Skip to content

Commit 9c38aee

Browse files
feat: link OpenSSL (#12030)
This PR links OpenSSL
1 parent d5039a7 commit 9c38aee

15 files changed

Lines changed: 120 additions & 18 deletions

File tree

.github/workflows/build-template.yml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -59,11 +59,11 @@ jobs:
5959
with:
6060
msystem: clang64
6161
# `:` means do not prefix with msystem
62-
pacboy: "make: python: cmake clang ccache gmp libuv git: zip: unzip: diffutils: binutils: tree: zstd tar:"
62+
pacboy: "make: python: cmake clang ccache gmp libuv openssl: git: zip: unzip: diffutils: binutils: tree: zstd tar:"
6363
if: runner.os == 'Windows'
6464
- name: Install Brew Packages
6565
run: |
66-
brew install ccache tree zstd coreutils gmp libuv
66+
brew install ccache tree zstd coreutils gmp libuv openssl
6767
if: runner.os == 'macOS'
6868
- name: Checkout
6969
uses: actions/checkout@v6
@@ -92,7 +92,7 @@ jobs:
9292
run: |
9393
sudo dpkg --add-architecture i386
9494
sudo apt-get update
95-
sudo apt-get install -y gcc-multilib g++-multilib ccache libuv1-dev:i386 pkgconf:i386
95+
sudo apt-get install -y gcc-multilib g++-multilib ccache libuv1-dev:i386 libssl-dev:i386 pkgconf:i386
9696
if: matrix.cmultilib
9797
- name: Restore Cache
9898
id: restore-cache

doc/make/index.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,7 @@ Requirements
99
- [CMake](http://www.cmake.org)
1010
- [GMP (GNU multiprecision library)](http://gmplib.org/)
1111
- [LibUV](https://libuv.org/)
12+
- [OpenSSL](https://www.openssl.org/)
1213

1314
Platform-Specific Setup
1415
-----------------------

doc/make/msys2.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -32,7 +32,7 @@ MSYS2 has a package management system, [pacman][pacman].
3232
Here are the commands to install all dependencies needed to compile Lean on your machine.
3333

3434
```bash
35-
pacman -S make python mingw-w64-clang-x86_64-cmake mingw-w64-clang-x86_64-clang mingw-w64-clang-x86_64-ccache mingw-w64-clang-x86_64-libuv mingw-w64-clang-x86_64-gmp git unzip diffutils binutils
35+
pacman -S make python mingw-w64-clang-x86_64-cmake mingw-w64-clang-x86_64-clang mingw-w64-clang-x86_64-ccache mingw-w64-clang-x86_64-libuv mingw-w64-clang-x86_64-gmp mingw-w64-clang-x86_64-openssl git unzip diffutils binutils
3636
```
3737

