Build environment: Enable SSL for Python on Linux
authorSergey Sharybin <sergey.vfx@gmail.com>
Mon, 27 Aug 2018 16:09:30 +0000 (18:09 +0200)
committerSergey Sharybin <sergey.vfx@gmail.com>
Mon, 27 Aug 2018 16:14:42 +0000 (18:14 +0200)
This involved getting SSL compiled from sources first, ensuring
it is a static library placement independent code. Configuration
is based on what Debian is using. CFlags required to have own
configuration file, which i didn't find a better place that next
to the corresponding CMake file.

It is OpenSSL btw.

It is set to Python via --with-openssl= configuration argument.
This works fine in a clean chroot, but having libssl-dev installed
might make Python to prefer system wide library, This was worked
around by using libssl_pic.a name for the library and modifying
setup.py. Would be cool to ensure system wide libraries are not
a problem, but official release builder is safe against this,
since it will catch possible non-static dependencies.

There is also a new map file which shadows bunch of Python
symbols. Without this Python's shared libraries might bring
conflicting symbols to Blender namespace at runtime.

Hopefully this doesn't break other platforms.

build_files/build_environment/CMakeLists.txt
build_files/build_environment/cmake/python.cmake
build_files/build_environment/cmake/python.map [new file with mode: 0644]
build_files/build_environment/cmake/ssl.cmake [new file with mode: 0644]
build_files/build_environment/cmake/ssl.conf [new file with mode: 0644]
build_files/build_environment/cmake/versions.cmake

index 81810e3e457a09bccf830135292738aabb8ff6d2..a334adc34ff5b2b6500451bf7f638c3c883fcdfa 100644 (file)
@@ -137,4 +137,8 @@ if(NOT WIN32 OR ENABLE_MINGW64)
        endif()
 endif()
 
