--no-auto-key-locate \
	--no-default-keyring \
	--homedir "$PWD/curl-$CURL_VER/.gnupg" \
	--keyring "$PWD/curl-$CURL_VER/.gnupg/curl.gpg" \
	--keyserver hkp://keyserver.ubuntu.com \
	--keyserver-options no-auto-key-retrieve \
	--recv-keys \
	27EDEAF22F3ABCEB50DB9A125CC908FDB71E12C2 \
	&& \
	gpg \
	--no-auto-key-locate \
	--no-default-keyring \
	--homedir "$PWD/curl-$CURL_VER/.gnupg" \
	--keyring "$PWD/curl-$CURL_VER/.gnupg/curl.gpg" \
	--keyserver hkp://keyserver.ubuntu.com \
	--keyserver-options no-auto-key-retrieve \
	--verify curl-$CURL_VER.tar.gz.asc \
	&& \
	tar xvfz curl-$CURL_VER.tar.gz && \
	cd curl-$CURL_VER && \
	\
	# Workaround libtool bug 24296, see https://github.com/curl/curl/issues/432
	#
	curl --fail -L --output workaround_libtool_bug_24296.patch \
	https://github.com/curl/curl/compare/master...jay:workaround_libtool_bug_24296.diff && \
	patch -F999 -p1 < workaround_libtool_bug_24296.patch && \
	\
	# Use a related workaround for src/Makefile.in since we're not regenerating it
	#
	curl --fail -OL \
	https://gist.githubusercontent.com/jay/d88d74b6807544387a6c/raw/workaround_when_buildconf_is_not_used.patch && \
	patch -F999 -p1 < workaround_when_buildconf_is_not_used.patch && \
	\
	# REM don't use --enable-versioned-symbols, it breaks cmake's dependency.
	#
	LDFLAGS="-Wl,-rpath,$OPENSSL_PREFIX/lib -Wl,-rpath,$NGHTTP2_PREFIX/lib \
	-Wl,-rpath,$CURL_PREFIX/lib" \
	./configure --with-nghttp2=$NGHTTP2_PREFIX --with-ssl=$OPENSSL_PREFIX \
	--prefix=$CURL_PREFIX && \
	make && \
	make test-nonflaky TFLAGS=-n && \
	sudo make install && \
	sudo ldconfig && \
	cd .. && \
	echo -e "\n\n" && \
	$CURL_PREFIX/bin/curl --version && \
	echo -e "\n\nSuccess: Installed curl $CURL_VER in $CURL_PREFIX\n"

	#
	# curl won't install if any tests fail, like flaky tests (eg 1510).
	# Determine if failed tests are flaky then run from line 'sudo make install'
	#

	###############################################################################
	--- nghttp2-1.41.0/src/shrpx_api_downstream_connection.cc 2020-06-02 08:08:45.000000000 -0400
	+++ nghttp2/src/shrpx_api_downstream_connection.cc 2020-10-26 23:08:33.016344429 -0400
	@@ -41,7 +41,7 @@
	namespace {
	// List of API endpoints
	const std::array<APIEndpoint, 2> &apis() {
	- static const auto apis = new std::array<APIEndpoint, 2>{
	+ static const auto apis = new std::array<APIEndpoint, 2>{{
	APIEndpoint{
	StringRef::from_lit("/api/v1beta1/backendconfig"),
	true,
	@@ -54,7 +54,7 @@
	(1 << API_METHOD_GET),
	&APIDownstreamConnection::handle_configrevision,
	},
	- };
	+ }};

	return *apis;
	}
	--- curl-7.50.1/src/Makefile.in 2016-07-21 05:16:37.000000000 -0400
	+++ curl/src/Makefile.in 2016-09-05 03:00:18.929760980 -0400
	@@ -1920,7 +1920,7 @@
	check-am: all-am
	check: $(BUILT_SOURCES)
	$(MAKE) $(AM_MAKEFLAGS) check-am
	-@CURLDEBUG_FALSE@all-local:
	+@CURLDEBUG_FALSE@@USE_CPPFLAG_CURL_STATICLIB_TRUE@all-local:
	all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) all-local
	installdirs:
	for dir in "$(DESTDIR)$(bindir)"; do \
	@@ -2084,7 +2084,14 @@
	-W$(srcdir)/tool_hugehelp.c $(srcdir)/*.[ch]

	# for debug builds, we scan the sources on all regular make invokes
	-@CURLDEBUG_TRUE@all-local: checksrc
	+@CURLDEBUG_TRUE@all-local:: checksrc
	+
	+# This script fixes lt-curl so that the first rpath it checks for dependencies
	+# will be lib/.libs. See curl bug https://github.com/curl/curl/issues/432
	+workaround_libtool_bug_24296:
	+ @PERL@ "$(top_srcdir)/scripts/fix_rpath.pl" "$(abs_top_builddir)"
	+
	+@USE_CPPFLAG_CURL_STATICLIB_FALSE@all-local:: workaround_libtool_bug_24296

	# Tell versions [3.59,3.63) of GNU make to not export all variables.
	# Otherwise a system limit (for SysV at least) may be exceeded.
	--- curl-7.50.1/tests/libtest/Makefile.in 2016-07-21 05:16:37.000000000 -0400
	+++ curl/tests/libtest/Makefile.in 2016-09-05 17:48:58.704114175 -0400
	@@ -1488,7 +1488,7 @@
	# Preloading of libhostname allows host name overriding,
	# this is used to make some tests machine independent.
	@BUILD_LIBHOSTNAME_TRUE@noinst_LTLIBRARIES = libhostname.la
	-AM_LDFLAGS =
	+AM_LDFLAGS = -Wl,-rpath "-Wl,$(abs_top_builddir)/lib/.libs"
	AM_CFLAGS =
	libhostname_la_CPPFLAGS_EXTRA = $(am__append_4)
	libhostname_la_LDFLAGS_EXTRA = -module -avoid-version -rpath /nowhere \