From 4eee244d55fee6e7b5ed79591f2e097e00e3cc1e Mon Sep 17 00:00:00 2001 From: Joe Orton Date: Fri, 26 Jul 2024 09:14:40 +0000 Subject: CI: Fix OpenSSL tarball download URLs after openssl.org site refresh CI: Update to latest OpenSSL releases. CI: Build OpenSSL with RPATH set so that the installed ./bin/openssl works without LD_LIBRARY_PATH set. Use LD_RUN_PATH during the httpd build to achieve the same with binaries from the httpd build, but unset it after so that it doesn't affect running e.g. php-fpm or perl later. Should fix warning from logs when php-fpm is executed -- [26-Jul-2024 07:43:34] NOTICE: PHP message: PHP Warning: PHP Startup: Unable to load dynamic library 'curl.so' (tried: /usr/lib/php/20210902/curl.so (/lib/x86_64-linux-gnu/libcurl.so.4: undefined symbol: ENGINE_init, version OPENSSL_3.0.0), /usr/lib/php/20210902/curl.so.so (/usr/lib/php/20210902/curl.so.so: cannot open shared object file: No such file or directory)) in Unknown on line 0 CI: Test that php-fpm works if available before testing. CI: For paranoia/future debugging, log the OpenSSL version from compile-time and run-time as reported by mod_ssl. Github: closes #466 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1919524 13f79535-47bb-0310-9956-ffa450edef68 --- test/travis_before_linux.sh | 7 +++++-- test/travis_run_linux.sh | 27 +++++++++++++++++++++++---- 2 files changed, 28 insertions(+), 6 deletions(-) (limited to 'test') diff --git a/test/travis_before_linux.sh b/test/travis_before_linux.sh index 4094959b50..79b983c0ab 100755 --- a/test/travis_before_linux.sh +++ b/test/travis_before_linux.sh @@ -119,10 +119,13 @@ if test -v TEST_OPENSSL3; then mkdir -p build/openssl pushd build/openssl - curl "https://www.openssl.org/source/openssl-${TEST_OPENSSL3}.tar.gz" | + curl -L "https://github.com/openssl/openssl/releases/download/openssl-${TEST_OPENSSL3}/openssl-${TEST_OPENSSL3}.tar.gz" | tar -xzf - cd openssl-${TEST_OPENSSL3} - ./Configure --prefix=$HOME/root/openssl3 shared no-tests ${OPENSSL_CONFIG} + # Build with RPATH so ./bin/openssl doesn't require $LD_LIBRARY_PATH + ./Configure --prefix=$HOME/root/openssl3 \ + shared no-tests ${OPENSSL_CONFIG} \ + '-Wl,-rpath=$(LIBRPATH)' make $MFLAGS make install_sw touch $HOME/root/openssl-is-${TEST_OPENSSL3} diff --git a/test/travis_run_linux.sh b/test/travis_run_linux.sh index 89b2cd8e6f..7f99b23415 100755 --- a/test/travis_run_linux.sh +++ b/test/travis_run_linux.sh @@ -61,7 +61,9 @@ fi if test -v TEST_OPENSSL3; then CONFIG="$CONFIG --with-ssl=$HOME/root/openssl3" - export LD_LIBRARY_PATH=$HOME/root/openssl3/lib:$HOME/root/openssl3/lib64 + # Temporarily set LD_RUN_PATH so that httpd/mod_ssl binaries pick + # up the custom OpenSSL build + export LD_RUN_PATH=$HOME/root/openssl3/lib:$HOME/root/openssl3/lib64 export PATH=$HOME/root/openssl3/bin:$PATH openssl version fi @@ -78,6 +80,14 @@ builddir=$PWD $srcdir/configure --prefix=$PREFIX $CONFIG make $MFLAGS +if test -v TEST_OPENSSL3; then + # Clear the library/run paths so that anything else run during + # testing is not forced to use the custom OpenSSL build; e.g. perl, + # php-fpm, ... + unset LD_LIBRARY_PATH + unset LD_RUN_PATH +fi + if test -v TEST_INSTALL; then make install pushd $PREFIX @@ -119,6 +129,11 @@ if test -v TEST_ASAN; then export ASAN_OPTIONS="log_path=$PWD/asan.log:detect_leaks=0" fi +if test -v PHP_FPM; then + # Sanity test the executable exists. + $PHP_FPM --version +fi + # Try to keep all potential coredumps from all processes sudo sysctl -w kernel.core_uses_pid=1 2>/dev/null || true # Systemd based systems might process core dumps via systemd-coredump. @@ -176,15 +191,19 @@ if ! test -v NO_TEST_FRAMEWORK; then fi fi +if test \( -v TEST_SSL -o -v TEST_OPENSSL3 \) \ + -a -f test/perl-framework/t/logs/error_log; then + : -- Check OpenSSL version used by mod_ssl at compile- and run-time -- + grep 'mod_ssl.*compiled against' test/perl-framework/t/logs/error_log | tail -n1 | grep --color=always 'OpenSSL/[^ ]*' + grep 'resuming normal operations' test/perl-framework/t/logs/error_log | tail -n1 | grep --color=always 'OpenSSL/[^ ]*' +fi + if test -v TEST_SSL -a $RV -eq 0; then pushd test/perl-framework # Test loading encrypted private keys ./t/TEST -defines "TEST_SSL_DES3_KEY TEST_SSL_PASSPHRASE_EXEC" t/ssl RV=$? - # Log the OpenSSL version. - grep 'mod_ssl.*compiled against' t/logs/error_log | tail -n 1 - # Test various session cache backends for cache in shmcb redis:localhost:6379 memcache:localhost:11211; do test $RV -eq 0 || break -- cgit v1.2.3