+if(UNIX AND NOT APPLE)
+       include(cmake/ssl.cmake)
+endif()
+
 include(cmake/harvest.cmake)
index 3fbf3a4086819ad303b2bbf14f8e2dc6b2b5d4a7..64ae515cb1b97610a4246c8e2cf7dcedb704dc32 100644 (file)
@@ -88,7 +88,9 @@ else()
                set(PYTHON_BINARY ${BUILD_DIR}/python/src/external_python/python.exe)
                #set(PYTHON_PATCH ${PATCH_CMD} --verbose -p1 -d ${BUILD_DIR}/python/src/external_python < ${PATCH_DIR}/python_apple.diff)
                set(PYTHON_PATCH echo .)
+               set(PYTHON_CONFIGURE_EXTRA_ARGS)
        else()
+               set(PYTHON_CONFIGURE_EXTRA_ARGS "--with-openssl=${LIBDIR}/ssl")
                set(PYTHON_CONFIGURE_ENV ${CONFIGURE_ENV})
                set(PYTHON_BINARY ${BUILD_DIR}/python/src/external_python/python)
        endif()
@@ -99,7 +101,7 @@ else()
                URL_HASH MD5=${PYTHON_HASH}
                PREFIX ${BUILD_DIR}/python
                PATCH_COMMAND ${PYTHON_PATCH}
-               CONFIGURE_COMMAND ${PYTHON_CONFIGURE_ENV} && cd ${BUILD_DIR}/python/src/external_python/ && ${CONFIGURE_COMMAND} --prefix=${LIBDIR}/python
+               CONFIGURE_COMMAND ${PYTHON_CONFIGURE_ENV} && cd ${BUILD_DIR}/python/src/external_python/ && ${CONFIGURE_COMMAND} --prefix=${LIBDIR}/python ${PYTHON_CONFIGURE_EXTRA_ARGS}
                BUILD_COMMAND ${PYTHON_CONFIGURE_ENV} && cd ${BUILD_DIR}/python/src/external_python/ && make -j${MAKE_THREADS}
                INSTALL_COMMAND ${PYTHON_CONFIGURE_ENV} && cd ${BUILD_DIR}/python/src/external_python/ && make install
                INSTALL_DIR ${LIBDIR}/python)
@@ -162,3 +164,10 @@ if(MSVC)
        )
        add_custom_target(Make_Python_Environment ALL DEPENDS ${BUILD_DIR}/python/src/external_python/run/python${PYTHON_POSTFIX}.exe Package_Python)
 endif()
+
+if(UNIX AND NOT APPLE)
+       add_dependencies(
+               external_python
+               external_ssl
+       )
+endif()
diff --git a/build_files/build_environment/cmake/python.map b/build_files/build_environment/cmake/python.map
new file mode 100644 (file)
index 0000000..1c11c33
--- /dev/null
@@ -0,0 +1,9 @@
+{
+global:
+    Py*;
+    _Py*;
+    _py*;
+local:
+    *;
+};
+
diff --git a/build_files/build_environment/cmake/ssl.cmake b/build_files/build_environment/cmake/ssl.cmake
new file mode 100644 (file)
index 0000000..dd1b995
--- /dev/null
@@ -0,0 +1,44 @@
+# ***** BEGIN GPL LICENSE BLOCK *****
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+#
+# ***** END GPL LICENSE BLOCK *****
+
+set(SSL_CONFIGURE_COMMAND ./Configure)
+set(SSL_PATCH_CMD echo .)
+
+if("${CMAKE_SIZEOF_VOID_P}" EQUAL "8")
+       set(SSL_EXTRA_ARGS enable-ec_nistp_64_gcc_128)
+       set(SSL_OS_COMPILER "blender-x86_64")
+else()
+       set(SSL_OS_COMPILER "blender-x86")
+endif()
+
+ExternalProject_Add(external_ssl
+       URL ${SSL_URI}
+       DOWNLOAD_DIR ${DOWNLOAD_DIR}
+       URL_HASH SHA256=${SSL_HASH}
+       PREFIX ${BUILD_DIR}/ssl
+       PATCH_COMMAND ${SSL_PATCH_CMD}
+       CONFIGURE_COMMAND ${CONFIGURE_ENV} && cd ${BUILD_DIR}/ssl/src/external_ssl/ && ${SSL_CONFIGURE_COMMAND} --prefix=${LIBDIR}/ssl
+               --openssldir=${LIBDIR}/ssl
+               no-shared
+               no-idea no-mdc2 no-rc5 no-zlib no-ssl3 enable-unit-test no-ssl3-method enable-rfc3779 enable-cms
+               --config=${CMAKE_CURRENT_SOURCE_DIR}/cmake/ssl.conf
+               ${SSL_OS_COMPILER}
+       BUILD_COMMAND ${CONFIGURE_ENV} && cd ${BUILD_DIR}/ssl/src/external_ssl/ && make -j${MAKE_THREADS}
+       INSTALL_COMMAND ${CONFIGURE_ENV} && cd ${BUILD_DIR}/ssl/src/external_ssl/ && make install
+       INSTALL_DIR ${LIBDIR}/ssl
+)
diff --git a/build_files/build_environment/cmake/ssl.conf b/build_files/build_environment/cmake/ssl.conf
new file mode 100644 (file)
index 0000000..a9534e5
--- /dev/null
@@ -0,0 +1,10 @@
+%targets = (
+  "blender-x86" => {
+    inherit_from     => [ "linux-x86" ],
+    cflags => add("-fPIC"),
+  },
+  "blender-x86_64" => {
+    inherit_from     => [ "linux-x86_64" ],
+    cflags => add("-fPIC"),
+  },
+);
index 594aa990d313ed65efc9b526cf5a819b0700c731..3b3ee092ca5afa82b5aeabf418d9eb8fa1bb2478 100644 (file)
@@ -274,3 +274,7 @@ set(PUGIXML_HASH 9346ca1dce2c48f1748c12fdac41a714)
 set(FLEXBISON_VERSION 2.5.5)
 set(FLEXBISON_URI http://prdownloads.sourceforge.net/winflexbison//win_flex_bison-2.5.5.zip)
 set(FLEXBISON_HASH d87a3938194520d904013abef3df10ce)
+
+set(SSL_VERSION 1.1.0i)
+set(SSL_URI https://www.openssl.org/source/openssl-${SSL_VERSION}.tar.gz)
+set(SSL_HASH ebbfc844a8c8cc0ea5dc10b86c9ce97f401837f3fa08c17b2cdadc118253cf99)