3838
You should now be able to run these commands:

doc/make/osx-10.9.md

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -32,12 +32,13 @@ following to use `g++`.
3232
cmake -DCMAKE_CXX_COMPILER=g++ ...
3333
```
3434

35-
## Required Packages: CMake, GMP, libuv, pkgconf
35+
## Required Packages: CMake, GMP, libuv, OpenSSL, pkgconf
3636

3737
```bash
3838
brew install cmake
3939
brew install gmp
4040
brew install libuv
41+
brew install openssl
4142
brew install pkgconf
4243
```
4344

doc/make/ubuntu.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,5 +8,5 @@ follow the [generic build instructions](index.md).
88
## Basic packages
99

1010
```bash
11-
sudo apt-get install git libgmp-dev libuv1-dev cmake ccache clang pkgconf
11+
sudo apt-get install git libgmp-dev libuv1-dev libssl-dev cmake ccache clang pkgconf
1212
```

flake.nix

Lines changed: 24 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -24,7 +24,7 @@
2424
stdenv = pkgs.overrideCC pkgs.stdenv llvmPackages.clang;
2525
} ({
2626
buildInputs = with pkgs; [
27-
cmake gmp libuv ccache pkg-config
27+
cmake gmp libuv ccache pkg-config openssl openssl.dev
2828
llvmPackages.bintools # wrapped lld
2929
llvmPackages.llvm # llvm-symbolizer for asan/lsan
3030
gdb
@@ -34,7 +34,26 @@
3434
hardeningDisable = [ "all" ];
3535
# more convenient `ctest` output
3636
CTEST_OUTPUT_ON_FAILURE = 1;
37-
} // pkgs.lib.optionalAttrs pkgs.stdenv.isLinux {
37+
} // pkgs.lib.optionalAttrs pkgs.stdenv.isLinux (let
38+
# Build OpenSSL 3 statically using pkgsDist's old-glibc stdenv,
39+
# so the resulting static libs don't require newer glibc symbols.
40+
opensslForDist = pkgsDist.stdenv.mkDerivation {
41+
name = "openssl-static-3.6.0";
42+
src = pkgs.fetchFromGitHub {
43+
owner = "openssl";
44+
repo = "openssl";
45+
rev = "openssl-3.6.0";
46+
hash = "sha256-EJnbK9ZMdN2ztTTQtb7VsEQvvbMYnY5HJ2LMJlw5FRg=";
47+
};
48+
nativeBuildInputs = [ pkgsDist.perl ];
49+
configurePhase = ''
50+
patchShebangs .
51+
./config --prefix=$out no-shared no-tests
52+
'';
53+
buildPhase = "make -j$NIX_BUILD_CORES";
54+
installPhase = "make install_sw";
55+
};
56+
in {
3857
GMP = (pkgsDist.gmp.override { withStatic = true; }).overrideAttrs (attrs:
3958
pkgs.lib.optionalAttrs (pkgs.stdenv.system == "aarch64-linux") {
4059
# would need additional linking setup on Linux aarch64, we don't use it anywhere else either
@@ -53,13 +72,15 @@
5372
};
5473
doCheck = false;
5574
});
75+
OPENSSL = opensslForDist;
76+
OPENSSL_DEV = opensslForDist;
5677
GLIBC = pkgsDist.glibc;
5778
GLIBC_DEV = pkgsDist.glibc.dev;
5879
GCC_LIB = pkgsDist.gcc.cc.lib;
5980
ZLIB = pkgsDist.zlib;
6081
# for CI coredumps
6182
GDB = pkgsDist.gdb;
62-
});
83+
}));
6384
in {
6485
devShells.${system} = {
6586
# The default development shell for working on lean itself

script/prepare-llvm-linux.sh

Lines changed: 6 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
#!/usr/bin/env bash
22
set -euxo pipefail
33

4-
# run from root build directory (from inside nix-shell or otherwise defining GLIBC/ZLIB/GMP) as in
4+
# run from root build directory (from inside nix-shell or otherwise defining GLIBC/ZLIB/GMP/OPENSSL) as in
55
# ```
66
# eval cmake ../.. $(../../script/prepare-llvm-linux.sh ~/Downloads/lean-llvm-x86_64-linux-gnu.tar.zst)
77
# ```
@@ -42,6 +42,8 @@ $CP $GLIBC/lib/*crt* stage1/lib/
4242
# runtime
4343
(cd llvm; $CP --parents lib/clang/*/lib/*/{clang_rt.*.o,libclang_rt.builtins*} ../stage1)
4444
$CP llvm/lib/*/lib{c++,c++abi,unwind}.* $GMP/lib/libgmp.a $LIBUV/lib/libuv.a stage1/lib/
45+
# bundle OpenSSL static libs
46+
cp $OPENSSL/lib/libssl.a $OPENSSL/lib/libcrypto.a stage1/lib/
4547
# LLVM 19 appears to ship the dependencies in 'llvm/lib/<target-triple>/' and 'llvm/include/<target-triple>/'
4648
# but clang-19 that we use to compile is linked against 'llvm/lib/' and 'llvm/include'
4749
# https://github.com/llvm/llvm-project/issues/54955
@@ -74,8 +76,8 @@ fi
7476
echo -n " -DLEANC_INTERNAL_FLAGS='--sysroot ROOT -nostdinc -isystem ROOT/include/clang' -DLEANC_CC=ROOT/bin/clang"
7577
# ld.so is usually included by the libc.so linker script but we discard those. Make sure it is linked to only after `libc.so` like in the original
7678
# linker script so that no libc symbols are bound to it instead.
77-
echo -n " -DLEANC_INTERNAL_LINKER_FLAGS='--sysroot ROOT -L ROOT/lib -L ROOT/lib/glibc -lc -lc_nonshared -Wl,--as-needed -l:ld.so -Wl,--no-as-needed -lpthread_nonshared -Wl,--as-needed -Wl,-Bstatic -lgmp -lunwind -luv -Wl,-Bdynamic -Wl,--no-as-needed -fuse-ld=lld'"
78-
# when not using the above flags, link GMP dynamically/as usual
79-
echo -n " -DLEAN_EXTRA_LINKER_FLAGS='-Wl,--as-needed -lgmp -luv -lpthread -ldl -lrt -Wl,--no-as-needed'"
79+
echo -n " -DLEANC_INTERNAL_LINKER_FLAGS='--sysroot ROOT -L ROOT/lib -L ROOT/lib/glibc -lc -lc_nonshared -Wl,--as-needed -l:ld.so -Wl,--no-as-needed -lpthread_nonshared -Wl,--as-needed -Wl,-Bstatic -lgmp -lunwind -luv -lssl -lcrypto -Wl,-Bdynamic -Wl,--no-as-needed -fuse-ld=lld'"
80+
# when not using the above flags, link GMP/libuv/OpenSSL dynamically/as usual
81+
echo -n " -DLEAN_EXTRA_LINKER_FLAGS='-Wl,--as-needed -lgmp -luv -lssl -lcrypto -lpthread -ldl -lrt -Wl,--no-as-needed'"
8082
# do not set `LEAN_CC` for tests
8183
echo -n " -DLEAN_TEST_VARS=''"

script/prepare-llvm-macos.sh

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,7 @@ set -uxo pipefail
1010

1111
GMP=${GMP:-$(brew --prefix)}
1212
LIBUV=${LIBUV:-$(brew --prefix)}
13+
OPENSSL=${OPENSSL:-$(brew --prefix openssl@3)}
1314

1415
[[ -d llvm ]] || (mkdir llvm; gtar xf $1 --strip-components 1 --directory llvm)
1516
[[ -d llvm-host ]] || if [[ "$#" -gt 1 ]]; then
@@ -48,7 +49,8 @@ if [[ -L llvm-host ]]; then
4849
echo -n " -DCMAKE_C_COMPILER=$PWD/stage1/bin/clang"
4950
gcp $GMP/lib/libgmp.a stage1/lib/
5051
gcp $LIBUV/lib/libuv.a stage1/lib/
51-
echo -n " -DLEAN_EXTRA_LINKER_FLAGS='-lgmp -luv'"
52+
gcp $OPENSSL/lib/libssl.a $OPENSSL/lib/libcrypto.a stage1/lib/
53+
echo -n " -DLEAN_EXTRA_LINKER_FLAGS='-lgmp -luv -lssl -lcrypto'"
5254
else
5355
echo -n " -DCMAKE_C_COMPILER=$PWD/llvm-host/bin/clang -DLEANC_OPTS='--sysroot $PWD/stage1 -resource-dir $PWD/stage1/lib/clang/15.0.1 ${EXTRA_FLAGS:-}'"
5456
fi

script/prepare-llvm-mingw.sh

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -40,14 +40,14 @@ cp /clang64/lib/{crtbegin,crtend,crt2,dllcrt2}.o stage1/lib/
4040
# tells the compiler how to dynamically link against `bcrypt.dll` (which is located in the System32 folder).
4141
# This distinction is relevant specifically for `libicu.a`/`icu.dll` because there we want updates to the time zone database to
4242
# be delivered to users via Windows Update without having to recompile Lean or Lean programs.
43-
cp /clang64/lib/lib{m,bcrypt,mingw32,moldname,mingwex,msvcrt,pthread,advapi32,shell32,user32,kernel32,ucrtbase,psapi,iphlpapi,userenv,ws2_32,dbghelp,ole32,icu}.* /clang64/lib/libgmp.a /clang64/lib/libuv.a llvm/lib/lib{c++,c++abi,unwind}.a stage1/lib/
43+
cp /clang64/lib/lib{m,bcrypt,mingw32,moldname,mingwex,msvcrt,pthread,advapi32,shell32,user32,kernel32,ucrtbase,psapi,iphlpapi,userenv,ws2_32,dbghelp,ole32,icu,crypt32,gdi32}.* /clang64/lib/libgmp.a /clang64/lib/libuv.a /clang64/lib/libssl.a /clang64/lib/libcrypto.a llvm/lib/lib{c++,c++abi,unwind}.a stage1/lib/
4444
echo -n " -DLEAN_STANDALONE=ON"
4545
echo -n " -DCMAKE_C_COMPILER=$PWD/stage1/bin/clang.exe -DCMAKE_C_COMPILER_WORKS=1 -DCMAKE_CXX_COMPILER=$PWD/llvm/bin/clang++.exe -DCMAKE_CXX_COMPILER_WORKS=1 -DLEAN_CXX_STDLIB='-lc++ -lc++abi'"
4646
echo -n " -DSTAGE0_CMAKE_C_COMPILER=clang -DSTAGE0_CMAKE_CXX_COMPILER=clang++"
4747
echo -n " -DLEAN_EXTRA_CXX_FLAGS='--sysroot $PWD/llvm -idirafter /clang64/include/'"
4848
echo -n " -DLEANC_INTERNAL_FLAGS='--sysroot ROOT -nostdinc -isystem ROOT/include/clang' -DLEANC_CC=ROOT/bin/clang.exe"
49-
echo -n " -DLEANC_INTERNAL_LINKER_FLAGS='--sysroot ROOT -L ROOT/lib -Wl,-Bstatic -lgmp $(pkg-config --static --libs libuv) -lunwind -Wl,-Bdynamic -fuse-ld=lld'"
50-
# when not using the above flags, link GMP dynamically/as usual. Always link ICU dynamically.
51-
echo -n " -DLEAN_EXTRA_LINKER_FLAGS='-lgmp $(pkg-config --libs libuv) -lucrtbase'"
49+
echo -n " -DLEANC_INTERNAL_LINKER_FLAGS='--sysroot ROOT -L ROOT/lib -Wl,-Bstatic -lgmp $(pkg-config --static --libs libuv) -lssl -lcrypto -lunwind -Wl,-Bdynamic -lcrypt32 -lgdi32 -fuse-ld=lld'"
50+
# when not using the above flags, link GMP/libuv/OpenSSL dynamically/as usual. Always link ICU dynamically.
51+
echo -n " -DLEAN_EXTRA_LINKER_FLAGS='-lgmp $(pkg-config --libs libuv) -lssl -lcrypto -lcrypt32 -lgdi32 -lucrtbase'"
5252
# do not set `LEAN_CC` for tests
5353
echo -n " -DLEAN_TEST_VARS=''"

src/CMakeLists.txt

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -368,6 +368,17 @@ if(NOT LEAN_STANDALONE)
368368
string(APPEND LEAN_EXTRA_LINKER_FLAGS " ${LIBUV_LDFLAGS}")
369369
endif()
370370

371+
# OpenSSL
372+
if(NOT "${CMAKE_SYSTEM_NAME}" MATCHES "Emscripten")
373+
find_package(OpenSSL 3 REQUIRED COMPONENTS Crypto SSL)
374+
set(OPENSSL_LIBRARIES ${OPENSSL_SSL_LIBRARY} ${OPENSSL_CRYPTO_LIBRARY})
375+
include_directories(${OPENSSL_INCLUDE_DIR})
376+
string(JOIN " " OPENSSL_LIBRARIES_STR ${OPENSSL_LIBRARIES})
377+
if(NOT LEAN_STANDALONE)
378+
string(APPEND LEAN_EXTRA_LINKER_FLAGS " ${OPENSSL_LIBRARIES_STR}")
379+
endif()
380+
endif()
381+
371382
# Windows SDK (for ICU)
372383
if(CMAKE_SYSTEM_NAME MATCHES "Windows")
373384
# Pass 'tools' to skip MSVC version check (as MSVC/Visual Studio is not necessarily installed)

0 commit comments

Comments
 (0)